Documentation ¶
Index ¶
- Constants
- Variables
- type AuthenticatorCTAPVersion
- type AuthenticatorClientPINRequest
- type AuthenticatorClientPINRequestOptions
- type AuthenticatorClientPINRequestSubCommand
- type AuthenticatorClientPINResponse
- type AuthenticatorCredentialManagementRequest
- type AuthenticatorCredentialManagementRequestSubCommand
- type AuthenticatorCredentialManagementRequestSubCommandParams
- type AuthenticatorCredentialManagementResponse
- type AuthenticatorGetAssertionRequest
- type AuthenticatorGetAssertionRequestOptions
- type AuthenticatorGetAssertionResponse
- type AuthenticatorGetInfoResopnseOptionID
- type AuthenticatorGetInfoResponse
- type AuthenticatorMakeCredentialRequest
- type AuthenticatorMakeCredentialRequestOptions
- type AuthenticatorMakeCredentialResponse
- type CTAPStatusError
- type Device
- func (d *Device) ClientPIN(req AuthenticatorClientPINRequest) (resp *AuthenticatorClientPINResponse, err error)
- func (d *Device) CredentialManagement(req AuthenticatorCredentialManagementRequest) (resp *AuthenticatorCredentialManagementResponse, err error)
- func (d *Device) GetAssertion(req AuthenticatorGetAssertionRequest) (resp *AuthenticatorGetAssertionResponse, err error)
- func (d *Device) GetInfo() (resp *AuthenticatorGetInfoResponse, err error)
- func (d *Device) GetNextAssertion(req AuthenticatorGetAssertionRequest) (resp *AuthenticatorGetAssertionResponse, err error)
- func (d *Device) GetPinUvAuthToken(permission PinUvAuthTokenPermission, rpID string, pin string) ([]byte, error)
- func (d *Device) Init() error
- func (d *Device) MakeCredential(req AuthenticatorMakeCredentialRequest) (resp *AuthenticatorMakeCredentialResponse, err error)
- func (d *Device) PrototypeCredentialManagement(req AuthenticatorCredentialManagementRequest) (resp *AuthenticatorCredentialManagementResponse, err error)
- type DeviceImpl
- type PinUVAuthProtocol
- type PinUVAuthProtocol1
- func (p *PinUVAuthProtocol1) Authenticate(key []byte, message []byte) []byte
- func (p *PinUVAuthProtocol1) Decrypt(key []byte, demCipherText []byte) ([]byte, error)
- func (p *PinUVAuthProtocol1) Encapsulate(peerCoseKey *PinUvAuthProtocolKey) (*PinUvAuthProtocolKey, []byte, error)
- func (p *PinUVAuthProtocol1) Encrypt(key []byte, demPlainText []byte) []byte
- func (p *PinUVAuthProtocol1) Initialize()
- func (p *PinUVAuthProtocol1) Version() uint
- type PinUVAuthProtocol2
- func (p *PinUVAuthProtocol2) Authenticate(key []byte, message []byte) []byte
- func (p *PinUVAuthProtocol2) Decrypt(key []byte, demCipherText []byte) ([]byte, error)
- func (p *PinUVAuthProtocol2) Encapsulate(peerCoseKey *PinUvAuthProtocolKey) (*PinUvAuthProtocolKey, []byte, error)
- func (p *PinUVAuthProtocol2) Encrypt(key []byte, demPlainText []byte) []byte
- func (p *PinUVAuthProtocol2) Initialize()
- func (p *PinUVAuthProtocol2) Version() uint
- type PinUvAuthProtocolKey
- type PinUvAuthTokenPermission
Constants ¶
View Source
const AuthenticatorClientPINCommandId uint8 = 0x06
View Source
const AuthenticatorCredentialManagementCommandId uint8 = 0x0A
View Source
const AuthenticatorGetAssertionCommandId uint8 = 0x02
View Source
const AuthenticatorGetInfoCommandId uint8 = 0x04
View Source
const AuthenticatorGetNextAssertionCommandId uint8 = 0x08
View Source
const AuthenticatorMakeCredentialCommandId uint8 = 0x01
Variables ¶
View Source
var ErrCTAPStatus = errors.New("CTAP status code")
View Source
var ErrProtocolUnsupported = errors.New("protocol unsupported")
Functions ¶
This section is empty.
