"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tests/api-test-2.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

api-test-2.c  (cryptsetup-2.3.6.tar.xz):api-test-2.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 44 skipping to change at line 44
#include <linux/keyctl.h> #include <linux/keyctl.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#ifndef HAVE_KEY_SERIAL_T #ifndef HAVE_KEY_SERIAL_T
#define HAVE_KEY_SERIAL_T #define HAVE_KEY_SERIAL_T
#include <stdint.h> #include <stdint.h>
typedef int32_t key_serial_t; typedef int32_t key_serial_t;
#endif #endif
#endif #endif
#include "api_test.h" #include "api_test.h"
#include "luks.h" #include "luks1/luks.h"
#include "libcryptsetup.h" #include "libcryptsetup.h"
#define DMDIR "/dev/mapper/" #define DMDIR "/dev/mapper/"
#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b" #define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
#define DEVICE_EMPTY_name "crypt_zero" #define DEVICE_EMPTY_name "crypt_zero"
#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name #define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
#define DEVICE_ERROR_name "crypt_error" #define DEVICE_ERROR_name "crypt_error"
#define DEVICE_ERROR DMDIR DEVICE_ERROR_name #define DEVICE_ERROR DMDIR DEVICE_ERROR_name
skipping to change at line 122 skipping to change at line 122
#define PASS0 "aaa" #define PASS0 "aaa"
#define PASS1 "hhh" #define PASS1 "hhh"
#define PASS2 "ccc" #define PASS2 "ccc"
#define PASS3 "ddd" #define PASS3 "ddd"
#define PASS4 "eee" #define PASS4 "eee"
#define PASS5 "fff" #define PASS5 "fff"
#define PASS6 "ggg" #define PASS6 "ggg"
#define PASS7 "bbb" #define PASS7 "bbb"
#define PASS8 "iii" #define PASS8 "iii"
/* Allow to run without config.h */
#ifndef DEFAULT_LUKS1_HASH
#define DEFAULT_LUKS1_HASH "sha256"
#define DEFAULT_LUKS1_ITER_TIME 2000
#define DEFAULT_LUKS2_ITER_TIME 2000
#define DEFAULT_LUKS2_MEMORY_KB 1048576
#define DEFAULT_LUKS2_PARALLEL_THREADS 4
#define DEFAULT_LUKS2_PBKDF "argon2i"
#endif
static int _fips_mode = 0; static int _fips_mode = 0;
static char *DEVICE_1 = NULL; static char *DEVICE_1 = NULL;
static char *DEVICE_2 = NULL; static char *DEVICE_2 = NULL;
static char *DEVICE_3 = NULL; static char *DEVICE_3 = NULL;
static char *DEVICE_4 = NULL; static char *DEVICE_4 = NULL;
static char *DEVICE_5 = NULL; static char *DEVICE_5 = NULL;
static char *DEVICE_6 = NULL; static char *DEVICE_6 = NULL;
static char *tmp_file_1 = NULL; static char *tmp_file_1 = NULL;
static char *test_loop_file = NULL; static char *test_loop_file = NULL;
unsigned int test_progress_steps; unsigned int test_progress_steps;
struct crypt_device *cd = NULL, *cd2 = NULL; struct crypt_device *cd = NULL, *cd2 = NULL;
static const char *default_luks1_hash = NULL;
static uint32_t default_luks1_iter_time = 0;
static const char *default_luks2_pbkdf = NULL;
static uint32_t default_luks2_iter_time = 0;
static uint32_t default_luks2_memory_kb = 0;
static uint32_t default_luks2_parallel_threads = 0;
static struct crypt_pbkdf_type min_pbkdf2 = {
.type = "pbkdf2",
.iterations = 1000,
.flags = CRYPT_PBKDF_NO_BENCHMARK
}, min_argon2 = {
.type = "argon2id",
.iterations = 4,
.max_memory_kb = 32,
.parallel_threads = 1,
.flags = CRYPT_PBKDF_NO_BENCHMARK
};
// Helpers // Helpers
static unsigned cpus_online(void) static unsigned cpus_online(void)
{ {
static long r = -1; static long r = -1;
if (r < 0) { if (r < 0) {
r = sysconf(_SC_NPROCESSORS_ONLN); r = sysconf(_SC_NPROCESSORS_ONLN);
if (r < 0) if (r < 0)
r = 1; r = 1;
skipping to change at line 170 skipping to change at line 180
return r; return r;
} }
static uint32_t adjusted_pbkdf_memory(void) static uint32_t adjusted_pbkdf_memory(void)
{ {
long pagesize = sysconf(_SC_PAGESIZE); long pagesize = sysconf(_SC_PAGESIZE);
long pages = sysconf(_SC_PHYS_PAGES); long pages = sysconf(_SC_PHYS_PAGES);
uint64_t memory_kb; uint64_t memory_kb;
if (pagesize <= 0 || pages <= 0) if (pagesize <= 0 || pages <= 0)
return DEFAULT_LUKS2_MEMORY_KB; return default_luks2_memory_kb;
memory_kb = pagesize / 1024 * pages / 2; memory_kb = pagesize / 1024 * pages / 2;
if (memory_kb < DEFAULT_LUKS2_MEMORY_KB) if (memory_kb < default_luks2_memory_kb)
return (uint32_t)memory_kb; return (uint32_t)memory_kb;
return DEFAULT_LUKS2_MEMORY_KB; return default_luks2_memory_kb;
} }
static unsigned _min(unsigned a, unsigned b) static unsigned _min(unsigned a, unsigned b)
{ {
return a < b ? a : b; return a < b ? a : b;
} }
static int get_luks2_offsets(int metadata_device, static int get_luks2_offsets(int metadata_device,
unsigned int alignpayload_sec, unsigned int alignpayload_sec,
unsigned int sector_size, unsigned int sector_size,
skipping to change at line 228 skipping to change at line 238
*r_payload_offset /= sector_size; *r_payload_offset /= sector_size;
} }
if (r_header_size) if (r_header_size)
*r_header_size = default_header_size; *r_header_size = default_header_size;
return 0; return 0;
} }
static bool get_luks_pbkdf_defaults(void)
{
const struct crypt_pbkdf_type *pbkdf_defaults = crypt_get_pbkdf_default(C
RYPT_LUKS1);
if (!pbkdf_defaults)
return false;
default_luks1_hash = pbkdf_defaults->hash;
default_luks1_iter_time = pbkdf_defaults->time_ms;
pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS2);
if (!pbkdf_defaults)
return false;
default_luks2_pbkdf = pbkdf_defaults->type;
default_luks2_iter_time = pbkdf_defaults->time_ms;
default_luks2_memory_kb = pbkdf_defaults->max_memory_kb;
default_luks2_parallel_threads = pbkdf_defaults->parallel_threads;
return true;
}
static void _remove_keyfiles(void) static void _remove_keyfiles(void)
{ {
remove(KEYFILE1); remove(KEYFILE1);
remove(KEYFILE2); remove(KEYFILE2);
} }
#if HAVE_DECL_DM_TASK_RETRY_REMOVE #if HAVE_DECL_DM_TASK_RETRY_REMOVE
#define DM_RETRY "--retry " #define DM_RETRY "--retry "
#else #else
#define DM_RETRY "" #define DM_RETRY ""
skipping to change at line 347 skipping to change at line 379
free(DEVICE_5); free(DEVICE_5);
free(DEVICE_6); free(DEVICE_6);
} }
static int _setup(void) static int _setup(void)
{ {
int fd, ro = 0; int fd, ro = 0;
char cmd[128]; char cmd[128];
test_loop_file = strdup(THE_LFILE_TEMPLATE); test_loop_file = strdup(THE_LFILE_TEMPLATE);
if (!test_loop_file)
return 1;
if ((fd=mkstemp(test_loop_file)) == -1) { if ((fd=mkstemp(test_loop_file)) == -1) {
printf("cannot create temporary file with template %s\n", test_lo op_file); printf("cannot create temporary file with template %s\n", test_lo op_file);
return 1; return 1;
} }
close(fd); close(fd);
snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/n ull", snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/n ull",
test_loop_file, SECTOR_SIZE, TST_LOOP_FILE_SIZE); test_loop_file, TST_SECTOR_SIZE, TST_LOOP_FILE_SIZE);
if (_system(cmd, 1)) if (_system(cmd, 1))
return 1; return 1;
fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro); fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro);
close(fd); close(fd);
tmp_file_1 = strdup(THE_LFILE_TEMPLATE); tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
if (!tmp_file_1)
return 1;
if ((fd=mkstemp(tmp_file_1)) == -1) { if ((fd=mkstemp(tmp_file_1)) == -1) {
printf("cannot create temporary file with template %s\n", tmp_fil e_1); printf("cannot create temporary file with template %s\n", tmp_fil e_1);
return 1; return 1;
} }
close(fd); close(fd);
snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/n ull", snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/n ull",
tmp_file_1, SECTOR_SIZE, 10); tmp_file_1, TST_SECTOR_SIZE, 10);
if (_system(cmd, 1)) if (_system(cmd, 1))
return 1; return 1;
_system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1); _system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1);
_system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1); _system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1);
_system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1); _system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1);
fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro); fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro);
close(fd); close(fd);
skipping to change at line 401 skipping to change at line 439
fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro); fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro);
close(fd); close(fd);
_system(" [ ! -e " IMAGE_PV_LUKS2_SEC " ] && xz -dk " IMAGE_PV_LUKS2_SEC ".xz", 1); _system(" [ ! -e " IMAGE_PV_LUKS2_SEC " ] && xz -dk " IMAGE_PV_LUKS2_SEC ".xz", 1);
_system(" [ ! -e " IMAGE_PV_LUKS2_SEC ".bcp ] && cp " IMAGE_PV_LUKS2_SEC " " IMAGE_PV_LUKS2_SEC ".bcp", 1); _system(" [ ! -e " IMAGE_PV_LUKS2_SEC ".bcp ] && cp " IMAGE_PV_LUKS2_SEC " " IMAGE_PV_LUKS2_SEC ".bcp", 1);
fd = loop_attach(&DEVICE_6, IMAGE_PV_LUKS2_SEC, 0, 0, &ro); fd = loop_attach(&DEVICE_6, IMAGE_PV_LUKS2_SEC, 0, 0, &ro);
close(fd); close(fd);
_system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/nul l", 1); _system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/nul l", 1);
if (_system("modprobe dm-crypt", 1)) if (_system("modprobe dm-crypt >/dev/null 2>&1", 1))
return 1; return 1;
if (t_dm_check_versions()) if (t_dm_check_versions())
return 1; return 1;
_system("rmmod dm-crypt", 0); _system("rmmod dm-crypt >/dev/null 2>&1", 0);
_fips_mode = fips_mode(); _fips_mode = fips_mode();
if (_debug) if (_debug)
printf("FIPS MODE: %d\n", _fips_mode); printf("FIPS MODE: %d\n", _fips_mode);
/* Use default log callback */ /* Use default log callback */
crypt_set_log_callback(NULL, &global_log_callback, NULL); crypt_set_log_callback(NULL, &global_log_callback, NULL);
if (!get_luks_pbkdf_defaults())
return 1;
min_pbkdf2.hash = min_argon2.hash = default_luks1_hash;
return 0; return 0;
} }
static int set_fast_pbkdf(struct crypt_device *cd)
{
const struct crypt_pbkdf_type *pbkdf = &min_argon2;
/* Cannot use Argon2 in FIPS */
if (_fips_mode)
pbkdf = &min_pbkdf2;
return crypt_set_pbkdf_type(cd, pbkdf);
}
#ifdef KERNEL_KEYRING #ifdef KERNEL_KEYRING
static key_serial_t add_key(const char *type, const char *description, const voi d *payload, size_t plen, key_serial_t keyring) static key_serial_t add_key(const char *type, const char *description, const voi d *payload, size_t plen, key_serial_t keyring)
{ {
return syscall(__NR_add_key, type, description, payload, plen, keyring); return syscall(__NR_add_key, type, description, payload, plen, keyring);
} }
static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring) static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring)
{ {
return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring); return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring);
} }
skipping to change at line 464 skipping to change at line 518
{ {
key_serial_t kid = _kernel_key_by_segment(cd, segment); key_serial_t kid = _kernel_key_by_segment(cd, segment);
if (kid < 0) if (kid < 0)
return -1; return -1;
return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING); return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING);
} }
#endif #endif
static int test_open(struct crypt_device *cd, static int test_open(struct crypt_device *cd __attribute__((unused)),
int token, int token __attribute__((unused)),
char **buffer, char **buffer,
size_t *buffer_len, size_t *buffer_len,
void *usrptr) void *usrptr)
{ {
const char *str = (const char *)usrptr; const char *str = (const char *)usrptr;
*buffer = strdup(str); *buffer = strdup(str);
if (!*buffer) if (!*buffer)
return -ENOMEM; return -ENOMEM;
*buffer_len = strlen(*buffer); *buffer_len = strlen(*buffer);
return 0; return 0;
} }
static int test_validate(struct crypt_device *cd, const char *json) static int test_validate(struct crypt_device *cd __attribute__((unused)), const char *json)
{ {
return (strstr(json, "magic_string") == NULL); return (strstr(json, "magic_string") == NULL);
} }
static void UseLuks2Device(void) static void UseLuks2Device(void)
{ {
char key[128]; char key[128];
size_t key_size; size_t key_size;
OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_init(&cd, DEVICE_1));
skipping to change at line 545 skipping to change at line 599
CRYPT_FREE(cd); CRYPT_FREE(cd);
} }
static void SuspendDevice(void) static void SuspendDevice(void)
{ {
struct crypt_active_device cad; struct crypt_active_device cad;
char key[128]; char key[128];
size_t key_size; size_t key_size;
int suspend_status; int suspend_status;
uint64_t r_payload_offset; uint64_t r_payload_offset;
const struct crypt_pbkdf_type fast_pbkdf = {
.type = "pbkdf2",
.hash = "sha256",
.iterations = 1000,
.flags = CRYPT_PBKDF_NO_BENCHMARK
};
OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, str len(KEY1), 0)); OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, str len(KEY1), 0));
suspend_status = crypt_suspend(cd, CDEVICE_1); suspend_status = crypt_suspend(cd, CDEVICE_1);
if (suspend_status == -ENOTSUP) { if (suspend_status == -ENOTSUP) {
printf("WARNING: Suspend/Resume not supported, skipping test.\n") ; printf("WARNING: Suspend/Resume not supported, skipping test.\n") ;
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
skipping to change at line 620 skipping to change at line 668
OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen (KEY1))); OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen (KEY1)));
OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size)); OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
/* Resume device with cipher_null */ /* Resume device with cipher_null */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf)); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_si ze, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_si ze, NULL));
EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE))); EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
OK_(crypt_suspend(cd, CDEVICE_1)); OK_(crypt_suspend(cd, CDEVICE_1));
OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size)); OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED); EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
OK_(crypt_suspend(cd, CDEVICE_1)); OK_(crypt_suspend(cd, CDEVICE_1));
OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSP HRASE))); OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSP HRASE)));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
skipping to change at line 656 skipping to change at line 704
