#include <stdbool.h>
#include <stddef.h>
+#include "memory-util.h"
+
#if HAVE_GCRYPT
#include <gcrypt.h>
#include "dlfcn-util.h"
#include "macro.h"
-#include "memory-util.h"
extern DLSYM_PROTOTYPE(gcry_md_close);
extern DLSYM_PROTOTYPE(gcry_md_copy);
int initialize_libgcrypt(bool secmem);
-static inline gcry_md_hd_t* sym_gcry_md_closep(gcry_md_hd_t *md) {
- if (!md || !*md)
- return NULL;
- sym_gcry_md_close(*md);
-
- return NULL;
-}
-DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gcry_md_hd_t, gcry_md_close, NULL);
-
/* Copied from gcry_md_putc from gcrypt.h due to the need to call the sym_ variant */
#define sym_gcry_md_putc(h,c) \
do { \
sym_gcry_md_write((h__), NULL, 0); \
(h__)->buf[(h__)->bufpos++] = (c) & 0xff; \
} while(false)
+#else
+typedef struct gcry_md_handle *gcry_md_hd_t;
+
+static inline void sym_gcry_md_close(gcry_md_hd_t h) {
+ assert(h == NULL);
+}
#endif
+
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gcry_md_hd_t, sym_gcry_md_close, NULL);
#include "terminal-util.h"
#include "tmpfile-util.h"
+#if HAVE_GCRYPT
static int format_key(
const void *seed,
size_t seed_size,
return memstream_finalize(&m, ret, NULL);
}
+#endif
int action_setup_keys(void) {
+#if HAVE_GCRYPT
_cleanup_(unlink_and_freep) char *tmpfile = NULL;
_cleanup_close_ int fd = -EBADF;
_cleanup_free_ char *path = NULL;
#endif
return 0;
+#else
+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Forward-secure sealing not available.");
+#endif
}
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
-#if HAVE_GCRYPT
-
int action_setup_keys(void);
-
-#else
-
-#include "log.h"
-
-static inline int action_setup_keys(void) {
- return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Forward-secure sealing not available.");
-}
-
-#endif
journalctl_sources = files(
'journalctl.c',
+ 'journalctl-authenticate.c',
'journalctl-catalog.c',
'journalctl-filter.c',
'journalctl-misc.c',
'journalctl-varlink.c',
)
-if conf.get('HAVE_GCRYPT') == 1
- journalctl_sources += files('journalctl-authenticate.c')
-endif
-
if get_option('link-journalctl-shared')
journalctl_link_with = [libshared]
else
sd_journal_sources = files(
'sd-journal/audit-type.c',
'sd-journal/catalog.c',
+ 'sd-journal/fsprg.c',
+ 'sd-journal/journal-authenticate.c',
'sd-journal/journal-file.c',
'sd-journal/journal-send.c',
'sd-journal/journal-vacuum.c',
'sd-journal/sd-journal.c',
)
-if conf.get('HAVE_GCRYPT') == 1
- sd_journal_sources += files(
- 'sd-journal/fsprg.c',
- 'sd-journal/journal-authenticate.c',
- )
-endif
-
audit_type_includes = [config_h,
missing_audit_h,
'linux/audit.h']
#define RND_GEN_Q 0x02
#define RND_GEN_X 0x03
+#if HAVE_GCRYPT
+
#pragma GCC diagnostic ignored "-Wpointer-arith"
/* TODO: remove void* arithmetic and this work-around */
/******************************************************************************/
+#endif
+
size_t FSPRG_mskinbytes(unsigned _secpar) {
VALIDATE_SECPAR(_secpar);
return 2 + 2 * (_secpar / 2) / 8; /* to store header,p,q */
return 2 + 2 * _secpar / 8 + 8; /* to store header,n,x,epoch */
}
+#if HAVE_GCRYPT
static void store_secpar(void *buf, uint16_t secpar) {
secpar = secpar / 16 - 1;
((uint8_t*) buf)[0] = (secpar >> 8) & 0xff;
(uint16_t)(((uint8_t*) buf)[1]) << 0;
return 16 * (secpar + 1);
}
+#endif
int FSPRG_GenMK(void *msk, void *mpk, const void *seed, size_t seedlen, unsigned _secpar) {
+#if HAVE_GCRYPT
uint8_t iseed[FSPRG_RECOMMENDED_SEEDLEN];
