This commit is contained in:
pjht 2023-08-14 14:10:25 -05:00
parent b4711ca099
commit e23a743a10
Signed by: pjht
GPG Key ID: CA239FC6934E6F3A

View File

@ -1,7 +1,7 @@
use std::{ use std::{
fs::Permissions, fs::Permissions,
os::unix::prelude::PermissionsExt, os::unix::prelude::PermissionsExt,
path::{Path, PathBuf}, path::{Path, PathBuf}, fmt::Display,
}; };
use anyhow::anyhow; use anyhow::anyhow;
@ -31,17 +31,28 @@ struct Args {
key_name: String, key_name: String,
} }
#[derive(ValueEnum, Clone, Copy, Debug)] #[derive(ValueEnum, Clone, Copy, Debug, PartialEq, Eq)]
enum KeyTypeArg { enum KeyTypeArg {
Ed25519, #[value(name = "ed25519-sk")]
Ecdsa, Ed25519Sk,
#[value(name = "ecdsa-sk")]
EcdsaSk,
} }
impl From<KeyTypeArg> for CredentialSupportedKeyType { impl From<KeyTypeArg> for CredentialSupportedKeyType {
fn from(value: KeyTypeArg) -> Self { fn from(value: KeyTypeArg) -> Self {
match value { match value {
KeyTypeArg::Ed25519 => Self::Ed25519, KeyTypeArg::Ed25519Sk => Self::Ed25519,
KeyTypeArg::Ecdsa => Self::Ecdsa256, KeyTypeArg::EcdsaSk => Self::Ecdsa256,
}
}
}
impl Display for KeyTypeArg {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
Self::Ed25519Sk => f.write_str("ed25519-sk"),
Self::EcdsaSk => f.write_str("ecdsa-sk"),
} }
} }
} }
@ -58,21 +69,12 @@ fn main() -> anyhow::Result<()> {
return Err(anyhow!("Key files exist, use -f to overwrite.")); return Err(anyhow!("Key files exist, use -f to overwrite."));
} }
let key_type = args.key_type.into(); println!("Generating public/private {} key pair", args.key_type);
match key_type {
CredentialSupportedKeyType::Ecdsa256 => {
println!("Generating public/private ecdsa-sk key pair.")
}
CredentialSupportedKeyType::Ed25519 => {
println!("Generating public/private ed25519-sk key pair.")
}
}
let challenge = verifier::create_challenge(); let challenge = verifier::create_challenge();
let make_credential_args = MakeCredentialArgsBuilder::new("ssh:", &challenge) let make_credential_args = MakeCredentialArgsBuilder::new("ssh:", &challenge)
.without_pin_and_uv() .without_pin_and_uv()
.key_type(key_type) .key_type(args.key_type.into())
.build(); .build();
let mut libcfg = LibCfg::init(); let mut libcfg = LibCfg::init();
libcfg.keep_alive_msg = "Touch the authenticator now.".into(); libcfg.keep_alive_msg = "Touch the authenticator now.".into();
@ -84,7 +86,7 @@ fn main() -> anyhow::Result<()> {
} }
let mut privkey_bytes = Vec::new(); let mut privkey_bytes = Vec::new();
if matches!(key_type, CredentialSupportedKeyType::Ecdsa256) { if args.key_type == KeyTypeArg::EcdsaSk {
"nistp256".encode(&mut privkey_bytes)?; "nistp256".encode(&mut privkey_bytes)?;
} }
verify_result verify_result
@ -99,12 +101,12 @@ fn main() -> anyhow::Result<()> {
privkey_bytes.push(flags); privkey_bytes.push(flags);
verify_result.credential_id.encode(&mut privkey_bytes)?; verify_result.credential_id.encode(&mut privkey_bytes)?;
"".encode(&mut privkey_bytes)?; "".encode(&mut privkey_bytes)?;
let privkey = match key_type { let privkey = match args.key_type {
CredentialSupportedKeyType::Ecdsa256 => PrivateKey::new( KeyTypeArg::EcdsaSk => PrivateKey::new(
private::SkEcdsaSha2NistP256::decode(&mut privkey_bytes.as_slice())?.into(), private::SkEcdsaSha2NistP256::decode(&mut privkey_bytes.as_slice())?.into(),
args.comment, args.comment,
)?, )?,
CredentialSupportedKeyType::Ed25519 => PrivateKey::new( KeyTypeArg::Ed25519Sk => PrivateKey::new(
private::SkEd25519::decode(&mut privkey_bytes.as_slice())?.into(), private::SkEd25519::decode(&mut privkey_bytes.as_slice())?.into(),
args.comment, args.comment,
)?, )?,
@ -118,12 +120,17 @@ fn main() -> anyhow::Result<()> {
0u32.encode(&mut ssh_attest)?; 0u32.encode(&mut ssh_attest)?;
"".encode(&mut ssh_attest)?; "".encode(&mut ssh_attest)?;
std::fs::write(&privkey_path, &*privkey.to_openssh(LineEnding::default())?)?; std::fs::write(&privkey_path, &*privkey.to_openssh(LineEnding::default())?)?;
std::fs::set_permissions(&privkey_path, Permissions::from_mode(0o600))?; std::fs::set_permissions(&privkey_path, Permissions::from_mode(0o600))?;
println!("Your identification has been saved in {}", privkey_path.to_string_lossy());
std::fs::write(&pubkey_path, privkey.public_key().to_openssh()?)?; std::fs::write(&pubkey_path, privkey.public_key().to_openssh()?)?;
println!("Your public key has been saved in {}", pubkey_path.to_string_lossy());
if args.write_attestation { if args.write_attestation {
std::fs::write(&attest_info_path, &ssh_attest)?; std::fs::write(&attest_info_path, &ssh_attest)?;
println!("Your FIDO attestation certificate has been saved in {}", attest_info_path.to_string_lossy());
std::fs::write(&attest_challenge_path, &challenge)?; std::fs::write(&attest_challenge_path, &challenge)?;
println!("Your FIDO attestation challenge has been saved in {}", attest_challenge_path.to_string_lossy());
} }
Ok(()) Ok(())