Support label when creating and unlocking encrypted devices

data/org.freedesktop.UDisks2.xml

@@ -2099,7 +2099,7 @@
     <!--
         Format:
         @type: The type of file system, partition table or other content to format the device with.
-        @options: Options - known options (in addition to <link linkend="udisks-std-options">standard options</link>) includes <parameter>label</parameter> (of type 's'), <parameter>uuid</parameter> (of type 's'), <parameter>take-ownership</parameter> (of type 'b'), <parameter>encrypt.passphrase</parameter> (of type 's' or 'ay'), <parameter>encrypt.type</parameter> (of type 's'), <parameter>encrypt.pbkdf</parameter> (of type 's'), <parameter>encrypt.memory</parameter> (of type 'u'), <parameter>encrypt.iterations</parameter> (of type 'u'), <parameter>encrypt.time</parameter> (of type 'u'), <parameter>encrypt.threads</parameter> (of type 'u'), <parameter>erase</parameter> (of type 's'), <parameter>mkfs-args</parameter> (of type 'as'), <parameter>no-block</parameter> (of type 'b') and <parameter>update-partition-type</parameter> (of type 'b').
+        @options: Options - known options (in addition to <link linkend="udisks-std-options">standard options</link>) includes <parameter>label</parameter> (of type 's'), <parameter>uuid</parameter> (of type 's'), <parameter>take-ownership</parameter> (of type 'b'), <parameter>encrypt.passphrase</parameter> (of type 's' or 'ay'), <parameter>encrypt.type</parameter> (of type 's'), <parameter>encrypt.label</parameter> (of type 's'), <parameter>encrypt.pbkdf</parameter> (of type 's'), <parameter>encrypt.memory</parameter> (of type 'u'), <parameter>encrypt.iterations</parameter> (of type 'u'), <parameter>encrypt.time</parameter> (of type 'u'), <parameter>encrypt.threads</parameter> (of type 'u'), <parameter>erase</parameter> (of type 's'), <parameter>mkfs-args</parameter> (of type 'as'), <parameter>no-block</parameter> (of type 'b') and <parameter>update-partition-type</parameter> (of type 'b').
 
         Formats the device with a file system, partition table or
         other well-known content.
@@ -2137,6 +2137,8 @@
         Option <parameter>encrypt.type</parameter> can be used to
         specify encryption "technology" that will be used. Currently
         only <quote>luks1</quote> and <quote>luks2</quote> are supported.
+        Option <parameter>encrypt.label</parameter> can be used to specify
+        label for the LUKS format.
         Following additional options for LUKS key derivation function can
         be used:
 

src/tests/dbus-tests/test_70_encrypted.py

@@ -489,14 +489,16 @@ def setUpClass(cls):
 
         super(UdisksEncryptedTestLUKS2, cls).setUpClass()
 
-    def _create_luks(self, device, passphrase, binary=False):
+    def _create_luks(self, device, passphrase, binary=False, label=None):
         options = dbus.Dictionary(signature='sv')
         if binary:
             options['encrypt.passphrase'] = self.bytes_to_ay(passphrase)
             options['encrypt.type'] = 'luks2'
         else:
             options['encrypt.passphrase'] = passphrase
             options['encrypt.type'] = 'luks2'
+        if label:
+            options['encrypt.label'] = label
         device.Format('ext4', options,
                       dbus_interface=self.iface_prefix + '.Block')
 
@@ -824,6 +826,29 @@ def test_create_pbkdf_extra(self):
             self.fail("Failed to get pbkdf information from:\n%s" % out)
         self.assertEqual(m.group(1), "10000")
 
+    def test_create_open_label(self):
+        disk = self.vdevs[0]
+        device = self.get_device(disk)
+        self._create_luks(device, self.PASSPHRASE, label="TESTLUKS")
+
+        self.addCleanup(self._remove_luks, device)
+        self.udev_settle()
+
+        dbus_label = self.get_property(device, '.Block', 'IdLabel')
+        dbus_label.assertEqual("TESTLUKS")
+        self.assertTrue(os.path.exists('/dev/mapper/TESTLUKS'))
+
+        device.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
+
+        crypt_path = device.Unlock(self.PASSPHRASE, self.no_options,
+                                      dbus_interface=self.iface_prefix + '.Encrypted')
+        self.assertIsNotNone(crypt_path)
+        crypt_dev = self.bus.get_object(self.iface_prefix, crypt_path)
+        self.assertIsNotNone(crypt_dev)
+        pref_device = self.get_property(crypt_dev, ".Block", "PreferredDevice")
+        pref_device.assertEqual(self.str_to_ay('/dev/mapper/TESTLUKS'))
+        self.assertTrue(os.path.exists('/dev/mapper/TESTLUKS'))
+
 
 class UdisksEncryptedTestBITLK(udiskstestcase.UdisksTestCase):
 

src/udiskslinuxblock.c

@@ -1670,14 +1670,18 @@ static gchar *
 make_block_luksname (UDisksBlock *block, GError **error)
 {
   BDCryptoLUKSInfo *info = NULL;
+  gchar *ret = NULL;
 
   udisks_linux_block_encrypted_lock (block);
   info = bd_crypto_luks_info (udisks_block_get_device (block), error);
   udisks_linux_block_encrypted_unlock (block);
 
   if (info)
     {
-      gchar *ret = g_strdup_printf ("luks-%s", info->uuid);
+      if (info->label && g_strcmp0 (info->label, "") != 0)
+        ret = g_strdup (info->label);
+      else
+        ret = g_strdup_printf ("luks-%s", info->uuid);
       bd_crypto_luks_info_free (info);
 