gcry_mpi_t n, p, q;
uint16_t secpar;
sym_gcry_mpi_release(q);
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
int FSPRG_GenState0(void *state, const void *mpk, const void *seed, size_t seedlen) {
+#if HAVE_GCRYPT
gcry_mpi_t n, x;
uint16_t secpar;
int r;
sym_gcry_mpi_release(x);
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
int FSPRG_Evolve(void *state) {
+#if HAVE_GCRYPT
gcry_mpi_t n, x;
uint16_t secpar;
uint64_t epoch;
sym_gcry_mpi_release(x);
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
uint64_t FSPRG_GetEpoch(const void *state) {
+#if HAVE_GCRYPT
uint16_t secpar;
secpar = read_secpar(state + 0);
return uint64_import(state + 2 + 2 * secpar / 8, 8);
+#else
+ return -EOPNOTSUPP;
+#endif
}
int FSPRG_Seek(void *state, uint64_t epoch, const void *msk, const void *seed, size_t seedlen) {
+#if HAVE_GCRYPT
gcry_mpi_t p, q, n, x, xp, xq, kp, kq, xm;
uint16_t secpar;
int r;
sym_gcry_mpi_release(xm);
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
int FSPRG_GetKey(const void *state, void *key, size_t keylen, uint32_t idx) {
+#if HAVE_GCRYPT
uint16_t secpar;
int r;
det_randomize(key, keylen, state + 2, 2 * secpar / 8 + 8, idx);
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
DEFINE_TRIVIAL_CLEANUP_FUNC(FSSHeader*, fssheader_free);
+#if HAVE_GCRYPT
static uint64_t journal_file_tag_seqnum(JournalFile *f) {
uint64_t r;
return r;
}
+#endif
int journal_file_append_tag(JournalFile *f) {
+#if HAVE_GCRYPT
Object *o;
uint64_t p;
int r;
f->hmac_running = false;
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
int journal_file_hmac_start(JournalFile *f) {
+#if HAVE_GCRYPT
uint8_t key[256 / 8]; /* Let's pass 256 bit from FSPRG to HMAC */
gcry_error_t err;
int r;
f->hmac_running = true;
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
static int journal_file_get_epoch(JournalFile *f, uint64_t realtime, uint64_t *epoch) {
}
int journal_file_hmac_put_object(JournalFile *f, ObjectType type, Object *o, uint64_t p) {
+#if HAVE_GCRYPT
int r;
assert(f);
}
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
int journal_file_hmac_put_header(JournalFile *f) {
+#if HAVE_GCRYPT
int r;
assert(f);
sym_gcry_md_write(f->hmac, &f->header->data_hash_table_offset, offsetof(Header, tail_object_offset) - offsetof(Header, data_hash_table_offset));
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
int journal_file_fss_load(JournalFile *f) {
}
int journal_file_hmac_setup(JournalFile *f) {
+#if HAVE_GCRYPT
gcry_error_t e;
int r;
return -EOPNOTSUPP;
return 0;
+#else
+ return -EOPNOTSUPP;
+#endif
}
int journal_file_append_first_tag(JournalFile *f) {
free(f->compress_buffer);
#endif
-#if HAVE_GCRYPT
if (f->fss_file) {
size_t sz = PAGE_ALIGN(f->fss_file_size);
assert(sz < SIZE_MAX);
if (f->hmac)
sym_gcry_md_close(f->hmac);
-#endif
return mfree(f);
}
#include <inttypes.h>
#include <sys/uio.h>
-#if HAVE_GCRYPT
-# include <gcrypt.h>
-#endif
-
#include "sd-event.h"
#include "sd-id128.h"
#include "compress.h"
+#include "gcrypt-util.h"
#include "hashmap.h"
#include "journal-def.h"
#include "missing_fcntl.h"
void *compress_buffer;
#endif
-#if HAVE_GCRYPT
gcry_md_hd_t hmac;
bool hmac_running;
void *fsprg_seed;
size_t fsprg_seed_size;
-#endif
/* When we insert this file into the per-boot priority queue 'newest_by_boot_id' in sd_journal, then by these keys */
sd_id128_t newest_boot_id;
projects / thirdparty / systemd.git / commitdiff
