feat: v1.2.0, add piv-decrypt
This commit is contained in:
2
Cargo.lock
generated
2
Cargo.lock
generated
@@ -384,7 +384,7 @@ dependencies = [
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "card-cli"
|
name = "card-cli"
|
||||||
version = "1.1.17"
|
version = "1.2.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"authenticator",
|
"authenticator",
|
||||||
"base64 0.13.0",
|
"base64 0.13.0",
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "card-cli"
|
name = "card-cli"
|
||||||
version = "1.1.17"
|
version = "1.2.0"
|
||||||
authors = ["Hatter Jiang <jht5945@gmail.com>"]
|
authors = ["Hatter Jiang <jht5945@gmail.com>"]
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
|
|
||||||
|
|||||||
68
src/cmd_pivdecrypt.rs
Normal file
68
src/cmd_pivdecrypt.rs
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
use std::collections::BTreeMap;
|
||||||
|
|
||||||
|
use clap::{App, Arg, ArgMatches, SubCommand};
|
||||||
|
use rust_util::util_clap::{Command, CommandError};
|
||||||
|
use yubikey::piv::{AlgorithmId, SlotId};
|
||||||
|
use yubikey::YubiKey;
|
||||||
|
|
||||||
|
pub struct CommandImpl;
|
||||||
|
|
||||||
|
impl Command for CommandImpl {
|
||||||
|
fn name(&self) -> &str { "piv-decrypt" }
|
||||||
|
|
||||||
|
fn subcommand<'a>(&self) -> App<'a, 'a> {
|
||||||
|
SubCommand::with_name(self.name()).about("PIV Sign subcommand")
|
||||||
|
.arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).default_value("123456").help("OpenPGP card user pin"))
|
||||||
|
.arg(Arg::with_name("encrypted-data").long("encrypted-data").takes_value(true).help("Encrypted data"))
|
||||||
|
.arg(Arg::with_name("json").long("json").help("JSON output"))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
|
||||||
|
let json_output = sub_arg_matches.is_present("json");
|
||||||
|
if json_output { rust_util::util_msg::set_logger_std_out(false); }
|
||||||
|
|
||||||
|
let pin_opt = sub_arg_matches.value_of("pin");
|
||||||
|
let pin = opt_value_result!(pin_opt, "User pin must be assigned");
|
||||||
|
|
||||||
|
let encrypted_data = if let Some(encrypted_data_hex) = sub_arg_matches.value_of("encrypted-data") {
|
||||||
|
opt_result!(hex::decode(encrypted_data_hex), "Decode --encrypted-data failed: {}")
|
||||||
|
} else {
|
||||||
|
return simple_error!("Argument --data or --data-hex must assign one");
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
|
||||||
|
opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
|
||||||
|
|
||||||
|
let sign_result = yubikey::piv::sign_data(&mut yk, &encrypted_data, AlgorithmId::Rsa2048, SlotId::KeyManagement);
|
||||||
|
let decrypted_data = opt_result!(sign_result, "Decrypt data failed: {}");
|
||||||
|
let decrypted_data_bytes = decrypted_data.as_slice();
|
||||||
|
|
||||||
|
information!("Decrypted raw data: {}", hex::encode(decrypted_data_bytes));
|
||||||
|
if !(decrypted_data_bytes[0] == 0x00 && decrypted_data_bytes[1] == 0x02) {
|
||||||
|
return simple_error!("Not valid encrypted data, prefix: {}", hex::encode(&decrypted_data_bytes[0..2]));
|
||||||
|
}
|
||||||
|
let mut index_of_00_from_index_1 = 0;
|
||||||
|
for i in 1..decrypted_data_bytes.len() {
|
||||||
|
if decrypted_data_bytes[i] == 0x00 {
|
||||||
|
index_of_00_from_index_1 = i + 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
if index_of_00_from_index_1 == 0 {
|
||||||
|
return simple_error!("Not valid encrypted data, cannot find 0x00");
|
||||||
|
}
|
||||||
|
let clear_data = &decrypted_data_bytes[index_of_00_from_index_1..];
|
||||||
|
success!("Decrypt data: {}", hex::encode(clear_data));
|
||||||
|
success!("Decrypt data in UTF-8: {}", String::from_utf8_lossy(clear_data));
|
||||||
|
|
||||||
|
if json_output {
|
||||||
|
let mut json = BTreeMap::<&'_ str, String>::new();
|
||||||
|
json.insert("encrypted_data_hex", hex::encode(&encrypted_data));
|
||||||
|
json.insert("decrypted_data_hex", hex::encode(&decrypted_data_bytes));
|
||||||
|
json.insert("clear_data_hex", hex::encode(&clear_data));
|
||||||
|
json.insert("clear_data", String::from_utf8_lossy(clear_data).to_string());
|
||||||
|
println!("{}", serde_json::to_string_pretty(&json).unwrap());
|
||||||
|
}
|
||||||
|
Ok(None)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -22,6 +22,7 @@ mod cmd_pgpcarddecrypt;
|
|||||||
mod cmd_pgpcardmake;
|
mod cmd_pgpcardmake;
|
||||||
mod cmd_piv;
|
mod cmd_piv;
|
||||||
mod cmd_pivsign;
|
mod cmd_pivsign;
|
||||||
|
mod cmd_pivdecrypt;
|
||||||
mod cmd_pivgenerate;
|
mod cmd_pivgenerate;
|
||||||
mod cmd_chall;
|
mod cmd_chall;
|
||||||
mod cmd_challconfig;
|
mod cmd_challconfig;
|
||||||
@@ -59,6 +60,7 @@ fn inner_main() -> CommandError {
|
|||||||
Box::new(cmd_pgpcardmake::CommandImpl),
|
Box::new(cmd_pgpcardmake::CommandImpl),
|
||||||
Box::new(cmd_piv::CommandImpl),
|
Box::new(cmd_piv::CommandImpl),
|
||||||
Box::new(cmd_pivsign::CommandImpl),
|
Box::new(cmd_pivsign::CommandImpl),
|
||||||
|
Box::new(cmd_pivdecrypt::CommandImpl),
|
||||||
Box::new(cmd_pivgenerate::CommandImpl),
|
Box::new(cmd_pivgenerate::CommandImpl),
|
||||||
Box::new(cmd_u2fregister::CommandImpl),
|
Box::new(cmd_u2fregister::CommandImpl),
|
||||||
Box::new(cmd_u2fsign::CommandImpl),
|
Box::new(cmd_u2fsign::CommandImpl),
|
||||||
|
|||||||
Reference in New Issue
Block a user