diff --git a/src/cmd_pgpageaddress.rs b/src/cmd_pgpageaddress.rs index 48d91c2..7fdb8ba 100644 --- a/src/cmd_pgpageaddress.rs +++ b/src/cmd_pgpageaddress.rs @@ -29,7 +29,10 @@ impl Command for CommandImpl { } let encryption_public_key = match trans.public_key(KeyType::Decryption) { Ok(pub_key) => pub_key, - Err(e) => return simple_error!("Get decryption public key failed: {}", e), + Err(e) => { + failure!("Get decryption public key failed: {}", e); + continue; + } }; if let PublicKeyMaterial::E(ecc_pub) = &encryption_public_key { if let Algo::Ecc(ecc) = ecc_pub.algo() { @@ -41,11 +44,11 @@ impl Command for CommandImpl { Variant::Bech32, ), "Generate age address failed: {}"); success!("Age address: {}", age_address); - return Ok(None); } } + } else { + failure!("Not supported encryption key: {}", encryption_public_key); } - return simple_error!("Not supported encryption key: {}", encryption_public_key); } Ok(None) } diff --git a/src/cmd_pgpcarddecrypt.rs b/src/cmd_pgpcarddecrypt.rs index b7bba2f..de2a300 100644 --- a/src/cmd_pgpcarddecrypt.rs +++ b/src/cmd_pgpcarddecrypt.rs @@ -10,16 +10,16 @@ use crate::util::{base64_decode, base64_encode}; #[derive(Debug, Clone, Copy)] enum EncryptAlgo { - RSA, - ECDH, + Rsa, + Ecdh, } impl EncryptAlgo { fn from_str(algo: &str) -> XResult { match algo { - "rsa" => Ok(Self::RSA), - "x25519" | "ecdh" => Ok(Self::ECDH), - _ => return simple_error!("Unknown algo: {}", algo), + "rsa" => Ok(Self::Rsa), + "x25519" | "ecdh" => Ok(Self::Ecdh), + _ => simple_error!("Unknown algo: {}", algo), } } } @@ -68,8 +68,8 @@ impl Command for CommandImpl { success!("User pin verify success!"); let text = match algo { - EncryptAlgo::RSA => trans.decipher(Cryptogram::RSA(&cipher_bytes))?, - EncryptAlgo::ECDH => trans.decipher(Cryptogram::ECDH(&cipher_bytes))?, + EncryptAlgo::Rsa => trans.decipher(Cryptogram::RSA(&cipher_bytes))?, + EncryptAlgo::Ecdh => trans.decipher(Cryptogram::ECDH(&cipher_bytes))?, }; success!("Clear text HEX: {}", hex::encode(&text)); success!("Clear text base64: {}", base64_encode(&text)); diff --git a/src/cmd_pgpcardmake.rs b/src/cmd_pgpcardmake.rs index 69b4eec..24c5f8d 100644 --- a/src/cmd_pgpcardmake.rs +++ b/src/cmd_pgpcardmake.rs @@ -159,6 +159,9 @@ impl Command for CommandImpl { if last_pgp_rsa_private_key.is_some() { return simple_error!("Last PGP RSA private key is not none"); } last_pgp_rsa_private_key.replace(pgp_rsa_private_key); } else if let Packet::Signature(signature) = &pp.packet { + if let Signature::V3(_signature_v3) = signature { + failure!("Signature v3 is not supported."); + } if let Signature::V4(signature_v4) = signature { if let Some(sub_package) = signature_v4.hashed_area().subpacket(SubpacketTag::KeyFlags) { if let SubpacketValue::KeyFlags(key_flags) = sub_package.value() { diff --git a/src/cmd_pgpcardsign.rs b/src/cmd_pgpcardsign.rs index a0172eb..28c92e6 100644 --- a/src/cmd_pgpcardsign.rs +++ b/src/cmd_pgpcardsign.rs @@ -16,18 +16,18 @@ const BUFF_SIZE: usize = 512 * 1024; #[derive(Debug, Clone, Copy)] enum SignAlgo { - RSA, - ECDSA, - EdDSA, + Rsa, + Ecdsa, + EdDsa, } impl SignAlgo { fn from_str(algo: &str) -> XResult { match algo { - "rsa" => Ok(Self::RSA), - "ecdsa" => Ok(Self::ECDSA), - "eddsa" => Ok(Self::EdDSA), - _ => return simple_error!("Unknown algo: {}", algo), + "rsa" => Ok(Self::Rsa), + "ecdsa" => Ok(Self::Ecdsa), + "eddsa" => Ok(Self::EdDsa), + _ => simple_error!("Unknown algo: {}", algo), } } } @@ -111,15 +111,15 @@ impl Command for CommandImpl { opt_result!