Home
last modified time | relevance | path

Searched refs:encrypted (Results 1 – 25 of 29) sorted by relevance

12

/systemd-251/src/home/
Dhomework-fscrypt.c93 const void *encrypted, size_t encrypted_size, in fscrypt_slot_try_one() argument
110 assert(encrypted); in fscrypt_slot_try_one()
161 …if (EVP_DecryptUpdate(context, (uint8_t*) decrypted, &decrypted_size_out1, encrypted, encrypted_si… in fscrypt_slot_try_one()
196 const void *encrypted, size_t encrypted_size, in fscrypt_slot_try_many() argument
203 …r = fscrypt_slot_try_one(*i, salt, salt_size, encrypted, encrypted_size, match_key_descriptor, ret… in fscrypt_slot_try_many()
230 _cleanup_free_ void *salt = NULL, *encrypted = NULL; in fscrypt_setup() local
257 r = unbase64mem(e+1, n - (e - value) - 1, &encrypted, &encrypted_size); in fscrypt_setup()
266 encrypted, encrypted_size, in fscrypt_setup()
408 _cleanup_free_ void *encrypted = NULL; in fscrypt_slot_set() local
446 encrypted = malloc(encrypted_size); in fscrypt_slot_set()
[all …]
Dhomework-luks.c816 _cleanup_free_ void *encrypted = NULL, *iv = NULL; in luks_validate_home_record() local
852 r = json_variant_unbase64(jr, &encrypted, &encrypted_size); in luks_validate_home_record()
878 …(EVP_DecryptUpdate(context, (uint8_t*) decrypted, &decrypted_size_out1, encrypted, encrypted_size)… in luks_validate_home_record()
930 _cleanup_free_ void *iv = NULL, *encrypted = NULL; in format_luks_token_text() local
971 encrypted = malloc(encrypted_size); in format_luks_token_text()
972 if (!encrypted) in format_luks_token_text()
975 …if (EVP_EncryptUpdate(context, encrypted, &encrypted_size_out1, (uint8_t*) text, text_length) != 1) in format_luks_token_text()
980 …if (EVP_EncryptFinal_ex(context, (uint8_t*) encrypted + encrypted_size_out1, &encrypted_size_out2)… in format_luks_token_text()
989 …JSON_BUILD_PAIR("record", JSON_BUILD_BASE64(encrypted, encrypted_size_out1 + encrypted_size_out2)), in format_luks_token_text()
/systemd-251/src/creds/
Dcreds.c64 bool encrypted, in open_credential_directory() argument
77 p = encrypted ? in open_credential_directory()
82 r = (encrypted ? get_encrypted_credentials_dir : get_credentials_dir)(&p); in open_credential_directory()
116 static int add_credentials_to_table(Table *t, bool encrypted) { in add_credentials_to_table() argument
123 r = open_credential_directory(encrypted, &d, &prefix); in add_credentials_to_table()
165 if (encrypted) { in add_credentials_to_table()
370 int encrypted; in verb_cat() local
380 for (encrypted = 0; encrypted < 2; encrypted++) { in verb_cat()
383 r = open_credential_directory(encrypted, &d, NULL); in verb_cat()
405 if (encrypted >= 2) { /* Found nowhere */ in verb_cat()
[all …]
/systemd-251/src/resolve/
Dresolved-dnstls-gnutls.c87 stream->encrypted = true; in dnstls_stream_connect_tls()
99 assert(stream->encrypted); in dnstls_stream_free()
109 assert(stream->encrypted); in dnstls_stream_on_io()
145 assert(stream->encrypted); in dnstls_stream_shutdown()
171 assert(stream->encrypted); in dnstls_stream_writev()
206 assert(stream->encrypted); in dnstls_stream_read()
Dresolved-dnstls-openssl.c21 assert(stream->encrypted); in dnstls_flush_write_buffer()
122 stream->encrypted = true; in dnstls_stream_connect_tls()
136 assert(stream->encrypted); in dnstls_stream_free()
146 assert(stream->encrypted); in dnstls_stream_on_io()
233 assert(stream->encrypted); in dnstls_stream_shutdown()
332 assert(stream->encrypted); in dnstls_stream_writev()
