diff options
author | MkfsSion <mkfssion@mkfssion.com> | 2022-04-17 15:42:49 +0800 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2022-04-22 20:22:40 +0200 |
commit | 70e723c000e46e2304e54f8063572d7fa0cdad46 (patch) | |
tree | 462cd67a414dc0bce495d01f405ddbe60c0731fa /src/home | |
parent | 6dc18ca5ddd996ffbf83b42cb45f23496fe38c9d (diff) | |
download | systemd-70e723c000e46e2304e54f8063572d7fa0cdad46.tar.gz |
cryptenroll,homectl: Introduce --fido2-credential-algorithm option
* Some authenticators(like Yubikey) support credential algorithm other than ES256
* Introduce a new option so users can make use of it
Diffstat (limited to 'src/home')
-rw-r--r-- | src/home/homectl-fido2.c | 4 | ||||
-rw-r--r-- | src/home/homectl-fido2.h | 2 | ||||
-rw-r--r-- | src/home/homectl.c | 17 |
3 files changed, 19 insertions, 4 deletions
diff --git a/src/home/homectl-fido2.c b/src/home/homectl-fido2.c index d0457d8e29..61f0d081a3 100644 --- a/src/home/homectl-fido2.c +++ b/src/home/homectl-fido2.c @@ -118,7 +118,8 @@ static int add_fido2_salt( int identity_add_fido2_parameters( JsonVariant **v, const char *device, - Fido2EnrollFlags lock_with) { + Fido2EnrollFlags lock_with, + int cred_alg) { #if HAVE_LIBFIDO2 JsonVariant *un, *realm, *rn; @@ -165,6 +166,7 @@ int identity_add_fido2_parameters( /* user_icon_name= */ NULL, /* askpw_icon_name= */ "user-home", lock_with, + cred_alg, &cid, &cid_size, &salt, &salt_size, &secret, &secret_size, diff --git a/src/home/homectl-fido2.h b/src/home/homectl-fido2.h index 5087069c3c..558c6747d9 100644 --- a/src/home/homectl-fido2.h +++ b/src/home/homectl-fido2.h @@ -4,4 +4,4 @@ #include "json.h" #include "libfido2-util.h" -int identity_add_fido2_parameters(JsonVariant **v, const char *device, Fido2EnrollFlags lock_with); +int identity_add_fido2_parameters(JsonVariant **v, const char *device, Fido2EnrollFlags lock_with, int cred_alg); diff --git a/src/home/homectl.c b/src/home/homectl.c index f0d1dac6ab..56f6096769 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -61,6 +61,11 @@ static uint64_t arg_disk_size_relative = UINT64_MAX; static char **arg_pkcs11_token_uri = NULL; static char **arg_fido2_device = NULL; static Fido2EnrollFlags arg_fido2_lock_with = FIDO2ENROLL_PIN | FIDO2ENROLL_UP; +#if HAVE_LIBFIDO2 +static int arg_fido2_cred_alg = COSE_ES256; +#else +static int arg_fido2_cred_alg = 0; +#endif static bool arg_recovery_key = false; static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF; static bool arg_and_resize = false; @@ -1114,7 +1119,7 @@ static int acquire_new_home_record(UserRecord **ret) { } STRV_FOREACH(i, arg_fido2_device) { - r = identity_add_fido2_parameters(&v, *i, arg_fido2_lock_with); + r = identity_add_fido2_parameters(&v, *i, arg_fido2_lock_with, arg_fido2_cred_alg); if (r < 0) return r; } @@ -1473,7 +1478,7 @@ static int acquire_updated_home_record( } STRV_FOREACH(i, arg_fido2_device) { - r = identity_add_fido2_parameters(&json, *i, arg_fido2_lock_with); + r = identity_add_fido2_parameters(&json, *i, arg_fido2_lock_with, arg_fido2_cred_alg); if (r < 0) return r; } @@ -2387,6 +2392,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_LUKS_EXTRA_MOUNT_OPTIONS, ARG_AUTO_RESIZE_MODE, ARG_REBALANCE_WEIGHT, + ARG_FIDO2_CRED_ALG, }; static const struct option options[] = { @@ -2463,6 +2469,7 @@ static int parse_argv(int argc, char *argv[]) { { "json", required_argument, NULL, ARG_JSON }, { "export-format", required_argument, NULL, ARG_EXPORT_FORMAT }, { "pkcs11-token-uri", required_argument, NULL, ARG_PKCS11_TOKEN_URI }, + { "fido2-credential-algorithm", required_argument, NULL, ARG_FIDO2_CRED_ALG }, { "fido2-device", required_argument, NULL, ARG_FIDO2_DEVICE }, { "fido2-with-client-pin", required_argument, NULL, ARG_FIDO2_WITH_PIN }, { "fido2-with-user-presence", required_argument, NULL, ARG_FIDO2_WITH_UP }, @@ -3485,6 +3492,12 @@ static int parse_argv(int argc, char *argv[]) { strv_uniq(arg_pkcs11_token_uri); break; + case ARG_FIDO2_CRED_ALG: + r = parse_fido2_algorithm(optarg, &arg_fido2_cred_alg); + if (r < 0) + return log_error_errno(r, "Failed to parse COSE algorithm: %s", optarg); + break; + case ARG_FIDO2_DEVICE: if (streq(optarg, "list")) return fido2_list_devices(); |