X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;ds=sidebyside;f=crypto.c;h=4e4d15a90fe90d7fdbf051cd122c85353c162f69;hb=9690f783569ebeb166dfc1745c0ba0f48db523d0;hp=7f7fbd5a337ac8d04585f30cfc468720892d6037;hpb=813862a47ca866082ca3002441df6c13b47f1b0d;p=bcachefs-tools-debian

diff --git a/crypto.c b/crypto.c
index 7f7fbd5..4e4d15a 100644
--- a/crypto.c
+++ b/crypto.c
@@ -12,7 +12,7 @@
 
 #include <keyutils.h>
 #include <linux/random.h>
-#include <libscrypt.h>
+#include <sodium/crypto_pwhash_scryptsalsa208sha256.h>
 #include <uuid/uuid.h>
 
 #include "libbcachefs/checksum.h"
@@ -84,12 +84,13 @@ struct bch_key derive_passphrase(struct bch_sb_field_crypt *crypt,
 
 	switch (BCH_CRYPT_KDF_TYPE(crypt)) {
 	case BCH_KDF_SCRYPT:
-		ret = libscrypt_scrypt((void *) passphrase, strlen(passphrase),
-				       salt, sizeof(salt),
-				       1ULL << BCH_KDF_SCRYPT_N(crypt),
-				       1ULL << BCH_KDF_SCRYPT_R(crypt),
-				       1ULL << BCH_KDF_SCRYPT_P(crypt),
-				       (void *) &key, sizeof(key));
+		ret = crypto_pwhash_scryptsalsa208sha256_ll(
+			(void *) passphrase, strlen(passphrase),
+			salt, sizeof(salt),
+			1ULL << BCH_KDF_SCRYPT_N(crypt),
+			1ULL << BCH_KDF_SCRYPT_R(crypt),
+			1ULL << BCH_KDF_SCRYPT_P(crypt),
+			(void *) &key, sizeof(key));
 		if (ret)
 			die("scrypt error: %i", ret);
 		break;
@@ -132,10 +133,23 @@ void bch2_passphrase_check(struct bch_sb *sb, const char *passphrase,
 		die("incorrect passphrase");
 }
 
-void bch2_add_key(struct bch_sb *sb, const char *passphrase)
+void bch2_add_key(struct bch_sb *sb,
+		  const char *type,
+		  const char *keyring_str,
+		  const char *passphrase)
 {
 	struct bch_key passphrase_key;
 	struct bch_encrypted_key sb_key;
+	int keyring;
+
+	if (!strcmp(keyring_str, "session"))
+		keyring = KEY_SPEC_SESSION_KEYRING;
+	else if (!strcmp(keyring_str, "user"))
+		keyring = KEY_SPEC_USER_KEYRING;
+	else if (!strcmp(keyring_str, "user_session"))
+		keyring = KEY_SPEC_USER_SESSION_KEYRING;
+	else
+		die("unknown keyring %s", keyring_str);
 
 	bch2_passphrase_check(sb, passphrase,
 			      &passphrase_key,
@@ -146,12 +160,10 @@ void bch2_add_key(struct bch_sb *sb, const char *passphrase)
 
 	char *description = mprintf("bcachefs:%s", uuid);
 
-	if (add_key("logon", description,
-		    &passphrase_key, sizeof(passphrase_key),
-		    KEY_SPEC_USER_KEYRING) < 0 ||
-	    add_key("user", description,
+	if (add_key(type,
+		    description,
 		    &passphrase_key, sizeof(passphrase_key),
-		    KEY_SPEC_USER_KEYRING) < 0)
+		    keyring) < 0)
 		die("add_key error: %m");
 
 	memzero_explicit(description, strlen(description));
@@ -170,9 +182,9 @@ void bch_sb_crypt_init(struct bch_sb *sb,
 	if (passphrase) {
 
 		SET_BCH_CRYPT_KDF_TYPE(crypt, BCH_KDF_SCRYPT);
-		SET_BCH_KDF_SCRYPT_N(crypt, ilog2(SCRYPT_N));
-		SET_BCH_KDF_SCRYPT_R(crypt, ilog2(SCRYPT_r));
-		SET_BCH_KDF_SCRYPT_P(crypt, ilog2(SCRYPT_p));
+		SET_BCH_KDF_SCRYPT_N(crypt, ilog2(16384));
+		SET_BCH_KDF_SCRYPT_R(crypt, ilog2(8));
+		SET_BCH_KDF_SCRYPT_P(crypt, ilog2(16));
 
 		struct bch_key passphrase_key = derive_passphrase(crypt, passphrase);