Improve support for YK5
This commit is contained in:
parent
481c885be9
commit
73b6aef9d9
37
main.go
37
main.go
@ -25,32 +25,43 @@ func setPassword(s *ykoath.Select) error {
|
|||||||
|
|
||||||
bytePassword, err := term.ReadPassword(syscall.Stdin)
|
bytePassword, err := term.ReadPassword(syscall.Stdin)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
slog.Error("failed reading password from input")
|
return fmt.Errorf("failed reading password from input: %w", err)
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// get password
|
password := string(bytePassword)
|
||||||
key := s.DeriveKey(string(bytePassword))
|
|
||||||
|
|
||||||
|
// get key
|
||||||
|
key := s.DeriveKey(password)
|
||||||
|
|
||||||
|
// verify password is correct with a validate call
|
||||||
ok, err := oath.Validate(s, key)
|
ok, err := oath.Validate(s, key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return fmt.Errorf("error in validate: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ok {
|
if !ok {
|
||||||
return errFailedValidation
|
return errFailedValidation
|
||||||
}
|
}
|
||||||
|
|
||||||
return keyring.Set(
|
err = keyring.Set(
|
||||||
serviceName,
|
serviceName,
|
||||||
s.DeviceID(),
|
s.DeviceID(),
|
||||||
string(key),
|
password,
|
||||||
)
|
)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("error saving password in keyring: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func getPassword(s *ykoath.Select) (string, error) {
|
return nil
|
||||||
return keyring.Get(serviceName, s.DeviceID())
|
}
|
||||||
|
|
||||||
|
func getPasskey(s *ykoath.Select) ([]byte, error) {
|
||||||
|
password, err := keyring.Get(serviceName, s.DeviceID())
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error retrieving key from keyring: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return s.DeriveKey(password), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
@ -88,15 +99,17 @@ func main() {
|
|||||||
|
|
||||||
// If required, authenticate with password from keychain
|
// If required, authenticate with password from keychain
|
||||||
if s.Challenge != nil {
|
if s.Challenge != nil {
|
||||||
passKey, err := getPassword(s)
|
passKey, err := getPasskey(s)
|
||||||
slog.FatalOnErr(err, "failed retrieving password key")
|
slog.FatalOnErr(err, "failed retrieving password key")
|
||||||
|
|
||||||
ok, err := oath.Validate(s, []byte(passKey))
|
ok, err := oath.Validate(s, passKey)
|
||||||
slog.FatalOnErr(err, "validation failed")
|
slog.FatalOnErr(err, "validation failed")
|
||||||
|
|
||||||
if !ok {
|
if !ok {
|
||||||
slog.Fatal("failed validation, password is incorrect")
|
slog.Fatal("failed validation, password is incorrect")
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
slog.Debug("no challenge required")
|
||||||
}
|
}
|
||||||
|
|
||||||
if flag.Arg(0) == "list" {
|
if flag.Arg(0) == "list" {
|
||||||
|
2
ykoath
2
ykoath
@ -1 +1 @@
|
|||||||
Subproject commit b083034539df4a37cb676af7afd7abd3d9f3ec4f
|
Subproject commit fd081cb213d030585bfdd03305e03bff4d6e7a09
|
Loading…
Reference in New Issue
Block a user