.max_memory_kb = 1024, .max_memory_kb = 1024,
.time_ms = 1 .time_ms = 1
}, pbkdf_tmp; }, pbkdf_tmp;
struct crypt_params_luks2 params = { struct crypt_params_luks2 params = {
.pbkdf = &pbkdf, .pbkdf = &pbkdf,
.data_device = DEVICE_2, .data_device = DEVICE_2,
.sector_size = 512 .sector_size = 512
}; };
char key[128], key2[128], key3[128]; char key[128], key2[128], key3[128];
const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd"; const char *tmp_buf, *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd ";
const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818af e7a78a6de7a1a"; const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818af e7a78a6de7a1a";
const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818a fe7a78a6de7a1e"; const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818a fe7a78a6de7a1e";
size_t key_size = strlen(mk_hex) / 2; size_t key_size = strlen(mk_hex) / 2;
const char *cipher = "aes"; const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256"; const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset, r_header_size, r_size_1; uint64_t r_payload_offset, r_header_size, r_size_1;
/* Cannot use Argon2 in FIPS */ /* Cannot use Argon2 in FIPS */
if (_fips_mode) { if (_fips_mode) {
pbkdf.type = CRYPT_KDF_PBKDF2; pbkdf.type = CRYPT_KDF_PBKDF2;
skipping to change at line 687 skipping to change at line 735
OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1)); OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1));
// format // format
OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
params.data_alignment = 0; params.data_alignment = 0;
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Not enough space for keyslots material"); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Not enough space for keyslots material");
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test payload_offset = 0 for encrypted device with external header devi ce // test payload_offset = 0 for encrypted device with external header devi ce
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
EQ_(crypt_get_data_offset(cd), 0); EQ_(crypt_get_data_offset(cd), 0);
CRYPT_FREE(cd); CRYPT_FREE(cd);
params.data_alignment = 0; params.data_alignment = 0;
params.data_device = NULL; params.data_device = NULL;
// test payload_offset = 0. format() should look up alignment offset from device topology // test payload_offset = 0. format() should look up alignment offset from device topology
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
OK_(!(crypt_get_data_offset(cd) > 0)); OK_(!(crypt_get_data_offset(cd) > 0));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// set_data_offset has priority, alignment must be 0 or must be compatibl e // set_data_offset has priority, alignment must be 0 or must be compatibl e
params.data_alignment = 0; params.data_alignment = 0;
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
OK_(set_fast_pbkdf(cd));
OK_(crypt_set_data_offset(cd, OFFSET_8M)); OK_(crypt_set_data_offset(cd, OFFSET_8M));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
EQ_(crypt_get_data_offset(cd), OFFSET_8M); EQ_(crypt_get_data_offset(cd), OFFSET_8M);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// Load gets the value from metadata // Load gets the value from metadata
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
OK_(crypt_set_data_offset(cd, OFFSET_2M)); OK_(crypt_set_data_offset(cd, OFFSET_2M));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_get_data_offset(cd), OFFSET_8M); EQ_(crypt_get_data_offset(cd), OFFSET_8M);
CRYPT_FREE(cd); CRYPT_FREE(cd);
params.data_alignment = OFFSET_4M; params.data_alignment = OFFSET_4M;
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
OK_(set_fast_pbkdf(cd));
FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); / / must be aligned to 4k FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); / / must be aligned to 4k
OK_(crypt_set_data_offset(cd, OFFSET_2M)); OK_(crypt_set_data_offset(cd, OFFSET_2M));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Alignment not compatible"); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Alignment not compatible");
OK_(crypt_set_data_offset(cd, OFFSET_4M)); OK_(crypt_set_data_offset(cd, OFFSET_4M));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
EQ_(crypt_get_data_offset(cd), OFFSET_4M); EQ_(crypt_get_data_offset(cd), OFFSET_4M);
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* /*
* test limit values for backing device size * test limit values for backing device size
*/ */
params.data_alignment = OFFSET_4M; params.data_alignment = OFFSET_4M;
OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offse t)); OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offse t));
OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset)); OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1)); OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1));
// 1 sector less than required // 1 sector less than required
OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG)); OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG));
OK_(set_fast_pbkdf(cd));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Device too small"); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Device too small");
CRYPT_FREE(cd); CRYPT_FREE(cd);
// 0 sectors for encrypted area // 0 sectors for encrypted area
OK_(crypt_init(&cd, DMDIR L_DEVICE_0S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Enc rypted area too small"); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Enc rypted area too small");
CRYPT_FREE(cd); CRYPT_FREE(cd);
// 1 sector for encrypted area // 1 sector for encrypted area
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
EQ_(crypt_get_data_offset(cd), r_payload_offset); EQ_(crypt_get_data_offset(cd), r_payload_offset);
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1)); OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1));
EQ_(r_size_1, SECTOR_SIZE); EQ_(r_size_1, TST_SECTOR_SIZE);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE); EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
// restrict format only to empty context // restrict format only to empty context
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Context is already formatted"); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Context is already formatted");
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, NULL), "Context is already formatted"); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, NULL), "Context is already formatted");
// change data device to wrong one // change data device to wrong one
OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S)); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S));
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Dev ice too small"); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Dev ice too small");
OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S)); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
params.data_alignment = 0; params.data_alignment = 0;
params.data_device = DEVICE_2; params.data_device = DEVICE_2;
// generate keyslot material at the end of luks header // generate keyslot material at the end of luks header
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
EQ_((int)key_size, crypt_get_volume_key_size(cd)); EQ_((int)key_size, crypt_get_volume_key_size(cd));
EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, str len(passphrase)), 7); EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, str len(passphrase)), 7);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(pas sphrase) ,0), 7); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(pas sphrase) ,0), 7);
OK_(crypt_keyslot_get_pbkdf(cd, 7, &pbkdf_tmp)); OK_(crypt_keyslot_get_pbkdf(cd, 7, &pbkdf_tmp));
OK_(strcmp(pbkdf_tmp.type, pbkdf.type)); OK_(strcmp(pbkdf_tmp.type, pbkdf.type));
if (!_fips_mode) { if (!_fips_mode) {
NULL_(pbkdf_tmp.hash); NULL_(pbkdf_tmp.hash);
OK_(!(pbkdf_tmp.max_memory_kb >= 32)); OK_(!(pbkdf_tmp.max_memory_kb >= 32));
OK_(!(pbkdf_tmp.parallel_threads >= 1)); OK_(!(pbkdf_tmp.parallel_threads >= 1));
} else } else
OK_(strcmp(pbkdf_tmp.hash, pbkdf.hash)); OK_(strcmp(pbkdf_tmp.hash, pbkdf.hash));
OK_(!(pbkdf_tmp.iterations >= 4)); OK_(!(pbkdf_tmp.iterations >= 4));
EQ_(0, pbkdf_tmp.time_ms); /* not usable in per-keyslot call */ EQ_(0, pbkdf_tmp.time_ms); /* not usable in per-keyslot call */
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
OK_(set_fast_pbkdf(cd));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Context is already formatted"); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_s ize, &params), "Context is already formatted");
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// check active status without header // check active status without header
OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL)); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
NULL_(crypt_get_type(cd)); NULL_(crypt_get_type(cd));
OK_(strcmp(cipher, crypt_get_cipher(cd))); OK_(strcmp(cipher, crypt_get_cipher(cd)));
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
EQ_((int)key_size, crypt_get_volume_key_size(cd)); EQ_((int)key_size, crypt_get_volume_key_size(cd));
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
params.data_alignment = OFFSET_1M; params.data_alignment = OFFSET_1M;
params.data_device = NULL; params.data_device = NULL;
// test uuid mismatch and _init_by_name_and_header // test uuid mismatch and _init_by_name_and_header
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
EQ_(0, crypt_header_is_detached(cd));
CRYPT_FREE(cd); CRYPT_FREE(cd);
params.data_alignment = 0; params.data_alignment = 0;
params.data_device = DEVICE_2; params.data_device = DEVICE_2;
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// there we've got uuid mismatch // there we've got uuid mismatch
OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE)); OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
NULL_(crypt_get_type(cd)); NULL_(crypt_get_type(cd));
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Dev ice is active"); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Dev ice is active");
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Dev ice is active"); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Dev ice is active");
EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE); EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
FAIL_(crypt_header_is_detached(cd), "no header for mismatched device");
CRYPT_FREE(cd); CRYPT_FREE(cd);
params.data_device = NULL; params.data_device = NULL;
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
// even with no keyslots defined it can be activated by volume key // even with no keyslots defined it can be activated by volume key
OK_(crypt_volume_key_verify(cd, key, key_size)); OK_(crypt_volume_key_verify(cd, key, key_size));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_2)); OK_(crypt_deactivate(cd, CDEVICE_2));
// now with keyslot // now with keyslot
EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase))); EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7)); EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passph rase, strlen(passphrase), 0)); EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passph rase, strlen(passphrase), 0));
GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_2)); OK_(crypt_deactivate(cd, CDEVICE_2));
crypt_set_iteration_time(cd, 1);
EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen (KEY1))); EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen (KEY1)));
OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1))); OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2))); OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0)); EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0));
FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2 , 0, 1), "wrong key"); FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2 , 0, 1), "wrong key");
EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE 2, 0, 1)); EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE 2, 0, 1));
EQ_(4, crypt_keyslot_add_by_keyfile_offset(cd, 4, KEYFILE2, 0, 1, KEYFILE 1, 0, 1)); EQ_(4, crypt_keyslot_add_by_keyfile_offset(cd, 4, KEYFILE2, 0, 1, KEYFILE 1, 0, 1));
FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch"); FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0 )); EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0 ));
EQ_(3, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE 2, 0, 1, 0)); EQ_(3, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE 2, 0, 1, 0));
skipping to change at line 870 skipping to change at line 931
OK_(crypt_keyslot_destroy(cd, 2)); OK_(crypt_keyslot_destroy(cd, 2));
OK_(crypt_keyslot_destroy(cd, 3)); OK_(crypt_keyslot_destroy(cd, 3));
OK_(crypt_keyslot_destroy(cd, 4)); OK_(crypt_keyslot_destroy(cd, 4));
OK_(crypt_deactivate(cd, CDEVICE_2)); OK_(crypt_deactivate(cd, CDEVICE_2));
_remove_keyfiles(); _remove_keyfiles();
FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, s trlen(passphrase)), "slot used"); FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, s trlen(passphrase)), "slot used");
key[1] = ~key[1]; key[1] = ~key[1];
FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, s trlen(passphrase)), "key mismatch"); FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, s trlen(passphrase)), "key mismatch");
key[1] = ~key[1]; key[1] = ~key[1];
EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase))); EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase2, strlen(passphrase2)));
EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6)); EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot"); FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot"); FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used"); FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
OK_(crypt_keyslot_destroy(cd, 7)); OK_(crypt_keyslot_destroy(cd, 7));
EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7)); EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6)); EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
EQ_(6, crypt_keyslot_change_by_passphrase(cd, 6, CRYPT_ANY_SLOT, passphra
