"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/tests/compat-test" (13 Jan 2022, 50285 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the last
Fossies "Diffs" side-by-side code changes report for "compat-test":
2.4.0_vs_2.4.1.
1 #!/bin/bash
2
3 PS4='$LINENO:'
4 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
5 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
6 CRYPTSETUP_RAW=$CRYPTSETUP
7
8 CRYPTSETUP_VALGRIND=../.libs/cryptsetup
9 CRYPTSETUP_LIB_VALGRIND=../.libs
10
11 DEV_NAME=dummy
12 DEV_NAME2=dummy2
13 DEV_NAME3=dummy3
14 ORIG_IMG=luks-test-orig
15 IMG=luks-test
16 IMG10=luks-test-v10
17 HEADER_IMG=luks-header
18 KEY1=key1
19 KEY2=key2
20 KEY5=key5
21 KEYE=keye
22 PWD0="compatkey"
23 PWD1="93R4P4pIqAH8"
24 PWD2="mymJeD8ivEhE"
25 PWD3="ocMakf3fAcQO"
26 PWDW="rUkL4RUryBom"
27 VK_FILE="compattest_vkfile"
28
29 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
30
31 LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
32 KEY_SLOT0="S208-211 S212-215 R216-247 A248-251 A251-255"
33 KEY_MATERIAL0="R4096-68096"
34 KEY_MATERIAL0_EXT="R4096-68096"
35
36 KEY_SLOT1="S256-259 S260-263 R264-295 A296-299 A300-303"
37 KEY_MATERIAL1="R69632-133632"
38 KEY_MATERIAL1_EXT="S69632-133632"
39
40 KEY_SLOT5="S448-451 S452-455 R456-487 A488-491 A492-495"
41 KEY_MATERIAL5="R331776-395264"
42 KEY_MATERIAL5_EXT="S331776-395264"
43
44 TEST_UUID="12345678-1234-1234-1234-123456789abc"
45
46 LOOPDEV=$(losetup -f 2>/dev/null)
47 [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
48
49 function remove_mapping()
50 {
51 [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1
52 [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 >/dev/null 2>&1
53 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1
54 losetup -d $LOOPDEV >/dev/null 2>&1
55 rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $VK_FILE missing-file >/dev/null 2>&1
56 rmmod scsi_debug >/dev/null 2>&1
57 scsi_debug_teardown $DEV
58 }
59
60 function force_uevent()
61 {
62 DNAME=$(echo $LOOPDEV | cut -f3 -d /)
63 echo "change" >/sys/block/$DNAME/uevent
64 }
65
66 function fail()
67 {
68 [ -n "$1" ] && echo "$1"
69 remove_mapping
70 echo "FAILED backtrace:"
71 while caller $frame; do ((frame++)); done
72 exit 2
73 }
74
75 function fips_mode()
76 {
77 [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
78 }
79
80 function can_fail_fips()
81 {
82 # Ignore this fail if running in FIPS mode
83 fips_mode || fail $1
84 }
85
86 function skip()
87 {
88 [ -n "$1" ] && echo "$1"
89 remove_mapping
90 [ -z "$2" ] && exit $2
91 exit 77
92 }
93
94 function prepare()
95 {
96 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1
97
98 case "$2" in
99 file)
100 remove_mapping
101 dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1
102 sync
103 ;;
104 wipe)
105 remove_mapping
106 dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1
107 sync
108 losetup $LOOPDEV $IMG
109 ;;
110 new)
111 remove_mapping
112 xz -cd compatimage.img.xz > $IMG
113 # FIXME: switch to internal loop (no losetup at all)
114 echo "bad" | $CRYPTSETUP luksOpen --key-slot 0 --test-passphrase $IMG 2>&1 | \
115 grep "autoclear flag" && skip "WARNING: Too old kernel, test skipped."
116 losetup $LOOPDEV $IMG
117 xz -cd compatv10image.img.xz > $IMG10
118 ;;
119 reuse | *)
120 if [ ! -e $IMG ]; then
121 xz -cd compatimage.img.xz > $IMG
122 losetup $LOOPDEV $IMG
123 fi
124 [ ! -e $IMG10 ] && xz -cd compatv10image.img.xz > $IMG10
125 ;;
126 esac
127
128 if [ ! -e $KEY1 ]; then
129 #dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
130 echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1
131 echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1
132 fi
133
134 if [ ! -e $KEY2 ]; then
135 dd if=/dev/urandom of=$KEY2 count=1 bs=16 >/dev/null 2>&1
136 fi
137
138 if [ ! -e $KEY5 ]; then
139 dd if=/dev/urandom of=$KEY5 count=1 bs=16 >/dev/null 2>&1
140 fi
141
142 if [ ! -e $KEYE ]; then
143 touch $KEYE
144 fi
145
146 cp $IMG $ORIG_IMG
147 [ -n "$1" ] && echo "CASE: $1"
148 }
149
150 function check()
151 {
152 sync
153 [ -z "$1" ] && return
154 ./differ $ORIG_IMG $IMG $1 || fail
155 }
156
157 function check_exists()
158 {
159 [ -b /dev/mapper/$DEV_NAME ] || fail
160 check $1
161 }
162
163 # $1 path to scsi debug bdev
164 scsi_debug_teardown() {
165 local _tries=15;
166
167 while [ -b "$1" -a $_tries -gt 0 ]; do
168 rmmod scsi_debug >/dev/null 2>&1
169 if [ -b "$1" ]; then
170 sleep .1
171 _tries=$((_tries-1))
172 fi
173 done
174
175 test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
176 }
177
178 function add_scsi_device() {
179 scsi_debug_teardown $DEV
180 if [ -d /sys/module/scsi_debug ] ; then
181 echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
182 exit 77
183 fi
184 modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
185 if [ $? -ne 0 ] ; then
186 echo "This kernel seems to not support proper scsi_debug module, test skipped."
