crypto: Let cryptsetup autodect encryption sector size

2021-07-19 13:23:20 +02:00 · 2021-07-19 13:23:20 +02:00 · 6d2d2ca1e5
commit 6d2d2ca1e5
parent 9c9f2842f2
2 changed files with 169 additions and 1 deletions
--- a/0002-Let-cryptsetup-autodect-encryption-sector-size.patch
+++ b/0002-Let-cryptsetup-autodect-encryption-sector-size.patch
@ -0,0 +1,163 @@
+From 9ae286f69df95235fa2534fbb08e0f8c399ac6a5 Mon Sep 17 00:00:00 2001
+From: Vojtech Trefny <vtrefny@redhat.com>
+Date: Wed, 16 Jun 2021 16:15:38 +0200
+Subject: [PATCH] crypto: Let cryptsetup autodect encryption sector size when
+ not specified
+
+Thanks to this 4k sector size will be used on 4k drives.
+---
+ configure.ac         |  2 +
+ src/plugins/crypto.h |  6 +++
+ tests/crypto_test.py | 93 ++++++++++++++++++++++++++++++++++++++------
+ 3 files changed, 89 insertions(+), 12 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index abe1412f..ad71a46d 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -211,6 +211,8 @@ AS_IF([test "x$with_crypto" != "xno"],
+             [AC_DEFINE([LIBCRYPTSETUP_2])], [])
+       AS_IF([$PKG_CONFIG --atleast-version=2.3.0 libcryptsetup],
+             [AC_DEFINE([LIBCRYPTSETUP_BITLK])], [])
+      AS_IF([$PKG_CONFIG --atleast-version=2.4.0 libcryptsetup],
+            [AC_DEFINE([LIBCRYPTSETUP_24])], [])
+       AS_IF([test "x$with_escrow" != "xno"],
+             [LIBBLOCKDEV_PKG_CHECK_MODULES([NSS], [nss >= 3.18.0])
+              LIBBLOCKDEV_CHECK_HEADER([volume_key/libvolume_key.h], [$GLIB_CFLAGS $NSS_CFLAGS], [libvolume_key.h not available])],
+diff --git a/src/plugins/crypto.h b/src/plugins/crypto.h
+index a38724d9..1c8f47ea 100644
+--- a/src/plugins/crypto.h
+++ b/src/plugins/crypto.h
+@@ -38,7 +38,13 @@ typedef enum {
+ 
+ #define DEFAULT_LUKS_KEYSIZE_BITS 256
+ #define DEFAULT_LUKS_CIPHER "aes-xts-plain64"
+
+#ifdef LIBCRYPTSETUP_24
+/* 0 for autodetect since 2.4.0 */
+#define DEFAULT_LUKS2_SECTOR_SIZE 0
+#else
+ #define DEFAULT_LUKS2_SECTOR_SIZE 512
+#endif
+ 
+ typedef enum {
+     BD_CRYPTO_TECH_LUKS = 0,
+diff --git a/tests/crypto_test.py b/tests/crypto_test.py
+index 0aecc032..66934505 100644
+--- a/tests/crypto_test.py
+++ b/tests/crypto_test.py
+@@ -16,26 +16,18 @@
+ PASSWD2 = "myshinylittlepassword2"
+ PASSWD3 = "myshinylittlepassword3"
+ 
+-def have_luks2():
+-    try:
+-        succ = BlockDev.utils_check_util_version("cryptsetup", "2.0.3", "--version", r"cryptsetup ([0-9+\.]+)")
+-    except GLib.GError:
+-        return False
+-    else:
+-        return succ
+-
+ 
+-def have_bitlk():
+def check_cryptsetup_version(version):
+     try:
+-        succ = BlockDev.utils_check_util_version("cryptsetup", "2.3.0", "--version", r"cryptsetup ([0-9+\.]+)")
+        succ = BlockDev.utils_check_util_version("cryptsetup", version, "--version", r"cryptsetup ([0-9+\.]+)")
+     except GLib.GError:
+         return False
+     else:
+         return succ
+ 
+ 
+-HAVE_LUKS2 = have_luks2()
+-HAVE_BITLK = have_bitlk()
+HAVE_LUKS2 = check_cryptsetup_version("2.0.3")
+HAVE_BITLK = check_cryptsetup_version("2.3.0")
+ 
+ 
+ class CryptoTestCase(unittest.TestCase):
+@@ -964,6 +956,83 @@ def test_luks2_format(self):
+         succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
+         self.assertTrue(succ)
+ 
+
+class CryptoTestLuksSectorSize(CryptoTestCase):
+    def setUp(self):
+        if not check_cryptsetup_version("2.4.0"):
+            self.skipTest("cryptsetup encryption sector size not available, skipping.")
+
+        # we need a loop devices for this test case
+        self.addCleanup(self._clean_up)
+        self.dev_file = create_sparse_tempfile("crypto_test", 1024**3)
+        self.dev_file2 = create_sparse_tempfile("crypto_test", 1024**3)
+
+        succ, loop = BlockDev.loop_setup(self.dev_file)
+        if not succ:
