diff --git a/src/bin/utils/predict_usage.rs b/src/bin/utils/predict_usage.rs index 268452757b..ebf5bfba12 100644 --- a/src/bin/utils/predict_usage.rs +++ b/src/bin/utils/predict_usage.rs @@ -14,7 +14,8 @@ use serde_json::{json, Value}; use devicemapper::{Bytes, Sectors}; use stratisd::engine::{ - crypt_metadata_size, integrity_meta_space, ThinPoolSizeParams, ValidatedIntegritySpec, BDA, + integrity_meta_space, ThinPoolSizeParams, ValidatedIntegritySpec, BDA, + DEFAULT_CRYPT_DATA_OFFSET_V2, }; // 2^FS_SIZE_START_POWER is the logical size of the smallest Stratis @@ -195,12 +196,8 @@ fn predict_pool_metadata_usage( }) .collect::, _>>()?; - let crypt_metadata_size = crypt_metadata_size(); - let crypt_metadata_size_sectors = crypt_metadata_size.sectors(); - // verify that crypt metadata size is divisible by sector size - assert_eq!(crypt_metadata_size_sectors.bytes(), crypt_metadata_size); - - Ok(stratis_avail_sizes.iter().cloned().sum::() - crypt_metadata_size_sectors) + let crypt_metadata_size = DEFAULT_CRYPT_DATA_OFFSET_V2; + Ok(stratis_avail_sizes.iter().cloned().sum::() - crypt_metadata_size) } // Predict usage for a newly created pool given information about whether diff --git a/src/engine/mod.rs b/src/engine/mod.rs index df0a86c2fc..2c07f2b5ec 100644 --- a/src/engine/mod.rs +++ b/src/engine/mod.rs @@ -13,9 +13,9 @@ pub use self::{ shared::{total_allocated, total_used}, sim_engine::SimEngine, strat_engine::{ - crypt_metadata_size, get_dm, get_dm_init, integrity_meta_space, register_clevis_token, - set_up_crypt_logging, unshare_mount_namespace, StaticHeader, StaticHeaderResult, - StratEngine, StratKeyActions, ThinPoolSizeParams, BDA, CLEVIS_TANG_TRUST_URL, + get_dm, get_dm_init, integrity_meta_space, register_clevis_token, set_up_crypt_logging, + unshare_mount_namespace, StaticHeader, StaticHeaderResult, StratEngine, StratKeyActions, + ThinPoolSizeParams, BDA, CLEVIS_TANG_TRUST_URL, DEFAULT_CRYPT_DATA_OFFSET_V2, }, structures::{AllLockReadGuard, ExclusiveGuard, SharedGuard, Table}, types::{ diff --git a/src/engine/strat_engine/backstore/backstore/v2.rs b/src/engine/strat_engine/backstore/backstore/v2.rs index ed10235457..435a1851ca 100644 --- a/src/engine/strat_engine/backstore/backstore/v2.rs +++ b/src/engine/strat_engine/backstore/backstore/v2.rs @@ -23,7 +23,7 @@ use crate::{ blockdevmgr::BlockDevMgr, cache_tier::CacheTier, data_tier::DataTier, devices::UnownedDevices, shared::BlockSizeSummary, }, - crypt::{crypt_metadata_size, handle::v2::CryptHandle}, + crypt::{handle::v2::CryptHandle, DEFAULT_CRYPT_DATA_OFFSET_V2}, dm::{get_dm, list_of_backstore_devices, remove_optional_devices, DEVICEMAPPER_PATH}, metadata::{MDADataSize, BDA}, names::{format_backstore_ids, CacheRole}, @@ -455,7 +455,7 @@ impl Backstore { crypt_meta_allocs: Vec::new(), }; - let size = crypt_metadata_size().sectors(); + let size = DEFAULT_CRYPT_DATA_OFFSET_V2; if !backstore.meta_alloc_cache(&[size])? { return Err(StratisError::Msg(format!