Documentation
¶
Index ¶
- Constants
- Variables
- func ParseTimeoutString(timeout string) (int, error)
- func SyncClientTimeoutOpt(timeout int) func(*SyncClient)
- func ValidateID(str string) (uint64, error)
- func ValidateNonce(nonce string) error
- func ValidateSignature(hash, cipher string, key []byte) error
- type BaseRequest
- type HTTPDoer
- type HTTPDoerFunc
- type Status
- type SyncClient
- type SyncRequest
- type SyncValue
- type Synchronizer
- type SynchronizerFactory
- type SynchronizerFunc
- type Verifier
- type VerifierFactory
- type VerifierFunc
- type VerifyRequest
- type YKVal
- type YubikeyDBMapperFactory
Constants ¶
const ( RelTolerance = 0.3 AbsTolerance = 20 SyncTimeout = 2 SyncFast SyncValue = 1 SyncSecure SyncValue = 40 SyncDefault SyncValue = 60 KeyClockFreq = float64(1) / float64(8) )
const (
// SyncResp is the format of the standard synchronize response from a YKVal module
SyncResp = "OK counter=%d use=%d high=%d low=%d"
)
Variables ¶
var ( // ErrInvalidTimeout is propagated when parsing of timeout fails or is invalid ErrInvalidTimeout = fmt.Errorf("invalid timeout string") // ErrInvalidSync is propagated when parsing of sync fails or is invalid ErrInvalidSync = fmt.Errorf("invalid sync string") )
var ( // ErrNoID is returned when no identifier is provided ErrNoID = fmt.Errorf("no ID provided") // ErrInvalidID is returned when the identifier is invalid ErrInvalidID = fmt.Errorf("invalid ID format") // ErrNoNonce is returned when nonce string is not provided ErrNoNonce = errors.New("no nonce provided") // ErrInvalidNonce is returned when the nonce string format is invalid ErrInvalidNonce = errors.New("invalid nonce format") // ErrNoClient is returned when no matching client can be found ErrNoClient = fmt.Errorf("no matching client") // ErrInvalidSignature is returned when the HMAC signature is invalid ErrInvalidSignature = fmt.Errorf("invalid signature") // ErrDelayedOTP is returned when OTP is out of date ErrDelayedOTP = fmt.Errorf("delayed OTP") // ErrReplayedOTP is returned when OTP as already been seen ErrReplayedOTP = fmt.Errorf("replayed OTP") // ErrReplayedRequest is returned when the request as already been seen ErrReplayedRequest = fmt.Errorf("replayed request") // ErrNotEnoughAnswers is returned when there is not enough answers for consensus ErrNotEnoughAnswers = fmt.Errorf("not enough answers") // ErrMissingParameter is returned when we miss one or more parameter ErrMissingParameter = fmt.Errorf("parameter missing") // ErrOperationNotAllowed is returned when something forbidden is requested ErrOperationNotAllowed = fmt.Errorf("operation not allowed") // ErrBackend is returned when some of the backend return an internal error ErrBackend = fmt.Errorf("backend error") // ErrUnknown is returned when something unexpected occurs ErrUnknown = fmt.Errorf("unknown error") )
Functions ¶
func ParseTimeoutString ¶
ParseTimeoutString parse timeout as a string to an int
func SyncClientTimeoutOpt ¶
func SyncClientTimeoutOpt(timeout int) func(*SyncClient)
SyncClientTimeoutOpt setter for private fields used at initialization
func ValidateID ¶
ValidateID checks the string identifier format
func ValidateNonce ¶
ValidateNonce checks the nonce string format
func ValidateSignature ¶
ValidateSignature checks if the signature is valid with the given key
Types ¶
type BaseRequest ¶
BaseRequest structure represents the common fields of the Yubico validation protocol https://developers.yubico.com/yubikey-val/Validation_Protocol_V2.0.html#_request
func ParseBaseRequest ¶
func ParseBaseRequest(logger zerolog.Logger, loader yubico.ClientLoader, values url.Values) (req BaseRequest, err error)
ParseBaseRequest parse a url.Values structure and return a BaseRequest object
type HTTPDoer ¶
HTTPDoer is an interface abstracting the Do function allowing us to plug alternative flows
type HTTPDoerFunc ¶
HTTPDoerFunc is a wrapper for a function to implement the HttpDoer interface
type Status ¶
type Status int
Status is the binding to a status code
const ( // UnknownStatus is the default base status UnknownStatus Status = iota // Ok the OTP is valid Ok // BadOTP the OTP is invalid format BadOTP // ReplayedOTP the OTP has already been seen by the service. ReplayedOTP // BadSignature the HMAC signature verification failed. BadSignature // MissingParameter the request lacks a parameter. MissingParameter // NoSuchClient the request id does not exist. NoSuchClient // OperationNotAllowed the request id is not allowed to verify OTPs. OperationNotAllowed // BackendError unexpected error in our server. Please contact us if you see this error. BackendError // NotEnoughAnswers server could not get requested number of syncs during before timeout NotEnoughAnswers // ReplayedRequest server has seen the OTP/Nonce combination before ReplayedRequest )
