Merge pull request #10 from ryankurte/fix/keyhandle-encoding

Switched to base64 encoding keyhandles, yubikey ones are not legit.
ryankurte · Nov 3, 2016 · 3c596e9 · 3c596e9
2 parents a27dbb9 + 0a940a5
commit 3c596e9
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 55 deletions.
diff --git a/auth.go b/auth.go
@@ -25,7 +25,7 @@ func (c *Challenge) SignRequest() *SignRequestMessage {
 	for _, r := range c.RegisteredKeys {
 		key := registeredKey{
 			Version:   u2fVersion,
-			KeyHandle: encodeBase64([]byte(r.KeyHandle))}
+			KeyHandle: r.KeyHandle}
 		m.RegisteredKeys = append(m.RegisteredKeys, key)
 	}
 

diff --git a/registration.go b/registration.go
@@ -57,7 +57,7 @@ func (r *registrationRaw) MarshalBinary() ([]byte, error) {
 func (reg *registrationRaw) ToRegistration() *Registration {
 
 	// Convert to strings
-	keyHandleString := string(reg.KeyHandle)
+	keyHandleString := encodeBase64(reg.KeyHandle)
 	publicKeyString := encodeBase64(elliptic.Marshal(reg.PublicKey.Curve, reg.PublicKey.X, reg.PublicKey.Y))
 	certString := encodeBase64(reg.AttestationCert.Raw)
 
@@ -76,7 +76,7 @@ func (reg *registrationRaw) ToRegistration() *Registration {
 func (reg *registrationRaw) FromRegistration(r Registration) error {
 
 	// Convert and set fields
-	reg.KeyHandle = []byte(r.KeyHandle)
+	reg.KeyHandle, _ = decodeBase64(r.KeyHandle)
 
 	// Public key
 	publicKeyDecoded, err := decodeBase64(r.PublicKey)

diff --git a/registration_test.go b/registration_test.go
@@ -1,46 +1,46 @@
 package u2f
 
 import (
-    "crypto/ecdsa"
-    "crypto/elliptic"
-    "crypto/rand"
-    "crypto/x509"
-    "encoding/hex"
-    "reflect"
-    "testing"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/hex"
+	"reflect"
+	"testing"
 )
 
 func TestRegistrationRawConversion(t *testing.T) {
-    privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-    certBytes, _ := hex.DecodeString(fakeCert)
-    cert, _ := x509.ParseCertificate(certBytes)
+	privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	certBytes, _ := hex.DecodeString(fakeCert)
+	cert, _ := x509.ParseCertificate(certBytes)
 
-    reg := &registrationRaw{
-        KeyHandle:       []byte("Fake key handle"),
-        PublicKey:       privateKey.PublicKey,
-        Counter:         7,
-        AttestationCert: cert,
-    }
+	reg := &registrationRaw{
+		KeyHandle:       []byte("Fake key handle"),
+		PublicKey:       privateKey.PublicKey,
+		Counter:         7,
+		AttestationCert: cert,
+	}
 
-    r := reg.ToRegistration()
+	r := reg.ToRegistration()
 
-    reg2 := &registrationRaw{}
+	reg2 := &registrationRaw{}
 
-    reg2.FromRegistration(*r)
+	reg2.FromRegistration(*r)
 
-    if !reflect.DeepEqual(reg.KeyHandle, reg2.KeyHandle) {
-        t.Errorf("KeyHandle mismatch")
-    }
+	if !reflect.DeepEqual(reg.KeyHandle, reg2.KeyHandle) {
+		t.Errorf("KeyHandle mismatch")
+	}
 
-    if !reflect.DeepEqual(reg.PublicKey, reg2.PublicKey) {
-        t.Errorf("PublicKey mismatch")
-    }
+	if !reflect.DeepEqual(reg.PublicKey, reg2.PublicKey) {
+		t.Errorf("PublicKey mismatch")
+	}
 
-    if !reg.AttestationCert.Equal(reg2.AttestationCert) {
-        t.Errorf("Attestation certificate mismatch")
-    }
+	if !reg.AttestationCert.Equal(reg2.AttestationCert) {
+		t.Errorf("Attestation certificate mismatch")
+	}
 
-    if reg.Counter != reg2.Counter {
-        t.Errorf("Counter mismatch")
-    }
-}
+	if reg.Counter != reg2.Counter {
+		t.Errorf("Counter mismatch")
+	}
+}
diff --git a/u2fdemo/main.go b/u2fdemo/main.go
@@ -11,7 +11,7 @@ import (
 	"log"
 	"net/http"
 
-    "github.com/ryankurte/go-u2f"
+	"github.com/ryankurte/go-u2f"
 )
 
 const appID = "https://localhost:3483"

diff --git a/util.go b/util.go
@@ -95,24 +95,24 @@ const timeout = 5 * time.Minute
 
