diff --git a/Cargo.lock b/Cargo.lock index bb3ee31..256362c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2188,6 +2188,7 @@ dependencies = [ "rand", "reqwest", "rpassword", + "rsa", "rust_util", "serde", "serde_json", diff --git a/Cargo.toml b/Cargo.toml index 794f9ce..0dcdf28 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,6 +20,7 @@ openpgp-card-pcsc = "0.3.0" rand = "0.8.5" reqwest = { version = "0.11.14", features = ["blocking", "rustls", "rustls-tls"] } rpassword = "7.2.0" +rsa = "0.9.2" rust_util = "0.6.42" serde = { version = "1.0.152", features = ["derive"] } serde_json = "1.0.93" diff --git a/src/cmd_decrypt.rs b/src/cmd_decrypt.rs index 0570139..68eb4f5 100644 --- a/src/cmd_decrypt.rs +++ b/src/cmd_decrypt.rs @@ -16,7 +16,7 @@ use yubikey::YubiKey; use crate::{file, util}; use crate::card::get_card; use crate::compress::GzStreamDecoder; -use crate::crypto::aes_gcm_decrypt; +use crate::crypto_aes::aes_gcm_decrypt; use crate::spec::{TinyEncryptEnvelop, TinyEncryptEnvelopType, TinyEncryptMeta}; use crate::util::{decode_base64, decode_base64_url_no_pad, ENC_AES256_GCM_P256, simple_kdf, TINY_ENC_FILE_EXT}; use crate::wrap_key::WrapKey; diff --git a/src/compress.rs b/src/compress.rs index 1be667d..810887f 100644 --- a/src/compress.rs +++ b/src/compress.rs @@ -2,7 +2,7 @@ use std::io::Write; use flate2::Compression; use flate2::write::{GzDecoder, GzEncoder}; -use rust_util::XResult; +use rust_util::{simple_error, XResult}; use x509_parser::nom::AsBytes; pub struct GzStreamEncoder { @@ -28,10 +28,10 @@ impl GzStreamEncoder { Ok(result) } - pub fn finalize(mut self) -> Result, String> { + pub fn finalize(self) -> XResult> { match self.gz_encoder.finish() { Ok(last_buffer) => Ok(last_buffer), - Err(e) => Err(format!("Decode stream failed: {}", e)), + Err(e) => simple_error!("Decode stream failed: {}", e), } } } @@ -55,10 +55,10 @@ impl GzStreamDecoder { Ok(result) } - pub fn finalize(mut self) -> Result, String> { + pub fn finalize(self) -> XResult> { match self.gz_decoder.finish() { Ok(last_buffer) => Ok(last_buffer), - Err(e) => Err(format!("Decode stream failed: {}", e)), + Err(e) => simple_error!("Decode stream failed: {}", e), } } } diff --git a/src/crypto.rs b/src/crypto_aes.rs similarity index 100% rename from src/crypto.rs rename to src/crypto_aes.rs diff --git a/src/crypto_rsa.rs b/src/crypto_rsa.rs new file mode 100644 index 0000000..89a056d --- /dev/null +++ b/src/crypto_rsa.rs @@ -0,0 +1,62 @@ +use rsa::{BigUint, RsaPublicKey}; +use rsa::traits::PublicKeyParts; +use rust_util::{opt_result, XResult}; +use x509_parser::prelude::FromDer; +use x509_parser::public_key::RSAPublicKey; +use x509_parser::x509::SubjectPublicKeyInfo; + +use crate::util::decode_base64; + +/// Parse RSA Subject Public Key Info(SPKI) to Rsa Public Key +pub fn parse_spki(pem: &str) -> XResult { + let der = normalize_public_key_pem(pem)?; + let spki = opt_result!(SubjectPublicKeyInfo::from_der(&der), "Parse SKPI failed: {}").1; + let public_key_der = spki.subject_public_key.data; + let public_key = opt_result!(RSAPublicKey::from_der(&public_key_der), "Parse RSA public key failed: {}").1; + let rsa_public_key = opt_result!