hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add chall, challconfig

Browse Source
This commit is contained in:
Hatter Jiang
2021-07-17 13:41:49 +08:00
parent cdf14ff1b6
commit 3f17b6bb76
6 changed files with 843 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

712
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
Cargo.toml
View File

@@ -24,3 +24,5 @@ simpledateformat = "0.1.2"
ring = "0.16.20"
openssl = "0.10.35"
pem = "0.8.3"
yubikey = "0.4.2"
yubico_manager = "0.8.1"

60
src/chall.rs Normal file
View File

@@ -0,0 +1,60 @@
use clap::{ArgMatches, SubCommand, App, Arg};
use crate::cmd::{Command, CommandError};
use yubico_manager::Yubico;
use yubico_manager::config::{Config, Mode, Slot};
use std::ops::Deref;
pub struct CommandImpl;
impl Command for CommandImpl {
fn name(&self) -> &str { "chall" }
fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("OpenPGP Card List subcommand")
.arg(Arg::with_name("challenge").long("challenge").takes_value(true).help("Challenge"))
.arg(Arg::with_name("challenge-hex").long("challenge-hex").takes_value(true).help("Challenge HEX"))
.arg(Arg::with_name("json").long("json").help("JSON output"))
}
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
let challenge_bytes: Vec<u8>;
if let Some(challenge) = sub_arg_matches.value_of("challenge") {
challenge_bytes = challenge.as_bytes().to_vec();
} else if let Some(challenge_hex) = sub_arg_matches.value_of("challenge-hex") {
challenge_bytes = hex::decode(challenge_hex)?;
} else {
return simple_error!("Challenge must assigned");
}
// Challenge can not be greater than 64 bytes
if challenge_bytes.len() > 64 {
return simple_error!("Challenge bytes is: {}, more than 64", challenge_bytes.len());
}
let mut yubi = Yubico::new();
if let Ok(device) = yubi.find_yubikey() {
success!("Found key, Vendor ID: {:?} Product ID {:?}", device.vendor_id, device.product_id);
let config = Config::default()
.set_vendor_id(device.vendor_id)
.set_product_id(device.product_id)
.set_variable_size(true)
.set_mode(Mode::Sha1)
.set_slot(Slot::Slot2);
// In HMAC Mode, the result will always be the SAME for the SAME provided challenge
let hmac_result = yubi.challenge_response_hmac(&challenge_bytes, config).unwrap();
// Just for debug, lets check the hex
let v: &[u8] = hmac_result.deref();
let hex_string = hex::encode(v);
success!("{}", hex_string);
} else {
warning!("Yubikey not found");
}
Ok(())
}
}

63
src/challconfig.rs Normal file
View File

@@ -0,0 +1,63 @@
use clap::{ArgMatches, SubCommand, App, Arg};
use crate::cmd::{Command, CommandError};
use yubico_manager::Yubico;
use yubico_manager::config::Config;
use yubico_manager::hmacmode::HmacKey;
use yubico_manager::configure::DeviceModeConfig;
pub struct CommandImpl;
impl Command for CommandImpl {
fn name(&self) -> &str { "chall-config" }
fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("OpenPGP Card List subcommand")
.arg(Arg::with_name("secret").long("secret").takes_value(true).help("Secret"))
.arg(Arg::with_name("secret-hex").long("secret-hex").takes_value(true).help("Secret HEX"))
.arg(Arg::with_name("yes-config-chall").long("yes-config-chall").help("Config chall key"))
}
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
if !sub_arg_matches.is_present("yes-config-chall") {
return simple_error!("--yes-config-chall is not configed");
}
let secret_bytes: Vec<u8>;
if let Some(secret) = sub_arg_matches.value_of("secret") {
secret_bytes = secret.as_bytes().to_vec();
} else if let Some(secret_hex) = sub_arg_matches.value_of("secret-hex") {
secret_bytes = hex::decode(secret_hex)?;
} else {
return simple_error!("Secret must assigned");
}
// Secret must have 20 bytes
if secret_bytes.len() != 20 {
return simple_error!("Challenge bytes is: {}, is not 20", secret_bytes.len());
}
let mut yubi = Yubico::new();
if let Ok(device) = yubi.find_yubikey() {
success!("Found key, Vendor ID: {:?} Product ID {:?}", device.vendor_id, device.product_id);
let config = Config::default()
.set_vendor_id(device.vendor_id)
.set_product_id(device.product_id)
.set_command(yubico_manager::config::Command::Configuration2);
let hmac_key: HmacKey = HmacKey::from_slice(&secret_bytes);
let mut device_config = DeviceModeConfig::default();
device_config.challenge_response_hmac(&hmac_key, false, false);
if let Err(err) = yubi.write_config(config, &mut device_config) {
failure!("{:?}", err);
} else {
success!("Device configured");
}
} else {
warning!("Yubikey not found");
}
Ok(())
}
}

6
src/main.rs
View File

@@ -10,6 +10,9 @@ mod pgp;
mod pgpcardutil;
mod pgpcardlist;
mod pgpcardsign;
mod piv;
mod chall;
mod challconfig;
use clap::{App, AppSettings};
use cmd::{Command, CommandError};
@@ -29,6 +32,9 @@ fn inner_main() -> CommandError {
Box::new(pgp::CommandImpl),
Box::new(pgpcardlist::CommandImpl),
Box::new(pgpcardsign::CommandImpl),
Box::new(piv::CommandImpl),
Box::new(chall::CommandImpl),
Box::new(challconfig::CommandImpl),
];
let mut app = App::new(env!("CARGO_PKG_NAME"))
.version(env!("CARGO_PKG_VERSION"))

17
src/piv.rs Normal file
View File

@@ -0,0 +1,17 @@
use clap::{ArgMatches, SubCommand, App, Arg};
use crate::cmd::{Command, CommandError};
pub struct CommandImpl;
impl Command for CommandImpl {
fn name(&self) -> &str { "piv" }
fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("OpenPGP Card List subcommand")
.arg(Arg::with_name("json").long("json").help("JSON output"))
}
fn run(&self, _arg_matches: &ArgMatches, _sub_arg_matches: &ArgMatches) -> CommandError {
Ok(())
}
}