Commit e24d7bc7 authored by ale's avatar ale

Base64-encode U2F data sent over the public API

Create "better" JSON, rather than just dumping binary strings in it.
parent 21fb9b21
Pipeline #2559 passed with stages
in 4 minutes and 16 seconds
package backend
import (
"encoding/base64"
as "git.autistici.org/ai3/accountserver"
ct "git.autistici.org/ai3/go-common/ldap/compositetypes"
)
// Note: all functions below deliberately ignore deserialization
// errors (the broken entry is just skipped). This way, broken data in
// the database will be invisible and not break the app. Not that it
// is an overall better strategy than crashing, but it's a bit gentler
// on the user.
func newAppSpecificPassword(info as.AppSpecificPasswordInfo, pw string) *ct.AppSpecificPassword {
return &ct.AppSpecificPassword{
ID: info.ID,
......@@ -78,10 +86,12 @@ func decodeU2FRegistrations(encRegs []string) []*as.U2FRegistration {
var out []*as.U2FRegistration
for _, enc := range encRegs {
if r, err := ct.UnmarshalU2FRegistration(enc); err == nil {
// Mirror ct.U2FRegistration -> as.U2FRegistration.
// Convert ct.U2FRegistration (internal) ->
// as.U2FRegistration (public) by
// base64-encoding the data.
out = append(out, &as.U2FRegistration{
KeyHandle: r.KeyHandle,
PublicKey: r.PublicKey,
KeyHandle: base64.StdEncoding.EncodeToString(r.KeyHandle),
PublicKey: base64.StdEncoding.EncodeToString(r.PublicKey),
})
}
}
......@@ -91,10 +101,20 @@ func decodeU2FRegistrations(encRegs []string) []*as.U2FRegistration {
func encodeU2FRegistrations(regs []*as.U2FRegistration) []string {
var out []string
for _, r := range regs {
// Mirror as.U2FRegistration -> ct.U2FRegistration.
// Convert as.U2FRegistration (public) ->
// ct.U2FRegistration (internal) by base64-decoding
// the data.
kh, err := base64.StdEncoding.DecodeString(r.KeyHandle)
if err != nil {
continue
}
pk, err := base64.StdEncoding.DecodeString(r.PublicKey)
if err != nil {
continue
}
ctr := ct.U2FRegistration{
KeyHandle: r.KeyHandle,
PublicKey: r.PublicKey,
KeyHandle: kh,
PublicKey: pk,
}
out = append(out, ctr.Marshal())
}
......
......@@ -591,10 +591,10 @@ func getHostingDir(path, siteRoot string) string {
// U2FRegistration stores information on a single U2F device registration.
//
// This is a mirror of compositetypes.U2FRegistration, but it is
// duplicated since this is part of our public interface, and
// compositetypes is a detail of the LDAP backend implementation.
// This mirrors closely compositetypes.U2FRegistration, with the very
// important difference that the data here is base64-encoded! Can't
// reliably push arbitrary binary data through JSON otherwise.
type U2FRegistration struct {
KeyHandle []byte `json:"key_handle"`
PublicKey []byte `json:"public_key"`
KeyHandle string `json:"key_handle"`
PublicKey string `json:"public_key"`
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment