diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-11-24 15:29:03 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2020-12-17 19:58:26 +0100 |
commit | d041e4fc4a69df0b8992c07c9c42b0f369fdb9d8 (patch) | |
tree | 5963356fc94473d76a8e807192669a9fd43f3aa0 /src/home/homectl-pkcs11.c | |
parent | 2289a78473282902db1108168df6414ae7d91b2f (diff) | |
download | systemd-d041e4fc4a69df0b8992c07c9c42b0f369fdb9d8.tar.gz |
homed: split out code that determines suitable LUKS passphrase size from RSA key
We can use this in cryptenroll later on, hence let's make this generic.
Diffstat (limited to 'src/home/homectl-pkcs11.c')
-rw-r--r-- | src/home/homectl-pkcs11.c | 22 |
1 files changed, 4 insertions, 18 deletions
diff --git a/src/home/homectl-pkcs11.c b/src/home/homectl-pkcs11.c index 7cabd723a7..95cf932936 100644 --- a/src/home/homectl-pkcs11.c +++ b/src/home/homectl-pkcs11.c @@ -148,8 +148,7 @@ int identity_add_pkcs11_key_data(JsonVariant **v, const char *uri) { size_t decrypted_key_size, encrypted_key_size; _cleanup_(X509_freep) X509 *cert = NULL; EVP_PKEY *pkey; - int bits, r; - RSA *rsa; + int r; assert(v); @@ -161,22 +160,9 @@ int identity_add_pkcs11_key_data(JsonVariant **v, const char *uri) { if (!pkey) return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to extract public key from X.509 certificate."); - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) - return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key."); - - rsa = EVP_PKEY_get0_RSA(pkey); - if (!rsa) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate."); - - bits = RSA_bits(rsa); - log_debug("Bits in RSA key: %i", bits); - - /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only - * generate a random key half the size of the RSA length */ - decrypted_key_size = bits / 8 / 2; - - if (decrypted_key_size < 1) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Uh, RSA key size too short?"); + r = rsa_pkey_to_suitable_key_size(pkey, &decrypted_key_size); + if (r < 0) + return log_error_errno(r, "Failed to extract RSA key size from X509 certificate."); log_debug("Generating %zu bytes random key.", decrypted_key_size); |