hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.13.1

Browse Source
This commit is contained in:
Hatter Jiang
2025-05-08 22:29:19 +08:00
parent a1ae0ff4dc
commit 0b9ec436ba
7 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -508,7 +508,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.13.0" version = "1.13.1"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"authenticator 0.3.1", "authenticator 0.3.1",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.13.0" version = "1.13.1"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

3
src/cmd_external_public_key.rs
View File

@@ -55,8 +55,9 @@ fn fetch_public_key(parameter: &str, serial_opt: &Option<&str>) -> XResult<Vec<u
if key.usage != KeyUsage::Singing { if key.usage != KeyUsage::Singing {
simple_error!("Not singing key") simple_error!("Not singing key")
} else { } else {
let private_key = cmd_hmac_decrypt::try_decrypt(&key.private_key)?;
let (_, public_key_der, _) = let (_, public_key_der, _) =
seutil::recover_secure_enclave_p256_public_key(&key.private_key, true)?; seutil::recover_secure_enclave_p256_public_key(&private_key, true)?;
Ok(public_key_der) Ok(public_key_der)
} }
} }

3
src/cmd_external_sign.rs
View File

@@ -65,7 +65,8 @@ pub fn sign(alg: &str, message: &[u8], key_uri: KeyUri, sub_arg_matches: &ArgMat
if key.usage != KeyUsage::Singing { if key.usage != KeyUsage::Singing {
return simple_error!("Not singing key"); return simple_error!("Not singing key");
} }
seutil::secure_enclave_p256_sign(&key.private_key, message) let private_key = cmd_hmac_decrypt::try_decrypt(&key.private_key)?;
seutil::secure_enclave_p256_sign(&private_key, message)
} }
KeyUri::YubikeyPivKey(key) => { KeyUri::YubikeyPivKey(key) => {
let mut yk = yubikeyutil::open_yubikey_with_args(sub_arg_matches)?; let mut yk = yubikeyutil::open_yubikey_with_args(sub_arg_matches)?;

4
src/cmd_se_ecdh.rs
View File

@@ -35,7 +35,6 @@ impl Command for CommandImpl {
let key = sub_arg_matches.value_of("key").unwrap(); let key = sub_arg_matches.value_of("key").unwrap();
let epk = sub_arg_matches.value_of("epk").unwrap(); let epk = sub_arg_matches.value_of("epk").unwrap();
let key = cmd_hmac_decrypt::try_decrypt(key)?;
let key_uri = parse_key_uri(&key)?; let key_uri = parse_key_uri(&key)?;
let se_key_uri = key_uri.as_secure_enclave_key()?; let se_key_uri = key_uri.as_secure_enclave_key()?;
debugging!("Secure enclave key URI: {:?}", se_key_uri); debugging!("Secure enclave key URI: {:?}", se_key_uri);
@@ -59,8 +58,9 @@ impl Command for CommandImpl {
opt_result!(hex::decode(epk), "Decode public key from hex failed: {}") opt_result!(hex::decode(epk), "Decode public key from hex failed: {}")
}; };
let private_key = cmd_hmac_decrypt::try_decrypt(&se_key_uri.private_key)?;
let dh = seutil::secure_enclave_p256_dh( let dh = seutil::secure_enclave_p256_dh(
&se_key_uri.private_key, &private_key,
&ephemeral_public_key_der_bytes, &ephemeral_public_key_der_bytes,
)?; )?;
let dh_hex = hex::encode(&dh); let dh_hex = hex::encode(&dh);

4
src/cmd_se_ecsign.rs
View File

@@ -45,12 +45,12 @@ impl Command for CommandImpl {
Some(input) => input.as_bytes().to_vec(), Some(input) => input.as_bytes().to_vec(),
}; };
let key = cmd_hmac_decrypt::try_decrypt(key)?;
let key_uri = parse_key_uri(&key)?; let key_uri = parse_key_uri(&key)?;
let se_key_uri = key_uri.as_secure_enclave_key()?; let se_key_uri = key_uri.as_secure_enclave_key()?;
debugging!("Secure enclave key URI: {:?}", se_key_uri); debugging!("Secure enclave key URI: {:?}", se_key_uri);
let signature = seutil::secure_enclave_p256_sign(&se_key_uri.private_key, &input_bytes)?; let private_key = cmd_hmac_decrypt::try_decrypt(&se_key_uri.private_key)?;
let signature = seutil::secure_enclave_p256_sign(&private_key, &input_bytes)?;
if json_output { if json_output {
let mut json = BTreeMap::<&'_ str, String>::new(); let mut json = BTreeMap::<&'_ str, String>::new();

4
src/cmd_se_generate.rs
View File

@@ -60,6 +60,8 @@ impl Command for CommandImpl {
let (public_key_point, public_key_der, private_key) = let (public_key_point, public_key_der, private_key) =
seutil::generate_secure_enclave_p256_keypair(sign, require_bio)?; seutil::generate_secure_enclave_p256_keypair(sign, require_bio)?;
let private_key = cmd_hmac_encrypt::do_encrypt(&private_key, &mut None, sub_arg_matches)?;
let key_uri = format!( let key_uri = format!(
"key://{}:se/p256:{}:{}", "key://{}:se/p256:{}:{}",
host, host,
@@ -67,8 +69,6 @@ impl Command for CommandImpl {
private_key, private_key,
); );
let key_uri = cmd_hmac_encrypt::do_encrypt(&key_uri, &mut None, sub_arg_matches)?;
print_se_key(json_output, &public_key_point, &public_key_der, &key_uri); print_se_key(json_output, &public_key_point, &public_key_der, &key_uri);
Ok(None) Ok(None)
} }