cryptohome/storage/keyring/utils.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2022 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CRYPTOHOME_STORAGE_KEYRING_UTILS_H_
 #define CRYPTOHOME_STORAGE_KEYRING_UTILS_H_

 #include <string>

 #include <brillo/secure_blob.h>

 #include "cryptohome/storage/encrypted_container/filesystem_key.h"

 namespace cryptohome {

 namespace ecryptfs {

 // Creates an ecryptfs auth token and installs it in the kernel keyring.
 bool AddEcryptfsAuthToken(const brillo::SecureBlob& key,
                           const std::string& key_sig,
                           const brillo::SecureBlob& salt);

 // Creates an ecryptfs auth token and installs it in the kernel keyring.
 bool RemoveEcryptfsAuthToken(const std::string& key_sig);

 }  // namespace ecryptfs

 namespace dmcrypt {
 // Generate the keyring description.
 FileSystemKeyReference GenerateKeyringDescription(
     const brillo::SecureBlob& key_reference);

 // Generates the key descriptor to be used in the device mapper table if the
 // kernel keyring is supported.
 brillo::SecureBlob GenerateDmcryptKeyDescriptor(
     const brillo::SecureBlob key_reference, uint64_t key_size);

 // For dm-crypt, we use the process keyring to ensure that the key is unlinked
 // if the process exits/crashes before it is cleared.
 bool AddLogonKey(const brillo::SecureBlob& key,
                  const brillo::SecureBlob& key_reference);

 // Removes the key from the keyring.
 bool UnlinkLogonKey(const brillo::SecureBlob& key_reference);

 }  // namespace dmcrypt

 }  // namespace cryptohome

 #endif  // CRYPTOHOME_STORAGE_KEYRING_UTILS_H_
	// Copyright 2022 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CRYPTOHOME_STORAGE_KEYRING_UTILS_H_
	#define CRYPTOHOME_STORAGE_KEYRING_UTILS_H_

	#include <string>

	#include <brillo/secure_blob.h>

	#include "cryptohome/storage/encrypted_container/filesystem_key.h"

	namespace cryptohome {

	namespace ecryptfs {

	// Creates an ecryptfs auth token and installs it in the kernel keyring.
	bool AddEcryptfsAuthToken(const brillo::SecureBlob& key,
	const std::string& key_sig,
	const brillo::SecureBlob& salt);

	// Creates an ecryptfs auth token and installs it in the kernel keyring.
	bool RemoveEcryptfsAuthToken(const std::string& key_sig);

	} // namespace ecryptfs

	namespace dmcrypt {
	// Generate the keyring description.
	FileSystemKeyReference GenerateKeyringDescription(
	const brillo::SecureBlob& key_reference);

	// Generates the key descriptor to be used in the device mapper table if the
	// kernel keyring is supported.
	brillo::SecureBlob GenerateDmcryptKeyDescriptor(
	const brillo::SecureBlob key_reference, uint64_t key_size);

	// For dm-crypt, we use the process keyring to ensure that the key is unlinked
	// if the process exits/crashes before it is cleared.
	bool AddLogonKey(const brillo::SecureBlob& key,
	const brillo::SecureBlob& key_reference);

	// Removes the key from the keyring.
	bool UnlinkLogonKey(const brillo::SecureBlob& key_reference);

	} // namespace dmcrypt

	} // namespace cryptohome

	#endif // CRYPTOHOME_STORAGE_KEYRING_UTILS_H_