src/shared/libfido2-util.h

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2 #pragma once
   3
   4 #include "macro.h"
   5
   6 typedef enum Fido2EnrollFlags {
   7         FIDO2ENROLL_PIN           = 1 << 0,
   8         FIDO2ENROLL_UP            = 1 << 1, /* User presence (ie: touching token) */
   9         FIDO2ENROLL_UV            = 1 << 2, /* User verification (ie: fingerprint) */
  10         FIDO2ENROLL_PIN_IF_NEEDED = 1 << 3, /* If auth doesn't work without PIN ask for one, as in systemd 248 */
  11         FIDO2ENROLL_UP_IF_NEEDED  = 1 << 4, /* If auth doesn't work without UP, enable it, as in systemd 248 */
  12         FIDO2ENROLL_UV_OMIT       = 1 << 5, /* Leave "uv" untouched, as in systemd 248 */
  13         _FIDO2ENROLL_TYPE_MAX,
  14         _FIDO2ENROLL_TYPE_INVALID = -EINVAL,
  15 } Fido2EnrollFlags;
  16
  17 #if HAVE_LIBFIDO2
  18 #include <fido.h>
  19
  20 #include "dlfcn-util.h"
  21
  22 DLSYM_PROTOTYPE(fido_assert_allow_cred);
  23 DLSYM_PROTOTYPE(fido_assert_free);
  24 DLSYM_PROTOTYPE(fido_assert_hmac_secret_len);
  25 DLSYM_PROTOTYPE(fido_assert_hmac_secret_ptr);
  26 DLSYM_PROTOTYPE(fido_assert_new);
  27 DLSYM_PROTOTYPE(fido_assert_set_clientdata_hash);
  28 DLSYM_PROTOTYPE(fido_assert_set_extensions);
  29 DLSYM_PROTOTYPE(fido_assert_set_hmac_salt);
  30 DLSYM_PROTOTYPE(fido_assert_set_rp);
  31 DLSYM_PROTOTYPE(fido_assert_set_up);
  32 DLSYM_PROTOTYPE(fido_assert_set_uv);
  33 DLSYM_PROTOTYPE(fido_cbor_info_extensions_len);
  34 DLSYM_PROTOTYPE(fido_cbor_info_extensions_ptr);
  35 DLSYM_PROTOTYPE(fido_cbor_info_free);
  36 DLSYM_PROTOTYPE(fido_cbor_info_new);
  37 DLSYM_PROTOTYPE(fido_cbor_info_options_len);
  38 DLSYM_PROTOTYPE(fido_cbor_info_options_name_ptr);
  39 DLSYM_PROTOTYPE(fido_cbor_info_options_value_ptr);
  40 DLSYM_PROTOTYPE(fido_cred_free);
  41 DLSYM_PROTOTYPE(fido_cred_id_len);
  42 DLSYM_PROTOTYPE(fido_cred_id_ptr);
  43 DLSYM_PROTOTYPE(fido_cred_new);
  44 DLSYM_PROTOTYPE(fido_cred_set_clientdata_hash);
  45 DLSYM_PROTOTYPE(fido_cred_set_extensions);
  46 DLSYM_PROTOTYPE(fido_cred_set_rk);
  47 DLSYM_PROTOTYPE(fido_cred_set_rp);
  48 DLSYM_PROTOTYPE(fido_cred_set_type);
  49 DLSYM_PROTOTYPE(fido_cred_set_user);
  50 DLSYM_PROTOTYPE(fido_cred_set_uv);
  51 DLSYM_PROTOTYPE(fido_dev_free);
  52 DLSYM_PROTOTYPE(fido_dev_get_assert);
  53 DLSYM_PROTOTYPE(fido_dev_get_cbor_info);
  54 DLSYM_PROTOTYPE(fido_dev_info_free);
  55 DLSYM_PROTOTYPE(fido_dev_info_manifest);
  56 DLSYM_PROTOTYPE(fido_dev_info_manufacturer_string);
  57 DLSYM_PROTOTYPE(fido_dev_info_product_string);
  58 DLSYM_PROTOTYPE(fido_dev_info_new);
  59 DLSYM_PROTOTYPE(fido_dev_info_path);
  60 DLSYM_PROTOTYPE(fido_dev_info_ptr);
  61 DLSYM_PROTOTYPE(fido_dev_is_fido2);
  62 DLSYM_PROTOTYPE(fido_dev_make_cred);
  63 DLSYM_PROTOTYPE(fido_dev_new);
  64 DLSYM_PROTOTYPE(fido_dev_open);
  65 DLSYM_PROTOTYPE(fido_dev_close);
  66 DLSYM_PROTOTYPE(fido_init);
  67 DLSYM_PROTOTYPE(fido_set_log_handler);
  68 DLSYM_PROTOTYPE(fido_strerr);
  69
  70 int dlopen_libfido2(void);
  71
  72 static inline void fido_cbor_info_free_wrapper(fido_cbor_info_t **p) {
  73         if (*p)
  74                 sym_fido_cbor_info_free(p);
  75 }
  76
  77 static inline void fido_assert_free_wrapper(fido_assert_t **p) {
  78         if (*p)
  79                 sym_fido_assert_free(p);
  80 }
  81
  82 static inline void fido_dev_free_wrapper(fido_dev_t **p) {
  83         if (*p) {
  84                 sym_fido_dev_close(*p);
  85                 sym_fido_dev_free(p);
  86         }
  87 }
  88
  89 static inline void fido_cred_free_wrapper(fido_cred_t **p) {
  90         if (*p)
  91                 sym_fido_cred_free(p);
  92 }
  93
  94 int fido2_use_hmac_hash(
  95                 const char *device,
  96                 const char *rp_id,
  97                 const void *salt,
  98                 size_t salt_size,
  99                 const void *cid,
 100                 size_t cid_size,
 101                 char **pins,
 102                 Fido2EnrollFlags required,
 103                 void **ret_hmac,
 104                 size_t *ret_hmac_size);
 105
 106 int fido2_generate_hmac_hash(
 107                 const char *device,
 108                 const char *rp_id,
 109                 const char *rp_name,
 110                 const void *user_id, size_t user_id_len,
 111                 const char *user_name,
 112                 const char *user_display_name,
 113                 const char *user_icon,
 114                 const char *askpw_icon,
 115                 const char *askpw_credential,
 116                 Fido2EnrollFlags lock_with,
 117                 int cred_alg,
 118                 void **ret_cid, size_t *ret_cid_size,
 119                 void **ret_salt, size_t *ret_salt_size,
 120                 void **ret_secret, size_t *ret_secret_size,
 121                 char **ret_usedpin,
 122                 Fido2EnrollFlags *ret_locked_with);
 123
 124 int parse_fido2_algorithm(const char *s, int *ret);
 125 #else
 126 static inline int parse_fido2_algorithm(const char *s, int *ret) {
 127         return -EOPNOTSUPP;
 128 }
 129 #endif
 130
 131 int fido2_list_devices(void);
 132 int fido2_find_device_auto(char **ret);
 133
 134 int fido2_have_device(const char *device);