       return ret;
@@ -3144,6 +3148,7 @@ format_create_luks (UDisksDaemon  *daemon,
                     guint32        encrypt_iterations,
                     guint32        encrypt_time,
                     guint32        encrypt_threads,
+                    const gchar   *encrypt_label,
                     UDisksBlock  **block_to_mkfs,
                     UDisksObject **object_to_mkfs,
                     GError       **error)
@@ -3172,6 +3177,7 @@ format_create_luks (UDisksDaemon  *daemon,
   crypto_job_data.iterations = encrypt_iterations;
   crypto_job_data.time = encrypt_time;
   crypto_job_data.threads = encrypt_threads;
+  crypto_job_data.label = encrypt_label;
 
   /* Create it */
   udisks_linux_block_encrypted_lock (block);
@@ -3411,6 +3417,7 @@ udisks_linux_block_handle_format (UDisksBlock             *block,
   guint32 encrypt_iterations = 0;
   guint32 encrypt_time = 0;
   guint32 encrypt_threads = 0;
+  const gchar *encrypt_label = NULL;
   const gchar *erase_type = NULL;
   gboolean no_block = FALSE;
   gboolean update_partition_type = FALSE;
@@ -3445,6 +3452,7 @@ udisks_linux_block_handle_format (UDisksBlock             *block,
   g_variant_lookup (options, "encrypt.iterations", "u", &encrypt_iterations);
   g_variant_lookup (options, "encrypt.time", "u", &encrypt_time);
   g_variant_lookup (options, "encrypt.threads", "u", &encrypt_threads);
+  g_variant_lookup (options, "encrypt.label", "&s", &encrypt_label);
   g_variant_lookup (options, "erase", "&s", &erase_type);
   g_variant_lookup (options, "no-block", "b", &no_block);
   g_variant_lookup (options, "update-partition-type", "b", &update_partition_type);
@@ -3588,6 +3596,7 @@ udisks_linux_block_handle_format (UDisksBlock             *block,
                                encrypt_iterations,
                                encrypt_time,
                                encrypt_threads,
+                               encrypt_label,
                                &block_to_mkfs,
                                &object_to_mkfs,
                                &error))

src/udiskslinuxencrypted.c

@@ -365,6 +365,7 @@ handle_unlock (UDisksEncrypted        *encrypted,
   gboolean handle_as_tcrypt;
   void *open_func;
   const gchar *uuid = NULL;
+  const gchar *label = NULL;
 
   object = udisks_daemon_util_dup_object (encrypted, &error);
   if (object == NULL)
@@ -524,19 +525,26 @@ handle_unlock (UDisksEncrypted        *encrypted,
   if (is_in_crypttab && crypttab_name != NULL)
     name = g_strdup (crypttab_name);
   else {
-    if (is_luks)
-      name = g_strdup_printf ("luks-%s", udisks_block_get_id_uuid (block));
-    else if (is_bitlk)
+    label = udisks_block_get_id_label (block);
+    if (label)
+      name = g_strdup (label);
+    else
       {
-        uuid = udisks_block_get_id_uuid (block);
-        if (uuid && g_strcmp0 (uuid, "") != 0)
-          name = g_strdup_printf ("bitlk-%s", uuid);
+        if (is_luks)
+          name = g_strdup_printf ("luks-%s", udisks_block_get_id_uuid (block));
+        else if (is_bitlk)
+          {
+            uuid = udisks_block_get_id_uuid (block);
+            if (uuid && g_strcmp0 (uuid, "") != 0)
+              name = g_strdup_printf ("bitlk-%s", uuid);
+            else
+              name = g_strdup_printf ("bitlk-%" G_GUINT64_FORMAT, udisks_block_get_device_number (block));
+          }
         else
-          name = g_strdup_printf ("bitlk-%" G_GUINT64_FORMAT, udisks_block_get_device_number (block));
+          /* TCRYPT devices don't have a UUID, so we use the device number instead */
+          name = g_strdup_printf ("tcrypt-%" G_GUINT64_FORMAT, udisks_block_get_device_number (block));
       }
-    else
-      /* TCRYPT devices don't have a UUID, so we use the device number instead */
-      name = g_strdup_printf ("tcrypt-%" G_GUINT64_FORMAT, udisks_block_get_device_number (block));
+
   }
 
   /* save old encryption type to be able to restore it */

src/udiskslinuxencryptedhelpers.c

@@ -56,11 +56,12 @@ gboolean luks_format_job_func (UDisksThreadedJob  *job,
   if (!context)
     return FALSE;
 
-  if (data->pbkdf || data->memory || data->iterations || data->time || data->threads)
+  if (data->pbkdf || data->memory || data->iterations || data->time || data->threads || data->label)
     {
       extra = g_new0 (BDCryptoLUKSExtra, 1);
       extra->pbkdf = bd_crypto_luks_pbkdf_new (data->pbkdf, NULL, data->memory, data->iterations,
                                                data->time, data->threads);
+      extra->label = g_strdup (data->label);
     }
 
   /* device, cipher, key_size, context, min_entropy, luks_version, extra, error */

src/udiskslinuxencryptedhelpers.h

@@ -47,6 +47,7 @@ typedef struct {
   guint32 iterations;
   guint32 time;
   guint32 threads;
+  const gchar *label;
 } CryptoJobData;
 
 gboolean luks_format_job_func (UDisksThreadedJob  *job,