On 27/05/2020 15:25, David Sterba wrote: > On Thu, May 14, 2020 at 11:24:14AM +0200, Johannes Thumshirn wrote: >> From: Johannes Thumshirn <johannes.thumshirn@xxxxxxx> >> Example usage: >> Create a file-system with authentication key 0123456 >> mkfs.btrfs --csum "hmac(sha256)" --auth-key 0123456 /dev/disk >> >> Add the key to the kernel's keyring as keyid 'btrfs:foo' >> keyctl add logon btrfs:foo 0123456 @u >> >> Mount the fs using the 'btrfs:foo' key >> mount -o auth_key=btrfs:foo,auth_hash_name="hmac(sha256)" /dev/disk /mnt/point > > I tried to follow the example but the filesystem does not mount. But > what almost shocked me was the way the key is specified on the userspace > side. > > $ mkfs.btrfs --csum "hmac(sha256)" --auth-key 0123456 /dev/disk > > "0123456" are the raw bytes of the key? Seriously? > > And how it's passed to the hmac code: > > gcry_mac_hd_t mac; > gcry_mac_open(&mac, GCRY_MAC_HMAC_SHA256, 0, NULL); > gcry_mac_setkey(mac, fs_info->auth_key, strlen(fs_info->auth_key)); > gcry_mac_write(mac, buf, length); > gcry_mac_read(mac, out, &length); > > Strlen means the key must avoid char 0 and I don't think we want do any > decoding from ascii-hex format, when there's the whole keyctl > infrastructure. > > The key for all userspace commands needs to be specified the same way as > for kernel, ie. "--auth-key btrfs:foo" and use the appropriate ioctls to > read the key bytes. > Hohum? Here's what I just did: rapido1:/# keyctl add logon btrfs:foo 0123456 @u 1020349071 rapido1:/# mkfs.btrfs --csum "hmac(sha256)" --auth-key 0123456 /dev/zram1 btrfs-progs v5.6 See http://btrfs.wiki.kernel.org for more information. Detected a SSD, turning off metadata duplication. Mkfs with -m dup if you want to force metadata duplication. Label: (null) UUID: 56ae43ac-f333-4ed4-933a-356aed534115 [ 31.005743] BTRFS: device fsid 56ae43ac-f333-4ed4-933a-356aed534115 devid 1 transid 5 /dev/zram1 scanned by mkfs.btrfs (241) Sector size: 4096 Filesystem size: 3.00GiB Block group profiles: Data: single 8.00MiB Metadata: single 8.00MiB System: single 4.00MiB SSD detected: yes Incompat features: extref, skinny-metadata Checksum: hmac-sha256 Number of devices: 1 Devices: ID SIZE PATH 1 3.00GiB /dev/zram1 rapido1:/# mount -o auth_key=btrfs:foo,auth_hash_name="hmac(sha256)" /dev/zram1 /mnt/ [ 65.959465] BTRFS info (device (efault)): doing authentication [ 65.963204] BTRFS info (device zram1): disk space caching is enabled [ 65.964137] BTRFS info (device zram1): has skinny extents [ 65.964912] BTRFS info (device zram1): flagging fs with big metadata feature [ 65.968302] BTRFS info (device zram1): enabling ssd optimizations [ 65.969551] BTRFS info (device zram1): checking UUID tree rapido1:/#
