"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/tests/api-test-2.c" (13 Jan 2022, 197695 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "api-test-2.c":
2.4.2_vs_2.4.3.
1 /*
2 * cryptsetup library LUKS2 API check functions
3 *
4 * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2009-2021 Milan Broz
6 * Copyright (C) 2016-2021 Ondrej Kozina
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23 #include <stdbool.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <fcntl.h>
28 #include <errno.h>
29 #include <signal.h>
30 #include <sys/stat.h>
31 #include <inttypes.h>
32 #include <sys/types.h>
33 #ifdef KERNEL_KEYRING
34 #include <linux/keyctl.h>
35 #include <sys/syscall.h>
36 #ifndef HAVE_KEY_SERIAL_T
37 #define HAVE_KEY_SERIAL_T
38 #include <stdint.h>
39 typedef int32_t key_serial_t;
40 #endif
41 #endif
42
43 #include "api_test.h"
44 #include "luks1/luks.h"
45 #include "libcryptsetup.h"
46
47 #define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
48 #define DEVICE_EMPTY_name "crypt_zero"
49 #define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
50 #define DEVICE_ERROR_name "crypt_error"
51 #define DEVICE_ERROR DMDIR DEVICE_ERROR_name
52
53 #define CDEVICE_1 "ctest1"
54 #define CDEVICE_2 "ctest2"
55 #define CDEVICE_WRONG "O_o"
56 #define H_DEVICE "head_ok"
57 #define H_DEVICE_WRONG "head_wr"
58 #define L_DEVICE_1S "luks_onesec"
59 #define L_DEVICE_0S "luks_zerosec"
60 #define L_DEVICE_WRONG "luks_wr"
61 #define L_DEVICE_OK "luks_ok"
62 #define REQS_LUKS2_HEADER "luks2_header_requirements"
63 #define NO_REQS_LUKS2_HEADER "luks2_header_requirements_free"
64 #define BACKUP_FILE "csetup_backup_file"
65 #define IMAGE1 "compatimage2.img"
66 #define IMAGE_EMPTY "empty.img"
67 #define IMAGE_EMPTY_SMALL "empty_small.img"
68 #define IMAGE_EMPTY_SMALL_2 "empty_small2.img"
69 #define IMAGE_PV_LUKS2_SEC "blkid-luks2-pv.img"
70
71 #define KEYFILE1 "key1.file"
72 #define KEY1 "compatkey"
73
74 #define KEYFILE2 "key2.file"
75 #define KEY2 "0123456789abcdef"
76
77 #define PASSPHRASE "blabla"
78 #define PASSPHRASE1 "albalb"
79
80 #define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc"
81
82 #define DEVICE_WRONG "/dev/Ooo_"
83 #define DEVICE_CHAR "/dev/zero"
84 #define THE_LFILE_TEMPLATE "cryptsetup-tstlp.XXXXXX"
85
86 #define KEY_DESC_TEST0 "cs_token_test:test_key0"
87 #define KEY_DESC_TEST1 "cs_token_test:test_key1"
88
89 #define CONV_DIR "conversion_imgs"
90 #define CONV_L1_128 "l1_128b"
91 #define CONV_L1_256 "l1_256b"
92 #define CONV_L1_512 "l1_512b"
93 #define CONV_L2_128 "l2_128b"
94 #define CONV_L2_128_FULL "l2_128b_full"
95 #define CONV_L2_256 "l2_256b"
96 #define CONV_L2_256_FULL "l2_256b_full"
97 #define CONV_L2_512 "l2_512b"
98 #define CONV_L2_512_FULL "l2_512b_full"
99 #define CONV_L1_128_DET "l1_128b_det"
100 #define CONV_L1_256_DET "l1_256b_det"
101 #define CONV_L1_512_DET "l1_512b_det"
102 #define CONV_L2_128_DET "l2_128b_det"
103 #define CONV_L2_128_DET_FULL "l2_128b_det_full"
104 #define CONV_L2_256_DET "l2_256b_det"
105 #define CONV_L2_256_DET_FULL "l2_256b_det_full"
106 #define CONV_L2_512_DET "l2_512b_det"
107 #define CONV_L2_512_DET_FULL "l2_512b_det_full"
108 #define CONV_L1_256_LEGACY "l1_256b_legacy_offset"
109 #define CONV_L1_256_UNMOVABLE "l1_256b_unmovable"
110 #define PASS0 "aaa"
111 #define PASS1 "hhh"
112 #define PASS2 "ccc"
113 #define PASS3 "ddd"
114 #define PASS4 "eee"
115 #define PASS5 "fff"
116 #define PASS6 "ggg"
117 #define PASS7 "bbb"
118 #define PASS8 "iii"
119
120 static int _fips_mode = 0;
121
122 static char *DEVICE_1 = NULL;
123 static char *DEVICE_2 = NULL;
124 static char *DEVICE_3 = NULL;
125 static char *DEVICE_4 = NULL;
126 static char *DEVICE_5 = NULL;
127 static char *DEVICE_6 = NULL;
128
129 static char *tmp_file_1 = NULL;
130 static char *test_loop_file = NULL;
131
132 unsigned int test_progress_steps;
133
134 struct crypt_device *cd = NULL, *cd2 = NULL;
135
136 static const char *default_luks1_hash = NULL;
137 static uint32_t default_luks1_iter_time = 0;
138
139 static const char *default_luks2_pbkdf = NULL;
140 static uint32_t default_luks2_iter_time = 0;
141 static uint32_t default_luks2_memory_kb = 0;
142 static uint32_t default_luks2_parallel_threads = 0;
143
144 static struct crypt_pbkdf_type min_pbkdf2 = {
145 .type = "pbkdf2",
146 .iterations = 1000,
147 .flags = CRYPT_PBKDF_NO_BENCHMARK
148 }, min_argon2 = {
149 .type = "argon2id",
150 .iterations = 4,
151 .max_memory_kb = 32,
152 .parallel_threads = 1,
153 .flags = CRYPT_PBKDF_NO_BENCHMARK
154 };
155
156 // Helpers
157
158 static unsigned cpus_online(void)
159 {
160 static long r = -1;
161
162 if (r < 0) {
163 r = sysconf(_SC_NPROCESSORS_ONLN);
164 if (r < 0)
165 r = 1;
166 }
167
168 return r;
169 }
170
171 static uint32_t adjusted_pbkdf_memory(void)
172 {
173 long pagesize = sysconf(_SC_PAGESIZE);
174 long pages = sysconf(_SC_PHYS_PAGES);
175 uint64_t memory_kb;
176
177 if (pagesize <= 0 || pages <= 0)
178 return default_luks2_memory_kb;
179
180 memory_kb = pagesize / 1024 * pages / 2;
181
182 if (memory_kb < default_luks2_memory_kb)
183 return (uint32_t)memory_kb;
184
185 return default_luks2_memory_kb;
186 }
187
188 static unsigned _min(unsigned a, unsigned b)
189 {
190 return a < b ? a : b;
191 }
192
193 static int get_luks2_offsets(int metadata_device,
194 unsigned int alignpayload_sec,
195 unsigned int sector_size,
196 uint64_t *r_header_size,
197 uint64_t *r_payload_offset)
198 {
199 struct crypt_device *cd = NULL;
200 static uint64_t default_header_size = 0;
201
202 if (!default_header_size) {
203 if (crypt_init(&cd, THE_LOOP_DEV))
204 return -EINVAL;
205 if (crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL)) {
206 crypt_free(cd);
207 return -EINVAL;
208 }
209
210 default_header_size = crypt_get_data_offset(cd);
211
212 crypt_free(cd);
213 }
214
215 if (!sector_size)
216 sector_size = 512; /* default? */
217
218 if ((sector_size % 512) && (sector_size % 4096))
219 return -1;
220
221 if (r_payload_offset) {
222 if (metadata_device)
223 *r_payload_offset = alignpayload_sec * sector_size;
224 else
225 *r_payload_offset = DIV_ROUND_UP_MODULO(default_header_size * 512, (alignpayload_sec ?: 1) * sector_size);
226
227 *r_payload_offset /= sector_size;
228 }
229
230 if (r_header_size)
231 *r_header_size = default_header_size;
232
233 return 0;
234 }
235
236 static bool get_luks_pbkdf_defaults(void)
237 {
238 const struct crypt_pbkdf_type *pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS1);
239
240 if (!pbkdf_defaults)
241 return false;
242
243 default_luks1_hash = pbkdf_defaults->hash;
244 default_luks1_iter_time = pbkdf_defaults->time_ms;
245
246 pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS2);
247 if (!pbkdf_defaults)
248 return false;
249
250 default_luks2_pbkdf = pbkdf_defaults->type;
251 default_luks2_iter_time = pbkdf_defaults->time_ms;
252 default_luks2_memory_kb = pbkdf_defaults->max_memory_kb;
253 default_luks2_parallel_threads = pbkdf_defaults->parallel_threads;
254
255 return true;
256 }
257
258 static void _remove_keyfiles(void)
259 {
260 remove(KEYFILE1);
261 remove(KEYFILE2);
262 }
263
264 #if HAVE_DECL_DM_TASK_RETRY_REMOVE
265 #define DM_RETRY "--retry "
266 #else
267 #define DM_RETRY ""
268 #endif
269
270 #define DM_NOSTDERR " 2>/dev/null"
271
272 static void _cleanup_dmdevices(void)
273 {
274 struct stat st;
275
276 if (!stat(DMDIR H_DEVICE, &st))
277 _system("dmsetup remove " DM_RETRY H_DEVICE DM_NOSTDERR, 0);
278
279 if (!stat(DMDIR H_DEVICE_WRONG, &st))
280 _system("dmsetup remove " DM_RETRY H_DEVICE_WRONG DM_NOSTDERR, 0);
281
282 if (!stat(DMDIR L_DEVICE_0S, &st))
283 _system("dmsetup remove " DM_RETRY L_DEVICE_0S DM_NOSTDERR, 0);
284
285 if (!stat(DMDIR L_DEVICE_1S, &st))
286 _system("dmsetup remove " DM_RETRY L_DEVICE_1S DM_NOSTDERR, 0);
287
288 if (!stat(DMDIR L_DEVICE_WRONG, &st))
289 _system("dmsetup remove " DM_RETRY L_DEVICE_WRONG DM_NOSTDERR, 0);
290
291 if (!stat(DMDIR L_DEVICE_OK, &st))
292 _system("dmsetup remove " DM_RETRY L_DEVICE_OK DM_NOSTDERR, 0);
293
294 t_dev_offset = 0;
295 }
296
297 static void _cleanup(void)
298 {
299 struct stat st;
300
301 CRYPT_FREE(cd);
302 CRYPT_FREE(cd2);
303
304 //_system("udevadm settle", 0);
305
306 if (!stat(DMDIR CDEVICE_1, &st))
307 _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0);
308
309 if (!stat(DMDIR CDEVICE_2, &st))
310 _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0);
311
312 if (!stat(DEVICE_EMPTY, &st))
313 _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0);
314
315 if (!stat(DEVICE_ERROR, &st))
316 _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0);
317
318 _cleanup_dmdevices();
319
320 if (loop_device(THE_LOOP_DEV))
321 loop_detach(THE_LOOP_DEV);
322
323 if (loop_device(DEVICE_1))
324 loop_detach(DEVICE_1);
325
326 if (loop_device(DEVICE_2))
327 loop_detach(DEVICE_2);
328
329 if (loop_device(DEVICE_3))
330 loop_detach(DEVICE_3);
331
332 if (loop_device(DEVICE_4))
333 loop_detach(DEVICE_4);
334
335 if (loop_device(DEVICE_5))
336 loop_detach(DEVICE_5);
337
338 if (loop_device(DEVICE_6))
339 loop_detach(DEVICE_6);
340
341 _system("rm -f " IMAGE_EMPTY, 0);
342 _system("rm -f " IMAGE1, 0);
343 _system("rm -rf " CONV_DIR, 0);
344
345 if (test_loop_file)
346 remove(test_loop_file);
347 if (tmp_file_1)
348 remove(tmp_file_1);
349
350 remove(REQS_LUKS2_HEADER);
351 remove(NO_REQS_LUKS2_HEADER);
352 remove(BACKUP_FILE);
353 remove(IMAGE_PV_LUKS2_SEC);
354 remove(IMAGE_PV_LUKS2_SEC ".bcp");
355 remove(IMAGE_EMPTY_SMALL);
356 remove(IMAGE_EMPTY_SMALL_2);
357
358 _remove_keyfiles();
359
360 free(tmp_file_1);
361 free(test_loop_file);
362 free(THE_LOOP_DEV);
363 free(DEVICE_1);
364 free(DEVICE_2);
365 free(DEVICE_3);
366 free(DEVICE_4);
367 free(DEVICE_5);
368 free(DEVICE_6);
369 }
370
371 static int _setup(void)
372 {
373 int fd, ro = 0;
374 char cmd[128];
375
376 test_loop_file = strdup(THE_LFILE_TEMPLATE);
377 if (!test_loop_file)
378 return 1;
379
380 if ((fd=mkstemp(test_loop_file)) == -1) {
381 printf("cannot create temporary file with template %s\n", test_loop_file);
382 return 1;
383 }
384 close(fd);
385 snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
386 test_loop_file, TST_SECTOR_SIZE, TST_LOOP_FILE_SIZE);
387 if (_system(cmd, 1))
388 return 1;
389
390 fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro);
391 close(fd);
392
393 tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
394 if (!tmp_file_1)
395 return 1;
396
397 if ((fd=mkstemp(tmp_file_1)) == -1) {
398 printf("cannot create temporary file with template %s\n", tmp_file_1);
399 return 1;
400 }
401 close(fd);
402 snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
403 tmp_file_1, TST_SECTOR_SIZE, 10);
404 if (_system(cmd, 1))
405 return 1;
406
407 _system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1);
408 _system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1);
409
410 _system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1);
411 fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro);
412 close(fd);
413
414 _system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=32 2>/dev/null", 1);
415 fd = loop_attach(&DEVICE_2, IMAGE_EMPTY, 0, 0, &ro);
416 close(fd);
417
418 _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL " bs=1M count=7 2>/dev/null", 1);
419
420 _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1);
421
422 _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && xz -dk " NO_REQS_LUKS2_HEADER ".xz", 1);
423 fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro);
424 close(fd);
425
426 _system(" [ ! -e " REQS_LUKS2_HEADER " ] && xz -dk " REQS_LUKS2_HEADER ".xz", 1);
427 fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro);
428 close(fd);
429
430 _system(" [ ! -e " IMAGE_PV_LUKS2_SEC " ] && xz -dk " IMAGE_PV_LUKS2_SEC ".xz", 1);
431 _system(" [ ! -e " IMAGE_PV_LUKS2_SEC ".bcp ] && cp " IMAGE_PV_LUKS2_SEC " " IMAGE_PV_LUKS2_SEC ".bcp", 1);
432 fd = loop_attach(&DEVICE_6, IMAGE_PV_LUKS2_SEC, 0, 0, &ro);
433 close(fd);
434
435 _system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/null", 1);
436
437 if (_system("modprobe dm-crypt >/dev/null 2>&1", 1))
438 return 1;
439
440 if (t_dm_check_versions())
441 return 1;
442
443 _system("rmmod dm-crypt >/dev/null 2>&1", 0);
444
445 _fips_mode = fips_mode();
446 if (_debug)
447 printf("FIPS MODE: %d\n", _fips_mode);
448
449 /* Use default log callback */
450 crypt_set_log_callback(NULL, &global_log_callback, NULL);
451
452 if (!get_luks_pbkdf_defaults())
453 return 1;
454
455 min_pbkdf2.hash = min_argon2.hash = default_luks1_hash;
456
457 return 0;
458 }
459
460 static int set_fast_pbkdf(struct crypt_device *cd)
461 {
462 const struct crypt_pbkdf_type *pbkdf = &min_argon2;
463
464 /* Cannot use Argon2 in FIPS */
465 if (_fips_mode)
466 pbkdf = &min_pbkdf2;
467
468 return crypt_set_pbkdf_type(cd, pbkdf);
469 }
470
471 #ifdef KERNEL_KEYRING
472 static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring)
473 {
474 return syscall(__NR_add_key, type, description, payload, plen, keyring);
475 }
476
477 static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring)
478 {
479 return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring);
480 }
481
482 static key_serial_t request_key(const char *type,
483 const char *description,
484 const char *callout_info,
485 key_serial_t keyring)
486 {
487 return syscall(__NR_request_key, type, description, callout_info, keyring);
488 }
489
490 static key_serial_t _kernel_key_by_segment(struct crypt_device *cd, int segment)
491 {
492 char key_description[1024];
493
494 if (snprintf(key_description, sizeof(key_description), "cryptsetup:%s-d%u", crypt_get_uuid(cd), segment) < 1)
495 return -1;
496
497 return request_key("logon", key_description, NULL, 0);
498 }
499
500 static int _volume_key_in_keyring(struct crypt_device *cd, int segment)
501 {
502 return _kernel_key_by_segment(cd, segment) >= 0 ? 0 : -1;
503 }
504
505 static int _drop_keyring_key(struct crypt_device *cd, int segment)
506 {
507 key_serial_t kid = _kernel_key_by_segment(cd, segment);
508
509 if (kid < 0)
510 return -1;
511
512 return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING);
513 }
514 #endif
515
516 static int test_open(struct crypt_device *cd __attribute__((unused)),
517 int token __attribute__((unused)),
518 char **buffer,
519 size_t *buffer_len,
520 void *usrptr)
521 {
522 const char *str = (const char *)usrptr;
523
524 *buffer = strdup(str);
525 if (!*buffer)
526 return -ENOMEM;
527 *buffer_len = strlen(*buffer);
528
529 return 0;
530 }
531
532 static int test_validate(struct crypt_device *cd __attribute__((unused)), const char *json)
533 {
534 return (strstr(json, "magic_string") == NULL);
535 }
536
537 static void UseLuks2Device(void)
538 {
539 char key[128];
540 size_t key_size;
541
542 OK_(crypt_init(&cd, DEVICE_1));
543 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
544 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
545 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
546 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
547 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
548 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
549 OK_(crypt_deactivate(cd, CDEVICE_1));
550 FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
551
552 #if KERNEL_KEYRING
553 // repeat previous tests and check kernel keyring is released when not needed
554 if (t_dm_crypt_keyring_support()) {
555 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
556 FAIL_(_drop_keyring_key(cd, 0), "");
557 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), CRYPT_ACTIVATE_KEYRING_KEY));
558 OK_(_drop_keyring_key(cd, 0));
559 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
560 OK_(_drop_keyring_key(cd, 0));
561 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
562 FAIL_(_volume_key_in_keyring(cd, 0), "");
563 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
564 OK_(crypt_deactivate(cd, CDEVICE_1));
565 FAIL_(_volume_key_in_keyring(cd, 0), "");
566 }
567 #endif
568
569 key_size = 16;
570 OK_(strcmp("aes", crypt_get_cipher(cd)));
571 OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));
572 OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));
573 EQ_((int)key_size, crypt_get_volume_key_size(cd));
574 EQ_(8192, crypt_get_data_offset(cd));
575
576 EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
577 OK_(crypt_volume_key_verify(cd, key, key_size));
578 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
579 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
580 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
581 OK_(crypt_deactivate(cd, CDEVICE_1));
582
583 key[1] = ~key[1];
584 FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
585 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
586
587 CRYPT_FREE(cd);
588 }
589
590 static void SuspendDevice(void)
591 {
592 struct crypt_active_device cad;
593 char key[128];
594 size_t key_size;
595 int suspend_status;
596 uint64_t r_payload_offset;
597
598 OK_(crypt_init(&cd, DEVICE_1));
599 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