(trans.verify_pw1_sign(pin.as_ref()), "User sign pin verify failed: {}"); success!("User sign pin verify success!"); let sig = match algo { - SignAlgo::RSA => trans.signature_for_hash(Hash::SHA256(sha256_hex))?, - SignAlgo::ECDSA => trans.signature_for_hash(Hash::ECDSA(&sha256_hex))?, - SignAlgo::EdDSA => trans.signature_for_hash(Hash::EdDSA(&sha256_hex))?, + SignAlgo::Rsa => trans.signature_for_hash(Hash::SHA256(sha256_hex))?, + SignAlgo::Ecdsa => trans.signature_for_hash(Hash::ECDSA(&sha256_hex))?, + SignAlgo::EdDsa => trans.signature_for_hash(Hash::EdDSA(&sha256_hex))?, }; success!("SHA256 signature HEX: {}", hex::encode(&sig)); success!("SHA256 signature base64: {}", base64_encode(&sig)); if json_output { let mut entry = BTreeMap::new(); - entry.insert("digest", hex::encode(&sha256_hex)); + entry.insert("digest", hex::encode(sha256_hex)); entry.insert("signature", hex::encode(&sig)); json.insert("sha256", entry); } @@ -130,15 +130,15 @@ impl Command for CommandImpl { opt_result!(trans.verify_pw1_sign(pin.as_ref()), "User sign pin verify failed: {}"); success!("User sign pin verify success!"); let sig = match algo { - SignAlgo::RSA => trans.signature_for_hash(Hash::SHA384(sha384_hex))?, - SignAlgo::ECDSA => trans.signature_for_hash(Hash::ECDSA(&sha384_hex))?, - SignAlgo::EdDSA => trans.signature_for_hash(Hash::EdDSA(&sha384_hex))?, + SignAlgo::Rsa => trans.signature_for_hash(Hash::SHA384(sha384_hex))?, + SignAlgo::Ecdsa => trans.signature_for_hash(Hash::ECDSA(&sha384_hex))?, + SignAlgo::EdDsa => trans.signature_for_hash(Hash::EdDSA(&sha384_hex))?, }; success!("SHA384 signature HEX: {}", hex::encode(&sig)); success!("SHA384 signature base64: {}", base64_encode(&sig)); if json_output { let mut entry = BTreeMap::new(); - entry.insert("digest", hex::encode(&sha384_hex)); + entry.insert("digest", hex::encode(sha384_hex)); entry.insert("signature", hex::encode(&sig)); json.insert("sha384", entry); } @@ -149,15 +149,15 @@ impl Command for CommandImpl { opt_result!(trans.verify_pw1_sign(pin.as_ref()), "User sign pin verify failed: {}"); success!("User sign pin verify success!"); let sig = match algo { - SignAlgo::RSA => trans.signature_for_hash(Hash::SHA512(sha512_hex))?, - SignAlgo::ECDSA => trans.signature_for_hash(Hash::ECDSA(&sha512_hex))?, - SignAlgo::EdDSA => trans.signature_for_hash(Hash::EdDSA(&sha512_hex))?, + SignAlgo::Rsa => trans.signature_for_hash(Hash::SHA512(sha512_hex))?, + SignAlgo::Ecdsa => trans.signature_for_hash(Hash::ECDSA(&sha512_hex))?, + SignAlgo::EdDsa => trans.signature_for_hash(Hash::EdDSA(&sha512_hex))?, }; success!("SHA512 signature HEX: {}", hex::encode(&sig)); success!("SHA512 signature base64: {}", base64_encode(&sig)); if json_output { let mut entry = BTreeMap::new(); - entry.insert("digest", hex::encode(&sha512_hex)); + entry.insert("digest", hex::encode(sha512_hex)); entry.insert("signature", hex::encode(&sig)); json.insert("sha512", entry); } diff --git a/src/cmd_pivdecrypt.rs b/src/cmd_pivdecrypt.rs index 023be8b..bcac144 100644 --- a/src/cmd_pivdecrypt.rs +++ b/src/cmd_pivdecrypt.rs @@ -43,8 +43,8 @@ impl Command for CommandImpl { return simple_error!