/* Add the tag object itself, so that we can protect its
* header. This will exclude the actual hash value in it */
- r = journal_file_hmac_put_object(f, OBJECT_TAG, p);
+ r = journal_file_hmac_put_object(f, OBJECT_TAG, o, p);
if (r < 0)
return r;
if (!f->seal)
return 0;
+ if (realtime <= 0)
+ realtime = now(CLOCK_REALTIME);
+
r = journal_file_fsprg_need_evolve(f, realtime);
if (r <= 0)
return 0;
return 0;
}
-int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) {
+int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p) {
int r;
- Object *o;
assert(f);
if (r < 0)
return r;
- r = journal_file_move_to_object(f, type, p, &o);
- if (r < 0)
- return r;
+ if (!o) {
+ r = journal_file_move_to_object(f, type, p, &o);
+ if (r < 0)
+ return r;
+ } else {
+ if (type >= 0 && o->object.type != type)
+ return -EBADMSG;
+ }
gcry_md_write(f->hmac, o, offsetof(ObjectHeader, payload));
fd = open(p, O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
if (fd < 0) {
- log_error("Failed to open %s: %m", p);
+ if (errno != ENOENT)
+ log_error("Failed to open %s: %m", p);
+
r = -errno;
goto finish;
}
return r;
}
+static void initialize_libgcrypt(void) {
+ const char *p;
+
+ if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
+ return;
+
+ p = gcry_check_version("1.4.5");
+ assert(p);
+
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+}
+
int journal_file_hmac_setup(JournalFile *f) {
gcry_error_t e;
if (!f->seal)
return 0;
+ initialize_libgcrypt();
+
e = gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
if (e != 0)
return -ENOTSUP;
return -EINVAL;
p -= offsetof(Object, hash_table.items);
- r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, p);
+ r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, NULL, p);
if (r < 0)
return r;
return -EINVAL;
p -= offsetof(Object, hash_table.items);
- r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, p);
+ r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, NULL, p);
if (r < 0)
return r;
return 0;
}
+
+bool journal_file_next_evolve_usec(JournalFile *f, usec_t *u) {
+ uint64_t epoch;
+
+ assert(f);
+ assert(u);
+
+ if (!f->seal)
+ return false;
+
+ epoch = FSPRG_GetEpoch(f->fsprg_state);
+
+ *u = (usec_t) (f->fss_start_usec + f->fss_interval_usec * epoch + f->fss_interval_usec);
+
+ return true;
+}