pjht/fido_ssh_maker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Work

Browse Source
This commit is contained in:
pjht 2023-08-14 14:10:25 -05:00
parent b4711ca099
commit e23a743a10
Signed by: pjht
GPG Key ID: CA239FC6934E6F3A
1 changed files with 28 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/main.rs
View File

@ -1,7 +1,7 @@
use std::{
fs::Permissions,
os::unix::prelude::PermissionsExt,
path::{Path, PathBuf},
path::{Path, PathBuf}, fmt::Display,
};
use anyhow::anyhow;
@ -31,17 +31,28 @@ struct Args {
key_name: String,
}
#[derive(ValueEnum, Clone, Copy, Debug)]
#[derive(ValueEnum, Clone, Copy, Debug, PartialEq, Eq)]
enum KeyTypeArg {
Ed25519,
Ecdsa,
#[value(name = "ed25519-sk")]
Ed25519Sk,
#[value(name = "ecdsa-sk")]
EcdsaSk,
}
impl From<KeyTypeArg> for CredentialSupportedKeyType {
fn from(value: KeyTypeArg) -> Self {
match value {
KeyTypeArg::Ed25519 => Self::Ed25519,
KeyTypeArg::Ecdsa => Self::Ecdsa256,
KeyTypeArg::Ed25519Sk => Self::Ed25519,
KeyTypeArg::EcdsaSk => Self::Ecdsa256,
}
}
}
impl Display for KeyTypeArg {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
Self::Ed25519Sk => f.write_str("ed25519-sk"),
Self::EcdsaSk => f.write_str("ecdsa-sk"),
}
}
}
@ -58,21 +69,12 @@ fn main() -> anyhow::Result<()> {
return Err(anyhow!("Key files exist, use -f to overwrite."));
}
let key_type = args.key_type.into();
match key_type {
CredentialSupportedKeyType::Ecdsa256 => {
println!("Generating public/private ecdsa-sk key pair.")
}
CredentialSupportedKeyType::Ed25519 => {
println!("Generating public/private ed25519-sk key pair.")
}
}
println!("Generating public/private {} key pair", args.key_type);
let challenge = verifier::create_challenge();
let make_credential_args = MakeCredentialArgsBuilder::new("ssh:", &challenge)
.without_pin_and_uv()
.key_type(key_type)
.key_type(args.key_type.into())
.build();
let mut libcfg = LibCfg::init();
libcfg.keep_alive_msg = "Touch the authenticator now.".into();
@ -84,7 +86,7 @@ fn main() -> anyhow::Result<()> {
}
let mut privkey_bytes = Vec::new();
if matches!(key_type, CredentialSupportedKeyType::Ecdsa256) {
if args.key_type == KeyTypeArg::EcdsaSk {
"nistp256".encode(&mut privkey_bytes)?;
}
verify_result
@ -99,12 +101,12 @@ fn main() -> anyhow::Result<()> {
privkey_bytes.push(flags);
verify_result.credential_id.encode(&mut privkey_bytes)?;
"".encode(&mut privkey_bytes)?;
let privkey = match key_type {
CredentialSupportedKeyType::Ecdsa256 => PrivateKey::new(
let privkey = match args.key_type {
KeyTypeArg::EcdsaSk => PrivateKey::new(
private::SkEcdsaSha2NistP256::decode(&mut privkey_bytes.as_slice())?.into(),
args.comment,
)?,
CredentialSupportedKeyType::Ed25519 => PrivateKey::new(
KeyTypeArg::Ed25519Sk => PrivateKey::new(
private::SkEd25519::decode(&mut privkey_bytes.as_slice())?.into(),
args.comment,
)?,
@ -118,12 +120,17 @@ fn main() -> anyhow::Result<()> {
0u32.encode(&mut ssh_attest)?;
"".encode(&mut ssh_attest)?;
std::fs::write(&privkey_path, &*privkey.to_openssh(LineEnding::default())?)?;
std::fs::set_permissions(&privkey_path, Permissions::from_mode(0o600))?;
println!("Your identification has been saved in {}", privkey_path.to_string_lossy());
std::fs::write(&pubkey_path, privkey.public_key().to_openssh()?)?;
println!("Your public key has been saved in {}", pubkey_path.to_string_lossy());
if args.write_attestation {
std::fs::write(&attest_info_path, &ssh_attest)?;
println!("Your FIDO attestation certificate has been saved in {}", attest_info_path.to_string_lossy());
std::fs::write(&attest_challenge_path, &challenge)?;
println!("Your FIDO attestation challenge has been saved in {}", attest_challenge_path.to_string_lossy());
}
Ok(())