Pervasive and volatile encryption processes will set the sector size

yast · Oct 15, 2019 · f3e8f7d · f3e8f7d
1 parent 92348da
commit f3e8f7d
Show file tree

Hide file tree

Showing 5 changed files with 134 additions and 58 deletions.
diff --git a/src/lib/y2storage/encryption_processes/base.rb b/src/lib/y2storage/encryption_processes/base.rb
@@ -100,6 +100,41 @@ def crypt_options(_blk_device)
       def open_command_options(blk_device)
         open_options(blk_device).join(" ")
       end
+
+      # Sector size option for the encryption
+      #
+      # @param blk_device [BlkDevice] Block device to encrypt
+      # @return [String, nil] nil if no specific sector size
+      def sector_size_option(blk_device)
+        sector_size = sector_size_for(blk_device)
+        return nil unless sector_size
+
+        "sector-size=#{sector_size}"
+      end
+
+      # Sector size option to open the encryption device
+      #
+      # @param blk_device [BlkDevice] Block device to encrypt
+      # @return [String, nil] nil if no specific sector size
+      def sector_size_open_option(blk_device)
+        sector_size = sector_size_for(blk_device)
+        return nil unless sector_size
+
+        "--sector-size '#{sector_size}'"
+      end
+
+      IDEAL_SECTOR_SIZE = 4096
+
+      # Sector size for a given device
+      #
+      # For performance reasons, it tries to use 4k when possible. Otherwise, it returns
+      # nil so the default is used.
+      #
+      # @param blk_device [BlkDevice] Block device to encrypt
+      # @return [Integer,nil]
+      def sector_size_for(blk_device)
+        return IDEAL_SECTOR_SIZE if blk_device.region.block_size.to_i >= IDEAL_SECTOR_SIZE
+      end
     end
   end
 end
diff --git a/src/lib/y2storage/encryption_processes/pervasive.rb b/src/lib/y2storage/encryption_processes/pervasive.rb
@@ -91,6 +91,22 @@ def post_commit(device)
         end
       end
 
+      # Encryption options to add to the encryption device (crypttab options)
+      #
+      # @param blk_device [BlkDevice] Block device to encrypt
+      # @return [Array<String>]
+      def crypt_options(blk_device)
+        [sector_size_option(blk_device)].compact
+      end
+
+      # Encryption options to open the encryption device
+      #
+      # @param blk_device [BlkDevice] Block device to encrypt
+      # @return [Array<String>]
+      def open_options(blk_device)
+        [sector_size_open_option(blk_device)].compact
+      end
+
       # @see Base#finish_installation
       #
       # Copies the keys from the zkey repository of the inst-sys to the
@@ -134,7 +150,7 @@ def cheetah_recorder
       # @return [SecureKey]
       def generate_secure_key(device)
         key_name = "YaST_#{device.dm_table_name}"
-        key = SecureKey.generate(key_name, volumes: [device])
+        key = SecureKey.generate(key_name, volumes: [device], sector_size: sector_size_for(device.blk_device))
         log.info "Generated secure key #{key.name}"
 
         key

diff --git a/src/lib/y2storage/encryption_processes/volatile.rb b/src/lib/y2storage/encryption_processes/volatile.rb
@@ -89,14 +89,6 @@ def key_size?
         !key_size.nil?
       end
 
-      # Whether a specific sector size is used
-      #
-      # @param blk_device [BlkDevice] Block device to encrypt
-      # @return [Boolean]
-      def sector_size?(blk_device)
-        !sector_size(blk_device).nil?
-      end
-
       private
 
       # Swap option for the crypttab file
@@ -124,16 +116,6 @@ def key_size_option
         "size=#{key_size}"
       end
 
-      # Sector size option for the encryption
-      #
-      # @param blk_device [BlkDevice] Block device to encrypt
-      # @return [String, nil] nil if no specific sector size
-      def sector_size_option(blk_device)
-        return nil unless sector_size?(blk_device)
-
-        "sector-size=#{sector_size(blk_device)}"
-      end
-
       # Cipher option to open the encryption device
       #
       # @return [String, nil] nil if no specific cipher
@@ -151,29 +133,6 @@ def key_size_open_option
 
         "--key-size '#{key_size}'"
       end
-
-      # Sector size option to open the encryption device
-      #
-      # @param blk_device [BlkDevice] Block device to encrypt
-      # @return [String, nil] nil if no specific sector size
-      def sector_size_open_option(blk_device)
-        return nil unless sector_size?(blk_device)
-
-        "--sector-size '#{sector_size(blk_device)}'"
-      end
-
-      IDEAL_SECTOR_SIZE = 4096
-
-      # Sector size for a given device
-      #
-      # For performance reasons, it tries to use 4k when possible. Otherwise, it returns
-      # nil so the default is used.
-      #
-      # @param blk_device [BlkDevice] Block device to encrypt
-      # @return [Integer,nil]
-      def sector_size(blk_device)
-        return IDEAL_SECTOR_SIZE if blk_device.region.block_size >= IDEAL_SECTOR_SIZE
-      end
     end
   end
 end
diff --git a/test/y2storage/encryption_processes/pervasive_test.rb b/test/y2storage/encryption_processes/pervasive_test.rb
@@ -29,21 +29,24 @@
   let(:devicegraph) { Y2Partitioner::DeviceGraphs.instance.current }
   let(:blk_device) { Y2Storage::BlkDevice.find_by_name(devicegraph, "/dev/sda") }
   let(:dm_name) { "cr_sda" }
+  let(:secure_key) { nil }
+  let(:block_size) { Y2Storage::DiskSize.new(4096) }
+  let(:region) { instance_double(Y2Storage::Region, block_size: block_size) }
+
   let(:zkey_cryptsetup) do
     "cryptsetup luksFormat --foo bar --dummy /dev/dasdc1\n" \
       "zkey-cryptsetup setvp --volumes /dev/dasdc1\n" \
       "third-command"
   end
 
-  let(:secure_key) { nil }
-
   before do
     devicegraph_stub("empty_hard_disk_50GiB.yml")
     allow(Yast::Execute).to receive(:locally)
       .with(/zkey/, "cryptsetup", "--volumes", "/dev/dasdc1", anything)
       .and_return(zkey_cryptsetup)
     allow(Y2Storage::EncryptionProcesses::SecureKey).to receive(:for_device)
       .and_return(secure_key)
+    allow(blk_device).to receive(:region).and_return(region)
   end
 
   describe "#create_device" do
@@ -69,14 +72,46 @@
       end
     end
 
-    it "does not set any specific encryption option" do
-      encryption = subject.create_device(blk_device, dm_name)
-      expect(encryption.crypt_options).to be_empty
+    context "when the block size of ther underlying device is greater than 4k" do
+      let(:block_size) { Y2Storage::DiskSize.new(8192) }
+
+      it "sets the sector-size encryption option to 4096" do
+        encryption = subject.create_device(blk_device, dm_name)
+        expect(encryption.crypt_options).to include("sector-size=4096")
+      end
+
+      it "sets the sector-size open option for secure key" do
+        encryption = subject.create_device(blk_device, dm_name)
+        expect(encryption.open_options).to include("--sector-size '4096'")
+      end
     end
 
-    it "does not set any specific open option" do
-      encryption = subject.create_device(blk_device, dm_name)
-      expect(encryption.open_options).to be_empty
+    context "when the block size of ther underlying device is 4k" do
+      let(:block_size) { Y2Storage::DiskSize.new(4096) }
+
+      it "sets the sector-size encryption option to 4096" do
+        encryption = subject.create_device(blk_device, dm_name)
+        expect(encryption.crypt_options).to include("sector-size=4096")
+      end
+
+      it "sets the sector-size open option for secure key" do
+        encryption = subject.create_device(blk_device, dm_name)
+        expect(encryption.open_options).to include("--sector-size '4096'")
+      end
+    end
+
+    context "when the block size of ther underlying less than 4k" do
+      let(:block_size) { Y2Storage::DiskSize.new(2048) }
+
+      it "does not set the sector-size option" do
+        encryption = subject.create_device(blk_device, dm_name)
+        expect(encryption.crypt_options).to_not include("sector-size=2048")
+      end
+
+      it "sets the sector-size open option for secure key" do
+        encryption = subject.create_device(blk_device, dm_name)
+        expect(encryption.open_options).to_not include("--sector-size '2048'")
+      end
     end
   end
 
