From: Daan De Meyer Date: Wed, 21 May 2025 14:34:29 +0000 (+0200) Subject: cryptenroll: Clean up includes X-Git-Tag: v258-rc1~538 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fee4eaa1b77ab0d93b123f7b75ee74f5f45613b1;p=thirdparty%2Fsystemd.git cryptenroll: Clean up includes Split out of #37344. --- diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c index f412aac928b..e1b8561dd25 100644 --- a/src/cryptenroll/cryptenroll-fido2.c +++ b/src/cryptenroll/cryptenroll-fido2.c @@ -1,17 +1,18 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "alloc-util.h" #include "ask-password-api.h" #include "cryptenroll-fido2.h" #include "cryptsetup-fido2.h" +#include "cryptsetup-util.h" #include "fido2-util.h" #include "glyph-util.h" #include "hexdecoct.h" #include "iovec-util.h" #include "json-util.h" #include "libfido2-util.h" -#include "memory-util.h" #include "pretty-print.h" -#include "random-util.h" +#include "string-util.h" int load_volume_key_fido2( struct crypt_device *cd, @@ -20,6 +21,7 @@ int load_volume_key_fido2( void *ret_vk, size_t *ret_vks) { +#if HAVE_LIBFIDO2 _cleanup_(erase_and_freep) void *decrypted_key = NULL; _cleanup_(erase_and_freep) char *passphrase = NULL; size_t decrypted_key_size; @@ -63,6 +65,9 @@ int load_volume_key_fido2( return log_error_errno(r, "Unlocking via FIDO2 device failed: %m"); return r; +#else + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "FIDO2 unlocking not supported."); +#endif } int enroll_fido2( @@ -74,6 +79,7 @@ int enroll_fido2( const char *salt_file, bool parameters_in_header) { +#if HAVE_LIBFIDO2 _cleanup_(iovec_done_erase) struct iovec salt = {}; _cleanup_(erase_and_freep) void *secret = NULL; _cleanup_(erase_and_freep) char *base64_encoded = NULL; @@ -202,4 +208,7 @@ int enroll_fido2( log_info("New FIDO2 token enrolled as key slot %i.", keyslot); return keyslot; +#else + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "FIDO2 key enrollment not supported."); +#endif } diff --git a/src/cryptenroll/cryptenroll-fido2.h b/src/cryptenroll/cryptenroll-fido2.h index 0eb2a95e737..931ce94ac84 100644 --- a/src/cryptenroll/cryptenroll-fido2.h +++ b/src/cryptenroll/cryptenroll-fido2.h @@ -1,24 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include +#include "forward.h" -#include "cryptsetup-util.h" -#include "libfido2-util.h" -#include "log.h" - -#if HAVE_LIBFIDO2 int load_volume_key_fido2(struct crypt_device *cd, const char *cd_node, const char *device, void *ret_vk, size_t *ret_vks); int enroll_fido2(struct crypt_device *cd, const struct iovec *volume_key, const char *device, Fido2EnrollFlags lock_with, int cred_alg, const char *salt_file, bool parameters_in_header); - -#else -static inline int load_volume_key_fido2(struct crypt_device *cd, const char *cd_node, const char *device, void *ret_vk, size_t *ret_vks) { - return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "FIDO2 unlocking not supported."); -} - -static inline int enroll_fido2(struct crypt_device *cd, const struct iovec *volume_key, const char *device, Fido2EnrollFlags lock_with, int cred_alg, const char *salt_file, bool parameters_in_header) { - return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "FIDO2 key enrollment not supported."); -} -#endif diff --git a/src/cryptenroll/cryptenroll-list.c b/src/cryptenroll/cryptenroll-list.c index 91f9dd72c2c..32e8c9cf2a3 100644 --- a/src/cryptenroll/cryptenroll-list.c +++ b/src/cryptenroll/cryptenroll-list.c @@ -2,8 +2,10 @@ #include "sd-json.h" +#include "alloc-util.h" #include "cryptenroll.h" #include "cryptenroll-list.h" +#include "cryptsetup-util.h" #include "format-table.h" #include "json-util.h" #include "log.h" diff --git a/src/cryptenroll/cryptenroll-list.h b/src/cryptenroll/cryptenroll-list.h index d322988f799..40270bfeea4 100644 --- a/src/cryptenroll/cryptenroll-list.h +++ b/src/cryptenroll/cryptenroll-list.