"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tests/integrity-compat-test" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

integrity-compat-test  (cryptsetup-2.3.6.tar.xz):integrity-compat-test  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 12 skipping to change at line 12
# #
# Test integritysetup compatibility. # Test integritysetup compatibility.
# #
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
INTSETUP=$CRYPTSETUP_PATH/integritysetup INTSETUP=$CRYPTSETUP_PATH/integritysetup
INTSETUP_VALGRIND=../.libs/integritysetup INTSETUP_VALGRIND=../.libs/integritysetup
INTSETUP_LIB_VALGRIND=../.libs INTSETUP_LIB_VALGRIND=../.libs
DEV_NAME=dmc_test DEV_NAME=dmc_test
DEV_NAME_BIG=dmc_fake DEV_NAME2=dmc_fake
DEV_LOOP="" DEV_LOOP=""
DEV=test123.img DEV=test123.img
DEV2=test124.img DEV2=test124.img
KEY_FILE=key.img KEY_FILE=key.img
KEY_FILE2=key2.img KEY_FILE2=key2.img
dmremove() { # device dmremove() { # device
udevadm settle >/dev/null 2>&1 udevadm settle >/dev/null 2>&1
dmsetup remove --retry $1 >/dev/null 2>&1 dmsetup remove --retry $1 >/dev/null 2>&1
} }
cleanup() { cleanup() {
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
[ -b /dev/mapper/$DEV_NAME_BIG ] && dmremove $DEV_NAME_BIG [ -b /dev/mapper/$DEV_NAME2 ] && dmremove $DEV_NAME2
[ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP" [ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP"
DEV_LOOP="" DEV_LOOP=""
rm -f $DEV $DEV2 $KEY_FILE $KEY_FILE2 >/dev/null 2>&1 rm -f $DEV $DEV2 $KEY_FILE $KEY_FILE2 >/dev/null 2>&1
} }
fail() fail()
{ {
[ -n "$1" ] && echo "$1" [ -n "$1" ] && echo "$1"
echo "FAILED backtrace:" echo "FAILED backtrace:"
while caller $frame; do ((frame++)); done while caller $frame; do ((frame++)); done
skipping to change at line 67 skipping to change at line 67
[ $VER_MIN -gt 1 ] && { [ $VER_MIN -gt 1 ] && {
DM_INTEGRITY_META=1 DM_INTEGRITY_META=1
DM_INTEGRITY_RECALC=1 DM_INTEGRITY_RECALC=1
} }
[ $VER_MIN -gt 2 ] && { [ $VER_MIN -gt 2 ] && {
DM_INTEGRITY_BITMAP=1 DM_INTEGRITY_BITMAP=1
} }
[ $VER_MIN -gt 6 ] && { [ $VER_MIN -gt 6 ] && {
DM_INTEGRITY_HMAC_FIX=1 DM_INTEGRITY_HMAC_FIX=1
} }
[ $VER_MIN -gt 7 ] && {
DM_INTEGRITY_RESET=1
}
} }
add_device() { add_device() {
cleanup cleanup
dd if=/dev/urandom of=$KEY_FILE bs=4096 count=1 >/dev/null 2>&1 dd if=/dev/urandom of=$KEY_FILE bs=4096 count=1 >/dev/null 2>&1
dd if=/dev/urandom of=$KEY_FILE2 bs=1 count=32 >/dev/null 2>&1 dd if=/dev/urandom of=$KEY_FILE2 bs=1 count=32 >/dev/null 2>&1
dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1 dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1
dd if=/dev/zero of=$DEV2 bs=1M count=32 >/dev/null 2>&1 dd if=/dev/zero of=$DEV2 bs=1M count=32 >/dev/null 2>&1
sync sync
} }
skipping to change at line 110 skipping to change at line 113
X=$(dmsetup table $DEV_NAME | cut -d " " -f $1) X=$(dmsetup table $DEV_NAME | cut -d " " -f $1)
if [ "$X" != $2 ] ; then if [ "$X" != $2 ] ; then
echo "[param_check FAIL]" echo "[param_check FAIL]"
echo "Expecting $2 got \"$X\"." echo "Expecting $2 got \"$X\"."