("Not valid encrypted data, prefix: {}", hex::encode(&decrypted_data_bytes[0..2])); } let mut index_of_00_from_index_1 = 0; - for i in 1..decrypted_data_bytes.len() { - if decrypted_data_bytes[i] == 0x00 { + for (i, byte) in decrypted_data_bytes.iter().enumerate().skip(1) { + if *byte == 0x00 { index_of_00_from_index_1 = i + 1; break; } @@ -59,8 +59,8 @@ impl Command for CommandImpl { if json_output { let mut json = BTreeMap::<&'_ str, String>::new(); json.insert("encrypted_data_hex", hex::encode(&encrypted_data)); - json.insert("decrypted_data_hex", hex::encode(&decrypted_data_bytes)); - json.insert("clear_data_hex", hex::encode(&clear_data)); + json.insert("decrypted_data_hex", hex::encode(decrypted_data_bytes)); + json.insert("clear_data_hex", hex::encode(clear_data)); json.insert("clear_data", String::from_utf8_lossy(clear_data).to_string()); println!("{}", serde_json::to_string_pretty(&json).unwrap()); } diff --git a/src/cmd_pivecdh.rs b/src/cmd_pivecdh.rs index 51a7d8e..44d99a1 100644 --- a/src/cmd_pivecdh.rs +++ b/src/cmd_pivecdh.rs @@ -66,7 +66,7 @@ impl Command for CommandImpl { let public_key_point_hex = sub_arg_matches.value_of("public-key-point-hex").unwrap_or_else(|| failure_and_exit!("--public-key, --public-key-file or --public-key-point-hex must require one")); let public_key_point_bytes = opt_result!(hex::decode(public_key_point_hex), "Parse public key point hex failed: {}"); - let encoded_point = opt_result!(EncodedPoint::from_bytes(&public_key_point_bytes), "Parse public key point failed: {}"); + let encoded_point = opt_result!(EncodedPoint::from_bytes(public_key_point_bytes), "Parse public key point failed: {}"); public_key = PublicKey::from_encoded_point(&encoded_point).unwrap(); }; @@ -109,17 +109,14 @@ impl Command for CommandImpl { } } if let Some(public_key) = &meta.public { - let algorithm_id = opt_result!(get_algorithm_id(&public_key), "Get algorithm id failed: {}"); + let algorithm_id = opt_result!(get_algorithm_id(public_key), "Get algorithm id failed: {}"); match algorithm_id { - AlgorithmId::Rsa1024 | AlgorithmId::Rsa2048 | AlgorithmId::EccP384 => { + AlgorithmId::Rsa1024 | AlgorithmId::Rsa2048 => { failure_and_exit!("Not supported algorithm: {:?}", algorithm_id); } - AlgorithmId::EccP256 => { - match algorithm_id { - AlgorithmId::EccP256 => if let Some(public) = &meta.public { - json.insert("pk_point_hex", hex::encode(public.subject_public_key.raw_bytes())); - } - _ => {} + AlgorithmId::EccP256 | AlgorithmId::EccP384 => { + if let Some(public) = &meta.public { + json.insert("pk_point_hex", hex::encode(public.subject_public_key.raw_bytes())); } } } diff --git a/src/cmd_pivecsign.rs b/src/cmd_pivecsign.rs index c9420d5..c8335e9 100644 --- a/src/cmd_pivecsign.rs +++ b/src/cmd_pivecsign.rs @@ -53,7 +53,7 @@ impl Command for CommandImpl { opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}"); } - let hash_bytes = opt_result!(hex::decode(&hash_hex), "Parse hash in hex failed: {}"); + let hash_bytes = opt_result!(hex::decode(hash_hex), "Parse hash in hex failed: {}"); if let Ok(slot_metadata) = metadata(&mut yk, slot_id) { match slot_metadata.algorithm { @@ -77,14 +77,14 @@ impl Command for CommandImpl { json.insert("slot", slot_id.to_string()); json.insert("algorithm", algorithm_str.to_string()); json.insert("hash_hex", hex::encode(&hash_bytes)); - json.insert("signed_data_hex", hex::encode(&signed_data.as_bytes())); - json.insert("signed_data_base64", base64_encode(&signed_data.as_bytes())); + json.insert("signed_data_hex", hex::encode(signed_data.as_bytes())); + json.insert("signed_data_base64", base64_encode(signed_data.as_bytes())); } else { information!("Slot: {:?}", slot_id); information!("Algorithm: {}", algorithm_str); information!("Hash hex: {}", hex::encode(&hash_bytes)); - information!