bcachefs-tools/cmd_key.c

#include <errno.h>
#include <unistd.h>
#include <uuid/uuid.h>

#include "cmds.h"
#include "libbcachefs/checksum.h"
#include "crypto.h"
#include "libbcachefs.h"

static void unlock_usage(void)
{
	puts("bcachefs unlock - unlock an encrypted filesystem so it can be mounted\n"
	     "Usage: bcachefs unlock [OPTION] device\n"
	     "\n"
	     "Options:\n"
	     "  -c                     Check if a device is encrypted\n"
	     "  -k (session|user|user_session)\n"
	     "                         Keyring to add to (default: user)\n"
	     "  -h                     Display this help and exit\n"
	     "Report bugs to <linux-bcachefs@vger.kernel.org>");
}

int cmd_unlock(int argc, char *argv[])
{
	const char *keyring = "user";
	bool check = false;
	int opt;

	while ((opt = getopt(argc, argv, "ck:h")) != -1)
		switch (opt) {
		case 'c':
			check = true;
			break;
		case 'k':
			keyring = strdup(optarg);
			break;
		case 'h':
			unlock_usage();
			exit(EXIT_SUCCESS);
		}
	args_shift(optind);

	char *dev = arg_pop();
	if (!dev)
		die("Please supply a device");

	if (argc)
		die("Too many arguments");

	struct bch_opts opts = bch2_opts_empty();

	opt_set(opts, noexcl, true);
	opt_set(opts, nochanges, true);

	struct bch_sb_handle sb;
	int ret = bch2_read_super(dev, &opts, &sb);
	if (ret)
		die("Error opening %s: %s", dev, bch2_err_str(ret));

	if (!bch2_sb_is_encrypted(sb.sb))
		die("%s is not encrypted", dev);

	if (check)
		exit(EXIT_SUCCESS);

	char *passphrase = read_passphrase("Enter passphrase: ");

	bch2_add_key(sb.sb, "user", keyring, passphrase);

	bch2_free_super(&sb);
	memzero_explicit(passphrase, strlen(passphrase));
	free(passphrase);
	return 0;
}

int cmd_set_passphrase(int argc, char *argv[])
{
	struct bch_opts opts = bch2_opts_empty();
	struct bch_fs *c;

	if (argc < 2)
		die("Please supply one or more devices");

	opt_set(opts, nostart, true);

	/*
	 * we use bch2_fs_open() here, instead of just reading the superblock,
	 * to make sure we're opening and updating every component device:
	 */

	c = bch2_fs_open(argv + 1, argc - 1, opts);
	if (IS_ERR(c))
		die("Error opening %s: %s", argv[1], bch2_err_str(PTR_ERR(c)));

	struct bch_sb_field_crypt *crypt = bch2_sb_field_get(c->disk_sb.sb, crypt);
	if (!crypt)
		die("Filesystem does not have encryption enabled");

	struct bch_encrypted_key new_key;
	new_key.magic = BCH_KEY_MAGIC;

	int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key);
	if (ret)
		die("Error getting current key");

	char *new_passphrase = read_passphrase_twice("Enter new passphrase: ");
	struct bch_key passphrase_key = derive_passphrase(crypt, new_passphrase);

	if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(c->disk_sb.sb),
				    &new_key, sizeof(new_key)))
		die("error encrypting key");
	crypt->key = new_key;

	bch2_revoke_key(c->disk_sb.sb);
	bch2_write_super(c);
	bch2_fs_stop(c);
	return 0;
}

int cmd_remove_passphrase(int argc, char *argv[])
{
	struct bch_opts opts = bch2_opts_empty();
	struct bch_fs *c;

	if (argc < 2)
		die("Please supply one or more devices");

	opt_set(opts, nostart, true);
	c = bch2_fs_open(argv + 1, argc - 1, opts);
	if (IS_ERR(c))
		die("Error opening %s: %s", argv[1], bch2_err_str(PTR_ERR(c)));

	struct bch_sb_field_crypt *crypt = bch2_sb_field_get(c->disk_sb.sb, crypt);
	if (!crypt)
		die("Filesystem does not have encryption enabled");

	struct bch_encrypted_key new_key;
	new_key.magic = BCH_KEY_MAGIC;

	int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key);
	if (ret)
		die("Error getting current key");

	crypt->key = new_key;

	bch2_write_super(c);
	bch2_fs_stop(c);
	return 0;
}
New on disk format - encryption 2016-10-04 06:22:17 +03:00			`#include <errno.h>`
			`#include <unistd.h>`
			`#include <uuid/uuid.h>`

