cryptsetup: tests/reencryption-compat-test

"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/reencryption-compat-test" (13 Jan 2022, 13083 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "reencryption-compat-test":

2.3.6_vs_2.4.0.

1 #!/bin/bash 2 3 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." 4 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup 5 REENC=$CRYPTSETUP_PATH/cryptsetup-reencrypt 6 FAST_PBKDF="--pbkdf-force-iterations 1000" 7 8 DEV_NAME=reenc9768 9 DEV_NAME2=reenc1273 10 IMG=reenc-data 11 IMG_HDR=$IMG.hdr 12 ORIG_IMG=reenc-data-orig 13 KEY1=key1 14 PWD1="93R4P4pIqAH8" 15 PWD2="1cND4319812f" 16 PWD3="1-9Qu5Ejfnqv" 17 18 MNT_DIR=./mnt_luks 19 START_DIR=$(pwd) 20 21 function del_scsi_device() 22 { 23 rmmod scsi_debug >/dev/null 2>&1 24 sleep 2 25 } 26 27 function remove_mapping() 28 { 29 [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 30 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME 31 [ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1 32 rm -f $IMG $IMG_HDR $ORIG_IMG $KEY1 >/dev/null 2>&1 33 umount $MNT_DIR > /dev/null 2>&1 34 rmdir $MNT_DIR > /dev/null 2>&1 35 LOOPDEV1="" 36 del_scsi_device 37 } 38 39 function fail() 40 { 41 [ -n "$1" ] && echo "$1" 42 echo "FAILED backtrace:" 43 while caller $frame; do ((frame++)); done 44 cd $START_DIR 45 remove_mapping 46 exit 2 47 } 48 49 function skip() 50 { 51 [ -n "$1" ] && echo "$1" 52 exit 77 53 } 54 55 function add_scsi_device() { 56 del_scsi_device 57 if [ -d /sys/module/scsi_debug ] ; then 58 echo "Cannot use scsi_debug module (in use or compiled-in), test skipped." 59 exit 77 60 fi 61 modprobe scsi_debug $@ delay=0 >/dev/null 2>&1 62 if [ $? -ne 0 ] ; then 63 echo "This kernel seems to not support proper scsi_debug module, test skipped." 64 exit 77 65 fi 66 67 sleep 2 68 SCSI_DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /) 69 [ -b $SCSI_DEV ] || fail "Cannot find $SCSI_DEV." 70 } 71 72 function open_crypt() # $1 pwd, $2 hdr 73 { 74 if [ -n "$2" ] ; then 75 echo "$1" | $CRYPTSETUP luksOpen $LOOPDEV1 $DEV_NAME --header $2 || fail 76 elif [ -n "$1" ] ; then 77 echo "$1" | $CRYPTSETUP luksOpen $LOOPDEV1 $DEV_NAME || fail 78 else 79 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV1 $DEV_NAME || fail 80 fi 81 } 82 83 function wipe_dev() # $1 dev 84 { 85 dd if=/dev/zero of=$1 bs=256k >/dev/null 2>&1 86 } 87 88 function wipe() # $1 pass 89 { 90 open_crypt $1 91 wipe_dev /dev/mapper/$DEV_NAME 92 udevadm settle >/dev/null 2>&1 93 $CRYPTSETUP luksClose $DEV_NAME || fail 94 } 95 96 function prepare() # $1 dev1_siz 97 { 98 remove_mapping 99 100 dd if=/dev/zero of=$IMG bs=1k count=$1 >/dev/null 2>&1 101 LOOPDEV1=$(losetup -f 2>/dev/null) 102 [ -z "$LOOPDEV1" ] && fail "No free loop device" 103 losetup $LOOPDEV1 $IMG 104 105 if [ ! -e $KEY1 ]; then 106 dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 107 fi 108 } 109 110 function check_hash_dev() # $1 dev, $2 hash 111 { 112 HASH=$(sha256sum $1 | cut -d' ' -f 1) 113 [ $HASH != "$2" ] && fail "HASH differs ($HASH)" 114 } 115 116 function check_hash() # $1 pwd, $2 hash, $3 hdr 117 { 118 open_crypt $1 $3 119 check_hash_dev /dev/mapper/$DEV_NAME $2 120 $CRYPTSETUP remove $DEV_NAME || fail 121 } 122 123 function backup_orig() 124 { 125 sync 126 losetup -d $LOOPDEV1 127 cp $IMG $ORIG_IMG 128 losetup $LOOPDEV1 $IMG 129 } 130 131 function rollback() 132 { 133 sync 134 losetup -d $LOOPDEV1 135 cp $ORIG_IMG $IMG 136 losetup $LOOPDEV1 $IMG 137 } 138 139 function check_slot() #space separated list of ENABLED key slots 140 { 141 local _KS0=DISABLED 142 local _KS1=$_KS0 _KS2=$_KS0 _KS3=$_KS0 _KS4=$_KS0 _KS5=$_KS0 _KS6=$_KS0 _KS7=$_KS0 143 local _tmp 144 145 for _tmp in $*; do 146 eval _KS$_tmp=ENABLED 147 done 148 149 local _out=$($CRYPTSETUP luksDump $LOOPDEV1 | grep -e "Key Slot" | cut -d ' ' -f 4) 150 151 local _i=0 152 for _tmp in $_out; do 153 eval local _orig="\${_KS${_i}}" 154 if [ "$_tmp" != "$_orig" ]; then 155 echo "Keyslot $_i is $_tmp, expected result: $_orig" 156 return 1 157 fi 158 _i=$[_i+1] 159 done 160 161 return 0 162 } 163 164 function simple_scsi_reenc() 165 { 166 echo -n "$1" 167 echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF $SCSI_DEV || fail 168 169 echo $PWD1 | $CRYPTSETUP luksOpen $SCSI_DEV $DEV_NAME || fail 170 HASH=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1) 171 $CRYPTSETUP luksClose $DEV_NAME || fail 172 173 echo $PWD1 | $REENC -q $FAST_PBKDF $SCSI_DEV || fail 174 175 echo $PWD1 | $CRYPTSETUP luksOpen $SCSI_DEV $DEV_NAME || fail 176 check_hash_dev /dev/mapper/$DEV_NAME $HASH 177 $CRYPTSETUP luksClose $DEV_NAME || fail 178 } 179 180 function mount_and_test() { 181 test -d $MNT_DIR || mkdir -p $MNT_DIR 182 mount $@ $MNT_DIR 2>/dev/null || { 183 echo -n "failed to mount [SKIP]" 184 return 0 185 } 186 rm $MNT_DIR/* 2>/dev/null 187 cd $MNT_DIR 188 189 if [ "${REENC:0:1}" != "/" ] ; then 190 MNT_REENC=$START_DIR/$REENC 191 else 192 MNT_REENC=$REENC 193 fi 194 195 echo $PWD2 | $MNT_REENC $LOOPDEV1 -q --use-fsync --use-directio --write-log $FAST_PBKDF || return 1 196 cd $START_DIR 197 umount $MNT_DIR 198 echo -n [OK] 199 } 200 201 function test_logging_tmpfs() { 202 echo -n "[tmpfs]" 203 mount_and_test -t tmpfs none -o size=$[25*1024*1024] || return 1 204 echo 205 } 206 207 function test_logging() { 208 echo -n "$1:" 209 for img in $(ls img_fs*img.xz) ; do 210 wipefs -a $SCSI_DEV > /dev/null 211 echo -n "[${img%.img.xz}]" 212 xz -d -c $img | dd of=$SCSI_DEV bs=4k >/dev/null 2>&1 213 mount_and_test $SCSI_DEV || return 1 214 done 215 echo 216 } 217 218 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." 219 [ ! -x "$REENC" ] && skip "Cannot find $REENC, test skipped." 220 which wipefs >/dev/null 2>&1 || skip "Cannot find wipefs, test skipped." 221 222 # REENCRYPTION tests 223 224 HASH1=b69dae56a14d1a8314ed40664c4033ea0a550eea2673e04df42a66ac6b9faf2c 225 HASH2=d85ef2a08aeac2812a648deb875485a6e3848fc3d43ce4aa380937f08199f86b 226 HASH3=e4e5749032a5163c45125eccf3e8598ba5ed840df442c97e1d5ad4ad84359605 227 HASH4=2daeb1f36095b44b318410b3f4e8b5d989dcc7bb023d1426c492dab0a3053e74 228 HASH5=5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef 229 230 echo "[1] Reencryption" 231 prepare 8192 232 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -s 128 -c aes-cbc-plain $FAST_PBKDF --align-payload 4096 $LOOPDEV1 || fail 233 wipe $PWD1 234 check_hash $PWD1 $HASH1 235 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF 236 check_hash $PWD1 $HASH1 237 echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 $FAST_PBKDF 238 check_hash $PWD1 $HASH1 239 echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 -c aes-xts-plain64 -h sha256 $FAST_PBKDF 240 check_hash $PWD1 $HASH1 241 echo $PWD1 | $REENC $LOOPDEV1 -q --use-directio $FAST_PBKDF 242 check_hash $PWD1 $HASH1 243 echo $PWD1 | $REENC $LOOPDEV1 -q --master-key-file /dev/urandom $FAST_PBKDF 244 check_hash $PWD1 $HASH1 245 echo $PWD1 | $REENC $LOOPDEV1 -q -s 512 --master-key-file /dev/urandom $FAST_PBKDF 246 check_hash $PWD1 $HASH1 247 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail 248 249 echo "[2] Reencryption with data shift" 250 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF --align-payload 2048 $LOOPDEV1 || fail 