feat: add crypto rsa

Cargo.lock

@@ -2188,6 +2188,7 @@ dependencies = [
  "rand",
  "reqwest",
  "rpassword",
+ "rsa",
  "rust_util",
  "serde",
  "serde_json",

Cargo.toml

@@ -20,6 +20,7 @@ openpgp-card-pcsc = "0.3.0"
 rand = "0.8.5"
 reqwest = { version = "0.11.14", features = ["blocking", "rustls", "rustls-tls"] }
 rpassword = "7.2.0"
+rsa = "0.9.2"
 rust_util = "0.6.42"
 serde = { version = "1.0.152", features = ["derive"] }
 serde_json = "1.0.93"

src/cmd_decrypt.rs

@@ -16,7 +16,7 @@ use yubikey::YubiKey;
 use crate::{file, util};
 use crate::card::get_card;
 use crate::compress::GzStreamDecoder;
-use crate::crypto::aes_gcm_decrypt;
+use crate::crypto_aes::aes_gcm_decrypt;
 use crate::spec::{TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta};
 use crate::util::{decode_base64, decode_base64_url_no_pad, ENC_AES256_GCM_P256, simple_kdf, TINY_ENC_FILE_EXT};
 use crate::wrap_key::WrapKey;

src/compress.rs

@@ -2,7 +2,7 @@ use std::io::Write;
 
 use flate2::Compression;
 use flate2::write::{GzDecoder, GzEncoder};
-use rust_util::XResult;
+use rust_util::{simple_error, XResult};
 use x509_parser::nom::AsBytes;
 
 pub struct GzStreamEncoder {
@@ -28,10 +28,10 @@ impl GzStreamEncoder {
         Ok(result)
     }
 
-    pub fn finalize(mut self) -> Result<Vec<u8>, String> {
+    pub fn finalize(self) -> XResult<Vec<u8>> {
         match self.gz_encoder.finish() {
             Ok(last_buffer) => Ok(last_buffer),
-            Err(e) => Err(format!("Decode stream failed: {}", e)),
+            Err(e) => simple_error!("Decode stream failed: {}", e),
         }
     }
 }
@@ -55,10 +55,10 @@ impl GzStreamDecoder {
         Ok(result)
     }
 
-    pub fn finalize(mut self) -> Result<Vec<u8>, String> {
+    pub fn finalize(self) -> XResult<Vec<u8>> {
         match self.gz_decoder.finish() {
             Ok(last_buffer) => Ok(last_buffer),
-            Err(e) => Err(format!("Decode stream failed: {}", e)),
+            Err(e) => simple_error!("Decode stream failed: {}", e),
         }
     }
 }

