feat: v1.12.4
This commit is contained in:
2
Cargo.lock
generated
2
Cargo.lock
generated
@@ -508,7 +508,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "card-cli"
|
||||
version = "1.12.3"
|
||||
version = "1.12.4"
|
||||
dependencies = [
|
||||
"aes-gcm-stream",
|
||||
"authenticator 0.3.1",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "card-cli"
|
||||
version = "1.12.3"
|
||||
version = "1.12.4"
|
||||
authors = ["Hatter Jiang <jht5945@gmail.com>"]
|
||||
edition = "2018"
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ use yubico_manager::sec::hmac_sha1;
|
||||
use yubico_manager::Yubico;
|
||||
use crate::digestutil::{copy_sha256, sha256_bytes};
|
||||
use crate::util;
|
||||
use crate::util::{base64_decode, base64_encode};
|
||||
use crate::util::{base64_decode, base64_encode, base64_encode_url_safe_no_pad, base64_uri_decode};
|
||||
|
||||
const HMAC_ENC_PREFIX: &str = "hmac_enc:";
|
||||
|
||||
@@ -34,8 +34,8 @@ pub fn hmac_encrypt(plaintext: &[u8]) -> XResult<String> {
|
||||
|
||||
Ok(format!("{}{}:{}:{}",
|
||||
HMAC_ENC_PREFIX,
|
||||
hex::encode(hmac_nonce),
|
||||
hex::encode(aes_gcm_nonce),
|
||||
base64_encode_url_safe_no_pad(hmac_nonce),
|
||||
base64_encode_url_safe_no_pad(aes_gcm_nonce),
|
||||
base64_encode(&ciphertext)
|
||||
))
|
||||
}
|
||||
@@ -62,8 +62,8 @@ pub fn hmac_decrypt(ciphertext: &str) -> XResult<Vec<u8>> {
|
||||
return simple_error!("Invalid ciphertext: {}", ciphertext);
|
||||
}
|
||||
let parts = ciphertext.split(":").collect::<Vec<_>>();
|
||||
let hmac_nonce = hex::decode(parts[1])?;
|
||||
let aes_gcm_nonce = hex::decode(parts[2])?;
|
||||
let hmac_nonce = try_decode_hmac_val(parts[1])?;
|
||||
let aes_gcm_nonce = try_decode_hmac_val(parts[2])?;
|
||||
let ciphertext = base64_decode(parts[3])?;
|
||||
|
||||
let hmac_key = compute_yubikey_hmac(&hmac_nonce)?;
|
||||
@@ -77,6 +77,16 @@ pub fn hmac_decrypt(ciphertext: &str) -> XResult<Vec<u8>> {
|
||||
Ok(plaintext)
|
||||
}
|
||||
|
||||
fn try_decode_hmac_val(s: &str) -> XResult<Vec<u8>> {
|
||||
match hex::decode(s) {
|
||||
Ok(v) => Ok(v),
|
||||
Err(e) => match base64_uri_decode(s) {
|
||||
Ok(v) => Ok(v),
|
||||
Err(_) => simple_error!("Try decode failed: {}", e)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn compute_yubikey_hmac(challenge_bytes: &[u8]) -> XResult<Vec<u8>> {
|
||||
let mut yubi = Yubico::new();
|
||||
let device = match yubi.find_yubikey() {
|
||||
|
||||
Reference in New Issue
Block a user