README
¶
U2F Host Library for golang
This package will help you quickly make U2F host apps or commandline tools with a simple API
It supports multiple inserted U2F tokens and ones with no button that require insertion.
See the supplied Example code
Documentation
¶
Overview ¶
Package u2fhost provides a high level api for host applications to use u2f
Index ¶
- Variables
- type AuthenticateResponse
- type Client
- func (c Client) Authenticate(ctx context.Context, clientdata string, keyhandlers []KeyHandler) (AuthenticateResponse, error)
- func (c Client) CheckAuthenticate(ctx context.Context, clientdata string, keyhandlers []KeyHandler) (int, error)
- func (c Client) Facet() []byte
- func (c Client) Register(ctx context.Context, clientdata string) (RegisterResponse, error)
- type ClientInterface
- type ECSignature
- type ECSignatureBytes
- type FacetID
- type KeyHandle
- type KeyHandler
- type RegisterResponse
Constants ¶
This section is empty.
Variables ¶
var KeyNotFoundError = errors.New("matching key not found")
var NoKeysInsertedError = errors.New("no security keys inserted")
Functions ¶
This section is empty.
Types ¶
type AuthenticateResponse ¶
type AuthenticateResponse struct {
Counter uint32
Signature ECSignatureBytes
// Convenience Fields
KeyHandle
KeyHandleIndex int
AuthenticateRequest u2ftoken.AuthenticateRequest
}
AuthenticateResponse is returned when a token succesfully responds to an authentication request. Call CheckSignature on the response to validate
func (AuthenticateResponse) CheckSignature ¶
func (a AuthenticateResponse) CheckSignature(pubkey *ecdsa.PublicKey) error
CheckSignature checks if the Authentication matches the signature against the provided public key nolint:gosec
type Client ¶
Client holds the application u2f client state The ErrorHandler is to give applications visibility of transient errors that may occur for logging or other purposes.
func (Client) Authenticate ¶
func (c Client) Authenticate(ctx context.Context, clientdata string, keyhandlers []KeyHandler) (AuthenticateResponse, error)
Authenticate returns a signed response if the user provides presence to a token that supplied a keyhandle
func (Client) CheckAuthenticate ¶
func (c Client) CheckAuthenticate(ctx context.Context, clientdata string, keyhandlers []KeyHandler) (int, error)
CheckAuthenticate returns the index if any currently inserted token recognises any given keyhandle or an error
type ClientInterface ¶
type ClientInterface interface {
Authenticate(ctx context.Context, clientdata string, keyhandlers []KeyHandler) (AuthenticateResponse, error)
CheckAuthenticate(ctx context.Context, clientdata string, keyhandlers []KeyHandler) (int, error)
Register(ctx context.Context, clientdata string) (RegisterResponse, error)
Facet() []byte
}
ClientInterface defines this api, consume this to switch with test mocks
type ECSignature ¶
ECSignature is an unpacked ECDSA Signature
type ECSignatureBytes ¶
type ECSignatureBytes []byte
ECSignatureBytes is a DER Encoded Signature, 70-72 bytes
func (ECSignatureBytes) ECSignature ¶
func (ec ECSignatureBytes) ECSignature() (ECSignature, error)
ECSignature will decode a DER signature
type KeyHandle ¶
type KeyHandle []byte
KeyHandle is the byte sequence returned by a u2f device on registration that is required to be returned to it for authentication
type KeyHandler ¶
type KeyHandler interface {
KeyHandle() KeyHandle
}
KeyHandler is an interface to obtain a Keyhandle for authentication
type RegisterResponse ¶
type RegisterResponse struct {
PublicKey *ecdsa.PublicKey
KeyHandle KeyHandle
AttestationCert []byte
Signature ECSignatureBytes
// contains filtered or unexported fields
}
RegisterResponse contains the data from a token registration Call CheckSignature on the response to validate
func (RegisterResponse) CheckSignature ¶
func (r RegisterResponse) CheckSignature() error
CheckSignature verifies if the RegisterResponse Signature matches the AttestationCert nolint:gosec
Source Files
Directories