o->tag.seqnum = htole64(journal_file_tag_seqnum(f));
o->tag.epoch = htole64(FSPRG_GetEpoch(f->fsprg_state));
- log_debug("Writing tag %llu for epoch %llu\n",
- (unsigned long long) le64toh(o->tag.seqnum),
- (unsigned long long) FSPRG_GetEpoch(f->fsprg_state));
+ log_debug("Writing tag %"PRIu64" for epoch %"PRIu64"\n",
+ le64toh(o->tag.seqnum),
+ FSPRG_GetEpoch(f->fsprg_state));
/* Add the tag object itself, so that we can protect its
* header. This will exclude the actual hash value in it */
- r = journal_file_hmac_put_object(f, OBJECT_TAG, p);
+ r = journal_file_hmac_put_object(f, OBJECT_TAG, o, p);
if (r < 0)
return r;
epoch = FSPRG_GetEpoch(f->fsprg_state);
if (epoch < goal)
- log_debug("Evolving FSPRG key from epoch %llu to %llu.", (unsigned long long) epoch, (unsigned long long) goal);
+ log_debug("Evolving FSPRG key from epoch %"PRIu64" to %"PRIu64".", epoch, goal);
for (;;) {
if (epoch > goal)
return -ENOMEM;
}
- log_debug("Seeking FSPRG key to %llu.", (unsigned long long) goal);
+ log_debug("Seeking FSPRG key to %"PRIu64".", goal);
msk = alloca(FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR));
FSPRG_GenMK(msk, NULL, f->fsprg_seed, f->fsprg_seed_size, FSPRG_RECOMMENDED_SECPAR);
if (!f->seal)
return 0;
+ if (realtime <= 0)
+ realtime = now(CLOCK_REALTIME);
+
r = journal_file_fsprg_need_evolve(f, realtime);
if (r <= 0)
return 0;
return 0;
}
-int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
+int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p) {
int r;
- Object *o;
assert(f);
if (r < 0)
return r;
- r = journal_file_move_to_object(f, type, p, &o);
- if (r < 0)
- return r;
+ if (!o) {
+ r = journal_file_move_to_object(f, type, p, &o);
+ if (r < 0)
+ return r;
+ } else {
+ if (type >= 0 && o->object.type != type)
+ return -EBADMSG;
+ }
gcry_md_write(f->hmac, o, offsetof(ObjectHeader, payload));
gcry_md_write(f->hmac, o->data.payload, le64toh(o->object.size) - offsetof(DataObject, payload));
break;
+ case OBJECT_FIELD:
+ /* Same here */
+ gcry_md_write(f->hmac, &o->field.hash, sizeof(o->field.hash));
+ gcry_md_write(f->hmac, o->field.payload, le64toh(o->object.size) - offsetof(FieldObject, payload));
+ break;
+
case OBJECT_ENTRY:
/* All */
gcry_md_write(f->hmac, &o->entry.seqnum, le64toh(o->object.size) - offsetof(EntryObject, seqnum));
fd = open(p, O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
if (fd < 0) {
- log_error("Failed to open %s: %m", p);
+ if (errno != ENOENT)
+ log_error("Failed to open %s: %m", p);
+
r = -errno;
goto finish;
}
return r;
}
+static void initialize_libgcrypt(void) {
+ const char *p;
+
+ if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
+ return;
+
+ p = gcry_check_version("1.4.5");
+ assert(p);
+
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+}
+
int journal_file_hmac_setup(JournalFile *f) {
gcry_error_t e;
if (!f->seal)
return 0;
+ initialize_libgcrypt();
+
e = gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
if (e != 0)
return -ENOTSUP;
return -EINVAL;
p -= offsetof(Object, hash_table.items);
- r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, p);
+ r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, NULL, p);
if (r < 0)
return r;
return -EINVAL;
p -= offsetof(Object, hash_table.items);
- r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, p);
+ r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, NULL, p);
if (r < 0)
return r;
return 0;
}
-
int journal_file_parse_verification_key(JournalFile *f, const char *key) {
uint8_t *seed;
size_t seed_size, c;
return 0;
}
+
+bool journal_file_next_evolve_usec(JournalFile *f, usec_t *u) {
+ uint64_t epoch;
+
+ assert(f);
+ assert(u);
+
+ if (!f->seal)
+ return false;
+
+ epoch = FSPRG_GetEpoch(f->fsprg_state);
+
+ *u = (usec_t) (f->fss_start_usec + f->fss_interval_usec * epoch + f->fss_interval_usec);
+
+ return true;
+}
~ianmdlvl / elogind.git / blobdiff