bcachefs-tools/src/key.rs

use std::{
    fmt::Debug,
    fs,
    io::{stdin, IsTerminal},
};

use anyhow::anyhow;
use bch_bindgen::bcachefs::bch_sb_handle;
use log::info;

use crate::c_str;

#[derive(Clone, Debug, clap::ValueEnum, strum::Display)]
pub enum UnlockPolicy {
    Fail,
    Wait,
    Ask,
}

impl Default for UnlockPolicy {
    fn default() -> Self {
        Self::Ask
    }
}

pub fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {
    use bch_bindgen::keyutils::{self, keyctl_search};
    let key_name = key_name.to_bytes_with_nul().as_ptr() as *const _;
    let key_type = c_str!("user");

    let key_id = unsafe { keyctl_search(keyutils::KEY_SPEC_USER_KEYRING, key_type, key_name, 0) };
    if key_id > 0 {
        info!("Key has become available");
        Ok(true)
    } else {
        match errno::errno().0 {
            libc::ENOKEY | libc::EKEYREVOKED => Ok(false),
            _ => Err(crate::ErrnoError(errno::errno()).into()),
        }
    }
}

fn wait_for_unlock(uuid: &uuid::Uuid) -> anyhow::Result<()> {
    let key_name = std::ffi::CString::new(format!("bcachefs:{}", uuid)).unwrap();
    loop {
        if check_for_key(&key_name)? {
            break Ok(());
        }

        std::thread::sleep(std::time::Duration::from_secs(1));
    }
}

// blocks indefinitely if no input is available on stdin
fn ask_for_passphrase(sb: &bch_sb_handle) -> anyhow::Result<()> {
    let passphrase = if stdin().is_terminal() {
        rpassword::prompt_password("Enter passphrase: ")?
    } else {
        info!("Trying to read passphrase from stdin...");
        let mut line = String::new();
        stdin().read_line(&mut line)?;
        line
    };
    unlock_master_key(sb, &passphrase)
}

const BCH_KEY_MAGIC: &str = "bch**key";
fn unlock_master_key(sb: &bch_sb_handle, passphrase: &str) -> anyhow::Result<()> {
    use bch_bindgen::bcachefs::{self, bch2_chacha_encrypt_key, bch_encrypted_key, bch_key};
    use byteorder::{LittleEndian, ReadBytesExt};
    use std::os::raw::c_char;

    let key_name = std::ffi::CString::new(format!("bcachefs:{}", sb.sb().uuid())).unwrap();
    if check_for_key(&key_name)? {
        return Ok(());
    }

    let bch_key_magic = BCH_KEY_MAGIC.as_bytes().read_u64::<LittleEndian>().unwrap();
    let crypt = sb.sb().crypt().unwrap();
    let passphrase = std::ffi::CString::new(passphrase.trim_end())?; // bind to keep the CString alive
    let mut output: bch_key = unsafe {
        bcachefs::derive_passphrase(
            crypt as *const _ as *mut _,
            passphrase.as_c_str().to_bytes_with_nul().as_ptr() as *const _,
        )
    };

    let mut key = *crypt.key();
    let ret = unsafe {
        bch2_chacha_encrypt_key(
            &mut output as *mut _,
            sb.sb().nonce(),
            &mut key as *mut _ as *mut _,
            std::mem::size_of::<bch_encrypted_key>(),
        )
    };
    if ret != 0 {
        Err(anyhow!("chacha decryption failure"))
    } else if key.magic != bch_key_magic {
        Err(anyhow!("failed to verify the password"))
    } else {
        let key_type = c_str!("user");
        let ret = unsafe {
            bch_bindgen::keyutils::add_key(
                key_type,
                key_name.as_c_str().to_bytes_with_nul() as *const _ as *const c_char,
                &output as *const _ as *const _,
                std::mem::size_of::<bch_key>(),
                bch_bindgen::keyutils::KEY_SPEC_USER_KEYRING,
            )
        };
        if ret == -1 {
            Err(anyhow!("failed to add key to keyring: {}", errno::errno()))
        } else {
            Ok(())
        }
    }
}

