14 #include <linux/random.h>
15 #include <libscrypt.h>
16 #include <uuid/uuid.h>
18 #include "libbcachefs/checksum.h"
21 char *read_passphrase(const char *prompt)
27 if (isatty(STDIN_FILENO)) {
28 struct termios old, new;
30 fprintf(stderr, "%s", prompt);
33 if (tcgetattr(STDIN_FILENO, &old))
34 die("error getting terminal attrs");
38 if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &new))
39 die("error setting terminal attrs");
41 len = getline(&buf, &buflen, stdin);
43 tcsetattr(STDIN_FILENO, TCSAFLUSH, &old);
44 fprintf(stderr, "\n");
46 len = getline(&buf, &buflen, stdin);
50 die("error reading passphrase");
51 if (len && buf[len - 1] == '\n')
57 char *read_passphrase_twice(const char *prompt)
59 char *pass = read_passphrase(prompt);
61 if (!isatty(STDIN_FILENO))
64 char *pass2 = read_passphrase("Enter same passphrase again: ");
66 if (strcmp(pass, pass2)) {
67 memzero_explicit(pass, strlen(pass));
68 memzero_explicit(pass2, strlen(pass2));
69 die("Passphrases do not match");
72 memzero_explicit(pass2, strlen(pass2));
78 struct bch_key derive_passphrase(struct bch_sb_field_crypt *crypt,
79 const char *passphrase)
81 const unsigned char salt[] = "bcache";
85 switch (BCH_CRYPT_KDF_TYPE(crypt)) {
87 ret = libscrypt_scrypt((void *) passphrase, strlen(passphrase),
89 1ULL << BCH_KDF_SCRYPT_N(crypt),
90 1ULL << BCH_KDF_SCRYPT_R(crypt),
91 1ULL << BCH_KDF_SCRYPT_P(crypt),
92 (void *) &key, sizeof(key));
94 die("scrypt error: %i", ret);
97 die("unknown kdf type %llu", BCH_CRYPT_KDF_TYPE(crypt));
103 void bch2_passphrase_check(struct bch_sb *sb, const char *passphrase,
104 struct bch_key *passphrase_key,
105 struct bch_encrypted_key *sb_key)
107 struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(sb);
109 die("filesystem is not encrypted");
111 *sb_key = crypt->key;
113 if (!bch2_key_is_encrypted(sb_key))
114 die("filesystem does not have encryption key");
116 *passphrase_key = derive_passphrase(crypt, passphrase);
118 /* Check if the user supplied the correct passphrase: */
119 if (bch2_chacha_encrypt_key(passphrase_key, __bch2_sb_key_nonce(sb),
120 sb_key, sizeof(*sb_key)))
121 die("error encrypting key");
123 if (bch2_key_is_encrypted(sb_key))
124 die("incorrect passphrase");
127 void bch2_add_key(struct bch_sb *sb, const char *passphrase)
129 struct bch_key passphrase_key;
130 struct bch_encrypted_key sb_key;
132 bch2_passphrase_check(sb, passphrase,
137 uuid_unparse_lower(sb->user_uuid.b, uuid);
139 char *description = mprintf("bcachefs:%s", uuid);
141 if (add_key("logon", description,
142 &passphrase_key, sizeof(passphrase_key),
143 KEY_SPEC_USER_KEYRING) < 0 ||
144 add_key("user", description,
145 &passphrase_key, sizeof(passphrase_key),
146 KEY_SPEC_USER_KEYRING) < 0)
147 die("add_key error: %m");
149 memzero_explicit(description, strlen(description));
151 memzero_explicit(&passphrase_key, sizeof(passphrase_key));
152 memzero_explicit(&sb_key, sizeof(sb_key));
155 void bch_sb_crypt_init(struct bch_sb *sb,
156 struct bch_sb_field_crypt *crypt,
157 const char *passphrase)
159 crypt->key.magic = BCH_KEY_MAGIC;
160 get_random_bytes(&crypt->key.key, sizeof(crypt->key.key));
164 SET_BCH_CRYPT_KDF_TYPE(crypt, BCH_KDF_SCRYPT);
165 SET_BCH_KDF_SCRYPT_N(crypt, ilog2(SCRYPT_N));
166 SET_BCH_KDF_SCRYPT_R(crypt, ilog2(SCRYPT_r));
167 SET_BCH_KDF_SCRYPT_P(crypt, ilog2(SCRYPT_p));
169 struct bch_key passphrase_key = derive_passphrase(crypt, passphrase);
171 assert(!bch2_key_is_encrypted(&crypt->key));
173 if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(sb),
174 &crypt->key, sizeof(crypt->key)))
175 die("error encrypting key");
177 assert(bch2_key_is_encrypted(&crypt->key));
179 memzero_explicit(&passphrase_key, sizeof(passphrase_key));