2024-02-09 20:48:44 +01:00
|
|
|
package pincache
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
|
|
|
|
"github.com/awnumar/memguard"
|
2024-05-04 01:06:24 +02:00
|
|
|
"github.com/quexten/goldwarden/cli/agent/systemauth/biometrics"
|
2024-02-09 20:48:44 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
var cachedPin *memguard.Enclave
|
|
|
|
|
|
|
|
func SetPin(useMemguard bool, pin []byte) {
|
|
|
|
cachedPin = memguard.NewEnclave(pin)
|
|
|
|
}
|
|
|
|
|
|
|
|
func GetPin() ([]byte, error) {
|
|
|
|
approved := biometrics.CheckBiometrics(biometrics.SSHKey)
|
|
|
|
if approved {
|
2024-04-28 17:25:37 +02:00
|
|
|
buffer, err := cachedPin.Open()
|
2024-02-09 20:48:44 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2024-04-28 17:25:37 +02:00
|
|
|
return buffer.Bytes(), nil
|
2024-02-09 20:48:44 +01:00
|
|
|
} else {
|
|
|
|
return nil, errors.New("biometrics not approved")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func HasPin() bool {
|
|
|
|
return cachedPin != nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func ClearPin() {
|
|
|
|
pin, err := cachedPin.Open()
|
|
|
|
if err != nil {
|
|
|
|
cachedPin = nil
|
|
|
|
return
|
|
|
|
}
|
|
|
|
pin.Destroy()
|
|
|
|
cachedPin = nil
|
|
|
|
}
|