"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/api-test-2.c" (13 Jan 2022, 197695 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "api-test-2.c": 2.4.2_vs_2.4.3.

    1 /*
    2  * cryptsetup library LUKS2 API check functions
    3  *
    4  * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
    5  * Copyright (C) 2009-2021 Milan Broz
    6  * Copyright (C) 2016-2021 Ondrej Kozina
    7  *
    8  * This program is free software; you can redistribute it and/or
    9  * modify it under the terms of the GNU General Public License
   10  * as published by the Free Software Foundation; either version 2
   11  * of the License, or (at your option) any later version.
   12  *
   13  * This program is distributed in the hope that it will be useful,
   14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16  * GNU General Public License for more details.
   17  *
   18  * You should have received a copy of the GNU General Public License
   19  * along with this program; if not, write to the Free Software
   20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
   21  */
   22 
   23 #include <stdbool.h>
   24 #include <stdlib.h>
   25 #include <string.h>
   26 #include <unistd.h>
   27 #include <fcntl.h>
   28 #include <errno.h>
   29 #include <signal.h>
   30 #include <sys/stat.h>
   31 #include <inttypes.h>
   32 #include <sys/types.h>
   33 #ifdef KERNEL_KEYRING
   34 #include <linux/keyctl.h>
   35 #include <sys/syscall.h>
   36 #ifndef HAVE_KEY_SERIAL_T
   37 #define HAVE_KEY_SERIAL_T
   38 #include <stdint.h>
   39 typedef int32_t key_serial_t;
   40 #endif
   41 #endif
   42 
   43 #include "api_test.h"
   44 #include "luks1/luks.h"
   45 #include "libcryptsetup.h"
   46 
   47 #define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
   48 #define DEVICE_EMPTY_name "crypt_zero"
   49 #define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
   50 #define DEVICE_ERROR_name "crypt_error"
   51 #define DEVICE_ERROR DMDIR DEVICE_ERROR_name
   52 
   53 #define CDEVICE_1 "ctest1"
   54 #define CDEVICE_2 "ctest2"
   55 #define CDEVICE_WRONG "O_o"
   56 #define H_DEVICE "head_ok"
   57 #define H_DEVICE_WRONG "head_wr"
   58 #define L_DEVICE_1S "luks_onesec"
   59 #define L_DEVICE_0S "luks_zerosec"
   60 #define L_DEVICE_WRONG "luks_wr"
   61 #define L_DEVICE_OK "luks_ok"
   62 #define REQS_LUKS2_HEADER "luks2_header_requirements"
   63 #define NO_REQS_LUKS2_HEADER "luks2_header_requirements_free"
   64 #define BACKUP_FILE "csetup_backup_file"
   65 #define IMAGE1 "compatimage2.img"
   66 #define IMAGE_EMPTY "empty.img"
   67 #define IMAGE_EMPTY_SMALL "empty_small.img"
   68 #define IMAGE_EMPTY_SMALL_2 "empty_small2.img"
   69 #define IMAGE_PV_LUKS2_SEC "blkid-luks2-pv.img"
   70 
   71 #define KEYFILE1 "key1.file"
   72 #define KEY1 "compatkey"
   73 
   74 #define KEYFILE2 "key2.file"
   75 #define KEY2 "0123456789abcdef"
   76 
   77 #define PASSPHRASE "blabla"
   78 #define PASSPHRASE1 "albalb"
   79 
   80 #define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc"
   81 
   82 #define DEVICE_WRONG "/dev/Ooo_"
   83 #define DEVICE_CHAR "/dev/zero"
   84 #define THE_LFILE_TEMPLATE "cryptsetup-tstlp.XXXXXX"
   85 
   86 #define KEY_DESC_TEST0 "cs_token_test:test_key0"
   87 #define KEY_DESC_TEST1 "cs_token_test:test_key1"
   88 
   89 #define CONV_DIR "conversion_imgs"
   90 #define CONV_L1_128 "l1_128b"
   91 #define CONV_L1_256 "l1_256b"
   92 #define CONV_L1_512 "l1_512b"
   93 #define CONV_L2_128 "l2_128b"
   94 #define CONV_L2_128_FULL "l2_128b_full"
   95 #define CONV_L2_256 "l2_256b"
   96 #define CONV_L2_256_FULL "l2_256b_full"
   97 #define CONV_L2_512 "l2_512b"
   98 #define CONV_L2_512_FULL "l2_512b_full"
   99 #define CONV_L1_128_DET "l1_128b_det"
  100 #define CONV_L1_256_DET "l1_256b_det"
  101 #define CONV_L1_512_DET "l1_512b_det"
  102 #define CONV_L2_128_DET "l2_128b_det"
  103 #define CONV_L2_128_DET_FULL "l2_128b_det_full"
  104 #define CONV_L2_256_DET "l2_256b_det"
  105 #define CONV_L2_256_DET_FULL "l2_256b_det_full"
  106 #define CONV_L2_512_DET "l2_512b_det"
  107 #define CONV_L2_512_DET_FULL "l2_512b_det_full"
  108 #define CONV_L1_256_LEGACY "l1_256b_legacy_offset"
  109 #define CONV_L1_256_UNMOVABLE "l1_256b_unmovable"
  110 #define PASS0 "aaa"
  111 #define PASS1 "hhh"
  112 #define PASS2 "ccc"
  113 #define PASS3 "ddd"
  114 #define PASS4 "eee"
  115 #define PASS5 "fff"
  116 #define PASS6 "ggg"
  117 #define PASS7 "bbb"
  118 #define PASS8 "iii"
  119 
  120 static int _fips_mode = 0;
  121 
  122 static char *DEVICE_1 = NULL;
  123 static char *DEVICE_2 = NULL;
  124 static char *DEVICE_3 = NULL;
  125 static char *DEVICE_4 = NULL;
  126 static char *DEVICE_5 = NULL;
  127 static char *DEVICE_6 = NULL;
  128 
  129 static char *tmp_file_1 = NULL;
  130 static char *test_loop_file = NULL;
  131 
  132 unsigned int test_progress_steps;
  133 
  134 struct crypt_device *cd = NULL, *cd2 = NULL;
  135 
  136 static const char *default_luks1_hash = NULL;
  137 static uint32_t default_luks1_iter_time = 0;
  138 
  139 static const char *default_luks2_pbkdf = NULL;
  140 static uint32_t default_luks2_iter_time = 0;
  141 static uint32_t default_luks2_memory_kb = 0;
  142 static uint32_t default_luks2_parallel_threads = 0;
  143 
  144 static struct crypt_pbkdf_type min_pbkdf2 = {
  145     .type = "pbkdf2",
  146     .iterations = 1000,
  147     .flags = CRYPT_PBKDF_NO_BENCHMARK
  148 }, min_argon2 = {
  149     .type = "argon2id",
  150     .iterations = 4,
  151     .max_memory_kb = 32,
  152     .parallel_threads = 1,
  153     .flags = CRYPT_PBKDF_NO_BENCHMARK
  154 };
  155 
  156 // Helpers
  157 
  158 static unsigned cpus_online(void)
  159 {
  160     static long r = -1;
  161 
  162     if (r < 0) {
  163         r = sysconf(_SC_NPROCESSORS_ONLN);
  164         if (r < 0)
  165             r = 1;
  166     }
  167 
  168     return r;
  169 }
  170 
  171 static uint32_t adjusted_pbkdf_memory(void)
  172 {
  173     long pagesize = sysconf(_SC_PAGESIZE);
  174     long pages = sysconf(_SC_PHYS_PAGES);
  175     uint64_t memory_kb;
  176 
  177     if (pagesize <= 0 || pages <= 0)
  178         return default_luks2_memory_kb;
  179 
  180     memory_kb = pagesize / 1024 * pages / 2;
  181 
  182     if (memory_kb < default_luks2_memory_kb)
  183         return (uint32_t)memory_kb;
  184 
  185     return default_luks2_memory_kb;
  186 }
  187 
  188 static unsigned _min(unsigned a, unsigned b)
  189 {
  190     return a < b ? a : b;
  191 }
  192 
  193 static int get_luks2_offsets(int metadata_device,
  194                 unsigned int alignpayload_sec,
  195                 unsigned int sector_size,
  196                 uint64_t *r_header_size,
  197                 uint64_t *r_payload_offset)
  198 {
  199     struct crypt_device *cd = NULL;
  200     static uint64_t default_header_size = 0;
  201 
  202     if (!default_header_size) {
  203         if (crypt_init(&cd, THE_LOOP_DEV))
  204             return -EINVAL;
  205         if (crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL)) {
  206             crypt_free(cd);
  207             return -EINVAL;
  208         }
  209 
  210         default_header_size = crypt_get_data_offset(cd);
  211 
  212         crypt_free(cd);
  213     }
  214 
  215     if (!sector_size)
  216         sector_size = 512; /* default? */
  217 
  218     if ((sector_size % 512) && (sector_size % 4096))
  219         return -1;
  220 
  221     if (r_payload_offset) {
  222         if (metadata_device)
  223             *r_payload_offset = alignpayload_sec * sector_size;
  224         else
  225             *r_payload_offset = DIV_ROUND_UP_MODULO(default_header_size * 512, (alignpayload_sec ?: 1) * sector_size);
  226 
  227         *r_payload_offset /= sector_size;
  228     }
  229 
  230     if (r_header_size)
  231         *r_header_size = default_header_size;
  232 
  233     return 0;
  234 }
  235 
  236 static bool get_luks_pbkdf_defaults(void)
  237 {
  238     const struct crypt_pbkdf_type *pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS1);
  239 
  240     if (!pbkdf_defaults)
  241         return false;
  242 
  243     default_luks1_hash = pbkdf_defaults->hash;
  244     default_luks1_iter_time = pbkdf_defaults->time_ms;
  245 
  246     pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS2);
  247     if (!pbkdf_defaults)
  248         return false;
  249 
  250     default_luks2_pbkdf = pbkdf_defaults->type;
  251     default_luks2_iter_time = pbkdf_defaults->time_ms;
  252     default_luks2_memory_kb = pbkdf_defaults->max_memory_kb;
  253     default_luks2_parallel_threads = pbkdf_defaults->parallel_threads;
  254 
  255     return true;
  256 }
  257 
  258 static void _remove_keyfiles(void)
  259 {
  260     remove(KEYFILE1);
  261     remove(KEYFILE2);
  262 }
  263 
  264 #if HAVE_DECL_DM_TASK_RETRY_REMOVE
  265 #define DM_RETRY "--retry "
  266 #else
  267 #define DM_RETRY ""
  268 #endif
  269 
  270 #define DM_NOSTDERR " 2>/dev/null"
  271 
  272 static void _cleanup_dmdevices(void)
  273 {
  274     struct stat st;
  275 
  276     if (!stat(DMDIR H_DEVICE, &st))
  277         _system("dmsetup remove " DM_RETRY H_DEVICE DM_NOSTDERR, 0);
  278 
  279     if (!stat(DMDIR H_DEVICE_WRONG, &st))
  280         _system("dmsetup remove " DM_RETRY H_DEVICE_WRONG DM_NOSTDERR, 0);
  281 
  282     if (!stat(DMDIR L_DEVICE_0S, &st))
  283         _system("dmsetup remove " DM_RETRY L_DEVICE_0S DM_NOSTDERR, 0);
  284 
  285     if (!stat(DMDIR L_DEVICE_1S, &st))
  286         _system("dmsetup remove " DM_RETRY L_DEVICE_1S DM_NOSTDERR, 0);
  287 
  288     if (!stat(DMDIR L_DEVICE_WRONG, &st))
  289         _system("dmsetup remove " DM_RETRY L_DEVICE_WRONG DM_NOSTDERR, 0);
  290 
  291     if (!stat(DMDIR L_DEVICE_OK, &st))
  292         _system("dmsetup remove " DM_RETRY L_DEVICE_OK DM_NOSTDERR, 0);
  293 
  294     t_dev_offset = 0;
  295 }
  296 
  297 static void _cleanup(void)
  298 {
  299     struct stat st;
  300 
  301     CRYPT_FREE(cd);
  302     CRYPT_FREE(cd2);
  303 
  304     //_system("udevadm settle", 0);
  305 
  306     if (!stat(DMDIR CDEVICE_1, &st))
  307         _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0);
  308 
  309     if (!stat(DMDIR CDEVICE_2, &st))
  310         _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0);
  311 
  312     if (!stat(DEVICE_EMPTY, &st))
  313         _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0);
  314 
  315     if (!stat(DEVICE_ERROR, &st))
  316         _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0);
  317 
  318     _cleanup_dmdevices();
  319 
  320     if (loop_device(THE_LOOP_DEV))
  321         loop_detach(THE_LOOP_DEV);
  322 
  323     if (loop_device(DEVICE_1))
  324         loop_detach(DEVICE_1);
  325 
  326     if (loop_device(DEVICE_2))
  327         loop_detach(DEVICE_2);
  328 
  329     if (loop_device(DEVICE_3))
  330         loop_detach(DEVICE_3);
  331 
  332     if (loop_device(DEVICE_4))
  333         loop_detach(DEVICE_4);
  334 
  335     if (loop_device(DEVICE_5))
  336         loop_detach(DEVICE_5);
  337 
  338     if (loop_device(DEVICE_6))
  339         loop_detach(DEVICE_6);
  340 
  341     _system("rm -f " IMAGE_EMPTY, 0);
  342     _system("rm -f " IMAGE1, 0);
  343     _system("rm -rf " CONV_DIR, 0);
  344 
  345     if (test_loop_file)
  346         remove(test_loop_file);
  347     if (tmp_file_1)
  348         remove(tmp_file_1);
  349 
  350     remove(REQS_LUKS2_HEADER);
  351     remove(NO_REQS_LUKS2_HEADER);
  352     remove(BACKUP_FILE);
  353     remove(IMAGE_PV_LUKS2_SEC);
  354     remove(IMAGE_PV_LUKS2_SEC ".bcp");
  355     remove(IMAGE_EMPTY_SMALL);
  356     remove(IMAGE_EMPTY_SMALL_2);
  357 
  358     _remove_keyfiles();
  359 
  360     free(tmp_file_1);
  361     free(test_loop_file);
  362     free(THE_LOOP_DEV);
  363     free(DEVICE_1);
  364     free(DEVICE_2);
  365     free(DEVICE_3);
  366     free(DEVICE_4);
  367     free(DEVICE_5);
  368     free(DEVICE_6);
  369 }
  370 
  371 static int _setup(void)
  372 {
  373     int fd, ro = 0;
  374     char cmd[128];
  375 
  376     test_loop_file = strdup(THE_LFILE_TEMPLATE);
  377     if (!test_loop_file)
  378         return 1;
  379 
  380     if ((fd=mkstemp(test_loop_file)) == -1) {
  381         printf("cannot create temporary file with template %s\n", test_loop_file);
  382         return 1;
  383     }
  384     close(fd);
  385     snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
  386          test_loop_file, TST_SECTOR_SIZE, TST_LOOP_FILE_SIZE);
  387     if (_system(cmd, 1))
  388         return 1;
  389 
  390     fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro);
  391     close(fd);
  392 
  393     tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
  394     if (!tmp_file_1)
  395         return 1;
  396 
  397     if ((fd=mkstemp(tmp_file_1)) == -1) {
  398         printf("cannot create temporary file with template %s\n", tmp_file_1);
  399         return 1;
  400     }
  401     close(fd);
  402     snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
  403          tmp_file_1, TST_SECTOR_SIZE, 10);
  404     if (_system(cmd, 1))
  405         return 1;
  406 
  407     _system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1);
  408     _system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1);
  409 
  410     _system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1);
  411     fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro);
  412     close(fd);
  413 
  414     _system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=32 2>/dev/null", 1);
  415     fd = loop_attach(&DEVICE_2, IMAGE_EMPTY, 0, 0, &ro);
  416     close(fd);
  417 
  418     _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL " bs=1M count=7 2>/dev/null", 1);
  419 
  420     _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1);
  421 
  422     _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && xz -dk " NO_REQS_LUKS2_HEADER ".xz", 1);
  423     fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro);
  424     close(fd);
  425 
  426     _system(" [ ! -e " REQS_LUKS2_HEADER " ] && xz -dk " REQS_LUKS2_HEADER ".xz", 1);
  427     fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro);
  428     close(fd);
  429 
  430     _system(" [ ! -e " IMAGE_PV_LUKS2_SEC " ] && xz -dk " IMAGE_PV_LUKS2_SEC ".xz", 1);
  431     _system(" [ ! -e " IMAGE_PV_LUKS2_SEC ".bcp ] && cp " IMAGE_PV_LUKS2_SEC " " IMAGE_PV_LUKS2_SEC ".bcp", 1);
  432     fd = loop_attach(&DEVICE_6, IMAGE_PV_LUKS2_SEC, 0, 0, &ro);
  433     close(fd);
  434 
  435     _system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/null", 1);
  436 
  437     if (_system("modprobe dm-crypt >/dev/null 2>&1", 1))
  438         return 1;
  439 
  440     if (t_dm_check_versions())
  441         return 1;
  442 
  443     _system("rmmod dm-crypt >/dev/null 2>&1", 0);
  444 
  445     _fips_mode = fips_mode();
  446     if (_debug)
  447         printf("FIPS MODE: %d\n", _fips_mode);
  448 
  449     /* Use default log callback */
  450     crypt_set_log_callback(NULL, &global_log_callback, NULL);
  451 
  452     if (!get_luks_pbkdf_defaults())
  453         return 1;
  454 
  455     min_pbkdf2.hash = min_argon2.hash = default_luks1_hash;
  456 
  457     return 0;
  458 }
  459 
  460 static int set_fast_pbkdf(struct crypt_device *cd)
  461 {
  462     const struct crypt_pbkdf_type *pbkdf = &min_argon2;
  463 
  464     /* Cannot use Argon2 in FIPS */
  465     if (_fips_mode)
  466         pbkdf = &min_pbkdf2;
  467 
  468     return crypt_set_pbkdf_type(cd, pbkdf);
  469 }
  470 
  471 #ifdef KERNEL_KEYRING
  472 static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring)
  473 {
  474     return syscall(__NR_add_key, type, description, payload, plen, keyring);
  475 }
  476 
  477 static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring)
  478 {
  479     return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring);
  480 }
  481 
  482 static key_serial_t request_key(const char *type,
  483     const char *description,
  484     const char *callout_info,
  485     key_serial_t keyring)
  486 {
  487     return syscall(__NR_request_key, type, description, callout_info, keyring);
  488 }
  489 
  490 static key_serial_t _kernel_key_by_segment(struct crypt_device *cd, int segment)
  491 {
  492     char key_description[1024];
  493 
  494     if (snprintf(key_description, sizeof(key_description), "cryptsetup:%s-d%u", crypt_get_uuid(cd), segment) < 1)
  495         return -1;
  496 
  497     return request_key("logon", key_description, NULL, 0);
  498 }
  499 
  500 static int _volume_key_in_keyring(struct crypt_device *cd, int segment)
  501 {
  502     return _kernel_key_by_segment(cd, segment) >= 0 ? 0 : -1;
  503 }
  504 
  505 static int _drop_keyring_key(struct crypt_device *cd, int segment)
  506 {
  507     key_serial_t kid = _kernel_key_by_segment(cd, segment);
  508 
  509     if (kid < 0)
  510         return -1;
  511 
  512     return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING);
  513 }
  514 #endif
  515 
  516 static int test_open(struct crypt_device *cd __attribute__((unused)),
  517     int token __attribute__((unused)),
  518     char **buffer,
  519     size_t *buffer_len,
  520     void *usrptr)
  521 {
  522     const char *str = (const char *)usrptr;
  523 
  524     *buffer = strdup(str);
  525     if (!*buffer)
  526         return -ENOMEM;
  527     *buffer_len = strlen(*buffer);
  528 
  529     return 0;
  530 }
  531 
  532 static int test_validate(struct crypt_device *cd __attribute__((unused)), const char *json)
  533 {
  534     return (strstr(json, "magic_string") == NULL);
  535 }
  536 
  537 static void UseLuks2Device(void)
  538 {
  539     char key[128];
  540     size_t key_size;
  541 
  542     OK_(crypt_init(&cd, DEVICE_1));
  543     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
  544     EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
  545     OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
  546     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
  547     FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
  548     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
  549     OK_(crypt_deactivate(cd, CDEVICE_1));
  550     FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
  551 
  552 #if KERNEL_KEYRING
  553     // repeat previous tests and check kernel keyring is released when not needed
  554     if (t_dm_crypt_keyring_support()) {
  555         OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
  556         FAIL_(_drop_keyring_key(cd, 0), "");
  557         OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), CRYPT_ACTIVATE_KEYRING_KEY));
  558         OK_(_drop_keyring_key(cd, 0));
  559         OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
  560         OK_(_drop_keyring_key(cd, 0));
  561         FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
  562         FAIL_(_volume_key_in_keyring(cd, 0), "");
  563         OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
  564         OK_(crypt_deactivate(cd, CDEVICE_1));
  565         FAIL_(_volume_key_in_keyring(cd, 0), "");
  566     }
  567 #endif
  568 
  569     key_size = 16;
  570     OK_(strcmp("aes", crypt_get_cipher(cd)));
  571     OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));
  572     OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));
  573     EQ_((int)key_size, crypt_get_volume_key_size(cd));
  574     EQ_(8192, crypt_get_data_offset(cd));
  575 
  576     EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
  577     OK_(crypt_volume_key_verify(cd, key, key_size));
  578     OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
  579     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
  580     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
