hatter/local-mini-kms
1
1
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

feat: supports yubikey init

Browse Source
This commit is contained in:
Hatter Jiang
2023-08-13 21:26:16 +08:00
parent e16c28f2ab
commit b5e13dc13a
8 changed files with 393 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/yubikey_hmac.rs Normal file
View File

@@ -0,0 +1,29 @@
use std::ops::Deref;
use rust_util::{opt_result, success, XResult};
use yubico_manager::config::{Config, Mode, Slot};
use yubico_manager::Yubico;
pub fn yubikey_challenge_as_32_bytes(challenge_bytes: &[u8]) -> XResult<Vec<u8>> {
let mut yubi = Yubico::new();
let device = opt_result!(yubi.find_yubikey(), "Find yubikey failed: {}");
success!("Found key, Vendor ID: {:?}, Product ID: {:?}", device.vendor_id, device.product_id);
let config = Config::default()
.set_vendor_id(device.vendor_id)
.set_product_id(device.product_id)
.set_variable_size(true)
.set_mode(Mode::Sha1)
.set_slot(Slot::Slot2);
// In HMAC Mode, the result will always be the SAME for the SAME provided challenge
let hmac_result = opt_result!(yubi.challenge_response_hmac(&challenge_bytes, config), "Challenge HMAC failed: {}");
// Just for debug, lets check the hex
let v: &[u8] = hmac_result.deref();
let mut r = vec![];
r.extend_from_slice(v);
r.extend_from_slice(&v[0..12]);
Ok(r)
}