[thirdparty/systemd.git] / src / home / homectl-fido2.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#if HAVE_LIBFIDO2
#include <fido.h>
#endif

#include "ask-password-api.h"
#include "errno-util.h"
#include "format-table.h"
#include "hexdecoct.h"
#include "homectl-fido2.h"
#include "homectl-pkcs11.h"
#include "libcrypt-util.h"
#include "libfido2-util.h"
#include "locale-util.h"
#include "memory-util.h"
#include "random-util.h"
#include "strv.h"

#if HAVE_LIBFIDO2
static int add_fido2_credential_id(
                JsonVariant **v,
                const void *cid,
                size_t cid_size) {

        _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
        _cleanup_strv_free_ char **l = NULL;
        _cleanup_free_ char *escaped = NULL;
        int r;

        assert(v);
        assert(cid);

        r = base64mem(cid, cid_size, &escaped);
        if (r < 0)
                return log_error_errno(r, "Failed to base64 encode FIDO2 credential ID: %m");

        w = json_variant_ref(json_variant_by_key(*v, "fido2HmacCredential"));
        if (w) {
                r = json_variant_strv(w, &l);
                if (r < 0)
                        return log_error_errno(r, "Failed to parse FIDO2 credential ID list: %m");

                if (strv_contains(l, escaped))
                        return 0;
        }

        r = strv_extend(&l, escaped);
        if (r < 0)
                return log_oom();

        w = json_variant_unref(w);
        r = json_variant_new_array_strv(&w, l);
        if (r < 0)
                return log_error_errno(r, "Failed to create FIDO2 credential ID JSON: %m");

        r = json_variant_set_field(v, "fido2HmacCredential", w);
        if (r < 0)
                return log_error_errno(r, "Failed to update FIDO2 credential ID: %m");

        return 0;
}

static int add_fido2_salt(
                JsonVariant **v,
                const void *cid,
                size_t cid_size,
                const void *fido2_salt,
                size_t fido2_salt_size,
                const void *secret,
                size_t secret_size) {

        _cleanup_(json_variant_unrefp) JsonVariant *l = NULL, *w = NULL, *e = NULL;
        _cleanup_(erase_and_freep) char *base64_encoded = NULL, *hashed = NULL;
        int r;

        /* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends
         * expect a NUL terminated string, and we use a binary key */
        r = base64mem(secret, secret_size, &base64_encoded);
        if (r < 0)
                return log_error_errno(r, "Failed to base64 encode secret key: %m");

        r = hash_password(base64_encoded, &hashed);
        if (r < 0)
                return log_error_errno(errno_or_else(EINVAL), "Failed to UNIX hash secret key: %m");

        r = json_build(&e, JSON_BUILD_OBJECT(
                                       JSON_BUILD_PAIR("credential", JSON_BUILD_BASE64(cid, cid_size)),
                                       JSON_BUILD_PAIR("salt", JSON_BUILD_BASE64(fido2_salt, fido2_salt_size)),
                                       JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(hashed))));
        if (r < 0)
                return log_error_errno(r, "Failed to build FIDO2 salt JSON key object: %m");

        w = json_variant_ref(json_variant_by_key(*v, "privileged"));
        l = json_variant_ref(json_variant_by_key(w, "fido2HmacSalt"));

        r = json_variant_append_array(&l, e);
        if (r < 0)
                return log_error_errno(r, "Failed append FIDO2 salt: %m");

        r = json_variant_set_field(&w, "fido2HmacSalt", l);
        if (r < 0)
                return log_error_errno(r, "Failed to set FDO2 salt: %m");

        r = json_variant_set_field(v, "privileged", w);
        if (r < 0)
                return log_error_errno(r, "Failed to update privileged field: %m");

        return 0;
}
#endif

#define FIDO2_SALT_SIZE 32

int identity_add_fido2_parameters(
                JsonVariant **v,
                const char *device) {

