Documentation
¶
Overview ¶
Package fido contains functionality related to FIDO devices.
Index ¶
- Constants
- Variables
- type AAGUID
- type AuthenticatorGetInfo
- type AuthenticatorStatus
- type BiometricAccuracyDescriptor
- type BiometricStatusReport
- type CodeAccuracyDescriptor
- type DisplayPNGCharacteristicsDescriptor
- type ECDAATrustAnchor
- type ExtensionDescriptor
- type MetadataBLOBPayload
- type MetadataBLOBPayloadEntry
- type MetadataStatement
- type PatternAccuracyDescriptor
- type RGBPaletteEntry
- type StatusReport
- type UnmarshalOption
- type VerificationMethodANDCombinations
- type VerificationMethodDescriptor
- type Version
Constants ¶
const ( AuthenticatorStatusNotFIDOCertified = "NOT_FIDO_CERTIFIED" AuthenticatorStatusFIDOCertified = "FIDO_CERTIFIED" AuthenticatorStatusUserVerificationBypass = "USER_VERIFICATION_BYPASS" //nolint AuthenticatorStatusAttestationKeyCompromise = "ATTESTATION_KEY_COMPROMISE" AuthenticatorStatusUserKeyRemoteCompromise = "USER_KEY_REMOTE_COMPROMISE" AuthenticatorStatusUserKeyPhysicalCompromise = "USER_KEY_PHYSICAL_COMPROMISE" AuthenticatorStatusUpdateAvailable = "UPDATE_AVAILABLE" AuthenticatorStatusRevoked = "REVOKED" AuthenticatorStatusSelfAssertionSubmitted = "SELF_ASSERTION_SUBMITTED" AuthenticatorStatusFIDOCertifiedL1 = "FIDO_CERTIFIED_L1" AuthenticatorStatusFIDOCertifiedL1Plus = "FIDO_CERTIFIED_L1plus" AuthenticatorStatusFIDOCertifiedL2 = "FIDO_CERTIFIED_L2" AuthenticatorStatusFIDOCertifiedL2Plus = "FIDO_CERTIFIED_L2plus" AuthenticatorStatusFIDOCertifiedL3 = "FIDO_CERTIFIED_L3" AuthenticatorStatusFIDOCertifiedL3Plus = "FIDO_CERTIFIED_L3plus" )
Authenticator Statuses as defined in: https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html#authenticatorstatus-enum
const AAGUIDSize = 16
AAGUIDSize is the number of bytes of an AAGUID.
Variables ¶
var GlobalSignRootCAPEM []byte
GlobalSignRootCAPEM is the Root CA used by the FIDO Alliance to sign the BLOB metadata service. Taken from https://valid.r3.roots.globalsign.com/.
Functions ¶
This section is empty.
Types ¶
type AAGUID ¶
type AAGUID [AAGUIDSize]byte
AAGUID is the Authenticator Attestation GUID.
func ParseAAGUID ¶
ParseAAGUID parses an AAGUID from a string.
func (AAGUID) MarshalJSON ¶
MarshalJSON marshals the AAGUID into JSON.
func (*AAGUID) UnmarshalJSON ¶
UnmarshalJSON unmarshals raw JSON into an AAGUID.
type AuthenticatorGetInfo ¶
type AuthenticatorGetInfo map[string]interface{}
AuthenticatorGetInfo describes supported versions, extensions, AAGUID of the device and its capabilities.
type AuthenticatorStatus ¶
type AuthenticatorStatus string
AuthenticatorStatus is the status of the authenticator model.
type BiometricAccuracyDescriptor ¶
type BiometricAccuracyDescriptor struct {
SelfAttestedFRR float64 `json:"selfAttestedFRR"`
SelfAttestedFAR float64 `json:"selfAttestedFAR"`
MaxTemplates int `json:"maxTemplates"`
MaxRetries int `json:"maxRetries"`
BlockSlowdown int `json:"blockSlowdown"`
}
The BiometricAccuracyDescriptor describes relevant accuracy/complexity aspects in the case of a biometric user verification method, see [FIDOBiometricsRequirements].