( "Failed to satisfy request in backstore for {size}" @@ -1174,7 +1174,6 @@ mod tests { strat_engine::{ backstore::devices::{ProcessedPathInfos, UnownedDevices}, cmd, - crypt::crypt_metadata_size, metadata::device_identifiers, ns::{unshare_mount_namespace, MemoryFilesystem}, tests::{crypt, loopbacked, real}, @@ -1202,7 +1201,7 @@ mod tests { assert_eq!( backstore.data_tier.allocated(), match (&backstore.origin, &backstore.cache) { - (None, None) => crypt_metadata_size().sectors(), + (None, None) => DEFAULT_CRYPT_DATA_OFFSET_V2, (&None, Some(cache)) => cache.size(), (Some(linear), &None) => linear.size(), _ => panic!("impossible; see first assertion"), @@ -1500,7 +1499,7 @@ mod tests { // Allocate space from the backstore so that the cap device is made. backstore - .alloc(pool_uuid, &[2u64 * crypt_metadata_size().sectors()]) + .alloc(pool_uuid, &[2u64 * DEFAULT_CRYPT_DATA_OFFSET_V2]) .unwrap() .unwrap(); diff --git a/src/engine/strat_engine/backstore/blockdev/v1.rs b/src/engine/strat_engine/backstore/blockdev/v1.rs index dd628fca0f..cf25b9ed2f 100644 --- a/src/engine/strat_engine/backstore/blockdev/v1.rs +++ b/src/engine/strat_engine/backstore/blockdev/v1.rs @@ -18,7 +18,6 @@ use devicemapper::{Device, Sectors}; use crate::{ engine::{ - crypt_metadata_size, engine::{BlockDev, DumpState}, strat_engine::{ backstore::{ @@ -26,7 +25,7 @@ use crate::{ devices::BlockSizes, range_alloc::{PerDevSegments, RangeAllocator}, }, - crypt::handle::v1::CryptHandle, + crypt::{crypt_metadata_size, handle::v1::CryptHandle}, device::blkdev_size, metadata::{ disown_device, static_header, BlockdevSize, MDADataSize, MetadataLocation, diff --git a/src/engine/strat_engine/crypt/consts.rs b/src/engine/strat_engine/crypt/consts.rs index d4f953fa1e..e0d36faf4a 100644 --- a/src/engine/strat_engine/crypt/consts.rs +++ b/src/engine/strat_engine/crypt/consts.rs @@ -4,7 +4,7 @@ use libc::c_uint; -use devicemapper::{Bytes, IEC}; +use devicemapper::{Bytes, Sectors, IEC}; // Stratis token JSON keys pub const TOKEN_TYPE_KEY: &str = "type"; @@ -32,8 +32,10 @@ pub const LUKS2_SECTOR_SIZE: Bytes = Bytes(4096); /// tang server does not need to be verified. pub const CLEVIS_TANG_TRUST_URL: &str = "stratis:tang:trust_url"; -pub const DEFAULT_CRYPT_METADATA_SIZE: Bytes = Bytes(16 * IEC::Ki as u128); +pub const DEFAULT_CRYPT_METADATA_SIZE_V1: Bytes = Bytes(16 * IEC::Ki as u128); +pub const DEFAULT_CRYPT_METADATA_SIZE_V2: Bytes = Bytes(64 * IEC::Ki as u128); pub const DEFAULT_CRYPT_KEYSLOTS_SIZE: Bytes = Bytes(16352 * IEC::Ki as u128); +pub const DEFAULT_CRYPT_DATA_OFFSET_V2: Sectors = Sectors(34816); pub const CLEVIS_TOKEN_NAME: &str = "clevis\0"; diff --git a/src/engine/strat_engine/crypt/handle/v1.rs b/src/engine/strat_engine/crypt/handle/v1.rs index 7e2625fd21..aaa6f6fb61 100644 --- a/src/engine/strat_engine/crypt/handle/v1.rs +++ b/src/engine/strat_engine/crypt/handle/v1.rs @@ -16,7 +16,7 @@ use serde::{ }; use