2020-02-01 19:54:50 +07:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/elliptic"
|
|
|
|
|
|
|
|
"github.com/tstranex/u2f"
|
|
|
|
)
|
|
|
|
|
2020-04-21 04:03:38 +07:00
|
|
|
// U2FVerifier is the interface for verifying U2F keys.
|
2020-02-01 19:54:50 +07:00
|
|
|
type U2FVerifier interface {
|
|
|
|
Verify(keyHandle []byte, publicKey []byte, signResponse u2f.SignResponse, challenge u2f.Challenge) error
|
|
|
|
}
|
|
|
|
|
2020-04-21 04:03:38 +07:00
|
|
|
// U2FVerifierImpl the production implementation for U2F key verification.
|
2020-02-01 19:54:50 +07:00
|
|
|
type U2FVerifierImpl struct{}
|
|
|
|
|
2020-04-21 04:03:38 +07:00
|
|
|
// Verify verifies U2F keys.
|
2020-02-01 19:54:50 +07:00
|
|
|
func (uv *U2FVerifierImpl) Verify(keyHandle []byte, publicKey []byte,
|
|
|
|
signResponse u2f.SignResponse, challenge u2f.Challenge) error {
|
|
|
|
var registration u2f.Registration
|
|
|
|
registration.KeyHandle = keyHandle
|
|
|
|
x, y := elliptic.Unmarshal(elliptic.P256(), publicKey)
|
|
|
|
registration.PubKey.Curve = elliptic.P256()
|
|
|
|
registration.PubKey.X = x
|
|
|
|
registration.PubKey.Y = y
|
|
|
|
|
|
|
|
// TODO(c.michaud): store the counter to help detecting cloned U2F keys.
|
|
|
|
_, err := registration.Authenticate(
|
|
|
|
signResponse, challenge, 0)
|
2020-05-06 02:35:32 +07:00
|
|
|
|
2020-02-01 19:54:50 +07:00
|
|
|
return err
|
|
|
|
}
|