hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.10.15, add debuging

Browse Source
This commit is contained in:
Hatter Jiang
2025-01-11 22:31:50 +08:00
parent 73b5cc1f5f
commit d27f0d5f83
3 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -487,7 +487,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.10.14" version = "1.10.15"
dependencies = [ dependencies = [
"authenticator 0.3.1", "authenticator 0.3.1",
"base64 0.21.7", "base64 0.21.7",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.10.14" version = "1.10.15"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

17
src/cmd_sshpivsign.rs
View File

@@ -88,30 +88,37 @@ impl Command for CommandImpl {
sign_message.write_string(namespace.as_bytes()); sign_message.write_string(namespace.as_bytes());
sign_message.write_string("".as_bytes()); sign_message.write_string("".as_bytes());
sign_message.write_string("sha512".as_bytes()); sign_message.write_string("sha512".as_bytes());
sign_message.write_string(&crate::digest::sha512_bytes(&data)); let data_digest = crate::digest::sha512_bytes(&data);
debugging!("Data digest: {} (sha512)", hex::encode(&data_digest));
sign_message.write_string(&data_digest);
debugging!("Singed message: {}", hex::encode(&sign_message));
let tobe_signed_data = if ec_bit_len == 256 { let tobe_signed_data = if ec_bit_len == 256 {
crate::digest::sha256_bytes(&sign_message) crate::digest::sha256_bytes(&sign_message)
} else { } else {
crate::digest::sha384_bytes(&sign_message) crate::digest::sha384_bytes(&sign_message)
}; };
debugging!("Digest of signed message: {}", hex::encode(&tobe_signed_data));
if let Some(pin) = &pin_opt { if let Some(pin) = &pin_opt {
opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}"); opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
} }
let mut signature_value = vec![]; let mut signature_value = vec![];
let signed_data = opt_result!(sign_data(&mut yk, &tobe_signed_data, algorithm_id, slot_id), "Sign PIV failed: {}"); let signed_data = opt_result!(sign_data(&mut yk, &tobe_signed_data, algorithm_id, slot_id), "Sign PIV failed: {}");
debugging!("Signature: {}", hex::encode(signed_data.as_slice()));
let (_, parsed_signature) = opt_result!(der_parser::parse_der(signed_data.as_slice()), "Parse signature failed: {}"); let (_, parsed_signature) = opt_result!(der_parser::parse_der(signed_data.as_slice()), "Parse signature failed: {}");
match parsed_signature.content { match parsed_signature.content {
BerObjectContent::Sequence(seq) => { BerObjectContent::Sequence(seq) => {
match &seq[0].content { match &seq[0].content {
BerObjectContent::Integer(x) => { BerObjectContent::Integer(r) => {
signature_value.write_string(x); debugging!("Signature r: {}", hex::encode(r));
signature_value.write_string(r);
} }
_ => return simple_error!("Parse signature failed: [0]not integer"), _ => return simple_error!("Parse signature failed: [0]not integer"),
} }
match &seq[1].content { match &seq[1].content {
BerObjectContent::Integer(y) => { BerObjectContent::Integer(s) => {
signature_value.write_string(y); debugging!("Signature s: {}", hex::encode(s));
signature_value.write_string(s);
} }
_ => return simple_error!("Parse signature failed: [1]not integer"), _ => return simple_error!("Parse signature failed: [1]not integer"),
} }