feat: bse64

src/cmd_sign_jwt_se.rs

@@ -1,5 +1,3 @@
-use base64::engine::general_purpose::STANDARD;
-use base64::Engine;
 use clap::{App, Arg, ArgMatches, SubCommand};
 
 use jwt::{AlgorithmType, Header, ToBase64};
@@ -11,6 +9,7 @@ use crate::cmd_sign_jwt::{build_jwt_parts, merge_header_claims, merge_payload_cl
 use crate::ecdsautil::parse_ecdsa_to_rs;
 use crate::keyutil::{parse_key_uri, KeyUri};
 use crate::{cmd_sign_jwt, cmdutil, hmacutil, util};
+use crate::util::base64_decode;
 
 const SEPARATOR: &str = ".";
 
@@ -62,7 +61,7 @@ fn sign_jwt(
     let claims = merge_payload_claims(payload, claims)?;
     let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes());
 
-    let private_key_representation = STANDARD.decode(private_key)?;
+    let private_key_representation = base64_decode(private_key)?;
     let signed_data_der =
         swift_secure_enclave_tool_rs::private_key_sign(&private_key_representation, &tobe_signed)?;
 

src/cmd_ssh_pub_key.rs

@@ -2,13 +2,12 @@ use crate::digestutil::sha256_bytes;
 use crate::pivutil::{get_algorithm_id_by_certificate, slot_equals, ToStr};
 use crate::sshutil::SshVecWriter;
 use crate::{cmdutil, pivutil, util};
-use base64::engine::general_purpose::STANDARD;
-use base64::Engine;
 use clap::{App, Arg, ArgMatches, SubCommand};
 use rust_util::util_clap::{Command, CommandError};
 use std::collections::BTreeMap;
 use yubikey::piv::AlgorithmId;
 use yubikey::{Key, YubiKey};
+use crate::util::base64_encode;
 
 pub struct CommandImpl;
 
@@ -100,7 +99,7 @@ impl Command for CommandImpl {
         let ssh_pub_key_sha256 = sha256_bytes(&ssh_pub_key);
         information!(
             "SSH key SHA256: {} (base64)",
-            STANDARD.encode(&ssh_pub_key_sha256)
+            base64_encode(&ssh_pub_key_sha256)
         );
         information!("SSH key SHA256: {} (hex)", hex::encode(&ssh_pub_key_sha256));
         eprintln!();
@@ -113,7 +112,7 @@ impl Command for CommandImpl {
                 ""
             },
             ssh_algorithm,
-            STANDARD.encode(&ssh_pub_key),
+            base64_encode(&ssh_pub_key),
             slot_id
         );
 

src/fidoutil.rs

@@ -4,14 +4,12 @@ use std::thread;
 use std::time::SystemTime;
 
 use authenticator::{RegisterResult, StatusUpdate};
-use base64::Engine;
-use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use rand::Rng;
 use rust_util::XResult;
 use serde::{Deserialize, Serialize};
 
 use crate::pkiutil::bytes_to_pem;
-use crate::util::base64_encode;
+use crate::util::{base64_encode, base64_encode_url_safe_no_pad};
 
 #[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct U2FDeviceInfo {
@@ -103,7 +101,7 @@ impl U2fV2Challenge {
             None => U2fV2Challenge::new_random(app_id, with_time_stamp_prefix),
             Some(challenge_hex) => {
                 let challenge_bytes = opt_result!(hex::decode(challenge_hex), "Decode challenge hex failed: {}");
-                let challenge = URL_SAFE_NO_PAD.encode(challenge_bytes);
+                let challenge = base64_encode_url_safe_no_pad(challenge_bytes);
                 U2fV2Challenge::new(challenge, app_id)
             }
         })
@@ -122,7 +120,7 @@ impl U2fV2Challenge {
             rand_bytes[..8].clone_from_slice(&timestamp_be_bytes[..8]);
         }
 
-        let challenge = URL_SAFE_NO_PAD.encode(rand_bytes);
+        let challenge = base64_encode_url_safe_no_pad(rand_bytes);
         Self::new(challenge, app_id)
     }
 

src/seutil.rs

@@ -1,11 +1,13 @@
-use base64::engine::general_purpose::STANDARD;
-use base64::Engine;
 use rust_util::XResult;
 use se_tool::KeyPurpose;
 use swift_secure_enclave_tool_rs as se_tool;
+use crate::util::{base64_decode, base64_encode};
 
 pub fn is_support_se() -> bool {
-    se_tool::is_secure_enclave_supported().unwrap_or(false)
+    se_tool::is_secure_enclave_supported().unwrap_or_else(|e| {
+        failure!("Invoke command swift-secure-enclave-tool failed: {}", e);
+        false
+    })
 }
 
 pub fn generate_secure_enclave_p256_keypair(
@@ -20,7 +22,7 @@ pub fn generate_secure_enclave_p256_keypair(
     Ok((
         key_material.public_key_point,
         key_material.public_key_der,
-        STANDARD.encode(&key_material.private_key_representation),
+        base64_encode(&key_material.private_key_representation),
     ))
 }
 
@@ -28,7 +30,7 @@ pub fn recover_secure_enclave_p256_public_key(
     private_key: &str,
     sign: bool,
 ) -> XResult<(Vec<u8>, Vec<u8>, String)> {
-    let private_key_representation = STANDARD.decode(private_key)?;
+    let private_key_representation = base64_decode(private_key)?;
     let key_material = if sign {
         se_tool::recover_keypair(KeyPurpose::Signing, &private_key_representation)
     } else {
@@ -37,7 +39,7 @@ pub fn recover_secure_enclave_p256_public_key(
     Ok((
         key_material.public_key_point,
         key_material.public_key_der,
-        STANDARD.encode(&key_material.private_key_representation),
+        base64_encode(&key_material.private_key_representation),
     ))
 }
 
@@ -45,14 +47,14 @@ pub fn secure_enclave_p256_dh(
     private_key: &str,
     ephemeral_public_key_bytes: &[u8],
 ) -> XResult<Vec<u8>> {
-    let private_key_representation = STANDARD.decode(private_key)?;
+    let private_key_representation = base64_decode(private_key)?;
     let shared_secret =
         se_tool::private_key_ecdh(&private_key_representation, ephemeral_public_key_bytes)?;
     Ok(shared_secret)
 }
 
 pub fn secure_enclave_p256_sign(private_key: &str, content: &[u8]) -> XResult<Vec<u8>> {
-    let private_key_representation = STANDARD.decode(private_key)?;
+    let private_key_representation = base64_decode(private_key)?;
     let signature = se_tool::private_key_sign(&private_key_representation, content)?;
     Ok(signature)
 }