hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add argsutil

Browse Source
This commit is contained in:
Hatter Jiang
2023-11-04 22:09:16 +08:00
parent 7cfe51fa96
commit 1fc9b0d1ba
7 changed files with 38 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -326,7 +326,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.7.9" version = "1.7.10"
dependencies = [ dependencies = [
"authenticator", "authenticator",
"base64 0.21.4", "base64 0.21.4",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.7.9" version = "1.7.10"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

22
src/argsutil.rs Normal file
View File

@@ -0,0 +1,22 @@
use std::fs::File;
use std::io::Read;
use clap::ArgMatches;
use rust_util::XResult;
use crate::digest::{sha256, sha256_bytes};
pub fn get_sha256_digest_or_hash(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
if let Some(file) = sub_arg_matches.value_of("file") {
let mut f = opt_result!(File::open(file), "Open file: {} failed: {}", file);
let mut content = vec![];
opt_result!(f.read_to_end(&mut content), "Read file: {} failed: {}", file);
Ok(sha256_bytes(&content))
} else if let Some(input) = sub_arg_matches.value_of("input") {
Ok(sha256(input))
} else if let Some(hash_hex) = sub_arg_matches.value_of("hash-hex") {
Ok(opt_result!(hex::decode(hash_hex), "Parse hash-hex failed: {}"))
} else {
simple_error!("--file, --input or --hash-hex must assign at least one")
}
}

14
src/cmd_pivecsign.rs
View File

@@ -7,8 +7,7 @@ use x509_parser::nom::AsBytes;
use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, metadata, sign_data}; use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, metadata, sign_data};
use yubikey::YubiKey; use yubikey::YubiKey;
use crate::digest::sha256; use crate::{argsutil, pivutil};
use crate::pivutil;
use crate::util::base64_encode; use crate::util::base64_encode;
pub struct CommandImpl; pub struct CommandImpl;
@@ -20,9 +19,10 @@ impl Command for CommandImpl {
SubCommand::with_name(self.name()).about("PIV EC Sign(with SHA256) subcommand") SubCommand::with_name(self.name()).about("PIV EC Sign(with SHA256) subcommand")
.arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("PIV card user pin")) .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("PIV card user pin"))
.arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e")) .arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
.arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash"))
.arg(Arg::with_name("algorithm").short("a").long("algorithm").takes_value(true).help("Algorithm, p256 or p384")) .arg(Arg::with_name("algorithm").short("a").long("algorithm").takes_value(true).help("Algorithm, p256 or p384"))
.arg(Arg::with_name("file").short("f").long("file").takes_value(true).help("Input file"))
.arg(Arg::with_name("input").short("i").long("input").takes_value(true).help("Input")) .arg(Arg::with_name("input").short("i").long("input").takes_value(true).help("Input"))
.arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash"))
.arg(Arg::with_name("json").long("json").help("JSON output")) .arg(Arg::with_name("json").long("json").help("JSON output"))
} }
@@ -35,11 +35,7 @@ impl Command for CommandImpl {
let pin_opt = sub_arg_matches.value_of("pin"); let pin_opt = sub_arg_matches.value_of("pin");
let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"); let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e");
let hash_hex = if let Some(input) = sub_arg_matches.value_of("input") { let hash_bytes = argsutil::get_sha256_digest_or_hash(sub_arg_matches)?;
hex::encode(sha256(input))
} else {
opt_value_result!(sub_arg_matches.value_of("hash-hex"), "--hash-hex must assigned").to_string()
};
let (algorithm, algorithm_str) = match sub_arg_matches.value_of("algorithm") { let (algorithm, algorithm_str) = match sub_arg_matches.value_of("algorithm") {
None | Some("p256") => (AlgorithmId::EccP256, "ecdsa_p256_with_sha256"), None | Some("p256") => (AlgorithmId::EccP256, "ecdsa_p256_with_sha256"),
Some("p384") => (AlgorithmId::EccP384, "ecdsa_p384_with_sha256"), Some("p384") => (AlgorithmId::EccP384, "ecdsa_p384_with_sha256"),
@@ -53,8 +49,6 @@ impl Command for CommandImpl {
opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}"); opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
} }
let hash_bytes = opt_result!(hex::decode(hash_hex), "Parse hash in hex failed: {}");
if let Ok(slot_metadata) = metadata(&mut yk, slot_id) { if let Ok(slot_metadata) = metadata(&mut yk, slot_id) {
match slot_metadata.algorithm { match slot_metadata.algorithm {
ManagementAlgorithmId::PinPuk | ManagementAlgorithmId::ThreeDes => { ManagementAlgorithmId::PinPuk | ManagementAlgorithmId::ThreeDes => {

4
src/cmd_pivgenerate.rs
View File

@@ -1,7 +1,7 @@
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
use rust_util::util_clap::{Command, CommandError}; use rust_util::util_clap::{Command, CommandError};
use rust_util::util_msg; use rust_util::util_msg;
use yubikey::{piv, PinPolicy, TouchPolicy, YubiKey}; use yubikey::{PinPolicy, piv, TouchPolicy, YubiKey};
use yubikey::piv::{AlgorithmId, SlotId}; use yubikey::piv::{AlgorithmId, SlotId};
pub struct CommandImpl; pub struct CommandImpl;
@@ -11,7 +11,7 @@ impl Command for CommandImpl {
fn subcommand<'a>(&self) -> App<'a, 'a> { fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("PIV Generate subcommand") SubCommand::with_name(self.name()).about("PIV Generate subcommand")
.arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).default_value("123456").help("OpenPGP card user pin")) .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("OpenPGP card user pin"))
.arg(Arg::with_name("json").long("json").help("JSON output")) .arg(Arg::with_name("json").long("json").help("JSON output"))
} }

