]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/creds-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #24352 from DaanDeMeyer/mkosi-opensuse
[thirdparty/systemd.git] / src / shared / creds-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/file.h>
4
5 #if HAVE_OPENSSL
6 #include <openssl/err.h>
7 #endif
8
9 #include "sd-id128.h"
10
11 #include "blockdev-util.h"
12 #include "chattr-util.h"
13 #include "creds-util.h"
14 #include "efi-api.h"
15 #include "env-util.h"
16 #include "fd-util.h"
17 #include "fileio.h"
18 #include "fs-util.h"
19 #include "io-util.h"
20 #include "memory-util.h"
21 #include "mkdir.h"
22 #include "openssl-util.h"
23 #include "path-util.h"
24 #include "random-util.h"
25 #include "sparse-endian.h"
26 #include "stat-util.h"
27 #include "tpm2-util.h"
28 #include "virt.h"
29
30 bool credential_name_valid(const char *s) {
31 /* We want that credential names are both valid in filenames (since that's our primary way to pass
32 * them around) and as fdnames (which is how we might want to pass them around eventually) */
33 return filename_is_valid(s) && fdname_is_valid(s);
34 }
35
36 static int get_credentials_dir_internal(const char *envvar, const char **ret) {
37 const char *e;
38
39 assert(ret);
40
41 e = secure_getenv(envvar);
42 if (!e)
43 return -ENXIO;
44
45 if (!path_is_absolute(e) || !path_is_normalized(e))
46 return -EINVAL;
47
48 *ret = e;
49 return 0;
50 }
51
52 int get_credentials_dir(const char **ret) {
53 return get_credentials_dir_internal("CREDENTIALS_DIRECTORY", ret);
54 }
55
56 int get_encrypted_credentials_dir(const char **ret) {
57 return get_credentials_dir_internal("ENCRYPTED_CREDENTIALS_DIRECTORY", ret);
58 }
59
60 int read_credential(const char *name, void **ret, size_t *ret_size) {
61 _cleanup_free_ char *fn = NULL;
62 const char *d;
63 int r;
64
65 assert(ret);
66
67 if (!credential_name_valid(name))
68 return -EINVAL;
69
70 r = get_credentials_dir(&d);
71 if (r < 0)
72 return r;
73
74 fn = path_join(d, name);
75 if (!fn)
76 return -ENOMEM;
77
78 return read_full_file_full(
79 AT_FDCWD, fn,
80 UINT64_MAX, SIZE_MAX,
81 READ_FULL_FILE_SECURE,
82 NULL,
83 (char**) ret, ret_size);
84 }
85
86 int get_credential_user_password(const char *username, char **ret_password, bool *ret_is_hashed) {
87 _cleanup_(erase_and_freep) char *creds_password = NULL;
88 _cleanup_free_ char *cn = NULL;
89 int r;
90
91 /* Try to pick up the password for this account via the credentials logic */
92 cn = strjoin("passwd.hashed-password.", username);
93 if (!cn)
94 return -ENOMEM;
95
96 r = read_credential(cn, (void**) &creds_password, NULL);
97 if (r == -ENOENT) {
98 free(cn);
99 cn = strjoin("passwd.plaintext-password.", username);
100 if (!cn)
101 return -ENOMEM;
102
103 r = read_credential(cn, (void**) &creds_password, NULL);
104 if (r < 0)
105 log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn);
106 else
107 *ret_is_hashed = false;
108 } else if (r < 0)
109 log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn);
110 else
111 *ret_is_hashed = true;
112
113 *ret_password = TAKE_PTR(creds_password);
114
115 return r;
116 }
117
118 #if HAVE_OPENSSL
119
120 #define CREDENTIAL_HOST_SECRET_SIZE 4096
121
122 static const sd_id128_t credential_app_id =
123 SD_ID128_MAKE(d3,ac,ec,ba,0d,ad,4c,df,b8,c9,38,15,28,93,6c,58);
124
125 struct credential_host_secret_format {
126 /* The hashed machine ID of the machine this belongs to. Why? We want to ensure that each machine
127 * gets its own secret, even if people forget to flush out this secret file. Hence we bind it to the
128 * machine ID, for which there's hopefully a better chance it will be flushed out. We use a hashed
129 * machine ID instead of the literal one, because it's trivial to, and it might be a good idea not
130 * being able to directly associate a secret key file with a host. */
131 sd_id128_t machine_id;
132
133 /* The actual secret key */
134 uint8_t data[CREDENTIAL_HOST_SECRET_SIZE];
135 } _packed_;
136
137 static void warn_not_encrypted(int fd, CredentialSecretFlags flags, const char *dirname, const char *filename) {
138 int r;
139
140 assert(fd >= 0);
141 assert(dirname);
142 assert(filename);
143
144 if (!FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED))
145 return;
146
147 r = fd_is_encrypted(fd);
148 if (r < 0)
149 log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.",
150 dirname, filename);
151 else if (r == 0)
152 log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.",
153 dirname, filename);
154 }
155
156 static int make_credential_host_secret(
157 int dfd,
158 const sd_id128_t machine_id,
159 CredentialSecretFlags flags,
