"Fossies" - the Fresh Open Source Software Archive

Member "cryptsetup-2.4.3/tests/verity-compat-test" (13 Jan 2022, 20421 Bytes) of package /linux/misc/cryptsetup-2.4.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "verity-compat-test": 2.4.0_vs_2.4.1.

    1 #!/bin/bash
    2 
    3 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
    4 VERITYSETUP=$CRYPTSETUP_PATH/veritysetup
    5 VERITYSETUP_VALGRIND=../.libs/veritysetup
    6 VERITYSETUP_LIB_VALGRIND=../.libs
    7 
    8 DEV_NAME=verity3273
    9 DEV_NAME2=verity3273x
   10 DEV_OUT="$DEV_NAME.out"
   11 IMG=verity-data
   12 IMG_HASH=verity-hash
   13 IMG_TMP=tst-dev
   14 FEC_DEV=tst_fec123
   15 # If we need deterministic image creation
   16 DEV_SALT=9e7457222290f1bac0d42ad2de2d602a87bb871c22ab70ca040bad450578a436
   17 DEV_UUID=a60c98d2-ae9b-4865-bfcb-b4e3ace11033
   18 
   19 function remove_mapping()
   20 {
   21     [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 >/dev/null 2>&1
   22     [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME >/dev/null 2>&1
   23     [ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1
   24     rm -f $IMG $IMG.roothash $IMG_HASH $DEV_OUT $FEC_DEV $IMG_TMP >/dev/null 2>&1
   25     LOOPDEV1=""
   26     LOOPDEV2=""
   27 }
   28 
   29 function fail()
   30 {
   31     [ -n "$1" ] && echo "$1"
   32     echo "FAILED backtrace:"
   33     while caller $frame; do ((frame++)); done
   34     [ -f $DEV_OUT ] && cat $DEV_OUT
   35     remove_mapping
   36     exit 2
   37 }
   38 
   39 function skip()
   40 {
   41     [ -n "$1" ] && echo "$1"
   42     exit 77
   43 }
   44 
   45 function prepare() # $1 dev1_siz [$2 dev2_size]
   46 {
   47     remove_mapping
   48 
   49     dd if=/dev/zero of=$IMG bs=1k count=$1 >/dev/null 2>&1
   50     LOOPDEV1=$(losetup -f 2>/dev/null)
   51     [ -z "$LOOPDEV1" ] && fail "No free loop device"
   52     losetup $LOOPDEV1 $IMG
   53 
   54     [ -z "$2" ] && return
   55     LOOPDEV2=$IMG_HASH
   56 }
   57 
   58 function wipe()
   59 {
   60     dd if=/dev/zero of=$LOOPDEV1 bs=256k >/dev/null 2>&1
   61     rm -f $IMG_HASH $DEV_OUT >/dev/null 2>&1
   62 }
   63 
   64 function check_exists()
   65 {
   66     [ -b /dev/mapper/$DEV_NAME ] || fail
   67 }
   68 
   69 function check_version() # MAJ MIN
   70 {
   71     VER_STR=$(dmsetup targets | grep verity | cut -f 3 -dv)
   72     [ -z "$VER_STR" ] && fail "Failed to parse dm-verity version."
