hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add ssh-piv-sign, but it not works right

Browse Source
This commit is contained in:
Hatter Jiang
2024-07-04 00:10:45 +08:00
parent fed67019aa
commit 9fa90827aa
1 changed files with 3 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/cmd_sshpivsign.rs
View File

@@ -40,8 +40,7 @@ impl Command for CommandImpl {
.arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("PIV card user PIN")) .arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).help("PIV card user PIN"))
.arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e")) .arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
.arg(Arg::with_name("namespace").short("n").long("namespace").takes_value(true).help("Namespace")) .arg(Arg::with_name("namespace").short("n").long("namespace").takes_value(true).help("Namespace"))
.arg(Arg::with_name("in").long("in").takes_value(true).help("In file, - for stdin")) .arg(Arg::with_name("in").long("in").required(true).takes_value(true).help("In file, - for stdin"))
.arg(Arg::with_name("raw-in").long("raw-in").takes_value(true).help("Raw in data"))
} }
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError { fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
@@ -52,19 +51,7 @@ impl Command for CommandImpl {
None => return simple_error!("Namespace required"), None => return simple_error!("Namespace required"),
Some(namespace) => namespace, Some(namespace) => namespace,
}; };
let data = util::read_file_or_stdin(sub_arg_matches.value_of("in").unwrap())?;
let (is_raw_in, data) = match sub_arg_matches.value_of("in") {
None => match sub_arg_matches.value_of("raw-in") {
None => return simple_error!("--in or --raw-in must assign one"),
Some(raw_in) => (true, util::try_decode(raw_in)?),
}
Some(file_in) => {
let message = util::read_file_or_stdin(file_in)?;
debugging!("File in: {:?}", message);
debugging!("File in string: {}", String::from_utf8_lossy(&message));
(false, message)
}
};
let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"); let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e");
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}"); let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
@@ -119,17 +106,12 @@ impl Command for CommandImpl {
let mut signature = vec![]; let mut signature = vec![];
signature.write_string(format!("ecdsa-sha2-nistp{}", ec_bit_len).as_bytes()); signature.write_string(format!("ecdsa-sha2-nistp{}", ec_bit_len).as_bytes());
let data = if is_raw_in {
data
} else {
crate::digest::sha512_bytes(&data)
};
let mut sign_message = vec![]; let mut sign_message = vec![];
sign_message.write_bytes("SSHSIG".as_bytes()); sign_message.write_bytes("SSHSIG".as_bytes());
sign_message.write_string(namespace.as_bytes()); sign_message.write_string(namespace.as_bytes());
sign_message.write_string("".as_bytes()); sign_message.write_string("".as_bytes());
sign_message.write_string("sha512".as_bytes()); sign_message.write_string("sha512".as_bytes());
sign_message.write_string(&data); sign_message.write_string(&crate::digest::sha512_bytes(&data));
let tobe_signed_data = if ec_bit_len == 256 { let tobe_signed_data = if ec_bit_len == 256 {
crate::digest::sha256_bytes(&signature) crate::digest::sha256_bytes(&signature)
} else { } else {