diff options
Diffstat (limited to 'internal')
-rw-r--r-- | internal/configfile/config_file.go | 7 | ||||
-rw-r--r-- | internal/fido2/fido2.go | 18 |
2 files changed, 18 insertions, 7 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 3d59dc5..995a0c8 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -33,6 +33,7 @@ type FIDO2Params struct { CredentialID []byte // FIDO2 hmac-secret salt HMACSalt []byte + AssertOptions []string } // ConfFile is the content of a config file. @@ -71,6 +72,7 @@ type CreateArgs struct { AESSIV bool Fido2CredentialID []byte Fido2HmacSalt []byte + Fido2AssertOptions []string DeterministicNames bool XChaCha20Poly1305 bool LongNameMax uint8 @@ -117,8 +119,9 @@ func Create(args *CreateArgs) error { if len(args.Fido2CredentialID) > 0 { cf.setFeatureFlag(FlagFIDO2) cf.FIDO2 = &FIDO2Params{ - CredentialID: args.Fido2CredentialID, - HMACSalt: args.Fido2HmacSalt, + CredentialID: args.Fido2CredentialID, + HMACSalt: args.Fido2HmacSalt, + AssertOptions: args.Fido2AssertOptions, } } // Catch bugs and invalid cli flag combinations early diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go index fa6015e..e08e589 100644 --- a/internal/fido2/fido2.go +++ b/internal/fido2/fido2.go @@ -35,13 +35,21 @@ func (fc fidoCommand) String() string { const relyingPartyID = "gocryptfs" -func callFidoCommand(command fidoCommand, device string, stdin []string) ([]string, error) { +func callFidoCommand(command fidoCommand, assertOptions []string, device string, stdin []string) ([]string, error) { var cmd *exec.Cmd switch command { case cred: cmd = exec.Command("fido2-cred", "-M", "-h", device) case assert: - cmd = exec.Command("fido2-assert", "-G", "-h", device) + var args []string + args = append(args, "-G") + args = append(args, "-h") + for i := range assertOptions{ + args = append(args, "-t") + args = append(args, assertOptions[i]) + } + args = append(args, device) + cmd = exec.Command("fido2-assert", args...) } tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args) cmd.Stderr = os.Stderr @@ -67,7 +75,7 @@ func Register(device string, userName string) (credentialID []byte) { cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) userID := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) stdin := []string{cdh, relyingPartyID, userName, userID} - out, err := callFidoCommand(cred, device, stdin) + out, err := callFidoCommand(cred, nil, device, stdin) if err != nil { tlog.Fatal.Println(err) os.Exit(exitcodes.FIDO2Error) @@ -81,14 +89,14 @@ func Register(device string, userName string) (credentialID []byte) { } // Secret generates a HMAC secret using a FIDO2 token -func Secret(device string, credentialID []byte, salt []byte) (secret []byte) { +func Secret(device string, assertOptions []string, credentialID []byte, salt []byte) (secret []byte) { tlog.Info.Printf("FIDO2 Secret: interact with your device ...") cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32)) crid := base64.StdEncoding.EncodeToString(credentialID) hmacsalt := base64.StdEncoding.EncodeToString(salt) stdin := []string{cdh, relyingPartyID, crid, hmacsalt} // call fido2-assert - out, err := callFidoCommand(assert, device, stdin) + out, err := callFidoCommand(assert, assertOptions, device, stdin) if err != nil { tlog.Fatal.Println(err) os.Exit(exitcodes.FIDO2Error) |