hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
9c2cc1d3f39f509123ff963036c4488b06d6be23
card-cli/src/register.rs
Hatter Jiang 9c2cc1d3f3 feat: CTAP/FIDO cert
2021-07-03 06:28:38 +08:00

106 lines
4.3 KiB
Rust
Raw Blame History

use clap::{ArgMatches, SubCommand, App, Arg};
use crate::cmd::{Command, CommandError};
use authenticator::authenticatorservice::AuthenticatorService;
use authenticator::statecallback::StateCallback;
use authenticator::RegisterFlags;
use std::sync::mpsc::channel;
use crate::fido;
use crate::digest;
use crate::fido::U2fV2Challenge;
pub struct CommandImpl;
impl Command for CommandImpl {
fn name(&self) -> &str { "register" }
fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("Register subcommand")
.arg(Arg::with_name("app-id").long("app-id").default_value("https://example.com").help("App id"))
.arg(Arg::with_name("timeout").long("timeout").default_value("10").help("Timeout in seconds"))
}
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
let app_id = sub_arg_matches.value_of("app-id").unwrap();
let timeout_ms = match sub_arg_matches.value_of("timeout").unwrap().parse::<u32>() {
Ok(t) => (t * 1000) as u64,
Err(e) => return simple_error!("Timeout should be a number: {}", e),
};
let u2fv2_challenge = U2fV2Challenge::new_random(app_id);
let u2fv2_challenge_str = u2fv2_challenge.to_json();
let chall_bytes = digest::sha256(&u2fv2_challenge_str);
let app_bytes = digest::sha256(app_id);
let flags = RegisterFlags::empty();
let status_tx = fido::start_status_updater();
let (register_tx, register_rx) = channel();
let callback = StateCallback::new(Box::new(move |rv| {
register_tx.send(rv).unwrap();
}));
information!("Start U2F register...");
information!("App id: {}", app_id);
debugging!("Wait timeout: {} ms", timeout_ms);
let mut manager = AuthenticatorService::new()?;
manager.add_u2f_usb_hid_platform_transports();
manager.register(
flags,
timeout_ms,
chall_bytes.clone(),
app_bytes.clone(),
vec![],
status_tx.clone(),
callback,
)?;
let register_result = register_rx.recv()?;
let (register_data, device_info) = register_result?;
success!("Device info: {}", &device_info);
success!("Register result: {}", base64::encode(&register_data));
let client_data = &u2fv2_challenge_str;
let rr = match u2f::register::parse_registration(app_id.to_string(), client_data.as_bytes().to_vec(), register_data) {
Ok(rr) => rr,
Err(e) => return simple_error!("Parse registration data failed: {}", e),
};
if let Some(cert) = rr.attestation_cert {
success!("Certificate: {}", fido::to_pem(&cert, "CERTIFICATE", 64));
}
if let Some(device_name) = rr.device_name {
success!("Device name: {}", device_name);
}
success!("Public key: {}", hex::encode(rr.pub_key));
success!("Key handle: {}", hex::encode(rr.key_handle));
Ok(())
}
}
//
// // U2F raw message format specification (version 20170411) section 4.3
// // In case of success we need to send back the following reply
// // (excluding ISO7816 success code)
// // +------+--------------------+---------------------+------------+------------+------+
// // + 0x05 | User pub key (65B) | key handle len (1B) | key handle | X.509 Cert | Sign |
// // +------+--------------------+---------------------+------------+------------+------+
// //
// // Where Sign is an ECDSA signature over the following structure:
// // +------+-------------------+-----------------+------------+--------------------+
// // + 0x00 | application (32B) | challenge (32B) | key handle | User pub key (65B) |
// // +------+-------------------+-----------------+------------+--------------------+
// // see https://github.com/google/OpenSK/blob/stable/src/ctap/ctap1.rs
// fn u2f_get_key_handle_from_register_response(register_response: &[u8]) -> XResult<Vec<u8>> {
// if register_response[0] != 0x05 {
// return simple_error!("Reserved byte not set correctly");
// }
//
// let key_handle_len = register_response[66] as usize;
// let mut public_key = register_response.to_owned();
// let mut key_handle = public_key.split_off(67);
// let _attestation = key_handle.split_off(key_handle_len);
//
// Ok(key_handle)
// }
Reference in New Issue View Git Blame Copy Permalink