touchid

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2024 License: AGPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrCredentialNotFound = errors.New("credential not found")
	ErrNotAvailable       = errors.New("touch ID not available")

	// PromptPlatformMessage is the message shown before Touch ID prompts.
	PromptPlatformMessage = "Using platform authenticator, follow the OS prompt"
	// PromptWriter is the writer used for prompt messages.
	PromptWriter io.Writer = os.Stderr
)

Functions

func AttemptDeleteNonInteractive

func AttemptDeleteNonInteractive(credentialID string) error

AttemptDeleteNonInteractive attempts to delete a Secure Enclave credential. Does not require user interaction.

func AttemptLogin

func AttemptLogin(origin, user string, assertion *wantypes.CredentialAssertion, picker CredentialPicker) (*wantypes.CredentialAssertionResponse, string, error)

AttemptLogin attempts a touch ID login. It returns ErrAttemptFailed if the attempt failed before user interaction. See Login.

func DeleteCredential

func DeleteCredential(credentialID string) error

DeleteCredential deletes a Secure Enclave credential. Requires user interaction.

func HasCredentials

func HasCredentials(rpid, user string) bool

HasCredentials checks if there are any credentials registered for given user. If user is empty it checks if there are credentials registered for any user. It does not require user interactions.

func IsAvailable

func IsAvailable() bool

IsAvailable returns true if Touch ID is available in the system. Typically, a series of checks is performed in an attempt to avoid false positives. See Diag.

func Login

Login authenticates using a Secure Enclave-backed biometric credential. It returns the assertion response and the user that owns the credential to sign it.

Types

type AuthContext

type AuthContext interface {
	// Guard guards the invocation of fn behind an authentication check.
	Guard(fn func()) error
	// Close closes the context, releasing any held resources.
	Close()
}

AuthContext is an optional, shared authentication context. Allows reusing a single authentication prompt/gesture between different functions, provided the functions are invoked in a short time interval. Only used by native touchid implementations.

type CredentialInfo

type CredentialInfo struct {
	CredentialID string
	RPID         string
	User         UserInfo
	PublicKey    *ecdsa.PublicKey
	CreateTime   time.Time
	// contains filtered or unexported fields
}

CredentialInfo holds information about a Secure Enclave credential.

func ListCredentials

func ListCredentials() ([]CredentialInfo, error)

ListCredentials lists all registered Secure Enclave credentials. Requires user interaction.

type CredentialPicker

type CredentialPicker interface {
	// PromptCredential prompts the user to pick a credential from the list.
	// Prompts only happen if there is more than one credential to choose from.
	// Must return one of the pointers from the slice or an error.
	PromptCredential(creds []*CredentialInfo) (*CredentialInfo, error)
}

CredentialPicker allows users to choose a credential for login.

type DiagResult

type DiagResult struct {
	HasCompileSupport       bool
	HasSignature            bool
	HasEntitlements         bool
	PassedLAPolicyTest      bool
	PassedSecureEnclaveTest bool
	// IsAvailable is true if Touch ID is considered functional.
	// It means enough of the preceding tests to enable the feature.
	IsAvailable bool
	// contains filtered or unexported fields
}

DiagResult is the result from a Touch ID self diagnostics check.

func Diag

func Diag() (*DiagResult, error)

Diag returns diagnostics information about Touch ID support.

func (*DiagResult) IsClamshellFailure

func (d *DiagResult) IsClamshellFailure() bool

IsClamshellFailure returns true if the lack of touch ID availability could be due to clamshell mode.

type ErrAttemptFailed

type ErrAttemptFailed struct {
	// Err is the underlying failure for the attempt.
	Err error
}

ErrAttemptFailed is returned by AttemptLogin and AttemptDeleteNonInteractive for attempts that failed before user interaction.

func (*ErrAttemptFailed) As

func (e *ErrAttemptFailed) As(target interface{}) bool

func (*ErrAttemptFailed) Error

func (e *ErrAttemptFailed) Error() string

func (*ErrAttemptFailed) Is

func (e *ErrAttemptFailed) Is(target error) bool

func (*ErrAttemptFailed) Unwrap

func (e *ErrAttemptFailed) Unwrap() error

type Registration

type Registration struct {
	CCR *wantypes.CredentialCreationResponse
	// contains filtered or unexported fields
}

Registration represents an ongoing registration, with an already-created Secure Enclave key. The created key may be used as-is, but callers are encouraged to explicitly Confirm or Rollback the registration. Rollback assumes the server-side registration failed and removes the created Secure Enclave key. Confirm may replace equivalent keys with the new key, at the implementation's discretion.

func Register

func Register(origin string, cc *wantypes.CredentialCreation) (*Registration, error)

Register creates a new Secure Enclave-backed biometric credential. Callers are encouraged to either explicitly Confirm or Rollback the returned registration. See Registration.

func (*Registration) Confirm

func (r *Registration) Confirm() error

Confirm confirms the registration. Keys equivalent to the current registration may be replaced by it, at the implementation's discretion.

func (*Registration) Rollback

func (r *Registration) Rollback() error

Rollback rolls back the registration, deleting the Secure Enclave key as a result.

type UserInfo

type UserInfo struct {
	UserHandle []byte
	Name       string
}

UserInfo holds information about a credential owner.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL