"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/keyring-test" (13 Jan 2022, 9277 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "keyring-test": 2.3.6_vs_2.4.0.

    1 #!/bin/bash
    2 
    3 DEV_ZERO="dmtst-zero"
    4 DEV_CRYPT="dmtst-crypt"
    5 
    6 CIPHER="aes-xts-plain64"
    7 
    8 TEST_KEYRING_NAME="keyringtest_keyring"
    9 
   10 USER_KEY_32_OK="dmtst:ukey_32_ok"
   11 USER_KEY_32_WRONG="dmtst:ukey_32_wrong_size"
   12 
   13 LOGON_KEY_32_OK="dmtst:lkey_32_ok"
   14 LOGON_KEY_32_WRONG="dmtst:lkey_32_wrong_size"
   15 
   16 PAYLOAD_32="bb21158c733229347bd4e681891e213d"
   17 PAYLOAD_31="bb21158c733229347bd4e681891e213"
   18 
   19 HEXKEY_32="bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
   20 HEXKEY_32_BAD="bb21158c733229347bd4e68189XXXX3d94c685be6a5b84818afe7a78a6de7a1a"
   21 HEXKEY_31="bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a"
   22 
   23 function remove_mapping()
   24 {
   25     [ -b /dev/mapper/$DEV_CRYPT ] && dmsetup remove --retry $DEV_CRYPT
   26     [ -b /dev/mapper/$DEV_ZERO ] && dmsetup remove --retry $DEV_ZERO
   27 
   28     # unlink whole test keyring
   29     [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
   30 }
   31 
   32 function skip()
   33 {
   34     [ -n "$1" ] && echo "$1"
   35     remove_mapping
   36     exit 77
   37 }
   38 
   39 function fail()
   40 {
   41     [ -n "$1" ] && echo "$1"
   42     echo "FAILED backtrace:"
   43     while caller $frame; do ((frame++)); done
   44     remove_mapping
   45     exit 2
   46 }
   47 
   48 # $1 type
   49 # $2 description
   50 # $3 payload
   51 # $4 keyring
   52 function load_key()
   53 {
   54     keyctl add $@ >/dev/null
   55 }
   56 
   57 function dm_crypt_keyring_support()
   58 {
   59     VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
   60     [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
   61 
   62     VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
   63     VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
   64 
   65     [ $VER_MAJ -gt 1 ] && return 0
   66     [ $VER_MAJ -lt 1 ] && return 1
   67     [ $VER_MIN -ge 15 ]
   68 }
   69 
   70 function test_and_prepare_keyring() {
   71     keyctl list "@s" > /dev/null || skip "Current session keyring is unreachable, test skipped"
   72     TEST_KEYRING=$(keyctl newring $TEST_KEYRING_NAME "@u" 2> /dev/null)
   73     test -n "$TEST_KEYRING" || skip "Failed to create keyring in user keyring"
   74     keyctl search "@s" keyring "$TEST_KEYRING" > /dev/null 2>&1 || keyctl link "@u" "@s" > /dev/null 2>&1
   75     load_key user test_key test_data "$TEST_KEYRING" || skip "Kernel keyring service is useless on this system, test skipped."
   76 }
   77 
   78 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
   79 which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped"
   80 which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
   81 modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
   82 dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped."
   83 
   84 test_and_prepare_keyring
   85 
   86 load_key logon $LOGON_KEY_32_OK $PAYLOAD_32 "$TEST_KEYRING" || fail "Cannot load 32 byte logon key type"
   87 load_key user $USER_KEY_32_OK $PAYLOAD_32 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
   88 load_key logon $LOGON_KEY_32_WRONG $PAYLOAD_31 "$TEST_KEYRING" || fail "Cannot load 31 byte logon key type"
   89 load_key user $USER_KEY_32_WRONG $PAYLOAD_31 "$TEST_KEYRING" || fail "Cannot load 31 byte user key type"
   90 
   91 dmsetup create $DEV_ZERO --table "0 100 zero" || fail
   92 
   93 echo "[1] Valid keyring keys"
   94 
   95 # load logon type kernel key
   96 KEY=":32:logon:$LOGON_KEY_32_OK"
   97 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $KEY 0 /dev/mapper/$DEV_ZERO 0" || fail
   98 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER $KEY 0" || fail
   99 dmsetup remove --retry $DEV_CRYPT || fail
  100 
  101 # load user type kernel key
  102 KEY=":32:user:$USER_KEY_32_OK"
  103 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $KEY 0 /dev/mapper/$DEV_ZERO 0" || fail
  104 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER $KEY 0" || fail
  105 dmsetup remove --retry $DEV_CRYPT || fail
  106 
  107 # load logon type kernel key...
