tdsds.com/gitea
tdsds.com
/
gitea
mirror of https://github.com/go-gitea/gitea
1
1
Fork 0
Code Releases Activity
gitea/vendor/github.com/duo-labs/webauthn/webauthn/authenticator.go

52 lines
2.4 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package webauthn
import (
p "github.com/duo-labs/webauthn/protocol"
)
type Authenticator struct {
// The AAGUID of the authenticator. An AAGUID is defined as an array containing the globally unique
// identifier of the authenticator model being sought.
AAGUID []byte
// SignCount -Upon a new login operation, the Relying Party compares the stored signature counter value
// with the new signCount value returned in the assertions authenticator data. If this new
// signCount value is less than or equal to the stored value, a cloned authenticator may
// exist, or the authenticator may be malfunctioning.
SignCount uint32
// CloneWarning - This is a signal that the authenticator may be cloned, i.e. at least two copies of the
// credential private key may exist and are being used in parallel. Relying Parties should incorporate
// this information into their risk scoring. Whether the Relying Party updates the stored signature
// counter value in this case, or not, or fails the authentication ceremony or not, is Relying Party-specific.
CloneWarning bool
}
// Allow for easy marhsalling of authenticator options that are provided to the user
func SelectAuthenticator(att string, rrk *bool, uv string) p.AuthenticatorSelection {
return p.AuthenticatorSelection{
AuthenticatorAttachment: p.AuthenticatorAttachment(att),
RequireResidentKey: rrk,
UserVerification: p.UserVerificationRequirement(uv),
}
}
// VerifyCounter
// Step 17 of §7.2. about verifying attestation. If the signature counter value authData.signCount
// is nonzero or the value stored in conjunction with credentials id attribute is nonzero, then
// run the following sub-step:
//
// If the signature counter value authData.signCount is
//
// → Greater than the signature counter value stored in conjunction with credentials id attribute.
// Update the stored signature counter value, associated with credentials id attribute, to be the value of
// authData.signCount.
//
// → Less than or equal to the signature counter value stored in conjunction with credentials id attribute.
// This is a signal that the authenticator may be cloned, see CloneWarning above for more information.
func (a *Authenticator) UpdateCounter(authDataCount uint32) {
if authDataCount <= a.SignCount && (authDataCount != 0 || a.SignCount != 0) {
a.CloneWarning = true
return
}
a.SignCount = authDataCount
}
View Git Blame Copy Permalink