#include "crypto.h"
#include "libbcachefs.h"
+static void unlock_usage(void)
+{
+ puts("bcachefs unlock - unlock an encrypted filesystem so it can be mounted\n"
+ "Usage: bcachefs unlock [OPTION] device\n"
+ "\n"
+ "Options:\n"
+ " -c Check if a device is encrypted\n"
+ " -h Display this help and exit\n"
+ "Report bugs to <linux-bcache@vger.kernel.org>");
+}
+
int cmd_unlock(int argc, char *argv[])
{
+ bool check = false;
+ int opt;
+
+ while ((opt = getopt(argc, argv, "ch")) != -1)
+ switch (opt) {
+ case 'c':
+ check = true;
+ break;
+ case 'h':
+ unlock_usage();
+ exit(EXIT_SUCCESS);
+ }
+ args_shift(optind);
+
+ char *dev = arg_pop();
+ if (!dev)
+ die("Please supply a device");
+
+ if (argc)
+ die("Too many arguments");
+
+ struct bch_opts opts = bch2_opts_empty();
+
+ opt_set(opts, noexcl, true);
+ opt_set(opts, nochanges, true);
+
struct bch_sb_handle sb;
- const char *err;
- char *passphrase;
+ int ret = bch2_read_super(dev, &opts, &sb);
+ if (ret)
+ die("Error opening %s: %s", dev, strerror(-ret));
- if (argc != 2)
- die("Please supply a single device");
+ if (!bch2_sb_is_encrypted(sb.sb))
+ die("%s is not encrypted", dev);
- err = bch2_read_super(argv[1], bch2_opts_empty(), &sb);
- if (err)
- die("Error opening %s: %s", argv[1], err);
+ if (check)
+ exit(EXIT_SUCCESS);
- passphrase = read_passphrase("Enter passphrase: ");
+ char *passphrase = read_passphrase("Enter passphrase: ");
bch2_add_key(sb.sb, passphrase);
+ bch2_free_super(&sb);
memzero_explicit(passphrase, strlen(passphrase));
free(passphrase);
return 0;
int cmd_set_passphrase(int argc, char *argv[])
{
struct bch_opts opts = bch2_opts_empty();
- struct bch_fs *c = NULL;
- const char *err;
+ struct bch_fs *c;
if (argc < 2)
die("Please supply one or more devices");
opt_set(opts, nostart, true);
- err = bch2_fs_open(argv + 1, argc - 1, opts, &c);
- if (err)
- die("Error opening %s: %s", argv[1], err);
- struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(c->disk_sb);
+ /*
+ * we use bch2_fs_open() here, instead of just reading the superblock,
+ * to make sure we're opening and updating every component device:
+ */
+
+ c = bch2_fs_open(argv + 1, argc - 1, opts);
+ if (IS_ERR(c))
+ die("Error opening %s: %s", argv[1], strerror(-PTR_ERR(c)));
+
+ struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(c->disk_sb.sb);
if (!crypt)
die("Filesystem does not have encryption enabled");
char *new_passphrase = read_passphrase_twice("Enter new passphrase: ");
struct bch_key passphrase_key = derive_passphrase(crypt, new_passphrase);
- if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(c->disk_sb),
+ if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(c->disk_sb.sb),
&new_key, sizeof(new_key)))
die("error encrypting key");
crypt->key = new_key;
int cmd_remove_passphrase(int argc, char *argv[])
{
struct bch_opts opts = bch2_opts_empty();
- struct bch_fs *c = NULL;
- const char *err;
+ struct bch_fs *c;
if (argc < 2)
die("Please supply one or more devices");
opt_set(opts, nostart, true);
- err = bch2_fs_open(argv + 1, argc - 1, opts, &c);
- if (err)
- die("Error opening %s: %s", argv[1], err);
+ c = bch2_fs_open(argv + 1, argc - 1, opts);
+ if (IS_ERR(c))
+ die("Error opening %s: %s", argv[1], strerror(-PTR_ERR(c)));
- struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(c->disk_sb);
+ struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(c->disk_sb.sb);
if (!crypt)
die("Filesystem does not have encryption enabled");