  108 KEY=":32:logon:$LOGON_KEY_32_OK"
  109 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $KEY 0 /dev/mapper/$DEV_ZERO 0" || fail
  110 dmsetup suspend $DEV_CRYPT || fail
  111 dmsetup message $DEV_CRYPT 0 "key wipe" || fail
  112 # ...replace the key with hexkey...
  113 dmsetup message $DEV_CRYPT 0 "key set $HEXKEY_32" || fail
  114 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER $HEXKEY_32 0" || fail
  115 dmsetup resume $DEV_CRYPT || fail
  116 dmsetup suspend $DEV_CRYPT || fail
  117 # ...and replace it again with user type kernel key...
  118 dmsetup message $DEV_CRYPT 0 "key set :32:user:$USER_KEY_32_OK" || fail
  119 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER :32:user:$USER_KEY_32_OK 0" || fail
  120 dmsetup message $DEV_CRYPT 0 "key set $HEXKEY_32" || fail
  121 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER $HEXKEY_32 0" || fail
  122 dmsetup resume $DEV_CRYPT || fail
  123 dmsetup remove --retry $DEV_CRYPT || fail
  124 
  125 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $HEXKEY_32 0 /dev/mapper/$DEV_ZERO 0" || fail
  126 dmsetup suspend $DEV_CRYPT || fail
  127 dmsetup message $DEV_CRYPT 0 "key wipe" || fail
  128 dmsetup message $DEV_CRYPT 0 "key set :32:user:$USER_KEY_32_OK" || fail
  129 dmsetup resume $DEV_CRYPT || fail
  130 dmsetup suspend $DEV_CRYPT || fail
  131 dmsetup message $DEV_CRYPT 0 "key set :32:logon:$LOGON_KEY_32_OK" || fail
  132 dmsetup resume $DEV_CRYPT || fail
  133 dmsetup remove --retry $DEV_CRYPT || fail
  134 
  135 echo "[2] message ioctl"
  136 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $HEXKEY_32 0 /dev/mapper/$DEV_ZERO 0" || fail
  137 dmsetup suspend $DEV_CRYPT || fail
  138 dmsetup message $DEV_CRYPT 0 "key set :32:logon:$LOGON_KEY_32_WRONG" 2> /dev/null && fail
  139 # old key should be intact and valid
  140 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER $HEXKEY_32 0" || fail
  141 dmsetup resume $DEV_CRYPT || fail
  142 dmsetup suspend $DEV_CRYPT || fail
  143 # now the key gets destroyed by invalid input
  144 dmsetup message $DEV_CRYPT 0 "key set $HEXKEY_32_BAD" 2> /dev/null && fail
  145 dmsetup resume $DEV_CRYPT 2> /dev/null && fail
  146 # hmm... see the output. don't like it
  147 # dmsetup table --showkeys $DEV_CRYPT
  148 
  149 dmsetup message $DEV_CRYPT 0 "key set :32:user:$USER_KEY_32_OK" || fail
  150 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER :32:user:$USER_KEY_32_OK 0" || fail
  151 dmsetup message $DEV_CRYPT 0 "key set :31:logon:$LOGON_KEY_32_OK" 2> /dev/null && fail
  152 dmsetup message $DEV_CRYPT 0 "key set :" 2> /dev/null && fail
  153 dmsetup message $DEV_CRYPT 0 "key set ::::" 2> /dev/null && fail
  154 dmsetup message $DEV_CRYPT 0 "key set :0:logon:$LOGON_KEY_32_OK" 2> /dev/null && fail
  155 dmsetup message $DEV_CRYPT 0 "key set :32" 2> /dev/null && fail
  156 dmsetup message $DEV_CRYPT 0 "key set :32:" 2> /dev/null && fail
  157 dmsetup message $DEV_CRYPT 0 "key set :32:logon" 2> /dev/null && fail
  158 dmsetup message $DEV_CRYPT 0 "key set :32:logo" 2> /dev/null && fail
  159 dmsetup message $DEV_CRYPT 0 "key set :32:logon:" 2> /dev/null && fail
  160 dmsetup table --showkeys $DEV_CRYPT | grep -q "crypt $CIPHER :32:user:$USER_KEY_32_OK 0" || fail
