]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
1c0c4a43 LP |
2 | |
3 | #if HAVE_LIBFIDO2 | |
4 | #include <fido.h> | |
5 | #endif | |
6 | ||
7 | #include "ask-password-api.h" | |
8 | #include "errno-util.h" | |
9 | #include "format-table.h" | |
10 | #include "hexdecoct.h" | |
11 | #include "homectl-fido2.h" | |
2af3966a | 12 | #include "homectl-pkcs11.h" |
1c0c4a43 | 13 | #include "libcrypt-util.h" |
69cb2896 | 14 | #include "libfido2-util.h" |
1c0c4a43 LP |
15 | #include "locale-util.h" |
16 | #include "memory-util.h" | |
17 | #include "random-util.h" | |
18 | #include "strv.h" | |
19 | ||
20 | #if HAVE_LIBFIDO2 | |
21 | static int add_fido2_credential_id( | |
22 | JsonVariant **v, | |
23 | const void *cid, | |
24 | size_t cid_size) { | |
25 | ||
26 | _cleanup_(json_variant_unrefp) JsonVariant *w = NULL; | |
27 | _cleanup_strv_free_ char **l = NULL; | |
28 | _cleanup_free_ char *escaped = NULL; | |
29 | int r; | |
30 | ||
31 | assert(v); | |
32 | assert(cid); | |
33 | ||
34 | r = base64mem(cid, cid_size, &escaped); | |
35 | if (r < 0) | |
36 | return log_error_errno(r, "Failed to base64 encode FIDO2 credential ID: %m"); | |
37 | ||
38 | w = json_variant_ref(json_variant_by_key(*v, "fido2HmacCredential")); | |
39 | if (w) { | |
40 | r = json_variant_strv(w, &l); | |
41 | if (r < 0) | |
42 | return log_error_errno(r, "Failed to parse FIDO2 credential ID list: %m"); | |
43 | ||
44 | if (strv_contains(l, escaped)) | |
45 | return 0; | |
46 | } | |
47 | ||
48 | r = strv_extend(&l, escaped); | |
49 | if (r < 0) | |
50 | return log_oom(); | |
51 | ||
52 | w = json_variant_unref(w); | |
53 | r = json_variant_new_array_strv(&w, l); | |
54 | if (r < 0) | |
55 | return log_error_errno(r, "Failed to create FIDO2 credential ID JSON: %m"); | |
56 | ||
57 | r = json_variant_set_field(v, "fido2HmacCredential", w); | |
58 | if (r < 0) | |
59 | return log_error_errno(r, "Failed to update FIDO2 credential ID: %m"); | |
60 | ||
61 | return 0; | |
62 | } | |
63 | ||
64 | static int add_fido2_salt( | |
65 | JsonVariant **v, | |
66 | const void *cid, | |
67 | size_t cid_size, | |
68 | const void *fido2_salt, | |
69 | size_t fido2_salt_size, | |
70 | const void *secret, | |
71 | size_t secret_size) { | |
72 | ||
73 | _cleanup_(json_variant_unrefp) JsonVariant *l = NULL, *w = NULL, *e = NULL; | |
0e98d17e | 74 | _cleanup_(erase_and_freep) char *base64_encoded = NULL, *hashed = NULL; |
1c0c4a43 LP |
75 | int r; |
76 | ||
1c0c4a43 LP |
77 | /* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends |
78 | * expect a NUL terminated string, and we use a binary key */ | |
79 | r = base64mem(secret, secret_size, &base64_encoded); | |
80 | if (r < 0) | |
81 | return log_error_errno(r, "Failed to base64 encode secret key: %m"); | |
82 | ||
0e98d17e ZJS |
83 | r = hash_password(base64_encoded, &hashed); |
84 | if (r < 0) | |
1c0c4a43 LP |
85 | return log_error_errno(errno_or_else(EINVAL), "Failed to UNIX hash secret key: %m"); |
86 | ||
87 | r = json_build(&e, JSON_BUILD_OBJECT( | |
88 | JSON_BUILD_PAIR("credential", JSON_BUILD_BASE64(cid, cid_size)), | |
89 | JSON_BUILD_PAIR("salt", JSON_BUILD_BASE64(fido2_salt, fido2_salt_size)), | |
0e98d17e | 90 | JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(hashed)))); |
1c0c4a43 LP |
91 | if (r < 0) |
92 | return log_error_errno(r, "Failed to build FIDO2 salt JSON key object: %m"); | |
93 | ||
