feat: u2f

src/sign.rs

@@ -1,11 +1,12 @@
 use clap::{ArgMatches, SubCommand, App, Arg};
 use crate::cmd::{Command, CommandError};
-use authenticator::{KeyHandle, AuthenticatorTransports, SignFlags, StatusUpdate};
+use authenticator::{KeyHandle, AuthenticatorTransports, SignFlags};
 use std::sync::mpsc::channel;
 use authenticator::statecallback::StateCallback;
 use authenticator::authenticatorservice::AuthenticatorService;
-use sha2::{Sha256, Digest};
-use std::thread;
+use crate::fido;
+use crate::digest;
+use crate::fido::U2fV2Challenge;
 
 pub struct CommandImpl;
 
@@ -14,21 +15,30 @@ impl Command for CommandImpl {
     fn subcommand<'a>(&self) -> App<'a, 'a> {
         SubCommand::with_name(self.name()).about("Sign subcommand")
             .arg(Arg::with_name("app-id").long("app-id").default_value("https://example.com").help("App id"))
-            .arg(Arg::with_name("key-handle").long("key-handle").takes_value(true).help("Key handle"))
+            .arg(Arg::with_name("timeout").long("timeout").default_value("10").help("Timeout in seconds"))
+            .arg(Arg::with_name("key-handle").long("key-handle").takes_value(true).multiple(true).help("Key handle"))
     }
     fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
         let app_id = sub_arg_matches.value_of("app-id").unwrap();
-        let key_handle = opt_value_result!( sub_arg_matches.value_of("key-handle"), "Key handle is required");
+        let timeout_ms = match sub_arg_matches.value_of("timeout").unwrap().parse::<u32>() {
+            Ok(t) => (t * 1000) as u64,
+            Err(e) => return simple_error!("Timeout should be a number: {}", e),
+        };
+        let key_handles = opt_value_result!( sub_arg_matches.values_of("key-handle"), "Key handle is required");
 
-        // opt_result!(hex::decode(key_handle),"{}", "");
-        let credential = match hex::decode(key_handle) {
-            Ok(c) => c,
-            Err(e) => return simple_error!("Key handle decode failed: {}", e),
-        };
-        let key_handle = KeyHandle {
-            credential,
-            transports: AuthenticatorTransports::empty(),
-        };
+        let mut request_key_handles = vec![];
+        for kh in key_handles {
+            match hex::decode(kh) {
+                Ok(k) => request_key_handles.push(KeyHandle {
+                    credential: k,
+                    transports: AuthenticatorTransports::empty(),
+                }),
+                Err(e) => warning!("Parse key handle: {}, failed: {}", kh, e),
+            }
+        }
+        if request_key_handles.is_empty() {
+            return simple_error!("No valid key handle provided");
+        }
 
         let flags = SignFlags::empty();
         let (sign_tx, sign_rx) = channel();
@@ -37,50 +47,23 @@ impl Command for CommandImpl {
             sign_tx.send(rv).unwrap();
         }));
 
-        let mut manager = AuthenticatorService::new()?;
-        manager.add_u2f_usb_hid_platform_transports();
+        let u2fv2_challenge = U2fV2Challenge::new_random(app_id);
+        let chall_bytes = digest::sha256(&u2fv2_challenge.to_json());
 
-        let timeout_ms = 10000;
+        let app_bytes = digest::sha256(app_id);
 
-        // let u2fv2_challenge = U2fV2Challenge::new_random(app_id);
-        let challenge_str = "aaaa".to_owned();// serde_json::to_string(&u2fv2_challenge).unwrap();
-
-        let mut challenge = Sha256::default();
-        Digest::update(&mut challenge, challenge_str.as_bytes());
-        let chall_bytes = challenge.finalize().to_vec();
-
-        let mut application = Sha256::default();
-        // application.update(app_id.as_bytes());
-        Digest::update(&mut application, app_id.as_bytes());
-        let app_bytes = application.finalize().to_vec();
-
-        let (status_tx, status_rx) = channel::<StatusUpdate>();
-        thread::spawn(move || loop {
-            match status_rx.recv() {
-                Ok(StatusUpdate::DeviceAvailable { dev_info }) => {
-                    debugging!("STATUS: device available: {}", dev_info)
-                }
-                Ok(StatusUpdate::DeviceUnavailable { dev_info }) => {
-                    debugging!("STATUS: device unavailable: {}", dev_info)
-                }
-                Ok(StatusUpdate::Success { dev_info }) => {
-                    debugging!("STATUS: success using device: {}", dev_info);
-                }
-                Err(_recv_error) => {
-                    debugging!("STATUS: end");
-                    return;
-                }
-            }
-        });
+        let status_tx = fido::start_status_updater();
 
         information!("Start sign...");
         information!("App id: {}", app_id);
+        let mut manager = AuthenticatorService::new()?;
+        manager.add_u2f_usb_hid_platform_transports();
         if let Err(e) = manager.sign(
             flags,
             timeout_ms,
             chall_bytes,
             vec![app_bytes],
-            vec![key_handle],
+            request_key_handles,
             status_tx,
             callback,
         ) {
@@ -92,11 +75,10 @@ impl Command for CommandImpl {
             .expect("Problem receiving, unable to continue");
         let (_, handle_used, sign_data, device_info) = sign_result.expect("Sign failed");
 
-        println!("Sign result: {}", base64::encode(&sign_data));
-        println!("Key handle used: {}", base64::encode(&handle_used));
-        println!("Key handle used: {}", hex::encode(&handle_used));
-        println!("Device info: {}", &device_info);
-        println!("Done.");
+        success!("Device info: {}", &device_info);
+        success!("Sign result: {}", base64::encode(&sign_data));
+        success!("Key handle used: {}", base64::encode(&handle_used));
+        success!("Key handle used: {}", hex::encode(&handle_used));
 
         Ok(())
     }