   73 
   74     VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
   75     VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
   76 
   77     test $VER_MAJ -gt $1 && return 0
   78     test $VER_MIN -ge $2 && return 0
   79     return 1
   80 }
   81 
   82 function compare_out() # $1 what, $2 expected
   83 {
   84     OPT=$(grep -v "^#" $DEV_OUT | grep -i "$1" | sed -e s/.*\:\ // )
   85     [ -z "$OPT" ] && fail
   86     [ $OPT != $2 ] && fail "$1 differs ($2)"
   87 }
   88 
   89 function check_root_hash_fail()
   90 {
   91     echo -n "Root hash check "
   92     ARR=(`$VERITYSETUP format $IMG $IMG_HASH --fec-device $FEC_DEV --fec-roots 2 -h sha256`)
   93     ROOT_HASH=${ARR[28]}
   94     ROOT_HASH_BAD=abcdef0000000000000000000000000000000000000000000000000000000000
   95 
   96     $VERITYSETUP verify $IMG $IMG_HASH $ROOT_HASH || fail
   97     $VERITYSETUP verify $IMG $IMG_HASH $ROOT_HASH_BAD >/dev/null 2>&1 && fail
   98     $VERITYSETUP verify $IMG $IMG_HASH $ROOT_HASH_BAD --fec-device $FEC_DEV --fec-roots 2 >/dev/null 2>&1 && fail
   99 
  100     $VERITYSETUP open $IMG $DEV_NAME $IMG_HASH $ROOT_HASH || fail
  101     check_exists
  102     dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=4096 count=1 >/dev/null 2>&1
  103     dmsetup status $DEV_NAME | grep "verity V" >/dev/null || fail
  104     $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
  105 
  106     $VERITYSETUP open $IMG $DEV_NAME $IMG_HASH $ROOT_HASH_BAD >/dev/null 2>&1 || fail
  107     check_exists
  108     dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=4096 count=1 >/dev/null 2>&1
  109     dmsetup status $DEV_NAME | grep "verity C" >/dev/null || fail
  110     $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
  111 
  112     echo "[OK]"
  113 }
  114 
  115 function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset]
  116 {
  117     local FORMAT_PARAMS
  118     local VERIFY_PARAMS
  119     local ROOT_HASH
  120 
  121     if [ -z "$LOOPDEV2" ] ; then
  122         BLOCKS=$(($6 / $1))
  123         DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \
  124                --hash-offset $6 \
  125                --data-blocks=$BLOCKS --debug"
  126     else
  127         DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
  128     fi
  129 
  130     for root_hash_as_file in yes no; do
  131     for sb in yes no; do
  132     FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --hash=$5 --salt=$3"
  133     if [ $sb == yes ] ; then
  134         VERIFY_PARAMS=""
  135     else
  136         FORMAT_PARAMS="$FORMAT_PARAMS --no-superblock"
  137         VERIFY_PARAMS=$FORMAT_PARAMS
  138     fi
  139     if [ $root_hash_as_file == yes ] ; then
  140         echo -n $2 > $IMG.roothash
  141         FORMAT_PARAMS="$FORMAT_PARAMS --root-hash-file=$IMG.roothash"
  142         VERIFY_PARAMS="$VERIFY_PARAMS --root-hash-file=$IMG.roothash"
  143         ROOT_HASH=""
  144     else
  145         ROOT_HASH="$2"
  146     fi
  147 
  148     for fail in data hash; do
  149     wipe
  150     echo -n "V$4(sb=$sb root_hash_as_file=$root_hash_as_file) $5 block size $1: "
  151     $VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT || fail
  152 
  153     echo -n "[root hash]"
  154     compare_out "root hash" $2
  155     compare_out "salt" "$3"
  156 
  157     $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 || fail
  158     echo -n "[verify]"
  159 
  160     $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH  >>$DEV_OUT 2>&1 || fail
  161     check_exists
  162     echo -n "[activate]"
  163 
  164     dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null
  165     dmsetup status $DEV_NAME | grep "verity V" >/dev/null || fail
  166     echo -n "[in-kernel verify]"
  167 
  168     $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
  169 
  170     case $fail in
  171     data)
  172         dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=3456 count=8 conv=notrunc 2>/dev/null
  173         TXT="data_dev"
  174         ;;
  175     hash)
  176         if [ -z "$LOOPDEV2" ] ; then
  177             dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=$((8193 + $4)) count=8 conv=notrunc 2>/dev/null
  178         else
  179             dd if=/dev/urandom of=$LOOPDEV2 bs=1 seek=8193 count=8 conv=notrunc 2>/dev/null
  180         fi
  181                 TXT="hash_dev"
  182         ;;
  183     esac
  184 
  185     $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 && \
  186         fail "userspace check for $TXT corruption"
  187     $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 || \
  188         fail "activation"