187 exit 77
188 fi
189
190 sleep 1
191 DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
192 [ -b $DEV ] || fail "Cannot find $DEV."
193 }
194
195 function valgrind_setup()
196 {
197 [ -n "$VALG" ] || return
198 which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
199 [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
200 export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
201 CRYPTSETUP=valgrind_run
202 CRYPTSETUP_RAW="./valg.sh ${CRYPTSETUP_VALGRIND}"
203 }
204
205 function valgrind_run()
206 {
207 export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}"
208 $CRYPTSETUP_RAW "$@"
209 }
210
211 function expect_run()
212 {
213 export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}"
214 expect "$@"
215 }
216
217 export LANG=C
218 valgrind_setup
219
220 # LUKS non-root-tests
221 if [ $(id -u) != 0 ]; then
222 $CRYPTSETUP benchmark -c aes-xts-plain64 >/dev/null 2>&1 || \
223 skip "WARNING: Cannot run test without kernel userspace crypto API, test skipped."
224 fi
225
226 prepare "Image in file tests (root capabilities not required)" file
227 echo "[1] format"
228 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail
229 echo "[2] open"
230 echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
231 [ $? -ne 2 ] && fail "luksOpen should return EPERM exit code"
232 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail
233 # test detached header --test-passphrase
234 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --header $HEADER_IMG $IMG || fail
235 echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
236 rm -f $HEADER_IMG
237 echo "[3] add key"
238 echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
239 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
240 echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
241 echo "[4] change key"
242 echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail
243 echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail
244 [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code"
245 echo "[5] remove key"
246 # delete active keys PWD0, PWD2
247 echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG 2>/dev/null && fail
248 [ $? -ne 2 ] && fail "luksRemove should return EPERM exit code"
249 echo $PWD0 | $CRYPTSETUP luksRemoveKey $IMG || fail
250 echo $PWD2 | $CRYPTSETUP luksRemoveKey $IMG || fail
251 # check if keys were deleted
252 echo $PWD0 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
253 [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
254 echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
255 [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
256 echo "[6] kill slot"
257 # format new luks device with active keys PWD1, PWD2
258 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail
259 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
260 # deactivate keys by killing slots
261 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail
262 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: ENABLED" || fail
263 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 2: DISABLED" || fail
264 echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 0 2>/dev/null && fail
265 echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 0 || fail
266 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: DISABLED" || fail
267 echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 1 2>/dev/null && fail
268 [ $? -ne 2 ] && fail "luksKill should return EPERM exit code"
269 echo $PWD2 | $CRYPTSETUP -q luksKillSlot $IMG 1 || fail
270 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 1: DISABLED" || fail
271 # check if keys were deactivated
272 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
273 echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
274 echo "[7] header backup"
275 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $IMG $FAST_PBKDF_OPT || fail
276 $CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail
277 echo $PWD1 | $CRYPTSETUP luksRemoveKey $IMG || fail
278 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
279 echo "[8] header restore"
280 $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
281 echo $PWD1 | $CRYPTSETUP luksOpen $IMG --test-passphrase || fail
282 echo "[9] luksDump"
283 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG $KEY1 || fail
284 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG -d $KEY1 || fail
285 $CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail
286 $CRYPTSETUP luksDump $IMG | grep -q $TEST_UUID || fail
287 echo $PWDW | $CRYPTSETUP luksDump $IMG --dump-master-key 2>/dev/null && fail
288 echo $PWD1 | $CRYPTSETUP luksDump $IMG --dump-master-key | grep -q "MK dump:" || fail
289 $CRYPTSETUP luksDump -q $IMG --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
290 echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE >/dev/null || fail
291 echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE 2>/dev/null && fail
292 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $IMG || fail
293
294 echo "[10] uuid"
295 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG || fail
296 $CRYPTSETUP -q luksUUID $IMG | grep -q $TEST_UUID || fail
297
298 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
299 [ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped."
