diff options
| author | Mae Kasza <git@badat.dev> | 2024-08-15 22:50:16 -0400 |
|---|---|---|
| committer | Jérôme Poulin <jeromepoulin@gmail.com> | 2024-09-07 21:46:32 -0400 |
| commit | 45468a9a6f866a81f51782e3f91e24732576f5c9 (patch) | |
| tree | f3a5b8a814ce9f672569f8cbb9076d9f9670af81 /c_src/cmd_key.c | |
| parent | cd35891eb95ee8b1d7512eda06d1218eacae3842 (diff) | |
Fix set-passphrase on --no_passphrase FS
This also fixes a bug where the set-passphrase
command failed to derive the key for disks initially
formatted with --encrypted and --no_passphrase, due to
bch_sb_crypt_init not configuring the KDF params if
the passphrase wasn't specified during formatting.
Signed-off-by: Mae Kasza <git@badat.dev>
Tested-by: Jérôme Poulin <jeromepoulin@gmail.com>
Diffstat (limited to 'c_src/cmd_key.c')
| -rw-r--r-- | c_src/cmd_key.c | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/c_src/cmd_key.c b/c_src/cmd_key.c index adb0ac8d..ac8a94a8 100644 --- a/c_src/cmd_key.c +++ b/c_src/cmd_key.c @@ -104,24 +104,19 @@ int cmd_set_passphrase(int argc, char *argv[]) if (IS_ERR(c)) die("Error opening %s: %s", argv[1], bch2_err_str(PTR_ERR(c))); - struct bch_sb_field_crypt *crypt = bch2_sb_field_get(c->disk_sb.sb, crypt); + struct bch_sb *sb = c->disk_sb.sb; + struct bch_sb_field_crypt *crypt = bch2_sb_field_get(sb, crypt); if (!crypt) die("Filesystem does not have encryption enabled"); - struct bch_encrypted_key new_key; - new_key.magic = BCH_KEY_MAGIC; - - int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key); + struct bch_key key; + int ret = bch2_decrypt_sb_key(c, crypt, &key); if (ret) die("Error getting current key"); char *new_passphrase = read_passphrase_twice("Enter new passphrase: "); - struct bch_key passphrase_key = derive_passphrase(crypt, new_passphrase); - if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(c->disk_sb.sb), - &new_key, sizeof(new_key))) - die("error encrypting key"); - crypt->key = new_key; + bch_crypt_update_passphrase(sb, crypt, &key, new_passphrase); bch2_revoke_key(c->disk_sb.sb); bch2_write_super(c); @@ -142,18 +137,17 @@ int cmd_remove_passphrase(int argc, char *argv[]) if (IS_ERR(c)) die("Error opening %s: %s", argv[1], bch2_err_str(PTR_ERR(c))); - struct bch_sb_field_crypt *crypt = bch2_sb_field_get(c->disk_sb.sb, crypt); + struct bch_sb *sb = c->disk_sb.sb; + struct bch_sb_field_crypt *crypt = bch2_sb_field_get(sb, crypt); if (!crypt) die("Filesystem does not have encryption enabled"); - struct bch_encrypted_key new_key; - new_key.magic = BCH_KEY_MAGIC; - - int ret = bch2_decrypt_sb_key(c, crypt, &new_key.key); + struct bch_key key; + int ret = bch2_decrypt_sb_key(c, crypt, &key); if (ret) die("Error getting current key"); - crypt->key = new_key; + bch_crypt_update_passphrase(sb, crypt, &key, NULL); bch2_write_super(c); bch2_fs_stop(c); |