Beispiel #1
0
Datei: main.go Projekt: kurze/u2f
func signRequest(w http.ResponseWriter, r *http.Request) {
	if registration == nil {
		http.Error(w, "registration missing", http.StatusBadRequest)
		return
	}

	c, err := u2f.NewChallenge(appID, trustedFacets)
	if err != nil {
		log.Printf("u2f.NewChallenge error: %v", err)
		http.Error(w, "error", http.StatusInternalServerError)
		return
	}
	challenge = c

	var reg u2f.Registration
	if err := reg.UnmarshalBinary(registration); err != nil {
		log.Printf("reg.UnmarshalBinary error: %v", err)
		http.Error(w, "error", http.StatusInternalServerError)
		return
	}

	req := c.SignRequest(reg)
	log.Printf("signRequest: %+v", req)
	json.NewEncoder(w).Encode(req)
}
Beispiel #2
0
// NewSignChallenge returns a challenge for the U2F device.
//
func NewSignChallenge(ctx appengine.Context, userIdentity string) ([]*u2f.SignRequest, error) {

	// Create challenge
	c, err := u2f.NewChallenge(AppID, TrustedFacets)
	if err != nil {
		return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
	}

	_, regis, err := loadRegistrations(ctx, userIdentity)
	if err != nil {
		return nil, fmt.Errorf("loadRegistrations %+v", err)
	}

	var reqs = []*u2f.SignRequest{}
	for _, regi := range regis {
		signr, err := signChallengeRequest(*c, *regi)
		if err != nil {
			return nil, fmt.Errorf("Signing error: %+v", err)
		}

		reqs = append(reqs, signr)
	}

	// Save challenge to database.
	ckey := makeKey(ctx, userIdentity, "SignChallenge")
	if _, err := datastore.Put(ctx, ckey, c); err != nil {
		return nil, fmt.Errorf("datastore.Put error: %v", err)
	}

	// Return challenge
	log.Printf("🖋  New Sign Challenges: %+v [%+v]", reqs, ckey)
	return reqs, nil
}
Beispiel #3
0
func registerRequest(w http.ResponseWriter, r *http.Request) {
	c, err := u2f.NewChallenge(appID, trustedFacets)
	if err != nil {
		log.Printf("u2f.NewChallenge error: %v", err)
		http.Error(w, "error", http.StatusInternalServerError)
		return
	}
	challenge = c
	req := c.RegisterRequest()

	log.Printf("registerRequest: %+v", req)
	json.NewEncoder(w).Encode(req)
}
Beispiel #4
0
func (c *RemoteU2FClient) PrepareAuthentication(msg, appID string, marshalledRegs [][]byte) (
	*PendingAuth, error) {

	var trustedFacets = []string{appID}

	pa := &PendingAuth{}
	signReqs := []*u2f.SignRequest{}

	// Generate one signature request for each registration.
	for _, mreg := range marshalledRegs {
		reg := &u2f.Registration{}
		err := reg.UnmarshalBinary(mreg)
		if err != nil {
			return nil, fmt.Errorf("u2f.ParseRegistration: %v\n", err)
		}

		// Can/should we reuse the challenge for all the registrations?
		challenge, err := u2f.NewChallenge(appID, trustedFacets)
		if err != nil {
			return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
		}

		sr := challenge.SignRequest(*reg)
		signReqs = append(signReqs, sr)

		pa.challenges = append(pa.challenges, challenge)
		pa.regs = append(pa.regs, reg)
	}

	j, err := json.Marshal(signReqs)
	if err != nil {
		return nil, fmt.Errorf("json marshalling error: %v", err)
	}

	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
	defer cancel()

	key, err := c.c.PrepareOp(
		ctx, &pb.Prepare{j, msg, pb.Prepare_AUTHENTICATE})
	if err != nil {
		return nil, fmt.Errorf("error preparing: %v", err)
	}

	pa.Key = key

	return pa, nil
}
Beispiel #5
0
// NewRegistrationChallenge creates a new U2F challenge and stores it in the
// datastore.
//
// Encode the response with e.g.
// 	 json.NewEncoder(w).Encode(req)
//
func NewRegistrationChallenge(ctx appengine.Context, userIdentity string) (*u2f.RegisterRequest, error) {
	// Generate a challenge
	c, err := u2f.NewChallenge(AppID, TrustedFacets)
	if err != nil {
		return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
	}

	// Save challenge to database.
	ckey := makeKey(ctx, userIdentity, "Challenge")
	if _, err := datastore.Put(ctx, ckey, c); err != nil {
		return nil, fmt.Errorf("datastore.Put error: %v", err)
	}

	// Return challenge request
	req := c.RegisterRequest()
	log.Printf("🍁  New Registration Challenge for %v: %+v [%+v]",
		userIdentity, req, ckey)
	return req, nil
}
Beispiel #6
0
func signRequest(w http.ResponseWriter, r *http.Request) {
	if registration == nil {
		http.Error(w, "registration missing", http.StatusBadRequest)
		return
	}

	c, err := u2f.NewChallenge(appID, trustedFacets)
	if err != nil {
		log.Printf("u2f.NewChallenge error: %v", err)
		http.Error(w, "error", http.StatusInternalServerError)
		return
	}
	challenge = c

	var req authenticateRequest
	for _, reg := range registration {
		sr := c.SignRequest(reg)
		req.SignRequests = append(req.SignRequests, *sr)
	}

	log.Printf("authenitcateRequest: %+v", req)
	json.NewEncoder(w).Encode(req)
}
Beispiel #7
0
func (c *RemoteU2FClient) PrepareRegister(msg, appID string) (*PendingRegister, error) {
	var trustedFacets = []string{appID}

	challenge, err := u2f.NewChallenge(appID, trustedFacets)
	if err != nil {
		return nil, fmt.Errorf("u2f.NewChallenge error: %v", err)
	}

	j, err := json.Marshal(challenge.RegisterRequest())
	if err != nil {
		return nil, fmt.Errorf("json marshalling error: %v", err)
	}

	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
	defer cancel()

	key, err := c.c.PrepareOp(ctx, &pb.Prepare{j, msg, pb.Prepare_REGISTER})
	if err != nil {
		return nil, fmt.Errorf("error preparing: %v", err)
	}

	return &PendingRegister{key, challenge}, nil
}