feat: pbe encryption

Cargo.lock

@@ -508,7 +508,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.12.7"
+version = "1.12.8"
 dependencies = [
  "aes-gcm-stream",
  "authenticator 0.3.1",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.12.7"
+version = "1.12.8"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 

src/cmd_hmac_encrypt.rs

@@ -22,6 +22,7 @@ impl Command for CommandImpl {
                     .help("Plaintext"),
             )
             .arg(Arg::with_name("with-pbe").long("with-pbe").help("With PBE encryption"))
+            .arg(Arg::with_name("double-pin-check").long("double-pin-check").help("Double PIN check"))
             .arg(Arg::with_name("pbe-iteration").long("pbe-iteration").takes_value(true).help("PBE iteration, default 100000"))
             .arg(cmdutil::build_json_arg())
     }
@@ -32,9 +33,10 @@ impl Command for CommandImpl {
         let mut text = sub_arg_matches.value_of("plaintext").unwrap().to_string();
         let with_pbe = sub_arg_matches.is_present("with-pbe");
         if with_pbe {
+            let double_pin_check = sub_arg_matches.is_present("double-pin-check");
             let iteration = sub_arg_matches.value_of("pbe-iteration")
                 .map(|x| x.parse::<u32>().unwrap()).unwrap_or(100000);
-            text = pbeutil::simple_pbe_encrypt_with_prompt_from_string(iteration, &text)?;
+            text = pbeutil::simple_pbe_encrypt_with_prompt_from_string(iteration, &text, double_pin_check)?;
         }
         let hmac_encrypt_ciphertext = hmacutil::hmac_encrypt_from_string(&text)?;
 

src/pbeutil.rs

@@ -7,8 +7,8 @@ use rust_util::XResult;
 
 const PBE_ENC_PREFIX: &str = "pbe_enc:";
 
-pub fn simple_pbe_encrypt_with_prompt_from_string(iteration: u32, plaintext: &str) -> XResult<String> {
+pub fn simple_pbe_encrypt_with_prompt_from_string(iteration: u32, plaintext: &str, password_double_check: bool) -> XResult<String> {
-    simple_pbe_encrypt_with_prompt(iteration, plaintext.as_bytes())
+    simple_pbe_encrypt_with_prompt(iteration, plaintext.as_bytes(), password_double_check)
 }
 
 pub fn simple_pbe_decrypt_with_prompt_to_string(ciphertext: &str) -> XResult<String> {
@@ -16,9 +16,15 @@ pub fn simple_pbe_decrypt_with_prompt_to_string(ciphertext: &str) -> XResult<Str
     Ok(String::from_utf8(plaintext)?)
 }
 
-pub fn simple_pbe_encrypt_with_prompt(iteration: u32, plaintext: &[u8]) -> XResult<String> {
+pub fn simple_pbe_encrypt_with_prompt(iteration: u32, plaintext: &[u8], password_double_check: bool) -> XResult<String> {
-    let pin = opt_value_result!(pinutil::get_pin(None), "Simple PBE password required");
+    let pin1 = opt_value_result!(pinutil::get_pin(None), "Simple PBE password required");
-    simple_pbe_encrypt(&pin, iteration, plaintext)
+    if password_double_check {
+        let pin2 = opt_value_result!(pinutil::get_pin(None), "Simple PBE password required");
+        if pin1 != pin2 {
+            return simple_error!("Two PINs mismatch");
+        }
+    }
+    simple_pbe_encrypt(&pin1, iteration, plaintext)
 }
 
 pub fn simple_pbe_decrypt_with_prompt(ciphertext: &str) -> XResult<Vec<u8>> {