aboutsummaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/configfile/config_file.go7
-rw-r--r--internal/fido2/fido2.go18
2 files changed, 18 insertions, 7 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 3d59dc5..995a0c8 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -33,6 +33,7 @@ type FIDO2Params struct {
CredentialID []byte
// FIDO2 hmac-secret salt
HMACSalt []byte
+ AssertOptions []string
}
// ConfFile is the content of a config file.
@@ -71,6 +72,7 @@ type CreateArgs struct {
AESSIV bool
Fido2CredentialID []byte
Fido2HmacSalt []byte
+ Fido2AssertOptions []string
DeterministicNames bool
XChaCha20Poly1305 bool
LongNameMax uint8
@@ -117,8 +119,9 @@ func Create(args *CreateArgs) error {
if len(args.Fido2CredentialID) > 0 {
cf.setFeatureFlag(FlagFIDO2)
cf.FIDO2 = &FIDO2Params{
- CredentialID: args.Fido2CredentialID,
- HMACSalt: args.Fido2HmacSalt,
+ CredentialID: args.Fido2CredentialID,
+ HMACSalt: args.Fido2HmacSalt,
+ AssertOptions: args.Fido2AssertOptions,
}
}
// Catch bugs and invalid cli flag combinations early
diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go
index fa6015e..e08e589 100644
--- a/internal/fido2/fido2.go
+++ b/internal/fido2/fido2.go
@@ -35,13 +35,21 @@ func (fc fidoCommand) String() string {
const relyingPartyID = "gocryptfs"
-func callFidoCommand(command fidoCommand, device string, stdin []string) ([]string, error) {
+func callFidoCommand(command fidoCommand, assertOptions []string, device string, stdin []string) ([]string, error) {
var cmd *exec.Cmd
switch command {
case cred:
cmd = exec.Command("fido2-cred", "-M", "-h", device)
case assert:
- cmd = exec.Command("fido2-assert", "-G", "-h", device)
+ var args []string
+ args = append(args, "-G")
+ args = append(args, "-h")
+ for i := range assertOptions{
+ args = append(args, "-t")
+ args = append(args, assertOptions[i])
+ }
+ args = append(args, device)
+ cmd = exec.Command("fido2-assert", args...)
}
tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args)
cmd.Stderr = os.Stderr
@@ -67,7 +75,7 @@ func Register(device string, userName string) (credentialID []byte) {
cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
userID := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
stdin := []string{cdh, relyingPartyID, userName, userID}
- out, err := callFidoCommand(cred, device, stdin)
+ out, err := callFidoCommand(cred, nil, device, stdin)
if err != nil {
tlog.Fatal.Println(err)
os.Exit(exitcodes.FIDO2Error)
@@ -81,14 +89,14 @@ func Register(device string, userName string) (credentialID []byte) {
}
// Secret generates a HMAC secret using a FIDO2 token
-func Secret(device string, credentialID []byte, salt []byte) (secret []byte) {
+func Secret(device string, assertOptions []string, credentialID []byte, salt []byte) (secret []byte) {
tlog.Info.Printf("FIDO2 Secret: interact with your device ...")
cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
crid := base64.StdEncoding.EncodeToString(credentialID)
hmacsalt := base64.StdEncoding.EncodeToString(salt)
stdin := []string{cdh, relyingPartyID, crid, hmacsalt}
// call fido2-assert
- out, err := callFidoCommand(assert, device, stdin)
+ out, err := callFidoCommand(assert, assertOptions, device, stdin)
if err != nil {
tlog.Fatal.Println(err)
os.Exit(exitcodes.FIDO2Error)