A server side implementation of the FIDO U2F specification in GO, based on tstranex/u2f.
This fork alters the API to simplify implementation, handle multiple tokens, and to correspond better to the U2F JavaScript specification.
This also includes a virtual token implementation for integration testing, see virtualkey_test.go for an example.
- Native Go implementation
- No dependencies other than the Go standard library
- Token attestation certificate verification
Components working, API subject to change as better interfaces are realised. Suggest installation with gopkg.in/ryankurte/go-u2f.v0
and/or making sure you have reasonable tests.
Please visit http://godoc.org/github.com/ryankurte/go-u2f for the full documentation.
// Fetch registration entries from the database
var registeredKeys []u2f.Registration
app_id := "http://localhost"
// Generate registration request
c1, _ := u2f.NewChallenge(app_id, []string{app_id}, registeredKeys)
req, _ := c1.RegisterRequest()
// Send request to browser
...
// Save challenge to session
...
// Read challenge from session
var c1 u2f.Challenge
// Read response from the browser
var resp u2f.RegisterResponse
// Perform registration
reg, err := c1.Register(resp)
if err != nil {
// Registration failed.
}
// Store registration in the database against a user
...
// Fetch registration entries for a user from the database
var registeredKeys []Registration
app_id := "http://localhost"
// Generate authentication request
c2, _ := u2f.NewChallenge(app_id, []string{app_id}, registeredKeys)
req, _ := c2.SignRequest()
// Send request to browser
...
// Save challenge to session
...
// Read challenge from session
var c2 u2f.Challenge
// Read response from the browser
var resp SignResponse
// Perform authentication
reg, err := c2.Authenticate(resp)
if err != nil {
// Authentication failed.
}
// Store updated registration (usage count) in the database
...
The u2f.RegisterRequestMessage and u2f.SignRequestMessage structures are directly serialisable, giving the following:
u2f.register(req.appId, req.registerRequests, req.registeredKeys, registerCallback, timeout);
u2f.sign(req.appId, req.challenge, req.registeredKeys, signCallback, timeout);
See u2fdemo/main.go for an example.
$ go get github.com/ryankurte/go-u2f
See u2fdemo/main.go for an full example server. To run it:
$ go install github.com/ryankurte/go-u2f/u2fdemo
$ ./bin/u2fdemo
Or with from the repository:
$ go run u2fdemo/*
Open https://localhost:3483 in Chrome. Ignore the SSL warning (due to the self-signed certificate for localhost). You can then test registering and authenticating using your token.
The Go FIDO U2F Library is licensed under the MIT License.
If you have any questions, comments, or suggestions, feel free to open an issue or a pull request.