cmd_set_passphrase: revoke the invalidated key

After setting a new passphrase, the previous key is left untouched. This
revokes the old key, preventing future actions from using it in error.

Signed-off-by: Colin Gillespie <colin@cgillespie.xyz>

3 files changed, 20 insertions, 0 deletions

diff --git a/cmd_key.c b/cmd_key.c
index e8c3eeaf..d3e5d7bd 100644
--- a/cmd_key.c
+++ b/cmd_key.c
@@ -111,6 +111,7 @@ int cmd_set_passphrase(int argc, char *argv[])
 		die("error encrypting key");
 	crypt->key = new_key;
 
+	bch2_revoke_key(c->disk_sb.sb);
 	bch2_write_super(c);
 	bch2_fs_stop(c);
 	return 0;
diff --git a/libbcachefs/checksum.c b/libbcachefs/checksum.c
index 36939020..4c87c596 100644
--- a/libbcachefs/checksum.c
+++ b/libbcachefs/checksum.c
@@ -558,6 +558,24 @@ int bch2_request_key(struct bch_sb *sb, struct bch_key *key)
 	return ret;
 }
 
+int bch2_revoke_key(struct bch_sb *sb)
+{
+	key_serial_t key_id;
+	struct printbuf key_description = PRINTBUF;
+
+	prt_printf(&key_description, "bcachefs:");
+	pr_uuid(&key_description, sb->user_uuid.b);
+
+	key_id = request_key("user", key_description.buf, NULL, KEY_SPEC_USER_KEYRING);
+	printbuf_exit(&key_description);
+	if (key_id < 0)
+		return errno;
+
+	keyctl_revoke(key_id);
+
+	return 0;
+}
+
 int bch2_decrypt_sb_key(struct bch_fs *c,
 			struct bch_sb_field_crypt *crypt,
 			struct bch_key *key)
diff --git a/libbcachefs/checksum.h b/libbcachefs/checksum.h
index c7b1a8fc..9a4898db 100644
--- a/libbcachefs/checksum.h
+++ b/libbcachefs/checksum.h
@@ -48,6 +48,7 @@ struct bch_csum bch2_checksum(struct bch_fs *, unsigned, struct nonce,
 
 int bch2_chacha_encrypt_key(struct bch_key *, struct nonce, void *, size_t);
 int bch2_request_key(struct bch_sb *, struct bch_key *);
+int bch2_revoke_key(struct bch_sb *);
 
 int bch2_encrypt(struct bch_fs *, unsigned, struct nonce,
 		 void *data, size_t);