			`#include "cmds.h"`
build: require explicit include paths for libbcachefs/ This removes the implicit `-I libbcachefs` argument to $(CC), which in turn requires a set of minor changes throughout the tools. There are two advantages to this setup: 1) It is (arguably) easier to read, since the location of bcachefs includes are easier to understand at a glance ("where does util.h live?") 2) It removes the need for a hack to include glibc's copy of dirent.h explicitly via '/usr/include/dirent.h', because libbcachefs/ also has a dirent.h file and the compiler cannot disambiguate them. This has some ramifications on systems where /usr/include may not exist, such as NixOS. Signed-off-by: Austin Seipp <aseipp@pobox.com> 2017-11-27 04:29:00 +03:00			`#include "libbcachefs/checksum.h"`
New on disk format - encryption 2016-10-04 06:22:17 +03:00			`#include "crypto.h"`
Rename from bcache-tools to bcachefs-tools 2017-03-20 02:56:34 +03:00			`#include "libbcachefs.h"`
New on disk format - encryption 2016-10-04 06:22:17 +03:00
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`static void unlock_usage(void)`
			`{`
			`puts("bcachefs unlock - unlock an encrypted filesystem so it can be mounted\n"`
			`"Usage: bcachefs unlock [OPTION] device\n"`
			`"\n"`
			`"Options:\n"`
			`" -c Check if a device is encrypted\n"`
cmd_unlock: Add -k argument to specify keyring This adds a new argument (-k) to cmd_unlock for specifying the keyring to add to. The default is user, but user_session and session can also be specified. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> 2022-05-19 22:59:37 +03:00			`" -k (session\|user\|user_session)\n"`
			`" Keyring to add to (default: user)\n"`
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`" -h Display this help and exit\n"`
Update email address This changes linux-bcache@vger.kernel.org references to the correct mailing list (linux-bcachefs@vger.kernel.org). Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> 2022-05-26 22:40:08 +03:00			`"Report bugs to <linux-bcachefs@vger.kernel.org>");`
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`}`

New on disk format - encryption 2016-10-04 06:22:17 +03:00			`int cmd_unlock(int argc, char *argv[])`
			`{`
cmd_unlock: Add -k argument to specify keyring This adds a new argument (-k) to cmd_unlock for specifying the keyring to add to. The default is user, but user_session and session can also be specified. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> 2022-05-19 22:59:37 +03:00			`const char *keyring = "user";`
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`bool check = false;`
			`int opt;`

cmd_unlock: Add -k argument to specify keyring This adds a new argument (-k) to cmd_unlock for specifying the keyring to add to. The default is user, but user_session and session can also be specified. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> 2022-05-19 22:59:37 +03:00			`while ((opt = getopt(argc, argv, "ck:h")) != -1)`
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`switch (opt) {`
			`case 'c':`
			`check = true;`
			`break;`
cmd_unlock: Add -k argument to specify keyring This adds a new argument (-k) to cmd_unlock for specifying the keyring to add to. The default is user, but user_session and session can also be specified. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> 2022-05-19 22:59:37 +03:00			`case 'k':`
			`keyring = strdup(optarg);`
			`break;`
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`case 'h':`
			`unlock_usage();`
			`exit(EXIT_SUCCESS);`
			`}`
			`args_shift(optind);`

			`char *dev = arg_pop();`
			`if (!dev)`
			`die("Please supply a device");`

			`if (argc)`
			`die("Too many arguments");`

Update bcachefs sources to 02ae70070a bcachefs: Allocate new btree roots lazily 2018-01-11 14:41:59 +03:00			`struct bch_opts opts = bch2_opts_empty();`
New on disk format - encryption 2016-10-04 06:22:17 +03:00
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`opt_set(opts, noexcl, true);`
			`opt_set(opts, nochanges, true);`
New on disk format - encryption 2016-10-04 06:22:17 +03:00
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`struct bch_sb_handle sb;`
			`int ret = bch2_read_super(dev, &opts, &sb);`
Update bcachefs sources to 02ae70070a bcachefs: Allocate new btree roots lazily 2018-01-11 14:41:59 +03:00			`if (ret)`
Use bch2_err_str() instead of strerror() This correctly prints out our private error codes. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2022-12-20 00:05:54 +03:00			`die("Error opening %s: %s", dev, bch2_err_str(ret));`
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00
			`if (!bch2_sb_is_encrypted(sb.sb))`
			`die("%s is not encrypted", dev);`
New on disk format - encryption 2016-10-04 06:22:17 +03:00
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`if (check)`
			`exit(EXIT_SUCCESS);`

