diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-08-29 21:36:05 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-08-30 10:35:44 +0200 |
| commit | 9407fe6c3d0f371f5c208b7c1c394116c301f735 (patch) | |
| tree | f116dc38ae34f95066fb0823850e80ed3dc0013c | |
| parent | update TODO (diff) | |
| download | systemd-9407fe6c3d0f371f5c208b7c1c394116c301f735.tar.xz systemd-9407fe6c3d0f371f5c208b7c1c394116c301f735.zip | |
treewide: use sd_json_variant_un{hex|base64}() pervasively
Use these helpers whenever appropriate. Drop separate string checks,
since these helpers already do them anyway.
No actual code change, just a rework to make use of a nice helper we
have already.
| -rw-r--r-- | src/cryptenroll/cryptenroll-tpm2.c | 7 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-pkcs11.c | 6 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c | 8 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c | 4 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c | 8 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-tokens/luks2-fido2.c | 4 | ||||
| -rw-r--r-- | src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c | 2 | ||||
| -rw-r--r-- | src/shared/cryptsetup-fido2.c | 13 | ||||
| -rw-r--r-- | src/shared/dissect-image.c | 8 | ||||
| -rw-r--r-- | src/shared/user-record.c | 20 |
10 files changed, 31 insertions, 49 deletions
diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c index 85eec177ad..152549a155 100644 --- a/src/cryptenroll/cryptenroll-tpm2.c +++ b/src/cryptenroll/cryptenroll-tpm2.c @@ -51,14 +51,13 @@ static int search_policy_hash( } w = sd_json_variant_by_key(v, "tpm2-policy-hash"); - if (!w || !sd_json_variant_is_string(w)) + if (!w) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 token data lacks 'tpm2-policy-hash' field."); - r = unhexmem(sd_json_variant_string(w), &thash, &thash_size); + r = sd_json_variant_unhex(w, &thash, &thash_size); if (r < 0) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Invalid base64 data in 'tpm2-policy-hash' field."); + return log_error_errno(r, "Invalid base64 data in 'tpm2-policy-hash' field: %m"); if (memcmp_nn(hash, hash_size, thash, thash_size) == 0) return keyslot; /* Found entry with same hash. */ diff --git a/src/cryptsetup/cryptsetup-pkcs11.c b/src/cryptsetup/cryptsetup-pkcs11.c index c8008533f3..3443b8f585 100644 --- a/src/cryptsetup/cryptsetup-pkcs11.c +++ b/src/cryptsetup/cryptsetup-pkcs11.c @@ -148,15 +148,15 @@ int find_pkcs11_auto_data( "PKCS#11 token data contains invalid PKCS#11 URI."); w = sd_json_variant_by_key(v, "pkcs11-key"); - if (!w || !sd_json_variant_is_string(w)) + if (!w) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "PKCS#11 token data lacks 'pkcs11-key' field."); assert(!key); assert(key_size == 0); - r = unbase64mem(sd_json_variant_string(w), &key, &key_size); + r = sd_json_variant_unbase64(w, &key, &key_size); if (r < 0) - return log_error_errno(r, "Failed to decode base64 encoded key."); + return log_error_errno(r, "Failed to decode base64 encoded key: %m"); } if (!uri) diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c index 50e2ea755f..9e94c974c9 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c @@ -167,22 +167,22 @@ _public_ int cryptsetup_token_validate( return crypt_log_debug_errno(cd, r, "Could not parse " TOKEN_NAME " json object: %m."); w = sd_json_variant_by_key(v, "fido2-credential"); - if (!w || !sd_json_variant_is_string(w)) { + if (!w) { crypt_log_debug(cd, "FIDO2 token data lacks 'fido2-credential' field."); return 1; } - r = unbase64mem(sd_json_variant_string(w), NULL, NULL); + r = sd_json_variant_unbase64(w, NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'fido2-credential' field: %m"); w = sd_json_variant_by_key(v, "fido2-salt"); - if (!w || !sd_json_variant_is_string(w)) { + if (!w) { crypt_log_debug(cd, "FIDO2 token data lacks 'fido2-salt' field."); return 1; } - r = unbase64mem(sd_json_variant_string(w), NULL, NULL); + r = sd_json_variant_unbase64(w, NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded salt: %m."); diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c index 1a8dd67673..07c95fece2 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c @@ -132,12 +132,12 @@ _public_ int cryptsetup_token_validate( } w = sd_json_variant_by_key(v, "pkcs11-key"); - if (!w || !sd_json_variant_is_string(w)) { + if (!w) { crypt_log_debug(cd, "PKCS#11 token data lacks 'pkcs11-key' field."); return 1; } - r = unbase64mem(sd_json_variant_string(w), NULL, NULL); + r = sd_json_variant_unbase64(w, NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m."); diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c index 8fec7111f4..340d7f7736 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c @@ -308,22 +308,22 @@ _public_ int cryptsetup_token_validate( } w = sd_json_variant_by_key(v, "tpm2-blob"); - if (!w || !sd_json_variant_is_string(w)) { + if (!w) { crypt_log_debug(cd, "TPM2 token data lacks 'tpm2-blob' field."); return 1; } - r = unbase64mem(sd_json_variant_string(w), NULL, NULL); + r = sd_json_variant_unbase64(w, NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-blob' field: %m"); w = sd_json_variant_by_key(v, "tpm2-policy-hash"); - if (!w || !sd_json_variant_is_string(w)) { + if (!w) { crypt_log_debug(cd, "TPM2 token data lacks 'tpm2-policy-hash' field."); return 1; } - r = unhexmem(sd_json_variant_string(w), NULL, NULL); + r = sd_json_variant_unhex(w, NULL, NULL); if (r < 0) return crypt_log_debug_errno(cd, r, "Invalid base64 data in 'tpm2-policy-hash' field: %m"); diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c b/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c index c68c3259e2..67714af690 