hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: fix clippy

Browse Source
This commit is contained in:
Hatter Jiang
2023-11-18 13:39:01 +08:00
parent cda80af731
commit 4b442ff71a
5 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/cmd_pivrsasign.rs
View File

@@ -35,7 +35,7 @@ impl Command for CommandImpl {
if let Some(sha256_hex) = sha256_hex_opt { if let Some(sha256_hex) = sha256_hex_opt {
let sha256 = opt_result!(hex::decode(sha256_hex), "Decode sha256 failed: {}"); let sha256 = opt_result!(hex::decode(sha256_hex), "Decode sha256 failed: {}");
let raw_in = rsautil::pkcs15_rsa_2048_sign_padding(&sha256); let raw_in = rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(&sha256);
let sign_result = piv::sign_data(&mut yk, &raw_in, AlgorithmId::Rsa2048, SlotId::Signature); let sign_result = piv::sign_data(&mut yk, &raw_in, AlgorithmId::Rsa2048, SlotId::Signature);
let sign = opt_result!(sign_result, "Sign data failed: {}"); let sign = opt_result!(sign_result, "Sign data failed: {}");
let sign_bytes = sign.as_slice(); let sign_bytes = sign.as_slice();

2
src/cmd_pivverify.rs
View File

@@ -99,7 +99,7 @@ fn find_key(slot_id: &SlotId) -> XResult<Option<Key>> {
Err(e) => warning!("List keys failed: {}", e), Err(e) => warning!("List keys failed: {}", e),
Ok(keys) => for k in keys { Ok(keys) => for k in keys {
let slot_str = format!("{:x}", Into::<u8>::into(k.slot())); let slot_str = format!("{:x}", Into::<u8>::into(k.slot()));
if slot_equals(&slot_id, &slot_str) { if slot_equals(slot_id, &slot_str) {
return Ok(Some(k)); return Ok(Some(k));
} }
}, },

7
src/cmd_signjwt.rs
View File

@@ -66,9 +66,7 @@ impl Command for CommandImpl {
let token_string = sign_jwt(slot, &pin_opt, header, &payload, &jwt_claims)?; let token_string = sign_jwt(slot, &pin_opt, header, &payload, &jwt_claims)?;
success!("Singed JWT: {}", token_string); success!("Singed JWT: {}", token_string);
if json_output { if json_output { json.insert("token", token_string.clone()); }
json.insert("token", token_string.clone());
}
if json_output { if json_output {
println!("{}", serde_json::to_string_pretty(&json).unwrap()); println!("{}", serde_json::to_string_pretty(&json).unwrap());
@@ -114,7 +112,8 @@ fn sign_jwt(slot: &str, pin_opt: &Option<&str>, mut header: Header, payload: &Op
tobe_signed.extend_from_slice(SEPARATOR.as_bytes()); tobe_signed.extend_from_slice(SEPARATOR.as_bytes());
tobe_signed.extend_from_slice(claims.as_bytes()); tobe_signed.extend_from_slice(claims.as_bytes());
let raw_in = match jwt_algorithm { let raw_in = match jwt_algorithm {
AlgorithmType::Rs256 => rsautil::pkcs15_rsa_2048_sign_padding(&digest::sha256_bytes(&tobe_signed)), AlgorithmType::Rs256 => rsautil::pkcs15_sha256_rsa_2048_padding_for_sign(
&digest::sha256_bytes(&tobe_signed)),
AlgorithmType::Es256 => digest::sha256_bytes(&tobe_signed), AlgorithmType::Es256 => digest::sha256_bytes(&tobe_signed),
AlgorithmType::Es384 => digest::sha384_bytes(&tobe_signed), AlgorithmType::Es384 => digest::sha384_bytes(&tobe_signed),
_ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm), _ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm),

9
src/hmacutil.rs
View File

@@ -19,15 +19,14 @@ pub fn get_challenge_bytes(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
Ok(challenge_bytes) Ok(challenge_bytes)
} }
pub fn calculate_hmac_sha1_result(secret_bytes: &Vec<u8>, challenge_bytes: &Vec<u8>, variable: bool) -> [u8; 20] { pub fn calculate_hmac_sha1_result(secret_bytes: &[u8], challenge_bytes: &[u8], variable: bool) -> [u8; 20] {
let hmac_key = HmacKey::from_slice(&secret_bytes); let hmac_key = HmacKey::from_slice(secret_bytes);
let mut challenge = [0; 64]; let mut challenge = [0; 64];
if variable && challenge_bytes.last() == Some(&0) { if variable && challenge_bytes.last() == Some(&0) {
challenge = [0xff; 64]; challenge = [0xff; 64];
} }
(&mut challenge[..challenge_bytes.len()]).copy_from_slice(&challenge_bytes); challenge[..challenge_bytes.len()].copy_from_slice(challenge_bytes);
let hmac_result = hmac_sha1(&hmac_key, &challenge); hmac_sha1(&hmac_key, &challenge)
hmac_result
} }

6
src/rsautil.rs
View File

@@ -114,7 +114,7 @@ fn inner_from(p: BigNum, q: BigNum, e: BigNum) -> XResult<RsaCrt> {
}) })
} }
pub fn pkcs15_rsa_2048_sign_padding(sha256: &[u8]) -> Vec<u8> { pub fn pkcs15_sha256_rsa_2048_padding_for_sign(sha256: &[u8]) -> Vec<u8> {
// https://www.ibm.com/docs/en/zos/2.2.0?topic=cryptography-pkcs-1-formats // https://www.ibm.com/docs/en/zos/2.2.0?topic=cryptography-pkcs-1-formats
// MD5 X3020300C 06082A86 4886F70D 02050500 0410 || 16-byte hash value // MD5 X3020300C 06082A86 4886F70D 02050500 0410 || 16-byte hash value
// SHA-1 X'30213009 06052B0E 03021A05 000414 || 20-byte hash value // SHA-1 X'30213009 06052B0E 03021A05 000414 || 20-byte hash value
@@ -126,10 +126,10 @@ pub fn pkcs15_rsa_2048_sign_padding(sha256: &[u8]) -> Vec<u8> {
let mut hash_with_oid = Vec::with_capacity(128); let mut hash_with_oid = Vec::with_capacity(128);
hash_with_oid.extend_from_slice(&sha256_der_prefix); hash_with_oid.extend_from_slice(&sha256_der_prefix);
hash_with_oid.extend_from_slice(&sha256); hash_with_oid.extend_from_slice(sha256);
let hash_padding = pkcs1_padding_for_sign(&hash_with_oid, 2048).unwrap(); let hash_padding = pkcs1_padding_for_sign(&hash_with_oid, 2048).unwrap();
util_msg::when(MessageType::DEBUG, || { util_msg::when(MessageType::DEBUG, || {
debugging!("Hash: {}", hex::encode(&sha256)); debugging!("Hash: {}", hex::encode(sha256));
debugging!("Hash with OID: {}", hex::encode(&hash_with_oid)); debugging!("Hash with OID: {}", hex::encode(&hash_with_oid));
debugging!("PKCS1 padding: {}", hex::encode(&hash_padding)); debugging!("PKCS1 padding: {}", hex::encode(&hash_padding));
}); });