1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
6 #include "homework-fido2.h"
7 #include "libfido2-util.h"
8 #include "memory-util.h"
14 const Fido2HmacSalt
*salt
,
17 _cleanup_(erase_and_freep
) void *hmac
= NULL
;
19 Fido2EnrollFlags flags
= 0;
28 /* If we know the up/uv/clientPin settings used during enrollment, let's pass this on for
29 * authentication, or generate errors immediately if interactivity of the specified kind is not
33 if (h
->fido2_user_presence_permitted
<= 0)
36 flags
|= FIDO2ENROLL_UP
;
37 } else if (salt
->up
< 0) /* unset? */
38 flags
|= FIDO2ENROLL_UP_IF_NEEDED
; /* compat with pre-248 */
41 if (h
->fido2_user_verification_permitted
<= 0)
44 flags
|= FIDO2ENROLL_UV
;
45 } else if (salt
->uv
< 0)
46 flags
|= FIDO2ENROLL_UV_OMIT
; /* compat with pre-248 */
48 if (salt
->client_pin
> 0) {
50 if (strv_isempty(secret
->token_pin
))
53 flags
|= FIDO2ENROLL_PIN
;
54 } else if (salt
->client_pin
< 0)
55 flags
|= FIDO2ENROLL_PIN_IF_NEEDED
; /* compat with pre-248 */
57 r
= fido2_use_hmac_hash(
60 salt
->salt
, salt
->salt_size
,
61 salt
->credential
.id
, salt
->credential
.size
,
69 ss
= base64mem(hmac
, hmac_size
, ret
);
71 return log_error_errno(ss
, "Failed to base64 encode HMAC secret: %m");