1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 #include "ask-password-api.h"
8 #include "errno-util.h"
9 #include "format-table.h"
10 #include "hexdecoct.h"
11 #include "homectl-fido2.h"
12 #include "homectl-pkcs11.h"
13 #include "libcrypt-util.h"
14 #include "locale-util.h"
15 #include "memory-util.h"
16 #include "random-util.h"
20 static int add_fido2_credential_id(
25 _cleanup_(json_variant_unrefp
) JsonVariant
*w
= NULL
;
26 _cleanup_strv_free_
char **l
= NULL
;
27 _cleanup_free_
char *escaped
= NULL
;
33 r
= base64mem(cid
, cid_size
, &escaped
);
35 return log_error_errno(r
, "Failed to base64 encode FIDO2 credential ID: %m");
37 w
= json_variant_ref(json_variant_by_key(*v
, "fido2HmacCredential"));
39 r
= json_variant_strv(w
, &l
);
41 return log_error_errno(r
, "Failed to parse FIDO2 credential ID list: %m");
43 if (strv_contains(l
, escaped
))
47 r
= strv_extend(&l
, escaped
);
51 w
= json_variant_unref(w
);
52 r
= json_variant_new_array_strv(&w
, l
);
54 return log_error_errno(r
, "Failed to create FIDO2 credential ID JSON: %m");
56 r
= json_variant_set_field(v
, "fido2HmacCredential", w
);
58 return log_error_errno(r
, "Failed to update FIDO2 credential ID: %m");
63 static int add_fido2_salt(
67 const void *fido2_salt
,
68 size_t fido2_salt_size
,
72 _cleanup_(json_variant_unrefp
) JsonVariant
*l
= NULL
, *w
= NULL
, *e
= NULL
;
73 _cleanup_(erase_and_freep
) char *base64_encoded
= NULL
, *hashed
= NULL
;
76 /* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends
77 * expect a NUL terminated string, and we use a binary key */
78 r
= base64mem(secret
, secret_size
, &base64_encoded
);
80 return log_error_errno(r
, "Failed to base64 encode secret key: %m");
82 r
= hash_password(base64_encoded
, &hashed
);
84 return log_error_errno(errno_or_else(EINVAL
), "Failed to UNIX hash secret key: %m");
86 r
= json_build(&e
, JSON_BUILD_OBJECT(
87 JSON_BUILD_PAIR("credential", JSON_BUILD_BASE64(cid
, cid_size
)),
88 JSON_BUILD_PAIR("salt", JSON_BUILD_BASE64(fido2_salt
, fido2_salt_size
)),
89 JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(hashed
))));
91 return log_error_errno(r
, "Failed to build FIDO2 salt JSON key object: %m");
93 w
= json_variant_ref(json_variant_by_key(*v
, "privileged"));
94 l
= json_variant_ref(json_variant_by_key(w
, "fido2HmacSalt"));
96 r
= json_variant_append_array(&l
, e
);
98 return log_error_errno(r
, "Failed append FIDO2 salt: %m");
100 r
= json_variant_set_field(&w
, "fido2HmacSalt", l
);
102 return log_error_errno(r
, "Failed to set FDO2 salt: %m");
104 r
= json_variant_set_field(v
, "privileged", w
);
106 return log_error_errno(r
, "Failed to update privileged field: %m");
112 #define FIDO2_SALT_SIZE 32
114 int identity_add_fido2_parameters(
116 const char *device
) {
119 _cleanup_(fido_cbor_info_free
) fido_cbor_info_t
*di
= NULL
;
120 _cleanup_(fido_assert_free
) fido_assert_t
*a
= NULL
;
121 _cleanup_(erase_and_freep
) char *used_pin
= NULL
;
122 _cleanup_(fido_cred_free
) fido_cred_t
*c
= NULL
;
123 _cleanup_(fido_dev_free
) fido_dev_t
*d
= NULL
;
124 _cleanup_(erase_and_freep
) void *salt
= NULL
;
125 JsonVariant
*un
, *realm
, *rn
;
126 bool found_extension
= false;
127 const void *cid
, *secret
;
129 size_t n
, cid_size
, secret_size
;
133 /* Construction is like this: we generate a salt of 32 bytes. We then ask the FIDO2 device to
134 * HMAC-SHA256 it for us with its internal key. The result is the key used by LUKS and account
135 * authentication. LUKS and UNIX password auth all do their own salting before hashing, so that FIDO2
136 * device never sees the volume key.