600 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
601
602 suspend_status = crypt_suspend(cd, CDEVICE_1);
603 if (suspend_status == -ENOTSUP) {
604 printf("WARNING: Suspend/Resume not supported, skipping test.\n");
605 OK_(crypt_deactivate(cd, CDEVICE_1));
606 CRYPT_FREE(cd);
607 return;
608 }
609
610 OK_(suspend_status);
611 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
612 EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
613 #ifdef KERNEL_KEYRING
614 FAIL_(_volume_key_in_keyring(cd, 0), "");
615 #endif
616 FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
617
618 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
619 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
620 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
621
622 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
623 EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
624
625 OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
626 OK_(crypt_suspend(cd, CDEVICE_1));
627 FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
628 FAIL_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key");
629 OK_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0));
630 FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
631 OK_(crypt_deactivate(cd, CDEVICE_1));
632 CRYPT_FREE(cd);
633
634 /* create LUKS device with detached header */
635 OK_(crypt_init(&cd, DEVICE_1));
636 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
637 OK_(crypt_set_data_device(cd, DEVICE_2));
638 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
639 CRYPT_FREE(cd);
640
641 /* Should be able to suspend but not resume if not header specified */
642 OK_(crypt_init_by_name(&cd, CDEVICE_1));
643 OK_(crypt_suspend(cd, CDEVICE_1));
644 FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
645 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header");
646 CRYPT_FREE(cd);
647
648 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_1));
649 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
650
651 /* Resume by volume key */
652 OK_(crypt_suspend(cd, CDEVICE_1));
653 key_size = sizeof(key);
654 memset(key, 0, key_size);
655 FAIL_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size), "wrong key");
656 OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
657 OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
658 OK_(crypt_deactivate(cd, CDEVICE_1));
659 CRYPT_FREE(cd);
660
661 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
662 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
663
664 /* Resume device with cipher_null */
665 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
666 OK_(set_fast_pbkdf(cd));
667 OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
668 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
669 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
670 OK_(crypt_suspend(cd, CDEVICE_1));
671 OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
672 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
673 EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
674 OK_(crypt_suspend(cd, CDEVICE_1));
675 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE)));
676 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
677 EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
678 OK_(crypt_deactivate(cd, CDEVICE_1));
679 CRYPT_FREE(cd);
680
681 _remove_keyfiles();
682 _cleanup_dmdevices();
683 }
684
685 static void AddDeviceLuks2(void)
686 {
687 enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 };
688 struct crypt_pbkdf_type pbkdf = {
689 .type = CRYPT_KDF_ARGON2I,
690 .hash = "sha256",
691 .parallel_threads = 4,
692 .max_memory_kb = 1024,
693 .time_ms = 1
694 }, pbkdf_tmp;
695 struct crypt_params_luks2 params = {
696 .pbkdf = &pbkdf,
697 .data_device = DEVICE_2,
698 .sector_size = 512
699 };
700 char key[128], key2[128], key3[128];
701
702 const char *tmp_buf, *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd";
703 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
704 const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
705 size_t key_size = strlen(mk_hex) / 2;
706 const char *cipher = "aes";
707 const char *cipher_mode = "cbc-essiv:sha256";
708 uint64_t r_payload_offset, r_header_size, r_size_1;
709
710 /* Cannot use Argon2 in FIPS */
711 if (_fips_mode) {
712 pbkdf.type = CRYPT_KDF_PBKDF2;
713 pbkdf.parallel_threads = 0;
714 pbkdf.max_memory_kb = 0;
715 }
716
717 crypt_decode_key(key, mk_hex, key_size);
718 crypt_decode_key(key3, mk_hex2, key_size);
719
720 // init test devices
721 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
722 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
723 OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1));
724
725
726 // format
727 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
728 params.data_alignment = 0;
729 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Not enough space for keyslots material");
730 CRYPT_FREE(cd);
731
732 // test payload_offset = 0 for encrypted device with external header device
733 OK_(crypt_init(&cd, DMDIR H_DEVICE));
734 OK_(set_fast_pbkdf(cd));
735 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
736 EQ_(crypt_get_data_offset(cd), 0);
737 CRYPT_FREE(cd);
738
739 params.data_alignment = 0;
740 params.data_device = NULL;
741
742 // test payload_offset = 0. format() should look up alignment offset from device topology
743 OK_(crypt_init(&cd, DEVICE_2));
744 OK_(set_fast_pbkdf(cd));
745 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
746 OK_(!(crypt_get_data_offset(cd) > 0));
747 CRYPT_FREE(cd);
748
749 // set_data_offset has priority, alignment must be 0 or must be compatible
750 params.data_alignment = 0;
751 OK_(crypt_init(&cd, DEVICE_2));
752 OK_(set_fast_pbkdf(cd));
753 OK_(crypt_set_data_offset(cd, OFFSET_8M));
754 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
755 EQ_(crypt_get_data_offset(cd), OFFSET_8M);
756 CRYPT_FREE(cd);
757
758 // Load gets the value from metadata
759 OK_(crypt_init(&cd, DEVICE_2));
760 OK_(crypt_set_data_offset(cd, OFFSET_2M));
761 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
762 EQ_(crypt_get_data_offset(cd), OFFSET_8M);
763 CRYPT_FREE(cd);
764
765 params.data_alignment = OFFSET_4M;
766 OK_(crypt_init(&cd, DEVICE_2));
767 OK_(set_fast_pbkdf(cd));
768 FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k
769 OK_(crypt_set_data_offset(cd, OFFSET_2M));
770 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Alignment not compatible");
771 OK_(crypt_set_data_offset(cd, OFFSET_4M));
772 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
773 EQ_(crypt_get_data_offset(cd), OFFSET_4M);
774 CRYPT_FREE(cd);
775
776 /*
777 * test limit values for backing device size
778 */
779 params.data_alignment = OFFSET_4M;
780 OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
781 OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
782 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
783 OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1));
784
785 // 1 sector less than required
786 OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG));
787 OK_(set_fast_pbkdf(cd));
788 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device too small");
789 CRYPT_FREE(cd);
790
791 // 0 sectors for encrypted area
792 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
793 OK_(set_fast_pbkdf(cd));
794 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
795 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Encrypted area too small");
796 CRYPT_FREE(cd);
797
798 // 1 sector for encrypted area
799 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
800 OK_(set_fast_pbkdf(cd));
801 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
802 EQ_(crypt_get_data_offset(cd), r_payload_offset);
803 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
804 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
805 OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1));
806 EQ_(r_size_1, TST_SECTOR_SIZE);
807 OK_(crypt_deactivate(cd, CDEVICE_1));
808 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
809 // restrict format only to empty context
810 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted");
811 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted");
812 // change data device to wrong one
813 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S));
814 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
815 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S));
816 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
817 OK_(crypt_deactivate(cd, CDEVICE_1));
818 CRYPT_FREE(cd);
819
820 params.data_alignment = 0;
821 params.data_device = DEVICE_2;
822
823 // generate keyslot material at the end of luks header
824 OK_(crypt_init(&cd, DMDIR H_DEVICE));
825 OK_(set_fast_pbkdf(cd));
826 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
827 EQ_((int)key_size, crypt_get_volume_key_size(cd));
828 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
829 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
830
831 OK_(crypt_keyslot_get_pbkdf(cd, 7, &pbkdf_tmp));
832 OK_(strcmp(pbkdf_tmp.type, pbkdf.type));
833 if (!_fips_mode) {
834 NULL_(pbkdf_tmp.hash);
835 OK_(!(pbkdf_tmp.max_memory_kb >= 32));
836 OK_(!(pbkdf_tmp.parallel_threads >= 1));
837 } else
838 OK_(strcmp(pbkdf_tmp.hash, pbkdf.hash));
839 OK_(!(pbkdf_tmp.iterations >= 4));
840 EQ_(0, pbkdf_tmp.time_ms); /* not usable in per-keyslot call */
841
842 CRYPT_FREE(cd);
843 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
844 OK_(set_fast_pbkdf(cd));
845 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted");
846 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
847 CRYPT_FREE(cd);
848 // check active status without header
849 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL));
850 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
851 NULL_(crypt_get_type(cd));
852 OK_(strcmp(cipher, crypt_get_cipher(cd)));
853 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
854 EQ_((int)key_size, crypt_get_volume_key_size(cd));
855 OK_(crypt_deactivate(cd, CDEVICE_1));
856 CRYPT_FREE(cd);
857
858 params.data_alignment = OFFSET_1M;
859 params.data_device = NULL;
860
861 // test uuid mismatch and _init_by_name_and_header
862 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
863 OK_(set_fast_pbkdf(cd));
864 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
865 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
866 EQ_(0, crypt_header_is_detached(cd));
867 CRYPT_FREE(cd);
868 params.data_alignment = 0;
869 params.data_device = DEVICE_2;
870 OK_(crypt_init(&cd, DMDIR H_DEVICE));
871 OK_(set_fast_pbkdf(cd));
872 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
873 CRYPT_FREE(cd);
874 // there we've got uuid mismatch
875 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
876 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
877 NULL_(crypt_get_type(cd));
878 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device is active");
879 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active");
880 EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
881 OK_(crypt_deactivate(cd, CDEVICE_1));
882 FAIL_(crypt_header_is_detached(cd), "no header for mismatched device");
883 CRYPT_FREE(cd);
884
885 params.data_device = NULL;
886
887 OK_(crypt_init(&cd, DEVICE_2));
888 OK_(set_fast_pbkdf(cd));
889 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
890
891 // even with no keyslots defined it can be activated by volume key
892 OK_(crypt_volume_key_verify(cd, key, key_size));
893 OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
894 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
895 OK_(crypt_deactivate(cd, CDEVICE_2));
896
897 // now with keyslot
898 EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
899 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
900 EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
901 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
902 OK_(crypt_deactivate(cd, CDEVICE_2));
903
904 EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
905 OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
906 OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
907 EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0));
908 FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2, 0, 1), "wrong key");
909 EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE2, 0, 1));
910 EQ_(4, crypt_keyslot_add_by_keyfile_offset(cd, 4, KEYFILE2, 0, 1, KEYFILE1, 0, 1));
911 FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
912 EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
913 EQ_(3, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 1, 0));
914 EQ_(4, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, 1, 0));
915 FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2), 2, 0), "not enough data");
916 FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, strlen(KEY2) + 1, 0), "cannot seek");
917 FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 2, 0), "wrong key");
918 EQ_(2, crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
919 OK_(crypt_keyslot_destroy(cd, 1));
920 OK_(crypt_keyslot_destroy(cd, 2));
921 OK_(crypt_keyslot_destroy(cd, 3));
922 OK_(crypt_keyslot_destroy(cd, 4));
923 OK_(crypt_deactivate(cd, CDEVICE_2));
924 _remove_keyfiles();
925
926 FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
927 key[1] = ~key[1];
928 FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
929 key[1] = ~key[1];
930 EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase2, strlen(passphrase2)));
931 EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
932
933 FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
934 FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
935 FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
936 OK_(crypt_keyslot_destroy(cd, 7));
937 EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
938 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
939
940 EQ_(6, crypt_keyslot_change_by_passphrase(cd, 6, CRYPT_ANY_SLOT, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
941 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
942 EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
943 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
944 EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
945 EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
946
947 EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
948 OK_(crypt_volume_key_verify(cd, key2, key_size));
949 OK_(memcmp(key, key2, key_size));
950
951 OK_(strcmp(cipher, crypt_get_cipher(cd)));
952 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
953 EQ_((int)key_size, crypt_get_volume_key_size(cd));
954 EQ_(r_payload_offset, crypt_get_data_offset(cd));
955 OK_(strcmp(DEVICE_2, crypt_get_device_name(cd)));
956
957 reset_log();
958 OK_(crypt_dump(cd));
959 OK_(!(global_lines != 0));
960 reset_log();
961
962 FAIL_(crypt_dump_json(cd, NULL, 42), "flags be used later");
963 OK_(crypt_dump_json(cd, NULL, 0));
964 OK_(!(global_lines != 0));
965 reset_log();
966 OK_(crypt_dump_json(cd, &tmp_buf, 0));
967 OK_(!tmp_buf);
968 OK_(!(strlen(tmp_buf) != 0));
969
970 FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format");
971 OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID));
972 OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd)));
973
974 FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
975 CRYPT_FREE(cd);
976 _cleanup_dmdevices();
977
978 /* LUKSv2 format tests */
979
980 /* very basic test */
981 OK_(crypt_init(&cd, DEVICE_2));
982 crypt_set_iteration_time(cd, 1);
983 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 0, NULL), "Wrong key size");
984 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
985 CRYPT_FREE(cd);
986 /* some invalid parameters known to cause troubles */
987 OK_(crypt_init(&cd, DEVICE_2));
988 crypt_set_iteration_time(cd, 0); /* wrong for argon2 but we don't know the pbkdf type yet, ignored */
989 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
990 CRYPT_FREE(cd);
991 OK_(crypt_init(&cd, DEVICE_2));
992 OK_(set_fast_pbkdf(cd));
993 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
994 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
995 CRYPT_FREE(cd);
996
997 OK_(crypt_init(&cd, DEVICE_2));
998 OK_(set_fast_pbkdf(cd));
999 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, NULL));
1000 FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
1001 FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
1002 CRYPT_FREE(cd);
1003
1004 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
1005 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1006 OK_(set_fast_pbkdf(cd));
1007 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
1008 EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 3);
1009 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0");
1010 CRYPT_FREE(cd);
1011
1012 /*
1013 * Check regression in getting keyslot encryption parameters when
1014 * volume key size is unknown (no active keyslots).