160 const char *dirname,
161 const char *fn,
162 void **ret_data,
163 size_t *ret_size) {
164
165 struct credential_host_secret_format buf;
166 _cleanup_free_ char *t = NULL;
167 _cleanup_close_ int fd = -1;
168 int r;
169
170 assert(dfd >= 0);
171 assert(fn);
172
173 fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400);
174 if (fd < 0) {
175 log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m");
176
177 if (asprintf(&t, "credential.secret.%016" PRIx64, random_u64()) < 0)
178 return -ENOMEM;
179
180 fd = openat(dfd, t, O_CLOEXEC|O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0400);
181 if (fd < 0)
182 return -errno;
183 }
184
185 r = chattr_secret(fd, 0);
186 if (r < 0)
187 log_debug_errno(r, "Failed to set file attributes for secrets file, ignoring: %m");
188
189 buf = (struct credential_host_secret_format) {
190 .machine_id = machine_id,
191 };
192
193 r = crypto_random_bytes(buf.data, sizeof(buf.data));
194 if (r < 0)
195 goto finish;
196
197 r = loop_write(fd, &buf, sizeof(buf), false);
198 if (r < 0)
199 goto finish;
200
201 if (fsync(fd) < 0) {
202 r = -errno;
203 goto finish;
204 }
205
206 warn_not_encrypted(fd, flags, dirname, fn);
207
208 if (t) {
209 r = rename_noreplace(dfd, t, dfd, fn);
210 if (r < 0)
211 goto finish;
212
213 t = mfree(t);
214 } else if (linkat(fd, "", dfd, fn, AT_EMPTY_PATH) < 0) {
215 r = -errno;
216 goto finish;
217 }
218
219 if (fsync(dfd) < 0) {
220 r = -errno;
221 goto finish;
222 }
223
224 if (ret_data) {
225 void *copy;
226
227 copy = memdup(buf.data, sizeof(buf.data));
228 if (!copy) {
229 r = -ENOMEM;
230 goto finish;
231 }
232
233 *ret_data = copy;
234 }
235
236 if (ret_size)
237 *ret_size = sizeof(buf.data);
238
239 r = 0;
240
241 finish:
242 if (t && unlinkat(dfd, t, 0) < 0)
243 log_debug_errno(errno, "Failed to remove temporary credential key: %m");
244
245 explicit_bzero_safe(&buf, sizeof(buf));
246 return r;
247 }
248
249 int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) {
250 _cleanup_free_ char *_dirname = NULL, *_filename = NULL;
251 _cleanup_close_ int dfd = -1;
252 sd_id128_t machine_id;
253 const char *dirname, *filename;
254 int r;
255
256 r = sd_id128_get_machine_app_specific(credential_app_id, &machine_id);
257 if (r < 0)
258 return r;
259
260 const char *e = secure_getenv("SYSTEMD_CREDENTIAL_SECRET");
261 if (e) {
262 if (!path_is_normalized(e))
263 return -EINVAL;
264 if (!path_is_absolute(e))
265 return -EINVAL;
266
267 r = path_extract_directory(e, &_dirname);
268 if (r < 0)
269 return r;
270
271 r = path_extract_filename(e, &_filename);
272 if (r < 0)
273 return r;
274
275 dirname = _dirname;
276 filename = _filename;
277 } else {
278 dirname = "/var/lib/systemd";
279 filename = "credential.secret";
280 }
281
282 mkdir_parents(dirname, 0755);
283 dfd = open_mkdir_at(AT_FDCWD, dirname, O_CLOEXEC, 0755);
284 if (dfd < 0)
285 return log_debug_errno(dfd, "Failed to create or open directory '%s': %m", dirname);
286
287 if (FLAGS_SET(flags, CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS)) {
288 r = fd_is_temporary_fs(dfd);
289 if (r < 0)
290 return log_debug_errno(r, "Failed to check directory '%s': %m", dirname);
291 if (r > 0)
292 return log_debug_errno(SYNTHETIC_ERRNO(ENOMEDIUM),
293 "Directory '%s' is on a temporary file system, refusing.", dirname);
294 }
295
296 for (unsigned attempt = 0;; attempt++) {
297 _cleanup_(erase_and_freep) struct credential_host_secret_format *f = NULL;
298 _cleanup_close_ int fd = -1;
299 size_t l = 0;
300 ssize_t n = 0;
301 struct stat st;
302
303 if (attempt >= 3) /* Somebody is playing games with us */
304 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
305 "All attempts to create secret store in %s failed.", dirname);
306
307 fd = openat(dfd, filename, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW);
308 if (fd < 0) {
309 if (errno != ENOENT || !FLAGS_SET(flags, CREDENTIAL_SECRET_GENERATE))
310 return log_debug_errno(errno,
311 "Failed to open %s/%s: %m", dirname, filename);
312
313
314 r = make_credential_host_secret(dfd, machine_id, flags, dirname, filename, ret, ret_size);
315 if (r == -EEXIST) {
316 log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
317 dirname, filename);
318 continue;
319 }
320 if (r < 0)
321 return log_debug_errno(r, "Failed to create credential secret %s/%s: %m",
322 dirname, filename);
323 return 0;
324 }
325
326 if (fstat(fd, &st) < 0)
327 return log_debug_errno(errno, "Failed to stat %s/%s: %m", dirname, filename);
328
329 r = stat_verify_regular(&st);
330 if (r < 0)
331 return log_debug_errno(r, "%s/%s is not a regular file: %m", dirname, filename);
332 if (st.st_nlink == 0) /* Deleted by now, try again */