+            raise RuntimeError("Failed to setup loop device for testing")
+        self.loop_dev = "/dev/%s" % loop
+
+        succ, loop = BlockDev.loop_setup(self.dev_file)
+        if not succ:
+            raise RuntimeError("Failed to setup loop device for testing")
+        self.loop_dev2 = "/dev/%s" % loop
+
+        # set sector size of the loop device to 4k
+        ret, _out, _err = run_command("losetup --sector-size 4096 %s" % self.loop_dev)
+        self.assertEqual(ret, 0)
+
+    def _clean_up(self):
+        try:
+            BlockDev.crypto_luks_close("libblockdevTestLUKS")
+        except:
+            pass
+
+        BlockDev.loop_teardown(self.loop_dev)
+        os.unlink(self.dev_file)
+
+        BlockDev.loop_teardown(self.loop_dev2)
+        os.unlink(self.dev_file2)
+
+    @tag_test(TestTags.SLOW)
+    @unittest.skipUnless(HAVE_LUKS2, "LUKS 2 not supported")
+    def test_luks2_sector_size_autodetect(self):
+        """Verify that we can autodetect 4k drives and set 4k sector size for them"""
+
+        # format the 4k loop device, encryption sector size should default to 4096
+        succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 256, PASSWD, None, 0,
+                                           BlockDev.CryptoLUKSVersion.LUKS2)
+        self.assertTrue(succ)
+
+        succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False)
+        self.assertTrue(succ)
+
+        info = BlockDev.crypto_luks_info("libblockdevTestLUKS")
+        self.assertIsNotNone(info)
+
+        self.assertEqual(info.version, BlockDev.CryptoLUKSVersion.LUKS2)
+        self.assertEqual(info.sector_size, 4096)
+
+        succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
+        self.assertTrue(succ)
+
+        # with the 512 loop device, we should still get 512
+        succ = BlockDev.crypto_luks_format(self.loop_dev2, "aes-cbc-essiv:sha256", 256, PASSWD, None, 0,
+                                           BlockDev.CryptoLUKSVersion.LUKS2)
+        self.assertTrue(succ)
+
+        succ = BlockDev.crypto_luks_open(self.loop_dev2, "libblockdevTestLUKS", PASSWD, None, False)
+        self.assertTrue(succ)
+
+        info = BlockDev.crypto_luks_info("libblockdevTestLUKS")
+        self.assertIsNotNone(info)
+
+        self.assertEqual(info.version, BlockDev.CryptoLUKSVersion.LUKS2)
+        self.assertEqual(info.sector_size, 512)
+
+        succ = BlockDev.crypto_luks_close("libblockdevTestLUKS")
+        self.assertTrue(succ)
+
+
+ class CryptoTestIntegrity(CryptoTestCase):
+     @tag_test(TestTags.SLOW)
+     @unittest.skipUnless(HAVE_LUKS2, "LUKS 2 not supported")
--- a/libblockdev.spec
+++ b/libblockdev.spec
@ -125,13 +125,14 @@

 Name:        libblockdev
 Version:     2.25
-Release:     3%{?dist}
+Release:     4%{?dist}
 Summary:     A library for low-level manipulation with block devices
 License:     LGPLv2+
 URL:         https://github.com/storaged-project/libblockdev
 Source0:     https://github.com/storaged-project/libblockdev/releases/download/%{version}-%{release}/%{name}-%{version}.tar.gz
 Patch0:      libblockdev-gcc11.patch
 Patch1:      0001-Fix-comparing-DM-RAID-member-devices-UUID.patch
+Patch2:      0002-Let-cryptsetup-autodect-encryption-sector-size.patch

 BuildRequires: make
 BuildRequires: glib2-devel
@ -685,6 +686,7 @@ A meta-package that pulls all the libblockdev plugins as dependencies.
 %setup -q -n %{name}-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 %build
 autoreconf -ivf
@ -988,6 +990,9 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 %files plugins-all

 %changelog
+* Mon Jul 19 2021 Vojtech Trefny <vtrefny@redhat.com> - 2.25-4
+- crypto: Let cryptsetup autodect encryption sector size
+
 * Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 2.25-3
 - Rebuilt for Python 3.10