138 * S = HMAC-SHA256(I, D)
140 * with: S → LUKS/account authentication key (never stored)
141 * I → internal key on FIDO2 device (stored in the FIDO2 device)
142 * D → salt we generate here (stored in the privileged part of the JSON record)
149 salt
= malloc(FIDO2_SALT_SIZE
);
153 r
= genuine_random_bytes(salt
, FIDO2_SALT_SIZE
, RANDOM_BLOCK
);
155 return log_error_errno(r
, "Failed to generate salt: %m");
161 r
= fido_dev_open(d
, device
);
163 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
164 "Failed to open FIDO2 device %s: %s", device
, fido_strerr(r
));
166 if (!fido_dev_is_fido2(d
))
167 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
),
168 "Specified device %s is not a FIDO2 device.", device
);
170 di
= fido_cbor_info_new();
174 r
= fido_dev_get_cbor_info(d
, di
);
176 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
177 "Failed to get CBOR device info for %s: %s", device
, fido_strerr(r
));
179 e
= fido_cbor_info_extensions_ptr(di
);
180 n
= fido_cbor_info_extensions_len(di
);
182 for (size_t i
= 0; i
< n
; i
++)
183 if (streq(e
[i
], "hmac-secret")) {
184 found_extension
= true;
188 if (!found_extension
)
189 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
),
190 "Specified device %s is a FIDO2 device, but does not support the required HMAC-SECRET extension.", device
);
196 r
= fido_cred_set_extensions(c
, FIDO_EXT_HMAC_SECRET
);
198 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
199 "Failed to enable HMAC-SECRET extension on FIDO2 credential: %s", fido_strerr(r
));
201 r
= fido_cred_set_rp(c
, "io.systemd.home", "Home Directory");
203 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
204 "Failed to set FIDO2 credential relying party ID/name: %s", fido_strerr(r
));
206 r
= fido_cred_set_type(c
, COSE_ES256
);
208 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
209 "Failed to set FIDO2 credential type to ES256: %s", fido_strerr(r
));
211 un
= json_variant_by_key(*v
, "userName");
213 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
214 "userName field of user record is missing");
215 if (!json_variant_is_string(un
))
216 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
217 "userName field of user record is not a string");
219 realm
= json_variant_by_key(*v
, "realm");
221 if (!json_variant_is_string(realm
))
222 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
223 "realm field of user record is not a string");
225 fido_un
= strjoina(json_variant_string(un
), json_variant_string(realm
));
227 fido_un
= json_variant_string(un
);
229 rn
= json_variant_by_key(*v
, "realName");
230 if (rn
&& !json_variant_is_string(rn
))
231 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
232 "realName field of user record is not a string");
234 r
= fido_cred_set_user(c
,
235 (const unsigned char*) fido_un
, strlen(fido_un
), /* We pass the user ID and name as the same */
237 rn
? json_variant_string(rn
) : NULL
,
238 NULL
/* icon URL */);
240 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
241 "Failed to set FIDO2 credential user data: %s", fido_strerr(r
));
243 r
= fido_cred_set_clientdata_hash(c
, (const unsigned char[32]) {}, 32);
245 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
246 "Failed to set FIDO2 client data hash: %s", fido_strerr(r
));
248 r
= fido_cred_set_rk(c
, FIDO_OPT_FALSE
);
250 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
251 "Failed to turn off FIDO2 resident key option of credential: %s", fido_strerr(r
));
253 r