  581     OK_(crypt_deactivate(cd, CDEVICE_1));
  582 
  583     key[1] = ~key[1];
  584     FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
  585     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
  586 
  587     CRYPT_FREE(cd);
  588 }
  589 
  590 static void SuspendDevice(void)
  591 {
  592     struct crypt_active_device cad;
  593     char key[128];
  594     size_t key_size;
  595     int suspend_status;
  596     uint64_t r_payload_offset;
  597 
  598     OK_(crypt_init(&cd, DEVICE_1));
  599     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
  600     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
  601 
  602     suspend_status = crypt_suspend(cd, CDEVICE_1);
  603     if (suspend_status == -ENOTSUP) {
  604         printf("WARNING: Suspend/Resume not supported, skipping test.\n");
  605         OK_(crypt_deactivate(cd, CDEVICE_1));
  606         CRYPT_FREE(cd);
  607         return;
  608     }
  609 
  610     OK_(suspend_status);
  611     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
  612     EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
  613 #ifdef KERNEL_KEYRING
  614     FAIL_(_volume_key_in_keyring(cd, 0), "");
  615 #endif
  616     FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
  617 
  618     FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
  619     OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
  620     FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
  621 
  622     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
  623     EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
  624 
  625     OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
  626     OK_(crypt_suspend(cd, CDEVICE_1));
  627     FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
  628     FAIL_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key");
  629     OK_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0));
  630     FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
  631     OK_(crypt_deactivate(cd, CDEVICE_1));
  632     CRYPT_FREE(cd);
  633 
  634     /* create LUKS device with detached header */
  635     OK_(crypt_init(&cd, DEVICE_1));
  636     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
  637     OK_(crypt_set_data_device(cd, DEVICE_2));
  638     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
  639     CRYPT_FREE(cd);
  640 
  641     /* Should be able to suspend but not resume if not header specified */
  642     OK_(crypt_init_by_name(&cd, CDEVICE_1));
  643     OK_(crypt_suspend(cd, CDEVICE_1));
  644     FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
  645     FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header");
  646     CRYPT_FREE(cd);
  647 
  648     OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_1));
  649     OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
  650 
  651     /* Resume by volume key */
  652     OK_(crypt_suspend(cd, CDEVICE_1));
  653     key_size = sizeof(key);
  654     memset(key, 0, key_size);
  655     FAIL_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size), "wrong key");
  656     OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
  657     OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
  658     OK_(crypt_deactivate(cd, CDEVICE_1));
  659     CRYPT_FREE(cd);
  660 
  661     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
  662     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
  663 
  664     /* Resume device with cipher_null */
  665     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
  666     OK_(set_fast_pbkdf(cd));
  667     OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
  668     EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
  669     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
  670     OK_(crypt_suspend(cd, CDEVICE_1));
  671     OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
  672     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
  673     EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
  674     OK_(crypt_suspend(cd, CDEVICE_1));
  675     OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE)));
  676     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
  677     EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
  678     OK_(crypt_deactivate(cd, CDEVICE_1));
  679     CRYPT_FREE(cd);
  680 
  681     _remove_keyfiles();
  682     _cleanup_dmdevices();
  683 }
  684 
  685 static void AddDeviceLuks2(void)
  686 {
  687     enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 };
  688     struct crypt_pbkdf_type pbkdf = {
  689         .type = CRYPT_KDF_ARGON2I,
  690         .hash = "sha256",
  691         .parallel_threads = 4,
  692         .max_memory_kb = 1024,
  693         .time_ms = 1
  694     }, pbkdf_tmp;
  695     struct crypt_params_luks2 params = {
  696         .pbkdf = &pbkdf,
  697         .data_device = DEVICE_2,
  698         .sector_size = 512
  699     };
  700     char key[128], key2[128], key3[128];
  701 
  702     const char *tmp_buf, *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd";
  703     const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
  704     const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
  705     size_t key_size = strlen(mk_hex) / 2;
  706     const char *cipher = "aes";
  707     const char *cipher_mode = "cbc-essiv:sha256";
  708     uint64_t r_payload_offset, r_header_size, r_size_1;
  709 
  710     /* Cannot use Argon2 in FIPS */
  711     if (_fips_mode) {
  712         pbkdf.type = CRYPT_KDF_PBKDF2;
  713         pbkdf.parallel_threads = 0;
  714         pbkdf.max_memory_kb = 0;
  715     }
  716 
  717     crypt_decode_key(key, mk_hex, key_size);
  718     crypt_decode_key(key3, mk_hex2, key_size);
  719 
  720     // init test devices
  721     OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
  722     OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
  723     OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1));
  724 
  725 
  726     // format
  727     OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
  728     params.data_alignment = 0;
  729     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Not enough space for keyslots material");
  730     CRYPT_FREE(cd);
  731 
  732     // test payload_offset = 0 for encrypted device with external header device
  733     OK_(crypt_init(&cd, DMDIR H_DEVICE));
  734     OK_(set_fast_pbkdf(cd));
  735     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  736     EQ_(crypt_get_data_offset(cd), 0);
  737     CRYPT_FREE(cd);
  738 
  739     params.data_alignment = 0;
  740     params.data_device = NULL;
  741 
  742     // test payload_offset = 0. format() should look up alignment offset from device topology
  743     OK_(crypt_init(&cd, DEVICE_2));
  744     OK_(set_fast_pbkdf(cd));
  745     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  746     OK_(!(crypt_get_data_offset(cd) > 0));
  747     CRYPT_FREE(cd);
  748 
  749     // set_data_offset has priority, alignment must be 0 or must be compatible
  750     params.data_alignment = 0;
  751     OK_(crypt_init(&cd, DEVICE_2));
  752     OK_(set_fast_pbkdf(cd));
  753     OK_(crypt_set_data_offset(cd, OFFSET_8M));
  754     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  755     EQ_(crypt_get_data_offset(cd), OFFSET_8M);
  756     CRYPT_FREE(cd);
  757 
  758     // Load gets the value from metadata
  759     OK_(crypt_init(&cd, DEVICE_2));
  760     OK_(crypt_set_data_offset(cd, OFFSET_2M));
  761     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
  762     EQ_(crypt_get_data_offset(cd), OFFSET_8M);
  763     CRYPT_FREE(cd);
  764 
  765     params.data_alignment = OFFSET_4M;
  766     OK_(crypt_init(&cd, DEVICE_2));
  767     OK_(set_fast_pbkdf(cd));
  768     FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k
  769     OK_(crypt_set_data_offset(cd, OFFSET_2M));
  770     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Alignment not compatible");
  771     OK_(crypt_set_data_offset(cd, OFFSET_4M));
  772     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  773     EQ_(crypt_get_data_offset(cd), OFFSET_4M);
  774     CRYPT_FREE(cd);
  775 
  776     /*
  777      * test limit values for backing device size
  778      */
  779     params.data_alignment = OFFSET_4M;
  780     OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
  781     OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
  782     OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
  783     OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1));
  784 
  785     // 1 sector less than required
  786     OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG));
  787     OK_(set_fast_pbkdf(cd));
  788     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device too small");
  789     CRYPT_FREE(cd);
  790 
  791     // 0 sectors for encrypted area
  792     OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
  793     OK_(set_fast_pbkdf(cd));
  794     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  795     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Encrypted area too small");
  796     CRYPT_FREE(cd);
  797 
  798     // 1 sector for encrypted area
  799     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
  800     OK_(set_fast_pbkdf(cd));
  801     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  802     EQ_(crypt_get_data_offset(cd), r_payload_offset);
  803     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
  804     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
  805     OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1));
  806     EQ_(r_size_1, TST_SECTOR_SIZE);
  807     OK_(crypt_deactivate(cd, CDEVICE_1));
  808     EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
  809     // restrict format only to empty context
  810     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
  811     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted");
  812     // change data device to wrong one
  813     OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S));
  814     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
  815     OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S));
  816     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
  817     OK_(crypt_deactivate(cd, CDEVICE_1));
  818     CRYPT_FREE(cd);
  819 
  820     params.data_alignment = 0;
  821     params.data_device = DEVICE_2;
  822 
  823     // generate keyslot material at the end of luks header
  824     OK_(crypt_init(&cd, DMDIR H_DEVICE));
  825     OK_(set_fast_pbkdf(cd));
  826     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  827     EQ_((int)key_size, crypt_get_volume_key_size(cd));
  828     EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
  829     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
  830 
  831     OK_(crypt_keyslot_get_pbkdf(cd, 7, &pbkdf_tmp));
  832     OK_(strcmp(pbkdf_tmp.type, pbkdf.type));
  833     if (!_fips_mode) {
  834         NULL_(pbkdf_tmp.hash);
  835         OK_(!(pbkdf_tmp.max_memory_kb >= 32));
  836         OK_(!(pbkdf_tmp.parallel_threads >= 1));
  837     } else
  838         OK_(strcmp(pbkdf_tmp.hash, pbkdf.hash));
  839     OK_(!(pbkdf_tmp.iterations >= 4));
  840     EQ_(0, pbkdf_tmp.time_ms); /* not usable in per-keyslot call */
  841 
  842     CRYPT_FREE(cd);
  843     OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
  844     OK_(set_fast_pbkdf(cd));
  845     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
  846     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
  847     CRYPT_FREE(cd);
  848     // check active status without header
  849     OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL));
  850     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
  851     NULL_(crypt_get_type(cd));
  852     OK_(strcmp(cipher, crypt_get_cipher(cd)));
  853     OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
  854     EQ_((int)key_size, crypt_get_volume_key_size(cd));
  855     OK_(crypt_deactivate(cd, CDEVICE_1));
  856     CRYPT_FREE(cd);
  857 
  858     params.data_alignment = OFFSET_1M;
  859     params.data_device = NULL;
  860 
  861     // test uuid mismatch and _init_by_name_and_header
  862     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
  863     OK_(set_fast_pbkdf(cd));
  864     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  865     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
  866     EQ_(0, crypt_header_is_detached(cd));
  867     CRYPT_FREE(cd);
  868     params.data_alignment = 0;
  869     params.data_device = DEVICE_2;
  870     OK_(crypt_init(&cd, DMDIR H_DEVICE));
  871     OK_(set_fast_pbkdf(cd));
  872     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  873     CRYPT_FREE(cd);
  874     // there we've got uuid mismatch
  875     OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
  876     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
  877     NULL_(crypt_get_type(cd));
  878     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device is active");
  879     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active");
  880     EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
  881     OK_(crypt_deactivate(cd, CDEVICE_1));
  882     FAIL_(crypt_header_is_detached(cd), "no header for mismatched device");
  883     CRYPT_FREE(cd);
  884 
  885     params.data_device = NULL;
  886 
  887     OK_(crypt_init(&cd, DEVICE_2));
  888     OK_(set_fast_pbkdf(cd));
  889     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
  890 
  891     // even with no keyslots defined it can be activated by volume key
  892     OK_(crypt_volume_key_verify(cd, key, key_size));
  893     OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
  894     GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
  895     OK_(crypt_deactivate(cd, CDEVICE_2));
  896 
  897     // now with keyslot
  898     EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
  899     EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
  900     EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
  901     GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
  902     OK_(crypt_deactivate(cd, CDEVICE_2));
  903 
  904     EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
  905     OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
  906     OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
  907     EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0));
  908     FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2, 0, 1), "wrong key");
  909     EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE2, 0, 1));
  910     EQ_(4, crypt_keyslot_add_by_keyfile_offset(cd, 4, KEYFILE2, 0, 1, KEYFILE1, 0, 1));
  911     FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
  912     EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
  913     EQ_(3, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 1, 0));
  914     EQ_(4, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, 1, 0));
  915     FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2), 2, 0), "not enough data");
  916     FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, strlen(KEY2) + 1, 0), "cannot seek");
  917     FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 2, 0), "wrong key");
  918     EQ_(2, crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
  919     OK_(crypt_keyslot_destroy(cd, 1));
  920     OK_(crypt_keyslot_destroy(cd, 2));
  921     OK_(crypt_keyslot_destroy(cd, 3));
  922     OK_(crypt_keyslot_destroy(cd, 4));
  923     OK_(crypt_deactivate(cd, CDEVICE_2));
  924     _remove_keyfiles();
  925 
  926     FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
  927     key[1] = ~key[1];
  928     FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
  929     key[1] = ~key[1];
  930     EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase2, strlen(passphrase2)));
  931     EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
  932 
  933     FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
  934     FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
  935     FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
  936     OK_(crypt_keyslot_destroy(cd, 7));
  937     EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
  938     EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
  939 
  940     EQ_(6, crypt_keyslot_change_by_passphrase(cd, 6, CRYPT_ANY_SLOT, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
  941     EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
  942     EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
  943     EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
  944     EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
  945     EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
  946 
  947     EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
  948     OK_(crypt_volume_key_verify(cd, key2, key_size));
  949     OK_(memcmp(key, key2, key_size));
  950 
  951     OK_(strcmp(cipher, crypt_get_cipher(cd)));
  952     OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
  953     EQ_((int)key_size, crypt_get_volume_key_size(cd));
  954     EQ_(r_payload_offset, crypt_get_data_offset(cd));
  955     OK_(strcmp(DEVICE_2, crypt_get_device_name(cd)));
  956 
  957     reset_log();
  958     OK_(crypt_dump(cd));
  959     OK_(!(global_lines != 0));
  960     reset_log();
  961 
  962     FAIL_(crypt_dump_json(cd, NULL, 42), "flags be used later");
  963     OK_(crypt_dump_json(cd, NULL, 0));
  964     OK_(!(global_lines != 0));
  965     reset_log();
  966     OK_(crypt_dump_json(cd, &tmp_buf, 0));
  967     OK_(!tmp_buf);
  968     OK_(!(strlen(tmp_buf) != 0));
  969 
  970     FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format");
  971     OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID));
  972     OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd)));
  973 
  974     FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
  975     CRYPT_FREE(cd);
  976     _cleanup_dmdevices();
  977 
  978     /* LUKSv2 format tests */
  979 
  980     /* very basic test */
  981     OK_(crypt_init(&cd, DEVICE_2));
  982     crypt_set_iteration_time(cd, 1);
  983     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 0, NULL), "Wrong key size");
  984     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
  985     CRYPT_FREE(cd);
  986     /* some invalid parameters known to cause troubles */
  987     OK_(crypt_init(&cd, DEVICE_2));
  988     crypt_set_iteration_time(cd, 0); /* wrong for argon2 but we don't know the pbkdf type yet, ignored */
  989     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
  990     CRYPT_FREE(cd);
  991     OK_(crypt_init(&cd, DEVICE_2));
  992     OK_(set_fast_pbkdf(cd));
  993     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
  994     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
  995     CRYPT_FREE(cd);
  996 
  997     OK_(crypt_init(&cd, DEVICE_2));
  998     OK_(set_fast_pbkdf(cd));
  999     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, NULL));
 1000     FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
 1001     FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
 1002     CRYPT_FREE(cd);
 1003 
 1004     OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
 1005     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1006     OK_(set_fast_pbkdf(cd));
 1007     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
 1008     EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 3);
 1009     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0");
 1010     CRYPT_FREE(cd);
 1011 
 1012     /*
 1013      * Check regression in getting keyslot encryption parameters when
 1014      * volume key size is unknown (no active keyslots).
