"Fossies" - the Fresh Open Source Software Archive 
Member "cryptsetup-2.4.3/tests/keyring-compat-test" (13 Jan 2022, 8433 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the last
Fossies "Diffs" side-by-side code changes report for "keyring-compat-test":
2.3.6_vs_2.4.0.
1 #!/bin/bash
2
3 CIPHER_XTS_PLAIN="aes-xts-plain64"
4 CIPHER_CBC_ESSIV="aes-cbc-essiv:sha256"
5 CIPHER_CBC_TCW="serpent-cbc-tcw"
6 # TODO: mode with LMK
7
8 TEST_KEYRING_NAME="keyringtest_keyring"
9
10 LOGON_KEY_16_OK="dmtst:lkey_16"
11 LOGON_KEY_32_OK="dmtst:lkey_32"
12 LOGON_KEY_64_OK="dmtst:lkey_64"
13
14 HEXKEY_16="be21aa8c733229347bd4e681891e213d";
15 HEXKEY_32="bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
16 HEXKEY_64="34f95b96abff946b64f1339ff8653cc77c38697c93b797a496f3786e86eed7781850d5112bbae17d209b8310a8f3a034f1cd297667bc0cd1438fad28d87ef6a1"
17
18 DEVSIZEMB=16
19 DEVSECTORS=$((DEVSIZEMB*1024*1024/512))
20 NAME=testcryptdev
21 CHKS_DMCRYPT=vk_in_dmcrypt.chk
22 CHKS_KEYRING=vk_in_keyring.chk
23
24 PWD="aaa"
25
26 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
27 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
28
29 [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
30
31 function remove_mapping()
32 {
33 [ -b /dev/mapper/$NAME ] && dmsetup remove --retry $NAME
34
35 # unlink whole test keyring
36 [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
37
38 rmmod scsi_debug >/dev/null 2>&1
39
40 rm -f $CHKS_DMCRYPT $CHKS_KEYRING
41 }
42
43 function skip()
44 {
45 [ -n "$1" ] && echo "$1"
46 remove_mapping
47 exit 77
48 }
49
50 function fail()
51 {
52 [ -n "$1" ] && echo "$1"
53 echo "FAILED backtrace:"
54 while caller $frame; do ((frame++)); done
55 remove_mapping
56 exit 2
57 }
58
59 # $1 hexbyte key
60 # $2 type
61 # $3 description
62 # $4 keyring
63 function load_key()
64 {
65 local tmp="$1"
66 shift
67 echo -n "$tmp" | xxd -r -p | keyctl padd $@ >/dev/null
68 }
69
70 function dm_crypt_keyring_support()
71 {
72 VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
73 [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
74
75 VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
76 VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
77
78 # run the test with dm-crypt v1.15.0+ on purpose
79 # the fix is in dm-crypt v1.18.1+
80 [ $VER_MAJ -gt 1 ] && return 0
81 [ $VER_MAJ -lt 1 ] && return 1
82 [ $VER_MIN -ge 15 ]
83 }
84
85 function test_and_prepare_keyring() {
86 keyctl list "@s" > /dev/null || skip "Current session keyring is unreachable, test skipped"
87 TEST_KEYRING=$(keyctl newring $TEST_KEYRING_NAME "@u" 2> /dev/null)
88 test -n "$TEST_KEYRING" || skip "Failed to create keyring in user keyring"
89 keyctl search "@s" keyring "$TEST_KEYRING" > /dev/null 2>&1 || keyctl link "@u" "@s" > /dev/null 2>&1
90 load_key "$HEXKEY_16" user test_key "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped."
91 }
92
93 function fips_mode()
94 {
95 [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
96 }
97
98 add_device() {
99 rmmod scsi_debug >/dev/null 2>&1
100 if [ -d /sys/module/scsi_debug ] ; then
101 echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
102 exit 77
103 fi
104
105 modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
106 if [ $? -ne 0 ] ; then
107 echo "This kernel seems to not support proper scsi_debug module, test skipped."
108 exit 77
109 fi
110
111 sleep 2
112 DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
113
114 DEV="/dev/$DEV"
115 [ -b $DEV ] || fail "Cannot find $DEV."
