Skip to content

Commit

Permalink
Add test for online reencryption
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbaublitz
jbaublitz committed Jan 23, 2025
1 parent 9c7cfce commit bdfd959
Show file tree
Hide file tree
Showing 3 changed files with 113 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,13 @@ mod test {
tests::encrypt::test_encrypt_by_password();
}

#[ignore]
#[test]
#[cfg(cryptsetup24supported)]
fn test_reencrypt_by_password() {
tests::reencrypt::test_reencrypt_by_password();
}

#[ignore]
#[test]
fn test_encrypt_by_keyfile() {
Expand Down
1 change: 1 addition & 0 deletions src/tests/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ use std::env::var;
pub mod encrypt;
pub mod keyfile;
pub mod loopback;
pub mod reencrypt;

fn format_with_zeros() -> bool {
var("FORMAT_WITH_ZEROS")
Expand Down
105 changes: 105 additions & 0 deletions src/tests/reencrypt.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.

use crate::{
consts::{
flags::{CryptActivate, CryptDeactivate, CryptReencrypt, CryptVolumeKey},
vals::{CryptReencryptDirectionInfo, CryptReencryptModeInfo, EncryptionFormat},
},
device::CryptInit,
get_sector_size,
tests::loopback,
CryptParamsLuks2, CryptParamsReencrypt, Either,
};

pub fn test_reencrypt_by_password() {
loopback::use_loopback(
50 * 1024 * 1024,
super::format_with_zeros(),
super::do_cleanup(),
|dev_path, _file_path| {
let mut dev = CryptInit::init(dev_path).unwrap();
dev.context_handle()
.format::<()>(
EncryptionFormat::Luks2,
("aes", "xts-plain"),
None,
Either::Right(512 / 8),
None,
)
.unwrap();

dev.keyslot_handle()
.add_by_key(
None,
None,
"thisisatest".as_bytes(),
CryptVolumeKey::empty(),
)
.unwrap();

let new_keyslot = dev
.keyslot_handle()
.add_by_key(
None,
Some(Either::Right(512 / 8)),
"thisisatest".as_bytes(),
CryptVolumeKey::NO_SEGMENT,
)
.unwrap();

dev.activate_handle()
.activate_by_passphrase(
Some("test-device"),
None,
"thisisatest".as_bytes(),
CryptActivate::empty(),
)
.unwrap();

let size = match get_sector_size(Some(&mut dev)) {
i if i < 0 => panic!("Received error: {i:?}"),
i => i as u32,
};
let cipher = dev.status_handle().get_cipher().unwrap();
let cipher_mode = dev.status_handle().get_cipher_mode().unwrap();

dev.reencrypt_handle()
.reencrypt_init_by_passphrase(
Some("test-device"),
"thisisatest".as_bytes(),
None,
Some(new_keyslot),
Some((&cipher, &cipher_mode)),
CryptParamsReencrypt {
mode: CryptReencryptModeInfo::Reencrypt,
direction: CryptReencryptDirectionInfo::Forward,
resilience: "checksum".to_string(),
hash: "sha256".to_string(),
data_shift: 0,
max_hotzone_size: 0,
device_size: 0,
luks2: CryptParamsLuks2 {
data_alignment: 0,
data_device: None,
integrity: None,
integrity_params: None,
pbkdf: None,
label: None,
sector_size: size,
subsystem: None,
},
flags: CryptReencrypt::empty(),
},
)
.unwrap();

dev.reencrypt_handle().reencrypt2::<()>(None, None).unwrap();

dev.activate_handle()
.deactivate("test-device", CryptDeactivate::empty())
.unwrap();
},
)
}

0 comments on commit bdfd959

Please sign in to comment.