333 continue;
334 if (st.st_nlink > 1)
335 /* Our deletion check won't work if hardlinked somewhere else */
336 return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
337 "%s/%s has too many links, refusing.",
338 dirname, filename);
339 if ((st.st_mode & 07777) != 0400)
340 /* Don't use file if not 0400 access mode */
341 return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
342 "%s/%s has permissive access mode, refusing.",
343 dirname, filename);
344 l = st.st_size;
345 if (l < offsetof(struct credential_host_secret_format, data) + 1)
346 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
347 "%s/%s is too small, refusing.", dirname, filename);
348 if (l > 16*1024*1024)
349 return log_debug_errno(SYNTHETIC_ERRNO(E2BIG),
350 "%s/%s is too big, refusing.", dirname, filename);
351
352 f = malloc(l+1);
353 if (!f)
354 return log_oom_debug();
355
356 n = read(fd, f, l+1);
357 if (n < 0)
358 return log_debug_errno(errno,
359 "Failed to read %s/%s: %m", dirname, filename);
360 if ((size_t) n != l) /* What? The size changed? */
361 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
362 "Failed to read %s/%s: %m", dirname, filename);
363
364 if (sd_id128_equal(machine_id, f->machine_id)) {
365 size_t sz;
366
367 warn_not_encrypted(fd, flags, dirname, filename);
368
369 sz = l - offsetof(struct credential_host_secret_format, data);
370 assert(sz > 0);
371
372 if (ret) {
373 void *copy;
374
375 assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */
376
377 copy = memdup(f->data, sz);
378 if (!copy)
379 return log_oom_debug();
380
381 *ret = copy;
382 }
383
384 if (ret_size)
385 *ret_size = sz;
386
387 return 0;
388 }
389
390 /* Hmm, this secret is from somewhere else. Let's delete the file. Let's first acquire a lock
391 * to ensure we are the only ones accessing the file while we delete it. */
392
393 if (flock(fd, LOCK_EX) < 0)
394 return log_debug_errno(errno,
395 "Failed to flock %s/%s: %m", dirname, filename);
396
397 /* Before we delete it check that the file is still linked into the file system */
398 if (fstat(fd, &st) < 0)
399 return log_debug_errno(errno, "Failed to stat %s/%s: %m", dirname, filename);
400 if (st.st_nlink == 0) /* Already deleted by now? */
401 continue;
402 if (st.st_nlink != 1) /* Safety check, someone is playing games with us */
403 return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
404 "%s/%s unexpectedly has too many links.",
405 dirname, filename);
406 if (unlinkat(dfd, filename, 0) < 0)
407 return log_debug_errno(errno, "Failed to unlink %s/%s: %m", dirname, filename);
408
409 /* And now try again */
410 }
411 }
412
413 /* Construction is like this:
414 *
415 * A symmetric encryption key is derived from:
416 *
417 * 1. Either the "host" key (a key stored in /var/lib/credential.secret)
418 *
419 * 2. A key generated by letting the TPM2 calculate an HMAC hash of some nonce we pass to it, keyed
420 * by a key derived from its internal seed key.
421 *
422 * 3. The concatenation of the above.
423 *
424 * 4. Or a fixed "empty" key. This will not provide confidentiality or authenticity, of course, but is
425 * useful to encode credentials for the initrd on TPM-less systems, where we simply have no better
426 * concept to bind things to. Note that decryption of a key set up like this will be refused on
427 * systems that have a TPM and have SecureBoot enabled.
428 *
429 * The above is hashed with SHA256 which is then used as encryption key for AES256-GCM. The encrypted
430 * credential is a short (unencrypted) header describing which of the three keys to use, the IV to use for
431 * AES256-GCM and some more meta information (sizes of certain objects) that is strictly speaking redundant,
432 * but kinda nice to have since we can have a more generic parser. If the TPM2 key is used this is followed
433 * by another (unencrypted) header, with information about the TPM2 policy used (specifically: the PCR mask
434 * to bind against, and a hash of the resulting policy — the latter being redundant, but speeding up things a
435 * bit, since we can more quickly refuse PCR state), followed by a sealed/exported TPM2 HMAC key. This is
436 * then followed by the encrypted data, which begins with a metadata header (which contains validity
437 * timestamps as well as the credential name), followed by the actual credential payload. The file ends in
438 * the AES256-GCM tag. To make things simple, the AES256-GCM AAD covers the main and the TPM2 header in
439 * full. This means the whole file is either protected by AAD, or is ciphertext, or is the tag. No
440 * unprotected data is included.