1015 */
1016 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1017 OK_(set_fast_pbkdf(cd));
1018 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
1019 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
1020 /* drop context copy of volume key */
1021 CRYPT_FREE(cd);
1022 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1023 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1024 EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
1025 OK_(crypt_keyslot_destroy(cd, 0));
1026 OK_(set_fast_pbkdf(cd));
1027 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
1028 CRYPT_FREE(cd);
1029
1030 _cleanup_dmdevices();
1031 }
1032
1033 static void Luks2MetadataSize(void)
1034 {
1035 struct crypt_pbkdf_type pbkdf = {
1036 .type = CRYPT_KDF_ARGON2I,
1037 .hash = "sha256",
1038 .parallel_threads = 1,
1039 .max_memory_kb = 128,
1040 .iterations = 4,
1041 .flags = CRYPT_PBKDF_NO_BENCHMARK
1042 };
1043 struct crypt_params_luks2 params = {
1044 .pbkdf = &pbkdf,
1045 .data_device = DEVICE_2,
1046 .sector_size = 512
1047 };
1048 char key[128], tmp[128];
1049
1050 const char *passphrase = "blabla";
1051 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1052 size_t key_size = strlen(mk_hex) / 2;
1053 const char *cipher = "aes";
1054 const char *cipher_mode = "cbc-essiv:sha256";
1055 uint64_t r_header_size, default_mdata_size, default_keyslots_size, mdata_size,
1056 keyslots_size, r_header_wrong_size = 14336;
1057
1058 /* Cannot use Argon2 in FIPS */
1059 if (_fips_mode) {
1060 pbkdf.type = CRYPT_KDF_PBKDF2;
1061 pbkdf.parallel_threads = 0;
1062 pbkdf.max_memory_kb = 0;
1063 pbkdf.iterations = 1000;
1064 }
1065
1066 crypt_decode_key(key, mk_hex, key_size);
1067
1068 // init test devices
1069 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
1070 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
1071 OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_wrong_size)); /* 7 MiBs only */
1072 //default metadata sizes
1073 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1074 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1075 EQ_(mdata_size, 0);
1076 EQ_(keyslots_size, 0);
1077 OK_(crypt_set_metadata_size(cd, 0, 0));
1078 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1079 EQ_(mdata_size, 0);
1080 EQ_(keyslots_size, 0);
1081 OK_(crypt_set_metadata_size(cd, 0x004000, 0x004000));
1082 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1083 EQ_(mdata_size, 0x004000);
1084 EQ_(keyslots_size, 0x004000);
1085 OK_(crypt_set_metadata_size(cd, 0x008000, 0x008000));
1086 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1087 EQ_(mdata_size, 0x008000);
1088 EQ_(keyslots_size, 0x008000);
1089 FAIL_(crypt_set_metadata_size(cd, 0x008001, 0x008000), "Wrong size");
1090 FAIL_(crypt_set_metadata_size(cd, 0x008000, 0x008001), "Wrong size");
1091 CRYPT_FREE(cd);
1092
1093 // metadata settings
1094 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1095 OK_(crypt_set_metadata_size(cd, 0x080000, 0x080000));
1096 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1097 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
1098 CRYPT_FREE(cd);
1099 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1100 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1101 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1102 EQ_(mdata_size, 0x080000);
1103 EQ_(keyslots_size, 0x080000);
1104 CRYPT_FREE(cd);
1105 // default
1106 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1107 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1108 OK_(crypt_get_metadata_size(cd, &default_mdata_size, &default_keyslots_size));
1109 EQ_(default_mdata_size, 0x04000);
1110 EQ_(default_keyslots_size, (r_header_size * 512) - 2 * 0x04000);
1111 CRYPT_FREE(cd);
1112 // check keyslots size calculation is correct
1113 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1114 OK_(crypt_set_metadata_size(cd, 0x80000, 0));
1115 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1116 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1117 EQ_(mdata_size, 0x80000);
1118 EQ_(keyslots_size, (r_header_size * 512) - 2 * 0x80000);
1119 CRYPT_FREE(cd);
1120
1121 // various metadata size checks combined with data offset
1122 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1123 OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size + 4096));
1124 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small.");
1125 OK_(crypt_set_metadata_size(cd, 0x20000, (r_header_size * 512) - 2 * 0x20000 + 4096));
1126 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small.");
1127 CRYPT_FREE(cd);
1128
1129 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1130 OK_(crypt_set_metadata_size(cd, 0x80000, 0));
1131 OK_(crypt_set_data_offset(cd, 0x80000 / 512 - 8));
1132 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Data offset is too small.");
1133 CRYPT_FREE(cd);
1134
1135 // H_DEVICE_WRONG size is 7MiB
1136 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
1137 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1138 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1139 EQ_(mdata_size, default_mdata_size);
1140 EQ_(keyslots_size, (r_header_wrong_size * 512) - 2 * default_mdata_size);
1141 CRYPT_FREE(cd);
1142
1143 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
1144 OK_(crypt_set_metadata_size(cd, 0x400000, 0));
1145 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small.");
1146 CRYPT_FREE(cd);
1147
1148 // IMAGE_EMPTY_SMALL size is 7MiB but now it's regulare file
1149 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
1150 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1151 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1152 EQ_(mdata_size, default_mdata_size);
1153 EQ_(keyslots_size, default_keyslots_size);
1154 EQ_(crypt_get_data_offset(cd), 0);
1155 CRYPT_FREE(cd);
1156
1157 sprintf(tmp, "truncate -s %" PRIu64 " " IMAGE_EMPTY_SMALL, r_header_wrong_size * 512);
1158 _system(tmp, 1);
1159
1160 // check explicit keyslots size and data offset are respected even with regular file mdevice
1161 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
1162 OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size));
1163 OK_(crypt_set_data_offset(cd, r_header_size + 8));
1164 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1165 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1166 EQ_(mdata_size, default_mdata_size);
1167 EQ_(keyslots_size, default_keyslots_size);
1168 EQ_(crypt_get_data_offset(cd), r_header_size + 8);
1169 CRYPT_FREE(cd);
1170
1171 _cleanup_dmdevices();
1172 }
1173
1174 static void UseTempVolumes(void)
1175 {
1176 char tmp[256];
1177
1178 // Tepmporary device without keyslot but with on-disk LUKS header
1179 OK_(crypt_init(&cd, DEVICE_2));
1180 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "not yet formatted");
1181 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL));
1182 OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0));
1183 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
1184 CRYPT_FREE(cd);
1185
1186 OK_(crypt_init_by_name(&cd, CDEVICE_2));
1187 OK_(crypt_deactivate(cd, CDEVICE_2));
1188 CRYPT_FREE(cd);
1189
1190 // Dirty checks: device without UUID
1191 // we should be able to remove it but not manipulate with it
1192 snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
1193 "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
1194 "%s 2048\"", CDEVICE_2, DEVICE_2);
1195 _system(tmp, 1);
1196 OK_(crypt_init_by_name(&cd, CDEVICE_2));
1197 OK_(crypt_deactivate(cd, CDEVICE_2));
1198 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "No known device type");
1199 CRYPT_FREE(cd);
1200
1201 // Dirty checks: device with UUID but LUKS header key fingerprint must fail)
1202 snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
1203 "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
1204 "%s 2048\" -u CRYPT-LUKS2-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-ctest1",
1205 CDEVICE_2, DEVICE_2);
1206 _system(tmp, 1);
1207 OK_(crypt_init_by_name(&cd, CDEVICE_2));
1208 OK_(crypt_deactivate(cd, CDEVICE_2));
1209 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "wrong volume key");
1210 CRYPT_FREE(cd);
1211
1212 // No slots
1213 OK_(crypt_init(&cd, DEVICE_2));
1214 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1215 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "volume key is lost");
1216 CRYPT_FREE(cd);
1217 }
1218
1219 static void Luks2HeaderRestore(void)
1220 {
1221 char key[128];
1222 struct crypt_pbkdf_type pbkdf = {
1223 .type = CRYPT_KDF_ARGON2I,
1224 .hash = "sha256",
1225 .parallel_threads = 4,
1226 .max_memory_kb = 1024,
1227 .time_ms = 1
1228 };
1229 struct crypt_params_luks2 params = {
1230 .pbkdf = &pbkdf,
1231 .data_alignment = 8192, // 4M, data offset will be 4096
1232 .sector_size = 512
1233 };
1234 struct crypt_params_plain pl_params = {
1235 .hash = "sha1",
1236 .skip = 0,
1237 .offset = 0,
1238 .size = 0
1239 };
1240 struct crypt_params_luks1 luks1 = {
1241 .data_alignment = 8192, // 4M offset to pass alignment test
1242 };
1243 uint32_t flags = 0;
1244
1245 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1246 size_t key_size = strlen(mk_hex) / 2;
1247 const char *cipher = "aes";
1248 const char *cipher_mode = "cbc-essiv:sha256";
1249 uint64_t r_payload_offset;
1250
1251 /* Cannot use Argon2 in FIPS */
1252 if (_fips_mode) {
1253 pbkdf.type = CRYPT_KDF_PBKDF2;
1254 pbkdf.parallel_threads = 0;
1255 pbkdf.max_memory_kb = 0;
1256 }
1257
1258 crypt_decode_key(key, mk_hex, key_size);
1259
1260 OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
1261 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000));
1262
1263 // do not restore header over plain device
1264 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1265 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, &pl_params));
1266 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1267 FAIL_(crypt_header_restore(cd, CRYPT_PLAIN, NO_REQS_LUKS2_HEADER), "Cannot restore header to PLAIN type device");
1268 FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Cannot restore header over PLAIN type device");
1269 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1270 OK_(crypt_deactivate(cd, CDEVICE_1));
1271 CRYPT_FREE(cd);
1272
1273 // FIXME: does following test make a sense in LUKS2?
1274 // volume key_size mismatch
1275 // OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1276 // memcpy(key2, key, key_size / 2);
1277 // OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key2, key_size / 2, ¶ms));
1278 // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Volume keysize mismatch");
1279 // CRYPT_FREE(cd);
1280
1281 // payload offset mismatch
1282 params.data_alignment = 8193;
1283 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1284 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1285 FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Payload offset mismatch");
1286 CRYPT_FREE(cd);
1287 params.data_alignment = 4096;
1288 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1289 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1290 // FIXME: either format has to fail or next line must be true
1291 // EQ_(crypt_get_data_offset(cd), params.data_alignment);
1292 // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Payload offset mismatch");
1293 CRYPT_FREE(cd);
1294
1295 // do not allow restore over LUKS1 header on device
1296 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1297 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
1298 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &luks1));
1299 CRYPT_FREE(cd);
1300 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1301 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1302 FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "LUKS1 format detected");
1303 CRYPT_FREE(cd);
1304
1305 /* check crypt_header_restore() properly loads crypt_device context */
1306 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1307 OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
1308 OK_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER));
1309 /* check LUKS2 specific API call returns non-error code */
1310 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
1311 EQ_(flags, 0);
1312 /* same test, any LUKS */
1313 OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
1314 OK_(crypt_header_restore(cd, CRYPT_LUKS, NO_REQS_LUKS2_HEADER));
1315 /* check LUKS2 specific API call returns non-error code */
1316 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
1317 EQ_(flags, 0);
1318
1319 CRYPT_FREE(cd);
1320
1321 _cleanup_dmdevices();
1322 }
1323
1324 static void Luks2HeaderLoad(void)
1325 {
1326 struct crypt_pbkdf_type pbkdf = {
1327 .type = CRYPT_KDF_ARGON2I,
1328 .hash = "sha256",
1329 .parallel_threads = 4,
1330 .max_memory_kb = 1024,
1331 .time_ms = 1
1332 };
1333 struct crypt_params_luks2 params = {
1334 .pbkdf = &pbkdf,
1335 .data_alignment = 8192, // 4M, data offset will be 4096
1336 .data_device = DEVICE_2,
1337 .sector_size = 512
1338 };
1339 struct crypt_params_plain pl_params = {
1340 .hash = "sha1",
1341 .skip = 0,
1342 .offset = 0,
1343 .size = 0
1344 };
1345 char key[128], cmd[256];
1346
1347 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1348 size_t key_size = strlen(mk_hex) / 2;
1349 const char *cipher = "aes";
1350 const char *cipher_mode = "cbc-essiv:sha256";
1351 uint64_t r_payload_offset, r_header_size, img_size;
1352
1353 /* Cannot use Argon2 in FIPS */
1354 if (_fips_mode) {
1355 pbkdf.type = CRYPT_KDF_PBKDF2;
1356 pbkdf.parallel_threads = 0;
1357 pbkdf.max_memory_kb = 0;
1358 }
1359
1360 crypt_decode_key(key, mk_hex, key_size);
1361
1362 // hardcoded values for existing image IMAGE1
1363 img_size = 8192;
1364 // prepare test env
1365 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
1366 // external header device
1367 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
1368 // prepared header on a device too small to contain header and payload
1369 //OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
1370 OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, img_size - 1));
1371 snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32 " count=%" PRIu64 " 2>/dev/null", params.sector_size, img_size - 1);
1372 OK_(_system(cmd, 1));
1373 // some device
1374 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
1375 // 1 sector device
1376 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_header_size + 1));
1377 // 0 sectors device for payload
1378 OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_header_size));
1379
1380 // valid metadata and device size
1381 params.data_alignment = 0;
1382 params.data_device = DMDIR L_DEVICE_OK;
1383 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1384 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1385 CRYPT_FREE(cd);
1386 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1387 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1388 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1389 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1390 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1391 OK_(!crypt_get_metadata_device_name(cd));
1392 EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
1393 OK_(crypt_deactivate(cd, CDEVICE_1));
1394 EQ_(1, crypt_header_is_detached(cd));
1395 CRYPT_FREE(cd);
1396
1397 // repeat with init with two devices
1398 OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
1399 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1400 CRYPT_FREE(cd);
1401 OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
1402 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1403 OK_(!crypt_get_metadata_device_name(cd));
1404 EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
1405 EQ_(1, crypt_header_is_detached(cd));
1406 CRYPT_FREE(cd);
1407
1408 // bad header: device too small (payloadOffset > device_size)
1409 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
1410 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Device too small");
1411 NULL_(crypt_get_type(cd));
1412 CRYPT_FREE(cd);
1413
1414 // 0 secs for encrypted data area
1415 params.data_alignment = 8192;
1416 params.data_device = NULL;
1417 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
1418 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1419 CRYPT_FREE(cd);
1420 // load should be ok
1421 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
1422 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1423 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
1424 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
1425 CRYPT_FREE(cd);
1426
1427 // damaged header
1428 OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8 2>/dev/null", 1));
1429 OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 seek=32 count=8 2>/dev/null", 1));
1430 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1431 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Header not found");
1432 CRYPT_FREE(cd);
1433
1434 // plain device
1435 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1436 FAIL_(crypt_load(cd, CRYPT_PLAIN, NULL), "Can't load nonLUKS device type");
1437 CRYPT_FREE(cd);
1438 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1439 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, &pl_params));
1440 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Can't load over nonLUKS device type");
1441 CRYPT_FREE(cd);
1442
1443 //LUKSv2 device
1444 OK_(crypt_init(&cd, DEVICE_4));
1445 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1446 CRYPT_FREE(cd);
1447 OK_(crypt_init(&cd, DEVICE_4));
1448 crypt_set_iteration_time(cd, 0); /* invalid for argon2 pbkdf, ignored */
1449 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1450 CRYPT_FREE(cd);
1451
1452 /* check load sets proper device type */
1453 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
1454 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1455 EQ_(strcmp(CRYPT_LUKS2, crypt_get_type(cd)), 0);
1456 CRYPT_FREE(cd);
1457
1458 _cleanup_dmdevices();
1459 }
1460
1461 static void Luks2HeaderBackup(void)
1462 {
1463 struct crypt_pbkdf_type pbkdf = {
1464 .type = CRYPT_KDF_ARGON2I,
1465 .hash = "sha256",
1466 .parallel_threads = 4,
1467 .max_memory_kb = 1024,
1468 .time_ms = 1
1469 };
1470 struct crypt_params_luks2 params = {
1471 .pbkdf = &pbkdf,
1472 .data_alignment = 8192, // 4M, data offset will be 4096
1473 .data_device = DEVICE_2,
1474 .sector_size = 512
1475 };
1476 char key[128];
1477 int fd, ro = O_RDONLY;
1478
1479 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1480 size_t key_size = strlen(mk_hex) / 2;
1481 const char *cipher = "aes";
1482 const char *cipher_mode = "cbc-essiv:sha256";
1483 uint64_t r_payload_offset;
1484
1485 const char *passphrase = PASSPHRASE;
1486
1487 /* Cannot use Argon2 in FIPS */
1488 if (_fips_mode) {
1489 pbkdf.type = CRYPT_KDF_PBKDF2;
1490 pbkdf.parallel_threads = 0;
1491 pbkdf.max_memory_kb = 0;
1492 }
1493
1494 crypt_decode_key(key, mk_hex, key_size);
1495
1496 OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset));
1497 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
1498
1499 // create LUKS device and backup the header
1500 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1501 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1502 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1503 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
1504 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0);
1505 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
1506 OK_(crypt_deactivate(cd, CDEVICE_1));
1507 CRYPT_FREE(cd);
1508
1509 // restore header from backup
1510 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1511 OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
1512 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1513 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1514 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1515 OK_(crypt_deactivate(cd, CDEVICE_1));
1516 EQ_(0, crypt_header_is_detached(cd));
1517 CRYPT_FREE(cd);
1518
1519 // exercise luksOpen using backup header in file
1520 OK_(crypt_init(&cd, BACKUP_FILE));
1521 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1522 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1523 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
1524 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1525 OK_(crypt_deactivate(cd, CDEVICE_1));