300
301 # LUKS root-tests
302 prepare "[1] open - compat image - acceptance check" new
303 echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
304 check_exists
305 ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
306 [ "$ORG_SHA1" = 676062b66ebf36669dab705442ea0762dfc091b0 ] || fail
307 $CRYPTSETUP -q luksClose $DEV_NAME || fail
308
309 # Check it can be opened from header backup as well
310 $CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail
311 echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
312 check_exists
313 $CRYPTSETUP -q luksClose $DEV_NAME || fail
314 # Check restore
315 $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
316
317 # Repeat for V1.0 header - not aligned first keyslot
318 echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail
319 check_exists
320 ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
321 [ "$ORG_SHA1" = 51b48c2471a7593ceaf14dc5e66bca86ed05f6cc ] || fail
322 $CRYPTSETUP -q luksClose $DEV_NAME || fail
323
324 rm -f $HEADER_IMG
325 $CRYPTSETUP luksHeaderBackup $IMG10 --header-backup-file $HEADER_IMG
326 echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
327 check_exists
328 $CRYPTSETUP -q luksClose $DEV_NAME || fail
329
330 prepare "[2] open - compat image - denial check" new
331 echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
332 echo $PWDW | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME 2>/dev/null && fail
333 check
334
335 # All headers items and first key material section must change
336 prepare "[3] format" wipe
337 echo $PWD1 | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail
338 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
339
340 prepare "[4] format using hash sha512" wipe
341 echo $PWD1 | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV || fail
342 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
343
344 prepare "[5] open"
345 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
346 echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail
347 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
348 check_exists
349
350 # Key Slot 1 and key material section 1 must change, the rest must not.
351 prepare "[6] add key"
352 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV || fail
353 check "$KEY_SLOT1 $KEY_MATERIAL1"
354 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
355
356 # Unsuccessful Key Delete - nothing may change
357 prepare "[7] unsuccessful delete"
358 echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
359 $CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail
360 $CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail
361 check
362
363 # Delete Key Test
364 # Key Slot 1 and key material section 1 must change, the rest must not
365 prepare "[8] successful delete"
366 $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
367 check "$KEY_SLOT1 $KEY_MATERIAL1_EXT"
368 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail
369 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
370
371 # Key Slot 1 and key material section 1 must change, the rest must not
372 prepare "[9] add key test for key files"
373 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 || fail
374 check "$KEY_SLOT1 $KEY_MATERIAL1"
375 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
376
377 # Key Slot 1 and key material section 1 must change, the rest must not
378 prepare "[10] delete key test with key1 as remaining key"
379 $CRYPTSETUP -d $KEY1 luksKillSlot $LOOPDEV 0 || fail
380 check "$KEY_SLOT0 $KEY_MATERIAL0_EXT"
381 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
382 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
383
384 # Delete last slot
385 prepare "[11] delete last key" wipe
386 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail
387 echo $PWD1 | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail
388 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
389
390 # Format test for ESSIV, and some other parameters.
391 prepare "[12] parameter variation test" wipe
392 $CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks1 $LOOPDEV $KEY1 || fail
393 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
394 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
395
396 prepare "[13] open/close - stacked devices" wipe
397 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $FAST_PBKDF_OPT || fail
398 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
399 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail
400 echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
401 $CRYPTSETUP -q luksClose $DEV_NAME2 || fail
402 $CRYPTSETUP -q luksClose $DEV_NAME || fail
403
404 prepare "[14] format/open - passphrase on stdin & new line" wipe
405 # stdin defined by "-" must take even newline
406 #echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
407 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q --key-file=- luksFormat --type luks1 $LOOPDEV || fail
408 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
409 $CRYPTSETUP -q luksClose $DEV_NAME || fail
410 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
411 # now also try --key-file
412 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV --key-file=- || fail
413 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
414 $CRYPTSETUP -q luksClose $DEV_NAME || fail
415 # process newline if from stdin
416 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP $FAST_PBKDF_OPT -q luksFormat --type luks1 $LOOPDEV || fail
417 echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
418 $CRYPTSETUP -q luksClose $DEV_NAME || fail
419
420 prepare "[15] UUID - use and report provided UUID" wipe
421 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid blah $LOOPDEV 2>/dev/null && fail
422 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV || fail
423 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
424 [ "$tst"x = "$TEST_UUID"x ] || fail
425 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail
426 $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail
427 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
428 [ "$tst"x = "$TEST_UUID"x ] || fail
429
430 prepare "[16] luksFormat" wipe
431 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV || fail
432 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
433 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
434 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
435 $CRYPTSETUP -q luksClose $DEV_NAME || fail
436 # open by UUID
437 if [ -d /dev/disk/by-uuid ] ; then
438 force_uevent # some systems do not update loop by-uuid
439 $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
440 $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
441 $CRYPTSETUP -q luksClose $DEV_NAME || fail
442 fi
443 # empty keyfile
444 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEYE || fail
445 $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail
446 $CRYPTSETUP -q luksClose $DEV_NAME || fail
447 # open by volume key
448 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 256 --master-key-file $KEY1 $LOOPDEV || fail
449 $CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
450 $CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
451 $CRYPTSETUP -q luksClose $DEV_NAME || fail
452 # unsupported pe-keyslot encryption
453 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-cipher "aes-cbc-plain" $LOOPDEV 2>/dev/null && fail