 // Errors for external use
 var (
-    // Authentication errors
-    ErrCounterLow = errors.New("u2f: counter not increasing")
-    ErrRandomGen = errors.New("u2f: unable to generate random bytes")
-    ErrUntrustedFacet = errors.New("u2f: untrusted facet id")
-    ErrWrongKeyHandle = errors.New("u2f: wrong key handle")
-    ErrChallengeExpired = errors.New("u2f: challenge has expired")
-    ErrChallengeMismatch = errors.New("u2f: challenge does not match")
-    ErrUserNotPresent = errors.New("u2f: user was not present")
-
-    // Parser errors
-    ErrDataShort = errors.New("u2f: data is too short")
-    ErrTrailingData = errors.New("u2f: trailing data")
-
-    ErrInvalidPresense = errors.New("u2f: invalid user presence byte")
-    ErrInvalidSig = errors.New("u2f: invalid signature")
-    ErrInvalidReservedByte = errors.New("u2f: invalid reserved byte")
-    ErrInvalidPublicKey = errors.New("u2f: invalid public key")
-    ErrInvalidKeyHandle = errors.New("u2f: invalid key handle")
+	// Authentication errors
+	ErrCounterLow        = errors.New("u2f: counter not increasing")
+	ErrRandomGen         = errors.New("u2f: unable to generate random bytes")
+	ErrUntrustedFacet    = errors.New("u2f: untrusted facet id")
+	ErrWrongKeyHandle    = errors.New("u2f: wrong key handle")
+	ErrChallengeExpired  = errors.New("u2f: challenge has expired")
+	ErrChallengeMismatch = errors.New("u2f: challenge does not match")
+	ErrUserNotPresent    = errors.New("u2f: user was not present")
+
+	// Parser errors
+	ErrDataShort    = errors.New("u2f: data is too short")
+	ErrTrailingData = errors.New("u2f: trailing data")
+
+	ErrInvalidPresense     = errors.New("u2f: invalid user presence byte")
+	ErrInvalidSig          = errors.New("u2f: invalid signature")
+	ErrInvalidReservedByte = errors.New("u2f: invalid reserved byte")
+	ErrInvalidPublicKey    = errors.New("u2f: invalid public key")
+	ErrInvalidKeyHandle    = errors.New("u2f: invalid key handle")
 )
 
 // Decode websafe base64

diff --git a/util_test.go b/util_test.go
@@ -40,4 +40,3 @@ func TestVerifyClientDataWithChannelId(t *testing.T) {
 }
 
 const fakeCert = "3082013c3081e4a003020102020a47901280001155957352300a06082a8648ce3d0403023017311530130603550403130c476e756262792050696c6f74301e170d3132303831343138323933325a170d3133303831343138323933325a3031312f302d0603550403132650696c6f74476e756262792d302e342e312d34373930313238303030313135353935373335323059301306072a8648ce3d020106082a8648ce3d030107034200048d617e65c9508e64bcc5673ac82a6799da3c1446682c258c463fffdf58dfd2fa3e6c378b53d795c4a4dffb4199edd7862f23abaf0203b4b8911ba0569994e101300a06082a8648ce3d0403020347003044022060cdb6061e9c22262d1aac1d96d8c70829b2366531dda268832cb836bcd30dfa0220631b1459f09e6330055722c8d89b7f48883b9089b88d60d1d9795902b30410df"
-
diff --git a/virtualkey.go b/virtualkey.go
@@ -225,6 +225,7 @@ func (vk *VirtualKey) HandleAuthenticationRequest(req SignRequestMessage) (*Sign
 	// Find the registered key for this service
 	for _, k := range req.RegisteredKeys {
 		kh, _ := decodeBase64(k.KeyHandle)
+
 		ki := vk.getKeyByAppIDAndKeyHandle(req.AppID, string(kh))
 		if ki != nil {
Original file line number	Diff line number	Diff line change
Expand Up		@@ -40,4 +40,3 @@ func TestVerifyClientDataWithChannelId(t *testing.T) {
		}

		const fakeCert = "3082013c3081e4a003020102020a47901280001155957352300a06082a8648ce3d0403023017311530130603550403130c476e756262792050696c6f74301e170d3132303831343138323933325a170d3133303831343138323933325a3031312f302d0603550403132650696c6f74476e756262792d302e342e312d34373930313238303030313135353935373335323059301306072a8648ce3d020106082a8648ce3d030107034200048d617e65c9508e64bcc5673ac82a6799da3c1446682c258c463fffdf58dfd2fa3e6c378b53d795c4a4dffb4199edd7862f23abaf0203b4b8911ba0569994e101300a06082a8648ce3d0403020347003044022060cdb6061e9c22262d1aac1d96d8c70829b2366531dda268832cb836bcd30dfa0220631b1459f09e6330055722c8d89b7f48883b9089b88d60d1d9795902b30410df"