fido2

package module
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2022 License: MIT Imports: 18 Imported by: 0

README

fido2

golang library for fido2 sticks.

This is work in progress and basically just for my own pleasure...

Documentation

Index

Constants

View Source 
const (
	CMD_authenticatorGetAssertion     = 0x02
	CMD_authenticatorGetNextAssertion = 0x08
)
View Source 
const (
	CMD_authenticatorClientPIN                   = 0x06
	CMD_authenticator_subCommand_getRetries      = 0x01
	CMD_authenticator_subCommand_getKeyAgreement = 0x02
	CMD_authenticator_subCommand_setPin          = 0x03
	CMD_authenticator_subCommand_changePin       = 0x04
	CMD_authenticator_subCommand_getPinToken     = 0x05
)
View Source 
const CMD_CBOR uint8 = 0x10
View Source 
const CMD_INIT uint8 = 0x06
View Source 
const CMD_WINK uint8 = 0x08
View Source 
const CMD_authenticatorGetInfo = 0x04
View Source 
const CMD_authenticatorMakeCredential = 0x01

Variables

This section is empty.

Functions

func GetRandArray added in v0.1.2 

func GetRandArray(size int) []byte

func PrintAttestationObject added in v0.1.2 

func PrintAttestationObject(attest *AttestationObject)

Types

type AssertionReplyObjectParsed added in v0.1.2 

type AssertionReplyObjectParsed struct {
	Credential          *PublicKeyCredentialDescriptor
	AuthData            *AuthData
	Signature           []byte
	User                *PublicKeyCredentialUserEntity
	NumberOfCredentials uint
	AuthDataRaw         []byte
}

type AssertionReplyObjectRaw added in v0.1.2 

type AssertionReplyObjectRaw struct {
	Credential          *PublicKeyCredentialDescriptor `cbor:"1,keyasint"`
	AuthData            []byte                         `cbor:"2,keyasint"`
	Signature           []byte                         `cbor:"3,keyasint"`
	User                *PublicKeyCredentialUserEntity `cbor:"4,keyasint"`
	NumberOfCredentials uint                           `cbor:"5,keyasint"`
}

type AssertionRequestObject added in v0.1.2 

type AssertionRequestObject struct {
	RPID           string                           `cbor:"1,keyasint"`
	ClientDataHash []byte                           `cbor:"2,keyasint"`
	AllowList      []*PublicKeyCredentialDescriptor `cbor:"3,keyasint,omitempty"`
	Extensions     *ExtensionsListRequest           `cbor:"4,keyasint,omitempty"`
	Options        *Options                         `cbor:"5,keyasint,omitempty"`
	PinAuth        []byte                           `cbor:"6,keyasint,omitempty"`
	PinProtocol    uint                             `cbor:"7,keyasint,omitempty"`
}

type AttCredDataObject added in v0.1.2 

type AttCredDataObject struct {
	Aaguid     []byte //16 byte
	CredIdLen  uint16 //big endian
	CredID     []byte //CredIdLen byte
	CredPubKey *CoseKey
}

type AttStmtObject_ES256 added in v0.1.2 

type AttStmtObject_ES256 struct {
	Alg int      `cbor:"alg"`
	Sig []byte   `cbor:"sig"`
	X5c [][]byte `cbor:"x5c"`
}

type AttestationObject added in v0.1.2 

type AttestationObject struct {
	Fmt      string
	AuthData *AuthenticatorData
	AttStmt  *AttStmtObject_ES256
}

type AttestationObjectRaw added in v0.1.2 

type AttestationObjectRaw struct {
	Fmt      string          `cbor:"1,keyasint"`
	AuthData []byte          `cbor:"2,keyasint"`
	AttStmt  cbor.RawMessage `cbor:"3,keyasint"`
}

type AuthData added in v0.1.2 

type AuthData struct {
	RpIdHash    []byte //32 byte
	Flags       uint8
	Counter     uint32
	AttCredData *AttCredDataObject
	Extensions  *ExtensionsListReply
}

type AuthenticatorClientPIN added in v0.1.2 

type AuthenticatorClientPIN struct {
	PinProtocol  uint     `cbor:"1,keyasint"`
	SubCommand   uint     `cbor:"2,keyasint"`
	KeyAgreement *CoseKey `cbor:"3,keyasint,omitempty"`
	PinAuth      []byte   `cbor:"4,keyasint,omitempty"`
	NewPinEnc    []byte   `cbor:"5,keyasint,omitempty"`
	PinHashEnc   []byte   `cbor:"6,keyasint,omitempty"`
}

