hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: bse64

Browse Source
This commit is contained in:
Hatter Jiang
2025-03-29 16:31:08 +08:00
parent e9388eb164
commit bb02c7c823
4 changed files with 18 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/cmd_sign_jwt_se.rs
View File

@@ -1,5 +1,3 @@
use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
use jwt::{AlgorithmType, Header, ToBase64}; use jwt::{AlgorithmType, Header, ToBase64};
@@ -11,6 +9,7 @@ use crate::cmd_sign_jwt::{build_jwt_parts, merge_header_claims, merge_payload_cl
use crate::ecdsautil::parse_ecdsa_to_rs; use crate::ecdsautil::parse_ecdsa_to_rs;
use crate::keyutil::{parse_key_uri, KeyUri}; use crate::keyutil::{parse_key_uri, KeyUri};
use crate::{cmd_sign_jwt, cmdutil, hmacutil, util}; use crate::{cmd_sign_jwt, cmdutil, hmacutil, util};
use crate::util::base64_decode;
const SEPARATOR: &str = "."; const SEPARATOR: &str = ".";
@@ -62,7 +61,7 @@ fn sign_jwt(
let claims = merge_payload_claims(payload, claims)?; let claims = merge_payload_claims(payload, claims)?;
let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes()); let tobe_signed = merge_header_claims(header.as_bytes(), claims.as_bytes());
let private_key_representation = STANDARD.decode(private_key)?; let private_key_representation = base64_decode(private_key)?;
let signed_data_der = let signed_data_der =
swift_secure_enclave_tool_rs::private_key_sign(&private_key_representation, &tobe_signed)?; swift_secure_enclave_tool_rs::private_key_sign(&private_key_representation, &tobe_signed)?;

7
src/cmd_ssh_pub_key.rs
View File

@@ -2,13 +2,12 @@ use crate::digestutil::sha256_bytes;
use crate::pivutil::{get_algorithm_id_by_certificate, slot_equals, ToStr}; use crate::pivutil::{get_algorithm_id_by_certificate, slot_equals, ToStr};
use crate::sshutil::SshVecWriter; use crate::sshutil::SshVecWriter;
use crate::{cmdutil, pivutil, util}; use crate::{cmdutil, pivutil, util};
use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
use rust_util::util_clap::{Command, CommandError}; use rust_util::util_clap::{Command, CommandError};
use std::collections::BTreeMap; use std::collections::BTreeMap;
use yubikey::piv::AlgorithmId; use yubikey::piv::AlgorithmId;
use yubikey::{Key, YubiKey}; use yubikey::{Key, YubiKey};
use crate::util::base64_encode;
pub struct CommandImpl; pub struct CommandImpl;
@@ -100,7 +99,7 @@ impl Command for CommandImpl {
let ssh_pub_key_sha256 = sha256_bytes(&ssh_pub_key); let ssh_pub_key_sha256 = sha256_bytes(&ssh_pub_key);
information!( information!(
"SSH key SHA256: {} (base64)", "SSH key SHA256: {} (base64)",
STANDARD.encode(&ssh_pub_key_sha256) base64_encode(&ssh_pub_key_sha256)
); );
information!("SSH key SHA256: {} (hex)", hex::encode(&ssh_pub_key_sha256)); information!("SSH key SHA256: {} (hex)", hex::encode(&ssh_pub_key_sha256));
eprintln!(); eprintln!();
@@ -113,7 +112,7 @@ impl Command for CommandImpl {
"" ""
}, },
ssh_algorithm, ssh_algorithm,
STANDARD.encode(&ssh_pub_key), base64_encode(&ssh_pub_key),
slot_id slot_id
); );

