From 1fc9b0d1baee9311f4a1684e19efd2a47f1f6fac Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sat, 4 Nov 2023 22:09:16 +0800
Subject: [PATCH] feat: add argsutil

---
 Cargo.lock             |  2 +-
 Cargo.toml             |  2 +-
 src/argsutil.rs        | 22 ++++++++++++++++++++++
 src/cmd_pivecsign.rs   | 14 ++++----------
 src/cmd_pivgenerate.rs |  4 ++--
 src/cmd_pivverify.rs   | 19 +++++++------------
 src/main.rs            |  1 +
 7 files changed, 38 insertions(+), 26 deletions(-)
 create mode 100644 src/argsutil.rs

diff --git a/Cargo.lock b/Cargo.lock
index 373141b..2f700ef 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -326,7 +326,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.7.9"
+version = "1.7.10"
 dependencies = [
  "authenticator",
  "base64 0.21.4",
diff --git a/Cargo.toml b/Cargo.toml
index 2a306e4..58a53be 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.7.9"
+version = "1.7.10"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 
diff --git a/src/argsutil.rs b/src/argsutil.rs
new file mode 100644
index 0000000..e55384f
--- /dev/null
+++ b/src/argsutil.rs
@@ -0,0 +1,22 @@
+use std::fs::File;
+use std::io::Read;
+
+use clap::ArgMatches;
+use rust_util::XResult;
+
+use crate::digest::{sha256, sha256_bytes};
+
+pub fn get_sha256_digest_or_hash(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
+    if let Some(file) = sub_arg_matches.value_of("file") {
+        let mut f = opt_result!(File::open(file), "Open file: {} failed: {}", file);
+        let mut content = vec![];
+        opt_result!(f.read_to_end(&mut content), "Read file: {} failed: {}", file);
+        Ok(sha256_bytes(&content))
+    } else if let Some(input) = sub_arg_matches.value_of("input") {
+        Ok(sha256(input))
+    } else if let Some(hash_hex) = sub_arg_matches.value_of("hash-hex") {
+        Ok(opt_result!(hex::decode(hash_hex), "Parse hash-hex failed: {}"))
+    } else {
+        simple_error!("--file, --input or --hash-hex must assign at least one")
+    }
+}
\ No newline at end of file
diff --git a/src/cmd_pivecsign.rs b/src/cmd_pivecsign.rs
index c8335e9..9e60d32 100644
--- a/src/cmd_pivecsign.rs
+++ b/src/cmd_pivecsign.rs
@@ -7,8 +7,7 @@ use x509_parser::nom::AsBytes;
 use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, metadata, sign_data};
 use yubikey::YubiKey;
 
-use crate::digest::sha256;
-use crate::pivutil;
+use crate::{argsutil, pivutil};
 use crate::util::base64_encode;
 
 pub struct CommandImpl;
@@ -20,9 +19,10 @@ impl Command for CommandImpl {
         SubCommand::with_name(self.name()).about("PIV EC Sign(with SHA256) subcommand")
             .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("PIV card user pin"))
             .arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
-            .arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash"))
             .arg(Arg::with_name("algorithm").short("a").long("algorithm").takes_value(true).help("Algorithm, p256 or p384"))
+            .arg(Arg::with_name("file").short("f").long("file").takes_value(true).help("Input file"))
             .arg(Arg::with_name("input").short("i").long("input").takes_value(true).help("Input"))
+            .arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash"))
             .arg(Arg::with_name("json").long("json").help("JSON output"))
     }
 
@@ -35,11 +35,7 @@ impl Command for CommandImpl {
         let pin_opt = sub_arg_matches.value_of("pin");
 
         let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e");
-        let hash_hex = if let Some(input) = sub_arg_matches.value_of("input") {
-            hex::encode(sha256(input))
-        } else {
-            opt_value_result!(sub_arg_matches.value_of("hash-hex"), "--hash-hex must assigned").to_string()
-        };
+        let hash_bytes = argsutil::get_sha256_digest_or_hash(sub_arg_matches)?;
         let (algorithm, algorithm_str) = match sub_arg_matches.value_of("algorithm") {
             None | Some("p256") => (AlgorithmId::EccP256, "ecdsa_p256_with_sha256"),
             Some("p384") => (AlgorithmId::EccP384, "ecdsa_p384_with_sha256"),
@@ -53,8 +49,6 @@ impl Command for CommandImpl {
             opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
         }
 