(RsaPublicKey::new( + BigUint::from_bytes_be(public_key.modulus), + BigUint::from_bytes_be(public_key.exponent), + ), "Parse Rsa public key failed: {}"); + Ok(rsa_public_key) +} + +fn normalize_public_key_pem(pem: &str) -> XResult> { + let mut pem = pem.trim().to_owned(); + if pem.starts_with("-----BEGIN PUBLIC KEY-----") { + pem = pem.chars().skip("-----BEGIN PUBLIC KEY-----".len()).collect::(); + } + if pem.ends_with("-----END PUBLIC KEY-----") { + pem = pem.chars().take(pem.len() - "-----END PUBLIC KEY-----".len()).collect::(); + } + pem = pem.chars().filter(|c| *c != '\n' && *c != '\r').clone().collect::(); + + Ok(opt_result!(decode_base64(&pem), "Decode pem or der failed: {}")) +} + +#[test] +fn t() { + let public_key_pem = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgK\ + CAgEApUM8M+QRMUw0dIvXISFx\n43j4h9CK38Y9HD6kPcc3Z0dCGPiFy7Ze0OQebPWHyUZ2YmqsdyzFuOQuV9P2pxxj\n/W\ + LIgRqZV8Jk8tWhtAjOOvm0MTc2rg+EJHfa+zhX4eFEMsj4DvQBMJDXiKnpXTM/\nj7oMKpIUQHqfXBwsEJHLmHZTLeEBEYK\ + cZXTAmuu3WdxK5jvEc02Xt2hZ1fBs0M9e\n/2EMe3t69aH4/rabiBjF2h9Jde15wrJMxXaCCWJqYhbBS0CJ3BdjkAqOIpcq\ + PXva\nxiJN1pNpK8ejA9Q4Nmx7pxnvfv+hCPkWXZS3r/BWZ9lFZc8uErQEbB4gLgko8jOl\nfQF7cYqtZEs69qY8nnIUBsq\ + ZYfAp+bQd2xCFSbEZAl+OrtGzfVjD9YFMPy02+xRg\nv2N3KT3KHHvuU7WxrvffrshP2fwDuG2MBlmcq1suAKxA0cYPSyaj\ + ceEqw/3ogSp7\n7SYx41rT8EWLmTvU0CHzCsuf/O7sDWZRfxatAzWhBBhnKCPqzizpOQOqm8XhCt74\nFfnabPpHM9XUjoQ\ + IPrTssyS3eWqynzJiAqez6v2LK2fhL7IkcLtvt5p59Y+KY4I6\nYQ09iUh7lKJHRhkgTomUurJHieVHMWFGIHofEC+nU6pG\ + IUh0P7Nr0Gz45GJTwWGd\nhW53WfImja+b5kwwyqUikyMCAwEAAQ==\n-----END PUBLIC KEY-----"; + let public_key = parse_spki(public_key_pem).unwrap(); + + assert_eq!("a5433c33e411314c34748bd7212171e378f887d08adfc63d1c3ea43dc73767474218f885cbb65ed0e41\ + e6cf587c94676626aac772cc5b8e42e57d3f6a71c63fd62c8811a9957c264f2d5a1b408ce3af9b4313736ae0f842477\ + dafb3857e1e14432c8f80ef4013090d788a9e95d333f8fba0c2a9214407a9f5c1c2c1091cb9876532de10111829c657\ + 4c09aebb759dc4ae63bc4734d97b76859d5f06cd0cf5eff610c7b7b7af5a1f8feb69b8818c5da1f4975ed79c2b24cc5\ + 768209626a6216c14b4089dc1763900a8e22972a3d7bdac6224dd693692bc7a303d438366c7ba719ef7effa108f9165\ + d94b7aff05667d94565cf2e12b4046c1e202e0928f233a57d017b718aad644b3af6a63c9e721406ca9961f029f9b41d\ + db108549b119025f8eaed1b37d58c3f5814c3f2d36fb1460bf6377293dca1c7bee53b5b1aef7dfaec84fd9fc03b86d8\ + c06599cab5b2e00ac40d1c60f4b26a371e12ac3fde8812a7bed2631e35ad3f0458b993bd4d021f30acb9ffceeec0d66\ + 517f16ad0335a10418672823eace2ce93903aa9bc5e10adef815f9da6cfa4733d5d48e84083eb4ecb324b7796ab29f3\ + 26202a7b3eafd8b2b67e12fb22470bb6fb79a79f58f8a63823a610d3d89487b94a2474619204e8994bab24789e54731\ + 6146207a1f102fa753aa462148743fb36bd06cf8e46253c1619d856e7759f2268daf9be64c30caa5229323", + public_key.n().to_str_radix(16)); + assert_eq!("10001", public_key.e().to_str_radix(16)); +} \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index b8b156c..f30cd54 100644 --- a/src/main.rs +++ b/src/main.rs @@ -11,7 +11,8 @@ mod util; mod compress; mod config; mod spec; -mod crypto; +mod crypto_aes; +mod crypto_rsa; mod wrap_key; mod file; mod card;