serde_json::{from_value, to_value, Value}; -use devicemapper::{Device, DmName, DmNameBuf, Sectors}; +use devicemapper::{Bytes, Device, DmName, DmNameBuf, Sectors}; use libcryptsetup_rs::{ c_uint, consts::{ @@ -34,11 +34,11 @@ use crate::{ cmd::{clevis_decrypt, clevis_luks_bind, clevis_luks_regen, clevis_luks_unbind}, crypt::{ consts::{ - CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_KEYSLOTS_SIZE, DEFAULT_CRYPT_METADATA_SIZE, - LUKS2_TOKEN_ID, STRATIS_MEK_SIZE, STRATIS_TOKEN_DEVNAME_KEY, - STRATIS_TOKEN_DEV_UUID_KEY, STRATIS_TOKEN_ID, STRATIS_TOKEN_POOLNAME_KEY, - STRATIS_TOKEN_POOL_UUID_KEY, STRATIS_TOKEN_TYPE, TOKEN_KEYSLOTS_KEY, - TOKEN_TYPE_KEY, + CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_KEYSLOTS_SIZE, + DEFAULT_CRYPT_METADATA_SIZE_V1, LUKS2_SECTOR_SIZE, LUKS2_TOKEN_ID, + STRATIS_MEK_SIZE, STRATIS_TOKEN_DEVNAME_KEY, STRATIS_TOKEN_DEV_UUID_KEY, + STRATIS_TOKEN_ID, STRATIS_TOKEN_POOLNAME_KEY, STRATIS_TOKEN_POOL_UUID_KEY, + STRATIS_TOKEN_TYPE, TOKEN_KEYSLOTS_KEY, TOKEN_TYPE_KEY, }, shared::{ acquire_crypt_device, activate, activate_by_token, add_keyring_keyslot, @@ -60,6 +60,19 @@ use crate::{ stratis::{StratisError, StratisResult}, }; +/// Align the number of bytes to the nearest multiple of `LUKS2_SECTOR_SIZE` +/// above the current value. +fn ceiling_sector_size_alignment(bytes: Bytes) -> Bytes { + let round = *LUKS2_SECTOR_SIZE - 1; + Bytes::from((*bytes + round) & !round) +} + +// Bytes occupied by crypt metadata +pub fn crypt_metadata_size() -> Bytes { + 2u64 * DEFAULT_CRYPT_METADATA_SIZE_V1 + + ceiling_sector_size_alignment(DEFAULT_CRYPT_KEYSLOTS_SIZE) +} + pub struct StratisLuks2Token { pub devname: DmNameBuf, pub identifiers: StratisIdentifiers, @@ -573,7 +586,7 @@ impl CryptHandle { physical_path.display() ); device.settings_handle().set_metadata_size( - MetadataSize::try_from(convert_int!(*DEFAULT_CRYPT_METADATA_SIZE, u128, u64)?)?, + MetadataSize::try_from(convert_int!(*DEFAULT_CRYPT_METADATA_SIZE_V1, u128, u64)?)?, KeyslotsSize::try_from(convert_int!(*DEFAULT_CRYPT_KEYSLOTS_SIZE, u128, u64)?)?, )?; Self::initialize_with_err(&mut device, physical_path, pool_uuid, dev_uuid, &pool_name, encryption_info, luks2_params.as_ref()) @@ -663,7 +676,11 @@ impl CryptHandle { .context_handle() .load::<()>(Some(EncryptionFormat::Luks2), None) { - return Err(wipe_fallback(physical_path, StratisError::from(e))); + return Err(wipe_fallback( + physical_path, + crypt_metadata_size(), + StratisError::from(e), + )); } device.keyslot_handle().destroy(keyslot)?; @@ -695,7 +712,11 @@ impl CryptHandle { .context_handle() .load::<()>(Some(EncryptionFormat::Luks2), None) { - return Err(wipe_fallback(physical_path, StratisError::from(e))); + return Err(wipe_fallback( + physical_path, + crypt_metadata_size(), + StratisError::from(e), + )); } Ok(()) @@ -725,6 +746,11 @@ impl CryptHandle { physical_path.display() ); + assert_eq!