-        let hash_bytes = opt_result!(hex::decode(hash_hex), "Parse hash in hex failed: {}");
-
         if let Ok(slot_metadata) = metadata(&mut yk, slot_id) {
             match slot_metadata.algorithm {
                 ManagementAlgorithmId::PinPuk | ManagementAlgorithmId::ThreeDes => {
diff --git a/src/cmd_pivgenerate.rs b/src/cmd_pivgenerate.rs
index 0694f7f..98c4087 100644
--- a/src/cmd_pivgenerate.rs
+++ b/src/cmd_pivgenerate.rs
@@ -1,7 +1,7 @@
 use clap::{App, Arg, ArgMatches, SubCommand};
 use rust_util::util_clap::{Command, CommandError};
 use rust_util::util_msg;
-use yubikey::{piv, PinPolicy, TouchPolicy, YubiKey};
+use yubikey::{PinPolicy, piv, TouchPolicy, YubiKey};
 use yubikey::piv::{AlgorithmId, SlotId};
 
 pub struct CommandImpl;
@@ -11,7 +11,7 @@ impl Command for CommandImpl {
 
     fn subcommand<'a>(&self) -> App<'a, 'a> {
         SubCommand::with_name(self.name()).about("PIV Generate subcommand")
-            .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).default_value("123456").help("OpenPGP card user pin"))
+            .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("OpenPGP card user pin"))
             .arg(Arg::with_name("json").long("json").help("JSON output"))
     }
 
diff --git a/src/cmd_pivverify.rs b/src/cmd_pivverify.rs
index 410402f..9e9c5bc 100644
--- a/src/cmd_pivverify.rs
+++ b/src/cmd_pivverify.rs
@@ -6,8 +6,7 @@ use rust_util::util_clap::{Command, CommandError};
 use yubikey::{Key, YubiKey};
 use yubikey::piv::{AlgorithmId, SlotId};
 
-use crate::{ecdsautil, pivutil};
-use crate::digest::sha256;
+use crate::{argsutil, ecdsautil, pivutil};
 use crate::ecdsautil::EcdsaAlgorithm;
 use crate::pivutil::slot_equals;
 
@@ -19,9 +18,10 @@ impl Command for CommandImpl {
     fn subcommand<'a>(&self) -> App<'a, 'a> {
         SubCommand::with_name(self.name()).about("PIV verify subcommand")
             .arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
+            .arg(Arg::with_name("signature-hex").short("t").long("signature-hex").takes_value(true).help("Signature"))
+            .arg(Arg::with_name("file").short("f").long("file").takes_value(true).help("Input file"))
             .arg(Arg::with_name("input").short("i").long("input").takes_value(true).help("Input"))
             .arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash"))
-            .arg(Arg::with_name("signature-hex").short("t").long("signature-hex").takes_value(true).help("Signature"))
             .arg(Arg::with_name("json").long("json").help("JSON output"))
     }
 
@@ -29,12 +29,7 @@ impl Command for CommandImpl {
         let json_output = sub_arg_matches.is_present("json");
         if json_output { util_msg::set_logger_std_out(false); }
 
-        let hash_hex = if let Some(input) = sub_arg_matches.value_of("input") {
-            hex::encode(sha256(input))
-        } else {
-            opt_value_result!(sub_arg_matches.value_of("hash-hex"), "--hash-hex must assigned").to_string()
-        };
-        let hash = opt_result!(hex::decode(hash_hex), "Parse hash in hex failed: {}");
+        let hash_bytes = argsutil::get_sha256_digest_or_hash(sub_arg_matches)?;
         let signature = if let Some(signature_hex) = sub_arg_matches.value_of("signature-hex") {
             opt_result!(hex::decode(signature_hex), "Parse signature-hex failed: {}")
         } else {
@@ -56,16 +51,16 @@ impl Command for CommandImpl {
                     AlgorithmId::EccP256 | AlgorithmId::EccP384 => {
                         let pk_point = public_key_bit_string.raw_bytes();
                         debugging!("ECDSA public key point: {}", hex::encode(pk_point));
-                        debugging!("Pre hash: {}", hex::encode(&hash));
+                        information!("Pre hash: {}", hex::encode(&hash_bytes));
                         debugging!("Signature: {}", hex::encode(&signature));
                         if json_output {
                             json.insert("public_key_hex", hex::encode(pk_point));
-                            json.insert("hash_hex", hex::encode(&hash));
+                            json.insert("hash_hex", hex::encode(&hash_bytes));
                             json.insert("signature_hex", hex::encode(&signature));
                         }
 
                         let algorithm = iff!(algorithm_id == AlgorithmId::EccP256, EcdsaAlgorithm::P256, EcdsaAlgorithm::P384);
-                        match ecdsautil::ecdsaverify(algorithm, pk_point, &hash, &signature) {
+                        match ecdsautil::ecdsaverify(algorithm, pk_point, &hash_bytes, &signature) {
                             Ok(_) => {
                                 success!("Verify ECDSA succeed.");
                                 if json_output {
diff --git a/src/main.rs b/src/main.rs
index 2a4dbd8..d767af3 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -13,6 +13,7 @@ mod rsautil;
 mod pkiutil;
 mod hmacutil;
 mod ecdsautil;
+mod argsutil;
 mod pgpcardutil;
 mod cmd_list;
 mod cmd_u2fregister;