fail fail
fi fi
} }
function valgrind_setup() function valgrind_setup()
{ {
which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind." which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
[ ! -f $INTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup ex [ ! -f $INTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup
ecutable." executable."
export LD_LIBRARY_PATH="$INTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" export LD_LIBRARY_PATH="$INTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
} }
function valgrind_run() function valgrind_run()
{ {
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${INTSETUP_VALGRIND} "$@" INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg. sh ${INTSETUP_VALGRIND} "$@"
} }
int_check_sum_only() # checksum int_check_sum_only() # checksum
{ {
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1) VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
if [ "$VSUM" = "$1" ] ; then if [ "$VSUM" = "$1" ] ; then
echo -n "[CHECKSUM OK]" echo -n "[CHECKSUM OK]"
else else
echo "[FAIL]" echo "[FAIL]"
echo " Expecting $1 got $VSUM." echo " Expecting $1 got $VSUM."
skipping to change at line 248 skipping to change at line 251
echo -n "[DETECT ERROR]" echo -n "[DETECT ERROR]"
$INTSETUP open $DEV $DEV_NAME --integrity $2 $KEY_PARAMS $INT_MODE || fai l "Cannot activate device." $INTSETUP open $DEV $DEV_NAME --integrity $2 $KEY_PARAMS $INT_MODE || fai l "Cannot activate device."
dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 && fail "Error detection fai led." dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 && fail "Error detection fai led."
echo -n "[REMOVE]" echo -n "[REMOVE]"
$INTSETUP close $DEV_NAME || fail "Cannot deactivate device." $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
echo "[OK]" echo "[OK]"
} }
int_journal() # 1 alg, 2 tagsize, 3 sector_size, 4 watermark, 5 commit_time, 6 j ournal_integrity, 7 key-file, 8 key-size, 9 journal_integrity_out int_journal() # 1 alg, 2 tagsize, 3 sector_size, 4 watermark, 5 commit_time, 6 j ournal_integrity, 7 key-file, 8 key-size, 9 journal_integrity_out
{ {
echo -n "[INTEGRITY JOURNAL:$6:${4}%:${5}ms:$8]" echo -n "[INTEGRITY JOURNAL:$6:${4}%:${5}ms:$8]"
echo -n "[FORMAT]" echo -n "[FORMAT]"
ARGS="--integrity $1 --journal-watermark $4 --journal-commit-time $5 --journ ARGS="--integrity $1 --journal-watermark $4 --journal-commit-time $5 --jo
al-integrity $6 --journal-integrity-key-file $7 --journal-integrity-key-size $8" urnal-integrity $6 --journal-integrity-key-file $7 --journal-integrity-key-size
$INTSETUP format -q --tag-size $2 --sector-size $3 $ARGS $DEV || fail "Canno $8"
t format device." $INTSETUP format -q --tag-size $2 --sector-size $3 $ARGS $DEV || fail "Ca
nnot format device."
echo -n "[ACTIVATE]"
echo -n "[ACTIVATE]"
$INTSETUP open $DEV $DEV_NAME $ARGS || fail "Cannot activate device."
$INTSETUP open $DEV $DEV_NAME $ARGS || fail "Cannot activate device."
echo -n "[KEYED HASH]"
KEY_HEX=$(xxd -c 4096 -l $8 -p $7) echo -n "[KEYED HASH]"
[ -z "$KEY_HEX" ] && fail "Cannot decode key." KEY_HEX=$(xxd -c 4096 -l $8 -p $7)
dmsetup table --showkeys $DEV_NAME | grep -q $KEY_HEX || fail "Key mismatch. [ -z "$KEY_HEX" ] && fail "Cannot decode key."
