feat: add ssh-piv-sign, but it not works right

2024-07-04 00:10:45 +08:00
parent fed67019aa
commit 9fa90827aa
1 changed files with 3 additions and 21 deletions
--- a/src/cmd_sshpivsign.rs
+++ b/src/cmd_sshpivsign.rs
@@ -40,8 +40,7 @@ impl Command for CommandImpl {
            .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("PIV card user PIN"))
            .arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
            .arg(Arg::with_name("namespace").short("n").long("namespace").takes_value(true).help("Namespace"))
-            .arg(Arg::with_name("in").long("in").takes_value(true).help("In file, - for stdin"))
-            .arg(Arg::with_name("raw-in").long("raw-in").takes_value(true).help("Raw in data"))
+            .arg(Arg::with_name("in").long("in").required(true).takes_value(true).help("In file, - for stdin"))
    }

    fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
@@ -52,19 +51,7 @@ impl Command for CommandImpl {
            None => return simple_error!("Namespace required"),
            Some(namespace) => namespace,
        };
-
-        let (is_raw_in, data) = match sub_arg_matches.value_of("in") {
-            None => match sub_arg_matches.value_of("raw-in") {
-                None => return simple_error!("--in or --raw-in must assign one"),
-                Some(raw_in) => (true, util::try_decode(raw_in)?),
-            }
-            Some(file_in) => {
-                let message = util::read_file_or_stdin(file_in)?;
-                debugging!("File in: {:?}", message);
-                debugging!("File in string: {}", String::from_utf8_lossy(&message));
-                (false, message)
-            }
-        };
+        let data = util::read_file_or_stdin(sub_arg_matches.value_of("in").unwrap())?;

        let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e");
        let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
@@ -119,17 +106,12 @@ impl Command for CommandImpl {
        let mut signature = vec![];
        signature.write_string(format!("ecdsa-sha2-nistp{}", ec_bit_len).as_bytes());

-        let data = if is_raw_in {
-            data
-        } else {
-            crate::digest::sha512_bytes(&data)
-        };
        let mut sign_message = vec![];
        sign_message.write_bytes("SSHSIG".as_bytes());
        sign_message.write_string(namespace.as_bytes());
        sign_message.write_string("".as_bytes());
        sign_message.write_string("sha512".as_bytes());
-        sign_message.write_string(&data);
+        sign_message.write_string(&crate::digest::sha512_bytes(&data));
        let tobe_signed_data = if ec_bit_len == 256 {
            crate::digest::sha256_bytes(&signature)
        } else {