fido_client

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2022 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecryptWithPassphrase 

func DecryptWithPassphrase(passphrase string, data []byte) ([]byte, error)

func EncryptFIDOState 

func EncryptFIDOState(savedState FIDODeviceConfig, passphrase string) ([]byte, error)

func EncryptWithPassphrase 

func EncryptWithPassphrase(passphrase string, data []byte) ([]byte, error)

Types

type ClientAction 

type ClientAction uint8
const (
	ClientActionU2FRegister        ClientAction = 0
	ClientActionU2FAuthenticate    ClientAction = 1
	ClientActionFIDOMakeCredential ClientAction = 2
	ClientActionFIDOGetAssertion   ClientAction = 3
)

type ClientActionRequestParams 

type ClientActionRequestParams struct {
	RelyingParty string
	UserName     string
}

type ClientDataSaver 

type ClientDataSaver interface {
	SaveData(data []byte)
	RetrieveData() []byte
	Passphrase() string
}

type ClientRequestApprover 

type ClientRequestApprover interface {
	ApproveClientAction(action ClientAction, params ClientActionRequestParams) bool
}

type CredentialSource 

type CredentialSource struct {
	Type             string
	ID               []byte
	PrivateKey       *ecdsa.PrivateKey
	RelyingParty     webauthn.PublicKeyCredentialRpEntity
	User             webauthn.PublicKeyCrendentialUserEntity
	SignatureCounter int32
}

type DefaultFIDOClient 

type DefaultFIDOClient struct {
	// contains filtered or unexported fields
}

func NewDefaultClient 

func NewDefaultClient(
	attestationCertificate []byte,
	certificatePrivateKey *ecdsa.PrivateKey,
	secretEncryptionKey [32]byte,
	requestApprover ClientRequestApprover,
	dataSaver ClientDataSaver) *DefaultFIDOClient

func (DefaultFIDOClient) ApproveAccountCreation 

func (client DefaultFIDOClient) ApproveAccountCreation(relyingParty string) bool

func (DefaultFIDOClient) ApproveAccountLogin 

func (client DefaultFIDOClient) ApproveAccountLogin(credentialSource *CredentialSource) bool

func (DefaultFIDOClient) ApproveU2FAuthentication 

func (client DefaultFIDOClient) ApproveU2FAuthentication(keyHandle *webauthn.KeyHandle) bool

func (DefaultFIDOClient) ApproveU2FRegistration 

func (client DefaultFIDOClient) ApproveU2FRegistration(keyHandle *webauthn.KeyHandle) bool

func (*DefaultFIDOClient) CreateAttestationCertificiate 

func (client *DefaultFIDOClient) CreateAttestationCertificiate(privateKey *ecdsa.PrivateKey) []byte

func (*DefaultFIDOClient) DeleteIdentity 

func (client *DefaultFIDOClient) DeleteIdentity(id []byte) bool

func (*DefaultFIDOClient) GetAssertionSource 

func (client *DefaultFIDOClient) GetAssertionSource(relyingPartyID string, allowList []webauthn.PublicKeyCredentialDescriptor) *CredentialSource

func (*DefaultFIDOClient) Identities 

func (client *DefaultFIDOClient) Identities() []CredentialSource

func (*DefaultFIDOClient) NewAuthenticationCounterId 

func (client *DefaultFIDOClient) NewAuthenticationCounterId() uint32

func (*DefaultFIDOClient) NewCredentialSource 

func (client *DefaultFIDOClient) NewCredentialSource(relyingParty webauthn.PublicKeyCredentialRpEntity, user webauthn.PublicKeyCrendentialUserEntity) *CredentialSource

func (*DefaultFIDOClient) NewPrivateKey 

func (client *DefaultFIDOClient) NewPrivateKey() *ecdsa.PrivateKey

func (*DefaultFIDOClient) PINHash 

func (client *DefaultFIDOClient) PINHash() []byte

func (*DefaultFIDOClient) PINKeyAgreement 

func (client *DefaultFIDOClient) PINKeyAgreement() *crypto.ECDHKey

func (*DefaultFIDOClient) PINRetries 

func (client *DefaultFIDOClient) PINRetries() int32

func (*DefaultFIDOClient) PINToken 

func (client *DefaultFIDOClient) PINToken() []byte

func (DefaultFIDOClient) SealingEncryptionKey 

func (client DefaultFIDOClient) SealingEncryptionKey() []byte

func (*DefaultFIDOClient) SetPINHash 

func (client *DefaultFIDOClient) SetPINHash(newHash []byte)

