2 * Copyright (c) 2019 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
5 * SPDX-License-Identifier: BSD-2-Clause
9 #include <fido/credman.h>
18 #include "../openbsd-compat/openbsd-compat.h"
22 credman_get_metadata(fido_dev_t *dev, const char *path)
24 fido_credman_metadata_t *metadata = NULL;
28 if ((metadata = fido_credman_metadata_new()) == NULL) {
29 warnx("fido_credman_metadata_new");
32 if ((r = fido_credman_get_dev_metadata(dev, metadata,
33 NULL)) != FIDO_OK && should_retry_with_pin(dev, r)) {
34 if ((pin = get_pin(path)) == NULL)
36 r = fido_credman_get_dev_metadata(dev, metadata, pin);
37 freezero(pin, PINBUF_LEN);
41 warnx("fido_credman_get_dev_metadata: %s", fido_strerr(r));
45 printf("existing rk(s): %u\n",
46 (unsigned)fido_credman_rk_existing(metadata));
47 printf("remaining rk(s): %u\n",
48 (unsigned)fido_credman_rk_remaining(metadata));
52 fido_credman_metadata_free(&metadata);
60 print_rp(fido_credman_rp_t *rp, size_t idx)
62 char *rp_id_hash = NULL;
64 if (base64_encode(fido_credman_rp_id_hash_ptr(rp, idx),
65 fido_credman_rp_id_hash_len(rp, idx), &rp_id_hash) < 0) {
66 warnx("output error");
69 printf("%02u: %s %s\n", (unsigned)idx, rp_id_hash,
70 fido_credman_rp_id(rp, idx));
77 credman_list_rp(const char *path)
79 fido_credman_rp_t *rp = NULL;
80 fido_dev_t *dev = NULL;
85 if ((rp = fido_credman_rp_new()) == NULL) {
86 warnx("fido_credman_rp_new");
89 if ((r = fido_credman_get_dev_rp(dev, rp, NULL)) != FIDO_OK &&
90 should_retry_with_pin(dev, r)) {
91 if ((pin = get_pin(path)) == NULL)
93 r = fido_credman_get_dev_rp(dev, rp, pin);
94 freezero(pin, PINBUF_LEN);
98 warnx("fido_credman_get_dev_rp: %s", fido_strerr(r));
101 for (size_t i = 0; i < fido_credman_rp_count(rp); i++)
102 if (print_rp(rp, i) < 0)
107 fido_credman_rp_free(&rp);
115 print_rk(const fido_credman_rk_t *rk, size_t idx)
117 const fido_cred_t *cred;
119 char *user_id = NULL;
123 if ((cred = fido_credman_rk(rk, idx)) == NULL) {
124 warnx("fido_credman_rk");
127 if (base64_encode(fido_cred_id_ptr(cred), fido_cred_id_len(cred),
128 &id) < 0 || base64_encode(fido_cred_user_id_ptr(cred),
129 fido_cred_user_id_len(cred), &user_id) < 0) {
130 warnx("output error");
134 type = cose_string(fido_cred_type(cred));
135 prot = prot_string(fido_cred_prot(cred));
137 printf("%02u: %s %s %s %s %s\n", (unsigned)idx, id,
138 fido_cred_display_name(cred), user_id, type, prot);
147 credman_list_rk(const char *path, const char *rp_id)
149 fido_dev_t *dev = NULL;
150 fido_credman_rk_t *rk = NULL;
154 dev = open_dev(path);
155 if ((rk = fido_credman_rk_new()) == NULL) {
156 warnx("fido_credman_rk_new");
159 if ((r = fido_credman_get_dev_rk(dev, rp_id, rk, NULL)) != FIDO_OK &&
160 should_retry_with_pin(dev, r)) {
161 if ((pin = get_pin(path)) == NULL)
163 r = fido_credman_get_dev_rk(dev, rp_id, rk, pin);
164 freezero(pin, PINBUF_LEN);