se2, strlen(passphrase2), passphrase, strlen(passphrase)));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(pa ssphrase), passphrase2, strlen(passphrase2))); EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(pa ssphrase), passphrase2, strlen(passphrase2)));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7)); EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(pass phrase2), 0)); EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(pass phrase2), 0));
EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphra se2, strlen(passphrase2), passphrase, strlen(passphrase))); EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphra se2, strlen(passphrase2), passphrase, strlen(passphrase)));
EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphra se, strlen(passphrase))); EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphra se, strlen(passphrase)));
OK_(crypt_volume_key_verify(cd, key2, key_size)); OK_(crypt_volume_key_verify(cd, key2, key_size));
OK_(memcmp(key, key2, key_size)); OK_(memcmp(key, key2, key_size));
OK_(strcmp(cipher, crypt_get_cipher(cd))); OK_(strcmp(cipher, crypt_get_cipher(cd)));
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd))); OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
EQ_((int)key_size, crypt_get_volume_key_size(cd)); EQ_((int)key_size, crypt_get_volume_key_size(cd));
EQ_(r_payload_offset, crypt_get_data_offset(cd)); EQ_(r_payload_offset, crypt_get_data_offset(cd));
OK_(strcmp(DEVICE_2, crypt_get_device_name(cd))); OK_(strcmp(DEVICE_2, crypt_get_device_name(cd)));
reset_log(); reset_log();
OK_(crypt_dump(cd)); OK_(crypt_dump(cd));
OK_(!(global_lines != 0)); OK_(!(global_lines != 0));
reset_log(); reset_log();
FAIL_(crypt_dump_json(cd, NULL, 42), "flags be used later");
OK_(crypt_dump_json(cd, NULL, 0));
OK_(!(global_lines != 0));
reset_log();
OK_(crypt_dump_json(cd, &tmp_buf, 0));
OK_(!tmp_buf);
OK_(!(strlen(tmp_buf) != 0));
FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format"); FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format");
OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID)); OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID));
OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd))); OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd)));
FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active"); FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
/* LUKSv2 format tests */ /* LUKSv2 format tests */
skipping to change at line 922 skipping to change at line 993
crypt_set_iteration_time(cd, 1); crypt_set_iteration_time(cd, 1);
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 0, N ULL), "Wrong key size"); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 0, N ULL), "Wrong key size");
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* some invalid parameters known to cause troubles */ /* some invalid parameters known to cause troubles */
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
crypt_set_iteration_time(cd, 0); /* wrong for argon2 but we don't know th e pbkdf type yet, ignored */ crypt_set_iteration_time(cd, 0); /* wrong for argon2 but we don't know th e pbkdf type yet, ignored */
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, st rlen(PASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, st rlen(PASSPHRASE)), 0);
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_si ze, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_si ze, NULL));
FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest"); FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, s trlen(PASSPHRASE)), "VK doesn't match any digest"); FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, s trlen(PASSPHRASE)), "VK doesn't match any digest");
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, st rlen(PASSPHRASE)), 3); EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, st rlen(PASSPHRASE)), 3);
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0"); FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0");
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* /*
* Check regression in getting keyslot encryption parameters when * Check regression in getting keyslot encryption parameters when
* volume key size is unknown (no active keyslots). * volume key size is unknown (no active keyslots).
*/ */
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, st rlen(PASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, st rlen(PASSPHRASE)), 0);
/* drop context copy of volume key */ /* drop context copy of volume key */
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0); EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
OK_(crypt_keyslot_destroy(cd, 0)); OK_(crypt_keyslot_destroy(cd, 0));
OK_(set_fast_pbkdf(cd));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, str len(PASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, str len(PASSPHRASE)), 0);
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
} }
static void Luks2MetadataSize(void) static void Luks2MetadataSize(void)
{ {
struct crypt_pbkdf_type pbkdf = { struct crypt_pbkdf_type pbkdf = {
.type = CRYPT_KDF_ARGON2I, .type = CRYPT_KDF_ARGON2I,
skipping to change at line 1226 skipping to change at line 1298
params.data_alignment = 4096; params.data_alignment = 4096;
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
// FIXME: either format has to fail or next line must be true // FIXME: either format has to fail or next line must be true
// EQ_(crypt_get_data_offset(cd), params.data_alignment); // EQ_(crypt_get_data_offset(cd), params.data_alignment);
// FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Payl oad offset mismatch"); // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Payl oad offset mismatch");
CRYPT_FREE(cd); CRYPT_FREE(cd);
// do not allow restore over LUKS1 header on device // do not allow restore over LUKS1 header on device
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
crypt_set_iteration_time(cd, 1); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &l uks1)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &l uks1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "LUKS1 format detected"); FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "LUKS1 format detected");
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* check crypt_header_restore() properly loads crypt_device context */ /* check crypt_header_restore() properly loads crypt_device context */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL)); OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
skipping to change at line 1323 skipping to change at line 1395
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(!crypt_get_metadata_device_name(cd)); OK_(!crypt_get_metadata_device_name(cd));
EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0); EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// repeat with init with two devices // repeat with init with two devices
OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK)); OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK)); OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(!crypt_get_metadata_device_name(cd)); OK_(!crypt_get_metadata_device_name(cd));
EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0); EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// bad header: device too small (payloadOffset > device_size) // bad header: device too small (payloadOffset > device_size)
OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG)); OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Device too small"); FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Device too small");
NULL_(crypt_get_type(cd)); NULL_(crypt_get_type(cd));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// 0 secs for encrypted data area // 0 secs for encrypted data area
params.data_alignment = 8192; params.data_alignment = 8192;
skipping to change at line 1443 skipping to change at line 1517
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// restore header from backup // restore header from backup
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)); OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(0, crypt_header_is_detached(cd));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// exercise luksOpen using backup header in file // exercise luksOpen using backup header in file
OK_(crypt_init(&cd, BACKUP_FILE)); OK_(crypt_init(&cd, BACKUP_FILE));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(pas sphrase), 0), 0); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(pas sphrase), 0), 0);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, BACKUP_FILE)); OK_(crypt_init(&cd, BACKUP_FILE));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK)); OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(pas sphrase), 0), 7); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(pas sphrase), 0), 7);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
skipping to change at line 1533 skipping to change at line 1609
// test header and encrypted payload all in one device // test header and encrypted payload all in one device
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
// disable loading VKs in kernel keyring (compatible mode) // disable loading VKs in kernel keyring (compatible mode)
OK_(crypt_volume_key_keyring(cd, 0)); OK_(crypt_volume_key_keyring(cd, 0));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
OK_(crypt_resize(cd, CDEVICE_1, 0)); OK_(crypt_resize(cd, CDEVICE_1, 0));
OK_(crypt_resize(cd, CDEVICE_1, 42)); OK_(crypt_resize(cd, CDEVICE_1, 42));
if (!t_device_size(DMDIR CDEVICE_1, &r_size)) if (!t_device_size(DMDIR CDEVICE_1, &r_size))
EQ_(42, r_size >> SECTOR_SHIFT); EQ_(42, r_size >> TST_SECTOR_SHIFT);
OK_(crypt_resize(cd, CDEVICE_1, 0)); OK_(crypt_resize(cd, CDEVICE_1, 0));
// autodetect encrypted device area size // autodetect encrypted device area size
OK_(crypt_resize(cd, CDEVICE_1, 0)); OK_(crypt_resize(cd, CDEVICE_1, 0));
if (!t_device_size(DMDIR CDEVICE_1, &r_size)) if (!t_device_size(DMDIR CDEVICE_1, &r_size))
EQ_(1000, r_size >> SECTOR_SHIFT); EQ_(1000, r_size >> TST_SECTOR_SHIFT);
FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small"); FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
if (!t_device_size(DMDIR CDEVICE_1, &r_size)) if (!t_device_size(DMDIR CDEVICE_1, &r_size))
EQ_(1000, r_size >> SECTOR_SHIFT); EQ_(1000, r_size >> TST_SECTOR_SHIFT);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
params.data_alignment = 0; params.data_alignment = 0;
params.data_device = DMDIR L_DEVICE_0S; params.data_device = DMDIR L_DEVICE_0S;
// test case for external header // test case for external header
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, &params));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
OK_(crypt_resize(cd, CDEVICE_1, 666)); OK_(crypt_resize(cd, CDEVICE_1, 666));
if (!t_device_size(DMDIR CDEVICE_1, &r_size)) if (!t_device_size(DMDIR CDEVICE_1, &r_size))
EQ_(666, r_size >> SECTOR_SHIFT); EQ_(666, r_size >> TST_SECTOR_SHIFT);
// autodetect encrypted device size // autodetect encrypted device size
OK_(crypt_resize(cd, CDEVICE_1, 0)); OK_(crypt_resize(cd, CDEVICE_1, 0));
if (!t_device_size(DMDIR CDEVICE_1, &r_size)) if (!t_device_size(DMDIR CDEVICE_1, &r_size))
EQ_(1000, r_size >> SECTOR_SHIFT); EQ_(1000, r_size >> TST_SECTOR_SHIFT);
FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small"); FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
if (!t_device_size(DMDIR CDEVICE_1, &r_size)) if (!t_device_size(DMDIR CDEVICE_1, &r_size))
EQ_(1000, r_size >> SECTOR_SHIFT); EQ_(1000, r_size >> TST_SECTOR_SHIFT);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE); GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
#ifdef KERNEL_KEYRING #ifdef KERNEL_KEYRING
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
// enable loading VKs in kernel keyring (default mode) // enable loading VKs in kernel keyring (default mode)
OK_(crypt_volume_key_keyring(cd, 1)); OK_(crypt_volume_key_keyring(cd, 1));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
skipping to change at line 1594 skipping to change at line 1670
// test mode must not load vk in keyring // test mode must not load vk in keyring
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
if (t_dm_crypt_keyring_support()) if (t_dm_crypt_keyring_support())
FAIL_(crypt_resize(cd, CDEVICE_1, 44), "VK must be in keyring to perform resize"); FAIL_(crypt_resize(cd, CDEVICE_1, 44), "VK must be in keyring to perform resize");
else else
OK_(crypt_resize(cd, CDEVICE_1, 44)); OK_(crypt_resize(cd, CDEVICE_1, 44));
// reinstate the volume key in keyring // reinstate the volume key in keyring
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyr ing_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0)); OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyr ing_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
OK_(crypt_resize(cd, CDEVICE_1, 43)); OK_(crypt_resize(cd, CDEVICE_1, 43));
if (!t_device_size(DMDIR CDEVICE_1, &r_size)) if (!t_device_size(DMDIR CDEVICE_1, &r_size))
EQ_(43, r_size >> SECTOR_SHIFT); EQ_(43, r_size >> TST_SECTOR_SHIFT);
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
// check userspace gets hint volume key must be properly loaded in kernel keyring // check userspace gets hint volume key must be properly loaded in kernel keyring
if (t_dm_crypt_keyring_support()) if (t_dm_crypt_keyring_support())
EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM); EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
else else
OK_(crypt_resize(cd, CDEVICE_1, 0)); OK_(crypt_resize(cd, CDEVICE_1, 0));
CRYPT_FREE(cd); CRYPT_FREE(cd);
skipping to change at line 1629 skipping to change at line 1705
/* create second LUKS2 device */ /* create second LUKS2 device */
OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, cipher_mode, crypt_get_uuid(cd ), key, key_size, &params)); OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, cipher_mode, crypt_get_uuid(cd ), key, key_size, &params));
OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
/* do not allow resize of other device */ /* do not allow resize of other device */
FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong devic e context."); FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong devic e context.");
OK_(crypt_deactivate(cd2, CDEVICE_2)); OK_(crypt_deactivate(cd2, CDEVICE_2));
CRYPT_FREE(cd2); CRYPT_FREE(cd2);
OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
