osbuild2: add LUKS2 format stage and device
Co-Authored-By: Christian Kellner <christian@kellner.me>
This commit is contained in:
Achilleas Koutsou
Tom Gundersen
parent
54fd090a60
commit
46a0ad77f9
4 changed files with 75 additions and 0 deletions
|
|
@ -23,6 +23,8 @@ import (
|
|||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// TODO: guard against nil dereferencing in pointer methods
|
||||
|
||||
const (
|
||||
// Default sector size in bytes
|
||||
DefaultSectorSize = 512
|
||||
|
|
|
|||
16
internal/osbuild2/luks2_device.go
Normal file
16
internal/osbuild2/luks2_device.go
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
package osbuild2
|
||||
|
||||
// Provide access to LUKS2 container
|
||||
|
||||
type LUKS2DeviceOptions struct {
|
||||
Passphrase string `json:"passphrase"`
|
||||
}
|
||||
|
||||
func (LUKS2DeviceOptions) isDeviceOptions() {}
|
||||
|
||||
func NewLUKS2Device(options *LUKS2DeviceOptions) *Device {
|
||||
return &Device{
|
||||
Type: "org.osbuild.luks2",
|
||||
Options: options,
|
||||
}
|
||||
}
|
||||
55
internal/osbuild2/luks2_format_stage.go
Normal file
55
internal/osbuild2/luks2_format_stage.go
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
package osbuild2
|
||||
|
||||
import "fmt"
|
||||
|
||||
// Create LUKS2 container
|
||||
|
||||
type LUKS2CreateStageOptions struct {
|
||||
Passphrase string `json:"passphrase"`
|
||||
UUID string `json:"uuid"`
|
||||
Cipher string `json:"cipher,omitempty"`
|
||||
Label string `json:"label,omitempty"`
|
||||
Subsystem string `json:"subsystem,omitempty"`
|
||||
SectorSize uint64 `json:"sector-size"`
|
||||
|
||||
// password-based key derivation function
|
||||
PBKDF Argon2id `json:"pbkdf"`
|
||||
}
|
||||
|
||||
type Argon2id struct {
|
||||
// Method must be Argin2id
|
||||
Method string `json:"method"`
|
||||
Iterations uint `json:"iterations"`
|
||||
Memory uint `json:"memory,omitempty"`
|
||||
Parallelism uint `json:"parallelism,omitempty"`
|
||||
}
|
||||
|
||||
func (LUKS2CreateStageOptions) isStageOptions() {}
|
||||
|
||||
func (o LUKS2CreateStageOptions) validate() error {
|
||||
if o.PBKDF.Method != "argon2i" && o.PBKDF.Method != "argon2id" {
|
||||
return fmt.Errorf("PBKDF method should be argon2i or argon2id")
|
||||
}
|
||||
if o.PBKDF.Memory < 32 || o.PBKDF.Memory > 4194304 {
|
||||
return fmt.Errorf("PBKDF memory should be between 32 and 4194304")
|
||||
}
|
||||
if o.PBKDF.Iterations < 4 || o.PBKDF.Iterations > 4294967295 {
|
||||
return fmt.Errorf("PBKDF iterations should be between 4 and 4294967295")
|
||||
}
|
||||
if o.PBKDF.Parallelism < 1 || o.PBKDF.Parallelism > 4 {
|
||||
return fmt.Errorf("PBKDF parallelism should be between 1 and 4")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewLUKS2CreateStage(options *LUKS2CreateStageOptions, devices Devices) *Stage {
|
||||
if err := options.validate(); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return &Stage{
|
||||
Type: "org.osbuild.luks2.format",
|
||||
Options: options,
|
||||
Devices: devices,
|
||||
}
|
||||
}
|
||||
|
|
@ -158,6 +158,8 @@ func (stage *Stage) UnmarshalJSON(data []byte) error {
|
|||
options = new(YumConfigStageOptions)
|
||||
case "org.osbuild.yum.repos":
|
||||
options = new(YumReposStageOptions)
|
||||
case "org.osbuild.luks2.format":
|
||||
options = new(LUKS2CreateStageOptions)
|
||||
default:
|
||||
return fmt.Errorf("unexpected stage type: %s", rawStage.Type)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue