diff options
| author | Mae Kasza <git@badat.dev> | 2024-08-15 22:50:16 -0400 |
|---|---|---|
| committer | Jérôme Poulin <jeromepoulin@gmail.com> | 2024-09-07 21:46:32 -0400 |
| commit | 45468a9a6f866a81f51782e3f91e24732576f5c9 (patch) | |
| tree | f3a5b8a814ce9f672569f8cbb9076d9f9670af81 /c_src/crypto.c | |
| parent | cd35891eb95ee8b1d7512eda06d1218eacae3842 (diff) | |
Fix set-passphrase on --no_passphrase FS
This also fixes a bug where the set-passphrase
command failed to derive the key for disks initially
formatted with --encrypted and --no_passphrase, due to
bch_sb_crypt_init not configuring the KDF params if
the passphrase wasn't specified during formatting.
Signed-off-by: Mae Kasza <git@badat.dev>
Tested-by: Jérôme Poulin <jeromepoulin@gmail.com>
Diffstat (limited to 'c_src/crypto.c')
| -rw-r--r-- | c_src/crypto.c | 43 |
1 files changed, 32 insertions, 11 deletions
diff --git a/c_src/crypto.c b/c_src/crypto.c index 32671bd8..301dbebe 100644 --- a/c_src/crypto.c +++ b/c_src/crypto.c @@ -176,26 +176,47 @@ void bch_sb_crypt_init(struct bch_sb *sb, struct bch_sb_field_crypt *crypt, const char *passphrase) { + struct bch_key key; + get_random_bytes(&key, sizeof(key)); + crypt->key.magic = BCH_KEY_MAGIC; - get_random_bytes(&crypt->key.key, sizeof(crypt->key.key)); + crypt->key.key = key; - if (passphrase) { + bch_crypt_update_passphrase(sb, crypt, &key, passphrase); +} +void bch_crypt_update_passphrase( + struct bch_sb *sb, + struct bch_sb_field_crypt *crypt, + struct bch_key *key, + const char *new_passphrase) +{ + + struct bch_encrypted_key new_key; + new_key.magic = BCH_KEY_MAGIC; + new_key.key = *key; + + if(!new_passphrase) { + crypt->key = new_key; + return; + } + + // If crypt already has an encrypted key reuse it's encryption params + if (!bch2_key_is_encrypted(&crypt->key)) { SET_BCH_CRYPT_KDF_TYPE(crypt, BCH_KDF_SCRYPT); SET_BCH_KDF_SCRYPT_N(crypt, ilog2(16384)); SET_BCH_KDF_SCRYPT_R(crypt, ilog2(8)); SET_BCH_KDF_SCRYPT_P(crypt, ilog2(16)); + } - struct bch_key passphrase_key = derive_passphrase(crypt, passphrase); - - assert(!bch2_key_is_encrypted(&crypt->key)); + struct bch_key passphrase_key = derive_passphrase(crypt, new_passphrase); - if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(sb), - &crypt->key, sizeof(crypt->key))) - die("error encrypting key"); + if (bch2_chacha_encrypt_key(&passphrase_key, __bch2_sb_key_nonce(sb), + &new_key, sizeof(new_key))) + die("error encrypting key"); - assert(bch2_key_is_encrypted(&crypt->key)); + memzero_explicit(&passphrase_key, sizeof(passphrase_key)); - memzero_explicit(&passphrase_key, sizeof(passphrase_key)); - } + crypt->key = new_key; + assert(bch2_key_is_encrypted(&crypt->key)); } |