feat: v1.1.16

2022-04-12 22:45:28 +08:00
parent 2f0d4d6e8a
commit 20754c119e
5 changed files with 60 additions and 35 deletions
--- a/src/cmd_u2fregister.rs
+++ b/src/cmd_u2fregister.rs
@@ -26,6 +26,7 @@ impl Command for CommandImpl {
            .arg(Arg::with_name("app-id").short("a").long("app-id").default_value("https://example.com").help("App id"))
            .arg(Arg::with_name("timeout").short("t").long("timeout").default_value("30").help("Timeout in seconds"))
            .arg(Arg::with_name("challenge").long("challenge").takes_value(true).help("Challenge HEX"))
+            .arg(Arg::with_name("challenge-with-timestamp-prefix").long("challenge-with-timestamp-prefix").help("Challenge with timestamp prefix"))
            .arg(Arg::with_name("json").long("json").help("JSON output"))
    }

@@ -39,7 +40,9 @@ impl Command for CommandImpl {
            Err(e) => return simple_error!("Timeout should be a number: {}", e),
        };

-        let u2fv2_challenge = U2fV2Challenge::new_challenge(sub_arg_matches.value_of("challenge"), app_id)?;
+        let challenge_hex = sub_arg_matches.value_of("challenge");
+        let challenge_with_timestamp_prefix = sub_arg_matches.is_present("challenge-with-timestamp-prefix");
+        let u2fv2_challenge = U2fV2Challenge::new_challenge(challenge_hex, app_id, challenge_with_timestamp_prefix)?;

        let u2fv2_challenge_str = u2fv2_challenge.to_json();
        let chall_bytes = digest::sha256(&u2fv2_challenge_str);
--- a/src/cmd_u2fsign.rs
+++ b/src/cmd_u2fsign.rs
@@ -28,6 +28,7 @@ impl Command for CommandImpl {
            .arg(Arg::with_name("timeout").short("t").long("timeout").default_value("30").help("Timeout in seconds"))
            .arg(Arg::with_name("public-key-hex").long("public-key-hex").takes_value(true).help("Public key hex"))
            .arg(Arg::with_name("challenge").long("challenge").takes_value(true).help("Challenge HEX"))
+            .arg(Arg::with_name("challenge-with-timestamp-prefix").long("challenge-with-timestamp-prefix").help("Challenge with timestamp prefix"))
            .arg(Arg::with_name("key-handle").short("k").long("key-handle").takes_value(true).multiple(true).help("Key handle"))
            .arg(Arg::with_name("json").long("json").help("JSON output"))
    }
@@ -63,8 +64,9 @@ impl Command for CommandImpl {
            sign_tx.send(rv).unwrap();
        }));

-
-        let u2fv2_challenge = U2fV2Challenge::new_challenge(sub_arg_matches.value_of("challenge"), app_id)?;
+        let challenge_hex = sub_arg_matches.value_of("challenge");
+        let challenge_with_timestamp_prefix = sub_arg_matches.is_present("challenge-with-timestamp-prefix");
+        let u2fv2_challenge = U2fV2Challenge::new_challenge(challenge_hex, app_id, challenge_with_timestamp_prefix)?;

        let u2fv2_challenge_str = u2fv2_challenge.to_json();
        let chall_bytes = digest::sha256(&u2fv2_challenge_str);
@@ -99,6 +101,8 @@ impl Command for CommandImpl {
        let client_data = u2fv2_challenge_str.as_bytes().to_vec();
        let app_id_hash = sha256(app_id.as_bytes());
        let client_data_hash = sha256(&client_data[..]);
+        let counter_u32 = u32::from_be_bytes([counter[0], counter[1], counter[2], counter[3]]);
+        // application (32B) + user presence (1B) + counter (4B) + client data hash (32B)
        let mut signed_message = Vec::with_capacity(128);
        signed_message.extend_from_slice(&app_id_hash);
        signed_message.push(*user_presence_flag);
@@ -117,15 +121,18 @@ impl Command for CommandImpl {
            json.insert("signed_message", hex::encode(&signed_message));
            json.insert("key_handle", hex::encode(&handle_used));
            json.insert("sign_data", hex::encode(&sign_data));
+            json.insert("user_presence_flag", format!("{}", *user_presence_flag));
+            json.insert("counter", format!("{}", counter_u32));
        } else {
            information!("Sign challenge: {}", u2fv2_challenge_str);
            information!("Sign challenge base64: {}", base64::encode(&u2fv2_challenge_str));
            information!("Sign result : {}", base64::encode(&sign_data));
            information!("- presence : {}", user_presence_flag);
-            information!("- counter  : {}", u32::from_be_bytes([counter[0], counter[1], counter[2], counter[3]]));
+            information!("- counter  : {}", counter_u32);
            information!("- signature: {}", hex::encode(&signature));
            // success!("Key handle used: {}", base64::encode(&handle_used));
            information!("Key handle: {}", hex::encode(&handle_used));
+            information!("Signed message: {}", hex::encode(&signed_message));
        }

        if let Some(public_key_hex) = sub_arg_matches.value_of("public-key-hex") {
@@ -134,8 +141,6 @@ impl Command for CommandImpl {
                json.insert("pub_key", hex::encode(&public_key));
            } else {
                information!("Public key: {}", hex::encode(&public_key));
-                information!("Signed message: {}", hex::encode(&signed_message));
-
                let authorization_result = u2f::authorization::parse_sign_response(
                    app_id.to_string(),
                    client_data,
--- a/src/fido.rs
+++ b/src/fido.rs
@@ -1,6 +1,7 @@
 use std::fmt;
 use std::sync::mpsc::{channel, Sender};
 use std::thread;
+use std::time::SystemTime;

 use authenticator::{RegisterResult, StatusUpdate};
 use base64::URL_SAFE_NO_PAD;
@@ -95,9 +96,9 @@ pub struct U2fV2Challenge {
 }

 impl U2fV2Challenge {
-    pub fn new_challenge(challenge_hex: Option<&str>, app_id: &str) -> XResult<U2fV2Challenge> {
+    pub fn new_challenge(challenge_hex: Option<&str>, app_id: &str, with_time_stamp_prefix: bool) -> XResult<U2fV2Challenge> {
        Ok(match challenge_hex {
-            None => U2fV2Challenge::new_random(app_id),
+            None => U2fV2Challenge::new_random(app_id, with_time_stamp_prefix),
            Some(challenge_hex) => {
                let challenge_bytes = opt_result!(hex::decode(challenge_hex), "Decode challenge hex failed: {}");
                let challenge = base64::encode_config(&challenge_bytes, base64::URL_SAFE_NO_PAD);
@@ -106,13 +107,20 @@ impl U2fV2Challenge {
        })
    }

-    pub fn new_random<S>(app_id: S) -> Self where S: Into<String> {
+    pub fn new_random<S>(app_id: S, with_time_stamp_prefix: bool) -> Self where S: Into<String> {
        let mut rng = rand::thread_rng();
        let mut rand_bytes = [0_u8; 32];
        for c in &mut rand_bytes {
            let b: u8 = rng.gen();
            *c = b;
        }
+        if with_time_stamp_prefix {
+            let timestamp = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap().as_millis() as u64;
+            let timestamp_be_bytes = timestamp.to_be_bytes();
+            for i in 0..8 {
+                rand_bytes[i] = timestamp_be_bytes[i];
+            }
+        }

        let challenge = base64::encode_config(&rand_bytes, URL_SAFE_NO_PAD);
        Self::new(challenge, app_id)