"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/compat-test" (13 Jan 2022, 50285 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "compat-test": 2.4.0_vs_2.4.1.

    1 #!/bin/bash
    2 
    3 PS4='$LINENO:'
    4 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
    5 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
    6 CRYPTSETUP_RAW=$CRYPTSETUP
    7 
    8 CRYPTSETUP_VALGRIND=../.libs/cryptsetup
    9 CRYPTSETUP_LIB_VALGRIND=../.libs
   10 
   11 DEV_NAME=dummy
   12 DEV_NAME2=dummy2
   13 DEV_NAME3=dummy3
   14 ORIG_IMG=luks-test-orig
   15 IMG=luks-test
   16 IMG10=luks-test-v10
   17 HEADER_IMG=luks-header
   18 KEY1=key1
   19 KEY2=key2
   20 KEY5=key5
   21 KEYE=keye
   22 PWD0="compatkey"
   23 PWD1="93R4P4pIqAH8"
   24 PWD2="mymJeD8ivEhE"
   25 PWD3="ocMakf3fAcQO"
   26 PWDW="rUkL4RUryBom"
   27 VK_FILE="compattest_vkfile"
   28 
   29 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
   30 
   31 LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
   32 KEY_SLOT0="S208-211 S212-215 R216-247 A248-251 A251-255"
   33 KEY_MATERIAL0="R4096-68096"
   34 KEY_MATERIAL0_EXT="R4096-68096"
   35 
   36 KEY_SLOT1="S256-259 S260-263 R264-295 A296-299 A300-303"
   37 KEY_MATERIAL1="R69632-133632"
   38 KEY_MATERIAL1_EXT="S69632-133632"
   39 
   40 KEY_SLOT5="S448-451 S452-455 R456-487 A488-491 A492-495"
   41 KEY_MATERIAL5="R331776-395264"
   42 KEY_MATERIAL5_EXT="S331776-395264"
   43 
   44 TEST_UUID="12345678-1234-1234-1234-123456789abc"
   45 
   46 LOOPDEV=$(losetup -f 2>/dev/null)
   47 [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
   48 
   49 function remove_mapping()
   50 {
   51     [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1
   52     [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 >/dev/null 2>&1
   53     [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1
   54     losetup -d $LOOPDEV >/dev/null 2>&1
   55     rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $VK_FILE missing-file >/dev/null 2>&1
   56     rmmod scsi_debug >/dev/null 2>&1
   57     scsi_debug_teardown $DEV
   58 }
   59 
   60 function force_uevent()
   61 {
   62     DNAME=$(echo $LOOPDEV | cut -f3 -d /)
   63     echo "change" >/sys/block/$DNAME/uevent
   64 }
   65 
   66 function fail()
   67 {
   68     [ -n "$1" ] && echo "$1"
   69     remove_mapping
   70     echo "FAILED backtrace:"
   71     while caller $frame; do ((frame++)); done
   72     exit 2
   73 }
   74 
   75 function fips_mode()
   76 {
   77     [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
   78 }
   79 
   80 function can_fail_fips()
   81 {
   82     # Ignore this fail if running in FIPS mode
   83     fips_mode || fail $1
   84 }
   85 
   86 function skip()
   87 {
   88     [ -n "$1" ] && echo "$1"
   89     remove_mapping
   90     [ -z "$2" ] && exit $2
   91     exit 77
   92 }
   93 
   94 function prepare()
   95 {
   96     [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1
   97 
   98     case "$2" in
   99     file)
  100         remove_mapping
  101         dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1
  102         sync
  103         ;;
  104     wipe)
  105         remove_mapping
  106         dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1
  107         sync
  108         losetup $LOOPDEV $IMG
  109         ;;
  110     new)
  111         remove_mapping
  112         xz -cd compatimage.img.xz > $IMG
  113         # FIXME: switch to internal loop (no losetup at all)
  114         echo "bad" | $CRYPTSETUP luksOpen --key-slot 0 --test-passphrase $IMG 2>&1 | \
  115             grep "autoclear flag" && skip "WARNING: Too old kernel, test skipped."