pub fn read_from_passphrase_file(
    block_device: &bch_sb_handle,
    passphrase_file: &std::path::Path,
) -> anyhow::Result<()> {
    // Attempts to unlock the master key by password_file
    // Return true if unlock was successful, false otherwise
    info!(
        "Attempting to unlock master key for filesystem {}, using password from file {}",
        block_device.sb().uuid(),
        passphrase_file.display()
    );
    // Read the contents of the password_file into a string
    let passphrase = fs::read_to_string(passphrase_file)?;
    // Call decrypt_master_key with the read string
    unlock_master_key(block_device, &passphrase)
}

pub fn apply_key_unlocking_policy(
    block_device: &bch_sb_handle,
    unlock_policy: UnlockPolicy,
) -> anyhow::Result<()> {
    info!(
        "Attempting to unlock master key for filesystem {}, using unlock policy {}",
        block_device.sb().uuid(),
        unlock_policy
    );
    match unlock_policy {
        UnlockPolicy::Fail => Err(anyhow!("no passphrase available")),
        UnlockPolicy::Wait => Ok(wait_for_unlock(&block_device.sb().uuid())?),
        UnlockPolicy::Ask => ask_for_passphrase(block_device),
    }
}
Format with rustfmt Note that we're using struct/enum align options, which require nightly. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-27 03:38:08 +03:00			`use std::{`
refactor: reduce `UnlockPolicy` boilerplate Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> 2024-05-30 19:31:10 +03:00			`fmt::Debug,`
			`fs,`
Format with rustfmt Note that we're using struct/enum align options, which require nightly. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-27 03:38:08 +03:00			`io::{stdin, IsTerminal},`
			`};`
Replace atty with stdlib is_terminal() is part of rust 1.70 std, no need for isatty Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2024-02-07 23:12:09 +03:00
Rust now integrated into bcachefs binary Rust is now required for building the bcachefs tool, and rust code is now fully integrated with the C codebase - meaning it is possible to call back and forth. The mount helper is now a subcommand, 'mount.bcachefs' is now a small shell wrapper that invokes 'bcachefs mount'. This will make it easier to start rewriting other subcommands in rust, and eventually the whole command line interface. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-01-04 06:31:36 +03:00			`use anyhow::anyhow;`
Format with rustfmt Note that we're using struct/enum align options, which require nightly. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-27 03:38:08 +03:00			`use bch_bindgen::bcachefs::bch_sb_handle;`
			`use log::info;`
Rust now integrated into bcachefs binary Rust is now required for building the bcachefs tool, and rust code is now fully integrated with the C codebase - meaning it is possible to call back and forth. The mount helper is now a subcommand, 'mount.bcachefs' is now a small shell wrapper that invokes 'bcachefs mount'. This will make it easier to start rewriting other subcommands in rust, and eventually the whole command line interface. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-01-04 06:31:36 +03:00
refactor: reduce `UnlockPolicy` boilerplate Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> 2024-05-30 19:31:10 +03:00			`use crate::c_str;`

			`#[derive(Clone, Debug, clap::ValueEnum, strum::Display)]`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`pub enum UnlockPolicy {`
Rust now integrated into bcachefs binary Rust is now required for building the bcachefs tool, and rust code is now fully integrated with the C codebase - meaning it is possible to call back and forth. The mount helper is now a subcommand, 'mount.bcachefs' is now a small shell wrapper that invokes 'bcachefs mount'. This will make it easier to start rewriting other subcommands in rust, and eventually the whole command line interface. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-01-04 06:31:36 +03:00			`Fail,`
			`Wait,`
			`Ask,`
			`}`

refactor: reduce `UnlockPolicy` boilerplate Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> 2024-05-30 19:31:10 +03:00			`impl Default for UnlockPolicy {`
			`fn default() -> Self {`
			`Self::Ask`
Add fmt::Display for KeyLocation Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:12:36 +03:00			`}`
			`}`

