@reegaviljoen/eldlock 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +285 -0
- package/bin/eldlock +11 -0
- package/docs/architecture.md +164 -0
- package/docs/threat-model.md +47 -0
- package/eldlock-cli/README.md +56 -0
- package/eldlock-cli/bin/eldlock +3 -0
- package/eldlock-cli/package-lock.json +805 -0
- package/eldlock-cli/package.json +71 -0
- package/eldlock-cli/src/api.ts +250 -0
- package/eldlock-cli/src/cli.ts +490 -0
- package/eldlock-cli/src/main.ts +10 -0
- package/eldlock-cli/src/tui.ts +676 -0
- package/eldlock-cli/tsconfig.json +13 -0
- package/eldlock-cli/vendor/npm/ansi-regex-6.2.2.tgz +0 -0
- package/eldlock-cli/vendor/npm/bun-ffi-structs-0.2.2.tgz +0 -0
- package/eldlock-cli/vendor/npm/diff-9.0.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/emoji-regex-10.6.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/esbuild-0.28.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/esbuild-darwin-arm64-0.28.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/esbuild-darwin-x64-0.28.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/esbuild-linux-arm64-0.28.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/esbuild-linux-x64-0.28.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/fsevents-2.3.3.tgz +0 -0
- package/eldlock-cli/vendor/npm/get-east-asian-width-1.6.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/marked-17.0.1.tgz +0 -0
- package/eldlock-cli/vendor/npm/opentui-core-0.3.1.tgz +0 -0
- package/eldlock-cli/vendor/npm/opentui-core-darwin-arm64-0.3.1.tgz +0 -0
- package/eldlock-cli/vendor/npm/opentui-core-darwin-x64-0.3.1.tgz +0 -0
- package/eldlock-cli/vendor/npm/opentui-core-linux-arm64-0.3.1.tgz +0 -0
- package/eldlock-cli/vendor/npm/opentui-core-linux-x64-0.3.1.tgz +0 -0
- package/eldlock-cli/vendor/npm/string-width-7.2.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/strip-ansi-7.1.2.tgz +0 -0
- package/eldlock-cli/vendor/npm/tsx-4.22.4.tgz +0 -0
- package/eldlock-cli/vendor/npm/types-node-22.19.19.tgz +0 -0
- package/eldlock-cli/vendor/npm/typescript-5.9.3.tgz +0 -0
- package/eldlock-cli/vendor/npm/undici-types-6.21.0.tgz +0 -0
- package/eldlock-cli/vendor/npm/web-tree-sitter-0.25.10.tgz +0 -0
- package/eldlock-cli/vendor/npm/yoga-layout-3.2.1.tgz +0 -0
- package/eldlock-server/cmd/eldlock-server/main.go +132 -0
- package/eldlock-server/go.mod +10 -0
- package/eldlock-server/go.sum +11 -0
- package/eldlock-server/internal/api/README.md +14 -0
- package/eldlock-server/internal/api/core.go +126 -0
- package/eldlock-server/internal/api/exec.go +97 -0
- package/eldlock-server/internal/api/secrets.go +358 -0
- package/eldlock-server/internal/api/server.go +72 -0
- package/eldlock-server/internal/api/service_test.go +416 -0
- package/eldlock-server/internal/api/types.go +48 -0
- package/eldlock-server/internal/api/vault.go +69 -0
- package/eldlock-server/internal/api/vendor.go +44 -0
- package/eldlock-server/internal/libfido2/LICENSE +21 -0
- package/eldlock-server/internal/libfido2/README.md +127 -0
- package/eldlock-server/internal/libfido2/examples_test.go +614 -0
- package/eldlock-server/internal/libfido2/fido2.go +1234 -0
- package/eldlock-server/internal/libfido2/fido2_darwin.go +7 -0