("Signed data base64: {}", base64_encode(&signed_data.as_bytes())); - information!("Signed data hex: {}", hex::encode(&signed_data.as_bytes())); + information!("Signed data base64: {}", base64_encode(signed_data.as_bytes())); + information!("Signed data hex: {}", hex::encode(signed_data.as_bytes())); } if json_output { diff --git a/src/cmd_pivrsasign.rs b/src/cmd_pivrsasign.rs index f05bfe3..ff8c4e7 100644 --- a/src/cmd_pivrsasign.rs +++ b/src/cmd_pivrsasign.rs @@ -62,8 +62,8 @@ impl Command for CommandImpl { if json_output { let mut json = BTreeMap::<&'_ str, String>::new(); json.insert("hash_hex", hex::encode(&hash)); - json.insert("sign_hex", hex::encode(&sign_bytes)); - json.insert("sign_base64", base64_encode(&sign_bytes)); + json.insert("sign_hex", hex::encode(sign_bytes)); + json.insert("sign_base64", base64_encode(sign_bytes)); println!("{}", serde_json::to_string_pretty(&json).unwrap()); } else { success!("Signature HEX: {}", hex::encode(sign_bytes)); diff --git a/src/cmd_pivsummary.rs b/src/cmd_pivsummary.rs index 474a3b7..1f551ba 100644 --- a/src/cmd_pivsummary.rs +++ b/src/cmd_pivsummary.rs @@ -71,7 +71,7 @@ impl Command for CommandImpl { if show_table { let mut table = Table::new(piv_slots); table.with(Style::rounded()); - println!("{}", table.to_string()); + println!("{}", table); } Ok(None) } diff --git a/src/cmd_rsaverify.rs b/src/cmd_rsaverify.rs index b9f7e94..95a8c99 100644 --- a/src/cmd_rsaverify.rs +++ b/src/cmd_rsaverify.rs @@ -58,7 +58,7 @@ impl Command for CommandImpl { let m = BigNum::from_slice(&signature).unwrap(); let mut r = BigNum::new().unwrap(); r.mod_exp(&m, e, n, &mut BigNumContext::new().unwrap()).unwrap(); - debugging!("Signature raw HEX: 00{}", hex::encode(&r.to_vec())); + debugging!("Signature raw HEX: 00{}", hex::encode(r.to_vec())); }); let file_in = opt_value_result!(sub_arg_matches.value_of("in"), "File in --in required"); diff --git a/src/cmd_sshagent.rs b/src/cmd_sshagent.rs index dd2cad2..8d897bd 100644 --- a/src/cmd_sshagent.rs +++ b/src/cmd_sshagent.rs @@ -34,7 +34,7 @@ impl SshAgent { let mut trans = opt_result!(pgp.transaction(), "Open card failed: {}"); let serial = trans.application_related_data() .map(|d| d.application_id().map(|i| i.serial())) - .unwrap_or_else(|_| Ok(0)).unwrap_or_else(|_| 0); + .unwrap_or_else(|_| Ok(0)).unwrap_or(0); let serial = hex::encode(serial.to_be_bytes()); let public_key = opt_result!(trans.public_key(iff!(use_sign, KeyType::Signing, KeyType::Authentication)), "Cannot find signing key: {}"); let rsa_public_key = match public_key { @@ -67,11 +67,10 @@ impl SshAgent { debugging!("Request: {:?}", request); let response = match request { Message::RequestIdentities => { - let mut identities = vec![]; - identities.push(message::Identity { + let identities = vec![message::Identity { pubkey_blob: to_bytes(&self.public_key)?, comment: self.comment.clone(), - }); + }]; Ok(Message::IdentitiesAnswer(identities)) } Message::RemoveIdentity(ref _identity) => { @@ -121,7 +120,7 @@ impl SshAgent { _ => Err(From::from(format!("Unknown message: {:?}", request))) }; debugging!("Response {:?}", response); - return response; + response } } @@ -170,7 +169,7 @@ impl Command for CommandImpl { let sock_file_path = PathBuf::from("."); match std::fs::canonicalize(sock_file_path) { Ok(canonicalized_sock_file_path) => information!("SSH_AUTH_SOCK={}/{}", - canonicalized_sock_file_path.to_str().unwrap_or_else(|| "-"), sock_file), + canonicalized_sock_file_path.to_str().unwrap_or("-"), sock_file), Err(e) => warning!