441 */
442
443 struct _packed_ encrypted_credential_header {
444 sd_id128_t id;
445 le32_t key_size;
446 le32_t block_size;
447 le32_t iv_size;
448 le32_t tag_size;
449 uint8_t iv[];
450 /* Followed by NUL bytes until next 8 byte boundary */
451 };
452
453 struct _packed_ tpm2_credential_header {
454 le64_t pcr_mask; /* Note that the spec for PC Clients only mandates 24 PCRs, and that's what systems
455 * generally have. But keep the door open for more. */
456 le16_t pcr_bank; /* For now, either TPM2_ALG_SHA256 or TPM2_ALG_SHA1 */
457 le16_t primary_alg; /* Primary key algorithm (either TPM2_ALG_RSA or TPM2_ALG_ECC for now) */
458 le32_t blob_size;
459 le32_t policy_hash_size;
460 uint8_t policy_hash_and_blob[];
461 /* Followed by NUL bytes until next 8 byte boundary */
462 };
463
464 struct _packed_ metadata_credential_header {
465 le64_t timestamp;
466 le64_t not_after;
467 le32_t name_size;
468 char name[];
469 /* Followed by NUL bytes until next 8 byte boundary */
470 };
471
472 /* Some generic limit for parts of the encrypted credential for which we don't know the right size ahead of
473 * time, but where we are really sure it won't be larger than this. Should be larger than any possible IV,
474 * padding, tag size and so on. This is purely used for early filtering out of invalid sizes. */
475 #define CREDENTIAL_FIELD_SIZE_MAX (16U*1024U)
476
477 static int sha256_hash_host_and_tpm2_key(
478 const void *host_key,
479 size_t host_key_size,
480 const void *tpm2_key,
481 size_t tpm2_key_size,
482 uint8_t ret[static SHA256_DIGEST_LENGTH]) {
483
484 _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md = NULL;
485 unsigned l;
486
487 assert(host_key_size == 0 || host_key);
488 assert(tpm2_key_size == 0 || tpm2_key);
489 assert(ret);
490
491 /* Combines the host key and the TPM2 HMAC hash into a SHA256 hash value we'll use as symmetric encryption key. */
492
493 md = EVP_MD_CTX_new();
494 if (!md)
495 return log_oom();
496
497 if (EVP_DigestInit_ex(md, EVP_sha256(), NULL) != 1)
498 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initial SHA256 context.");
499
500 if (host_key && EVP_DigestUpdate(md, host_key, host_key_size) != 1)
501 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash host key.");
502
503 if (tpm2_key && EVP_DigestUpdate(md, tpm2_key, tpm2_key_size) != 1)
504 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash TPM2 key.");
505
506 assert(EVP_MD_CTX_size(md) == SHA256_DIGEST_LENGTH);
507
508 if (EVP_DigestFinal_ex(md, ret, &l) != 1)
509 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize SHA256 hash.");
510
511 assert(l == SHA256_DIGEST_LENGTH);
512 return 0;
513 }
514
515 int encrypt_credential_and_warn(
516 sd_id128_t with_key,
517 const char *name,
518 usec_t timestamp,
519 usec_t not_after,
520 const char *tpm2_device,
521 uint32_t tpm2_pcr_mask,
522 const void *input,
523 size_t input_size,
524 void **ret,
525 size_t *ret_size) {
526
527 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
528 _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL;
529 size_t host_key_size = 0, tpm2_key_size = 0, tpm2_blob_size = 0, tpm2_policy_hash_size = 0, output_size, p, ml;
530 _cleanup_free_ void *tpm2_blob = NULL, *tpm2_policy_hash = NULL, *iv = NULL, *output = NULL;
531 _cleanup_free_ struct metadata_credential_header *m = NULL;
532 uint16_t tpm2_pcr_bank = 0, tpm2_primary_alg = 0;
533 struct encrypted_credential_header *h;
534 int ksz, bsz, ivsz, tsz, added, r;
535 uint8_t md[SHA256_DIGEST_LENGTH];
536 const EVP_CIPHER *cc;
537 sd_id128_t id;
538
539 assert(input || input_size == 0);
540 assert(ret);
541 assert(ret_size);
542
543 if (!sd_id128_in_set(with_key,
544 _CRED_AUTO,
545 _CRED_AUTO_INITRD,
546 CRED_AES256_GCM_BY_HOST,
547 CRED_AES256_GCM_BY_TPM2_HMAC,
548 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC,
549 CRED_AES256_GCM_BY_TPM2_ABSENT))
550 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid key type: " SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(with_key));
551
552 if (name && !credential_name_valid(name))
553 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid credential name: %s", name);
554
555 if (not_after != USEC_INFINITY && timestamp != USEC_INFINITY && not_after < timestamp)
556 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential is invalidated before it is valid (" USEC_FMT " < " USEC_FMT ").", not_after, timestamp);
557
558 if (DEBUG_LOGGING) {
559 char buf[FORMAT_TIMESTAMP_MAX];
560
561 if (name)
562 log_debug("Including credential name '%s' in encrypted credential.", name);
563 if (timestamp != USEC_INFINITY)
564 log_debug("Including timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), timestamp));
565 if (not_after != USEC_INFINITY)
566 log_debug("Including not-after timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), not_after));
567 }
568
569 if (sd_id128_in_set(with_key,
570 _CRED_AUTO,
571 CRED_AES256_GCM_BY_HOST,
572 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC)) {
573
574 r = get_credential_host_secret(
575 CREDENTIAL_SECRET_GENERATE|
576 CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED|
