Detect integrity file system request

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-10-01 01:36:09 -04:00 · 2022-05-02 13:48:57 +02:00 · 2022-05-02 13:48:57 +02:00 · 3bb1ec96b1
commit 3bb1ec96b1
parent 10e9faab10
2 changed files with 60 additions and 4 deletions
--- a/mount/cryptmapper/cryptmapper.go
+++ b/mount/cryptmapper/cryptmapper.go
@ -7,6 +7,7 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"

 	cryptsetup "github.com/martinjungblut/go-cryptsetup"
@ -16,10 +17,11 @@ import (
 )

 const (
-	cryptPrefix      = "/dev/mapper/"
-	integritySuffix  = "_dif"
-	keySizeIntegrity = 96
-	keySizeCrypt     = 64
+	cryptPrefix       = "/dev/mapper/"
+	integritySuffix   = "_dif"
+	integrityFSSuffix = "-integrity"
+	keySizeIntegrity  = 96
+	keySizeCrypt      = 64
 )

 // packageLock is needed to block concurrent use of package functions, since libcryptsetup is not thread safe.
@ -311,3 +313,12 @@ func performWipe(device DeviceMapper, volumeID, dek string) error {
 	klog.V(4).Info("dm-integrity successfully initiated")
 	return nil
 }
+
+// IsIntegrityFS checks if the fstype string contains an integrity suffix.
+// If yes, returns the trimmed fstype and true, fstype and false otherwise.
+func IsIntegrityFS(fstype string) (string, bool) {
+	if strings.HasSuffix(fstype, integrityFSSuffix) {
+		return strings.TrimSuffix(fstype, integrityFSSuffix), true
+	}
+	return fstype, false
+}
--- a/mount/cryptmapper/cryptmapper_test.go
+++ b/mount/cryptmapper/cryptmapper_test.go
@ -231,3 +231,48 @@ func TestOpenCryptDevice(t *testing.T) {
 	_, err := mapper.OpenCryptDevice(context.Background(), "/dev/some-device", "volume01", false)
 	assert.NoError(t, err)
 }
+
+func TestIsIntegrityFS(t *testing.T) {
+	testCases := map[string]struct {
+		wantIntegrity bool
+		fstype        string
+	}{
+		"plain ext4": {
+			wantIntegrity: false,
+			fstype:        "ext4",
+		},
+		"integrity ext4": {
+			wantIntegrity: true,
+			fstype:        "ext4",
+		},
+		"integrity fs": {
+			wantIntegrity: false,
+			fstype:        "integrity",
+		},
+		"double integrity": {
+			wantIntegrity: true,
+			fstype:        "ext4-integrity",
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+
+			request := tc.fstype
+			if tc.wantIntegrity {
+				request = tc.fstype + integrityFSSuffix
+			}
+
+			fstype, isIntegrity := IsIntegrityFS(request)
+
+			if tc.wantIntegrity {
+				assert.True(isIntegrity)
+				assert.Equal(tc.fstype, fstype)
+			} else {
+				assert.False(isIntegrity)
+				assert.Equal(tc.fstype, fstype)
+			}
+		})
+	}
+}