type AuthenticatorClientPIN_Answer added in v0.1.2 

type AuthenticatorClientPIN_Answer struct {
	KeyAgreement *CoseKey `cbor:"1,keyasint"`
	PinToken     []byte   `cbor:"2,keyasint"`
	RetriesLeft  uint     `cbor:"3,keyasint"`
}

type AuthenticatorData added in v0.1.2 

type AuthenticatorData struct {
	RpIdHash    []byte //32 byte
	Flags       uint8
	Counter     uint32
	AttCredData *AttCredDataObject
	Extensions  *ExtensionsList
}

type AuthenticatorGetInfo added in v0.1.2 

type AuthenticatorGetInfo struct {
	Versions     []string        `cbor:"1,keyasint"`
	Extensions   []string        `cbor:"2,keyasint"`
	Aaguid       []byte          `cbor:"3,keyasint"`
	Options      map[string]bool `cbor:"4,keyasint"`
	MaxMsgSize   uint            `cbor:"5,keyasint"`
	PinProtocols []uint          `cbor:"6,keyasint"`
}

type AuthenticatorMakeCredential added in v0.1.2 

type AuthenticatorMakeCredential struct {
	ClientDataHash   []byte                         `cbor:"1,keyasint,omitempty"`
	Rp               *PublicKeyCredentialRpEntity   `cbor:"2,keyasint,omitempty"`
	User             *PublicKeyCredentialUserEntity `cbor:"3,keyasint,omitempty"`
	PubKeyCredParams []*PubKeyCredParamsItem        `cbor:"4,keyasint,omitempty"`
	ExcludeList      []*ExcludeCredential           `cbor:"5,keyasint,omitempty"`
	Extensions       *ExtensionsList                `cbor:"6,keyasint,omitempty"`
	Options          *Options                       `cbor:"7,keyasint,omitempty"`
	PinAuth          []byte                         `cbor:"8,keyasint,omitempty"`
	PinProtocol      uint                           `cbor:"9,keyasint,omitempty"`
}

type CBOR_MSG added in v0.1.2 

type CBOR_MSG struct {
	CTAP_COMMAND uint8
	CTAP_STATUS  uint8
	CBOR_DATA    []byte //already encoded
}

type CTAP added in v0.1.2 

type CTAP struct {
	// contains filtered or unexported fields
}

func (*CTAP) ClientPIN_GetKeyAgreement added in v0.1.2 

func (c *CTAP) ClientPIN_GetKeyAgreement() (*AuthenticatorClientPIN_Answer, error)

func (*CTAP) ClientPIN_GetPinToken added in v0.1.2 

func (c *CTAP) ClientPIN_GetPinToken(curPin string) (*AuthenticatorClientPIN_Answer, error)

func (*CTAP) ClientPIN_GetRetries added in v0.1.2 

func (c *CTAP) ClientPIN_GetRetries() (*AuthenticatorClientPIN_Answer, error)

func (*CTAP) ClientPIN_Set added in v0.1.2 

func (c *CTAP) ClientPIN_Set(newPin string) (*AuthenticatorClientPIN_Answer, error)

func (*CTAP) GetAssertion added in v0.1.2 

func (c *CTAP) GetAssertion(rpId string, cdh []byte, allowList [][]byte, pinAuth []byte, withHMAC bool, salt1 []byte, salt2 []byte) (*AssertionReplyObjectParsed, error)

func (*CTAP) GetInfoCbor added in v0.1.2 

func (c *CTAP) GetInfoCbor() (*AuthenticatorGetInfo, error)

func (*CTAP) MakeCredential added in v0.1.2 

func (c *CTAP) MakeCredential(cdh []byte, rp_ID, rp_name string, user_Name, user_DisplayName string, user_ID []byte, pinToken []byte, rk, withHMAC bool) (*AttestationObject, error)

func (*CTAP) MakeSharedSecret added in v0.1.2 

func (c *CTAP) MakeSharedSecret() (*SharedSecret, error)

func (*CTAP) SendInitCommand added in v0.1.2 

func (c *CTAP) SendInitCommand() (*INIT_INFO, error)

func (*CTAP) SetDevice added in v0.1.2 

func (c *CTAP) SetDevice(dev *hidDevice)

func (*CTAP) Wink added in v0.1.2 

func (c *CTAP) Wink() error

type ClientData added in v0.1.5 

type ClientData struct {
	Type        string `json:"type"`        // "webauthn.create" or "webauthn.get"
	Challenge   string `json:"challenge"`   // the fun part for signing requests
	Origin      string `json:"origin"`      // the origin of the request
	CrossOrigin bool   `json:"crossOrigin"` //defaults to false
}

