[thirdparty/systemd.git] / src / shared / libfido2-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include "forward.h"

#define FIDO2_SALT_SIZE 32U

typedef enum Fido2EnrollFlags {
        FIDO2ENROLL_PIN           = 1 << 0,
        FIDO2ENROLL_UP            = 1 << 1, /* User presence (ie: touching token) */
        FIDO2ENROLL_UV            = 1 << 2, /* User verification (ie: fingerprint) */
        FIDO2ENROLL_PIN_IF_NEEDED = 1 << 3, /* If auth doesn't work without PIN ask for one, as in systemd 248 */
        FIDO2ENROLL_UP_IF_NEEDED  = 1 << 4, /* If auth doesn't work without UP, enable it, as in systemd 248 */
        FIDO2ENROLL_UV_OMIT       = 1 << 5, /* Leave "uv" untouched, as in systemd 248 */
        _FIDO2ENROLL_TYPE_MAX,
        _FIDO2ENROLL_TYPE_INVALID = -EINVAL,
} Fido2EnrollFlags;

#if HAVE_LIBFIDO2
#include <fido.h>

#include "dlfcn-util.h"

extern DLSYM_PROTOTYPE(fido_assert_allow_cred);
extern DLSYM_PROTOTYPE(fido_assert_free);
extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_len);
extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_ptr);
extern DLSYM_PROTOTYPE(fido_assert_new);
extern DLSYM_PROTOTYPE(fido_assert_set_clientdata_hash);
extern DLSYM_PROTOTYPE(fido_assert_set_extensions);
extern DLSYM_PROTOTYPE(fido_assert_set_hmac_salt);
extern DLSYM_PROTOTYPE(fido_assert_set_rp);
extern DLSYM_PROTOTYPE(fido_assert_set_up);
extern DLSYM_PROTOTYPE(fido_assert_set_uv);
extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_len);
extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_ptr);
extern DLSYM_PROTOTYPE(fido_cbor_info_free);
extern DLSYM_PROTOTYPE(fido_cbor_info_new);
extern DLSYM_PROTOTYPE(fido_cbor_info_options_len);
extern DLSYM_PROTOTYPE(fido_cbor_info_options_name_ptr);
extern DLSYM_PROTOTYPE(fido_cbor_info_options_value_ptr);
extern DLSYM_PROTOTYPE(fido_cred_free);
extern DLSYM_PROTOTYPE(fido_cred_id_len);
extern DLSYM_PROTOTYPE(fido_cred_id_ptr);
extern DLSYM_PROTOTYPE(fido_cred_new);
extern DLSYM_PROTOTYPE(fido_cred_set_clientdata_hash);
extern DLSYM_PROTOTYPE(fido_cred_set_extensions);
extern DLSYM_PROTOTYPE(fido_cred_set_prot);
extern DLSYM_PROTOTYPE(fido_cred_set_rk);
extern DLSYM_PROTOTYPE(fido_cred_set_rp);
extern DLSYM_PROTOTYPE(fido_cred_set_type);
extern DLSYM_PROTOTYPE(fido_cred_set_user);
extern DLSYM_PROTOTYPE(fido_cred_set_uv);
extern DLSYM_PROTOTYPE(fido_dev_close);
extern DLSYM_PROTOTYPE(fido_dev_free);
extern DLSYM_PROTOTYPE(fido_dev_get_assert);
extern DLSYM_PROTOTYPE(fido_dev_get_cbor_info);
extern DLSYM_PROTOTYPE(fido_dev_info_free);
extern DLSYM_PROTOTYPE(fido_dev_info_manifest);
extern DLSYM_PROTOTYPE(fido_dev_info_manufacturer_string);
extern DLSYM_PROTOTYPE(fido_dev_info_new);
extern DLSYM_PROTOTYPE(fido_dev_info_path);
extern DLSYM_PROTOTYPE(fido_dev_info_product_string);
extern DLSYM_PROTOTYPE(fido_dev_info_ptr);
extern DLSYM_PROTOTYPE(fido_dev_is_fido2);
extern DLSYM_PROTOTYPE(fido_dev_make_cred);
extern DLSYM_PROTOTYPE(fido_dev_new);
extern DLSYM_PROTOTYPE(fido_dev_open);
extern DLSYM_PROTOTYPE(fido_init);
extern DLSYM_PROTOTYPE(fido_set_log_handler);
extern DLSYM_PROTOTYPE(fido_strerr);

int dlopen_libfido2(void);

