]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/creds-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
creds-util: add a concept of "user-scoped" credentials
[thirdparty/systemd.git] / src / shared / creds-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/file.h>
4
5 #if HAVE_OPENSSL
6 #include <openssl/err.h>
7 #endif
8
9 #include "sd-id128.h"
10
11 #include "blockdev-util.h"
12 #include "capability-util.h"
13 #include "chattr-util.h"
14 #include "constants.h"
15 #include "creds-util.h"
16 #include "efi-api.h"
17 #include "env-util.h"
18 #include "fd-util.h"
19 #include "fileio.h"
20 #include "format-util.h"
21 #include "fs-util.h"
22 #include "io-util.h"
23 #include "memory-util.h"
24 #include "mkdir.h"
25 #include "openssl-util.h"
26 #include "parse-util.h"
27 #include "path-util.h"
28 #include "random-util.h"
29 #include "sparse-endian.h"
30 #include "stat-util.h"
31 #include "tpm2-util.h"
32 #include "user-util.h"
33
34 #define PUBLIC_KEY_MAX (UINT32_C(1024) * UINT32_C(1024))
35
36 bool credential_name_valid(const char *s) {
37 /* We want that credential names are both valid in filenames (since that's our primary way to pass
38 * them around) and as fdnames (which is how we might want to pass them around eventually) */
39 return filename_is_valid(s) && fdname_is_valid(s);
40 }
41
42 bool credential_glob_valid(const char *s) {
43 const char *e, *a;
44 size_t n;
45
46 /* Checks if a credential glob expression is valid. Note that this is more restrictive than
47 * fnmatch()! We only allow trailing asterisk matches for now (simply because we want some freedom
48 * with automatically extending the pattern in a systematic way to cover for unit instances getting
49 * per-instance credentials or similar. Moreover, credential globbing expressions are also more
50 * restrictive then credential names: we don't allow *, ?, [, ] in them (except for the asterisk
51 * match at the end of the string), simply to not allow ambiguity. After all, we want the flexibility
52 * to one day add full globbing should the need arise. */
53
54 if (isempty(s))
55 return false;
56
57 /* Find first glob (or NUL byte) */
58 n = strcspn(s, "*?[]");
59 e = s + n;
60
61 /* For now, only allow asterisk wildcards, and only at the end of the string. If it's anything else, refuse. */
62 if (isempty(e))
63 return credential_name_valid(s);
64
65 if (!streq(e, "*")) /* only allow trailing "*", no other globs */
66 return false;
67
68 if (n == 0) /* Explicitly allow the complete wildcard. */
69 return true;
70
71 if (n > NAME_MAX + strlen(e)) /* before we make a copy on the stack, let's check this is not overly large */
72 return false;
73
74 /* Make a copy of the string without the '*' suffix */
75 a = strndupa_safe(s, n);
76
77 return credential_name_valid(a);
78 }
79
80 static int get_credentials_dir_internal(const char *envvar, const char **ret) {
81 const char *e;
82
83 assert(ret);
84
85 e = secure_getenv(envvar);
86 if (!e)
87 return -ENXIO;
88
89 if (!path_is_absolute(e) || !path_is_normalized(e))
90 return -EINVAL;
91
92 *ret = e;
93 return 0;
94 }
95
96 int get_credentials_dir(const char **ret) {
97 return get_credentials_dir_internal("CREDENTIALS_DIRECTORY", ret);
98 }
99
100 int get_encrypted_credentials_dir(const char **ret) {
101 return get_credentials_dir_internal("ENCRYPTED_CREDENTIALS_DIRECTORY", ret);
102 }
103
104 int open_credentials_dir(void) {
105 const char *d;
106 int r;
107
108 r = get_credentials_dir(&d);
109 if (r < 0)
110 return r;
111
112 return RET_NERRNO(open(d, O_CLOEXEC|O_DIRECTORY));
113 }
114
115 int read_credential(const char *name, void **ret, size_t *ret_size) {
116 _cleanup_free_ char *fn = NULL;
117 const char *d;
118 int r;
119
120 assert(ret);
121
122 if (!credential_name_valid(name))
123 return -EINVAL;
124
125 r = get_credentials_dir(&d);
126 if (r < 0)
127 return r;
128
129 fn = path_join(d, name);
130 if (!fn)
131 return -ENOMEM;
132
133 return read_full_file_full(
134 AT_FDCWD, fn,
135 UINT64_MAX, SIZE_MAX,
136 READ_FULL_FILE_SECURE,
137 NULL,
138 (char**) ret, ret_size);
139 }
140
141 int read_credential_with_decryption(const char *name, void **ret, size_t *ret_size) {
142 _cleanup_(iovec_done_erase) struct iovec ret_iovec = {};
143 _cleanup_(erase_and_freep) void *data = NULL;
144 _cleanup_free_ char *fn = NULL;
145 size_t sz = 0;
146 const char *d;
147 int r;
148
149 /* Just like read_credential() but will also look for encrypted credentials. Note that services only
150 * receive decrypted credentials, hence use read_credential() for those. This helper here is for
151 * generators, i.e. code that runs outside of service context, and thus has no decrypted credentials
152 * yet.
153 *
154 * Note that read_credential_harder_and_warn() logs on its own, while read_credential() does not!
155 * (It's a lot more complex and error prone given its TPM2 connectivity, and is generally called from
156 * generators only where logging is OK).
157 *
158 * Error handling is also a bit different: if we can't find a credential we'll return 0 and NULL
159 * pointers/zero size, rather than -ENXIO/-ENOENT. */
160
161 if (!credential_name_valid(name))
162 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid credential name: %s", name);
163
164 r = read_credential(name, ret, ret_size);
165 if (r >= 0)
166 return 1; /* found */
167 if (!IN_SET(r, -ENXIO, -ENOENT))
168 return log_error_errno(r, "Failed read unencrypted credential '%s': %m", name);
169
170 r = get_encrypted_credentials_dir(&d);
171 if (r == -ENXIO)
172 goto not_found;
173 if (r < 0)
174 return log_error_errno(r, "Failed to determine encrypted credentials directory: %m");
175
176 fn = path_join(d, name);
177 if (!fn)
178 return log_oom();
179
180 r = read_full_file_full(
181 AT_FDCWD, fn,
182 UINT64_MAX, SIZE_MAX,
183 READ_FULL_FILE_SECURE,
184 NULL,
185 (char**) &data, &sz);
186 if (r == -ENOENT)
187 goto not_found;
188 if (r < 0)
189 return log_error_errno(r, "Failed to read encrypted credential data: %m");
190
191 r = decrypt_credential_and_warn(
192 name,
193 now(CLOCK_REALTIME),
194 /* tpm2_device= */ NULL,
195 /* tpm2_signature_path= */ NULL,
196 getuid(),
197 &IOVEC_MAKE(data, sz),
198 CREDENTIAL_ANY_SCOPE,
199 &ret_iovec);
200 if (r < 0)
201 return r;
202
203 if (ret)
204 *ret = TAKE_PTR(ret_iovec.iov_base);
205 if (ret_size)
206 *ret_size = ret_iovec.iov_len;
207
208 return 1; /* found */
209
210 not_found:
211 if (ret)
212 *ret = NULL;
213 if (ret_size)
214 *ret_size = 0;
215
216 return 0; /* not found */
217 }
218
219 int read_credential_strings_many_internal(
220 const char *first_name, char **first_value,
221 ...) {
222
223 _cleanup_free_ void *b = NULL;
224 bool all = true;
225 int r, ret = 0;
226
227 /* Reads a bunch of credentials into the specified buffers. If the specified buffers are already
228 * non-NULL frees them if a credential is found. Only supports string-based credentials
229 * (i.e. refuses embedded NUL bytes).
230 *
231 * 0 is returned when some or all credentials are missing.
