mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: Make encryption passphrase size a parameter

Browse Source 
fscrypt support requires keys longer than 20 bytes. As a preparation,
make the new passphrase length configurable, but default to 20 bytes.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff
2022-02-11 16:30:23 +01:00
committed by mergify[bot]
parent 69eb6e40dc
commit fe4821435e
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/rbd/encryption.go
View File

@ -61,6 +61,8 @@ const (
// DEK is stored.
metadataDEK = "rbd.csi.ceph.com/dek"
oldMetadataDEK = ".rbd.csi.ceph.com/dek"
encryptionPassphraseSize = 20
)
// checkRbdImageEncrypted verifies if rbd image was encrypted when created.
@ -100,7 +102,7 @@ func (ri *rbdImage) isEncrypted() bool {
// - the Data-Encryption-Key (DEK) will be generated stored for use by the KMS;
// - the RBD image will be marked to support encryption in its metadata.
func (ri *rbdImage) setupEncryption(ctx context.Context) error {
err := ri.encryption.StoreNewCryptoPassphrase(ri.VolID)
err := ri.encryption.StoreNewCryptoPassphrase(ri.VolID, encryptionPassphraseSize)
if err != nil {
log.ErrorLog(ctx, "failed to save encryption passphrase for "+
"image %s: %s", ri, err)