X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fjournal%2Fjournal-authenticate.c;h=674f81218f4c3489fb570f8461e7e62ea58a8537;hb=f2cc3753ce0e85960f0299855c3b98ba60efa580;hp=93cc9d94a1804e9fca421b78f23cf1e20a1efab5;hpb=feb12d3ed2c7f9132c64773c7c41b9e3a608a814;p=elogind.git diff --git a/src/journal/journal-authenticate.c b/src/journal/journal-authenticate.c index 93cc9d94a..674f81218 100644 --- a/src/journal/journal-authenticate.c +++ b/src/journal/journal-authenticate.c @@ -66,7 +66,7 @@ int journal_file_append_tag(JournalFile *f) { /* Add the tag object itself, so that we can protect its * header. This will exclude the actual hash value in it */ - r = journal_file_hmac_put_object(f, OBJECT_TAG, p); + r = journal_file_hmac_put_object(f, OBJECT_TAG, o, p); if (r < 0) return r; @@ -211,6 +211,9 @@ int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) { if (!f->seal) return 0; + if (realtime <= 0) + realtime = now(CLOCK_REALTIME); + r = journal_file_fsprg_need_evolve(f, realtime); if (r <= 0) return 0; @@ -226,9 +229,8 @@ int journal_file_maybe_append_tag(JournalFile *f, uint64_t realtime) { return 0; } -int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) { +int journal_file_hmac_put_object(JournalFile *f, int type, Object *o, uint64_t p) { int r; - Object *o; assert(f); @@ -239,9 +241,14 @@ int journal_file_hmac_put_object(JournalFile *f, int type, uint64_t p) { if (r < 0) return r; - r = journal_file_move_to_object(f, type, p, &o); - if (r < 0) - return r; + if (!o) { + r = journal_file_move_to_object(f, type, p, &o); + if (r < 0) + return r; + } else { + if (type >= 0 && o->object.type != type) + return -EBADMSG; + } gcry_md_write(f->hmac, o, offsetof(ObjectHeader, payload)); @@ -325,7 +332,9 @@ int journal_file_fss_load(JournalFile *f) { fd = open(p, O_RDWR|O_CLOEXEC|O_NOCTTY, 0600); if (fd < 0) { - log_error("Failed to open %s: %m", p); + if (errno != ENOENT) + log_error("Failed to open %s: %m", p); + r = -errno; goto finish; } @@ -362,7 +371,7 @@ int journal_file_fss_load(JournalFile *f) { goto finish; } - if (le64toh(m->fsprg_state_size) != FSPRG_stateinbytes(m->fsprg_secpar)) { + if (le64toh(m->fsprg_state_size) != FSPRG_stateinbytes(le16toh(m->fsprg_secpar))) { r = -EBADMSG; goto finish; } @@ -410,12 +419,26 @@ finish: return r; } +static void initialize_libgcrypt(void) { + const char *p; + + if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) + return; + + p = gcry_check_version("1.4.5"); + assert(p); + + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); +} + int journal_file_hmac_setup(JournalFile *f) { gcry_error_t e; if (!f->seal) return 0; + initialize_libgcrypt(); + e = gcry_md_open(&f->hmac, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC); if (e != 0) return -ENOTSUP; @@ -441,7 +464,7 @@ int journal_file_append_first_tag(JournalFile *f) { return -EINVAL; p -= offsetof(Object, hash_table.items); - r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, p); + r = journal_file_hmac_put_object(f, OBJECT_FIELD_HASH_TABLE, NULL, p); if (r < 0) return r; @@ -450,7 +473,7 @@ int journal_file_append_first_tag(JournalFile *f) { return -EINVAL; p -= offsetof(Object, hash_table.items); - r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, p); + r = journal_file_hmac_put_object(f, OBJECT_DATA_HASH_TABLE, NULL, p); if (r < 0) return r; @@ -517,3 +540,19 @@ int journal_file_parse_verification_key(JournalFile *f, const char *key) { return 0; } + +bool journal_file_next_evolve_usec(JournalFile *f, usec_t *u) { + uint64_t epoch; + + assert(f); + assert(u); + + if (!f->seal) + return false; + + epoch = FSPRG_GetEpoch(f->fsprg_state); + + *u = (usec_t) (f->fss_start_usec + f->fss_interval_usec * epoch + f->fss_interval_usec); + + return true; +}