  189     dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null
  190     dmsetup status $DEV_NAME | grep "verity V" >/dev/null && \
  191         fail "in-kernel check for $TXT corruption"
  192     $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail "deactivation"
  193     echo "[$TXT corruption]"
  194     done
  195     done
  196     done
  197 }
  198 
  199 function corrupt_device() # $1 device, $2 device_size(in bytes), $3 #{corrupted_bytes}
  200 {
  201     # Repeatable magic corruption :-)
  202     CORRUPT=$3
  203     RANDOM=43
  204     while [ "$CORRUPT" -gt 0 ]; do
  205         SEEK=$RANDOM
  206         while [ $SEEK -ge $2 ] ; do SEEK=$RANDOM; done
  207         echo -n -e "\x55" | dd of=$1 bs=1 count=1 seek=$SEEK conv=notrunc > /dev/null 2>&1
  208         CORRUPT=$(($CORRUPT - 1))
  209     done
  210 }
  211 
  212 # $1 data_device, $2 hash_device, $3 fec_device, $4 data/hash_block_size(in bytes),
  213 # $5 data_size(in blocks), $6 device_size(in blocks), $7 hash_offset(in bytes),
  214 # $8 fec_offset(in bytes), $9 fec_roots, ${10} corrupted_bytes, [${11} superblock(y/n), ${12} salt]
  215 function check_fec()
  216 {
  217     INDEX=25
  218     dd if=/dev/zero of=$1 bs=$4 count=$6 > /dev/null 2>&1
  219 
  220     echo -n "Block_size: $4, Data_size: $(($4 * $5))B, FEC_roots: $9, Corrupted_bytes: ${10} "
  221 
  222     PARAMS=" --data-block-size=$4 --hash-block-size=$4 "
  223     if [ "$5" -ne "$6" ]; then
  224         PARAMS="$PARAMS --data-blocks=$5"
  225     fi
  226 
  227     if [ "$7" -ne 0 ]; then
  228         PARAMS="$PARAMS --hash-offset=$7"
  229     fi
  230 
  231     if [ "$8" -ne 0 ]; then
  232         PARAMS="$PARAMS --fec-offset=$8"
  233     fi
  234 
  235     if [ "${11}" == "n" ]; then
  236         INDEX=24
  237         echo -n "[no-superblock]"
  238         PARAMS="$PARAMS --no-superblock --salt=${12}"
  239     elif [ -n "${12}" ]; then
  240         PARAMS="$PARAMS --salt=${12}"
  241     fi
  242 
  243     if [[ "$1" == "$2" && "$1" == "$3" ]]; then
  244         echo -n "[one_device_test]"
  245         dd if=/dev/zero of=$IMG_TMP bs=$4 count=$5  > /dev/null 2>&1
  246         ARR=(`sha256sum $IMG_TMP`)
  247         HASH_ORIG=${ARR[0]}
  248     else
  249         ARR=(`sha256sum $1`)
  250         HASH_ORIG=${ARR[0]}
  251     fi
  252 
  253     ARR=(`$VERITYSETUP format $1 $2 --fec-device=$3 $PARAMS`)
  254     SALT=${ARR[$INDEX]}
  255     ROOT_HASH=${ARR[$(($INDEX+3))]}
  256 
  257     corrupt_device $1 $(($5 * $4)) ${10}
  258 
  259     $VERITYSETUP create $DEV_NAME $1 $2 $ROOT_HASH --fec-device=$3 $PARAMS > /dev/null 2>&1
  260     if [ "$?" -ne "0" ] ; then
  261         echo "[N/A, test skipped]"
  262         return 3
  263     fi
  264 
  265     udevadm settle > /dev/null 2>&1
  266 
  267     dd if=/dev/mapper/$DEV_NAME of=$IMG_TMP > /dev/null 2>&1
  268     ARR=(`sha256sum $IMG_TMP`)
  269 
  270     HASH_REPAIRED=${ARR[0]}
  271 
  272     $VERITYSETUP close $DEV_NAME
  273 
  274     if [ "$HASH_ORIG" != "$HASH_REPAIRED" ]; then
  275         echo -n "[kernel correction failed]"
  276         $VERITYSETUP verify $1 $2 $ROOT_HASH --fec-device=$3 $PARAMS >/dev/null 2>&1 && fail "Userspace verify should fail"
  277         echo -n "[userspace verify failed]"
  278         RET=1
  279     else
  280         echo -n "[repaired in kernel]"
  281         $VERITYSETUP verify $1 $2 $ROOT_HASH --fec-device=$3 $PARAMS >/dev/null 2>&1 || fail "Userspace verify failed"
  282                 echo "[userspace verify][OK]"
  283                 RET=0
  284        fi
  285     rm $1 $2 $3 $IMG_TMP > /dev/null 2>&1
  286        return $RET
  287 }
  288 
  289 function check_option() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, $6 CLI option, $7 status option
  290 {
  291     DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
  292     FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --hash=$5 --salt=$3"
  293 
  294     echo -n "Option $6 "
  295     $VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >/dev/null 2>&1 || fail
  296     $VERITYSETUP create $DEV_NAME $DEV_PARAMS $2 $6 >/dev/null 2>&1 || fail
  297     check_exists
  298     $VERITYSETUP status $DEV_NAME 2>/dev/null | grep flags | grep -q $7 || fail
  299     dmsetup table $DEV_NAME 2>/dev/null | grep -q $7 || fail
  300     $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
  301     echo "[OK]"
  302 }
  303 
  304 function valgrind_setup()
  305 {
  306     which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
  307     [ ! -f $VERITYSETUP_VALGRIND ] && fail "Unable to get location of veritysetup executable."
