chore: reorg cmd

2022-03-27 13:02:57 +08:00
parent c9b9607eab
commit 0ea52ddfee
3 changed files with 6 additions and 6 deletions
--- a/src/cmd_u2fregister.rs
+++ b/src/cmd_u2fregister.rs
@@ -0,0 +1,118 @@
+use std::sync::mpsc::channel;
+
+use authenticator::authenticatorservice::AuthenticatorService;
+use authenticator::RegisterFlags;
+use authenticator::statecallback::StateCallback;
+use clap::{App, Arg, ArgMatches, SubCommand};
+use rust_util::util_clap::{Command, CommandError};
+
+use crate::digest;
+use crate::fido;
+use crate::fido::{U2fRegistrationData, U2fV2Challenge};
+
+pub struct CommandImpl;
+
+impl Command for CommandImpl {
+    fn name(&self) -> &str { "u2f-register" }
+
+    fn subcommand<'a>(&self) -> App<'a, 'a> {
+        SubCommand::with_name(self.name()).about("FIDO U2F Register subcommand")
+            .arg(Arg::with_name("app-id").short("a").long("app-id").default_value("https://example.com").help("App id"))
+            .arg(Arg::with_name("timeout").short("t").long("timeout").default_value("10").help("Timeout in seconds"))
+            .arg(Arg::with_name("json").long("json").help("JSON output"))
+    }
+
+    fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
+        let json_output = sub_arg_matches.is_present("json");
+        if json_output { rust_util::util_msg::set_logger_std_out(false); }
+
+        let app_id = sub_arg_matches.value_of("app-id").unwrap();
+        let timeout_ms = match sub_arg_matches.value_of("timeout").unwrap().parse::<u32>() {
+            Ok(t) => (t * 1000) as u64,
+            Err(e) => return simple_error!("Timeout should be a number: {}", e),
+        };
+
+        let u2fv2_challenge = U2fV2Challenge::new_random(app_id);
+        let u2fv2_challenge_str = u2fv2_challenge.to_json();
+        let chall_bytes = digest::sha256(&u2fv2_challenge_str);
+
+        let app_bytes = digest::sha256(app_id);
+
+        let flags = RegisterFlags::empty();
+
+        let status_tx = fido::start_status_updater();
+
+        let (register_tx, register_rx) = channel();
+        let callback = StateCallback::new(Box::new(move |rv| {
+            register_tx.send(rv).unwrap();
+        }));
+
+        information!("Start U2F register...");
+        information!("App id: {}", app_id);
+        debugging!("Wait timeout: {} ms", timeout_ms);
+        let mut manager = AuthenticatorService::new()?;
+        manager.add_u2f_usb_hid_platform_transports();
+        manager.register(
+            flags,
+            timeout_ms,
+            chall_bytes,
+            app_bytes,
+            vec![],
+            status_tx,
+            callback,
+        )?;
+
+        let register_result = register_rx.recv()?;
+
+        let u2f_registration_data = U2fRegistrationData::from(app_id, &u2fv2_challenge_str, register_result?);
+
+        match u2f_registration_data {
+            Ok(data) => {
+                if json_output {
+                    println!("{}", serde_json::to_string_pretty(&data).unwrap());
+                } else {
+                    success!("Device info: {}", data.device_info);
+                    success!("Register challenge: {}", u2fv2_challenge_str);
+                    success!("Register challenge base64: {}", base64::encode(&u2fv2_challenge_str));
+                    if let Some(cert) = data.attestation_cert_pem {
+                        success!("Certificate: {}", cert);
+                    }
+                    if let Some(device_name) = data.device_name {
+                        success!("Device name: {}", device_name);
+                    }
+                    success!("Public key: {}", data.pub_key);
+                    success!("Key handle: {}", data.key_handle);
+                }
+            }
+            Err(e) => {
+                return simple_error!("Parse registration data failed: {}", e);
+            }
+        }
+        Ok(None)
+    }
+}
+//
+// // U2F raw message format specification (version 20170411) section 4.3
+// // In case of success we need to send back the following reply
+// // (excluding ISO7816 success code)
+// // +------+--------------------+---------------------+------------+------------+------+
+// // + 0x05 | User pub key (65B) | key handle len (1B) | key handle | X.509 Cert | Sign |
+// // +------+--------------------+---------------------+------------+------------+------+
+// //
+// // Where Sign is an ECDSA signature over the following structure:
+// // +------+-------------------+-----------------+------------+--------------------+
+// // + 0x00 | application (32B) | challenge (32B) | key handle | User pub key (65B) |
+// // +------+-------------------+-----------------+------------+--------------------+
+// // see https://github.com/google/OpenSK/blob/stable/src/ctap/ctap1.rs
+// fn u2f_get_key_handle_from_register_response(register_response: &[u8]) -> XResult<Vec<u8>> {
+//     if register_response[0] != 0x05 {
+//         return simple_error!("Reserved byte not set correctly");
+//     }
+//
+//     let key_handle_len = register_response[66] as usize;
+//     let mut public_key = register_response.to_owned();
+//     let mut key_handle = public_key.split_off(67);
+//     let _attestation = key_handle.split_off(key_handle_len);
+//
+//     Ok(key_handle)
+// }