hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: encrypt key

Browse Source
This commit is contained in:
Hatter Jiang
2022-07-02 17:43:07 +08:00
parent 00dee7b000
commit 31bf94c028
1 changed files with 44 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/cmd_pgpcardserve.rs
View File

@@ -1,12 +1,18 @@
use std::collections::HashMap;
use clap::{App, Arg, ArgMatches, SubCommand};
use openpgp_card::OpenPgp;
use openpgp_card::{KeyType, OpenPgp};
use openssl::encrypt::Encrypter;
use openssl::pkey::{PKey, Public};
use openssl::rsa::{Padding, Rsa};
use rust_util::util_clap::{Command, CommandError};
use rust_util::XResult;
use serde_derive::{Deserialize, Serialize};
use warp::Filter;
use warp::reply::{Json, json};
use crate::pkiutil;
pub struct CommandImpl;
impl Command for CommandImpl {
@@ -48,26 +54,44 @@ impl Command for CommandImpl {
// success!("Clear text base64: {}", base64::encode(&text));
// success!("Clear text UTF-8: {}", String::from_utf8_lossy(&text));
let (public_key_sha256, keypair) = {
let encrypt_public_key = opt_result!(trans.public_key(KeyType::Decryption), "Get decryption public key failed: {}");
let (public_key_sha256, public_key_pem) = pkiutil::openpgp_card_public_key_pem(&encrypt_public_key).expect("To decryption public key pem failed");
success!("Found public key: {}", hex::encode(&public_key_sha256));
let keypair = opt_result!(Rsa::public_key_from_pem(public_key_pem.as_bytes()), "Parse RSA failed: {}");
let keypair = opt_result!(PKey::from_rsa(keypair), "RSA to PKey failed: {}");
(public_key_sha256, keypair)
};
let rt = tokio::runtime::Runtime::new().unwrap();
rt.block_on(async {
rt.block_on(async move {
let version = warp::get().and(warp::path("version")).map(|| {
let mut version = HashMap::new();
version.insert("version", env!("CARGO_PKG_VERSION"));
warp::reply::json(&version)
json(&version)
});
let public_key_sha256 = public_key_sha256.clone();
let keypair = keypair.clone();
let create_key = warp::post()
.and(warp::path("create_key"))
.and(warp::body::json())
.map(|create_key_request: CreateKeyRequest| {
.map(move |create_key_request: CreateKeyRequest| {
let len = create_key_request.len.unwrap_or(32);
if (len < 16) || (len > 1024) {
if (len < 16) || (len > 128) {
return ErrResponse::new(400, format!("Invalid length:{}", len));
}
let key = crate::randutil::make_rand(len);
let encrypted_key = match encrypt_data(&key, &keypair) {
Err(e) => return ErrResponse::new(500, format!("Encrypt key failed: {}", e)),
Ok(encrypted_key) => encrypted_key,
};
json(&CreateKeyResponse {
request_pub_key_encrypted_key_hex: None,
request_public_key_encrypted_key_hex: None,
raw_key_hex: Some(hex::encode(&key)),
encrypted_key_hex: "".to_string(),
encrypted_key_fingerprint_hex: hex::encode(&public_key_sha256),
encrypted_key_hex: hex::encode(&encrypted_key),
})
});
@@ -82,6 +106,16 @@ impl Command for CommandImpl {
}
}
fn encrypt_data(key: &[u8], keypair: &PKey<Public>) -> XResult<Vec<u8>> {
let mut encrypter = opt_result!(Encrypter::new(keypair), "Encrypter new failed: {}");
opt_result!(encrypter.set_rsa_padding(Padding::PKCS1_OAEP), "Set RSA padding failed: {}");
let buffer_len = opt_result!(encrypter.encrypt_len(&key), "Encrypt len failed: {}");
let mut encrypted_key = vec![0; buffer_len];
let encrypted_len = opt_result!(encrypter.encrypt(&key, &mut encrypted_key), "Encrypt failed: {}");
encrypted_key.truncate(encrypted_len);
Ok(encrypted_key)
}
trait ErrorResponseMessage {
fn to_option_string(self) -> Option<String>;
}
@@ -121,7 +155,8 @@ struct CreateKeyRequest {
#[derive(Deserialize, Serialize)]
struct CreateKeyResponse {
request_pub_key_encrypted_key_hex: Option<String>,
request_public_key_encrypted_key_hex: Option<String>,
raw_key_hex: Option<String>,
encrypted_key_fingerprint_hex: String,
encrypted_key_hex: String,
}