Commit 9ae286f69df95235fa2534fbb08e0f8c399ac6a5 - libblockdev

crypto: Let cryptsetup autodect encryption sector size when not specified Thanks to this 4k sector size will be used on 4k drives. Vojtech Trefny 2 years ago

3 changed file(s) with 90 addition(s) and 13 deletion(s). Raw diff Collapse all Expand all

-0

configure.ac less more

210	210	[AC_DEFINE([LIBCRYPTSETUP_2])], [])
211	211	AS_IF([$PKG_CONFIG --atleast-version=2.3.0 libcryptsetup],
212	212	[AC_DEFINE([LIBCRYPTSETUP_BITLK])], [])
	213	AS_IF([$PKG_CONFIG --atleast-version=2.4.0 libcryptsetup],
	214	[AC_DEFINE([LIBCRYPTSETUP_24])], [])
213	215	AS_IF([test "x$with_escrow" != "xno"],
214	216	[LIBBLOCKDEV_PKG_CHECK_MODULES([NSS], [nss >= 3.18.0])
215	217	LIBBLOCKDEV_CHECK_HEADER([volume_key/libvolume_key.h], [$GLIB_CFLAGS $NSS_CFLAGS], [libvolume_key.h not available])],

-0

src/plugins/crypto.h less more

37	37
38	38	#define DEFAULT_LUKS_KEYSIZE_BITS 256
39	39	#define DEFAULT_LUKS_CIPHER "aes-xts-plain64"
	40
	41	#ifdef LIBCRYPTSETUP_24
	42	/* 0 for autodetect since 2.4.0 */
	43	#define DEFAULT_LUKS2_SECTOR_SIZE 0
	44	#else
40	45	#define DEFAULT_LUKS2_SECTOR_SIZE 512
	46	#endif
41	47
42	48	typedef enum {
43	49	BD_CRYPTO_TECH_LUKS = 0,

+82

-13

tests/crypto_test.py less more

15	15	PASSWD2 = "myshinylittlepassword2"
16	16	PASSWD3 = "myshinylittlepassword3"
17	17
18		def have_luks2():
	18
	19	def check_cryptsetup_version(version):
19	20	try:
20		succ = BlockDev.utils_check_util_version("cryptsetup", "2.0.3", "--version", r"cryptsetup ([0-9+\.]+)")
	21	succ = BlockDev.utils_check_util_version("cryptsetup", version, "--version", r"cryptsetup ([0-9+\.]+)")
21	22	except GLib.GError:
22	23	return False
23	24	else:
24	25	return succ
25	26
26	27
27		def have_bitlk():
28		try:
29		succ = BlockDev.utils_check_util_version("cryptsetup", "2.3.0", "--version", r"cryptsetup ([0-9+\.]+)")
30		except GLib.GError:
31		return False
32		else:
33		return succ
34
35
36		HAVE_LUKS2 = have_luks2()
37		HAVE_BITLK = have_bitlk()
	28	HAVE_LUKS2 = check_cryptsetup_version("2.0.3")
	29	HAVE_BITLK = check_cryptsetup_version("2.3.0")
38	30
39	31
40	32	class CryptoTestCase(unittest.TestCase):

963	955	succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
964	956	self.assertTrue(succ)
965	957
	958
	959	class CryptoTestLuksSectorSize(CryptoTestCase):
	960	def setUp(self):
	961	if not check_cryptsetup_version("2.4.0"):
	962	self.skipTest("cryptsetup encryption sector size not available, skipping.")
	963
	964	# we need a loop devices for this test case
	965	self.addCleanup(self._clean_up)
	966	self.dev_file = create_sparse_tempfile("crypto_test", 1024**3)
	967	self.dev_file2 = create_sparse_tempfile("crypto_test", 1024**3)
	968
	969	succ, loop = BlockDev.loop_setup(self.dev_file)
	970	if not succ:
	971	raise RuntimeError("Failed to setup loop device for testing")
	972	self.loop_dev = "/dev/%s" % loop
	973
	974	succ, loop = BlockDev.loop_setup(self.dev_file)
	975	if not succ:
	976	raise RuntimeError("Failed to setup loop device for testing")
	977	self.loop_dev2 = "/dev/%s" % loop
	978
	979	# set sector size of the loop device to 4k
	980	ret, _out, _err = run_command("losetup --sector-size 4096 %s" % self.loop_dev)
	981	self.assertEqual(ret, 0)
	982
	983	def _clean_up(self):
	984	try:
	985	BlockDev.crypto_luks_close("libblockdevTestLUKS")
	986	except:
	987	pass
	988
	989	BlockDev.loop_teardown(self.loop_dev)
	990	os.unlink(self.dev_file)
	991
	992	BlockDev.loop_teardown(self.loop_dev2)
	993	os.unlink(self.dev_file2)
	994
	995	@tag_test(TestTags.SLOW)
	996	@unittest.skipUnless(HAVE_LUKS2, "LUKS 2 not supported")
	997	def test_luks2_sector_size_autodetect(self):
	998	"""Verify that we can autodetect 4k drives and set 4k sector size for them"""
	999
	1000	# format the 4k loop device, encryption sector size should default to 4096
	1001	succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 256, PASSWD, None, 0,
	1002	BlockDev.CryptoLUKSVersion.LUKS2)
	1003	self.assertTrue(succ)
	1004
	1005	succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False)
	1006	self.assertTrue(succ)
	1007
	1008	info = BlockDev.crypto_luks_info("libblockdevTestLUKS")
	1009	self.assertIsNotNone(info)
	1010
	1011	self.assertEqual(info.version, BlockDev.CryptoLUKSVersion.LUKS2)
	1012	self.assertEqual(info.sector_size, 4096)
	1013
	1014	succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
	1015	self.assertTrue(succ)
	1016
	1017	# with the 512 loop device, we should still get 512
	1018	succ = BlockDev.crypto_luks_format(self.loop_dev2, "aes-cbc-essiv:sha256", 256, PASSWD, None, 0,
	1019	BlockDev.CryptoLUKSVersion.LUKS2)
	1020	self.assertTrue(succ)
	1021
	1022	succ = BlockDev.crypto_luks_open(self.loop_dev2, "libblockdevTestLUKS", PASSWD, None, False)
	1023	self.assertTrue(succ)
	1024
	1025	info = BlockDev.crypto_luks_info("libblockdevTestLUKS")
	1026	self.assertIsNotNone(info)
	1027
	1028	self.assertEqual(info.version, BlockDev.CryptoLUKSVersion.LUKS2)
	1029	self.assertEqual(info.sector_size, 512)
	1030
	1031	succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
	1032	self.assertTrue(succ)
	1033
	1034
966	1035	class CryptoTestIntegrity(CryptoTestCase):
967	1036	@tag_test(TestTags.SLOW)
968	1037	@unittest.skipUnless(HAVE_LUKS2, "LUKS 2 not supported")