1526 EQ_(1, crypt_header_is_detached(cd));
1527 CRYPT_FREE(cd);
1528
1529 OK_(crypt_init(&cd, BACKUP_FILE));
1530 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1531 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1532 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
1533 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1534 OK_(crypt_deactivate(cd, CDEVICE_1));
1535 CRYPT_FREE(cd);
1536
1537 // exercise luksOpen using backup header on block device
1538 fd = loop_attach(&DEVICE_3, BACKUP_FILE, 0, 0, &ro);
1539 NOTFAIL_(fd, "Bad loop device.");
1540 close(fd);
1541 OK_(crypt_init(&cd, DEVICE_3));
1542 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1543 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1544 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
1545 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1546 OK_(crypt_deactivate(cd, CDEVICE_1));
1547 CRYPT_FREE(cd);
1548
1549 OK_(crypt_init(&cd, DEVICE_3));
1550 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1551 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1552 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
1553 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1554 OK_(crypt_deactivate(cd, CDEVICE_1));
1555 CRYPT_FREE(cd);
1556
1557 _cleanup_dmdevices();
1558 }
1559
1560 static void ResizeDeviceLuks2(void)
1561 {
1562 struct crypt_pbkdf_type pbkdf = {
1563 .type = CRYPT_KDF_ARGON2I,
1564 .hash = "sha256",
1565 .parallel_threads = 4,
1566 .max_memory_kb = 1024,
1567 .time_ms = 1
1568 };
1569 struct crypt_params_luks2 params = {
1570 .pbkdf = &pbkdf,
1571 .data_alignment = 8192, // 4M, data offset will be 4096
1572 .sector_size = 512
1573 };
1574 char key[128];
1575
1576 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1577 size_t key_size = strlen(mk_hex) / 2;
1578 const char *cipher = "aes";
1579 const char *cipher_mode = "cbc-essiv:sha256";
1580 uint64_t r_payload_offset, r_header_size, r_size;
1581
1582 /* Cannot use Argon2 in FIPS */
1583 if (_fips_mode) {
1584 pbkdf.type = CRYPT_KDF_PBKDF2;
1585 pbkdf.parallel_threads = 0;
1586 pbkdf.max_memory_kb = 0;
1587 }
1588
1589 crypt_decode_key(key, mk_hex, key_size);
1590
1591 // prepare env
1592 OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
1593 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
1594 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
1595 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
1596 OK_(create_dmdevice_over_loop(L_DEVICE_0S, 1000));
1597 OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 1000));
1598
1599 // test header and encrypted payload all in one device
1600 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1601 // disable loading VKs in kernel keyring (compatible mode)
1602 OK_(crypt_volume_key_keyring(cd, 0));
1603 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1604 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1605 OK_(crypt_resize(cd, CDEVICE_1, 0));
1606 OK_(crypt_resize(cd, CDEVICE_1, 42));
1607 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1608 EQ_(42, r_size >> TST_SECTOR_SHIFT);
1609 OK_(crypt_resize(cd, CDEVICE_1, 0));
1610 // autodetect encrypted device area size
1611 OK_(crypt_resize(cd, CDEVICE_1, 0));
1612 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1613 EQ_(1000, r_size >> TST_SECTOR_SHIFT);
1614 FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
1615 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1616 EQ_(1000, r_size >> TST_SECTOR_SHIFT);
1617 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1618 OK_(crypt_deactivate(cd, CDEVICE_1));
1619 CRYPT_FREE(cd);
1620
1621 params.data_alignment = 0;
1622 params.data_device = DMDIR L_DEVICE_0S;
1623 // test case for external header
1624 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1625 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1626 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1627 OK_(crypt_resize(cd, CDEVICE_1, 666));
1628 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1629 EQ_(666, r_size >> TST_SECTOR_SHIFT);
1630 // autodetect encrypted device size
1631 OK_(crypt_resize(cd, CDEVICE_1, 0));
1632 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1633 EQ_(1000, r_size >> TST_SECTOR_SHIFT);
1634 FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
1635 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1636 EQ_(1000, r_size >> TST_SECTOR_SHIFT);
1637 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1638 OK_(crypt_deactivate(cd, CDEVICE_1));
1639 CRYPT_FREE(cd);
1640
1641 #ifdef KERNEL_KEYRING
1642 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1643 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1644 // enable loading VKs in kernel keyring (default mode)
1645 OK_(crypt_volume_key_keyring(cd, 1));
1646 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1647 // erase volume key from kernel keyring
1648 if (t_dm_crypt_keyring_support())
1649 OK_(_drop_keyring_key(cd, 0));
1650 else
1651 FAIL_(_drop_keyring_key(cd, 0), "key not found");
1652 // same size is ok
1653 OK_(crypt_resize(cd, CDEVICE_1, 0));
1654 // kernel fails to find the volume key in keyring
1655 if (t_dm_crypt_keyring_support())
1656 FAIL_(crypt_resize(cd, CDEVICE_1, 42), "Unable to find volume key in keyring");
1657 else
1658 OK_(crypt_resize(cd, CDEVICE_1, 42));
1659 // test mode must not load vk in keyring
1660 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
1661 if (t_dm_crypt_keyring_support())
1662 FAIL_(crypt_resize(cd, CDEVICE_1, 44), "VK must be in keyring to perform resize");
1663 else
1664 OK_(crypt_resize(cd, CDEVICE_1, 44));
1665 // reinstate the volume key in keyring
1666 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
1667 OK_(crypt_resize(cd, CDEVICE_1, 43));
1668 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1669 EQ_(43, r_size >> TST_SECTOR_SHIFT);
1670 CRYPT_FREE(cd);
1671
1672 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1673 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1674 // check userspace gets hint volume key must be properly loaded in kernel keyring
1675 if (t_dm_crypt_keyring_support())
1676 EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
1677 else
1678 OK_(crypt_resize(cd, CDEVICE_1, 0));
1679 CRYPT_FREE(cd);
1680
1681 // same as above for handles initialised by name
1682 OK_(crypt_init_by_name(&cd, CDEVICE_1));
1683 if (t_dm_crypt_keyring_support())
1684 EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
1685 else
1686 OK_(crypt_resize(cd, CDEVICE_1, 0));
1687 OK_(crypt_deactivate(cd, CDEVICE_1));
1688 CRYPT_FREE(cd);
1689 #endif
1690 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1691 OK_(crypt_load(cd, NULL, NULL));
1692 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1693
1694 /* create second LUKS2 device */
1695 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
1696 OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, ¶ms));
1697 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
1698 /* do not allow resize of other device */
1699 FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
1700 OK_(crypt_deactivate(cd2, CDEVICE_2));
1701 CRYPT_FREE(cd2);
1702
1703 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
1704 OK_(crypt_set_pbkdf_type(cd2, &min_pbkdf2));
1705 OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, NULL));
1706 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
1707 FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
1708 OK_(crypt_deactivate(cd2, CDEVICE_2));
1709 CRYPT_FREE(cd2);
1710
1711 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
1712 OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, NULL));
1713 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
1714 FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
1715 OK_(crypt_deactivate(cd2, CDEVICE_2));
1716 CRYPT_FREE(cd2);
1717
1718 OK_(crypt_deactivate(cd, CDEVICE_1));
1719 CRYPT_FREE(cd);
1720
1721 _cleanup_dmdevices();
1722 }
1723
1724 static void TokenActivationByKeyring(void)
1725 {
1726 #ifdef KERNEL_KEYRING
1727 key_serial_t kid, kid1;
1728 struct crypt_active_device cad;
1729
1730 const char *cipher = "aes";
1731 const char *cipher_mode = "xts-plain64";
1732
1733 const struct crypt_token_params_luks2_keyring params = {
1734 .key_description = KEY_DESC_TEST0
1735 }, params2 = {
1736 .key_description = KEY_DESC_TEST1
1737 };
1738 uint64_t r_payload_offset;
1739
1740 if (!t_dm_crypt_keyring_support()) {
1741 printf("WARNING: Kernel keyring not supported, skipping test.\n");
1742 return;
1743 }
1744
1745 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
1746 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1747
1748 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
1749 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
1750
1751 // prepare the device
1752 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1753 OK_(set_fast_pbkdf(cd));
1754 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
1755 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
1756 EQ_(crypt_token_luks2_keyring_set(cd, 3, ¶ms), 3);
1757 EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3);
1758 CRYPT_FREE(cd);
1759
1760 // test thread keyring key in token 0
1761 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1762 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1763 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0);
1764 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), "already open");
1765 OK_(crypt_deactivate(cd, CDEVICE_1));
1766 CRYPT_FREE(cd);
1767
1768 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
1769
1770 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_PROCESS_KEYRING);
1771 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1772
1773 // add token 1 with process keyring key
1774 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1775 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1776 EQ_(crypt_token_json_set(cd, 3, NULL), 3);
1777 EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms), 1);
1778 EQ_(crypt_token_assign_keyslot(cd, 1, 0), 1);
1779 CRYPT_FREE(cd);
1780
1781 // test process keyring key in token 1
1782 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1783 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1784 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 0);
1785 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), "already open");
1786 OK_(crypt_deactivate(cd, CDEVICE_1));
1787 CRYPT_FREE(cd);
1788
1789 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING), "Test or kernel keyring are broken.");
1790
1791 // create two tokens and let the cryptsetup unlock the volume with the valid one
1792 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
1793 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1794
1795 kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
1796 NOTFAIL_(kid1, "Test or kernel keyring are broken.");
1797
1798 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1799 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1800 EQ_(crypt_token_luks2_keyring_set(cd, 0, ¶ms), 0);
1801 EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
1802 EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms2), 1);
1803 FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist");
1804 OK_(set_fast_pbkdf(cd));
1805 EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1);
1806 EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1);
1807 CRYPT_FREE(cd);
1808
1809 // activate by specific token
1810 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1811 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1812 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0);
1813 if (t_dm_crypt_keyring_support()) {
1814 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
1815 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
1816 }
1817 OK_(crypt_deactivate(cd, CDEVICE_1));
1818 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 1);
1819 OK_(crypt_deactivate(cd, CDEVICE_1));
1820 CRYPT_FREE(cd);
1821
1822 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
1823
1824 // activate by any token with token 0 having absent pass from keyring
1825 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1826 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1827 EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
1828 if (t_dm_crypt_keyring_support()) {
1829 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
1830 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
1831 }
1832 OK_(crypt_deactivate(cd, CDEVICE_1));
1833 CRYPT_FREE(cd);
1834
1835 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
1836 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1837
1838 // replace pass for keyslot 0 making token 0 invalid
1839 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1840 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1841 OK_(crypt_keyslot_destroy(cd, 0));
1842 OK_(set_fast_pbkdf(cd));
1843 EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
1844 CRYPT_FREE(cd);
1845
1846 // activate by any token with token 0 having wrong pass for keyslot 0
1847 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1848 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1849 EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
1850 OK_(crypt_deactivate(cd, CDEVICE_1));
1851 CRYPT_FREE(cd);
1852
1853 // create new device, with two tokens:
1854 // 1st token being invalid (missing key in keyring)
1855 // 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass)
1856 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1857 OK_(set_fast_pbkdf(cd));
1858 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
1859 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
1860 EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
1861 EQ_(crypt_token_luks2_keyring_set(cd, 0, ¶ms), 0);
1862 EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
1863 EQ_(crypt_token_luks2_keyring_set(cd, 2, ¶ms2), 2);
1864 EQ_(crypt_token_assign_keyslot(cd, 2, 1), 2);
1865 CRYPT_FREE(cd);
1866
1867 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
1868
1869 kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
1870 NOTFAIL_(kid1, "Test or kernel keyring are broken.");
1871
1872 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1873 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1874 EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
1875 OK_(crypt_deactivate(cd, CDEVICE_1));
1876 CRYPT_FREE(cd);
1877 _cleanup_dmdevices();
1878 #else
1879 printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
1880 #endif
1881 }
1882
1883 static void Tokens(void)
1884 {
1885 #define TEST_TOKEN_JSON(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
1886 "\"key_length\":32,\"a_field\":\"magic_string\"}"
1887
1888 #define TEST_TOKEN_JSON_INVALID(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
1889 "\"key_length\":32}"
1890
1891 #define TEST_TOKEN1_JSON(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
1892 "\"key_length\":32,\"a_field\":\"magic_string\"}"
1893
1894 #define TEST_TOKEN1_JSON_INVALID(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
1895 "\"key_length\":32}"
1896
1897 #define BOGUS_TOKEN0_JSON "{\"type\":\"luks2-\",\"keyslots\":[]}"
1898 #define BOGUS_TOKEN1_JSON "{\"type\":\"luks2-a\",\"keyslots\":[]}"
1899
1900 #define LUKS2_KEYRING_TOKEN_JSON(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
1901 "\"key_description\":" y "}"
1902
1903 #define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
1904 "\"key_description\":" y ", \"some_field\":\"some_value\"}"
1905
1906
1907 int ks, token_max;
1908 const char *dummy;
1909 const char *cipher = "aes";
1910 const char *cipher_mode = "xts-plain64";
1911 char passptr[] = PASSPHRASE;
1912 char passptr1[] = PASSPHRASE1;
1913
1914 static const crypt_token_handler th = {
1915 .name = "test_token",
1916 .open = test_open,
1917 .validate = test_validate
1918 }, th2 = {
1919 .name = "test_token",
1920 .open = test_open
1921 }, th3 = {
1922 .name = "test_token1",
1923 .open = test_open,
1924 .validate = test_validate
1925 }, th_reserved = {
1926 .name = "luks2-prefix",
1927 .open = test_open
1928 };
1929
1930 struct crypt_token_params_luks2_keyring params = {
1931 .key_description = "desc"
1932 };
1933 uint64_t r_payload_offset;
1934
1935 OK_(crypt_token_register(&th));
1936 FAIL_(crypt_token_register(&th2), "Token handler with the name already registered.");
1937
1938 FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix");
1939
1940 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
1941 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
1942
1943 // basic token API tests
1944 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1945 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
1946 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
1947 EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID);
1948 EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID);
1949 EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_INACTIVE);
1950 EQ_(crypt_token_status(cd, 31, NULL), CRYPT_TOKEN_INACTIVE);
1951 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
1952 EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
1953 FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON_INVALID("\"0\"")), "Token validation failed");
1954 EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON("\"0\"")), 0);
1955 EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_EXTERNAL);
1956 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), 0);
1957 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), "already active");
1958 OK_(crypt_deactivate(cd, CDEVICE_1));
1959
1960 // write invalid token and verify that validate() can detect it after handler being registered
1961 EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON_INVALID("\"1\"")), 1);
1962 EQ_(crypt_token_status(cd, 1, NULL), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
1963 EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON("\"1\"")), 2);
1964 EQ_(crypt_token_status(cd, 2, &dummy), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
1965 OK_(strcmp(dummy, "test_token1"));
1966 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Unknown token handler");
1967 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Unknown token handler");
1968 OK_(crypt_token_register(&th3));
1969 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Token validation failed");
1970 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), 1);
1971 OK_(crypt_deactivate(cd, CDEVICE_1));
1972
1973 // test crypt_token_json_get returns correct token id
1974 EQ_(crypt_token_json_get(cd, 2, &dummy), 2);
1975
1976 // exercise assign/unassign keyslots API
1977 EQ_(crypt_token_unassign_keyslot(cd, 2, 1), 2);
1978 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Token assigned to no keyslot");
1979 EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
1980 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Wrong passphrase");
1981 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
1982 OK_(crypt_deactivate(cd, CDEVICE_1));
1983 EQ_(crypt_token_json_set(cd, 1, NULL), 1);
1984 FAIL_(crypt_token_json_get(cd, 1, &dummy), "Token is not there");
1985 EQ_(crypt_token_unassign_keyslot(cd, 2, CRYPT_ANY_SLOT), 2);
1986 EQ_(crypt_token_unassign_keyslot(cd, 0, CRYPT_ANY_SLOT), 0);
1987
1988 // various tests related to unassigned keyslot to volume segment
1989 EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
1990 EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
1991 EQ_(crypt_token_assign_keyslot(cd, 0, 3), 0);
1992
1993 EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
1994 EQ_(crypt_activate_by_token(cd, NULL, 0, passptr1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
1995 // FIXME: useless error message here (or missing one to be specific)
1996 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), "No volume key available in token keyslots");
1997 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
1998 OK_(crypt_deactivate(cd, CDEVICE_1));
1999 EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
2000 OK_(crypt_token_is_assigned(cd, 0, 1));
2001 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), 1);
2002 OK_(crypt_deactivate(cd, CDEVICE_1));
2003
2004 EQ_(crypt_token_assign_keyslot(cd, 2, 3), 2);
2005 OK_(crypt_token_is_assigned(cd, 2, 3));
