summaryrefslogtreecommitdiffstats
path: root/src/shared/pkcs11-util.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add support for systemd-pkcs11 libcryptsetup plugin.Ondrej Kozina2021-08-191-0/+6
| | | | | | | | | | | Add support for systemd-pkcs11 based LUKS2 device activation via libcryptsetup plugin. This make the feature (pkcs11 sealed LUKS2 keyslot passphrase) usable from both systemd utilities and cryptsetup cli. The feature is configured via -Dlibcryptsetup-plugins combo with default value set to 'auto'. It get's enabled automatically when cryptsetup 2.4.0 or later is installed in build system.
* pkcs11-util: split pkcs11_token_login functionOndrej Kozina2021-08-191-0/+1
| | | | | | | | | | Future systemd-pkcs11 plugin requires unlock via single call with supplied pin. To reduce needless code duplication in plugin itself split original pkcs_11_token_login call in two calls: new pkcs11_token_login_by_pin and the former where loop for retrying via PIN query callback remains.
* cryptsetup-pkcs11: move pkcs11_callback and data in shared utils.Ondrej Kozina2021-08-191-0/+22
| | | | | To be used later by both (future) systemd-pkcs11 libcryptsetup plugin and cryptsetup-pkcs11.
* cryptsetup: add 'headless' parameter to skip password/pin queryLuca Boccassi2021-05-071-1/+1
| | | | | | On headless setups, in case other methods fail, asking for a password/pin is not useful as there are no users on the terminal, and generates unwanted noise. Add a parameter to /etc/crypttab to skip it.
* ask-password: when querying for a password, try to read from credential ↵Lennart Poettering2021-03-261-1/+1
| | | | | | | | | | | | store first This adds generic support for the SetCredential=/LoadCredential= logic to our password querying infrastructure: if a password is requested by a program that has a credential store configured via $CREDENTIALS_DIRECTORY we'll look in it for a password. The "systemd-ask-password" tool is updated with an option to specify the credential to look for.
* tree-wide: reset the cleaned-up variable in cleanup functionsZbigniew Jędrzejewski-Szmek2021-02-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the cleanup function returns the appropriate type, use that to reset the variable. For other functions (usually the foreign ones which return void), add an explicit value to reset to. This causes a bit of code churn, but I think it might be worth it. In a following patch static destructors will be called from a fuzzer, and this change allows them to be called multiple times. But I think such a change might help with detecting unitialized code reuse too. We hit various bugs like this, and things are more obvious when a pointer has been set to NULL. I was worried whether this change increases text size, but it doesn't seem to: -Dbuildtype=debug: before "tree-wide: return NULL from freeing functions": -rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0* -rwxrwxr-x 1 zbyszek zbyszek 4494520 Feb 16 15:06 build/systemd* after "tree-wide: return NULL from freeing functions": -rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0* -rwxrwxr-x 1 zbyszek zbyszek 4494576 Feb 16 15:10 build/systemd* now: -rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0* -rwxrwxr-x 1 zbyszek zbyszek 4494640 Feb 16 15:15 build/systemd* -Dbuildtype=release: before "tree-wide: return NULL from freeing functions": -rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0* -rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:09 build-rawhide/systemd* after "tree-wide: return NULL from freeing functions": -rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0* -rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:10 build-rawhide/systemd* now: -rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0* -rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:16 build-rawhide/systemd* I would expect that the compiler would be able to elide the setting of a variable if the variable is never used again. And this seems to be the case: in optimized builds there is no change in size whatsoever. And the change in size in unoptimized build is negligible. Something strange is happening with size of libsystemd: it's bigger in optimized builds. Something to figure out, but unrelated to this patch.
* homed: move code to list and resolve "auto" pkcs#11 URL into common codeLennart Poettering2020-12-171-0/+3
| | | | That way we can reuse it from systemd-cryptenroll.
* homed: move pkcs11 LUKS glue into shared codeLennart Poettering2020-12-171-0/+5
| | | | That way we can lter reuse it from cryptsetup/cryptenroll too.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* homectl: add --pkcs11-uri=auto and --pkcs-11-uri=list supportLennart Poettering2020-07-011-0/+2
| | | | | We have the same for FIDO2 devices, for listing suitable devices, or picking the right one automatically, let's add that for PKCS11 too.
* Make openssl dependency optional againZbigniew Jędrzejewski-Szmek2019-12-181-6/+3
|
* shared: add pkcs11-util.[ch]Lennart Poettering2019-12-091-0/+48