blob: 69f428907951a9fc1608643d425c241628f70f89 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
import typing
import pathlib
from ..general import SysCommand, SysCommandWorker, clear_vt100_escape_codes
from ..disk.partition import Partition
def get_fido2_devices() -> typing.Dict[str, typing.Dict[str, str]]:
"""
Uses systemd-cryptenroll to list the FIDO2 devices
connected that supports FIDO2.
Some devices might show up in udevadm as FIDO2 compliant
when they are in fact not.
The drawback of systemd-cryptenroll is that it uses human readable format.
That means we get this weird table like structure that is of no use.
So we'll look for `MANUFACTURER` and `PRODUCT`, we take their index
and we split each line based on those positions.
"""
worker = clear_vt100_escape_codes(SysCommand(f"systemd-cryptenroll --fido2-device=list").decode('UTF-8'))
MANUFACTURER_POS = 0
PRODUCT_POS = 0
devices = {}
for line in worker.split('\r\n'):
if '/dev' not in line:
MANUFACTURER_POS = line.find('MANUFACTURER')
PRODUCT_POS = line.find('PRODUCT')
continue
path = line[:MANUFACTURER_POS].rstrip()
manufacturer = line[MANUFACTURER_POS:PRODUCT_POS].rstrip()
product = line[PRODUCT_POS:]
devices[path] = {
'manufacturer' : manufacturer,
'product' : product
}
return devices
def fido2_enroll(hsm_device_path :pathlib.Path, partition :Partition, password :str) -> bool:
worker = SysCommandWorker(f"systemd-cryptenroll --fido2-device={hsm_device_path} {partition.real_device}", peak_output=True)
pw_inputted = False
while worker.is_alive():
if pw_inputted is False and bytes(f"please enter current passphrase for disk {partition.real_device}", 'UTF-8') in worker._trace_log.lower():
worker.write(bytes(password, 'UTF-8'))
pw_inputted = True
|