454 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-key-size 256 $LOOPDEV 2>/dev/null && fail
455
456 prepare "[17] AddKey volume key, passphrase and keyfile" wipe
457 # masterkey
458 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
459 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail
460 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
461 echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
462 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail
463 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
464 echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
465 $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
466 $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail
467 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
468
469 # special "-" handling
470 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail
471 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 - || fail
472 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail
473 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail
474 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d - $KEY2 || fail
475 $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail
476 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail
477 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail
478
479 # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
480 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail
481 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
482 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
483 # keyfile/keyfile
484 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail
485 $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail
486 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
487 # passphrase/keyfile
488 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail
489 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
490 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail
491 # passphrase/passphrase
492 echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail
493 echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail
494 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
495 # keyfile/passphrase
496 echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail
497 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
498
499 prepare "[18] RemoveKey passphrase and keyfile" reuse
500 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail
501 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail
502 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
503 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail
504 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
505 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
506 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
507 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail
508 # if password or keyfile is provided, batch mode must not suppress it
509 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail
510 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail
511 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail
512 echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
513 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
514 # kill slot using passphrase from 1
515 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
516 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail
517 # kill slot with redirected stdin
518 $CRYPTSETUP luksKillSlot $LOOPDEV 3 </dev/null 2>/dev/null || fail
519 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail
520 # remove key0 / slot 0
521 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail
522 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail
523 # last keyslot, in batch mode no passphrase needed...
524 $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 || fail
525 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
526
527 prepare "[19] create & status & resize" wipe
528 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail
529 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
530 $CRYPTSETUP -q status $DEV_NAME | grep "offset:" | grep -q "3 sectors" || fail
531 $CRYPTSETUP -q status $DEV_NAME | grep "skipped:" | grep -q "4 sectors" || fail
532 $CRYPTSETUP -q status $DEV_NAME | grep "mode:" | grep -q "readonly" || fail
533 $CRYPTSETUP -q resize $DEV_NAME --size 100 || fail
534 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
535 $CRYPTSETUP -q resize $DEV_NAME || fail
536 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "19997 sectors" || fail
537 $CRYPTSETUP -q resize $DEV_NAME --device-size 1M || fail
538 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
539 $CRYPTSETUP -q resize $DEV_NAME --device-size 512k --size 1023 >/dev/null 2>&1 && fail
540 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
541 $CRYPTSETUP -q resize $DEV_NAME --device-size 513 >/dev/null 2>&1 && fail
542 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "2048 sectors" || fail
543 # Resize underlying loop device as well
544 truncate -s 16M $IMG || fail
545 $CRYPTSETUP -q resize $DEV_NAME || fail
546 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail
547 $CRYPTSETUP -q remove $DEV_NAME || fail
548 $CRYPTSETUP -q status $DEV_NAME >/dev/null && fail
549 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
550 $CRYPTSETUP -q remove $DEV_NAME || fail
551 echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
552 $CRYPTSETUP -q remove $DEV_NAME || fail
553 echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail
554 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
555 $CRYPTSETUP -q remove $DEV_NAME || fail
556 # 4k sector resize (if kernel supports it)
557 echo $PWD1 | $CRYPTSETUP -q open --type plain $LOOPDEV $DEV_NAME --sector-size 4096 --size 8 >/dev/null 2>&1
558 if [ $? -eq 0 ] ; then
559 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "8 sectors" || fail
560 $CRYPTSETUP -q resize $DEV_NAME --size 16 || fail
561 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail
562 $CRYPTSETUP -q resize $DEV_NAME --size 9 2>/dev/null && fail
563 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail
564 $CRYPTSETUP -q resize $DEV_NAME --device-size 4608 2>/dev/null && fail
565 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "16 sectors" || fail
566 $CRYPTSETUP -q remove $DEV_NAME || fail
567 fi
568 # Resize not aligned to logical block size
569 add_scsi_device dev_size_mb=32 sector_size=4096
570 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV || fail
571 OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
572 $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail
573 dmsetup info $DEV_NAME | grep -q SUSPENDED && fail
574 NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
575 test $OLD_SIZE -eq $NEW_SIZE || fail
576 $CRYPTSETUP close $DEV_NAME || fail
577 # Add check for unaligned plain crypt activation
578 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV -b 7 2>/dev/null && fail
579 $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
580 # verify is ignored on non-tty input
581 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
582 $CRYPTSETUP -q remove $DEV_NAME || fail
583 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
584 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail
585 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 -l -1 2>/dev/null && fail
586 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
587 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail
588 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d blah 2>/dev/null && fail
589 $CRYPTSETUP -q remove $DEV_NAME || fail
590 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d /dev/urandom || fail
591 $CRYPTSETUP -q remove $DEV_NAME || fail
592
593 prepare "[20] Disallow open/create if already mapped." wipe
594 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
595 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail
596 $CRYPTSETUP create $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail
597 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV 2>/dev/null && fail
598 $CRYPTSETUP remove $DEV_NAME || fail
599 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV || fail
600 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
601 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail
602 $CRYPTSETUP luksClose $DEV_NAME || fail
603
604 prepare "[21] luksDump" wipe
605 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
606 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail
607 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
608 $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
609 echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail
610 echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || fail
611 $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
612 echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE > /dev/null || fail
613 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $LOOPDEV || fail
614
615 prepare "[22] remove disappeared device" wipe
616 dmsetup create $DEV_NAME --table "0 5000 linear $LOOPDEV 2" || fail
617 echo $PWD1 | $CRYPTSETUP -q $FAST_PBKDF_OPT luksFormat --type luks1 /dev/mapper/$DEV_NAME || fail
618 echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
619 # underlying device now returns error but node is still present
620 dmsetup load $DEV_NAME --table "0 5000 error" || fail
621 dmsetup resume $DEV_NAME || fail
622 $CRYPTSETUP -q luksClose $DEV_NAME2 || fail
623 dmsetup remove --retry $DEV_NAME || fail
624
625 prepare "[23] ChangeKey passphrase and keyfile" wipe
626 # [0]$KEY1 [1]key0
627 $CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail
628 echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail
629 # keyfile [0] / keyfile [0]
630 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail
631 # passphrase [1] / passphrase [1]
632 echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT --key-slot 1 || fail
633 # keyfile [0] / keyfile [new]
634 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail
635 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail
636 # passphrase [1] / passphrase [new]
637 echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail
638 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
639 # use all slots
640 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
641 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
642 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
643 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
644 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
645 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
646 # still allows replace
647 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail
648 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail
649
650 prepare "[24] Keyfile limit" wipe
651 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail
652 $CRYPTSETUP --key-file=$KEY1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
653 $CRYPTSETUP --key-file=$KEY1 -l 0 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
654 $CRYPTSETUP --key-file=$KEY1 -l -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
655 $CRYPTSETUP --key-file=$KEY1 -l 14 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
656 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
657 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset -1 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
658 $CRYPTSETUP --key-file=$KEY1 -l 13 luksOpen $LOOPDEV $DEV_NAME || fail
659 $CRYPTSETUP luksClose $DEV_NAME || fail
660 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail
661 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail
662 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l -1 2>/dev/null && fail
663 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 --new-keyfile-size 12 || fail
664 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 2>/dev/null && fail
665 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 -l 12 || fail
666 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT 2>/dev/null && fail
667 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 14 2>/dev/null && fail
668 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT -l 13 || fail
669 # -l is ignored for stdin if _only_ passphrase is used
670 echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 $FAST_PBKDF_OPT || fail
671 # this is stupid, but expected
672 echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 11 2>/dev/null && fail
673 echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 12 2>/dev/null && fail
674 echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 12 || fail
675 # offset
676 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail
677 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
678 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 16 luksOpen $LOOPDEV $DEV_NAME || fail
679 $CRYPTSETUP luksClose $DEV_NAME || fail
680 $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 -l 13 --keyfile-offset 16 $KEY2 --new-keyfile-offset 1 || fail
681 $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 11 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
682 $CRYPTSETUP --key-file=$KEY2 --keyfile-offset 1 luksOpen $LOOPDEV $DEV_NAME || fail
683 $CRYPTSETUP luksClose $DEV_NAME || fail
684 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 --keyfile-offset 1 $KEY2 --new-keyfile-offset 0 || fail
685 $CRYPTSETUP luksOpen -d $KEY2 $LOOPDEV $DEV_NAME || fail
686 $CRYPTSETUP luksClose $DEV_NAME || fail
687 # large device with keyfile
688 echo -e '0 10000000 error'\\n'10000000 1000000 zero' | dmsetup create $DEV_NAME2 || fail
689 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV /dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 || fail
690 $CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5119999999 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
691 $CRYPTSETUP --key-file=/dev/mapper/$DEV_NAME2 -l 13 --keyfile-offset 5120000000 luksOpen $LOOPDEV $DEV_NAME || fail
692 $CRYPTSETUP luksClose $DEV_NAME || fail
693 $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d /dev/mapper/$DEV_NAME2 \
694 --keyfile-offset 5120000000 -l 13 /dev/mapper/$DEV_NAME2 --new-keyfile-offset 5120000001 --new-keyfile-size 15 || fail
695 dmsetup remove --retry $DEV_NAME2
696
697 prepare "[25] Create shared segments" wipe
698 echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --offset 0 --size 256 || fail
699 echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 2>/dev/null && fail
700 echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 --shared || fail