 1015      */
 1016     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1017     OK_(set_fast_pbkdf(cd));
 1018     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
 1019     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
 1020     /* drop context copy of volume key */
 1021     CRYPT_FREE(cd);
 1022     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1023     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 1024     EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
 1025     OK_(crypt_keyslot_destroy(cd, 0));
 1026     OK_(set_fast_pbkdf(cd));
 1027     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
 1028     CRYPT_FREE(cd);
 1029 
 1030     _cleanup_dmdevices();
 1031 }
 1032 
 1033 static void Luks2MetadataSize(void)
 1034 {
 1035     struct crypt_pbkdf_type pbkdf = {
 1036         .type = CRYPT_KDF_ARGON2I,
 1037         .hash = "sha256",
 1038         .parallel_threads = 1,
 1039         .max_memory_kb = 128,
 1040         .iterations = 4,
 1041         .flags = CRYPT_PBKDF_NO_BENCHMARK
 1042     };
 1043     struct crypt_params_luks2 params = {
 1044         .pbkdf = &pbkdf,
 1045         .data_device = DEVICE_2,
 1046         .sector_size = 512
 1047     };
 1048     char key[128], tmp[128];
 1049 
 1050     const char *passphrase = "blabla";
 1051     const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 1052     size_t key_size = strlen(mk_hex) / 2;
 1053     const char *cipher = "aes";
 1054     const char *cipher_mode = "cbc-essiv:sha256";
 1055     uint64_t r_header_size, default_mdata_size, default_keyslots_size, mdata_size,
 1056          keyslots_size, r_header_wrong_size = 14336;
 1057 
 1058     /* Cannot use Argon2 in FIPS */
 1059     if (_fips_mode) {
 1060         pbkdf.type = CRYPT_KDF_PBKDF2;
 1061         pbkdf.parallel_threads = 0;
 1062         pbkdf.max_memory_kb = 0;
 1063         pbkdf.iterations = 1000;
 1064     }
 1065 
 1066     crypt_decode_key(key, mk_hex, key_size);
 1067 
 1068     // init test devices
 1069     OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
 1070     OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
 1071     OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_wrong_size)); /* 7 MiBs only */
 1072     //default metadata sizes
 1073     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1074     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1075     EQ_(mdata_size, 0);
 1076     EQ_(keyslots_size, 0);
 1077     OK_(crypt_set_metadata_size(cd, 0, 0));
 1078     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1079     EQ_(mdata_size, 0);
 1080     EQ_(keyslots_size, 0);
 1081     OK_(crypt_set_metadata_size(cd, 0x004000, 0x004000));
 1082     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1083     EQ_(mdata_size, 0x004000);
 1084     EQ_(keyslots_size, 0x004000);
 1085     OK_(crypt_set_metadata_size(cd, 0x008000, 0x008000));
 1086     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1087     EQ_(mdata_size, 0x008000);
 1088     EQ_(keyslots_size, 0x008000);
 1089     FAIL_(crypt_set_metadata_size(cd, 0x008001, 0x008000), "Wrong size");
 1090     FAIL_(crypt_set_metadata_size(cd, 0x008000, 0x008001), "Wrong size");
 1091     CRYPT_FREE(cd);
 1092 
 1093     // metadata settings
 1094     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1095     OK_(crypt_set_metadata_size(cd, 0x080000, 0x080000));
 1096     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1097     EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
 1098     CRYPT_FREE(cd);
 1099     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1100     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1101     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1102     EQ_(mdata_size, 0x080000);
 1103     EQ_(keyslots_size, 0x080000);
 1104     CRYPT_FREE(cd);
 1105     // default
 1106     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1107     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1108     OK_(crypt_get_metadata_size(cd, &default_mdata_size, &default_keyslots_size));
 1109     EQ_(default_mdata_size, 0x04000);
 1110     EQ_(default_keyslots_size, (r_header_size * 512) - 2 * 0x04000);
 1111     CRYPT_FREE(cd);
 1112     // check keyslots size calculation is correct
 1113     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1114     OK_(crypt_set_metadata_size(cd, 0x80000, 0));
 1115     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1116     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1117     EQ_(mdata_size, 0x80000);
 1118     EQ_(keyslots_size, (r_header_size * 512) - 2 * 0x80000);
 1119     CRYPT_FREE(cd);
 1120 
 1121     // various metadata size checks combined with data offset
 1122     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1123     OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size + 4096));
 1124     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device is too small.");
 1125     OK_(crypt_set_metadata_size(cd, 0x20000, (r_header_size * 512) - 2 * 0x20000 + 4096));
 1126     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device is too small.");
 1127     CRYPT_FREE(cd);
 1128 
 1129     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1130     OK_(crypt_set_metadata_size(cd, 0x80000, 0));
 1131     OK_(crypt_set_data_offset(cd, 0x80000 / 512 - 8));
 1132     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Data offset is too small.");
 1133     CRYPT_FREE(cd);
 1134 
 1135     // H_DEVICE_WRONG size is 7MiB
 1136     OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
 1137     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1138     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1139     EQ_(mdata_size, default_mdata_size);
 1140     EQ_(keyslots_size, (r_header_wrong_size * 512) - 2 * default_mdata_size);
 1141     CRYPT_FREE(cd);
 1142 
 1143     OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
 1144     OK_(crypt_set_metadata_size(cd, 0x400000, 0));
 1145     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device is too small.");
 1146     CRYPT_FREE(cd);
 1147 
 1148     // IMAGE_EMPTY_SMALL size is 7MiB but now it's regulare file
 1149     OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
 1150     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1151     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1152     EQ_(mdata_size, default_mdata_size);
 1153     EQ_(keyslots_size, default_keyslots_size);
 1154     EQ_(crypt_get_data_offset(cd), 0);
 1155     CRYPT_FREE(cd);
 1156 
 1157     sprintf(tmp, "truncate -s %" PRIu64 " " IMAGE_EMPTY_SMALL, r_header_wrong_size * 512);
 1158     _system(tmp, 1);
 1159 
 1160     // check explicit keyslots size and data offset are respected even with regular file mdevice
 1161     OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
 1162     OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size));
 1163     OK_(crypt_set_data_offset(cd, r_header_size + 8));
 1164     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1165     OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
 1166     EQ_(mdata_size, default_mdata_size);
 1167     EQ_(keyslots_size, default_keyslots_size);
 1168     EQ_(crypt_get_data_offset(cd), r_header_size + 8);
 1169     CRYPT_FREE(cd);
 1170 
 1171     _cleanup_dmdevices();
 1172 }
 1173 
 1174 static void UseTempVolumes(void)
 1175 {
 1176     char tmp[256];
 1177 
 1178     // Tepmporary device without keyslot but with on-disk LUKS header
 1179     OK_(crypt_init(&cd, DEVICE_2));
 1180     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "not yet formatted");
 1181     OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL));
 1182     OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0));
 1183     GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
 1184     CRYPT_FREE(cd);
 1185 
 1186     OK_(crypt_init_by_name(&cd, CDEVICE_2));
 1187     OK_(crypt_deactivate(cd, CDEVICE_2));
 1188     CRYPT_FREE(cd);
 1189 
 1190     // Dirty checks: device without UUID
 1191     // we should be able to remove it but not manipulate with it
 1192     snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
 1193         "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
 1194         "%s 2048\"", CDEVICE_2, DEVICE_2);
 1195     _system(tmp, 1);
 1196     OK_(crypt_init_by_name(&cd, CDEVICE_2));
 1197     OK_(crypt_deactivate(cd, CDEVICE_2));
 1198     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "No known device type");
 1199     CRYPT_FREE(cd);
 1200 
 1201     // Dirty checks: device with UUID but LUKS header key fingerprint must fail)
 1202     snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
 1203         "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
 1204         "%s 2048\" -u CRYPT-LUKS2-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-ctest1",
 1205          CDEVICE_2, DEVICE_2);
 1206     _system(tmp, 1);
 1207     OK_(crypt_init_by_name(&cd, CDEVICE_2));
 1208     OK_(crypt_deactivate(cd, CDEVICE_2));
 1209     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "wrong volume key");
 1210     CRYPT_FREE(cd);
 1211 
 1212     // No slots
 1213     OK_(crypt_init(&cd, DEVICE_2));
 1214     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1215     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "volume key is lost");
 1216     CRYPT_FREE(cd);
 1217 }
 1218 
 1219 static void Luks2HeaderRestore(void)
 1220 {
 1221     char key[128];
 1222     struct crypt_pbkdf_type pbkdf = {
 1223         .type = CRYPT_KDF_ARGON2I,
 1224         .hash = "sha256",
 1225         .parallel_threads = 4,
 1226         .max_memory_kb = 1024,
 1227         .time_ms = 1
 1228     };
 1229     struct crypt_params_luks2 params = {
 1230         .pbkdf = &pbkdf,
 1231         .data_alignment = 8192, // 4M, data offset will be 4096
 1232         .sector_size = 512
 1233     };
 1234     struct crypt_params_plain pl_params = {
 1235         .hash = "sha1",
 1236         .skip = 0,
 1237         .offset = 0,
 1238         .size = 0
 1239     };
 1240     struct crypt_params_luks1 luks1 = {
 1241         .data_alignment = 8192, // 4M offset to pass alignment test
 1242     };
 1243     uint32_t flags = 0;
 1244 
 1245     const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 1246     size_t key_size = strlen(mk_hex) / 2;
 1247     const char *cipher = "aes";
 1248     const char *cipher_mode = "cbc-essiv:sha256";
 1249     uint64_t r_payload_offset;
 1250 
 1251     /* Cannot use Argon2 in FIPS */
 1252     if (_fips_mode) {
 1253         pbkdf.type = CRYPT_KDF_PBKDF2;
 1254         pbkdf.parallel_threads = 0;
 1255         pbkdf.max_memory_kb = 0;
 1256     }
 1257 
 1258     crypt_decode_key(key, mk_hex, key_size);
 1259 
 1260     OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
 1261     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000));
 1262 
 1263     // do not restore header over plain device
 1264     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1265     OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, &pl_params));
 1266     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1267     FAIL_(crypt_header_restore(cd, CRYPT_PLAIN, NO_REQS_LUKS2_HEADER), "Cannot restore header to PLAIN type device");
 1268     FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Cannot restore header over PLAIN type device");
 1269     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1270     OK_(crypt_deactivate(cd, CDEVICE_1));
 1271     CRYPT_FREE(cd);
 1272 
 1273     // FIXME: does following test make a sense in LUKS2?
 1274     // volume key_size mismatch
 1275     // OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1276     // memcpy(key2, key, key_size / 2);
 1277     // OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key2, key_size / 2, &params));
 1278     // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Volume keysize mismatch");
 1279     // CRYPT_FREE(cd);
 1280 
 1281     // payload offset mismatch
 1282     params.data_alignment = 8193;
 1283     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1284     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1285     FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Payload offset mismatch");
 1286     CRYPT_FREE(cd);
 1287     params.data_alignment = 4096;
 1288     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1289     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1290     // FIXME: either format has to fail or next line must be true
 1291     // EQ_(crypt_get_data_offset(cd), params.data_alignment);
 1292     // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Payload offset mismatch");
 1293     CRYPT_FREE(cd);
 1294 
 1295     // do not allow restore over LUKS1 header on device
 1296     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1297     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 1298     OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &luks1));
 1299     CRYPT_FREE(cd);
 1300     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1301     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 1302     FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "LUKS1 format detected");
 1303     CRYPT_FREE(cd);
 1304 
 1305     /* check crypt_header_restore() properly loads crypt_device context */
 1306     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1307     OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
 1308     OK_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER));
 1309     /* check LUKS2 specific API call returns non-error code */
 1310     OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
 1311     EQ_(flags, 0);
 1312     /* same test, any LUKS */
 1313     OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
 1314     OK_(crypt_header_restore(cd, CRYPT_LUKS, NO_REQS_LUKS2_HEADER));
 1315     /* check LUKS2 specific API call returns non-error code */
 1316     OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
 1317     EQ_(flags, 0);
 1318 
 1319     CRYPT_FREE(cd);
 1320 
 1321     _cleanup_dmdevices();
 1322 }
 1323 
 1324 static void Luks2HeaderLoad(void)
 1325 {
 1326     struct crypt_pbkdf_type pbkdf = {
 1327         .type = CRYPT_KDF_ARGON2I,
 1328         .hash = "sha256",
 1329         .parallel_threads = 4,
 1330         .max_memory_kb = 1024,
 1331         .time_ms = 1
 1332     };
 1333     struct crypt_params_luks2 params = {
 1334         .pbkdf = &pbkdf,
 1335         .data_alignment = 8192, // 4M, data offset will be 4096
 1336         .data_device = DEVICE_2,
 1337         .sector_size = 512
 1338     };
 1339     struct crypt_params_plain pl_params = {
 1340         .hash = "sha1",
 1341         .skip = 0,
 1342         .offset = 0,
 1343         .size = 0
 1344     };
 1345     char key[128], cmd[256];
 1346 
 1347     const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 1348     size_t key_size = strlen(mk_hex) / 2;
 1349     const char *cipher = "aes";
 1350     const char *cipher_mode = "cbc-essiv:sha256";
 1351     uint64_t r_payload_offset, r_header_size, img_size;
 1352 
 1353     /* Cannot use Argon2 in FIPS */
 1354     if (_fips_mode) {
 1355         pbkdf.type = CRYPT_KDF_PBKDF2;
 1356         pbkdf.parallel_threads = 0;
 1357         pbkdf.max_memory_kb = 0;
 1358     }
 1359 
 1360     crypt_decode_key(key, mk_hex, key_size);
 1361 
 1362     // hardcoded values for existing image IMAGE1
 1363     img_size = 8192;
 1364     // prepare test env
 1365     OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
 1366     // external header device
 1367     OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
 1368     // prepared header on a device too small to contain header and payload
 1369     //OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
 1370     OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, img_size - 1));
 1371     snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32 " count=%" PRIu64 " 2>/dev/null", params.sector_size, img_size - 1);
 1372     OK_(_system(cmd, 1));
 1373     // some device
 1374     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
 1375     // 1 sector device
 1376     OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_header_size + 1));
 1377     // 0 sectors device for payload
 1378     OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_header_size));
 1379 
 1380     // valid metadata and device size
 1381     params.data_alignment = 0;
 1382     params.data_device = DMDIR L_DEVICE_OK;
 1383     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1384     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1385     CRYPT_FREE(cd);
 1386     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1387     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1388     OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
 1389     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1390     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1391     OK_(!crypt_get_metadata_device_name(cd));
 1392     EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
 1393     OK_(crypt_deactivate(cd, CDEVICE_1));
 1394     EQ_(1, crypt_header_is_detached(cd));
 1395     CRYPT_FREE(cd);
 1396 
 1397     // repeat with init with two devices
 1398     OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
 1399     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1400     CRYPT_FREE(cd);
 1401     OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
 1402     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1403     OK_(!crypt_get_metadata_device_name(cd));
 1404     EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
 1405     EQ_(1, crypt_header_is_detached(cd));
 1406     CRYPT_FREE(cd);
 1407 
 1408     // bad header: device too small (payloadOffset > device_size)
 1409     OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
 1410     FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Device too small");
 1411     NULL_(crypt_get_type(cd));
 1412     CRYPT_FREE(cd);
 1413 
 1414     // 0 secs for encrypted data area
 1415     params.data_alignment = 8192;
 1416     params.data_device = NULL;
 1417     OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
 1418     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1419     CRYPT_FREE(cd);
 1420     // load should be ok
 1421     OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
 1422     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1423     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
 1424     EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
 1425     CRYPT_FREE(cd);
 1426 
 1427     // damaged header
 1428     OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8 2>/dev/null", 1));
 1429     OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 seek=32 count=8 2>/dev/null", 1));
 1430     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1431     FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Header not found");
 1432     CRYPT_FREE(cd);
 1433 
 1434     // plain device
 1435     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1436     FAIL_(crypt_load(cd, CRYPT_PLAIN, NULL), "Can't load nonLUKS device type");
 1437     CRYPT_FREE(cd);
 1438     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1439     OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, &pl_params));
 1440     FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Can't load over nonLUKS device type");
 1441     CRYPT_FREE(cd);
 1442 
 1443     //LUKSv2 device
 1444     OK_(crypt_init(&cd, DEVICE_4));
 1445     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 1446     CRYPT_FREE(cd);
 1447     OK_(crypt_init(&cd, DEVICE_4));
 1448     crypt_set_iteration_time(cd, 0); /* invalid for argon2 pbkdf, ignored */
 1449     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 1450     CRYPT_FREE(cd);
 1451 
 1452     /* check load sets proper device type */
 1453     OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
 1454     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 1455     EQ_(strcmp(CRYPT_LUKS2, crypt_get_type(cd)), 0);
 1456     CRYPT_FREE(cd);
 1457 
 1458     _cleanup_dmdevices();
 1459 }
 1460 
 1461 static void Luks2HeaderBackup(void)
 1462 {
 1463     struct crypt_pbkdf_type pbkdf = {
 1464         .type = CRYPT_KDF_ARGON2I,
 1465         .hash = "sha256",
 1466         .parallel_threads = 4,
 1467         .max_memory_kb = 1024,
 1468         .time_ms = 1
 1469     };
 1470     struct crypt_params_luks2 params = {
 1471         .pbkdf = &pbkdf,
 1472         .data_alignment = 8192, // 4M, data offset will be 4096
 1473         .data_device = DEVICE_2,
 1474         .sector_size = 512
 1475     };
 1476     char key[128];
 1477     int fd, ro = O_RDONLY;
 1478 
 1479     const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 1480     size_t key_size = strlen(mk_hex) / 2;
 1481     const char *cipher = "aes";
 1482     const char *cipher_mode = "cbc-essiv:sha256";
 1483     uint64_t r_payload_offset;
 1484 
 1485     const char *passphrase = PASSPHRASE;
 1486 
 1487     /* Cannot use Argon2 in FIPS */
 1488     if (_fips_mode) {
 1489         pbkdf.type = CRYPT_KDF_PBKDF2;
 1490         pbkdf.parallel_threads = 0;
 1491         pbkdf.max_memory_kb = 0;
 1492     }
 1493 
 1494     crypt_decode_key(key, mk_hex, key_size);
 1495 
 1496     OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset));
 1497     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
 1498 
 1499     // create LUKS device and backup the header
 1500     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1501     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1502     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1503     EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
 1504     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0);
 1505     OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
 1506     OK_(crypt_deactivate(cd, CDEVICE_1));
 1507     CRYPT_FREE(cd);
 1508 
 1509     // restore header from backup
 1510     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1511     OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
 1512     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1513     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1514     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1515     OK_(crypt_deactivate(cd, CDEVICE_1));
 1516     EQ_(0, crypt_header_is_detached(cd));
 1517     CRYPT_FREE(cd);
 1518 
 1519     // exercise luksOpen using backup header in file
 1520     OK_(crypt_init(&cd, BACKUP_FILE));