crypt_set_iteration_time(cd2, 1); OK_(crypt_set_pbkdf_type(cd2, &min_pbkdf2));
OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd ), key, key_size, NULL)); OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd ), key, key_size, NULL));
OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong devic e context."); FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong devic e context.");
OK_(crypt_deactivate(cd2, CDEVICE_2)); OK_(crypt_deactivate(cd2, CDEVICE_2));
CRYPT_FREE(cd2); CRYPT_FREE(cd2);
OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG)); OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_si ze, NULL)); OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_si ze, NULL));
OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong devic e context."); FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong devic e context.");
skipping to change at line 1678 skipping to change at line 1754
} }
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY _SPEC_THREAD_KEYRING); kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY _SPEC_THREAD_KEYRING);
NOTFAIL_(kid, "Test or kernel keyring are broken."); NOTFAIL_(kid, "Test or kernel keyring are broken.");
OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
// prepare the device // prepare the device
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0);
EQ_(crypt_token_luks2_keyring_set(cd, 3, &params), 3); EQ_(crypt_token_luks2_keyring_set(cd, 3, &params), 3);
EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3); EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test thread keyring key in token 0 // test thread keyring key in token 0
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0); EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0);
skipping to change at line 1729 skipping to change at line 1805
kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING); kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
NOTFAIL_(kid1, "Test or kernel keyring are broken."); NOTFAIL_(kid1, "Test or kernel keyring are broken.");
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0); EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0);
EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0); EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
EQ_(crypt_token_luks2_keyring_set(cd, 1, &params2), 1); EQ_(crypt_token_luks2_keyring_set(cd, 1, &params2), 1);
FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist"); FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist");
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE) , PASSPHRASE1, strlen(PASSPHRASE1)), 1); EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE) , PASSPHRASE1, strlen(PASSPHRASE1)), 1);
EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1); EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// activate by specific token // activate by specific token
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0); EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0);
if (t_dm_crypt_keyring_support()) { if (t_dm_crypt_keyring_support()) {
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
skipping to change at line 1767 skipping to change at line 1843
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY _SPEC_THREAD_KEYRING); kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY _SPEC_THREAD_KEYRING);
NOTFAIL_(kid, "Test or kernel keyring are broken."); NOTFAIL_(kid, "Test or kernel keyring are broken.");
// replace pass for keyslot 0 making token 0 invalid // replace pass for keyslot 0 making token 0 invalid
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(crypt_keyslot_destroy(cd, 0)); OK_(crypt_keyslot_destroy(cd, 0));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE 1), PASSPHRASE1, strlen(PASSPHRASE1)), 0); EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE 1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// activate by any token with token 0 having wrong pass for keyslot 0 // activate by any token with token 0 having wrong pass for keyslot 0
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1); EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// create new device, with two tokens: // create new device, with two tokens:
// 1st token being invalid (missing key in keyring) // 1st token being invalid (missing key in keyring)
// 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass) // 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass)
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 1); EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 1);
EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0); EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0);
EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0); EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
EQ_(crypt_token_luks2_keyring_set(cd, 2, &params2), 2); EQ_(crypt_token_luks2_keyring_set(cd, 2, &params2), 2);
EQ_(crypt_token_assign_keyslot(cd, 2, 1), 2); EQ_(crypt_token_assign_keyslot(cd, 2, 1), 2);
CRYPT_FREE(cd); CRYPT_FREE(cd);
NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel key ring are broken."); NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel key ring are broken.");
skipping to change at line 1831 skipping to change at line 1907
#define BOGUS_TOKEN0_JSON "{\"type\":\"luks2-\",\"keyslots\":[]}" #define BOGUS_TOKEN0_JSON "{\"type\":\"luks2-\",\"keyslots\":[]}"
#define BOGUS_TOKEN1_JSON "{\"type\":\"luks2-a\",\"keyslots\":[]}" #define BOGUS_TOKEN1_JSON "{\"type\":\"luks2-a\",\"keyslots\":[]}"
#define LUKS2_KEYRING_TOKEN_JSON(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\" :[" x "]," \ #define LUKS2_KEYRING_TOKEN_JSON(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\" :[" x "]," \
"\"key_description\":" y "}" "\"key_description\":" y "}"
#define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslo ts\":[" x "]," \ #define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslo ts\":[" x "]," \
"\"key_description\":" y ", \"some_field\":\"some_value\" }" "\"key_description\":" y ", \"some_field\":\"some_value\" }"
int ks; int ks, token_max;
const char *dummy; const char *dummy;
const char *cipher = "aes"; const char *cipher = "aes";
const char *cipher_mode = "xts-plain64"; const char *cipher_mode = "xts-plain64";
char passptr[] = PASSPHRASE; char passptr[] = PASSPHRASE;
char passptr1[] = PASSPHRASE1; char passptr1[] = PASSPHRASE1;
static const crypt_token_handler th = { static const crypt_token_handler th = {
.name = "test_token", .name = "test_token",
.open = test_open, .open = test_open,
.validate = test_validate .validate = test_validate
skipping to change at line 1869 skipping to change at line 1945
OK_(crypt_token_register(&th)); OK_(crypt_token_register(&th));
FAIL_(crypt_token_register(&th2), "Token handler with the name already re gistered."); FAIL_(crypt_token_register(&th2), "Token handler with the name already re gistered.");
FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix"); FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix");
OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
// basic token API tests // basic token API tests
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S)); OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
crypt_set_iteration_time(cd, 1); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL));
EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID); EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID);
EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID); EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID);
EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_INACTIVE); EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_INACTIVE);
EQ_(crypt_token_status(cd, 31, NULL), CRYPT_TOKEN_INACTIVE); EQ_(crypt_token_status(cd, 31, NULL), CRYPT_TOKEN_INACTIVE);
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 1); EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 1);
FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON_INVALID(" \"0\"")), "Token validation failed"); FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON_INVALID(" \"0\"")), "Token validation failed");
EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON("\"0\"")), 0); EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON("\"0\"")), 0);
EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_EXTERNAL); EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_EXTERNAL);
skipping to change at line 1982 skipping to change at line 2058
EQ_(crypt_token_is_assigned(cd, 10, 32), -EINVAL); EQ_(crypt_token_is_assigned(cd, 10, 32), -EINVAL);
EQ_(crypt_token_is_assigned(cd, -1, -1), -EINVAL); EQ_(crypt_token_is_assigned(cd, -1, -1), -EINVAL);
EQ_(crypt_token_is_assigned(cd, 32, 32), -EINVAL); EQ_(crypt_token_is_assigned(cd, 32, 32), -EINVAL);
// test crypt_keyslot_change_by_passphrase does not erase token reference s // test crypt_keyslot_change_by_passphrase does not erase token reference s
EQ_(crypt_keyslot_change_by_passphrase(cd, 1, 5, PASSPHRASE1, strlen(PASS PHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5); EQ_(crypt_keyslot_change_by_passphrase(cd, 1, 5, PASSPHRASE1, strlen(PASS PHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
OK_(crypt_token_is_assigned(cd, 10, 5)); OK_(crypt_token_is_assigned(cd, 10, 5));
ks = crypt_keyslot_change_by_passphrase(cd, 5, CRYPT_ANY_SLOT, PASSPHRASE 1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)); ks = crypt_keyslot_change_by_passphrase(cd, 5, CRYPT_ANY_SLOT, PASSPHRASE 1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1));
NOTFAIL_(ks, "Failed to change keyslot passphrase."); NOTFAIL_(ks, "Failed to change keyslot passphrase.");
OK_(crypt_token_is_assigned(cd, 10, ks)); OK_(crypt_token_is_assigned(cd, 10, ks));
CRYPT_FREE(cd);
// test token activation respects keyslot priorities
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU
LL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(
PASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE, strlen(
PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
EQ_(crypt_keyslot_add_by_volume_key(cd, 5, NULL, 32, PASSPHRASE, strlen(
PASSPHRASE)), 5);
EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen
(PASSPHRASE1)), 8);
EQ_(crypt_keyslot_add_by_volume_key(cd, 12, NULL, 32, PASSPHRASE, strlen(
PASSPHRASE)), 12);
EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(
PASSPHRASE)), 21);
EQ_(crypt_keyslot_add_by_volume_key(cd, 31, NULL, 32, PASSPHRASE, strlen(
PASSPHRASE)), 31);
OK_(crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_IGNORE));
OK_(crypt_keyslot_set_priority(cd, 3, CRYPT_SLOT_PRIORITY_PREFER));
OK_(crypt_keyslot_set_priority(cd, 8, CRYPT_SLOT_PRIORITY_PREFER));
OK_(crypt_keyslot_set_priority(cd, 12,CRYPT_SLOT_PRIORITY_PREFER));
// expected unusable with CRYPT_ANY_TOKEN
EQ_(crypt_token_json_set(cd, 1, TEST_TOKEN_JSON("\"0\", \"3\"")), 1);
// expected unusable (-EPERM)
EQ_(crypt_token_json_set(cd, 5, TEST_TOKEN_JSON("\"8\"")), 5);
// expected unusable (-EPERM)
EQ_(crypt_token_json_set(cd, 4, TEST_TOKEN_JSON("\"8\", \"3\"")), 4);
// expected unusable (-ENOENT)
EQ_(crypt_token_json_set(cd, 6, TEST_TOKEN_JSON("\"3\"")), 6);
// expected unusable (-ENOENT)
EQ_(crypt_token_json_set(cd, 11, TEST_TOKEN_JSON("")), 11);
token_max = crypt_token_max(CRYPT_LUKS2) - 1;
GE_(token_max, 0);
// expected to be used first with CRYPT_ANY_TOKEN (unlocks with high prio
rity ks 12)
EQ_(crypt_token_json_set(cd, token_max, TEST_TOKEN_JSON("\"12\", \"0\", \
"3\"")), token_max);
// expected usable with CRYPT_ANY_TOKEN
EQ_(crypt_token_json_set(cd, 8, TEST_TOKEN_JSON("\"5\", \"0\", \"3\"")),
8);
// of all tokens keyslot 12 has highest priority now
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN,
NULL, 0, passptr, 0), 12);
EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TO
KEN, NULL, 0, passptr, 0), 12);
OK_(crypt_deactivate(cd, CDEVICE_1));
// with explicit token priority ignore may be used
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 1, NULL, 0, passp
tr, 0), 0);
EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", 1, NULL, 0,
passptr, 0), 0);
OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(crypt_token_json_set(cd, token_max, NULL), token_max);
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN,
NULL, 0, passptr, 0), 5);
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 5, NULL, 0, passp
tr, 0), -EPERM);
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 4, NULL, 0, passp
tr, 0), -EPERM);
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passp
tr, 0), -ENOENT);
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passp
tr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, pass
ptr, 0), -ENOENT);
EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, pass
ptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), -ENOENT);
CRYPT_FREE(cd); CRYPT_FREE(cd);
EQ_(crypt_token_max(CRYPT_LUKS2), 32);
FAIL_(crypt_token_max(CRYPT_LUKS1), "No token support in LUKS1");
FAIL_(crypt_token_max(NULL), "No LUKS format specified");
_cleanup_dmdevices(); _cleanup_dmdevices();
} }
static void LuksConvert(void) static void LuksConvert(void)
{ {
uint64_t offset, r_payload_offset; uint64_t offset, r_payload_offset;
const char *json = "{\"type\":\"convert_block\",\"keyslots\":[]}"; const char *json = "{\"type\":\"convert_block\",\"keyslots\":[]}";
const struct crypt_pbkdf_type argon = { const struct crypt_pbkdf_type argon = {
.type = CRYPT_KDF_ARGON2I, .type = CRYPT_KDF_ARGON2I,
skipping to change at line 2020 skipping to change at line 2164
struct crypt_params_luks2 luks2 = { struct crypt_params_luks2 luks2 = {
.pbkdf = &pbkdf2, .pbkdf = &pbkdf2,
.sector_size = 512 .sector_size = 512
}; };
const char *cipher = "aes"; const char *cipher = "aes";
const char *cipher_mode = "xts-plain64"; const char *cipher_mode = "xts-plain64";
// prepare the device // prepare the device
OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_init(&cd, DEVICE_1));
crypt_set_iteration_time(cd, 1); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NU LL)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NU LL));
offset = crypt_get_data_offset(cd); offset = crypt_get_data_offset(cd);
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 7); EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 7);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// convert LUKSv1 -> LUKSv2 // convert LUKSv1 -> LUKSv2