("Get canonicalized sock file path failed: {}", e), } diff --git a/src/cmd_u2fsign.rs b/src/cmd_u2fsign.rs index 04a7723..54dca64 100644 --- a/src/cmd_u2fsign.rs +++ b/src/cmd_u2fsign.rs @@ -116,7 +116,7 @@ impl Command for CommandImpl { json.insert("challenge", u2fv2_challenge_str.to_string()); json.insert("challenge_hash", hex::encode(&challenge_hash)); json.insert("device_info", format!("{}", &device_info)); - json.insert("signature", hex::encode(&signature)); + json.insert("signature", hex::encode(signature)); json.insert("signed_message", hex::encode(&signed_message)); json.insert("key_handle", hex::encode(&handle_used)); json.insert("sign_data", hex::encode(&sign_data)); @@ -128,7 +128,7 @@ impl Command for CommandImpl { information!("Sign result : {}", base64_encode(&sign_data)); information!("- presence : {}", user_presence_flag); information!("- counter : {}", counter_u32); - information!("- signature: {}", hex::encode(&signature)); + information!("- signature: {}", hex::encode(signature)); information!("Key handle: {}", hex::encode(&handle_used)); information!("Signed message: {}", hex::encode(&signed_message)); } diff --git a/src/fido.rs b/src/fido.rs index c46ee97..8e953b6 100644 --- a/src/fido.rs +++ b/src/fido.rs @@ -103,7 +103,7 @@ impl U2fV2Challenge { None => U2fV2Challenge::new_random(app_id, with_time_stamp_prefix), Some(challenge_hex) => { let challenge_bytes = opt_result!(hex::decode(challenge_hex), "Decode challenge hex failed: {}"); - let challenge = URL_SAFE_NO_PAD.encode(&challenge_bytes); + let challenge = URL_SAFE_NO_PAD.encode(challenge_bytes); U2fV2Challenge::new(challenge, app_id) } }) @@ -122,7 +122,7 @@ impl U2fV2Challenge { rand_bytes[..8].clone_from_slice(×tamp_be_bytes[..8]); } - let challenge = URL_SAFE_NO_PAD.encode(&rand_bytes); + let challenge = URL_SAFE_NO_PAD.encode(rand_bytes); Self::new(challenge, app_id) } diff --git a/src/pkiutil.rs b/src/pkiutil.rs index ecca688..b970355 100644 --- a/src/pkiutil.rs +++ b/src/pkiutil.rs @@ -10,7 +10,7 @@ use crate::digest::sha256_bytes; #[derive(Clone, Copy, Debug)] pub enum PkiAlgorithm { - RSA, + Rsa, P256, P384, P521, @@ -19,7 +19,7 @@ pub enum PkiAlgorithm { pub fn get_pki_algorithm(algorithm_identifier: &AlgorithmIdentifier) -> XResult { let algorithm_id_string = algorithm_identifier.algorithm.to_id_string(); if "1.2.840.113549.1.1.1" == algorithm_id_string { - return Ok(PkiAlgorithm::RSA); + return Ok(PkiAlgorithm::Rsa); } if "1.2.840.10045.2.1" == algorithm_id_string { if let Some(parameters) = &algorithm_identifier.parameters { @@ -60,8 +60,8 @@ pub fn openpgp_card_public_key_pem(public_key: &PublicKeyMaterial) -> Option<(Ve Some(rsa_public_key_pem(rsa_pub.n(), rsa_pub.v())) } PublicKeyMaterial::E(ecc_pub) => { - let ecc_pub_key_bytes_sha256 = sha256_bytes(&ecc_pub.data()); - Some((ecc_pub_key_bytes_sha256, format!("hex:{}", hex::encode(&ecc_pub.data())))) + let ecc_pub_key_bytes_sha256 = sha256_bytes(ecc_pub.data()); + Some((ecc_pub_key_bytes_sha256, format!("hex:{}", hex::encode(ecc_pub.data())))) } _ => { warning!("Unknown public key: {:?}", public_key); diff --git a/src/sshutil.rs b/src/sshutil.rs index 947b997..a021b9c 100644 --- a/src/sshutil.rs +++ b/src/sshutil.rs @@ -1,7 +1,7 @@ use crate::util::base64_encode; pub fn with_sign(mut vec: Vec) -> Vec { - if vec.len() > 0 && vec[0] >= 128 { + if !vec.is_empty() && vec[0] >= 128 { vec.insert(0, 0x00); } vec