hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.1.14

Browse Source
This commit is contained in:
Hatter Jiang
2022-04-10 22:17:42 +08:00
parent 088910fb8d
commit be2e014638
5 changed files with 58 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/cmd_u2fregister.rs
View File

@@ -4,7 +4,6 @@ use std::sync::mpsc::channel;
use authenticator::authenticatorservice::AuthenticatorService;
use authenticator::RegisterFlags;
use authenticator::statecallback::StateCallback;
use base64::URL_SAFE_NO_PAD;
use clap::{App, Arg, ArgMatches, SubCommand};
use openssl::hash::MessageDigest;
use openssl::pkey::PKey;
@@ -40,14 +39,7 @@ impl Command for CommandImpl {
Err(e) => return simple_error!("Timeout should be a number: {}", e),
};
let u2fv2_challenge = match sub_arg_matches.value_of("challenge") {
None => U2fV2Challenge::new_random(app_id),
Some(challenge_hex) => {
let challenge_bytes = opt_result!(hex::decode(challenge_hex), "Decode challenge hex failed: {}");
let challenge = base64::encode_config(&challenge_bytes, URL_SAFE_NO_PAD);
U2fV2Challenge::new(challenge, app_id)
}
};
let u2fv2_challenge = U2fV2Challenge::new_challenge(sub_arg_matches.value_of("challenge"), app_id)?;
let u2fv2_challenge_str = u2fv2_challenge.to_json();
let chall_bytes = digest::sha256(&u2fv2_challenge_str);
@@ -87,12 +79,12 @@ impl Command for CommandImpl {
// +------+-------------------+-----------------+------------+--------------------+
// + 0x00 | application (32B) | challenge (32B) | key handle | User pub key (65B) |
// +------+-------------------+-----------------+------------+--------------------+
let mut to_be_signed = Vec::with_capacity(200);
to_be_signed.push(0x00);
to_be_signed.extend_from_slice(&app_bytes);
to_be_signed.extend_from_slice(&chall_bytes);
to_be_signed.extend_from_slice(&u2f_registration_data.key_handle);
to_be_signed.extend_from_slice(&u2f_registration_data.pub_key);
let mut signed_message = Vec::with_capacity(200);
signed_message.push(0x00);
signed_message.extend_from_slice(&app_bytes);
signed_message.extend_from_slice(&chall_bytes);
signed_message.extend_from_slice(&u2f_registration_data.key_handle);
signed_message.extend_from_slice(&u2f_registration_data.pub_key);
// +------+--------------------+---------------------+------------+------------+------+
// + 0x05 | User pub key (65B) | key handle len (1B) | key handle | X.509 Cert | Sign |
// +------+--------------------+---------------------+------------+------------+------+
@@ -114,7 +106,7 @@ impl Command for CommandImpl {
json.insert("pub_key", hex::encode(&u2f_registration_data.pub_key));
json.insert("key_handle", hex::encode(&u2f_registration_data.key_handle));
json.insert("signature", hex::encode(sign));
json.insert("to_be_signed", hex::encode(&to_be_signed));
json.insert("signed_message", hex::encode(&signed_message));
json.insert("registration_data", hex::encode(&register_result.0));
json.insert("app_id", app_id.to_string());
json.insert("app_id_hash", hex::encode(&app_bytes));
@@ -133,7 +125,7 @@ impl Command for CommandImpl {
success!("Public key: {}", hex::encode(&u2f_registration_data.pub_key));
success!("Key handle: {}", hex::encode(&u2f_registration_data.key_handle));
debugging!("Registration data: {}", hex::encode(&register_result.0));
information!("To be signed: {}", hex::encode(&to_be_signed));
information!("Signed message: {}", hex::encode(&signed_message));
information!("Signature: {}", hex::encode(sign));
if let Some(attestation_cert) = &u2f_registration_data.attestation_cert {
@@ -141,7 +133,7 @@ impl Command for CommandImpl {
debugging!("Attestation public key: {:?}", cert.1.public_key().subject_public_key);
let pkey = opt_result!(PKey::public_key_from_der(cert.1.public_key().raw), "Parse public key failed: {}");
let mut verifier = opt_result!(Verifier::new(MessageDigest::sha256(), &pkey), "Verifier new failed: {}");
verifier.update(&to_be_signed)?;
verifier.update(&signed_message)?;
let verify_result = opt_result!(verifier.verify(sign), "Verifier verify failed: {}");
if verify_result {
success!("Verify success");