577 (sd_id128_equal(with_key, _CRED_AUTO) ? CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS : 0),
578 &host_key,
579 &host_key_size);
580 if (r == -ENOMEDIUM && sd_id128_equal(with_key, _CRED_AUTO))
581 log_debug_errno(r, "Credential host secret location on temporary file system, not using.");
582 else if (r < 0)
583 return log_error_errno(r, "Failed to determine local credential host secret: %m");
584 }
585
586 #if HAVE_TPM2
587 bool try_tpm2;
588 if (sd_id128_equal(with_key, _CRED_AUTO)) {
589 /* If automatic mode is selected and we are running in a container, let's not try TPM2. OTOH
590 * if user picks TPM2 explicitly, let's always honour the request and try. */
591
592 r = detect_container();
593 if (r < 0)
594 log_debug_errno(r, "Failed to determine whether we are running in a container, ignoring: %m");
595 else if (r > 0)
596 log_debug("Running in container, not attempting to use TPM2.");
597
598 try_tpm2 = r <= 0;
599 } else if (sd_id128_equal(with_key, _CRED_AUTO_INITRD)) {
600 /* If automatic mode for initrds is selected, we'll use the TPM2 key if the firmware does it,
601 * otherwise we'll use a fixed key */
602
603 try_tpm2 = efi_has_tpm2();
604 if (!try_tpm2)
605 log_debug("Firmware lacks TPM2 support, not attempting to use TPM2.");
606 } else
607 try_tpm2 = sd_id128_in_set(with_key, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC);
608
609 if (try_tpm2) {
610 r = tpm2_seal(tpm2_device,
611 tpm2_pcr_mask,
612 NULL,
613 &tpm2_key,
614 &tpm2_key_size,
615 &tpm2_blob,
616 &tpm2_blob_size,
617 &tpm2_policy_hash,
618 &tpm2_policy_hash_size,
619 &tpm2_pcr_bank,
620 &tpm2_primary_alg);
621 if (r < 0) {
622 if (sd_id128_equal(with_key, _CRED_AUTO_INITRD))
623 log_warning("Firmware reported a TPM2 being present and used, but we didn't manage to talk to it. Credential will be refused if SecureBoot is enabled.");
624 else if (!sd_id128_equal(with_key, _CRED_AUTO))
625 return r;
626
627 log_notice_errno(r, "TPM2 sealing didn't work, continuing without TPM2: %m");
628 }
629
630 assert(tpm2_blob_size <= CREDENTIAL_FIELD_SIZE_MAX);
631 assert(tpm2_policy_hash_size <= CREDENTIAL_FIELD_SIZE_MAX);
632 }
633 #endif
634
635 if (sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_INITRD)) {
636 /* Let's settle the key type in auto mode now. */
637
638 if (host_key && tpm2_key)
639 id = CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC;
640 else if (tpm2_key)
641 id = CRED_AES256_GCM_BY_TPM2_HMAC;
642 else if (host_key)
643 id = CRED_AES256_GCM_BY_HOST;
644 else if (sd_id128_equal(with_key, _CRED_AUTO_INITRD))
645 id = CRED_AES256_GCM_BY_TPM2_ABSENT;
646 else
647 return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
648 "TPM2 not available and host key located on temporary file system, no encryption key available.");
649 } else
650 id = with_key;
651
652 if (sd_id128_equal(id, CRED_AES256_GCM_BY_TPM2_ABSENT))
653 log_warning("Using a null key for encryption and signing. Confidentiality or authenticity will not be provided.");
654
655 /* Let's now take the host key and the TPM2 key and hash it together, to use as encryption key for the data */
656 r = sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md);
657 if (r < 0)
658 return r;
659
660 assert_se(cc = EVP_aes_256_gcm());
661
662 ksz = EVP_CIPHER_key_length(cc);
663 assert(ksz == sizeof(md));
664
665 bsz = EVP_CIPHER_block_size(cc);
666 assert(bsz > 0);
667 assert((size_t) bsz <= CREDENTIAL_FIELD_SIZE_MAX);
668
669 ivsz = EVP_CIPHER_iv_length(cc);
670 if (ivsz > 0) {
671 assert((size_t) ivsz <= CREDENTIAL_FIELD_SIZE_MAX);
672
673 iv = malloc(ivsz);
674 if (!iv)
675 return log_oom();
676
677 r = crypto_random_bytes(iv, ivsz);
678 if (r < 0)
679 return log_error_errno(r, "Failed to acquired randomized IV: %m");
680 }
681
682 tsz = 16; /* FIXME: On OpenSSL 3 there is EVP_CIPHER_CTX_get_tag_length(), until then let's hardcode this */
683
684 context = EVP_CIPHER_CTX_new();
685 if (!context)
686 return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate encryption object: %s",
687 ERR_error_string(ERR_get_error(), NULL));
688
689 if (EVP_EncryptInit_ex(context, cc, NULL, md, iv) != 1)
690 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize encryption context: %s",
691 ERR_error_string(ERR_get_error(), NULL));
692
693 /* Just an upper estimate */
694 output_size =
695 ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz) +
696 ALIGN8(tpm2_key ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size : 0) +
697 ALIGN8(offsetof(struct metadata_credential_header, name) + strlen_ptr(name)) +
698 input_size + 2U * (size_t) bsz +
699 tsz;
700
701 output = malloc0(output_size);
702 if (!output)
703 return log_oom();
704
705 h = (struct encrypted_credential_header*) output;
706 h->id = id;
707 h->block_size = htole32(bsz);
708 h->key_size = htole32(ksz);
709 h->tag_size = htole32(tsz);
710 h->iv_size = htole32(ivsz);
711 memcpy(h->iv, iv, ivsz);
712
713 p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz);
714
715 if (tpm2_key) {
716 struct tpm2_credential_header *t;
717
718 t = (struct tpm2_credential_header*) ((uint8_t*) output + p);
