summaryrefslogtreecommitdiff
path: root/src/shared/cryptsetup-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2020-12-08 14:46:31 +0100
committerLennart Poettering <lennart@poettering.net>2020-12-17 19:59:04 +0100
commit4760384d53cd1efacc462ec133d497084141f922 (patch)
treed3952498580998309661689cc9a04373bce5241b /src/shared/cryptsetup-util.c
parent4098bc134ebdc5120bda6c8dd946865f7419e07d (diff)
downloadsystemd-4760384d53cd1efacc462ec133d497084141f922.tar.gz
cryptsetup-util: add helper for setting minimal PBKDF
Diffstat (limited to 'src/shared/cryptsetup-util.c')
-rw-r--r--src/shared/cryptsetup-util.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
index 850c79ed12..a793b9ac5b 100644
--- a/src/shared/cryptsetup-util.c
+++ b/src/shared/cryptsetup-util.c
@@ -27,6 +27,7 @@ int (*sym_crypt_resize)(struct crypt_device *cd, const char *name, uint64_t new_
int (*sym_crypt_set_data_device)(struct crypt_device *cd, const char *device);
void (*sym_crypt_set_debug_level)(int level);
void (*sym_crypt_set_log_callback)(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr);
+int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct crypt_pbkdf_type *pbkdf) = NULL;
int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json) = NULL;
int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json) = NULL;
int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
@@ -64,6 +65,7 @@ int dlopen_cryptsetup(void) {
DLSYM_ARG(crypt_set_data_device),
DLSYM_ARG(crypt_set_debug_level),
DLSYM_ARG(crypt_set_log_callback),
+ DLSYM_ARG(crypt_set_pbkdf_type),
DLSYM_ARG(crypt_token_json_get),
DLSYM_ARG(crypt_token_json_set),
DLSYM_ARG(crypt_volume_key_get),
@@ -113,6 +115,30 @@ void cryptsetup_enable_logging(struct crypt_device *cd) {
sym_crypt_set_debug_level(DEBUG_LOGGING ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);
}
+int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd) {
+
+ static const struct crypt_pbkdf_type minimal_pbkdf = {
+ .hash = "sha512",
+ .type = CRYPT_KDF_PBKDF2,
+ .iterations = 1,
+ .time_ms = 1,
+ };
+
+ int r;
+
+ /* Sets a minimal PKBDF in case we already have a high entropy key. */
+
+ r = dlopen_cryptsetup();
+ if (r < 0)
+ return r;
+
+ r = sym_crypt_set_pbkdf_type(cd, &minimal_pbkdf);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
int cryptsetup_get_token_as_json(
struct crypt_device *cd,
int idx,
View Lorry Controller Status