  116         losetup $LOOPDEV $IMG
  117         xz -cd compatv10image.img.xz > $IMG10
  118         ;;
  119     reuse | *)
  120         if [ ! -e $IMG ]; then
  121             xz -cd compatimage.img.xz > $IMG
  122             losetup $LOOPDEV $IMG
  123         fi
  124         [ ! -e $IMG10 ] && xz -cd compatv10image.img.xz > $IMG10
  125         ;;
  126     esac
  127 
  128     if [ ! -e $KEY1 ]; then
  129         #dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
  130         echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1
  131         echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1
  132     fi
  133 
  134     if [ ! -e $KEY2 ]; then
  135         dd if=/dev/urandom of=$KEY2 count=1 bs=16 >/dev/null 2>&1
  136     fi
  137 
  138     if [ ! -e $KEY5 ]; then
  139         dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1
  140     fi
  141 
  142     if [ ! -e $KEYE ]; then
  143         touch $KEYE
  144     fi
  145 
  146     cp $IMG $ORIG_IMG
  147     [ -n "$1" ] && echo "CASE: $1"
  148 }
  149 
  150 function check()
  151 {
  152     sync
  153     [ -z "$1" ] && return
  154     ./differ $ORIG_IMG $IMG $1 || fail
  155 }
  156 
  157 function check_exists()
  158 {
  159     [ -b /dev/mapper/$DEV_NAME ] || fail
  160     check $1
  161 }
  162 
  163 # $1 path to scsi debug bdev
  164 scsi_debug_teardown() {
  165     local _tries=15;
  166 
  167     while [ -b "$1" -a $_tries -gt 0 ]; do
  168         rmmod scsi_debug >/dev/null 2>&1
  169         if [ -b "$1" ]; then
  170             sleep .1
  171             _tries=$((_tries-1))
  172         fi
  173     done
  174 
  175     test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
  176 }
  177 
  178 function add_scsi_device() {
  179     scsi_debug_teardown $DEV
  180     if [ -d /sys/module/scsi_debug ] ; then
  181         echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
  182         exit 77
  183     fi
  184     modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
  185     if [ $? -ne 0 ] ; then
  186         echo "This kernel seems to not support proper scsi_debug module, test skipped."
  187         exit 77
  188     fi
  189 
  190     sleep 1
  191     DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
  192     [ -b $DEV ] || fail "Cannot find $DEV."
  193 }
  194 
  195 function valgrind_setup()
  196 {
  197     [ -n "$VALG" ] || return
  198     which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
  199     [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
  200     export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
  201     CRYPTSETUP=valgrind_run
  202     CRYPTSETUP_RAW="./valg.sh ${CRYPTSETUP_VALGRIND}"
  203 }
  204 
  205 function valgrind_run()
  206 {
  207     export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}"
  208     $CRYPTSETUP_RAW "$@"
  209 }
  210 
  211 function expect_run()
  212 {
  213     export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}"
  214     expect "$@"
  215 }
  216 
  217 export LANG=C
  218 valgrind_setup
  219 
  220 # LUKS non-root-tests
  221 if [ $(id -u) != 0 ]; then
  222     $CRYPTSETUP benchmark -c aes-xts-plain64 >/dev/null 2>&1 || \
  223         skip "WARNING: Cannot run test without kernel userspace crypto API, test skipped."
  224 fi
  225 
  226 prepare "Image in file tests (root capabilities not required)" file
  227 echo "[1] format"
  228 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail
  229 echo "[2] open"
  230 echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  231 [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
  232 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail
  233 # test detached header --test-passphrase
  234 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --header $HEADER_IMG $IMG || fail
  235 echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
  236 rm -f $HEADER_IMG
  237 echo "[3] add key"
  238 echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
  239 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
  240 echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
  241 echo "[4] change key"
  242 echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail
  243 echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail
  244 [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code"
  245 echo "[5] remove key"
  246 # delete active keys PWD0, PWD2
  247 echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail
  248 [ $? -ne 2 ] && fail "luksRemove should return EPERM exit code"
  249 echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail
  250 echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail
  251 # check if keys were deleted
  252 echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  253 [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
  254 echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  255 [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
  256 echo "[6] kill slot"
  257 # format new luks device with active keys PWD1, PWD2
  258 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail
  259 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
  260 # deactivate keys by killing slots
  261 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail
  262 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: ENABLED" || fail
  263 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 2: DISABLED" || fail
  264 echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 0 2>/dev/null && fail
  265 echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 0 || fail
  266 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: DISABLED" || fail
  267 echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 1 2>/dev/null && fail
  268 [ $? -ne 2 ] && fail "luksKill should return EPERM exit code"
  269 echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 1 || fail
  270 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: DISABLED" || fail
  271 # check if keys were deactivated
  272 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  273 echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  274 echo "[7] header backup"
  275 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail
  276 $CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail
  277 echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG || fail
  278 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  279 echo "[8] header restore"
  280 $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
  281 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail
  282 echo "[9] luksDump"
  283 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG $KEY1 || fail
  284 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG -d $KEY1 || fail
  285 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail
  286 $CRYPTSETUP luksDump $IMG | grep -q $TEST_UUID || fail
  287 echo $PWDW | $CRYPTSETUP luksDump $IMG --dump-master-key 2>/dev/null && fail
  288 echo $PWD1 | $CRYPTSETUP luksDump $IMG --dump-master-key | grep -q "MK dump:" || fail
  289 $CRYPTSETUP luksDump -q $IMG --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
  290 echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE >/dev/null || fail
  291 echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE 2>/dev/null && fail
  292 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $IMG || fail
  293 
  294 echo "[10] uuid"
  295 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG || fail
  296 $CRYPTSETUP -q luksUUID $IMG | grep -q $TEST_UUID || fail
  297 
  298 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
  299 [ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped."
