cryptsetup: tests/integrity-compat-test

"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/integrity-compat-test" (13 Jan 2022, 18203 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "integrity-compat-test":

2.4.0_vs_2.4.1.

1 #!/bin/bash 2 # 3 # Test integritysetup compatibility. 4 # 5 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." 6 INTSETUP=$CRYPTSETUP_PATH/integritysetup 7 8 INTSETUP_VALGRIND=../.libs/integritysetup 9 INTSETUP_LIB_VALGRIND=../.libs 10 11 DEV_NAME=dmc_test 12 DEV_NAME2=dmc_fake 13 DEV_LOOP="" 14 DEV=test123.img 15 DEV2=test124.img 16 KEY_FILE=key.img 17 KEY_FILE2=key2.img 18 19 dmremove() { # device 20 udevadm settle >/dev/null 2>&1 21 dmsetup remove --retry $1 >/dev/null 2>&1 22 } 23 24 cleanup() { 25 [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME 26 [ -b /dev/mapper/$DEV_NAME2 ] && dmremove $DEV_NAME2 27 [ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP" 28 DEV_LOOP="" 29 rm -f $DEV $DEV2 $KEY_FILE $KEY_FILE2 >/dev/null 2>&1 30 } 31 32 fail() 33 { 34 [ -n "$1" ] && echo "$1" 35 echo "FAILED backtrace:" 36 while caller $frame; do ((frame++)); done 37 cleanup 38 exit 100 39 } 40 41 skip() 42 { 43 [ -n "$1" ] && echo "$1" 44 exit 77 45 } 46 47 function dm_integrity_features() 48 { 49 VER_STR=$(dmsetup targets | grep integrity | cut -f2 -dv) 50 [ -z "$VER_STR" ] && skip "Cannot find dm-integrity target, test skipped." 51 52 VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) 53 VER_MIN=$(echo $VER_STR | cut -f 2 -d.) 54 VER_PTC=$(echo $VER_STR | cut -f 3 -d.) 55 56 [ $VER_MAJ -lt 1 ] && return 57 [ $VER_MIN -gt 1 ] && { 58 DM_INTEGRITY_META=1 59 DM_INTEGRITY_RECALC=1 60 } 61 [ $VER_MIN -gt 2 ] && { 62 DM_INTEGRITY_BITMAP=1 63 } 64 [ $VER_MIN -gt 6 ] && { 65 DM_INTEGRITY_HMAC_FIX=1 66 } 67 [ $VER_MIN -gt 7 ] && { 68 DM_INTEGRITY_RESET=1 69 } 70 } 71 72 add_device() { 73 cleanup 74 dd if=/dev/urandom of=$KEY_FILE bs=4096 count=1 >/dev/null 2>&1 75 dd if=/dev/urandom of=$KEY_FILE2 bs=1 count=32 >/dev/null 2>&1 76 dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1 77 dd if=/dev/zero of=$DEV2 bs=1M count=32 >/dev/null 2>&1 78 sync 79 } 80 81 status_check() # name value 82 { 83 X=$($INTSETUP status $DEV_NAME | grep "$1" | sed 's/.*: //' | sed 's/^[[:space:]]*//') 84 if [ "$X" != "$2" ] ; then 85 echo "[status FAIL]" 86 echo " Expecting $1:$2 got \"$X\"." 87 fail 88 fi 89 } 90 91 dump_check() # name value 92 { 93 X=$($INTSETUP dump $DEV | grep "$1" | cut -d' ' -f 2) 94 if [ "$X" != "$2" ] ; then 95 echo "[dump FAIL]" 96 echo " Expecting $1:$2 got \"$X\"." 97 fail 98 fi 99 } 100 101 kernel_param_check() # number value 102 { 103 X=$(dmsetup table $DEV_NAME | cut -d " " -f $1) 104 if [ "$X" != $2 ] ; then 105 echo "[param_check FAIL]" 106 echo "Expecting $2 got \"$X\"." 107 fail 108 fi 109 } 110 111 function valgrind_setup() 112 { 113 which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind." 114 [ ! -f $INTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." 