From bb02c7c82358a08dd6f1b2068dd78dc2fefdb95c Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Sat, 29 Mar 2025 16:31:08 +0800 Subject: [PATCH] feat: bse64 --- src/cmd_sign_jwt_se.rs | 5 ++--- src/cmd_ssh_pub_key.rs | 7 +++---- src/fidoutil.rs | 8 +++----- src/seutil.rs | 18 ++++++++++-------- 4 files changed, 18 insertions(+), 20 deletions(-) diff --git a/src/cmd_sign_jwt_se.rs b/src/cmd_sign_jwt_se.rs index d215f9b..24d75c4 100644 --- a/src/cmd_sign_jwt_se.rs +++ b/src/cmd_sign_jwt_se.rs @@ -1,5 +1,3 @@ -use base64::engine::general_purpose::STANDARD; -use base64::Engine; use clap::{App, Arg, ArgMatches, SubCommand}; use jwt::{AlgorithmType, Header, ToBase64}; @@ -11,6 +9,7 @@ use crate::cmd_sign_jwt::{build_jwt_parts, merge_header_claims, merge_payload_cl use crate::ecdsautil::parse_ecdsa_to_rs; use crate::keyutil::{parse_key_uri, KeyUri}; use crate::{cmd_sign_jwt, cmdutil, hmacutil, util}; +use crate::util::base64_decode; const SEPARATOR: &str = "."; @@ -62,7 +61,7 @@ fn sign_jwt( let claims = merge_payload_claims(payload, claims)?; let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes()); - let private_key_representation = STANDARD.decode(private_key)?; + let private_key_representation = base64_decode(private_key)?; let signed_data_der = swift_secure_enclave_tool_rs::private_key_sign(&private_key_representation, &tobe_signed)?; diff --git a/src/cmd_ssh_pub_key.rs b/src/cmd_ssh_pub_key.rs index 490bd13..c635ac4 100644 --- a/src/cmd_ssh_pub_key.rs +++ b/src/cmd_ssh_pub_key.rs @@ -2,13 +2,12 @@ use crate::digestutil::sha256_bytes; use crate::pivutil::{get_algorithm_id_by_certificate, slot_equals, ToStr}; use crate::sshutil::SshVecWriter; use crate::{cmdutil, pivutil, util}; -use base64::engine::general_purpose::STANDARD; -use base64::Engine; use clap::{App, Arg, ArgMatches, SubCommand}; use rust_util::util_clap::{Command, CommandError}; use std::collections::BTreeMap; use yubikey::piv::AlgorithmId; use yubikey::{Key, YubiKey}; +use crate::util::base64_encode; pub struct CommandImpl; @@ -100,7 +99,7 @@ impl Command for CommandImpl { let ssh_pub_key_sha256 = sha256_bytes(&ssh_pub_key); information!( "SSH key SHA256: {} (base64)", - STANDARD.encode(&ssh_pub_key_sha256) + base64_encode(&ssh_pub_key_sha256) ); information!("SSH key SHA256: {} (hex)", hex::encode(&ssh_pub_key_sha256)); eprintln!(); @@ -113,7 +112,7 @@ impl Command for CommandImpl { "" }, ssh_algorithm, - STANDARD.encode(&ssh_pub_key), + base64_encode(&ssh_pub_key), slot_id ); diff --git a/src/fidoutil.rs b/src/fidoutil.rs index 8e953b6..e9b25a5 100644 --- a/src/fidoutil.rs +++ b/src/fidoutil.rs @@ -4,14 +4,12 @@ use std::thread; use std::time::SystemTime; use authenticator::{RegisterResult, StatusUpdate}; -use base64::Engine; -use base64::engine::general_purpose::URL_SAFE_NO_PAD; use rand::Rng; use rust_util::XResult; use serde::{Deserialize, Serialize}; use crate::pkiutil::bytes_to_pem; -use crate::util::base64_encode; +use crate::util::{base64_encode, base64_encode_url_safe_no_pad}; #[derive(Clone, Debug, Serialize, Deserialize)] pub struct U2FDeviceInfo { @@ -103,7 +101,7 @@ impl U2fV2Challenge { None => U2fV2Challenge::new_random(app_id, with_time_stamp_prefix), Some(challenge_hex) => { let challenge_bytes = opt_result!(hex::decode(challenge_hex), "Decode challenge hex failed: {}"); - let challenge = URL_SAFE_NO_PAD.encode(challenge_bytes); + let challenge = base64_encode_url_safe_no_pad(challenge_bytes); U2fV2Challenge::new(challenge, app_id) } }) @@ -122,7 +120,7 @@ impl U2fV2Challenge { rand_bytes[..8].clone_from_slice(×tamp_be_bytes[..8]); } - let challenge = URL_SAFE_NO_PAD.encode(rand_bytes); + let challenge = base64_encode_url_safe_no_pad(rand_bytes); Self::new(challenge, app_id) } diff --git a/src/seutil.rs b/src/seutil.rs index 0d629df..4183b77 100644 --- a/src/seutil.rs +++ b/src/seutil.rs @@ -1,11 +1,13 @@ -use base64::engine::general_purpose::STANDARD; -use base64::Engine; use rust_util::XResult; use se_tool::KeyPurpose; use swift_secure_enclave_tool_rs as se_tool; +use crate::util::{base64_decode, base64_encode}; pub fn is_support_se() -> bool { - se_tool::is_secure_enclave_supported().unwrap_or(false) + se_tool::is_secure_enclave_supported().unwrap_or_else(|e| { + failure!("Invoke command swift-secure-enclave-tool failed: {}", e); + false + }) } pub fn generate_secure_enclave_p256_keypair( @@ -20,7 +22,7 @@ pub fn generate_secure_enclave_p256_keypair( Ok(( key_material.public_key_point, key_material.public_key_der, - STANDARD.encode(&key_material.private_key_representation), + base64_encode(&key_material.private_key_representation), )) } @@ -28,7 +30,7 @@ pub fn recover_secure_enclave_p256_public_key( private_key: &str, sign: bool, ) -> XResult<(Vec, Vec, String)> { - let private_key_representation = STANDARD.decode(private_key)?; + let private_key_representation = base64_decode(private_key)?; let key_material = if sign { se_tool::recover_keypair(KeyPurpose::Signing, &private_key_representation) } else { @@ -37,7 +39,7 @@ pub fn recover_secure_enclave_p256_public_key( Ok(( key_material.public_key_point, key_material.public_key_der, - STANDARD.encode(&key_material.private_key_representation), + base64_encode(&key_material.private_key_representation), )) } @@ -45,14 +47,14 @@ pub fn secure_enclave_p256_dh( private_key: &str, ephemeral_public_key_bytes: &[u8], ) -> XResult> { - let private_key_representation = STANDARD.decode(private_key)?; + let private_key_representation = base64_decode(private_key)?; let shared_secret = se_tool::private_key_ecdh(&private_key_representation, ephemeral_public_key_bytes)?; Ok(shared_secret) } pub fn secure_enclave_p256_sign(private_key: &str, content: &[u8]) -> XResult> { - let private_key_representation = STANDARD.decode(private_key)?; + let private_key_representation = base64_decode(private_key)?; let signature = se_tool::private_key_sign(&private_key_representation, content)?; Ok(signature) }