  300 
  301 # LUKS root-tests
  302 prepare "[1] open - compat image - acceptance check" new
  303 echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
  304 check_exists
  305 ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
  306 [ "$ORG_SHA1" = 676062b66ebf36669dab705442ea0762dfc091b0 ] || fail
  307 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  308 
  309 # Check it can be opened from header backup as well
  310 $CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail
  311 echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
  312 check_exists
  313 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  314 # Check restore
  315 $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
  316 
  317 # Repeat for V1.0 header - not aligned first keyslot
  318 echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail
  319 check_exists
  320 ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
  321 [ "$ORG_SHA1" = 51b48c2471a7593ceaf14dc5e66bca86ed05f6cc ] || fail
  322 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  323 
  324 rm -f $HEADER_IMG
  325 $CRYPTSETUP luksHeaderBackup $IMG10 --header-backup-file $HEADER_IMG
  326 echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
  327 check_exists
  328 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  329 
  330 prepare "[2] open - compat image - denial check" new
  331 echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  332 echo $PWDW | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME 2>/dev/null && fail
  333 check
  334 
  335 # All headers items and first key material section must change
  336 prepare "[3] format" wipe
  337 echo $PWD1 | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail
  338 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
  339 
  340 prepare "[4] format using hash sha512" wipe
  341 echo $PWD1 | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail
  342 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
  343 
  344 prepare "[5] open"
  345 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
  346 echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail
  347 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
  348 check_exists
  349 
  350 # Key Slot 1 and key material section 1 must change, the rest must not.
  351 prepare "[6] add key"
  352 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV || fail
  353 check "$KEY_SLOT1 $KEY_MATERIAL1"
  354 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
  355 
  356 # Unsuccessful Key Delete - nothing may change
  357 prepare "[7] unsuccessful delete"
  358 echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
  359 $CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail
  360 $CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail
  361 check
  362 
  363 # Delete Key Test
  364 # Key Slot 1 and key material section 1 must change, the rest must not
  365 prepare "[8] successful delete"
  366 $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
  367 check "$KEY_SLOT1 $KEY_MATERIAL1_EXT"
  368 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail
  369 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
  370 
  371 # Key Slot 1 and key material section 1 must change, the rest must not
  372 prepare "[9] add key test for key files"
  373 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 || fail
  374 check "$KEY_SLOT1 $KEY_MATERIAL1"
  375 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
  376 
  377 # Key Slot 1 and key material section 1 must change, the rest must not
  378 prepare "[10] delete key test with key1 as remaining key"
  379 $CRYPTSETUP -d $KEY1 luksKillSlot $LOOPDEV 0 || fail
  380 check "$KEY_SLOT0 $KEY_MATERIAL0_EXT"
  381 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  382 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
  383 
  384 # Delete last slot
  385 prepare "[11] delete last key" wipe
  386 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail
  387 echo $PWD1 | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail
  388 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  389 
  390 # Format test for ESSIV, and some other parameters.
  391 prepare "[12] parameter variation test" wipe
  392 $CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV $KEY1 || fail
  393 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
  394 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
  395 
  396 prepare "[13] open/close - stacked devices" wipe
  397 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail
  398 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
  399 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail
  400 echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
  401 $CRYPTSETUP -q luksClose  $DEV_NAME2 || fail
  402 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  403 
  404 prepare "[14] format/open - passphrase on stdin & new line" wipe
  405 # stdin defined by "-" must take even newline
  406 #echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
  407 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q --key-file=- luksFormat --type luks1 $LOOPDEV || fail
  408 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
  409 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  410 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  411 # now also try --key-file
  412 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV --key-file=- || fail
  413 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
  414 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  415 # process newline if from stdin
  416 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV || fail
  417 echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
  418 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  419 
  420 prepare "[15] UUID - use and report provided UUID" wipe
  421 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid blah $LOOPDEV 2>/dev/null && fail
  422 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV || fail
  423 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
  424 [ "$tst"x = "$TEST_UUID"x ] || fail
  425 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail
  426 $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail
  427 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
  428 [ "$tst"x = "$TEST_UUID"x ] || fail
  429 
  430 prepare "[16] luksFormat" wipe
  431 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV || fail
  432 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
  433 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
  434 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
  435 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  436 # open by UUID
  437 if [ -d /dev/disk/by-uuid ] ; then
  438     force_uevent # some systems do not update loop by-uuid
  439     $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
  440     $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
  441     $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  442 fi
  443 # empty keyfile
  444 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEYE || fail
  445 $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail
  446 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  447 # open by volume key
  448 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 256 --master-key-file $KEY1 $LOOPDEV || fail
  449 $CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
  450 $CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
  451 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  452 # unsupported pe-keyslot encryption
  453 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-cipher "aes-cbc-plain" $LOOPDEV 2>/dev/null && fail
  454 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-key-size 256 $LOOPDEV 2>/dev/null && fail
  455 
  456 prepare "[17] AddKey volume key, passphrase and keyfile" wipe
  457 # masterkey
  458 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
  459 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail
  460 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
  461 echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
  462 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail
  463 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
  464 echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
  465 $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
  466 $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail
  467 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
  468 
  469 # special "-" handling
  470 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail
  471 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 - || fail
  472 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail
  473 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail
  474 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d - $KEY2 || fail
  475 $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail
  476 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail
  477 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail
  478 
  479 # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
  480 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail
  481 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
  482 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
  483 # keyfile/keyfile
  484 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail
  485 $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail
  486 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
  487 # passphrase/keyfile
  488 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail
  489 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
  490 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail
  491 # passphrase/passphrase
  492 echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail
  493 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail
  494 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
  495 # keyfile/passphrase
  496 echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail
  497 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
  498 
  499 prepare "[18] RemoveKey passphrase and keyfile" reuse
  500 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail
  501 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail
  502 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
  503 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail
  504 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
  505 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
  506 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
  507 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail
  508 # if password or keyfile is provided, batch mode must not suppress it
  509 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail
  510 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail
  511 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail
  512 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
  513 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
  514 # kill slot using passphrase from 1
  515 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
  516 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail
  517 # kill slot with redirected stdin
  518 $CRYPTSETUP luksKillSlot $LOOPDEV 3 </dev/null 2>/dev/null || fail
  519 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail
  520 # remove key0 / slot 0
  521 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail
  522 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail
  523 # last keyslot, in batch mode no passphrase needed...
