feat: v1.3.2, piv

2022-04-30 19:28:36 +08:00
parent 5a09200966
commit a95fdb5d09
4 changed files with 38 additions and 4 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -366,7 +366,7 @@ dependencies = [

 [[package]]
 name = "card-cli"
-version = "1.3.1"
+version = "1.3.2"
 dependencies = [
 "authenticator",
 "base64 0.13.0",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.3.1"
+version = "1.3.2"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"

--- a/src/cmd_piv.rs
+++ b/src/cmd_piv.rs
@@ -10,7 +10,7 @@ use x509_parser::parse_x509_certificate;
 use yubikey::{Certificate, YubiKey};
 use yubikey::piv::SlotId;

-use crate::pkiutil::bytes_to_pem;
+use crate::pkiutil::{bytes_to_pem, get_pki_algorithm};

 pub struct CommandImpl;

@@ -92,7 +92,10 @@ fn print_cert_info(yubikey: &mut YubiKey, slot: SlotId, detail_output: bool) ->

        match parse_x509_certificate(buf) {
            Ok((_rem, cert)) => {
-                information!("Algorithm: {}", cert.tbs_certificate.subject_pki.algorithm.algorithm);
+                debugging!("Algorithm: {:?}", &cert.tbs_certificate.subject_pki.algorithm);
+                information!("Algorithm: {:?}", get_pki_algorithm(&cert.tbs_certificate.subject_pki.algorithm));
+
+                debugging!("Public key: {}", hex::encode(&cert.tbs_certificate.subject_pki.subject_public_key));

                let public_key_fingerprint_sha256 = Sha256::digest(cert.tbs_certificate.subject_pki.raw);

--- a/src/pkiutil.rs
+++ b/src/pkiutil.rs
@@ -2,10 +2,41 @@ use openpgp_card::crypto_data::PublicKeyMaterial;
 use openssl::bn::BigNum;
 use openssl::rsa::Rsa;
 use pem::Pem;
+use rust_util::XResult;
 use sequoia_openpgp::crypto::mpi::PublicKey;
+use x509_parser::x509::AlgorithmIdentifier;

 use crate::digest::sha256_bytes;

+#[derive(Clone, Copy, Debug)]
+pub enum PkiAlgorithm {
+    RSA,
+    P256,
+    P384,
+    P521,
+}
+
+pub fn get_pki_algorithm(algorithm_identifier: &AlgorithmIdentifier) -> XResult<PkiAlgorithm> {
+    let algorithm_id_string = algorithm_identifier.algorithm.to_id_string();
+    if "1.2.840.113549.1.1.1" == algorithm_id_string {
+        return Ok(PkiAlgorithm::RSA);
+    }
+    if "1.2.840.10045.2.1" == algorithm_id_string {
+        if let Some(parameters) = &algorithm_identifier.parameters {
+            if let Ok(content) = parameters.content.as_oid() {
+                let content_id_string = content.to_id_string();
+                return match content_id_string.as_str() {
+                    "1.2.840.10045.3.1.7" => Ok(PkiAlgorithm::P256),
+                    "1.3.132.0.34" => Ok(PkiAlgorithm::P384),
+                    "1.3.132.0.35" => Ok(PkiAlgorithm::P521),
+                    unknown_ec_oid => simple_error!("Unknown EC curve: {}", unknown_ec_oid),
+                };
+            }
+        }
+    }
+    simple_error!("Unknown pki algorithm: {}", algorithm_id_string)
+}
+
 pub fn bytes_to_pem<T>(tag: &str, contents: T) -> String where T: Into<Vec<u8>> {
    let cert_public_key_pem_obj = Pem {
        tag: tag.to_string(),