src/crypto_rsa.rs

@@ -0,0 +1,62 @@
+use rsa::{BigUint, RsaPublicKey};
+use rsa::traits::PublicKeyParts;
+use rust_util::{opt_result, XResult};
+use x509_parser::prelude::FromDer;
+use x509_parser::public_key::RSAPublicKey;
+use x509_parser::x509::SubjectPublicKeyInfo;
+
+use crate::util::decode_base64;
+
+/// Parse RSA Subject Public Key Info(SPKI) to Rsa Public Key
+pub fn parse_spki(pem: &str) -> XResult<RsaPublicKey> {
+    let der = normalize_public_key_pem(pem)?;
+    let spki = opt_result!(SubjectPublicKeyInfo::from_der(&der), "Parse SKPI failed: {}").1;
+    let public_key_der = spki.subject_public_key.data;
+    let public_key = opt_result!(RSAPublicKey::from_der(&public_key_der), "Parse RSA public key failed: {}").1;
+    let rsa_public_key = opt_result!(RsaPublicKey::new(
+        BigUint::from_bytes_be(public_key.modulus),
+        BigUint::from_bytes_be(public_key.exponent),
+    ), "Parse Rsa public key failed: {}");
+    Ok(rsa_public_key)
+}
+
+fn normalize_public_key_pem(pem: &str) -> XResult<Vec<u8>> {
+    let mut pem = pem.trim().to_owned();
+    if pem.starts_with("-----BEGIN PUBLIC KEY-----") {
+        pem = pem.chars().skip("-----BEGIN PUBLIC KEY-----".len()).collect::<String>();
+    }
+    if pem.ends_with("-----END PUBLIC KEY-----") {
+        pem = pem.chars().take(pem.len() - "-----END PUBLIC KEY-----".len()).collect::<String>();
+    }
+    pem = pem.chars().filter(|c| *c != '\n' && *c != '\r').clone().collect::<String>();
+
+    Ok(opt_result!(decode_base64(&pem), "Decode pem or der failed: {}"))
+}
+
+#[test]
+fn t() {
+    let public_key_pem = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgK\
+    CAgEApUM8M+QRMUw0dIvXISFx\n43j4h9CK38Y9HD6kPcc3Z0dCGPiFy7Ze0OQebPWHyUZ2YmqsdyzFuOQuV9P2pxxj\n/W\
+    LIgRqZV8Jk8tWhtAjOOvm0MTc2rg+EJHfa+zhX4eFEMsj4DvQBMJDXiKnpXTM/\nj7oMKpIUQHqfXBwsEJHLmHZTLeEBEYK\
+    cZXTAmuu3WdxK5jvEc02Xt2hZ1fBs0M9e\n/2EMe3t69aH4/rabiBjF2h9Jde15wrJMxXaCCWJqYhbBS0CJ3BdjkAqOIpcq\
+    PXva\nxiJN1pNpK8ejA9Q4Nmx7pxnvfv+hCPkWXZS3r/BWZ9lFZc8uErQEbB4gLgko8jOl\nfQF7cYqtZEs69qY8nnIUBsq\
+    ZYfAp+bQd2xCFSbEZAl+OrtGzfVjD9YFMPy02+xRg\nv2N3KT3KHHvuU7WxrvffrshP2fwDuG2MBlmcq1suAKxA0cYPSyaj\
+    ceEqw/3ogSp7\n7SYx41rT8EWLmTvU0CHzCsuf/O7sDWZRfxatAzWhBBhnKCPqzizpOQOqm8XhCt74\nFfnabPpHM9XUjoQ\
+    IPrTssyS3eWqynzJiAqez6v2LK2fhL7IkcLtvt5p59Y+KY4I6\nYQ09iUh7lKJHRhkgTomUurJHieVHMWFGIHofEC+nU6pG\
+    IUh0P7Nr0Gz45GJTwWGd\nhW53WfImja+b5kwwyqUikyMCAwEAAQ==\n-----END PUBLIC KEY-----";
+    let public_key = parse_spki(public_key_pem).unwrap();
+
+    assert_eq!("a5433c33e411314c34748bd7212171e378f887d08adfc63d1c3ea43dc73767474218f885cbb65ed0e41\
+    e6cf587c94676626aac772cc5b8e42e57d3f6a71c63fd62c8811a9957c264f2d5a1b408ce3af9b4313736ae0f842477\
+    dafb3857e1e14432c8f80ef4013090d788a9e95d333f8fba0c2a9214407a9f5c1c2c1091cb9876532de10111829c657\
+    4c09aebb759dc4ae63bc4734d97b76859d5f06cd0cf5eff610c7b7b7af5a1f8feb69b8818c5da1f4975ed79c2b24cc5\
+    768209626a6216c14b4089dc1763900a8e22972a3d7bdac6224dd693692bc7a303d438366c7ba719ef7effa108f9165\
+    d94b7aff05667d94565cf2e12b4046c1e202e0928f233a57d017b718aad644b3af6a63c9e721406ca9961f029f9b41d\
+    db108549b119025f8eaed1b37d58c3f5814c3f2d36fb1460bf6377293dca1c7bee53b5b1aef7dfaec84fd9fc03b86d8\
+    c06599cab5b2e00ac40d1c60f4b26a371e12ac3fde8812a7bed2631e35ad3f0458b993bd4d021f30acb9ffceeec0d66\
+    517f16ad0335a10418672823eace2ce93903aa9bc5e10adef815f9da6cfa4733d5d48e84083eb4ecb324b7796ab29f3\
+    26202a7b3eafd8b2b67e12fb22470bb6fb79a79f58f8a63823a610d3d89487b94a2474619204e8994bab24789e54731\
+    6146207a1f102fa753aa462148743fb36bd06cf8e46253c1619d856e7759f2268daf9be64c30caa5229323",
+               public_key.n().to_str_radix(16));
+    assert_eq!("10001", public_key.e().to_str_radix(16));
+}

src/main.rs

@@ -11,7 +11,8 @@ mod util;
 mod compress;
 mod config;
 mod spec;
-mod crypto;
+mod crypto_aes;
+mod crypto_rsa;
 mod wrap_key;
 mod file;
 mod card;