2006 EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
2007 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
2008 OK_(crypt_deactivate(cd, CDEVICE_1));
2009
2010 #ifdef KERNEL_KEYRING
2011 if (t_dm_crypt_keyring_support()) {
2012 EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), 0);
2013 OK_(_volume_key_in_keyring(cd, 0));
2014 }
2015 OK_(crypt_volume_key_keyring(cd, 0));
2016 #endif
2017 FAIL_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), "Can't use keyring when disabled in library");
2018 OK_(crypt_volume_key_keyring(cd, 1));
2019
2020 EQ_(crypt_token_luks2_keyring_set(cd, 5, ¶ms), 5);
2021 EQ_(crypt_token_status(cd, 5, &dummy), CRYPT_TOKEN_INTERNAL);
2022 OK_(strcmp(dummy, "luks2-keyring"));
2023
2024 FAIL_(crypt_token_luks2_keyring_get(cd, 2, ¶ms), "Token is not luks2-keyring type");
2025
2026 FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN0_JSON), "luks2- reserved prefix.");
2027 FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN1_JSON), "luks2- reserved prefix.");
2028
2029 // test we can use crypt_token_json_set for valid luks2-keyring token
2030 FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON_BAD("\"0\"", "\"my_desc_x\"")), "Strict luks2-keyring token validation failed");
2031 EQ_(crypt_token_status(cd, 12, NULL), CRYPT_TOKEN_INACTIVE);
2032 FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON("\"5\"", "\"my_desc\"")), "Missing keyslot 5.");
2033 EQ_(crypt_token_json_set(cd, 10, LUKS2_KEYRING_TOKEN_JSON("\"1\"", "\"my_desc\"")), 10);
2034 EQ_(crypt_token_status(cd, 10, &dummy), CRYPT_TOKEN_INTERNAL);
2035 OK_(strcmp(dummy, "luks2-keyring"));
2036 params.key_description = NULL;
2037 EQ_(crypt_token_luks2_keyring_get(cd, 10, ¶ms), 10);
2038 OK_(strcmp(params.key_description, "my_desc"));
2039
2040 OK_(crypt_token_is_assigned(cd, 10, 1));
2041 // unassigned tests
2042 EQ_(crypt_token_is_assigned(cd, 10, 21), -ENOENT);
2043 EQ_(crypt_token_is_assigned(cd, 21, 1), -ENOENT);
2044 // wrong keyslot or token id tests
2045 EQ_(crypt_token_is_assigned(cd, -1, 1), -EINVAL);
2046 EQ_(crypt_token_is_assigned(cd, 32, 1), -EINVAL);
2047 EQ_(crypt_token_is_assigned(cd, 10, -1), -EINVAL);
2048 EQ_(crypt_token_is_assigned(cd, 10, 32), -EINVAL);
2049 EQ_(crypt_token_is_assigned(cd, -1, -1), -EINVAL);
2050 EQ_(crypt_token_is_assigned(cd, 32, 32), -EINVAL);
2051
2052 // test crypt_keyslot_change_by_passphrase does not erase token references
2053 EQ_(crypt_keyslot_change_by_passphrase(cd, 1, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
2054 OK_(crypt_token_is_assigned(cd, 10, 5));
2055 ks = crypt_keyslot_change_by_passphrase(cd, 5, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1));
2056 NOTFAIL_(ks, "Failed to change keyslot passphrase.");
2057 OK_(crypt_token_is_assigned(cd, 10, ks));
2058 CRYPT_FREE(cd);
2059
2060 // test token activation respects keyslot priorities
2061 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2062 OK_(set_fast_pbkdf(cd));
2063 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
2064 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2065 EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
2066 EQ_(crypt_keyslot_add_by_volume_key(cd, 5, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 5);
2067 EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
2068 EQ_(crypt_keyslot_add_by_volume_key(cd, 12, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 12);
2069 EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
2070 EQ_(crypt_keyslot_add_by_volume_key(cd, 31, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 31);
2071
2072 OK_(crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_IGNORE));
2073 OK_(crypt_keyslot_set_priority(cd, 3, CRYPT_SLOT_PRIORITY_PREFER));
2074 OK_(crypt_keyslot_set_priority(cd, 8, CRYPT_SLOT_PRIORITY_PREFER));
2075 OK_(crypt_keyslot_set_priority(cd, 12,CRYPT_SLOT_PRIORITY_PREFER));
2076
2077 // expected unusable with CRYPT_ANY_TOKEN
2078 EQ_(crypt_token_json_set(cd, 1, TEST_TOKEN_JSON("\"0\", \"3\"")), 1);
2079
2080 // expected unusable (-EPERM)
2081 EQ_(crypt_token_json_set(cd, 5, TEST_TOKEN_JSON("\"8\"")), 5);
2082
2083 // expected unusable (-EPERM)
2084 EQ_(crypt_token_json_set(cd, 4, TEST_TOKEN_JSON("\"8\", \"3\"")), 4);
2085
2086 // expected unusable (-ENOENT)
2087 EQ_(crypt_token_json_set(cd, 6, TEST_TOKEN_JSON("\"3\"")), 6);
2088
2089 // expected unusable (-ENOENT)
2090 EQ_(crypt_token_json_set(cd, 11, TEST_TOKEN_JSON("")), 11);
2091
2092 token_max = crypt_token_max(CRYPT_LUKS2) - 1;
2093 GE_(token_max, 0);
2094
2095 // expected to be used first with CRYPT_ANY_TOKEN (unlocks with high priority ks 12)
2096 EQ_(crypt_token_json_set(cd, token_max, TEST_TOKEN_JSON("\"12\", \"0\", \"3\"")), token_max);
2097
2098 // expected usable with CRYPT_ANY_TOKEN
2099 EQ_(crypt_token_json_set(cd, 8, TEST_TOKEN_JSON("\"5\", \"0\", \"3\"")), 8);
2100
2101 // of all tokens keyslot 12 has highest priority now
2102 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
2103 EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
2104 OK_(crypt_deactivate(cd, CDEVICE_1));
2105
2106 // with explicit token priority ignore may be used
2107 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 1, NULL, 0, passptr, 0), 0);
2108 EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", 1, NULL, 0, passptr, 0), 0);
2109 OK_(crypt_deactivate(cd, CDEVICE_1));
2110
2111 EQ_(crypt_token_json_set(cd, token_max, NULL), token_max);
2112
2113 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 5);
2114
2115 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 5, NULL, 0, passptr, 0), -EPERM);
2116 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 4, NULL, 0, passptr, 0), -EPERM);
2117
2118 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, 0), -ENOENT);
2119 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
2120
2121 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, 0), -ENOENT);
2122 EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), -ENOENT);
2123
2124 CRYPT_FREE(cd);
2125
2126 EQ_(crypt_token_max(CRYPT_LUKS2), 32);
2127 FAIL_(crypt_token_max(CRYPT_LUKS1), "No token support in LUKS1");
2128 FAIL_(crypt_token_max(NULL), "No LUKS format specified");
2129 _cleanup_dmdevices();
2130 }
2131
2132 static void LuksConvert(void)
2133 {
2134 uint64_t offset, r_payload_offset;
2135
2136 const char *json = "{\"type\":\"convert_block\",\"keyslots\":[]}";
2137 const struct crypt_pbkdf_type argon = {
2138 .type = CRYPT_KDF_ARGON2I,
2139 .hash = "sha512",
2140 .time_ms = 1,
2141 .max_memory_kb = 1024,
2142 .parallel_threads = 1
2143 }, pbkdf2 = {
2144 .type = CRYPT_KDF_PBKDF2,
2145 .hash = "sha1",
2146 .time_ms = 1
2147 };
2148
2149 struct crypt_params_luks1 luks1 = {
2150 .hash = "sha256",
2151 .data_device = DMDIR L_DEVICE_1S
2152 };
2153
2154 struct crypt_params_luks2 luks2 = {
2155 .pbkdf = &pbkdf2,
2156 .sector_size = 512
2157 };
2158
2159 const char *cipher = "aes";
2160 const char *cipher_mode = "xts-plain64";
2161
2162 // prepare the device
2163 OK_(crypt_init(&cd, DEVICE_1));
2164 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
2165 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NULL));
2166 offset = crypt_get_data_offset(cd);
2167 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2168 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 7);
2169 CRYPT_FREE(cd);
2170
2171 // convert LUKSv1 -> LUKSv2
2172 OK_(crypt_init(&cd, DEVICE_1));
2173 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2174 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
2175 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2176 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "device is active");
2177 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2178 OK_(crypt_deactivate(cd, CDEVICE_1));
2179 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2180 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2181 CRYPT_FREE(cd);
2182
2183 // check result
2184 OK_(crypt_init(&cd, DEVICE_1));
2185 FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "wrong luks format");
2186 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2187 EQ_(crypt_get_data_offset(cd), offset);
2188 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2189 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2190 OK_(crypt_deactivate(cd, CDEVICE_1));
2191 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
2192 OK_(crypt_deactivate(cd, CDEVICE_1));
2193 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "format is already LUKSv2");
2194 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2195 CRYPT_FREE(cd);
2196
2197 // convert LUKSv2 -> LUKSv1
2198 OK_(crypt_init(&cd, DEVICE_1));
2199 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2200 EQ_(crypt_get_data_offset(cd), offset);
2201 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2202 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "device is active");
2203 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2204 OK_(crypt_deactivate(cd, CDEVICE_1));
2205 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2206 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2207 CRYPT_FREE(cd);
2208
2209 // check result
2210 OK_(crypt_init(&cd, DEVICE_1));
2211 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "wrong luks format");
2212 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2213 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2214 EQ_(crypt_get_data_offset(cd), offset);
2215 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2216 OK_(crypt_deactivate(cd, CDEVICE_1));
2217 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
2218 OK_(crypt_deactivate(cd, CDEVICE_1));
2219 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
2220 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2221 CRYPT_FREE(cd);
2222
2223 // exercice non-pbkdf2 LUKSv2 conversion
2224 if (!_fips_mode) {
2225 OK_(crypt_init(&cd, DEVICE_1));
2226 OK_(crypt_set_data_offset(cd, offset));
2227 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
2228 OK_(crypt_set_pbkdf_type(cd, &argon));
2229 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2230 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Incompatible pbkdf with LUKSv1 format");
2231 CRYPT_FREE(cd);
2232 }
2233
2234 // exercice non LUKS1 compatible keyslot
2235 OK_(crypt_init(&cd, DEVICE_1));
2236 OK_(crypt_set_data_offset(cd, offset));
2237 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
2238 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2239 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
2240 // FIXME: following test fails as expected but for a different reason
2241 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Unassigned keyslots are incompatible with LUKSv1 format");
2242 CRYPT_FREE(cd);
2243
2244 // exercice LUKSv2 conversion with single pbkdf2 keyslot being active
2245 OK_(crypt_init(&cd, DEVICE_1));
2246 OK_(crypt_set_data_offset(cd, offset));
2247 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2248 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
2249 offset = crypt_get_data_offset(cd);
2250 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2251 if (!_fips_mode) {
2252 OK_(crypt_set_pbkdf_type(cd, &argon));
2253 EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 1);
2254 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Different hash for digest and keyslot.");
2255 OK_(crypt_keyslot_destroy(cd, 1));
2256 }
2257 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2258 EQ_(crypt_get_data_offset(cd), offset);
2259 CRYPT_FREE(cd);
2260 OK_(crypt_init(&cd, DEVICE_1));
2261 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2262 EQ_(crypt_get_data_offset(cd), offset);
2263 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2264 CRYPT_FREE(cd);
2265
2266 // do not allow conversion on keyslot No > 7
2267 OK_(crypt_init(&cd, DEVICE_1));
2268 OK_(crypt_set_data_offset(cd, offset));
2269 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
2270 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2271 EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
2272 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert keyslot No 8");
2273 CRYPT_FREE(cd);
2274
2275 // do not allow conversion with token
2276 OK_(crypt_init(&cd, DEVICE_1));
2277 OK_(crypt_set_data_offset(cd, offset));
2278 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
2279 OK_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json));
2280 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert header with token.");
2281 CRYPT_FREE(cd);
2282
2283 // should be enough for both luks1 and luks2 devices with all vk lengths
2284 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
2285 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
2286
2287 // do not allow conversion for legacy luks1 device (non-aligned keyslot offset)
2288 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_LEGACY " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2289 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2290 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2291 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
2292 CRYPT_FREE(cd);
2293
2294 /*
2295 * do not allow conversion on images if there's not enough space between
2296 * last keyslot and data offset (should not happen on headers created
2297 * with cryptsetup)
2298 */
2299 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_UNMOVABLE " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2300 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2301 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2302 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
2303 CRYPT_FREE(cd);
2304
2305 // compat conversion tests
2306 // LUKS1 -> LUKS2
2307
2308 // 128b key
2309 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2310
2311 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2312 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2313 offset = crypt_get_data_offset(cd);
2314 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2315 EQ_(crypt_get_data_offset(cd), offset);
2316 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2317 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2318 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2319 CRYPT_FREE(cd);
2320 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2321 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2322 EQ_(crypt_get_data_offset(cd), offset);
2323 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2324 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2325 CRYPT_FREE(cd);
2326
2327 // 256b key
2328 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2329
2330 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2331 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2332 offset = crypt_get_data_offset(cd);
2333 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2334 EQ_(crypt_get_data_offset(cd), offset);
2335 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2336 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2337 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2338 CRYPT_FREE(cd);
2339 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2340 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2341 EQ_(crypt_get_data_offset(cd), offset);
2342 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2343 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2344 CRYPT_FREE(cd);
2345
2346 // 512b key
2347 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2348
2349 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2350 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2351 offset = crypt_get_data_offset(cd);
2352 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2353 EQ_(crypt_get_data_offset(cd), offset);
2354 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2355 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2356 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2357 CRYPT_FREE(cd);
2358 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2359 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2360 EQ_(crypt_get_data_offset(cd), offset);
2361 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2362 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2363 CRYPT_FREE(cd);
2364
2365 // detached LUKS1 header conversion
2366 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
2367 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2368 offset = crypt_get_data_offset(cd);
2369 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2370 EQ_(crypt_get_data_offset(cd), offset);
2371 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2372 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2373 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2374 CRYPT_FREE(cd);
2375 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
2376 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2377 EQ_(crypt_get_data_offset(cd), offset);
2378 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2379 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2380 CRYPT_FREE(cd);
2381
2382 // 256b key
2383 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
2384 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2385 offset = crypt_get_data_offset(cd);
2386 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2387 EQ_(crypt_get_data_offset(cd), offset);
2388 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2389 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2390 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2391 CRYPT_FREE(cd);
2392 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
2393 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2394 EQ_(crypt_get_data_offset(cd), offset);
2395 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2396 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2397 CRYPT_FREE(cd);
2398
2399 // 512b key
2400 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
2401 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2402 offset = crypt_get_data_offset(cd);
2403 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2404 EQ_(crypt_get_data_offset(cd), offset);
2405 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2406 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2407 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2408 CRYPT_FREE(cd);
2409 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
2410 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2411 EQ_(crypt_get_data_offset(cd), offset);
2412 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2413 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2414 CRYPT_FREE(cd);
2415
2416 // LUKS2 -> LUKS1
2417 // 128b key
2418 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2419
2420 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2421 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2422 offset = crypt_get_data_offset(cd);
2423 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2424 EQ_(crypt_get_data_offset(cd), offset);
2425 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2426 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2427 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2428 CRYPT_FREE(cd);
2429 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2430 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2431 EQ_(crypt_get_data_offset(cd), offset);
2432 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2433 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2434 CRYPT_FREE(cd);
2435
2436 // 128b all LUKS1 keyslots used
2437 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2438 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2439 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2440 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2441 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2442 CRYPT_FREE(cd);
2443 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2444 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2445 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2446 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2447 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2448 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2449 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2450 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2451 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2452 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2453 CRYPT_FREE(cd);
