bcachefs-tools/bcache-key.c

#include <errno.h>
#include <unistd.h>
#include <keyutils.h>
#include <uuid/uuid.h>

#include "bcache.h"
#include "libbcache.h"
#include "crypto.h"

int cmd_unlock(int argc, char *argv[])
{
	struct bcache_disk_key disk_key;
	struct bcache_key key;
	struct cache_sb *sb;
	char *passphrase;
	char uuid[40];
	char description[60];

	if (argc != 2)
		die("please supply a single device");

	sb = bcache_super_read(argv[1]);

	if (!CACHE_SET_ENCRYPTION_KEY(sb))
		die("filesystem is not encrypted");

	memcpy(&disk_key, sb->encryption_key, sizeof(disk_key));

	if (!memcmp(&disk_key, bch_key_header, sizeof(bch_key_header)))
		die("filesystem does not have encryption key");

	passphrase = read_passphrase("Enter passphrase: ");

	derive_passphrase(&key, passphrase);
	disk_key_encrypt(sb, &disk_key, &key);

	if (memcmp(&disk_key, bch_key_header, sizeof(bch_key_header)))
		die("incorrect passphrase");

	uuid_unparse_lower(sb->user_uuid.b, uuid);
	sprintf(description, "bcache:%s", uuid);

	if (add_key("logon", description, &key, sizeof(key),
		    KEY_SPEC_USER_KEYRING) < 0)
		die("add_key error: %s", strerror(errno));

	memzero_explicit(&disk_key, sizeof(disk_key));
	memzero_explicit(&key, sizeof(key));
	memzero_explicit(passphrase, strlen(passphrase));
	free(passphrase);
	return 0;
}
Encryption support 2016-08-18 00:23:03 +03:00			`#include <errno.h>`
			`#include <unistd.h>`
			`#include <keyutils.h>`
			`#include <uuid/uuid.h>`

			`#include "bcache.h"`
			`#include "libbcache.h"`
			`#include "crypto.h"`

Rework option handling 2016-08-24 06:50:31 +03:00			`int cmd_unlock(int argc, char *argv[])`
Encryption support 2016-08-18 00:23:03 +03:00			`{`
			`struct bcache_disk_key disk_key;`
			`struct bcache_key key;`
bcache device_show now dumps superblocks 2016-10-04 12:10:24 +03:00			`struct cache_sb *sb;`
Encryption support 2016-08-18 00:23:03 +03:00			`char *passphrase;`
			`char uuid[40];`
			`char description[60];`

finish ripping out libnih 2016-10-06 18:19:55 +03:00			`if (argc != 2)`
Encryption support 2016-08-18 00:23:03 +03:00			`die("please supply a single device");`

finish ripping out libnih 2016-10-06 18:19:55 +03:00			`sb = bcache_super_read(argv[1]);`
Encryption support 2016-08-18 00:23:03 +03:00
bcache device_show now dumps superblocks 2016-10-04 12:10:24 +03:00			`if (!CACHE_SET_ENCRYPTION_KEY(sb))`
Encryption support 2016-08-18 00:23:03 +03:00			`die("filesystem is not encrypted");`

bcache device_show now dumps superblocks 2016-10-04 12:10:24 +03:00			`memcpy(&disk_key, sb->encryption_key, sizeof(disk_key));`
Encryption support 2016-08-18 00:23:03 +03:00
			`if (!memcmp(&disk_key, bch_key_header, sizeof(bch_key_header)))`
			`die("filesystem does not have encryption key");`

			`passphrase = read_passphrase("Enter passphrase: ");`

			`derive_passphrase(&key, passphrase);`
bcache device_show now dumps superblocks 2016-10-04 12:10:24 +03:00			`disk_key_encrypt(sb, &disk_key, &key);`
Encryption support 2016-08-18 00:23:03 +03:00
			`if (memcmp(&disk_key, bch_key_header, sizeof(bch_key_header)))`
			`die("incorrect passphrase");`

bcache device_show now dumps superblocks 2016-10-04 12:10:24 +03:00			`uuid_unparse_lower(sb->user_uuid.b, uuid);`
Encryption support 2016-08-18 00:23:03 +03:00			`sprintf(description, "bcache:%s", uuid);`

			`if (add_key("logon", description, &key, sizeof(key),`
			`KEY_SPEC_USER_KEYRING) < 0)`
			`die("add_key error: %s", strerror(errno));`

			`memzero_explicit(&disk_key, sizeof(disk_key));`
			`memzero_explicit(&key, sizeof(key));`
			`memzero_explicit(passphrase, strlen(passphrase));`
			`free(passphrase);`
			`return 0;`
			`}`