journald: initial version of FSPRG hookup

This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
author: Lennart Poettering <lennart@poettering.net> 2012-08-13 20:31:10 +0200
committer: Lennart Poettering <lennart@poettering.net> 2012-08-13 20:31:10 +0200
commit: 7560fffcd2531786b9c1ca657667a43e90331326 (patch)
tree: df7eb8327afc5ef79aaa63b42c18f4d221a0cef1 /src/journal/journal-file.h
parent: 8caf9d6836c3ed5b7bb4c1ea8dea5241a634c298 (diff)
1 files changed, 22 insertions, 4 deletions
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
index eed49e062f..25d972040c 100644
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@@ -23,6 +23,10 @@
 
 #include <inttypes.h>
 
+#ifdef HAVE_GCRYPT
+#include <gcrypt.h>
+#endif
+
 #include <systemd/sd-id128.h>
 
 #include "sparse-endian.h"
@@ -42,7 +46,7 @@ enum {
         WINDOW_DATA_HASH_TABLE = OBJECT_DATA_HASH_TABLE,
         WINDOW_FIELD_HASH_TABLE = OBJECT_FIELD_HASH_TABLE,
         WINDOW_ENTRY_ARRAY = OBJECT_ENTRY_ARRAY,
-        WINDOW_SIGNATURE = OBJECT_SIGNATURE,
+        WINDOW_TAG = OBJECT_TAG,
         WINDOW_HEADER,
         _WINDOW_MAX
 };
@@ -59,9 +63,13 @@ typedef struct JournalFile {
         char *path;
         struct stat last_stat;
         mode_t mode;
+
         int flags;
         int prot;
         bool writable;
+        bool compress;
+        bool authenticate;
+
         bool tail_entry_monotonic_valid;
 
         Header *header;
@@ -74,12 +82,18 @@ typedef struct JournalFile {
 
         JournalMetrics metrics;
 
-        bool compress;
-
 #ifdef HAVE_XZ
         void *compress_buffer;
         uint64_t compress_buffer_size;
 #endif
+
+#ifdef HAVE_GCRYPT
+        gcry_md_hd_t hmac;
+        bool hmac_running;
+
+        FSPRGHeader *fsprg_header;
+        size_t fsprg_size;
+#endif
 } JournalFile;
 
 typedef enum direction {
@@ -91,6 +105,8 @@ int journal_file_open(
                 const char *fname,
                 int flags,
                 mode_t mode,
+                bool compress,
+                bool authenticate,
                 JournalMetrics *metrics,
                 JournalFile *template,
                 JournalFile **ret);
@@ -101,6 +117,8 @@ int journal_file_open_reliably(
                 const char *fname,
                 int flags,
                 mode_t mode,
+                bool compress,
+                bool authenticate,
                 JournalMetrics *metrics,
                 JournalFile *template,
                 JournalFile **ret);
@@ -134,7 +152,7 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6
 void journal_file_dump(JournalFile *f);
 void journal_file_print_header(JournalFile *f);
 
-int journal_file_rotate(JournalFile **f);
+int journal_file_rotate(JournalFile **f, bool compress, bool authenticate);
 
 int journal_directory_vacuum(const char *directory, uint64_t max_use, uint64_t min_free);
author	Lennart Poettering <lennart@poettering.net>	2012-08-13 20:31:10 +0200
committer	Lennart Poettering <lennart@poettering.net>	2012-08-13 20:31:10 +0200
commit	7560fffcd2531786b9c1ca657667a43e90331326 (patch)
tree	df7eb8327afc5ef79aaa63b42c18f4d221a0cef1 /src/journal/journal-file.h
parent	8caf9d6836c3ed5b7bb4c1ea8dea5241a634c298 (diff)