static inline void fido_cbor_info_free_wrapper(fido_cbor_info_t **p) {
        if (*p)
                sym_fido_cbor_info_free(p);
}

static inline void fido_assert_free_wrapper(fido_assert_t **p) {
        if (*p)
                sym_fido_assert_free(p);
}

static inline void fido_dev_free_wrapper(fido_dev_t **p) {
        if (*p) {
                sym_fido_dev_close(*p);
                sym_fido_dev_free(p);
        }
}

static inline void fido_cred_free_wrapper(fido_cred_t **p) {
        if (*p)
                sym_fido_cred_free(p);
}

int fido2_use_hmac_hash(
                const char *device,
                const char *rp_id,
                const void *salt,
                size_t salt_size,
                const void *cid,
                size_t cid_size,
                char **pins,
                Fido2EnrollFlags required,
                void **ret_hmac,
                size_t *ret_hmac_size);

int fido2_generate_hmac_hash(
                const char *device,
                const char *rp_id,
                const char *rp_name,
                const void *user_id, size_t user_id_len,
                const char *user_name,
                const char *user_display_name,
                const char *user_icon,
                const char *askpw_icon,
                const char *askpw_credential,
                Fido2EnrollFlags lock_with,
                int cred_alg,
                const struct iovec *salt,
                void **ret_cid, size_t *ret_cid_size,
                void **ret_secret, size_t *ret_secret_size,
                char **ret_usedpin,
                Fido2EnrollFlags *ret_locked_with);

int parse_fido2_algorithm(const char *s, int *ret);
#else
static inline int parse_fido2_algorithm(const char *s, int *ret) {
        return -EOPNOTSUPP;
}
#endif

int fido2_list_devices(void);
int fido2_find_device_auto(char **ret);