232 */
233
234 if (!first_name)
235 return 0;
236
237 r = read_credential(first_name, &b, NULL);
238 if (r == -ENXIO) /* No creds passed at all? Bail immediately. */
239 return 0;
240 if (r == -ENOENT)
241 all = false;
242 else if (r < 0)
243 RET_GATHER(ret, r);
244 else
245 free_and_replace(*first_value, b);
246
247 va_list ap;
248 va_start(ap, first_value);
249
250 for (;;) {
251 _cleanup_free_ void *bb = NULL;
252 const char *name;
253 char **value;
254
255 name = va_arg(ap, const char *);
256 if (!name)
257 break;
258
259 value = ASSERT_PTR(va_arg(ap, char **));
260
261 r = read_credential(name, &bb, NULL);
262 if (r == -ENOENT)
263 all = false;
264 else if (r < 0)
265 RET_GATHER(ret, r);
266 else
267 free_and_replace(*value, bb);
268 }
269
270 va_end(ap);
271 return ret < 0 ? ret : all;
272 }
273
274 int read_credential_bool(const char *name) {
275 _cleanup_free_ void *data = NULL;
276 int r;
277
278 r = read_credential(name, &data, NULL);
279 if (r < 0)
280 return IN_SET(r, -ENXIO, -ENOENT) ? 0 : r;
281
282 return parse_boolean(data);
283 }
284
285 int get_credential_user_password(const char *username, char **ret_password, bool *ret_is_hashed) {
286 _cleanup_(erase_and_freep) char *creds_password = NULL;
287 _cleanup_free_ char *cn = NULL;
288 int r;
289
290 /* Try to pick up the password for this account via the credentials logic */
291 cn = strjoin("passwd.hashed-password.", username);
292 if (!cn)
293 return -ENOMEM;
294
295 r = read_credential(cn, (void**) &creds_password, NULL);
296 if (r == -ENOENT) {
297 free(cn);
298 cn = strjoin("passwd.plaintext-password.", username);
299 if (!cn)
300 return -ENOMEM;
301
302 r = read_credential(cn, (void**) &creds_password, NULL);
303 if (r < 0)
304 log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn);
305 else
306 *ret_is_hashed = false;
307 } else if (r < 0)
308 log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn);
309 else
310 *ret_is_hashed = true;
311
312 *ret_password = TAKE_PTR(creds_password);
313
314 return r;
315 }
316
317 #if HAVE_OPENSSL
318
319 #define CREDENTIAL_HOST_SECRET_SIZE 4096
320
321 static const sd_id128_t credential_app_id =
322 SD_ID128_MAKE(d3,ac,ec,ba,0d,ad,4c,df,b8,c9,38,15,28,93,6c,58);
323
324 struct credential_host_secret_format {
325 /* The hashed machine ID of the machine this belongs to. Why? We want to ensure that each machine
326 * gets its own secret, even if people forget to flush out this secret file. Hence we bind it to the
327 * machine ID, for which there's hopefully a better chance it will be flushed out. We use a hashed
328 * machine ID instead of the literal one, because it's trivial to, and it might be a good idea not
329 * being able to directly associate a secret key file with a host. */
330 sd_id128_t machine_id;
331
332 /* The actual secret key */
333 uint8_t data[CREDENTIAL_HOST_SECRET_SIZE];
334 } _packed_;
335
336 static void warn_not_encrypted(int fd, CredentialSecretFlags flags, const char *dirname, const char *filename) {
337 int r;
338
339 assert(fd >= 0);
340 assert(dirname);
341 assert(filename);
342
343 if (!FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED))
344 return;
345
346 r = fd_is_encrypted(fd);
347 if (r < 0)
348 log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.",
349 dirname, filename);
350 else if (r == 0)
351 log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.",
352 dirname, filename);
353 }
354
355 static int make_credential_host_secret(
356 int dfd,
357 const sd_id128_t machine_id,
358 CredentialSecretFlags flags,
359 const char *dirname,
360 const char *fn,
361 struct iovec *ret) {
362
363 _cleanup_free_ char *t = NULL;
364 _cleanup_close_ int fd = -EBADF;
365 int r;
366
367 assert(dfd >= 0);
368 assert(fn);
369
370 /* For non-root users creating a temporary file using the openat(2) over "." will fail later, in the
371 * linkat(2) step at the end. The reason is that linkat(2) requires the CAP_DAC_READ_SEARCH
372 * capability when it uses the AT_EMPTY_PATH flag. */
373 if (have_effective_cap(CAP_DAC_READ_SEARCH) > 0) {
374 fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400);
375 if (fd < 0)
376 log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m");
377 }
378 if (fd < 0) {
379 if (asprintf(&t, "credential.secret.%016" PRIx64, random_u64()) < 0)
380 return -ENOMEM;
381
382 fd = openat(dfd, t, O_CLOEXEC|O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0400);
383 if (fd < 0)
384 return -errno;
385 }
386
387 r = chattr_secret(fd, 0);
388 if (r < 0)
389 log_debug_errno(r, "Failed to set file attributes for secrets file, ignoring: %m");
390
391 struct credential_host_secret_format buf = {
392 .machine_id = machine_id,
393 };
394
395 CLEANUP_ERASE(buf);
396
397 r = crypto_random_bytes(buf.data, sizeof(buf.data));
398 if (r < 0)
399 goto fail;
400
401 r = loop_write(fd, &buf, sizeof(buf));
402 if (r < 0)
403 goto fail;
404
405 if (fsync(fd) < 0) {
406 r = -errno;
407 goto fail;
408 }
409
410 warn_not_encrypted(fd, flags, dirname, fn);
411
412 if (t) {
413 r = rename_noreplace(dfd, t, dfd, fn);
414 if (r < 0)
415 goto fail;
416
417 t = mfree(t);
418 } else if (linkat(fd, "", dfd, fn, AT_EMPTY_PATH) < 0) {
419 r = -errno;
420 goto fail;
421 }
422
423 if (fsync(dfd) < 0) {
424 r = -errno;
425 goto fail;
426 }
427
428 if (ret) {
429 void *copy;
430
431 copy = memdup(buf.data, sizeof(buf.data));
432 if (!copy) {
433 r = -ENOMEM;
434 goto fail;
435 }
436
437 *ret = IOVEC_MAKE(copy, sizeof(buf.data));
438 }
439
440 return 0;
441
442 fail:
443 if (t && unlinkat(dfd, t, 0) < 0)
444 log_debug_errno(errno, "Failed to remove temporary credential key: %m");
445
446 return r;
447 }
448
449 int get_credential_host_secret(CredentialSecretFlags flags, struct iovec *ret) {
450 _cleanup_free_ char *_dirname = NULL, *_filename = NULL;
451 _cleanup_close_ int dfd = -EBADF;
452 sd_id128_t machine_id;
453 const char *dirname, *filename;
454 int r;
455
456 r = sd_id128_get_machine_app_specific(credential_app_id, &machine_id);
457 if (r < 0)
458 return r;
459
460 const char *e = secure_getenv("SYSTEMD_CREDENTIAL_SECRET");
461 if (e) {
462 if (!path_is_normalized(e))
463 return -EINVAL;
464 if (!path_is_absolute(e))
465 return -EINVAL;
466
467 r = path_extract_directory(e, &_dirname);
468 if (r < 0)
469 return r;
470
471 r = path_extract_filename(e, &_filename);
472 if (r < 0)
473 return r;
474
475 dirname = _dirname;
476 filename = _filename;
477 } else {
478 dirname = "/var/lib/systemd";
479 filename = "credential.secret";
480 }
481
482 assert(dirname);
