]>
Commit | Line | Data |
---|---|---|
6b945d70 LP |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | #pragma once | |
3 | ||
4 | #include "strv.h" | |
5 | #include "user-record.h" | |
6 | ||
7 | typedef struct PasswordCache { | |
d0eff7a1 AV |
8 | /* The volume key from the kernel keyring */ |
9 | void *volume_key; | |
10 | size_t volume_key_size; | |
d26cdde3 | 11 | |
6b945d70 LP |
12 | /* Decoding passwords from security tokens is expensive and typically requires user interaction, |
13 | * hence cache any we already figured out. */ | |
14 | char **pkcs11_passwords; | |
15 | char **fido2_passwords; | |
16 | } PasswordCache; | |
17 | ||
18 | void password_cache_free(PasswordCache *cache); | |
19 | ||
20 | static inline bool password_cache_contains(const PasswordCache *cache, const char *p) { | |
21 | if (!cache) | |
22 | return false; | |
23 | ||
d0eff7a1 AV |
24 | /* Used to decide whether or not to set a minimal PBKDF, under the assumption that if |
25 | * the cache contains a password then the password came from a hardware token of some kind | |
26 | * and is thus naturally high-entropy. */ | |
27 | ||
d26cdde3 | 28 | return strv_contains(cache->pkcs11_passwords, p) || |
d0eff7a1 | 29 | strv_contains(cache->fido2_passwords, p); |
6b945d70 | 30 | } |
d26cdde3 LP |
31 | |
32 | void password_cache_load_keyring(UserRecord *h, PasswordCache *cache); |