Types ¶
type AuthenticatorCTAPVersion ¶
type AuthenticatorCTAPVersion string
const ( AuthenticatorCTAPVersion1 AuthenticatorCTAPVersion = "U2F_V2" AuthenticatorCTAPVersion2_0 AuthenticatorCTAPVersion = "FIDO_2_0" AuthenticatorCTAPVersion2_1_PRE AuthenticatorCTAPVersion = "FIDO_2_1_PRE" AuthenticatorCTAPVersion2_1 AuthenticatorCTAPVersion = "FIDO_2_1" )
type AuthenticatorClientPINRequest ¶
type AuthenticatorClientPINRequest struct { // Optional PinUvAuthProtocol uint `cbor:"1,keyasint,omitempty"` // Required SubCommand AuthenticatorClientPINRequestSubCommand `cbor:"2,keyasint"` // Optional KeyAgreement *PinUvAuthProtocolKey `cbor:"3,keyasint,omitempty"` // Optional PinUvAuthParam []byte `cbor:"4,keyasint,omitempty"` // Optional NewPinEnc []byte `cbor:"5,keyasint,omitempty"` // Optional PinHashEnc []byte `cbor:"6,keyasint,omitempty"` // Optional Permissions PinUvAuthTokenPermission `cbor:"4,keyasint,omitempty"` // Optional RPID string `cbor:"10,keyasint,omitempty"` }
type AuthenticatorClientPINRequestSubCommand ¶
type AuthenticatorClientPINRequestSubCommand uint
const ( AuthenticatorClientPINRequestSubCommandGetPINRetries AuthenticatorClientPINRequestSubCommand = 0x01 AuthenticatorClientPINRequestSubCommandGetKeyAgreement AuthenticatorClientPINRequestSubCommand = 0x02 AuthenticatorClientPINRequestSubCommandSetPIN AuthenticatorClientPINRequestSubCommand = 0x03 AuthenticatorClientPINRequestSubCommandChangePIN AuthenticatorClientPINRequestSubCommand = 0x04 AuthenticatorClientPINRequestSubCommandGetPINToken AuthenticatorClientPINRequestSubCommand = 0x05 AuthenticatorClientPINRequestSubCommandGetPinUvAuthTokenUsingUvWithPermissions AuthenticatorClientPINRequestSubCommand = 0x06 AuthenticatorClientPINRequestSubCommandGetUVRetries AuthenticatorClientPINRequestSubCommand = 0x07 AuthenticatorClientPINRequestSubCommandGetPinUvAuthTokenUsingPinWithPermissions AuthenticatorClientPINRequestSubCommand = 0x09 )
type AuthenticatorClientPINResponse ¶
type AuthenticatorClientPINResponse struct { // Optional KeyAgreement *PinUvAuthProtocolKey `cbor:"1,keyasint,omitempty"` // Optional PinUvAuthToken []byte `cbor:"2,keyasint,omitempty"` // Optional PinRetries uint `cbor:"3,keyasint,omitempty"` // Optional PowerCycleState bool `cbor:"4,keyasint,omitempty"` // Optional UvRetries uint `cbor:"5,keyasint,omitempty"` }
type AuthenticatorCredentialManagementRequest ¶
type AuthenticatorCredentialManagementRequest struct { SubCommand AuthenticatorCredentialManagementRequestSubCommand `cbor:"1,keyasint"` SubCommandParams *AuthenticatorCredentialManagementRequestSubCommandParams `cbor:"2,keyasint,omitempty"` PinUvAuthProtocol uint `cbor:"3,keyasint,omitempty"` PinUvAuthParam []byte `cbor:"4,keyasint,omitempty"` }
type AuthenticatorCredentialManagementRequestSubCommand ¶
type AuthenticatorCredentialManagementRequestSubCommand uint
