size_t secret_size) {
_cleanup_(json_variant_unrefp) JsonVariant *l = NULL, *w = NULL, *e = NULL;
- _cleanup_(erase_and_freep) char *base64_encoded = NULL;
- _cleanup_free_ char *unix_salt = NULL;
- struct crypt_data cd = {};
- char *k;
+ _cleanup_(erase_and_freep) char *base64_encoded = NULL, *hashed = NULL;
int r;
- r = make_salt(&unix_salt);
- if (r < 0)
- return log_error_errno(r, "Failed to generate salt: %m");
-
/* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends
* expect a NUL terminated string, and we use a binary key */
r = base64mem(secret, secret_size, &base64_encoded);
if (r < 0)
return log_error_errno(r, "Failed to base64 encode secret key: %m");
- errno = 0;
- k = crypt_r(base64_encoded, unix_salt, &cd);
- if (!k)
+ r = hash_password(base64_encoded, &hashed);
+ if (r < 0)
return log_error_errno(errno_or_else(EINVAL), "Failed to UNIX hash secret key: %m");
r = json_build(&e, JSON_BUILD_OBJECT(
JSON_BUILD_PAIR("credential", JSON_BUILD_BASE64(cid, cid_size)),
JSON_BUILD_PAIR("salt", JSON_BUILD_BASE64(fido2_salt, fido2_salt_size)),
- JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(k))));
+ JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(hashed))));
if (r < 0)
return log_error_errno(r, "Failed to build FIDO2 salt JSON key object: %m");