libfido2-util: show also verity features when listing FIDO2 devices

author Antonio Alvarez Feijoo <antonio.feijoo@suse.com>

Wed, 11 Dec 2024 16:28:30 +0000 (17:28 +0100)

committer Antonio Alvarez Feijoo <antonio.feijoo@suse.com>

Wed, 11 Dec 2024 16:28:30 +0000 (17:28 +0100)
author Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Wed, 11 Dec 2024 16:28:30 +0000 (17:28 +0100)
committer Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Wed, 11 Dec 2024 16:28:30 +0000 (17:28 +0100)
diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c

index 455696bb8e7141aa81744181058f9cd3bd2664f7..b518dec7fa8e20c749d2d6d18f4a36a7959d93b9 100644 (file)
--- a/src/shared/libfido2-util.c
+++ b/src/shared/libfido2-util.c
@@ -4,6 +4,7 @@
  
  #if HAVE_LIBFIDO2
  #include "alloc-util.h"
+#include "ansi-color.h"
  #include "ask-password-api.h"
  #include "dlfcn-util.h"
  #include "format-table.h"
@@ -1074,7 +1075,13 @@ int fido2_generate_hmac_hash(
  #endif
  
  #if HAVE_LIBFIDO2
-static int check_device_is_fido2_with_hmac_secret(const char *path) {
+static int check_device_is_fido2_with_hmac_secret(
+                const char *path,
+                bool *ret_has_rk,
+                bool *ret_has_client_pin,
+                bool *ret_has_up,
+                bool *ret_has_uv) {
+
          _cleanup_(fido_dev_free_wrapper) fido_dev_t *d = NULL;
          int r;
  
@@ -1087,9 +1094,11 @@ static int check_device_is_fido2_with_hmac_secret(const char *path) {
                  return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                         "Failed to open FIDO2 device %s: %s", path, sym_fido_strerr(r));
  
-        r = verify_features(d, path, LOG_DEBUG, NULL, NULL, NULL, NULL);
-        if (r == -ENODEV) /* Not a FIDO2 device, or not implementing 'hmac-secret' */
+        r = verify_features(d, path, LOG_DEBUG, ret_has_rk, ret_has_client_pin, ret_has_up, ret_has_uv);
+        if (r == -ENODEV) { /* Not a FIDO2 device, or not implementing 'hmac-secret' */
+                *ret_has_rk = *ret_has_client_pin = *ret_has_up = *ret_has_uv = false;
                  return false;
+        }
          if (r < 0)
                  return r;
  
@@ -1125,7 +1134,7 @@ int fido2_list_devices(void) {
                  goto finish;
          }
  
-        t = table_new("path", "manufacturer", "product", "compatible");
+        t = table_new("path", "manufacturer", "product", "compatible", "rk", "clientpin", "up", "uv");
          if (!t) {
                  r = log_oom();
                  goto finish;
@@ -1133,6 +1142,7 @@ int fido2_list_devices(void) {
  
          for (size_t i = 0; i < found; i++) {
                  const fido_dev_info_t *entry;
+                bool has_rk, has_client_pin, has_up, has_uv;
  
                  entry = sym_fido_dev_info_ptr(di, i);
                  if (!entry) {
@@ -1141,7 +1151,7 @@ int fido2_list_devices(void) {
                          goto finish;
                  }
  
-                r = check_device_is_fido2_with_hmac_secret(sym_fido_dev_info_path(entry));
+                r = check_device_is_fido2_with_hmac_secret(sym_fido_dev_info_path(entry), &has_rk, &has_client_pin, &has_up, &has_uv);
                  if (r < 0)
                          goto finish;
                  bool compatible = r > 0;
@@ -1151,7 +1161,11 @@ int fido2_list_devices(void) {
                                  TABLE_PATH, sym_fido_dev_info_path(entry),
                                  TABLE_STRING, sym_fido_dev_info_manufacturer_string(entry),
                                  TABLE_STRING, sym_fido_dev_info_product_string(entry),
-                                TABLE_BOOLEAN_CHECKMARK, compatible);
+                                TABLE_BOOLEAN_CHECKMARK, compatible,
+                                TABLE_BOOLEAN_CHECKMARK, has_rk,
+                                TABLE_BOOLEAN_CHECKMARK, has_client_pin,
+                                TABLE_BOOLEAN_CHECKMARK, has_up,
+                                TABLE_BOOLEAN_CHECKMARK, has_uv);
                  if (r < 0) {
                          table_log_add_error(r);
                          goto finish;
@@ -1164,6 +1178,16 @@ int fido2_list_devices(void) {
                  goto finish;
          }
  
+        if (table_get_rows(t) > 1)
+                printf("\n"
+                       "%1$sLegend: RK        %2$s Resident key%3$s\n"
+                       "%1$s        CLIENTPIN %2$s PIN request%3$s\n"
+                       "%1$s        UP        %2$s User presence%3$s\n"
+                       "%1$s        UV        %2$s User verification%3$s\n",
+                       ansi_grey(),
+                       special_glyph(SPECIAL_GLYPH_ARROW_RIGHT),
+                       ansi_normal());
+
          r = 0;
  
  finish:
@@ -1214,7 +1238,12 @@ int fido2_find_device_auto(char **ret) {
                  goto finish;
          }
  
-        r = check_device_is_fido2_with_hmac_secret(sym_fido_dev_info_path(entry));
+        r = check_device_is_fido2_with_hmac_secret(
+                        sym_fido_dev_info_path(entry),
+                        /* ret_has_rk= */ NULL,
+                        /* ret_has_client_pin= */ NULL,
+                        /* ret_has_up= */ NULL,
+                        /* ret_has_uv= */ NULL);
          if (r < 0)
                  goto finish;
          if (!r) {
author	Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
	Wed, 11 Dec 2024 16:28:30 +0000 (17:28 +0100)
committer	Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
	Wed, 11 Dec 2024 16:28:30 +0000 (17:28 +0100)