"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/reencryption-compat-test" (13 Jan 2022, 13083 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "reencryption-compat-test": 2.3.6_vs_2.4.0.

    1 #!/bin/bash
    2 
    3 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
    4 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
    5 REENC=$CRYPTSETUP_PATH/cryptsetup-reencrypt
    6 FAST_PBKDF="--pbkdf-force-iterations 1000"
    7 
    8 DEV_NAME=reenc9768
    9 DEV_NAME2=reenc1273
   10 IMG=reenc-data
   11 IMG_HDR=$IMG.hdr
   12 ORIG_IMG=reenc-data-orig
   13 KEY1=key1
   14 PWD1="93R4P4pIqAH8"
   15 PWD2="1cND4319812f"
   16 PWD3="1-9Qu5Ejfnqv"
   17 
   18 MNT_DIR=./mnt_luks
   19 START_DIR=$(pwd)
   20 
   21 function del_scsi_device()
   22 {
   23     rmmod scsi_debug >/dev/null 2>&1
   24     sleep 2
   25 }
   26 
   27 function remove_mapping()
   28 {
   29     [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2
   30     [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
   31     [ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1
   32     rm -f $IMG $IMG_HDR $ORIG_IMG $KEY1 >/dev/null 2>&1
   33     umount $MNT_DIR > /dev/null 2>&1
   34     rmdir $MNT_DIR > /dev/null 2>&1
   35     LOOPDEV1=""
   36     del_scsi_device
   37 }
   38 
   39 function fail()
   40 {
   41     [ -n "$1" ] && echo "$1"
   42     echo "FAILED backtrace:"
   43     while caller $frame; do ((frame++)); done
   44     cd $START_DIR
   45     remove_mapping
   46     exit 2
   47 }
   48 
   49 function skip()
   50 {
   51     [ -n "$1" ] && echo "$1"
   52     exit 77
   53 }
   54 
   55 function add_scsi_device() {
   56     del_scsi_device
   57     if [ -d /sys/module/scsi_debug ] ; then
   58         echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
   59         exit 77
   60     fi
   61     modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
   62     if [ $? -ne 0 ] ; then
   63         echo "This kernel seems to not support proper scsi_debug module, test skipped."
   64         exit 77
   65     fi
   66 
   67     sleep 2
   68     SCSI_DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
   69     [ -b $SCSI_DEV ] || fail "Cannot find $SCSI_DEV."
   70 }
   71 
   72 function open_crypt() # $1 pwd, $2 hdr
   73 {
   74     if [ -n "$2" ] ; then
   75         echo "$1" | $CRYPTSETUP luksOpen $LOOPDEV1 $DEV_NAME --header $2 || fail
   76     elif [ -n "$1" ] ; then
   77         echo "$1" | $CRYPTSETUP luksOpen $LOOPDEV1 $DEV_NAME || fail
   78     else
   79         $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV1 $DEV_NAME || fail
   80     fi
   81 }
   82 
   83 function wipe_dev() # $1 dev
   84 {
   85     dd if=/dev/zero of=$1 bs=256k >/dev/null 2>&1
   86 }
   87 
   88 function wipe() # $1 pass
   89 {
   90     open_crypt $1
   91     wipe_dev /dev/mapper/$DEV_NAME
   92     udevadm settle >/dev/null 2>&1
   93     $CRYPTSETUP luksClose $DEV_NAME || fail
   94 }
   95 
   96 function prepare() # $1 dev1_siz
   97 {
   98     remove_mapping
   99 
  100     dd if=/dev/zero of=$IMG      bs=1k count=$1 >/dev/null 2>&1
  101     LOOPDEV1=$(losetup -f 2>/dev/null)
  102     [ -z "$LOOPDEV1" ] && fail "No free loop device"
  103     losetup $LOOPDEV1 $IMG
  104 
  105     if [ ! -e $KEY1 ]; then
  106         dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
  107     fi
  108 }
  109 