701 $CRYPTSETUP -q remove $DEV_NAME2 || fail
702 $CRYPTSETUP -q remove $DEV_NAME || fail
703
704 prepare "[26] Suspend/Resume" wipe
705 # only LUKS is supported
706 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
707 $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
708 $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
709 $CRYPTSETUP -q remove $DEV_NAME || fail
710 $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
711 # LUKS
712 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail
713 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
714 $CRYPTSETUP luksSuspend $DEV_NAME || fail
715 $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
716 $CRYPTSETUP -q resize $DEV_NAME 2>/dev/null && fail
717 echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
718 [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
719 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
720 $CRYPTSETUP -q luksClose $DEV_NAME || fail
721 echo | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks1 $LOOPDEV || fail
722 echo | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
723 $CRYPTSETUP luksSuspend $DEV_NAME || fail
724 $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
725 echo | $CRYPTSETUP luksResume $DEV_NAME || fail
726 $CRYPTSETUP -q luksClose $DEV_NAME || fail
727
728 prepare "[27] luksOpen with specified key slot number" wipe
729 # first, let's try passphrase option
730 echo $PWD3 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT -S 5 $LOOPDEV || fail
731 check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
732 echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME 2>/dev/null && fail
733 [ -b /dev/mapper/$DEV_NAME ] && fail
734 echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
735 check_exists
736 $CRYPTSETUP luksClose $DEV_NAME || fail
737 echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
738 check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
739 echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
740 [ -b /dev/mapper/$DEV_NAME ] && fail
741 echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
742 [ -b /dev/mapper/$DEV_NAME ] && fail
743 # second, try it with keyfiles
744 $CRYPTSETUP luksFormat --type luks1 -q -S 5 -d $KEY5 $LOOPDEV || fail
745 check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
746 $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
747 check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1
748 $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
749 check_exists
750 $CRYPTSETUP luksClose $DEV_NAME || fail
751 $CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
752 [ -b /dev/mapper/$DEV_NAME ] && fail
753 $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME 2>/dev/null && fail
754 [ -b /dev/mapper/$DEV_NAME ] && fail
755
756 prepare "[28] Detached LUKS header" wipe
757 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG || fail
758 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 1 >/dev/null 2>&1 && fail
759 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail
760 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
761 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --align-payload 8192 --offset 8192 >/dev/null 2>&1 && fail
762 truncate -s 4096 $HEADER_IMG
763 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG -S7 >/dev/null 2>&1 || fail
764 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 80000 >/dev/null 2>&1 || fail
765 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 8192 || fail
766 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --header $HEADER_IMG --offset 0 || fail
767 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail
768 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
769 $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail
770 $CRYPTSETUP -q status $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail
771 $CRYPTSETUP -q status $DEV_NAME | grep "type:" | grep -q "n/a" || fail
772 $CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
773 $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail
774 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
775 $CRYPTSETUP luksSuspend $DEV_NAME || fail
776 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
777 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
778 $CRYPTSETUP luksClose $DEV_NAME || fail
779 echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
780 $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail
781 $CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
782 $CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail
783 echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_IMG || fail
784
785 prepare "[29] Repair metadata" wipe
786 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 0 || fail
787 # second sector overwrite should corrupt keyslot 6+7
788 dd if=/dev/urandom of=$LOOPDEV bs=512 seek=1 count=1 >/dev/null 2>&1
789 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME >/dev/null 2>&1 && fail
790 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
791 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
792 $CRYPTSETUP luksClose $DEV_NAME || fail
793 # fix ecb-plain
794 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --hash sha256 -c aes-ecb || fail
795 echo -n "ecb-xxx" | dd of=$LOOPDEV bs=1 seek=40 >/dev/null 2>&1
796 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
797 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
798 $CRYPTSETUP luksClose $DEV_NAME || fail
799 # fix uppercase hash
800 echo -n "SHA256" | dd of=$LOOPDEV bs=1 seek=72 >/dev/null 2>&1
801 $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
802 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
803 $CRYPTSETUP luksClose $DEV_NAME || fail
804
805 prepare "[30] LUKS erase" wipe
806 $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY5 --key-slot 5 || fail
807 $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
808 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
809 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
810 $CRYPTSETUP luksErase -q $LOOPDEV || fail
811 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
812 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: DISABLED" || fail
813
814 prepare "[31] Deferred removal of device" wipe
815 echo $PWD1 | $CRYPTSETUP open --type plain --hash sha256 $LOOPDEV $DEV_NAME || fail
816 echo $PWD2 | $CRYPTSETUP open --type plain --hash sha256 /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
817 $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1 && fail
818 $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
819 $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
820 if [ $? -eq 0 ] ; then
821 dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
822 $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
823 $CRYPTSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
824 dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail
825 $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
826 $CRYPTSETUP close $DEV_NAME2 || fail
827 $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail
828 else
829 $CRYPTSETUP close $DEV_NAME2 >/dev/null 2>&1
830 $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1
831 fi
832
833 # Interactive tests
834 # Do not remove sleep 0.1 below, the password query flushes TTY buffer (so the code is racy).