8
src/fidoutil.rs
View File

@@ -4,14 +4,12 @@ use std::thread;
use std::time::SystemTime; use std::time::SystemTime;
use authenticator::{RegisterResult, StatusUpdate}; use authenticator::{RegisterResult, StatusUpdate};
use base64::Engine;
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
use rand::Rng; use rand::Rng;
use rust_util::XResult; use rust_util::XResult;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use crate::pkiutil::bytes_to_pem; use crate::pkiutil::bytes_to_pem;
use crate::util::base64_encode; use crate::util::{base64_encode, base64_encode_url_safe_no_pad};
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
pub struct U2FDeviceInfo { pub struct U2FDeviceInfo {
@@ -103,7 +101,7 @@ impl U2fV2Challenge {
None => U2fV2Challenge::new_random(app_id, with_time_stamp_prefix), None => U2fV2Challenge::new_random(app_id, with_time_stamp_prefix),
Some(challenge_hex) => { Some(challenge_hex) => {
let challenge_bytes = opt_result!(hex::decode(challenge_hex), "Decode challenge hex failed: {}"); let challenge_bytes = opt_result!(hex::decode(challenge_hex), "Decode challenge hex failed: {}");
let challenge = URL_SAFE_NO_PAD.encode(challenge_bytes); let challenge = base64_encode_url_safe_no_pad(challenge_bytes);
U2fV2Challenge::new(challenge, app_id) U2fV2Challenge::new(challenge, app_id)
} }
}) })
@@ -122,7 +120,7 @@ impl U2fV2Challenge {
rand_bytes[..8].clone_from_slice(&timestamp_be_bytes[..8]); rand_bytes[..8].clone_from_slice(&timestamp_be_bytes[..8]);
} }
let challenge = URL_SAFE_NO_PAD.encode(rand_bytes); let challenge = base64_encode_url_safe_no_pad(rand_bytes);
Self::new(challenge, app_id) Self::new(challenge, app_id)
} }

18
src/seutil.rs
View File

@@ -1,11 +1,13 @@
use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use rust_util::XResult; use rust_util::XResult;
use se_tool::KeyPurpose; use se_tool::KeyPurpose;
use swift_secure_enclave_tool_rs as se_tool; use swift_secure_enclave_tool_rs as se_tool;
use crate::util::{base64_decode, base64_encode};
pub fn is_support_se() -> bool { pub fn is_support_se() -> bool {
se_tool::is_secure_enclave_supported().unwrap_or(false) se_tool::is_secure_enclave_supported().unwrap_or_else(|e| {
failure!("Invoke command swift-secure-enclave-tool failed: {}", e);
false
})
} }
pub fn generate_secure_enclave_p256_keypair( pub fn generate_secure_enclave_p256_keypair(
@@ -20,7 +22,7 @@ pub fn generate_secure_enclave_p256_keypair(
Ok(( Ok((
key_material.public_key_point, key_material.public_key_point,
key_material.public_key_der, key_material.public_key_der,
STANDARD.encode(&key_material.private_key_representation), base64_encode(&key_material.private_key_representation),
)) ))
} }
@@ -28,7 +30,7 @@ pub fn recover_secure_enclave_p256_public_key(
private_key: &str, private_key: &str,
sign: bool, sign: bool,
) -> XResult<(Vec<u8>, Vec<u8>, String)> { ) -> XResult<(Vec<u8>, Vec<u8>, String)> {
let private_key_representation = STANDARD.decode(private_key)?; let private_key_representation = base64_decode(private_key)?;
let key_material = if sign { let key_material = if sign {
se_tool::recover_keypair(KeyPurpose::Signing, &private_key_representation) se_tool::recover_keypair(KeyPurpose::Signing, &private_key_representation)
} else { } else {
@@ -37,7 +39,7 @@ pub fn recover_secure_enclave_p256_public_key(
Ok(( Ok((
key_material.public_key_point, key_material.public_key_point,
key_material.public_key_der, key_material.public_key_der,
STANDARD.encode(&key_material.private_key_representation), base64_encode(&key_material.private_key_representation),
)) ))
} }
@@ -45,14 +47,14 @@ pub fn secure_enclave_p256_dh(
private_key: &str, private_key: &str,
ephemeral_public_key_bytes: &[u8], ephemeral_public_key_bytes: &[u8],
) -> XResult<Vec<u8>> { ) -> XResult<Vec<u8>> {
let private_key_representation = STANDARD.decode(private_key)?; let private_key_representation = base64_decode(private_key)?;
let shared_secret = let shared_secret =
se_tool::private_key_ecdh(&private_key_representation, ephemeral_public_key_bytes)?; se_tool::private_key_ecdh(&private_key_representation, ephemeral_public_key_bytes)?;
Ok(shared_secret) Ok(shared_secret)
} }
pub fn secure_enclave_p256_sign(private_key: &str, content: &[u8]) -> XResult<Vec<u8>> { pub fn secure_enclave_p256_sign(private_key: &str, content: &[u8]) -> XResult<Vec<u8>> {
let private_key_representation = STANDARD.decode(private_key)?; let private_key_representation = base64_decode(private_key)?;
let signature = se_tool::private_key_sign(&private_key_representation, content)?; let signature = se_tool::private_key_sign(&private_key_representation, content)?;
Ok(signature) Ok(signature)
} }