251 wipe $PWD1 252 echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024S $FAST_PBKDF || fail 253 check_hash $PWD1 $HASH2 254 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF || fail 255 check_hash $PWD1 $HASH2 256 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail 257 258 echo "[3] Reencryption with keyfile" 259 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -d $KEY1 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF --align-payload 4096 $LOOPDEV1 || fail 260 wipe 261 check_hash "" $HASH1 262 echo $PWD1 | $CRYPTSETUP -q luksAddKey -d $KEY1 $LOOPDEV1 $FAST_PBKDF || fail 263 $REENC $LOOPDEV1 -d $KEY1 $FAST_PBKDF -q 2>/dev/null && fail 264 $REENC $LOOPDEV1 -d $KEY1 -S 0 $FAST_PBKDF -q || fail 265 check_hash "" $HASH1 266 check_slot 0 || fail "Only keyslot 0 expected to be enabled" 267 $REENC $LOOPDEV1 -d $KEY1 $FAST_PBKDF -q || fail 268 # FIXME echo $PWD1 | $REENC ... 269 270 echo "[4] Encryption of not yet encrypted device" 271 # well, movin' zeroes :-) 272 OFFSET=2048 273 SIZE=$(blockdev --getsz $LOOPDEV1) 274 wipe_dev $LOOPDEV1 275 dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail 276 check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3 277 dmsetup remove --retry $DEV_NAME2 || fail 278 echo $PWD1 | $REENC $LOOPDEV1 -c aes-cbc-essiv:sha256 -s 128 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail 279 check_hash $PWD1 $HASH3 280 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail 281 # 64MiB + 1 KiB 282 prepare 65537 283 OFFSET=131072 284 SIZE=$(blockdev --getsz $LOOPDEV1) 285 wipe_dev $LOOPDEV1 286 dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail 287 check_hash_dev /dev/mapper/$DEV_NAME2 $HASH5 288 dmsetup remove --retry $DEV_NAME2 || fail 289 echo $PWD1 | $REENC $LOOPDEV1 -c aes-cbc-essiv:sha256 -s 128 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail 290 check_hash $PWD1 $HASH5 291 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail 292 prepare 8192 293 OFFSET=4096 294 echo fake | $REENC $LOOPDEV1 -d $KEY1 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail 295 $CRYPTSETUP open --test-passphrase $LOOPDEV1 -d $KEY1 || fail 296 wipe_dev $LOOPDEV1 297 298 echo "[5] Reencryption using specific keyslot" 299 echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail 300 echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 1 $LOOPDEV1 || fail 301 echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 2 $LOOPDEV1 || fail 302 echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 3 $LOOPDEV1 || fail 303 echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 4 $LOOPDEV1 || fail 304 echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 5 $LOOPDEV1 || fail 305 echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 6 $LOOPDEV1 || fail 306 echo -e "$PWD2\n$PWD3" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF -S 7 $LOOPDEV1 || fail 307 backup_orig 308 echo $PWD2 | $REENC $FAST_PBKDF -S 0 -q $LOOPDEV1 || fail 309 check_slot 0 || fail "Only keyslot 0 expected to be enabled" 310 wipe $PWD2 311 rollback 312 echo $PWD1 | $REENC $FAST_PBKDF -S 1 -q $LOOPDEV1 || fail 313 check_slot 1 || fail "Only keyslot 1 expected to be enabled" 314 wipe $PWD1 315 rollback 316 echo $PWD2 | $REENC $FAST_PBKDF -S 6 -q $LOOPDEV1 || fail 317 check_slot 6 || fail "Only keyslot 6 expected to be enabled" 318 wipe $PWD2 319 rollback 320 echo $PWD3 | $REENC $FAST_PBKDF -S 7 -q $LOOPDEV1 || fail 321 check_slot 7 || fail "Only keyslot 7 expected to be enabled" 322 wipe $PWD3 323 rollback 324 echo $PWD3 | $REENC $FAST_PBKDF -S 8 -q $LOOPDEV1 2>/dev/null && fail 325 $CRYPTSETUP