libfido2: tweak credential to read fido2 PIN from

Querying a fido2 PIN via askpw for enrolling is currently used in two
places: cryptenroll and homectl. So far we sloppily used the same fixed
credential name "fido2-pin" in both cases. Let's tweak that and make the
credential name match the other credentials cryptenroll or home query,
i.e. using the cryptenroll.* and home.* namespaces.

This is particular done in light of #31370, which wants to make the
credential name public. We really should get the name in order before
making it public.

diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c
index 2baeb92e07f72ec7b99e3e5c398f0a096e742987..7e35dca9c5092e980ec22db8768a87cad36f6abb 100644 (file)
--- a/src/cryptenroll/cryptenroll-fido2.c
+++ b/src/cryptenroll/cryptenroll-fido2.c
@@ -97,6 +97,7 @@ int enroll_fido2(
                         /* user_display_name= */ node,
                         /* user_icon_name= */ NULL,
                         /* askpw_icon_name= */ "drive-harddisk",
+                        /* askpw_credential= */ "cryptenroll.fido2-pin",
                         lock_with,
                         cred_alg,
                         &cid, &cid_size,

diff --git a/src/home/homectl-fido2.c b/src/home/homectl-fido2.c
index 3cbdf912aae08f5d2d08e2c44a75dcc9e7f4513c..384461a1ca585fb4a895e17a6a2491e53030c786 100644 (file)
--- a/src/home/homectl-fido2.c
+++ b/src/home/homectl-fido2.c
@@ -167,6 +167,7 @@ int identity_add_fido2_parameters(
                         /* user_display_name= */ rn ? json_variant_string(rn) : NULL,
                         /* user_icon_name= */ NULL,
                         /* askpw_icon_name= */ "user-home",
+                        /* askpw_credential= */ "home.token-pin",
                         lock_with,
                         cred_alg,
                         &cid, &cid_size,

diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c
index 18ad00097a97cde96e138b6b52655a5a012ac3be..f5df57936976f496e2c5b39f9306a6bd0bad8cb7 100644 (file)
--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -686,7 +686,8 @@ int fido2_generate_hmac_hash(
                 const char *user_name,
                 const char *user_display_name,
                 const char *user_icon,
-                const char *askpw_icon_name,
+                const char *askpw_icon,
+                const char *askpw_credential,
                 Fido2EnrollFlags lock_with,
                 int cred_alg,
                 void **ret_cid, size_t *ret_cid_size,
@@ -840,9 +841,9 @@ int fido2_generate_hmac_hash(
                         _cleanup_strv_free_erase_ char **pin = NULL;
                         AskPasswordRequest req = {
                                 .message = "Please enter security token PIN:",
-                                .icon = askpw_icon_name,
+                                .icon = askpw_icon,
                                 .keyring = "fido2-pin",
-                                .credential = "fido2-pin",
+                                .credential = askpw_credential,
                         };
 
                         r = ask_password_auto(&req, USEC_INFINITY, /* flags= */ 0, &pin);

diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h
index 4cfc95f712a0b468843dfb21f3ee5deacff3d800..3520ab4ec3f8123b9d50eacc76eb008c073cd0dd 100644 (file)
--- a/src/shared/libfido2-util.h
+++ b/src/shared/libfido2-util.h
@@ -109,7 +109,8 @@ int fido2_generate_hmac_hash(
                 const char *user_name,
                 const char *user_display_name,
                 const char *user_icon,
-                const char *askpw_icon_name,
+                const char *askpw_icon,
+                const char *askpw_credential,
                 Fido2EnrollFlags lock_with,
                 int cred_alg,
                 void **ret_cid, size_t *ret_cid_size,