diff options
| author | Pavol Rusnak | 2020-09-05 22:42:15 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2020-09-12 18:06:54 +0200 |
| commit | 1e624a4cc3aafa57b5fa213c88bcd3689cefd1c3 (patch) | |
| tree | a6e4f51ecb2dc0bac4276b2f65b39a3b426bc4ee /internal/configfile/config_file.go | |
| parent | 6a9c49e9cf23c85622dd4b181cdc615abc72d6bb (diff) | |
Add support for FIDO2 tokens
Diffstat (limited to 'internal/configfile/config_file.go')
| -rw-r--r-- | internal/configfile/config_file.go | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index c27ecd4..e4921f7 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -10,12 +10,13 @@ import ( "log" "syscall" + "os" + "github.com/rfjakob/gocryptfs/internal/contentenc" "github.com/rfjakob/gocryptfs/internal/cryptocore" "github.com/rfjakob/gocryptfs/internal/exitcodes" "github.com/rfjakob/gocryptfs/internal/tlog" ) -import "os" const ( // ConfDefaultName is the default configuration file name. @@ -28,6 +29,14 @@ const ( ConfReverseName = ".gocryptfs.reverse.conf" ) +// FIDO2Params is a structure for storing FIDO2 parameters. +type FIDO2Params struct { + // FIDO2 credential + CredentialID []byte + // FIDO2 hmac-secret salt + HMACSalt []byte +} + // ConfFile is the content of a config file. type ConfFile struct { // Creator is the gocryptfs version string. @@ -46,6 +55,8 @@ type ConfFile struct { // mounting. This mechanism is analogous to the ext4 feature flags that are // stored in the superblock. FeatureFlags []string + // FIDO2 parameters + FIDO2 FIDO2Params // Filename is the name of the config file. Not exported to JSON. filename string } @@ -69,7 +80,7 @@ func randBytesDevRandom(n int) []byte { // "password" and write it to "filename". // Uses scrypt with cost parameter logN. func Create(filename string, password []byte, plaintextNames bool, - logN int, creator string, aessiv bool, devrandom bool) error { + logN int, creator string, aessiv bool, devrandom bool, fido2CredentialID []byte, fido2HmacSalt []byte) error { var cf ConfFile cf.filename = filename cf.Creator = creator @@ -89,6 +100,11 @@ func Create(filename string, password []byte, plaintextNames bool, if aessiv { cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagAESSIV]) } + if len(fido2CredentialID) > 0 { + cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagFIDO2]) + cf.FIDO2.CredentialID = fido2CredentialID + cf.FIDO2.HMACSalt = fido2HmacSalt + } { // Generate new random master key var key []byte |