19
src/cmd_pivverify.rs
View File

@@ -6,8 +6,7 @@ use rust_util::util_clap::{Command, CommandError};
use yubikey::{Key, YubiKey}; use yubikey::{Key, YubiKey};
use yubikey::piv::{AlgorithmId, SlotId}; use yubikey::piv::{AlgorithmId, SlotId};
use crate::{ecdsautil, pivutil}; use crate::{argsutil, ecdsautil, pivutil};
use crate::digest::sha256;
use crate::ecdsautil::EcdsaAlgorithm; use crate::ecdsautil::EcdsaAlgorithm;
use crate::pivutil::slot_equals; use crate::pivutil::slot_equals;
@@ -19,9 +18,10 @@ impl Command for CommandImpl {
fn subcommand<'a>(&self) -> App<'a, 'a> { fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("PIV verify subcommand") SubCommand::with_name(self.name()).about("PIV verify subcommand")
.arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e")) .arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
.arg(Arg::with_name("signature-hex").short("t").long("signature-hex").takes_value(true).help("Signature"))
.arg(Arg::with_name("file").short("f").long("file").takes_value(true).help("Input file"))
.arg(Arg::with_name("input").short("i").long("input").takes_value(true).help("Input")) .arg(Arg::with_name("input").short("i").long("input").takes_value(true).help("Input"))
.arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash")) .arg(Arg::with_name("hash-hex").short("x").long("hash-hex").takes_value(true).help("Hash"))
.arg(Arg::with_name("signature-hex").short("t").long("signature-hex").takes_value(true).help("Signature"))
.arg(Arg::with_name("json").long("json").help("JSON output")) .arg(Arg::with_name("json").long("json").help("JSON output"))
} }
@@ -29,12 +29,7 @@ impl Command for CommandImpl {
let json_output = sub_arg_matches.is_present("json"); let json_output = sub_arg_matches.is_present("json");
if json_output { util_msg::set_logger_std_out(false); } if json_output { util_msg::set_logger_std_out(false); }
let hash_hex = if let Some(input) = sub_arg_matches.value_of("input") { let hash_bytes = argsutil::get_sha256_digest_or_hash(sub_arg_matches)?;
hex::encode(sha256(input))
} else {
opt_value_result!(sub_arg_matches.value_of("hash-hex"), "--hash-hex must assigned").to_string()
};
let hash = opt_result!(hex::decode(hash_hex), "Parse hash in hex failed: {}");
let signature = if let Some(signature_hex) = sub_arg_matches.value_of("signature-hex") { let signature = if let Some(signature_hex) = sub_arg_matches.value_of("signature-hex") {
opt_result!(hex::decode(signature_hex), "Parse signature-hex failed: {}") opt_result!(hex::decode(signature_hex), "Parse signature-hex failed: {}")
} else { } else {
@@ -56,16 +51,16 @@ impl Command for CommandImpl {
AlgorithmId::EccP256 | AlgorithmId::EccP384 => { AlgorithmId::EccP256 | AlgorithmId::EccP384 => {
let pk_point = public_key_bit_string.raw_bytes(); let pk_point = public_key_bit_string.raw_bytes();
debugging!("ECDSA public key point: {}", hex::encode(pk_point)); debugging!("ECDSA public key point: {}", hex::encode(pk_point));
debugging!("Pre hash: {}", hex::encode(&hash)); information!("Pre hash: {}", hex::encode(&hash_bytes));
debugging!("Signature: {}", hex::encode(&signature)); debugging!("Signature: {}", hex::encode(&signature));
if json_output { if json_output {
json.insert("public_key_hex", hex::encode(pk_point)); json.insert("public_key_hex", hex::encode(pk_point));
json.insert("hash_hex", hex::encode(&hash)); json.insert("hash_hex", hex::encode(&hash_bytes));
json.insert("signature_hex", hex::encode(&signature)); json.insert("signature_hex", hex::encode(&signature));
} }
let algorithm = iff!(algorithm_id == AlgorithmId::EccP256, EcdsaAlgorithm::P256, EcdsaAlgorithm::P384); let algorithm = iff!(algorithm_id == AlgorithmId::EccP256, EcdsaAlgorithm::P256, EcdsaAlgorithm::P384);
match ecdsautil::ecdsaverify(algorithm, pk_point, &hash, &signature) { match ecdsautil::ecdsaverify(algorithm, pk_point, &hash_bytes, &signature) {
Ok(_) => { Ok(_) => {
success!("Verify ECDSA succeed."); success!("Verify ECDSA succeed.");
if json_output { if json_output {

1
src/main.rs
View File

@@ -13,6 +13,7 @@ mod rsautil;
mod pkiutil; mod pkiutil;
mod hmacutil; mod hmacutil;
mod ecdsautil; mod ecdsautil;
mod argsutil;
mod pgpcardutil; mod pgpcardutil;
mod cmd_list; mod cmd_list;
mod cmd_u2fregister; mod cmd_u2fregister;