"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tests/luks2-reencryption-test" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

luks2-reencryption-test  (cryptsetup-2.3.6.tar.xz):luks2-reencryption-test  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 20 skipping to change at line 20
FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
FAST_PBKDF_ARGON="--pbkdf-force-iterations 4 --pbkdf-memory 32 --pbkdf-parallel 1" FAST_PBKDF_ARGON="--pbkdf-force-iterations 4 --pbkdf-memory 32 --pbkdf-parallel 1"
DEFAULT_ARGON="argon2i" DEFAULT_ARGON="argon2i"
DEV="" DEV=""
OVRDEV="123reenc321" OVRDEV="123reenc321"
DEVBIG="reenc2134" DEVBIG="reenc2134"
DEV_NAME=reenc9768 DEV_NAME=reenc9768
DEV_NAME2=reenc97682 DEV_NAME2=reenc97682
IMG=reenc-data IMG=reenc-data
IMG_HDR=/tmp/$IMG.hdr IMG_HDR=$IMG.hdr
KEY1=key1 KEY1=key1
VKEY1=vkey1 VKEY1=vkey1
PWD1="93R4P4pIqAH8" PWD1="93R4P4pIqAH8"
PWD2="1cND4319812f" PWD2="1cND4319812f"
PWD3="1-9Qu5Ejfnqv" PWD3="1-9Qu5Ejfnqv"
DEV_LINK="reenc-test-link"
[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/ null) [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/ null)
function dm_crypt_features() function dm_crypt_features()
{ {
VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
[ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
VER_MIN=$(echo $VER_STR | cut -f 2 -d.) VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
skipping to change at line 64 skipping to change at line 65
local _ver_str=$(dmsetup targets | grep delay | cut -f2 -dv) local _ver_str=$(dmsetup targets | grep delay | cut -f2 -dv)
[ -z "$_ver_str" ] && return 1 [ -z "$_ver_str" ] && return 1
return 0 return 0
} }
# $1 path to scsi debug bdev # $1 path to scsi debug bdev
scsi_debug_teardown() { scsi_debug_teardown() {
local _tries=15; local _tries=15;
while [ -b "$1" -a $_tries -gt 0 ]; do while [ -b "$1" -a $_tries -gt 0 ]; do
rmmod scsi_debug 2> /dev/null rmmod scsi_debug >/dev/null 2>&1
if [ -b "$1" ]; then if [ -b "$1" ]; then
sleep .1 sleep .1
_tries=$((_tries-1)) _tries=$((_tries-1))
fi fi
done done
test ! -b "$1" || rmmod scsi_debug 2> /dev/null test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
} }
function remove_mapping() function remove_mapping()
{ {
[ -b /dev/mapper/$DEV_NAME ] && { [ -b /dev/mapper/$DEV_NAME ] && {
dmsetup resume $DEV_NAME dmsetup resume $DEV_NAME
dmsetup remove --retry $DEV_NAME dmsetup remove --retry $DEV_NAME
} }
[ -b /dev/mapper/$DEV_NAME2 ] && { [ -b /dev/mapper/$DEV_NAME2 ] && {
dmsetup resume $DEV_NAME2 dmsetup resume $DEV_NAME2
skipping to change at line 100 skipping to change at line 101
dmsetup remove --retry $DEV_NAME-hotzone-forward dmsetup remove --retry $DEV_NAME-hotzone-forward
} }
[ -b /dev/mapper/$DEV_NAME-hotzone-backward ] && { [ -b /dev/mapper/$DEV_NAME-hotzone-backward ] && {
dmsetup resume $DEV_NAME-hotzone-backward dmsetup resume $DEV_NAME-hotzone-backward
dmsetup remove --retry $DEV_NAME-hotzone-backward dmsetup remove --retry $DEV_NAME-hotzone-backward
} }
[ -b /dev/mapper/$OVRDEV ] && dmsetup remove --retry $OVRDEV 2>/dev/null [ -b /dev/mapper/$OVRDEV ] && dmsetup remove --retry $OVRDEV 2>/dev/null