OK_(crypt_init(&cd, DEVICE_1)); OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1"); FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
skipping to change at line 2496 skipping to change at line 2640
EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2 ); EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2 );
EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3 ); EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3 );
EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4 ); EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4 );
EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5 ); EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5 );
EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6 ); EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6 );
CRYPT_FREE(cd); CRYPT_FREE(cd);
// detached LUKS1 header upconversion // detached LUKS1 header upconversion
OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header s hould fit there OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header s hould fit there
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
crypt_set_iteration_time(cd, 1); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
//OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, & luks1)); OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, & luks1));
EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 7); EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 7);
FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space."); FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space.");
CRYPT_FREE(cd); CRYPT_FREE(cd);
// 2050 sectors, empty file // 2050 sectors, empty file
OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2)); OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2));
//OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
crypt_set_iteration_time(cd, 1);
OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, & luks1)); OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, & luks1));
EQ_(crypt_get_data_offset(cd), 0); EQ_(crypt_get_data_offset(cd), 0);
EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 7); EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 7);
OK_(crypt_convert(cd, CRYPT_LUKS2, NULL)); OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
} }
static void Pbkdf(void) static void Pbkdf(void)
{ {
const struct crypt_pbkdf_type *pbkdf; const struct crypt_pbkdf_type *pbkdf;
const char *cipher = "aes", *mode="xts-plain64"; const char *cipher = "aes", *mode="xts-plain64";
struct crypt_pbkdf_type argon2 = { struct crypt_pbkdf_type argon2 = {
.type = CRYPT_KDF_ARGON2I, .type = CRYPT_KDF_ARGON2I,
.hash = DEFAULT_LUKS1_HASH, .hash = default_luks1_hash,
.time_ms = 6, .time_ms = 6,
.max_memory_kb = 1024, .max_memory_kb = 1024,
.parallel_threads = 1 .parallel_threads = 1
}, pbkdf2 = { }, pbkdf2 = {
.type = CRYPT_KDF_PBKDF2, .type = CRYPT_KDF_PBKDF2,
.hash = DEFAULT_LUKS1_HASH, .hash = default_luks1_hash,
.time_ms = 9 .time_ms = 9
}, bad = { }, bad = {
.type = "hamster_pbkdf", .type = "hamster_pbkdf",
.hash = DEFAULT_LUKS1_HASH .hash = default_luks1_hash
}; };
struct crypt_params_plain params = { struct crypt_params_plain params = {
.hash = "sha1", .hash = "sha1",
.skip = 0, .skip = 0,
.offset = 0, .offset = 0,
.size = 0 .size = 0
}; };
struct crypt_params_luks1 luks1 = { struct crypt_params_luks1 luks1 = {
.hash = "sha512", // test non-standard hash .hash = "sha512", // test non-standard hash
.data_alignment = 2048, .data_alignment = 2048,
skipping to change at line 2589 skipping to change at line 2731
NOTNULL_(crypt_get_pbkdf_type(cd)); NOTNULL_(crypt_get_pbkdf_type(cd));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test LUKSv1 device // test LUKSv1 device
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Unsupported with non-LUKS2 devi ces"); FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Unsupported with non-LUKS2 devi ces");
OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
OK_(crypt_set_pbkdf_type(cd, NULL)); OK_(crypt_set_pbkdf_type(cd, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME); EQ_(pbkdf->time_ms, default_luks1_iter_time);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test value set in crypt_set_iteration_time() can be obtained via follo wing crypt_get_pbkdf_type() // test value set in crypt_set_iteration_time() can be obtained via follo wing crypt_get_pbkdf_type()
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
crypt_set_iteration_time(cd, 42); crypt_set_iteration_time(cd, 42);
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
EQ_(pbkdf->time_ms, 42); EQ_(pbkdf->time_ms, 42);
// test crypt_get_pbkdf_type() returns expected values for LUKSv1 // test crypt_get_pbkdf_type() returns expected values for LUKSv1
OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)); OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->max_memory_kb, 0); EQ_(pbkdf->max_memory_kb, 0);
EQ_(pbkdf->parallel_threads, 0); EQ_(pbkdf->parallel_threads, 0);
crypt_set_iteration_time(cd, 43); crypt_set_iteration_time(cd, 43);
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
EQ_(pbkdf->time_ms, 43); EQ_(pbkdf->time_ms, 43);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test whether crypt_get_pbkdf_type() after double crypt_load() // test whether crypt_get_pbkdf_type() after double crypt_load()
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
crypt_set_iteration_time(cd, 42); crypt_set_iteration_time(cd, 42);
skipping to change at line 2630 skipping to change at line 2772
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
OK_(strcmp(pbkdf->hash, luks1.hash)); OK_(strcmp(pbkdf->hash, luks1.hash));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test LUKSv2 device // test LUKSv2 device
// test default values are set // test default values are set
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); EQ_(pbkdf->time_ms, default_luks2_iter_time);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_T HREADS)); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_t hreads));
// set and verify argon2 type // set and verify argon2 type
OK_(crypt_set_pbkdf_type(cd, &argon2)); OK_(crypt_set_pbkdf_type(cd, &argon2));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
OK_(strcmp(pbkdf->type, argon2.type)); OK_(strcmp(pbkdf->type, argon2.type));
OK_(strcmp(pbkdf->hash, argon2.hash)); OK_(strcmp(pbkdf->hash, argon2.hash));
EQ_(pbkdf->time_ms, argon2.time_ms); EQ_(pbkdf->time_ms, argon2.time_ms);
EQ_(pbkdf->max_memory_kb, argon2.max_memory_kb); EQ_(pbkdf->max_memory_kb, argon2.max_memory_kb);
EQ_(pbkdf->parallel_threads, argon2.parallel_threads); EQ_(pbkdf->parallel_threads, argon2.parallel_threads);
// set and verify pbkdf2 type // set and verify pbkdf2 type
OK_(crypt_set_pbkdf_type(cd, &pbkdf2)); OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
OK_(strcmp(pbkdf->type, pbkdf2.type)); OK_(strcmp(pbkdf->type, pbkdf2.type));
OK_(strcmp(pbkdf->hash, pbkdf2.hash)); OK_(strcmp(pbkdf->hash, pbkdf2.hash));
EQ_(pbkdf->time_ms, pbkdf2.time_ms); EQ_(pbkdf->time_ms, pbkdf2.time_ms);
EQ_(pbkdf->max_memory_kb, pbkdf2.max_memory_kb); EQ_(pbkdf->max_memory_kb, pbkdf2.max_memory_kb);
EQ_(pbkdf->parallel_threads, pbkdf2.parallel_threads); EQ_(pbkdf->parallel_threads, pbkdf2.parallel_threads);
// reset and verify default values // reset and verify default values
crypt_set_iteration_time(cd, 1); // it's supposed to override this call crypt_set_iteration_time(cd, 1); // it's supposed to override this call
OK_(crypt_set_pbkdf_type(cd, NULL)); OK_(crypt_set_pbkdf_type(cd, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); EQ_(pbkdf->time_ms, default_luks2_iter_time);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_T HREADS)); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_t hreads));
// try to pass illegal values // try to pass illegal values
argon2.parallel_threads = 0; argon2.parallel_threads = 0;
FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0"); FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0");
argon2.parallel_threads = 1; argon2.parallel_threads = 1;
argon2.max_memory_kb = 0; argon2.max_memory_kb = 0;
FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Memory can't be 0"); FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Memory can't be 0");
argon2.max_memory_kb = 1024; argon2.max_memory_kb = 1024;
pbkdf2.parallel_threads = 1; pbkdf2.parallel_threads = 1;
FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Parallel threads can't be set w ith pbkdf2 type"); FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Parallel threads can't be set w ith pbkdf2 type");
pbkdf2.parallel_threads = 0; pbkdf2.parallel_threads = 0;
pbkdf2.max_memory_kb = 512; pbkdf2.max_memory_kb = 512;
FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Memory can't be set with pbkdf2 type"); FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Memory can't be set with pbkdf2 type");
FAIL_(crypt_set_pbkdf_type(cd, &bad), "Unknown type member"); FAIL_(crypt_set_pbkdf_type(cd, &bad), "Unknown type member");
bad.type = CRYPT_KDF_PBKDF2; bad.type = CRYPT_KDF_PBKDF2;
bad.hash = NULL; bad.hash = NULL;
FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty"); FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty");
bad.type = NULL; bad.type = NULL;
bad.hash = DEFAULT_LUKS1_HASH; bad.hash = default_luks1_hash;
FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty"); FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
bad.hash = "hamster_hash"; bad.hash = "hamster_hash";
FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member"); FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test whether crypt_get_pbkdf_type() behaves accordingly after second c rypt_load() call // test whether crypt_get_pbkdf_type() behaves accordingly after second c rypt_load() call
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); EQ_(pbkdf->time_ms, default_luks2_iter_time);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_T HREADS)); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_t hreads));
crypt_set_iteration_time(cd, 1); crypt_set_iteration_time(cd, 1);
OK_(crypt_load(cd, CRYPT_LUKS, NULL)); OK_(crypt_load(cd, CRYPT_LUKS, NULL));
OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, 1); EQ_(pbkdf->time_ms, 1);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_T HREADS)); EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_t hreads));
CRYPT_FREE(cd); CRYPT_FREE(cd);
// test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_ iteration_time() // test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_ iteration_time()
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
crypt_set_iteration_time(cd, 0); crypt_set_iteration_time(cd, 0);
OK_(crypt_set_pbkdf_type(cd, &argon2)); OK_(crypt_set_pbkdf_type(cd, &argon2));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd)); NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
OK_(strcmp(pbkdf->type, argon2.type)); OK_(strcmp(pbkdf->type, argon2.type));
EQ_(pbkdf->time_ms, argon2.time_ms); EQ_(pbkdf->time_ms, argon2.time_ms);
skipping to change at line 2748 skipping to change at line 2890
argon2.time_ms = 9; argon2.time_ms = 9;
argon2.hash = "sha1"; // will be ignored argon2.hash = "sha1"; // will be ignored
OK_(crypt_set_pbkdf_type(cd, &argon2)); OK_(crypt_set_pbkdf_type(cd, &argon2));
argon2.hash = NULL; argon2.hash = NULL;
OK_(crypt_set_pbkdf_type(cd, &argon2)); OK_(crypt_set_pbkdf_type(cd, &argon2));
CRYPT_FREE(cd); CRYPT_FREE(cd);
NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1)); NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1));
OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)); OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME); EQ_(pbkdf->time_ms, default_luks1_iter_time);
OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->max_memory_kb, 0); EQ_(pbkdf->max_memory_kb, 0);
EQ_(pbkdf->parallel_threads, 0); EQ_(pbkdf->parallel_threads, 0);
NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2)); NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2));
OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); EQ_(pbkdf->time_ms, default_luks2_iter_time);
OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->max_memory_kb, DEFAULT_LUKS2_MEMORY_KB); EQ_(pbkdf->max_memory_kb, default_luks2_memory_kb);
EQ_(pbkdf->parallel_threads, DEFAULT_LUKS2_PARALLEL_THREADS); EQ_(pbkdf->parallel_threads, default_luks2_parallel_threads);
NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN)); NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN));
_cleanup_dmdevices(); _cleanup_dmdevices();
} }
static void Luks2KeyslotAdd(void) static void Luks2KeyslotAdd(void)
{ {
char key[128], key2[128], key_ret[128]; char key[128], key2[128], key_ret[128];
const char *cipher = "aes", *cipher_mode="xts-plain64"; const char *cipher = "aes", *cipher_mode="xts-plain64";
skipping to change at line 2783 skipping to change at line 2925
struct crypt_pbkdf_type pbkdf = { struct crypt_pbkdf_type pbkdf = {
.type = "argon2i", .type = "argon2i",
.hash = "sha256", .hash = "sha256",
.iterations = 4, .iterations = 4,
.max_memory_kb = 32, .max_memory_kb = 32,
.parallel_threads = 1, .parallel_threads = 1,
.flags = CRYPT_PBKDF_NO_BENCHMARK, .flags = CRYPT_PBKDF_NO_BENCHMARK,
}; };
struct crypt_params_luks2 params2 = { struct crypt_params_luks2 params2 = {
.pbkdf = &pbkdf, .pbkdf = &pbkdf,
.sector_size = SECTOR_SIZE .sector_size = TST_SECTOR_SIZE
}; };
crypt_decode_key(key, mk_hex, key_size); crypt_decode_key(key, mk_hex, key_size);
crypt_decode_key(key2, mk_hex2, key_size); crypt_decode_key(key2, mk_hex2, key_size);
/* Cannot use Argon2 in FIPS */ /* Cannot use Argon2 in FIPS */
if (_fips_mode) { if (_fips_mode) {
pbkdf.type = CRYPT_KDF_PBKDF2; pbkdf.type = CRYPT_KDF_PBKDF2;
pbkdf.parallel_threads = 0; pbkdf.parallel_threads = 0;
pbkdf.max_memory_kb = 0; pbkdf.max_memory_kb = 0;
skipping to change at line 2912 skipping to change at line 3054
static void Luks2KeyslotParams(void) static void Luks2KeyslotParams(void)
{ {
char key[128], key2[128]; char key[128], key2[128];
const char *cipher = "aes", *cipher_mode="xts-plain64"; const char *cipher = "aes", *cipher_mode="xts-plain64";