483 assert(filename);
484
485 mkdir_parents(dirname, 0755);
486 dfd = open_mkdir_at(AT_FDCWD, dirname, O_CLOEXEC, 0755);
487 if (dfd < 0)
488 return log_debug_errno(dfd, "Failed to create or open directory '%s': %m", dirname);
489
490 if (FLAGS_SET(flags, CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS)) {
491 r = fd_is_temporary_fs(dfd);
492 if (r < 0)
493 return log_debug_errno(r, "Failed to check directory '%s': %m", dirname);
494 if (r > 0)
495 return log_debug_errno(SYNTHETIC_ERRNO(ENOMEDIUM),
496 "Directory '%s' is on a temporary file system, refusing.", dirname);
497 }
498
499 for (unsigned attempt = 0;; attempt++) {
500 _cleanup_(erase_and_freep) struct credential_host_secret_format *f = NULL;
501 _cleanup_close_ int fd = -EBADF;
502 size_t l = 0;
503 ssize_t n = 0;
504 struct stat st;
505
506 if (attempt >= 3) /* Somebody is playing games with us */
507 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
508 "All attempts to create secret store in %s failed.", dirname);
509
510 fd = openat(dfd, filename, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW);
511 if (fd < 0) {
512 if (errno != ENOENT || !FLAGS_SET(flags, CREDENTIAL_SECRET_GENERATE))
513 return log_debug_errno(errno,
514 "Failed to open %s/%s: %m", dirname, filename);
515
516
517 r = make_credential_host_secret(dfd, machine_id, flags, dirname, filename, ret);
518 if (r == -EEXIST) {
519 log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
520 dirname, filename);
521 continue;
522 }
523 if (r < 0)
524 return log_debug_errno(r, "Failed to create credential secret %s/%s: %m",
525 dirname, filename);
526 return 0;
527 }
528
529 if (fstat(fd, &st) < 0)
530 return log_debug_errno(errno, "Failed to stat %s/%s: %m", dirname, filename);
531
532 r = stat_verify_regular(&st);
533 if (r < 0)
534 return log_debug_errno(r, "%s/%s is not a regular file: %m", dirname, filename);
535 if (st.st_nlink == 0) /* Deleted by now, try again */
536 continue;
537 if (st.st_nlink > 1)
538 /* Our deletion check won't work if hardlinked somewhere else */
539 return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
540 "%s/%s has too many links, refusing.",
541 dirname, filename);
542 if ((st.st_mode & 07777) != 0400)
543 /* Don't use file if not 0400 access mode */
544 return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
545 "%s/%s has permissive access mode, refusing.",
546 dirname, filename);
547 l = st.st_size;
548 if (l < offsetof(struct credential_host_secret_format, data) + 1)
549 return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
550 "%s/%s is too small, refusing.", dirname, filename);
551 if (l > 16*1024*1024)
552 return log_debug_errno(SYNTHETIC_ERRNO(E2BIG),
553 "%s/%s is too big, refusing.", dirname, filename);
554
555 f = malloc(l+1);
556 if (!f)
557 return log_oom_debug();
558
559 n = read(fd, f, l+1);
560 if (n < 0)
561 return log_debug_errno(errno,
562 "Failed to read %s/%s: %m", dirname, filename);
563 if ((size_t) n != l) /* What? The size changed? */
564 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
565 "Failed to read %s/%s: %m", dirname, filename);
566
567 if (sd_id128_equal(machine_id, f->machine_id)) {
568 size_t sz;
569
570 warn_not_encrypted(fd, flags, dirname, filename);
571
572 sz = l - offsetof(struct credential_host_secret_format, data);
573 assert(sz > 0);
574
575 if (ret) {
576 void *copy;
577
578 assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */
579
580 copy = memdup(f->data, sz);
581 if (!copy)
582 return log_oom_debug();
583
584 *ret = IOVEC_MAKE(copy, sz);
585 }
586
587 return 0;
588 }
589
590 /* Hmm, this secret is from somewhere else. Let's delete the file. Let's first acquire a lock
591 * to ensure we are the only ones accessing the file while we delete it. */
592
593 if (flock(fd, LOCK_EX) < 0)
594 return log_debug_errno(errno,
595 "Failed to flock %s/%s: %m", dirname, filename);
596
597 /* Before we delete it check that the file is still linked into the file system */
598 if (fstat(fd, &st) < 0)
599 return log_debug_errno(errno, "Failed to stat %s/%s: %m", dirname, filename);
600 if (st.st_nlink == 0) /* Already deleted by now? */
601 continue;
602 if (st.st_nlink != 1) /* Safety check, someone is playing games with us */
603 return log_debug_errno(SYNTHETIC_ERRNO(EPERM),
604 "%s/%s unexpectedly has too many links.",
605 dirname, filename);
606 if (unlinkat(dfd, filename, 0) < 0)
607 return log_debug_errno(errno, "Failed to unlink %s/%s: %m", dirname, filename);
608
609 /* And now try again */
610 }
611 }
612
613 /* Construction is like this:
614 *
615 * A symmetric encryption key is derived from:
616 *
617 * 1. Either the "host" key (a key stored in /var/lib/credential.secret)
618 *
619 * 2. A key generated by letting the TPM2 calculate an HMAC hash of some nonce we pass to it, keyed
620 * by a key derived from its internal seed key.
621 *
622 * 3. The concatenation of the above.
623 *
624 * 4. Or a fixed "empty" key. This will not provide confidentiality or authenticity, of course, but is
625 * useful to encode credentials for the initrd on TPM-less systems, where we simply have no better
626 * concept to bind things to. Note that decryption of a key set up like this will be refused on
627 * systems that have a TPM and have SecureBoot enabled.
628 *
629 * The above is hashed with SHA256 which is then used as encryption key for AES256-GCM. The encrypted
630 * credential is a short (unencrypted) header describing which of the three keys to use, the IV to use for
631 * AES256-GCM and some more meta information (sizes of certain objects) that is strictly speaking redundant,
632 * but kinda nice to have since we can have a more generic parser. If the TPM2 key is used this is followed
633 * by another (unencrypted) header, with information about the TPM2 policy used (specifically: the PCR mask
634 * to bind against, and a hash of the resulting policy — the latter being redundant, but speeding up things a
635 * bit, since we can more quickly refuse PCR state), followed by a sealed/exported TPM2 HMAC key. This is
636 * then followed by the encrypted data, which begins with a metadata header (which contains validity
637 * timestamps as well as the credential name), followed by the actual credential payload. The file ends in
638 * the AES256-GCM tag. To make things simple, the AES256-GCM AAD covers the main and the TPM2 header in
639 * full. This means the whole file is either protected by AAD, or is ciphertext, or is the tag. No
640 * unprotected data is included.
