mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-06-07 06:03:05 -04:00
Detect integrity file system request
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße
Daniel Weiße
parent
10e9faab10
commit
3bb1ec96b1
2 changed files with 60 additions and 4 deletions
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"io/fs"
|
"io/fs"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
cryptsetup "github.com/martinjungblut/go-cryptsetup"
|
cryptsetup "github.com/martinjungblut/go-cryptsetup"
|
||||||
|
|
@ -18,6 +19,7 @@ import (
|
||||||
const (
|
const (
|
||||||
cryptPrefix = "/dev/mapper/"
|
cryptPrefix = "/dev/mapper/"
|
||||||
integritySuffix = "_dif"
|
integritySuffix = "_dif"
|
||||||
|
integrityFSSuffix = "-integrity"
|
||||||
keySizeIntegrity = 96
|
keySizeIntegrity = 96
|
||||||
keySizeCrypt = 64
|
keySizeCrypt = 64
|
||||||
)
|
)
|
||||||
|
|
@ -311,3 +313,12 @@ func performWipe(device DeviceMapper, volumeID, dek string) error {
|
||||||
klog.V(4).Info("dm-integrity successfully initiated")
|
klog.V(4).Info("dm-integrity successfully initiated")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsIntegrityFS checks if the fstype string contains an integrity suffix.
|
||||||
|
// If yes, returns the trimmed fstype and true, fstype and false otherwise.
|
||||||
|
func IsIntegrityFS(fstype string) (string, bool) {
|
||||||
|
if strings.HasSuffix(fstype, integrityFSSuffix) {
|
||||||
|
return strings.TrimSuffix(fstype, integrityFSSuffix), true
|
||||||
|
}
|
||||||
|
return fstype, false
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -231,3 +231,48 @@ func TestOpenCryptDevice(t *testing.T) {
|
||||||
_, err := mapper.OpenCryptDevice(context.Background(), "/dev/some-device", "volume01", false)
|
_, err := mapper.OpenCryptDevice(context.Background(), "/dev/some-device", "volume01", false)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsIntegrityFS(t *testing.T) {
|
||||||
|
testCases := map[string]struct {
|
||||||
|
wantIntegrity bool
|
||||||
|
fstype string
|
||||||
|
}{
|
||||||
|
"plain ext4": {
|
||||||
|
wantIntegrity: false,
|
||||||
|
fstype: "ext4",
|
||||||
|
},
|
||||||
|
"integrity ext4": {
|
||||||
|
wantIntegrity: true,
|
||||||
|
fstype: "ext4",
|
||||||
|
},
|
||||||
|
"integrity fs": {
|
||||||
|
wantIntegrity: false,
|
||||||
|
fstype: "integrity",
|
||||||
|
},
|
||||||
|
"double integrity": {
|
||||||
|
wantIntegrity: true,
|
||||||
|
fstype: "ext4-integrity",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for name, tc := range testCases {
|
||||||
|
t.Run(name, func(t *testing.T) {
|
||||||
|
assert := assert.New(t)
|
||||||
|
|
||||||
|
request := tc.fstype
|
||||||
|
if tc.wantIntegrity {
|
||||||
|
request = tc.fstype + integrityFSSuffix
|
||||||
|
}
|
||||||
|
|
||||||
|
fstype, isIntegrity := IsIntegrityFS(request)
|
||||||
|
|
||||||
|
if tc.wantIntegrity {
|
||||||
|
assert.True(isIntegrity)
|
||||||
|
assert.Equal(tc.fstype, fstype)
|
||||||
|
} else {
|
||||||
|
assert.False(isIntegrity)
|
||||||
|
assert.Equal(tc.fstype, fstype)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue