From 97a29546bd398693973039d0e89b8082fbe0aa93 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sun, 3 Apr 2022 16:36:28 +0800
Subject: [PATCH] feat: v1.1.1, supports file in for pgp-card-sign

---
 Cargo.lock             |  2 +-
 Cargo.toml             |  2 +-
 README.md              |  4 +++
 src/cmd_pgpcardsign.rs | 74 ++++++++++++++++++++++++++++++++++++++----
 4 files changed, 73 insertions(+), 9 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 61c241c..86d5db3 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -336,7 +336,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.1.0"
+version = "1.1.1"
 dependencies = [
  "authenticator",
  "base64 0.13.0",
diff --git a/Cargo.toml b/Cargo.toml
index 34372b2..7964bab 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.1.0"
+version = "1.1.1"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 
diff --git a/README.md b/README.md
index 079c4ff..f075b32 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,10 @@ $ cargo r -- pgp-card-decrypt -c $(cat enc.txt | xxd -ps -c 11111)
 sign
 ```
 $ cargo r -- pgp-card-sign -2 $(shasum -a 256 test.txt  | awk '{print $1}')
+
+OR
+
+$ cargo r -- pgp-card-sign --in test.txt --use-sha256
 ```
 
 verify
diff --git a/src/cmd_pgpcardsign.rs b/src/cmd_pgpcardsign.rs
index 4bffc2c..ec13c8a 100644
--- a/src/cmd_pgpcardsign.rs
+++ b/src/cmd_pgpcardsign.rs
@@ -1,10 +1,16 @@
 use std::collections::BTreeMap;
+use std::fs::File;
+use std::io::{ErrorKind, Read};
 
 use clap::{App, Arg, ArgMatches, SubCommand};
+use digest::Digest;
 use openpgp_card::crypto_data::Hash;
 use openpgp_card::OpenPgp;
 use rust_util::util_clap::{Command, CommandError};
 use rust_util::XResult;
+use sha2::{Sha256, Sha384, Sha512};
+
+const BUFF_SIZE: usize = 512 * 1024;
 
 pub struct CommandImpl;
 
@@ -18,6 +24,10 @@ impl Command for CommandImpl {
             .arg(Arg::with_name("sha256").short("2").long("sha256").takes_value(true).help("Digest SHA256 HEX"))
             .arg(Arg::with_name("sha384").short("3").long("sha384").takes_value(true).help("Digest SHA384 HEX"))
             .arg(Arg::with_name("sha512").short("5").long("sha512").takes_value(true).help("Digest SHA512 HEX"))
+            .arg(Arg::with_name("in").short("i").long("in").takes_value(true).help("File in"))
+            .arg(Arg::with_name("use-sha256").long("use-sha256").help("Use SHA256 for file in"))
+            .arg(Arg::with_name("use-sha384").long("use-sha384").help("Use SHA384 for file in"))
+            .arg(Arg::with_name("use-sha512").long("use-sha512").help("Use SHA512 for file in"))
             .arg(Arg::with_name("json").long("json").help("JSON output"))
     }
 
@@ -29,9 +39,40 @@ impl Command for CommandImpl {
         let pin = opt_value_result!(pin_opt, "User pin must be assigned");
         if pin.len() < 6 { return simple_error!("User pin length:{}, must >= 6!", pin.len()); }
 
-        let sha256 = sub_arg_matches.value_of("sha256");
-        let sha384 = sub_arg_matches.value_of("sha384");
-        let sha512 = sub_arg_matches.value_of("sha512");
+        let mut sha256 = sub_arg_matches.value_of("sha256").map(|s| s.to_string());
+        let mut sha384 = sub_arg_matches.value_of("sha384").map(|s| s.to_string());
+        let mut sha512 = sub_arg_matches.value_of("sha512").map(|s| s.to_string());
+        let file_in_opt = sub_arg_matches.value_of("in");
+
+        let mut json = BTreeMap::new();
+        if let Some(file_in) = file_in_opt {
+            if sha256.is_some() || sha384.is_some() || sha512.is_some() { return simple_error!("Conflict --in vs --sha256, --sha384, --sha512 args"); }
+
+            let use_sha256 = sub_arg_matches.is_present("use-sha256");
+            let use_sha384 = sub_arg_matches.is_present("use-sha384");
+            let use_sha512 = sub_arg_matches.is_present("use-sha512");
+
+            if !use_sha256 && !use_sha384 && !use_sha512 {
+                return simple_error!("Must has one option --use-sha256, --use-sha384, --use-sha512");
+            }
+
+            if use_sha256 {
+                let hash = opt_result!(calc_file_digest::<Sha256>(file_in), "Calc file: {} SHA256 failed: {}", file_in);
+                sha256 = Some(hex::encode(hash));
+            }
+            if use_sha384 {
+                let hash = opt_result!(calc_file_digest::<Sha384>(file_in), "Calc file: {} SHA384 failed: {}", file_in);
+                sha384 = Some(hex::encode(hash));
+            }
+            if use_sha512 {
+                let hash = opt_result!(calc_file_digest::<Sha512>(file_in), "Calc file: {} SHA512 failed: {}", file_in);
+                sha512 = Some(hex::encode(hash));
+            }
+
+            let mut entry = BTreeMap::new();
+            entry.insert("file", file_in.to_string());
+            json.insert("meta", entry);
+        }
 