#if HAVE_LIBFIDO2
        _cleanup_(fido_cbor_info_free_wrapper) fido_cbor_info_t *di = NULL;
        _cleanup_(fido_assert_free_wrapper) fido_assert_t *a = NULL;
        _cleanup_(fido_cred_free_wrapper) fido_cred_t *c = NULL;
        _cleanup_(fido_dev_free_wrapper) fido_dev_t *d = NULL;
        _cleanup_(erase_and_freep) char *used_pin = NULL;
        _cleanup_(erase_and_freep) void *salt = NULL;
        JsonVariant *un, *realm, *rn;
        bool found_extension = false;
        const void *cid, *secret;
        const char *fido_un;
        size_t n, cid_size, secret_size;
        char **e;
        int r;

        /* Construction is like this: we generate a salt of 32 bytes. We then ask the FIDO2 device to
         * HMAC-SHA256 it for us with its internal key. The result is the key used by LUKS and account
         * authentication. LUKS and UNIX password auth all do their own salting before hashing, so that FIDO2
         * device never sees the volume key.
         *
         * S = HMAC-SHA256(I, D)
         *
         * with: S → LUKS/account authentication key                                         (never stored)
         *       I → internal key on FIDO2 device                              (stored in the FIDO2 device)
         *       D → salt we generate here               (stored in the privileged part of the JSON record)
         *
         */

        assert(v);
        assert(device);

        r = dlopen_libfido2();
        if (r < 0)
                return log_error_errno(r, "FIDO2 token support is not installed.");

        salt = malloc(FIDO2_SALT_SIZE);
        if (!salt)
                return log_oom();

        r = genuine_random_bytes(salt, FIDO2_SALT_SIZE, RANDOM_BLOCK);
        if (r < 0)
                return log_error_errno(r, "Failed to generate salt: %m");

        d = sym_fido_dev_new();
        if (!d)
                return log_oom();

        r = sym_fido_dev_open(d, device);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to open FIDO2 device %s: %s", device, sym_fido_strerr(r));

        if (!sym_fido_dev_is_fido2(d))
                return log_error_errno(SYNTHETIC_ERRNO(ENODEV),
                                       "Specified device %s is not a FIDO2 device.", device);

        di = sym_fido_cbor_info_new();
        if (!di)
                return log_oom();

        r = sym_fido_dev_get_cbor_info(d, di);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to get CBOR device info for %s: %s", device, sym_fido_strerr(r));

        e = sym_fido_cbor_info_extensions_ptr(di);
        n = sym_fido_cbor_info_extensions_len(di);

        for (size_t i = 0; i < n; i++)
                if (streq(e[i], "hmac-secret")) {
                        found_extension = true;
                        break;
                }

        if (!found_extension)
                return log_error_errno(SYNTHETIC_ERRNO(ENODEV),
                                       "Specified device %s is a FIDO2 device, but does not support the required HMAC-SECRET extension.", device);

        c = sym_fido_cred_new();
        if (!c)
                return log_oom();

        r = sym_fido_cred_set_extensions(c, FIDO_EXT_HMAC_SECRET);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to enable HMAC-SECRET extension on FIDO2 credential: %s", sym_fido_strerr(r));

        r = sym_fido_cred_set_rp(c, "io.systemd.home", "Home Directory");
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to set FIDO2 credential relying party ID/name: %s", sym_fido_strerr(r));

        r = sym_fido_cred_set_type(c, COSE_ES256);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to set FIDO2 credential type to ES256: %s", sym_fido_strerr(r));

        un = json_variant_by_key(*v, "userName");
        if (!un)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "userName field of user record is missing");
        if (!json_variant_is_string(un))
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "userName field of user record is not a string");

        realm = json_variant_by_key(*v, "realm");
        if (realm) {
                if (!json_variant_is_string(realm))
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "realm field of user record is not a string");

                fido_un = strjoina(json_variant_string(un), json_variant_string(realm));
        } else
                fido_un = json_variant_string(un);

        rn = json_variant_by_key(*v, "realName");
        if (rn && !json_variant_is_string(rn))
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "realName field of user record is not a string");

        r = sym_fido_cred_set_user(c,
                               (const unsigned char*) fido_un, strlen(fido_un), /* We pass the user ID and name as the same */
                               fido_un,
                               rn ? json_variant_string(rn) : NULL,
                               NULL /* icon URL */);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to set FIDO2 credential user data: %s", sym_fido_strerr(r));