115 export LD_LIBRARY_PATH="$INTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" 116 } 117 118 function valgrind_run() 119 { 120 INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${INTSETUP_VALGRIND} "$@" 121 } 122 123 int_check_sum_only() # checksum 124 { 125 VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1) 126 if [ "$VSUM" = "$1" ] ; then 127 echo -n "[CHECKSUM OK]" 128 else 129 echo "[FAIL]" 130 echo " Expecting $1 got $VSUM." 131 fail 132 fi 133 } 134 135 int_check_sum() # alg checksum [keyfile keysize] 136 { 137 if [ -n "$4" ] ; then 138 KEY_PARAMS="--integrity-key-file $3 --integrity-key-size $4" 139 else 140 KEY_PARAMS="" 141 fi 142 143 # Fill device with zeroes and reopen it 144 dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M oflag=direct >/dev/null 2>&1 145 dmremove $DEV_NAME 146 147 $INTSETUP open $DEV $DEV_NAME --integrity $1 $KEY_PARAMS || fail "Cannot activate device." 148 149 int_check_sum_only $2 150 } 151 152 intformat() # alg alg_out tagsize outtagsize sector_size csum [keyfile keysize] 153 { 154 if [ -n "$8" ] ; then 155 KEY_PARAMS="--integrity-key-file $7 --integrity-key-size $8" 156 else 157 KEY_PARAMS="" 158 fi 159 160 if [ $3 -ne 0 ] ; then 161 TAG_PARAMS="--tag-size $3" 162 else 163 TAG_PARAMS="" 164 fi 165 166 echo -n "[INTEGRITY:$2:$4:$5]" 167 [ -n "$8" ] && echo -n "[KEYFILE:$8]" 168 echo -n "[FORMAT]" 169 $INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null 2>&1 170 if [ $? -ne 0 ] ; then 171 if [[ $1 =~ "sha" || $1 =~ "crc" ]] ; then 172 fail "Cannot format device." 173 fi 174 echo "[N/A]" 175 return 176 fi 177 178 dump_check "tag_size" $4 179 dump_check "sector_size" $5 180 echo -n "[ACTIVATE]" 181 $INTSETUP open $DEV $DEV_NAME --integrity $1 $KEY_PARAMS || fail "Cannot activate device." 182 if [ -n "$8" ]; then 183 KEY_HEX=$(xxd -c 4096 -l $8 -p $7) 184 [ -z "$KEY_HEX" ] && fail "Cannot decode key." 185 dmsetup table --showkeys $DEV_NAME | grep -q $KEY_HEX || fail "Key mismatch." 186 fi 187 status_check "tag size" $4 188 status_check "integrity" $2 189 status_check "sector size" "$5 bytes" 190 int_check_sum $1 $6 $7 $8 191 echo -n "[REMOVE]" 192 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 193 echo "[OK]" 194 } 195 196 int_error_detection() # mode alg tagsize outtagsize sector_size key_file key_size 197 { 198 if [ "$1" == "B" ] ; then 199 INT_MODE="-B" 200 else 201 INT_MODE="" 202 fi 203 if [ -n "$7" ] ; then 204 KEY_PARAMS="--integrity-key-file $6 --integrity-key-size $7" 205 else 206 KEY_PARAMS="" 207 fi 208 if [ $3 -ne 0 ] ; then 209 TAG_PARAMS="--tag-size $3" 210 else 211 TAG_PARAMS="" 212 fi 213 dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1 214 215 echo -n "[INTEGRITY:$1:$2:$4:$5]" 216 echo -n "[FORMAT]" 217 $INTSETUP format -q --integrity $2 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV $INT_MODE >/dev/null || fail "Cannot format device." 218 echo -n "[ACTIVATE]" 219 $INTSETUP open $DEV $DEV_NAME --integrity $2 --integrity-no-journal $KEY_PARAMS $INT_MODE || fail "Cannot activate device." 220 221 if [ -n "$6" -a -n "$7" ]; then 222 echo -n "[KEYED HASH]" 223 KEY_HEX=$(xxd -c 256 -l $7 -p $6) 224 [ -z "$KEY_HEX" ] && fail "Cannot decode key." 225 dmsetup table --showkeys $DEV_NAME | grep -q $KEY_HEX || fail "Key mismatch." 226 fi 227 228 echo -n "[WRITE DATA]" 229 echo -n "EXAMPLE TEXT" | dd of=/dev/mapper/$DEV_NAME >/dev/null 2>&1 || fail "Cannot write to device." 