type BiometricStatusReport ¶
type BiometricStatusReport struct {
CertLevel int `json:"certLevel"`
Modality string `json:"modality"`
EffectiveDate string `json:"effectiveDate"`
CertificationDescriptor string `json:"certificationDescriptor"`
CertificateNumber string `json:"certificateNumber"`
CertificationPolicyVersion string `json:"certificationPolicyVersion"`
CertificationRequirementsVersion string `json:"certificationRequirementsVersion"`
}
BiometricStatusReport contains the current BiometricStatusReport of one of the authenticator’s biometric component.
type CodeAccuracyDescriptor ¶
type CodeAccuracyDescriptor struct {
Base int `json:"base"`
MinLength int `json:"minLength"`
MaxRetries int `json:"maxRetries"`
BlockSlowdown int `json:"blockSlowdown"`
}
The CodeAccuracyDescriptor describes the relevant accuracy/complexity aspects of passcode user verification methods.
type DisplayPNGCharacteristicsDescriptor ¶
type DisplayPNGCharacteristicsDescriptor struct {
Width int `json:"width"`
Height int `json:"height"`
BitDepth int `json:"bitDepth"`
ColorType int `json:"colorType"`
Compression int `json:"compression"`
Filter int `json:"filter"`
Interlace int `json:"interlace"`
PLTE []RGBPaletteEntry `json:"plte"`
}
The DisplayPNGCharacteristicsDescriptor describes a PNG image characteristics as defined in the PNG [PNG] spec for IHDR (image header) and PLTE (palette table)
type ECDAATrustAnchor ¶
type ECDAATrustAnchor struct {
X string `json:"X"`
Y string `json:"Y"`
C string `json:"c"`
SX string `json:"sx"`
SY string `json:"sy"`
G1Curve string `json:"G1Curve"`
}
ECDAATrustAnchor is the ECDAA-Issuer’s trust anchor.
type ExtensionDescriptor ¶
type ExtensionDescriptor struct {
ID string `json:"id"`
Tag int `json:"tag"`
Data string `json:"data"`
FailIfUnknown bool `json:"fail_if_unknown"`
}
ExtensionDescriptor is the extension supported by the authenticator.
type MetadataBLOBPayload ¶
type MetadataBLOBPayload struct {
LegalHeader string `json:"legalHeader"`
No int `json:"no"`
NextUpdate string `json:"nextUpdate"`
Entries []MetadataBLOBPayloadEntry `json:"entries"`
}
MetadataBLOBPayload contains all metadata for each authenticator.
func UnmarshalMetadataBLOBPayload ¶
func UnmarshalMetadataBLOBPayload(rawJWT string, options ...UnmarshalOption) (*MetadataBLOBPayload, error)
UnmarshalMetadataBLOBPayload unmarshals a MetadataBLOBPayload.
type MetadataBLOBPayloadEntry ¶
type MetadataBLOBPayloadEntry struct {
AAID string `json:"aaid"`
AAGUID AAGUID `json:"aaguid"`
AttestationCertificateKeyIdentifiers []string `json:"attestationCertificateKeyIdentifiers"`
MetadataStatement MetadataStatement `json:"metadataStatement"`
BiometricStatusReports []BiometricStatusReport `json:"biometricStatusReports"`
StatusReports []StatusReport `json:"statusReports"`
TimeOfLastStatusChange string `json:"timeOfLastStatusChange"`
RogueListURL string `json:"rogueListURL"`
RogueListHash string `json:"rogueListHash"`
}
MetadataBLOBPayloadEntry is a single entry in the MetadataBLOBPayload.