94 | w = json_variant_ref(json_variant_by_key(*v, "privileged")); | |
95 | l = json_variant_ref(json_variant_by_key(w, "fido2HmacSalt")); | |
96 | ||
97 | r = json_variant_append_array(&l, e); | |
98 | if (r < 0) | |
99 | return log_error_errno(r, "Failed append FIDO2 salt: %m"); | |
100 | ||
101 | r = json_variant_set_field(&w, "fido2HmacSalt", l); | |
102 | if (r < 0) | |
103 | return log_error_errno(r, "Failed to set FDO2 salt: %m"); | |
104 | ||
105 | r = json_variant_set_field(v, "privileged", w); | |
106 | if (r < 0) | |
107 | return log_error_errno(r, "Failed to update privileged field: %m"); | |
108 | ||
109 | return 0; | |
110 | } | |
111 | #endif | |
112 | ||
113 | #define FIDO2_SALT_SIZE 32 | |
114 | ||
115 | int identity_add_fido2_parameters( | |
116 | JsonVariant **v, | |
117 | const char *device) { | |
118 | ||
119 | #if HAVE_LIBFIDO2 | |
69cb2896 LP |
120 | _cleanup_(fido_cbor_info_free_wrapper) fido_cbor_info_t *di = NULL; |
121 | _cleanup_(fido_assert_free_wrapper) fido_assert_t *a = NULL; | |
122 | _cleanup_(fido_cred_free_wrapper) fido_cred_t *c = NULL; | |
123 | _cleanup_(fido_dev_free_wrapper) fido_dev_t *d = NULL; | |
1c0c4a43 | 124 | _cleanup_(erase_and_freep) char *used_pin = NULL; |
1c0c4a43 LP |
125 | _cleanup_(erase_and_freep) void *salt = NULL; |
126 | JsonVariant *un, *realm, *rn; | |
127 | bool found_extension = false; | |
128 | const void *cid, *secret; | |
129 | const char *fido_un; | |
130 | size_t n, cid_size, secret_size; | |
131 | char **e; | |
132 | int r; | |
133 | ||
134 | /* Construction is like this: we generate a salt of 32 bytes. We then ask the FIDO2 device to | |
135 | * HMAC-SHA256 it for us with its internal key. The result is the key used by LUKS and account | |
136 | * authentication. LUKS and UNIX password auth all do their own salting before hashing, so that FIDO2 | |
137 | * device never sees the volume key. | |
138 | * | |
139 | * S = HMAC-SHA256(I, D) | |
140 | * | |
141 | * with: S → LUKS/account authentication key (never stored) | |
142 | * I → internal key on FIDO2 device (stored in the FIDO2 device) | |
143 | * D → salt we generate here (stored in the privileged part of the JSON record) | |
144 | * | |
145 | */ | |
146 | ||
147 | assert(v); | |
148 | assert(device); | |
149 | ||
69cb2896 LP |
150 | r = dlopen_libfido2(); |
151 | if (r < 0) | |
152 | return log_error_errno(r, "FIDO2 token support is not installed."); | |
153 | ||
1c0c4a43 LP |
154 | salt = malloc(FIDO2_SALT_SIZE); |
155 | if (!salt) | |
156 | return log_oom(); | |
157 | ||
158 | r = genuine_random_bytes(salt, FIDO2_SALT_SIZE, RANDOM_BLOCK); | |
159 | if (r < 0) | |
160 | return log_error_errno(r, "Failed to generate salt: %m"); | |
161 | ||
69cb2896 | 162 | d = sym_fido_dev_new(); |
1c0c4a43 LP |
163 | if (!d) |
164 | return log_oom(); | |
165 | ||
69cb2896 | 166 | r = sym_fido_dev_open(d, device); |
1c0c4a43 LP |
167 | if (r != FIDO_OK) |
168 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 169 | "Failed to open FIDO2 device %s: %s", device, sym_fido_strerr(r)); |
1c0c4a43 | 170 | |
69cb2896 | 171 | if (!sym_fido_dev_is_fido2(d)) |
1c0c4a43 LP |
172 | return log_error_errno(SYNTHETIC_ERRNO(ENODEV), |
173 | "Specified device %s is not a FIDO2 device.", device); | |
174 | ||
69cb2896 | 175 | di = sym_fido_cbor_info_new(); |
1c0c4a43 LP |
176 | if (!di) |
177 | return log_oom(); | |
178 | ||
69cb2896 | 179 | r = sym_fido_dev_get_cbor_info(d, di); |
1c0c4a43 LP |
