feat: u2f sign

2022-03-27 16:53:52 +08:00
parent 9be508e562
commit b30aab4e03
1 changed files with 25 additions and 4 deletions
--- a/src/cmd_u2fsign.rs
+++ b/src/cmd_u2fsign.rs
@@ -4,6 +4,7 @@ use authenticator::{AuthenticatorTransports, KeyHandle, SignFlags};
 use authenticator::authenticatorservice::AuthenticatorService;
 use authenticator::statecallback::StateCallback;
 use clap::{App, Arg, ArgMatches, SubCommand};
+use openssl::sha::sha256;
 use rust_util::util_clap::{Command, CommandError};

 use crate::digest;
@@ -77,18 +78,38 @@ impl Command for CommandImpl {
        let sign_result = opt_result!(sign_rx.recv(), "Problem receiving, unable to continue: {}");
        let (_, handle_used, sign_data, device_info) = opt_result!(sign_result, "Sign failed: {}");

+        let user_presence_flag = &sign_data[0];
+        let counter = &sign_data[1..=4];
+        let signature = &sign_data[5..];
+
        success!("Device info: {}", &device_info);
        success!("Sign challenge: {}", u2fv2_challenge_str);
        success!("Sign challenge base64: {}", base64::encode(&u2fv2_challenge_str));
-        success!("Sign result: {}", base64::encode(&sign_data));
-        success!("Key handle used: {}", base64::encode(&handle_used));
-        success!("Key handle used: {}", hex::encode(&handle_used));
+        success!("Sign result : {}", base64::encode(&sign_data));
+        success!("- presence : {}", user_presence_flag);
+        success!("- counter  : {}", u32::from_be_bytes([counter[0], counter[1], counter[2], counter[3]]));
+        success!("- signature: {}", base64::encode(&signature));
+        // success!("Key handle used: {}", base64::encode(&handle_used));
+        success!("Key handle: {}", hex::encode(&handle_used));

        if let Some(public_key_hex) = sub_arg_matches.value_of("public-key-hex") {
            let public_key = opt_result!(hex::decode(public_key_hex), "Parse public key hex failed: {}");
+
+            let client_data = u2fv2_challenge_str.as_bytes().to_vec();
+            let app_id_hash = sha256(app_id.as_bytes());
+            let client_data_hash = sha256(&client_data[..]);
+            let mut msg = Vec::with_capacity(128);
+            msg.extend_from_slice(&app_id_hash);
+            msg.push(*user_presence_flag);
+            msg.extend_from_slice(counter);
+            msg.extend_from_slice(&client_data_hash);
+
+            information!("Public key: {}", base64::encode(&public_key));
+            information!("Signed message: {}", base64::encode(&msg));
+
            let authorization = u2f::authorization::parse_sign_response(
                app_id.to_string(),
-                u2fv2_challenge_str.as_bytes().to_vec(),
+                client_data,
                public_key,
                sign_data,
            );