luksDump $LOOPDEV1 > /dev/null || fail 326 327 echo "[6] Reencryption using all active keyslots" 328 echo -e "$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD3" | $REENC -q $LOOPDEV1 $FAST_PBKDF || fail 329 check_slot 0 1 2 3 4 5 6 7 || fail "All keyslots expected to be enabled" 330 331 echo "[7] Reencryption of block devices with different block size" 332 add_scsi_device sector_size=512 dev_size_mb=8 333 simple_scsi_reenc "[512 sector]" 334 add_scsi_device sector_size=4096 dev_size_mb=8 335 simple_scsi_reenc "[4096 sector]" 336 add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=8 337 simple_scsi_reenc "[4096/512 sector]" 338 echo "[OK]" 339 340 echo "[8] Header only reencryption (hash and iteration time)" 341 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha1 $FAST_PBKDF $LOOPDEV1 || fail 342 wipe $PWD1 343 check_hash $PWD1 $HASH1 344 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key || fail 345 check_hash $PWD1 $HASH1 346 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --pbkdf-force-iterations 999 2>/dev/null && fail 347 check_hash $PWD1 $HASH1 348 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha256 --pbkdf-force-iterations 1001 349 check_hash $PWD1 $HASH1 350 [ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A1 -m1 "Key Slot 0" | grep Iterations: | sed -e 's/[[:space:]]\+Iterations:\ \+//g')" -eq 1001 ] || fail 351 [ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -m1 "Hash spec:" | cut -f2)" = "sha256" ] || fail 352 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha512 $FAST_PBKDF 353 check_hash $PWD1 $HASH1 354 [ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A1 -m1 "Key Slot 0" | grep Iterations: | sed -e 's/[[:space:]]\+Iterations:\ \+//g')" -eq 1000 ] || fail 355 echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key $FAST_PBKDF 356 check_hash $PWD1 $HASH1 357 $CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail 358 359 echo "[9] Test log I/Os on various underlying block devices" 360 prepare 8192 361 echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail 362 add_scsi_device sector_size=512 dev_size_mb=32 363 test_logging "[512 sector]" || fail 364 add_scsi_device sector_size=4096 dev_size_mb=32 365 test_logging "[4096 sector]" || fail 366 add_scsi_device sector_size=512 dev_size_mb=32 physblk_exp=3 367 test_logging "[4096/512 sector]" || fail 368 test_logging_tmpfs || fail 369 370 echo "[10] Removal of encryption" 371 prepare 8192 372 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail 373 wipe $PWD1 374 check_hash $PWD1 $HASH1 375 echo $PWD1 | $REENC $LOOPDEV1 -q --decrypt || fail 376 check_hash_dev $LOOPDEV1 $HASH4 377 378 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -S5 $FAST_PBKDF $LOOPDEV1 || fail 379 wipe $PWD1 380 check_hash $PWD1 $HASH1 381 echo $PWD1 | $REENC $LOOPDEV1 -q --decrypt || fail 382 check_hash_dev $LOOPDEV1 $HASH4 383 384 echo "[11] Detached header - adding encryption/reencryption/decryption" 385 prepare 8192 386 check_hash_dev $IMG $HASH4 387 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR --new --type luks1 388 check_hash $PWD1 $HASH4 $IMG_HDR 389 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR 390 check_hash $PWD1 $HASH4 $IMG_HDR 391 echo $PWD1 | $REENC $LOOPDEV1 -q --header $IMG_HDR --decrypt 392 check_hash_dev $IMG $HASH4 393 # existing header of zero size 394 cat /dev/null >$IMG_HDR 395 echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR --new --type luks1 396 check_hash $PWD1 $HASH4 $IMG_HDR 397 $CRYPTSETUP isLuks $LOOPDEV1 && fail 398 $CRYPTSETUP isLuks $IMG_HDR || fail 399 400 remove_mapping 401 exit 0