src/shared/libfido2-util.h

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2 #pragma once
   3
   4 #include "forward.h"
   5
   6 #define FIDO2_SALT_SIZE 32U
   7
   8 typedef enum Fido2EnrollFlags {
   9         FIDO2ENROLL_PIN           = 1 << 0,
  10         FIDO2ENROLL_UP            = 1 << 1, /* User presence (ie: touching token) */
  11         FIDO2ENROLL_UV            = 1 << 2, /* User verification (ie: fingerprint) */
  12         FIDO2ENROLL_PIN_IF_NEEDED = 1 << 3, /* If auth doesn't work without PIN ask for one, as in systemd 248 */
  13         FIDO2ENROLL_UP_IF_NEEDED  = 1 << 4, /* If auth doesn't work without UP, enable it, as in systemd 248 */
  14         FIDO2ENROLL_UV_OMIT       = 1 << 5, /* Leave "uv" untouched, as in systemd 248 */
  15         _FIDO2ENROLL_TYPE_MAX,
  16         _FIDO2ENROLL_TYPE_INVALID = -EINVAL,
  17 } Fido2EnrollFlags;
  18
  19 #if HAVE_LIBFIDO2
  20 #include <fido.h>
  21
  22 #include "dlfcn-util.h"
  23
  24 extern DLSYM_PROTOTYPE(fido_assert_allow_cred);
  25 extern DLSYM_PROTOTYPE(fido_assert_free);
  26 extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_len);
  27 extern DLSYM_PROTOTYPE(fido_assert_hmac_secret_ptr);
  28 extern DLSYM_PROTOTYPE(fido_assert_new);
  29 extern DLSYM_PROTOTYPE(fido_assert_set_clientdata_hash);
  30 extern DLSYM_PROTOTYPE(fido_assert_set_extensions);
  31 extern DLSYM_PROTOTYPE(fido_assert_set_hmac_salt);
  32 extern DLSYM_PROTOTYPE(fido_assert_set_rp);
  33 extern DLSYM_PROTOTYPE(fido_assert_set_up);
  34 extern DLSYM_PROTOTYPE(fido_assert_set_uv);
  35 extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_len);
  36 extern DLSYM_PROTOTYPE(fido_cbor_info_extensions_ptr);
  37 extern DLSYM_PROTOTYPE(fido_cbor_info_free);
  38 extern DLSYM_PROTOTYPE(fido_cbor_info_new);
  39 extern DLSYM_PROTOTYPE(fido_cbor_info_options_len);
  40 extern DLSYM_PROTOTYPE(fido_cbor_info_options_name_ptr);
  41 extern DLSYM_PROTOTYPE(fido_cbor_info_options_value_ptr);
  42 extern DLSYM_PROTOTYPE(fido_cred_free);
  43 extern DLSYM_PROTOTYPE(fido_cred_id_len);
  44 extern DLSYM_PROTOTYPE(fido_cred_id_ptr);
  45 extern DLSYM_PROTOTYPE(fido_cred_new);
  46 extern DLSYM_PROTOTYPE(fido_cred_set_clientdata_hash);
  47 extern DLSYM_PROTOTYPE(fido_cred_set_extensions);
  48 extern DLSYM_PROTOTYPE(fido_cred_set_prot);
  49 extern DLSYM_PROTOTYPE(fido_cred_set_rk);
  50 extern DLSYM_PROTOTYPE(fido_cred_set_rp);
  51 extern DLSYM_PROTOTYPE(fido_cred_set_type);
  52 extern DLSYM_PROTOTYPE(fido_cred_set_user);
  53 extern DLSYM_PROTOTYPE(fido_cred_set_uv);
  54 extern DLSYM_PROTOTYPE(fido_dev_close);
  55 extern DLSYM_PROTOTYPE(fido_dev_free);
  56 extern DLSYM_PROTOTYPE(fido_dev_get_assert);
  57 extern DLSYM_PROTOTYPE(fido_dev_get_cbor_info);
  58 extern DLSYM_PROTOTYPE(fido_dev_info_free);
  59 extern DLSYM_PROTOTYPE(fido_dev_info_manifest);
  60 extern DLSYM_PROTOTYPE(fido_dev_info_manufacturer_string);
  61 extern DLSYM_PROTOTYPE(fido_dev_info_new);
  62 extern DLSYM_PROTOTYPE(fido_dev_info_path);
  63 extern DLSYM_PROTOTYPE(fido_dev_info_product_string);
  64 extern DLSYM_PROTOTYPE(fido_dev_info_ptr);
  65 extern DLSYM_PROTOTYPE(fido_dev_is_fido2);
  66 extern DLSYM_PROTOTYPE(fido_dev_make_cred);
  67 extern DLSYM_PROTOTYPE(fido_dev_new);
  68 extern DLSYM_PROTOTYPE(fido_dev_open);
  69 extern DLSYM_PROTOTYPE(fido_init);
  70 extern DLSYM_PROTOTYPE(fido_set_log_handler);
  71 extern DLSYM_PROTOTYPE(fido_strerr);
  72
  73 int dlopen_libfido2(void);
  74
  75 static inline void fido_cbor_info_free_wrapper(fido_cbor_info_t **p) {
  76         if (*p)
  77                 sym_fido_cbor_info_free(p);
  78 }
  79
  80 static inline void fido_assert_free_wrapper(fido_assert_t **p) {
  81         if (*p)
  82                 sym_fido_assert_free(p);
  83 }
  84
  85 static inline void fido_dev_free_wrapper(fido_dev_t **p) {
  86         if (*p) {
  87                 sym_fido_dev_close(*p);
  88                 sym_fido_dev_free(p);
  89         }
  90 }
  91
  92 static inline void fido_cred_free_wrapper(fido_cred_t **p) {
  93         if (*p)
  94                 sym_fido_cred_free(p);
  95 }
  96
  97 int fido2_use_hmac_hash(
  98                 const char *device,
  99                 const char *rp_id,
 100                 const void *salt,
 101                 size_t salt_size,
 102                 const void *cid,
 103                 size_t cid_size,
 104                 char **pins,
 105                 Fido2EnrollFlags required,
 106                 void **ret_hmac,
 107                 size_t *ret_hmac_size);
 108
 109 int fido2_generate_hmac_hash(
 110                 const char *device,
 111                 const char *rp_id,
 112                 const char *rp_name,
 113                 const void *user_id, size_t user_id_len,
 114                 const char *user_name,
 115                 const char *user_display_name,
 116                 const char *user_icon,
 117                 const char *askpw_icon,
 118                 const char *askpw_credential,
 119                 Fido2EnrollFlags lock_with,
 120                 int cred_alg,
 121                 const struct iovec *salt,
 122                 void **ret_cid, size_t *ret_cid_size,
 123                 void **ret_secret, size_t *ret_secret_size,
 124                 char **ret_usedpin,
 125                 Fido2EnrollFlags *ret_locked_with);
 126
 127 int parse_fido2_algorithm(const char *s, int *ret);
 128 #else
 129 static inline int parse_fido2_algorithm(const char *s, int *ret) {
 130         return -EOPNOTSUPP;
 131 }
 132 #endif
 133
 134 int fido2_list_devices(void);
 135 int fido2_find_device_auto(char **ret);
 136
 137 int fido2_have_device(const char *device);