719 t->pcr_mask = htole64(tpm2_pcr_mask);
720 t->pcr_bank = htole16(tpm2_pcr_bank);
721 t->primary_alg = htole16(tpm2_primary_alg);
722 t->blob_size = htole32(tpm2_blob_size);
723 t->policy_hash_size = htole32(tpm2_policy_hash_size);
724 memcpy(t->policy_hash_and_blob, tpm2_blob, tpm2_blob_size);
725 memcpy(t->policy_hash_and_blob + tpm2_blob_size, tpm2_policy_hash, tpm2_policy_hash_size);
726
727 p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size);
728 }
729
730 /* Pass the encrypted + TPM2 header as AAD */
731 if (EVP_EncryptUpdate(context, NULL, &added, output, p) != 1)
732 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s",
733 ERR_error_string(ERR_get_error(), NULL));
734
735 /* Now construct the metadata header */
736 ml = strlen_ptr(name);
737 m = malloc0(ALIGN8(offsetof(struct metadata_credential_header, name) + ml));
738 if (!m)
739 return log_oom();
740
741 m->timestamp = htole64(timestamp);
742 m->not_after = htole64(not_after);
743 m->name_size = htole32(ml);
744 memcpy_safe(m->name, name, ml);
745
746 /* And encrypt the metadata header */
747 if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, (const unsigned char*) m, ALIGN8(offsetof(struct metadata_credential_header, name) + ml)) != 1)
748 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt metadata header: %s",
749 ERR_error_string(ERR_get_error(), NULL));
750
751 assert(added >= 0);
752 assert((size_t) added <= output_size - p);
753 p += added;
754
755 /* Then encrypt the plaintext */
756 if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, input, input_size) != 1)
757 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt data: %s",
758 ERR_error_string(ERR_get_error(), NULL));
759
760 assert(added >= 0);
761 assert((size_t) added <= output_size - p);
762 p += added;
763
764 /* Finalize */
765 if (EVP_EncryptFinal_ex(context, (uint8_t*) output + p, &added) != 1)
766 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize data encryption: %s",
767 ERR_error_string(ERR_get_error(), NULL));
768
769 assert(added >= 0);
770 assert((size_t) added <= output_size - p);
771 p += added;
772
773 assert(p <= output_size - tsz);
774
775 /* Append tag */
776 if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_GET_TAG, tsz, (uint8_t*) output + p) != 1)
777 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get tag: %s",
778 ERR_error_string(ERR_get_error(), NULL));
779
780 p += tsz;
781 assert(p <= output_size);
782
783 if (DEBUG_LOGGING && input_size > 0) {
784 size_t base64_size;
785
786 base64_size = DIV_ROUND_UP(p * 4, 3); /* Include base64 size increase in debug output */
787 assert(base64_size >= input_size);
788 log_debug("Input of %zu bytes grew to output of %zu bytes (+%2zu%%).", input_size, base64_size, base64_size * 100 / input_size - 100);
789 }
790
791 *ret = TAKE_PTR(output);
792 *ret_size = p;
793
794 return 0;
795 }
796
797 int decrypt_credential_and_warn(
798 const char *validate_name,
799 usec_t validate_timestamp,
800 const char *tpm2_device,
801 const void *input,
802 size_t input_size,
803 void **ret,
804 size_t *ret_size) {
805
806 _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL, *plaintext = NULL;
807 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
808 size_t host_key_size = 0, tpm2_key_size = 0, plaintext_size, p, hs;
809 struct encrypted_credential_header *h;
810 struct metadata_credential_header *m;
811 uint8_t md[SHA256_DIGEST_LENGTH];
812 bool with_tpm2, with_host_key, is_tpm2_absent;
813 const EVP_CIPHER *cc;
814 int r, added;
815
816 assert(input || input_size == 0);
817 assert(ret);
818 assert(ret_size);
819
820 h = (struct encrypted_credential_header*) input;
821
822 /* The ID must fit in, for the current and all future formats */
823 if (input_size < sizeof(h->id))
824 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
825
826 with_host_key = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC);
827 with_tpm2 = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC);
828 is_tpm2_absent = sd_id128_equal(h->id, CRED_AES256_GCM_BY_TPM2_ABSENT);
829
830 if (!with_host_key && !with_tpm2 && !is_tpm2_absent)
831 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Unknown encryption format, or corrupted data: %m");
832
833 if (is_tpm2_absent) {
834 /* So this is a credential encrypted with a zero length key. We support this to cover for the
835 * case where neither a host key not a TPM2 are available (specifically: initrd environments
836 * where the host key is not yet accessible and no TPM2 chip exists at all), to minimize
837 * different codeflow for TPM2 and non-TPM2 codepaths. Of course, credentials encoded this
838 * way offer no confidentiality nor authenticity. Because of that it's important we refuse to
839 * use them on systems that actually *do* have a TPM2 chip – if we are in SecureBoot
840 * mode. Otherwise an attacker could hand us credentials like this and we'd use them thinking
841 * they are trusted, even though they are not. */
842
843 if (efi_has_tpm2()) {
844 if (is_efi_secure_boot())
845 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