355 assert(stream->encrypted); in dnstls_stream_read()
Dresolved-dns-stream.c71 if (s->encrypted) { in dns_stream_complete()
213 if (s->encrypted && !(flags & DNS_STREAM_WRITE_TLS_DATA)) in dns_stream_writev()
253 if (s->encrypted) in dns_stream_read()
305 if (s->encrypted) { in on_stream_io()
478 if (s->encrypted) in dns_stream_free()
Dresolved-dns-stream.h91 bool encrypted:1; member
Dresolved-dns-transaction.h153 void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypted);
Dresolved-dns-transaction.c591 bool encrypted; in dns_transaction_on_stream_packet() local
597 encrypted = s->encrypted; in dns_transaction_on_stream_packet()
610 dns_transaction_process_reply(t, p, encrypted); in dns_transaction_on_stream_packet()
703 …eam && (DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level) == t->server->stream->encrypted)) in dns_transaction_emit_tcp()
1036 void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypted) { in dns_transaction_process_reply() argument
1370 SET_FLAG(t->answer_query_flags, SD_RESOLVED_CONFIDENTIAL, encrypted); in dns_transaction_process_reply()
/systemd-251/docs/
DCREDENTIALS.md44 5. Credentials may optionally be encrypted and authenticated, either with a key
80 encrypted credential, and decrypt it before passing it to the service. For
84 encrypted credential to be specified literally. Unlike `SetCredential=` it
182 may be encrypted and authenticated with AES256-GCM. The encryption key can
202 This will first create an encrypted copy of the file `plaintext.txt` in the
203 encrypted credential file `ciphertext.cred`. It then securely removes the
204 source file. It then runs a transient service, that reads the encrypted file
209 Instead of storing the encrypted credential as a separate file on disk, it can
271 UEFI kernel stub is used. This allows placing encrypted credentials in the
377 a container manager or via qemu) and `/run/credentials/@encrypted/` (for
[all …]
DHOME_DIRECTORY.md53 mechanism, except that the home directory is encrypted using `fscrypt`. (Use
59 second field the encrypted volume key. The latter is encrypted using AES256 in
62 `dm-crypt` encrypted volumes. Note that extended attributes are not encrypted
95 record, in the same serialization as in `~/.identity`, though encrypted. The
129 Rationale for including the encrypted user record in the LUKS2 header:
DPASSWORD_AGENTS.md10 …ome kind of hardware or service. Right now this is used exclusively for encrypted hard-disk passph…
14 …s the passphrase from the user. This is useful and necessary in case an encrypted system hard-disk…
DDISCOVERABLE_PARTITIONS.md44 …is automatically mounted to the root directory `/`. If the partition is encrypted with LUKS or has…
154 …ining the root partition are automatically enabled. If the partition is encrypted with LUKS, the d…
155 …oot partition is automatically mounted to `/home/`. If the partition is encrypted with LUKS, the d…
156 …root partition is automatically mounted to `/srv/`. If the partition is encrypted with LUKS, the d…
157 …c instance of the OS, identified by its machine ID. If the partition is encrypted with LUKS, the d…
158 … partition is automatically mounted to `/var/tmp/`. If the partition is encrypted with LUKS, the d…
160 …icitly via entries in `/etc/fstab`. Optionally, these partitions may be encrypted with LUKS. This …
DBUILDING_IMAGES.md61 for details. Note that by removing this file access to previously encrypted
63 a new credential is encrypted and the file does not exist yet.