const ( AuthenticatorCredentialManagementRequestSubCommandGetCredsMetadata AuthenticatorCredentialManagementRequestSubCommand = 0x01 AuthenticatorCredentialManagementRequestSubCommandEnumlateRPsBegin AuthenticatorCredentialManagementRequestSubCommand = 0x02 AuthenticatorCredentialManagementRequestSubCommandEnumlateRPsGetNextRP AuthenticatorCredentialManagementRequestSubCommand = 0x03 AuthenticatorCredentialManagementRequestSubCommandEnumlateCredentialsBegin AuthenticatorCredentialManagementRequestSubCommand = 0x04 AuthenticatorCredentialManagementRequestSubCommandEnumlateCredentialsGetNextCredential AuthenticatorCredentialManagementRequestSubCommand = 0x05 AuthenticatorCredentialManagementRequestSubCommandDeleteCredential AuthenticatorCredentialManagementRequestSubCommand = 0x06 AuthenticatorCredentialManagementRequestSubCommandUpdateUserInformation AuthenticatorCredentialManagementRequestSubCommand = 0x07 )
type AuthenticatorCredentialManagementRequestSubCommandParams ¶
type AuthenticatorCredentialManagementRequestSubCommandParams struct { RPIDHash []byte `cbor:"1,keyasint,omitempty"` CredentialID *fido.PublicKeyCredentialDescriptor `cbor:"2,keyasint,omitempty"` User *fido.PublicKeyCredentialUserEntity `cbor:"3,keyasint,omitempty"` }
type AuthenticatorCredentialManagementResponse ¶
type AuthenticatorCredentialManagementResponse struct { ExistingResidentCredentialsCount uint `cbor:"1,keyasint,omitempty"` MaxPossibleRemainingResidentCredentialsCount uint `cbor:"2,keyasint,omitempty"` RP fido.PublicKeyCredentialRpEntity `cbor:"3,keyasint,omitempty"` RPIDHash []byte `cbor:"4,keyasint,omitempty"` TotalRPs uint `cbor:"5,keyasint,omitempty"` User fido.PublicKeyCredentialUserEntity `cbor:"6,keyasint,omitempty"` CredentialID fido.PublicKeyCredentialDescriptor `cbor:"7,keyasint,omitempty"` PublicKey *cose.Key `cbor:"8,keyasint,omitempty"` TotalCredentials uint `cbor:"9,keyasint,omitempty"` CredProtect uint `cbor:"10,keyasint,omitempty"` LargeBlobKey []byte `cbor:"11,keyasint,omitempty"` ThirdPartyPayment bool `cbor:"12,keyasint,omitempty"` }
type AuthenticatorGetAssertionRequest ¶
type AuthenticatorGetAssertionRequest struct { // Required RPID string `cbor:"1,keyasint"` // Required ClientDataHash []byte `cbor:"2,keyasint"` // Optional AllowList []fido.PublicKeyCredentialDescriptor `cbor:"3,keyasint,omitempty"` // Optional Extensions map[string]interface{} `cbor:"4,keyasint,omitempty"` // Optional Options AuthenticatorGetAssertionRequestOptions `cbor:"5,keyasint,omitempty"` // Optional PinUvAuthParam []byte `cbor:"6,keyasint,omitempty"` // Optional PinUvAuthProtocol uint `cbor:"7,keyasint,omitempty"` }
type AuthenticatorGetAssertionResponse ¶
type AuthenticatorGetAssertionResponse struct { // Required Credential fido.PublicKeyCredentialDescriptor `cbor:"1,keyasint"` // Required // Can be Decoded by AuthenticatorData.UnmarshalBinary() AuthData []byte `cbor:"2,keyasint"` // Required Signature []byte `cbor:"3,keyasint"` // Optional User fido.PublicKeyCredentialUserEntity `cbor:"4,keyasint,omitempty"` // Optional NumberOfCredentials int `cbor:"5,keyasint,omitempty"` // Optional UserSelected bool `cbor:"6,keyasint,omitempty"` // Optional LargeBlobKey []byte `cbor:"7,keyasint,omitempty"` }
type AuthenticatorGetInfoResopnseOptionID ¶
type AuthenticatorGetInfoResopnseOptionID string
type AuthenticatorGetInfoResponse ¶