641 */
642
643 struct _packed_ encrypted_credential_header {
644 sd_id128_t id;
645 le32_t key_size;
646 le32_t block_size;
647 le32_t iv_size;
648 le32_t tag_size;
649 uint8_t iv[];
650 /* Followed by NUL bytes until next 8 byte boundary */
651 };
652
653 struct _packed_ tpm2_credential_header {
654 le64_t pcr_mask; /* Note that the spec for PC Clients only mandates 24 PCRs, and that's what systems
655 * generally have. But keep the door open for more. */
656 le16_t pcr_bank; /* For now, either TPM2_ALG_SHA256 or TPM2_ALG_SHA1 */
657 le16_t primary_alg; /* Primary key algorithm (either TPM2_ALG_RSA or TPM2_ALG_ECC for now) */
658 le32_t blob_size;
659 le32_t policy_hash_size;
660 uint8_t policy_hash_and_blob[];
661 /* Followed by NUL bytes until next 8 byte boundary */
662 };
663
664 struct _packed_ tpm2_public_key_credential_header {
665 le64_t pcr_mask; /* PCRs used for the public key PCR policy (usually just PCR 11, i.e. the unified kernel) */
666 le32_t size; /* Size of DER public key */
667 uint8_t data[]; /* DER public key */
668 /* Followed by NUL bytes until next 8 byte boundary */
669 };
670
671 struct _packed_ scoped_credential_header {
672 le64_t flags; /* SCOPE_HASH_DATA_BASE_FLAGS for now */
673 };
674
675 /* This header is encrypted */
676 struct _packed_ metadata_credential_header {
677 le64_t timestamp;
678 le64_t not_after;
679 le32_t name_size;
680 char name[];
681 /* Followed by NUL bytes until next 8 byte boundary */
682 };
683
684 struct _packed_ scoped_hash_data {
685 le64_t flags; /* copy of the scoped_credential_header.flags */
686 le32_t uid;
687 sd_id128_t machine_id;
688 char username[]; /* followed by the username */
689 /* Later on we might want to extend this: with a cgroup path to allow per-app secrets, and with the user's $HOME encryption key */
690 };
691
692 enum {
693 /* Flags for scoped_hash_data.flags and scoped_credential_header.flags */
694 SCOPE_HASH_DATA_HAS_UID = 1 << 0,
695 SCOPE_HASH_DATA_HAS_MACHINE = 1 << 1,
696 SCOPE_HASH_DATA_HAS_USERNAME = 1 << 2,
697
698 SCOPE_HASH_DATA_BASE_FLAGS = SCOPE_HASH_DATA_HAS_UID | SCOPE_HASH_DATA_HAS_USERNAME | SCOPE_HASH_DATA_HAS_MACHINE,
699 };
700
701 /* Some generic limit for parts of the encrypted credential for which we don't know the right size ahead of
702 * time, but where we are really sure it won't be larger than this. Should be larger than any possible IV,
703 * padding, tag size and so on. This is purely used for early filtering out of invalid sizes. */
704 #define CREDENTIAL_FIELD_SIZE_MAX (16U*1024U)
705
706 static int sha256_hash_host_and_tpm2_key(
707 const struct iovec *host_key,
708 const struct iovec *tpm2_key,
709 uint8_t ret[static SHA256_DIGEST_LENGTH]) {
710
711 _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md = NULL;
712 unsigned l;
713
714 assert(iovec_is_valid(host_key));
715 assert(iovec_is_valid(tpm2_key));
716 assert(ret);
717
718 /* Combines the host key and the TPM2 HMAC hash into a SHA256 hash value we'll use as symmetric encryption key. */
719
720 md = EVP_MD_CTX_new();
721 if (!md)
722 return log_oom();
723
724 if (EVP_DigestInit_ex(md, EVP_sha256(), NULL) != 1)
725 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initial SHA256 context.");
726
727 if (iovec_is_set(host_key) && EVP_DigestUpdate(md, host_key->iov_base, host_key->iov_len) != 1)
728 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash host key.");
729
730 if (iovec_is_set(tpm2_key) && EVP_DigestUpdate(md, tpm2_key->iov_base, tpm2_key->iov_len) != 1)
731 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash TPM2 key.");
732
733 assert(EVP_MD_CTX_size(md) == SHA256_DIGEST_LENGTH);
734
735 if (EVP_DigestFinal_ex(md, ret, &l) != 1)
736 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize SHA256 hash.");
737
738 assert(l == SHA256_DIGEST_LENGTH);
739 return 0;
740 }
741
742 static int mangle_uid_into_key(
743 uid_t uid,
744 uint8_t md[static SHA256_DIGEST_LENGTH]) {
745
746 sd_id128_t mid;
747 int r;
748
749 assert(uid_is_valid(uid));
750 assert(md);
751
752 /* If we shall encrypt for a specific user, we HMAC() a structure with the user's credentials
753 * (specifically, UID, user name, machine ID) with the key we'd otherwise use for system credentials,
754 * and use the resulting hash as actual encryption key. */
755
756 errno = 0;
757 struct passwd *pw = getpwuid(uid);
758 if (!pw)
759 return log_error_errno(
760 IN_SET(errno, 0, ENOENT) ? SYNTHETIC_ERRNO(ESRCH) : errno,
761 "Failed to resolve UID " UID_FMT ": %m", uid);
762
763 r = sd_id128_get_machine(&mid);
764 if (r < 0)
765 return log_error_errno(r, "Failed to read machine ID: %m");
766
767 size_t sz = offsetof(struct scoped_hash_data, username) + strlen(pw->pw_name) + 1;
768 _cleanup_free_ struct scoped_hash_data *d = malloc0(sz);
769 if (!d)
770 return log_oom();
771
772 d->flags = htole64(SCOPE_HASH_DATA_BASE_FLAGS);
773 d->uid = htole32(uid);
774 d->machine_id = mid;
775
776 strcpy(d->username, pw->pw_name);
777
778 _cleanup_(erase_and_freep) void *buf = NULL;
779 size_t buf_size = 0;
780 r = openssl_hmac_many(
781 "sha256",
782 md, SHA256_DIGEST_LENGTH,
783 &IOVEC_MAKE(d, sz), 1,
784 &buf, &buf_size);
785 if (r < 0)
786 return r;
787
788 assert(buf_size == SHA256_DIGEST_LENGTH);
789 memcpy(md, buf, buf_size);
790
791 return 0;
792 }
793
794 int encrypt_credential_and_warn(
795 sd_id128_t with_key,
796 const char *name,
797 usec_t timestamp,
798 usec_t not_after,
799 const char *tpm2_device,
800 uint32_t tpm2_hash_pcr_mask,
801 const char *tpm2_pubkey_path,
802 uint32_t tpm2_pubkey_pcr_mask,
803 uid_t uid,
804 const struct iovec *input,
805 CredentialFlags flags,
806 struct iovec *ret) {
807
808 _cleanup_(iovec_done) struct iovec tpm2_blob = {}, tpm2_policy_hash = {}, iv = {}, pubkey = {};
809 _cleanup_(iovec_done_erase) struct iovec tpm2_key = {}, output = {}, host_key = {};
810 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
811 _cleanup_free_ struct metadata_credential_header *m = NULL;
812 uint16_t tpm2_pcr_bank = 0, tpm2_primary_alg = 0;
813 struct encrypted_credential_header *h;
814 int ksz, bsz, ivsz, tsz, added, r;
815 uint8_t md[SHA256_DIGEST_LENGTH];
816 const EVP_CIPHER *cc;
817 sd_id128_t id;
818 size_t p, ml;
819
820 assert(iovec_is_valid(input));
821 assert(ret);
822
823 if (!sd_id128_in_set(with_key,
824 _CRED_AUTO,
825 _CRED_AUTO_INITRD,
826 _CRED_AUTO_SCOPED,
827 CRED_AES256_GCM_BY_HOST,
828 CRED_AES256_GCM_BY_HOST_SCOPED,
829 CRED_AES256_GCM_BY_TPM2_HMAC,
830 CRED_AES256_GCM_BY_TPM2_HMAC_WITH_PK,
831 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC,
832 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED,
833 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK,
834 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED,
835 CRED_AES256_GCM_BY_NULL))
836 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid key type: " SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(with_key));