230 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 231 232 # find offset of data area 233 ARR=($(dd if=$DEV bs=512 2>/dev/null | hexdump -C | grep 'EXAMPLE TEXT')) 234 OFF_HEX=${ARR[0]} 235 OFF_DEC=$((16#$OFF_HEX)) 236 237 echo -n "[CORRUPT DATA:$OFF_DEC]" 238 echo -n "Z" | dd of=$DEV bs=1 seek=$OFF_DEC conv=notrunc >/dev/null 2>&1 || fail "Cannot write to device." 239 240 echo -n "[DETECT ERROR]" 241 $INTSETUP open $DEV $DEV_NAME --integrity $2 $KEY_PARAMS $INT_MODE || fail "Cannot activate device." 242 dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 && fail "Error detection failed." 243 echo -n "[REMOVE]" 244 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 245 echo "[OK]" 246 } 247 248 int_journal() # 1 alg, 2 tagsize, 3 sector_size, 4 watermark, 5 commit_time, 6 journal_integrity, 7 key-file, 8 key-size, 9 journal_integrity_out 249 { 250 echo -n "[INTEGRITY JOURNAL:$6:${4}%:${5}ms:$8]" 251 echo -n "[FORMAT]" 252 ARGS="--integrity $1 --journal-watermark $4 --journal-commit-time $5 --journal-integrity $6 --journal-integrity-key-file $7 --journal-integrity-key-size $8" 253 $INTSETUP format -q --tag-size $2 --sector-size $3 $ARGS $DEV || fail "Cannot format device." 254 255 echo -n "[ACTIVATE]" 256 257 $INTSETUP open $DEV $DEV_NAME $ARGS || fail "Cannot activate device." 258 259 echo -n "[KEYED HASH]" 260 KEY_HEX=$(xxd -c 4096 -l $8 -p $7) 261 [ -z "$KEY_HEX" ] && fail "Cannot decode key." 262 dmsetup table --showkeys $DEV_NAME | grep -q $KEY_HEX || fail "Key mismatch." 263 264 status_check "journal watermark" "${4}%" 265 status_check "journal commit time" "${5} ms" 266 status_check "journal integrity MAC" $9 267 268 echo -n "[REMOVE]" 269 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 270 echo "[OK]" 271 } 272 273 274 int_journal_crypt() # crypt_alg crypt_alg_kernel crypt_key crypt_key_size 275 { 276 echo -n "[JOURNAL CRYPT:$1:${4}B]" 277 278 echo -n "[FORMAT]" 279 ARGS="--journal-crypt $1 --journal-crypt-key-file $3 --journal-crypt-key-size $4" 280 $INTSETUP format -q $ARGS $DEV || fail "Cannot format device." 281 282 echo -n "[ACTIVATE]" 283 $INTSETUP open $DEV $DEV_NAME $ARGS || fail "Cannot activate device." 284 285 KEY_HEX=$(xxd -c 256 -l $4 -p $3) 286 [ -z "$KEY_HEX" ] && fail "Cannot decode key." 287 dmsetup table --showkeys $DEV_NAME | grep -q "journal_crypt:$2:$KEY_HEX" || fail "Key mismatch." 288 289 $INTSETUP close $DEV_NAME 290 echo "[OK]" 291 } 292 293 int_mode() # alg tag_size sector_size [keyfile keysize] 294 { 295 if [ -n "$5" ] ; then 296 KEY_PARAMS="--integrity-key-file $4 --integrity-key-size $5" 297 else 298 KEY_PARAMS="" 299 fi 300 301 echo -n "[MODE TESTS:$1:$2:$3]" 302 ARGS="--tag-size $2 --sector-size $3" 303 304 $INTSETUP format -q $ARGS $KEY_PARAMS $DEV --integrity $1 || fail "Cannot format device." 305 306 echo -n "[JOURNALED WRITES]" 307 $INTSETUP open $DEV $DEV_NAME --integrity $1 $KEY_PARAMS || fail "Cannot activate device with journal." 308 status_check "mode" "read/write" 309 kernel_param_check 7 "J" 310 311 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 312 313 echo -n "[DIRECT WRITES]" 314 $INTSETUP open $DEV $DEV_NAME --integrity $1 $KEY_PARAMS --integrity-no-journal || fail "Cannot activate device without journal." 