feat: v1.7.8

2023-11-01 00:32:33 +08:00
parent aadb4b0530
commit 4f015be358
7 changed files with 135 additions and 8 deletions
--- a/src/cmd_hmac_sha1.rs
+++ b/src/cmd_hmac_sha1.rs
@@ -0,0 +1,89 @@
+use std::collections::BTreeMap;
+
+use clap::{App, Arg, ArgMatches, SubCommand};
+use rust_util::util_clap::{Command, CommandError};
+use rust_util::util_msg;
+use yubico_manager::hmacmode::HmacKey;
+use yubico_manager::sec::hmac_sha1;
+
+pub struct CommandImpl;
+
+impl Command for CommandImpl {
+    fn name(&self) -> &str { "hmac-sha1" }
+
+    fn subcommand<'a>(&self) -> App<'a, 'a> {
+        SubCommand::with_name(self.name()).about("YubiKey HMAC-SHA1")
+            .arg(Arg::with_name("secret").short("s").long("secret").takes_value(true).help("Secret in HEX"))
+            .arg(Arg::with_name("variable").long("variable").help("Variable"))
+            .arg(Arg::with_name("challenge").short("c").long("challenge").takes_value(true).help("Challenge"))
+            .arg(Arg::with_name("challenge-hex").short("x").long("challenge-hex").takes_value(true).help("Challenge HEX"))
+            .arg(Arg::with_name("sha1").short("1").long("sha1").help("Output SHA1"))
+            .arg(Arg::with_name("sha256").short("2").long("sha256").help("Output SHA256"))
+            .arg(Arg::with_name("sha384").short("3").long("sha384").help("Output SHA256"))
+            .arg(Arg::with_name("sha512").short("5").long("sha512").help("Output SHA256"))
+            .arg(Arg::with_name("json").long("json").help("JSON output"))
+    }
+
+    fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
+        let json_output = sub_arg_matches.is_present("json");
+        if json_output { util_msg::set_logger_std_out(false); }
+
+        let variable = sub_arg_matches.is_present("variable");
+        let sha1_output = sub_arg_matches.is_present("sha1");
+        let sha256_output = sub_arg_matches.is_present("sha256");
+        let sha384_output = sub_arg_matches.is_present("sha384");
+        let sha512_output = sub_arg_matches.is_present("sha512");
+        let secret_bytes: Vec<u8> = if let Some(secret) = sub_arg_matches.value_of("secret") {
+            opt_result!(hex::decode(secret), "Decode secret hex: {}, failed: {}", secret)
+        } else {
+            return simple_error!("Secret must assigned");
+        };
+        let challenge_bytes: Vec<u8> = if let Some(challenge) = sub_arg_matches.value_of("challenge") {
+            challenge.as_bytes().to_vec()
+        } else if let Some(challenge_hex) = sub_arg_matches.value_of("challenge-hex") {
+            opt_result!(hex::decode(challenge_hex), "Decode challenge hex: {}, failed: {}", challenge_hex)
+        } else {
+            return simple_error!("Challenge must assigned");
+        };
+
+        // Challenge can not be greater than 64 bytes
+        if challenge_bytes.len() > 64 {
+            return simple_error!("Challenge bytes is: {}, more than 64", challenge_bytes.len());
+        }
+
+        let hmac_key = HmacKey::from_slice(&secret_bytes);
+        let mut challenge = [0; 64];
+        if variable && challenge_bytes.last() == Some(&0) {
+            challenge = [0xff; 64];
+        }
+        (&mut challenge[..challenge_bytes.len()]).copy_from_slice(&challenge_bytes);
+        let hmac_result = hmac_sha1(&hmac_key, &challenge);
+
+        let v: &[u8] = &hmac_result;
+        let hex_string = hex::encode(v);
+        let hex_sha1 = iff!(sha1_output, Some(crate::digest::sha1_bytes(v)), None);
+        let hex_sha256 = iff!(sha256_output, Some(crate::digest::sha256_bytes(v)), None);
+        let hex_sha384 = iff!(sha384_output, Some(crate::digest::sha384_bytes(v)), None);
+        let hex_sha512 = iff!(sha512_output, Some(crate::digest::sha512_bytes(v)), None);
+
+        if json_output {
+            let mut json = BTreeMap::<&'_ str, String>::new();
+            json.insert("challenge_hex", hex::encode(challenge_bytes));
+            json.insert("response_hex", hex_string);
+            hex_sha1.map(|hex_sha1| json.insert("response_sha1_hex", hex::encode(hex_sha1)));
+            hex_sha256.map(|hex_sha256| json.insert("response_sha256_hex", hex::encode(hex_sha256)));
+            hex_sha384.map(|hex_sha384| json.insert("response_sha384_hex", hex::encode(hex_sha384)));
+            hex_sha512.map(|hex_sha512| json.insert("response_sha512_hex", hex::encode(hex_sha512)));
+
+            println!("{}", serde_json::to_string_pretty(&json).expect("Convert to JSON failed!"));
+        } else {
+            success!("Challenge HEX: {}", hex::encode(challenge_bytes));
+            success!("Response HEX: {}", hex_string);
+            if let Some(hex_sha256) = hex_sha256 { success!("Response SHA256 HEX: {}", hex::encode(hex_sha256)); }
+            if let Some(hex_sha384) = hex_sha384 { success!("Response SHA384 HEX: {}", hex::encode(hex_sha384)); }
+            if let Some(hex_sha512) = hex_sha512 { success!("Response SHA512 HEX: {}", hex::encode(hex_sha512)); }
+        }
+
+        Ok(None)
+    }
+}