837
838 if (name && !credential_name_valid(name))
839 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid credential name: %s", name);
840
841 if (not_after != USEC_INFINITY && timestamp != USEC_INFINITY && not_after < timestamp)
842 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential is invalidated before it is valid (" USEC_FMT " < " USEC_FMT ").", not_after, timestamp);
843
844 if (DEBUG_LOGGING) {
845 char buf[FORMAT_TIMESTAMP_MAX];
846
847 if (name)
848 log_debug("Including credential name '%s' in encrypted credential.", name);
849 if (timestamp != USEC_INFINITY)
850 log_debug("Including timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), timestamp));
851 if (not_after != USEC_INFINITY)
852 log_debug("Including not-after timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), not_after));
853 }
854
855 if (sd_id128_in_set(with_key,
856 _CRED_AUTO_SCOPED,
857 CRED_AES256_GCM_BY_HOST_SCOPED,
858 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED,
859 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED)) {
860 if (!uid_is_valid(uid))
861 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Scoped credential selected, but no UID specified.");
862 } else
863 uid = UID_INVALID;
864
865 if (sd_id128_in_set(with_key,
866 _CRED_AUTO,
867 _CRED_AUTO_SCOPED,
868 CRED_AES256_GCM_BY_HOST,
869 CRED_AES256_GCM_BY_HOST_SCOPED,
870 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC,
871 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED,
872 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK,
873 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED)) {
874
875 r = get_credential_host_secret(
876 CREDENTIAL_SECRET_GENERATE|
877 CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED|
878 (sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_SCOPED) ? CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS : 0),
879 &host_key);
880 if (r == -ENOMEDIUM && sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_SCOPED))
881 log_debug_errno(r, "Credential host secret location on temporary file system, not using.");
882 else if (r < 0)
883 return log_error_errno(r, "Failed to determine local credential host secret: %m");
884 }
885
886 #if HAVE_TPM2
887 bool try_tpm2;
888 if (sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_INITRD, _CRED_AUTO_SCOPED)) {
889 /* If automatic mode is selected lets see if a TPM2 it is present. If we are running in a
890 * container tpm2_support will detect this, and will return a different flag combination of
891 * TPM2_SUPPORT_FULL, effectively skipping the use of TPM2 when inside one. */
892
893 try_tpm2 = tpm2_support() == TPM2_SUPPORT_FULL;
894 if (!try_tpm2)
895 log_debug("System lacks TPM2 support or running in a container, not attempting to use TPM2.");
896 } else
897 try_tpm2 = sd_id128_in_set(with_key,
898 CRED_AES256_GCM_BY_TPM2_HMAC,
899 CRED_AES256_GCM_BY_TPM2_HMAC_WITH_PK,
900 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC,
901 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED,
902 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK,
903 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED);
904
905 if (try_tpm2) {
906 if (sd_id128_in_set(with_key,
907 _CRED_AUTO,
908 _CRED_AUTO_INITRD,
909 _CRED_AUTO_SCOPED,
910 CRED_AES256_GCM_BY_TPM2_HMAC_WITH_PK,
911 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK,
912 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED)) {
913
914 /* Load public key for PCR policies, if one is specified, or explicitly requested */
915
916 r = tpm2_load_pcr_public_key(tpm2_pubkey_path, &pubkey.iov_base, &pubkey.iov_len);
917 if (r < 0) {
918 if (tpm2_pubkey_path || r != -ENOENT || !sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_INITRD, _CRED_AUTO_SCOPED))
919 return log_error_errno(r, "Failed read TPM PCR public key: %m");
920
921 log_debug_errno(r, "Failed to read TPM2 PCR public key, proceeding without: %m");
922 }
923 }
924
925 if (!iovec_is_set(&pubkey))
926 tpm2_pubkey_pcr_mask = 0;
927
928 _cleanup_(tpm2_context_unrefp) Tpm2Context *tpm2_context = NULL;
929 r = tpm2_context_new(tpm2_device, &tpm2_context);
930 if (r < 0)
931 return log_error_errno(r, "Failed to create TPM2 context: %m");
932
933 r = tpm2_get_best_pcr_bank(tpm2_context, tpm2_hash_pcr_mask | tpm2_pubkey_pcr_mask, &tpm2_pcr_bank);
934 if (r < 0)
935 return log_error_errno(r, "Could not find best pcr bank: %m");
936
937 TPML_PCR_SELECTION tpm2_hash_pcr_selection;
938 tpm2_tpml_pcr_selection_from_mask(tpm2_hash_pcr_mask, tpm2_pcr_bank, &tpm2_hash_pcr_selection);
939
940 _cleanup_free_ Tpm2PCRValue *tpm2_hash_pcr_values = NULL;
941 size_t tpm2_n_hash_pcr_values;
942 r = tpm2_pcr_read(tpm2_context, &tpm2_hash_pcr_selection, &tpm2_hash_pcr_values, &tpm2_n_hash_pcr_values);
943 if (r < 0)
944 return log_error_errno(r, "Could not read PCR values: %m");
945
946 TPM2B_PUBLIC public;
947 if (iovec_is_set(&pubkey)) {
948 r = tpm2_tpm2b_public_from_pem(pubkey.iov_base, pubkey.iov_len, &public);
949 if (r < 0)
950 return log_error_errno(r, "Could not convert public key to TPM2B_PUBLIC: %m");
951 }
952
953 TPM2B_DIGEST tpm2_policy = TPM2B_DIGEST_MAKE(NULL, TPM2_SHA256_DIGEST_SIZE);
954 r = tpm2_calculate_sealing_policy(
955 tpm2_hash_pcr_values,
956 tpm2_n_hash_pcr_values,
957 iovec_is_set(&pubkey) ? &public : NULL,
958 /* use_pin= */ false,
959 /* pcrlock_policy= */ NULL,
960 &tpm2_policy);
961 if (r < 0)
962 return log_error_errno(r, "Could not calculate sealing policy digest: %m");
963
964 r = tpm2_seal(tpm2_context,
965 /* seal_key_handle= */ 0,
966 &tpm2_policy,
967 /* pin= */ NULL,
968 &tpm2_key,
969 &tpm2_blob,
970 &tpm2_primary_alg,
971 /* ret_srk= */ NULL);
972 if (r < 0) {
973 if (sd_id128_equal(with_key, _CRED_AUTO_INITRD))
974 log_warning("TPM2 present and used, but we didn't manage to talk to it. Credential will be refused if SecureBoot is enabled.");
975 else if (!sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_SCOPED))
976 return log_error_errno(r, "Failed to seal to TPM2: %m");
977
978 log_notice_errno(r, "TPM2 sealing didn't work, continuing without TPM2: %m");
979 }
980
981 if (!iovec_memdup(&IOVEC_MAKE(tpm2_policy.buffer, tpm2_policy.size), &tpm2_policy_hash))
982 return log_oom();
983
984 assert(tpm2_blob.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
985 assert(tpm2_policy_hash.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
986 }
987 #endif
988
989 if (sd_id128_in_set(with_key, _CRED_AUTO, _CRED_AUTO_INITRD, _CRED_AUTO_SCOPED)) {
990 /* Let's settle the key type in auto mode now. */
991
992 if (iovec_is_set(&host_key) && iovec_is_set(&tpm2_key))
993 id = iovec_is_set(&pubkey) ? (sd_id128_equal(with_key, _CRED_AUTO_SCOPED) ?
994 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED : CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK)
995 : (sd_id128_equal(with_key, _CRED_AUTO_SCOPED) ?