[ -b /dev/mapper/$OVRDEV-err ] && dmsetup remove --retry $OVRDEV-err 2>/d ev/null [ -b /dev/mapper/$OVRDEV-err ] && dmsetup remove --retry $OVRDEV-err 2>/d ev/null
[ -n "$LOOPDEV" ] && losetup -d $LOOPDEV [ -n "$LOOPDEV" ] && losetup -d $LOOPDEV
unset LOOPDEV unset LOOPDEV
rm -f $IMG $IMG_HDR $KEY1 $VKEY1 $DEVBIG >/dev/null 2>&1 rm -f $IMG $IMG_HDR $KEY1 $VKEY1 $DEVBIG $DEV_LINK >/dev/null 2>&1
rmmod scsi_debug 2> /dev/null rmmod scsi_debug >/dev/null 2>&1
scsi_debug_teardown $DEV scsi_debug_teardown $DEV
} }
function fail() function fail()
{ {
local frame=0 local frame=0
[ -n "$1" ] && echo "$1" [ -n "$1" ] && echo "$1"
echo "FAILED backtrace:" echo "FAILED backtrace:"
while caller $frame; do ((frame++)); done while caller $frame; do ((frame++)); done
remove_mapping remove_mapping
skipping to change at line 128 skipping to change at line 129
exit 77 exit 77
} }
function fips_mode() function fips_mode()
{ {
[ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
} }
function add_scsi_device() { function add_scsi_device() {
scsi_debug_teardown $DEV scsi_debug_teardown $DEV
modprobe scsi_debug $@ delay=0 if [ -d /sys/module/scsi_debug ] ; then
if [ $? -ne 0 ] ; then echo "Cannot use scsi_debug module (in use or compiled-in), test
echo "This kernel seems to not support proper scsi_debug module, skipped."
test skipped." exit 77
exit 77 fi
fi modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
sleep 1 echo "This kernel seems to not support proper scsi_debug module,
DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 - test skipped."
d /) exit 77
[ -b $DEV ] || fail "Cannot find $DEV." fi
sleep 1
DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d
/)
[ -b $DEV ] || fail "Cannot find $DEV."
} }
function open_crypt() # $1 pwd, $2 hdr function open_crypt() # $1 pwd, $2 hdr
{ {
if [ -n "$2" ] ; then if [ -n "$2" ] ; then
echo "$1" | $CRYPTSETUP luksOpen $DEV $DEV_NAME --header $2 || fa il echo "$1" | $CRYPTSETUP luksOpen $DEV $DEV_NAME --header $2 || fa il
elif [ -n "$1" ] ; then elif [ -n "$1" ] ; then
echo "$1" | $CRYPTSETUP luksOpen $DEV $DEV_NAME || fail echo "$1" | $CRYPTSETUP luksOpen $DEV $DEV_NAME || fail
else else
$CRYPTSETUP luksOpen -d $KEY1 $DEV $DEV_NAME || fail $CRYPTSETUP luksOpen -d $KEY1 $DEV $DEV_NAME || fail
skipping to change at line 685 skipping to change at line 690
} }
function valgrind_run() function valgrind_run()
{ {
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg. sh ${CRYPTSETUP_VALGRIND} "$@" INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg. sh ${CRYPTSETUP_VALGRIND} "$@"
} }
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skip ped." [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skip ped."
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
fips_mode && skip "This test cannot be run in FIPS mode." fips_mode && skip "This test cannot be run in FIPS mode."
modprobe --dry-run scsi_debug || exit 77 modprobe --dry-run scsi_debug >/dev/null 2>&1 || skip "This kernel seems to not
modprobe dm-crypt || fail "dm-crypt failed to load" support proper scsi_debug module, test skipped."
modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
modprobe dm-delay > /dev/null 2>&1 modprobe dm-delay > /dev/null 2>&1
dm_crypt_features dm_crypt_features
if [ -n "$DM_SECTOR_SIZE" ]; then if [ -n "$DM_SECTOR_SIZE" ]; then
TEST_SECTORS="512 4096" TEST_SECTORS="512 4096"
else else
TEST_SECTORS="512" TEST_SECTORS="512"
fi fi
modinfo scsi_debug -p | grep -q opt_xferlen_exp && OPT_XFERLEN_EXP="opt_xferlen_ exp=6" modinfo scsi_debug -p | grep -q opt_xferlen_exp && OPT_XFERLEN_EXP="opt_xferlen_ exp=6"
skipping to change at line 919 skipping to change at line 924
echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME2 --header $IMG_HDR || fail echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME2 --header $IMG_HDR || fail
echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME --header $IMG_HDR -q || fail echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME --header $IMG_HDR -q || fail
# key description mismatch in active device # key description mismatch in active device
echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME2 --header $IMG_HDR >/ dev/null 2>&1 && fail echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME2 --header $IMG_HDR >/ dev/null 2>&1 && fail
# also check it can abort initialization in this case # also check it can abort initialization in this case
$CRYPTSETUP luksDump $IMG_HDR | grep -q "online-reencrypt" && fail $CRYPTSETUP luksDump $IMG_HDR | grep -q "online-reencrypt" && fail
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
$CRYPTSETUP close $DEV_NAME2 || fail $CRYPTSETUP close $DEV_NAME2 || fail
echo "[5] Decryption with detached header" echo "[5] Decryption with detached header"
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c aes-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --sector-size 512 -c aes-cbc-es siv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR wipe $PWD1 $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --header $IMG_HDR $DEV || fail echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --header $IMG_HDR $DEV || fail
check_hash_dev $DEV $HASH3 check_hash_dev $DEV $HASH3
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --header $IMG_HDR -q $FAST_PBKD F_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --header $IMG_HDR -q $FAST_PBKD F_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR wipe $PWD1 $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience journal --header $I MG_HDR $DEV || fail echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience journal --header $I MG_HDR $DEV || fail
check_hash_dev $DEV $HASH3 check_hash_dev $DEV $HASH3
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c twofish-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c twofish-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR wipe $PWD1 $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience none --header $IMG_ HDR $DEV || fail echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience none --header $IMG_ HDR $DEV || fail
check_hash_dev $DEV $HASH3 check_hash_dev $DEV $HASH3
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c serpent-xts-plain --header $ IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c serpent-xts-plain --header $ IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR wipe $PWD1 $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience checksum --header $ IMG_HDR $DEV || fail echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience checksum --header $ IMG_HDR $DEV || fail
check_hash_dev $DEV $HASH3 check_hash_dev $DEV $HASH3
# check deferred remove works as expected after decryption # check deferred remove works as expected after decryption
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c serpent-xts-plain --header $ IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --sector-size 512 -c serpent-xt s-plain --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
open_crypt $PWD1 $IMG_HDR open_crypt $PWD1 $IMG_HDR
dmsetup create $DEV_NAME2 --table "0 1 linear /dev/mapper/$DEV_NAME 0" || fail dmsetup create $DEV_NAME2 --table "0 1 linear /dev/mapper/$DEV_NAME 0" || fail
echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience checksum --header $ IMG_HDR --active-name $DEV_NAME || fail echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience checksum --header $ IMG_HDR --active-name $DEV_NAME || fail
$CRYPTSETUP status $DEV_NAME >/dev/null || fail $CRYPTSETUP status $DEV_NAME >/dev/null || fail
dmsetup remove --retry $DEV_NAME2 dmsetup remove --retry $DEV_NAME2
$CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
# check tool can block some funny user ideas # check tool can block some funny user ideas
preparebig 64 preparebig 64
ln -s $DEV $DEV_LINK || fail
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c serpent-xts-plain -q $FAST_P BKDF_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c serpent-xts-plain -q $FAST_P BKDF_ARGON $DEV || fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV -q 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV -q 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $DEV -q 2>/dev/null & & fail echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $DEV -q 2>/dev/null & & fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $DEV_LINK -q 2>/dev/n ull && fail
open_crypt $PWD1 open_crypt $PWD1
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME -q 2>/dev/n ull && fail echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME -q 2>/dev/n ull && fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME --header $D EV -q 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME --header $D EV -q 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME --header $D EV_LINK -q 2>/dev/null && fail
$CRYPTSETUP status $DEV_NAME | grep -q "reencryption: in-progress" && fail $CRYPTSETUP status $DEV_NAME | grep -q "reencryption: in-progress" && fail
$CRYPTSETUP close $DEV_NAME $CRYPTSETUP close $DEV_NAME
if ! dm_delay_features; then if ! dm_delay_features; then
echo "dm-delay target is missing, skipping recovery tests." echo "dm-delay target is missing, skipping recovery tests."
remove_mapping remove_mapping
exit 0 exit 0
fi fi
echo "[6] Reencryption recovery" echo "[6] Reencryption recovery"
 End of changes. 12 change blocks. 
20 lines changed or deleted 30 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)