From b30aab4e03760e297a9e48110244e72d96668ca5 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sun, 27 Mar 2022 16:53:52 +0800
Subject: [PATCH] feat: u2f sign

---
 src/cmd_u2fsign.rs | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/cmd_u2fsign.rs b/src/cmd_u2fsign.rs
index 71d2434..e6073ac 100644
--- a/src/cmd_u2fsign.rs
+++ b/src/cmd_u2fsign.rs
@@ -4,6 +4,7 @@ use authenticator::{AuthenticatorTransports, KeyHandle, SignFlags};
 use authenticator::authenticatorservice::AuthenticatorService;
 use authenticator::statecallback::StateCallback;
 use clap::{App, Arg, ArgMatches, SubCommand};
+use openssl::sha::sha256;
 use rust_util::util_clap::{Command, CommandError};
 
 use crate::digest;
@@ -77,18 +78,38 @@ impl Command for CommandImpl {
         let sign_result = opt_result!(sign_rx.recv(), "Problem receiving, unable to continue: {}");
         let (_, handle_used, sign_data, device_info) = opt_result!(sign_result, "Sign failed: {}");
 
+        let user_presence_flag = &sign_data[0];
+        let counter = &sign_data[1..=4];
+        let signature = &sign_data[5..];
+
         success!("Device info: {}", &device_info);
         success!("Sign challenge: {}", u2fv2_challenge_str);
         success!("Sign challenge base64: {}", base64::encode(&u2fv2_challenge_str));
-        success!("Sign result: {}", base64::encode(&sign_data));
-        success!("Key handle used: {}", base64::encode(&handle_used));
-        success!("Key handle used: {}", hex::encode(&handle_used));
+        success!("Sign result : {}", base64::encode(&sign_data));
+        success!("- presence : {}", user_presence_flag);
+        success!("- counter  : {}", u32::from_be_bytes([counter[0], counter[1], counter[2], counter[3]]));
+        success!("- signature: {}", base64::encode(&signature));
+        // success!("Key handle used: {}", base64::encode(&handle_used));
+        success!("Key handle: {}", hex::encode(&handle_used));
 
         if let Some(public_key_hex) = sub_arg_matches.value_of("public-key-hex") {
             let public_key = opt_result!(hex::decode(public_key_hex), "Parse public key hex failed: {}");
+
+            let client_data = u2fv2_challenge_str.as_bytes().to_vec();
+            let app_id_hash = sha256(app_id.as_bytes());
+            let client_data_hash = sha256(&client_data[..]);
+            let mut msg = Vec::with_capacity(128);
+            msg.extend_from_slice(&app_id_hash);
+            msg.push(*user_presence_flag);
+            msg.extend_from_slice(counter);
+            msg.extend_from_slice(&client_data_hash);
+
+            information!("Public key: {}", base64::encode(&public_key));
+            information!("Signed message: {}", base64::encode(&msg));
+
             let authorization = u2f::authorization::parse_sign_response(
                 app_id.to_string(),
-                u2fv2_challenge_str.as_bytes().to_vec(),
+                client_data,
                 public_key,
                 sign_data,
             );