        r = sym_fido_cred_set_clientdata_hash(c, (const unsigned char[32]) {}, 32);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to set FIDO2 client data hash: %s", sym_fido_strerr(r));

        r = sym_fido_cred_set_rk(c, FIDO_OPT_FALSE);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to turn off FIDO2 resident key option of credential: %s", sym_fido_strerr(r));

        r = sym_fido_cred_set_uv(c, FIDO_OPT_FALSE);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to turn off FIDO2 user verification option of credential: %s", sym_fido_strerr(r));

        log_info("Initializing FIDO2 credential on security token.");

        log_notice("%s%s(Hint: This might require verification of user presence on security token.)",
                   emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
                   emoji_enabled() ? " " : "");

        r = sym_fido_dev_make_cred(d, c, NULL);
        if (r == FIDO_ERR_PIN_REQUIRED) {
                _cleanup_free_ char *text = NULL;

                if (asprintf(&text, "Please enter security token PIN:") < 0)
                        return log_oom();

                for (;;) {
                        _cleanup_(strv_free_erasep) char **pin = NULL;
                        char **i;

                        r = ask_password_auto(text, "user-home", NULL, "fido2-pin", USEC_INFINITY, 0, &pin);
                        if (r < 0)
                                return log_error_errno(r, "Failed to acquire user PIN: %m");

                        r = FIDO_ERR_PIN_INVALID;
                        STRV_FOREACH(i, pin) {
                                if (isempty(*i)) {
                                        log_info("PIN may not be empty.");
                                        continue;
                                }

                                r = sym_fido_dev_make_cred(d, c, *i);
                                if (r == FIDO_OK) {
                                        used_pin = strdup(*i);
                                        if (!used_pin)
                                                return log_oom();
                                        break;
                                }
                                if (r != FIDO_ERR_PIN_INVALID)
                                        break;
                        }

                        if (r != FIDO_ERR_PIN_INVALID)
                                break;

                        log_notice("PIN incorrect, please try again.");
                }
        }
        if (r == FIDO_ERR_PIN_AUTH_BLOCKED)
                return log_notice_errno(SYNTHETIC_ERRNO(EPERM),
                                        "Token PIN is currently blocked, please remove and reinsert token.");
        if (r == FIDO_ERR_ACTION_TIMEOUT)
                return log_error_errno(SYNTHETIC_ERRNO(ENOSTR),
                                       "Token action timeout. (User didn't interact with token quickly enough.)");
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to generate FIDO2 credential: %s", sym_fido_strerr(r));

        cid = sym_fido_cred_id_ptr(c);
        if (!cid)
                return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get FIDO2 credential ID.");

        cid_size = sym_fido_cred_id_len(c);

        a = sym_fido_assert_new();
        if (!a)
                return log_oom();

        r = sym_fido_assert_set_extensions(a, FIDO_EXT_HMAC_SECRET);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to enable HMAC-SECRET extension on FIDO2 assertion: %s", sym_fido_strerr(r));

        r = sym_fido_assert_set_hmac_salt(a, salt, FIDO2_SALT_SIZE);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to set salt on FIDO2 assertion: %s", sym_fido_strerr(r));

        r = sym_fido_assert_set_rp(a, "io.systemd.home");
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to set FIDO2 assertion ID: %s", sym_fido_strerr(r));

        r = sym_fido_assert_set_clientdata_hash(a, (const unsigned char[32]) {}, 32);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to set FIDO2 assertion client data hash: %s", sym_fido_strerr(r));

        r = sym_fido_assert_allow_cred(a, cid, cid_size);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to add FIDO2 assertion credential ID: %s", sym_fido_strerr(r));

        r = sym_fido_assert_set_up(a, FIDO_OPT_FALSE);
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to turn off FIDO2 assertion user presence: %s", sym_fido_strerr(r));

        log_info("Generating secret key on FIDO2 security token.");

        r = sym_fido_dev_get_assert(d, a, used_pin);
        if (r == FIDO_ERR_UP_REQUIRED) {
                r = sym_fido_assert_set_up(a, FIDO_OPT_TRUE);
                if (r != FIDO_OK)
                        return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                               "Failed to turn on FIDO2 assertion user presence: %s", sym_fido_strerr(r));