const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-e ssiv:sha256"; const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-e ssiv:sha256";
const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818a fe7a78a6de7a1a"; const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818a fe7a78a6de7a1a";
const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818a fe7a78a6de7a1e"; const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818a fe7a78a6de7a1e";
size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16 ; size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16 ;
uint64_t r_payload_offset; uint64_t r_payload_offset;
const struct crypt_pbkdf_type fast_pbkdf = {
.type = "pbkdf2",
.hash = "sha256",
.iterations = 1000,
.flags = CRYPT_PBKDF_NO_BENCHMARK
};
crypt_decode_key(key, mk_hex, key_size); crypt_decode_key(key, mk_hex, key_size);
crypt_decode_key(key2, mk_hex2, key_size); crypt_decode_key(key2, mk_hex2, key_size);
OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE))); OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1))); OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
EQ_(key_size, 2 * keyslot_key_size); EQ_(key_size, 2 * keyslot_key_size);
/* test crypt_keyslot_add_by_key */ /* test crypt_keyslot_add_by_key */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf)); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_siz e, NULL));
NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret)); NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret ), cipher_spec)); OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret ), cipher_spec));
EQ_(key_size_ret, key_size); EQ_(key_size_ret, key_size);
// Normal slots // Normal slots
EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE))); EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRA SE), PASSPHRASE1,strlen(PASSPHRASE1))); EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRA SE), PASSPHRASE1,strlen(PASSPHRASE1)));
EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strle n(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT)); EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strle n(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
EQ_(6, crypt_keyslot_add_by_keyfile(cd, 6, KEYFILE1, 0, KEYFILE2, 0)); EQ_(6, crypt_keyslot_add_by_keyfile(cd, 6, KEYFILE1, 0, KEYFILE2, 0));
skipping to change at line 2990 skipping to change at line 3126
EQ_(key_size_ret, keyslot_key_size); EQ_(key_size_ret, keyslot_key_size);
EQ_(crypt_keyslot_status(cd, 5), CRYPT_SLOT_UNBOUND); EQ_(crypt_keyslot_status(cd, 5), CRYPT_SLOT_UNBOUND);
OK_(strcmp(crypt_keyslot_get_encryption(cd, 5, &key_size_ret), cipher_key slot)); OK_(strcmp(crypt_keyslot_get_encryption(cd, 5, &key_size_ret), cipher_key slot));
EQ_(key_size_ret, keyslot_key_size); EQ_(key_size_ret, keyslot_key_size);
EQ_(crypt_keyslot_status(cd, 7), CRYPT_SLOT_ACTIVE); EQ_(crypt_keyslot_status(cd, 7), CRYPT_SLOT_ACTIVE);
OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_key slot)); OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_key slot));
EQ_(key_size_ret, keyslot_key_size); EQ_(key_size_ret, keyslot_key_size);
OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf)); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(P ASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE))); EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(P ASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spe c)); OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spe c));
EQ_(key_size_ret, key_size); EQ_(key_size_ret, key_size);
/* Revert to default */ /* Revert to default */
EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(P ASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE))); EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(P ASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
OK_(strcmp(crypt_keyslot_get_encryption(cd, 9, &key_size_ret), cipher_spe c)); OK_(strcmp(crypt_keyslot_get_encryption(cd, 9, &key_size_ret), cipher_spe c));
EQ_(key_size_ret, key_size); EQ_(key_size_ret, key_size);
/* Set new encryption params */ /* Set new encryption params */
skipping to change at line 3019 skipping to change at line 3155
EQ_(key_size_ret, keyslot_key_size); EQ_(key_size_ret, keyslot_key_size);
EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PA SSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1))); EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PA SSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_key slot)); OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_key slot));
EQ_(key_size_ret, keyslot_key_size); EQ_(key_size_ret, keyslot_key_size);
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* LUKS1 compatible calls */ /* LUKS1 compatible calls */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf)); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_siz e, NULL)); OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_siz e, NULL));
NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret)); NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret ), cipher_spec)); OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret ), cipher_spec));
EQ_(key_size_ret, key_size); EQ_(key_size_ret, key_size);
EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE))); EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spe c)); OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spe c));
EQ_(key_size_ret, key_size); EQ_(key_size_ret, key_size);
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* LUKS2 cipher null checks */ /* LUKS2 cipher null checks */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf)); OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_si ze, NULL)); OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_si ze, NULL));
FAIL_(crypt_keyslot_set_encryption(cd, "null", 32), "cipher null is not a llowed"); FAIL_(crypt_keyslot_set_encryption(cd, "null", 32), "cipher null is not a llowed");
FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null", 32), "cipher null i s not allowed"); FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null", 32), "cipher null i s not allowed");
FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null-ecb", 32), "cipher nu ll is not allowed"); FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null-ecb", 32), "cipher nu ll is not allowed");
EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE))); EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
NOTNULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret)); NOTNULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
NULL_(strstr(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), "null")) ; NULL_(strstr(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), "null")) ;
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
skipping to change at line 3070 skipping to change at line 3206
kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY _SPEC_THREAD_KEYRING); kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY _SPEC_THREAD_KEYRING);
NOTFAIL_(kid, "Test or kernel keyring are broken."); NOTFAIL_(kid, "Test or kernel keyring are broken.");
kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING); kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
NOTFAIL_(kid1, "Test or kernel keyring are broken."); NOTFAIL_(kid1, "Test or kernel keyring are broken.");
OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
// prepare the device // prepare the device
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
crypt_set_iteration_time(cd, 1); OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL)); OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NU LL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHR ASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHR ASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 2); EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen( PASSPHRASE1)), 2);
CRYPT_FREE(cd); CRYPT_FREE(cd);
// FIXME: all following tests work as expected but most error messages ar e missing // FIXME: all following tests work as expected but most error messages ar e missing
// check activate by keyring works exactly same as by passphrase // check activate by keyring works exactly same as by passphrase
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
skipping to change at line 3131 skipping to change at line 3267
#ifdef KERNEL_KEYRING #ifdef KERNEL_KEYRING
key_serial_t kid; key_serial_t kid;
#endif #endif
uint32_t flags; uint32_t flags;
uint64_t dummy, r_payload_offset; uint64_t dummy, r_payload_offset;
struct crypt_active_device cad; struct crypt_active_device cad;
const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}"; const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}";
struct crypt_pbkdf_type argon2 = { struct crypt_pbkdf_type argon2 = {
.type = CRYPT_KDF_ARGON2I, .type = CRYPT_KDF_ARGON2I,
.hash = DEFAULT_LUKS1_HASH, .hash = default_luks1_hash,
.time_ms = 6, .time_ms = 6,
.max_memory_kb = 1024, .max_memory_kb = 1024,
.parallel_threads = 1 .parallel_threads = 1
}, pbkdf2 = { }, pbkdf2 = {
.type = CRYPT_KDF_PBKDF2, .type = CRYPT_KDF_PBKDF2,
.hash = DEFAULT_LUKS1_HASH, .hash = default_luks1_hash,
.time_ms = 9 .time_ms = 9
}; };
struct crypt_token_params_luks2_keyring params_get, params = { struct crypt_token_params_luks2_keyring params_get, params = {
.key_description = KEY_DESC_TEST0 .key_description = KEY_DESC_TEST0
}; };
OK_(prepare_keyfile(KEYFILE1, "aaa", 3)); OK_(prepare_keyfile(KEYFILE1, "aaa", 3));
OK_(prepare_keyfile(KEYFILE2, "xxx", 3)); OK_(prepare_keyfile(KEYFILE2, "xxx", 3));
/* crypt_load (unrestricted) */ /* crypt_load (unrestricted) */
skipping to change at line 3488 skipping to change at line 3624
EQ_(32+16, ip.tag_size); EQ_(32+16, ip.tag_size);
OK_(crypt_deactivate(cd, CDEVICE_2)); OK_(crypt_deactivate(cd, CDEVICE_2));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_2)); OK_(crypt_init(&cd, DEVICE_2));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_ size - 32, &params), "Wrong key size."); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_ size - 32, &params), "Wrong key size.");
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, "xts-plainx", NULL, NULL, key _size, &params), "Wrong cipher."); FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, "xts-plainx", NULL, NULL, key _size, &params), "Wrong cipher.");
CRYPT_FREE(cd); CRYPT_FREE(cd);
} }
static int set_fast_pbkdf(struct crypt_device *cd)
{
struct crypt_pbkdf_type pbkdf = {
.type = "argon2id",
.hash = "sha256",
.iterations = 4,
.max_memory_kb = 32,
.parallel_threads = 1,
.flags = CRYPT_PBKDF_NO_BENCHMARK
};
/* Cannot use Argon2 in FIPS */
if (_fips_mode) {
pbkdf.type = CRYPT_KDF_PBKDF2;
pbkdf.parallel_threads = 0;
pbkdf.max_memory_kb = 0;
pbkdf.iterations = 1000;
}
return crypt_set_pbkdf_type(cd, &pbkdf);
}
static int check_flag(uint32_t flags, uint32_t flag) static int check_flag(uint32_t flags, uint32_t flag)
{ {
return (flags & flag) ? 0 : -1; return (flags & flag) ? 0 : -1;
} }
static void Luks2Refresh(void) static void Luks2Refresh(void)
{ {
uint64_t r_payload_offset; uint64_t r_payload_offset;
char key[128], key1[128]; char key[128], key1[128];
const char *cipher = "aes", *mode = "xts-plain64"; const char *cipher = "aes", *mode = "xts-plain64";
skipping to change at line 3693 skipping to change at line 3808
flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_ CPUS; flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_ CPUS;
OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags)); OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
flags = (uint32_t)~0; flags = (uint32_t)~0;
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags)); OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYP T_CPUS); EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYP T_CPUS);
CRYPT_FREE(cd); CRYPT_FREE(cd);
} }
static int test_progress(uint64_t size, uint64_t offset, void *usrptr) static int test_progress(uint64_t size __attribute__((unused)),
uint64_t offset __attribute__((unused)),
void *usrptr __attribute__((unused)))
{ {
while (--test_progress_steps) while (--test_progress_steps)
return 0; return 0;
return 1; return 1;
} }
static void Luks2Reencryption(void) static void Luks2Reencryption(void)
{ {
/* reencryption currently depends on kernel keyring support */ /* reencryption currently depends on kernel keyring support */
#if KERNEL_KEYRING #if KERNEL_KEYRING
skipping to change at line 3776 skipping to change at line 3893
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 10, "aes", "HamSterMoOode-plain64", &rparams), "Wrong mode."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 10, "aes", "HamSterMoOode-plain64", &rparams), "Wrong mode.");
/* test reencryption flags */ /* test reencryption flags */
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption not initialized. "); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption not initialized. ");
rparams.flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY; rparams.flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY;
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid flags combination."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid flags combination.");
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0); EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized.") ; FAIL_(crypt_reencrypt_run(cd, NULL, NULL), "Reencryption context not init ialized.");
rparams.flags &= ~CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags &= ~CRYPT_REENCRYPT_RESUME_ONLY;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams));
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT); EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT);
/* check reencrypt status is correct */ /* check reencrypt status is correct */
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT); EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
EQ_(retparams.direction, CRYPT_REENCRYPT_FORWARD); EQ_(retparams.direction, CRYPT_REENCRYPT_FORWARD);
skipping to change at line 3809 skipping to change at line 3926
EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_UNBOUND); EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_UNBOUND);
/* keyslot assigned to new segment is switched to last active */ /* keyslot assigned to new segment is switched to last active */
EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST); EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST);
