Lib.rs

身份验证
#yubi-key #security-key #encryption #configuration #encryption-key

challenge_response

Rust的挑战-响应库

作者:louibAshutosh Verma

35个版本 (5个重大更新)

使用旧的Rust 2015

0.5.16 2024年8月16日
0.5.13 2024年7月3日
0.5.8 2024年2月25日

身份验证中排名140

Download history 94/week @ 2024-05-04 95/week @ 2024-05-11 213/week @ 2024-05-18 45/week @ 2024-05-25 121/week @ 2024-06-01 55/week @ 2024-06-08 63/week @ 2024-06-15 102/week @ 2024-06-22 566/week @ 2024-06-29 135/week @ 2024-07-06 99/week @ 2024-07-13 94/week @ 2024-07-20 162/week @ 2024-07-27 81/week @ 2024-08-03 392/week @ 2024-08-10 420/week @ 2024-08-17

每月下载1,071
2 crate中使用

MIT/Apache

41KB
905

challenge-response

Latest Version Documentation Build Status Dependency Status MIT licensed Apache-2.0 licensed

challenge-response是一个Rust库,用于使用像YubiKey和OnlyKey这样的安全密钥执行挑战-响应操作(哈希和加密)。

当前功能

支持的设备

  • YubiKey 2.2及以后版本
  • OnlyKey(未测试
  • NitroKey(未测试

用法

将此添加到您的Cargo.toml中

[dependencies]
challenge_response = "0"

执行挑战-响应(HMAC-SHA1模式)

如果您使用YubiKey,您可以使用Yubikey个性化GUI配置HMAC-SHA1挑战-响应。

extern crate challenge_response;
extern crate hex;

use challenge_response::config::{Config, Mode, Slot};
use challenge_response::ChallengeResponse;
use std::ops::Deref;

fn main() {
    let mut cr_client = match ChallengeResponse::new() {
        Ok(c) => c,
        Err(e) => {
            eprintln!("{}", e.to_string());
            return;
        }
    };

    let device = match cr_client.find_device() {
        Ok(d) => d,
        Err(e) => {
            eprintln!("Device not found: {}", e.to_string());
            return;
        }
    };

    println!(
        "Vendor ID: {:?} Product ID {:?}",
        device.vendor_id, device.product_id
    );

    let config = Config::new_from(device)
        .set_variable_size(true)
        .set_mode(Mode::Sha1)
        .set_slot(Slot::Slot2);

    // Challenge can not be greater than 64 bytes
    let challenge = String::from("mychallenge");
    // In HMAC Mode, the result will always be the
    // SAME for the SAME provided challenge
    let hmac_result = cr_client
        .challenge_response_hmac(challenge.as_bytes(), config)
        .unwrap();

    // Just for debug, lets check the hex
    let v: &[u8] = hmac_result.deref();
    let hex_string = hex::encode(v);

    println!("{}", hex_string);
}

配置Yubikey(HMAC-SHA1模式)

注意,请阅读关于初始配置的信息。或者,您也可以使用官方的Yubikey个性化GUI配置yubikey。

extern crate challenge_response;
extern crate rand;

use challenge_response::config::{Command, Config};
use challenge_response::configure::DeviceModeConfig;
use challenge_response::hmacmode::{
    HmacKey, HmacSecret, HMAC_SECRET_SIZE,
};
use challenge_response::ChallengeResponse;
use rand::distributions::Alphanumeric;
use rand::{thread_rng, Rng};

fn main() {
    let mut cr_client = match ChallengeResponse::new() {
        Ok(y) => y,
        Err(e) => {
            eprintln!("{}", e.to_string());
            return;
        }
    };

    let device = match cr_client.find_device() {
        Ok(d) => d,
        Err(e) => {
            eprintln!("Device not found: {}", e.to_string());
            return;
        }
    };

    println!(
        "Vendor ID: {:?} Product ID {:?}",
        device.vendor_id, device.product_id
    );

    let config = Config::new_from(device)
        .set_command(Command::Configuration2);

    let mut rng = thread_rng();

    // Used rand here, but you can set your own secret:
    // let secret: &HmacSecret = b"my_awesome_secret_20";
    let secret: Vec<u8> = rng
        .sample_iter(&Alphanumeric)
        .take(HMAC_SECRET_SIZE)
        .collect();
    let hmac_key: HmacKey = HmacKey::from_slice(&secret);

    let mut device_config = DeviceModeConfig::default();
    device_config.challenge_response_hmac(&hmac_key, false, false);

    if let Err(err) =
        cr_client.write_config(config, &mut device_config)
    {
        println!("{:?}", err);
    } else {
        println!("Device configured");
    }
}

致谢

此库最初是yubico_manager库的分支。

许可证

MIT或Apache-2.0

依赖项

~3MB
~58K SLoC