hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.12.4

Browse Source
This commit is contained in:
Hatter Jiang
2025-05-02 12:43:26 +08:00
parent d7f52530df
commit a3541e7b68
3 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -508,7 +508,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.12.3" version = "1.12.4"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"authenticator 0.3.1", "authenticator 0.3.1",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.12.3" version = "1.12.4"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

20
src/hmacutil.rs
View File

@@ -10,7 +10,7 @@ use yubico_manager::sec::hmac_sha1;
use yubico_manager::Yubico; use yubico_manager::Yubico;
use crate::digestutil::{copy_sha256, sha256_bytes}; use crate::digestutil::{copy_sha256, sha256_bytes};
use crate::util; use crate::util;
use crate::util::{base64_decode, base64_encode}; use crate::util::{base64_decode, base64_encode, base64_encode_url_safe_no_pad, base64_uri_decode};
const HMAC_ENC_PREFIX: &str = "hmac_enc:"; const HMAC_ENC_PREFIX: &str = "hmac_enc:";
@@ -34,8 +34,8 @@ pub fn hmac_encrypt(plaintext: &[u8]) -> XResult<String> {
Ok(format!("{}{}:{}:{}", Ok(format!("{}{}:{}:{}",
HMAC_ENC_PREFIX, HMAC_ENC_PREFIX,
hex::encode(hmac_nonce), base64_encode_url_safe_no_pad(hmac_nonce),
hex::encode(aes_gcm_nonce), base64_encode_url_safe_no_pad(aes_gcm_nonce),
base64_encode(&ciphertext) base64_encode(&ciphertext)
)) ))
} }
@@ -62,8 +62,8 @@ pub fn hmac_decrypt(ciphertext: &str) -> XResult<Vec<u8>> {
return simple_error!("Invalid ciphertext: {}", ciphertext); return simple_error!("Invalid ciphertext: {}", ciphertext);
} }
let parts = ciphertext.split(":").collect::<Vec<_>>(); let parts = ciphertext.split(":").collect::<Vec<_>>();
let hmac_nonce = hex::decode(parts[1])?; let hmac_nonce = try_decode_hmac_val(parts[1])?;
let aes_gcm_nonce = hex::decode(parts[2])?; let aes_gcm_nonce = try_decode_hmac_val(parts[2])?;
let ciphertext = base64_decode(parts[3])?; let ciphertext = base64_decode(parts[3])?;
let hmac_key = compute_yubikey_hmac(&hmac_nonce)?; let hmac_key = compute_yubikey_hmac(&hmac_nonce)?;
@@ -77,6 +77,16 @@ pub fn hmac_decrypt(ciphertext: &str) -> XResult<Vec<u8>> {
Ok(plaintext) Ok(plaintext)
} }
fn try_decode_hmac_val(s: &str) -> XResult<Vec<u8>> {
match hex::decode(s) {
Ok(v) => Ok(v),
Err(e) => match base64_uri_decode(s) {
Ok(v) => Ok(v),
Err(_) => simple_error!("Try decode failed: {}", e)
}
}
}
pub fn compute_yubikey_hmac(challenge_bytes: &[u8]) -> XResult<Vec<u8>> { pub fn compute_yubikey_hmac(challenge_bytes: &[u8]) -> XResult<Vec<u8>> {
let mut yubi = Yubico::new(); let mut yubi = Yubico::new();
let device = match yubi.find_yubikey() { let device = match yubi.find_yubikey() {