168 warnx("fido_credman_get_dev_rk: %s", fido_strerr(r));
171 for (size_t i = 0; i < fido_credman_rk_count(rk); i++)
172 if (print_rk(rk, i) < 0)
177 fido_credman_rk_free(&rk);
185 credman_print_rk(fido_dev_t *dev, const char *path, const char *rp_id,
188 fido_credman_rk_t *rk = NULL;
189 const fido_cred_t *cred = NULL;
191 void *cred_id_ptr = NULL;
192 size_t cred_id_len = 0;
195 if ((rk = fido_credman_rk_new()) == NULL) {
196 warnx("fido_credman_rk_new");
199 if (base64_decode(cred_id, &cred_id_ptr, &cred_id_len) < 0) {
200 warnx("base64_decode");
203 if ((r = fido_credman_get_dev_rk(dev, rp_id, rk, NULL)) != FIDO_OK &&
204 should_retry_with_pin(dev, r)) {
205 if ((pin = get_pin(path)) == NULL)
207 r = fido_credman_get_dev_rk(dev, rp_id, rk, pin);
208 freezero(pin, PINBUF_LEN);
212 warnx("fido_credman_get_dev_rk: %s", fido_strerr(r));
216 for (size_t i = 0; i < fido_credman_rk_count(rk); i++) {
217 if ((cred = fido_credman_rk(rk, i)) == NULL ||
218 fido_cred_id_ptr(cred) == NULL) {
219 warnx("output error");
222 if (cred_id_len != fido_cred_id_len(cred) ||
223 memcmp(cred_id_ptr, fido_cred_id_ptr(cred), cred_id_len))
225 print_cred(stdout, fido_cred_type(cred), cred);
230 warnx("credential not found");
233 fido_credman_rk_free(&rk);
241 credman_delete_rk(const char *path, const char *id)
243 fido_dev_t *dev = NULL;
249 dev = open_dev(path);
250 if (base64_decode(id, &id_ptr, &id_len) < 0) {
251 warnx("base64_decode");
254 if ((r = fido_credman_del_dev_rk(dev, id_ptr, id_len,
255 NULL)) != FIDO_OK && should_retry_with_pin(dev, r)) {
256 if ((pin = get_pin(path)) == NULL)
258 r = fido_credman_del_dev_rk(dev, id_ptr, id_len, pin);
259 freezero(pin, PINBUF_LEN);
263 warnx("fido_credman_del_dev_rk: %s", fido_strerr(r));
277 credman_update_rk(const char *path, const char *user_id, const char *cred_id,
278 const char *name, const char *display_name)
280 fido_dev_t *dev = NULL;
281 fido_cred_t *cred = NULL;
283 void *user_id_ptr = NULL;
284 void *cred_id_ptr = NULL;
285 size_t user_id_len = 0;
286 size_t cred_id_len = 0;
289 dev = open_dev(path);
290 if (base64_decode(user_id, &user_id_ptr, &user_id_len) < 0 ||
291 base64_decode(cred_id, &cred_id_ptr, &cred_id_len) < 0) {
292 warnx("base64_decode");
295 if ((cred = fido_cred_new()) == NULL) {
296 warnx("fido_cred_new");
299 if ((r = fido_cred_set_id(cred, cred_id_ptr, cred_id_len)) != FIDO_OK) {
300 warnx("fido_cred_set_id: %s", fido_strerr(r));
303 if ((r = fido_cred_set_user(cred, user_id_ptr, user_id_len, name,
304 display_name, NULL)) != FIDO_OK) {
305 warnx("fido_cred_set_user: %s", fido_strerr(r));
308 if ((r = fido_credman_set_dev_rk(dev, cred, NULL)) != FIDO_OK &&
309 should_retry_with_pin(dev, r)) {
310 if ((pin = get_pin(path)) == NULL)
312 r = fido_credman_set_dev_rk(dev, cred, pin);
313 freezero(pin, PINBUF_LEN);
317 warnx("fido_credman_set_dev_rk: %s", fido_strerr(r));
327 fido_cred_free(&cred);