315 status_check "mode" "read/write" 316 status_check "journal" "not active" 317 kernel_param_check 7 "D" 318 319 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 320 321 echo -n "[RECOVERY MODE]" 322 $INTSETUP open $DEV $DEV_NAME --integrity $1 $KEY_PARAMS --integrity-recovery-mode || fail "Cannot activate device in recovery mode." 323 status_check "mode" "read/write recovery" 324 kernel_param_check 7 "R" 325 326 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 327 328 echo "[OK]" 329 } 330 331 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." 332 [ ! -x "$INTSETUP" ] && skip "Cannot find $INTSETUP, test skipped." 333 which blockdev >/dev/null || skip "Cannot find blockdev utility, test skipped." 334 335 [ -n "$VALG" ] && valgrind_setup && INTSETUP=valgrind_run 336 which hexdump >/dev/null 2>&1 || skip "WARNING: hexdump tool required." 337 which xxd >/dev/null 2>&1 || skip "WARNING: xxd tool required." 338 modprobe dm-integrity >/dev/null 2>&1 339 dm_integrity_features 340 341 add_device 342 intformat blake2s-256 blake2s-256 32 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11 343 intformat blake2b-256 blake2b-256 32 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11 344 intformat crc32c crc32c 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7 345 intformat crc32 crc32 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7 346 intformat sha1 sha1 0 20 512 6eedd6344dab8875cd185fcd6565dfc869ab36bc57e577f40c685290b1fa7fe7 347 intformat sha1 sha1 16 16 4096 e152ec88227b539cd9cafd8bdb587a1072d720cd6bcebe1398d4136c9e7f337b 348 intformat sha256 sha256 0 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11 349 intformat hmac-sha256 hmac$sha256$ 0 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11 $KEY_FILE 32 350 intformat sha256 sha256 0 32 4096 33f7dfa5163ca9f740383fb8b0919574e38a7b20a94a4170fde4238196b7c4b4 351 intformat hmac-sha256 hmac$sha256$ 0 32 4096 33f7dfa5163ca9f740383fb8b0919574e38a7b20a94a4170fde4238196b7c4b4 $KEY_FILE 32 352 intformat hmac-sha256 hmac$sha256$ 0 32 4096 33f7dfa5163ca9f740383fb8b0919574e38a7b20a94a4170fde4238196b7c4b4 $KEY_FILE 4096 353 354 echo "Error detection tests:" 355 int_error_detection J crc32c 0 4 512 356 int_error_detection J crc32c 0 4 4096 357 int_error_detection J crc32 0 4 512 358 int_error_detection J crc32 0 4 4096 359 int_error_detection J sha1 0 20 512 360 int_error_detection J sha1 16 16 512 361 int_error_detection J sha1 0 20 4096 362 int_error_detection J sha256 0 32 512 363 int_error_detection J sha256 0 32 4096 364 365 which xxd >/dev/null 2>&1 || skip "WARNING: xxd tool required." 366 int_error_detection J hmac-sha256 0 32 512 $KEY_FILE 32 367 int_error_detection J hmac-sha256 0 32 4096 $KEY_FILE 32 368 369 echo "Journal parameters tests:" 370 # Watermark is calculated in kernel, so it can be rounded down/up 371 int_journal crc32 4 512 66 1000 hmac-sha256 $KEY_FILE 32 hmac$sha256$ 372 int_journal sha256 32 4096 34 5000 hmac-sha1 $KEY_FILE 16 hmac$sha1$ 373 int_journal sha1 20 512 75 9999 hmac-sha256 $KEY_FILE 32 hmac$sha256$ 374 int_journal sha1 20 512 75 9999 hmac-sha256 $KEY_FILE 4096 hmac$sha256$ 375 376 echo "Journal encryption tests:" 377 int_journal_crypt cbc-aes cbc$aes$ $KEY_FILE 32 378 int_journal_crypt cbc-aes cbc$aes$ $KEY_FILE 16 379 int_journal_crypt ctr-aes ctr$aes$ $KEY_FILE 32 380 int_journal_crypt ctr-aes ctr$aes$ $KEY_FILE 16 381 382 echo "Mode tests:" 383 int_mode crc32c 4 512 384 int_mode crc32 4 512 385 int_mode sha1 20 512 386 int_mode sha256 32 512 387 int_mode hmac-sha256 32 512 $KEY_FILE 32 388 int_mode hmac-sha256 32 4096 $KEY_FILE 32 389 390 echo -n "Recalculate tags in-kernel:" 391 add_device 392 if [ -n "$DM_INTEGRITY_RECALC" ] ; then 393 $INTSETUP format -q $DEV --no-wipe || fail "Cannot format device." 