diff options
Diffstat (limited to 'internal/fido2/fido2.go')
| -rw-r--r-- | internal/fido2/fido2.go | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go index fa6015e..e08e589 100644 --- a/internal/fido2/fido2.go +++ b/internal/fido2/fido2.go @@ -35,13 +35,21 @@ func (fc fidoCommand) String() string { const relyingPartyID = "gocryptfs" -func callFidoCommand(command fidoCommand, device string, stdin []string) ([]string, error) { +func callFidoCommand(command fidoCommand, assertOptions []string, device string, stdin []string) ([]string, error) { var cmd *exec.Cmd switch command { case cred: cmd = exec.Command("fido2-cred", "-M", "-h", device) case assert: - cmd = exec.Command("fido2-assert", "-G", "-h", device) + var args []string + args = append(args, "-G") + args = append(args, "-h") + for i := range assertOptions{ + args = append(args, "-t") + args = append(args, assertOptions[i]) + } + args = append(args, device) + cmd = exec.Command("fido2-assert", args...) } tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args) cmd.Stderr = os.Stderr @@ -67,7 +75,7 @@ func Register(device string, userName string) (credentialID []byte) { cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) userID := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) stdin := []string{cdh, relyingPartyID, userName, userID} - out, err := callFidoCommand(cred, device, stdin) + out, err := callFidoCommand(cred, nil, device, stdin) if err != nil { tlog.Fatal.Println(err) os.Exit(exitcodes.FIDO2Error) @@ -81,14 +89,14 @@ func Register(device string, userName string) (credentialID []byte) { } // Secret generates a HMAC secret using a FIDO2 token -func Secret(device string, credentialID []byte, salt []byte) (secret []byte) { +func Secret(device string, assertOptions []string, credentialID []byte, salt []byte) (secret []byte) { tlog.Info.Printf("FIDO2 Secret: interact with your device ...") cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) crid := base64.StdEncoding.EncodeToString(credentialID) hmacsalt := base64.StdEncoding.EncodeToString(salt) stdin := []string{cdh, relyingPartyID, crid, hmacsalt} // call fido2-assert - out, err := callFidoCommand(assert, device, stdin) + out, err := callFidoCommand(assert, assertOptions, device, stdin) if err != nil { tlog.Fatal.Println(err) os.Exit(exitcodes.FIDO2Error) |