libgocryptfs/internal/fido2/fido2.go
2020-09-12 18:06:54 +02:00

111 lines
3.1 KiB
Go

package fido2
import (
"bytes"
"encoding/base64"
"fmt"
"io"
"os"
"os/exec"
"strings"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
type fidoCommand int
const (
cred fidoCommand = iota
assert fidoCommand = iota
assertWithPIN fidoCommand = iota
)
const relyingPartyID = "gocryptfs"
func callFidoCommand(command fidoCommand, device string, stdin []string) ([]string, error) {
var cmd *exec.Cmd
switch command {
case cred:
cmd = exec.Command("fido2-cred", "-M", "-h", "-v", device)
case assert:
cmd = exec.Command("fido2-assert", "-G", "-h", device)
case assertWithPIN:
cmd = exec.Command("fido2-assert", "-G", "-h", "-v", device)
}
tlog.Debug.Printf("callFidoCommand: executing %q with args %v", cmd.Path, cmd.Args)
cmd.Stderr = os.Stderr
in, err := cmd.StdinPipe()
if err != nil {
return nil, err
}
for _, s := range stdin {
// This does not deadlock because the pipe buffer is big enough (64kiB on Linux)
io.WriteString(in, s+"\n")
}
in.Close()
out, err := cmd.Output()
if err != nil {
return nil, fmt.Errorf("%s failed with %v", cmd.Args[0], err)
}
return strings.Split(string(out), "\n"), nil
}
// Register registers a credential using a FIDO2 token
func Register(device string, userName string) (credentialID []byte) {
tlog.Info.Printf("FIDO2 Register: interact with your device ...")
cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
userID := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
stdin := []string{cdh, relyingPartyID, userName, userID}
out, err := callFidoCommand(cred, device, stdin)
if err != nil {
tlog.Fatal.Println(err)
os.Exit(exitcodes.FIDO2Error)
}
credentialID, err = base64.StdEncoding.DecodeString(out[4])
if err != nil {
tlog.Fatal.Println(err)
os.Exit(exitcodes.FIDO2Error)
}
return credentialID
}
// Secret generates a HMAC secret using a FIDO2 token
func Secret(device string, credentialID []byte, salt []byte) (secret []byte) {
tlog.Info.Printf("FIDO2 Secret: interact with your device ...")
cdh := base64.StdEncoding.EncodeToString(cryptocore.RandBytes(32))
crid := base64.StdEncoding.EncodeToString(credentialID)
hmacsalt := base64.StdEncoding.EncodeToString(salt)
stdin := []string{cdh, relyingPartyID, crid, hmacsalt}
// try asserting without PIN first
out, err := callFidoCommand(assert, device, stdin)
if err != nil {
// if that fails, let's assert with PIN
out, err = callFidoCommand(assertWithPIN, device, stdin)
if err != nil {
tlog.Fatal.Println(err)
os.Exit(exitcodes.FIDO2Error)
}
}
secret, err = base64.StdEncoding.DecodeString(out[4])
if err != nil {
tlog.Fatal.Println(err)
os.Exit(exitcodes.FIDO2Error)
}
// sanity checks
secretLen := len(secret)
if secretLen < 32 {
tlog.Fatal.Printf("FIDO2 HMACSecret too short (%d)!\n", secretLen)
os.Exit(exitcodes.FIDO2Error)
}
zero := make([]byte, secretLen)
if bytes.Equal(zero, secret) {
tlog.Fatal.Printf("FIDO2 HMACSecret is all zero!")
os.Exit(exitcodes.FIDO2Error)
}
return secret
}