394 $INTSETUP open $DEV $DEV_NAME --integrity-recalculate || fail "Cannot activate device." 395 dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M 2>/dev/null || fail "Cannot recalculate tags in-kernel" 396 int_check_sum_only 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7 397 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 398 echo -n "[OK]" 399 if [ -n "$DM_INTEGRITY_RESET" ] ; then 400 $INTSETUP open $DEV $DEV_NAME -I sha256 --integrity-recalculate-reset || fail "Cannot activate device." 401 dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M 2>/dev/null || fail "Cannot reset recalculate tags in-kernel" 402 int_check_sum_only 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7 403 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 404 echo "[RESET OK]" 405 else 406 echo "[RESET N/A]" 407 fi 408 else 409 echo "[N/A]" 410 fi 411 412 echo -n "Separate metadata device:" 413 if [ -n "$DM_INTEGRITY_META" ] ; then 414 add_device 415 $INTSETUP format -q $DEV --data-device $DEV2 || fail "Cannot format device." 416 $INTSETUP open $DEV --data-device $DEV2 $DEV_NAME || fail "Cannot activate device." 417 int_check_sum_only 83ee47245398adee79bd9c0a8bc57b821e92aba10f5f9ade8a5d1fae4d8c4302 418 $INTSETUP status $DEV_NAME | grep -q 'metadata device:' || fail 419 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 420 echo "[OK]" 421 else 422 echo "[N/A]" 423 fi 424 425 echo -n "Bitmap mode parameters:" 426 if [ -n "$DM_INTEGRITY_BITMAP" ] ; then 427 add_device 428 $INTSETUP format -q $DEV --integrity-bitmap-mode $DEV2 || fail "Cannot format device." 429 $INTSETUP open $DEV --integrity-bitmap-mode --bitmap-sectors-per-bit 65536 --bitmap-flush-time 5000 $DEV_NAME || fail "Cannot activate device." 430 $INTSETUP status $DEV_NAME | grep -q 'bitmap 512-byte sectors per bit: 65536' || fail 431 $INTSETUP status $DEV_NAME | grep -q 'bitmap flush interval: 5000 ms' || fail 432 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 433 echo "[OK]" 434 echo "Bitmap error detection tests:" 435 int_error_detection B crc32c 0 4 512 436 int_error_detection B crc32c 0 4 4096 437 int_error_detection B sha256 0 32 512 438 int_error_detection B sha256 0 32 4096 439 int_error_detection B hmac-sha256 0 32 512 $KEY_FILE 32 440 int_error_detection B hmac-sha256 0 32 4096 $KEY_FILE 32 441 else 442 echo "[N/A]" 443 fi 444 445 echo -n "Big device:" 446 add_device 447 DEV_LOOP=$(losetup -f $DEV --show) 448 if [ -n "$DEV_LOOP" ] ; then 449 dmsetup create $DEV_NAME2 <<EOF 450 0 16284 linear $DEV_LOOP 0 451 16284 80000000000 zero 452 EOF 453 [ ! -b /dev/mapper/$DEV_NAME2 ] && fail 454 $INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME2 455 $INTSETUP open /dev/mapper/$DEV_NAME2 $DEV_NAME || fail 456 D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME2 | grep provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g') 457 A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME) 458 # Compare strings (to avoid 64bit integers), not integers 459 [ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail 460 echo "[OK]" 461 else 462 echo "[N/A]" 463 fi 464 465 echo -n "Deferred removal of device:" 466 add_device 467 $INTSETUP format -q $DEV || fail "Cannot format device." 