( + *crypt_metadata_size().sectors(), + device.status_handle().get_data_offset() + ); + match encryption_info { EncryptionInfo::Both(kd, (pin, config)) => { let mut parsed_config = config.clone(); @@ -1143,8 +1169,8 @@ mod tests { strat_engine::{ crypt::{ consts::{ - CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_KEYSLOTS_SIZE, DEFAULT_CRYPT_METADATA_SIZE, - LUKS2_TOKEN_ID, STRATIS_MEK_SIZE, + CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_KEYSLOTS_SIZE, + DEFAULT_CRYPT_METADATA_SIZE_V1, LUKS2_TOKEN_ID, STRATIS_MEK_SIZE, }, shared::acquire_crypt_device, }, @@ -1421,7 +1447,7 @@ mod tests { ) .unwrap(); let (metadata, keyslot) = context.settings_handle().get_metadata_size().unwrap(); - assert_eq!(DEFAULT_CRYPT_METADATA_SIZE, Bytes::from(*metadata)); + assert_eq!(DEFAULT_CRYPT_METADATA_SIZE_V1, Bytes::from(*metadata)); assert_eq!(DEFAULT_CRYPT_KEYSLOTS_SIZE, Bytes::from(*keyslot)); } diff --git a/src/engine/strat_engine/crypt/handle/v2.rs b/src/engine/strat_engine/crypt/handle/v2.rs index d514de406e..4adc61a80a 100644 --- a/src/engine/strat_engine/crypt/handle/v2.rs +++ b/src/engine/strat_engine/crypt/handle/v2.rs @@ -33,8 +33,9 @@ use crate::{ cmd::{clevis_decrypt, clevis_luks_bind, clevis_luks_regen, clevis_luks_unbind}, crypt::{ consts::{ - CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_KEYSLOTS_SIZE, DEFAULT_CRYPT_METADATA_SIZE, - LUKS2_TOKEN_ID, STRATIS_MEK_SIZE, + CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_DATA_OFFSET_V2, + DEFAULT_CRYPT_KEYSLOTS_SIZE, DEFAULT_CRYPT_METADATA_SIZE_V2, LUKS2_TOKEN_ID, + STRATIS_MEK_SIZE, }, shared::{ acquire_crypt_device, activate, activate_by_token, add_keyring_keyslot, @@ -275,10 +276,6 @@ impl CryptHandle { nothing to clean up", physical_path.display() ); - device.settings_handle().set_metadata_size( - MetadataSize::try_from(convert_int!(*DEFAULT_CRYPT_METADATA_SIZE, u128, u64)?)?, - KeyslotsSize::try_from(convert_int!(*DEFAULT_CRYPT_KEYSLOTS_SIZE, u128, u64)?)?, - )?; Self::initialize_with_err(&mut device, physical_path, pool_uuid, encryption_info, luks2_params.as_ref()) .and_then(|path| clevis_info_from_metadata(&mut device).map(|ci| (path, ci))) .and_then(|(_, clevis_info)| { @@ -366,7 +363,11 @@ impl CryptHandle { .context_handle() .load::<()>(Some(EncryptionFormat::Luks2), None) { - return Err(wipe_fallback(physical_path, StratisError::from(e))); + return Err(wipe_fallback( + physical_path, + DEFAULT_CRYPT_DATA_OFFSET_V2.bytes(), + StratisError::from(e), + )); } device.keyslot_handle().destroy(keyslot)?; @@ -398,7 +399,11 @@ impl CryptHandle { .context_handle() .load::<()>(Some(EncryptionFormat::Luks2), None) { - return Err(wipe_fallback(physical_path, StratisError::from(e))); + return Err(wipe_fallback( + physical_path, + DEFAULT_CRYPT_DATA_OFFSET_V2.bytes(), + StratisError::from(e), + )); } Ok(()) @@ -414,6 +419,12 @@ impl CryptHandle { let mut luks2_params_ref: Option> = luks2_params.map(|lp| lp.try_into()).transpose()?; + device.settings_handle().set_metadata_size( + MetadataSize::try_from(convert_int!