2454
2455 // 256b key
2456 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2457
2458 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2459 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2460 offset = crypt_get_data_offset(cd);
2461 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2462 EQ_(crypt_get_data_offset(cd), offset);
2463 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2464 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2465 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2466 CRYPT_FREE(cd);
2467 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2468 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2469 EQ_(crypt_get_data_offset(cd), offset);
2470 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2471 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2472 CRYPT_FREE(cd);
2473
2474 // 256b all LUKS1 keyslots used
2475 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2476 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2477 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2478 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2479 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2480 CRYPT_FREE(cd);
2481 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2482 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2483 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2484 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2485 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2486 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2487 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2488 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2489 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2490 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2491 CRYPT_FREE(cd);
2492
2493 // 512b key
2494 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2495
2496 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2497 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2498 offset = crypt_get_data_offset(cd);
2499 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2500 EQ_(crypt_get_data_offset(cd), offset);
2501 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2502 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2503 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2504 CRYPT_FREE(cd);
2505 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2506 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2507 EQ_(crypt_get_data_offset(cd), offset);
2508 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2509 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2510 CRYPT_FREE(cd);
2511
2512 // 512b all LUKS1 keyslots used
2513 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2514 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2515 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2516 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2517 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2518 CRYPT_FREE(cd);
2519 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2520 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2521 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2522 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2523 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2524 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2525 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2526 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2527 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2528 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2529 CRYPT_FREE(cd);
2530
2531 // detached headers
2532 // 128b
2533 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
2534 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2535 offset = crypt_get_data_offset(cd);
2536 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2537 EQ_(crypt_get_data_offset(cd), offset);
2538 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2539 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2540 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2541 CRYPT_FREE(cd);
2542 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
2543 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2544 EQ_(crypt_get_data_offset(cd), offset);
2545 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2546 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2547 CRYPT_FREE(cd);
2548
2549 // 128b all LUKS1 keyslots used
2550 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
2551 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2552 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2553 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2554 CRYPT_FREE(cd);
2555 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
2556 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2557 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2558 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2559 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2560 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2561 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2562 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2563 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2564 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2565 CRYPT_FREE(cd);
2566
2567 // 256b key
2568 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
2569 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2570 offset = crypt_get_data_offset(cd);
2571 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2572 EQ_(crypt_get_data_offset(cd), offset);
2573 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2574 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2575 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2576 CRYPT_FREE(cd);
2577 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
2578 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2579 EQ_(crypt_get_data_offset(cd), offset);
2580 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2581 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2582 CRYPT_FREE(cd);
2583
2584 // 256b all LUKS1 keyslots used
2585 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
2586 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2587 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2588 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2589 CRYPT_FREE(cd);
2590 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
2591 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2592 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2593 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2594 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2595 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2596 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2597 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2598 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2599 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2600 CRYPT_FREE(cd);
2601
2602 // 512b key
2603 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
2604 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2605 offset = crypt_get_data_offset(cd);
2606 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2607 EQ_(crypt_get_data_offset(cd), offset);
2608 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2609 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2610 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2611 CRYPT_FREE(cd);
2612 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
2613 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2614 EQ_(crypt_get_data_offset(cd), offset);
2615 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2616 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2617 CRYPT_FREE(cd);
2618
2619 // 512b all LUKS1 keyslots used
2620 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
2621 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2622 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2623 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2624 CRYPT_FREE(cd);
2625 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
2626 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2627 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2628 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2629 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2630 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2631 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2632 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2633 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2634 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2635 CRYPT_FREE(cd);
2636
2637 // detached LUKS1 header upconversion
2638 OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header should fit there
2639 OK_(crypt_init(&cd, DMDIR H_DEVICE));
2640 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
2641 OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
2642 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
2643 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space.");
2644 CRYPT_FREE(cd);
2645
2646 // 2050 sectors, empty file
2647 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2));
2648 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
2649 OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
2650 EQ_(crypt_get_data_offset(cd), 0);
2651 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
2652 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2653 CRYPT_FREE(cd);
2654
2655 _cleanup_dmdevices();
2656 }
2657
2658 static void Pbkdf(void)
2659 {
2660 const struct crypt_pbkdf_type *pbkdf;
2661
2662 const char *cipher = "aes", *mode="xts-plain64";
2663 struct crypt_pbkdf_type argon2 = {
2664 .type = CRYPT_KDF_ARGON2I,
2665 .hash = default_luks1_hash,
2666 .time_ms = 6,
2667 .max_memory_kb = 1024,
2668 .parallel_threads = 1
2669 }, pbkdf2 = {
2670 .type = CRYPT_KDF_PBKDF2,
2671 .hash = default_luks1_hash,
2672 .time_ms = 9
2673 }, bad = {
2674 .type = "hamster_pbkdf",
2675 .hash = default_luks1_hash
2676 };
2677 struct crypt_params_plain params = {
2678 .hash = "sha1",
2679 .skip = 0,
2680 .offset = 0,
2681 .size = 0
2682 };
2683 struct crypt_params_luks1 luks1 = {
2684 .hash = "sha512", // test non-standard hash
2685 .data_alignment = 2048,
2686 };
2687
2688 uint64_t r_payload_offset;
2689
2690 /* Only PBKDF2 is allowed in FIPS, these tests cannot be run. */
2691 if (_fips_mode)
2692 return;
2693
2694 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
2695 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
2696
2697 NULL_(crypt_get_pbkdf_type_params(NULL));
2698 NULL_(crypt_get_pbkdf_type_params("suslik"));
2699 NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2));
2700 OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
2701 NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2I));
2702 OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2I));
2703 NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2ID));
2704 OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2ID));
2705
2706 // test empty context
2707 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2708 NULL_(crypt_get_pbkdf_type(cd));
2709 OK_(crypt_set_pbkdf_type(cd, &argon2));
2710 NOTNULL_(crypt_get_pbkdf_type(cd));
2711 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2712 NOTNULL_(crypt_get_pbkdf_type(cd));
2713 OK_(crypt_set_pbkdf_type(cd, NULL));
2714 NOTNULL_(crypt_get_pbkdf_type(cd));
2715
2716 // test plain device
2717 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, mode, NULL, NULL, 32, ¶ms));
2718 OK_(crypt_set_pbkdf_type(cd, &argon2));
2719 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2720 OK_(crypt_set_pbkdf_type(cd, NULL));
2721 NOTNULL_(crypt_get_pbkdf_type(cd));
2722 CRYPT_FREE(cd);
2723
2724 // test LUKSv1 device
2725 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2726 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
2727 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Unsupported with non-LUKS2 devices");
2728 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2729 OK_(crypt_set_pbkdf_type(cd, NULL));
2730 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2731 EQ_(pbkdf->time_ms, default_luks1_iter_time);
2732 CRYPT_FREE(cd);
2733 // test value set in crypt_set_iteration_time() can be obtained via following crypt_get_pbkdf_type()
2734 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2735 crypt_set_iteration_time(cd, 42);
2736 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
2737 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2738 EQ_(pbkdf->time_ms, 42);
2739 // test crypt_get_pbkdf_type() returns expected values for LUKSv1
2740 OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
2741 OK_(strcmp(pbkdf->hash, default_luks1_hash));
2742 EQ_(pbkdf->max_memory_kb, 0);
2743 EQ_(pbkdf->parallel_threads, 0);
2744 crypt_set_iteration_time(cd, 43);
2745 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2746 EQ_(pbkdf->time_ms, 43);
2747 CRYPT_FREE(cd);
2748 // test whether crypt_get_pbkdf_type() after double crypt_load()
2749 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2750 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2751 crypt_set_iteration_time(cd, 42);
2752 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2753 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2754 EQ_(pbkdf->time_ms, 42);
2755 CRYPT_FREE(cd);
2756 // test whether hash passed via *params in crypt_load() has higher priority
2757 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2758 crypt_set_iteration_time(cd, 1);
2759 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, &luks1));
2760 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2761 OK_(strcmp(pbkdf->hash, luks1.hash));
2762 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2763 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2764 OK_(strcmp(pbkdf->hash, luks1.hash));
2765 CRYPT_FREE(cd);
2766
2767 // test LUKSv2 device
2768 // test default values are set
2769 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2770 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
2771 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2772 OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
2773 OK_(strcmp(pbkdf->hash, default_luks1_hash));
2774 EQ_(pbkdf->time_ms, default_luks2_iter_time);
2775 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2776 EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
2777 // set and verify argon2 type
2778 OK_(crypt_set_pbkdf_type(cd, &argon2));
2779 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2780 OK_(strcmp(pbkdf->type, argon2.type));
2781 OK_(strcmp(pbkdf->hash, argon2.hash));
2782 EQ_(pbkdf->time_ms, argon2.time_ms);
2783 EQ_(pbkdf->max_memory_kb, argon2.max_memory_kb);
2784 EQ_(pbkdf->parallel_threads, argon2.parallel_threads);
2785 // set and verify pbkdf2 type
2786 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2787 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2788 OK_(strcmp(pbkdf->type, pbkdf2.type));
2789 OK_(strcmp(pbkdf->hash, pbkdf2.hash));
2790 EQ_(pbkdf->time_ms, pbkdf2.time_ms);
2791 EQ_(pbkdf->max_memory_kb, pbkdf2.max_memory_kb);
2792 EQ_(pbkdf->parallel_threads, pbkdf2.parallel_threads);
2793 // reset and verify default values
2794 crypt_set_iteration_time(cd, 1); // it's supposed to override this call
2795 OK_(crypt_set_pbkdf_type(cd, NULL));
2796 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2797 OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
2798 OK_(strcmp(pbkdf->hash, default_luks1_hash));
2799 EQ_(pbkdf->time_ms, default_luks2_iter_time);
2800 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2801 EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
2802 // try to pass illegal values
2803 argon2.parallel_threads = 0;
2804 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0");
2805 argon2.parallel_threads = 1;
2806 argon2.max_memory_kb = 0;
2807 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Memory can't be 0");
2808 argon2.max_memory_kb = 1024;
2809 pbkdf2.parallel_threads = 1;
2810 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Parallel threads can't be set with pbkdf2 type");
2811 pbkdf2.parallel_threads = 0;
2812 pbkdf2.max_memory_kb = 512;
2813 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Memory can't be set with pbkdf2 type");
2814 FAIL_(crypt_set_pbkdf_type(cd, &bad), "Unknown type member");
2815 bad.type = CRYPT_KDF_PBKDF2;
2816 bad.hash = NULL;
2817 FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty");
2818 bad.type = NULL;
2819 bad.hash = default_luks1_hash;
2820 FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
2821 bad.hash = "hamster_hash";
2822 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
2823 CRYPT_FREE(cd);
2824 // test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
2825 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2826 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2827 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2828 OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
2829 OK_(strcmp(pbkdf->hash, default_luks1_hash));
2830 EQ_(pbkdf->time_ms, default_luks2_iter_time);
2831 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2832 EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
2833 crypt_set_iteration_time(cd, 1);
2834 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2835 OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
2836 OK_(strcmp(pbkdf->hash, default_luks1_hash));
2837 EQ_(pbkdf->time_ms, 1);
2838 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2839 EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
2840 CRYPT_FREE(cd);
2841
2842 // test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time()
2843 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2844 crypt_set_iteration_time(cd, 0);
2845 OK_(crypt_set_pbkdf_type(cd, &argon2));
2846 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2847 OK_(strcmp(pbkdf->type, argon2.type));
2848 EQ_(pbkdf->time_ms, argon2.time_ms);
2849
2850 // force iterations
2851 argon2.iterations = 33;
2852 argon2.flags = CRYPT_PBKDF_NO_BENCHMARK;
2853 OK_(crypt_set_pbkdf_type(cd, &argon2));
2854 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2855 EQ_(pbkdf->iterations, 33);
2856 EQ_(pbkdf->flags, CRYPT_PBKDF_NO_BENCHMARK);
2857
2858 // time may be unset with iterations
2859 argon2.time_ms = 0;
2860 OK_(crypt_set_pbkdf_type(cd, &argon2));
2861 argon2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
2862 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Illegal time value.");
2863
2864 pbkdf2.time_ms = 0;
2865 pbkdf2.flags = CRYPT_PBKDF_NO_BENCHMARK;
2866 pbkdf2.parallel_threads = 0;
2867 pbkdf2.max_memory_kb = 0;
2868 pbkdf2.iterations = 1000;
2869 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2870 pbkdf2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
2871 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Illegal time value.");
2872
2873 // hash is relevant only with pbkdf2
2874 pbkdf2.time_ms = 9;
2875 pbkdf2.hash = NULL;
2876 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2");
2877 pbkdf2.hash = "sha1";
2878 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2879
2880 argon2.time_ms = 9;
2881 argon2.hash = "sha1"; // will be ignored
2882 OK_(crypt_set_pbkdf_type(cd, &argon2));
2883 argon2.hash = NULL;
2884 OK_(crypt_set_pbkdf_type(cd, &argon2));
2885
2886 CRYPT_FREE(cd);
2887
2888 NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1));
2889 OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
2890 EQ_(pbkdf->time_ms, default_luks1_iter_time);
2891 OK_(strcmp(pbkdf->hash, default_luks1_hash));
2892 EQ_(pbkdf->max_memory_kb, 0);
2893 EQ_(pbkdf->parallel_threads, 0);
2894
2895 NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2));
2896 OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
2897 EQ_(pbkdf->time_ms, default_luks2_iter_time);
2898 OK_(strcmp(pbkdf->hash, default_luks1_hash));
2899 EQ_(pbkdf->max_memory_kb, default_luks2_memory_kb);
2900 EQ_(pbkdf->parallel_threads, default_luks2_parallel_threads);
2901
2902 NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN));
2903
2904 _cleanup_dmdevices();
2905 }
2906
2907 static void Luks2KeyslotAdd(void)
2908 {
2909 char key[128], key2[128], key_ret[128];
2910 const char *cipher = "aes", *cipher_mode="xts-plain64";
