diff --git a/Cargo.lock b/Cargo.lock index 2a6f5be..471b234 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -332,7 +332,7 @@ dependencies = [ [[package]] name = "card-cli" -version = "1.8.1" +version = "1.8.2" dependencies = [ "authenticator", "base64 0.21.5", diff --git a/Cargo.toml b/Cargo.toml index 850e08d..d097855 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "card-cli" -version = "1.8.1" +version = "1.8.2" authors = ["Hatter Jiang "] edition = "2018" diff --git a/src/cmd_pivverify.rs b/src/cmd_pivverify.rs index 4dc2312..3592085 100644 --- a/src/cmd_pivverify.rs +++ b/src/cmd_pivverify.rs @@ -1,6 +1,7 @@ use std::collections::BTreeMap; use clap::{App, Arg, ArgMatches, SubCommand}; +use openssl::rsa::{Padding, Rsa}; use rust_util::{util_msg, XResult}; use rust_util::util_clap::{Command, CommandError}; use yubikey::{Key, YubiKey}; @@ -78,9 +79,21 @@ impl Command for CommandImpl { } AlgorithmId::Rsa1024 | AlgorithmId::Rsa2048 => { let pk_rsa = public_key_bit_string.raw_bytes(); - // TODO ... + + let keypair = opt_result!(Rsa::public_key_from_der_pkcs1(&pk_rsa), "Parse RSA failed: {}"); + // let pub_key_der = opt_result!(keypair.public_key_to_der(), "RSA public key to der failed: {}"); + // let pub_key_fingerprint = hex::encode(sha256_bytes(&pub_key_der)); + let mut dmesg = vec![0; ((keypair.n().num_bits() + 7) / 8) as usize]; + let len = opt_result!(keypair.public_decrypt(&signature, &mut dmesg, Padding::NONE), "RSA public key calc failed: {}"); debugging!("RSA public key pem: {}", hex::encode(pk_rsa)); - failure!("Current NOT supported."); + debugging!("Public key calc: {}, len: {}", hex::encode(&dmesg), len); + + // TODO SHOULD IMPROVE VERIFICATION METHOD IN THE FUTURE + if hex::encode(dmesg).ends_with(&hex::encode(&hash_bytes)) { + success!("Verify RSA Sign succeed."); + } else { + failure!("Verify RSA Sign failed."); + } } } }