996 CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED : CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC);
997 else if (iovec_is_set(&tpm2_key) && !sd_id128_equal(with_key, _CRED_AUTO_SCOPED))
998 id = iovec_is_set(&pubkey) ? CRED_AES256_GCM_BY_TPM2_HMAC_WITH_PK : CRED_AES256_GCM_BY_TPM2_HMAC;
999 else if (iovec_is_set(&host_key))
1000 id = sd_id128_equal(with_key, _CRED_AUTO_SCOPED) ? CRED_AES256_GCM_BY_HOST_SCOPED : CRED_AES256_GCM_BY_HOST;
1001 else if (sd_id128_equal(with_key, _CRED_AUTO_INITRD))
1002 id = CRED_AES256_GCM_BY_NULL;
1003 else
1004 return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
1005 "TPM2 not available and host key located on temporary file system, no encryption key available.");
1006 } else
1007 id = with_key;
1008
1009 if (sd_id128_equal(id, CRED_AES256_GCM_BY_NULL) && !FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL))
1010 log_warning("Using a null key for encryption and signing. Confidentiality or authenticity will not be provided.");
1011
1012 /* Let's now take the host key and the TPM2 key and hash it together, to use as encryption key for the data */
1013 r = sha256_hash_host_and_tpm2_key(&host_key, &tpm2_key, md);
1014 if (r < 0)
1015 return r;
1016
1017 if (uid_is_valid(uid)) {
1018 r = mangle_uid_into_key(uid, md);
1019 if (r < 0)
1020 return r;
1021 }
1022
1023 assert_se(cc = EVP_aes_256_gcm());
1024
1025 ksz = EVP_CIPHER_key_length(cc);
1026 assert(ksz == sizeof(md));
1027
1028 bsz = EVP_CIPHER_block_size(cc);
1029 assert(bsz > 0);
1030 assert((size_t) bsz <= CREDENTIAL_FIELD_SIZE_MAX);
1031
1032 ivsz = EVP_CIPHER_iv_length(cc);
1033 if (ivsz > 0) {
1034 assert((size_t) ivsz <= CREDENTIAL_FIELD_SIZE_MAX);
1035
1036 iv.iov_base = malloc(ivsz);
1037 if (!iv.iov_base)
1038 return log_oom();
1039
1040 iv.iov_len = ivsz;
1041
1042 r = crypto_random_bytes(iv.iov_base, iv.iov_len);
1043 if (r < 0)
1044 return log_error_errno(r, "Failed to acquired randomized IV: %m");
1045 }
1046
1047 tsz = 16; /* FIXME: On OpenSSL 3 there is EVP_CIPHER_CTX_get_tag_length(), until then let's hardcode this */
1048
1049 context = EVP_CIPHER_CTX_new();
1050 if (!context)
1051 return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate encryption object: %s",
1052 ERR_error_string(ERR_get_error(), NULL));
1053
1054 if (EVP_EncryptInit_ex(context, cc, NULL, md, iv.iov_base) != 1)
1055 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize encryption context: %s",
1056 ERR_error_string(ERR_get_error(), NULL));
1057
1058 /* Just an upper estimate */
1059 output.iov_len =
1060 ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz) +
1061 ALIGN8(iovec_is_set(&tpm2_key) ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob.iov_len + tpm2_policy_hash.iov_len : 0) +
1062 ALIGN8(iovec_is_set(&pubkey) ? offsetof(struct tpm2_public_key_credential_header, data) + pubkey.iov_len : 0) +
1063 ALIGN8(uid_is_valid(uid) ? sizeof(struct scoped_credential_header) : 0) +
1064 ALIGN8(offsetof(struct metadata_credential_header, name) + strlen_ptr(name)) +
1065 input->iov_len + 2U * (size_t) bsz +
1066 tsz;
1067
1068 output.iov_base = malloc0(output.iov_len);
1069 if (!output.iov_base)
1070 return log_oom();
1071
1072 h = (struct encrypted_credential_header*) output.iov_base;
1073 h->id = id;
1074 h->block_size = htole32(bsz);
1075 h->key_size = htole32(ksz);
1076 h->tag_size = htole32(tsz);
1077 h->iv_size = htole32(ivsz);
1078 memcpy(h->iv, iv.iov_base, ivsz);
1079
1080 p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz);
1081
1082 if (iovec_is_set(&tpm2_key)) {
1083 struct tpm2_credential_header *t;
1084
1085 t = (struct tpm2_credential_header*) ((uint8_t*) output.iov_base + p);
1086 t->pcr_mask = htole64(tpm2_hash_pcr_mask);
1087 t->pcr_bank = htole16(tpm2_pcr_bank);
1088 t->primary_alg = htole16(tpm2_primary_alg);
1089 t->blob_size = htole32(tpm2_blob.iov_len);
1090 t->policy_hash_size = htole32(tpm2_policy_hash.iov_len);
1091 memcpy(t->policy_hash_and_blob, tpm2_blob.iov_base, tpm2_blob.iov_len);
1092 memcpy(t->policy_hash_and_blob + tpm2_blob.iov_len, tpm2_policy_hash.iov_base, tpm2_policy_hash.iov_len);
1093
1094 p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob.iov_len + tpm2_policy_hash.iov_len);
1095 }
1096
1097 if (iovec_is_set(&pubkey)) {
1098 struct tpm2_public_key_credential_header *z;
1099
1100 z = (struct tpm2_public_key_credential_header*) ((uint8_t*) output.iov_base + p);
1101 z->pcr_mask = htole64(tpm2_pubkey_pcr_mask);
1102 z->size = htole32(pubkey.iov_len);
1103 memcpy(z->data, pubkey.iov_base, pubkey.iov_len);
1104
1105 p += ALIGN8(offsetof(struct tpm2_public_key_credential_header, data) + pubkey.iov_len);
1106 }
1107
1108 if (uid_is_valid(uid)) {
1109 struct scoped_credential_header *w;
1110
1111 w = (struct scoped_credential_header*) ((uint8_t*) output.iov_base + p);
1112 w->flags = htole64(SCOPE_HASH_DATA_BASE_FLAGS);
1113
1114 p += ALIGN8(sizeof(struct scoped_credential_header));
1115 }
1116
1117 /* Pass the encrypted + TPM2 header + scoped header as AAD */
1118 if (EVP_EncryptUpdate(context, NULL, &added, output.iov_base, p) != 1)
1119 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s",
1120 ERR_error_string(ERR_get_error(), NULL));
1121
1122 /* Now construct the metadata header */
1123 ml = strlen_ptr(name);
1124 m = malloc0(ALIGN8(offsetof(struct metadata_credential_header, name) + ml));
1125 if (!m)
1126 return log_oom();
1127
1128 m->timestamp = htole64(timestamp);
1129 m->not_after = htole64(not_after);
1130 m->name_size = htole32(ml);
1131 memcpy_safe(m->name, name, ml);
1132
1133 /* And encrypt the metadata header */
1134 if (EVP_EncryptUpdate(context, (uint8_t*) output.iov_base + p, &added, (const unsigned char*) m, ALIGN8(offsetof(struct metadata_credential_header, name) + ml)) != 1)
1135 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt metadata header: %s",
1136 ERR_error_string(ERR_get_error(), NULL));
1137
1138 assert(added >= 0);
1139 assert((size_t) added <= output.iov_len - p);
1140 p += added;
1141
1142 /* Then encrypt the plaintext */
1143 if (EVP_EncryptUpdate(context, (uint8_t*) output.iov_base + p, &added, input->iov_base, input->iov_len) != 1)
1144 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt data: %s",
1145 ERR_error_string(ERR_get_error(), NULL));
1146
1147 assert(added >= 0);
1148 assert((size_t) added <= output.iov_len - p);
1149 p += added;
1150
1151 /* Finalize */
1152 if (EVP_EncryptFinal_ex(context, (uint8_t*) output.iov_base + p, &added) != 1)
1153 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize data encryption: %s",
1154 ERR_error_string(ERR_get_error(), NULL));
1155
1156 assert(added >= 0);
1157 assert((size_t) added <= output.iov_len - p);
1158 p += added;
1159
1160 assert(p <= output.iov_len - tsz);
1161
1162 /* Append tag */
1163 if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_GET_TAG, tsz, (uint8_t*) output.iov_base + p) != 1)
1164 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get tag: %s",
1165 ERR_error_string(ERR_get_error(), NULL));
1166
1167 p += tsz;
1168 assert(p <= output.iov_len);
1169 output.iov_len = p;
1170
1171 if (DEBUG_LOGGING && input->iov_len > 0) {
1172 size_t base64_size;
1173
1174 base64_size = DIV_ROUND_UP(output.iov_len * 4, 3); /* Include base64 size increase in debug output */
1175 assert(base64_size >= input->iov_len);
1176 log_debug("Input of %zu bytes grew to output of %zu bytes (+%2zu%%).", input->iov_len, base64_size, base64_size * 100 / input->iov_len - 100);
1177 }
1178
1179 *ret = TAKE_STRUCT(output);
1180 return 0;
1181 }
1182
1183 int decrypt_credential_and_warn(
1184 const char *validate_name,
1185 usec_t validate_timestamp,
1186 const char *tpm2_device,
1187 const char *tpm2_signature_path,
1188 uid_t uid,
1189 const struct iovec *input,
1190 CredentialFlags flags,
1191 struct iovec *ret) {
1192
1193 _cleanup_(iovec_done_erase) struct iovec host_key = {}, plaintext = {}, tpm2_key = {};
