]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/libfido2-util.h
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mkosi: update arch commit reference
[thirdparty/systemd.git] / src / shared / libfido2-util.h
CommitLineData
69cb2896
LP		 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
2#pragma once
3
e262205e 4#include "iovec-util.h"
69cb2896
LP		 5#include "macro.h"
6
e262205e
KS		 7#define FIDO2_SALT_SIZE 32U
8
cde2f860
LB		 9typedef enum Fido2EnrollFlags {
10 FIDO2ENROLL_PIN = 1 << 0,
06f08719 11 FIDO2ENROLL_UP = 1 << 1, /* User presence (ie: touching token) */
896cc0da 12 FIDO2ENROLL_UV = 1 << 2, /* User verification (ie: fingerprint) */
3cc00ba6
LP		 13 FIDO2ENROLL_PIN_IF_NEEDED = 1 << 3, /* If auth doesn't work without PIN ask for one, as in systemd 248 */
14 FIDO2ENROLL_UP_IF_NEEDED = 1 << 4, /* If auth doesn't work without UP, enable it, as in systemd 248 */
15 FIDO2ENROLL_UV_OMIT = 1 << 5, /* Leave "uv" untouched, as in systemd 248 */
cde2f860
LB		 16 _FIDO2ENROLL_TYPE_MAX,
17 _FIDO2ENROLL_TYPE_INVALID = -EINVAL,
18} Fido2EnrollFlags;
19
69cb2896
LP		 20#if HAVE_LIBFIDO2
21#include <fido.h>
22
9dbabd0a
LP		 23#include "dlfcn-util.h"
24
5c672e90
ZJS		 25extern DLSYM_PROTOTYPE(fido_assert_allow_cred);
26extern DLSYM_PROTOTYPE(fido_assert_free);
27extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_len);
28extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_ptr);
29extern DLSYM_PROTOTYPE(fido_assert_new);
30extern DLSYM_PROTOTYPE(fido_assert_set_clientdata_hash);
31extern DLSYM_PROTOTYPE(fido_assert_set_extensions);
32extern DLSYM_PROTOTYPE(fido_assert_set_hmac_salt);
33extern DLSYM_PROTOTYPE(fido_assert_set_rp);
34extern DLSYM_PROTOTYPE(fido_assert_set_up);
35extern DLSYM_PROTOTYPE(fido_assert_set_uv);
36extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_len);
37extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_ptr);
38extern DLSYM_PROTOTYPE(fido_cbor_info_free);
39extern DLSYM_PROTOTYPE(fido_cbor_info_new);
40extern DLSYM_PROTOTYPE(fido_cbor_info_options_len);
41extern DLSYM_PROTOTYPE(fido_cbor_info_options_name_ptr);
42extern DLSYM_PROTOTYPE(fido_cbor_info_options_value_ptr);
43extern DLSYM_PROTOTYPE(fido_cred_free);
44extern DLSYM_PROTOTYPE(fido_cred_id_len);
45extern DLSYM_PROTOTYPE(fido_cred_id_ptr);
46extern DLSYM_PROTOTYPE(fido_cred_new);
47extern DLSYM_PROTOTYPE(fido_cred_set_clientdata_hash);
48extern DLSYM_PROTOTYPE(fido_cred_set_extensions);
49extern DLSYM_PROTOTYPE(fido_cred_set_prot);
50extern DLSYM_PROTOTYPE(fido_cred_set_rk);
51extern DLSYM_PROTOTYPE(fido_cred_set_rp);
52extern DLSYM_PROTOTYPE(fido_cred_set_type);
53extern DLSYM_PROTOTYPE(fido_cred_set_user);
54extern DLSYM_PROTOTYPE(fido_cred_set_uv);
55extern DLSYM_PROTOTYPE(fido_dev_free);
56extern DLSYM_PROTOTYPE(fido_dev_get_assert);
57extern DLSYM_PROTOTYPE(fido_dev_get_cbor_info);
58extern DLSYM_PROTOTYPE(fido_dev_info_free);
59extern DLSYM_PROTOTYPE(fido_dev_info_manifest);
60extern DLSYM_PROTOTYPE(fido_dev_info_manufacturer_string);
61extern DLSYM_PROTOTYPE(fido_dev_info_product_string);
62extern DLSYM_PROTOTYPE(fido_dev_info_new);
63extern DLSYM_PROTOTYPE(fido_dev_info_path);
64extern DLSYM_PROTOTYPE(fido_dev_info_ptr);
65extern DLSYM_PROTOTYPE(fido_dev_is_fido2);
66extern DLSYM_PROTOTYPE(fido_dev_make_cred);
67extern DLSYM_PROTOTYPE(fido_dev_new);
68extern DLSYM_PROTOTYPE(fido_dev_open);
69extern DLSYM_PROTOTYPE(fido_dev_close);
70extern DLSYM_PROTOTYPE(fido_init);
71extern DLSYM_PROTOTYPE(fido_set_log_handler);
72extern DLSYM_PROTOTYPE(fido_strerr);
69cb2896
LP		 73
74int dlopen_libfido2(void);
75
76static inline void fido_cbor_info_free_wrapper(fido_cbor_info_t **p) {
77 if (*p)
78 sym_fido_cbor_info_free(p);
79}
80
81static inline void fido_assert_free_wrapper(fido_assert_t **p) {
82 if (*p)
83 sym_fido_assert_free(p);
84}
85
86static inline void fido_dev_free_wrapper(fido_dev_t **p) {
b6aa89b0 87 if (*p) {
88 sym_fido_dev_close(*p);
69cb2896 89 sym_fido_dev_free(p);
b6aa89b0 90 }
69cb2896
LP		 91}
92
93static inline void fido_cred_free_wrapper(fido_cred_t **p) {
94 if (*p)
95 sym_fido_cred_free(p);
96}
97
ebcb3f38
LP		 98int fido2_use_hmac_hash(
99 const char *device,
100 const char *rp_id,
101 const void *salt,
102 size_t salt_size,
103 const void *cid,
104 size_t cid_size,
105 char **pins,
cde2f860 106 Fido2EnrollFlags required,
ebcb3f38
LP		 107 void **ret_hmac,
108 size_t *ret_hmac_size);
109
17599e12
LP		 110int fido2_generate_hmac_hash(
111 const char *device,
112 const char *rp_id,
113 const char *rp_name,
114 const void *user_id, size_t user_id_len,
115 const char *user_name,
116 const char *user_display_name,
117 const char *user_icon,
251c71b6
LP		 118 const char *askpw_icon,
119 const char *askpw_credential,
cde2f860 120 Fido2EnrollFlags lock_with,
70e723c0 121 int cred_alg,
e262205e 122 const struct iovec *salt,
17599e12 123 void **ret_cid, size_t *ret_cid_size,
17599e12 124 void **ret_secret, size_t *ret_secret_size,
0735ed95
LP		 125 char **ret_usedpin,
126 Fido2EnrollFlags *ret_locked_with);
17599e12 127
70e723c0
M		 128int parse_fido2_algorithm(const char *s, int *ret);
129#else
130static inline int parse_fido2_algorithm(const char *s, int *ret) {
131 return -EOPNOTSUPP;
132}
69cb2896 133#endif
fb2d839c
LP		 134
135int fido2_list_devices(void);
136int fido2_find_device_auto(char **ret);
4f0cfa77
LP		 137
138int fido2_have_device(const char *device);
Unnamed repository; edit this file 'description' to name the repository.