projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 6b945d70 LP |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
| 2 | #pragma once | |
| 3 | ||
| 4 | #include "strv.h" | |
| 5 | #include "user-record.h" | |
| 6 | ||
| 7 | typedef struct PasswordCache { | |
| d0eff7a1 AV |
8 | /* The volume key from the kernel keyring */ |
| 9 | void *volume_key; | |
| 10 | size_t volume_key_size; | |
| d26cdde3 | 11 | |
| 6b945d70 LP |
12 | /* Decoding passwords from security tokens is expensive and typically requires user interaction, |
| 13 | * hence cache any we already figured out. */ | |
| 14 | char **pkcs11_passwords; | |
| 15 | char **fido2_passwords; | |
| 16 | } PasswordCache; | |
| 17 | ||
| 18 | void password_cache_free(PasswordCache *cache); | |
| 19 | ||
| 20 | static inline bool password_cache_contains(const PasswordCache *cache, const char *p) { | |
| 21 | if (!cache) | |
| 22 | return false; | |
| 23 | ||
| d0eff7a1 AV |
24 | /* Used to decide whether or not to set a minimal PBKDF, under the assumption that if |
| 25 | * the cache contains a password then the password came from a hardware token of some kind | |
| 26 | * and is thus naturally high-entropy. */ | |
| 27 | ||
| d26cdde3 | 28 | return strv_contains(cache->pkcs11_passwords, p) || |
| d0eff7a1 | 29 | strv_contains(cache->fido2_passwords, p); |
| 6b945d70 | 30 | } |
| d26cdde3 LP |
31 | |
| 32 | void password_cache_load_keyring(UserRecord *h, PasswordCache *cache); |