hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.3.2, piv

Browse Source
This commit is contained in:
Hatter Jiang
2022-04-30 19:28:36 +08:00
parent 5a09200966
commit a95fdb5d09
4 changed files with 38 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -366,7 +366,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.3.1" version = "1.3.2"
dependencies = [ dependencies = [
"authenticator", "authenticator",
"base64 0.13.0", "base64 0.13.0",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.3.1" version = "1.3.2"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

7
src/cmd_piv.rs
View File

@@ -10,7 +10,7 @@ use x509_parser::parse_x509_certificate;
use yubikey::{Certificate, YubiKey}; use yubikey::{Certificate, YubiKey};
use yubikey::piv::SlotId; use yubikey::piv::SlotId;
use crate::pkiutil::bytes_to_pem; use crate::pkiutil::{bytes_to_pem, get_pki_algorithm};
pub struct CommandImpl; pub struct CommandImpl;
@@ -92,7 +92,10 @@ fn print_cert_info(yubikey: &mut YubiKey, slot: SlotId, detail_output: bool) ->
match parse_x509_certificate(buf) { match parse_x509_certificate(buf) {
Ok((_rem, cert)) => { Ok((_rem, cert)) => {
information!("Algorithm: {}", cert.tbs_certificate.subject_pki.algorithm.algorithm); debugging!("Algorithm: {:?}", &cert.tbs_certificate.subject_pki.algorithm);
information!("Algorithm: {:?}", get_pki_algorithm(&cert.tbs_certificate.subject_pki.algorithm));
debugging!("Public key: {}", hex::encode(&cert.tbs_certificate.subject_pki.subject_public_key));
let public_key_fingerprint_sha256 = Sha256::digest(cert.tbs_certificate.subject_pki.raw); let public_key_fingerprint_sha256 = Sha256::digest(cert.tbs_certificate.subject_pki.raw);

31
src/pkiutil.rs
View File

@@ -2,10 +2,41 @@ use openpgp_card::crypto_data::PublicKeyMaterial;
use openssl::bn::BigNum; use openssl::bn::BigNum;
use openssl::rsa::Rsa; use openssl::rsa::Rsa;
use pem::Pem; use pem::Pem;
use rust_util::XResult;
use sequoia_openpgp::crypto::mpi::PublicKey; use sequoia_openpgp::crypto::mpi::PublicKey;
use x509_parser::x509::AlgorithmIdentifier;
use crate::digest::sha256_bytes; use crate::digest::sha256_bytes;
#[derive(Clone, Copy, Debug)]
pub enum PkiAlgorithm {
RSA,
P256,
P384,
P521,
}
pub fn get_pki_algorithm(algorithm_identifier: &AlgorithmIdentifier) -> XResult<PkiAlgorithm> {
let algorithm_id_string = algorithm_identifier.algorithm.to_id_string();
if "1.2.840.113549.1.1.1" == algorithm_id_string {
return Ok(PkiAlgorithm::RSA);
}
if "1.2.840.10045.2.1" == algorithm_id_string {
if let Some(parameters) = &algorithm_identifier.parameters {
if let Ok(content) = parameters.content.as_oid() {
let content_id_string = content.to_id_string();
return match content_id_string.as_str() {
"1.2.840.10045.3.1.7" => Ok(PkiAlgorithm::P256),
"1.3.132.0.34" => Ok(PkiAlgorithm::P384),
"1.3.132.0.35" => Ok(PkiAlgorithm::P521),
unknown_ec_oid => simple_error!("Unknown EC curve: {}", unknown_ec_oid),
};
}
}
}
simple_error!("Unknown pki algorithm: {}", algorithm_id_string)
}
pub fn bytes_to_pem<T>(tag: &str, contents: T) -> String where T: Into<Vec<u8>> { pub fn bytes_to_pem<T>(tag: &str, contents: T) -> String where T: Into<Vec<u8>> {
let cert_public_key_pem_obj = Pem { let cert_public_key_pem_obj = Pem {
tag: tag.to_string(), tag: tag.to_string(),