From 17ca487b8502524d2c5ff7849e96acce8f2a4395 Mon Sep 17 00:00:00 2001 From: shimunn <41011289+shimunn@users.noreply.github.com> Date: Mon, 8 Feb 2021 15:58:41 +0100 Subject: [PATCH] Obvious password promt (#29) * obvious password promt * prompt interaction with FIDO device --- Cargo.lock | 2 +- Cargo.toml | 2 +- src/cli.rs | 34 +++++++++++++++++++++++----------- 3 files changed, 25 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6a93512..0165240 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -377,7 +377,7 @@ dependencies = [ [[package]] name = "fido2luks" -version = "0.2.15" +version = "0.2.16" dependencies = [ "ctap_hmac", "failure", diff --git a/Cargo.toml b/Cargo.toml index 842253d..4c5d21b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "fido2luks" -version = "0.2.15" +version = "0.2.16" authors = ["shimunn "] edition = "2018" diff --git a/src/cli.rs b/src/cli.rs index 629b5b9..5b248f4 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -71,6 +71,12 @@ pub fn parse_cmdline() -> Args { Args::from_args() } +pub fn prompt_interaction(interactive: bool) { + if interactive { + println!("Authorize using your FIDO device"); + } +} + pub fn run_cli() -> Fido2LuksResult<()> { let mut stdout = io::stdout(); let args = parse_cmdline(); @@ -109,6 +115,7 @@ pub fn run_cli() -> Fido2LuksResult<()> { } else { secret.salt.obtain_sha256(&secret.password_helper) }?; + prompt_interaction(interactive); let (secret, _cred) = derive_secret( credentials.ids.0.as_slice(), &salt, @@ -164,23 +171,27 @@ pub fn run_cli() -> Fido2LuksResult<()> { } => Ok((util::read_keyfile(file)?, None)), OtherSecret { fido_device: true, .. - } => Ok(derive_secret( - &credentials.ids.0, - &salt(salt_q, verify)?, - authenticator.await_time, - pin.as_deref(), - ) - .map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?), + } => { + prompt_interaction(interactive); + Ok(derive_secret( + &credentials.ids.0, + &salt(salt_q, verify)?, + authenticator.await_time, + pin.as_deref(), + ) + .map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?) + } _ => Ok(( util::read_password(salt_q, verify)?.as_bytes().to_vec(), None, )), } }; - let secret = |verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> { + let secret = |q: &str, verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> { + prompt_interaction(interactive); derive_secret( &credentials.ids.0, - &salt("Password", verify)?, + &salt(q, verify)?, authenticator.await_time, pin.as_deref(), ) @@ -190,7 +201,7 @@ pub fn run_cli() -> Fido2LuksResult<()> { match &args.command { Command::AddKey { exclusive, .. } => { let (existing_secret, _) = other_secret("Current password", false)?; - let (new_secret, cred) = secret(true)?; + let (new_secret, cred) = secret("Password to be added", true)?; let added_slot = luks_dev.add_key( &new_secret, &existing_secret[..], @@ -215,7 +226,7 @@ pub fn run_cli() -> Fido2LuksResult<()> { Ok(()) } Command::ReplaceKey { add_password, .. } => { - let (existing_secret, _) = secret(false)?; + let (existing_secret, _) = secret("Current password", false)?; let (replacement_secret, cred) = other_secret("Replacement password", true)?; let slot = if *add_password { luks_dev.add_key( @@ -274,6 +285,7 @@ pub fn run_cli() -> Fido2LuksResult<()> { // Cow shouldn't be necessary let secret = |credentials: Cow<'_, Vec>| { + prompt_interaction(interactive); derive_secret( credentials.as_ref(), &salt("Password", false)?,