" dmsetup table --showkeys $DEV_NAME | grep -q $KEY_HEX || fail "Key mismat
ch."
status_check "journal watermark" "${4}%"
status_check "journal commit time" "${5} ms" status_check "journal watermark" "${4}%"
status_check "journal integrity MAC" $9 status_check "journal commit time" "${5} ms"
status_check "journal integrity MAC" $9
echo -n "[REMOVE]"
$INTSETUP close $DEV_NAME || fail "Cannot deactivate device." echo -n "[REMOVE]"
echo "[OK]" $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
echo "[OK]"
} }
int_journal_crypt() # crypt_alg crypt_alg_kernel crypt_key crypt_key_size int_journal_crypt() # crypt_alg crypt_alg_kernel crypt_key crypt_key_size
{ {
echo -n "[JOURNAL CRYPT:$1:${4}B]" echo -n "[JOURNAL CRYPT:$1:${4}B]"
echo -n "[FORMAT]" echo -n "[FORMAT]"
ARGS="--journal-crypt $1 --journal-crypt-key-file $3 --journal-crypt-key- size $4" ARGS="--journal-crypt $1 --journal-crypt-key-file $3 --journal-crypt-key- size $4"
$INTSETUP format -q $ARGS $DEV || fail "Cannot format device." $INTSETUP format -q $ARGS $DEV || fail "Cannot format device."
skipping to change at line 394 skipping to change at line 397
int_mode hmac-sha256 32 4096 $KEY_FILE 32 int_mode hmac-sha256 32 4096 $KEY_FILE 32
echo -n "Recalculate tags in-kernel:" echo -n "Recalculate tags in-kernel:"
add_device add_device
if [ -n "$DM_INTEGRITY_RECALC" ] ; then if [ -n "$DM_INTEGRITY_RECALC" ] ; then
$INTSETUP format -q $DEV --no-wipe || fail "Cannot format device." $INTSETUP format -q $DEV --no-wipe || fail "Cannot format device."
$INTSETUP open $DEV $DEV_NAME --integrity-recalculate || fail "Cannot act ivate device." $INTSETUP open $DEV $DEV_NAME --integrity-recalculate || fail "Cannot act ivate device."
dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M 2>/dev/null || fail "Canno t recalculate tags in-kernel" dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M 2>/dev/null || fail "Canno t recalculate tags in-kernel"
int_check_sum_only 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef0 45a53839d7 int_check_sum_only 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef0 45a53839d7
$INTSETUP close $DEV_NAME || fail "Cannot deactivate device." $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
echo "[OK]" echo -n "[OK]"
if [ -n "$DM_INTEGRITY_RESET" ] ; then
$INTSETUP open $DEV $DEV_NAME -I sha256 --integrity-recalculate-r
eset || fail "Cannot activate device."
dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M 2>/dev/null || fai
l "Cannot reset recalculate tags in-kernel"
int_check_sum_only 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba421
54841ef045a53839d7
$INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
echo "[RESET OK]"
else
echo "[RESET N/A]"
fi
else else
echo "[N/A]" echo "[N/A]"
fi fi
echo -n "Separate metadata device:" echo -n "Separate metadata device:"
if [ -n "$DM_INTEGRITY_META" ] ; then if [ -n "$DM_INTEGRITY_META" ] ; then
add_device add_device
$INTSETUP format -q $DEV --data-device $DEV2 || fail "Cannot format devic e." $INTSETUP format -q $DEV --data-device $DEV2 || fail "Cannot format devic e."
$INTSETUP open $DEV --data-device $DEV2 $DEV_NAME || fail "Cannot activat e device." $INTSETUP open $DEV --data-device $DEV2 $DEV_NAME || fail "Cannot activat e device."