type MetadataStatement ¶
type MetadataStatement struct {
LegalHeader string `json:"legalHeader"`
AAID string `json:"aaid"`
AAGUID AAGUID `json:"aaguid"`
AttestationCertificateKeyIdentifiers []string `json:"attestationCertificateKeyIdentifiers"`
Description string `json:"description"`
AlternativeDescription string `json:"alternativeDescription"`
AuthenticatorVersion int `json:"authenticatorVersion"`
ProtocolFamily string `json:"protocolFamily"`
Schema int `json:"schema"`
UPV []Version `json:"upv"`
AuthenticationAlgorithms []string `json:"authenticationAlgorithms"`
PublicKeyAlgAndEncodings []string `json:"publicKeyAlgAndEncodings"`
AttestationTypes []string `json:"attestationTypes"`
UserVerificationDetails []VerificationMethodANDCombinations `json:"userVerificationDetails"`
KeyProtection []string `json:"keyProtection"`
IsKeyRestricted bool `json:"isKeyRestricted"`
IsFreshUserVerificationRequired bool `json:"isFreshUserVerificationRequired"`
MatcherProtection []string `json:"matcherProtection"`
CryptoStrength int `json:"cryptoStrength"`
AttachmentHint []string `json:"attachmentHint"`
TCDisplay []string `json:"tcDisplay"`
TCDisplayContentType string `json:"tcDisplayContentType"`
TCDisplayPNGCharacteristics []DisplayPNGCharacteristicsDescriptor `json:"tcDisplayPNGCharacteristics"`
AttestationRootCertificates []string `json:"attestationRootCertificates"`
ECDAATrustAnchors []ECDAATrustAnchor `json:"ecdaaTrustAnchors"`
Icon string `json:"icon"`
SupportedExtensions []ExtensionDescriptor `json:"supportedExtensions"`
AuthenticatorGetInfo AuthenticatorGetInfo `json:"authenticatorGetInfo"`
}
MetadataStatement describes an authenticator.
func (*MetadataStatement) ParseAttestationRootCertificates ¶
func (metadataStatement *MetadataStatement) ParseAttestationRootCertificates() ([]*x509.Certificate, error)
ParseAttestationRootCertificates parses the raw AttestationRootCertificates.
type PatternAccuracyDescriptor ¶
type PatternAccuracyDescriptor struct {
MinComplexity int `json:"minComplexity"`
MaxRetries int `json:"maxRetries"`
BlockSlowdown int `json:"blockSlowdown"`
}
The PatternAccuracyDescriptor describes relevant accuracy/complexity aspects in the case that a pattern is used as the user verification method.
type RGBPaletteEntry ¶
The RGBPaletteEntry is an RGB three-sample tuple palette entry.
type StatusReport ¶
type StatusReport struct {
Status AuthenticatorStatus `json:"status"`
EffectiveDate string `json:"effectiveDate"`
Certificate string `json:"certificate"`
URL string `json:"url"`
CertificationDescriptor string `json:"certificationDescriptor"`
CertificateNumber string `json:"certificateNumber"`
CertificationPolicyVersion string `json:"certificationPolicyVersion"`
CertificationRequirementsVersion string `json:"certificationRequirementsVersion"`
}
StatusReport contains an AuthenticatorStatus and additional data associated with it, if any.
type UnmarshalOption ¶
type UnmarshalOption func(*unmarshalConfig)
An UnmarshalOption customizes the unmarshal config.
func WithRootCA ¶
func WithRootCA(rootCA *x509.CertPool) UnmarshalOption
WithRootCA sets the rootCA in the config.
type VerificationMethodANDCombinations ¶
type VerificationMethodANDCombinations []VerificationMethodDescriptor
VerificationMethodANDCombinations describes a combination of the user verification methods that MUST be passed by the user, in order to achieve successful user verification.
type VerificationMethodDescriptor ¶
type VerificationMethodDescriptor struct {
UserVerificationMethod string `json:"userVerificationMethod"`
CADesc CodeAccuracyDescriptor `json:"caDesc"`
BADesc BiometricAccuracyDescriptor `json:"baDesc"`
PADesc PatternAccuracyDescriptor `json:"paDesc"`
}
VerificationMethodDescriptor is a descriptor for a specific base user verification method as implemented by the authenticator.
Source Files