From 1933097e048b31e09fa0a327628d37ec4a3c61b9 Mon Sep 17 00:00:00 2001
From: Vojtech Trefny <vtrefny@redhat.com>
Date: May 24 2023 09:04:00 +0000
Subject: Fix issues in tests when running in FIPS mode


Resolves: rhbz#2188749
Resolves: rhbz#2188603

---

diff --git a/0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch b/0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch
new file mode 100644
index 0000000..ed81651
--- /dev/null
+++ b/0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch
@@ -0,0 +1,70 @@
+From bc8c4fa2b3ba76647de9742c28bae751757dc2dd Mon Sep 17 00:00:00 2001
+From: Vojtech Trefny <vtrefny@redhat.com>
+Date: Thu, 18 May 2023 14:45:42 +0200
+Subject: [PATCH 1/2] tests: Use longer passphrase for LUKS in dm_test
+
+The short passphrase doesn't work when running in FIPS mode.
+---
+ tests/dm_test.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/dm_test.py b/tests/dm_test.py
+index 936e3055..3b491d89 100644
+--- a/tests/dm_test.py
++++ b/tests/dm_test.py
+@@ -59,8 +59,8 @@ class DevMapperGetSubsystemFromName(DevMapperTestCase):
+     def test_get_subsystem_from_name_crypt(self):
+         """Verify that it is possible to get luks device subsystem from its name"""
+         self.addCleanup(self._destroy_crypt)
+-        run("echo \"key\" | cryptsetup luksFormat %s -" %self.loop_dev)
+-        run("echo \"key\" | cryptsetup open %s libbd_dm_tests-subsystem_crypt --key-file=-" %self.loop_dev)
++        run("echo \"supersecretkey\" | cryptsetup luksFormat %s -" %self.loop_dev)
++        run("echo \"supersecretkey\" | cryptsetup open %s libbd_dm_tests-subsystem_crypt --key-file=-" %self.loop_dev)
+         subsystem = BlockDev.dm_get_subsystem_from_name("libbd_dm_tests-subsystem_crypt")
+         self.assertEqual(subsystem, "CRYPT")
+ 
+-- 
+2.40.1
+
+
+From b1f6d1484a980885b9870d27d2b113c98400851b Mon Sep 17 00:00:00 2001
+From: Vojtech Trefny <vtrefny@redhat.com>
+Date: Thu, 18 May 2023 14:56:32 +0200
+Subject: [PATCH 2/2] tests: Skip crypto tests with argon2 in FIPS mode
+
+argon is not available when running in FIPS mode.
+---
+ tests/crypto_test.py | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/tests/crypto_test.py b/tests/crypto_test.py
+index 94b89131..91ea1f35 100644
+--- a/tests/crypto_test.py
++++ b/tests/crypto_test.py
+@@ -175,6 +175,23 @@ class CryptoTestFormat(CryptoTestCase):
+             self.fail("Failed to get pbkdf information from:\n%s %s" % (out, err))
+         self.assertEqual(m.group(1), "pbkdf2")
+ 
++    def _is_fips_enabled(self):
++        if not os.path.exists("/proc/sys/crypto/fips_enabled"):
++            # if the file doesn't exist, we are definitely not in FIPS mode
++            return False
++
++        with open("/proc/sys/crypto/fips_enabled", "r") as f:
++            enabled = f.read()
++        return enabled.strip() == "1"
++
++    @tag_test(TestTags.SLOW, TestTags.CORE)
++    @unittest.skipUnless(HAVE_LUKS2, "LUKS 2 not supported")
++    def test_luks2_format_pbkdf_options(self):
++        """Verify that formatting device as LUKS 2 works"""
++
++        if self._is_fips_enabled():
++            self.skipTest("FIPS mode is enabled, cannot use argon2, skipping")
++
+         # different options for argon2 -- all parameters set
+         pbkdf = BlockDev.CryptoLUKSPBKDF(type="argon2id", max_memory_kb=100*1024, iterations=10, parallel_threads=1)
+         extra = BlockDev.CryptoLUKSExtra(pbkdf=pbkdf)
+-- 
+2.40.1
+
diff --git a/libblockdev.spec b/libblockdev.spec
index 5583cfa..25e5d2b 100644
--- a/libblockdev.spec
+++ b/libblockdev.spec
@@ -129,7 +129,7 @@
 
 Name:        libblockdev
 Version:     2.28
-Release:     6%{?dist}
+Release:     7%{?dist}
 Summary:     A library for low-level manipulation with block devices
 License:     LGPLv2+
 URL:         https://github.com/storaged-project/libblockdev
@@ -143,6 +143,7 @@ Patch5:      0005-nvme-Fix-namespace-identifiers.patch
 Patch6:      0006-Allow-resizing-of-inactive-LVs-with-latest-LVM.patch
 Patch7:      0007-tests-Fix-test_swapon_pagesize-on-systems-with-64k-p.patch
 Patch8:      0008-part-Fix-segfault-when-adding-a-partition-too-big-fo.patch
+Patch9:      0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel
@@ -732,6 +733,7 @@ A meta-package that pulls all the libblockdev plugins as dependencies.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 %build
 autoreconf -ivf
@@ -1050,6 +1052,11 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 %files plugins-all
 
 %changelog
+* Wed May 24 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-7
+- Fix issues in tests when running in FIPS mode
+  Resolves: rhbz#2188749
+  Resolves: rhbz#2188603
+
 * Tue May 16 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-6
 - Fix segfault when adding a partition too big for MSDOS
   Resolves: rhbz#2185564