"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tests/verity-compat-test" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

verity-compat-test  (cryptsetup-2.3.6.tar.xz):verity-compat-test  (cryptsetup-2.4.0.tar.xz)
#!/bin/bash #!/bin/bash
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
VERITYSETUP=$CRYPTSETUP_PATH/veritysetup VERITYSETUP=$CRYPTSETUP_PATH/veritysetup
VERITYSETUP_VALGRIND=../.libs/veritysetup VERITYSETUP_VALGRIND=../.libs/veritysetup
VERITYSETUP_LIB_VALGRIND=../.libs VERITYSETUP_LIB_VALGRIND=../.libs
DEV_NAME=verity3273 DEV_NAME=verity3273
DEV_NAME2=verity3273x
DEV_OUT="$DEV_NAME.out" DEV_OUT="$DEV_NAME.out"
IMG=verity-data IMG=verity-data
IMG_HASH=verity-hash IMG_HASH=verity-hash
IMG_TMP=tst-dev IMG_TMP=tst-dev
FEC_DEV=tst_fec123 FEC_DEV=tst_fec123
# If we need deterministic image creation # If we need deterministic image creation
DEV_SALT=9e7457222290f1bac0d42ad2de2d602a87bb871c22ab70ca040bad450578a436 DEV_SALT=9e7457222290f1bac0d42ad2de2d602a87bb871c22ab70ca040bad450578a436
DEV_UUID=a60c98d2-ae9b-4865-bfcb-b4e3ace11033 DEV_UUID=a60c98d2-ae9b-4865-bfcb-b4e3ace11033
function remove_mapping() function remove_mapping()
{ {
[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 >/dev/null 2>& 1
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME >/dev/null 2>&1 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME >/dev/null 2>&1
[ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1 [ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1
rm -f $IMG $IMG_HASH $DEV_OUT $FEC_DEV $IMG_TMP >/dev/null 2>&1 rm -f $IMG $IMG.roothash $IMG_HASH $DEV_OUT $FEC_DEV $IMG_TMP >/dev/null 2>&1
LOOPDEV1="" LOOPDEV1=""
LOOPDEV2="" LOOPDEV2=""
} }
function fail() function fail()
{ {
[ -n "$1" ] && echo "$1" [ -n "$1" ] && echo "$1"
echo "FAILED backtrace:" echo "FAILED backtrace:"
while caller $frame; do ((frame++)); done while caller $frame; do ((frame++)); done
[ -f $DEV_OUT ] && cat $DEV_OUT [ -f $DEV_OUT ] && cat $DEV_OUT
skipping to change at line 113 skipping to change at line 115
$VERITYSETUP open $IMG $DEV_NAME $IMG_HASH $ROOT_HASH_BAD >/dev/null 2>&1 || fail $VERITYSETUP open $IMG $DEV_NAME $IMG_HASH $ROOT_HASH_BAD >/dev/null 2>&1 || fail
check_exists check_exists
dmsetup status $DEV_NAME | grep "verity C" >/dev/null || fail dmsetup status $DEV_NAME | grep "verity C" >/dev/null || fail
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
echo "[OK]" echo "[OK]"
} }
function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset] function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset]
{ {
local FORMAT_PARAMS
local VERIFY_PARAMS
local ROOT_HASH
if [ -z "$LOOPDEV2" ] ; then if [ -z "$LOOPDEV2" ] ; then
BLOCKS=$(($6 / $1)) BLOCKS=$(($6 / $1))
DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \ DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \
--hash-offset $6 \ --hash-offset $6 \
--data-blocks=$BLOCKS --debug" --data-blocks=$BLOCKS --debug"
else else
DEV_PARAMS="$LOOPDEV1 $LOOPDEV2" DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
fi fi
for root_hash_as_file in yes no; do
for sb in yes no; do for sb in yes no; do
FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --ha sh=$5 --salt=$3" FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --ha sh=$5 --salt=$3"
if [ $sb == yes ] ; then if [ $sb == yes ] ; then
VERIFY_PARAMS="" VERIFY_PARAMS=""
else else
FORMAT_PARAMS="$FORMAT_PARAMS --no-superblock" FORMAT_PARAMS="$FORMAT_PARAMS --no-superblock"
VERIFY_PARAMS=$FORMAT_PARAMS VERIFY_PARAMS=$FORMAT_PARAMS
fi fi
if [ $root_hash_as_file == yes ] ; then
echo -n $2 > $IMG.roothash
FORMAT_PARAMS="$FORMAT_PARAMS --root-hash-file=$IMG.roothash"
VERIFY_PARAMS="$VERIFY_PARAMS --root-hash-file=$IMG.roothash"
ROOT_HASH=""
else
ROOT_HASH="$2"
fi
for fail in data hash; do for fail in data hash; do
wipe wipe
echo -n "V$4(sb=$sb) $5 block size $1: " echo -n "V$4(sb=$sb root_hash_as_file=$root_hash_as_file) $5 block size $ 1: "
$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT || fail $VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT || fail
echo -n "[root hash]" echo -n "[root hash]"
compare_out "root hash" $2 compare_out "root hash" $2
