diff options
Diffstat (limited to 'src/shared/creds-util.h')
-rw-r--r-- | src/shared/creds-util.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/shared/creds-util.h b/src/shared/creds-util.h index caf632de6e..7f0ce421ad 100644 --- a/src/shared/creds-util.h +++ b/src/shared/creds-util.h @@ -43,5 +43,10 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t * #define CRED_AES256_GCM_BY_TPM2_HMAC SD_ID128_MAKE(0c,7c,c0,7b,11,76,45,91,9c,4b,0b,ea,08,bc,20,fe) #define CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC SD_ID128_MAKE(93,a8,94,09,48,74,44,90,90,ca,f2,fc,93,ca,b5,53) +/* Special ID to pick automatic mode (i.e. tpm2+host if TPM2 exists, only host otherwise). This ID will never + * be stored on disk, but is useful only internally while figuring out what precisely to write to disk. To + * mark that this isn't a "real" type, we'll prefix it with an underscore. */ +#define _CRED_AUTO SD_ID128_MAKE(a2,19,cb,07,85,b2,4c,04,b1,6d,18,ca,b9,d2,ee,01) + int encrypt_credential_and_warn(sd_id128_t with_key, const char *name, usec_t timestamp, usec_t not_after, const char *tpm2_device, uint32_t tpm2_pcr_mask, const void *input, size_t input_size, void **ret, size_t *ret_size); int decrypt_credential_and_warn(const char *validate_name, usec_t validate_timestamp, const char *tpm2_device, const void *input, size_t input_size, void **ret, size_t *ret_size); |