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include "cryptsetup-util.h" +#include "forward.h" int list_enrolled(struct crypt_device *cd); diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c index 078e37900d0..8c7e38b82cc 100644 --- a/src/cryptenroll/cryptenroll-password.c +++ b/src/cryptenroll/cryptenroll-password.c @@ -1,14 +1,16 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "alloc-util.h" #include "ask-password-api.h" #include "cryptenroll-password.h" +#include "cryptsetup-util.h" #include "env-util.h" #include "errno-util.h" #include "escape.h" #include "iovec-util.h" #include "log.h" -#include "memory-util.h" #include "password-quality-util.h" +#include "string-util.h" #include "strv.h" int load_volume_key_password( diff --git a/src/cryptenroll/cryptenroll-password.h b/src/cryptenroll/cryptenroll-password.h index 4eaf48acba7..f83e6274692 100644 --- a/src/cryptenroll/cryptenroll-password.h +++ b/src/cryptenroll/cryptenroll-password.h @@ -1,9 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include - -#include "cryptsetup-util.h" +#include "forward.h" int load_volume_key_password(struct crypt_device *cd, const char* cd_node, void *ret_vk, size_t *ret_vks); int enroll_password(struct crypt_device *cd, const struct iovec *volume_key); diff --git a/src/cryptenroll/cryptenroll-pkcs11.c b/src/cryptenroll/cryptenroll-pkcs11.c index f59a4898484..b6465b915c2 100644 --- a/src/cryptenroll/cryptenroll-pkcs11.c +++ b/src/cryptenroll/cryptenroll-pkcs11.c @@ -1,12 +1,14 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "alloc-util.h" #include "cryptenroll-pkcs11.h" +#include "cryptsetup-util.h" #include "hexdecoct.h" #include "json-util.h" -#include "memory-util.h" #include "openssl-util.h" #include "pkcs11-util.h" +#if HAVE_P11KIT && HAVE_OPENSSL static int uri_set_private_class(const char *uri, char **ret_uri) { _cleanup_(sym_p11_kit_uri_freep) P11KitUri *p11kit_uri = NULL; _cleanup_free_ char *private_uri = NULL; @@ -30,12 +32,10 @@ static int uri_set_private_class(const char *uri, char **ret_uri) { *ret_uri = TAKE_PTR(private_uri); return 0; } +#endif -int enroll_pkcs11( - struct crypt_device *cd, - const struct iovec *volume_key, - const char *uri) { - +int enroll_pkcs11(struct crypt_device *cd, const struct iovec *volume_key,const char *uri) { +#if HAVE_P11KIT && HAVE_OPENSSL _cleanup_(erase_and_freep) void *decrypted_key = NULL; _cleanup_(erase_and_freep) char *base64_encoded = NULL; _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; @@ -112,4 +112,7 @@ int enroll_pkcs11( log_info("New PKCS#11 token enrolled as key slot %i.", keyslot); return keyslot; +#else + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "PKCS#11 key enrollment not supported."); +#endif } diff --git a/src/cryptenroll/cryptenroll-pkcs11.h b/src/cryptenroll/cryptenroll-pkcs11.h index 64b7361c55e..3d5d1e30228 100644 --- a/src/cryptenroll/cryptenroll-pkcs11.h +++ b/src/cryptenroll/cryptenroll-pkcs11.h @@ -1,16 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include +#include "forward.h" -#include "cryptsetup-util.h" -#include "log.h" - -#if HAVE_P11KIT && HAVE_OPENSSL int enroll_pkcs11(struct crypt_device *cd, const struct iovec *volume_key, const char *uri); -#else -static inline int enroll_pkcs11(struct crypt_device *cd, const struct iovec *volume_key, const char *uri) { - return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "PKCS#11 key enrollment not supported."); -} -#endif diff --git a/src/cryptenroll/cryptenroll-recovery.c b/src/cryptenroll/cryptenroll-recovery.c index 715e1c73879..f9a588da26a 100644 --- a/src/cryptenroll/cryptenroll-recovery.c +++ b/src/cryptenroll/cryptenroll-recovery.c @@ -1,15 +1,15 