(*DEFAULT_CRYPT_METADATA_SIZE_V2, u128, u64)?)?, + KeyslotsSize::try_from(convert_int!(*DEFAULT_CRYPT_KEYSLOTS_SIZE, u128, u64)?)?, + )?; + device.set_data_offset(*DEFAULT_CRYPT_DATA_OFFSET_V2)?; + log_on_failure!( device.context_handle().format::>( EncryptionFormat::Luks2, @@ -426,6 +437,11 @@ impl CryptHandle { physical_path.display() ); + assert_eq!( + *DEFAULT_CRYPT_DATA_OFFSET_V2, + device.status_handle().get_data_offset() + ); + match encryption_info { EncryptionInfo::Both(kd, (pin, config)) => { let mut parsed_config = config.clone(); @@ -780,17 +796,14 @@ mod tests { }; use devicemapper::{Bytes, Sectors, IEC}; - use libcryptsetup_rs::{ - consts::vals::{CryptStatusInfo, EncryptionFormat}, - CryptInit, Either, - }; + use libcryptsetup_rs::consts::vals::CryptStatusInfo; use crate::engine::{ strat_engine::{ crypt::{ consts::{ - CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_KEYSLOTS_SIZE, DEFAULT_CRYPT_METADATA_SIZE, - LUKS2_TOKEN_ID, STRATIS_MEK_SIZE, + CLEVIS_LUKS_TOKEN_ID, DEFAULT_CRYPT_KEYSLOTS_SIZE, + DEFAULT_CRYPT_METADATA_SIZE_V2, LUKS2_TOKEN_ID, }, shared::acquire_crypt_device, }, @@ -977,28 +990,6 @@ mod tests { ); } - #[test] - fn loop_test_crypt_metadata_defaults() { - fn test_defaults(paths: &[&Path]) { - let mut context = CryptInit::init(paths[0]).unwrap(); - context - .context_handle() - .format::<()>( - EncryptionFormat::Luks2, - ("aes", "xts-plain64"), - None, - Either::Right(STRATIS_MEK_SIZE), - None, - ) - .unwrap(); - let (metadata, keyslot) = context.settings_handle().get_metadata_size().unwrap(); - assert_eq!(DEFAULT_CRYPT_METADATA_SIZE, Bytes::from(*metadata)); - assert_eq!(DEFAULT_CRYPT_KEYSLOTS_SIZE, Bytes::from(*keyslot)); - } - - loopbacked::test_with_spec(&loopbacked::DeviceLimits::Exactly(1, None), test_defaults); - } - #[test] // Test passing an unusual, larger sector size for cryptsetup. 4096 should // be no smaller than the physical sector size of the loop device, and @@ -1114,6 +1105,10 @@ mod tests { .unwrap(); let mut device = acquire_crypt_device(handle.luks2_device_path()).unwrap(); + let (metadata, keyslot) = device.settings_handle().get_metadata_size().unwrap(); + assert_eq!(DEFAULT_CRYPT_METADATA_SIZE_V2, Bytes::from(*metadata)); + assert_eq!(DEFAULT_CRYPT_KEYSLOTS_SIZE, Bytes::from(*keyslot)); + assert!(device.token_handle().json_get(CLEVIS_LUKS_TOKEN_ID).is_ok()); assert!(device.token_handle().json_get(LUKS2_TOKEN_ID).is_err()); } diff --git a/src/engine/strat_engine/crypt/mod.rs b/src/engine/strat_engine/crypt/mod.rs index cf08bb5752..0d82fc4a16 100644 --- a/src/engine/strat_engine/crypt/mod.rs +++ b/src/engine/strat_engine/crypt/mod.rs @@ -10,9 +10,9 @@ pub mod handle; mod shared; pub use self::{ - consts::CLEVIS_TANG_TRUST_URL, + consts::{CLEVIS_TANG_TRUST_URL, DEFAULT_CRYPT_DATA_OFFSET_V2}, + handle::v1::crypt_metadata_size, shared::{ - back_up_luks_header, crypt_metadata_size, register_clevis_token, restore_luks_header, - set_up_crypt_logging, + back_up_luks_header, register_clevis_token, restore_luks_header, set_up_crypt_logging, }, }; diff --git a/src/engine/strat_engine/crypt/shared.rs b/src/engine/strat_engine/crypt/shared.rs index ef65070f2f..03f83071c2 100644 --- a/src/engine/strat_engine/crypt/shared.rs +++ b/src/engine/strat_engine/crypt/shared.rs @@ -17,7 +17,7 @@ use serde_json::{Map, Value}; use sha2::{Digest, Sha256}; use tempfile::TempDir; -use devicemapper::{Bytes, DevId, DmName, DmOptions}; +use devicemapper::{Bytes, DevId, DmName, DmOptions, Sectors}; use libcryptsetup_rs::{ c_uint, consts::{ @@ -35,9 +35,8 @@ use crate::{ cmd::clevis_decrypt, crypt::consts::{ CLEVIS_LUKS_TOKEN_ID, CLEVIS_RECURSION_LIMIT, CLEVIS_TANG_TRUST_URL, - CLEVIS_TOKEN_NAME, DEFAULT_CRYPT_KEYSLOTS_SIZE, DEFAULT_CRYPT_METADATA_SIZE, - LUKS2_SECTOR_SIZE, LUKS2_TOKEN_ID, LUKS2_TOKEN_TYPE, TOKEN_KEYSLOTS_KEY, - TOKEN_TYPE_KEY, + CLEVIS_TOKEN_NAME, LUKS2_SECTOR_SIZE, LUKS2_TOKEN_ID, LUKS2_TOKEN_TYPE, + TOKEN_KEYSLOTS_KEY, TOKEN_TYPE_KEY, }, dm::get_dm, keys, @@ -614,16 +613,13 @@ pub fn ensure_inactive(device: &mut CryptDevice, name: &DmName) -> StratisResult Ok(()) } -/// Align the number of bytes to the nearest multiple of `LUKS2_SECTOR_SIZE` -/// above the current value. -fn ceiling_sector_size_alignment(bytes: Bytes) -> Bytes { - let round = *LUKS2_SECTOR_SIZE - 1; - Bytes::from((*bytes + round) & !round) -} - /// Fallback method for wiping a crypt device where a handle to the encrypted device /// cannot be acquired. -pub fn wipe_fallback(path: &Path, causal_error: StratisError) -> StratisError { +pub fn wipe_fallback( + path: &Path, + metadata_size: Bytes, + causal_error: StratisError, +) -> StratisError { let mut file = match OpenOptions::new().write(true).open(path) { Ok(f) => f, Err(e) => { @@ -633,7 +629,7 @@ pub fn wipe_fallback(path: &Path, causal_error: StratisError) -> StratisError { } } }; - let size = match convert_int!(*crypt_metadata_size(), u128, usize) { + let size = match convert_int!(*metadata_size, u128, usize) { Ok(s) => s, Err(e) => { return StratisError::NoActionRollbackError { @@ -663,6 +659,7 @@ pub fn ensure_wiped( name: &DmName, ) -> StratisResult<()> { ensure_inactive(device, name)?; + let keyslot_number = get_keyslot_number(device, LUKS2_TOKEN_ID); match keyslot_number { Ok(Some(keyslot)) => { @@ -688,35 +685,19 @@ pub fn ensure_wiped( } } - let (md_size, ks_size) = log_on_failure!( - device.settings_handle().get_metadata_size(), - "Failed to acquire LUKS2 metadata size" - ); - debug!("Metadata size of LUKS2 device: {}", *md_size); - debug!("Keyslot area size of LUKS2 device: {}", *ks_size); - assert!(*md_size % 4096 == 0); - let total_luks2_metadata_size = *md_size * 2 - + convert_int!( - *ceiling_sector_size_alignment(Bytes::from(*ks_size)), - u128, - u64 - )?; - debug!("Aligned total size: {}", total_luks2_metadata_size); + let data_offset = Sectors(device.status_handle().get_data_offset()); + debug!