  110 function check_hash_dev() # $1 dev, $2 hash
  111 {
  112     HASH=$(sha256sum $1 | cut -d' ' -f 1)
  113     [ $HASH != "$2" ] && fail "HASH differs ($HASH)"
  114 }
  115 
  116 function check_hash() # $1 pwd, $2 hash, $3 hdr
  117 {
  118     open_crypt $1 $3
  119     check_hash_dev /dev/mapper/$DEV_NAME $2
  120     $CRYPTSETUP remove $DEV_NAME || fail
  121 }
  122 
  123 function backup_orig()
  124 {
  125     sync
  126     losetup -d $LOOPDEV1
  127     cp $IMG $ORIG_IMG
  128     losetup $LOOPDEV1 $IMG
  129 }
  130 
  131 function rollback()
  132 {
  133     sync
  134     losetup -d $LOOPDEV1
  135     cp $ORIG_IMG $IMG
  136     losetup $LOOPDEV1 $IMG
  137 }
  138 
  139 function check_slot() #space separated list of ENABLED key slots
  140 {
  141     local _KS0=DISABLED
  142     local _KS1=$_KS0 _KS2=$_KS0 _KS3=$_KS0 _KS4=$_KS0 _KS5=$_KS0 _KS6=$_KS0 _KS7=$_KS0
  143     local _tmp
  144 
  145     for _tmp in $*; do
  146         eval _KS$_tmp=ENABLED
  147     done
  148 
  149     local _out=$($CRYPTSETUP luksDump $LOOPDEV1 | grep -e "Key Slot" | cut -d ' ' -f 4)
  150 
  151     local _i=0
  152     for _tmp in $_out; do
  153         eval local _orig="\${_KS${_i}}"
  154         if [ "$_tmp" != "$_orig" ]; then
  155             echo "Keyslot $_i is $_tmp, expected result: $_orig"
  156             return 1
  157         fi
  158         _i=$[_i+1]
  159     done
  160 
  161     return 0
  162 }
  163 
  164 function simple_scsi_reenc()
  165 {
  166     echo -n "$1"
  167     echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF $SCSI_DEV || fail
  168 
  169     echo $PWD1 | $CRYPTSETUP luksOpen $SCSI_DEV $DEV_NAME || fail
  170     HASH=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
  171     $CRYPTSETUP luksClose $DEV_NAME || fail
  172 
  173     echo $PWD1 | $REENC -q $FAST_PBKDF $SCSI_DEV || fail
  174 
  175     echo $PWD1 | $CRYPTSETUP luksOpen $SCSI_DEV $DEV_NAME || fail
  176     check_hash_dev /dev/mapper/$DEV_NAME $HASH
  177     $CRYPTSETUP luksClose $DEV_NAME || fail
  178 }
  179 
  180 function mount_and_test() {
  181     test -d $MNT_DIR || mkdir -p $MNT_DIR
  182     mount $@ $MNT_DIR 2>/dev/null || {
  183         echo -n "failed to mount [SKIP]"
  184         return 0
  185     }
  186     rm $MNT_DIR/* 2>/dev/null
  187     cd $MNT_DIR
  188 
  189     if [ "${REENC:0:1}" != "/" ] ; then
  190         MNT_REENC=$START_DIR/$REENC
  191     else
  192         MNT_REENC=$REENC
  193     fi
  194 
  195     echo $PWD2 | $MNT_REENC $LOOPDEV1 -q --use-fsync --use-directio --write-log $FAST_PBKDF || return 1
  196     cd $START_DIR
  197     umount $MNT_DIR
  198     echo -n [OK]
  199 }
  200 
  201 function test_logging_tmpfs() {
  202     echo -n "[tmpfs]"
  203     mount_and_test -t tmpfs none -o size=$[25*1024*1024] || return 1
  204     echo
  205 }
  206 
  207 function test_logging() {
  208     echo -n "$1:"
  209     for img in $(ls img_fs*img.xz) ; do
  210         wipefs -a $SCSI_DEV > /dev/null
  211         echo -n "[${img%.img.xz}]"
  212         xz -d -c $img | dd of=$SCSI_DEV bs=4k >/dev/null 2>&1
  213         mount_and_test $SCSI_DEV || return 1
  214     done
  215     echo
  216 }
  217 
  218 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
  219 [ ! -x "$REENC" ] && skip "Cannot find $REENC, test skipped."
  220 which wipefs >/dev/null 2>&1 ||  skip "Cannot find wipefs, test skipped."