`check_for_key` before `ask_for_passphrase` let's always first check if there is already a key in the keyring available before we try to get the key from some more involved means. Fixes: #261 Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-10 00:52:47 +03:00			`pub fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`use bch_bindgen::keyutils::{self, keyctl_search};`
			`let key_name = key_name.to_bytes_with_nul().as_ptr() as *const _;`
cmd_mount: use the correct keyring key type Mount is checking for and adding encryption keys using the logon key type instead of the user key type. This was causing it to not be able to unlock volumes on its own, and ask for a passphrase on already unlocked volumes. Signed-off-by: Colin Gillespie <colin@cgillespie.xyz> 2023-08-12 06:50:37 +03:00			`let key_type = c_str!("user");`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`let key_id = unsafe { keyctl_search(keyutils::KEY_SPEC_USER_KEYRING, key_type, key_name, 0) };`
			`if key_id > 0 {`
Typo Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-20 21:49:50 +03:00			`info!("Key has become available");`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`Ok(true)`
			`} else {`
cmd_mount: request passphrase if the existing key is revoked Signed-off-by: Colin Gillespie <colin@cgillespie.xyz> 2023-09-08 10:27:52 +03:00			`match errno::errno().0 {`
			`libc::ENOKEY \| libc::EKEYREVOKED => Ok(false),`
			`_ => Err(crate::ErrnoError(errno::errno()).into()),`
			`}`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`}`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00			`}`

Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`fn wait_for_unlock(uuid: &uuid::Uuid) -> anyhow::Result<()> {`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`let key_name = std::ffi::CString::new(format!("bcachefs:{}", uuid)).unwrap();`
			`loop {`
			`if check_for_key(&key_name)? {`
			`break Ok(());`
			`}`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`std::thread::sleep(std::time::Duration::from_secs(1));`
			`}`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00			`}`

`check_for_key` before `ask_for_passphrase` let's always first check if there is already a key in the keyring available before we try to get the key from some more involved means. Fixes: #261 Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-10 00:52:47 +03:00			`// blocks indefinitely if no input is available on stdin`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`fn ask_for_passphrase(sb: &bch_sb_handle) -> anyhow::Result<()> {`
			`let passphrase = if stdin().is_terminal() {`
Refactor ask_for_key to call new decrypt_master_key Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-21 18:45:18 +03:00			`rpassword::prompt_password("Enter passphrase: ")?`
			`} else {`
`check_for_key` before `ask_for_passphrase` let's always first check if there is already a key in the keyring available before we try to get the key from some more involved means. Fixes: #261 Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-10 00:52:47 +03:00			`info!("Trying to read passphrase from stdin...");`
Refactor ask_for_key to call new decrypt_master_key Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-21 18:45:18 +03:00			`let mut line = String::new();`
			`stdin().read_line(&mut line)?;`
			`line`
			`};`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`unlock_master_key(sb, &passphrase)`
Refactor ask_for_key to call new decrypt_master_key Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-21 18:45:18 +03:00			`}`

			`const BCH_KEY_MAGIC: &str = "bch**key";`
refactor: manually fix remaining clippy lints Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> 2024-05-22 23:21:31 +03:00			`fn unlock_master_key(sb: &bch_sb_handle, passphrase: &str) -> anyhow::Result<()> {`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`use bch_bindgen::bcachefs::{self, bch2_chacha_encrypt_key, bch_encrypted_key, bch_key};`
			`use byteorder::{LittleEndian, ReadBytesExt};`
			`use std::os::raw::c_char;`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00
More rust improvements - passing of arguments from c -> rust code now works correctly - 'bcachefs mount' now handles being passed a device or devices Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-02-21 22:39:43 +03:00			`let key_name = std::ffi::CString::new(format!("bcachefs:{}", sb.sb().uuid())).unwrap();`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`if check_for_key(&key_name)? {`
			`return Ok(());`
			`}`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`let bch_key_magic = BCH_KEY_MAGIC.as_bytes().read_u64::<LittleEndian>().unwrap();`
More rust improvements - passing of arguments from c -> rust code now works correctly - 'bcachefs mount' now handles being passed a device or devices Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-02-21 22:39:43 +03:00			`let crypt = sb.sb().crypt().unwrap();`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`let passphrase = std::ffi::CString::new(passphrase.trim_end())?; // bind to keep the CString alive`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`let mut output: bch_key = unsafe {`
			`bcachefs::derive_passphrase(`
			`crypt as const _ as mut _,`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`passphrase.as_c_str().to_bytes_with_nul().as_ptr() as *const _,`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`)`
			`};`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00
refactor: `cargo clippy --fix` Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> 2024-05-22 23:17:04 +03:00			`let mut key = *crypt.key();`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`let ret = unsafe {`
			`bch2_chacha_encrypt_key(`
			`&mut output as *mut _,`
More rust improvements - passing of arguments from c -> rust code now works correctly - 'bcachefs mount' now handles being passed a device or devices Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-02-21 22:39:43 +03:00			`sb.sb().nonce(),`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`&mut key as mut _ as mut _,`
refactor: `cargo clippy --fix` Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> 2024-05-22 23:17:04 +03:00			`std::mem::size_of::<bch_encrypted_key>(),`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`)`
			`};`
			`if ret != 0 {`
			`Err(anyhow!("chacha decryption failure"))`
			`} else if key.magic != bch_key_magic {`
			`Err(anyhow!("failed to verify the password"))`
			`} else {`
cmd_mount: use the correct keyring key type Mount is checking for and adding encryption keys using the logon key type instead of the user key type. This was causing it to not be able to unlock volumes on its own, and ask for a passphrase on already unlocked volumes. Signed-off-by: Colin Gillespie <colin@cgillespie.xyz> 2023-08-12 06:50:37 +03:00			`let key_type = c_str!("user");`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`let ret = unsafe {`
			`bch_bindgen::keyutils::add_key(`
			`key_type,`
			`key_name.as_c_str().to_bytes_with_nul() as const _ as const c_char,`
			`&output as const _ as const _,`
refactor: `cargo clippy --fix` Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net> 2024-05-22 23:17:04 +03:00			`std::mem::size_of::<bch_key>(),`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`bch_bindgen::keyutils::KEY_SPEC_USER_KEYRING,`
			`)`
			`};`
			`if ret == -1 {`
			`Err(anyhow!("failed to add key to keyring: {}", errno::errno()))`
			`} else {`
			`Ok(())`
			`}`
			`}`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00			`}`