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "alloc-util.h" #include "ansi-color.h" #include "cryptenroll-recovery.h" +#include "cryptsetup-util.h" #include "glyph-util.h" #include "iovec-util.h" #include "json-util.h" #include "log.h" -#include "memory-util.h" #include "qrcode-util.h" #include "recovery-key.h" -#include "terminal-util.h" int enroll_recovery( struct crypt_device *cd, diff --git a/src/cryptenroll/cryptenroll-recovery.h b/src/cryptenroll/cryptenroll-recovery.h index 3134d3d1485..c8a947ca3bb 100644 --- a/src/cryptenroll/cryptenroll-recovery.h +++ b/src/cryptenroll/cryptenroll-recovery.h @@ -1,8 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include - -#include "cryptsetup-util.h" +#include "forward.h" int enroll_recovery(struct crypt_device *cd, const struct iovec *volume_key); diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c index fd03fecc629..48f08e15d2c 100644 --- a/src/cryptenroll/cryptenroll-tpm2.c +++ b/src/cryptenroll/cryptenroll-tpm2.c @@ -6,17 +6,19 @@ #include "ask-password-api.h" #include "cryptenroll-tpm2.h" #include "cryptsetup-tpm2.h" +#include "cryptsetup-util.h" #include "env-util.h" #include "errno-util.h" -#include "fileio.h" #include "hexdecoct.h" #include "json-util.h" #include "log.h" #include "memory-util.h" #include "random-util.h" #include "sha256.h" +#include "strv.h" #include "tpm2-util.h" +#if HAVE_TPM2 static int search_policy_hash( struct crypt_device *cd, const struct iovec policy_hash[], @@ -164,6 +166,7 @@ static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) { return 0; } +#endif int load_volume_key_tpm2( struct crypt_device *cd, @@ -172,6 +175,7 @@ int load_volume_key_tpm2( void *ret_vk, size_t *ret_vks) { +#if HAVE_TPM2 _cleanup_(iovec_done_erase) struct iovec decrypted_key = {}; _cleanup_(erase_and_freep) char *passphrase = NULL; ssize_t passphrase_size; @@ -279,6 +283,9 @@ int load_volume_key_tpm2( return log_error_errno(r, "Unlocking via TPM2 device failed: %m"); return r; +#else + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "TPM2 unlocking not supported."); +#endif } int enroll_tpm2(struct crypt_device *cd, @@ -296,6 +303,7 @@ int enroll_tpm2(struct crypt_device *cd, const char *pcrlock_path, int *ret_slot_to_wipe) { +#if HAVE_TPM2 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL, *signature_json = NULL; _cleanup_(erase_and_freep) char *base64_encoded = NULL; _cleanup_(iovec_done) struct iovec srk = {}, pubkey = {}; @@ -605,4 +613,7 @@ int enroll_tpm2(struct crypt_device *cd, *ret_slot_to_wipe = slot_to_wipe; return keyslot; +#else + return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "TPM2 key enrollment not supported."); +#endif } diff --git a/src/cryptenroll/cryptenroll-tpm2.h b/src/cryptenroll/cryptenroll-tpm2.h index efc93f1770e..079da9271e6 100644 --- a/src/cryptenroll/cryptenroll-tpm2.h +++ b/src/cryptenroll/cryptenroll-tpm2.h @@ -1,23 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include +#include "forward.h" -#include "cryptsetup-util.h" -#include "log.h" -#include "tpm2-util.h" - -#if HAVE_TPM2 int load_volume_key_tpm2(struct crypt_device *cd, const char *cd_node, const char *device, void *ret_vk, size_t *ret_vks); int enroll_tpm2(struct crypt_device *cd, const struct iovec *volume_key, const char *device, uint32_t seal_key_handle, const char *device_key, Tpm2PCRValue *hash_pcr_values, size_t n_hash_pcr_values, const char *pubkey_path, bool load_pcr_pubkey, uint32_t pubkey_pcr_mask, const char *signature_path, bool use_pin, const char *pcrlock_path, int *ret_slot_to_wipe); -#else -static inline int load_volume_key_tpm2(struct crypt_device *cd, const char *cd_node, const char *device, void *ret_vk, size_t *ret_vks) { - return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "TPM2 