#include <keyutils.h>
#include <linux/random.h>
-#include <libscrypt.h>
+#include <sodium/crypto_pwhash_scryptsalsa208sha256.h>
#include <uuid/uuid.h>
#include "libbcachefs/checksum.h"
switch (BCH_CRYPT_KDF_TYPE(crypt)) {
case BCH_KDF_SCRYPT:
- ret = libscrypt_scrypt((void *) passphrase, strlen(passphrase),
- salt, sizeof(salt),
- 1ULL << BCH_KDF_SCRYPT_N(crypt),
- 1ULL << BCH_KDF_SCRYPT_R(crypt),
- 1ULL << BCH_KDF_SCRYPT_P(crypt),
- (void *) &key, sizeof(key));
+ ret = crypto_pwhash_scryptsalsa208sha256_ll(
+ (void *) passphrase, strlen(passphrase),
+ salt, sizeof(salt),
+ 1ULL << BCH_KDF_SCRYPT_N(crypt),
+ 1ULL << BCH_KDF_SCRYPT_R(crypt),
+ 1ULL << BCH_KDF_SCRYPT_P(crypt),
+ (void *) &key, sizeof(key));
if (ret)
die("scrypt error: %i", ret);
break;
{
struct bch_sb_field_crypt *crypt;
- return (crypt = bch2_sb_get_crypt(sb)) &&
+ return (crypt = bch2_sb_field_get(sb, crypt)) &&
bch2_key_is_encrypted(&crypt->key);
}
struct bch_key *passphrase_key,
struct bch_encrypted_key *sb_key)
{
- struct bch_sb_field_crypt *crypt = bch2_sb_get_crypt(sb);
+ struct bch_sb_field_crypt *crypt = bch2_sb_field_get(sb, crypt);
if (!crypt)
die("filesystem is not encrypted");
die("incorrect passphrase");
}
-void bch2_add_key(struct bch_sb *sb, const char *passphrase)
+void bch2_add_key(struct bch_sb *sb,
+ const char *type,
+ const char *keyring_str,
+ const char *passphrase)
{
struct bch_key passphrase_key;
struct bch_encrypted_key sb_key;
+ int keyring;
+
+ if (!strcmp(keyring_str, "session"))
+ keyring = KEY_SPEC_SESSION_KEYRING;
+ else if (!strcmp(keyring_str, "user"))
+ keyring = KEY_SPEC_USER_KEYRING;
+ else if (!strcmp(keyring_str, "user_session"))
+ keyring = KEY_SPEC_USER_SESSION_KEYRING;
+ else
+ die("unknown keyring %s", keyring_str);
bch2_passphrase_check(sb, passphrase,
&passphrase_key,
char *description = mprintf("bcachefs:%s", uuid);
- if (add_key("logon", description,
- &passphrase_key, sizeof(passphrase_key),
- KEY_SPEC_USER_KEYRING) < 0 ||
- add_key("user", description,
+ if (add_key(type,
+ description,
&passphrase_key, sizeof(passphrase_key),
- KEY_SPEC_USER_KEYRING) < 0)
+ keyring) < 0)
die("add_key error: %m");
memzero_explicit(description, strlen(description));
if (passphrase) {
SET_BCH_CRYPT_KDF_TYPE(crypt, BCH_KDF_SCRYPT);
- SET_BCH_KDF_SCRYPT_N(crypt, ilog2(SCRYPT_N));
- SET_BCH_KDF_SCRYPT_R(crypt, ilog2(SCRYPT_r));
- SET_BCH_KDF_SCRYPT_P(crypt, ilog2(SCRYPT_p));
+ SET_BCH_KDF_SCRYPT_N(crypt, ilog2(16384));
+ SET_BCH_KDF_SCRYPT_R(crypt, ilog2(8));
+ SET_BCH_KDF_SCRYPT_P(crypt, ilog2(16));
struct bch_key passphrase_key = derive_passphrase(crypt, passphrase);
projects / bcachefs-tools-debian / blobdiff