compare_out "salt" "$3" compare_out "salt" "$3"
$VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 || fail $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 || fail
echo -n "[verify]" echo -n "[verify]"
$VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2 >&1 || fail $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$D EV_OUT 2>&1 || fail
check_exists check_exists
echo -n "[activate]" echo -n "[activate]"
dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null
dmsetup status $DEV_NAME | grep "verity V" >/dev/null || fail dmsetup status $DEV_NAME | grep "verity V" >/dev/null || fail
echo -n "[in-kernel verify]" echo -n "[in-kernel verify]"
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
case $fail in case $fail in
skipping to change at line 168 skipping to change at line 183
hash) hash)
if [ -z "$LOOPDEV2" ] ; then if [ -z "$LOOPDEV2" ] ; then
dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=$((8193 + $4)) count=8 conv=notrunc 2>/dev/null dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=$((8193 + $4)) count=8 conv=notrunc 2>/dev/null
else else
dd if=/dev/urandom of=$LOOPDEV2 bs=1 seek=8193 count=8 co nv=notrunc 2>/dev/null dd if=/dev/urandom of=$LOOPDEV2 bs=1 seek=8193 count=8 co nv=notrunc 2>/dev/null
fi fi
TXT="hash_dev" TXT="hash_dev"
;; ;;
esac esac
$VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 && \ $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 && \
fail "userspace check for $TXT corruption" fail "userspace check for $TXT corruption"
$VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2> &1 || \ $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DE V_OUT 2>&1 || \
fail "activation" fail "activation"
dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null
dmsetup status $DEV_NAME | grep "verity V" >/dev/null && \ dmsetup status $DEV_NAME | grep "verity V" >/dev/null && \
fail "in-kernel check for $TXT corruption" fail "in-kernel check for $TXT corruption"
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail "deactivation" $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail "deactivation"
echo "[$TXT corruption]" echo "[$TXT corruption]"
done done
done done
done
} }
function corrupt_device() # $1 device, $2 device_size(in bytes), $3 #{corrupted_ bytes} function corrupt_device() # $1 device, $2 device_size(in bytes), $3 #{corrupted_ bytes}
{ {
# Repeatable magic corruption :-) # Repeatable magic corruption :-)
CORRUPT=$3 CORRUPT=$3
RANDOM=43 RANDOM=43
while [ "$CORRUPT" -gt 0 ]; do while [ "$CORRUPT" -gt 0 ]; do
SEEK=$RANDOM SEEK=$RANDOM
while [ $SEEK -ge $2 ] ; do SEEK=$RANDOM; done while [ $SEEK -ge $2 ] ; do SEEK=$RANDOM; done
skipping to change at line 220 skipping to change at line 236
PARAMS="$PARAMS --hash-offset=$7" PARAMS="$PARAMS --hash-offset=$7"
fi fi
if [ "$8" -ne 0 ]; then if [ "$8" -ne 0 ]; then
PARAMS="$PARAMS --fec-offset=$8" PARAMS="$PARAMS --fec-offset=$8"
fi fi
if [ "${11}" == "n" ]; then if [ "${11}" == "n" ]; then
INDEX=24 INDEX=24
echo -n "[no-superblock]" echo -n "[no-superblock]"
PARAMS="$PARAMS --no-superblock -s=${12}" PARAMS="$PARAMS --no-superblock --salt=${12}"
elif [ -n "${12}" ]; then elif [ -n "${12}" ]; then
PARAMS="$PARAMS -s=${12}" PARAMS="$PARAMS --salt=${12}"
fi fi
if [[ "$1" == "$2" && "$1" == "$3" ]]; then if [[ "$1" == "$2" && "$1" == "$3" ]]; then
echo -n "[one_device_test]" echo -n "[one_device_test]"
dd if=/dev/zero of=$IMG_TMP bs=$4 count=$5 > /dev/null 2>&1 dd if=/dev/zero of=$IMG_TMP bs=$4 count=$5 > /dev/null 2>&1
ARR=(`sha256sum $IMG_TMP`) ARR=(`sha256sum $IMG_TMP`)
HASH_ORIG=${ARR[0]} HASH_ORIG=${ARR[0]}
else else
ARR=(`sha256sum $1`) ARR=(`sha256sum $1`)
HASH_ORIG=${ARR[0]} HASH_ORIG=${ARR[0]}
skipping to change at line 383 skipping to change at line 399
echo -n "[OK]" echo -n "[OK]"
echo -n "[Errors cannot be corrected]" echo -n "[Errors cannot be corrected]"
dd if=/dev/urandom of=$IMG bs=$BS count=$COUNT conv=notrunc >/dev/null 2> &1 dd if=/dev/urandom of=$IMG bs=$BS count=$COUNT conv=notrunc >/dev/null 2> &1
$VERITYSETUP verify $IMG $HASH_DEV $ROOT_HASH --fec-device=$FEC $PARAMS > /dev/null 2>&1 $VERITYSETUP verify $IMG $HASH_DEV $ROOT_HASH --fec-device=$FEC $PARAMS > /dev/null 2>&1
RET=$? RET=$?