/* keyslot assigned to old segment remains active */ /* keyslot assigned to old segment remains active */
EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE); EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE);
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 10, "aes", "xts-plain", &rparams), "Reencryption already initializ ed."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 10, "aes", "xts-plain", &rparams), "Reencryption already initializ ed.");
rparams.flags = 0; rparams.flags = 0;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
/* check keyslots are reassigned to segment after reencryption */ /* check keyslots are reassigned to segment after reencryption */
EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INACTIVE); EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INACTIVE);
EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST); EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST);
EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND); EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND);
EQ_(crypt_keyslot_status(cd, 11), CRYPT_SLOT_UNBOUND); EQ_(crypt_keyslot_status(cd, 11), CRYPT_SLOT_UNBOUND);
EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_INACTIVE); EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_INACTIVE);
EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHR ASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21); EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHR ASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
skipping to change at line 3833 skipping to change at line 3950
/* fixed device size parameter impact */ /* fixed device size parameter impact */
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
rparams.device_size = 24; rparams.device_size = 24;
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size.");
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT); EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT);
rparams.device_size = 15; rparams.device_size = 15;
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size alignment ."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size alignment .");
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT); EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT);
FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized.") ; FAIL_(crypt_reencrypt_run(cd, NULL, NULL), "Reencryption context not init ialized.");
rparams.device_size = 16; rparams.device_size = 16;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 9, 21, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 9, 21, "aes", "xts-plain64", &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0); EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
/* limited hotzone size parameter impact */ /* limited hotzone size parameter impact */
EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9); EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
rparams.device_size = 0; rparams.device_size = 0;
params2.sector_size = 4096; params2.sector_size = 4096;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams));
skipping to change at line 3870 skipping to change at line 3987
rparams.max_hotzone_size = 0; rparams.max_hotzone_size = 0;
rparams.resilience = "haMster"; rparams.resilience = "haMster";
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience mode."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience mode.");
rparams.resilience = "checksum"; rparams.resilience = "checksum";
rparams.hash = "hamSter"; rparams.hash = "hamSter";
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash.");
rparams.hash = "sha1"; rparams.hash = "sha1";
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 21, 9, "aes", "xts-plain64", &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
/* FIXME: this is a bug, but not critical (data shift parameter is ignore d after initialization) */ /* FIXME: this is a bug, but not critical (data shift parameter is ignore d after initialization) */
//rparams.data_shift = 8; //rparams.data_shift = 8;
//FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(P ASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid reencryption parame ters."); //FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(P ASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid reencryption parame ters.");
EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHR ASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21); EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHR ASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
rparams.flags = 0; rparams.flags = 0;
rparams.resilience = "none"; rparams.resilience = "none";
rparams.max_hotzone_size = 2048; rparams.max_hotzone_size = 2048;
/* online reencryption on inactive device */ /* online reencryption on inactive device */
skipping to change at line 3897 skipping to change at line 4014
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
/* Wrong context checks */ /* Wrong context checks */
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 9, 21, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 9, 21, "aes", "xts-plain64", &rparams));
/* cd is ready for reencryption */ /* cd is ready for reencryption */
OK_(crypt_init(&cd2, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd2, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PA SSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running ."); FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PA SSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running .");
rparams.flags = 0; rparams.flags = 0;
FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PA SSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running ."); FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PA SSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running .");
FAIL_(crypt_reencrypt(cd2, NULL), "Invalid reencryption context."); FAIL_(crypt_reencrypt_run(cd2, NULL, NULL), "Invalid reencryption context .");
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags)); OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT); EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT);
OK_(crypt_persistent_flags_get(cd2, CRYPT_FLAGS_REQUIREMENTS, &getflags)) ; OK_(crypt_persistent_flags_get(cd2, CRYPT_FLAGS_REQUIREMENTS, &getflags)) ;
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT); EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLI NE_REENCRYPT);
EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
EQ_(crypt_reencrypt_status(cd2, NULL), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd2, NULL), CRYPT_REENCRYPT_CLEAN);
FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, CRYPT_ANY_SLOT, PASSPH RASE, strlen(PASSPHRASE), 0), "Reencryption already in progress."); FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, CRYPT_ANY_SLOT, PASSPH RASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHR ASE, strlen(PASSPHRASE), 0), "Reencryption already in progress."); FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHR ASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
CRYPT_FREE(cd2); CRYPT_FREE(cd2);
/* Partial device reencryption parameter */ /* Partial device reencryption parameter */
params2.sector_size = 512; params2.sector_size = 512;
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0); EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
rparams.device_size = 2; rparams.device_size = 2;
rparams.max_hotzone_size = 1; rparams.max_hotzone_size = 1;
rparams.resilience = "none"; rparams.resilience = "none";
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
/* interrupt reencryption after 'test_progress_steps' */ /* interrupt reencryption after 'test_progress_steps' */
test_progress_steps = 1; test_progress_steps = 1;
OK_(crypt_reencrypt(cd, &test_progress)); OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASS PHRASE, strlen(PASSPHRASE), 0), "Could not activate device in reencryption."); NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASS PHRASE, strlen(PASSPHRASE), 0), "Could not activate device in reencryption.");
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.size, 2); EQ_(cad.size, 2);
EQ_(cad.offset, r_header_size); EQ_(cad.offset, r_header_size);
/* TODO: this should work in future releases unless reencryption process is running */ /* TODO: this should work in future releases unless reencryption process is running */
FAIL_(crypt_resize(cd, CDEVICE_1, 1), "Device in reencryption."); FAIL_(crypt_resize(cd, CDEVICE_1, 1), "Device in reencryption.");
FAIL_(crypt_resize(cd, CDEVICE_1, 0), "Device in reencryption."); FAIL_(crypt_resize(cd, CDEVICE_1, 0), "Device in reencryption.");
rparams.max_hotzone_size = 0; rparams.max_hotzone_size = 0;
rparams.device_size = 3; rparams.device_size = 3;
FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strle n(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strle n(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
crypt_deactivate(cd, CDEVICE_1); crypt_deactivate(cd, CDEVICE_1);
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size."); FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PAS SPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
rparams.device_size = 2; rparams.device_size = 2;
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
NOTFAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen( PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Failed to initialize reencr yption."); NOTFAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen( PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Failed to initialize reencr yption.");
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE); EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PAS SPHRASE), 0), 1); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PAS SPHRASE), 0), 1);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
/* after reencryption use whole device again */ /* after reencryption use whole device again */
EQ_(cad.size, 16); EQ_(cad.size, 16);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
/* Reencrypt device with wrong size */ /* Reencrypt device with wrong size */
EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0); EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PAS SPHRASE), 0), 1); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PAS SPHRASE), 0), 1);
skipping to change at line 4017 skipping to change at line 4134
rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
rparams.luks2 = &params2; rparams.luks2 = &params2;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
EQ_(retparams.data_shift, 8); EQ_(retparams.data_shift, 8);
EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT); EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
OK_(strcmp(retparams.resilience, "datashift")); OK_(strcmp(retparams.resilience, "datashift"));
EQ_(crypt_get_data_offset(cd), 32776); EQ_(crypt_get_data_offset(cd), 32776);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PAS SPHRASE), 0), 1); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PAS SPHRASE), 0), 1);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.size, 8); EQ_(cad.size, 8);
EQ_(crypt_get_data_offset(cd), 32776); EQ_(crypt_get_data_offset(cd), 32776);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
rparams.flags = 0; rparams.flags = 0;
skipping to change at line 4050 skipping to change at line 4167
rparams.data_shift = 8; rparams.data_shift = 8;
rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 1, 0, "aes", "xts-plain64", &rparams), 2); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
EQ_(retparams.data_shift, 8); EQ_(retparams.data_shift, 8);
EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT); EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
OK_(strcmp(retparams.resilience, "datashift")); OK_(strcmp(retparams.resilience, "datashift"));
EQ_(crypt_get_data_offset(cd), 32760); EQ_(crypt_get_data_offset(cd), 32760);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 1, 0, "aes", "xts-plain64", &rparams), 2); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PAS SPHRASE), 0), 0); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PAS SPHRASE), 0), 0);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.size, 24); EQ_(cad.size, 24);
EQ_(crypt_get_data_offset(cd), 32760); EQ_(crypt_get_data_offset(cd), 32760);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
skipping to change at line 4079 skipping to change at line 4196
rparams.data_shift = 8; rparams.data_shift = 8;
rparams.flags = 0; rparams.flags = 0;
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PAS SPHRASE), 0), 0); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PAS SPHRASE), 0), 0);
FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strle n(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Active device too large." ); FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strle n(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Active device too large." );
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASS PHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption."); NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASS PHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.size, 8); EQ_(cad.size, 8);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2); EQ_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
/* encryption with datashift and moved segment (limit values for data shi ft) */ /* encryption with datashift and moved segment (limit values for data shi ft) */
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2));
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
skipping to change at line 4118 skipping to change at line 4235
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
EQ_(retparams.mode, CRYPT_REENCRYPT_ENCRYPT); EQ_(retparams.mode, CRYPT_REENCRYPT_ENCRYPT);
OK_(strcmp(retparams.resilience, "datashift")); OK_(strcmp(retparams.resilience, "datashift"));
EQ_(retparams.data_shift, 8192); EQ_(retparams.data_shift, 8192);
EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT _MOVE_FIRST_SEGMENT); EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT _MOVE_FIRST_SEGMENT);
EQ_(crypt_get_data_offset(cd), 8192); EQ_(crypt_get_data_offset(cd), 8192);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2+1)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2+1));