         if sha256.is_none() && sha384.is_none() && sha512.is_none() {
             return simple_error!("SHA256, SHA384 or SHA512 must assign at least one");
@@ -41,13 +82,11 @@ impl Command for CommandImpl {
         let mut pgp = OpenPgp::new(&mut card);
         let mut trans = opt_result!(pgp.transaction(), "Open card failed: {}");
 
-        opt_result!(trans.verify_pw1_sign(pin.as_ref()), "User sign pin verify failed: {}");
-        success!("User sign pin verify success!");
-
-        let mut json = BTreeMap::new();
         if let Some(sha256) = sha256 {
             let sha256_hex = opt_result!(hex::decode(sha256.trim()), "Decode sha256 failed: {}");
             let sha256_hex = copy_sha256(&sha256_hex)?;
+            opt_result!(trans.verify_pw1_sign(pin.as_ref()), "User sign pin verify failed: {}");
+            success!("User sign pin verify success!");
             let sig = trans.signature_for_hash(Hash::SHA256(sha256_hex))?;
             success!("SHA256 signature HEX: {}", hex::encode(&sig));
             success!("SHA256 signature base64: {}", base64::encode(&sig));
@@ -61,6 +100,8 @@ impl Command for CommandImpl {
         if let Some(sha384) = sha384 {
             let sha384_hex = opt_result!(hex::decode(sha384.trim()), "Decode sha384 failed: {}");
             let sha384_hex = copy_sha384(&sha384_hex)?;
+            opt_result!(trans.verify_pw1_sign(pin.as_ref()), "User sign pin verify failed: {}");
+            success!("User sign pin verify success!");
             let sig = trans.signature_for_hash(Hash::SHA384(sha384_hex))?;
             success!("SHA384 signature HEX: {}", hex::encode(&sig));
             success!("SHA384 signature base64: {}", base64::encode(&sig));
@@ -74,6 +115,8 @@ impl Command for CommandImpl {
         if let Some(sha512) = sha512 {
             let sha512_hex = opt_result!(hex::decode(sha512.trim()), "Decode sha512 failed: {}");
             let sha512_hex = copy_sha512(&sha512_hex)?;
+            opt_result!(trans.verify_pw1_sign(pin.as_ref()), "User sign pin verify failed: {}");
+            success!("User sign pin verify success!");
             let sig = trans.signature_for_hash(Hash::SHA512(sha512_hex))?;
             success!("SHA512 signature HEX: {}", hex::encode(&sig));
             success!("SHA512 signature base64: {}", base64::encode(&sig));
@@ -93,6 +136,23 @@ impl Command for CommandImpl {
     }
 }
 
+fn calc_file_digest<D>(file_name: &str) -> XResult<Vec<u8>> where D: Digest {
+    let mut hasher = D::new();
+    let mut buf: [u8; BUFF_SIZE] = [0u8; BUFF_SIZE];
+    let mut f = File::open(file_name)?;
+    let file_len = f.metadata()?.len();
+    debugging!("File: {}, length: {}", file_name, file_len);
+    loop {
+        let len = match f.read(&mut buf) {
+            Ok(0) => return Ok(hasher.finalize().as_slice().to_vec()),
+            Ok(len) => len,
+            Err(ref e) if e.kind() == ErrorKind::Interrupted => continue,
+            Err(e) => return simple_error!("Calc file digest failed: {}", e),
+        };
+        hasher.update(&buf[..len]);
+    }
+}
+
 macro_rules! define_copy_array {
     ($fn_name: ident, $len: tt) => (
         fn $fn_name(in_arr: &[u8]) -> XResult<[u8; $len]> {