Merge pull request #483 from vojtechtrefny/master_luks2-open

LUKS2 unlocking support
storaged-project · Jan 31, 2018 · 7305f84 · 7305f84
2 parents 7c17702 + 40100d6
commit 7305f84
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 3 deletions.
diff --git a/src/tests/dbus-tests/test_70_encrypted.py b/src/tests/dbus-tests/test_70_encrypted.py
@@ -1,18 +1,27 @@
 import dbus
 import os
+import re
 import six
 import time
 import unittest
 
+from distutils.version import LooseVersion
+
 import udiskstestcase
 
 
 class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
     '''This is an encrypted device test suite'''
 
+    def _get_cryptsetup_version(self):
+        _ret, out = self.run_command('cryptsetup --version')
+        m = re.search(r'cryptsetup ([\d\.]+)', out)
+        if not m or len(m.groups()) != 1:
+            raise RuntimeError('Failed to determine cryptsetup version from: %s' % out)
+        return LooseVersion(m.groups()[0])
+
     def _create_luks(self, device, passphrase):
-        device.Format('xfs', {'encrypt.passphrase': passphrase},
-                      dbus_interface=self.iface_prefix + '.Block')
+        raise NotImplementedError()
 
     def _remove_luks(self, device, close=True):
         if close:
@@ -223,3 +232,47 @@ def test_password_change(self):
         luks = disk.Unlock('password', self.no_options,
                            dbus_interface=self.iface_prefix + '.Encrypted')
         self.assertIsNotNone(luks)
+
+
+class UdisksEncryptedTestLUKS1(UdisksEncryptedTest):
+    '''This is a LUKS1 encrypted device test suite'''
+
+    def _create_luks(self, device, passphrase):
+        device.Format('xfs', {'encrypt.passphrase': passphrase},
+                      dbus_interface=self.iface_prefix + '.Block')
+
+
+class UdisksEncryptedTestLUKS2(UdisksEncryptedTest):
+    '''This is a LUKS2 encrypted device test suite'''
+
+    def _create_luks(self, device, passphrase):
+        # we currently don't support creating luks2 format using udisks
+        device_path = '/dev/' + device.object_path.split('/')[-1]
+        ret, out = self.run_command('echo -n "%s" | cryptsetup luksFormat '\
+                                    '--type=luks2 %s -' % (passphrase, device_path))
+        if ret != 0:
+            raise RuntimeError('Failed to create luks2 format on %s:\n%s' % (device_path, out))
+
+        # udisks opens the device after creating it so we have to do the same
+        ret, out = self.run_command('echo -n "%s" | cryptsetup luksOpen '\
+                                    '%s luks-`cryptsetup luksUUID %s` -' % (passphrase, device_path, device_path))
+        if ret != 0:
+            raise RuntimeError('Failed to open luks2 device %s:\n%s' % (device_path, out))
+
+        # and create xfs filesystem on it too
+        ret, out = self.run_command('mkfs.xfs /dev/mapper/luks-`cryptsetup luksUUID %s`' % device_path)
+        if ret != 0:
+            raise RuntimeError('Failed to create xfs filesystem on device %s:\n%s' % (device_path, out))
+
+    def setUp(self):
+        cryptsetup_version = self._get_cryptsetup_version()
+        if cryptsetup_version < LooseVersion('2.0.0'):
+            self.skipTest('LUKS2 not supported')
+
+        super(UdisksEncryptedTestLUKS2, self).setUp()
+
+    def test_create(self):
+        self.skipTest('Creating of LUKS2 is not supported yet.')
+
+
+del UdisksEncryptedTest  # skip UdisksEncryptedTest
diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
@@ -1017,7 +1017,7 @@ udisks_linux_block_update (UDisksLinuxBlock       *block,
     {
       gchar *dm_uuid;
       dm_uuid = get_sysfs_attr (device->udev_device, "dm/uuid");
-      if (dm_uuid != NULL && g_str_has_prefix (dm_uuid, "CRYPT-LUKS1"))
+      if (dm_uuid != NULL && g_str_has_prefix (dm_uuid, "CRYPT-LUKS"))
         {
           gchar **slaves;
           slaves = udisks_daemon_util_resolve_links (g_udev_device_get_sysfs_path (device->udev_device),