diff options
author | Colin Gillespie <colin@cgillespie.xyz> | 2023-09-08 17:27:51 +1000 |
---|---|---|
committer | Kent Overstreet <kent.overstreet@linux.dev> | 2023-09-08 04:05:36 -0400 |
commit | 8d5e53b88aaafe7c01fc369e52dbd1fc8955a77d (patch) | |
tree | c5eee2c2f3fe8d66adc484172d761b803689e3c1 /libbcachefs | |
parent | 28e6dea65319f425c922f59c8352c9a1969f92d4 (diff) |
cmd_set_passphrase: revoke the invalidated key
After setting a new passphrase, the previous key is left untouched. This
revokes the old key, preventing future actions from using it in error.
Signed-off-by: Colin Gillespie <colin@cgillespie.xyz>
Diffstat (limited to 'libbcachefs')
-rw-r--r-- | libbcachefs/checksum.c | 18 | ||||
-rw-r--r-- | libbcachefs/checksum.h | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/libbcachefs/checksum.c b/libbcachefs/checksum.c index 36939020..4c87c596 100644 --- a/libbcachefs/checksum.c +++ b/libbcachefs/checksum.c @@ -558,6 +558,24 @@ int bch2_request_key(struct bch_sb *sb, struct bch_key *key) return ret; } +int bch2_revoke_key(struct bch_sb *sb) +{ + key_serial_t key_id; + struct printbuf key_description = PRINTBUF; + + prt_printf(&key_description, "bcachefs:"); + pr_uuid(&key_description, sb->user_uuid.b); + + key_id = request_key("user", key_description.buf, NULL, KEY_SPEC_USER_KEYRING); + printbuf_exit(&key_description); + if (key_id < 0) + return errno; + + keyctl_revoke(key_id); + + return 0; +} + int bch2_decrypt_sb_key(struct bch_fs *c, struct bch_sb_field_crypt *crypt, struct bch_key *key) diff --git a/libbcachefs/checksum.h b/libbcachefs/checksum.h index c7b1a8fc..9a4898db 100644 --- a/libbcachefs/checksum.h +++ b/libbcachefs/checksum.h @@ -48,6 +48,7 @@ struct bch_csum bch2_checksum(struct bch_fs *, unsigned, struct nonce, int bch2_chacha_encrypt_key(struct bch_key *, struct nonce, void *, size_t); int bch2_request_key(struct bch_sb *, struct bch_key *); +int bch2_revoke_key(struct bch_sb *); int bch2_encrypt(struct bch_fs *, unsigned, struct nonce, void *data, size_t); |