835 which expect >/dev/null 2>&1 || skip "WARNING: expect tool missing, interactive test will be skipped." 0
836
837 prepare "[32] Interactive password retry from terminal." new
838 EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/")
839 EXPECT_TIMEOUT=10
840 [ -n "$VALG" ] && EXPECT_TIMEOUT=60
841
842 expect_run - >/dev/null <<EOF
843 proc abort {} { send_error "Timeout. "; exit 2 }
844 set timeout $EXPECT_TIMEOUT
845 eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME
846 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
847 sleep 0.1
848 send "$PWD0 x\n"
849 expect timeout abort "No key available with this passphrase."
850 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
851 sleep 0.1
852 send "$PWD0\n"
853 expect timeout abort "Key slot 0 unlocked."
854 expect timeout abort "Command successful."
855 expect timeout abort eof
856 exit
857 EOF
858 [ $? -eq 0 ] || fail "Expect script failed."
859 check_exists
860 $CRYPTSETUP -q luksClose $DEV_NAME || fail
861
862 prepare "[33] Interactive unsuccessful password retry from terminal." new
863 expect_run - >/dev/null <<EOF
864 proc abort {} { send_error "Timeout. "; exit 2 }
865 set timeout $EXPECT_TIMEOUT
866 eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME
867 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
868 sleep 0.1
869 send "$PWD0 x\n"
870 expect timeout abort "No key available with this passphrase."
871 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
872 sleep 0.1
873 send "$PWD0 y\n"
874 expect timeout abort "No key available with this passphrase."
875 expect timeout abort eof
876 exit
877 EOF
878 [ $? -eq 0 ] || fail "Expect script failed."
879
880 prepare "[34] Interactive kill of last key slot." new
881 expect_run - >/dev/null <<EOF
882 proc abort {} { send_error "Timeout. "; exit 2 }
883 set timeout $EXPECT_TIMEOUT
884 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0
885 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
886 send "YES\n"
887 expect timeout abort "Enter any remaining passphrase:"
888 sleep 0.1
889 send "$PWD0\n"
890 expect timeout abort "Command successful."
891 expect timeout abort eof
892 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0
893 expect timeout abort "Keyslot 0 is not active."
894 expect timeout abort eof
895 exit
896 EOF
897 [ $? -eq 0 ] || fail "Expect script failed."
898
899 prepare "[35] Interactive format of device." wipe
900 expect_run - >/dev/null <<EOF
901 proc abort {} { send_error "Timeout. "; exit 2 }
902 set timeout $EXPECT_TIMEOUT
903 eval spawn $CRYPTSETUP_RAW luksFormat --type luks1 $FAST_PBKDF_OPT -v $LOOPDEV
904 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
905 send "YES\n"
906 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
907 sleep 0.1
908 send "$PWD0\n"
909 expect timeout abort "Verify passphrase:"
910 sleep 0.1
911 send "$PWD0\n"
912 expect timeout abort "Command successful."
913 expect timeout abort eof
914 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase
915 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
916 sleep 0.1
917 send "$PWD0\n"
918 expect timeout abort "Command successful."
919 expect timeout abort eof
920 exit
921 EOF
922 [ $? -eq 0 ] || fail "Expect script failed."
923
924 prepare "[36] Interactive unsuccessful format of device." new
925 expect_run - >/dev/null <<EOF
926 proc abort {} { send_error "Timeout. "; exit 2 }
927 set timeout $EXPECT_TIMEOUT
928 eval spawn $CRYPTSETUP_RAW erase -v $LOOPDEV
929 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
930 send "YES\n"
931 expect timeout abort "Command successful."
932 expect timeout abort eof
933 eval spawn $CRYPTSETUP_RAW luksFormat --type luks1 $FAST_PBKDF_OPT -v $LOOPDEV
934 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
935 send "YES\n"
936 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
937 sleep 0.1
938 send "$PWD0\n"
939 expect timeout abort "Verify passphrase:"
940 sleep 0.1
941 send "$PWD0 x\n"
942 expect timeout abort "Passphrases do not match."
943 expect timeout abort eof
944 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV -T 1 --test-passphrase
945 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
946 sleep 0.1
947 send "$PWD0\n"
948 expect timeout abort "No usable keyslot is available."
949 expect timeout abort eof
950 exit
951 EOF
952 [ $? -eq 0 ] || fail "Expect script failed."
953
954 prepare "[37] Interactive add key." new
955 expect_run - >/dev/null <<EOF
956 proc abort {} { send_error "Timeout. "; exit 2 }
957 set timeout $EXPECT_TIMEOUT
958 eval spawn $CRYPTSETUP_RAW luksAddKey -S 2 $FAST_PBKDF_OPT -v $LOOPDEV
959 expect timeout abort "Enter any existing passphrase:"
960 sleep 0.1
961 send "$PWD0\n"
962 expect timeout abort "Enter new passphrase for key slot:"
963 sleep 0.1
964 send "$PWD1\n"
965 expect timeout abort "Verify passphrase:"
966 sleep 0.1
967 send "$PWD1\n"
968 expect timeout abort "Command successful."
