]>
Commit | Line | Data |
---|---|---|
69cb2896 LP |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | #pragma once | |
3 | ||
e262205e | 4 | #include "iovec-util.h" |
69cb2896 LP |
5 | #include "macro.h" |
6 | ||
e262205e KS |
7 | #define FIDO2_SALT_SIZE 32U |
8 | ||
cde2f860 LB |
9 | typedef enum Fido2EnrollFlags { |
10 | FIDO2ENROLL_PIN = 1 << 0, | |
06f08719 | 11 | FIDO2ENROLL_UP = 1 << 1, /* User presence (ie: touching token) */ |
896cc0da | 12 | FIDO2ENROLL_UV = 1 << 2, /* User verification (ie: fingerprint) */ |
3cc00ba6 LP |
13 | FIDO2ENROLL_PIN_IF_NEEDED = 1 << 3, /* If auth doesn't work without PIN ask for one, as in systemd 248 */ |
14 | FIDO2ENROLL_UP_IF_NEEDED = 1 << 4, /* If auth doesn't work without UP, enable it, as in systemd 248 */ | |
15 | FIDO2ENROLL_UV_OMIT = 1 << 5, /* Leave "uv" untouched, as in systemd 248 */ | |
cde2f860 LB |
16 | _FIDO2ENROLL_TYPE_MAX, |
17 | _FIDO2ENROLL_TYPE_INVALID = -EINVAL, | |
18 | } Fido2EnrollFlags; | |
19 | ||
69cb2896 LP |
20 | #if HAVE_LIBFIDO2 |
21 | #include <fido.h> | |
22 | ||
9dbabd0a LP |
23 | #include "dlfcn-util.h" |
24 | ||
5c672e90 ZJS |
25 | extern DLSYM_PROTOTYPE(fido_assert_allow_cred); |
26 | extern DLSYM_PROTOTYPE(fido_assert_free); | |
27 | extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_len); | |
28 | extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_ptr); | |
29 | extern DLSYM_PROTOTYPE(fido_assert_new); | |
30 | extern DLSYM_PROTOTYPE(fido_assert_set_clientdata_hash); | |
31 | extern DLSYM_PROTOTYPE(fido_assert_set_extensions); | |
32 | extern DLSYM_PROTOTYPE(fido_assert_set_hmac_salt); | |
33 | extern DLSYM_PROTOTYPE(fido_assert_set_rp); | |
34 | extern DLSYM_PROTOTYPE(fido_assert_set_up); | |
35 | extern DLSYM_PROTOTYPE(fido_assert_set_uv); | |
36 | extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_len); | |
37 | extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_ptr); | |
38 | extern DLSYM_PROTOTYPE(fido_cbor_info_free); | |
39 | extern DLSYM_PROTOTYPE(fido_cbor_info_new); | |
40 | extern DLSYM_PROTOTYPE(fido_cbor_info_options_len); | |
41 | extern DLSYM_PROTOTYPE(fido_cbor_info_options_name_ptr); | |
42 | extern DLSYM_PROTOTYPE(fido_cbor_info_options_value_ptr); | |
43 | extern DLSYM_PROTOTYPE(fido_cred_free); | |
44 | extern DLSYM_PROTOTYPE(fido_cred_id_len); | |
45 | extern DLSYM_PROTOTYPE(fido_cred_id_ptr); | |
46 | extern DLSYM_PROTOTYPE(fido_cred_new); | |
47 | extern DLSYM_PROTOTYPE(fido_cred_set_clientdata_hash); | |
48 | extern DLSYM_PROTOTYPE(fido_cred_set_extensions); | |
49 | extern DLSYM_PROTOTYPE(fido_cred_set_prot); | |
50 | extern DLSYM_PROTOTYPE(fido_cred_set_rk); | |
51 | extern DLSYM_PROTOTYPE(fido_cred_set_rp); | |
52 | extern DLSYM_PROTOTYPE(fido_cred_set_type); | |
53 | extern DLSYM_PROTOTYPE(fido_cred_set_user); | |
54 | extern DLSYM_PROTOTYPE(fido_cred_set_uv); | |
55 | extern DLSYM_PROTOTYPE(fido_dev_free); | |
56 | extern DLSYM_PROTOTYPE(fido_dev_get_assert); | |
57 | extern DLSYM_PROTOTYPE(fido_dev_get_cbor_info); | |