 1521     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1522     OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
 1523     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
 1524     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1525     OK_(crypt_deactivate(cd, CDEVICE_1));
 1526     EQ_(1, crypt_header_is_detached(cd));
 1527     CRYPT_FREE(cd);
 1528 
 1529     OK_(crypt_init(&cd, BACKUP_FILE));
 1530     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1531     OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
 1532     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
 1533     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1534     OK_(crypt_deactivate(cd, CDEVICE_1));
 1535     CRYPT_FREE(cd);
 1536 
 1537     // exercise luksOpen using backup header on block device
 1538     fd = loop_attach(&DEVICE_3, BACKUP_FILE, 0, 0, &ro);
 1539     NOTFAIL_(fd, "Bad loop device.");
 1540     close(fd);
 1541     OK_(crypt_init(&cd, DEVICE_3));
 1542     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1543     OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
 1544     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
 1545     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1546     OK_(crypt_deactivate(cd, CDEVICE_1));
 1547     CRYPT_FREE(cd);
 1548 
 1549     OK_(crypt_init(&cd, DEVICE_3));
 1550     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1551     OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
 1552     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
 1553     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1554     OK_(crypt_deactivate(cd, CDEVICE_1));
 1555     CRYPT_FREE(cd);
 1556 
 1557     _cleanup_dmdevices();
 1558 }
 1559 
 1560 static void ResizeDeviceLuks2(void)
 1561 {
 1562     struct crypt_pbkdf_type pbkdf = {
 1563         .type = CRYPT_KDF_ARGON2I,
 1564         .hash = "sha256",
 1565         .parallel_threads = 4,
 1566         .max_memory_kb = 1024,
 1567         .time_ms = 1
 1568     };
 1569     struct crypt_params_luks2 params = {
 1570         .pbkdf = &pbkdf,
 1571         .data_alignment = 8192, // 4M, data offset will be 4096
 1572         .sector_size = 512
 1573     };
 1574     char key[128];
 1575 
 1576     const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 1577     size_t key_size = strlen(mk_hex) / 2;
 1578     const char *cipher = "aes";
 1579     const char *cipher_mode = "cbc-essiv:sha256";
 1580     uint64_t r_payload_offset, r_header_size, r_size;
 1581 
 1582     /* Cannot use Argon2 in FIPS */
 1583     if (_fips_mode) {
 1584         pbkdf.type = CRYPT_KDF_PBKDF2;
 1585         pbkdf.parallel_threads = 0;
 1586         pbkdf.max_memory_kb = 0;
 1587     }
 1588 
 1589     crypt_decode_key(key, mk_hex, key_size);
 1590 
 1591     // prepare env
 1592     OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
 1593     OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
 1594     OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
 1595     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
 1596     OK_(create_dmdevice_over_loop(L_DEVICE_0S, 1000));
 1597     OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 1000));
 1598 
 1599     // test header and encrypted payload all in one device
 1600     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1601     // disable loading VKs in kernel keyring (compatible mode)
 1602     OK_(crypt_volume_key_keyring(cd, 0));
 1603     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1604     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1605     OK_(crypt_resize(cd, CDEVICE_1, 0));
 1606     OK_(crypt_resize(cd, CDEVICE_1, 42));
 1607     if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 1608         EQ_(42, r_size >> TST_SECTOR_SHIFT);
 1609     OK_(crypt_resize(cd, CDEVICE_1, 0));
 1610     // autodetect encrypted device area size
 1611     OK_(crypt_resize(cd, CDEVICE_1, 0));
 1612     if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 1613         EQ_(1000, r_size >> TST_SECTOR_SHIFT);
 1614     FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
 1615     if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 1616         EQ_(1000, r_size >> TST_SECTOR_SHIFT);
 1617     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1618     OK_(crypt_deactivate(cd, CDEVICE_1));
 1619     CRYPT_FREE(cd);
 1620 
 1621     params.data_alignment = 0;
 1622     params.data_device = DMDIR L_DEVICE_0S;
 1623     // test case for external header
 1624     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 1625     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
 1626     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1627     OK_(crypt_resize(cd, CDEVICE_1, 666));
 1628     if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 1629         EQ_(666, r_size >> TST_SECTOR_SHIFT);
 1630     // autodetect encrypted device size
 1631     OK_(crypt_resize(cd, CDEVICE_1, 0));
 1632     if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 1633         EQ_(1000, r_size >> TST_SECTOR_SHIFT);
 1634     FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
 1635     if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 1636         EQ_(1000, r_size >> TST_SECTOR_SHIFT);
 1637     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 1638     OK_(crypt_deactivate(cd, CDEVICE_1));
 1639     CRYPT_FREE(cd);
 1640 
 1641 #ifdef KERNEL_KEYRING
 1642     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1643     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 1644     // enable loading VKs in kernel keyring (default mode)
 1645     OK_(crypt_volume_key_keyring(cd, 1));
 1646     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1647     // erase volume key from kernel keyring
 1648     if (t_dm_crypt_keyring_support())
 1649         OK_(_drop_keyring_key(cd, 0));
 1650     else
 1651         FAIL_(_drop_keyring_key(cd, 0), "key not found");
 1652     // same size is ok
 1653     OK_(crypt_resize(cd, CDEVICE_1, 0));
 1654     // kernel fails to find the volume key in keyring
 1655     if (t_dm_crypt_keyring_support())
 1656         FAIL_(crypt_resize(cd, CDEVICE_1, 42), "Unable to find volume key in keyring");
 1657     else
 1658         OK_(crypt_resize(cd, CDEVICE_1, 42));
 1659     // test mode must not load vk in keyring
 1660     OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
 1661     if (t_dm_crypt_keyring_support())
 1662         FAIL_(crypt_resize(cd, CDEVICE_1, 44), "VK must be in keyring to perform resize");
 1663     else
 1664         OK_(crypt_resize(cd, CDEVICE_1, 44));
 1665     // reinstate the volume key in keyring
 1666     OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 1667     OK_(crypt_resize(cd, CDEVICE_1, 43));
 1668     if (!t_device_size(DMDIR CDEVICE_1, &r_size))
 1669         EQ_(43, r_size >> TST_SECTOR_SHIFT);
 1670     CRYPT_FREE(cd);
 1671 
 1672     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1673     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 1674     // check userspace gets hint volume key must be properly loaded in kernel keyring
 1675     if (t_dm_crypt_keyring_support())
 1676         EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
 1677     else
 1678         OK_(crypt_resize(cd, CDEVICE_1, 0));
 1679     CRYPT_FREE(cd);
 1680 
 1681     // same as above for handles initialised by name
 1682     OK_(crypt_init_by_name(&cd, CDEVICE_1));
 1683     if (t_dm_crypt_keyring_support())
 1684         EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
 1685     else
 1686         OK_(crypt_resize(cd, CDEVICE_1, 0));
 1687     OK_(crypt_deactivate(cd, CDEVICE_1));
 1688     CRYPT_FREE(cd);
 1689 #endif
 1690     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 1691     OK_(crypt_load(cd, NULL, NULL));
 1692     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
 1693 
 1694     /* create second LUKS2 device */
 1695     OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
 1696     OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, &params));
 1697     OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
 1698     /* do not allow resize of other device */
 1699     FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
 1700     OK_(crypt_deactivate(cd2, CDEVICE_2));
 1701     CRYPT_FREE(cd2);
 1702 
 1703     OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
 1704     OK_(crypt_set_pbkdf_type(cd2, &min_pbkdf2));
 1705     OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, NULL));
 1706     OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
 1707     FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
 1708     OK_(crypt_deactivate(cd2, CDEVICE_2));
 1709     CRYPT_FREE(cd2);
 1710 
 1711     OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
 1712     OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, NULL));
 1713     OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
 1714     FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
 1715     OK_(crypt_deactivate(cd2, CDEVICE_2));
 1716     CRYPT_FREE(cd2);
 1717 
 1718     OK_(crypt_deactivate(cd, CDEVICE_1));
 1719     CRYPT_FREE(cd);
 1720 
 1721     _cleanup_dmdevices();
 1722 }
 1723 
 1724 static void TokenActivationByKeyring(void)
 1725 {
 1726 #ifdef KERNEL_KEYRING
 1727     key_serial_t kid, kid1;
 1728     struct crypt_active_device cad;
 1729 
 1730     const char *cipher = "aes";
 1731     const char *cipher_mode = "xts-plain64";
 1732 
 1733     const struct crypt_token_params_luks2_keyring params = {
 1734         .key_description = KEY_DESC_TEST0
 1735     }, params2 = {
 1736         .key_description = KEY_DESC_TEST1
 1737     };
 1738     uint64_t r_payload_offset;
 1739 
 1740     if (!t_dm_crypt_keyring_support()) {
 1741         printf("WARNING: Kernel keyring not supported, skipping test.\n");
 1742         return;
 1743     }
 1744 
 1745     kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
 1746     NOTFAIL_(kid, "Test or kernel keyring are broken.");
 1747 
 1748     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 1749     OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
 1750 
 1751     // prepare the device
 1752     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1753     OK_(set_fast_pbkdf(cd));
 1754     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
 1755     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 1756     EQ_(crypt_token_luks2_keyring_set(cd, 3, &params), 3);
 1757     EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3);
 1758     CRYPT_FREE(cd);
 1759 
 1760     // test thread keyring key in token 0
 1761     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1762     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1763     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0);
 1764     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), "already open");
 1765     OK_(crypt_deactivate(cd, CDEVICE_1));
 1766     CRYPT_FREE(cd);
 1767 
 1768     NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
 1769 
 1770     kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_PROCESS_KEYRING);
 1771     NOTFAIL_(kid, "Test or kernel keyring are broken.");
 1772 
 1773     // add token 1 with process keyring key
 1774     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1775     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1776     EQ_(crypt_token_json_set(cd, 3, NULL), 3);
 1777     EQ_(crypt_token_luks2_keyring_set(cd, 1, &params), 1);
 1778     EQ_(crypt_token_assign_keyslot(cd, 1, 0), 1);
 1779     CRYPT_FREE(cd);
 1780 
 1781     // test process keyring key in token 1
 1782     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1783     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1784     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 0);
 1785     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), "already open");
 1786     OK_(crypt_deactivate(cd, CDEVICE_1));
 1787     CRYPT_FREE(cd);
 1788 
 1789     NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING), "Test or kernel keyring are broken.");
 1790 
 1791     // create two tokens and let the cryptsetup unlock the volume with the valid one
 1792     kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
 1793     NOTFAIL_(kid, "Test or kernel keyring are broken.");
 1794 
 1795     kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
 1796     NOTFAIL_(kid1, "Test or kernel keyring are broken.");
 1797 
 1798     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1799     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1800     EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0);
 1801     EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
 1802     EQ_(crypt_token_luks2_keyring_set(cd, 1, &params2), 1);
 1803     FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist");
 1804     OK_(set_fast_pbkdf(cd));
 1805     EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1);
 1806     EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1);
 1807     CRYPT_FREE(cd);
 1808 
 1809     // activate by specific token
 1810     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1811     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1812     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0);
 1813     if (t_dm_crypt_keyring_support()) {
 1814         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 1815         EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
 1816     }
 1817     OK_(crypt_deactivate(cd, CDEVICE_1));
 1818     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 1);
 1819     OK_(crypt_deactivate(cd, CDEVICE_1));
 1820     CRYPT_FREE(cd);
 1821 
 1822     NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
 1823 
 1824     // activate by any token with token 0 having absent pass from keyring
 1825     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1826     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1827     EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
 1828     if (t_dm_crypt_keyring_support()) {
 1829         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 1830         EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
 1831     }
 1832     OK_(crypt_deactivate(cd, CDEVICE_1));
 1833     CRYPT_FREE(cd);
 1834 
 1835     kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
 1836     NOTFAIL_(kid, "Test or kernel keyring are broken.");
 1837 
 1838     // replace pass for keyslot 0 making token 0 invalid
 1839     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1840     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1841     OK_(crypt_keyslot_destroy(cd, 0));
 1842     OK_(set_fast_pbkdf(cd));
 1843     EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
 1844     CRYPT_FREE(cd);
 1845 
 1846     // activate by any token with token 0 having wrong pass for keyslot 0
 1847     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1848     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1849     EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
 1850     OK_(crypt_deactivate(cd, CDEVICE_1));
 1851     CRYPT_FREE(cd);
 1852 
 1853      // create new device, with two tokens:
 1854      // 1st token being invalid (missing key in keyring)
 1855      // 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass)
 1856     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1857     OK_(set_fast_pbkdf(cd));
 1858     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
 1859     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 1860     EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
 1861     EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0);
 1862     EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
 1863     EQ_(crypt_token_luks2_keyring_set(cd, 2, &params2), 2);
 1864     EQ_(crypt_token_assign_keyslot(cd, 2, 1), 2);
 1865     CRYPT_FREE(cd);
 1866 
 1867     NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
 1868 
 1869     kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
 1870     NOTFAIL_(kid1, "Test or kernel keyring are broken.");
 1871 
 1872     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1873     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 1874     EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
 1875     OK_(crypt_deactivate(cd, CDEVICE_1));
 1876     CRYPT_FREE(cd);
 1877     _cleanup_dmdevices();
 1878 #else
 1879     printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
 1880 #endif
 1881 }
 1882 
 1883 static void Tokens(void)
 1884 {
 1885 #define TEST_TOKEN_JSON(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
 1886             "\"key_length\":32,\"a_field\":\"magic_string\"}"
 1887 
 1888 #define TEST_TOKEN_JSON_INVALID(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
 1889             "\"key_length\":32}"
 1890 
 1891 #define TEST_TOKEN1_JSON(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
 1892             "\"key_length\":32,\"a_field\":\"magic_string\"}"
 1893 
 1894 #define TEST_TOKEN1_JSON_INVALID(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
 1895             "\"key_length\":32}"
 1896 
 1897 #define BOGUS_TOKEN0_JSON "{\"type\":\"luks2-\",\"keyslots\":[]}"
 1898 #define BOGUS_TOKEN1_JSON "{\"type\":\"luks2-a\",\"keyslots\":[]}"
 1899 
 1900 #define LUKS2_KEYRING_TOKEN_JSON(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
 1901             "\"key_description\":" y "}"
 1902 
 1903 #define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
 1904             "\"key_description\":" y ", \"some_field\":\"some_value\"}"
 1905 
 1906 
 1907     int ks, token_max;
 1908     const char *dummy;
 1909     const char *cipher = "aes";
 1910     const char *cipher_mode = "xts-plain64";
 1911     char passptr[] = PASSPHRASE;
 1912     char passptr1[] = PASSPHRASE1;
 1913 
 1914     static const crypt_token_handler th = {
 1915         .name = "test_token",
 1916         .open = test_open,
 1917         .validate = test_validate
 1918     }, th2 = {
 1919         .name = "test_token",
 1920         .open = test_open
 1921     }, th3 = {
 1922         .name = "test_token1",
 1923         .open = test_open,
 1924         .validate = test_validate
 1925     }, th_reserved = {
 1926         .name = "luks2-prefix",
 1927         .open = test_open
 1928     };
 1929 
 1930     struct crypt_token_params_luks2_keyring params = {
 1931         .key_description = "desc"
 1932     };
 1933     uint64_t r_payload_offset;
 1934 
 1935     OK_(crypt_token_register(&th));
 1936     FAIL_(crypt_token_register(&th2), "Token handler with the name already registered.");
 1937 
 1938     FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix");
 1939 
 1940     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 1941     OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
 1942 
 1943     // basic token API tests
 1944     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 1945     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 1946     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
 1947     EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID);
 1948     EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID);
 1949     EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_INACTIVE);
 1950     EQ_(crypt_token_status(cd, 31, NULL), CRYPT_TOKEN_INACTIVE);
 1951     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 1952     EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
 1953     FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON_INVALID("\"0\"")), "Token validation failed");
 1954     EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON("\"0\"")), 0);
 1955     EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_EXTERNAL);
 1956     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), 0);
 1957     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), "already active");
 1958     OK_(crypt_deactivate(cd, CDEVICE_1));
 1959 
 1960     // write invalid token and verify that validate() can detect it after handler being registered
 1961     EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON_INVALID("\"1\"")), 1);
 1962     EQ_(crypt_token_status(cd, 1, NULL), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
 1963     EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON("\"1\"")), 2);
 1964     EQ_(crypt_token_status(cd, 2, &dummy), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
 1965     OK_(strcmp(dummy, "test_token1"));
 1966     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Unknown token handler");
 1967     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Unknown token handler");
 1968     OK_(crypt_token_register(&th3));
 1969     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Token validation failed");
 1970     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), 1);
 1971     OK_(crypt_deactivate(cd, CDEVICE_1));
 1972 
 1973     // test crypt_token_json_get returns correct token id
 1974     EQ_(crypt_token_json_get(cd, 2, &dummy), 2);
 1975 
 1976     // exercise assign/unassign keyslots API
 1977     EQ_(crypt_token_unassign_keyslot(cd, 2, 1), 2);
 1978     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Token assigned to no keyslot");
 1979     EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
 1980     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Wrong passphrase");
 1981     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
 1982     OK_(crypt_deactivate(cd, CDEVICE_1));
 1983     EQ_(crypt_token_json_set(cd, 1, NULL), 1);
 1984     FAIL_(crypt_token_json_get(cd, 1, &dummy), "Token is not there");
 1985     EQ_(crypt_token_unassign_keyslot(cd, 2, CRYPT_ANY_SLOT), 2);
 1986     EQ_(crypt_token_unassign_keyslot(cd, 0, CRYPT_ANY_SLOT), 0);
 1987 
 1988     // various tests related to unassigned keyslot to volume segment
 1989     EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
 1990     EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
 1991     EQ_(crypt_token_assign_keyslot(cd, 0, 3), 0);
 1992 
 1993     EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
 1994     EQ_(crypt_activate_by_token(cd, NULL, 0, passptr1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
 1995     // FIXME: useless error message here (or missing one to be specific)
 1996     FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), "No volume key available in token keyslots");
 1997     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
 1998     OK_(crypt_deactivate(cd, CDEVICE_1));
 1999     EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
 2000     OK_(crypt_token_is_assigned(cd, 0, 1));
