hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.13.13

Browse Source
This commit is contained in:
Hatter Jiang
2025-06-09 22:42:12 +08:00
parent a698a852fd
commit 0bc671be7b
3 changed files with 33 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -519,7 +519,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.13.12" version = "1.13.13"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"authenticator 0.3.1", "authenticator 0.3.1",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.13.12" version = "1.13.13"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

50
src/cmd_ssh_agent.rs
View File

@@ -1,9 +1,8 @@
use std::fs::remove_file; use std::fs::remove_file;
use std::path::PathBuf; use std::path::PathBuf;
use crate::ecdsautil::{ use crate::cmdutil;
generate_ecdsa_keypair, parse_ec_public_key_to_point, parse_ecdsa_r_and_s, EcdsaAlgorithm, use crate::ecdsautil::{parse_ec_public_key_to_point, parse_ecdsa_r_and_s};
};
use crate::util::base64_encode; use crate::util::base64_encode;
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
use rsa::RsaPublicKey; use rsa::RsaPublicKey;
@@ -23,16 +22,15 @@ use tokio::net::UnixListener as Listener;
#[derive(Default, Clone)] #[derive(Default, Clone)]
struct MySshAgent { struct MySshAgent {
private_key_pem: String, parameter: String,
comment: String, comment: String,
} }
impl MySshAgent { impl MySshAgent {
fn new() -> XResult<Self> { fn new(parameter: &str) -> XResult<Self> {
let (_, private_key_pem, _, _, _) = generate_ecdsa_keypair(EcdsaAlgorithm::P256)?;
Ok(MySshAgent { Ok(MySshAgent {
private_key_pem, parameter: parameter.to_string(),
comment: "test".to_string(), comment: parameter.to_string(),
}) })
} }
} }
@@ -41,16 +39,12 @@ impl MySshAgent {
impl Session for MySshAgent { impl Session for MySshAgent {
async fn request_identities(&mut self) -> Result<Vec<Identity>, AgentError> { async fn request_identities(&mut self) -> Result<Vec<Identity>, AgentError> {
information!("request_identities"); information!("request_identities");
// let p256_private_key_d = ecdsautil::parse_p256_private_key(&self.private_key_pem).unwrap(); let identity = match get_identity(&self.parameter, &self.comment) {
let public_key_point = hex::decode( Ok(identity) => identity,
"04\ Err(e) => {
f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c1f451bb9a1593ace\ failure!("Get identity failed: {}", e);
13360bbc49c51f5213777fd873932efa44763bfcc1c764b122a8a8977bcb3e0ad099d652e63db1c5a1bda02120a16dc5", return Err(AgentError::Failure);
) }
.unwrap();
let identity = Identity {
pubkey: KeyData::Ecdsa(EcdsaPublicKey::from_sec1_bytes(&public_key_point).unwrap()),
comment: "test".to_string(),
}; };
let mut writer = vec![]; let mut writer = vec![];
identity.pubkey.encode(&mut writer).unwrap(); identity.pubkey.encode(&mut writer).unwrap();
@@ -96,7 +90,7 @@ f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c
let signature = external_command_rs::external_sign( let signature = external_command_rs::external_sign(
"card-cli", "card-cli",
"key://yubikey4-5010220:piv/p384::authentication", self.parameter.as_str(),
"ES384", "ES384",
&request.data, &request.data,
) )
@@ -123,20 +117,24 @@ f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c
} }
} }
fn get_identity(uri: &str) -> XResult<Identity> { fn get_identity(uri: &str, comment: &str) -> XResult<Identity> {
let public_key_bytes = external_command_rs::external_public_key("card-cli", uri)?; let public_key_bytes = external_command_rs::external_public_key("card-cli", uri)?;
let ec_point = parse_ec_public_key_to_point(&public_key_bytes).unwrap(); // TODO ... if let Ok(ec_point) = parse_ec_public_key_to_point(&public_key_bytes) {
let identity = Identity { let identity = Identity {
pubkey: KeyData::Ecdsa(EcdsaPublicKey::from_sec1_bytes(&ec_point).unwrap()), pubkey: KeyData::Ecdsa(EcdsaPublicKey::from_sec1_bytes(&ec_point).unwrap()),
comment: "test".to_string(), comment: comment.to_string(),
}; };
return Ok(identity);
}
let rsa_public_key = RsaPublicKey::from_public_key_der(&public_key_bytes).unwrap(); if let Ok(rsa_public_key) = RsaPublicKey::from_public_key_der(&public_key_bytes) {
let identity = Identity { let identity = Identity {
pubkey: KeyData::Rsa(ssh_key::public::RsaPublicKey::try_from(&rsa_public_key).unwrap()), pubkey: KeyData::Rsa(ssh_key::public::RsaPublicKey::try_from(&rsa_public_key).unwrap()),
comment: "test".to_string(), comment: comment.to_string(),
}; };
return Ok(identity);
}
simple_error!("Unknown uri algorithm: {}", uri) simple_error!("Unknown uri algorithm: {}", uri)
} }
@@ -157,6 +155,7 @@ impl Command for CommandImpl {
.default_value("connect.ssh") .default_value("connect.ssh")
.help("Sock file, usage SSH_AUTH_SOCK=sock-file ssh ..."), .help("Sock file, usage SSH_AUTH_SOCK=sock-file ssh ..."),
) )
.arg(cmdutil::build_parameter_arg())
} }
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError { fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
@@ -164,6 +163,7 @@ impl Command for CommandImpl {
debugging!("Sub args: {:?}", sub_arg_matches); debugging!("Sub args: {:?}", sub_arg_matches);
let parameter = sub_arg_matches.value_of("parameter").unwrap();
let sock_file = sub_arg_matches.value_of("sock-file").unwrap(); let sock_file = sub_arg_matches.value_of("sock-file").unwrap();
information!("Sock file: {}", sock_file); information!("Sock file: {}", sock_file);
@@ -192,7 +192,7 @@ impl Command for CommandImpl {
rt.block_on(async move { rt.block_on(async move {
listen( listen(
Listener::bind(sock_file).unwrap(), Listener::bind(sock_file).unwrap(),
MySshAgent::new().unwrap(), MySshAgent::new(parameter).unwrap(),
) )
.await .await
.unwrap(); .unwrap();