182 6. Partitions should be encrypted with cryptographic keys generated locally on
DUSER_RECORD.md356 contains a `~/.identity` user record; `fscrypt` is an `fscrypt`-encrypted
575 decrypt an encrypted secret key that is used to unlock the user's account (see
638 security token URI, `data` shall contain a Base64-encoded encrypted key and
641 as follows: the encrypted secret key is converted from its Base64
935 generally insist on user record transfer from trusted servers via encrypted TLS
/systemd-251/src/core/
Dexecute.h162 bool encrypted; member
168 bool encrypted; member
Dexecute.c2600 bool encrypted) { in credential_search_path() argument
2610 if (encrypted) { in credential_search_path()
2639 bool encrypted, in load_credential() argument
2698 search_path = credential_search_path(params, encrypted); in load_credential()
2706 if (encrypted) in load_credential()
2709 maxsz = encrypted ? CREDENTIAL_ENCRYPTED_SIZE_MAX : CREDENTIAL_SIZE_MAX; in load_credential()
2754 if (encrypted) { in load_credential()
2781 bool encrypted; member
2827 args->encrypted, in load_cred_recurse_dir_cb()
2885 lc->encrypted, in acquire_credentials()
[all …]
Dload-fragment.c4712 bool encrypted = ltype; in config_parse_set_credential() local
4746 if (encrypted) { in config_parse_set_credential()
4771 old->encrypted = encrypted; in config_parse_set_credential()
4783 .encrypted = encrypted, in config_parse_set_credential()
4816 bool encrypted = ltype; in config_parse_load_credential() local
4872 old->encrypted = encrypted; in config_parse_load_credential()
4883 .encrypted = encrypted, in config_parse_load_credential()
Ddbus-execute.c847 if (sc->encrypted != streq(property, "SetCredentialEncrypted")) in property_get_set_credential()
894 if (lc->encrypted != streq(property, "LoadCredentialEncrypted")) in property_get_load_credential()
2130 old->encrypted = streq(name, "SetCredentialEncrypted"); in bus_exec_context_set_transient_property()
2142 .encrypted = streq(name, "SetCredentialEncrypted"), in bus_exec_context_set_transient_property()
2213 old->encrypted = streq(name, "LoadCredentialEncrypted"); in bus_exec_context_set_transient_property()
2224 .encrypted = streq(name, "LoadCredentialEncrypted"), in bus_exec_context_set_transient_property()
/systemd-251/units/
Dsystemd-nspawn@.service.in44 # nspawn can set up LUKS encrypted loopback files, in which case it needs
/systemd-251/src/shared/
Ddissect-image.h206 bool encrypted:1; member
Ddissect-image.c395 m->encrypted = streq_ptr(fstype, "crypto_LUKS"); in dissect_image()
1160 m->encrypted = true; in dissect_image()
2120 if (!m->encrypted && !m->verity_ready) { in dissected_image_decrypt()
/systemd-251/src/partition/
Drepart.c2742 _cleanup_free_ char *encrypted = NULL; in context_copy_blocks() local
2771 … r = partition_encrypt(context, p, d->node, &cd, &encrypted, &encrypted_dev_fd); in context_copy_blocks()
2799 r = deactivate_luks(cd, encrypted); in context_copy_blocks()
2989 _cleanup_free_ char *encrypted = NULL; in context_mkfs() local
3021 … r = partition_encrypt(context, p, d->node, &cd, &encrypted, &encrypted_dev_fd); in context_mkfs()
3028 fsdev = encrypted; in context_mkfs()
3043 (void) deactivate_luks(cd, encrypted); in context_mkfs()
3057 (void) deactivate_luks(cd, encrypted); in context_mkfs()
3070 r = deactivate_luks(cd, encrypted); in context_mkfs()
/systemd-251/rules.d/
D99-systemd.rules.in20 # Ignore encrypted devices with no identified superblock on it, since
/systemd-251/test/fuzz/fuzz-udev-rules/
D99-systemd.rules20 # Ignore encrypted devices with no identified superblock on it, since

12