 2001     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), 1);
 2002     OK_(crypt_deactivate(cd, CDEVICE_1));
 2003 
 2004     EQ_(crypt_token_assign_keyslot(cd, 2, 3), 2);
 2005     OK_(crypt_token_is_assigned(cd, 2, 3));
 2006     EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
 2007     EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
 2008     OK_(crypt_deactivate(cd, CDEVICE_1));
 2009 
 2010 #ifdef KERNEL_KEYRING
 2011     if (t_dm_crypt_keyring_support()) {
 2012         EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), 0);
 2013         OK_(_volume_key_in_keyring(cd, 0));
 2014     }
 2015     OK_(crypt_volume_key_keyring(cd, 0));
 2016 #endif
 2017     FAIL_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), "Can't use keyring when disabled in library");
 2018     OK_(crypt_volume_key_keyring(cd, 1));
 2019 
 2020     EQ_(crypt_token_luks2_keyring_set(cd, 5, &params), 5);
 2021     EQ_(crypt_token_status(cd, 5, &dummy), CRYPT_TOKEN_INTERNAL);
 2022     OK_(strcmp(dummy, "luks2-keyring"));
 2023 
 2024     FAIL_(crypt_token_luks2_keyring_get(cd, 2, &params), "Token is not luks2-keyring type");
 2025 
 2026     FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN0_JSON), "luks2- reserved prefix.");
 2027     FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN1_JSON), "luks2- reserved prefix.");
 2028 
 2029     // test we can use crypt_token_json_set for valid luks2-keyring token
 2030     FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON_BAD("\"0\"", "\"my_desc_x\"")), "Strict luks2-keyring token validation failed");
 2031     EQ_(crypt_token_status(cd, 12, NULL), CRYPT_TOKEN_INACTIVE);
 2032     FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON("\"5\"", "\"my_desc\"")), "Missing keyslot 5.");
 2033     EQ_(crypt_token_json_set(cd, 10, LUKS2_KEYRING_TOKEN_JSON("\"1\"", "\"my_desc\"")), 10);
 2034     EQ_(crypt_token_status(cd, 10, &dummy), CRYPT_TOKEN_INTERNAL);
 2035     OK_(strcmp(dummy, "luks2-keyring"));
 2036     params.key_description = NULL;
 2037     EQ_(crypt_token_luks2_keyring_get(cd, 10, &params), 10);
 2038     OK_(strcmp(params.key_description, "my_desc"));
 2039 
 2040     OK_(crypt_token_is_assigned(cd, 10, 1));
 2041     // unassigned tests
 2042     EQ_(crypt_token_is_assigned(cd, 10, 21), -ENOENT);
 2043     EQ_(crypt_token_is_assigned(cd, 21, 1), -ENOENT);
 2044     // wrong keyslot or token id tests
 2045     EQ_(crypt_token_is_assigned(cd, -1, 1), -EINVAL);
 2046     EQ_(crypt_token_is_assigned(cd, 32, 1), -EINVAL);
 2047     EQ_(crypt_token_is_assigned(cd, 10, -1), -EINVAL);
 2048     EQ_(crypt_token_is_assigned(cd, 10, 32), -EINVAL);
 2049     EQ_(crypt_token_is_assigned(cd, -1, -1), -EINVAL);
 2050     EQ_(crypt_token_is_assigned(cd, 32, 32), -EINVAL);
 2051 
 2052     // test crypt_keyslot_change_by_passphrase does not erase token references
 2053     EQ_(crypt_keyslot_change_by_passphrase(cd, 1, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
 2054     OK_(crypt_token_is_assigned(cd, 10, 5));
 2055     ks = crypt_keyslot_change_by_passphrase(cd, 5, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1));
 2056     NOTFAIL_(ks, "Failed to change keyslot passphrase.");
 2057     OK_(crypt_token_is_assigned(cd, 10, ks));
 2058     CRYPT_FREE(cd);
 2059 
 2060     // test token activation respects keyslot priorities
 2061     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2062     OK_(set_fast_pbkdf(cd));
 2063     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
 2064     EQ_(crypt_keyslot_add_by_volume_key(cd, 0,  NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 2065     EQ_(crypt_keyslot_add_by_key(cd,        3,  NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
 2066     EQ_(crypt_keyslot_add_by_volume_key(cd, 5,  NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 5);
 2067     EQ_(crypt_keyslot_add_by_volume_key(cd, 8,  NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
 2068     EQ_(crypt_keyslot_add_by_volume_key(cd, 12, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 12);
 2069     EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
 2070     EQ_(crypt_keyslot_add_by_volume_key(cd, 31, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 31);
 2071 
 2072     OK_(crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_IGNORE));
 2073     OK_(crypt_keyslot_set_priority(cd, 3, CRYPT_SLOT_PRIORITY_PREFER));
 2074     OK_(crypt_keyslot_set_priority(cd, 8, CRYPT_SLOT_PRIORITY_PREFER));
 2075     OK_(crypt_keyslot_set_priority(cd, 12,CRYPT_SLOT_PRIORITY_PREFER));
 2076 
 2077     // expected unusable with CRYPT_ANY_TOKEN
 2078     EQ_(crypt_token_json_set(cd, 1, TEST_TOKEN_JSON("\"0\", \"3\"")), 1);
 2079 
 2080     // expected unusable (-EPERM)
 2081     EQ_(crypt_token_json_set(cd, 5, TEST_TOKEN_JSON("\"8\"")), 5);
 2082 
 2083     // expected unusable (-EPERM)
 2084     EQ_(crypt_token_json_set(cd, 4, TEST_TOKEN_JSON("\"8\", \"3\"")), 4);
 2085 
 2086     // expected unusable (-ENOENT)
 2087     EQ_(crypt_token_json_set(cd, 6, TEST_TOKEN_JSON("\"3\"")), 6);
 2088 
 2089     // expected unusable (-ENOENT)
 2090     EQ_(crypt_token_json_set(cd, 11, TEST_TOKEN_JSON("")), 11);
 2091 
 2092     token_max = crypt_token_max(CRYPT_LUKS2) - 1;
 2093     GE_(token_max, 0);
 2094 
 2095     // expected to be used first with CRYPT_ANY_TOKEN (unlocks with high priority ks 12)
 2096     EQ_(crypt_token_json_set(cd, token_max, TEST_TOKEN_JSON("\"12\", \"0\", \"3\"")), token_max);
 2097 
 2098     // expected usable with CRYPT_ANY_TOKEN
 2099     EQ_(crypt_token_json_set(cd, 8, TEST_TOKEN_JSON("\"5\", \"0\", \"3\"")), 8);
 2100 
 2101     // of all tokens keyslot 12 has highest priority now
 2102     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
 2103     EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
 2104     OK_(crypt_deactivate(cd, CDEVICE_1));
 2105 
 2106     // with explicit token priority ignore may be used
 2107     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 1, NULL, 0, passptr, 0), 0);
 2108     EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", 1, NULL, 0, passptr, 0), 0);
 2109     OK_(crypt_deactivate(cd, CDEVICE_1));
 2110 
 2111     EQ_(crypt_token_json_set(cd, token_max, NULL), token_max);
 2112 
 2113     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 5);
 2114 
 2115     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 5, NULL, 0, passptr, 0), -EPERM);
 2116     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 4, NULL, 0, passptr, 0), -EPERM);
 2117 
 2118     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, 0), -ENOENT);
 2119     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
 2120 
 2121     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, 0), -ENOENT);
 2122     EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), -ENOENT);
 2123 
 2124     CRYPT_FREE(cd);
 2125 
 2126     EQ_(crypt_token_max(CRYPT_LUKS2), 32);
 2127     FAIL_(crypt_token_max(CRYPT_LUKS1), "No token support in LUKS1");
 2128     FAIL_(crypt_token_max(NULL), "No LUKS format specified");
 2129     _cleanup_dmdevices();
 2130 }
 2131 
 2132 static void LuksConvert(void)
 2133 {
 2134     uint64_t offset, r_payload_offset;
 2135 
 2136     const char *json = "{\"type\":\"convert_block\",\"keyslots\":[]}";
 2137     const struct crypt_pbkdf_type argon = {
 2138         .type = CRYPT_KDF_ARGON2I,
 2139         .hash = "sha512",
 2140         .time_ms = 1,
 2141         .max_memory_kb = 1024,
 2142         .parallel_threads = 1
 2143     }, pbkdf2 = {
 2144         .type = CRYPT_KDF_PBKDF2,
 2145         .hash = "sha1",
 2146         .time_ms = 1
 2147     };
 2148 
 2149     struct crypt_params_luks1 luks1 = {
 2150         .hash = "sha256",
 2151         .data_device = DMDIR L_DEVICE_1S
 2152     };
 2153 
 2154     struct crypt_params_luks2 luks2 = {
 2155         .pbkdf = &pbkdf2,
 2156         .sector_size = 512
 2157     };
 2158 
 2159     const char *cipher = "aes";
 2160     const char *cipher_mode = "xts-plain64";
 2161 
 2162     // prepare the device
 2163     OK_(crypt_init(&cd, DEVICE_1));
 2164     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 2165     OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NULL));
 2166     offset = crypt_get_data_offset(cd);
 2167     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 2168     EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 7);
 2169     CRYPT_FREE(cd);
 2170 
 2171     // convert LUKSv1 -> LUKSv2
 2172     OK_(crypt_init(&cd, DEVICE_1));
 2173     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2174     FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
 2175     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
 2176     FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "device is active");
 2177     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
 2178     OK_(crypt_deactivate(cd, CDEVICE_1));
 2179     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2180     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
 2181     CRYPT_FREE(cd);
 2182 
 2183     // check result
 2184     OK_(crypt_init(&cd, DEVICE_1));
 2185     FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "wrong luks format");
 2186     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2187     EQ_(crypt_get_data_offset(cd), offset);
 2188     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
 2189     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
 2190     OK_(crypt_deactivate(cd, CDEVICE_1));
 2191     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
 2192     OK_(crypt_deactivate(cd, CDEVICE_1));
 2193     FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "format is already LUKSv2");
 2194     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
 2195     CRYPT_FREE(cd);
 2196 
 2197     // convert LUKSv2 -> LUKSv1
 2198     OK_(crypt_init(&cd, DEVICE_1));
 2199     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2200     EQ_(crypt_get_data_offset(cd), offset);
 2201     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
 2202     FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "device is active");
 2203     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
 2204     OK_(crypt_deactivate(cd, CDEVICE_1));
 2205     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2206     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
 2207     CRYPT_FREE(cd);
 2208 
 2209     // check result
 2210     OK_(crypt_init(&cd, DEVICE_1));
 2211     FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "wrong luks format");
 2212     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2213     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
 2214     EQ_(crypt_get_data_offset(cd), offset);
 2215     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
 2216     OK_(crypt_deactivate(cd, CDEVICE_1));
 2217     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
 2218     OK_(crypt_deactivate(cd, CDEVICE_1));
 2219     FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
 2220     OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
 2221     CRYPT_FREE(cd);
 2222 
 2223     // exercice non-pbkdf2 LUKSv2 conversion
 2224     if (!_fips_mode) {
 2225         OK_(crypt_init(&cd, DEVICE_1));
 2226         OK_(crypt_set_data_offset(cd, offset));
 2227         OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
 2228         OK_(crypt_set_pbkdf_type(cd, &argon));
 2229         EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 2230         FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Incompatible pbkdf with LUKSv1 format");
 2231         CRYPT_FREE(cd);
 2232     }
 2233 
 2234     // exercice non LUKS1 compatible keyslot
 2235     OK_(crypt_init(&cd, DEVICE_1));
 2236     OK_(crypt_set_data_offset(cd, offset));
 2237     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
 2238     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 2239     EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
 2240     // FIXME: following test fails as expected but for a different reason
 2241     FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Unassigned keyslots are incompatible with LUKSv1 format");
 2242     CRYPT_FREE(cd);
 2243 
 2244     // exercice LUKSv2 conversion with single pbkdf2 keyslot being active
 2245     OK_(crypt_init(&cd, DEVICE_1));
 2246     OK_(crypt_set_data_offset(cd, offset));
 2247     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 2248     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
 2249     offset = crypt_get_data_offset(cd);
 2250     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 2251     if (!_fips_mode) {
 2252         OK_(crypt_set_pbkdf_type(cd, &argon));
 2253         EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 1);
 2254         FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Different hash for digest and keyslot.");
 2255         OK_(crypt_keyslot_destroy(cd, 1));
 2256     }
 2257     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2258     EQ_(crypt_get_data_offset(cd), offset);
 2259     CRYPT_FREE(cd);
 2260     OK_(crypt_init(&cd, DEVICE_1));
 2261     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2262     EQ_(crypt_get_data_offset(cd), offset);
 2263     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
 2264     CRYPT_FREE(cd);
 2265 
 2266     // do not allow conversion on keyslot No > 7
 2267     OK_(crypt_init(&cd, DEVICE_1));
 2268     OK_(crypt_set_data_offset(cd, offset));
 2269     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
 2270     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 2271     EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
 2272     FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert keyslot No 8");
 2273     CRYPT_FREE(cd);
 2274 
 2275     // do not allow conversion with token
 2276     OK_(crypt_init(&cd, DEVICE_1));
 2277     OK_(crypt_set_data_offset(cd, offset));
 2278     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
 2279     OK_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json));
 2280     FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert header with token.");
 2281     CRYPT_FREE(cd);
 2282 
 2283     // should be enough for both luks1 and luks2 devices with all vk lengths
 2284     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 2285     OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
 2286 
 2287     // do not allow conversion for legacy luks1 device (non-aligned keyslot offset)
 2288     OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_LEGACY " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
 2289     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2290     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2291     FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
 2292     CRYPT_FREE(cd);
 2293 
 2294     /*
 2295      * do not allow conversion on images if there's not enough space between
 2296      * last keyslot and data offset (should not happen on headers created
 2297      * with cryptsetup)
 2298      */
 2299     OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_UNMOVABLE " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
 2300     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2301     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2302     FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
 2303     CRYPT_FREE(cd);
 2304 
 2305     // compat conversion tests
 2306     // LUKS1 -> LUKS2
 2307 
 2308     // 128b key
 2309     OK_(_system("dd if=" CONV_DIR "/" CONV_L1_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
 2310 
 2311     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2312     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2313     offset = crypt_get_data_offset(cd);
 2314     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2315     EQ_(crypt_get_data_offset(cd), offset);
 2316     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
 2317     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2318     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2319     CRYPT_FREE(cd);
 2320     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2321     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2322     EQ_(crypt_get_data_offset(cd), offset);
 2323     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2324     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2325     CRYPT_FREE(cd);
 2326 
 2327     // 256b key
 2328     OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
 2329 
 2330     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2331     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2332     offset = crypt_get_data_offset(cd);
 2333     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2334     EQ_(crypt_get_data_offset(cd), offset);
 2335     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
 2336     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2337     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2338     CRYPT_FREE(cd);
 2339     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2340     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2341     EQ_(crypt_get_data_offset(cd), offset);
 2342     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2343     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2344     CRYPT_FREE(cd);
 2345 
 2346     // 512b key
 2347     OK_(_system("dd if=" CONV_DIR "/" CONV_L1_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
 2348 
 2349     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2350     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2351     offset = crypt_get_data_offset(cd);
 2352     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2353     EQ_(crypt_get_data_offset(cd), offset);
 2354     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
 2355     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2356     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2357     CRYPT_FREE(cd);
 2358     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2359     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2360     EQ_(crypt_get_data_offset(cd), offset);
 2361     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2362     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2363     CRYPT_FREE(cd);
 2364 
 2365     // detached LUKS1 header conversion
 2366     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
 2367     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2368     offset = crypt_get_data_offset(cd);
 2369     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2370     EQ_(crypt_get_data_offset(cd), offset);
 2371     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
 2372     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2373     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2374     CRYPT_FREE(cd);
 2375     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
 2376     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2377     EQ_(crypt_get_data_offset(cd), offset);
 2378     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2379     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2380     CRYPT_FREE(cd);
 2381 
 2382     // 256b key
 2383     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
 2384     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2385     offset = crypt_get_data_offset(cd);
 2386     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2387     EQ_(crypt_get_data_offset(cd), offset);
 2388     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
 2389     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2390     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2391     CRYPT_FREE(cd);
 2392     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
 2393     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2394     EQ_(crypt_get_data_offset(cd), offset);
 2395     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2396     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2397     CRYPT_FREE(cd);
 2398 
 2399     // 512b key
 2400     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
 2401     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2402     offset = crypt_get_data_offset(cd);
 2403     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2404     EQ_(crypt_get_data_offset(cd), offset);
 2405     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
 2406     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2407     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2408     CRYPT_FREE(cd);
 2409     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
 2410     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2411     EQ_(crypt_get_data_offset(cd), offset);
 2412     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2413     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2414     CRYPT_FREE(cd);
 2415 
 2416     // LUKS2 -> LUKS1
 2417     // 128b key
 2418     OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 2419 
 2420     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2421     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2422     offset = crypt_get_data_offset(cd);
 2423     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2424     EQ_(crypt_get_data_offset(cd), offset);
 2425     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2426     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2427     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2428     CRYPT_FREE(cd);
 2429     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2430     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2431     EQ_(crypt_get_data_offset(cd), offset);
 2432     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2433     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2434     CRYPT_FREE(cd);
 2435 
 2436     // 128b all LUKS1 keyslots used
 2437     OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 2438     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2439     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2440     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2441     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2442     CRYPT_FREE(cd);
 2443     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2444     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2445     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2446     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2447     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
 2448     EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
