disk-mapper: set LUKS2 token to allow reusing unintialized state disks (#2083)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-06 08:15:48 -04:00 · 2023-07-18 16:20:03 +02:00 · 2023-07-18 16:20:03 +02:00 · 6a40c73ff7
commit 6a40c73ff7
parent dc373971b2
10 changed files with 161 additions and 31 deletions
--- a/disk-mapper/internal/test/integration_test.go
+++ b/disk-mapper/internal/test/integration_test.go
@ -9,6 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 package integration

 import (
+	"encoding/json"
 	"flag"
 	"fmt"
 	"os"
@ -16,8 +17,9 @@ import (
 	"testing"

 	"github.com/edgelesssys/constellation/v2/disk-mapper/internal/diskencryption"
+	ccryptsetup "github.com/edgelesssys/constellation/v2/internal/cryptsetup"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/martinjungblut/go-cryptsetup"
+	cryptsetup "github.com/martinjungblut/go-cryptsetup"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
@ -68,7 +70,7 @@ func TestMapper(t *testing.T) {
 	require.NoError(err, "failed to initialize crypt device")
 	defer free()

-	assert.False(mapper.IsLUKSDevice())
+	assert.False(mapper.IsInitialized())

 	// Format and map disk
 	passphrase := "unit-test"
@ -76,23 +78,33 @@ func TestMapper(t *testing.T) {
 	require.NoError(mapper.MapDisk(mappedDevice, passphrase), "failed to map disk")
 	require.NoError(mapper.UnmapDisk(mappedDevice), "failed to remove disk mapping")

-	assert.True(mapper.IsLUKSDevice())
+	// Make sure token was set
+	ccrypt := ccryptsetup.New()
+	freeDevice, err := ccrypt.Init(devicePath)
+	require.NoError(err, "failed to initialize crypt device")
+	defer freeDevice()
+	require.NoError(ccrypt.LoadLUKS2(), "failed to load LUKS2")
+
+	tokenJSON, err := ccrypt.TokenJSONGet(ccryptsetup.ConstellationStateDiskTokenID)
+	require.NoError(err, "token should have been set")
+	var token struct {
+		Type              string   `json:"type"`
+		Keyslots          []string `json:"keyslots"`
+		DiskIsInitialized bool     `json:"diskIsInitialized"`
+	}
+	require.NoError(json.Unmarshal([]byte(tokenJSON), &token))
+	assert.False(token.DiskIsInitialized, "disk should be marked as not initialized")
+	assert.False(ccrypt.ConstellationStateDiskTokenIsInitialized(), "disk should be marked as not initialized")
+
+	// Disk should still be marked as not initialized because token is set to false.
+	assert.False(mapper.IsInitialized())

 	// Try to map disk with incorrect passphrase
 	assert.Error(mapper.MapDisk(mappedDevice, "invalid-passphrase"), "was able to map disk with incorrect passphrase")
-}

-/*
-type fakeMetadataAPI struct{}
-
-func (f *fakeMetadataAPI) List(ctx context.Context) ([]metadata.InstanceMetadata, error) {
-	return []metadata.InstanceMetadata{
-		{
-			Name:       "instanceName",
-			ProviderID: "fake://instance-id",
-			Role:       role.Unknown,
-			VPCIP:      "192.0.2.1",
-		},
-	}, nil
+	// Disk can be reformatted without manually re-initializing a mapper
+	passphrase2 := passphrase + "2"
+	require.NoError(mapper.FormatDisk(passphrase2), "failed to format disk")
+	require.NoError(mapper.MapDisk(mappedDevice, passphrase2), "failed to map disk")
+	require.NoError(mapper.UnmapDisk(mappedDevice), "failed to remove disk mapping")
 }
-*/