@@ -93,14 +128,45 @@
     before do
       allow(Y2Storage::EncryptionProcesses::SecureKey).to receive(:generate)
         .and_return(generated_key)
+      allow(encryption).to receive(:blk_device).and_return(blk_device)
     end
 
     it "generates a new secure key for the device" do
       expect(Y2Storage::EncryptionProcesses::SecureKey).to receive(:generate)
-        .with("YaST_cr_sda", volumes: [encryption]).and_return(generated_key)
+        .with("YaST_cr_sda", volumes: [encryption], sector_size: 4096).and_return(generated_key)
       subject.pre_commit(encryption)
     end
 
+    context "when the block size of the underlying device is greater than 4k" do
+      let(:block_size) { Y2Storage::DiskSize.new(8192) }
+
+      it "sets the sector-size for the encryption key to 4096" do
+        expect(Y2Storage::EncryptionProcesses::SecureKey).to receive(:generate)
+          .with("YaST_cr_sda", volumes: [encryption], sector_size: 4096).and_return(generated_key)
+        subject.pre_commit(encryption)
+      end
+    end
+
+    context "when the block size of the underlying device is 4k" do
+      let(:block_size) { Y2Storage::DiskSize.new(4096) }
+
+      it "sets the sector-size for the encryption key to 4096" do
+        expect(Y2Storage::EncryptionProcesses::SecureKey).to receive(:generate)
+          .with("YaST_cr_sda", volumes: [encryption], sector_size: 4096).and_return(generated_key)
+        subject.pre_commit(encryption)
+      end
+    end
+
+    context "when the block size of the underlying device less than 4k" do
+      let(:block_size) { Y2Storage::DiskSize.new(2048) }
+
+      it "sets the sector-size for the encryption key to 4096" do
+        expect(Y2Storage::EncryptionProcesses::SecureKey).to receive(:generate)
+          .with("YaST_cr_sda", volumes: [encryption], sector_size: nil).and_return(generated_key)
+        subject.pre_commit(encryption)
+      end
+    end
+
     context "when a secure key for the device was found" do
       let(:secure_key) { generated_key }
 

diff --git a/test/y2storage/encryption_processes/volatile_test.rb b/test/y2storage/encryption_processes/volatile_test.rb
@@ -26,9 +26,9 @@
   subject do
     described_class.new(
       method,
-      key_file:    key_file,
-      cipher:      cipher,
-      key_size:    key_size
+      key_file: key_file,
+      cipher:   cipher,
+      key_size: key_size
     )
   end
 
@@ -50,7 +50,7 @@
 
     let(:dm_name) { "cr_sda" }
 
-    let(:block_size) { 4096 }
+    let(:block_size) { Y2Storage::DiskSize.new(4096) }
 
     let(:region) { instance_double(Y2Storage::Region, block_size: block_size) }
 
@@ -131,7 +131,7 @@
     end
 
     context "when the block size of ther underlying device is greater than 4k" do
-      let(:block_size) { 8192 }
+      let(:block_size) { Y2Storage::DiskSize.new(8192) }
 
       it "sets the sector-size encryption option to 4096" do
         encryption = subject.create_device(device, dm_name)
@@ -145,7 +145,7 @@
     end
 
     context "when the block size of ther underlying device is 4k" do
-      let(:block_size) { 4096 }
+      let(:block_size) { Y2Storage::DiskSize.new(4096) }
 
       it "sets the sector-size encryption option to 4096" do
         encryption = subject.create_device(device, dm_name)
@@ -159,7 +159,7 @@
     end
 
     context "when the block size of ther underlying less than 4k" do
-      let(:block_size) { 2048 }
+      let(:block_size) { Y2Storage::DiskSize.new(2048) }
 
       it "does not set the sector-size option" do
         encryption = subject.create_device(device, dm_name)