1194 _cleanup_(json_variant_unrefp) JsonVariant *signature_json = NULL;
1195 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
1196 struct encrypted_credential_header *h;
1197 struct metadata_credential_header *m;
1198 uint8_t md[SHA256_DIGEST_LENGTH];
1199 bool with_tpm2, with_tpm2_pk, with_host_key, with_null, with_scope;
1200 const EVP_CIPHER *cc;
1201 size_t p, hs;
1202 int r, added;
1203
1204 assert(iovec_is_valid(input));
1205 assert(ret);
1206
1207 h = (struct encrypted_credential_header*) input->iov_base;
1208
1209 /* The ID must fit in, for the current and all future formats */
1210 if (input->iov_len < sizeof(h->id))
1211 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
1212
1213 with_host_key = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_SCOPED, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED);
1214 with_tpm2_pk = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_TPM2_HMAC_WITH_PK, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED);
1215 with_tpm2 = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED) || with_tpm2_pk;
1216 with_null = sd_id128_equal(h->id, CRED_AES256_GCM_BY_NULL);
1217 with_scope = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_HOST_SCOPED, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED);
1218
1219 if (!with_host_key && !with_tpm2 && !with_null)
1220 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Unknown encryption format, or corrupted data: %m");
1221
1222 if (with_tpm2_pk) {
1223 r = tpm2_load_pcr_signature(tpm2_signature_path, &signature_json);
1224 if (r < 0)
1225 return log_error_errno(r, "Failed to load pcr signature: %m");
1226 }
1227
1228 if (with_null && !FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL)) {
1229 /* So this is a credential encrypted with a zero length key. We support this to cover for the
1230 * case where neither a host key not a TPM2 are available (specifically: initrd environments
1231 * where the host key is not yet accessible and no TPM2 chip exists at all), to minimize
1232 * different codeflow for TPM2 and non-TPM2 codepaths. Of course, credentials encoded this
1233 * way offer no confidentiality nor authenticity. Because of that it's important we refuse to
1234 * use them on systems that actually *do* have a TPM2 chip – if we are in SecureBoot
1235 * mode. Otherwise an attacker could hand us credentials like this and we'd use them thinking
1236 * they are trusted, even though they are not. */
1237
1238 if (efi_has_tpm2()) {
1239 if (is_efi_secure_boot())
1240 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
1241 "Credential uses fixed key for fallback use when TPM2 is absent — but TPM2 is present, and SecureBoot is enabled, refusing.");
1242
1243 log_warning("Credential uses fixed key for use when TPM2 is absent, but TPM2 is present! Accepting anyway, since SecureBoot is disabled.");
1244 } else
1245 log_debug("Credential uses fixed key for use when TPM2 is absent, and TPM2 indeed is absent. Accepting.");
1246 }
1247
1248 if (with_scope) {
1249 if (!uid_is_valid(uid))
1250 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Encrypted file is scoped to a user, but no user selected.");
1251 } else {
1252 /* Refuse to unlock system credentials if user scope is requested. */
1253 if (uid_is_valid(uid) && !FLAGS_SET(flags, CREDENTIAL_ANY_SCOPE))
1254 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "Encrypted file is scoped to the system, but user scope selected.");
1255
1256 uid = UID_INVALID;
1257 }
1258
1259 /* Now we know the minimum header size */
1260 if (input->iov_len < offsetof(struct encrypted_credential_header, iv))
1261 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
1262
1263 /* Verify some basic header values */
1264 if (le32toh(h->key_size) != sizeof(md))
1265 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header.");
1266 if (le32toh(h->block_size) <= 0 || le32toh(h->block_size) > CREDENTIAL_FIELD_SIZE_MAX)
1267 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header.");
1268 if (le32toh(h->iv_size) > CREDENTIAL_FIELD_SIZE_MAX)
1269 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "IV size too large.");
1270 if (le32toh(h->tag_size) != 16) /* FIXME: On OpenSSL 3, let's verify via EVP_CIPHER_CTX_get_tag_length() */
1271 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected tag size in header.");
1272
1273 /* Ensure we have space for the full header now (we don't know the size of the name hence this is a
1274 * lower limit only) */
1275 if (input->iov_len <
1276 ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) +
1277 ALIGN8(with_tpm2 ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) : 0) +
1278 ALIGN8(with_tpm2_pk ? offsetof(struct tpm2_public_key_credential_header, data) : 0) +
1279 ALIGN8(with_scope ? sizeof(struct scoped_credential_header) : 0) +
1280 ALIGN8(offsetof(struct metadata_credential_header, name)) +
1281 le32toh(h->tag_size))
1282 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
1283
1284 p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size));
1285
1286 if (with_tpm2) {
1287 #if HAVE_TPM2
1288 struct tpm2_credential_header* t = (struct tpm2_credential_header*) ((uint8_t*) input->iov_base + p);
1289 struct tpm2_public_key_credential_header *z = NULL;
1290
1291 if (!TPM2_PCR_MASK_VALID(t->pcr_mask))
1292 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range.");
1293 if (!tpm2_hash_alg_to_string(le16toh(t->pcr_bank)))
1294 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported");
1295 if (!tpm2_asym_alg_to_string(le16toh(t->primary_alg)))
1296 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported.");
1297 if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX)
1298 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size.");
1299 if (le32toh(t->policy_hash_size) > CREDENTIAL_FIELD_SIZE_MAX)
1300 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 policy hash size.");
1301
1302 /* Ensure we have space for the full TPM2 header now (still don't know the name, and its size
1303 * though, hence still just a lower limit test only) */
1304 if (input->iov_len <
1305 p +
1306 ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + le32toh(t->blob_size) + le32toh(t->policy_hash_size)) +
1307 ALIGN8(with_tpm2_pk ? offsetof(struct tpm2_public_key_credential_header, data) : 0) +
1308 ALIGN8(with_scope ? sizeof(struct scoped_credential_header) : 0) +
1309 ALIGN8(offsetof(struct metadata_credential_header, name)) +
1310 le32toh(h->tag_size))
1311 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
1312
1313 p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) +
1314 le32toh(t->blob_size) +
1315 le32toh(t->policy_hash_size));
1316
1317 if (with_tpm2_pk) {
1318 z = (struct tpm2_public_key_credential_header*) ((uint8_t*) input->iov_base + p);
1319
1320 if (!TPM2_PCR_MASK_VALID(le64toh(z->pcr_mask)) || le64toh(z->pcr_mask) == 0)
1321 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range.");
1322 if (le32toh(z->size) > PUBLIC_KEY_MAX)
1323 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected public key size.");
1324
1325 if (input->iov_len <
1326 p +
1327 ALIGN8(offsetof(struct tpm2_public_key_credential_header, data) + le32toh(z->size)) +
1328 ALIGN8(with_scope ? sizeof(struct scoped_credential_header) : 0) +
1329 ALIGN8(offsetof(struct metadata_credential_header, name)) +
1330 le32toh(h->tag_size))
1331 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
1332
1333 p += ALIGN8(offsetof(struct tpm2_public_key_credential_header, data) +
1334 le32toh(z->size));
1335 }
1336
1337 _cleanup_(tpm2_context_unrefp) Tpm2Context *tpm2_context = NULL;
1338 r = tpm2_context_new(tpm2_device, &tpm2_context);
1339 if (r < 0)
1340 return r;
1341
1342 // TODO: Add the SRK data to the credential structure so it can be plumbed
1343 // through and used to verify the TPM session.
