From 4b6b9553c4a2e14fd809754f6bf187957ff3cdfd Mon Sep 17 00:00:00 2001
From: invis-z
Date: Tue, 21 Nov 2023 18:12:01 +0000
Subject: Add option to set FIDO2 verificatoin option

Add an option to specify user verification options for `fido2-assert -t`

Options will be saved to config file

Provide same functionality to #705 with simpler implementation

Resolve #702
---
 internal/fido2/fido2.go | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'internal/fido2/fido2.go')

diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go
index fa6015e..e08e589 100644
--- a/internal/fido2/fido2.go
+++ b/internal/fido2/fido2.go
@@ -35,13 +35,21 @@ func (fc fidoCommand) String() string {
 
 const relyingPartyID = "gocryptfs"
 
-func callFidoCommand(command fidoCommand, device string, stdin []string) ([]string, error) {
+func callFidoCommand(command fidoCommand, assertOptions []string, device string, stdin []string) ([]string, error) {
 	var cmd *exec.Cmd
 	switch command {
 	case cred:
 		cmd = exec.Command("fido2-cred", "-M", "-h", device)
 	case assert:
-		cmd = exec.Command("fido2-assert", "-G", "-h", device)
+		var args []string
+		args = append(args, "-G")
+		args = append(args, "-h")
+		for i := range assertOptions{
+			args = append(args, "-t")
+			args = append(args, assertOptions[i])
+		}
+		args = append(args, device)
+		cmd = exec.Command("fido2-assert", args...)
 	}
 	tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args)
 	cmd.Stderr = os.Stderr
@@ -67,7 +75,7 @@ func Register(device string, userName string) (credentialID []byte) {
 	cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
 	userID := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
 	stdin := []string{cdh, relyingPartyID, userName, userID}
-	out, err := callFidoCommand(cred, device, stdin)
+	out, err := callFidoCommand(cred, nil, device, stdin)
 	if err != nil {
 		tlog.Fatal.Println(err)
 		os.Exit(exitcodes.FIDO2Error)
@@ -81,14 +89,14 @@ func Register(device string, userName string) (credentialID []byte) {
 }
 
 // Secret generates a HMAC secret using a FIDO2 token
-func Secret(device string, credentialID []byte, salt []byte) (secret []byte) {
+func Secret(device string, assertOptions []string, credentialID []byte, salt []byte) (secret []byte) {
 	tlog.Info.Printf("FIDO2 Secret: interact with your device ...")
 	cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
 	crid := base64.StdEncoding.EncodeToString(credentialID)
 	hmacsalt := base64.StdEncoding.EncodeToString(salt)
 	stdin := []string{cdh, relyingPartyID, crid, hmacsalt}
 	// call fido2-assert
-	out, err := callFidoCommand(assert, device, stdin)
+	out, err := callFidoCommand(assert, assertOptions, device, stdin)
 	if err != nil {
 		tlog.Fatal.Println(err)
 		os.Exit(exitcodes.FIDO2Error)
-- 
cgit v1.2.3