func (*DefaultFIDOClient) SetPINRetries 

func (client *DefaultFIDOClient) SetPINRetries(retries int32)

type FIDOClient 

type FIDOClient interface {
	NewCredentialSource(relyingParty webauthn.PublicKeyCredentialRpEntity, user webauthn.PublicKeyCrendentialUserEntity) *CredentialSource
	GetAssertionSource(relyingPartyID string, allowList []webauthn.PublicKeyCredentialDescriptor) *CredentialSource

	SealingEncryptionKey() []byte
	NewPrivateKey() *ecdsa.PrivateKey
	NewAuthenticationCounterId() uint32
	CreateAttestationCertificiate(privateKey *ecdsa.PrivateKey) []byte

	PINHash() []byte
	SetPINHash(pin []byte)
	PINRetries() int32
	SetPINRetries(retries int32)
	PINKeyAgreement() *crypto.ECDHKey
	PINToken() []byte

	ApproveAccountCreation(relyingParty string) bool
	ApproveAccountLogin(credentialSource *CredentialSource) bool
	ApproveU2FRegistration(keyHandle *webauthn.KeyHandle) bool
	ApproveU2FAuthentication(keyHandle *webauthn.KeyHandle) bool
}

type FIDODeviceConfig 

type FIDODeviceConfig struct {
	EncryptionKey          []byte                  `json:"encryption_key"`
	AttestationCertificate []byte                  `json:"attestation_certificate"`
	AttestationPrivateKey  []byte                  `json:"attestation_private_key"`
	AuthenticationCounter  uint32                  `json:"authentication_counter"`
	PINHash                []byte                  `json:"pin_hash,omitempty"`
	Sources                []SavedCredentialSource `json:"sources"`
}

func DecryptFIDOState 

func DecryptFIDOState(data []byte, passphrase string) (*FIDODeviceConfig, error)

type IdentityVault 

type IdentityVault struct {
	CredentialSources []*CredentialSource
}

func NewIdentityVault 

func NewIdentityVault() *IdentityVault

func (*IdentityVault) AddIdentity 

func (vault *IdentityVault) AddIdentity(source *CredentialSource)

func (*IdentityVault) DeleteIdentity 

func (vault *IdentityVault) DeleteIdentity(id []byte) bool

func (*IdentityVault) Export 

func (vault *IdentityVault) Export() []SavedCredentialSource

func (*IdentityVault) GetMatchingCredentialSources 

func (vault *IdentityVault) GetMatchingCredentialSources(relyingPartyID string, allowList []webauthn.PublicKeyCredentialDescriptor) []*CredentialSource

func (*IdentityVault) Import 

func (vault *IdentityVault) Import(sources []SavedCredentialSource) error

func (*IdentityVault) NewIdentity 

func (vault *IdentityVault) NewIdentity(relyingParty webauthn.PublicKeyCredentialRpEntity, user webauthn.PublicKeyCrendentialUserEntity) *CredentialSource

type PassphraseEncryptedBlob 

type PassphraseEncryptedBlob struct {
	Salt          []byte `json:"salt"`
	EncryptionKey []byte `json:"encryption_key"`
	KeyNonce      []byte `json:"key_nonce"`
	EncryptedData []byte `json:"encrypted_data"`
	DataNonce     []byte `json:"data_nonce"`
}

type SavedCredentialSource 

type SavedCredentialSource struct {
	Type             string                                  `json:"type"`
	ID               []byte                                  `json:"id"`
	PrivateKey       []byte                                  `json:"private_key"`
	RelyingParty     webauthn.PublicKeyCredentialRpEntity    `json:"relying_party"`
	User             webauthn.PublicKeyCrendentialUserEntity `json:"user"`
	SignatureCounter int32                                   `json:"signature_counter"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.