- package/eldlock-server/internal/libfido2/fido2_other.go +9 -0
- package/eldlock-server/internal/libfido2/fido2_test.go +101 -0
- package/eldlock-server/internal/libfido2/go.mod +10 -0
- package/eldlock-server/internal/libfido2/go.sum +16 -0
- package/eldlock-server/internal/libfido2/log.go +87 -0
- package/eldlock-server/internal/store/README.md +7 -0
- package/eldlock-server/internal/store/store.go +434 -0
- package/eldlock-server/internal/store/store_test.go +125 -0
- package/eldlock-server/internal/yubikey/README.md +25 -0
- package/eldlock-server/internal/yubikey/default_fido2.go +7 -0
- package/eldlock-server/internal/yubikey/default_stub.go +7 -0
- package/eldlock-server/internal/yubikey/fido2_disabled.go +9 -0
- package/eldlock-server/internal/yubikey/fido2_libfido2.go +225 -0
- package/eldlock-server/internal/yubikey/fido2_libfido2_test.go +66 -0
- package/eldlock-server/internal/yubikey/passkey.go +139 -0
- package/eldlock-server/internal/yubikey/passkey_test.go +36 -0
- package/eldlock-server/vendor/github.com/keys-pub/go-libfido2/LICENSE +21 -0
- package/eldlock-server/vendor/github.com/keys-pub/go-libfido2/README.md +127 -0
- package/eldlock-server/vendor/github.com/keys-pub/go-libfido2/fido2.go +1234 -0
- package/eldlock-server/vendor/github.com/keys-pub/go-libfido2/fido2_darwin.go +7 -0
- package/eldlock-server/vendor/github.com/keys-pub/go-libfido2/fido2_other.go +9 -0
- package/eldlock-server/vendor/github.com/keys-pub/go-libfido2/log.go +87 -0
- package/eldlock-server/vendor/github.com/pkg/errors/.travis.yml +10 -0
- package/eldlock-server/vendor/github.com/pkg/errors/LICENSE +23 -0
- package/eldlock-server/vendor/github.com/pkg/errors/Makefile +44 -0
- package/eldlock-server/vendor/github.com/pkg/errors/README.md +59 -0
- package/eldlock-server/vendor/github.com/pkg/errors/appveyor.yml +32 -0
- package/eldlock-server/vendor/github.com/pkg/errors/errors.go +288 -0
- package/eldlock-server/vendor/github.com/pkg/errors/go113.go +38 -0
- package/eldlock-server/vendor/github.com/pkg/errors/stack.go +177 -0
- package/eldlock-server/vendor/modules.txt +7 -0
- package/examples/eldlock.toml +17 -0
- package/install.sh +66 -0
- package/package.json +66 -0
- package/scripts/build-production.mjs +177 -0
- package/scripts/postinstall-production.mjs +23 -0
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
# go-libfido2
|
|
2
|
+
|
|
3
|
+
Go wrapper for libfido2.
|
|
4
|
+
|
|
5
|
+
```go
|
|
6
|
+
import (
|
|
7
|
+
"github.com/keys-pub/go-libfido2"
|
|
8
|
+
)
|
|
9
|
+
|
|
10
|
+
func ExampleDevice_Assertion() {
|
|
11
|
+
locs, err := libfido2.DeviceLocations()
|
|
12
|
+
if err != nil {
|
|
13
|
+
log.Fatal(err)
|
|
14
|
+
}
|
|
15
|
+
if len(locs) == 0 {
|
|
16
|
+
log.Println("No devices")
|
|
17
|
+
return
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
log.Printf("Using device: %+v\n", locs[0])
|
|
21
|
+
path := locs[0].Path
|
|
22
|
+
device, err := libfido2.NewDevice(path)
|
|
23
|
+
if err != nil {
|
|
24
|
+
log.Fatal(err)
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
cdh := libfido2.RandBytes(32)
|
|
28
|
+
userID := libfido2.RandBytes(32)
|
|
29
|
+
salt := libfido2.RandBytes(32)
|
|
30