846 "Credential uses fixed key for fallback use when TPM2 is absent — but TPM2 is present, and SecureBoot is enabled, refusing.");
847
848 log_warning("Credential uses fixed key for use when TPM2 is absent, but TPM2 is present! Accepting anyway, since SecureBoot is disabled.");
849 } else
850 log_debug("Credential uses fixed key for use when TPM2 is absent, and TPM2 indeed is absent. Accepting.");
851 }
852
853 /* Now we know the minimum header size */
854 if (input_size < offsetof(struct encrypted_credential_header, iv))
855 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
856
857 /* Verify some basic header values */
858 if (le32toh(h->key_size) != sizeof(md))
859 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header.");
860 if (le32toh(h->block_size) <= 0 || le32toh(h->block_size) > CREDENTIAL_FIELD_SIZE_MAX)
861 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header.");
862 if (le32toh(h->iv_size) > CREDENTIAL_FIELD_SIZE_MAX)
863 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "IV size too large.");
864 if (le32toh(h->tag_size) != 16) /* FIXME: On OpenSSL 3, let's verify via EVP_CIPHER_CTX_get_tag_length() */
865 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected tag size in header.");
866
867 /* Ensure we have space for the full header now (we don't know the size of the name hence this is a
868 * lower limit only) */
869 if (input_size <
870 ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) +
871 ALIGN8((with_tpm2 ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) : 0)) +
872 ALIGN8(offsetof(struct metadata_credential_header, name)) +
873 le32toh(h->tag_size))
874 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
875
876 p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size));
877
878 if (with_tpm2) {
879 #if HAVE_TPM2
880 struct tpm2_credential_header* t = (struct tpm2_credential_header*) ((uint8_t*) input + p);
881
882 if (!TPM2_PCR_MASK_VALID(t->pcr_mask))
883 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range.");
884 if (!tpm2_pcr_bank_to_string(le16toh(t->pcr_bank)))
885 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported");
886 if (!tpm2_primary_alg_to_string(le16toh(t->primary_alg)))
887 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported.");
888 if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX)
889 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size.");
890 if (le32toh(t->policy_hash_size) > CREDENTIAL_FIELD_SIZE_MAX)
891 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 policy hash size.");
892
893 /* Ensure we have space for the full TPM2 header now (still don't know the name, and its size
894 * though, hence still just a lower limit test only) */
895 if (input_size <
896 ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) +
897 ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + le32toh(t->blob_size) + le32toh(t->policy_hash_size)) +
898 ALIGN8(offsetof(struct metadata_credential_header, name)) +
899 le32toh(h->tag_size))
900 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
901
902 r = tpm2_unseal(tpm2_device,
903 le64toh(t->pcr_mask),
904 le16toh(t->pcr_bank),
905 le16toh(t->primary_alg),
906 t->policy_hash_and_blob,
907 le32toh(t->blob_size),
908 t->policy_hash_and_blob + le32toh(t->blob_size),
909 le32toh(t->policy_hash_size),
910 NULL,
911 &tpm2_key,
912 &tpm2_key_size);
913 if (r < 0)
914 return r;
915
916 p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) +
917 le32toh(t->blob_size) +
918 le32toh(t->policy_hash_size));
919 #else
920 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Credential requires TPM2 support, but TPM2 support not available.");
921 #endif
922 }
923
924 if (with_host_key) {
925 r = get_credential_host_secret(
926 0,
927 &host_key,
928 &host_key_size);
929 if (r < 0)
930 return log_error_errno(r, "Failed to determine local credential key: %m");
931 }
932
933 if (is_tpm2_absent)
934 log_warning("Warning: using a null key for decryption and authentication. Confidentiality or authenticity are not provided.");
935
936 sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md);
937
938 assert_se(cc = EVP_aes_256_gcm());
939
940 /* Make sure cipher expectations match the header */
941 if (EVP_CIPHER_key_length(cc) != (int) le32toh(h->key_size))
942 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header.");
943 if (EVP_CIPHER_block_size(cc) != (int) le32toh(h->block_size))
944 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header.");
945
946 context = EVP_CIPHER_CTX_new();
947 if (!context)
948 return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate decryption object: %s",
949 ERR_error_string(ERR_get_error(), NULL));
950
951 if (EVP_DecryptInit_ex(context, cc, NULL, NULL, NULL) != 1)
952 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize decryption context: %s",
953 ERR_error_string(ERR_get_error(), NULL));
954
955 if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_IVLEN, le32toh(h->iv_size), NULL) != 1)
956 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV size on decryption context: %s",
957 ERR_error_string(ERR_get_error(), NULL));
958