  221 
  222 # REENCRYPTION tests
  223 
  224 HASH1=b69dae56a14d1a8314ed40664c4033ea0a550eea2673e04df42a66ac6b9faf2c
  225 HASH2=d85ef2a08aeac2812a648deb875485a6e3848fc3d43ce4aa380937f08199f86b
  226 HASH3=e4e5749032a5163c45125eccf3e8598ba5ed840df442c97e1d5ad4ad84359605
  227 HASH4=2daeb1f36095b44b318410b3f4e8b5d989dcc7bb023d1426c492dab0a3053e74
  228 HASH5=5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
  229 
  230 echo "[1] Reencryption"
  231 prepare 8192
  232 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -s 128 -c aes-cbc-plain $FAST_PBKDF --align-payload 4096 $LOOPDEV1 || fail
  233 wipe $PWD1
  234 check_hash $PWD1 $HASH1
  235 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF
  236 check_hash $PWD1 $HASH1
  237 echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 $FAST_PBKDF
  238 check_hash $PWD1 $HASH1
  239 echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 -c aes-xts-plain64 -h sha256 $FAST_PBKDF
  240 check_hash $PWD1 $HASH1
  241 echo $PWD1 | $REENC $LOOPDEV1 -q --use-directio $FAST_PBKDF
  242 check_hash $PWD1 $HASH1
  243 echo $PWD1 | $REENC $LOOPDEV1 -q --master-key-file /dev/urandom $FAST_PBKDF
  244 check_hash $PWD1 $HASH1
  245 echo $PWD1 | $REENC $LOOPDEV1 -q -s 512 --master-key-file /dev/urandom $FAST_PBKDF
  246 check_hash $PWD1 $HASH1
  247 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail
  248 
  249 echo "[2] Reencryption with data shift"
  250 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF --align-payload 2048 $LOOPDEV1 || fail
  251 wipe $PWD1
  252 echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024S $FAST_PBKDF || fail
  253 check_hash $PWD1 $HASH2
  254 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF || fail
  255 check_hash $PWD1 $HASH2
  256 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail
  257 
  258 echo "[3] Reencryption with keyfile"
  259 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -d $KEY1 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF --align-payload 4096 $LOOPDEV1 || fail
  260 wipe
  261 check_hash "" $HASH1
  262 echo $PWD1 | $CRYPTSETUP -q luksAddKey -d $KEY1 $LOOPDEV1 $FAST_PBKDF || fail
  263 $REENC $LOOPDEV1 -d $KEY1 $FAST_PBKDF -q 2>/dev/null && fail
  264 $REENC $LOOPDEV1 -d $KEY1 -S 0 $FAST_PBKDF -q || fail
  265 check_hash "" $HASH1
  266 check_slot 0 || fail "Only keyslot 0 expected to be enabled"
  267 $REENC $LOOPDEV1 -d $KEY1 $FAST_PBKDF -q || fail
  268 # FIXME echo $PWD1 | $REENC ...
  269 
  270 echo "[4] Encryption of not yet encrypted device"
  271 # well, movin' zeroes :-)
  272 OFFSET=2048
  273 SIZE=$(blockdev --getsz $LOOPDEV1)
  274 wipe_dev $LOOPDEV1
  275 dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail
  276 check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3
  277 dmsetup remove --retry $DEV_NAME2 || fail
  278 echo $PWD1 | $REENC $LOOPDEV1 -c aes-cbc-essiv:sha256 -s 128 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail
  279 check_hash $PWD1 $HASH3
  280 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail
  281 # 64MiB + 1 KiB
  282 prepare 65537
  283 OFFSET=131072
  284 SIZE=$(blockdev --getsz $LOOPDEV1)
  285 wipe_dev $LOOPDEV1
  286 dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail
  287 check_hash_dev /dev/mapper/$DEV_NAME2 $HASH5
  288 dmsetup remove --retry $DEV_NAME2 || fail
  289 echo $PWD1 | $REENC $LOOPDEV1 -c aes-cbc-essiv:sha256 -s 128 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail
  290 check_hash $PWD1 $HASH5
  291 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail
  292 prepare 8192
  293 OFFSET=4096
  294 echo fake | $REENC $LOOPDEV1 -d $KEY1 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail
  295 $CRYPTSETUP open --test-passphrase $LOOPDEV1 -d $KEY1 || fail
  296 wipe_dev $LOOPDEV1
  297 
  298 echo "[5] Reencryption using specific keyslot"
  299 echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail
  300 echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 1 $LOOPDEV1 || fail
  301 echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 2 $LOOPDEV1 || fail
  302 echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 3 $LOOPDEV1 || fail
  303 echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 4 $LOOPDEV1 || fail
  304 echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 5 $LOOPDEV1 || fail
  305 echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 6 $LOOPDEV1 || fail
  306 echo -e "$PWD2\n$PWD3" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 7 $LOOPDEV1 || fail