			`char *passphrase = read_passphrase("Enter passphrase: ");`
New on disk format - encryption 2016-10-04 06:22:17 +03:00
cmd_unlock: Add -k argument to specify keyring This adds a new argument (-k) to cmd_unlock for specifying the keyring to add to. The default is user, but user_session and session can also be specified. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> 2022-05-19 22:59:37 +03:00			`bch2_add_key(sb.sb, "user", keyring, passphrase);`
New on disk format - encryption 2016-10-04 06:22:17 +03:00
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00			`bch2_free_super(&sb);`
New on disk format - encryption 2016-10-04 06:22:17 +03:00			`memzero_explicit(passphrase, strlen(passphrase));`
			`free(passphrase);`
			`return 0;`
			`}`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00
			`int cmd_set_passphrase(int argc, char *argv[])`
			`{`
			`struct bch_opts opts = bch2_opts_empty();`
Update bcachefs sources to 02ae70070a bcachefs: Allocate new btree roots lazily 2018-01-11 14:41:59 +03:00			`struct bch_fs *c;`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00
			`if (argc < 2)`
			`die("Please supply one or more devices");`

			`opt_set(opts, nostart, true);`
add -c to cmd_unlock, to check if a device needs to be unlocked 2018-02-11 20:35:15 +03:00
			`/*`
			`* we use bch2_fs_open() here, instead of just reading the superblock,`
			`* to make sure we're opening and updating every component device:`
			`*/`

Update bcachefs sources to 02ae70070a bcachefs: Allocate new btree roots lazily 2018-01-11 14:41:59 +03:00			`c = bch2_fs_open(argv + 1, argc - 1, opts);`
			`if (IS_ERR(c))`
Use bch2_err_str() instead of strerror() This correctly prints out our private error codes. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2022-12-20 00:05:54 +03:00			`die("Error opening %s: %s", argv[1], bch2_err_str(PTR_ERR(c)));`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00
Update bcachefs sources to a180af9dd349 bcachefs: Refactor memcpy into direct assignment Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-10-19 04:57:11 +03:00			`struct bch_sb_field_crypt *crypt = bch2_sb_field_get(c->disk_sb.sb, crypt);`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00			`if (!crypt)`
			`die("Filesystem does not have encryption enabled");`

			`struct bch_encrypted_key new_key;`
			`new_key.magic = BCH_KEY_MAGIC;`

			`int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key);`
			`if (ret)`
			`die("Error getting current key");`

			`char *new_passphrase = read_passphrase_twice("Enter new passphrase: ");`
			`struct bch_key passphrase_key = derive_passphrase(crypt, new_passphrase);`

Update bcachefs sources to edf5f38218 bcachefs: Refactor superblock code 2018-04-11 02:19:09 +03:00			`if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(c->disk_sb.sb),`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00			`&new_key, sizeof(new_key)))`
			`die("error encrypting key");`
			`crypt->key = new_key;`

cmd_set_passphrase: revoke the invalidated key After setting a new passphrase, the previous key is left untouched. This revokes the old key, preventing future actions from using it in error. Signed-off-by: Colin Gillespie <colin@cgillespie.xyz> 2023-09-08 10:27:51 +03:00			`bch2_revoke_key(c->disk_sb.sb);`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00			`bch2_write_super(c);`
			`bch2_fs_stop(c);`
			`return 0;`
			`}`

			`int cmd_remove_passphrase(int argc, char *argv[])`
			`{`
			`struct bch_opts opts = bch2_opts_empty();`
Update bcachefs sources to 02ae70070a bcachefs: Allocate new btree roots lazily 2018-01-11 14:41:59 +03:00			`struct bch_fs *c;`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00
			`if (argc < 2)`
			`die("Please supply one or more devices");`

			`opt_set(opts, nostart, true);`
Update bcachefs sources to 02ae70070a bcachefs: Allocate new btree roots lazily 2018-01-11 14:41:59 +03:00			`c = bch2_fs_open(argv + 1, argc - 1, opts);`
			`if (IS_ERR(c))`
Use bch2_err_str() instead of strerror() This correctly prints out our private error codes. Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2022-12-20 00:05:54 +03:00			`die("Error opening %s: %s", argv[1], bch2_err_str(PTR_ERR(c)));`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00
Update bcachefs sources to a180af9dd349 bcachefs: Refactor memcpy into direct assignment Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev> 2023-10-19 04:57:11 +03:00			`struct bch_sb_field_crypt *crypt = bch2_sb_field_get(c->disk_sb.sb, crypt);`
Add commands for changing and removing passphrase 2017-11-09 04:03:59 +03:00			`if (!crypt)`
			`die("Filesystem does not have encryption enabled");`

			`struct bch_encrypted_key new_key;`
			`new_key.magic = BCH_KEY_MAGIC;`

			`int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key);`
			`if (ret)`
			`die("Error getting current key");`

			`crypt->key = new_key;`

			`bch2_write_super(c);`
			`bch2_fs_stop(c);`
			`return 0;`
			`}`