diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-09-08 14:52:13 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-09-15 09:30:56 +0200 |
commit | 0e98d17e77a024a16fc15589b2b21bb6196d4567 (patch) | |
tree | dcd69b9b40f5b0001ee8251461e3df82d592c12c /src/home | |
parent | 6743a1caf4037f03dc51a1277855018e4ab61957 (diff) | |
download | systemd-0e98d17e77a024a16fc15589b2b21bb6196d4567.tar.gz |
Add a helper function that does make_salt+crypt_r
No functional change.
Diffstat (limited to 'src/home')
-rw-r--r-- | src/home/homectl-fido2.c | 16 | ||||
-rw-r--r-- | src/home/homectl-pkcs11.c | 16 | ||||
-rw-r--r-- | src/home/homectl-recovery-key.c | 13 | ||||
-rw-r--r-- | src/home/homework.c | 1 | ||||
-rw-r--r-- | src/home/user-record-util.c | 13 |
5 files changed, 15 insertions, 44 deletions
diff --git a/src/home/homectl-fido2.c b/src/home/homectl-fido2.c index b7b2c1a3b5..b9092df18c 100644 --- a/src/home/homectl-fido2.c +++ b/src/home/homectl-fido2.c @@ -70,31 +70,23 @@ static int add_fido2_salt( size_t secret_size) { _cleanup_(json_variant_unrefp) JsonVariant *l = NULL, *w = NULL, *e = NULL; - _cleanup_(erase_and_freep) char *base64_encoded = NULL; - _cleanup_free_ char *unix_salt = NULL; - struct crypt_data cd = {}; - char *k; + _cleanup_(erase_and_freep) char *base64_encoded = NULL, *hashed = NULL; int r; - r = make_salt(&unix_salt); - if (r < 0) - return log_error_errno(r, "Failed to generate salt: %m"); - /* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends * expect a NUL terminated string, and we use a binary key */ r = base64mem(secret, secret_size, &base64_encoded); if (r < 0) return log_error_errno(r, "Failed to base64 encode secret key: %m"); - errno = 0; - k = crypt_r(base64_encoded, unix_salt, &cd); - if (!k) + r = hash_password(base64_encoded, &hashed); + if (r < 0) return log_error_errno(errno_or_else(EINVAL), "Failed to UNIX hash secret key: %m"); r = json_build(&e, JSON_BUILD_OBJECT( JSON_BUILD_PAIR("credential", JSON_BUILD_BASE64(cid, cid_size)), JSON_BUILD_PAIR("salt", JSON_BUILD_BASE64(fido2_salt, fido2_salt_size)), - JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(k)))); + JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(hashed)))); if (r < 0) return log_error_errno(r, "Failed to build FIDO2 salt JSON key object: %m"); diff --git a/src/home/homectl-pkcs11.c b/src/home/homectl-pkcs11.c index f4253ed7bf..21c9b9a6a3 100644 --- a/src/home/homectl-pkcs11.c +++ b/src/home/homectl-pkcs11.c @@ -134,10 +134,7 @@ static int add_pkcs11_encrypted_key( const void *decrypted_key, size_t decrypted_key_size) { _cleanup_(json_variant_unrefp) JsonVariant *l = NULL, *w = NULL, *e = NULL; - _cleanup_(erase_and_freep) char *base64_encoded = NULL; - _cleanup_free_ char *salt = NULL; - struct crypt_data cd = {}; - char *k; + _cleanup_(erase_and_freep) char *base64_encoded = NULL, *hashed = NULL; int r; assert(v); @@ -147,25 +144,20 @@ static int add_pkcs11_encrypted_key( assert(decrypted_key); assert(decrypted_key_size > 0); - r = make_salt(&salt); - if (r < 0) - return log_error_errno(r, "Failed to generate salt: %m"); - /* Before using UNIX hashing on the supplied key we base64 encode it, since crypt_r() and friends * expect a NUL terminated string, and we use a binary key */ r = base64mem(decrypted_key, decrypted_key_size, &base64_encoded); if (r < 0) return log_error_errno(r, "Failed to base64 encode secret key: %m"); - errno = 0; - k = crypt_r(base64_encoded, salt, &cd); - if (!k) + r = hash_password(base64_encoded, &hashed); + if (r < 0) return log_error_errno(errno_or_else(EINVAL), "Failed to UNIX hash secret key: %m"); r = json_build(&e, JSON_BUILD_OBJECT( JSON_BUILD_PAIR("uri", JSON_BUILD_STRING(uri)), JSON_BUILD_PAIR("data", JSON_BUILD_BASE64(encrypted_key, encrypted_key_size)), - JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(k)))); + JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRING(hashed)))); if (r < 0) return log_error_errno(r, "Failed to build encrypted JSON key object: %m"); diff --git a/src/home/homectl-recovery-key.c b/src/home/homectl-recovery-key.c index 9d7f345f1e..c63d3415f4 100644 --- a/src/home/homectl-recovery-key.c +++ b/src/home/homectl-recovery-key.c @@ -183,9 +183,7 @@ static int print_qr_code(const char *secret) { } int identity_add_recovery_key(JsonVariant **v) { - _cleanup_(erase_and_freep) char *unix_salt = NULL, *password = NULL; - struct crypt_data cd = {}; - char *k; + _cleanup_(erase_and_freep) char *password = NULL, *hashed = NULL; int r; assert(v); @@ -196,17 +194,12 @@ int identity_add_recovery_key(JsonVariant **v) { return r; /* Let's UNIX hash it */ - r = make_salt(&unix_salt); + r = hash_password(password, &hashed); if (r < 0) - return log_error_errno(r, "Failed to generate salt: %m"); - - errno = 0; - k = crypt_r(password, unix_salt, &cd); - if (!k) return log_error_errno(errno_or_else(EINVAL), "Failed to UNIX hash secret key: %m"); /* Let's now add the "privileged" version of the recovery key */ - r = add_privileged(v, k); + r = add_privileged(v, hashed); if (r < 0) return r; diff --git a/src/home/homework.c b/src/home/homework.c index 594c4a05bb..986ce2b3f0 100644 --- a/src/home/homework.c +++ b/src/home/homework.c @@ -17,6 +17,7 @@ #include "homework-mount.h" #include "homework-pkcs11.h" #include "homework.h" +#include "libcrypt-util.h" #include "main-func.h" #include "memory-util.h" #include "missing_magic.h" diff --git a/src/home/user-record-util.c b/src/home/user-record-util.c index 0bbe44ce26..6928427730 100644 --- a/src/home/user-record-util.c +++ b/src/home/user-record-util.c @@ -806,20 +806,13 @@ int user_record_make_hashed_password(UserRecord *h, char **secret, bool extend) } STRV_FOREACH(i, secret) { - _cleanup_free_ char *salt = NULL; - struct crypt_data cd = {}; - char *k; + _cleanup_(erase_and_freep) char *hashed = NULL; - r = make_salt(&salt); + r = hash_password(*i, &hashed); if (r < 0) return r; - errno = 0; - k = crypt_r(*i, salt, &cd); - if (!k) - return errno_or_else(EINVAL); - - r = strv_extend(&np, k); + r = strv_consume(&np, TAKE_PTR(hashed)); if (r < 0) return r; } |