1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
6 typedef enum Fido2EnrollFlags
{
7 FIDO2ENROLL_PIN
= 1 << 0,
8 FIDO2ENROLL_UP
= 1 << 1, /* User presence (ie: touching token) */
9 FIDO2ENROLL_UV
= 1 << 2, /* User verification (ie: fingerprint) */
10 FIDO2ENROLL_PIN_IF_NEEDED
= 1 << 3, /* If auth doesn't work without PIN ask for one, as in systemd 248 */
11 FIDO2ENROLL_UP_IF_NEEDED
= 1 << 4, /* If auth doesn't work without UP, enable it, as in systemd 248 */
12 FIDO2ENROLL_UV_OMIT
= 1 << 5, /* Leave "uv" untouched, as in systemd 248 */
13 _FIDO2ENROLL_TYPE_MAX
,
14 _FIDO2ENROLL_TYPE_INVALID
= -EINVAL
,
20 #include "dlfcn-util.h"
22 DLSYM_PROTOTYPE(fido_assert_allow_cred
);
23 DLSYM_PROTOTYPE(fido_assert_free
);
24 DLSYM_PROTOTYPE(fido_assert_hmac_secret_len
);
25 DLSYM_PROTOTYPE(fido_assert_hmac_secret_ptr
);
26 DLSYM_PROTOTYPE(fido_assert_new
);
27 DLSYM_PROTOTYPE(fido_assert_set_clientdata_hash
);
28 DLSYM_PROTOTYPE(fido_assert_set_extensions
);
29 DLSYM_PROTOTYPE(fido_assert_set_hmac_salt
);
30 DLSYM_PROTOTYPE(fido_assert_set_rp
);
31 DLSYM_PROTOTYPE(fido_assert_set_up
);
32 DLSYM_PROTOTYPE(fido_assert_set_uv
);
33 DLSYM_PROTOTYPE(fido_cbor_info_extensions_len
);
34 DLSYM_PROTOTYPE(fido_cbor_info_extensions_ptr
);
35 DLSYM_PROTOTYPE(fido_cbor_info_free
);
36 DLSYM_PROTOTYPE(fido_cbor_info_new
);
37 DLSYM_PROTOTYPE(fido_cbor_info_options_len
);
38 DLSYM_PROTOTYPE(fido_cbor_info_options_name_ptr
);
39 DLSYM_PROTOTYPE(fido_cbor_info_options_value_ptr
);
40 DLSYM_PROTOTYPE(fido_cred_free
);
41 DLSYM_PROTOTYPE(fido_cred_id_len
);
42 DLSYM_PROTOTYPE(fido_cred_id_ptr
);
43 DLSYM_PROTOTYPE(fido_cred_new
);
44 DLSYM_PROTOTYPE(fido_cred_set_clientdata_hash
);
45 DLSYM_PROTOTYPE(fido_cred_set_extensions
);
46 DLSYM_PROTOTYPE(fido_cred_set_rk
);
47 DLSYM_PROTOTYPE(fido_cred_set_rp
);
48 DLSYM_PROTOTYPE(fido_cred_set_type
);
49 DLSYM_PROTOTYPE(fido_cred_set_user
);
50 DLSYM_PROTOTYPE(fido_cred_set_uv
);
51 DLSYM_PROTOTYPE(fido_dev_free
);
52 DLSYM_PROTOTYPE(fido_dev_get_assert
);
53 DLSYM_PROTOTYPE(fido_dev_get_cbor_info
);
54 DLSYM_PROTOTYPE(fido_dev_info_free
);
55 DLSYM_PROTOTYPE(fido_dev_info_manifest
);
56 DLSYM_PROTOTYPE(fido_dev_info_manufacturer_string
);
57 DLSYM_PROTOTYPE(fido_dev_info_product_string
);
58 DLSYM_PROTOTYPE(fido_dev_info_new
);
59 DLSYM_PROTOTYPE(fido_dev_info_path
);
60 DLSYM_PROTOTYPE(fido_dev_info_ptr
);
61 DLSYM_PROTOTYPE(fido_dev_is_fido2
);
62 DLSYM_PROTOTYPE(fido_dev_make_cred
);
63 DLSYM_PROTOTYPE(fido_dev_new
);
64 DLSYM_PROTOTYPE(fido_dev_open
);
65 DLSYM_PROTOTYPE(fido_dev_close
);
66 DLSYM_PROTOTYPE(fido_init
);
67 DLSYM_PROTOTYPE(fido_set_log_handler
);
68 DLSYM_PROTOTYPE(fido_strerr
);
70 int dlopen_libfido2(void);
72 static inline void fido_cbor_info_free_wrapper(fido_cbor_info_t
**p
) {
74 sym_fido_cbor_info_free(p
);
77 static inline void fido_assert_free_wrapper(fido_assert_t
**p
) {
79 sym_fido_assert_free(p
);
82 static inline void fido_dev_free_wrapper(fido_dev_t
**p
) {
84 sym_fido_dev_close(*p
);
89 static inline void fido_cred_free_wrapper(fido_cred_t
**p
) {
91 sym_fido_cred_free(p
);
94 int fido2_use_hmac_hash(
102 Fido2EnrollFlags required
,
104 size_t *ret_hmac_size
);
106 int fido2_generate_hmac_hash(
110 const void *user_id
, size_t user_id_len
,
111 const char *user_name
,
112 const char *user_display_name
,
113 const char *user_icon
,
114 const char *askpw_icon
,
115 const char *askpw_credential
,
116 Fido2EnrollFlags lock_with
,
118 void **ret_cid
, size_t *ret_cid_size
,
119 void **ret_salt
, size_t *ret_salt_size
,
120 void **ret_secret
, size_t *ret_secret_size
,
122 Fido2EnrollFlags
*ret_locked_with
);
124 int parse_fido2_algorithm(const char *s
, int *ret
);
126 static inline int parse_fido2_algorithm(const char *s
, int *ret
) {
131 int fido2_list_devices(void);
132 int fido2_find_device_auto(char **ret
);
134 int fido2_have_device(const char *device
);