  524 $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 || fail
  525 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
  526 
  527 prepare "[19] create & status & resize" wipe
  528 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail
  529 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
  530 $CRYPTSETUP -q status  $DEV_NAME | grep "offset:" | grep -q "3 sectors" || fail
  531 $CRYPTSETUP -q status  $DEV_NAME | grep "skipped:" | grep -q "4 sectors" || fail
  532 $CRYPTSETUP -q status  $DEV_NAME | grep "mode:" | grep -q "readonly" || fail
  533 $CRYPTSETUP -q resize  $DEV_NAME --size 100 || fail
  534 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
  535 $CRYPTSETUP -q resize  $DEV_NAME || fail
  536 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "19997 sectors" || fail
  537 $CRYPTSETUP -q resize  $DEV_NAME --device-size 1M || fail
  538 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
  539 $CRYPTSETUP -q resize  $DEV_NAME --device-size 512k --size 1023 >/dev/null 2>&1 && fail
  540 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
  541 $CRYPTSETUP -q resize  $DEV_NAME --device-size 513 >/dev/null 2>&1 && fail
  542 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
  543 # Resize underlying loop device as well
  544 truncate -s 16M $IMG || fail
  545 $CRYPTSETUP -q resize  $DEV_NAME || fail
  546 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail
  547 $CRYPTSETUP -q remove  $DEV_NAME || fail
  548 $CRYPTSETUP -q status  $DEV_NAME >/dev/null && fail
  549 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
  550 $CRYPTSETUP -q remove  $DEV_NAME || fail
  551 echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
  552 $CRYPTSETUP -q remove  $DEV_NAME || fail
  553 echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail
  554 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
  555 $CRYPTSETUP -q remove  $DEV_NAME || fail
  556 # 4k sector resize (if kernel supports it)
  557 echo $PWD1 | $CRYPTSETUP -q open --type plain $LOOPDEV $DEV_NAME --sector-size 4096 --size 8  >/dev/null 2>&1
  558 if [ $? -eq 0 ] ; then
  559     $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "8 sectors" || fail
  560     $CRYPTSETUP -q resize  $DEV_NAME --size 16 || fail
  561     $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail
  562     $CRYPTSETUP -q resize  $DEV_NAME --size 9 2>/dev/null && fail
  563     $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail
  564     $CRYPTSETUP -q resize  $DEV_NAME --device-size 4608 2>/dev/null && fail
  565     $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail
  566     $CRYPTSETUP -q remove  $DEV_NAME || fail
  567 fi
  568 # Resize not aligned to logical block size
  569 add_scsi_device dev_size_mb=32 sector_size=4096
  570 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV || fail
  571 OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
  572 $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail
  573 dmsetup info $DEV_NAME | grep -q SUSPENDED && fail
  574 NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
  575 test $OLD_SIZE -eq $NEW_SIZE || fail
  576 $CRYPTSETUP close $DEV_NAME || fail
  577 # Add check for unaligned plain crypt activation
  578 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV -b 7 2>/dev/null && fail
  579 $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
  580 # verify is ignored on non-tty input
  581 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
  582 $CRYPTSETUP -q remove  $DEV_NAME || fail
  583 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
  584 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail
  585 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 -l -1 2>/dev/null && fail
  586 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1  || fail
  587 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail
  588 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d blah 2>/dev/null && fail
  589 $CRYPTSETUP -q remove  $DEV_NAME || fail
  590 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d /dev/urandom || fail
  591 $CRYPTSETUP -q remove  $DEV_NAME || fail
  592 
  593 prepare "[20] Disallow open/create if already mapped." wipe
  594 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
  595 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail
  596 $CRYPTSETUP create $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail
  597 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV 2>/dev/null && fail
  598 $CRYPTSETUP remove  $DEV_NAME || fail
  599 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV || fail
  600 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
  601 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail
  602 $CRYPTSETUP  luksClose  $DEV_NAME || fail
  603 
  604 prepare "[21] luksDump" wipe
  605 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
  606 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail
  607 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
  608 $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
  609 echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail
  610 echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || fail
  611 $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
  612 echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE > /dev/null || fail
  613 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $LOOPDEV || fail
  614 
  615 prepare "[22] remove disappeared device" wipe
  616 dmsetup create $DEV_NAME --table "0 5000 linear $LOOPDEV 2" || fail
  617 echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail
  618 echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
  619 # underlying device now returns error but node is still present
  620 dmsetup load $DEV_NAME --table "0 5000 error" || fail
  621 dmsetup resume $DEV_NAME || fail
  622 $CRYPTSETUP -q luksClose $DEV_NAME2 || fail
  623 dmsetup remove --retry $DEV_NAME || fail
  624 
  625 prepare "[23] ChangeKey passphrase and keyfile" wipe
  626 # [0]$KEY1 [1]key0
  627 $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail
  628 echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail
  629 # keyfile [0] / keyfile [0]
  630 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail
  631 # passphrase [1] / passphrase [1]