180 | if (r != FIDO_OK) |
181 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 182 | "Failed to get CBOR device info for %s: %s", device, sym_fido_strerr(r)); |
1c0c4a43 | 183 | |
69cb2896 LP |
184 | e = sym_fido_cbor_info_extensions_ptr(di); |
185 | n = sym_fido_cbor_info_extensions_len(di); | |
1c0c4a43 LP |
186 | |
187 | for (size_t i = 0; i < n; i++) | |
188 | if (streq(e[i], "hmac-secret")) { | |
189 | found_extension = true; | |
190 | break; | |
191 | } | |
192 | ||
193 | if (!found_extension) | |
194 | return log_error_errno(SYNTHETIC_ERRNO(ENODEV), | |
195 | "Specified device %s is a FIDO2 device, but does not support the required HMAC-SECRET extension.", device); | |
196 | ||
69cb2896 | 197 | c = sym_fido_cred_new(); |
1c0c4a43 LP |
198 | if (!c) |
199 | return log_oom(); | |
200 | ||
69cb2896 | 201 | r = sym_fido_cred_set_extensions(c, FIDO_EXT_HMAC_SECRET); |
1c0c4a43 LP |
202 | if (r != FIDO_OK) |
203 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 204 | "Failed to enable HMAC-SECRET extension on FIDO2 credential: %s", sym_fido_strerr(r)); |
1c0c4a43 | 205 | |
69cb2896 | 206 | r = sym_fido_cred_set_rp(c, "io.systemd.home", "Home Directory"); |
1c0c4a43 LP |
207 | if (r != FIDO_OK) |
208 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 209 | "Failed to set FIDO2 credential relying party ID/name: %s", sym_fido_strerr(r)); |
1c0c4a43 | 210 | |
69cb2896 | 211 | r = sym_fido_cred_set_type(c, COSE_ES256); |
1c0c4a43 LP |
212 | if (r != FIDO_OK) |
213 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 214 | "Failed to set FIDO2 credential type to ES256: %s", sym_fido_strerr(r)); |
1c0c4a43 LP |
215 | |
216 | un = json_variant_by_key(*v, "userName"); | |
217 | if (!un) | |
218 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
219 | "userName field of user record is missing"); | |
220 | if (!json_variant_is_string(un)) | |
221 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
222 | "userName field of user record is not a string"); | |
223 | ||
224 | realm = json_variant_by_key(*v, "realm"); | |
225 | if (realm) { | |
226 | if (!json_variant_is_string(realm)) | |
227 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
228 | "realm field of user record is not a string"); | |
229 | ||
230 | fido_un = strjoina(json_variant_string(un), json_variant_string(realm)); | |
231 | } else | |
232 | fido_un = json_variant_string(un); | |
233 | ||
234 | rn = json_variant_by_key(*v, "realName"); | |
235 | if (rn && !json_variant_is_string(rn)) | |
236 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
237 | "realName field of user record is not a string"); | |
238 | ||
69cb2896 | 239 | r = sym_fido_cred_set_user(c, |
1c0c4a43 LP |
240 | (const unsigned char*) fido_un, strlen(fido_un), /* We pass the user ID and name as the same */ |
241 | fido_un, | |
242 | rn ? json_variant_string(rn) : NULL, | |
243 | NULL /* icon URL */); | |
244 | if (r != FIDO_OK) | |
245 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 246 | "Failed to set FIDO2 credential user data: %s", sym_fido_strerr(r)); |
1c0c4a43 | 247 | |
69cb2896 | 248 | r = sym_fido_cred_set_clientdata_hash(c, (const unsigned char[32]) {}, 32); |
1c0c4a43 LP |
249 | if (r != FIDO_OK) |
250 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 251 | "Failed to set FIDO2 client data hash: %s", sym_fido_strerr(r)); |
1c0c4a43 | 252 | |
69cb2896 | 253 | r = sym_fido_cred_set_rk(c, FIDO_OPT_FALSE); |