 2449     EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
 2450     EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
 2451     EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
 2452     EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
 2453     CRYPT_FREE(cd);
 2454 
 2455     // 256b key
 2456     OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 2457 
 2458     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2459     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2460     offset = crypt_get_data_offset(cd);
 2461     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2462     EQ_(crypt_get_data_offset(cd), offset);
 2463     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2464     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2465     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2466     CRYPT_FREE(cd);
 2467     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2468     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2469     EQ_(crypt_get_data_offset(cd), offset);
 2470     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2471     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2472     CRYPT_FREE(cd);
 2473 
 2474     // 256b all LUKS1 keyslots used
 2475     OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 2476     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2477     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2478     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2479     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2480     CRYPT_FREE(cd);
 2481     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2482     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2483     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2484     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2485     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
 2486     EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
 2487     EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
 2488     EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
 2489     EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
 2490     EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
 2491     CRYPT_FREE(cd);
 2492 
 2493     // 512b key
 2494     OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 2495 
 2496     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2497     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2498     offset = crypt_get_data_offset(cd);
 2499     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2500     EQ_(crypt_get_data_offset(cd), offset);
 2501     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2502     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2503     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2504     CRYPT_FREE(cd);
 2505     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2506     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2507     EQ_(crypt_get_data_offset(cd), offset);
 2508     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2509     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2510     CRYPT_FREE(cd);
 2511 
 2512     // 512b all LUKS1 keyslots used
 2513     OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 2514     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2515     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2516     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2517     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2518     CRYPT_FREE(cd);
 2519     OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
 2520     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2521     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2522     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2523     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
 2524     EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
 2525     EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
 2526     EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
 2527     EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
 2528     EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
 2529     CRYPT_FREE(cd);
 2530 
 2531     // detached headers
 2532     // 128b
 2533     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
 2534     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2535     offset = crypt_get_data_offset(cd);
 2536     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2537     EQ_(crypt_get_data_offset(cd), offset);
 2538     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2539     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2540     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2541     CRYPT_FREE(cd);
 2542     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
 2543     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2544     EQ_(crypt_get_data_offset(cd), offset);
 2545     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2546     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2547     CRYPT_FREE(cd);
 2548 
 2549     // 128b all LUKS1 keyslots used
 2550     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
 2551     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2552     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2553     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2554     CRYPT_FREE(cd);
 2555     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
 2556     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2557     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2558     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2559     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
 2560     EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
 2561     EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
 2562     EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
 2563     EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
 2564     EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
 2565     CRYPT_FREE(cd);
 2566 
 2567     // 256b key
 2568     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
 2569     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2570     offset = crypt_get_data_offset(cd);
 2571     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2572     EQ_(crypt_get_data_offset(cd), offset);
 2573     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2574     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2575     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2576     CRYPT_FREE(cd);
 2577     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
 2578     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2579     EQ_(crypt_get_data_offset(cd), offset);
 2580     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2581     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2582     CRYPT_FREE(cd);
 2583 
 2584     // 256b all LUKS1 keyslots used
 2585     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
 2586     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2587     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2588     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2589     CRYPT_FREE(cd);
 2590     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
 2591     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2592     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2593     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2594     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
 2595     EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
 2596     EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
 2597     EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
 2598     EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
 2599     EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
 2600     CRYPT_FREE(cd);
 2601 
 2602     // 512b key
 2603     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
 2604     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2605     offset = crypt_get_data_offset(cd);
 2606     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2607     EQ_(crypt_get_data_offset(cd), offset);
 2608     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2609     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2610     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2611     CRYPT_FREE(cd);
 2612     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
 2613     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2614     EQ_(crypt_get_data_offset(cd), offset);
 2615     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2616     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2617     CRYPT_FREE(cd);
 2618 
 2619     // 512b all LUKS1 keyslots used
 2620     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
 2621     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 2622     OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
 2623     EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
 2624     CRYPT_FREE(cd);
 2625     OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
 2626     OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
 2627     EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
 2628     EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
 2629     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
 2630     EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
 2631     EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
 2632     EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
 2633     EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
 2634     EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
 2635     CRYPT_FREE(cd);
 2636 
 2637     // detached LUKS1 header upconversion
 2638     OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header should fit there
 2639     OK_(crypt_init(&cd, DMDIR H_DEVICE));
 2640     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 2641     OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
 2642     EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
 2643     FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space.");
 2644     CRYPT_FREE(cd);
 2645 
 2646     // 2050 sectors, empty file
 2647     OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2));
 2648     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 2649     OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
 2650     EQ_(crypt_get_data_offset(cd), 0);
 2651     EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
 2652     OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
 2653     CRYPT_FREE(cd);
 2654 
 2655     _cleanup_dmdevices();
 2656 }
 2657 
 2658 static void Pbkdf(void)
 2659 {
 2660     const struct crypt_pbkdf_type *pbkdf;
 2661 
 2662     const char *cipher = "aes", *mode="xts-plain64";
 2663     struct crypt_pbkdf_type argon2 = {
 2664         .type = CRYPT_KDF_ARGON2I,
 2665         .hash = default_luks1_hash,
 2666         .time_ms = 6,
 2667         .max_memory_kb = 1024,
 2668         .parallel_threads = 1
 2669     }, pbkdf2 = {
 2670         .type = CRYPT_KDF_PBKDF2,
 2671         .hash = default_luks1_hash,
 2672         .time_ms = 9
 2673     }, bad = {
 2674         .type = "hamster_pbkdf",
 2675         .hash = default_luks1_hash
 2676     };
 2677     struct crypt_params_plain params = {
 2678         .hash = "sha1",
 2679         .skip = 0,
 2680         .offset = 0,
 2681         .size = 0
 2682     };
 2683     struct crypt_params_luks1 luks1 = {
 2684         .hash = "sha512", // test non-standard hash
 2685         .data_alignment = 2048,
 2686     };
 2687 
 2688     uint64_t r_payload_offset;
 2689 
 2690     /* Only PBKDF2 is allowed in FIPS, these tests cannot be run. */
 2691     if (_fips_mode)
 2692         return;
 2693 
 2694     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 2695     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
 2696 
 2697     NULL_(crypt_get_pbkdf_type_params(NULL));
 2698     NULL_(crypt_get_pbkdf_type_params("suslik"));
 2699     NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2));
 2700     OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
 2701     NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2I));
 2702     OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2I));
 2703     NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2ID));
 2704     OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2ID));
 2705 
 2706     // test empty context
 2707     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2708     NULL_(crypt_get_pbkdf_type(cd));
 2709     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2710     NOTNULL_(crypt_get_pbkdf_type(cd));
 2711     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 2712     NOTNULL_(crypt_get_pbkdf_type(cd));
 2713     OK_(crypt_set_pbkdf_type(cd, NULL));
 2714     NOTNULL_(crypt_get_pbkdf_type(cd));
 2715 
 2716     // test plain device
 2717     OK_(crypt_format(cd, CRYPT_PLAIN, cipher, mode, NULL, NULL, 32, &params));
 2718     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2719     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 2720     OK_(crypt_set_pbkdf_type(cd, NULL));
 2721     NOTNULL_(crypt_get_pbkdf_type(cd));
 2722     CRYPT_FREE(cd);
 2723 
 2724     // test LUKSv1 device
 2725     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2726     OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
 2727     FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Unsupported with non-LUKS2 devices");
 2728     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 2729     OK_(crypt_set_pbkdf_type(cd, NULL));
 2730     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2731     EQ_(pbkdf->time_ms, default_luks1_iter_time);
 2732     CRYPT_FREE(cd);
 2733     // test value set in crypt_set_iteration_time() can be obtained via following crypt_get_pbkdf_type()
 2734     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2735     crypt_set_iteration_time(cd, 42);
 2736     OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
 2737     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2738     EQ_(pbkdf->time_ms, 42);
 2739     // test crypt_get_pbkdf_type() returns expected values for LUKSv1
 2740     OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
 2741     OK_(strcmp(pbkdf->hash, default_luks1_hash));
 2742     EQ_(pbkdf->max_memory_kb, 0);
 2743     EQ_(pbkdf->parallel_threads, 0);
 2744     crypt_set_iteration_time(cd, 43);
 2745     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2746     EQ_(pbkdf->time_ms, 43);
 2747     CRYPT_FREE(cd);
 2748     // test whether crypt_get_pbkdf_type() after double crypt_load()
 2749     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2750     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2751     crypt_set_iteration_time(cd, 42);
 2752     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2753     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2754     EQ_(pbkdf->time_ms, 42);
 2755     CRYPT_FREE(cd);
 2756     // test whether hash passed via *params in crypt_load() has higher priority
 2757     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2758     crypt_set_iteration_time(cd, 1);
 2759     OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, &luks1));
 2760     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2761     OK_(strcmp(pbkdf->hash, luks1.hash));
 2762     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2763     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2764     OK_(strcmp(pbkdf->hash, luks1.hash));
 2765     CRYPT_FREE(cd);
 2766 
 2767     // test LUKSv2 device
 2768     // test default values are set
 2769     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2770     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
 2771     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2772     OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
 2773     OK_(strcmp(pbkdf->hash, default_luks1_hash));
 2774     EQ_(pbkdf->time_ms, default_luks2_iter_time);
 2775     EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
 2776     EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
 2777     // set and verify argon2 type
 2778     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2779     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2780     OK_(strcmp(pbkdf->type, argon2.type));
 2781     OK_(strcmp(pbkdf->hash, argon2.hash));
 2782     EQ_(pbkdf->time_ms, argon2.time_ms);
 2783     EQ_(pbkdf->max_memory_kb, argon2.max_memory_kb);
 2784     EQ_(pbkdf->parallel_threads, argon2.parallel_threads);
 2785     // set and verify pbkdf2 type
 2786     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 2787     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2788     OK_(strcmp(pbkdf->type, pbkdf2.type));
 2789     OK_(strcmp(pbkdf->hash, pbkdf2.hash));
 2790     EQ_(pbkdf->time_ms, pbkdf2.time_ms);
 2791     EQ_(pbkdf->max_memory_kb, pbkdf2.max_memory_kb);
 2792     EQ_(pbkdf->parallel_threads, pbkdf2.parallel_threads);
 2793     // reset and verify default values
 2794     crypt_set_iteration_time(cd, 1); // it's supposed to override this call
 2795     OK_(crypt_set_pbkdf_type(cd, NULL));
 2796     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2797     OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
 2798     OK_(strcmp(pbkdf->hash, default_luks1_hash));
 2799     EQ_(pbkdf->time_ms, default_luks2_iter_time);
 2800     EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
 2801     EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
 2802     // try to pass illegal values
 2803     argon2.parallel_threads = 0;
 2804     FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0");
 2805     argon2.parallel_threads = 1;
 2806     argon2.max_memory_kb = 0;
 2807     FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Memory can't be 0");
 2808     argon2.max_memory_kb = 1024;
 2809     pbkdf2.parallel_threads = 1;
 2810     FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Parallel threads can't be set with pbkdf2 type");
 2811     pbkdf2.parallel_threads = 0;
 2812     pbkdf2.max_memory_kb = 512;
 2813     FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Memory can't be set with pbkdf2 type");
 2814     FAIL_(crypt_set_pbkdf_type(cd, &bad), "Unknown type member");
 2815     bad.type = CRYPT_KDF_PBKDF2;
 2816     bad.hash = NULL;
 2817     FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty");
 2818     bad.type = NULL;
 2819     bad.hash = default_luks1_hash;
 2820     FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
 2821     bad.hash = "hamster_hash";
 2822     FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
 2823     CRYPT_FREE(cd);
 2824     // test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
 2825     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2826     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2827     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2828     OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
 2829     OK_(strcmp(pbkdf->hash, default_luks1_hash));
 2830     EQ_(pbkdf->time_ms, default_luks2_iter_time);
 2831     EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
 2832     EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
 2833     crypt_set_iteration_time(cd, 1);
 2834     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 2835     OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
 2836     OK_(strcmp(pbkdf->hash, default_luks1_hash));
 2837     EQ_(pbkdf->time_ms, 1);
 2838     EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
 2839     EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
 2840     CRYPT_FREE(cd);
 2841 
 2842     // test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time()
 2843     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2844     crypt_set_iteration_time(cd, 0);
 2845     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2846     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2847     OK_(strcmp(pbkdf->type, argon2.type));
 2848     EQ_(pbkdf->time_ms, argon2.time_ms);
 2849 
 2850     // force iterations
 2851     argon2.iterations = 33;
 2852     argon2.flags = CRYPT_PBKDF_NO_BENCHMARK;
 2853     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2854     NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
 2855     EQ_(pbkdf->iterations, 33);
 2856     EQ_(pbkdf->flags, CRYPT_PBKDF_NO_BENCHMARK);
 2857 
 2858     // time may be unset with iterations
 2859     argon2.time_ms = 0;
 2860     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2861     argon2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
 2862     FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Illegal time value.");
 2863 
 2864     pbkdf2.time_ms = 0;
 2865     pbkdf2.flags = CRYPT_PBKDF_NO_BENCHMARK;
 2866     pbkdf2.parallel_threads = 0;
 2867     pbkdf2.max_memory_kb = 0;
 2868     pbkdf2.iterations = 1000;
 2869     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 2870     pbkdf2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
 2871     FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Illegal time value.");
 2872 
 2873     // hash is relevant only with pbkdf2
 2874     pbkdf2.time_ms = 9;
 2875     pbkdf2.hash = NULL;
 2876     FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2");
 2877     pbkdf2.hash = "sha1";
 2878     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 2879 
 2880     argon2.time_ms = 9;
 2881     argon2.hash = "sha1"; // will be ignored
 2882     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2883     argon2.hash = NULL;
 2884     OK_(crypt_set_pbkdf_type(cd, &argon2));
 2885 
 2886     CRYPT_FREE(cd);
 2887 
 2888     NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1));
 2889     OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
 2890     EQ_(pbkdf->time_ms, default_luks1_iter_time);
 2891     OK_(strcmp(pbkdf->hash, default_luks1_hash));
 2892     EQ_(pbkdf->max_memory_kb, 0);
 2893     EQ_(pbkdf->parallel_threads, 0);
 2894 
 2895     NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2));
 2896     OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
 2897     EQ_(pbkdf->time_ms, default_luks2_iter_time);
 2898     OK_(strcmp(pbkdf->hash, default_luks1_hash));
 2899     EQ_(pbkdf->max_memory_kb, default_luks2_memory_kb);
 2900     EQ_(pbkdf->parallel_threads, default_luks2_parallel_threads);
 2901 
 2902     NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN));
 2903 
 2904     _cleanup_dmdevices();