("Crypt device data offset: {data_offset}"); - log_on_failure!( - device.wipe_handle().wipe::<()>( - physical_path, - CryptWipePattern::Zero, - 0, - total_luks2_metadata_size, - convert_const!(*LUKS2_SECTOR_SIZE, u128, usize), - CryptWipe::empty(), - None, - None, - ), - "Failed to wipe device with name {}", - name - ); + device.wipe_handle().wipe::<()>( + physical_path, + CryptWipePattern::Zero, + 0, + convert_int!(*data_offset.bytes(), u128, u64)?, + convert_const!(*LUKS2_SECTOR_SIZE, u128, usize), + CryptWipe::empty(), + None, + None, + )?; Ok(()) } @@ -770,11 +751,6 @@ pub fn key_desc_from_metadata(device: &mut CryptDevice) -> Option { device.token_handle().luks2_keyring_get(LUKS2_TOKEN_ID).ok() } -// Bytes occupied by crypt metadata -pub fn crypt_metadata_size() -> Bytes { - 2u64 * DEFAULT_CRYPT_METADATA_SIZE + ceiling_sector_size_alignment(DEFAULT_CRYPT_KEYSLOTS_SIZE) -} - /// Back up the LUKS2 header to a temporary file. pub fn back_up_luks_header(dev_path: &Path, tmp_dir: &TempDir) -> StratisResult { let file_name = dev_path.display().to_string().replace('/', "_"); diff --git a/src/engine/strat_engine/mod.rs b/src/engine/strat_engine/mod.rs index 37fd872abf..e9606ae9d7 100644 --- a/src/engine/strat_engine/mod.rs +++ b/src/engine/strat_engine/mod.rs @@ -31,7 +31,8 @@ pub use self::pool::inspection as pool_inspection; pub use self::{ backstore::integrity_meta_space, crypt::{ - crypt_metadata_size, register_clevis_token, set_up_crypt_logging, CLEVIS_TANG_TRUST_URL, + register_clevis_token, set_up_crypt_logging, CLEVIS_TANG_TRUST_URL, + DEFAULT_CRYPT_DATA_OFFSET_V2, }, dm::{get_dm, get_dm_init}, engine::StratEngine, diff --git a/src/engine/strat_engine/pool/inspection.rs b/src/engine/strat_engine/pool/inspection.rs index 0cbe203d34..4a35f716b1 100644 --- a/src/engine/strat_engine/pool/inspection.rs +++ b/src/engine/strat_engine/pool/inspection.rs @@ -11,13 +11,12 @@ use devicemapper::Sectors; use crate::{ engine::{ - strat_engine::serde_structs::PoolSave, + strat_engine::{crypt::DEFAULT_CRYPT_DATA_OFFSET_V2, serde_structs::PoolSave}, types::{DevUuid, IntegrityTagSpec, ValidatedIntegritySpec}, }, stratis::{StratisError, StratisResult}, }; -const SIZE_OF_CRYPT_METADATA_SECTORS: Sectors = Sectors(32768); const SIZE_OF_STRATIS_METADATA_SECTORS: Sectors = Sectors(8192); // Encodes the use for each extent. @@ -191,7 +190,7 @@ impl Allocator for CapDevice { if self.encrypted { Sectors(0) } else { - SIZE_OF_CRYPT_METADATA_SECTORS + DEFAULT_CRYPT_DATA_OFFSET_V2 } } @@ -446,7 +445,7 @@ impl CryptAllocs { errors.push(format!("Crypt meta allocs offset, {start} is not 0")); } - if length != SIZE_OF_CRYPT_METADATA_SECTORS { + if length != DEFAULT_CRYPT_DATA_OFFSET_V2 { errors.push(format!( "Crypt meta allocs entry has unexpected length {length}" )); @@ -539,7 +538,7 @@ impl Allocator for FlexDevice { if self.encrypted { Sectors(0) } else { - SIZE_OF_CRYPT_METADATA_SECTORS + DEFAULT_CRYPT_DATA_OFFSET_V2 } }