#include "fsprg.h"
#include "gcrypt-util.h"
#include "hexdecoct.h"
+#include "iovec-util.h"
#include "journal-authenticate.h"
#include "journal-def.h"
#include "journal-file.h"
return r;
o->tag.seqnum = htole64(journal_file_tag_seqnum(f));
- o->tag.epoch = htole64(FSPRG_GetEpoch(f->fsprg_state));
+ o->tag.epoch = htole64(FSPRG_GetEpoch(f->fsprg_state.iov_base));
log_debug("Writing tag %"PRIu64" for epoch %"PRIu64"",
- le64toh(o->tag.seqnum),
- FSPRG_GetEpoch(f->fsprg_state));
+ le64toh(o->tag.seqnum), le64toh(o->tag.epoch));
/* Add the tag object itself, so that we can protect its
* header. This will exclude the actual hash value in it */
int journal_file_hmac_start(JournalFile *f) {
#if HAVE_GCRYPT
- uint8_t key[256 / 8]; /* Let's pass 256 bit from FSPRG to HMAC */
- gcry_error_t err;
int r;
assert(f);
/* Prepare HMAC for next cycle */
sym_gcry_md_reset(f->hmac);
- r = FSPRG_GetKey(f->fsprg_state, key, sizeof(key), 0);
+ uint8_t key[256 / 8]; /* Let's pass 256 bit from FSPRG to HMAC */
+ CLEANUP_ERASE(key);
+ r = FSPRG_GetKey(f->fsprg_state.iov_base, key, sizeof(key), 0);
if (r < 0)
return r;
- err = sym_gcry_md_setkey(f->hmac, key, sizeof(key));
+ gcry_error_t err = sym_gcry_md_setkey(f->hmac, key, sizeof(key));
if (gcry_err_code(err) != GPG_ERR_NO_ERROR)
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"sym_gcry_md_setkey() failed with error code: %s",
if (r < 0)
return r;
- epoch = FSPRG_GetEpoch(f->fsprg_state);
+ epoch = FSPRG_GetEpoch(f->fsprg_state.iov_base);
if (epoch > goal)
return -ESTALE;
if (r < 0)
return r;
- epoch = FSPRG_GetEpoch(f->fsprg_state);
+ epoch = FSPRG_GetEpoch(f->fsprg_state.iov_base);
if (epoch < goal)
log_debug("Evolving FSPRG key from epoch %"PRIu64" to %"PRIu64".", epoch, goal);
if (epoch == goal)
return 0;
- r = FSPRG_Evolve(f->fsprg_state);
+ r = FSPRG_Evolve(f->fsprg_state.iov_base);
if (r < 0)
return r;
- epoch = FSPRG_GetEpoch(f->fsprg_state);
+ epoch = FSPRG_GetEpoch(f->fsprg_state.iov_base);
if (epoch < goal) {
r = journal_file_append_tag(f);
if (r < 0)
}
int journal_file_fsprg_seek(JournalFile *f, uint64_t goal) {
- void *msk;
- uint64_t epoch;
int r;
assert(f);
if (!JOURNAL_HEADER_SEALED(f->header))
return 0;
- assert(f->fsprg_seed);
+ assert(iovec_is_set(&f->fsprg_seed));
- if (f->fsprg_state) {
+ if (iovec_is_set(&f->fsprg_state)) {
/* Cheaper... */
- epoch = FSPRG_GetEpoch(f->fsprg_state);
+ uint64_t epoch = FSPRG_GetEpoch(f->fsprg_state.iov_base);
if (goal == epoch)
return 0;
if (goal == epoch + 1)
- return FSPRG_Evolve(f->fsprg_state);
+ return FSPRG_Evolve(f->fsprg_state.iov_base);
} else {
- f->fsprg_state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
- f->fsprg_state = malloc(f->fsprg_state_size);
- if (!f->fsprg_state)
- return -ENOMEM;
+ r = iovec_alloc(FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR), &f->fsprg_state);
+ if (r < 0)
+ return r;
}
log_debug("Seeking FSPRG key to %"PRIu64".", goal);
- msk = alloca_safe(FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR));
-
- r = FSPRG_GenMK(msk, NULL, f->fsprg_seed, f->fsprg_seed_size, FSPRG_RECOMMENDED_SECPAR);
+ _cleanup_(iovec_erase) struct iovec msk = IOVEC_ALLOCA(FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR));
+ r = FSPRG_GenMK(msk.iov_base, NULL, f->fsprg_seed.iov_base, f->fsprg_seed.iov_len, FSPRG_RECOMMENDED_SECPAR);
if (r < 0)
return r;
- return FSPRG_Seek(f->fsprg_state, goal, msk, f->fsprg_seed, f->fsprg_seed_size);
+ return FSPRG_Seek(f->fsprg_state.iov_base, goal, msk.iov_base, f->fsprg_seed.iov_base, f->fsprg_seed.iov_len);
}
int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) {
f->fss_start_usec = le64toh(f->fss_file->start_usec);
f->fss_interval_usec = le64toh(f->fss_file->interval_usec);
- f->fsprg_state = (uint8_t*) f->fss_file + le64toh(f->fss_file->header_size);
- f->fsprg_state_size = le64toh(f->fss_file->fsprg_state_size);
+ f->fsprg_state = IOVEC_MAKE(
+ (uint8_t*) f->fss_file + le64toh(f->fss_file->header_size),
+ le64toh(f->fss_file->fsprg_state_size));
return 0;
}
}
int journal_file_parse_verification_key(JournalFile *f, const char *key) {
- _cleanup_free_ uint8_t *seed = NULL;
+ _cleanup_(erase_and_freep) uint8_t *seed = NULL;
size_t seed_size;
const char *k;
unsigned long long start, interval;
if (r != 2)
return -EINVAL;
- f->fsprg_seed = TAKE_PTR(seed);
- f->fsprg_seed_size = seed_size;
-
+ f->fsprg_seed = IOVEC_MAKE(TAKE_PTR(seed), seed_size);
f->fss_start_usec = start * interval;
f->fss_interval_usec = interval;
if (!JOURNAL_HEADER_SEALED(f->header))
return false;
- epoch = FSPRG_GetEpoch(f->fsprg_state);
+ epoch = FSPRG_GetEpoch(f->fsprg_state.iov_base);
*u = (usec_t) (f->fss_start_usec + f->fss_interval_usec * epoch + f->fss_interval_usec);
projects / thirdparty / systemd.git / commitdiff
