"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tests/compat-test2" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

compat-test2  (cryptsetup-2.3.6.tar.xz):compat-test2  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 59 skipping to change at line 59
[ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3
[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
losetup -d $LOOPDEV >/dev/null 2>&1 losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_K EYU $VK_FILE $HEADER_LUKS2_PV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_ * $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1 rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_K EYU $VK_FILE $HEADER_LUKS2_PV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_ * $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1
# unlink whole test keyring # unlink whole test keyring
[ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
unset TEST_KEYRING unset TEST_KEYRING
rmmod scsi_debug 2> /dev/null rmmod scsi_debug >/dev/null 2>&1
scsi_debug_teardown $DEV scsi_debug_teardown $DEV
} }
function force_uevent() function force_uevent()
{ {
DNAME=$(echo $LOOPDEV | cut -f3 -d /) DNAME=$(echo $LOOPDEV | cut -f3 -d /)
echo "change" >/sys/block/$DNAME/uevent echo "change" >/sys/block/$DNAME/uevent
} }
function fail() function fail()
skipping to change at line 85 skipping to change at line 85
exit 2 exit 2
} }
function fips_mode() function fips_mode()
{ {
[ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
} }
function can_fail_fips() function can_fail_fips()
{ {
# Ignore this fail if running in FIPS mode # Ignore this fail if running in FIPS mode
fips_mode || fail $1 fips_mode || fail $1
} }
function skip() function skip()
{ {
[ -n "$1" ] && echo "$1" [ -n "$1" ] && echo "$1"
remove_mapping remove_mapping
exit 77 exit 77
} }
skipping to change at line 255 skipping to change at line 255
HAVE_KEYRING=0 HAVE_KEYRING=0
fi fi
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
} }
# $1 path to scsi debug bdev # $1 path to scsi debug bdev
scsi_debug_teardown() { scsi_debug_teardown() {
local _tries=15; local _tries=15;
while [ -b "$1" -a $_tries -gt 0 ]; do while [ -b "$1" -a $_tries -gt 0 ]; do
rmmod scsi_debug 2> /dev/null rmmod scsi_debug >/dev/null 2>&1
if [ -b "$1" ]; then if [ -b "$1" ]; then
sleep .1 sleep .1
_tries=$((_tries-1)) _tries=$((_tries-1))
fi fi
done done
test ! -b "$1" || rmmod scsi_debug 2> /dev/null test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
} }
function add_scsi_device() { function add_scsi_device() {
scsi_debug_teardown $DEV scsi_debug_teardown $DEV
modprobe scsi_debug $@ delay=0 if [ -d /sys/module/scsi_debug ] ; then
if [ $? -ne 0 ] ; then echo "Cannot use scsi_debug module (in use or compiled-in), test
echo "This kernel seems to not support proper scsi_debug module, skipped."
test skipped." exit 77
exit 77 fi
fi modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
sleep 1 echo "This kernel seems to not support proper scsi_debug module,
DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 - test skipped."
d /) exit 77
[ -b $DEV ] || fail "Cannot find $DEV." fi
sleep 1
DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d
/)
[ -b $DEV ] || fail "Cannot find $DEV."
} }
export LANG=C export LANG=C
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skip ped." [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skip ped."
[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped." [ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped."
prepare "[0] Detect LUKS2 environment" wipe prepare "[0] Detect LUKS2 environment" wipe
setup_luks2_env setup_luks2_env
skipping to change at line 320 skipping to change at line 324
$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --s ector-size 2048 >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --s ector-size 2048 >/dev/null || fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --s ector-size 4096 --align-payload 32768 >/dev/null || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -q --s ector-size 4096 --align-payload 32768 >/dev/null || fail
$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "offset: $((512 * 32768)) \[bytes\]" || fail
prepare "[3] format" wipe prepare "[3] format" wipe
echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksF ormat --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 -s 128 luksF ormat --type luks2 $LOOPDEV || fail
prepare "[4] format using hash sha512" wipe prepare "[4] format using hash sha512" wipe
echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 12 8 luksFormat --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 12 8 luksFormat --type luks2 $LOOPDEV || fail
$CRYPTSETUP -q luksDump $LOOPDEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep - qe sha512 || fail $CRYPTSETUP -q luksDump $LOOPDEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep - qe sha512 || fail
# Check JSON dump for some mandatory section
$CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata | grep -q '\"tokens\":' |
| fail
prepare "[5] open" prepare "[5] open"
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/nu ll && fail echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/nu ll && fail
[ $? -ne 2 ] && fail "luksOpen should return EPERM exit code" [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
check_exists check_exists
# Key Slot 1 and key material section 1 must change, the rest must not. # Key Slot 1 and key material section 1 must change, the rest must not.
prepare "[6] add key" prepare "[6] add key"
skipping to change at line 546 skipping to change at line 552
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
echo $PWD1 | $CRYPTSETUP -q resize --device-size 2049s $DEV_NAME > /dev/n ull 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q resize --device-size 2049s $DEV_NAME > /dev/n ull 2>&1 && fail
echo $PWD1 | $CRYPTSETUP -q resize --size 2049 $DEV_NAME > /dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP -q resize --size 2049 $DEV_NAME > /dev/null 2>&1 && fail
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
fi fi
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
# Resize not aligned to logical block size # Resize not aligned to logical block size
add_scsi_device dev_size_mb=32 sector_size=4096 add_scsi_device dev_size_mb=32 sector_size=4096
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $DEV || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $DEV || fail
echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+ \) .*/\1/') OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+ \) .*/\1/') #'
echo $PWD1 | $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail echo $PWD1 | $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail
dmsetup info $DEV_NAME | grep -q SUSPENDED && fail dmsetup info $DEV_NAME | grep -q SUSPENDED && fail
NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+ \) .*/\1/') NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+ \) .*/\1/') #'
test $OLD_SIZE -eq $NEW_SIZE || fail test $OLD_SIZE -eq $NEW_SIZE || fail
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
prepare "[20] Disallow open/create if already mapped." wipe prepare "[20] Disallow open/create if already mapped." wipe
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2>/ dev/null && fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV 2>/ dev/null && fail
$CRYPTSETUP remove $DEV_NAME || fail $CRYPTSETUP remove $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail
skipping to change at line 591 skipping to change at line 597
echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 /dev/mapper/ $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks2 /dev/mapper/ $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
# underlying device now returns error but node is still present # underlying device now returns error but node is still present
dmsetup load $DEV_NAME --table "0 40000 error" || fail dmsetup load $DEV_NAME --table "0 40000 error" || fail
dmsetup resume $DEV_NAME || fail dmsetup resume $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME2 || fail $CRYPTSETUP -q luksClose $DEV_NAME2 || fail
dmsetup remove --retry $DEV_NAME || fail dmsetup remove --retry $DEV_NAME || fail
prepare "[23] ChangeKey passphrase and keyfile" wipe prepare "[23] ChangeKey passphrase and keyfile" wipe
# [0]$KEY1 [1]key0 # [0]$KEY1 [1]key0
$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail $CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --key-size 256 --luks2-keyslots-size 256k >/dev/null || fail
echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail
# keyfile [0] / keyfile [0] # keyfile [0] / keyfile [0]
$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 | | fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 | | fail
# passphrase [1] / passphrase [1] # passphrase [1] / passphrase [1]
echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -- key-slot 1 || fail echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -- key-slot 1 || fail
# keyfile [0] / keyfile [new] # keyfile [0] / keyfile [new] - with LUKS2 it should stay
$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail
# passphrase [1] / passphrase [new] # passphrase [1] / passphrase [new]
echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
# use all slots $CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail # test out of raw area, change in-place (space only for 2 keyslots)
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null &&
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail fail
$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
# still allows replace
#FIXME
#$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail
#$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null &
& fail
prepare "[24] Keyfile limit" wipe prepare "[24] Keyfile limit" wipe
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail
$CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fai l $CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fai l
$CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fa il $CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fa il
$CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fa il $CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fa il
$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAM E 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAM E 2>/dev/null && fail
$CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NA ME 2>/dev/null && fail $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NA ME 2>/dev/null && fail
$CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail $CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail
skipping to change at line 717 skipping to change at line 718
echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail
echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail
echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
prepare "[28] Detached LUKS header" wipe prepare "[28] Detached LUKS header" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --head er $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --head er $HEADER_IMG || fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --head er $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --head er $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --h eader $HEADER_IMG --align-payload 8192 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --h eader $HEADER_IMG --align-payload 8192 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --h eader $HEADER_IMG --align-payload 4096 >/dev/null || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --h eader $HEADER_IMG --align-payload 4096 >/dev/null || fail
$CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: crypt" -A1 | grep -qe $((4096*512 )) || fail $CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: crypt" -A1 | grep -qe $((4096*512 )) || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --h eader $HEADER_IMG --align-payload 0 || fail echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --h eader $HEADER_IMG --align-payload 0 --sector-size 512 || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAM E 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAM E 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fai l echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fai l
echo $PWD1 | $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail
$CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q " 100 sectors" || fail $CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q " 100 sectors" || fail
$CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail $CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
$CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
$CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
skipping to change at line 765 skipping to change at line 766
$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
$CRYPTSETUP luksErase -q $LOOPDEV || fail $CRYPTSETUP luksErase -q $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" && fail
prepare "[31] LUKS convert" wipe prepare "[31] LUKS convert" wipe
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail
$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata >/dev/null 2>&1 && fail
$CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
$CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail $CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
$CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
# hash test # hash test
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDE V $KEY5 -S 0 --hash sha1 || fail $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDE V $KEY5 -S 0 --hash sha1 || fail
$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha25 6 || fail $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha25 6 || fail
skipping to change at line 797 skipping to change at line 799
$CRYPTSETUP isLuks --type luks2 $LOOPDEV || fail $CRYPTSETUP isLuks --type luks2 $LOOPDEV || fail
$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail
if dm_crypt_keyring_flawed; then if dm_crypt_keyring_flawed; then
prepare "[32a] LUKS2 keyring dm-crypt bug" wipe prepare "[32a] LUKS2 keyring dm-crypt bug" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-cryp t" || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-cryp t" || fail
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
# key must not load in kernel key even when dm-crypt module is missing # key must not load in kernel key even when dm-crypt module is missing
if rmmod dm-crypt > /dev/null 2>&1; then if rmmod dm-crypt >/dev/null 2>&1; then
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_ NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_ NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
fi fi
fi fi
if dm_crypt_keyring_support && dm_crypt_keyring_new_kernel; then if dm_crypt_keyring_support && dm_crypt_keyring_new_kernel; then
prepare "[32] LUKS2 key in keyring" wipe prepare "[32] LUKS2 key in keyring" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail
# check keyring support detection works as expected # check keyring support detection works as expected
rmmod dm-crypt > /dev/null 2>&1 || true rmmod dm-crypt >/dev/null 2>&1 || true
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring " || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring " || fail
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADE R_IMG $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADE R_IMG $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-cryp t" || fail $CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-cryp t" || fail
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADER _IMG $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP open $LOOPDEV --disable-keyring --header $HEADER _IMG $DEV_NAME || fail
$CRYPTSETUP luksSuspend $DEV_NAME || fail $CRYPTSETUP luksSuspend $DEV_NAME || fail
skipping to change at line 852 skipping to change at line 854
# key description is not reachable # key description is not reachable
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase && fail
# wrong passphrase # wrong passphrase
load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase 2>/dev/null && f ail $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase 2>/dev/null && f ail
load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail $CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail
$CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail $CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP status $DEV_NAME > /dev/null || fail $CRYPTSETUP status $DEV_NAME > /dev/null || fail
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
# check --token-type sort of works (TODO: extend tests when native system
d tokens are available)
echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 22
|| fail
# this excludes keyring tokens from unlocking device
$CRYPTSETUP open --token-only --token-type some_type $LOOPDEV --test-pass
phrase && fail
$CRYPTSETUP open --token-only --token-type some_type $LOOPDEV $DEV_NAME &
& fail
$CRYPTSETUP status $DEV_NAME > /dev/null && fail
$CRYPTSETUP token remove --token-id 3 $LOOPDEV || fail $CRYPTSETUP token remove --token-id 3 $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" && fail $CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" && fail
# test we can remove keyslot with token # test we can remove keyslot with token
echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S4 $FAST_PBKDF_OPT $LOOP DEV || fail echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S4 $FAST_PBKDF_OPT $LOOP DEV || fail
$CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 4 || fail $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 4 || fail
$CRYPTSETUP -q luksKillSlot $LOOPDEV 4 || fail $CRYPTSETUP -q luksKillSlot $LOOPDEV 4 || fail
fi fi
echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 10 || fai l echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 10 || fai l
echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 11 --json -file - || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 11 --json -file - || fail
 End of changes. 17 change blocks. 
36 lines changed or deleted 52 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)