Format with rustfmt Note that we're using struct/enum align options, which require nightly. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-27 03:38:08 +03:00			`pub fn read_from_passphrase_file(`
			`block_device: &bch_sb_handle,`
			`passphrase_file: &std::path::Path,`
			`) -> anyhow::Result<()> {`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`// Attempts to unlock the master key by password_file`
			`// Return true if unlock was successful, false otherwise`
Format with rustfmt Note that we're using struct/enum align options, which require nightly. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-27 03:38:08 +03:00			`info!(`
			`"Attempting to unlock master key for filesystem {}, using password from file {}",`
			`block_device.sb().uuid(),`
			`passphrase_file.display()`
			`);`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`// Read the contents of the password_file into a string`
			`let passphrase = fs::read_to_string(passphrase_file)?;`
Add decryption by key_file - Add key_file option to Cli - Rework decryption flow logic to first attempt key_file - Read password from file and pass to decrypt_master_key Explicity specify '-k' for key_location Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-18 11:32:19 +03:00			`// Call decrypt_master_key with the read string`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`unlock_master_key(block_device, &passphrase)`
Add decryption by key_file - Add key_file option to Cli - Rework decryption flow logic to first attempt key_file - Read password from file and pass to decrypt_master_key Explicity specify '-k' for key_location Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-18 11:32:19 +03:00			`}`

Format with rustfmt Note that we're using struct/enum align options, which require nightly. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-27 03:38:08 +03:00			`pub fn apply_key_unlocking_policy(`
			`block_device: &bch_sb_handle,`
			`unlock_policy: UnlockPolicy,`
			`) -> anyhow::Result<()> {`
			`info!(`
			`"Attempting to unlock master key for filesystem {}, using unlock policy {}",`
			`block_device.sb().uuid(),`
			`unlock_policy`
			`);`
Apply naming convention: passphrase->unlock->key->decrypt->fs Signed-off-by: Roland Vet <RlndVt@protonmail.com> 2024-02-22 23:37:37 +03:00			`match unlock_policy {`
			`UnlockPolicy::Fail => Err(anyhow!("no passphrase available")),`
			`UnlockPolicy::Wait => Ok(wait_for_unlock(&block_device.sb().uuid())?),`
			`UnlockPolicy::Ask => ask_for_passphrase(block_device),`
rust: use rustfmt defaults follow the kernel style guide, i.e idiomatic rust style. Signed-off-by: Alexander Fougner <fougner89@gmail.com> 2023-01-16 11:22:49 +03:00			`}`
Add a mount.bcachefs tool This tool currently has most of the fundmental features implemented. It can mount a filesystem specified by uuid, it can ask password for an encrypted filesystem. There may be some work that needs to be done to make it behave more like a "mount.*" tool. Related: #1 Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> 2020-05-04 16:28:38 +03:00			`}`