diff options
Diffstat (limited to 'src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c')
-rw-r--r-- | src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c index 1eb924529c..dd379169ff 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c @@ -42,8 +42,8 @@ _public_ int cryptsetup_token_open_pin( void *usrptr /* plugin defined parameter passed to crypt_activate_by_token*() API */) { _cleanup_(erase_and_freep) char *base64_encoded = NULL, *pin_string = NULL; - _cleanup_free_ void *blob = NULL, *pubkey = NULL, *policy_hash = NULL; - size_t blob_size, policy_hash_size, decrypted_key_size, pubkey_size; + _cleanup_free_ void *blob = NULL, *pubkey = NULL, *policy_hash = NULL, *salt = NULL; + size_t blob_size, policy_hash_size, decrypted_key_size, pubkey_size, salt_size = 0; _cleanup_(erase_and_freep) void *decrypted_key = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; uint32_t hash_pcr_mask, pubkey_pcr_mask; @@ -90,6 +90,8 @@ _public_ int cryptsetup_token_open_pin( &blob_size, &policy_hash, &policy_hash_size, + &salt, + &salt_size, &flags); if (r < 0) return log_debug_open_error(cd, r); @@ -110,6 +112,8 @@ _public_ int cryptsetup_token_open_pin( blob_size, policy_hash, policy_hash_size, + salt, + salt_size, flags, &decrypted_key, &decrypted_key_size); @@ -168,9 +172,9 @@ _public_ void cryptsetup_token_dump( const char *json /* validated 'systemd-tpm2' token if cryptsetup_token_validate is defined */) { _cleanup_free_ char *hash_pcrs_str = NULL, *pubkey_pcrs_str = NULL, *blob_str = NULL, *policy_hash_str = NULL, *pubkey_str = NULL; - _cleanup_free_ void *blob = NULL, *pubkey = NULL, *policy_hash = NULL; + _cleanup_free_ void *blob = NULL, *pubkey = NULL, *policy_hash = NULL, *salt = NULL; _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; - size_t blob_size, policy_hash_size, pubkey_size; + size_t blob_size, policy_hash_size, pubkey_size, salt_size = 0; uint32_t hash_pcr_mask, pubkey_pcr_mask; uint16_t pcr_bank, primary_alg; TPM2Flags flags = 0; @@ -195,6 +199,8 @@ _public_ void cryptsetup_token_dump( &blob_size, &policy_hash, &policy_hash_size, + &salt, + &salt_size, &flags); if (r < 0) return (void) crypt_log_debug_errno(cd, r, "Failed to parse " TOKEN_NAME " JSON fields: %m"); @@ -227,6 +233,7 @@ _public_ void cryptsetup_token_dump( crypt_log(cd, "\ttpm2-blob: %s\n", blob_str); crypt_log(cd, "\ttpm2-policy-hash:" CRYPT_DUMP_LINE_SEP "%s\n", policy_hash_str); crypt_log(cd, "\ttpm2-pin: %s\n", true_false(flags & TPM2_FLAGS_USE_PIN)); + crypt_log(cd, "\ttpm2-salt: %s\n", true_false(salt)); } /* |