Documentation
¶
Overview ¶
Package airgap defines the KerPass "airgap" messages. Those messages (aka PDU) are exchanged in conversations between the CardAgent & CardApp over AirGap.
Index ¶
Constants ¶
const ( // Tag in range 0-23 have a 1 byte long CBOR encoding that is (192 + Tag value) // Tag in range 16-23 are preferred as they are not currently assigned TagAgentCardCreate = 16 TagAgentCardChallenge = 17 TagAppOTK = 16 )
const (
// All package errors are wrapping Error
Error = errorFlag("airgap: error")
)
Variables ¶
This section is empty.
Functions ¶
func MarshalAgentMsg ¶
MarshalAgentMsg validates and CBOR-marshals an AgentMsg with its proper CBOR tag.
func MarshalAppMsg ¶
MarshalAppMsg validates and CBOR-marshals an AppMsg with its proper CBOR tag.
Types ¶
type AgentCardChallenge ¶
type AgentCardChallenge struct {
// Realm of the Cards than can be used to generate the OTP/OTK
RealmId []byte `json:"rId" cbor:"1,keyasint"`
// Context hash calculated by the CardAgent based on Request acquired parameters such as session id, login page url, TLS certificate...
Context []byte `json:"ctx" cbor:"2,keyasint"`
// EPHEMSEC scheme in compressed form
Scheme uint16 `json:"scheme" cbor:"3,keyasint"`
// One time pad used to mask generated OTP
// This pad prevent usage of keyboard entered OTP by a malicious App acting as the CardAgent...
OtpPad []byte `json:"pad" cbor:"4,keyasint,omitempty"`
// Server Ephemeral public key
E credentials.PublicKeyHandle `json:"E" cbor:"5,keyasint"`
// Server Static public key
// Empty when Scheme KeyExchange pattern is E1S1
S credentials.PublicKeyHandle `json:"S" cbor:"6,keyasint,omitzero"`
// Server generated nonce
INonce []byte `json:"nonce" cbor:"7,keyasint"`
}
AgentCardChallenge requests OTP/OTK generation from CardApp for a specific Realm.
func (*AgentCardChallenge) AgentTag ¶
func (self *AgentCardChallenge) AgentTag() uint64
AgentTag returns TagAgentCardChallenge for CBOR marshaling.
func (*AgentCardChallenge) Check ¶
func (self *AgentCardChallenge) Check() error
Check returns an error if the AgentCardChallenge is invalid.
type AgentCardCreate ¶
type AgentCardCreate struct {
// Realm identifier (min 32 bytes)
RealmId []byte `json:"rId" cbor:"1,keyasint"`
// Authorization ID (min 32 bytes)
AuthorizationId []byte `json:"authId" cbor:"2,keyasint"`
// Authentication server URL (max 128 chars)
AuthServerUrl string `json:"asu" cbor:"3,keyasint"`
}
AgentCardCreate is sent by the CardAgent to the CardApp to initiate new Card creation
func (*AgentCardCreate) AgentTag ¶
func (self *AgentCardCreate) AgentTag() uint64
AgentTag returns TagAgentCardCreate for CBOR marshaling.
func (*AgentCardCreate) Check ¶
func (self *AgentCardCreate) Check() error
Check returns an error if the AgentCardCreate is invalid.
type AgentMsg ¶
type AgentMsg interface {
// AgentTag returns the CBOR tag value to use when marshaling to CBOR.
AgentTag() uint64
}
AgentMsg is implemented by all message types that may be sent by the CardAgent.
func UnmarshalAgentMsg ¶
UnmarshalAgentMsg CBOR-unmarshals data into the correct AgentMsg type based on its CBOR tag. It errors if the resulting message is invalid.
type AppMsg ¶
type AppMsg interface {
// AppTag returns the CBOR tag value to use when marshaling to CBOR.
AppTag() uint64
}
AppMsg is implemented by all message types that may be sent by the CardApp.
func UnmarshalAppMsg ¶
UnmarshalAppMsg CBOR-unmarshals data into the correct AppMsg type based on its CBOR tag. It errors if the resulting message is invalid.
type AppOTK ¶
type AppOTK struct {
// CardId as registered with authentication server
CardId []byte `json:"cId" cbor:"1,keyasint"`
// CardApp generated OTK
OTK []byte `json:"otk" cbor:"2,keyasint"`
// CardApp Ephemeral public key
// Used when Scheme KeyExchange pattern is E2S2
E credentials.PublicKeyHandle `json:"E" cbor:"3,keyasint,omitzero"`
}
AppOTK is sent by CardApp to Agent in response to AgentCardChallenge.
Source Files