type AuthenticatorGetInfoResponse struct { // Required Version []string `cbor:"1,keyasint"` // Optional Extensions []string `cbor:"2,keyasint,omitempty"` // Required AAGUID []byte `cbor:"3,keyasint"` // Optional Options map[AuthenticatorGetInfoResopnseOptionID]bool `cbor:"4,keyasint,omitempty"` // Optional MaxMsgSize uint `cbor:"5,keyasint,omitempty"` // Optional PinUvAuthProtocols []uint `cbor:"6,keyasint,omitempty"` // Optional MaxCredentialCountInList uint `cbor:"7,keyasint,omitempty"` // Optional MaxCredentialIdLength uint `cbor:"8,keyasint,omitempty"` // Optional Transports []string `cbor:"9,keyasint,omitempty"` // Optional Algorithms []fido.PublicKeyCredentialParameters `cbor:"10,keyasint,omitempty"` // Optional MaxSerializedLargeBlobArray uint `cbor:"11,keyasint,omitempty"` // Optional ForcePINChange bool `cbor:"12,keyasint,omitempty"` // Optional MinPINLength uint `cbor:"13,keyasint,omitempty"` // Optional FirmwareVersion uint `cbor:"14,keyasint,omitempty"` // Optional MaxCredBlobLength uint `cbor:"15,keyasint,omitempty"` // Optional MaxRPIDsForSetMinPINLength uint `cbor:"16,keyasint,omitempty"` // Optional PreferredPlatformUvAttempts uint `cbor:"17,keyasint,omitempty"` // Optional UvModality uint `cbor:"18,keyasint,omitempty"` // Optional Certifications map[any]any `cbor:"19,keyasint,omitempty"` // Optional RemainingDiscoverableCredentials uint `cbor:"20,keyasint,omitempty"` // Optional VendorPrototypeConfigCommands []uint `cbor:"21,keyasint,omitempty"` }
func (*AuthenticatorGetInfoResponse) IsOptionTrue ¶
func (i *AuthenticatorGetInfoResponse) IsOptionTrue(option AuthenticatorGetInfoResopnseOptionID) bool
type AuthenticatorMakeCredentialRequest ¶
type AuthenticatorMakeCredentialRequest struct { // Required ClientDataHash []byte `cbor:"1,keyasint"` // Required RP fido.PublicKeyCredentialRpEntity `cbor:"2,keyasint"` // Required User fido.PublicKeyCredentialUserEntity `cbor:"3,keyasint"` // Required PubKeyCredParams []fido.PublicKeyCredentialParameters `cbor:"4,keyasint"` // Optional ExcludeList []fido.PublicKeyCredentialDescriptor `cbor:"5,keyasint,omitempty"` // Optional Extensions map[string]interface{} `cbor:"6,keyasint,omitempty"` // Optional Options AuthenticatorMakeCredentialRequestOptions `cbor:"7,keyasint,omitempty"` // Optional PinUvAuthParam []byte `cbor:"8,keyasint,omitempty"` // Optional PinUvAuthProtocol uint `cbor:"9,keyasint,omitempty"` // Optional EnterpriseAttestation uint `cbor:"10,keyasint,omitempty"` }
type AuthenticatorMakeCredentialResponse ¶
type AuthenticatorMakeCredentialResponse struct { // Required Fmt string `cbor:"1,keyasint"` // Required // Can be Decoded by AuthenticatorData.UnmarshalBinary() AuthData []byte `cbor:"2,keyasint"` // Required AttStmt cbor.RawMessage `cbor:"3,keyasint"` // Optional EpAtt bool `cbor:"4,keyasint,omitempty"` // Optional LargeBlobKey []byte `cbor:"5,keyasint,omitempty"` }
type CTAPStatusError ¶
type CTAPStatusError uint8
func (CTAPStatusError) Error ¶
func (e CTAPStatusError) Error() string
func (CTAPStatusError) GetName ¶
func (e CTAPStatusError) GetName() string
func (CTAPStatusError) Unwrap ¶
func (e CTAPStatusError) Unwrap() error
type Device ¶
type Device struct { DeviceImpl Info *AuthenticatorGetInfoResponse PinUVAuthProtocol PinUVAuthProtocol }
func (*Device) ClientPIN ¶
func (d *Device) ClientPIN(req AuthenticatorClientPINRequest) (resp *AuthenticatorClientPINResponse, err error)
func (*Device) CredentialManagement ¶
func (d *Device) CredentialManagement(req AuthenticatorCredentialManagementRequest) (resp *AuthenticatorCredentialManagementResponse, err error)
func (*Device) GetAssertion ¶
