diff options
author | Kent Overstreet <kent.overstreet@gmail.com> | 2016-08-21 22:16:27 -0800 |
---|---|---|
committer | Kent Overstreet <kent.overstreet@gmail.com> | 2016-08-21 22:16:27 -0800 |
commit | 932ece1567dfc4ea7d993c8f62ccc9adfcf736ef (patch) | |
tree | 0d32efd30f81a186f5bdfd5405a331e74c8a4cb9 | |
parent | b0f08fc1e30daafb274181234dae3408fb2eb69b (diff) |
master key nonce
-rw-r--r-- | crypto.c | 8 | ||||
-rw-r--r-- | crypto.h | 3 | ||||
-rw-r--r-- | libbcache.c | 4 |
3 files changed, 11 insertions, 4 deletions
@@ -56,14 +56,18 @@ void derive_passphrase(struct bcache_key *key, const char *passphrase) die("scrypt error: %i", ret); } -void disk_key_encrypt(struct bcache_disk_key *disk_key, +void disk_key_encrypt(struct cache_sb *sb, + struct bcache_disk_key *disk_key, struct bcache_key *key) { + __le32 nonce[2]; int ret; + memcpy(nonce, &sb->set_magic, sizeof(sb->set_magic)); + ret = crypto_stream_chacha20_xor((void *) disk_key, (void *) disk_key, sizeof(*disk_key), - (void *) &bch_master_key_nonce, + (void *) nonce, (void *) key); if (ret) die("chacha20 error: %i", ret); @@ -17,7 +17,8 @@ static const struct nonce bch_master_key_nonce = BCACHE_MASTER_KEY_NONCE; char *read_passphrase(const char *); void derive_passphrase(struct bcache_key *, const char *); -void disk_key_encrypt(struct bcache_disk_key *, struct bcache_key *); +void disk_key_encrypt(struct cache_sb *sb, struct bcache_disk_key *, + struct bcache_key *); void disk_key_init(struct bcache_disk_key *); #endif /* _CRYPTO_H */ diff --git a/libbcache.c b/libbcache.c index d57f26a..81d70d1 100644 --- a/libbcache.c +++ b/libbcache.c @@ -126,13 +126,15 @@ void bcache_format(struct dev_opts *devs, size_t nr_devs, SET_CACHE_SET_DATA_REPLICAS_HAVE(sb, data_replicas); SET_CACHE_SET_ERROR_ACTION(sb, on_error_action); + SET_CACHE_SET_STR_HASH_TYPE(sb, BCH_STR_HASH_SIPHASH); + if (passphrase) { struct bcache_key key; struct bcache_disk_key disk_key; derive_passphrase(&key, passphrase); disk_key_init(&disk_key); - disk_key_encrypt(&disk_key, &key); + disk_key_encrypt(sb, &disk_key, &key); memcpy(sb->encryption_key, &disk_key, sizeof(disk_key)); SET_CACHE_SET_ENCRYPTION_TYPE(sb, 1); |