= fido_cred_set_uv(c
, FIDO_OPT_FALSE
);
255 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
256 "Failed to turn off FIDO2 user verification option of credential: %s", fido_strerr(r
));
258 log_info("Initializing FIDO2 credential on security token.");
260 log_notice("%s%s(Hint: This might require verification of user presence on security token.)",
261 emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH
) : "",
262 emoji_enabled() ? " " : "");
264 r
= fido_dev_make_cred(d
, c
, NULL
);
265 if (r
== FIDO_ERR_PIN_REQUIRED
) {
266 _cleanup_free_
char *text
= NULL
;
268 if (asprintf(&text
, "Please enter security token PIN:") < 0)
272 _cleanup_(strv_free_erasep
) char **pin
= NULL
;
275 r
= ask_password_auto(text
, "user-home", NULL
, "fido2-pin", USEC_INFINITY
, 0, &pin
);
277 return log_error_errno(r
, "Failed to acquire user PIN: %m");
279 r
= FIDO_ERR_PIN_INVALID
;
280 STRV_FOREACH(i
, pin
) {
282 log_info("PIN may not be empty.");
286 r
= fido_dev_make_cred(d
, c
, *i
);
288 used_pin
= strdup(*i
);
293 if (r
!= FIDO_ERR_PIN_INVALID
)
297 if (r
!= FIDO_ERR_PIN_INVALID
)
300 log_notice("PIN incorrect, please try again.");
303 if (r
== FIDO_ERR_PIN_AUTH_BLOCKED
)
304 return log_notice_errno(SYNTHETIC_ERRNO(EPERM
),
305 "Token PIN is currently blocked, please remove and reinsert token.");
306 if (r
== FIDO_ERR_ACTION_TIMEOUT
)
307 return log_error_errno(SYNTHETIC_ERRNO(ENOSTR
),
308 "Token action timeout. (User didn't interact with token quickly enough.)");
310 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
311 "Failed to generate FIDO2 credential: %s", fido_strerr(r
));
313 cid
= fido_cred_id_ptr(c
);
315 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to get FIDO2 credential ID.");
317 cid_size
= fido_cred_id_len(c
);
319 a
= fido_assert_new();
323 r
= fido_assert_set_extensions(a
, FIDO_EXT_HMAC_SECRET
);
325 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
326 "Failed to enable HMAC-SECRET extension on FIDO2 assertion: %s", fido_strerr(r
));
328 r
= fido_assert_set_hmac_salt(a
, salt
, FIDO2_SALT_SIZE
);
330 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
331 "Failed to set salt on FIDO2 assertion: %s", fido_strerr(r
));
333 r
= fido_assert_set_rp(a
, "io.systemd.home");
335 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
336 "Failed to set FIDO2 assertion ID: %s", fido_strerr(r
));
338 r
= fido_assert_set_clientdata_hash(a
, (const unsigned char[32]) {}, 32);
340 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
341 "Failed to set FIDO2 assertion client data hash: %s", fido_strerr(r
));
343 r
= fido_assert_allow_cred(a
, cid
, cid_size
);
345 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
346 "Failed to add FIDO2 assertion credential ID: %s", fido_strerr(r
));
348 r
= fido_assert_set_up(a
, FIDO_OPT_FALSE
);
350 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
351 "Failed to turn off FIDO2 assertion user presence: %s", fido_strerr(r
));
353 log_info("Generating secret key on FIDO2 security token.");
355 r
= fido_dev_get_assert(d
, a
, used_pin
);
356 if (r
== FIDO_ERR_UP_REQUIRED
) {
357 r
= fido_assert_set_up(a
, FIDO_OPT_TRUE
);
359 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
360 "Failed to turn on FIDO2 assertion user presence: %s", fido_strerr(r
));
362 log_notice("%s%sIn order to allow secret key generation, please verify presence on security token.",
363 emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH
) : "",
364 emoji_enabled() ? " " : "");
366 r
