blob: e2d86eb9393f03776e3ad8fc767b32ac3f0d6e77 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include "strv.h"
#include "user-record.h"
typedef struct PasswordCache {
/* The volume key from the kernel keyring */
void *volume_key;
size_t volume_key_size;
/* Decoding passwords from security tokens is expensive and typically requires user interaction,
* hence cache any we already figured out. */
char **pkcs11_passwords;
char **fido2_passwords;
} PasswordCache;
void password_cache_free(PasswordCache *cache);
static inline bool password_cache_contains(const PasswordCache *cache, const char *p) {
if (!cache)
return false;
/* Used to decide whether or not to set a minimal PBKDF, under the assumption that if
* the cache contains a password then the password came from a hardware token of some kind
* and is thus naturally high-entropy. */
return strv_contains(cache->pkcs11_passwords, p) ||
strv_contains(cache->fido2_passwords, p);
}
void password_cache_load_keyring(UserRecord *h, PasswordCache *cache);
|