                log_notice("%s%sIn order to allow secret key generation, please verify presence on security token.",
                           emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
                           emoji_enabled() ? " " : "");

                r = sym_fido_dev_get_assert(d, a, used_pin);
        }
        if (r == FIDO_ERR_ACTION_TIMEOUT)
                return log_error_errno(SYNTHETIC_ERRNO(ENOSTR),
                                       "Token action timeout. (User didn't interact with token quickly enough.)");
        if (r != FIDO_OK)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to ask token for assertion: %s", sym_fido_strerr(r));

        secret = sym_fido_assert_hmac_secret_ptr(a, 0);
        if (!secret)
                return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve HMAC secret.");

        secret_size = sym_fido_assert_hmac_secret_len(a, 0);

        r = add_fido2_credential_id(v, cid, cid_size);
        if (r < 0)
                return r;

        r = add_fido2_salt(v,
                           cid,
                           cid_size,
                           salt,
                           FIDO2_SALT_SIZE,
                           secret,
                           secret_size);
        if (r < 0)
                return r;

        /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
         * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
         * fscrypt. */
        r = identity_add_token_pin(v, used_pin);
        if (r < 0)
                return r;

        return 0;
#else
        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "FIDO2 tokens not supported on this build.");
#endif
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
1c0c4a43 LP	2
	3	#if HAVE_LIBFIDO2
	4	#include <fido.h>
	5	#endif
	6
	7	#include "ask-password-api.h"
	8	#include "errno-util.h"
	9	#include "format-table.h"
	10	#include "hexdecoct.h"
	11	#include "homectl-fido2.h"
2af3966a	12	#include "homectl-pkcs11.h"
1c0c4a43	13	#include "libcrypt-util.h"
69cb2896	14	#include "libfido2-util.h"
1c0c4a43 LP	15	#include "locale-util.h"
	16	#include "memory-util.h"
	17	#include "random-util.h"
	18	#include "strv.h"
	19
	20	#if HAVE_LIBFIDO2
	21	static int add_fido2_credential_id(
	22	JsonVariant **v,
	23	const void *cid,
	24	size_t cid_size) {
	25
	26	_cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
	27	_cleanup_strv_free_ char **l = NULL;
	28	_cleanup_free_ char *escaped = NULL;
	29	int r;
	30
	31	assert(v);
	32	assert(cid);
	33
	34	r = base64mem(cid, cid_size, &escaped);
	35	if (r < 0)
	36	return log_error_errno(r, "Failed to base64 encode FIDO2 credential ID: %m");
	37
	38	w = json_variant_ref(json_variant_by_key(*v, "fido2HmacCredential"));
	39	if (w) {
	40	r = json_variant_strv(w, &l);
	41	if (r < 0)
	42	return log_error_errno(r, "Failed to parse FIDO2 credential ID list: %m");
	43
	44	if (strv_contains(l, escaped))
	45	return 0;
	46	}
	47
	48	r = strv_extend(&l, escaped);
	49	if (r < 0)
	50	return log_oom();
	51
	52	w = json_variant_unref(w);
	53	r = json_variant_new_array_strv(&w, l);
	54	if (r < 0)
	55	return log_error_errno(r, "Failed to create FIDO2 credential ID JSON: %m");
	56
	57	r = json_variant_set_field(v, "fido2HmacCredential", w);
	58	if (r < 0)
	59	return log_error_errno(r, "Failed to update FIDO2 credential ID: %m");
	60
	61	return 0;
	62	}
	63
	64	static int add_fido2_salt(