1c0c4a43 LP |
254 | if (r != FIDO_OK) |
255 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 256 | "Failed to turn off FIDO2 resident key option of credential: %s", sym_fido_strerr(r)); |
1c0c4a43 | 257 | |
69cb2896 | 258 | r = sym_fido_cred_set_uv(c, FIDO_OPT_FALSE); |
1c0c4a43 LP |
259 | if (r != FIDO_OK) |
260 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 261 | "Failed to turn off FIDO2 user verification option of credential: %s", sym_fido_strerr(r)); |
1c0c4a43 LP |
262 | |
263 | log_info("Initializing FIDO2 credential on security token."); | |
264 | ||
265 | log_notice("%s%s(Hint: This might require verification of user presence on security token.)", | |
266 | emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "", | |
267 | emoji_enabled() ? " " : ""); | |
268 | ||
69cb2896 | 269 | r = sym_fido_dev_make_cred(d, c, NULL); |
1c0c4a43 LP |
270 | if (r == FIDO_ERR_PIN_REQUIRED) { |
271 | _cleanup_free_ char *text = NULL; | |
272 | ||
273 | if (asprintf(&text, "Please enter security token PIN:") < 0) | |
274 | return log_oom(); | |
275 | ||
276 | for (;;) { | |
277 | _cleanup_(strv_free_erasep) char **pin = NULL; | |
278 | char **i; | |
279 | ||
280 | r = ask_password_auto(text, "user-home", NULL, "fido2-pin", USEC_INFINITY, 0, &pin); | |
281 | if (r < 0) | |
282 | return log_error_errno(r, "Failed to acquire user PIN: %m"); | |
283 | ||
284 | r = FIDO_ERR_PIN_INVALID; | |
285 | STRV_FOREACH(i, pin) { | |
286 | if (isempty(*i)) { | |
287 | log_info("PIN may not be empty."); | |
288 | continue; | |
289 | } | |
290 | ||
69cb2896 | 291 | r = sym_fido_dev_make_cred(d, c, *i); |
1c0c4a43 LP |
292 | if (r == FIDO_OK) { |
293 | used_pin = strdup(*i); | |
294 | if (!used_pin) | |
295 | return log_oom(); | |
296 | break; | |
297 | } | |
298 | if (r != FIDO_ERR_PIN_INVALID) | |
299 | break; | |
300 | } | |
301 | ||
302 | if (r != FIDO_ERR_PIN_INVALID) | |
303 | break; | |
304 | ||
305 | log_notice("PIN incorrect, please try again."); | |
306 | } | |
307 | } | |
308 | if (r == FIDO_ERR_PIN_AUTH_BLOCKED) | |
309 | return log_notice_errno(SYNTHETIC_ERRNO(EPERM), | |
310 | "Token PIN is currently blocked, please remove and reinsert token."); | |
311 | if (r == FIDO_ERR_ACTION_TIMEOUT) | |
312 | return log_error_errno(SYNTHETIC_ERRNO(ENOSTR), | |
313 | "Token action timeout. (User didn't interact with token quickly enough.)"); | |
314 | if (r != FIDO_OK) | |
315 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 316 | "Failed to generate FIDO2 credential: %s", sym_fido_strerr(r)); |
1c0c4a43 | 317 | |
69cb2896 | 318 | cid = sym_fido_cred_id_ptr(c); |
1c0c4a43 LP |
319 | if (!cid) |
320 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get FIDO2 credential ID."); | |
321 | ||
69cb2896 | 322 | cid_size = sym_fido_cred_id_len(c); |
1c0c4a43 | 323 | |
69cb2896 | 324 | a = sym_fido_assert_new(); |
1c0c4a43 LP |
325 | if (!a) |
326 | return log_oom(); | |
327 | ||
69cb2896 | 328 | r = sym_fido_assert_set_extensions(a, FIDO_EXT_HMAC_SECRET); |
1c0c4a43 LP |
329 | if (r != FIDO_OK) |
330 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 331 | "Failed to enable HMAC-SECRET extension on FIDO2 assertion: %s", sym_fido_strerr(r)); |
1c0c4a43 | 332 | |
69cb2896 | 333 | r = sym_fido_assert_set_hmac_salt(a, salt, FIDO2_SALT_SIZE); |
1c0c4a43 LP |
334 | if (r != FIDO_OK) |
335 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 336 | "Failed to set salt on FIDO2 assertion: %s", sym_fido_strerr(r)); |