 2905 }
 2906 
 2907 static void Luks2KeyslotAdd(void)
 2908 {
 2909     char key[128], key2[128], key_ret[128];
 2910     const char *cipher = "aes", *cipher_mode="xts-plain64";
 2911     const char *mk_hex =  "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 2912     const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
 2913     size_t key_ret_len, key_size = strlen(mk_hex) / 2;
 2914     uint64_t r_payload_offset;
 2915     struct crypt_pbkdf_type pbkdf = {
 2916         .type = "argon2i",
 2917         .hash = "sha256",
 2918         .iterations = 4,
 2919         .max_memory_kb = 32,
 2920         .parallel_threads = 1,
 2921         .flags = CRYPT_PBKDF_NO_BENCHMARK,
 2922     };
 2923     struct crypt_params_luks2 params2 = {
 2924         .pbkdf = &pbkdf,
 2925         .sector_size = TST_SECTOR_SIZE
 2926     };
 2927 
 2928     crypt_decode_key(key, mk_hex, key_size);
 2929     crypt_decode_key(key2, mk_hex2, key_size);
 2930 
 2931     /* Cannot use Argon2 in FIPS */
 2932     if (_fips_mode) {
 2933         pbkdf.type = CRYPT_KDF_PBKDF2;
 2934         pbkdf.parallel_threads = 0;
 2935         pbkdf.max_memory_kb = 0;
 2936         pbkdf.iterations = 1000;
 2937     }
 2938 
 2939     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 2940     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
 2941 
 2942     /* test crypt_keyslot_add_by_key */
 2943     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 2944     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params2));
 2945     EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
 2946     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
 2947     EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
 2948     EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_UNBOUND);
 2949     /* must not activate volume with keyslot unassigned to a segment */
 2950     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0), "Key doesn't match volume key digest");
 2951     FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), "Keyslot not assigned to volume");
 2952     FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), "No keyslot assigned to volume with this passphrase");
 2953     /* unusable for volume activation even in test mode */
 2954     FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Key doesn't match volume key digest");
 2955     /* otoh passphrase check should pass */
 2956     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
 2957     EQ_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
 2958     /* in general crypt_keyslot_add_by_key must allow any reasonable key size
 2959      * even though such keyslot will not be usable for segment encryption */
 2960     EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size-1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
 2961     EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 13, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
 2962 
 2963     FAIL_(crypt_keyslot_get_key_size(cd, CRYPT_ANY_SLOT), "Bad keyslot specification.");
 2964     EQ_(crypt_get_volume_key_size(cd), key_size);
 2965     EQ_(crypt_keyslot_get_key_size(cd, 0), key_size);
 2966     EQ_(crypt_keyslot_get_key_size(cd, 1), key_size);
 2967     EQ_(crypt_keyslot_get_key_size(cd, 2), key_size-1);
 2968     EQ_(crypt_keyslot_get_key_size(cd, 3), 13);
 2969 
 2970     key_ret_len = key_size - 1;
 2971     FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "Wrong size");
 2972 
 2973     key_ret_len = 13;
 2974     FAIL_(crypt_volume_key_get(cd, 2, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "wrong size");
 2975     EQ_(crypt_volume_key_get(cd, 3, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 3);
 2976     FAIL_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0), "Not a volume key");
 2977     key_ret_len = key_size;
 2978     EQ_(crypt_volume_key_get(cd, 1, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
 2979 
 2980     /* test force volume key change works as expected */
 2981     EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
 2982     OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
 2983     OK_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0));
 2984     OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0));
 2985     OK_(crypt_deactivate(cd, CDEVICE_1));
 2986     EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
 2987     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
 2988     OK_(crypt_deactivate(cd, CDEVICE_1));
 2989     /* old keyslot must be unusable */
 2990     FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Key doesn't match volume key digest");
 2991     FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Key doesn't match volume key digest");
 2992     FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "Keyslot not assigned to volume");
 2993     EQ_(crypt_keyslot_add_by_passphrase(cd, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
 2994     EQ_(crypt_keyslot_add_by_volume_key(cd, 6, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1)), 6);
 2995     /* regression test. check new keyslot is properly assigned to new volume key digest */
 2996     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
 2997     OK_(crypt_deactivate(cd, CDEVICE_1));
 2998     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE1, strlen(PASSPHRASE1), 0), 6);
 2999     OK_(crypt_deactivate(cd, CDEVICE_1));
 3000 
 3001     CRYPT_FREE(cd);
 3002 
 3003     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3004     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params2));
 3005     /* keyslot 0, volume key, digest 0 */
 3006     EQ_(crypt_keyslot_add_by_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
 3007      /* keyslot 1, unbound key, digest 1 */
 3008     EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
 3009      /* keyslot 2, unbound key, digest 1 */
 3010     EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 2);
 3011      /* keyslot 3, unbound key, digest 2 */
 3012     EQ_(crypt_keyslot_add_by_key(cd, 3, key2, key_size - 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 3);
 3013      /* keyslot 4, unbound key, digest 1 */
 3014     EQ_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 4);
 3015     FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET), "Illegal");
 3016     FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET | CRYPT_VOLUME_KEY_DIGEST_REUSE), "Illegal");
 3017     /* Such key doesn't exist, nothing to reuse */
 3018     FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size - 2, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), "Key digest doesn't match any existing.");
 3019     /* Keyslot 5, volume key, digest 0 */
 3020     EQ_(crypt_keyslot_add_by_key(cd, 5, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), 5);
 3021 
 3022     OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
 3023     EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
 3024     OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
 3025     FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Not a volume key");
 3026     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
 3027     OK_(crypt_deactivate(cd, CDEVICE_1));
 3028     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 2, PASSPHRASE1, strlen(PASSPHRASE1), 0), 2);
 3029     OK_(crypt_deactivate(cd, CDEVICE_1));
 3030     FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "No volume key keyslot");
 3031 
 3032     /* TODO: key is unusable with aes-xts */
 3033     // FAIL_(crypt_keyslot_add_by_key(cd, 3, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), "Unusable key with segment cipher");
 3034 
 3035     EQ_(crypt_keyslot_add_by_key(cd, 5, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 5);
 3036     FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Not a volume key");
 3037     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
 3038     OK_(crypt_deactivate(cd, CDEVICE_1));
 3039 
 3040     CRYPT_FREE(cd);
 3041 
 3042     _cleanup_dmdevices();
 3043 }
 3044 
 3045 static void Luks2KeyslotParams(void)
 3046 {
 3047     char key[128], key2[128];
 3048     const char *cipher = "aes", *cipher_mode="xts-plain64";
 3049     const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-essiv:sha256";
 3050     const char *mk_hex =  "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 3051     const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
 3052     size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16;
 3053     uint64_t r_payload_offset;
 3054 
 3055     crypt_decode_key(key, mk_hex, key_size);
 3056     crypt_decode_key(key2, mk_hex2, key_size);
 3057 
 3058     OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
 3059     OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
 3060 
 3061     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 3062     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
 3063 
 3064     EQ_(key_size, 2 * keyslot_key_size);
 3065     /* test crypt_keyslot_add_by_key */
 3066     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3067     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 3068     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
 3069     NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
 3070     OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
 3071     EQ_(key_size_ret, key_size);
 3072 
 3073     // Normal slots
 3074     EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
 3075     EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
 3076     EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
 3077     EQ_(6, crypt_keyslot_add_by_keyfile(cd, 6, KEYFILE1, 0, KEYFILE2, 0));
 3078 
 3079     // Slots with different encryption type
 3080     OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
 3081     OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_keyslot));
 3082     EQ_(key_size_ret, keyslot_key_size);
 3083 
 3084     EQ_(3, crypt_keyslot_add_by_volume_key(cd, 3, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
 3085     EQ_(4, crypt_keyslot_add_by_passphrase(cd, 4, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
 3086     EQ_(5, crypt_keyslot_add_by_key(cd, 5, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
 3087     EQ_(7, crypt_keyslot_add_by_keyfile(cd, 7, KEYFILE1, 0, KEYFILE2, 0));
 3088 
 3089     CRYPT_FREE(cd);
 3090 
 3091     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3092     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 3093 
 3094     EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE);
 3095     OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
 3096     EQ_(key_size_ret, key_size);
 3097 
 3098     EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE);
 3099     OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_spec));
 3100     EQ_(key_size_ret, key_size);
 3101 
 3102     EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_UNBOUND);
 3103     OK_(strcmp(crypt_keyslot_get_encryption(cd, 2, &key_size_ret), cipher_spec));
 3104     EQ_(key_size_ret, key_size);
 3105 
 3106     EQ_(crypt_keyslot_status(cd, 6), CRYPT_SLOT_ACTIVE);
 3107     OK_(strcmp(crypt_keyslot_get_encryption(cd, 6, &key_size_ret), cipher_spec));
 3108     EQ_(key_size_ret, key_size);
 3109 
 3110     EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE);
 3111     OK_(strcmp(crypt_keyslot_get_encryption(cd, 3, &key_size_ret), cipher_keyslot));
 3112     EQ_(key_size_ret, keyslot_key_size);
 3113 
 3114     EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE);
 3115     OK_(strcmp(crypt_keyslot_get_encryption(cd, 4, &key_size_ret), cipher_keyslot));
 3116     EQ_(key_size_ret, keyslot_key_size);
 3117 
 3118     EQ_(crypt_keyslot_status(cd, 5), CRYPT_SLOT_UNBOUND);
 3119     OK_(strcmp(crypt_keyslot_get_encryption(cd, 5, &key_size_ret), cipher_keyslot));
 3120     EQ_(key_size_ret, keyslot_key_size);
 3121 
 3122     EQ_(crypt_keyslot_status(cd, 7), CRYPT_SLOT_ACTIVE);
 3123     OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_keyslot));
 3124     EQ_(key_size_ret, keyslot_key_size);
 3125 
 3126     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 3127     EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
 3128     OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spec));
 3129     EQ_(key_size_ret, key_size);
 3130 
 3131     /* Revert to default */
 3132     EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
 3133     OK_(strcmp(crypt_keyslot_get_encryption(cd, 9, &key_size_ret), cipher_spec));
 3134     EQ_(key_size_ret, key_size);
 3135 
 3136     /* Set new encryption params */
 3137     OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
 3138 
 3139     EQ_(1, crypt_keyslot_change_by_passphrase(cd, 8, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
 3140     OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_keyslot));
 3141     EQ_(key_size_ret, keyslot_key_size);
 3142 
 3143     EQ_(10, crypt_keyslot_change_by_passphrase(cd, 2, 10, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
 3144     OK_(strcmp(crypt_keyslot_get_encryption(cd, 10, &key_size_ret), cipher_keyslot));
 3145     EQ_(key_size_ret, keyslot_key_size);
 3146 
 3147     EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
 3148     OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_keyslot));
 3149     EQ_(key_size_ret, keyslot_key_size);
 3150 
 3151     CRYPT_FREE(cd);
 3152 
 3153     /* LUKS1 compatible calls */
 3154     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3155     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 3156     OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL));
 3157     NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
 3158     OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
 3159     EQ_(key_size_ret, key_size);
 3160     EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
 3161     OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
 3162     EQ_(key_size_ret, key_size);
 3163     CRYPT_FREE(cd);
 3164 
 3165     /* LUKS2 cipher null checks */
 3166     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3167     OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
 3168     OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
 3169     FAIL_(crypt_keyslot_set_encryption(cd, "null", 32), "cipher null is not allowed");
 3170     FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null", 32), "cipher null is not allowed");
 3171     FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null-ecb", 32), "cipher null is not allowed");
 3172     EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
 3173     NOTNULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
 3174     NULL_(strstr(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), "null"));
 3175     CRYPT_FREE(cd);
 3176 
 3177     _cleanup_dmdevices();
 3178     _remove_keyfiles();
 3179 }
 3180 
 3181 static void Luks2ActivateByKeyring(void)
 3182 {
 3183 #ifdef KERNEL_KEYRING
 3184 
 3185     key_serial_t kid, kid1;
 3186     uint64_t r_payload_offset;
 3187 
 3188     const char *cipher = "aes";
 3189     const char *cipher_mode = "xts-plain64";
 3190 
 3191     if (!t_dm_crypt_keyring_support()) {
 3192         printf("WARNING: Kernel keyring not supported, skipping test.\n");
 3193         return;
 3194     }
 3195 
 3196     kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
 3197     NOTFAIL_(kid, "Test or kernel keyring are broken.");
 3198     kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
 3199     NOTFAIL_(kid1, "Test or kernel keyring are broken.");
 3200 
 3201     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 3202     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
 3203 
 3204     // prepare the device
 3205     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3206     OK_(set_fast_pbkdf(cd));
 3207     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
 3208     EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
 3209     EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
 3210     EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 2);
 3211     CRYPT_FREE(cd);
 3212 
 3213     // FIXME: all following tests work as expected but most error messages are missing
 3214     // check activate by keyring works exactly same as by passphrase
 3215     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3216     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 3217     EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0), 0);
 3218     EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), 0);
 3219     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 3220     FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), "already open");
 3221     OK_(crypt_deactivate(cd, CDEVICE_1));
 3222     EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
 3223     EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
 3224     EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 2, 0), 2);
 3225     FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 1, 0), "Keyslot not assigned to volume");
 3226     EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), 2);
 3227     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 3228     OK_(crypt_deactivate(cd, CDEVICE_1));
 3229     EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, CRYPT_ANY_SLOT, 0), 2);
 3230     OK_(crypt_deactivate(cd, CDEVICE_1));
 3231     FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 2, 0), "Failed to unclock keyslot");
 3232     FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 0, 0), "Failed to unclock keyslot");
 3233     CRYPT_FREE(cd);
 3234 
 3235     NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
 3236     NOTFAIL_(keyctl_unlink(kid1, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
 3237 
 3238     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3239     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 3240     FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
 3241     FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
 3242     FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), "no such key in keyring");
 3243     FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, 0), "no such key in keyring");
 3244     CRYPT_FREE(cd);
 3245     _cleanup_dmdevices();
 3246 #else
 3247     printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
 3248 #endif
 3249 }
 3250 
 3251 static void Luks2Requirements(void)
 3252 {
 3253     int r;
 3254     char key[128];
 3255     size_t key_size = 128;
 3256     const struct crypt_pbkdf_type *pbkdf;
 3257 #ifdef KERNEL_KEYRING
 3258     key_serial_t kid;
 3259 #endif
 3260     uint32_t flags;
 3261     uint64_t dummy, r_payload_offset;
 3262     struct crypt_active_device cad;
 3263 
 3264     const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}";
 3265     struct crypt_pbkdf_type argon2 = {
 3266         .type = CRYPT_KDF_ARGON2I,
 3267         .hash = default_luks1_hash,
 3268         .time_ms = 6,
 3269         .max_memory_kb = 1024,
 3270         .parallel_threads = 1
 3271     }, pbkdf2 = {
 3272         .type = CRYPT_KDF_PBKDF2,
 3273         .hash = default_luks1_hash,
 3274         .time_ms = 9
 3275     };
 3276     struct crypt_token_params_luks2_keyring params_get, params = {
 3277         .key_description = KEY_DESC_TEST0
 3278     };
 3279 
 3280     OK_(prepare_keyfile(KEYFILE1, "aaa", 3));
 3281     OK_(prepare_keyfile(KEYFILE2, "xxx", 3));
 3282 
 3283     /* crypt_load (unrestricted) */
 3284     OK_(crypt_init(&cd, DEVICE_5));
 3285     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 3286     CRYPT_FREE(cd);
 3287 
 3288     OK_(crypt_init(&cd, DEVICE_5));
 3289     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 3290 
 3291     /* crypt_dump (unrestricted) */
 3292     reset_log();
 3293     OK_(crypt_dump(cd));
 3294     OK_(!(global_lines != 0));
 3295     reset_log();
 3296 
 3297     /* get & set pbkdf params (unrestricted) */
 3298     if (!_fips_mode) {
 3299         OK_(crypt_set_pbkdf_type(cd, &argon2));
 3300         NOTNULL_(crypt_get_pbkdf_type(cd));
 3301     }
 3302 
 3303     OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
 3304     NOTNULL_(crypt_get_pbkdf_type(cd));
 3305 
 3306     /* crypt_set_iteration_time (unrestricted) */
 3307     crypt_set_iteration_time(cd, 1);
 3308     pbkdf = crypt_get_pbkdf_type(cd);
 3309     NOTNULL_(pbkdf);
 3310     EQ_(pbkdf->time_ms, 1);
 3311 
 3312     /* crypt_convert (restricted) */
 3313     FAIL_((r = crypt_convert(cd, CRYPT_LUKS1, NULL)), "Unmet requirements detected");
 3314     EQ_(r, -ETXTBSY);
 3315 
 3316     /* crypt_set_uuid (restricted) */
 3317     FAIL_((r = crypt_set_uuid(cd, NULL)), "Unmet requirements detected");
 3318     EQ_(r, -ETXTBSY);
 3319 
 3320     /* crypt_set_label (restricted) */
 3321     FAIL_((r = crypt_set_label(cd, "label", "subsystem")), "Unmet requirements detected");
 3322     EQ_(r, -ETXTBSY);
 3323 
 3324     /* crypt_repair (with current repair capabilities it's unrestricted) */
 3325     OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
 3326 
 3327     /* crypt_keyslot_add_passphrase (restricted) */
 3328     FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
 3329     EQ_(r, -ETXTBSY);
 3330 
 3331     /* crypt_keyslot_change_by_passphrase (restricted) */
 3332     FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
 3333     EQ_(r, -ETXTBSY);
 3334 
 3335     /* crypt_keyslot_add_by_keyfile (restricted) */
 3336     FAIL_((r = crypt_keyslot_add_by_keyfile(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, KEYFILE2, 0)), "Unmet requirements detected");
 3337     EQ_(r, -ETXTBSY);
 3338 
 3339     /* crypt_keyslot_add_by_keyfile_offset (restricted) */
 3340     FAIL_((r = crypt_keyslot_add_by_keyfile_offset(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, 0, KEYFILE2, 0, 0)), "Unmet requirements detected");
 3341     EQ_(r, -ETXTBSY);
 3342 
 3343     /* crypt_volume_key_get (unrestricted, but see below) */
 3344     OK_(crypt_volume_key_get(cd, 0, key, &key_size, "aaa", 3));
 3345 
 3346     /* crypt_keyslot_add_by_volume_key (restricted) */
 3347     FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3)), "Unmet requirements detected");
 3348     EQ_(r, -ETXTBSY);
 3349 
 3350     /* crypt_keyslot_add_by_key (restricted) */
 3351     FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, "xxx", 3, CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected");
 3352     EQ_(r, -ETXTBSY);
 3353 
 3354     /* crypt_keyslot_add_by_key (restricted) */