func (*ClientData) ToB64 added in v0.1.5 

func (c *ClientData) ToB64() []byte

type CoseKey added in v0.1.2 

type CoseKey struct {
	Kty       int    `cbor:"1,keyasint,omitempty"`
	Kid       []byte `cbor:"2,keyasint,omitempty"`
	Alg       int    `cbor:"3,keyasint,omitempty"`
	KeyOpts   int    `cbor:"4,keyasint,omitempty"`
	IV        []byte `cbor:"5,keyasint,omitempty"`
	CrvOrNOrK int    `cbor:"-1,keyasint,omitempty"` // K for symmetric keys, Crv for elliptic curve keys, N for RSA modulus
	XOrE      []byte `cbor:"-2,keyasint,omitempty"` // X for curve x-coordinate, E for RSA public exponent
	Y         []byte `cbor:"-3,keyasint,omitempty"` // Y for curve y-cooridate
	D         []byte `cbor:"-4,keyasint,omitempty"`
}

Use cbor.RawMessage to delay unmarshaling (CrvOrNOrK's data type depends on Kty's value).

type Device_Capability_flags added in v0.1.2 

type Device_Capability_flags struct {
	CAPABILITY_WINK  bool
	CAPABILITY_CBOR  bool
	CAPABILITY_NMESG bool
}

type ExcludeCredential added in v0.1.2 

type ExcludeCredential struct {
	ID   []byte `cbor:"id"`
	Type string `cbor:"type"`
}

type ExtensionsList added in v0.1.2 

type ExtensionsList struct {
	HmacSecret HmacSecret `cbor:"hmac-secret,omitempty"`
}

type ExtensionsListReply added in v0.1.2 

type ExtensionsListReply struct {
	HmacSecret []byte `cbor:"hmac-secret,omitempty"`
	Secret     []byte `cbor:"-"`
}

type ExtensionsListRequest added in v0.1.2 

type ExtensionsListRequest struct {
	HmacSecret *HmacSecretRequest `cbor:"hmac-secret,omitempty"`
}

type FIDO2 

type FIDO2 struct {
	CTAP *CTAP
	Info *INIT_INFO
}

func GetFido2Device 

func GetFido2Device() (*FIDO2, error)

type HmacSecret added in v0.1.2 

type HmacSecret *bool

type HmacSecretRequest added in v0.1.2 

type HmacSecretRequest struct {
	KeyAgreement *CoseKey `cbor:"1,keyasint,omitempty"`
	//publicKey used for shared Secret (CBOR Encoded 1:2,3:-25,-1:1,-2:x,-3:y)
	SaltEnc []byte `cbor:"2,keyasint,omitempty"`
	/*saltEnc(0x02): Encrypt one or two salts (Called salt1 (32 bytes) and salt2 (32 bytes))
	using sharedSecret as follows:
	One salt case: AES256-CBC(sharedSecret, IV=0, salt1 (32 bytes)).
	Two salt case: AES256-CBC(sharedSecret, IV=0, salt1 (32 bytes) || salt2 (32 bytes)).
	*/
	SaltAuth []byte `cbor:"3,keyasint,omitempty"`
}

type INIT_INFO added in v0.1.2 

type INIT_INFO struct {
	Protocol_Version     uint8
	Major_Device_Version uint8
	Minor_Device_Version uint8
	Build_Device_Version uint8
	Capability_flags     Device_Capability_flags
}

type Options added in v0.1.2 

type Options struct {
	Rk bool `cbor:"rk,omitempty"`
	Uv bool `cbor:"uv,omitempty"`
	Up bool `cbor:"up,omitempty"`
}

type PubKeyCredParamsItem added in v0.1.2 

type PubKeyCredParamsItem struct {
	Alg  int    `cbor:"alg"`
	Type string `cbor:"type"`
}

type PublicKeyCredentialDescriptor added in v0.1.2 

type PublicKeyCredentialDescriptor struct {
	Type string `cbor:"type"` // "public-key"
	Id   []byte `cbor:"id"`   //credential ID (from attestation)
}

type PublicKeyCredentialRpEntity added in v0.1.2 

type PublicKeyCredentialRpEntity struct {
	Name string `cbor:"name"`
	Id   string `cbor:"id"`
}

type PublicKeyCredentialUserEntity added in v0.1.2 

type PublicKeyCredentialUserEntity struct {
	Id          []byte `cbor:"id"`
	Name        string `cbor:"name,omitempty"`
	DisplayName string `cbor:"displayName,omitempty"`
}

type SharedSecret added in v0.1.2 

type SharedSecret struct {
	Publickey_X  []byte
	Publickey_Y  []byte
	SharedSecret []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.