alex/bcachefs-tools
1
0
Fork 0
mirror of https://github.com/koverstreet/bcachefs-tools.git synced 2025-02-23 00:00:02 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

cmd_set_passphrase: revoke the invalidated key

Browse Source 
After setting a new passphrase, the previous key is left untouched. This
revokes the old key, preventing future actions from using it in error.

Signed-off-by: Colin Gillespie <colin@cgillespie.xyz>
This commit is contained in:
Colin Gillespie 2023-09-08 17:27:51 +10:00 committed by Kent Overstreet
parent 28e6dea653
commit 8d5e53b88a
3 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd_key.c
View File

@ -111,6 +111,7 @@ int cmd_set_passphrase(int argc, char *argv[])
die("error encrypting key");
crypt->key = new_key;
bch2_revoke_key(c->disk_sb.sb);
bch2_write_super(c);
bch2_fs_stop(c);
return 0;

18
libbcachefs/checksum.c
View File

@ -558,6 +558,24 @@ int bch2_request_key(struct bch_sb *sb, struct bch_key *key)
return ret;
}
int bch2_revoke_key(struct bch_sb *sb)
{
key_serial_t key_id;
struct printbuf key_description = PRINTBUF;
prt_printf(&key_description, "bcachefs:");
pr_uuid(&key_description, sb->user_uuid.b);
key_id = request_key("user", key_description.buf, NULL, KEY_SPEC_USER_KEYRING);
printbuf_exit(&key_description);
if (key_id < 0)
return errno;
keyctl_revoke(key_id);
return 0;
}
int bch2_decrypt_sb_key(struct bch_fs *c,
struct bch_sb_field_crypt *crypt,
struct bch_key *key)

1
libbcachefs/checksum.h
View File

@ -48,6 +48,7 @@ struct bch_csum bch2_checksum(struct bch_fs *, unsigned, struct nonce,
int bch2_chacha_encrypt_key(struct bch_key *, struct nonce, void *, size_t);
int bch2_request_key(struct bch_sb *, struct bch_key *);
int bch2_revoke_key(struct bch_sb *);
int bch2_encrypt(struct bch_fs *, unsigned, struct nonce,
void *data, size_t);