/* encryption with datashift and moved segment (data shift + 1 sector) */ /* encryption with datashift and moved segment (data shift + 1 sector) */
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FI RST_SEGMENT; rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FI RST_SEGMENT;
OK_(crypt_set_data_offset(cd, 8192)); OK_(crypt_set_data_offset(cd, 8192));
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, & params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, & params2));
EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen( PASSPHRASE)), 30); EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen( PASSPHRASE)), 30);
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0);
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE)); OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE));
EQ_(crypt_get_data_offset(cd), 8192); EQ_(crypt_get_data_offset(cd), 8192);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0); EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2));
OK_(crypt_init(&cd, DMDIR H_DEVICE)); OK_(crypt_init(&cd, DMDIR H_DEVICE));
/* encryption with datashift and moved segment (data shift + data offset > device size) */ /* encryption with datashift and moved segment (data shift + data offset > device size) */
memset(&rparams, 0, sizeof(rparams)); memset(&rparams, 0, sizeof(rparams));
skipping to change at line 4180 skipping to change at line 4297
params2.data_device = NULL; params2.data_device = NULL;
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6); EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6);
memset(&rparams, 0, sizeof(rparams)); memset(&rparams, 0, sizeof(rparams));
rparams.mode = CRYPT_REENCRYPT_DECRYPT; rparams.mode = CRYPT_REENCRYPT_DECRYPT;
rparams.direction = CRYPT_REENCRYPT_BACKWARD; rparams.direction = CRYPT_REENCRYPT_BACKWARD;
rparams.resilience = "none"; rparams.resilience = "none";
rparams.max_hotzone_size = 2048; rparams.max_hotzone_size = 2048;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_get_data_offset(cd), r_header_size); EQ_(crypt_get_data_offset(cd), r_header_size);
EQ_(crypt_get_volume_key_size(cd), 0); EQ_(crypt_get_volume_key_size(cd), 0);
OK_(strcmp(crypt_get_cipher(cd), "cipher_null")); OK_(strcmp(crypt_get_cipher(cd), "cipher_null"));
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* decryption forward */ /* decryption forward */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
params2.data_device = NULL; params2.data_device = NULL;
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6); EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6);
memset(&rparams, 0, sizeof(rparams)); memset(&rparams, 0, sizeof(rparams));
rparams.mode = CRYPT_REENCRYPT_DECRYPT; rparams.mode = CRYPT_REENCRYPT_DECRYPT;
rparams.direction = CRYPT_REENCRYPT_FORWARD; rparams.direction = CRYPT_REENCRYPT_FORWARD;
rparams.resilience = "none"; rparams.resilience = "none";
rparams.max_hotzone_size = 2048; rparams.max_hotzone_size = 2048;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* decryption with data shift */ /* decryption with data shift */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
params2.data_device = NULL; params2.data_device = NULL;
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6); EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6);
remove(BACKUP_FILE); remove(BACKUP_FILE);
OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
skipping to change at line 4225 skipping to change at line 4342
OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK)); OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_get_data_offset(cd), r_header_size); EQ_(crypt_get_data_offset(cd), r_header_size);
memset(&rparams, 0, sizeof(rparams)); memset(&rparams, 0, sizeof(rparams));
rparams.mode = CRYPT_REENCRYPT_DECRYPT; rparams.mode = CRYPT_REENCRYPT_DECRYPT;
rparams.direction = CRYPT_REENCRYPT_FORWARD; rparams.direction = CRYPT_REENCRYPT_FORWARD;
rparams.resilience = "datashift"; rparams.resilience = "datashift";
rparams.data_shift = r_header_size; rparams.data_shift = r_header_size;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
EQ_(crypt_get_data_offset(cd), 0); EQ_(crypt_get_data_offset(cd), 0);
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
remove(BACKUP_FILE); remove(BACKUP_FILE);
CRYPT_FREE(cd); CRYPT_FREE(cd);
/* online decryption with data shift (future feature) */ /* online decryption with data shift (future feature) */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
params2.data_device = NULL; params2.data_device = NULL;
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6); EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PAS SPHRASE), 0), 6); EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PAS SPHRASE), 0), 6);
skipping to change at line 4255 skipping to change at line 4372
OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK)); OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(crypt_get_data_offset(cd), r_header_size); EQ_(crypt_get_data_offset(cd), r_header_size);
memset(&rparams, 0, sizeof(rparams)); memset(&rparams, 0, sizeof(rparams));
rparams.mode = CRYPT_REENCRYPT_DECRYPT; rparams.mode = CRYPT_REENCRYPT_DECRYPT;
rparams.direction = CRYPT_REENCRYPT_FORWARD; rparams.direction = CRYPT_REENCRYPT_FORWARD;
rparams.resilience = "datashift"; rparams.resilience = "datashift";
rparams.data_shift = r_header_size; rparams.data_shift = r_header_size;
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen( PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen( PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
EQ_(crypt_get_data_offset(cd), 0); EQ_(crypt_get_data_offset(cd), 0);
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
remove(BACKUP_FILE); remove(BACKUP_FILE);
OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1)); OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1));
EQ_(r_size_1, 512); EQ_(r_size_1, 512);
OK_(_system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0)); OK_(_system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0));
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size)); OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size));
OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_header_size)); OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_header_size));
skipping to change at line 4288 skipping to change at line 4405
EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 6, PASSPHRASE, strlen(PA SSPHRASE), 0), 6); EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 6, PASSPHRASE, strlen(PA SSPHRASE), 0), 6);
CRYPT_FREE(cd2); CRYPT_FREE(cd2);
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
memset(&rparams, 0, sizeof(rparams)); memset(&rparams, 0, sizeof(rparams));
rparams.resilience = "none"; rparams.resilience = "none";
rparams.max_hotzone_size = 16*2048; rparams.max_hotzone_size = 16*2048;
rparams.luks2 = &params2; rparams.luks2 = &params2;
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK)); OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
OK_(crypt_set_pbkdf_type(cd2, &pbkdf)); OK_(crypt_set_pbkdf_type(cd2, &pbkdf));
EQ_(crypt_keyslot_add_by_key(cd2, 2, NULL, 32, PASSPHRASE, strlen(PASSPHR ASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 2); EQ_(crypt_keyslot_add_by_key(cd2, 2, NULL, 32, PASSPHRASE, strlen(PASSPHR ASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY; rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strl en(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching paramet ers in device table."); FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strl en(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching paramet ers in device table.");
OK_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASS PHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASS PHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams));
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strl en(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching paramet ers in device table."); FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strl en(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching paramet ers in device table.");
skipping to change at line 4316 skipping to change at line 4433
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
params2.data_device = DMDIR L_DEVICE_WRONG; params2.data_device = DMDIR L_DEVICE_WRONG;
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6); EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 6);
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
rparams.flags = 0; rparams.flags = 0;
rparams.max_hotzone_size = 8; rparams.max_hotzone_size = 8;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
/* reencrypt 8 srectors of device */ /* reencrypt 8 srectors of device */
test_progress_steps = 1; test_progress_steps = 1;
OK_(crypt_reencrypt(cd, &test_progress)); OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
/* activate another data device with same LUKS2 header (this is wrong, bu t we can't detect such mistake) */ /* activate another data device with same LUKS2 header (this is wrong, bu t we can't detect such mistake) */
OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK)); OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
NOTFAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_2, CRYPT_ANY_SLOT, PAS SPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption."); NOTFAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_2, CRYPT_ANY_SLOT, PAS SPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
CRYPT_FREE(cd2); CRYPT_FREE(cd2);
/* reencrypt yet another 8 sectors of first device */ /* reencrypt yet another 8 sectors of first device */
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
test_progress_steps = 1; test_progress_steps = 1;
OK_(crypt_reencrypt(cd, &test_progress)); OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
/* Now active mapping for second data device does not match its metadata */ /* Now active mapping for second data device does not match its metadata */
OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK)); OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd2, CRYPT_LUKS2, NULL)); OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strl en(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams), "Mismatching device table."); FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strl en(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams), "Mismatching device table.");
OK_(crypt_deactivate(cd2, CDEVICE_2)); OK_(crypt_deactivate(cd2, CDEVICE_2));
CRYPT_FREE(cd2); CRYPT_FREE(cd2);
CRYPT_FREE(cd); CRYPT_FREE(cd);
skipping to change at line 4361 skipping to change at line 4478
OK_(crypt_volume_key_keyring(cd, 1)); OK_(crypt_volume_key_keyring(cd, 1));
rparams.mode = CRYPT_REENCRYPT_REENCRYPT; rparams.mode = CRYPT_REENCRYPT_REENCRYPT;
rparams.direction = CRYPT_REENCRYPT_FORWARD, rparams.direction = CRYPT_REENCRYPT_FORWARD,
rparams.resilience = "none", rparams.resilience = "none",
rparams.max_hotzone_size = 8; rparams.max_hotzone_size = 8;
rparams.luks2 = &params2; rparams.luks2 = &params2;
rparams.flags = 0; rparams.flags = 0;
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1); EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRA SE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
test_progress_steps = 1; test_progress_steps = 1;
OK_(crypt_reencrypt(cd, &test_progress)); OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN); EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCA RDS); EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCA RDS);
EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0); EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0);
CRYPT_FREE(cd); CRYPT_FREE(cd);
OK_(crypt_init_by_name(&cd, CDEVICE_1)); OK_(crypt_init_by_name(&cd, CDEVICE_1));
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY; rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen( PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad)); OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCA RDS); EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCA RDS);
EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0); EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0);
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd); CRYPT_FREE(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16)); OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
rparams.mode = CRYPT_REENCRYPT_REENCRYPT; rparams.mode = CRYPT_REENCRYPT_REENCRYPT;
skipping to change at line 4398 skipping to change at line 4515
rparams.flags = 0; rparams.flags = 0;
/* Test support for specific key reencryption */ /* Test support for specific key reencryption */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK)); OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_set_pbkdf_type(cd, &pbkdf)); OK_(crypt_set_pbkdf_type(cd, &pbkdf));
OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2)); OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 3); EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, 32, PASSPHRASE, strlen(P ASSPHRASE)), 3);
EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PAS SPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9); EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PAS SPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PA SSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10); EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PA SSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10);
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 3, 9, "aes", "xts-plain64", &rparams)); OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSP HRASE), 3, 9, "aes", "xts-plain64", &rparams));
OK_(crypt_reencrypt(cd, NULL)); OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
OK_(crypt_keyslot_destroy(cd, 9)); OK_(crypt_keyslot_destroy(cd, 9));
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0)); OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
crypt_free(cd); crypt_free(cd);
_cleanup_dmdevices(); _cleanup_dmdevices();
#endif #endif
} }
static void Luks2Repair(void) static void Luks2Repair(void)
 End of changes. 119 change blocks. 
147 lines changed or deleted 288 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)