2911 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
2912 const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
2913 size_t key_ret_len, key_size = strlen(mk_hex) / 2;
2914 uint64_t r_payload_offset;
2915 struct crypt_pbkdf_type pbkdf = {
2916 .type = "argon2i",
2917 .hash = "sha256",
2918 .iterations = 4,
2919 .max_memory_kb = 32,
2920 .parallel_threads = 1,
2921 .flags = CRYPT_PBKDF_NO_BENCHMARK,
2922 };
2923 struct crypt_params_luks2 params2 = {
2924 .pbkdf = &pbkdf,
2925 .sector_size = TST_SECTOR_SIZE
2926 };
2927
2928 crypt_decode_key(key, mk_hex, key_size);
2929 crypt_decode_key(key2, mk_hex2, key_size);
2930
2931 /* Cannot use Argon2 in FIPS */
2932 if (_fips_mode) {
2933 pbkdf.type = CRYPT_KDF_PBKDF2;
2934 pbkdf.parallel_threads = 0;
2935 pbkdf.max_memory_kb = 0;
2936 pbkdf.iterations = 1000;
2937 }
2938
2939 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
2940 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
2941
2942 /* test crypt_keyslot_add_by_key */
2943 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2944 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms2));
2945 EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
2946 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
2947 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
2948 EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_UNBOUND);
2949 /* must not activate volume with keyslot unassigned to a segment */
2950 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0), "Key doesn't match volume key digest");
2951 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), "Keyslot not assigned to volume");
2952 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), "No keyslot assigned to volume with this passphrase");
2953 /* unusable for volume activation even in test mode */
2954 FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Key doesn't match volume key digest");
2955 /* otoh passphrase check should pass */
2956 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
2957 EQ_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
2958 /* in general crypt_keyslot_add_by_key must allow any reasonable key size
2959 * even though such keyslot will not be usable for segment encryption */
2960 EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size-1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
2961 EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 13, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
2962
2963 FAIL_(crypt_keyslot_get_key_size(cd, CRYPT_ANY_SLOT), "Bad keyslot specification.");
2964 EQ_(crypt_get_volume_key_size(cd), key_size);
2965 EQ_(crypt_keyslot_get_key_size(cd, 0), key_size);
2966 EQ_(crypt_keyslot_get_key_size(cd, 1), key_size);
2967 EQ_(crypt_keyslot_get_key_size(cd, 2), key_size-1);
2968 EQ_(crypt_keyslot_get_key_size(cd, 3), 13);
2969
2970 key_ret_len = key_size - 1;
2971 FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "Wrong size");
2972
2973 key_ret_len = 13;
2974 FAIL_(crypt_volume_key_get(cd, 2, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "wrong size");
2975 EQ_(crypt_volume_key_get(cd, 3, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 3);
2976 FAIL_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0), "Not a volume key");
2977 key_ret_len = key_size;
2978 EQ_(crypt_volume_key_get(cd, 1, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
2979
2980 /* test force volume key change works as expected */
2981 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
2982 OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
2983 OK_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0));
2984 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0));
2985 OK_(crypt_deactivate(cd, CDEVICE_1));
2986 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
2987 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
2988 OK_(crypt_deactivate(cd, CDEVICE_1));
2989 /* old keyslot must be unusable */
2990 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Key doesn't match volume key digest");
2991 FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Key doesn't match volume key digest");
2992 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "Keyslot not assigned to volume");
2993 EQ_(crypt_keyslot_add_by_passphrase(cd, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
2994 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1)), 6);
2995 /* regression test. check new keyslot is properly assigned to new volume key digest */
2996 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
2997 OK_(crypt_deactivate(cd, CDEVICE_1));
2998 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE1, strlen(PASSPHRASE1), 0), 6);
2999 OK_(crypt_deactivate(cd, CDEVICE_1));
3000
3001 CRYPT_FREE(cd);
3002
3003 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3004 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms2));
3005 /* keyslot 0, volume key, digest 0 */
3006 EQ_(crypt_keyslot_add_by_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
3007 /* keyslot 1, unbound key, digest 1 */
3008 EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
3009 /* keyslot 2, unbound key, digest 1 */
3010 EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 2);
3011 /* keyslot 3, unbound key, digest 2 */
3012 EQ_(crypt_keyslot_add_by_key(cd, 3, key2, key_size - 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 3);
3013 /* keyslot 4, unbound key, digest 1 */
3014 EQ_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 4);
3015 FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET), "Illegal");
3016 FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET | CRYPT_VOLUME_KEY_DIGEST_REUSE), "Illegal");
3017 /* Such key doesn't exist, nothing to reuse */
3018 FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size - 2, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), "Key digest doesn't match any existing.");
3019 /* Keyslot 5, volume key, digest 0 */
3020 EQ_(crypt_keyslot_add_by_key(cd, 5, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), 5);
3021
3022 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
3023 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
3024 OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
3025 FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Not a volume key");
3026 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
3027 OK_(crypt_deactivate(cd, CDEVICE_1));
3028 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 2, PASSPHRASE1, strlen(PASSPHRASE1), 0), 2);
3029 OK_(crypt_deactivate(cd, CDEVICE_1));
3030 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "No volume key keyslot");
3031
3032 /* TODO: key is unusable with aes-xts */
3033 // FAIL_(crypt_keyslot_add_by_key(cd, 3, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), "Unusable key with segment cipher");
3034
3035 EQ_(crypt_keyslot_add_by_key(cd, 5, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 5);
3036 FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Not a volume key");
3037 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
3038 OK_(crypt_deactivate(cd, CDEVICE_1));
3039
3040 CRYPT_FREE(cd);
3041
3042 _cleanup_dmdevices();
3043 }
3044
3045 static void Luks2KeyslotParams(void)
3046 {
3047 char key[128], key2[128];
3048 const char *cipher = "aes", *cipher_mode="xts-plain64";
3049 const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-essiv:sha256";
3050 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
3051 const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
3052 size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16;
3053 uint64_t r_payload_offset;
3054
3055 crypt_decode_key(key, mk_hex, key_size);
3056 crypt_decode_key(key2, mk_hex2, key_size);
3057
3058 OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
3059 OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
3060
3061 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
3062 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
3063
3064 EQ_(key_size, 2 * keyslot_key_size);
3065 /* test crypt_keyslot_add_by_key */
3066 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3067 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
3068 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
3069 NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
3070 OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
3071 EQ_(key_size_ret, key_size);
3072
3073 // Normal slots
3074 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
3075 EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
3076 EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
3077 EQ_(6, crypt_keyslot_add_by_keyfile(cd, 6, KEYFILE1, 0, KEYFILE2, 0));
3078
3079 // Slots with different encryption type
3080 OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
3081 OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_keyslot));
3082 EQ_(key_size_ret, keyslot_key_size);
3083
3084 EQ_(3, crypt_keyslot_add_by_volume_key(cd, 3, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
3085 EQ_(4, crypt_keyslot_add_by_passphrase(cd, 4, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
3086 EQ_(5, crypt_keyslot_add_by_key(cd, 5, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
3087 EQ_(7, crypt_keyslot_add_by_keyfile(cd, 7, KEYFILE1, 0, KEYFILE2, 0));
3088
3089 CRYPT_FREE(cd);
3090
3091 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3092 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3093
3094 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE);
3095 OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
3096 EQ_(key_size_ret, key_size);
3097
3098 EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE);
3099 OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_spec));
3100 EQ_(key_size_ret, key_size);
3101
3102 EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_UNBOUND);
3103 OK_(strcmp(crypt_keyslot_get_encryption(cd, 2, &key_size_ret), cipher_spec));
3104 EQ_(key_size_ret, key_size);
3105
3106 EQ_(crypt_keyslot_status(cd, 6), CRYPT_SLOT_ACTIVE);
3107 OK_(strcmp(crypt_keyslot_get_encryption(cd, 6, &key_size_ret), cipher_spec));
3108 EQ_(key_size_ret, key_size);
3109
3110 EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE);
3111 OK_(strcmp(crypt_keyslot_get_encryption(cd, 3, &key_size_ret), cipher_keyslot));
3112 EQ_(key_size_ret, keyslot_key_size);
3113
3114 EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE);
3115 OK_(strcmp(crypt_keyslot_get_encryption(cd, 4, &key_size_ret), cipher_keyslot));
3116 EQ_(key_size_ret, keyslot_key_size);
3117
3118 EQ_(crypt_keyslot_status(cd, 5), CRYPT_SLOT_UNBOUND);
3119 OK_(strcmp(crypt_keyslot_get_encryption(cd, 5, &key_size_ret), cipher_keyslot));
3120 EQ_(key_size_ret, keyslot_key_size);
3121
3122 EQ_(crypt_keyslot_status(cd, 7), CRYPT_SLOT_ACTIVE);
3123 OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_keyslot));
3124 EQ_(key_size_ret, keyslot_key_size);
3125
3126 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
3127 EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
3128 OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spec));
3129 EQ_(key_size_ret, key_size);
3130
3131 /* Revert to default */
3132 EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
3133 OK_(strcmp(crypt_keyslot_get_encryption(cd, 9, &key_size_ret), cipher_spec));
3134 EQ_(key_size_ret, key_size);
3135
3136 /* Set new encryption params */
3137 OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
3138
3139 EQ_(1, crypt_keyslot_change_by_passphrase(cd, 8, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
3140 OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_keyslot));
3141 EQ_(key_size_ret, keyslot_key_size);
3142
3143 EQ_(10, crypt_keyslot_change_by_passphrase(cd, 2, 10, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
3144 OK_(strcmp(crypt_keyslot_get_encryption(cd, 10, &key_size_ret), cipher_keyslot));
3145 EQ_(key_size_ret, keyslot_key_size);
3146
3147 EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
3148 OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_keyslot));
3149 EQ_(key_size_ret, keyslot_key_size);
3150
3151 CRYPT_FREE(cd);
3152
3153 /* LUKS1 compatible calls */
3154 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3155 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
3156 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL));
3157 NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
3158 OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
3159 EQ_(key_size_ret, key_size);
3160 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
3161 OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
3162 EQ_(key_size_ret, key_size);
3163 CRYPT_FREE(cd);
3164
3165 /* LUKS2 cipher null checks */
3166 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3167 OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
3168 OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
3169 FAIL_(crypt_keyslot_set_encryption(cd, "null", 32), "cipher null is not allowed");
3170 FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null", 32), "cipher null is not allowed");
3171 FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null-ecb", 32), "cipher null is not allowed");
3172 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
3173 NOTNULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
3174 NULL_(strstr(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), "null"));
3175 CRYPT_FREE(cd);
3176
3177 _cleanup_dmdevices();
3178 _remove_keyfiles();
3179 }
3180
3181 static void Luks2ActivateByKeyring(void)
3182 {
3183 #ifdef KERNEL_KEYRING
3184
3185 key_serial_t kid, kid1;
3186 uint64_t r_payload_offset;
3187
3188 const char *cipher = "aes";
3189 const char *cipher_mode = "xts-plain64";
3190
3191 if (!t_dm_crypt_keyring_support()) {
3192 printf("WARNING: Kernel keyring not supported, skipping test.\n");
3193 return;
3194 }
3195
3196 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
3197 NOTFAIL_(kid, "Test or kernel keyring are broken.");
3198 kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
3199 NOTFAIL_(kid1, "Test or kernel keyring are broken.");
3200
3201 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
3202 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
3203
3204 // prepare the device
3205 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3206 OK_(set_fast_pbkdf(cd));
3207 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
3208 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
3209 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
3210 EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 2);
3211 CRYPT_FREE(cd);
3212
3213 // FIXME: all following tests work as expected but most error messages are missing
3214 // check activate by keyring works exactly same as by passphrase
3215 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3216 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3217 EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0), 0);
3218 EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), 0);
3219 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
3220 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), "already open");
3221 OK_(crypt_deactivate(cd, CDEVICE_1));
3222 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
3223 EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
3224 EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 2, 0), 2);
3225 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 1, 0), "Keyslot not assigned to volume");
3226 EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), 2);
3227 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
3228 OK_(crypt_deactivate(cd, CDEVICE_1));
3229 EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, CRYPT_ANY_SLOT, 0), 2);
3230 OK_(crypt_deactivate(cd, CDEVICE_1));
3231 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 2, 0), "Failed to unclock keyslot");
3232 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 0, 0), "Failed to unclock keyslot");
3233 CRYPT_FREE(cd);
3234
3235 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
3236 NOTFAIL_(keyctl_unlink(kid1, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
3237
3238 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3239 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3240 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
3241 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
3242 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), "no such key in keyring");
3243 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, 0), "no such key in keyring");
3244 CRYPT_FREE(cd);
3245 _cleanup_dmdevices();
3246 #else
3247 printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
3248 #endif
3249 }
3250
3251 static void Luks2Requirements(void)
3252 {
3253 int r;
3254 char key[128];
3255 size_t key_size = 128;
3256 const struct crypt_pbkdf_type *pbkdf;
3257 #ifdef KERNEL_KEYRING
3258 key_serial_t kid;
3259 #endif
3260 uint32_t flags;
3261 uint64_t dummy, r_payload_offset;
3262 struct crypt_active_device cad;
3263
3264 const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}";
3265 struct crypt_pbkdf_type argon2 = {
3266 .type = CRYPT_KDF_ARGON2I,
3267 .hash = default_luks1_hash,
3268 .time_ms = 6,
3269 .max_memory_kb = 1024,
3270 .parallel_threads = 1
3271 }, pbkdf2 = {
3272 .type = CRYPT_KDF_PBKDF2,
3273 .hash = default_luks1_hash,
3274 .time_ms = 9
3275 };
3276 struct crypt_token_params_luks2_keyring params_get, params = {
3277 .key_description = KEY_DESC_TEST0
3278 };
3279
3280 OK_(prepare_keyfile(KEYFILE1, "aaa", 3));
3281 OK_(prepare_keyfile(KEYFILE2, "xxx", 3));
3282
3283 /* crypt_load (unrestricted) */
3284 OK_(crypt_init(&cd, DEVICE_5));
3285 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
3286 CRYPT_FREE(cd);
3287
3288 OK_(crypt_init(&cd, DEVICE_5));
3289 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3290
3291 /* crypt_dump (unrestricted) */
3292 reset_log();
3293 OK_(crypt_dump(cd));
3294 OK_(!(global_lines != 0));
3295 reset_log();
3296
3297 /* get & set pbkdf params (unrestricted) */
3298 if (!_fips_mode) {
3299 OK_(crypt_set_pbkdf_type(cd, &argon2));
3300 NOTNULL_(crypt_get_pbkdf_type(cd));
3301 }
3302
3303 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
3304 NOTNULL_(crypt_get_pbkdf_type(cd));
3305
3306 /* crypt_set_iteration_time (unrestricted) */
3307 crypt_set_iteration_time(cd, 1);
3308 pbkdf = crypt_get_pbkdf_type(cd);
3309 NOTNULL_(pbkdf);
3310 EQ_(pbkdf->time_ms, 1);
3311
3312 /* crypt_convert (restricted) */
3313 FAIL_((r = crypt_convert(cd, CRYPT_LUKS1, NULL)), "Unmet requirements detected");
3314 EQ_(r, -ETXTBSY);
3315
3316 /* crypt_set_uuid (restricted) */
3317 FAIL_((r = crypt_set_uuid(cd, NULL)), "Unmet requirements detected");
3318 EQ_(r, -ETXTBSY);
3319
3320 /* crypt_set_label (restricted) */
3321 FAIL_((r = crypt_set_label(cd, "label", "subsystem")), "Unmet requirements detected");
3322 EQ_(r, -ETXTBSY);
3323
3324 /* crypt_repair (with current repair capabilities it's unrestricted) */
3325 OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
3326
3327 /* crypt_keyslot_add_passphrase (restricted) */
3328 FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
3329 EQ_(r, -ETXTBSY);
3330
3331 /* crypt_keyslot_change_by_passphrase (restricted) */
3332 FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
3333 EQ_(r, -ETXTBSY);
3334
3335 /* crypt_keyslot_add_by_keyfile (restricted) */
3336 FAIL_((r = crypt_keyslot_add_by_keyfile(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, KEYFILE2, 0)), "Unmet requirements detected");
3337 EQ_(r, -ETXTBSY);
3338
3339 /* crypt_keyslot_add_by_keyfile_offset (restricted) */
3340 FAIL_((r = crypt_keyslot_add_by_keyfile_offset(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, 0, KEYFILE2, 0, 0)), "Unmet requirements detected");
3341 EQ_(r, -ETXTBSY);
3342
3343 /* crypt_volume_key_get (unrestricted, but see below) */
3344 OK_(crypt_volume_key_get(cd, 0, key, &key_size, "aaa", 3));
3345
3346 /* crypt_keyslot_add_by_volume_key (restricted) */
3347 FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3)), "Unmet requirements detected");
3348 EQ_(r, -ETXTBSY);
3349
3350 /* crypt_keyslot_add_by_key (restricted) */
3351 FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, "xxx", 3, CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected");
3352 EQ_(r, -ETXTBSY);
3353
