hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.13.4

Browse Source
This commit is contained in:
Hatter Jiang
2025-05-12 23:38:45 +08:00
parent 4431bff9e6
commit fb026c9f21
4 changed files with 30 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Cargo.lock generated
View File

@@ -508,7 +508,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.13.3" version = "1.13.4"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"authenticator 0.3.1", "authenticator 0.3.1",
@@ -3772,13 +3772,15 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
[[package]] [[package]]
name = "swift-secure-enclave-tool-rs" name = "swift-secure-enclave-tool-rs"
version = "0.1.1" version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1de60ab30b0f344a083df555373a2f419a0682f1a5d76c9f845abe696230caba" checksum = "781e2858f6440fba7a8979be69cad4dfbfd6488052f782f84d66141ec3af56a8"
dependencies = [ dependencies = [
"base64 0.22.1", "base64 0.22.1",
"hex", "hex",
"rust_util", "rust_util",
"serde",
"serde_json",
] ]
[[package]] [[package]]

4
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.13.3" version = "1.13.4"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"
@@ -55,7 +55,7 @@ der-parser = "9.0"
sshcerts = "0.13" sshcerts = "0.13"
regex = "1.4.6" regex = "1.4.6"
aes-gcm-stream = "0.2" aes-gcm-stream = "0.2"
swift-secure-enclave-tool-rs = "0.1" swift-secure-enclave-tool-rs = "1.0"
u2f-hatter-fork = "0.2" u2f-hatter-fork = "0.2"
security-framework = { version = "3.0", features = ["OSX_10_15"] } security-framework = { version = "3.0", features = ["OSX_10_15"] }
rsa = "0.9.8" rsa = "0.9.8"

25
src/cmd_se_generate.rs
View File

@@ -1,12 +1,13 @@
use crate::cmd_hmac_encrypt;
use crate::pkiutil::bytes_to_pem; use crate::pkiutil::bytes_to_pem;
use crate::{cmdutil, seutil, util};
use crate::util::base64_encode; use crate::util::base64_encode;
use crate::{cmdutil, seutil, util};
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
use p256::PublicKey; use p256::PublicKey;
use rust_util::util_clap::{Command, CommandError}; use rust_util::util_clap::{Command, CommandError};
use spki::DecodePublicKey; use spki::DecodePublicKey;
use std::collections::BTreeMap; use std::collections::BTreeMap;
use crate::cmd_hmac_encrypt; use swift_secure_enclave_tool_rs::ControlFlag;
pub struct CommandImpl; pub struct CommandImpl;
@@ -33,9 +34,11 @@ impl Command for CommandImpl {
.help("Host name"), .help("Host name"),
) )
.arg( .arg(
Arg::with_name("disable-bio") Arg::with_name("control-flag")
.long("disable-bio") .long("control-flag")
.help("Disable bio"), .required(true)
.takes_value(true)
.help("Control flag, e.g. none, user-presence, device-passcode, biometry-any, biometry-current-set"),
) )
.arg(cmdutil::build_with_hmac_encrypt_arg()) .arg(cmdutil::build_with_hmac_encrypt_arg())
.arg(cmdutil::build_with_pbe_encrypt_arg()) .arg(cmdutil::build_with_pbe_encrypt_arg())
@@ -56,10 +59,18 @@ impl Command for CommandImpl {
"key_agreement" | "ecdh" | "dh" => false, "key_agreement" | "ecdh" | "dh" => false,
_ => return simple_error!("Invalid type: {}", ty), _ => return simple_error!("Invalid type: {}", ty),
}; };
let require_bio = !sub_arg_matches.is_present("disable-bio"); let control_flag = sub_arg_matches.value_of("control-flag").unwrap();
let control_flag = match control_flag {
"none" => ControlFlag::None,
"user-presence" | "up" => ControlFlag::UserPresence,
"device-passcode" | "passcode" | "pass" => ControlFlag::DevicePasscode,
"biometry-any" | "bio-any" => ControlFlag::BiometryAny,
"biometry-current-set" | "bio-current" => ControlFlag::BiometryCurrentSet,
_ => return simple_error!("Invalid control flag: {}", control_flag),
};
let (public_key_point, public_key_der, private_key) = let (public_key_point, public_key_der, private_key) =
seutil::generate_secure_enclave_p256_keypair(sign, require_bio)?; seutil::generate_secure_enclave_p256_keypair(sign, control_flag)?;
let private_key = cmd_hmac_encrypt::do_encrypt(&private_key, &mut None, sub_arg_matches)?; let private_key = cmd_hmac_encrypt::do_encrypt(&private_key, &mut None, sub_arg_matches)?;
let key_uri = format!( let key_uri = format!(

9
src/seutil.rs
View File

@@ -1,7 +1,8 @@
use crate::util::{base64_decode, base64_encode};
use rust_util::XResult; use rust_util::XResult;
use se_tool::KeyPurpose; use se_tool::KeyPurpose;
use swift_secure_enclave_tool_rs as se_tool; use swift_secure_enclave_tool_rs as se_tool;
use crate::util::{base64_decode, base64_encode}; use swift_secure_enclave_tool_rs::ControlFlag;
pub fn is_support_se() -> bool { pub fn is_support_se() -> bool {
se_tool::is_secure_enclave_supported().unwrap_or_else(|e| { se_tool::is_secure_enclave_supported().unwrap_or_else(|e| {
@@ -20,12 +21,12 @@ pub fn check_se_supported() -> XResult<()> {
pub fn generate_secure_enclave_p256_keypair( pub fn generate_secure_enclave_p256_keypair(
sign: bool, sign: bool,
require_bio: bool, control_flag: ControlFlag,
) -> XResult<(Vec<u8>, Vec<u8>, String)> { ) -> XResult<(Vec<u8>, Vec<u8>, String)> {
let key_material = if sign { let key_material = if sign {
se_tool::generate_keypair(KeyPurpose::Signing, require_bio)? se_tool::generate_keypair(KeyPurpose::Signing, control_flag)?
} else { } else {
se_tool::generate_keypair(KeyPurpose::KeyAgreement, require_bio)? se_tool::generate_keypair(KeyPurpose::KeyAgreement, control_flag)?
}; };
Ok(( Ok((
key_material.public_key_point, key_material.public_key_point,