type SyncClient ¶
type SyncClient struct {
zerolog.Logger
HTTPDoer
SyncRequest
// contains filtered or unexported fields
}
SyncClient is responsible to handle sync request lifecycle
func NewSyncClient ¶
func NewSyncClient(options ...func(*SyncClient)) *SyncClient
NewSyncClient creates a new instance of the SyncClient structure by passing options you can set up some internal fields
func (*SyncClient) Cancel ¶
func (sc *SyncClient) Cancel()
Cancel propagate the cancellation to the internal http.Client
func (*SyncClient) Context ¶
func (sc *SyncClient) Context() context.Context
Context is a getter of the internal context.Context
type SyncRequest ¶
SyncRequest structure represents the fields of a synchronization request
func CreateSync ¶
func CreateSync(req VerifyRequest, ykey *yubico.Yubikey) SyncRequest
CreateSync creates a new SyncRequest with proper fields setup
func ParseSyncRequest ¶
func ParseSyncRequest(logger zerolog.Logger, loader yubico.ClientLoader, values url.Values) (req SyncRequest, err error)
ParseSyncRequest parse url.Values structure and return a SyncRequest object
func (SyncRequest) String ¶
func (sr SyncRequest) String() string
String dump a SyncRequest into a readable string
func (SyncRequest) Token ¶
func (sr SyncRequest) Token() *yubico.Token
Token creates a token out of a SyncRequest
func (SyncRequest) Values ¶
func (sr SyncRequest) Values() url.Values
Values transform a SyncRequest into a url.Values structure
type SyncValue ¶
type SyncValue int
SyncValue is the synchronization percentage we need to reach to validate synchronization
func ParseSyncString ¶
ParseSyncString parses synch string to an int
type Synchronizer ¶
type Synchronizer interface {
Synchronize(request SyncRequest) (*yubico.Yubikey, error)
}
Synchronizer interface abstract the handling of a synchronize request
type SynchronizerFactory ¶
type SynchronizerFactory func(zerolog.Logger) Synchronizer
SynchronizerFactory is currying a Synchronizer to inject a logger on each request
type SynchronizerFunc ¶
type SynchronizerFunc func(SyncRequest) (*yubico.Yubikey, error)
SynchronizerFunc is a wrapper for a function to implement the Synchronizer interface
func (SynchronizerFunc) Synchronize ¶
func (sf SynchronizerFunc) Synchronize(r SyncRequest) (*yubico.Yubikey, error)
Synchronize wraps a function to implement Synchronizer interface
type Verifier ¶
type Verifier interface {
Verify(VerifyRequest) (*yubico.Yubikey, error)
}
Verifier interface abstracts the verification of the token over network clients
type VerifierFactory ¶
VerifierFactory is currying a Verifier to inject a logger on each request
type VerifierFunc ¶
type VerifierFunc func(VerifyRequest) (*yubico.Yubikey, error)
VerifierFunc is a wrapper for a function to implement the Verifier interface
func (VerifierFunc) Verify ¶
func (vf VerifierFunc) Verify(r VerifyRequest) (*yubico.Yubikey, error)
Verify wraps a function to implement Verify interface
type VerifyRequest ¶
type VerifyRequest struct {
BaseRequest
Timestamp bool
Sl SyncValue
Timeout int
}
VerifyRequest structure represents the fields of a verification request
func ParseVerifyRequest ¶
func ParseVerifyRequest(logger zerolog.Logger, loader yubico.ClientLoader, values url.Values) (req VerifyRequest, err error)
ParseVerifyRequest parse url.Values structure and return a VerifyRequest object
func (VerifyRequest) String ¶
func (vr VerifyRequest) String() string
String dump a VerifyRequest into a readable string
type YKVal ¶
type YKVal struct {
zerolog.Logger
ykksm.DecrypterFactory
YubikeyDBMapperFactory
Servers []string
SyncClientOpts []func(*SyncClient)
}
YKVal struct handles the features of the yubico YKVal module
func NewYKVal ¶
func NewYKVal(mapper YubikeyDBMapperFactory, options ...func(*YKVal)) *YKVal
NewYKVal creates a new instance of YKVal with sensible default
func (*YKVal) Phishing ¶
Phishing performs some time check in order to detect potential interception of a token
func (*YKVal) Synchronize ¶
func (y *YKVal) Synchronize(req SyncRequest) (*yubico.Yubikey, error)
Synchronize handle the synchronize request and check against internal state
type YubikeyDBMapperFactory ¶
type YubikeyDBMapperFactory func(zerolog.Logger) yubico.YubikeyDBMapper
YubikeyDBMapperFactory is currying a YubikeyDBMapper to inject a logger on each request
Source Files