cryptenroll: add new "systemd-cryptenroll" tool for enrolling FIDO2+PKCS#11 security tokens

author: Lennart Poettering <lennart@poettering.net> 2020-11-24 13:41:47 +0100
committer: Lennart Poettering <lennart@poettering.net> 2020-12-17 20:00:51 +0100
commit: 8710a6818e2ce15a5840b72b7b832f5745f22254 (patch)
tree: 1273ac6b010802f78d1e1d82e66fe2ebadaa6f99 /src/cryptenroll/cryptenroll-pkcs11.h
parent: cryptsetup: add fido2 support (diff)
download: systemd-8710a6818e2ce15a5840b72b7b832f5745f22254.tar.xz
systemd-8710a6818e2ce15a5840b72b7b832f5745f22254.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/src/cryptenroll/cryptenroll-pkcs11.h b/src/cryptenroll/cryptenroll-pkcs11.h
new file mode 100644
index 0000000000..b6d28bd92c
--- /dev/null
+++ b/src/cryptenroll/cryptenroll-pkcs11.h
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <sys/types.h>
+
+#include "cryptsetup-util.h"
+#include "log.h"
+
+#if HAVE_P11KIT && HAVE_OPENSSL
+int enroll_pkcs11(struct crypt_device *cd, const void *volume_key, size_t volume_key_size, const char *uri);
+#else
+static inline int enroll_pkcs11(struct crypt_device *cd, const void *volume_key, size_t volume_key_size, const char *uri) {
+        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                               "PKCS#11 key enrollment not supported.");
+}
+#endif
author	Lennart Poettering <lennart@poettering.net>	2020-11-24 13:41:47 +0100
committer	Lennart Poettering <lennart@poettering.net>	2020-12-17 20:00:51 +0100
commit	8710a6818e2ce15a5840b72b7b832f5745f22254 (patch)
tree	1273ac6b010802f78d1e1d82e66fe2ebadaa6f99 /src/cryptenroll/cryptenroll-pkcs11.h
parent	cryptsetup: add fido2 support (diff)
download	systemd-8710a6818e2ce15a5840b72b7b832f5745f22254.tar.xz systemd-8710a6818e2ce15a5840b72b7b832f5745f22254.zip