#include "fileio.h"
#include "format-util.h"
#include "hexdecoct.h"
+#include "iovec-util.h"
#include "macro.h"
#include "memory-util.h"
#include "parse-util.h"
const char *key_file, /* We either expect key_file and associated parameters to be set (for file keys) … */
size_t key_file_size,
uint64_t key_file_offset,
- const void *key_data, /* … or key_data and key_data_size (for literal keys) */
- size_t key_data_size,
+ const struct iovec *key_data, /* … or literal keys via key_data */
usec_t until,
AskPasswordFlags askpw_flags,
void **ret_decrypted_key,
assert(friendly_name);
assert(pkcs11_uri);
- assert(key_file || key_data);
+ assert(key_file || iovec_is_set(key_data));
assert(ret_decrypted_key);
assert(ret_decrypted_key_size);
/* The functions called here log about all errors, except for EAGAIN which means "token not found right now" */
- if (key_data) {
- data.encrypted_key = (void*) key_data;
- data.encrypted_key_size = key_data_size;
+ if (iovec_is_set(key_data)) {
+ data.encrypted_key = (void*) key_data->iov_base;
+ data.encrypted_key_size = key_data->iov_len;
data.free_encrypted_key = false;
} else {
struct crypt_device *cd,
const char *name,
const char *key_file,
- const void *key_data,
- size_t key_data_size,
+ const struct iovec *key_data,
usec_t until,
uint32_t flags,
bool pass_volume_key) {
assert(name);
assert(arg_fido2_device || arg_fido2_device_auto);
- if (arg_fido2_cid && !key_file && !key_data)
+ if (arg_fido2_cid && !key_file && !iovec_is_set(key_data))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"FIDO2 mode with manual parameters selected, but no keyfile specified, refusing.");
arg_fido2_rp_id,
arg_fido2_cid, arg_fido2_cid_size,
key_file, arg_keyfile_size, arg_keyfile_offset,
- key_data, key_data_size,
+ key_data,
until,
arg_fido2_manual_flags,
"cryptsetup.fido2-pin",
struct crypt_device *cd,
const char *name,
const char *key_file,
- const void *key_data,
- size_t key_data_size,
+ const struct iovec *key_data,
usec_t until,
uint32_t flags,
bool pass_volume_key) {
_cleanup_(erase_and_freep) void *decrypted_key = NULL;
_cleanup_(sd_event_unrefp) sd_event *event = NULL;
_cleanup_free_ void *discovered_key = NULL;
+ struct iovec discovered_key_data = {};
int keyslot = arg_key_slot, r;
const char *uri = NULL;
bool use_libcryptsetup_plugin = use_token_plugins();
return r;
uri = discovered_uri;
- key_data = discovered_key;
- key_data_size = discovered_key_size;
+ discovered_key_data = IOVEC_MAKE(discovered_key, discovered_key_size);
+ key_data = &discovered_key_data;
}
} else {
uri = arg_pkcs11_uri;
- if (!key_file && !key_data)
+ if (!key_file && !iovec_is_set(key_data))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "PKCS#11 mode selected but no key file specified, refusing.");
}
friendly,
uri,
key_file, arg_keyfile_size, arg_keyfile_offset,
- key_data, key_data_size,
+ key_data,
until,
arg_ask_password_flags,
&decrypted_key, &decrypted_key_size);
if (token_type == TOKEN_TPM2)
return attach_luks_or_plain_or_bitlk_by_tpm2(cd, name, key_file, key_data, until, flags, pass_volume_key);
if (token_type == TOKEN_FIDO2)
- return attach_luks_or_plain_or_bitlk_by_fido2(cd, name, key_file, key_data->iov_base, key_data->iov_len, until, flags, pass_volume_key);
+ return attach_luks_or_plain_or_bitlk_by_fido2(cd, name, key_file, key_data, until, flags, pass_volume_key);
if (token_type == TOKEN_PKCS11)
- return attach_luks_or_plain_or_bitlk_by_pkcs11(cd, name, key_file, key_data->iov_base, key_data->iov_len, until, flags, pass_volume_key);
+ return attach_luks_or_plain_or_bitlk_by_pkcs11(cd, name, key_file, key_data, until, flags, pass_volume_key);
if (key_data)
return attach_luks_or_plain_or_bitlk_by_key_data(cd, name, key_data, flags, pass_volume_key);
if (key_file)
const char *key_file,
size_t key_file_size,
uint64_t key_file_offset,
- const void *key_data,
- size_t key_data_size,
+ const struct iovec *key_data,
usec_t until,
Fido2EnrollFlags required,
const char *askpw_credential,
"Local verification is required to unlock this volume, but the 'headless' parameter was set.");
assert(cid);
- assert(key_file || key_data);
+ assert(key_file || iovec_is_set(key_data));
- if (key_data)
- salt = IOVEC_MAKE(key_data, key_data_size);
+ if (iovec_is_set(key_data))
+ salt = *key_data;
else {
if (key_file_size > 0)
log_debug("Ignoring 'keyfile-size=' option for a FIDO2 salt file.");
/* key_file= */ NULL, /* salt is read from LUKS header instead of key_file */
/* key_file_size= */ 0,
/* key_file_offset= */ 0,
- salt, salt_size,
+ &IOVEC_MAKE(salt, salt_size),
until,
required,
"cryptsetup.fido2-pin",
projects / thirdparty / systemd.git / commitdiff