  632 echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT --key-slot 1 || fail
  633 # keyfile [0] / keyfile [new]
  634 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail
  635 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail
  636 # passphrase [1] / passphrase [new]
  637 echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail
  638 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
  639 # use all slots
  640 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
  641 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
  642 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
  643 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
  644 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
  645 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
  646 # still allows replace
  647 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail
  648 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail
  649 
  650 prepare "[24] Keyfile limit" wipe
  651 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail
  652 $CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  653 $CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  654 $CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  655 $CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  656 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  657 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  658 $CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail
  659 $CRYPTSETUP luksClose  $DEV_NAME || fail
  660 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail
  661 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail
  662 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l -1 2>/dev/null && fail
  663 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail
  664 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail
  665 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail
  666 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail
  667 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail
  668 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail
  669 # -l is ignored for stdin if _only_ passphrase is used
  670 echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 $FAST_PBKDF_OPT || fail
  671 # this is stupid, but expected
  672 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 11 2>/dev/null && fail
  673 echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 12 2>/dev/null && fail
  674 echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 12 || fail
  675 # offset
  676 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail
  677 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  678 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $LOOPDEV $DEV_NAME || fail
  679 $CRYPTSETUP luksClose  $DEV_NAME || fail
  680 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail
  681 $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  682 $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME || fail
  683 $CRYPTSETUP luksClose  $DEV_NAME || fail
  684 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail
  685 $CRYPTSETUP luksOpen -d $KEY2 $LOOPDEV $DEV_NAME || fail
  686 $CRYPTSETUP luksClose $DEV_NAME || fail
  687 # large device with keyfile
  688 echo -e '0 10000000 error'\\n'10000000 1000000 zero' | dmsetup create $DEV_NAME2 || fail
  689 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV /dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 || fail
  690 $CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5119999999 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
  691 $CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 luksOpen $LOOPDEV $DEV_NAME || fail
  692 $CRYPTSETUP luksClose $DEV_NAME || fail
  693 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d /dev/mapper/$DEV_NAME2 \
  694   --keyfile-offset 5120000000 -l 13 /dev/mapper/$DEV_NAME2 --new-keyfile-offset 5120000001 --new-keyfile-size 15 || fail
  695 dmsetup remove --retry $DEV_NAME2
  696 
  697 prepare "[25] Create shared segments" wipe
  698 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV  --hash sha1 --offset   0 --size 256 || fail
  699 echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 2>/dev/null && fail
  700 echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 --shared || fail
  701 $CRYPTSETUP -q remove  $DEV_NAME2 || fail
  702 $CRYPTSETUP -q remove  $DEV_NAME || fail
  703 
  704 prepare "[26] Suspend/Resume" wipe
  705 # only LUKS is supported
  706 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
  707 $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
  708 $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
  709 $CRYPTSETUP -q remove  $DEV_NAME || fail
  710 $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
  711 # LUKS
  712 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail
  713 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
  714 $CRYPTSETUP luksSuspend $DEV_NAME || fail
  715 $CRYPTSETUP -q status  $DEV_NAME | grep -q "(suspended)" || fail
  716 $CRYPTSETUP -q resize  $DEV_NAME 2>/dev/null && fail
  717 echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
  718 [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
  719 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME  || fail
  720 $CRYPTSETUP -q luksClose $DEV_NAME || fail
  721 echo | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks1 $LOOPDEV || fail
  722 echo | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
  723 $CRYPTSETUP luksSuspend $DEV_NAME || fail
  724 $CRYPTSETUP -q status  $DEV_NAME | grep -q "(suspended)" || fail
  725 echo | $CRYPTSETUP luksResume $DEV_NAME || fail
  726 $CRYPTSETUP -q luksClose $DEV_NAME || fail
  727 
  728 prepare "[27] luksOpen with specified key slot number" wipe
  729 # first, let's try passphrase option
  730 echo $PWD3 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT -S 5 $LOOPDEV || fail
  731 check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
  732 echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME 2>/dev/null && fail
  733 [ -b /dev/mapper/$DEV_NAME ] && fail
  734 echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
  735 check_exists
  736 $CRYPTSETUP luksClose $DEV_NAME || fail
