diff options
author | invis-z | 2023-11-21 18:12:01 +0000 |
---|---|---|
committer | rfjakob | 2024-04-19 22:36:55 +0200 |
commit | 4b6b9553c4a2e14fd809754f6bf187957ff3cdfd (patch) | |
tree | c020acb7b2ebfb6121725082ec03944c8a6aa1cd /internal/fido2 | |
parent | f5007b28c366d1a9671146710975679a154f30f8 (diff) |
Add option to set FIDO2 verificatoin option
Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702
Diffstat (limited to 'internal/fido2')
-rw-r--r-- | internal/fido2/fido2.go | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go index fa6015e..e08e589 100644 --- a/internal/fido2/fido2.go +++ b/internal/fido2/fido2.go @@ -35,13 +35,21 @@ func (fc fidoCommand) String() string { const relyingPartyID = "gocryptfs" -func callFidoCommand(command fidoCommand, device string, stdin []string) ([]string, error) { +func callFidoCommand(command fidoCommand, assertOptions []string, device string, stdin []string) ([]string, error) { var cmd *exec.Cmd switch command { case cred: cmd = exec.Command("fido2-cred", "-M", "-h", device) case assert: - cmd = exec.Command("fido2-assert", "-G", "-h", device) + var args []string + args = append(args, "-G") + args = append(args, "-h") + for i := range assertOptions{ + args = append(args, "-t") + args = append(args, assertOptions[i]) + } + args = append(args, device) + cmd = exec.Command("fido2-assert", args...) } tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args) cmd.Stderr = os.Stderr @@ -67,7 +75,7 @@ func Register(device string, userName string) (credentialID []byte) { cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) userID := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) stdin := []string{cdh, relyingPartyID, userName, userID} - out, err := callFidoCommand(cred, device, stdin) + out, err := callFidoCommand(cred, nil, device, stdin) if err != nil { tlog.Fatal.Println(err) os.Exit(exitcodes.FIDO2Error) @@ -81,14 +89,14 @@ func Register(device string, userName string) (credentialID []byte) { } // Secret generates a HMAC secret using a FIDO2 token -func Secret(device string, credentialID []byte, salt []byte) (secret []byte) { +func Secret(device string, assertOptions []string, credentialID []byte, salt []byte) (secret []byte) { tlog.Info.Printf("FIDO2 Secret: interact with your device ...") cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) crid := base64.StdEncoding.EncodeToString(credentialID) hmacsalt := base64.StdEncoding.EncodeToString(salt) stdin := []string{cdh, relyingPartyID, crid, hmacsalt} // call fido2-assert - out, err := callFidoCommand(assert, device, stdin) + out, err := callFidoCommand(assert, assertOptions, device, stdin) if err != nil { tlog.Fatal.Println(err) os.Exit(exitcodes.FIDO2Error) |