468 $INTSETUP open $DEV $DEV_NAME || fail "Cannot activate device." 469 dmsetup create $DEV_NAME2 --table "0 8 linear /dev/mapper/$DEV_NAME 0" 470 [ ! -b /dev/mapper/$DEV_NAME2 ] && fail 471 $INTSETUP close $DEV_NAME >/dev/null 2>&1 && fail 472 $INTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail 473 $INTSETUP close --deferred $DEV_NAME >/dev/null 2>&1 474 if [ $? -eq 0 ] ; then 475 dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail 476 $INTSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1 477 dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail 478 $INTSETUP close --deferred $DEV_NAME >/dev/null 2>&1 479 dmsetup remove $DEV_NAME2 || fail 480 $INTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail 481 echo "[OK]" 482 else 483 dmsetup remove $DEV_NAME2 >/dev/null 2>&1 484 $INTSETUP close $DEV_NAME >/dev/null 2>&1 485 echo "[N/A]" 486 fi 487 488 echo -n "Fixed HMAC and legacy flags:" 489 if [ -n "$DM_INTEGRITY_HMAC_FIX" ] ; then 490 add_device 491 # only data HMAC 492 ARGS="--integrity hmac-sha256 --integrity-key-file $KEY_FILE --integrity-key-size 32" 493 $INTSETUP format -q $DEV --integrity-legacy-hmac --no-wipe --tag-size 32 $ARGS || fail "Cannot format device." 494 $INTSETUP open $DEV $DEV_NAME --integrity-recalculate $ARGS >/dev/null 2>&1 && fail "Cannot activate device." 495 $INTSETUP open $DEV $DEV_NAME --integrity-legacy-recalculate $ARGS || fail "Cannot activate device." 496 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 497 # New version - must fail (no journal HMAC) 498 $INTSETUP format -q $DEV --no-wipe --tag-size 32 $ARGS || fail "Cannot format device." 499 $INTSETUP open $DEV $DEV_NAME --integrity-recalculate $ARGS >/dev/null 2>&1 && fail "Cannot activate device." 500 $INTSETUP open $DEV $DEV_NAME --integrity-legacy-recalculate $ARGS || fail "Cannot activate device." 501 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 502 503 # data and journal HMAC 504 ARGS="$ARGS --journal-integrity hmac-sha256 --journal-integrity-key-file $KEY_FILE2 --journal-integrity-key-size 32" 505 $INTSETUP format -q $DEV --integrity-legacy-hmac --no-wipe --tag-size 32 $ARGS || fail "Cannot format device." 506 $INTSETUP open $DEV $DEV_NAME --integrity-recalculate $ARGS >/dev/null 2>&1 && fail "Cannot activate device." 507 $INTSETUP open $DEV $DEV_NAME --integrity-legacy-recalculate $ARGS || fail "Cannot activate device." 508 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 509 # New fixed version 510 $INTSETUP format -q $DEV --no-wipe --tag-size 32 $ARGS || fail "Cannot format device." 511 $INTSETUP dump $DEV | grep "flags" | grep -q "fix_hmac" || fail "Flag for HMAC not set." 512 $INTSETUP open $DEV $DEV_NAME --integrity-recalculate $ARGS || fail "Cannot activate device." 513 $INTSETUP close $DEV_NAME || fail "Cannot deactivate device." 514 echo "[OK]" 515 else 516 echo "[N/A]" 517 fi 518 519 cleanup