100644 --- a/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c +++ b/src/cryptsetup/cryptsetup-tokens/luks2-fido2.c @@ -104,7 +104,7 @@ int parse_luks2_fido2_data( if (!w) return -EINVAL; - r = unbase64mem(sd_json_variant_string(w), &cid, &cid_size); + r = sd_json_variant_unbase64(w, &cid, &cid_size); if (r < 0) return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-credentials' field: %m"); @@ -112,7 +112,7 @@ int parse_luks2_fido2_data( if (!w) return -EINVAL; - r = unbase64mem(sd_json_variant_string(w), &salt, &salt_size); + r = sd_json_variant_unbase64(w, &salt, &salt_size); if (r < 0) return crypt_log_error_errno(cd, r, "Failed to parse 'fido2-salt' field: %m"); diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c index c32f1634a0..1f1d9e48d4 100644 --- a/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c +++ b/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c @@ -261,7 +261,7 @@ int parse_luks2_pkcs11_data( if (!w) return -EINVAL; - r = unbase64mem(sd_json_variant_string(w), &key, &key_size); + r = sd_json_variant_unbase64(w, &key, &key_size); if (r < 0) return crypt_log_debug_errno(cd, r, "Failed to decode base64 encoded key: %m."); diff --git a/src/shared/cryptsetup-fido2.c b/src/shared/cryptsetup-fido2.c index 8a5d42baba..9ac728594a 100644 --- a/src/shared/cryptsetup-fido2.c +++ b/src/shared/cryptsetup-fido2.c @@ -174,25 +174,24 @@ int acquire_fido2_key_auto( } w = sd_json_variant_by_key(v, "fido2-credential"); - if (!w || !sd_json_variant_is_string(w)) + if (!w) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "FIDO2 token data lacks 'fido2-credential' field."); - r = unbase64mem(sd_json_variant_string(w), &cid, &cid_size); + r = sd_json_variant_unbase64(w, &cid, &cid_size); if (r < 0) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Invalid base64 data in 'fido2-credential' field."); + return log_error_errno(r, "Invalid base64 data in 'fido2-credential' field: %m"); w = sd_json_variant_by_key(v, "fido2-salt"); - if (!w || !sd_json_variant_is_string(w)) + if (!w) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "FIDO2 token data lacks 'fido2-salt' field."); assert(!salt); assert(salt_size == 0); - r = unbase64mem(sd_json_variant_string(w), &salt, &salt_size); + r = sd_json_variant_unbase64(w, &salt, &salt_size); if (r < 0) - return log_error_errno(r, "Failed to decode base64 encoded salt."); + return log_error_errno(r, "Failed to decode base64 encoded salt: %m"); w = sd_json_variant_by_key(v, "fido2-rp"); if (w) { diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index ef730103b5..b84924ad8d 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -3405,10 +3405,8 @@ int dissected_image_load_verity_sig_partition( rh = sd_json_variant_by_key(v, "rootHash"); if (!rh) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Signature JSON object lacks 'rootHash' field."); - if (!sd_json_variant_is_string(rh)) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'rootHash' field of signature JSON object is not a string."); - r = unhexmem(sd_json_variant_string(rh), &root_hash, &root_hash_size); + r = sd_json_variant_unhex(rh, &root_hash, &root_hash_size); if (r < 0) return log_debug_errno(r, "Failed to parse root hash field: %m"); @@ -3426,10 +3424,8 @@ int dissected_image_load_verity_sig_partition( sig = sd_json_variant_by_key(v, "signature"); if (!sig) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Signature JSON object lacks 'signature' field."); - if (!sd_json_variant_is_string(sig)) - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'signature' field of signature JSON object is not a string."); - r = unbase64mem(sd_json_variant_string(sig), &root_hash_sig, &root_hash_sig_size); + r = sd_json_variant_unbase64(sig, &root_hash_sig, &root_hash_sig_size); if (r < 0) return log_debug_errno(r, "Failed to parse signature field: %m"); diff --git a/src/shared/user-record.c b/src/shared/user-record.c index dccf455ba5..d6752f1c7b 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -752,10 +752,7 @@ static int dispatch_pkcs11_key_data(const char *name, sd_json_variant *variant, return 0; } - if (!sd_json_variant_is_string(variant)) - return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); - - r = unbase64mem(sd_json_variant_string(variant), &b, &l); + r = sd_json_variant_unbase64(variant, &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m"); @@ -819,10 +816,7 @@ static int dispatch_fido2_hmac_credential(const char *name, sd_json_variant *var return 0; } - if (!sd_json_variant_is_string(variant)) - return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); - - r = unbase64mem(sd_json_variant_string(variant), &b, &l); + r = sd_json_variant_unbase64(variant, &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m"); @@ -845,14 +839,11 @@ static int dispatch_fido2_hmac_credential_array(const char *name, sd_json_varian size_t l; void *b; - if (!sd_json_variant_is_string(e)) - return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string."); - array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential)); if (!array) return log_oom(); - r = unbase64mem(sd_json_variant_string(e), &b, &l); + r = sd_json_variant_unbase64(e, &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m"); @@ -879,10 +870,7 @@ static int dispatch_fido2_hmac_salt_value(const char *name, sd_json_variant *var return 0; } - if (!sd_json_variant_is_string(variant)) - return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); - - r = unbase64mem(sd_json_variant_string(variant), &b, &l); + r = sd_json_variant_unbase64(variant, &b, &l); if (r < 0) return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m"); |