#include <errno.h>
#include <unistd.h>
-#include <keyutils.h>
#include <uuid/uuid.h>
#include "cmds.h"
-#include "checksum.h"
+#include "libbcachefs/checksum.h"
#include "crypto.h"
-#include "libbcache.h"
+#include "libbcachefs.h"
int cmd_unlock(int argc, char *argv[])
{
- struct bch_encrypted_key sb_key;
- struct bch_key passphrase_key;
- struct bch_sb *sb;
- struct bch_sb_field_crypt *crypt;
+ struct bch_opts opts = bch2_opts_empty();
+ struct bch_sb_handle sb;
char *passphrase;
- char uuid[40];
- char description[60];
if (argc != 2)
- die("please supply a single device");
+ die("Please supply a single device");
- sb = bcache_super_read(argv[1]);
+ int ret = bch2_read_super(argv[1], &opts, &sb);
+ if (ret)
+ die("Error opening %s: %s", argv[1], strerror(-ret));
- crypt = bch_sb_get_crypt(sb);
+ passphrase = read_passphrase("Enter passphrase: ");
+
+ bch2_add_key(sb.sb, passphrase);
+
+ memzero_explicit(passphrase, strlen(passphrase));
+ free(passphrase);
+ return 0;
+}
+
+int cmd_set_passphrase(int argc, char *argv[])
+{
+ struct bch_opts opts = bch2_opts_empty();
+ struct bch_fs *c;
+
+ if (argc < 2)
+ die("Please supply one or more devices");
+
+ opt_set(opts, nostart, true);
+ c = bch2_fs_open(argv + 1, argc - 1, opts);
+ if (IS_ERR(c))
+ die("Error opening %s: %s", argv[1], strerror(-PTR_ERR(c)));
+
+ struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(c->disk_sb);
if (!crypt)
- die("filesystem is not encrypted");
+ die("Filesystem does not have encryption enabled");
- sb_key = crypt->key;
+ struct bch_encrypted_key new_key;
+ new_key.magic = BCH_KEY_MAGIC;
- if (!bch_key_is_encrypted(&sb_key))
- die("filesystem does not have encryption key");
+ int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key);
+ if (ret)
+ die("Error getting current key");
- passphrase = read_passphrase("Enter passphrase: ");
- derive_passphrase(crypt, &passphrase_key, passphrase);
+ char *new_passphrase = read_passphrase_twice("Enter new passphrase: ");
+ struct bch_key passphrase_key = derive_passphrase(crypt, new_passphrase);
- /* Check if the user supplied the correct passphrase: */
- if (bch_chacha_encrypt_key(&passphrase_key, __bch_sb_key_nonce(sb),
- &sb_key, sizeof(sb_key)))
+ if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(c->disk_sb),
+ &new_key, sizeof(new_key)))
die("error encrypting key");
+ crypt->key = new_key;
- if (bch_key_is_encrypted(&sb_key))
- die("incorrect passphrase");
+ bch2_write_super(c);
+ bch2_fs_stop(c);
+ return 0;
+}
- uuid_unparse_lower(sb->user_uuid.b, uuid);
- sprintf(description, "bcache:%s", uuid);
+int cmd_remove_passphrase(int argc, char *argv[])
+{
+ struct bch_opts opts = bch2_opts_empty();
+ struct bch_fs *c;
- if (add_key("logon", description,
- &passphrase_key, sizeof(passphrase_key),
- KEY_SPEC_USER_KEYRING) < 0 ||
- add_key("user", description,
- &passphrase_key, sizeof(passphrase_key),
- KEY_SPEC_USER_KEYRING) < 0)
- die("add_key error: %s", strerror(errno));
+ if (argc < 2)
+ die("Please supply one or more devices");
- memzero_explicit(&sb_key, sizeof(sb_key));
- memzero_explicit(&passphrase_key, sizeof(passphrase_key));
- memzero_explicit(passphrase, strlen(passphrase));
- free(passphrase);
+ opt_set(opts, nostart, true);
+ c = bch2_fs_open(argv + 1, argc - 1, opts);
+ if (IS_ERR(c))
+ die("Error opening %s: %s", argv[1], strerror(-PTR_ERR(c)));
+
+ struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(c->disk_sb);
+ if (!crypt)
+ die("Filesystem does not have encryption enabled");
+
+ struct bch_encrypted_key new_key;
+ new_key.magic = BCH_KEY_MAGIC;
+
+ int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key);
+ if (ret)
+ die("Error getting current key");
+
+ crypt->key = new_key;
+
+ bch2_write_super(c);
+ bch2_fs_stop(c);
return 0;
}
projects / bcachefs-tools-debian / blobdiff