Defelo/ykfde-nix
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initial commit

Browse source
This commit is contained in:
Felix Bargfeldt 2022-12-29 20:24:55 +01:00
commit 93a601f0d7
Signed by: Defelo
GPG key ID: 2A05272471204DD3
3 changed files with 138 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
flake.lock generated Normal file
View file

@ -0,0 +1,43 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1672262501,
"narHash": "sha256-ZNXqX9lwYo1tOFAqrVtKTLcJ2QMKCr3WuIvpN8emp7I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e182da8622a354d44c39b3d7a542dc12cd7baa5f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

52
flake.nix Normal file
View file

@ -0,0 +1,52 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = {
self,
nixpkgs,
flake-utils,
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = import nixpkgs {inherit system;};
in {
formatter = pkgs.alejandra;
packages = rec {
default = ykfde;
ykfde = with pkgs; let
dependencies = [
cryptsetup
openssl
parted
pbkdf2-sha512
yubikey-personalization
];
in
stdenv.mkDerivation {
name = "ykfde";
version = "latest";
src = self;
nativeBuildInputs = [makeWrapper];
buildPhase = "makeWrapper ${./ykfde.sh} ykfde --prefix PATH : ${lib.makeBinPath dependencies}";
installPhase = "install -D ykfde $out/bin/ykfde";
};
pbkdf2-sha512 = let
src = "${nixpkgs}/nixos/modules/system/boot/pbkdf2-sha512.c";
in
with pkgs;
stdenv.mkDerivation {
name = "pbkdf2-sha512";
version = "latest";
buildInputs = [openssl];
src = self;
buildPhase = "cc -O3 -I${openssl.dev}/include -L${openssl.out}/lib ${src} -o pbkdf2-sha512 -lcrypto";
installPhase = "mkdir -p $out/bin && install -m755 pbkdf2-sha512 $out/bin/pbkdf2-sha512";
};
};
});
}

43
ykfde.sh Executable file
View file

@ -0,0 +1,43 @@
#!/usr/bin/env bash
KEY_LENGTH=512
SALT_LENGTH=16
ITERATIONS=1000000
rbtohex() {
( od -An -vtx1 | tr -d ' \n' )
}
hextorb() {
( tr '[:lower:]' '[:upper:]' | sed -e 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI'| xargs printf )
}
generate_salt() {
salt="$(dd if=/dev/random bs=1 count=$SALT_LENGTH 2>/dev/null | rbtohex)"
echo -ne "$salt\n$1"
}
derive_key() {
read -s -p "Password: " k_user
challenge="$(echo -n $1 | openssl dgst -binary -sha512 | rbtohex)"
response="$(ykchalresp -$3 -x $challenge 2>/dev/null)"
echo -n "$k_user" | pbkdf2-sha512 $(($KEY_LENGTH / 8)) $2 "$response"
}
if [[ "$1" = "generate-salt" ]] && ( [[ $# -eq 1 ]] || ( [[ $# -eq 2 ]] && [[ "$2" =~ ^[0-9]+$ ]] ) ); then
generate_salt "${2:-$ITERATIONS}"
elif [[ "$1" = "derive-key" ]] && [[ $# -eq 3 ]] && [[ -r "$2" ]] && [[ "$3" =~ ^[12]$ ]]; then
read -d '\n' salt iterations < "$2"
if ! [[ "$salt" =~ ^[0-9a-fA-F]+$ ]] || ! [[ "$iterations" =~ ^[0-9]+$ ]]; then
echo "Invalid salt file"
exit 2
fi
derive_key "$salt" "$iterations" "$3"
elif [[ "$1" = "time" ]] && ( [[ $# -eq 1 ]] || ( [[ $# -eq 2 ]] && [[ "$2" =~ ^[0-9]+$ ]] ) ); then
time echo -n "test password" | pbkdf2-sha512 $(($KEY_LENGTH / 8)) ${2:-$ITERATIONS} "a015def232c3f4318da97aacdec2107a19ced931" > /dev/null
else
echo "Usage: ykfde generate-salt [iterations]"
echo " ykfde derive-key <salt-file> <slot>"
echo " ykfde time [iterations]"
exit 1
fi