|
+
pin := "12345"
|
|
31
|
+
|
|
32
|
+
attest, err := device.MakeCredential(
|
|
33
|
+
cdh,
|
|
34
|
+
libfido2.RelyingParty{
|
|
35
|
+
ID: "keys.pub",
|
|
36
|
+
},
|
|
37
|
+
libfido2.User{
|
|
38
|
+
ID: userID,
|
|
39
|
+
Name: "gabriel",
|
|
40
|
+
},
|
|
41
|
+
libfido2.ES256, // Algorithm
|
|
42
|
+
pin,
|
|
43
|
+
&libfido2.MakeCredentialOpts{
|
|
44
|
+
Extensions: []libfido2.Extension{libfido2.HMACSecretExtension},
|
|
45
|
+
},
|
|
46
|
+
)
|
|
47
|
+
if err != nil {
|
|
48
|
+
log.Fatal(err)
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
log.Printf("Attestation:\n")
|
|
52
|
+
log.Printf("AuthData: %s\n", hex.EncodeToString(attest.AuthData))
|
|
53
|
+
log.Printf("ClientDataHash: %s\n", hex.EncodeToString(attest.ClientDataHash))
|
|
54
|
+
log.Printf("ID: %s\n", hex.EncodeToString(attest.CredentialID))
|
|
55
|
+
log.Printf("Type: %s\n", attest.CredentialType)
|
|
56
|
+
log.Printf("Sig: %s\n", hex.EncodeToString(attest.Sig))
|
|
57
|
+
|
|
58
|
+
assertion, err := device.Assertion(
|
|
59
|
+
"keys.pub",
|
|
60
|
+
cdh,
|
|
61
|
+
[][]byte{attest.CredentialID},
|
|
62
|
+
pin,
|
|
63
|
+
&libfido2.AssertionOpts{
|
|
64
|
+
Extensions: []libfido2.Extension{libfido2.HMACSecretExtension},
|
|
65
|
+
HMACSalt: salt,
|
|
66
|
+
},
|
|
67
|
+
)
|
|
68
|
+
if err != nil {
|
|
69
|
+
log.Fatal(err)
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
log.Printf("Assertion:\n")
|
|
73
|
+
log.Printf("%s\n", hex.EncodeToString(assertion.AuthData))
|
|
74
|
+
log.Printf("%s\n", hex.EncodeToString(assertion.HMACSecret))
|
|
75
|
+
log.Printf("%s\n", hex.EncodeToString(assertion.Sig))
|
|
76
|
+
|
|
77
|
+
// Output:
|
|
78
|
+
//
|
|
79
|
+
}
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
## Examples
|
|
83
|
+
|
|
84
|
+
The examples require a device.
|
|
85
|
+
|
|
86
|
+
To run an example, set FIDO2_EXAMPLES=1.
|
|
87
|
+
|
|
88
|
+
```shell
|
|
89
|
+
FIDO2_EXAMPLES=1 go test -v -run ExampleDeviceLocations
|
|
90
|
+
FIDO2_EXAMPLES=1 go test -v -run ExampleDevice_Assertion
|
|
91
|
+
FIDO2_EXAMPLES=1 go test -v -run ExampleDevice_Credentials
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
## Dependencies
|
|
95
|
+
|
|
96
|
+
### Linux
|
|
97
|
+
|
|
98
|
+
```shell
|
|
99
|
+
sudo apt install software-properties-common
|
|
100
|
+
sudo apt-add-repository ppa:yubico/stable
|
|
101
|
+
sudo apt update
|
|
102
|
+
sudo apt install libfido2-dev
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
### macOS
|
|
106
|
+
|
|
107
|
+
```shell
|
|
108
|
+
brew install keys-pub/tap/libfido2
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
### Windows
|
|
112
|
+
|
|
113
|
+
```shell
|
|
114
|
+
scoop bucket add keys.pub https://github.com/keys-pub/scoop-bucket
|
|
115
|
+
scoop install libfido2
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
|
|
119
|
+
### Building libfido2
|
|
120
|
+
|
|
121
|
+
#### macOS
|
|
122
|
+
|
|
123
|
+
```shell
|
|
124
|
+
export CFLAGS="-I/usr/local/include -I/usr/local/opt/openssl@1.1/include"
|
|
125
|
+
export LDFLAGS="-L/usr/local/lib -L/usr/local/opt/openssl@1.1/lib/"
|
|
126
|
+
(rm -rf build && mkdir build && cd build && cmake ..) && make -C build
|
|
127
|
+
```
|