58 | extern DLSYM_PROTOTYPE(fido_dev_info_free); | |
59 | extern DLSYM_PROTOTYPE(fido_dev_info_manifest); | |
60 | extern DLSYM_PROTOTYPE(fido_dev_info_manufacturer_string); | |
61 | extern DLSYM_PROTOTYPE(fido_dev_info_product_string); | |
62 | extern DLSYM_PROTOTYPE(fido_dev_info_new); | |
63 | extern DLSYM_PROTOTYPE(fido_dev_info_path); | |
64 | extern DLSYM_PROTOTYPE(fido_dev_info_ptr); | |
65 | extern DLSYM_PROTOTYPE(fido_dev_is_fido2); | |
66 | extern DLSYM_PROTOTYPE(fido_dev_make_cred); | |
67 | extern DLSYM_PROTOTYPE(fido_dev_new); | |
68 | extern DLSYM_PROTOTYPE(fido_dev_open); | |
69 | extern DLSYM_PROTOTYPE(fido_dev_close); | |
70 | extern DLSYM_PROTOTYPE(fido_init); | |
71 | extern DLSYM_PROTOTYPE(fido_set_log_handler); | |
72 | extern DLSYM_PROTOTYPE(fido_strerr); | |
69cb2896 LP |
73 | |
74 | int dlopen_libfido2(void); | |
75 | ||
76 | static inline void fido_cbor_info_free_wrapper(fido_cbor_info_t **p) { | |
77 | if (*p) | |
78 | sym_fido_cbor_info_free(p); | |
79 | } | |
80 | ||
81 | static inline void fido_assert_free_wrapper(fido_assert_t **p) { | |
82 | if (*p) | |
83 | sym_fido_assert_free(p); | |
84 | } | |
85 | ||
86 | static inline void fido_dev_free_wrapper(fido_dev_t **p) { | |
b6aa89b0 | 87 | if (*p) { |
88 | sym_fido_dev_close(*p); | |
69cb2896 | 89 | sym_fido_dev_free(p); |
b6aa89b0 | 90 | } |
69cb2896 LP |
91 | } |
92 | ||
93 | static inline void fido_cred_free_wrapper(fido_cred_t **p) { | |
94 | if (*p) | |
95 | sym_fido_cred_free(p); | |
96 | } | |
97 | ||
ebcb3f38 LP |
98 | int fido2_use_hmac_hash( |
99 | const char *device, | |
100 | const char *rp_id, | |
101 | const void *salt, | |
102 | size_t salt_size, | |
103 | const void *cid, | |
104 | size_t cid_size, | |
105 | char **pins, | |
cde2f860 | 106 | Fido2EnrollFlags required, |
ebcb3f38 LP |
107 | void **ret_hmac, |
108 | size_t *ret_hmac_size); | |
109 | ||
17599e12 LP |
110 | int fido2_generate_hmac_hash( |
111 | const char *device, | |
112 | const char *rp_id, | |
113 | const char *rp_name, | |
114 | const void *user_id, size_t user_id_len, | |
115 | const char *user_name, | |
116 | const char *user_display_name, | |
117 | const char *user_icon, | |
251c71b6 LP |
118 | const char *askpw_icon, |
119 | const char *askpw_credential, | |
cde2f860 | 120 | Fido2EnrollFlags lock_with, |
70e723c0 | 121 | int cred_alg, |
e262205e | 122 | const struct iovec *salt, |
17599e12 | 123 | void **ret_cid, size_t *ret_cid_size, |
17599e12 | 124 | void **ret_secret, size_t *ret_secret_size, |
0735ed95 LP |
125 | char **ret_usedpin, |
126 | Fido2EnrollFlags *ret_locked_with); | |
17599e12 | 127 | |
70e723c0 M |
128 | int parse_fido2_algorithm(const char *s, int *ret); |
129 | #else | |
130 | static inline int parse_fido2_algorithm(const char *s, int *ret) { | |
131 | return -EOPNOTSUPP; | |
132 | } | |
69cb2896 | 133 | #endif |
fb2d839c LP |
134 | |
135 | int fido2_list_devices(void); | |
136 | int fido2_find_device_auto(char **ret); | |
4f0cfa77 LP |
137 | |
138 | int fido2_have_device(const char *device); |