[ "$RET" -eq 0 ] && fail "Device cannot be correct, but it didn't fail." [ "$RET" -eq 0 ] && fail "Device cannot be correct, but it didn't fail."
echo "[OK]" echo "[OK]"
} }
function check_concurrent() # $1 hash
{
DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
# First check that with two sequential opens, we are returning the expect
ed -EEXIST
$VERITYSETUP format $DEV_PARAMS >/dev/null 2>&1 || fail
$VERITYSETUP create $DEV_NAME $DEV_PARAMS $1 >/dev/null 2>&1 || fail
check_exists
$VERITYSETUP create $DEV_NAME $DEV_PARAMS $1 2>&1 >/dev/null | grep -q "D
evice $DEV_NAME already exists" || fail
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
# Then do two concurrent opens, and check that libdevmapper did not retur
n -EINVAL, which is
# not gracefully recoverable. Either could fail depending on scheduling,
so just check that
# the libdevmapper error does not appear in either of the outputs.
exec {out_1}< <($VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 2>&1)
exec {out_2}< <($VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 2>&1)
wait
cat <&${out_1} | grep -q "Command failed with code .* (wrong or missing p
arameters)" && fail
cat <&${out_2} | grep -q "Command failed with code .* (wrong or missing p
arameters)" && fail
check_exists
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
echo "[OK]"
}
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skip ped." [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skip ped."
[ ! -x "$VERITYSETUP" ] && skip "Cannot find $VERITYSETUP, test skipped." [ ! -x "$VERITYSETUP" ] && skip "Cannot find $VERITYSETUP, test skipped."
[ -n "$VALG" ] && valgrind_setup && VERITYSETUP=valgrind_run [ -n "$VALG" ] && valgrind_setup && VERITYSETUP=valgrind_run
modprobe dm-verity >/dev/null 2>&1 modprobe dm-verity >/dev/null 2>&1
dmsetup targets | grep verity >/dev/null 2>&1 || skip "Cannot find dm-verity tar get, test skipped." dmsetup targets | grep verity >/dev/null 2>&1 || skip "Cannot find dm-verity tar get, test skipped."
# VERITYSETUP tests # VERITYSETUP tests
SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
skipping to change at line 483 skipping to change at line 524
echo "Correction in userspace: " echo "Correction in userspace: "
# checkUserSpaceRepair <#blocks> <block_size> <roots> <hash_offset> <fec_offset> <#devices> <#corrupted bytes> # checkUserSpaceRepair <#blocks> <block_size> <roots> <hash_offset> <fec_offset> <#devices> <#corrupted bytes>
checkUserSpaceRepair -1 512 2 0 0 3 100 checkUserSpaceRepair -1 512 2 0 0 3 100
checkUserSpaceRepair 400 512 2 256000 0 2 50 checkUserSpaceRepair 400 512 2 256000 0 2 50
checkUserSpaceRepair 500 512 2 2457600 4915200 1 1 checkUserSpaceRepair 500 512 2 2457600 4915200 1 1
checkUserSpaceRepair -1 4096 2 0 0 3 10 checkUserSpaceRepair -1 4096 2 0 0 3 10
checkUserSpaceRepair 400 4096 2 2048000 0 2 1 checkUserSpaceRepair 400 4096 2 2048000 0 2 1
checkUserSpaceRepair 500 4096 2 2457600 4915200 1 2 checkUserSpaceRepair 500 4096 2 2457600 4915200 1 2
echo -n "Verity concurrent opening tests:"
prepare 8192 1024
check_concurrent 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c3932517
4
echo -n "Deferred removal of device:"
prepare 8192 1024
$VERITYSETUP format $LOOPDEV1 $IMG_HASH --format=1 --data-block-size=512 --hash-
block-size=512 --hash=sha256 --salt=$SALT >/dev/null 2>&1 || fail "Cannot format
device."
$VERITYSETUP open $LOOPDEV1 $DEV_NAME $DEV $IMG_HASH 9de18652fe74edfb9b805aaed72
ae2aa48f94333f1ba5c452ac33b1c39325174 || fail "Cannot activate device."
dmsetup create $DEV_NAME2 --table "0 8 linear /dev/mapper/$DEV_NAME 0"
[ ! -b /dev/mapper/$DEV_NAME2 ] && fail
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 && fail
$VERITYSETUP status $DEV_NAME >/dev/null 2>&1 || fail
$VERITYSETUP close --deferred $DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
$VERITYSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail
$VERITYSETUP close --deferred $DEV_NAME >/dev/null 2>&1
dmsetup remove $DEV_NAME2 || fail
$VERITYSETUP status $DEV_NAME >/dev/null 2>&1 && fail
echo "[OK]"
else
dmsetup remove $DEV_NAME2 >/dev/null 2>&1
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1
echo "[N/A]"
fi
remove_mapping remove_mapping
exit 0 exit 0
 End of changes. 16 change blocks. 
8 lines changed or deleted 86 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)