  307 backup_orig
  308 echo $PWD2 | $REENC $FAST_PBKDF -S 0 -q $LOOPDEV1 || fail
  309 check_slot 0 || fail "Only keyslot 0 expected to be enabled"
  310 wipe $PWD2
  311 rollback
  312 echo $PWD1 | $REENC $FAST_PBKDF -S 1 -q $LOOPDEV1 || fail
  313 check_slot 1 || fail "Only keyslot 1 expected to be enabled"
  314 wipe $PWD1
  315 rollback
  316 echo $PWD2 | $REENC $FAST_PBKDF -S 6 -q $LOOPDEV1 || fail
  317 check_slot 6 || fail "Only keyslot 6 expected to be enabled"
  318 wipe $PWD2
  319 rollback
  320 echo $PWD3 | $REENC $FAST_PBKDF -S 7 -q $LOOPDEV1 || fail
  321 check_slot 7 || fail "Only keyslot 7 expected to be enabled"
  322 wipe $PWD3
  323 rollback
  324 echo $PWD3 | $REENC $FAST_PBKDF -S 8 -q $LOOPDEV1 2>/dev/null && fail
  325 $CRYPTSETUP luksDump $LOOPDEV1 > /dev/null || fail
  326 
  327 echo "[6] Reencryption using all active keyslots"
  328 echo -e "$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD3" | $REENC -q $LOOPDEV1 $FAST_PBKDF || fail
  329 check_slot 0 1 2 3 4 5 6 7 || fail "All keyslots expected to be enabled"
  330 
  331 echo "[7] Reencryption of block devices with different block size"
  332 add_scsi_device sector_size=512 dev_size_mb=8
  333 simple_scsi_reenc "[512 sector]"
  334 add_scsi_device sector_size=4096 dev_size_mb=8
  335 simple_scsi_reenc "[4096 sector]"
  336 add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=8
  337 simple_scsi_reenc "[4096/512 sector]"
  338 echo "[OK]"
  339 
  340 echo "[8] Header only reencryption (hash and iteration time)"
  341 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha1 $FAST_PBKDF $LOOPDEV1 || fail
  342 wipe $PWD1
  343 check_hash $PWD1 $HASH1
  344 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key || fail
  345 check_hash $PWD1 $HASH1
  346 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --pbkdf-force-iterations 999 2>/dev/null && fail
  347 check_hash $PWD1 $HASH1
  348 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha256 --pbkdf-force-iterations 1001
  349 check_hash $PWD1 $HASH1
  350 [ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A1 -m1 "Key Slot 0" | grep Iterations: | sed -e 's/[[:space:]]\+Iterations:\ \+//g')" -eq 1001 ] || fail
  351 [ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -m1 "Hash spec:" | cut -f2)" = "sha256" ] || fail
  352 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha512 $FAST_PBKDF
  353 check_hash $PWD1 $HASH1
  354 [ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A1 -m1 "Key Slot 0" | grep Iterations: | sed -e 's/[[:space:]]\+Iterations:\ \+//g')" -eq 1000 ] || fail
  355 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key $FAST_PBKDF
  356 check_hash $PWD1 $HASH1
  357 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail
  358 
  359 echo "[9] Test log I/Os on various underlying block devices"
  360 prepare 8192
  361 echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail
  362 add_scsi_device sector_size=512 dev_size_mb=32
  363 test_logging "[512 sector]" || fail
  364 add_scsi_device sector_size=4096 dev_size_mb=32
  365 test_logging "[4096 sector]" || fail
  366 add_scsi_device sector_size=512 dev_size_mb=32 physblk_exp=3
  367 test_logging "[4096/512 sector]" || fail
  368 test_logging_tmpfs || fail
  369 
  370 echo "[10] Removal of encryption"
  371 prepare 8192
  372 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail
  373 wipe $PWD1
  374 check_hash $PWD1 $HASH1
  375 echo $PWD1 | $REENC $LOOPDEV1 -q --decrypt || fail
  376 check_hash_dev $LOOPDEV1 $HASH4
  377 
  378 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -S5 $FAST_PBKDF $LOOPDEV1 || fail
  379 wipe $PWD1
  380 check_hash $PWD1 $HASH1
  381 echo $PWD1 | $REENC $LOOPDEV1 -q --decrypt || fail
  382 check_hash_dev $LOOPDEV1 $HASH4
  383 
  384 echo "[11] Detached header - adding encryption/reencryption/decryption"
  385 prepare 8192
  386 check_hash_dev $IMG $HASH4
  387 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR --new --type luks1
  388 check_hash $PWD1 $HASH4 $IMG_HDR
  389 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR
  390 check_hash $PWD1 $HASH4 $IMG_HDR
  391 echo $PWD1 | $REENC $LOOPDEV1 -q --header $IMG_HDR --decrypt
  392 check_hash_dev $IMG $HASH4
  393 # existing header of zero size
  394 cat /dev/null >$IMG_HDR
  395 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR --new --type luks1
  396 check_hash $PWD1 $HASH4 $IMG_HDR
  397 $CRYPTSETUP isLuks $LOOPDEV1 && fail
  398 $CRYPTSETUP isLuks $IMG_HDR || fail
  399 
  400 remove_mapping
  401 exit 0