  161 dmsetup message $DEV_CRYPT 0 "key set :32:user:$USER_KEY_32_OK" || fail
  162 dmsetup resume $DEV_CRYPT || fail
  163 dmsetup remove --retry $DEV_CRYPT || fail
  164 
  165 echo "[3] bOrked keys"
  166 # declare the key having 32 bytes but load key which has in fact 31 bytes only
  167 KEY=":32:logon:$LOGON_KEY_32_WRONG"
  168 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $KEY 0 /dev/mapper/$DEV_ZERO 0" 2> /dev/null && fail "dm-crypt accepted wrong key size"
  169 
  170 # declare the key having 31 bytes (incompatible with cipher) and load key with 32 bytes in real
  171 KEY=":31:logon:$LOGON_KEY_32_WRONG"
  172 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $KEY 0 /dev/mapper/$DEV_ZERO 0" 2> /dev/null && fail "dm-crypt accepted wrong key size"
  173 
  174 # declare the key being user type but try to load logon one
  175 KEY=":32:user:$LOGON_KEY_32"
  176 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $KEY 0 /dev/mapper/$DEV_ZERO 0" 2> /dev/null  && fail "dm-crypt accepted key description for invalid key type"
  177 
  178 # now the other way
  179 KEY=":32:logon:$USER_KEY_32"
  180 dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $KEY 0 /dev/mapper/$DEV_ZERO 0" 2> /dev/null  && fail "dm-crypt accepted key description for invalid key type"
  181 
  182 BORKED_KEYS=":\ 32:logon:$LOGON_KEY_32_OK
  183 : 32:logon:$LOGON_KEY_32_OK
  184 :+32:logon:$LOGON_KEY_32_OK
  185 :-32:logon:$LOGON_KEY_32_OK
  186 :32 :logon:$LOGON_KEY_32_OK
  187 :32\ :logon:$LOGON_KEY_32_OK
  188 :32_:logon:$LOGON_KEY_32_OK
  189 :32+:logon:$LOGON_KEY_32_OK
  190 :30+2:logon:$LOGON_KEY_32_OK
  191 :32+0:logon:$LOGON_KEY_32_OK
  192 :32: logon:$LOGON_KEY_32_OK
  193 :32:\ logon:$LOGON_KEY_32_OK
  194 :32:logonA:$LOGON_KEY_32_OK
  195 :32:logo:$LOGON_KEY_32_OK
  196 :32:llogon:$LOGON_KEY_32_OK
  197 :32xlogon:$LOGON_KEY_32_OK
  198 :32logon:$LOGON_KEY_32_OK
  199 :32:logonx$LOGON_KEY_32_OK
  200 :32:logon$LOGON_KEY_32_OK
  201 : 32:user:$USER_KEY_32_OK
  202 :\ 32:user:$USER_KEY_32_OK
  203 :+32:user:$USER_KEY_32_OK
  204 :-32:user:$USER_KEY_32_OK
  205 :32 :user:$USER_KEY_32_OK
  206 :32\ :user:$USER_KEY_32_OK
  207 :32_:user:$USER_KEY_32_OK
  208 :32+:user:$USER_KEY_32_OK
  209 :30+2:user:$USER_KEY_32_OK
  210 :32+0:user:$USER_KEY_32_OK
  211 :32: user:$USER_KEY_32_OK
  212 :32:\ user:$USER_KEY_32_OK
  213 :32:userA:$USER_KEY_32_OK
  214 :32:use:$USER_KEY_32_OK
  215 :32:uuser:$USER_KEY_32_OK
  216 :32xuser:$USER_KEY_32_OK
  217 :32user:$USER_KEY_32_OK
  218 :32:userx$USER_KEY_32_OK
  219 :32:user$USER_KEY_32_OK
  220 :32:userlogon:$USER_KEY_32_OK
  221 :32:userlogon:$LOGON_KEY_32_OK
  222 :32:logonuser:$USER_KEY_32_OK
  223 :32:logonuser:$LOGON_KEY_32_OK
  224 :32:logon:user:$USER_KEY_32_OK
  225 :32:logon:user:$LOGON_KEY_32_OK
  226 :32:user:logon:$USER_KEY_32_OK
  227 :32:user:logon:$LOGON_KEY_32_OK"
  228 
  229 # TODO: add tests with whitespace in key description (not possible with current libdevmapper)
  230 
  231 IFS="
  232 "
  233 
  234 for key in $BORKED_KEYS; do
  235     dmsetup create $DEV_CRYPT --table "0 100 crypt $CIPHER $key 0 /dev/mapper/$DEV_ZERO 0" 2> /dev/null && fail "dm-crypt accepted seriously borked key string"
  236 done
  237 
  238 remove_mapping