int fido2_have_device(const char *device);
Commit	Line	Data
	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
	2	#pragma once
	3
	4	#include "forward.h"
	5
	6	#define FIDO2_SALT_SIZE 32U
	7
	8	typedef enum Fido2EnrollFlags {
	9	FIDO2ENROLL_PIN = 1 << 0,
	10	FIDO2ENROLL_UP = 1 << 1, /* User presence (ie: touching token) */
	11	FIDO2ENROLL_UV = 1 << 2, /* User verification (ie: fingerprint) */
	12	FIDO2ENROLL_PIN_IF_NEEDED = 1 << 3, /* If auth doesn't work without PIN ask for one, as in systemd 248 */
	13	FIDO2ENROLL_UP_IF_NEEDED = 1 << 4, /* If auth doesn't work without UP, enable it, as in systemd 248 */
	14	FIDO2ENROLL_UV_OMIT = 1 << 5, /* Leave "uv" untouched, as in systemd 248 */
	15	_FIDO2ENROLL_TYPE_MAX,
	16	_FIDO2ENROLL_TYPE_INVALID = -EINVAL,
	17	} Fido2EnrollFlags;
	18
	19	#if HAVE_LIBFIDO2
	20	#include <fido.h>
	21
	22	#include "dlfcn-util.h"
	23
	24	extern DLSYM_PROTOTYPE(fido_assert_allow_cred);
	25	extern DLSYM_PROTOTYPE(fido_assert_free);
	26	extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_len);
	27	extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_ptr);
	28	extern DLSYM_PROTOTYPE(fido_assert_new);
	29	extern DLSYM_PROTOTYPE(fido_assert_set_clientdata_hash);
	30	extern DLSYM_PROTOTYPE(fido_assert_set_extensions);
	31	extern DLSYM_PROTOTYPE(fido_assert_set_hmac_salt);
	32	extern DLSYM_PROTOTYPE(fido_assert_set_rp);
	33	extern DLSYM_PROTOTYPE(fido_assert_set_up);
	34	extern DLSYM_PROTOTYPE(fido_assert_set_uv);
	35	extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_len);
	36	extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_ptr);
	37	extern DLSYM_PROTOTYPE(fido_cbor_info_free);
	38	extern DLSYM_PROTOTYPE(fido_cbor_info_new);
	39	extern DLSYM_PROTOTYPE(fido_cbor_info_options_len);
	40	extern DLSYM_PROTOTYPE(fido_cbor_info_options_name_ptr);
	41	extern DLSYM_PROTOTYPE(fido_cbor_info_options_value_ptr);
	42	extern DLSYM_PROTOTYPE(fido_cred_free);
	43	extern DLSYM_PROTOTYPE(fido_cred_id_len);
	44	extern DLSYM_PROTOTYPE(fido_cred_id_ptr);
	45	extern DLSYM_PROTOTYPE(fido_cred_new);
	46	extern DLSYM_PROTOTYPE(fido_cred_set_clientdata_hash);
	47	extern DLSYM_PROTOTYPE(fido_cred_set_extensions);
	48	extern DLSYM_PROTOTYPE(fido_cred_set_prot);
	49	extern DLSYM_PROTOTYPE(fido_cred_set_rk);
	50	extern DLSYM_PROTOTYPE(fido_cred_set_rp);
	51	extern DLSYM_PROTOTYPE(fido_cred_set_type);
	52	extern DLSYM_PROTOTYPE(fido_cred_set_user);
	53	extern DLSYM_PROTOTYPE(fido_cred_set_uv);
	54	extern DLSYM_PROTOTYPE(fido_dev_close);
	55	extern DLSYM_PROTOTYPE(fido_dev_free);
	56	extern DLSYM_PROTOTYPE(fido_dev_get_assert);
	57	extern DLSYM_PROTOTYPE(fido_dev_get_cbor_info);
	58	extern DLSYM_PROTOTYPE(fido_dev_info_free);
	59	extern DLSYM_PROTOTYPE(fido_dev_info_manifest);
	60	extern DLSYM_PROTOTYPE(fido_dev_info_manufacturer_string);
	61	extern DLSYM_PROTOTYPE(fido_dev_info_new);
	62	extern DLSYM_PROTOTYPE(fido_dev_info_path);
	63	extern DLSYM_PROTOTYPE(fido_dev_info_product_string);
	64	extern DLSYM_PROTOTYPE(fido_dev_info_ptr);
	65	extern DLSYM_PROTOTYPE(fido_dev_is_fido2);
	66	extern DLSYM_PROTOTYPE(fido_dev_make_cred);
	67	extern DLSYM_PROTOTYPE(fido_dev_new);
	68	extern DLSYM_PROTOTYPE(fido_dev_open);
	69	extern DLSYM_PROTOTYPE(fido_init);
	70	extern DLSYM_PROTOTYPE(fido_set_log_handler);
	71	extern DLSYM_PROTOTYPE(fido_strerr);
	72
	73	int dlopen_libfido2(void);
	74
	75	static inline void fido_cbor_info_free_wrapper(fido_cbor_info_t **p) {
	76	if (*p)
	77	sym_fido_cbor_info_free(p);
	78	}
	79
	80	static inline void fido_assert_free_wrapper(fido_assert_t **p) {
	81	if (*p)
	82	sym_fido_assert_free(p);
	83	}
	84
	85	static inline void fido_dev_free_wrapper(fido_dev_t **p) {
	86	if (*p) {
	87	sym_fido_dev_close(*p);
	88	sym_fido_dev_free(p);
	89	}
	90	}
	91
	92	static inline void fido_cred_free_wrapper(fido_cred_t **p) {
	93	if (*p)
	94	sym_fido_cred_free(p);
	95	}
	96
	97	int fido2_use_hmac_hash(
	98	const char *device,
	99	const char *rp_id,
	100	const void *salt,
	101	size_t salt_size,
	102	const void *cid,
	103	size_t cid_size,
	104	char **pins,
	105	Fido2EnrollFlags required,
	106	void **ret_hmac,
	107	size_t *ret_hmac_size);
	108
	109	int fido2_generate_hmac_hash(
	110	const char *device,
	111	const char *rp_id,
	112	const char *rp_name,
	113	const void *user_id, size_t user_id_len,
	114	const char *user_name,
	115	const char *user_display_name,
	116	const char *user_icon,
	117	const char *askpw_icon,
	118	const char *askpw_credential,
	119	Fido2EnrollFlags lock_with,
	120	int cred_alg,
	121	const struct iovec *salt,
	122	void *ret_cid, size_t ret_cid_size,
	123	void *ret_secret, size_t ret_secret_size,
	124	char **ret_usedpin,
	125	Fido2EnrollFlags *ret_locked_with);
	126
	127	int parse_fido2_algorithm(const char s, int ret);
	128	#else
	129	static inline int parse_fido2_algorithm(const char s, int ret) {
	130	return -EOPNOTSUPP;
	131	}
	132	#endif
	133
	134	int fido2_list_devices(void);
	135	int fido2_find_device_auto(char **ret);
	136
	137	int fido2_have_device(const char *device);