unlocking not supported."); -} - -static inline int enroll_tpm2(struct crypt_device *cd, const struct iovec *volume_key, const char *device, uint32_t seal_key_handle, const char *device_key, Tpm2PCRValue *hash_pcr_values, size_t n_hash_pcr_values, const char *pubkey_path, bool load_pcr_pubkey, uint32_t pubkey_pcr_mask, const char *signature_path, bool use_pin, const char *pcrlock_path, int *ret_slot_to_wipe) { - return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "TPM2 key enrollment not supported."); -} -#endif diff --git a/src/cryptenroll/cryptenroll-wipe.c b/src/cryptenroll/cryptenroll-wipe.c index 05f862dafdd..1ae92bf91b8 100644 --- a/src/cryptenroll/cryptenroll-wipe.c +++ b/src/cryptenroll/cryptenroll-wipe.c @@ -1,12 +1,11 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ -#include "sd-json.h" - +#include "alloc-util.h" #include "cryptenroll.h" #include "cryptenroll-wipe.h" +#include "cryptsetup-util.h" #include "json-util.h" #include "log.h" -#include "memory-util.h" #include "parse-util.h" #include "set.h" #include "sort-util.h" diff --git a/src/cryptenroll/cryptenroll-wipe.h b/src/cryptenroll/cryptenroll-wipe.h index 5bcd78391a9..d2679c306a2 100644 --- a/src/cryptenroll/cryptenroll-wipe.h +++ b/src/cryptenroll/cryptenroll-wipe.h @@ -1,8 +1,9 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include "cryptenroll.h" -#include "cryptsetup-util.h" +#include "forward.h" + +typedef enum WipeScope WipeScope; int wipe_slots(struct crypt_device *cd, const int explicit_slots[], diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c index 51e9b705916..2f20af7e520 100644 --- a/src/cryptenroll/cryptenroll.c +++ b/src/cryptenroll/cryptenroll.c @@ -3,7 +3,8 @@ #include #include -#include "ask-password-api.h" +#include "sd-device.h" + #include "blockdev-list.h" #include "blockdev-util.h" #include "build.h" @@ -16,24 +17,20 @@ #include "cryptenroll-tpm2.h" #include "cryptenroll-wipe.h" #include "cryptsetup-util.h" -#include "devnum-util.h" -#include "env-util.h" -#include "escape.h" #include "extract-word.h" #include "fileio.h" #include "libfido2-util.h" +#include "log.h" #include "main-func.h" -#include "memory-util.h" #include "pager.h" #include "parse-argument.h" #include "parse-util.h" -#include "path-util.h" #include "pkcs11-util.h" #include "pretty-print.h" #include "string-table.h" -#include "strv.h" -#include "terminal-util.h" +#include "string-util.h" #include "tpm2-pcr.h" +#include "tpm2-util.h" static EnrollType arg_enroll_type = _ENROLL_TYPE_INVALID; static char *arg_unlock_keyfile = NULL; diff --git a/src/cryptenroll/cryptenroll.h b/src/cryptenroll/cryptenroll.h index 08ded3e0e85..6a2f36c36aa 100644 --- a/src/cryptenroll/cryptenroll.h +++ b/src/cryptenroll/cryptenroll.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include +#include "forward.h" typedef enum EnrollType { ENROLL_PASSWORD, diff --git a/src/cryptenroll/meson.build b/src/cryptenroll/meson.build index 902d91cb943..488ceea14d1 100644 --- a/src/cryptenroll/meson.build +++ b/src/cryptenroll/meson.build @@ -5,25 +5,16 @@ if conf.get('HAVE_LIBCRYPTSETUP') != 1 endif systemd_cryptenroll_sources = files( + 'cryptenroll.c', + 'cryptenroll-fido2.c', 'cryptenroll-list.c', 'cryptenroll-password.c', + 'cryptenroll-pkcs11.c', 'cryptenroll-recovery.c', + 'cryptenroll-tpm2.c', 'cryptenroll-wipe.c', - 'cryptenroll.c', ) -if conf.get('HAVE_P11KIT') == 1 and conf.get('HAVE_OPENSSL') == 1 - systemd_cryptenroll_sources += files('cryptenroll-pkcs11.c') -endif - -if conf.get('HAVE_LIBFIDO2') == 1 - systemd_cryptenroll_sources += files('cryptenroll-fido2.c') -endif - -if conf.get('HAVE_TPM2') == 1 - systemd_cryptenroll_sources += files('cryptenroll-tpm2.c') -endif - executables += [ executable_template + { 'name' : 'systemd-cryptenroll',