  737 echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
  738 check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
  739 echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
  740 [ -b /dev/mapper/$DEV_NAME ] && fail
  741 echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
  742 [ -b /dev/mapper/$DEV_NAME ] && fail
  743 # second, try it with keyfiles
  744 $CRYPTSETUP luksFormat --type luks1 -q -S 5 -d $KEY5 $LOOPDEV || fail
  745 check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
  746 $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
  747 check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1
  748 $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
  749 check_exists
  750 $CRYPTSETUP luksClose $DEV_NAME || fail
  751 $CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
  752 [ -b /dev/mapper/$DEV_NAME ] && fail
  753 $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail
  754 [ -b /dev/mapper/$DEV_NAME ] && fail
  755 
  756 prepare "[28] Detached LUKS header" wipe
  757 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG || fail
  758 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
  759 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail
  760 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
  761 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 --offset 8192 >/dev/null 2>&1 && fail
  762 truncate -s 4096 $HEADER_IMG
  763 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG -S7 >/dev/null 2>&1 || fail
  764 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 80000 >/dev/null 2>&1 || fail
  765 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 8192 || fail
  766 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 0 || fail
  767 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail
  768 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
  769 $CRYPTSETUP -q resize  $DEV_NAME --size 100 --header $HEADER_IMG || fail
  770 $CRYPTSETUP -q status  $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail
  771 $CRYPTSETUP -q status  $DEV_NAME | grep "type:" | grep -q "n/a" || fail
  772 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
  773 $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail
  774 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
  775 $CRYPTSETUP luksSuspend $DEV_NAME || fail
  776 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
  777 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
  778 $CRYPTSETUP luksClose $DEV_NAME || fail
  779 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
  780 $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail
  781 $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
  782 $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail
  783 echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
  784 
  785 prepare "[29] Repair metadata" wipe
  786 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 || fail
  787 # second sector overwrite should corrupt keyslot 6+7
  788 dd if=/dev/urandom of=$LOOPDEV bs=512 seek=1 count=1 >/dev/null 2>&1
  789 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME >/dev/null 2>&1 && fail
  790 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
  791 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
  792 $CRYPTSETUP luksClose $DEV_NAME || fail
  793 # fix ecb-plain
  794 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --hash sha256 -c aes-ecb || fail
  795 echo -n "ecb-xxx" | dd of=$LOOPDEV bs=1 seek=40 >/dev/null 2>&1
  796 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
  797 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
  798 $CRYPTSETUP luksClose $DEV_NAME || fail
  799 # fix uppercase hash
  800 echo -n "SHA256" | dd of=$LOOPDEV bs=1 seek=72 >/dev/null 2>&1
  801 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
  802 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
  803 $CRYPTSETUP luksClose $DEV_NAME || fail
  804 
  805 prepare "[30] LUKS erase" wipe
  806 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY5 --key-slot 5 || fail
  807 $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
  808 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
  809 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
  810 $CRYPTSETUP luksErase -q $LOOPDEV || fail
  811 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
  812 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: DISABLED" || fail
  813 
  814 prepare "[31] Deferred removal of device" wipe
  815 echo $PWD1 | $CRYPTSETUP open --type plain --hash sha256 $LOOPDEV $DEV_NAME || fail
  816 echo $PWD2 | $CRYPTSETUP open --type plain --hash sha256 /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
  817 $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 && fail
  818 $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
  819 $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
  820 if [ $? -eq 0 ] ; then
  821     dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
  822     $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
  823     $CRYPTSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
  824     dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail
  825     $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
  826     $CRYPTSETUP close $DEV_NAME2 || fail
  827     $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail
  828 else
  829     $CRYPTSETUP close $DEV_NAME2 >/dev/null 2>&1
  830     $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1
  831 fi
  832 
  833 # Interactive tests
  834 # Do not remove sleep 0.1 below, the password query flushes TTY buffer (so the code is racy).
  835 which expect >/dev/null 2>&1 || skip "WARNING: expect tool missing, interactive test will be skipped." 0
  836 
  837 prepare "[32] Interactive password retry from terminal." new
  838 EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/")
  839 EXPECT_TIMEOUT=10
  840 [ -n "$VALG" ] && EXPECT_TIMEOUT=60
  841 
  842 expect_run - >/dev/null <<EOF
  843 proc abort {} { send_error "Timeout. "; exit 2 }
  844 set timeout $EXPECT_TIMEOUT
  845 eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME
  846 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  847 sleep 0.1
  848 send "$PWD0 x\n"
  849 expect timeout abort "No key available with this passphrase."