int_check_sum_only 83ee47245398adee79bd9c0a8bc57b821e92aba10f5f9ade8a5d1f ae4d8c4302 int_check_sum_only 83ee47245398adee79bd9c0a8bc57b821e92aba10f5f9ade8a5d1f ae4d8c4302
skipping to change at line 436 skipping to change at line 448
int_error_detection B hmac-sha256 0 32 512 $KEY_FILE 32 int_error_detection B hmac-sha256 0 32 512 $KEY_FILE 32
int_error_detection B hmac-sha256 0 32 4096 $KEY_FILE 32 int_error_detection B hmac-sha256 0 32 4096 $KEY_FILE 32
else else
echo "[N/A]" echo "[N/A]"
fi fi
echo -n "Big device:" echo -n "Big device:"
add_device add_device
DEV_LOOP=$(losetup -f $DEV --show) DEV_LOOP=$(losetup -f $DEV --show)
if [ -n "$DEV_LOOP" ] ; then if [ -n "$DEV_LOOP" ] ; then
dmsetup create $DEV_NAME_BIG <<EOF dmsetup create $DEV_NAME2 <<EOF
0 16284 linear $DEV_LOOP 0 0 16284 linear $DEV_LOOP 0
16284 80000000000 zero 16284 80000000000 zero
EOF EOF
[ ! -b /dev/mapper/$DEV_NAME_BIG ] && fail [ ! -b /dev/mapper/$DEV_NAME2 ] && fail
$INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME_BIG $INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME2
$INTSETUP open /dev/mapper/$DEV_NAME_BIG $DEV_NAME || fail $INTSETUP open /dev/mapper/$DEV_NAME2 $DEV_NAME || fail
D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME_BIG | grep provided_data_se D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME2 | grep provided_data_secto
ctors | sed -e 's/.*provided_data_sectors\ \+//g') rs | sed -e 's/.*provided_data_sectors\ \+//g')
A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME) A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME)
# Compare strings (to avoid 64bit integers), not integers # Compare strings (to avoid 64bit integers), not integers
[ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail [ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail
echo "[OK]" echo "[OK]"
else else
echo "[N/A]" echo "[N/A]"
fi fi
echo -n "Deferred removal of device:"
add_device
$INTSETUP format -q $DEV || fail "Cannot format device."
$INTSETUP open $DEV $DEV_NAME || fail "Cannot activate device."
dmsetup create $DEV_NAME2 --table "0 8 linear /dev/mapper/$DEV_NAME 0"
[ ! -b /dev/mapper/$DEV_NAME2 ] && fail
$INTSETUP close $DEV_NAME >/dev/null 2>&1 && fail
$INTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
$INTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
$INTSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fai
l
$INTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
dmsetup remove $DEV_NAME2 || fail
$INTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail
echo "[OK]"
else
dmsetup remove $DEV_NAME2 >/dev/null 2>&1
$INTSETUP close $DEV_NAME >/dev/null 2>&1
echo "[N/A]"
fi
echo -n "Fixed HMAC and legacy flags:" echo -n "Fixed HMAC and legacy flags:"
if [ -n "$DM_INTEGRITY_HMAC_FIX" ] ; then if [ -n "$DM_INTEGRITY_HMAC_FIX" ] ; then
add_device add_device
# only data HMAC # only data HMAC
ARGS="--integrity hmac-sha256 --integrity-key-file $KEY_FILE --integrity- key-size 32" ARGS="--integrity hmac-sha256 --integrity-key-file $KEY_FILE --integrity- key-size 32"
$INTSETUP format -q $DEV --integrity-legacy-hmac --no-wipe --tag-size 32 $ARGS || fail "Cannot format device." $INTSETUP format -q $DEV --integrity-legacy-hmac --no-wipe --tag-size 32 $ARGS || fail "Cannot format device."
$INTSETUP open $DEV $DEV_NAME --integrity-recalculate $ARGS >/dev/null 2> &1 && fail "Cannot activate device." $INTSETUP open $DEV $DEV_NAME --integrity-recalculate $ARGS >/dev/null 2> &1 && fail "Cannot activate device."
$INTSETUP open $DEV $DEV_NAME --integrity-legacy-recalculate $ARGS || fai l "Cannot activate device." $INTSETUP open $DEV $DEV_NAME --integrity-legacy-recalculate $ARGS || fai l "Cannot activate device."
$INTSETUP close $DEV_NAME || fail "Cannot deactivate device." $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
# New version - must fail (no journal HMAC) # New version - must fail (no journal HMAC)
 End of changes. 10 change blocks. 
38 lines changed or deleted 78 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)