116 }
117
118 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
119 which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped"
120 which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
121 which xxd >/dev/null 2>&1 || skip "Cannot find xxd, test skipped"
122 which sha1sum > /dev/null 2>&1 || skip "Cannot find sha1sum, test skipped"
123 modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
124 dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped."
125
126 test_and_prepare_keyring
127
128 add_device dev_size_mb=$DEVSIZEMB
129
130 dd if=/dev/urandom of=$DEV bs=1M count=$DEVSIZEMB oflag=direct > /dev/null 2>&1 || fail
131
132 #test aes cipher with xts mode, plain IV
133 echo -n "Testing $CIPHER_XTS_PLAIN..."
134 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
135 sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
136 dmsetup remove --retry $NAME || fail
137 load_key "$HEXKEY_32" logon $LOGON_KEY_32_OK "$TEST_KEYRING" || fail "Cannot load 32 byte logon key type"
138 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN :32:logon:$LOGON_KEY_32_OK 0 $DEV 0" || fail
139 sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
140 dmsetup remove --retry $NAME || fail
141 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
142 # same test using message
143 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
144 sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
145 dmsetup remove --retry $NAME || fail
146 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
147 dmsetup suspend $NAME || fail
148 dmsetup message $NAME 0 key wipe || fail
149 dmsetup message $NAME 0 "key set :32:logon:$LOGON_KEY_32_OK" || fail
150 dmsetup resume $NAME || fail
151 sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
152 dmsetup remove --retry $NAME || fail
153 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
154 echo "OK"
155
156 #test aes cipher, xts mode, essiv IV
157 echo -n "Testing $CIPHER_CBC_ESSIV..."
158 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
159 sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
160 dmsetup remove --retry $NAME || fail
161 load_key "$HEXKEY_16" logon $LOGON_KEY_16_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
162 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV :16:logon:$LOGON_KEY_16_OK 0 $DEV 0" || fail
163 sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
164 dmsetup remove --retry $NAME || fail
165 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
166 # same test using message
167 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
168 sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
169 dmsetup remove --retry $NAME || fail
170 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
171 dmsetup suspend $NAME || fail
172 dmsetup message $NAME 0 key wipe || fail
173 dmsetup message $NAME 0 "key set :16:logon:$LOGON_KEY_16_OK" || fail
174 dmsetup resume $NAME || fail
175 sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
176 dmsetup remove --retry $NAME || fail
177 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
178 echo "OK"
179
180 #test serpent cipher, cbc mode, tcw IV
181 fips_mode || {
182 echo -n "Testing $CIPHER_CBC_TCW..."
183 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
184 sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
185 dmsetup remove --retry $NAME || fail
186 load_key "$HEXKEY_64" logon $LOGON_KEY_64_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
187 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW :64:logon:$LOGON_KEY_64_OK 0 $DEV 0" || fail
188 sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
189 dmsetup remove --retry $NAME || fail
190 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
191 # same test using message
192 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
193 sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
194 dmsetup remove --retry $NAME || fail
195 dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
196 dmsetup suspend $NAME || fail
197 dmsetup message $NAME 0 key wipe || fail
198 dmsetup message $NAME 0 "key set :64:logon:$LOGON_KEY_64_OK" || fail
199 dmsetup resume $NAME || fail
200 sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
201 dmsetup remove --retry $NAME || fail
202 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
203 echo "OK"
204 }
205
206 echo -n "Test LUKS2 key refresh..."
207 echo $PWD | $CRYPTSETUP luksFormat --type luks2 --luks2-metadata-size 16k --luks2-keyslots-size 4064k --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --force-password $DEV || fail
208 echo $PWD | $CRYPTSETUP open $DEV $NAME || fail
209 $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" || skip "LUKS2 can't use keyring. Test skipped."
210 dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_KEYRING || fail
211 echo $PWD | $CRYPTSETUP refresh $NAME --disable-keyring || fail
212 $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" && fail "Key is still in keyring"
213 dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_DMCRYPT || fail
214 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
215 echo "OK"
216
217 remove_mapping