969 expect timeout abort eof
970 eval spawn $CRYPTSETUP_RAW luksOpen $FAST_PBKDF_OPT -v $LOOPDEV --test-passphrase
971 expect timeout abort "Enter passphrase"
972 sleep 0.1
973 send "$PWD1\n"
974 expect timeout abort "Command successful."
975 expect timeout abort eof
976 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 1
977 expect timeout abort "Keyslot 1 is not active."
978 expect timeout abort eof
979 eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 2
980 expect timeout abort "Enter any remaining passphrase:"
981 sleep 0.1
982 send "$PWD0\n"
983 expect timeout abort "Key slot 2 removed."
984 expect timeout abort eof
985 exit
986 EOF
987 [ $? -eq 0 ] || fail "Expect script failed."
988
989 prepare "[38] Interactive change key." new
990 expect_run - >/dev/null <<EOF
991 proc abort {} { send_error "Timeout. "; exit 2 }
992 set timeout $EXPECT_TIMEOUT
993 eval spawn $CRYPTSETUP_RAW luksChangeKey $FAST_PBKDF_OPT -v $LOOPDEV
994 expect timeout abort "Enter passphrase to be changed:"
995 sleep 0.1
996 send "$PWD0\n"
997 expect timeout abort "Enter new passphrase:"
998 sleep 0.1
999 send "$PWD1\n"
1000 expect timeout abort "Verify passphrase:"
1001 sleep 0.1
1002 send "$PWD1\n"
1003 expect timeout abort "Command successful."
1004 expect timeout abort eof
1005 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase
1006 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
1007 sleep 0.1
1008 send "$PWD1\n"
1009 expect timeout abort "Command successful."
1010 expect timeout abort eof
1011 exit
1012 EOF
1013 [ $? -eq 0 ] || fail "Expect script failed."
1014
1015 prepare "[39] Interactive suspend and resume." new
1016 echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
1017 expect_run - >/dev/null <<EOF
1018 proc abort {} { send_error "Timeout. "; exit 2 }
1019 set timeout $EXPECT_TIMEOUT
1020 eval spawn $CRYPTSETUP_RAW luksSuspend -v $DEV_NAME
1021 expect timeout abort "Command successful."
1022 expect timeout abort eof
1023 eval spawn $CRYPTSETUP_RAW luksResume -v -T 3 $DEV_NAME
1024 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
1025 sleep 0.1
1026 send "$PWD0 x\n"
1027 expect timeout abort "No key available with this passphrase."
1028 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
1029 sleep 0.1
1030 send "$PWD1\n"
1031 expect timeout abort "No key available with this passphrase."
1032 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
1033 sleep 0.1
1034 send "$PWD0 y\n"
1035 expect timeout abort "No key available with this passphrase."
1036 expect timeout abort eof
1037 eval spawn $CRYPTSETUP_RAW luksResume -v $DEV_NAME
1038 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
1039 sleep 0.1
1040 send "$PWD0\n"
1041 expect timeout abort "Command successful."
1042 expect timeout abort eof
1043 exit
1044 EOF
1045 [ $? -eq 0 ] || fail "Expect script failed."
1046 $CRYPTSETUP remove $DEV_NAME || fail
1047
1048 prepare "[40] Long passphrase from TTY." wipe
1049 EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/")
1050
1051 # Password of maximal length 512 characters
1052 LONG_PWD=\
1053 "0123456789abcdef0123456789ABCDEF0123456789abcdef0123456789ABCDEF"\
1054 "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do "\
1055 "eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut e"\
1056 "nim ad minim veniam, quis nostrud exercitation ullamco laboris n"\
1057 "isi ut aliquip ex ea commodo consequat. Duis aute irure dolor in"\
1058 " reprehenderit in voluptate velit esse cillum dolore eu fugiat n"\
1059 "ulla pariatur. Excepteur sint occaecat cupidatat non proident, s"\
1060 "unt in culpa qui officia deserunt mollit anim id est laborum.DEF"
1061
1062 echo -n "$LONG_PWD" >$KEYE
1063
1064 expect_run - >/dev/null <<EOF
1065 proc abort {} { send_error "Timeout. "; exit 2 }
1066 set timeout $EXPECT_TIMEOUT
1067 eval spawn $CRYPTSETUP_RAW luksFormat --type luks1 $FAST_PBKDF_OPT -v $LOOPDEV
1068 expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
1069 send "YES\n"
1070 expect timeout abort "Enter passphrase for $EXPECT_DEV:"
1071 sleep 0.1
1072 send "$LONG_PWD\n"
1073 expect timeout abort "Verify passphrase:"
1074 sleep 0.1
1075 send "$LONG_PWD\n"
1076 expect timeout abort "Command successful."
1077 expect timeout abort eof
1078 eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase --key-file $KEYE
1079 expect timeout abort "Command successful."
1080 expect timeout abort eof
1081 EOF
1082 [ $? -eq 0 ] || fail "Expect script failed."
1083
1084 remove_mapping
1085 exit 0