 3355     FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3, 0)), "Unmet requirements detected");
 3356     EQ_(r, -ETXTBSY);
 3357 
 3358     /* crypt_persistent_flasgs_set (restricted) */
 3359     FAIL_((r = crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, CRYPT_ACTIVATE_ALLOW_DISCARDS)), "Unmet requirements detected");
 3360     EQ_(r, -ETXTBSY);
 3361 
 3362     /* crypt_persistent_flasgs_get (unrestricted) */
 3363     OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
 3364     EQ_(flags, (uint32_t) CRYPT_REQUIREMENT_UNKNOWN);
 3365 
 3366     /* crypt_activate_by_passphrase (restricted for activation only) */
 3367     FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)), "Unmet requirements detected");
 3368     EQ_(r, -ETXTBSY);
 3369     OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, 0));
 3370     OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 3371     EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
 3372 
 3373     /* crypt_activate_by_keyfile (restricted for activation only) */
 3374     FAIL_((r = crypt_activate_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
 3375     EQ_(r, -ETXTBSY);
 3376     OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, 0));
 3377     OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 3378 
 3379     /* crypt_activate_by_volume_key (restricted for activation only) */
 3380     FAIL_((r = crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)), "Unmet requirements detected");
 3381     EQ_(r, -ETXTBSY);
 3382     OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
 3383     OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 3384 
 3385 #ifdef KERNEL_KEYRING
 3386     if (t_dm_crypt_keyring_support()) {
 3387         kid = add_key("user", KEY_DESC_TEST0, "aaa", 3, KEY_SPEC_THREAD_KEYRING);
 3388         NOTFAIL_(kid, "Test or kernel keyring are broken.");
 3389 
 3390         /* crypt_activate_by_keyring (restricted for activation only) */
 3391         FAIL_((r = crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0)), "Unmet requirements detected");
 3392         EQ_(r, t_dm_crypt_keyring_support() ? -ETXTBSY : -EINVAL);
 3393         OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0));
 3394         OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY));
 3395     }
 3396 #endif
 3397 
 3398     /* crypt_volume_key_verify (unrestricted) */
 3399     OK_(crypt_volume_key_verify(cd, key, key_size));
 3400 
 3401     /* crypt_get_cipher (unrestricted) */
 3402     OK_(strcmp(crypt_get_cipher(cd)?:"", "aes"));
 3403 
 3404     /* crypt_get_cipher_mode (unrestricted) */
 3405     OK_(strcmp(crypt_get_cipher_mode(cd)?:"", "xts-plain64"));
 3406 
 3407     /* crypt_get_uuid (unrestricted) */
 3408     NOTNULL_(crypt_get_uuid(cd));
 3409 
 3410     /* crypt_get_device_name (unrestricted) */
 3411     NOTNULL_(crypt_get_device_name(cd));
 3412 
 3413     /* crypt_get_data_offset (unrestricted) */
 3414     OK_(!crypt_get_data_offset(cd));
 3415 
 3416     /* crypt_get_iv_offset (unrestricted, nothing to test) */
 3417 
 3418     /* crypt_get_volume_key_size (unrestricted) */
 3419     EQ_(crypt_get_volume_key_size(cd), key_size);
 3420 
 3421     /* crypt_keyslot_status (unrestricted) */
 3422     EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
 3423     EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_INACTIVE);
 3424 
 3425     /* crypt_keyslot_get_priority (unrestricted) */
 3426     EQ_(crypt_keyslot_get_priority(cd, 0), CRYPT_SLOT_PRIORITY_NORMAL);
 3427 
 3428     /* crypt_keyslot_set_priority (restricted) */
 3429     FAIL_((r = crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_PREFER)), "Unmet requirements detected");
 3430     EQ_(r, -ETXTBSY);
 3431 
 3432     /* crypt_keyslot_area (unrestricted) */
 3433     OK_(crypt_keyslot_area(cd, 0, &dummy, &dummy));
 3434     OK_(!dummy);
 3435 
 3436     /* crypt_header_backup (unrestricted) */
 3437     remove(BACKUP_FILE);
 3438     OK_(crypt_header_backup(cd, CRYPT_LUKS, BACKUP_FILE));
 3439 
 3440     /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
 3441     FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
 3442     EQ_(r, -ETXTBSY);
 3443     remove(BACKUP_FILE);
 3444 
 3445     /* crypt_token_json_set (restricted) */
 3446     FAIL_((r = crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json)), "Unmet requirements detected");
 3447     EQ_(r, -ETXTBSY);
 3448 
 3449     /* crypt_token_json_get (unrestricted) */
 3450     OK_(crypt_token_json_get(cd, 0, &token));
 3451     NOTNULL_(strstr(token, "user_type"));
 3452 
 3453     /* crypt_token_status (unrestricted) */
 3454     EQ_(crypt_token_status(cd, 0, &token), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
 3455     OK_(strcmp(token, "user_type"));
 3456     EQ_(crypt_token_status(cd, 1, &token), CRYPT_TOKEN_INTERNAL);
 3457     OK_(strcmp(token, "luks2-keyring"));
 3458     EQ_(crypt_token_status(cd, 2, NULL), CRYPT_TOKEN_INACTIVE);
 3459     EQ_(crypt_token_status(cd, 6, &token), CRYPT_TOKEN_INTERNAL_UNKNOWN);
 3460 
 3461     /* crypt_token_luks2_keyring_set (restricted) */
 3462     FAIL_((r = crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, &params)), "Unmet requirements detected");
 3463     EQ_(r, -ETXTBSY);
 3464 
 3465     /* crypt_token_luks2_keyring_get (unrestricted) */
 3466     EQ_(crypt_token_luks2_keyring_get(cd, 1, &params_get), 1);
 3467     OK_(strcmp(params_get.key_description, KEY_DESC_TEST0));
 3468 
 3469     /* crypt_token_assign_keyslot (unrestricted) */
 3470     FAIL_((r = crypt_token_assign_keyslot(cd, 0, 1)), "Unmet requirements detected");
 3471     EQ_(r, -ETXTBSY);
 3472 
 3473     /* crypt_token_unassign_keyslot (unrestricted) */
 3474     FAIL_((r = crypt_token_unassign_keyslot(cd, CRYPT_ANY_TOKEN, CRYPT_ANY_SLOT)), "Unmet requirements detected");
 3475     EQ_(r, -ETXTBSY);
 3476 
 3477     /* crypt_activate_by_token (restricted for activation only) */
 3478 #ifdef KERNEL_KEYRING
 3479     if (t_dm_crypt_keyring_support()) {
 3480         FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent
 3481         EQ_(r, -ETXTBSY);
 3482         OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0));
 3483         OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY));
 3484     }
 3485 #endif
 3486     OK_(get_luks2_offsets(0, 8192, 0, NULL, &r_payload_offset));
 3487     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 2));
 3488     //OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" NO_REQS_LUKS2_HEADER " bs=4096 2>/dev/null", 1));
 3489     OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 3490 
 3491     /* need to fake activated LUKSv2 device with requirements features */
 3492     CRYPT_FREE(cd);
 3493     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3494     OK_(crypt_load(cd, CRYPT_LUKS, NULL));
 3495     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
 3496     OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
 3497     /* replace header with no requirements */
 3498     OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 3499     CRYPT_FREE(cd);
 3500 
 3501     OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_5));
 3502     CRYPT_FREE(cd);
 3503     OK_(crypt_init_by_name(&cd, CDEVICE_1));
 3504 
 3505     /* crypt_header_restore (restricted with confirmation required) */
 3506     /* allow force restore over device header w/ requirements */
 3507     OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
 3508     remove(BACKUP_FILE);
 3509     OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 3510     OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); /* create backup with requirements */
 3511 
 3512     /* crypt_suspend (restricted) */
 3513     FAIL_((r = crypt_suspend(cd, CDEVICE_1)), "Unmet requirements detected");
 3514     EQ_(r, -ETXTBSY);
 3515     CRYPT_FREE(cd);
 3516 
 3517     /* replace header again to suspend the device */
 3518     OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 3519     OK_(crypt_init_by_name(&cd, CDEVICE_1));
 3520     OK_(crypt_suspend(cd, CDEVICE_1));
 3521 
 3522     /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
 3523     /* refuse to overwrite header w/ backup including requirements */
 3524     FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
 3525     EQ_(r, -ETXTBSY);
 3526 
 3527     CRYPT_FREE(cd);
 3528 
 3529     OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 3530     OK_(crypt_init_by_name(&cd, CDEVICE_1));
 3531 
 3532     /* crypt_resume_by_passphrase (restricted) */
 3533     FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)), "Unmet requirements detected");
 3534     EQ_(r, -ETXTBSY);
 3535 
 3536     /* crypt_resume_by_keyfile (restricted) */
 3537     FAIL_((r = crypt_resume_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0)), "Unmet requirements detected");
 3538     EQ_(r, -ETXTBSY);
 3539 
 3540     /* crypt_resume_by_keyfile_offset (restricted) */
 3541     FAIL_((r = crypt_resume_by_keyfile_offset(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
 3542     EQ_(r, -ETXTBSY);
 3543     CRYPT_FREE(cd);
 3544 
 3545     OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 3546     OK_(crypt_init_by_name(&cd, CDEVICE_1));
 3547     OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3));
 3548     CRYPT_FREE(cd);
 3549     OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
 3550 
 3551     OK_(crypt_init_by_name(&cd, CDEVICE_1));
 3552     /* load VK in keyring */
 3553     OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
 3554     /* crypt_resize (restricted) */
 3555     FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected");
 3556     EQ_(r, -ETXTBSY);
 3557     GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
 3558 
 3559     /* crypt_get_active_device (unrestricted) */
 3560     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3561 #ifdef KERNEL_KEYRING
 3562     if (t_dm_crypt_keyring_support())
 3563         EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
 3564 #endif
 3565 
 3566     /* crypt_deactivate (unrestricted) */
 3567     OK_(crypt_deactivate(cd, CDEVICE_1));
 3568 
 3569     /* crypt_token_is_assigned (unrestricted) */
 3570     OK_(crypt_token_is_assigned(cd, 1, 0));
 3571     OK_(crypt_token_is_assigned(cd, 6, 0));
 3572     EQ_(crypt_token_is_assigned(cd, 0, 0), -ENOENT);
 3573 
 3574     /* crypt_keyslot_destroy (unrestricted) */
 3575     OK_(crypt_keyslot_destroy(cd, 0));
 3576 
 3577     CRYPT_FREE(cd);
 3578     _cleanup_dmdevices();
 3579 }
 3580 
 3581 static void Luks2Integrity(void)
 3582 {
 3583     struct crypt_params_integrity ip = {};
 3584     struct crypt_params_luks2 params = {
 3585         .sector_size = 512,
 3586         .integrity = "hmac(sha256)"
 3587     };
 3588     size_t key_size = 32 + 32;
 3589     const char *passphrase = "blabla";
 3590     const char *cipher = "aes";
 3591     const char *cipher_mode = "xts-random";
 3592     int ret;
 3593 
 3594     // FIXME: This is just a stub
 3595     OK_(crypt_init(&cd, DEVICE_2));
 3596     ret = crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, &params);
 3597     if (ret < 0) {
 3598         printf("WARNING: cannot format integrity device, skipping test.\n");
 3599         CRYPT_FREE(cd);
 3600         return;
 3601     }
 3602 
 3603     EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, passphrase, strlen(passphrase)), 7);
 3604     EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, passphrase, strlen(passphrase) ,0), 7);
 3605     GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
 3606     CRYPT_FREE(cd);
 3607 
 3608     OK_(crypt_init_by_name_and_header(&cd, CDEVICE_2, NULL));
 3609     OK_(crypt_get_integrity_info(cd, &ip));
 3610     OK_(strcmp(cipher, crypt_get_cipher(cd)));
 3611     OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
 3612     OK_(strcmp("hmac(sha256)", ip.integrity));
 3613     EQ_(32, ip.integrity_key_size);
 3614     EQ_(32+16, ip.tag_size);
 3615     OK_(crypt_deactivate(cd, CDEVICE_2));
 3616     CRYPT_FREE(cd);
 3617 
 3618     OK_(crypt_init(&cd, DEVICE_2));
 3619     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size - 32, &params), "Wrong key size.");
 3620     FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, "xts-plainx", NULL, NULL, key_size, &params), "Wrong cipher.");
 3621     CRYPT_FREE(cd);
 3622 }
 3623 
 3624 static int check_flag(uint32_t flags, uint32_t flag)
 3625 {
 3626     return (flags & flag) ? 0 : -1;
 3627 }
 3628 
 3629 static void Luks2Refresh(void)
 3630 {
 3631     uint64_t r_payload_offset;
 3632     char key[128], key1[128];
 3633     const char *cipher = "aes", *mode = "xts-plain64";
 3634     const char *mk_hex =  "bb21158c733229347bd4e681891e213d94c645be6a5b84818afe7a78a6de7a1a";
 3635     const char *mk_hex2 = "bb22158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
 3636     size_t key_size = strlen(mk_hex) / 2;
 3637     struct crypt_params_luks2 params = {
 3638         .sector_size = 512,
 3639         .integrity = "aead"
 3640     };
 3641     struct crypt_active_device cad = {};
 3642 
 3643     crypt_decode_key(key, mk_hex, key_size);
 3644     crypt_decode_key(key1, mk_hex2, key_size);
 3645 
 3646     OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 3647     OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
 3648     OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 5000));
 3649     OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
 3650     OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset));
 3651 
 3652     /* prepare test device */
 3653     OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 3654     OK_(set_fast_pbkdf(cd));
 3655     OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, key, 32, NULL));
 3656     OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
 3657     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
 3658 
 3659     /* check we can refresh significant flags */
 3660     if (t_dm_crypt_discard_support()) {
 3661         OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS));
 3662         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3663         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_ALLOW_DISCARDS));
 3664         cad.flags = 0;
 3665     }
 3666 
 3667     if (t_dm_crypt_cpu_switch_support()) {
 3668         OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT));
 3669         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3670         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SAME_CPU_CRYPT));
 3671         cad.flags = 0;
 3672 
 3673         OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
 3674         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3675         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
 3676         cad.flags = 0;
 3677 
 3678         OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
 3679         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3680         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
 3681         cad.flags = 0;
 3682     }
 3683 
 3684     OK_(crypt_volume_key_keyring(cd, 0));
 3685     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
 3686     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3687     FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised.");
 3688     cad.flags = 0;
 3689 
 3690 #ifdef KERNEL_KEYRING
 3691     if (t_dm_crypt_keyring_support()) {
 3692         OK_(crypt_volume_key_keyring(cd, 1));
 3693         OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
 3694         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3695         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY));
 3696         cad.flags = 0;
 3697     }
 3698 #endif
 3699 
 3700     /* multiple flags at once */
 3701     if (t_dm_crypt_discard_support() && t_dm_crypt_cpu_switch_support()) {
 3702         OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
 3703         OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3704         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
 3705         cad.flags = 0;
 3706     }
 3707 
 3708     /* do not allow reactivation with read-only (and drop flag silently because activation behaves exactly same) */
 3709     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY));
 3710     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3711     FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY), "Reactivated with read-only flag.");
 3712     cad.flags = 0;
 3713 
 3714     /* reload flag is dropped silently */
 3715     OK_(crypt_deactivate(cd, CDEVICE_1));
 3716     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
 3717 
 3718     /* check read-only flag is not lost after reload */
 3719     OK_(crypt_deactivate(cd, CDEVICE_1));
 3720     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_READONLY));
 3721     OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
 3722     OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 3723     OK_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY));
 3724     cad.flags = 0;
 3725 
 3726     /* check LUKS2 with auth. enc. reload */
 3727     OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
 3728     if (!crypt_format(cd2, CRYPT_LUKS2, "aes", "gcm-random", crypt_get_uuid(cd), key, 32, &params)) {
 3729         OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, "aaa", 3));
 3730         OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, 0));
 3731         OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL));
 3732         OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
 3733         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL));
 3734         cad.flags = 0;
 3735         OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
 3736         OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
 3737         OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
 3738         cad.flags = 0;
 3739         OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
 3740         OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
 3741         FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL), "");
 3742         FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS), "");
 3743         FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context");
 3744         OK_(crypt_deactivate(cd2, CDEVICE_2));
 3745     } else {
 3746         printf("WARNING: cannot format integrity device, skipping few reload tests.\n");
 3747     }
 3748     CRYPT_FREE(cd2);
 3749 
 3750     /* Use LUKS1 context on LUKS2 device */
 3751     OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
 3752     OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
 3753     OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, "aaa", 3));
 3754     FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context");
 3755     CRYPT_FREE(cd2);
 3756 
 3757     /* Use PLAIN context on LUKS2 device */
 3758     OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
 3759     OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, mode, NULL, key, 32, NULL));
 3760     OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
 3761     FAIL_(crypt_activate_by_volume_key(cd2, CDEVICE_1, key, key_size, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with PLAIN context");
 3762     OK_(crypt_deactivate(cd2, CDEVICE_2));
 3763     CRYPT_FREE(cd2);
 3764 
 3765     /* (snapshot-like case) */
 3766     /* try to refresh almost identical device (differs only in major:minor of data device) */
 3767     OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
 3768     OK_(set_fast_pbkdf(cd2));
 3769     OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
 3770     OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
 3771     FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device");
 3772 
 3773     OK_(crypt_deactivate(cd, CDEVICE_1));
 3774 
 3775     CRYPT_FREE(cd);
 3776     CRYPT_FREE(cd2);
 3777 
 3778     _cleanup_dmdevices();
 3779 }
 3780 
 3781 static void Luks2Flags(void)
 3782 {
 3783     uint32_t flags = 42;
 3784 
 3785     OK_(crypt_init(&cd, DEVICE_1));
 3786     OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 3787 
 3788     /* check library erase passed variable on success when no flags set */
 3789     OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
 3790     EQ_(flags, 0);
 3791 
 3792     /* check set and get behave as expected */
 3793     flags = CRYPT_ACTIVATE_ALLOW_DISCARDS;
 3794     OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
 3795     flags = 0;
 3796     OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
 3797     EQ_(flags, CRYPT_ACTIVATE_ALLOW_DISCARDS);
 3798 
 3799     flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
 3800     OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
 3801     flags = (uint32_t)~0;
 3802     OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
 3803     EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS);
 3804 
 3805     CRYPT_FREE(cd);
 3806 }
 3807 
 3808 #if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
 3809 static int test_progress(uint64_t size __attribute__((unused)),
 3810     uint64_t offset __attribute__((unused)),
 3811     void *usrptr __attribute__((unused)))
 3812 {
 3813     while (--test_progress_steps)
 3814         return 0;
 3815     return 1;
 3816 }
 3817 
 3818 static void Luks2Reencryption(void)
 3819 {
 3820 /* reencryption currently depends on kernel keyring support */
 3821     /* NOTES:
 3822      *  - reencryption requires luks2 parameters. can we avoid it?
 3823      */
 3824     uint32_t getflags;
 3825     uint64_t r_header_size, r_size_1;
 3826     struct crypt_active_device cad;
 3827     struct crypt_pbkdf_type pbkdf = {
 3828         .type = CRYPT_KDF_ARGON2I,
 3829         .hash = "sha256",
 3830         .parallel_threads = 1,
 3831         .max_memory_kb = 128,
 3832         .iterations = 4,
 3833         .flags = CRYPT_PBKDF_NO_BENCHMARK
 3834     };
 3835     struct crypt_params_luks2 params2 = {
 3836         .pbkdf = &pbkdf,
 3837         .sector_size = 4096
 3838     };
 3839     struct crypt_params_reencrypt retparams = {}, rparams = {
 3840         .direction = CRYPT_REENCRYPT_FORWARD,
 3841         .resilience = "checksum",
 3842         .hash = "sha1",
 3843         .luks2 = &params2,
 3844     };
 3845     dev_t devno;
 3846 
 3847     const char *mk_hex = "bb21babe733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 3848     size_t key_size = strlen(mk_hex) / 2;
 3849     char key[128];
 3850 
 3851     crypt_decode_key(key, mk_hex, key_