fido.go 1.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. package fido
  2. import (
  3. "bytes"
  4. "log"
  5. "github.com/keys-pub/go-libfido2"
  6. )
  7. // todo errors
  8. func Setup(rpID, pin string, cdh []byte) []byte {
  9. locs, err := libfido2.DeviceLocations()
  10. if err != nil {
  11. log.Fatal(err)
  12. }
  13. if len(locs) == 0 {
  14. log.Fatal("No devices")
  15. return []byte{}
  16. }
  17. path := locs[0].Path
  18. device, err := libfido2.NewDevice(path)
  19. if err != nil {
  20. log.Fatal(err)
  21. }
  22. attest, err := device.MakeCredential(
  23. cdh,
  24. libfido2.RelyingParty{
  25. ID: rpID,
  26. Name: "hmac-secret",
  27. },
  28. libfido2.User{
  29. ID: bytes.Repeat([]byte{0x01}, 16),
  30. Name: "hmac-secret",
  31. },
  32. libfido2.ES256,
  33. pin,
  34. &libfido2.MakeCredentialOpts{
  35. Extensions: []libfido2.Extension{libfido2.HMACSecretExtension},
  36. RK: libfido2.True,
  37. },
  38. )
  39. if err != nil {
  40. log.Fatal(err)
  41. }
  42. return attest.CredentialID
  43. }
  44. func GetHmacSecret(rpID, pin string, cdh, salt, credID []byte) []byte {
  45. locs, err := libfido2.DeviceLocations()
  46. if err != nil {
  47. log.Fatal(err)
  48. }
  49. if len(locs) == 0 {
  50. log.Fatal("No devices")
  51. return []byte{}
  52. }
  53. path := locs[0].Path
  54. device, err := libfido2.NewDevice(path)
  55. if err != nil {
  56. log.Fatal(err)
  57. }
  58. assertion, err := device.Assertion(
  59. rpID,
  60. cdh,
  61. [][]byte{credID},
  62. pin,
  63. &libfido2.AssertionOpts{
  64. Extensions: []libfido2.Extension{libfido2.HMACSecretExtension},
  65. HMACSalt: salt,
  66. },
  67. )
  68. if err != nil {
  69. log.Fatal(err)
  70. }
  71. return assertion.HMACSecret
  72. }