14 #include <linux/random.h>
15 #include <libscrypt.h>
16 #include <uuid/uuid.h>
18 #include "libbcachefs/checksum.h"
21 char *read_passphrase(const char *prompt)
27 if (isatty(STDIN_FILENO)) {
28 struct termios old, new;
30 fprintf(stderr, "%s", prompt);
33 if (tcgetattr(STDIN_FILENO, &old))
34 die("error getting terminal attrs");
38 if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &new))
39 die("error setting terminal attrs");
41 len = getline(&buf, &buflen, stdin);
43 tcsetattr(STDIN_FILENO, TCSAFLUSH, &old);
44 fprintf(stderr, "\n");
46 len = getline(&buf, &buflen, stdin);
50 die("error reading passphrase");
51 if (len && buf[len - 1] == '\n')
57 char *read_passphrase_twice(const char *prompt)
59 char *pass = read_passphrase(prompt);
61 if (!isatty(STDIN_FILENO))
64 char *pass2 = read_passphrase("Enter same passphrase again: ");
66 if (strcmp(pass, pass2)) {
67 memzero_explicit(pass, strlen(pass));
68 memzero_explicit(pass2, strlen(pass2));
69 die("Passphrases do not match");
72 memzero_explicit(pass2, strlen(pass2));
78 struct bch_key derive_passphrase(struct bch_sb_field_crypt *crypt,
79 const char *passphrase)
81 const unsigned char salt[] = "bcache";
85 switch (BCH_CRYPT_KDF_TYPE(crypt)) {
87 ret = libscrypt_scrypt((void *) passphrase, strlen(passphrase),
89 1ULL << BCH_KDF_SCRYPT_N(crypt),
90 1ULL << BCH_KDF_SCRYPT_R(crypt),
91 1ULL << BCH_KDF_SCRYPT_P(crypt),
92 (void *) &key, sizeof(key));
94 die("scrypt error: %i", ret);
97 die("unknown kdf type %llu", BCH_CRYPT_KDF_TYPE(crypt));
103 bool bch2_sb_is_encrypted(struct bch_sb *sb)
105 struct bch_sb_field_crypt *crypt;
107 return (crypt = bch2_sb_get_crypt(sb)) &&
108 bch2_key_is_encrypted(&crypt->key);
111 void bch2_passphrase_check(struct bch_sb *sb, const char *passphrase,
112 struct bch_key *passphrase_key,
113 struct bch_encrypted_key *sb_key)
115 struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(sb);
117 die("filesystem is not encrypted");
119 *sb_key = crypt->key;
121 if (!bch2_key_is_encrypted(sb_key))
122 die("filesystem does not have encryption key");
124 *passphrase_key = derive_passphrase(crypt, passphrase);
126 /* Check if the user supplied the correct passphrase: */
127 if (bch2_chacha_encrypt_key(passphrase_key, __bch2_sb_key_nonce(sb),
128 sb_key, sizeof(*sb_key)))
129 die("error encrypting key");
131 if (bch2_key_is_encrypted(sb_key))
132 die("incorrect passphrase");
135 void bch2_add_key(struct bch_sb *sb, const char *passphrase)
137 struct bch_key passphrase_key;
138 struct bch_encrypted_key sb_key;
140 bch2_passphrase_check(sb, passphrase,
145 uuid_unparse_lower(sb->user_uuid.b, uuid);
147 char *description = mprintf("bcachefs:%s", uuid);
149 if (add_key("logon", description,
150 &passphrase_key, sizeof(passphrase_key),
151 KEY_SPEC_USER_KEYRING) < 0 ||
152 add_key("user", description,
153 &passphrase_key, sizeof(passphrase_key),
154 KEY_SPEC_USER_KEYRING) < 0)
155 die("add_key error: %m");
157 memzero_explicit(description, strlen(description));
159 memzero_explicit(&passphrase_key, sizeof(passphrase_key));
160 memzero_explicit(&sb_key, sizeof(sb_key));
163 void bch_sb_crypt_init(struct bch_sb *sb,
164 struct bch_sb_field_crypt *crypt,
165 const char *passphrase)
167 crypt->key.magic = BCH_KEY_MAGIC;
168 get_random_bytes(&crypt->key.key, sizeof(crypt->key.key));
172 SET_BCH_CRYPT_KDF_TYPE(crypt, BCH_KDF_SCRYPT);
173 SET_BCH_KDF_SCRYPT_N(crypt, ilog2(SCRYPT_N));
174 SET_BCH_KDF_SCRYPT_R(crypt, ilog2(SCRYPT_r));
175 SET_BCH_KDF_SCRYPT_P(crypt, ilog2(SCRYPT_p));
177 struct bch_key passphrase_key = derive_passphrase(crypt, passphrase);
179 assert(!bch2_key_is_encrypted(&crypt->key));
181 if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(sb),
182 &crypt->key, sizeof(crypt->key)))
183 die("error encrypting key");
185 assert(bch2_key_is_encrypted(&crypt->key));
187 memzero_explicit(&passphrase_key, sizeof(passphrase_key));