/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#include <errno.h>
-
-#include "modhex.h"
-#include "macro.h"
#include "memory-util.h"
+#include "random-util.h"
+#include "recovery-key.h"
const char modhex_alphabet[16] = {
'c', 'b', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'n', 'r', 't', 'u', 'v'
l = strlen(password);
if (!IN_SET(l,
- MODHEX_RAW_LENGTH*2, /* syntax without dashes */
- MODHEX_FORMATTED_LENGTH-1)) /* syntax with dashes */
+ RECOVERY_KEY_MODHEX_RAW_LENGTH*2, /* syntax without dashes */
+ RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1)) /* syntax with dashes */
return -EINVAL;
- mangled = new(char, MODHEX_FORMATTED_LENGTH);
+ mangled = new(char, RECOVERY_KEY_MODHEX_FORMATTED_LENGTH);
if (!mangled)
return -ENOMEM;
- for (size_t i = 0, j = 0; i < MODHEX_RAW_LENGTH; i++) {
+ for (size_t i = 0, j = 0; i < RECOVERY_KEY_MODHEX_RAW_LENGTH; i++) {
size_t k;
int a, b;
- if (l == MODHEX_RAW_LENGTH*2)
+ if (l == RECOVERY_KEY_MODHEX_RAW_LENGTH*2)
/* Syntax without dashes */
k = i * 2;
else {
/* Syntax with dashes */
- assert(l == MODHEX_FORMATTED_LENGTH-1);
+ assert(l == RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1);
k = i * 2 + i / 4;
if (i > 0 && i % 4 == 0 && password[k-1] != '-')
mangled[j++] = '-';
}
- mangled[MODHEX_FORMATTED_LENGTH-1] = 0;
+ mangled[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] = 0;
*ret = TAKE_PTR(mangled);
return 0;
}
+
+int make_recovery_key(char **ret) {
+ _cleanup_(erase_and_freep) char *formatted = NULL;
+ _cleanup_(erase_and_freep) uint8_t *key = NULL;
+ int r;
+
+ assert(ret);
+
+ key = new(uint8_t, RECOVERY_KEY_MODHEX_RAW_LENGTH);
+ if (!key)
+ return -ENOMEM;
+
+ r = genuine_random_bytes(key, RECOVERY_KEY_MODHEX_RAW_LENGTH, RANDOM_BLOCK);
+ if (r < 0)
+ return r;
+
+ /* Let's now format it as 64 modhex chars, and after each 8 chars insert a dash */
+ formatted = new(char, RECOVERY_KEY_MODHEX_FORMATTED_LENGTH);
+ if (!formatted)
+ return -ENOMEM;
+
+ for (size_t i = 0, j = 0; i < RECOVERY_KEY_MODHEX_RAW_LENGTH; i++) {
+ formatted[j++] = modhex_alphabet[key[i] >> 4];
+ formatted[j++] = modhex_alphabet[key[i] & 0xF];
+
+ if (i % 4 == 3)
+ formatted[j++] = '-';
+ }
+
+ formatted[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] = 0;
+
+ *ret = TAKE_PTR(formatted);
+ return 0;
+}
#pragma once
/* 256 bit keys = 32 bytes */
-#define MODHEX_RAW_LENGTH 32
+#define RECOVERY_KEY_MODHEX_RAW_LENGTH 32
/* Formatted as sequences of 64 modhex characters, with dashes inserted after multiples of 8 chars (incl. trailing NUL) */
-#define MODHEX_FORMATTED_LENGTH (MODHEX_RAW_LENGTH*2/8*9)
+#define RECOVERY_KEY_MODHEX_FORMATTED_LENGTH (RECOVERY_KEY_MODHEX_RAW_LENGTH*2/8*9)
+
+int make_recovery_key(char **ret);
extern const char modhex_alphabet[16];
#include "libcrypt-util.h"
#include "locale-util.h"
#include "memory-util.h"
-#include "modhex.h"
#include "qrcode-util.h"
#include "random-util.h"
+#include "recovery-key.h"
#include "strv.h"
#include "terminal-util.h"
-static int make_recovery_key(char **ret) {
- _cleanup_(erase_and_freep) char *formatted = NULL;
- _cleanup_(erase_and_freep) uint8_t *key = NULL;
- int r;
-
- assert(ret);
-
- key = new(uint8_t, MODHEX_RAW_LENGTH);
- if (!key)
- return log_oom();
-
- r = genuine_random_bytes(key, MODHEX_RAW_LENGTH, RANDOM_BLOCK);
- if (r < 0)
- return log_error_errno(r, "Failed to gather entropy for recovery key: %m");
-
- /* Let's now format it as 64 modhex chars, and after each 8 chars insert a dash */
- formatted = new(char, MODHEX_FORMATTED_LENGTH);
- if (!formatted)
- return log_oom();
-
- for (size_t i = 0, j = 0; i < MODHEX_RAW_LENGTH; i++) {
- formatted[j++] = modhex_alphabet[key[i] >> 4];
- formatted[j++] = modhex_alphabet[key[i] & 0xF];
-
- if (i % 4 == 3)
- formatted[j++] = '-';
- }
-
- formatted[MODHEX_FORMATTED_LENGTH-1] = 0;
-
- *ret = TAKE_PTR(formatted);
- return 0;
-}
-
static int add_privileged(JsonVariant **v, const char *hashed) {
_cleanup_(json_variant_unrefp) JsonVariant *e = NULL, *w = NULL, *l = NULL;
int r;
/* First, let's generate a secret key */
r = make_recovery_key(&password);
if (r < 0)
- return r;
+ return log_error_errno(r, "Failed to generate recovery key: %m");
/* Let's UNIX hash it */
r = hash_password(password, &hashed);