959 if (EVP_DecryptInit_ex(context, NULL, NULL, md, h->iv) != 1)
960 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV and key: %s",
961 ERR_error_string(ERR_get_error(), NULL));
962
963 if (EVP_DecryptUpdate(context, NULL, &added, input, p) != 1)
964 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s",
965 ERR_error_string(ERR_get_error(), NULL));
966
967 plaintext = malloc(input_size - p - le32toh(h->tag_size));
968 if (!plaintext)
969 return -ENOMEM;
970
971 if (EVP_DecryptUpdate(
972 context,
973 plaintext,
974 &added,
975 (uint8_t*) input + p,
976 input_size - p - le32toh(h->tag_size)) != 1)
977 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decrypt data: %s",
978 ERR_error_string(ERR_get_error(), NULL));
979
980 assert(added >= 0);
981 assert((size_t) added <= input_size - p - le32toh(h->tag_size));
982 plaintext_size = added;
983
984 if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_TAG, le32toh(h->tag_size), (uint8_t*) input + input_size - le32toh(h->tag_size)) != 1)
985 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set tag: %s",
986 ERR_error_string(ERR_get_error(), NULL));
987
988 if (EVP_DecryptFinal_ex(context, (uint8_t*) plaintext + plaintext_size, &added) != 1)
989 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Decryption failed (incorrect key?): %s",
990 ERR_error_string(ERR_get_error(), NULL));
991
992 plaintext_size += added;
993
994 if (plaintext_size < ALIGN8(offsetof(struct metadata_credential_header, name)))
995 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete.");
996
997 m = plaintext;
998
999 if (le64toh(m->timestamp) != USEC_INFINITY &&
1000 le64toh(m->not_after) != USEC_INFINITY &&
1001 le64toh(m->timestamp) >= le64toh(m->not_after))
1002 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Timestamps of credential are not in order, refusing.");
1003
1004 if (le32toh(m->name_size) > CREDENTIAL_NAME_MAX)
1005 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name too long, refusing.");
1006
1007 hs = ALIGN8(offsetof(struct metadata_credential_header, name) + le32toh(m->name_size));
1008 if (plaintext_size < hs)
1009 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete.");
1010
1011 if (le32toh(m->name_size) > 0) {
1012 _cleanup_free_ char *embedded_name = NULL;
1013
1014 if (memchr(m->name, 0, le32toh(m->name_size)))
1015 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name contains NUL byte, refusing.");
1016
1017 embedded_name = memdup_suffix0(m->name, le32toh(m->name_size));
1018 if (!embedded_name)
1019 return log_oom();
1020
1021 if (!credential_name_valid(embedded_name))
1022 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name is not valid, refusing.");
1023
1024 if (validate_name && !streq(embedded_name, validate_name)) {
1025
1026 r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
1027 if (r < 0 && r != -ENXIO)
1028 log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m");
1029 if (r != 0)
1030 return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "Embedded credential name '%s' does not match filename '%s', refusing.", embedded_name, validate_name);
1031
1032 log_debug("Embedded credential name '%s' does not match expected name '%s', but configured to use credential anyway.", embedded_name, validate_name);
1033 }
1034 }
1035
1036 if (validate_timestamp != USEC_INFINITY) {
1037 if (le64toh(m->timestamp) != USEC_INFINITY && le64toh(m->timestamp) > validate_timestamp)
1038 log_debug("Credential timestamp is from the future, assuming clock skew.");
1039
1040 if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) {
1041
1042 r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
1043 if (r < 0 && r != -ENXIO)
1044 log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m");
1045 if (r != 0)
1046 return log_error_errno(SYNTHETIC_ERRNO(ESTALE), "Credential's time passed, refusing to use.");
1047
1048 log_debug("Credential not-after timestamp has passed, but configured to use credential anyway.");
1049 }
1050 }
1051
1052 if (ret) {
1053 char *without_metadata;
1054
1055 without_metadata = memdup((uint8_t*) plaintext + hs, plaintext_size - hs);
1056 if (!without_metadata)
1057 return log_oom();
1058
1059 *ret = without_metadata;
1060 }
1061
1062 if (ret_size)
1063 *ret_size = plaintext_size - hs;
1064
1065 return 0;
1066 }
1067
1068 #else
1069
1070 int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) {
1071 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available.");
1072 }
1073
1074 int encrypt_credential_and_warn(sd_id128_t with_key, const char *name, usec_t timestamp, usec_t not_after, const char *tpm2_device, uint32_t tpm2_pcr_mask, const void *input, size_t input_size, void **ret, size_t *ret_size) {
1075 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available.");
1076 }
1077
1078 int decrypt_credential_and_warn(const char *validate_name, usec_t validate_timestamp, const char *tpm2_device, const void *input, size_t input_size, void **ret, size_t *ret_size) {
1079 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available.");
1080 }
1081
1082 #endif
Unnamed repository; edit this file 'description' to name the repository.