	65	JsonVariant **v,
	66	const void *cid,
	67	size_t cid_size,
	68	const void *fido2_salt,
	69	size_t fido2_salt_size,
	70	const void *secret,
	71	size_t secret_size) {
	72
	73	_cleanup_(json_variant_unrefp) JsonVariant l = NULL, w = NULL, *e = NULL;
0e98d17e	74	_cleanup_(erase_and_freep) char base64_encoded = NULL, hashed = NULL;
1c0c4a43 LP	75	int r;
1c0c4a43 LP	76
1c0c4a43 LP	77	/* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends
	78	* expect a NUL terminated string, and we use a binary key */
	79	r = base64mem(secret, secret_size, &base64_encoded);
	80	if (r < 0)
	81	return log_error_errno(r, "Failed to base64 encode secret key: %m");
	82
0e98d17e ZJS	83	r = hash_password(base64_encoded, &hashed);
0e98d17e ZJS	84	if (r < 0)
1c0c4a43 LP	85	return log_error_errno(errno_or_else(EINVAL), "Failed to UNIX hash secret key: %m");
	86
	87	r = json_build(&e, JSON_BUILD_OBJECT(
	88	JSON_BUILD_PAIR("credential", JSON_BUILD_BASE64(cid, cid_size)),
	89	JSON_BUILD_PAIR("salt", JSON_BUILD_BASE64(fido2_salt, fido2_salt_size)),
0e98d17e	90	JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(hashed))));
1c0c4a43 LP	91	if (r < 0)
	92	return log_error_errno(r, "Failed to build FIDO2 salt JSON key object: %m");
	93
	94	w = json_variant_ref(json_variant_by_key(*v, "privileged"));
	95	l = json_variant_ref(json_variant_by_key(w, "fido2HmacSalt"));
	96
	97	r = json_variant_append_array(&l, e);
	98	if (r < 0)
	99	return log_error_errno(r, "Failed append FIDO2 salt: %m");
	100
	101	r = json_variant_set_field(&w, "fido2HmacSalt", l);
	102	if (r < 0)
	103	return log_error_errno(r, "Failed to set FDO2 salt: %m");
	104
	105	r = json_variant_set_field(v, "privileged", w);
	106	if (r < 0)
	107	return log_error_errno(r, "Failed to update privileged field: %m");
	108
	109	return 0;
	110	}
	111	#endif
	112
	113	#define FIDO2_SALT_SIZE 32
	114
	115	int identity_add_fido2_parameters(
	116	JsonVariant **v,
	117	const char *device) {
	118
	119	#if HAVE_LIBFIDO2
69cb2896 LP	120	_cleanup_(fido_cbor_info_free_wrapper) fido_cbor_info_t *di = NULL;
	121	_cleanup_(fido_assert_free_wrapper) fido_assert_t *a = NULL;
	122	_cleanup_(fido_cred_free_wrapper) fido_cred_t *c = NULL;
	123	_cleanup_(fido_dev_free_wrapper) fido_dev_t *d = NULL;
1c0c4a43	124	_cleanup_(erase_and_freep) char *used_pin = NULL;
1c0c4a43 LP	125	_cleanup_(erase_and_freep) void *salt = NULL;
	126	JsonVariant un, realm, *rn;
	127	bool found_extension = false;
	128	const void cid, secret;
	129	const char *fido_un;
	130	size_t n, cid_size, secret_size;
	131	char **e;
	132	int r;
	133
	134	/* Construction is like this: we generate a salt of 32 bytes. We then ask the FIDO2 device to
	135	* HMAC-SHA256 it for us with its internal key. The result is the key used by LUKS and account
	136	* authentication. LUKS and UNIX password auth all do their own salting before hashing, so that FIDO2
	137	* device never sees the volume key.
	138	*
	139	* S = HMAC-SHA256(I, D)
	140	*
	141	* with: S → LUKS/account authentication key (never stored)
	142	* I → internal key on FIDO2 device (stored in the FIDO2 device)
	143	* D → salt we generate here (stored in the privileged part of the JSON record)
	144	*
	145	*/
	146
	147	assert(v);
	148	assert(device);
	149
69cb2896 LP	150	r = dlopen_libfido2();
	151	if (r < 0)
	152	return log_error_errno(r, "FIDO2 token support is not installed.");
	153
1c0c4a43 LP	154	salt = malloc(FIDO2_SALT_SIZE);
