src/util/authtok-utils.h

bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose/*
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   SSSD - auth utils helpers
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   Copyright (C) Sumit Bose <simo@redhat.com> 2015
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   This program is free software; you can redistribute it and/or modify
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   it under the terms of the GNU General Public License as published by
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   the Free Software Foundation; either version 3 of the License, or
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   (at your option) any later version.
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   This program is distributed in the hope that it will be useful,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   but WITHOUT ANY WARRANTY; without even the implied warranty of
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   GNU General Public License for more details.
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   You should have received a copy of the GNU General Public License
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose   along with this program.  If not, see <http://www.gnu.org/licenses/>.
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose*/
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose#ifndef __AUTHTOK_UTILS_H__
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose#define __AUTHTOK_UTILS_H__
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose#include <talloc.h>
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose#include "sss_client/sss_cli.h"
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose/**
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @brief Fill memory buffer with Smartcard authentication blob
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  pin         PIN, null terminated
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  pin_len     Length of the PIN, if 0
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *                         strlen() will be called internally
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  token_name  Token name, null terminated
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  token_name_len     Length of the token name, if 0
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *                         strlen() will be called internally
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  module_name Name of PKCS#11 module, null terminated
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  module_name_len     Length of the module name, if 0
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *                         strlen() will be called internally
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  key_id      Key ID of the certificate
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  key_id_len  Length of the key id of the certificate, if 0
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *                         strlen() will be called internally
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  buf         memory buffer of size buf_len, may be NULL
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  buf_len     size of memory buffer buf
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[out] _sc_blob    len size of the Smartcard authentication blob
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @return     EOK         on success
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *             EINVAL      if input data is not consistent
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *             EAGAIN      if provided buffer is too small, _sc_blob_len
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *                         contains the size needed to store the SC blob
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose */
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Boseerrno_t sss_auth_pack_sc_blob(const char *pin, size_t pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                              const char *token_name, size_t token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                              const char *module_name, size_t module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                              const char *key_id, size_t key_id_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                              uint8_t *buf, size_t buf_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                              size_t *_sc_blob_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose/**
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @brief Fill memory buffer with 2FA blob
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  fa1       First authentication factor, null terminated
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  fa1_len   Length of the first authentication factor, if 0
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *                       strlen() will be called internally
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  fa2       Second authentication factor, null terminated
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  fa2_len   Length of the second authentication factor, if 0
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *                       strlen() will be called internally
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  buf       memory buffer of size buf_len
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  buf_len   size of memory buffer buf
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[out] _2fa_blob_len size of the 2FA blob
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @return     EOK       on success
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *             EINVAL    if input data is not consistent
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *             EAGAIN    if provided buffer is too small, _2fa_blob_len
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *                       contains the size needed to store the 2FA blob
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose */
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_auth_pack_2fa_blob(const char *fa1, size_t fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                               const char *fa2, size_t fa2_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                               uint8_t *buf, size_t buf_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                               size_t *_2fa_blob_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose/**
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @brief Extract 2FA data from memory buffer
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  mem_ctx   Talloc memory context to allocate the 2FA data on
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  blob      Memory buffer containing the 2FA data
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[in]  blob_len  Size of the memory buffer
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[out] _fa1      First authentication factor, null terminated
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[out] _fa1_len  Length of the first authentication factor
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[out] _fa2      Second authentication factor, null terminated
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @param[out] _fa2_len  Length of the second authentication factor
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose * @return     EOK       on success
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *             EINVAL    if input data is not consistent
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *             EINVAL    if no memory can be allocated
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose */
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_auth_unpack_2fa_blob(TALLOC_CTX *mem_ctx,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 const uint8_t *blob, size_t blob_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 char **fa1, size_t *_fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 char **fa2, size_t *_fa2_len);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose/**
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @brief Extract SC data from memory buffer
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  mem_ctx           Talloc memory context to allocate the 2FA
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *                               data on
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  blob              Memory buffer containing the 2FA data
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[in]  blob_len          Size of the memory buffer
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[out] _pin              PIN, null terminated
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[out] _pin_len          Length of the PIN
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[out] _token_name       Token name, null terminated
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[out] _token_name_len   Length of the token name
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[out] _module_name      Name of PKCS#11 module, null terminated
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @param[out] _module_name_len  Length of the module name
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose * @return     EOK       on success
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *             EINVAL    if input data is not consistent
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *             EINVAL    if no memory can be allocated
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose */
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Boseerrno_t sss_auth_unpack_sc_blob(TALLOC_CTX *mem_ctx,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                                 const uint8_t *blob, size_t blob_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                                 char **pin, size_t *_pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                                 char **token_name, size_t *_token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                                 char **module_name, size_t *_module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose                                 char **key_id, size_t *_key_id_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose#endif /*  __AUTHTOK_UTILS_H__ */