1c0c4a43 | 337 | |
69cb2896 | 338 | r = sym_fido_assert_set_rp(a, "io.systemd.home"); |
1c0c4a43 LP |
339 | if (r != FIDO_OK) |
340 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 341 | "Failed to set FIDO2 assertion ID: %s", sym_fido_strerr(r)); |
1c0c4a43 | 342 | |
69cb2896 | 343 | r = sym_fido_assert_set_clientdata_hash(a, (const unsigned char[32]) {}, 32); |
1c0c4a43 LP |
344 | if (r != FIDO_OK) |
345 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 346 | "Failed to set FIDO2 assertion client data hash: %s", sym_fido_strerr(r)); |
1c0c4a43 | 347 | |
69cb2896 | 348 | r = sym_fido_assert_allow_cred(a, cid, cid_size); |
1c0c4a43 LP |
349 | if (r != FIDO_OK) |
350 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 351 | "Failed to add FIDO2 assertion credential ID: %s", sym_fido_strerr(r)); |
1c0c4a43 | 352 | |
69cb2896 | 353 | r = sym_fido_assert_set_up(a, FIDO_OPT_FALSE); |
1c0c4a43 LP |
354 | if (r != FIDO_OK) |
355 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 356 | "Failed to turn off FIDO2 assertion user presence: %s", sym_fido_strerr(r)); |
1c0c4a43 LP |
357 | |
358 | log_info("Generating secret key on FIDO2 security token."); | |
359 | ||
69cb2896 | 360 | r = sym_fido_dev_get_assert(d, a, used_pin); |
1c0c4a43 | 361 | if (r == FIDO_ERR_UP_REQUIRED) { |
69cb2896 | 362 | r = sym_fido_assert_set_up(a, FIDO_OPT_TRUE); |
1c0c4a43 LP |
363 | if (r != FIDO_OK) |
364 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 365 | "Failed to turn on FIDO2 assertion user presence: %s", sym_fido_strerr(r)); |
1c0c4a43 LP |
366 | |
367 | log_notice("%s%sIn order to allow secret key generation, please verify presence on security token.", | |
368 | emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "", | |
369 | emoji_enabled() ? " " : ""); | |
370 | ||
69cb2896 | 371 | r = sym_fido_dev_get_assert(d, a, used_pin); |
1c0c4a43 LP |
372 | } |
373 | if (r == FIDO_ERR_ACTION_TIMEOUT) | |
374 | return log_error_errno(SYNTHETIC_ERRNO(ENOSTR), | |
375 | "Token action timeout. (User didn't interact with token quickly enough.)"); | |
376 | if (r != FIDO_OK) | |
377 | return log_error_errno(SYNTHETIC_ERRNO(EIO), | |
69cb2896 | 378 | "Failed to ask token for assertion: %s", sym_fido_strerr(r)); |
1c0c4a43 | 379 | |
69cb2896 | 380 | secret = sym_fido_assert_hmac_secret_ptr(a, 0); |
1c0c4a43 LP |
381 | if (!secret) |
382 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve HMAC secret."); | |
383 | ||
69cb2896 | 384 | secret_size = sym_fido_assert_hmac_secret_len(a, 0); |
1c0c4a43 LP |
385 | |
386 | r = add_fido2_credential_id(v, cid, cid_size); | |
387 | if (r < 0) | |
388 | return r; | |
389 | ||
390 | r = add_fido2_salt(v, | |
391 | cid, | |
392 | cid_size, | |
393 | salt, | |
394 | FIDO2_SALT_SIZE, | |
395 | secret, | |
396 | secret_size); | |
397 | if (r < 0) | |
398 | return r; | |
399 | ||
2af3966a LP |
400 | /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed |
401 | * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or | |
402 | * fscrypt. */ | |
403 | r = identity_add_token_pin(v, used_pin); | |
404 | if (r < 0) | |
405 | return r; | |
406 | ||
1c0c4a43 LP |
407 | return 0; |
408 | #else | |
d7a0f1f4 FS |
409 | return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), |
410 | "FIDO2 tokens not supported on this build."); | |
1c0c4a43 LP |
411 | #endif |
412 | } |