  850 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  851 sleep 0.1
  852 send "$PWD0\n"
  853 expect timeout abort "Key slot 0 unlocked."
  854 expect timeout abort "Command successful."
  855 expect timeout abort eof
  856 exit
  857 EOF
  858 [ $? -eq 0 ] || fail "Expect script failed."
  859 check_exists
  860 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
  861 
  862 prepare "[33] Interactive unsuccessful password retry from terminal." new
  863 expect_run - >/dev/null <<EOF
  864 proc abort {} { send_error "Timeout. "; exit 2 }
  865 set timeout $EXPECT_TIMEOUT
  866 eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME
  867 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  868 sleep 0.1
  869 send "$PWD0 x\n"
  870 expect timeout abort "No key available with this passphrase."
  871 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  872 sleep 0.1
  873 send "$PWD0 y\n"
  874 expect timeout abort "No key available with this passphrase."
  875 expect timeout abort eof
  876 exit
  877 EOF
  878 [ $? -eq 0 ] || fail "Expect script failed."
  879 
  880 prepare "[34] Interactive kill of last key slot." new
  881 expect_run - >/dev/null <<EOF
  882 proc abort {} { send_error "Timeout. "; exit 2 }
  883 set timeout $EXPECT_TIMEOUT
  884 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0
  885 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
  886 send "YES\n"
  887 expect timeout abort "Enter any remaining passphrase:"
  888 sleep 0.1
  889 send "$PWD0\n"
  890 expect timeout abort "Command successful."
  891 expect timeout abort eof
  892 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0
  893 expect timeout abort "Keyslot 0 is not active."
  894 expect timeout abort eof
  895 exit
  896 EOF
  897 [ $? -eq 0 ] || fail "Expect script failed."
  898 
  899 prepare "[35] Interactive format of device." wipe
  900 expect_run - >/dev/null <<EOF
  901 proc abort {} { send_error "Timeout. "; exit 2 }
  902 set timeout $EXPECT_TIMEOUT
  903 eval spawn $CRYPTSETUP_RAW luksFormat --type luks1 $FAST_PBKDF_OPT -v $LOOPDEV
  904 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
  905 send "YES\n"
  906 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  907 sleep 0.1
  908 send "$PWD0\n"
  909 expect timeout abort "Verify passphrase:"
  910 sleep 0.1
  911 send "$PWD0\n"
  912 expect timeout abort "Command successful."
  913 expect timeout abort eof
  914 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase
  915 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  916 sleep 0.1
  917 send "$PWD0\n"
  918 expect timeout abort "Command successful."
  919 expect timeout abort eof
  920 exit
  921 EOF
  922 [ $? -eq 0 ] || fail "Expect script failed."
  923 
  924 prepare "[36] Interactive unsuccessful format of device." new
  925 expect_run - >/dev/null <<EOF
  926 proc abort {} { send_error "Timeout. "; exit 2 }
  927 set timeout $EXPECT_TIMEOUT
  928 eval spawn $CRYPTSETUP_RAW erase -v $LOOPDEV
  929 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
  930 send "YES\n"
  931 expect timeout abort "Command successful."
  932 expect timeout abort eof
  933 eval spawn $CRYPTSETUP_RAW luksFormat --type luks1 $FAST_PBKDF_OPT -v $LOOPDEV
  934 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
  935 send "YES\n"
  936 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  937 sleep 0.1
  938 send "$PWD0\n"
  939 expect timeout abort "Verify passphrase:"
  940 sleep 0.1
  941 send "$PWD0 x\n"
  942 expect timeout abort "Passphrases do not match."
  943 expect timeout abort eof
  944 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV -T 1 --test-passphrase
  945 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  946 sleep 0.1
  947 send "$PWD0\n"
  948 expect timeout abort "No usable keyslot is available."
  949 expect timeout abort eof
  950 exit
  951 EOF
  952 [ $? -eq 0 ] || fail "Expect script failed."
  953 
  954 prepare "[37] Interactive add key." new
  955 expect_run - >/dev/null <<EOF
  956 proc abort {} { send_error "Timeout. "; exit 2 }
  957 set timeout $EXPECT_TIMEOUT
  958 eval spawn $CRYPTSETUP_RAW luksAddKey -S 2 $FAST_PBKDF_OPT -v $LOOPDEV
  959 expect timeout abort "Enter any existing passphrase:"
  960 sleep 0.1
  961 send "$PWD0\n"
  962 expect timeout abort "Enter new passphrase for key slot:"
  963 sleep 0.1
  964 send "$PWD1\n"
  965 expect timeout abort "Verify passphrase:"
  966 sleep 0.1
  967 send "$PWD1\n"
  968 expect timeout abort "Command successful."
  969 expect timeout abort eof
  970 eval spawn $CRYPTSETUP_RAW luksOpen $FAST_PBKDF_OPT -v $LOOPDEV --test-passphrase
  971 expect timeout abort "Enter passphrase"
  972 sleep 0.1
  973 send "$PWD1\n"
  974 expect timeout abort "Command successful."