3354 /* crypt_keyslot_add_by_key (restricted) */
3355 FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3, 0)), "Unmet requirements detected");
3356 EQ_(r, -ETXTBSY);
3357
3358 /* crypt_persistent_flasgs_set (restricted) */
3359 FAIL_((r = crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, CRYPT_ACTIVATE_ALLOW_DISCARDS)), "Unmet requirements detected");
3360 EQ_(r, -ETXTBSY);
3361
3362 /* crypt_persistent_flasgs_get (unrestricted) */
3363 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
3364 EQ_(flags, (uint32_t) CRYPT_REQUIREMENT_UNKNOWN);
3365
3366 /* crypt_activate_by_passphrase (restricted for activation only) */
3367 FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)), "Unmet requirements detected");
3368 EQ_(r, -ETXTBSY);
3369 OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, 0));
3370 OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3371 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
3372
3373 /* crypt_activate_by_keyfile (restricted for activation only) */
3374 FAIL_((r = crypt_activate_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
3375 EQ_(r, -ETXTBSY);
3376 OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, 0));
3377 OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3378
3379 /* crypt_activate_by_volume_key (restricted for activation only) */
3380 FAIL_((r = crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)), "Unmet requirements detected");
3381 EQ_(r, -ETXTBSY);
3382 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
3383 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3384
3385 #ifdef KERNEL_KEYRING
3386 if (t_dm_crypt_keyring_support()) {
3387 kid = add_key("user", KEY_DESC_TEST0, "aaa", 3, KEY_SPEC_THREAD_KEYRING);
3388 NOTFAIL_(kid, "Test or kernel keyring are broken.");
3389
3390 /* crypt_activate_by_keyring (restricted for activation only) */
3391 FAIL_((r = crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0)), "Unmet requirements detected");
3392 EQ_(r, t_dm_crypt_keyring_support() ? -ETXTBSY : -EINVAL);
3393 OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0));
3394 OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY));
3395 }
3396 #endif
3397
3398 /* crypt_volume_key_verify (unrestricted) */
3399 OK_(crypt_volume_key_verify(cd, key, key_size));
3400
3401 /* crypt_get_cipher (unrestricted) */
3402 OK_(strcmp(crypt_get_cipher(cd)?:"", "aes"));
3403
3404 /* crypt_get_cipher_mode (unrestricted) */
3405 OK_(strcmp(crypt_get_cipher_mode(cd)?:"", "xts-plain64"));
3406
3407 /* crypt_get_uuid (unrestricted) */
3408 NOTNULL_(crypt_get_uuid(cd));
3409
3410 /* crypt_get_device_name (unrestricted) */
3411 NOTNULL_(crypt_get_device_name(cd));
3412
3413 /* crypt_get_data_offset (unrestricted) */
3414 OK_(!crypt_get_data_offset(cd));
3415
3416 /* crypt_get_iv_offset (unrestricted, nothing to test) */
3417
3418 /* crypt_get_volume_key_size (unrestricted) */
3419 EQ_(crypt_get_volume_key_size(cd), key_size);
3420
3421 /* crypt_keyslot_status (unrestricted) */
3422 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
3423 EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_INACTIVE);
3424
3425 /* crypt_keyslot_get_priority (unrestricted) */
3426 EQ_(crypt_keyslot_get_priority(cd, 0), CRYPT_SLOT_PRIORITY_NORMAL);
3427
3428 /* crypt_keyslot_set_priority (restricted) */
3429 FAIL_((r = crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_PREFER)), "Unmet requirements detected");
3430 EQ_(r, -ETXTBSY);
3431
3432 /* crypt_keyslot_area (unrestricted) */
3433 OK_(crypt_keyslot_area(cd, 0, &dummy, &dummy));
3434 OK_(!dummy);
3435
3436 /* crypt_header_backup (unrestricted) */
3437 remove(BACKUP_FILE);
3438 OK_(crypt_header_backup(cd, CRYPT_LUKS, BACKUP_FILE));
3439
3440 /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
3441 FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
3442 EQ_(r, -ETXTBSY);
3443 remove(BACKUP_FILE);
3444
3445 /* crypt_token_json_set (restricted) */
3446 FAIL_((r = crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json)), "Unmet requirements detected");
3447 EQ_(r, -ETXTBSY);
3448
3449 /* crypt_token_json_get (unrestricted) */
3450 OK_(crypt_token_json_get(cd, 0, &token));
3451 NOTNULL_(strstr(token, "user_type"));
3452
3453 /* crypt_token_status (unrestricted) */
3454 EQ_(crypt_token_status(cd, 0, &token), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
3455 OK_(strcmp(token, "user_type"));
3456 EQ_(crypt_token_status(cd, 1, &token), CRYPT_TOKEN_INTERNAL);
3457 OK_(strcmp(token, "luks2-keyring"));
3458 EQ_(crypt_token_status(cd, 2, NULL), CRYPT_TOKEN_INACTIVE);
3459 EQ_(crypt_token_status(cd, 6, &token), CRYPT_TOKEN_INTERNAL_UNKNOWN);
3460
3461 /* crypt_token_luks2_keyring_set (restricted) */
3462 FAIL_((r = crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, ¶ms)), "Unmet requirements detected");
3463 EQ_(r, -ETXTBSY);
3464
3465 /* crypt_token_luks2_keyring_get (unrestricted) */
3466 EQ_(crypt_token_luks2_keyring_get(cd, 1, ¶ms_get), 1);
3467 OK_(strcmp(params_get.key_description, KEY_DESC_TEST0));
3468
3469 /* crypt_token_assign_keyslot (unrestricted) */
3470 FAIL_((r = crypt_token_assign_keyslot(cd, 0, 1)), "Unmet requirements detected");
3471 EQ_(r, -ETXTBSY);
3472
3473 /* crypt_token_unassign_keyslot (unrestricted) */
3474 FAIL_((r = crypt_token_unassign_keyslot(cd, CRYPT_ANY_TOKEN, CRYPT_ANY_SLOT)), "Unmet requirements detected");
3475 EQ_(r, -ETXTBSY);
3476
3477 /* crypt_activate_by_token (restricted for activation only) */
3478 #ifdef KERNEL_KEYRING
3479 if (t_dm_crypt_keyring_support()) {
3480 FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent
3481 EQ_(r, -ETXTBSY);
3482 OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0));
3483 OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY));
3484 }
3485 #endif
3486 OK_(get_luks2_offsets(0, 8192, 0, NULL, &r_payload_offset));
3487 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 2));
3488 //OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" NO_REQS_LUKS2_HEADER " bs=4096 2>/dev/null", 1));
3489 OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3490
3491 /* need to fake activated LUKSv2 device with requirements features */
3492 CRYPT_FREE(cd);
3493 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3494 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
3495 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
3496 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
3497 /* replace header with no requirements */
3498 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3499 CRYPT_FREE(cd);
3500
3501 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_5));
3502 CRYPT_FREE(cd);
3503 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3504
3505 /* crypt_header_restore (restricted with confirmation required) */
3506 /* allow force restore over device header w/ requirements */
3507 OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
3508 remove(BACKUP_FILE);
3509 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3510 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); /* create backup with requirements */
3511
3512 /* crypt_suspend (restricted) */
3513 FAIL_((r = crypt_suspend(cd, CDEVICE_1)), "Unmet requirements detected");
3514 EQ_(r, -ETXTBSY);
3515 CRYPT_FREE(cd);
3516
3517 /* replace header again to suspend the device */
3518 OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3519 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3520 OK_(crypt_suspend(cd, CDEVICE_1));
3521
3522 /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
3523 /* refuse to overwrite header w/ backup including requirements */
3524 FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
3525 EQ_(r, -ETXTBSY);
3526
3527 CRYPT_FREE(cd);
3528
3529 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3530 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3531
3532 /* crypt_resume_by_passphrase (restricted) */
3533 FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)), "Unmet requirements detected");
3534 EQ_(r, -ETXTBSY);
3535
3536 /* crypt_resume_by_keyfile (restricted) */
3537 FAIL_((r = crypt_resume_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0)), "Unmet requirements detected");
3538 EQ_(r, -ETXTBSY);
3539
3540 /* crypt_resume_by_keyfile_offset (restricted) */
3541 FAIL_((r = crypt_resume_by_keyfile_offset(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
3542 EQ_(r, -ETXTBSY);
3543 CRYPT_FREE(cd);
3544
3545 OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3546 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3547 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3));
3548 CRYPT_FREE(cd);
3549 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3550
3551 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3552 /* load VK in keyring */
3553 OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3554 /* crypt_resize (restricted) */
3555 FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected");
3556 EQ_(r, -ETXTBSY);
3557 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
3558
3559 /* crypt_get_active_device (unrestricted) */
3560 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3561 #ifdef KERNEL_KEYRING
3562 if (t_dm_crypt_keyring_support())
3563 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
3564 #endif
3565
3566 /* crypt_deactivate (unrestricted) */
3567 OK_(crypt_deactivate(cd, CDEVICE_1));
3568
3569 /* crypt_token_is_assigned (unrestricted) */
3570 OK_(crypt_token_is_assigned(cd, 1, 0));
3571 OK_(crypt_token_is_assigned(cd, 6, 0));
3572 EQ_(crypt_token_is_assigned(cd, 0, 0), -ENOENT);
3573
3574 /* crypt_keyslot_destroy (unrestricted) */
3575 OK_(crypt_keyslot_destroy(cd, 0));
3576
3577 CRYPT_FREE(cd);
3578 _cleanup_dmdevices();
3579 }
3580
3581 static void Luks2Integrity(void)
3582 {
3583 struct crypt_params_integrity ip = {};
3584 struct crypt_params_luks2 params = {
3585 .sector_size = 512,
3586 .integrity = "hmac(sha256)"
3587 };
3588 size_t key_size = 32 + 32;
3589 const char *passphrase = "blabla";
3590 const char *cipher = "aes";
3591 const char *cipher_mode = "xts-random";
3592 int ret;
3593
3594 // FIXME: This is just a stub
3595 OK_(crypt_init(&cd, DEVICE_2));
3596 ret = crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, ¶ms);
3597 if (ret < 0) {
3598 printf("WARNING: cannot format integrity device, skipping test.\n");
3599 CRYPT_FREE(cd);
3600 return;
3601 }
3602
3603 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, passphrase, strlen(passphrase)), 7);
3604 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, passphrase, strlen(passphrase) ,0), 7);
3605 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
3606 CRYPT_FREE(cd);
3607
3608 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_2, NULL));
3609 OK_(crypt_get_integrity_info(cd, &ip));
3610 OK_(strcmp(cipher, crypt_get_cipher(cd)));
3611 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
3612 OK_(strcmp("hmac(sha256)", ip.integrity));
3613 EQ_(32, ip.integrity_key_size);
3614 EQ_(32+16, ip.tag_size);
3615 OK_(crypt_deactivate(cd, CDEVICE_2));
3616 CRYPT_FREE(cd);
3617
3618 OK_(crypt_init(&cd, DEVICE_2));
3619 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size - 32, ¶ms), "Wrong key size.");
3620 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, "xts-plainx", NULL, NULL, key_size, ¶ms), "Wrong cipher.");
3621 CRYPT_FREE(cd);
3622 }
3623
3624 static int check_flag(uint32_t flags, uint32_t flag)
3625 {
3626 return (flags & flag) ? 0 : -1;
3627 }
3628
3629 static void Luks2Refresh(void)
3630 {
3631 uint64_t r_payload_offset;
3632 char key[128], key1[128];
3633 const char *cipher = "aes", *mode = "xts-plain64";
3634 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c645be6a5b84818afe7a78a6de7a1a";
3635 const char *mk_hex2 = "bb22158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
3636 size_t key_size = strlen(mk_hex) / 2;
3637 struct crypt_params_luks2 params = {
3638 .sector_size = 512,
3639 .integrity = "aead"
3640 };
3641 struct crypt_active_device cad = {};
3642
3643 crypt_decode_key(key, mk_hex, key_size);
3644 crypt_decode_key(key1, mk_hex2, key_size);
3645
3646 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
3647 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
3648 OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 5000));
3649 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
3650 OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset));
3651
3652 /* prepare test device */
3653 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3654 OK_(set_fast_pbkdf(cd));
3655 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, key, 32, NULL));
3656 OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
3657 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
3658
3659 /* check we can refresh significant flags */
3660 if (t_dm_crypt_discard_support()) {
3661 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS));
3662 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3663 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_ALLOW_DISCARDS));
3664 cad.flags = 0;
3665 }
3666
3667 if (t_dm_crypt_cpu_switch_support()) {
3668 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT));
3669 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3670 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SAME_CPU_CRYPT));
3671 cad.flags = 0;
3672
3673 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3674 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3675 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3676 cad.flags = 0;
3677
3678 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3679 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3680 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3681 cad.flags = 0;
3682 }
3683
3684 OK_(crypt_volume_key_keyring(cd, 0));
3685 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3686 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3687 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised.");
3688 cad.flags = 0;
3689
3690 #ifdef KERNEL_KEYRING
3691 if (t_dm_crypt_keyring_support()) {
3692 OK_(crypt_volume_key_keyring(cd, 1));
3693 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3694 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3695 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY));
3696 cad.flags = 0;
3697 }
3698 #endif
3699
3700 /* multiple flags at once */
3701 if (t_dm_crypt_discard_support() && t_dm_crypt_cpu_switch_support()) {
3702 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
3703 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3704 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
3705 cad.flags = 0;
3706 }
3707
3708 /* do not allow reactivation with read-only (and drop flag silently because activation behaves exactly same) */
3709 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY));
3710 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3711 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY), "Reactivated with read-only flag.");
3712 cad.flags = 0;
3713
3714 /* reload flag is dropped silently */
3715 OK_(crypt_deactivate(cd, CDEVICE_1));
3716 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3717
3718 /* check read-only flag is not lost after reload */
3719 OK_(crypt_deactivate(cd, CDEVICE_1));
3720 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_READONLY));
3721 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3722 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3723 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY));
3724 cad.flags = 0;
3725
3726 /* check LUKS2 with auth. enc. reload */
3727 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
3728 if (!crypt_format(cd2, CRYPT_LUKS2, "aes", "gcm-random", crypt_get_uuid(cd), key, 32, ¶ms)) {
3729 OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, "aaa", 3));
3730 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, 0));
3731 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL));
3732 OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
3733 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL));
3734 cad.flags = 0;
3735 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3736 OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
3737 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3738 cad.flags = 0;
3739 OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3740 OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
3741 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL), "");
3742 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS), "");
3743 FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context");
3744 OK_(crypt_deactivate(cd2, CDEVICE_2));
3745 } else {
3746 printf("WARNING: cannot format integrity device, skipping few reload tests.\n");
3747 }
3748 CRYPT_FREE(cd2);
3749
3750 /* Use LUKS1 context on LUKS2 device */
3751 OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
3752 OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
3753 OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, "aaa", 3));
3754 FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context");
3755 CRYPT_FREE(cd2);
3756
3757 /* Use PLAIN context on LUKS2 device */
3758 OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
3759 OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, mode, NULL, key, 32, NULL));
3760 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
3761 FAIL_(crypt_activate_by_volume_key(cd2, CDEVICE_1, key, key_size, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with PLAIN context");
3762 OK_(crypt_deactivate(cd2, CDEVICE_2));
3763 CRYPT_FREE(cd2);
3764
3765 /* (snapshot-like case) */
3766 /* try to refresh almost identical device (differs only in major:minor of data device) */
3767 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
3768 OK_(set_fast_pbkdf(cd2));
3769 OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
3770 OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
3771 FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device");
3772
3773 OK_(crypt_deactivate(cd, CDEVICE_1));
3774
3775 CRYPT_FREE(cd);
3776 CRYPT_FREE(cd2);
3777
3778 _cleanup_dmdevices();
3779 }
3780
3781 static void Luks2Flags(void)
3782 {
3783 uint32_t flags = 42;
3784
3785 OK_(crypt_init(&cd, DEVICE_1));
3786 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3787
3788 /* check library erase passed variable on success when no flags set */
3789 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
3790 EQ_(flags, 0);
3791
3792 /* check set and get behave as expected */
3793 flags = CRYPT_ACTIVATE_ALLOW_DISCARDS;
3794 OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
3795 flags = 0;
3796 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
3797 EQ_(flags, CRYPT_ACTIVATE_ALLOW_DISCARDS);
3798
3799 flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
3800 OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
3801 flags = (uint32_t)~0;
3802 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
3803 EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS);
3804
3805 CRYPT_FREE(cd);
3806 }
3807
3808 #if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
3809 static int test_progress(uint64_t size __attribute__((unused)),
3810 uint64_t offset __attribute__((unused)),
3811 void *usrptr __attribute__((unused)))
3812 {
3813 while (--test_progress_steps)
3814 return 0;
3815 return 1;
3816 }
3817
3818 static void Luks2Reencryption(void)
3819 {
3820 /* reencryption currently depends on kernel keyring support */
3821 /* NOTES:
3822 * - reencryption requires luks2 parameters. can we avoid it?
3823 */
3824 uint32_t getflags;
3825 uint64_t r_header_size, r_size_1;
3826 struct crypt_active_device cad;
3827 struct crypt_pbkdf_type pbkdf = {
3828 .type = CRYPT_KDF_ARGON2I,
3829 .hash = "sha256",
3830 .parallel_threads = 1,
3831 .max_memory_kb = 128,
3832 .iterations = 4,
3833 .flags = CRYPT_PBKDF_NO_BENCHMARK
3834 };
3835 struct crypt_params_luks2 params2 = {
3836 .pbkdf = &pbkdf,
3837 .sector_size = 4096
3838 };
3839 struct crypt_params_reencrypt retparams = {}, rparams = {
3840 .direction = CRYPT_REENCRYPT_FORWARD,
3841 .resilience = "checksum",
3842 .hash = "sha1",
3843 .luks2 = ¶ms2,
3844 };
3845 dev_t devno;
3846
3847 const char *mk_hex = "bb21babe733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
3848 size_t key_size = strlen(mk_hex) / 2;
3849 char key[128];
3850
3851 crypt_decode_key(key, mk_hex, key_