	155	if (!salt)
	156	return log_oom();
	157
	158	r = genuine_random_bytes(salt, FIDO2_SALT_SIZE, RANDOM_BLOCK);
	159	if (r < 0)
	160	return log_error_errno(r, "Failed to generate salt: %m");
	161
69cb2896	162	d = sym_fido_dev_new();
1c0c4a43 LP	163	if (!d)
	164	return log_oom();
	165
69cb2896	166	r = sym_fido_dev_open(d, device);
1c0c4a43 LP	167	if (r != FIDO_OK)
1c0c4a43 LP	168	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	169	"Failed to open FIDO2 device %s: %s", device, sym_fido_strerr(r));
1c0c4a43	170
69cb2896	171	if (!sym_fido_dev_is_fido2(d))
1c0c4a43 LP	172	return log_error_errno(SYNTHETIC_ERRNO(ENODEV),
	173	"Specified device %s is not a FIDO2 device.", device);
	174
69cb2896	175	di = sym_fido_cbor_info_new();
1c0c4a43 LP	176	if (!di)
	177	return log_oom();
	178
69cb2896	179	r = sym_fido_dev_get_cbor_info(d, di);
1c0c4a43 LP	180	if (r != FIDO_OK)
1c0c4a43 LP	181	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	182	"Failed to get CBOR device info for %s: %s", device, sym_fido_strerr(r));
1c0c4a43	183
69cb2896 LP	184	e = sym_fido_cbor_info_extensions_ptr(di);
69cb2896 LP	185	n = sym_fido_cbor_info_extensions_len(di);
1c0c4a43 LP	186
	187	for (size_t i = 0; i < n; i++)
	188	if (streq(e[i], "hmac-secret")) {
	189	found_extension = true;
	190	break;
	191	}
	192
	193	if (!found_extension)
	194	return log_error_errno(SYNTHETIC_ERRNO(ENODEV),
	195	"Specified device %s is a FIDO2 device, but does not support the required HMAC-SECRET extension.", device);
	196
69cb2896	197	c = sym_fido_cred_new();
1c0c4a43 LP	198	if (!c)
	199	return log_oom();
	200
69cb2896	201	r = sym_fido_cred_set_extensions(c, FIDO_EXT_HMAC_SECRET);
1c0c4a43 LP	202	if (r != FIDO_OK)
1c0c4a43 LP	203	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	204	"Failed to enable HMAC-SECRET extension on FIDO2 credential: %s", sym_fido_strerr(r));
1c0c4a43	205
69cb2896	206	r = sym_fido_cred_set_rp(c, "io.systemd.home", "Home Directory");
1c0c4a43 LP	207	if (r != FIDO_OK)
1c0c4a43 LP	208	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	209	"Failed to set FIDO2 credential relying party ID/name: %s", sym_fido_strerr(r));
1c0c4a43	210
69cb2896	211	r = sym_fido_cred_set_type(c, COSE_ES256);
1c0c4a43 LP	212	if (r != FIDO_OK)
1c0c4a43 LP	213	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	214	"Failed to set FIDO2 credential type to ES256: %s", sym_fido_strerr(r));
1c0c4a43 LP	215
	216	un = json_variant_by_key(*v, "userName");
	217	if (!un)
	218	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	219	"userName field of user record is missing");
	220	if (!json_variant_is_string(un))
	221	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	222	"userName field of user record is not a string");
	223
	224	realm = json_variant_by_key(*v, "realm");
	225	if (realm) {
	226	if (!json_variant_is_string(realm))
	227	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	228	"realm field of user record is not a string");
	229
	230	fido_un = strjoina(json_variant_string(un), json_variant_string(realm));
	231	} else
	232	fido_un = json_variant_string(un);
	233
	234	rn = json_variant_by_key(*v, "realName");
	235	if (rn && !json_variant_is_string(rn))
	236	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	237	"realName field of user record is not a string");
	238
69cb2896	239	r = sym_fido_cred_set_user(c,
1c0c4a43 LP	240	(const unsigned char) fido_un, strlen(fido_un), / We pass the user ID and name as the same */
