// --- testSignChallenge --- func testSignChallenge(challenge u2f.Challenge, regi Registration, signResp u2f.SignResponse) error { var reg u2f.Registration if err := reg.UnmarshalBinary(regi.U2FRegistrationBytes); err != nil { return fmt.Errorf("reg.UnmarshalBinary error: %v", err) } // The AppEngine datastore does not accept uint types, see: // https://github.com/golang/appengine/blob/master/datastore/save.go#L148 // So we cast int64 to uint32 when coming from the datastore, and back. newCounter, err := reg.Authenticate(signResp, challenge, uint32(regi.Counter)) if err != nil { return fmt.Errorf("VerifySignResponse error: %v", err) } // Update the counter for the next auth. regi.Counter = int64(newCounter) return nil }
func signResponse(w http.ResponseWriter, r *http.Request) { var signResp u2f.SignResponse if err := json.NewDecoder(r.Body).Decode(&signResp); err != nil { http.Error(w, "invalid response: "+err.Error(), http.StatusBadRequest) return } log.Printf("signResponse: %+v", signResp) if challenge == nil { http.Error(w, "challenge missing", http.StatusBadRequest) return } if registration == nil { http.Error(w, "registration missing", http.StatusBadRequest) return } var reg u2f.Registration if err := reg.UnmarshalBinary(registration); err != nil { log.Printf("reg.UnmarshalBinary error: %v", err) http.Error(w, "error", http.StatusInternalServerError) return } newCounter, err := reg.Authenticate(signResp, *challenge, counter) if err != nil { log.Printf("VerifySignResponse error: %v", err) http.Error(w, "error verifying response", http.StatusInternalServerError) return } log.Printf("newCounter: %d", newCounter) counter = newCounter w.Write([]byte("success")) }