= fido_dev_get_assert(d
, a
, used_pin
);
368 if (r
== FIDO_ERR_ACTION_TIMEOUT
)
369 return log_error_errno(SYNTHETIC_ERRNO(ENOSTR
),
370 "Token action timeout. (User didn't interact with token quickly enough.)");
372 return log_error_errno(SYNTHETIC_ERRNO(EIO
),
373 "Failed to ask token for assertion: %s", fido_strerr(r
));
375 secret
= fido_assert_hmac_secret_ptr(a
, 0);
377 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to retrieve HMAC secret.");
379 secret_size
= fido_assert_hmac_secret_len(a
, 0);
381 r
= add_fido2_credential_id(v
, cid
, cid_size
);
385 r
= add_fido2_salt(v
,
395 /* If we acquired the PIN also include it in the secret section of the record, so that systemd-homed
396 * can use it if it needs to, given that it likely needs to decrypt the key again to pass to LUKS or
398 r
= identity_add_token_pin(v
, used_pin
);
404 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
405 "FIDO2 tokens not supported on this build.");
409 int list_fido2_devices(void) {
411 _cleanup_(table_unrefp
) Table
*t
= NULL
;
412 size_t allocated
= 64, found
= 0;
413 fido_dev_info_t
*di
= NULL
;
416 di
= fido_dev_info_new(allocated
);
420 r
= fido_dev_info_manifest(di
, allocated
, &found
);
421 if (r
== FIDO_ERR_INTERNAL
|| (r
== FIDO_OK
&& found
== 0)) {
422 /* The library returns FIDO_ERR_INTERNAL when no devices are found. I wish it wouldn't. */
423 log_info("No FIDO2 devices found.");
428 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to enumerate FIDO2 devices: %s", fido_strerr(r
));
432 t
= table_new("path", "manufacturer", "product");
438 for (size_t i
= 0; i
< found
; i
++) {
439 const fido_dev_info_t
*entry
;
441 entry
= fido_dev_info_ptr(di
, i
);
443 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
),
444 "Failed to get device information for FIDO device %zu.", i
);
450 TABLE_PATH
, fido_dev_info_path(entry
),
451 TABLE_STRING
, fido_dev_info_manufacturer_string(entry
),
452 TABLE_STRING
, fido_dev_info_product_string(entry
));
454 table_log_add_error(r
);
459 r
= table_print(t
, stdout
);
461 log_error_errno(r
, "Failed to show device table: %m");
468 fido_dev_info_free(&di
, allocated
);
471 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
472 "FIDO2 tokens not supported on this build.");
476 int find_fido2_auto(char **ret
) {
478 _cleanup_free_
char *copy
= NULL
;
479 size_t di_size
= 64, found
= 0;
480 const fido_dev_info_t
*entry
;
481 fido_dev_info_t
*di
= NULL
;
485 di
= fido_dev_info_new(di_size
);
489 r
= fido_dev_info_manifest(di
, di_size
, &found
);
490 if (r
== FIDO_ERR_INTERNAL
|| (r
== FIDO_OK
&& found
== 0)) {
491 /* The library returns FIDO_ERR_INTERNAL when no devices are found. I wish it wouldn't. */
492 r
= log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "No FIDO2 devices found.");
496 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to enumerate FIDO2 devices: %s", fido_strerr(r
));
500 r
= log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ
), "More than one FIDO2 device found.");
504 entry
= fido_dev_info_ptr(di
, 0);
506 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
),
507 "Failed to get device information for FIDO device 0.");
511 path
= fido_dev_info_path(entry
);
513 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
),
514 "Failed to query FIDO device path.");
524 *ret
= TAKE_PTR(copy
);
528 fido_dev_info_free(&di
, di_size
);
531 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
532 "FIDO2 tokens not supported on this build.");