	241	fido_un,
	242	rn ? json_variant_string(rn) : NULL,
	243	NULL /* icon URL */);
	244	if (r != FIDO_OK)
	245	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	246	"Failed to set FIDO2 credential user data: %s", sym_fido_strerr(r));
1c0c4a43	247
69cb2896	248	r = sym_fido_cred_set_clientdata_hash(c, (const unsigned char[32]) {}, 32);
1c0c4a43 LP	249	if (r != FIDO_OK)
1c0c4a43 LP	250	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	251	"Failed to set FIDO2 client data hash: %s", sym_fido_strerr(r));
1c0c4a43	252
69cb2896	253	r = sym_fido_cred_set_rk(c, FIDO_OPT_FALSE);
1c0c4a43 LP	254	if (r != FIDO_OK)
1c0c4a43 LP	255	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	256	"Failed to turn off FIDO2 resident key option of credential: %s", sym_fido_strerr(r));
1c0c4a43	257
69cb2896	258	r = sym_fido_cred_set_uv(c, FIDO_OPT_FALSE);
1c0c4a43 LP	259	if (r != FIDO_OK)
1c0c4a43 LP	260	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	261	"Failed to turn off FIDO2 user verification option of credential: %s", sym_fido_strerr(r));
1c0c4a43 LP	262
	263	log_info("Initializing FIDO2 credential on security token.");
	264
	265	log_notice("%s%s(Hint: This might require verification of user presence on security token.)",
	266	emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
	267	emoji_enabled() ? " " : "");
	268
69cb2896	269	r = sym_fido_dev_make_cred(d, c, NULL);
1c0c4a43 LP	270	if (r == FIDO_ERR_PIN_REQUIRED) {
	271	_cleanup_free_ char *text = NULL;
	272
	273	if (asprintf(&text, "Please enter security token PIN:") < 0)
	274	return log_oom();
	275
	276	for (;;) {
	277	_cleanup_(strv_free_erasep) char **pin = NULL;
	278	char **i;
	279
	280	r = ask_password_auto(text, "user-home", NULL, "fido2-pin", USEC_INFINITY, 0, &pin);
	281	if (r < 0)
	282	return log_error_errno(r, "Failed to acquire user PIN: %m");
	283
	284	r = FIDO_ERR_PIN_INVALID;
	285	STRV_FOREACH(i, pin) {
	286	if (isempty(*i)) {
	287	log_info("PIN may not be empty.");
	288	continue;
	289	}
	290
69cb2896	291	r = sym_fido_dev_make_cred(d, c, *i);
1c0c4a43 LP	292	if (r == FIDO_OK) {
	293	used_pin = strdup(*i);
	294	if (!used_pin)
	295	return log_oom();
	296	break;
	297	}
	298	if (r != FIDO_ERR_PIN_INVALID)
	299	break;
	300	}
	301
	302	if (r != FIDO_ERR_PIN_INVALID)
	303	break;
	304
	305	log_notice("PIN incorrect, please try again.");
	306	}
	307	}
	308	if (r == FIDO_ERR_PIN_AUTH_BLOCKED)
	309	return log_notice_errno(SYNTHETIC_ERRNO(EPERM),
	310	"Token PIN is currently blocked, please remove and reinsert token.");
	311	if (r == FIDO_ERR_ACTION_TIMEOUT)
	312	return log_error_errno(SYNTHETIC_ERRNO(ENOSTR),
	313	"Token action timeout. (User didn't interact with token quickly enough.)");
	314	if (r != FIDO_OK)
	315	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	316	"Failed to generate FIDO2 credential: %s", sym_fido_strerr(r));
1c0c4a43	317
69cb2896	318	cid = sym_fido_cred_id_ptr(c);
1c0c4a43 LP	319	if (!cid)
	320	return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get FIDO2 credential ID.");
	321
69cb2896	322	cid_size = sym_fido_cred_id_len(c);
1c0c4a43	323
69cb2896	324	a = sym_fido_assert_new();
1c0c4a43 LP	325	if (!a)
	326	return log_oom();
	327
69cb2896	328	r = sym_fido_assert_set_extensions(a, FIDO_EXT_HMAC_SECRET);
1c0c4a43 LP	329	if (r != FIDO_OK)
1c0c4a43 LP	330	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	331	"Failed to enable HMAC-SECRET extension on FIDO2 assertion: %s", sym_fido_strerr(r));
