diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-11-17 17:07:46 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-11-29 15:13:00 +0100 |
| commit | 70fc4f57902290c48bec9acb2393ded84c09d4ca (patch) | |
| tree | 3db642c2421d7aaae660e6071370a42e3a7da9ad /src/libsystemd | |
| parent | 0fe5f3c5d743a7e4c63580a67066935f9e23a2f4 (diff) | |
sd-id128: add new sd_id128_get_machine_app_specific() API
This adds an API for retrieving an app-specific machine ID to sd-id128.
Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload
and the machine ID as key.
(An alternative would have been to use siphash for this, which is also
cryptographically strong. However, as it only generates 64bit hashes it's not
an obvious choice for generating 128bit IDs.)
Fixes: #4667
Diffstat (limited to 'src/libsystemd')
| -rw-r--r-- | src/libsystemd/libsystemd.sym | 5 | ||||
| -rw-r--r-- | src/libsystemd/sd-id128/sd-id128.c | 32 |
2 files changed, 37 insertions, 0 deletions
diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym index d48ef6bbe2..46c4dac7d7 100644 --- a/src/libsystemd/libsystemd.sym +++ b/src/libsystemd/libsystemd.sym @@ -511,3 +511,8 @@ global: sd_bus_get_exit_on_disconnect; sd_id128_get_invocation; } LIBSYSTEMD_231; + +LIBSYSTEMD_233 { +global: + sd_id128_get_machine_app_specific; +} LIBSYSTEMD_232; diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c index d4450c70a0..0d673ba655 100644 --- a/src/libsystemd/sd-id128/sd-id128.c +++ b/src/libsystemd/sd-id128/sd-id128.c @@ -27,6 +27,7 @@ #include "hexdecoct.h" #include "id128-util.h" #include "io-util.h" +#include "khash.h" #include "macro.h" #include "random-util.h" #include "util.h" @@ -181,3 +182,34 @@ _public_ int sd_id128_randomize(sd_id128_t *ret) { *ret = make_v4_uuid(t); return 0; } + +_public_ int sd_id128_get_machine_app_specific(sd_id128_t app_id, sd_id128_t *ret) { + _cleanup_(khash_unrefp) khash *h = NULL; + sd_id128_t m, result; + const void *p; + int r; + + assert_return(ret, -EINVAL); + + r = sd_id128_get_machine(&m); + if (r < 0) + return r; + + r = khash_new_with_key(&h, "hmac(sha256)", &m, sizeof(m)); + if (r < 0) + return r; + + r = khash_put(h, &app_id, sizeof(app_id)); + if (r < 0) + return r; + + r = khash_digest_data(h, &p); + if (r < 0) + return r; + + /* We chop off the trailing 16 bytes */ + memcpy(&result, p, MIN(khash_get_size(h), sizeof(result))); + + *ret = make_v4_uuid(result); + return 0; +} |