Work
This commit is contained in:
parent
b4711ca099
commit
e23a743a10
49
src/main.rs
49
src/main.rs
@ -1,7 +1,7 @@
|
|||||||
use std::{
|
use std::{
|
||||||
fs::Permissions,
|
fs::Permissions,
|
||||||
os::unix::prelude::PermissionsExt,
|
os::unix::prelude::PermissionsExt,
|
||||||
path::{Path, PathBuf},
|
path::{Path, PathBuf}, fmt::Display,
|
||||||
};
|
};
|
||||||
|
|
||||||
use anyhow::anyhow;
|
use anyhow::anyhow;
|
||||||
@ -31,17 +31,28 @@ struct Args {
|
|||||||
key_name: String,
|
key_name: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(ValueEnum, Clone, Copy, Debug)]
|
#[derive(ValueEnum, Clone, Copy, Debug, PartialEq, Eq)]
|
||||||
enum KeyTypeArg {
|
enum KeyTypeArg {
|
||||||
Ed25519,
|
#[value(name = "ed25519-sk")]
|
||||||
Ecdsa,
|
Ed25519Sk,
|
||||||
|
#[value(name = "ecdsa-sk")]
|
||||||
|
EcdsaSk,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl From<KeyTypeArg> for CredentialSupportedKeyType {
|
impl From<KeyTypeArg> for CredentialSupportedKeyType {
|
||||||
fn from(value: KeyTypeArg) -> Self {
|
fn from(value: KeyTypeArg) -> Self {
|
||||||
match value {
|
match value {
|
||||||
KeyTypeArg::Ed25519 => Self::Ed25519,
|
KeyTypeArg::Ed25519Sk => Self::Ed25519,
|
||||||
KeyTypeArg::Ecdsa => Self::Ecdsa256,
|
KeyTypeArg::EcdsaSk => Self::Ecdsa256,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Display for KeyTypeArg {
|
||||||
|
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||||
|
match self {
|
||||||
|
Self::Ed25519Sk => f.write_str("ed25519-sk"),
|
||||||
|
Self::EcdsaSk => f.write_str("ecdsa-sk"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -58,21 +69,12 @@ fn main() -> anyhow::Result<()> {
|
|||||||
return Err(anyhow!("Key files exist, use -f to overwrite."));
|
return Err(anyhow!("Key files exist, use -f to overwrite."));
|
||||||
}
|
}
|
||||||
|
|
||||||
let key_type = args.key_type.into();
|
println!("Generating public/private {} key pair", args.key_type);
|
||||||
|
|
||||||
match key_type {
|
|
||||||
CredentialSupportedKeyType::Ecdsa256 => {
|
|
||||||
println!("Generating public/private ecdsa-sk key pair.")
|
|
||||||
}
|
|
||||||
CredentialSupportedKeyType::Ed25519 => {
|
|
||||||
println!("Generating public/private ed25519-sk key pair.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let challenge = verifier::create_challenge();
|
let challenge = verifier::create_challenge();
|
||||||
let make_credential_args = MakeCredentialArgsBuilder::new("ssh:", &challenge)
|
let make_credential_args = MakeCredentialArgsBuilder::new("ssh:", &challenge)
|
||||||
.without_pin_and_uv()
|
.without_pin_and_uv()
|
||||||
.key_type(key_type)
|
.key_type(args.key_type.into())
|
||||||
.build();
|
.build();
|
||||||
let mut libcfg = LibCfg::init();
|
let mut libcfg = LibCfg::init();
|
||||||
libcfg.keep_alive_msg = "Touch the authenticator now.".into();
|
libcfg.keep_alive_msg = "Touch the authenticator now.".into();
|
||||||
@ -84,7 +86,7 @@ fn main() -> anyhow::Result<()> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let mut privkey_bytes = Vec::new();
|
let mut privkey_bytes = Vec::new();
|
||||||
if matches!(key_type, CredentialSupportedKeyType::Ecdsa256) {
|
if args.key_type == KeyTypeArg::EcdsaSk {
|
||||||
"nistp256".encode(&mut privkey_bytes)?;
|
"nistp256".encode(&mut privkey_bytes)?;
|
||||||
}
|
}
|
||||||
verify_result
|
verify_result
|
||||||
@ -99,12 +101,12 @@ fn main() -> anyhow::Result<()> {
|
|||||||
privkey_bytes.push(flags);
|
privkey_bytes.push(flags);
|
||||||
verify_result.credential_id.encode(&mut privkey_bytes)?;
|
verify_result.credential_id.encode(&mut privkey_bytes)?;
|
||||||
"".encode(&mut privkey_bytes)?;
|
"".encode(&mut privkey_bytes)?;
|
||||||
let privkey = match key_type {
|
let privkey = match args.key_type {
|
||||||
CredentialSupportedKeyType::Ecdsa256 => PrivateKey::new(
|
KeyTypeArg::EcdsaSk => PrivateKey::new(
|
||||||
private::SkEcdsaSha2NistP256::decode(&mut privkey_bytes.as_slice())?.into(),
|
private::SkEcdsaSha2NistP256::decode(&mut privkey_bytes.as_slice())?.into(),
|
||||||
args.comment,
|
args.comment,
|
||||||
)?,
|
)?,
|
||||||
CredentialSupportedKeyType::Ed25519 => PrivateKey::new(
|
KeyTypeArg::Ed25519Sk => PrivateKey::new(
|
||||||
private::SkEd25519::decode(&mut privkey_bytes.as_slice())?.into(),
|
private::SkEd25519::decode(&mut privkey_bytes.as_slice())?.into(),
|
||||||
args.comment,
|
args.comment,
|
||||||
)?,
|
)?,
|
||||||
@ -118,12 +120,17 @@ fn main() -> anyhow::Result<()> {
|
|||||||
0u32.encode(&mut ssh_attest)?;
|
0u32.encode(&mut ssh_attest)?;
|
||||||
"".encode(&mut ssh_attest)?;
|
"".encode(&mut ssh_attest)?;
|
||||||
|
|
||||||
|
|
||||||
std::fs::write(&privkey_path, &*privkey.to_openssh(LineEnding::default())?)?;
|
std::fs::write(&privkey_path, &*privkey.to_openssh(LineEnding::default())?)?;
|
||||||
std::fs::set_permissions(&privkey_path, Permissions::from_mode(0o600))?;
|
std::fs::set_permissions(&privkey_path, Permissions::from_mode(0o600))?;
|
||||||
|
println!("Your identification has been saved in {}", privkey_path.to_string_lossy());
|
||||||
std::fs::write(&pubkey_path, privkey.public_key().to_openssh()?)?;
|
std::fs::write(&pubkey_path, privkey.public_key().to_openssh()?)?;
|
||||||
|
println!("Your public key has been saved in {}", pubkey_path.to_string_lossy());
|
||||||
if args.write_attestation {
|
if args.write_attestation {
|
||||||
std::fs::write(&attest_info_path, &ssh_attest)?;
|
std::fs::write(&attest_info_path, &ssh_attest)?;
|
||||||
|
println!("Your FIDO attestation certificate has been saved in {}", attest_info_path.to_string_lossy());
|
||||||
std::fs::write(&attest_challenge_path, &challenge)?;
|
std::fs::write(&attest_challenge_path, &challenge)?;
|
||||||
|
println!("Your FIDO attestation challenge has been saved in {}", attest_challenge_path.to_string_lossy());
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
Loading…
Reference in New Issue
Block a user