git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Mon, 15 Jan 2024 16:36:44 +0000 (17:36 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 30 Jan 2024 16:07:47 +0000 (17:07 +0100)
commit	48d67957d507c17009f804ec91bf459a674edab7
tree	04442e4438420deb1152e6f2b1261be8bd005bff	tree \| snapshot
parent	740b7870c990a76542a075e6ecf24b81952f6429	commit \| diff

creds-util: add a concept of "user-scoped" credentials

So far credentials are a concept for system services only: to encrypt or
decrypt credential you must be privileged, as only then you can access
the TPM and the host key.

Let's break this up a bit: let's add a "user-scoped" credential, that
are specific to users. Internally this works by adding another step to
the acquisition of the symmetric encryption key for the credential: if a
"user-scoped" credential is used we'll generate an symmetric encryption
key K as usual, but then we'll use it to calculate

K' = HMAC(K, flags || uid || machine-id || username)

and then use the resulting K' as encryption key instead. This basically
includes the (public) user's identity in the encryption key, ensuring
that only if the right user credentials are specified the correct key
can be acquired.

mime/io.systemd.xml		diff \| blob \| blame \| history
src/core/exec-credential.c		diff \| blob \| blame \| history
src/creds/creds.c		diff \| blob \| blame \| history
src/pcrlock/pcrlock.c		diff \| blob \| blame \| history
src/shared/creds-util.c		diff \| blob \| blame \| history
src/shared/creds-util.h		diff \| blob \| blame \| history
src/shared/tpm2-util.c		diff \| blob \| blame \| history
src/test/test-creds.c		diff \| blob \| blame \| history