Add decryption support in V2 crypt handle

stratis-storage · Jan 24, 2025 · f2a5d4c · f2a5d4c
1 parent e02ad62
commit f2a5d4c
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/src/engine/strat_engine/crypt/handle/v2.rs b/src/engine/strat_engine/crypt/handle/v2.rs
@@ -844,6 +844,44 @@ impl CryptHandle {
         )
     }
 
+    /// Encrypt an unencrypted pool.
+    #[allow(dead_code)]
+    pub fn decrypt(self, pool_uuid: PoolUuid, luks2_path: &Path) -> StratisResult<()> {
+        let activation_name = format_crypt_backstore_name(&pool_uuid);
+        let mut device = acquire_crypt_device(luks2_path)?;
+        let (keyslot, key) = get_passphrase(&mut device, self.encryption_info())?
+            .either(|(keyslot, _, key)| (keyslot, key), |tup| tup);
+        device.reencrypt_handle().reencrypt_init_by_passphrase(
+            Some(&activation_name.to_string()),
+            key.as_ref(),
+            Some(keyslot),
+            None,
+            None,
+            CryptParamsReencrypt {
+                mode: CryptReencryptModeInfo::Decrypt,
+                direction: CryptReencryptDirectionInfo::Forward,
+                resilience: "checksum".to_string(),
+                hash: "sha256".to_string(),
+                data_shift: 0,
+                max_hotzone_size: 0,
+                device_size: 0,
+                luks2: CryptParamsLuks2 {
+                    data_alignment: 0,
+                    data_device: None,
+                    integrity: None,
+                    integrity_params: None,
+                    pbkdf: None,
+                    label: None,
+                    sector_size: 0,
+                    subsystem: None,
+                },
+                flags: CryptReencrypt::empty(),
+            },
+        )?;
+        device.reencrypt_handle().reencrypt2::<()>(None, None)?;
+        Ok(())
+    }
+
     /// Deactivate the device referenced by the current device handle.
     #[cfg(test)]
     pub fn deactivate(&self) -> StratisResult<()> {