From: Mae Kasza <git@badat.dev>
To: linux-bcachefs@vger.kernel.org
Cc: mae <git@badat.dev>
Subject: [PATCH] cmd_set_passphrase: initialize KDF parameters
Date: Sun, 11 Aug 2024 23:40:38 +0200 [thread overview]
Message-ID: <20240811214152.86593-3-git@badat.dev> (raw)
In-Reply-To: <20240811214152.86593-2-git@badat.dev>
From: mae <git@badat.dev>
The set-passphrase command failed to derive the key for disks initially
formatted with --encrypted and --no_passphrase.
This happened because bch_sb_crypt_init only configures the KDF params
if a passphrase is specified.
This commit makes the command initialize the KDF with the same parameters
as bch_sb_crypt_init if the key wasn't encrypted before.
Signed-off-by: Mae Kasza <git@badat.dev>
---
c_src/cmd_key.c | 9 +++++++--
c_src/crypto.c | 13 ++++++++-----
c_src/crypto.h | 1 +
3 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/c_src/cmd_key.c b/c_src/cmd_key.c
index adb0ac8d..2da83758 100644
--- a/c_src/cmd_key.c
+++ b/c_src/cmd_key.c
@@ -104,7 +104,8 @@ int cmd_set_passphrase(int argc, char *argv[])
if (IS_ERR(c))
die("Error opening %s: %s", argv[1], bch2_err_str(PTR_ERR(c)));
- struct bch_sb_field_crypt *crypt = bch2_sb_field_get(c->disk_sb.sb, crypt);
+ struct bch_sb *sb = c->disk_sb.sb;
+ struct bch_sb_field_crypt *crypt = bch2_sb_field_get(sb, crypt);
if (!crypt)
die("Filesystem does not have encryption enabled");
@@ -116,9 +117,13 @@ int cmd_set_passphrase(int argc, char *argv[])
die("Error getting current key");
char *new_passphrase = read_passphrase_twice("Enter new passphrase: ");
+ if (!bch2_key_is_encrypted(&crypt->key)) {
+ bch_crypt_default_kdf_init(crypt);
+ }
+
struct bch_key passphrase_key = derive_passphrase(crypt, new_passphrase);
- if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(c->disk_sb.sb),
+ if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(sb),
&new_key, sizeof(new_key)))
die("error encrypting key");
crypt->key = new_key;
diff --git a/c_src/crypto.c b/c_src/crypto.c
index 32671bd8..30ad92d4 100644
--- a/c_src/crypto.c
+++ b/c_src/crypto.c
@@ -180,11 +180,7 @@ void bch_sb_crypt_init(struct bch_sb *sb,
get_random_bytes(&crypt->key.key, sizeof(crypt->key.key));
if (passphrase) {
-
- SET_BCH_CRYPT_KDF_TYPE(crypt, BCH_KDF_SCRYPT);
- SET_BCH_KDF_SCRYPT_N(crypt, ilog2(16384));
- SET_BCH_KDF_SCRYPT_R(crypt, ilog2(8));
- SET_BCH_KDF_SCRYPT_P(crypt, ilog2(16));
+ bch_crypt_default_kdf_init(crypt);
struct bch_key passphrase_key = derive_passphrase(crypt, passphrase);
@@ -199,3 +195,10 @@ void bch_sb_crypt_init(struct bch_sb *sb,
memzero_explicit(&passphrase_key, sizeof(passphrase_key));
}
}
+
+void bch_crypt_default_kdf_init(struct bch_sb_field_crypt *crypt) {
+ SET_BCH_CRYPT_KDF_TYPE(crypt, BCH_KDF_SCRYPT);
+ SET_BCH_KDF_SCRYPT_N(crypt, ilog2(16384));
+ SET_BCH_KDF_SCRYPT_R(crypt, ilog2(8));
+ SET_BCH_KDF_SCRYPT_P(crypt, ilog2(16));
+}
diff --git a/c_src/crypto.h b/c_src/crypto.h
index baea6d86..846a8931 100644
--- a/c_src/crypto.h
+++ b/c_src/crypto.h
@@ -18,5 +18,6 @@ void bch2_passphrase_check(struct bch_sb *, const char *,
void bch2_add_key(struct bch_sb *, const char *, const char *, const char *);
void bch_sb_crypt_init(struct bch_sb *sb, struct bch_sb_field_crypt *,
const char *);
+void bch_crypt_default_kdf_init(struct bch_sb_field_crypt *);
#endif /* _CRYPTO_H */
--
2.45.2
next prev parent reply other threads:[~2024-08-11 21:42 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-11 21:40 Mae Kasza
2024-08-11 21:40 ` Mae Kasza [this message]
2024-08-12 1:41 ` [PATCH] cmd_set_passphrase: initialize KDF parameters Kent Overstreet
2024-08-12 2:50 ` Hongbo Li
2024-08-13 13:16 ` Mae Kasza
2024-08-13 17:37 ` [PATCH] Extract bch_crypt_update_passphrase function Mae Kasza
2024-08-14 2:21 ` Hongbo Li
2024-08-14 12:29 ` Mae Kasza
2024-08-14 2:10 ` [PATCH] cmd_set_passphrase: initialize KDF parameters Hongbo Li
2024-08-14 12:25 ` Mae Kasza
2024-09-13 21:39 ` Mae Kasza
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240811214152.86593-3-git@badat.dev \
--to=git@badat.dev \
--cc=linux-bcachefs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.