  975 expect timeout abort eof
  976 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 1
  977 expect timeout abort "Keyslot 1 is not active."
  978 expect timeout abort eof
  979 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 2
  980 expect timeout abort "Enter any remaining passphrase:"
  981 sleep 0.1
  982 send "$PWD0\n"
  983 expect timeout abort "Key slot 2 removed."
  984 expect timeout abort eof
  985 exit
  986 EOF
  987 [ $? -eq 0 ] || fail "Expect script failed."
  988 
  989 prepare "[38] Interactive change key." new
  990 expect_run - >/dev/null <<EOF
  991 proc abort {} { send_error "Timeout. "; exit 2 }
  992 set timeout $EXPECT_TIMEOUT
  993 eval spawn $CRYPTSETUP_RAW luksChangeKey $FAST_PBKDF_OPT -v $LOOPDEV
  994 expect timeout abort "Enter passphrase to be changed:"
  995 sleep 0.1
  996 send "$PWD0\n"
  997 expect timeout abort "Enter new passphrase:"
  998 sleep 0.1
  999 send "$PWD1\n"
 1000 expect timeout abort "Verify passphrase:"
 1001 sleep 0.1
 1002 send "$PWD1\n"
 1003 expect timeout abort "Command successful."
 1004 expect timeout abort eof
 1005 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase
 1006 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
 1007 sleep 0.1
 1008 send "$PWD1\n"
 1009 expect timeout abort "Command successful."
 1010 expect timeout abort eof
 1011 exit
 1012 EOF
 1013 [ $? -eq 0 ] || fail "Expect script failed."
 1014 
 1015 prepare "[39] Interactive suspend and resume." new
 1016 echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 1017 expect_run - >/dev/null <<EOF
 1018 proc abort {} { send_error "Timeout. "; exit 2 }
 1019 set timeout $EXPECT_TIMEOUT
 1020 eval spawn $CRYPTSETUP_RAW luksSuspend -v $DEV_NAME
 1021 expect timeout abort "Command successful."
 1022 expect timeout abort eof
 1023 eval spawn $CRYPTSETUP_RAW luksResume -v -T 3  $DEV_NAME
 1024 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
 1025 sleep 0.1
 1026 send "$PWD0 x\n"
 1027 expect timeout abort "No key available with this passphrase."
 1028 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
 1029 sleep 0.1
 1030 send "$PWD1\n"
 1031 expect timeout abort "No key available with this passphrase."
 1032 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
 1033 sleep 0.1
 1034 send "$PWD0 y\n"
 1035 expect timeout abort "No key available with this passphrase."
 1036 expect timeout abort eof
 1037 eval spawn $CRYPTSETUP_RAW luksResume -v $DEV_NAME
 1038 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
 1039 sleep 0.1
 1040 send "$PWD0\n"
 1041 expect timeout abort "Command successful."
 1042 expect timeout abort eof
 1043 exit
 1044 EOF
 1045 [ $? -eq 0 ] || fail "Expect script failed."
 1046 $CRYPTSETUP remove $DEV_NAME || fail
 1047 
 1048 prepare "[40] Long passphrase from TTY." wipe
 1049 EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/")
 1050 
 1051 # Password of maximal length 512 characters
 1052 LONG_PWD=\
 1053 "0123456789abcdef0123456789ABCDEF0123456789abcdef0123456789ABCDEF"\
 1054 "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do "\
 1055 "eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut e"\
 1056 "nim ad minim veniam, quis nostrud exercitation ullamco laboris n"\
 1057 "isi ut aliquip ex ea commodo consequat. Duis aute irure dolor in"\
 1058 " reprehenderit in voluptate velit esse cillum dolore eu fugiat n"\
 1059 "ulla pariatur. Excepteur sint occaecat cupidatat non proident, s"\
 1060 "unt in culpa qui officia deserunt mollit anim id est laborum.DEF"
 1061 
 1062 echo -n "$LONG_PWD" >$KEYE
 1063 
 1064 expect_run - >/dev/null <<EOF
 1065 proc abort {} { send_error "Timeout. "; exit 2 }
 1066 set timeout $EXPECT_TIMEOUT
 1067 eval spawn $CRYPTSETUP_RAW luksFormat --type luks1 $FAST_PBKDF_OPT -v $LOOPDEV
 1068 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
 1069 send "YES\n"
 1070 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
 1071 sleep 0.1
 1072 send "$LONG_PWD\n"
 1073 expect timeout abort "Verify passphrase:"
 1074 sleep 0.1
 1075 send "$LONG_PWD\n"
 1076 expect timeout abort "Command successful."
 1077 expect timeout abort eof
 1078 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase --key-file $KEYE
 1079 expect timeout abort "Command successful."
 1080 expect timeout abort eof
 1081 EOF
 1082 [ $? -eq 0 ] || fail "Expect script failed."
 1083 
 1084 remove_mapping
 1085 exit 0