1344 r = tpm2_unseal(tpm2_context,
1345 le64toh(t->pcr_mask),
1346 le16toh(t->pcr_bank),
1347 z ? &IOVEC_MAKE(z->data, le32toh(z->size)) : NULL,
1348 z ? le64toh(z->pcr_mask) : 0,
1349 signature_json,
1350 /* pin= */ NULL,
1351 /* pcrlock_policy= */ NULL,
1352 le16toh(t->primary_alg),
1353 &IOVEC_MAKE(t->policy_hash_and_blob, le32toh(t->blob_size)),
1354 &IOVEC_MAKE(t->policy_hash_and_blob + le32toh(t->blob_size), le32toh(t->policy_hash_size)),
1355 /* srk= */ NULL,
1356 &tpm2_key);
1357 if (r < 0)
1358 return log_error_errno(r, "Failed to unseal secret using TPM2: %m");
1359 #else
1360 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Credential requires TPM2 support, but TPM2 support not available.");
1361 #endif
1362 }
1363
1364 if (with_scope) {
1365 struct scoped_credential_header* sh = (struct scoped_credential_header*) ((uint8_t*) input->iov_base + p);
1366
1367 if (le64toh(sh->flags) != SCOPE_HASH_DATA_BASE_FLAGS)
1368 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Scoped credential with unsupported flags.");
1369
1370 if (input->iov_len <
1371 p +
1372 sizeof(struct scoped_credential_header) +
1373 ALIGN8(offsetof(struct metadata_credential_header, name)) +
1374 le32toh(h->tag_size))
1375 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short.");
1376
1377 p += sizeof(struct scoped_credential_header);
1378 }
1379
1380 if (with_host_key) {
1381 r = get_credential_host_secret(/* flags= */ 0, &host_key);
1382 if (r < 0)
1383 return log_error_errno(r, "Failed to determine local credential key: %m");
1384 }
1385
1386 if (with_null && !FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL))
1387 log_warning("Warning: using a null key for decryption and authentication. Confidentiality or authenticity are not provided.");
1388
1389 sha256_hash_host_and_tpm2_key(&host_key, &tpm2_key, md);
1390
1391 if (with_scope) {
1392 r = mangle_uid_into_key(uid, md);
1393 if (r < 0)
1394 return r;
1395 }
1396
1397 assert_se(cc = EVP_aes_256_gcm());
1398
1399 /* Make sure cipher expectations match the header */
1400 if (EVP_CIPHER_key_length(cc) != (int) le32toh(h->key_size))
1401 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header.");
1402 if (EVP_CIPHER_block_size(cc) != (int) le32toh(h->block_size))
1403 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header.");
1404
1405 context = EVP_CIPHER_CTX_new();
1406 if (!context)
1407 return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate decryption object: %s",
1408 ERR_error_string(ERR_get_error(), NULL));
1409
1410 if (EVP_DecryptInit_ex(context, cc, NULL, NULL, NULL) != 1)
1411 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize decryption context: %s",
1412 ERR_error_string(ERR_get_error(), NULL));
1413
1414 if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_IVLEN, le32toh(h->iv_size), NULL) != 1)
1415 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV size on decryption context: %s",
1416 ERR_error_string(ERR_get_error(), NULL));
1417
1418 if (EVP_DecryptInit_ex(context, NULL, NULL, md, h->iv) != 1)
1419 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV and key: %s",
1420 ERR_error_string(ERR_get_error(), NULL));
1421
1422 if (EVP_DecryptUpdate(context, NULL, &added, input->iov_base, p) != 1)
1423 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s",
1424 ERR_error_string(ERR_get_error(), NULL));
1425
1426 plaintext.iov_base = malloc(input->iov_len - p - le32toh(h->tag_size));
1427 if (!plaintext.iov_base)
1428 return -ENOMEM;
1429
1430 if (EVP_DecryptUpdate(
1431 context,
1432 plaintext.iov_base,
1433 &added,
1434 (uint8_t*) input->iov_base + p,
1435 input->iov_len - p - le32toh(h->tag_size)) != 1)
1436 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decrypt data: %s",
1437 ERR_error_string(ERR_get_error(), NULL));
1438
1439 assert(added >= 0);
1440 assert((size_t) added <= input->iov_len - p - le32toh(h->tag_size));
1441 plaintext.iov_len = added;
1442
1443 if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_TAG, le32toh(h->tag_size), (uint8_t*) input->iov_base + input->iov_len - le32toh(h->tag_size)) != 1)
1444 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set tag: %s",
1445 ERR_error_string(ERR_get_error(), NULL));
1446
1447 if (EVP_DecryptFinal_ex(context, (uint8_t*) plaintext.iov_base + plaintext.iov_len, &added) != 1)
1448 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Decryption failed (incorrect key?): %s",
1449 ERR_error_string(ERR_get_error(), NULL));
1450
1451 plaintext.iov_len += added;
1452
1453 if (plaintext.iov_len < ALIGN8(offsetof(struct metadata_credential_header, name)))
1454 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete.");
1455
1456 m = plaintext.iov_base;
1457
1458 if (le64toh(m->timestamp) != USEC_INFINITY &&
1459 le64toh(m->not_after) != USEC_INFINITY &&
1460 le64toh(m->timestamp) >= le64toh(m->not_after))
1461 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Timestamps of credential are not in order, refusing.");
1462
1463 if (le32toh(m->name_size) > CREDENTIAL_NAME_MAX)
1464 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name too long, refusing.");
1465
1466 hs = ALIGN8(offsetof(struct metadata_credential_header, name) + le32toh(m->name_size));
1467 if (plaintext.iov_len < hs)
1468 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete.");
1469
1470 if (le32toh(m->name_size) > 0) {
1471 _cleanup_free_ char *embedded_name = NULL;
1472
1473 r = make_cstring(m->name, le32toh(m->name_size), MAKE_CSTRING_REFUSE_TRAILING_NUL, &embedded_name);
1474 if (r < 0)
1475 return log_error_errno(r, "Unable to convert embedded credential name to C string: %m");
1476
1477 if (!credential_name_valid(embedded_name))
1478 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name is not valid, refusing.");
1479
1480 if (validate_name && !streq(embedded_name, validate_name)) {
1481
1482 r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
1483 if (r < 0 && r != -ENXIO)
1484 log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m");
1485 if (r != 0)
1486 return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "Embedded credential name '%s' does not match filename '%s', refusing.", embedded_name, validate_name);
1487
1488 log_debug("Embedded credential name '%s' does not match expected name '%s', but configured to use credential anyway.", embedded_name, validate_name);
1489 }
1490 }
1491
1492 if (validate_timestamp != USEC_INFINITY) {
1493 if (le64toh(m->timestamp) != USEC_INFINITY && le64toh(m->timestamp) > validate_timestamp)
1494 log_debug("Credential timestamp is from the future, assuming clock skew.");
1495
1496 if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) {
1497
1498 r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
1499 if (r < 0 && r != -ENXIO)
1500 log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m");
1501 if (r != 0)
1502 return log_error_errno(SYNTHETIC_ERRNO(ESTALE), "Credential's time passed, refusing to use.");
1503
1504 log_debug("Credential not-after timestamp has passed, but configured to use credential anyway.");
1505 }
1506 }
1507
1508 if (ret) {
1509 _cleanup_(iovec_done_erase) struct iovec without_metadata = {};
1510
1511 without_metadata.iov_len = plaintext.iov_len - hs;
1512 without_metadata.iov_base = memdup_suffix0((uint8_t*) plaintext.iov_base + hs, without_metadata.iov_len);
1513 if (!without_metadata.iov_base)
1514 return log_oom();
1515
1516 *ret = TAKE_STRUCT(without_metadata);
1517 }
1518
1519 return 0;
1520 }
1521
1522 #else
1523
1524 int get_credential_host_secret(CredentialSecretFlags flags, struct iovec *ret) {
1525 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available.");
1526 }
1527
1528 int encrypt_credential_and_warn(sd_id128_t with_key, const char *name, usec_t timestamp, usec_t not_after, const char *tpm2_device, uint32_t tpm2_hash_pcr_mask, const char *tpm2_pubkey_path, uint32_t tpm2_pubkey_pcr_mask, uid_t uid, const struct iovec *input, CredentialFlags flags, struct iovec *ret) {
1529 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available.");
1530 }
1531
1532 int decrypt_credential_and_warn(const char *validate_name, usec_t validate_timestamp, const char *tpm2_device, const char *tpm2_signature_path, uid_t uid, const struct iovec *input, CredentialFlags flags, struct iovec *ret) {
1533 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available.");
1534 }
1535
1536 #endif
Unnamed repository; edit this file 'description' to name the repository.