From e23a743a100d761b43944a9f555f925c8716671d Mon Sep 17 00:00:00 2001 From: pjht Date: Mon, 14 Aug 2023 14:10:25 -0500 Subject: [PATCH] Work --- src/main.rs | 49 ++++++++++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/src/main.rs b/src/main.rs index ff38704..6817f18 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,7 +1,7 @@ use std::{ fs::Permissions, os::unix::prelude::PermissionsExt, - path::{Path, PathBuf}, + path::{Path, PathBuf}, fmt::Display, }; use anyhow::anyhow; @@ -31,17 +31,28 @@ struct Args { key_name: String, } -#[derive(ValueEnum, Clone, Copy, Debug)] +#[derive(ValueEnum, Clone, Copy, Debug, PartialEq, Eq)] enum KeyTypeArg { - Ed25519, - Ecdsa, + #[value(name = "ed25519-sk")] + Ed25519Sk, + #[value(name = "ecdsa-sk")] + EcdsaSk, } impl From for CredentialSupportedKeyType { fn from(value: KeyTypeArg) -> Self { match value { - KeyTypeArg::Ed25519 => Self::Ed25519, - KeyTypeArg::Ecdsa => Self::Ecdsa256, + KeyTypeArg::Ed25519Sk => Self::Ed25519, + KeyTypeArg::EcdsaSk => Self::Ecdsa256, + } + } +} + +impl Display for KeyTypeArg { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + Self::Ed25519Sk => f.write_str("ed25519-sk"), + Self::EcdsaSk => f.write_str("ecdsa-sk"), } } } @@ -58,21 +69,12 @@ fn main() -> anyhow::Result<()> { return Err(anyhow!("Key files exist, use -f to overwrite.")); } - let key_type = args.key_type.into(); - - match key_type { - CredentialSupportedKeyType::Ecdsa256 => { - println!("Generating public/private ecdsa-sk key pair.") - } - CredentialSupportedKeyType::Ed25519 => { - println!("Generating public/private ed25519-sk key pair.") - } - } + println!("Generating public/private {} key pair", args.key_type); let challenge = verifier::create_challenge(); let make_credential_args = MakeCredentialArgsBuilder::new("ssh:", &challenge) .without_pin_and_uv() - .key_type(key_type) + .key_type(args.key_type.into()) .build(); let mut libcfg = LibCfg::init(); libcfg.keep_alive_msg = "Touch the authenticator now.".into(); @@ -84,7 +86,7 @@ fn main() -> anyhow::Result<()> { } let mut privkey_bytes = Vec::new(); - if matches!(key_type, CredentialSupportedKeyType::Ecdsa256) { + if args.key_type == KeyTypeArg::EcdsaSk { "nistp256".encode(&mut privkey_bytes)?; } verify_result @@ -99,12 +101,12 @@ fn main() -> anyhow::Result<()> { privkey_bytes.push(flags); verify_result.credential_id.encode(&mut privkey_bytes)?; "".encode(&mut privkey_bytes)?; - let privkey = match key_type { - CredentialSupportedKeyType::Ecdsa256 => PrivateKey::new( + let privkey = match args.key_type { + KeyTypeArg::EcdsaSk => PrivateKey::new( private::SkEcdsaSha2NistP256::decode(&mut privkey_bytes.as_slice())?.into(), args.comment, )?, - CredentialSupportedKeyType::Ed25519 => PrivateKey::new( + KeyTypeArg::Ed25519Sk => PrivateKey::new( private::SkEd25519::decode(&mut privkey_bytes.as_slice())?.into(), args.comment, )?, @@ -118,12 +120,17 @@ fn main() -> anyhow::Result<()> { 0u32.encode(&mut ssh_attest)?; "".encode(&mut ssh_attest)?; + std::fs::write(&privkey_path, &*privkey.to_openssh(LineEnding::default())?)?; std::fs::set_permissions(&privkey_path, Permissions::from_mode(0o600))?; + println!("Your identification has been saved in {}", privkey_path.to_string_lossy()); std::fs::write(&pubkey_path, privkey.public_key().to_openssh()?)?; + println!("Your public key has been saved in {}", pubkey_path.to_string_lossy()); if args.write_attestation { std::fs::write(&attest_info_path, &ssh_attest)?; + println!("Your FIDO attestation certificate has been saved in {}", attest_info_path.to_string_lossy()); std::fs::write(&attest_challenge_path, &challenge)?; + println!("Your FIDO attestation challenge has been saved in {}", attest_challenge_path.to_string_lossy()); } Ok(())