mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: Make encryption passphrase size a parameter

Browse Source 
fscrypt support requires keys longer than 20 bytes. As a preparation,
make the new passphrase length configurable, but default to 20 bytes.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff
2022-02-11 16:30:23 +01:00
committed by mergify[bot]
parent 69eb6e40dc
commit fe4821435e
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/util/crypto_test.go
View File

@ -28,14 +28,14 @@ import (
func TestGenerateNewEncryptionPassphrase(t *testing.T) {
t.Parallel()
b64Passphrase, err := generateNewEncryptionPassphrase()
b64Passphrase, err := generateNewEncryptionPassphrase(defaultEncryptionPassphraseSize)
require.NoError(t, err)
// b64Passphrase is URL-encoded, decode to verify the length of the
// passphrase
passphrase, err := base64.URLEncoding.DecodeString(b64Passphrase)
assert.NoError(t, err)
assert.Equal(t, encryptionPassphraseSize, len(passphrase))
assert.Equal(t, defaultEncryptionPassphraseSize, len(passphrase))
}
func TestKMSWorkflow(t *testing.T) {
@ -56,7 +56,7 @@ func TestKMSWorkflow(t *testing.T) {
volumeID := "volume-id"
err = ve.StoreNewCryptoPassphrase(volumeID)
err = ve.StoreNewCryptoPassphrase(volumeID, defaultEncryptionPassphraseSize)
assert.NoError(t, err)
passphrase, err := ve.GetCryptoPassphrase(volumeID)