diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2023-08-26 13:07:32 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2023-08-29 16:06:47 +0200 |
commit | b5c27ebca449c41fbd8a4e37ade98e963c370dd3 (patch) | |
tree | b7603a73780afe669f15f6e2614b52b6861020c3 | |
parent | sd-id128: export sd_id128_get_app_specific() (diff) | |
download | systemd-b5c27ebca449c41fbd8a4e37ade98e963c370dd3.tar.xz systemd-b5c27ebca449c41fbd8a4e37ade98e963c370dd3.zip |
man: document sd_id128_get_app_specific
-rw-r--r-- | man/rules/meson.build | 3 | ||||
-rw-r--r-- | man/sd_id128_get_machine.xml | 41 |
2 files changed, 31 insertions, 13 deletions
diff --git a/man/rules/meson.build b/man/rules/meson.build index eaaf4adb1b..2884cc32b4 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -672,7 +672,8 @@ manpages = [ ''], ['sd_id128_get_machine', '3', - ['sd_id128_get_boot', + ['sd_id128_get_app_specific', + 'sd_id128_get_boot', 'sd_id128_get_boot_app_specific', 'sd_id128_get_invocation', 'sd_id128_get_machine_app_specific'], diff --git a/man/sd_id128_get_machine.xml b/man/sd_id128_get_machine.xml index 40b9b6f582..fc13ae50f4 100644 --- a/man/sd_id128_get_machine.xml +++ b/man/sd_id128_get_machine.xml @@ -17,6 +17,7 @@ <refnamediv> <refname>sd_id128_get_machine</refname> + <refname>sd_id128_get_app_specific</refname> <refname>sd_id128_get_machine_app_specific</refname> <refname>sd_id128_get_boot</refname> <refname>sd_id128_get_boot_app_specific</refname> @@ -34,6 +35,13 @@ </funcprototype> <funcprototype> + <funcdef>int <function>sd_id128_get_app_specific</function></funcdef> + <paramdef>sd_id128_t <parameter>base</parameter></paramdef> + <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef> + <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> + </funcprototype> + + <funcprototype> <funcdef>int <function>sd_id128_get_machine_app_specific</function></funcdef> <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef> <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> @@ -69,16 +77,25 @@ ID from this machine ID, in an irreversible (cryptographically secure) way. To make this easy <function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para> + <para><function>sd_id128_get_app_specific()</function> returns a machine ID that is a combination of the + <parameter>base</parameter> and <parameter>app_id</parameter> parameters. Internally, this function + calculates HMAC-SHA256 of the <parameter>app_id</parameter> parameter keyed by the + <parameter>base</parameter> parameter, and truncates this result to fit in + <structname>sd_id128_t</structname> and turns it into a valid Variant 1 Version 4 UUID, in accordance + with <ulink url="https://tools.ietf.org/html/rfc4122">RFC 4122</ulink>. Neither of the two input + parameters can be calculated from the output parameter <parameter>ret</parameter>.</para> + <para><function>sd_id128_get_machine_app_specific()</function> is similar to - <function>sd_id128_get_machine()</function>, but retrieves a machine ID that is specific to the application that is - identified by the indicated application ID. It is recommended to use this function instead of - <function>sd_id128_get_machine()</function> when passing an ID to untrusted environments, in order to make sure - that the original machine ID may not be determined externally. This way, the ID used by the application remains - stable on a given machine, but cannot be easily correlated with IDs used in other applications on the same - machine. The application-specific ID should be generated via a tool like <command>systemd-id128 new</command>, - and may be compiled into the application. This function will return the same application-specific ID for each - combination of machine ID and application ID. Internally, this function calculates HMAC-SHA256 of the application - ID, keyed by the machine ID.</para> + <function>sd_id128_get_machine()</function>, but retrieves a machine ID that is specific to the + application that is identified by the indicated application ID. It is recommended to use this function + instead of <function>sd_id128_get_machine()</function> when passing an ID to untrusted environments, in + order to make sure that the original machine ID may not be determined externally. This way, the ID used + by the application remains stable on a given machine, but cannot be easily correlated with IDs used in + other applications on the same machine. The application-specific ID should be generated via a tool like + <command>systemd-id128 new</command>, and may be compiled into the application. This function will return + the same application-specific ID for each combination of machine ID and application ID. Internally, this + function calls <function>sd_id128_get_app_specific()</function> with the result from + <function>sd_id128_get_machine()</function> and the <parameter>app_id</parameter> parameter.</para> <para><function>sd_id128_get_boot()</function> returns the boot ID of the executing kernel. This reads and parses the <filename>/proc/sys/kernel/random/boot_id</filename> file exposed by the kernel. It is randomly generated early @@ -89,9 +106,9 @@ derive an application specific ID using <function>sd_id128_get_boot_app_specific()</function>, see below.</para> <para><function>sd_id128_get_boot_app_specific()</function> is analogous to - <function>sd_id128_get_machine_app_specific()</function> but returns an ID that changes between boots. Some - machines may be used for a long time without rebooting, hence the boot ID may remain constant for a long time, and - has properties similar to the machine ID during that time.</para> + <function>sd_id128_get_machine_app_specific()</function>, but returns an ID that changes between + boots. Some machines may be used for a long time without rebooting, hence the boot ID may remain constant + for a long time, and has properties similar to the machine ID during that time.</para> <para><function>sd_id128_get_invocation()</function> returns the invocation ID of the currently executed service. In its current implementation, this tries to read and parse the following: |