mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-22 14:20:19 +00:00
fscrypt: Fetch passphrase when keyFn is invoked not created
Fetch password when keyFn is invoked, not when it is created. This allows creation of the keyFn before actually creating the passphrase. Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
parent
a6a4282493
commit
dd0e1988c0
@ -85,13 +85,13 @@ func createKeyFuncFromVolumeEncryption(
|
|||||||
encryption util.VolumeEncryption,
|
encryption util.VolumeEncryption,
|
||||||
volID string,
|
volID string,
|
||||||
) (func(fscryptactions.ProtectorInfo, bool) (*fscryptcrypto.Key, error), error) {
|
) (func(fscryptactions.ProtectorInfo, bool) (*fscryptcrypto.Key, error), error) {
|
||||||
passphrase, err := getPassphrase(ctx, encryption, volID)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
keyFunc := func(info fscryptactions.ProtectorInfo, retry bool) (*fscryptcrypto.Key, error) {
|
keyFunc := func(info fscryptactions.ProtectorInfo, retry bool) (*fscryptcrypto.Key, error) {
|
||||||
key, err := fscryptcrypto.NewBlankKey(32)
|
passphrase, err := getPassphrase(ctx, encryption, volID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
key, err := fscryptcrypto.NewBlankKey(encryptionPassphraseSize / 2)
|
||||||
copy(key.Data(), passphrase)
|
copy(key.Data(), passphrase)
|
||||||
|
|
||||||
return key, err
|
return key, err
|
||||||
|
Loading…
Reference in New Issue
Block a user