func (d *Device) GetAssertion(req AuthenticatorGetAssertionRequest) (resp *AuthenticatorGetAssertionResponse, err error)
func (*Device) GetInfo ¶
func (d *Device) GetInfo() (resp *AuthenticatorGetInfoResponse, err error)
func (*Device) GetNextAssertion ¶
func (d *Device) GetNextAssertion(req AuthenticatorGetAssertionRequest) (resp *AuthenticatorGetAssertionResponse, err error)
func (*Device) GetPinUvAuthToken ¶
func (d *Device) GetPinUvAuthToken(permission PinUvAuthTokenPermission, rpID string, pin string) ([]byte, error)
rpId is optional(can be empty) to use UV, pin == ""
func (*Device) MakeCredential ¶
func (d *Device) MakeCredential(req AuthenticatorMakeCredentialRequest) (resp *AuthenticatorMakeCredentialResponse, err error)
func (*Device) PrototypeCredentialManagement ¶
func (d *Device) PrototypeCredentialManagement(req AuthenticatorCredentialManagementRequest) (resp *AuthenticatorCredentialManagementResponse, err error)
type DeviceImpl ¶
type PinUVAuthProtocol ¶
type PinUVAuthProtocol1 ¶
type PinUVAuthProtocol1 struct { KeyAgreementKey *ecdsa.PrivateKey PinUvAuthToken []byte }
func (*PinUVAuthProtocol1) Authenticate ¶
func (p *PinUVAuthProtocol1) Authenticate(key []byte, message []byte) []byte
func (*PinUVAuthProtocol1) Decrypt ¶
func (p *PinUVAuthProtocol1) Decrypt(key []byte, demCipherText []byte) ([]byte, error)
func (*PinUVAuthProtocol1) Encapsulate ¶
func (p *PinUVAuthProtocol1) Encapsulate(peerCoseKey *PinUvAuthProtocolKey) (*PinUvAuthProtocolKey, []byte, error)
func (*PinUVAuthProtocol1) Encrypt ¶
func (p *PinUVAuthProtocol1) Encrypt(key []byte, demPlainText []byte) []byte
func (*PinUVAuthProtocol1) Initialize ¶
func (p *PinUVAuthProtocol1) Initialize()
func (*PinUVAuthProtocol1) Version ¶
func (p *PinUVAuthProtocol1) Version() uint
type PinUVAuthProtocol2 ¶
type PinUVAuthProtocol2 struct { KeyAgreementKey *ecdsa.PrivateKey PinUvAuthToken []byte }
func (*PinUVAuthProtocol2) Authenticate ¶
func (p *PinUVAuthProtocol2) Authenticate(key []byte, message []byte) []byte
func (*PinUVAuthProtocol2) Decrypt ¶
func (p *PinUVAuthProtocol2) Decrypt(key []byte, demCipherText []byte) ([]byte, error)
func (*PinUVAuthProtocol2) Encapsulate ¶
func (p *PinUVAuthProtocol2) Encapsulate(peerCoseKey *PinUvAuthProtocolKey) (*PinUvAuthProtocolKey, []byte, error)
func (*PinUVAuthProtocol2) Encrypt ¶
func (p *PinUVAuthProtocol2) Encrypt(key []byte, demPlainText []byte) []byte
func (*PinUVAuthProtocol2) Initialize ¶
func (p *PinUVAuthProtocol2) Initialize()
func (*PinUVAuthProtocol2) Version ¶
func (p *PinUVAuthProtocol2) Version() uint
type PinUvAuthProtocolKey ¶
type PinUvAuthProtocolKey struct {
*cose.Key
}
func (*PinUvAuthProtocolKey) UnmarshalCBOR ¶
func (k *PinUvAuthProtocolKey) UnmarshalCBOR(data []byte) error
type PinUvAuthTokenPermission ¶
type PinUvAuthTokenPermission uint
const ( PinUvAuthTokenPermissionMakeCredential PinUvAuthTokenPermission = 0x01 PinUvAuthTokenPermissionGetAssertion PinUvAuthTokenPermission = 0x02 PinUvAuthTokenPermissionCredentialManagement PinUvAuthTokenPermission = 0x04 PinUvAuthTokenPermissionBioEnrollment PinUvAuthTokenPermission = 0x08 PinUvAuthTokenPermissionLargeBlobWrite PinUvAuthTokenPermission = 0x10 PinUvAuthTokenPermissionAuthenticatorConfiguration PinUvAuthTokenPermission = 0x20 )
Source Files ¶
Click to show internal directories.
Click to hide internal directories.