1c0c4a43	332
69cb2896	333	r = sym_fido_assert_set_hmac_salt(a, salt, FIDO2_SALT_SIZE);
1c0c4a43 LP	334	if (r != FIDO_OK)
1c0c4a43 LP	335	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	336	"Failed to set salt on FIDO2 assertion: %s", sym_fido_strerr(r));
1c0c4a43	337
69cb2896	338	r = sym_fido_assert_set_rp(a, "io.systemd.home");
1c0c4a43 LP	339	if (r != FIDO_OK)
1c0c4a43 LP	340	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	341	"Failed to set FIDO2 assertion ID: %s", sym_fido_strerr(r));
1c0c4a43	342
69cb2896	343	r = sym_fido_assert_set_clientdata_hash(a, (const unsigned char[32]) {}, 32);
1c0c4a43 LP	344	if (r != FIDO_OK)
1c0c4a43 LP	345	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	346	"Failed to set FIDO2 assertion client data hash: %s", sym_fido_strerr(r));
1c0c4a43	347
69cb2896	348	r = sym_fido_assert_allow_cred(a, cid, cid_size);
1c0c4a43 LP	349	if (r != FIDO_OK)
1c0c4a43 LP	350	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	351	"Failed to add FIDO2 assertion credential ID: %s", sym_fido_strerr(r));
1c0c4a43	352
69cb2896	353	r = sym_fido_assert_set_up(a, FIDO_OPT_FALSE);
1c0c4a43 LP	354	if (r != FIDO_OK)
1c0c4a43 LP	355	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	356	"Failed to turn off FIDO2 assertion user presence: %s", sym_fido_strerr(r));
1c0c4a43 LP	357
	358	log_info("Generating secret key on FIDO2 security token.");
	359
69cb2896	360	r = sym_fido_dev_get_assert(d, a, used_pin);
1c0c4a43	361	if (r == FIDO_ERR_UP_REQUIRED) {
69cb2896	362	r = sym_fido_assert_set_up(a, FIDO_OPT_TRUE);
1c0c4a43 LP	363	if (r != FIDO_OK)
1c0c4a43 LP	364	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	365	"Failed to turn on FIDO2 assertion user presence: %s", sym_fido_strerr(r));
1c0c4a43 LP	366
	367	log_notice("%s%sIn order to allow secret key generation, please verify presence on security token.",
	368	emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
	369	emoji_enabled() ? " " : "");
	370
69cb2896	371	r = sym_fido_dev_get_assert(d, a, used_pin);
1c0c4a43 LP	372	}
	373	if (r == FIDO_ERR_ACTION_TIMEOUT)
	374	return log_error_errno(SYNTHETIC_ERRNO(ENOSTR),
	375	"Token action timeout. (User didn't interact with token quickly enough.)");
	376	if (r != FIDO_OK)
	377	return log_error_errno(SYNTHETIC_ERRNO(EIO),
69cb2896	378	"Failed to ask token for assertion: %s", sym_fido_strerr(r));
1c0c4a43	379
69cb2896	380	secret = sym_fido_assert_hmac_secret_ptr(a, 0);
1c0c4a43 LP	381	if (!secret)
	382	return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve HMAC secret.");
	383
69cb2896	384	secret_size = sym_fido_assert_hmac_secret_len(a, 0);
1c0c4a43 LP	385
	386	r = add_fido2_credential_id(v, cid, cid_size);
	387	if (r < 0)
	388	return r;
	389
	390	r = add_fido2_salt(v,
	391	cid,
	392	cid_size,
	393	salt,
	394	FIDO2_SALT_SIZE,
	395	secret,
	396	secret_size);
	397	if (r < 0)
	398	return r;
	399
2af3966a LP	400	/* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
	401	* can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
	402	* fscrypt. */
	403	r = identity_add_token_pin(v, used_pin);
	404	if (r < 0)
	405	return r;
	406
1c0c4a43 LP	407	return 0;
1c0c4a43 LP	408	#else
d7a0f1f4 FS	409	return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
d7a0f1f4 FS	410	"FIDO2 tokens not supported on this build.");
1c0c4a43 LP	411	#endif
1c0c4a43 LP	412	}