7407f68980
Let's make loading of keys a bit more automatic and define a common place where key files can be placed. Specifically, whenever a volume of name "foo" is attempted, search for a key file in /etc/cryptsetup-keys.d/foo.key and /run/cryptsetup-keys.d/foo.key, unless a key file is declared explicitly. With this scheme we have a simple discovery in place that should make it more straightfoward wher to place keys, and requires no explicit configuration to be used.
42 lines
1.1 KiB
C
42 lines
1.1 KiB
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include "log.h"
|
|
#include "time-util.h"
|
|
|
|
#if HAVE_P11KIT
|
|
|
|
int decrypt_pkcs11_key(
|
|
const char *friendly_name,
|
|
const char *pkcs11_uri,
|
|
const char *key_file,
|
|
size_t key_file_size,
|
|
uint64_t key_file_offset,
|
|
const void *key_data,
|
|
size_t key_data_size,
|
|
usec_t until,
|
|
void **ret_decrypted_key,
|
|
size_t *ret_decrypted_key_size);
|
|
|
|
#else
|
|
|
|
static inline int decrypt_pkcs11_key(
|
|
const char *friendly_name,
|
|
const char *pkcs11_uri,
|
|
const char *key_file,
|
|
size_t key_file_size,
|
|
uint64_t key_file_offset,
|
|
const void *key_data,
|
|
size_t key_data_size,
|
|
usec_t until,
|
|
void **ret_decrypted_key,
|
|
size_t *ret_decrypted_key_size) {
|
|
|
|
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
|
"PKCS#11 Token support not available.");
|
|
}
|
|
|
|
#endif
|