  308     export LD_LIBRARY_PATH="$VERITYSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
  309 }
  310 
  311 function valgrind_run()
  312 {
  313     INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${VERITYSETUP_VALGRIND} "$@"
  314 }
  315 
  316 function checkOffsetBug() # $1 size, $2 hash-offset, $3 data-blocks
  317 {
  318     echo -n "Size :: $1 B | Hash-offset :: $2 blocks | Data-blocks :: $3 "
  319     dd if=/dev/zero of=$IMG bs=1 count=0 seek=$1 >/dev/null 2>&1
  320     $VERITYSETUP --data-blocks=$3 --hash-offset=$2 format $IMG $IMG >/dev/null 2>&1 || fail "Test [hash-offset greater than 2G] failed"
  321     echo "[OK]"
  322     remove_mapping
  323 }
  324 
  325 function checkOverlapBug() # $1 size, $2 hash-offset, $3 data-blocks, $4 block_size, $5 fec_offset
  326 {
  327     echo -n "Device-size :: $1 B | "
  328     [ $# -ge 3 ] && echo -n "Data-blocks :: $3 blocks| "
  329     [ $# -lt 3 ] && echo -n "Data-blocks :: whole device | "
  330     [ $# -ge 4 ] && echo -n "Block-size :: $4 B | "
  331     [ $# -lt 4 ] && echo -n "Block-size :: 4096 B | "
  332     echo -n "Hash-offset :: $2 B | "
  333 
  334     dd if=/dev/zero of=$IMG bs=1 count=0 seek=$1 >/dev/null 2>&1
  335     if [ -z $3 ] ; then
  336         # veritysetup must fail
  337         $VERITYSETUP --hash-offset=$2 format $IMG $IMG >/dev/null 2>&1 && fail "Test [overlap with option \"--data-blocks\" not entered] failed"
  338     else
  339         $VERITYSETUP --data-block-size=$4 --hash-block-size=$4 --data-blocks=$3 --hash-offset=$2 format $IMG $IMG >/dev/null 2>&1
  340         RET=$?
  341         [ "$3" -gt "$(($2 / $4))" ] && [ "$RET" -eq "0" ] && fail "Test [overlap - hash-offset in data area] failed"
  342     fi
  343 
  344     if [ $# -eq 5 ] ; then
  345         echo -n "FEC-offset :: $5 B | "
  346         PARAMS="--data-block-size=$4 --hash-block-size=$4 --data-blocks=$3 --fec-device=$IMG --fec-offset=$5"
  347 
  348         # test data-fec area overlap
  349         $VERITYSETUP format $IMG $IMG_HASH $PARAMS >/dev/null 2>&1
  350         RET=$?
  351         [ "$(($3*$4))" -gt "$5" ] && [ "$RET" -eq "0" ] && fail "Test [data/fec area overlap] failed"
  352 
  353         HASH_SIZE=$(stat --printf="%s" $IMG_HASH)
  354 
  355         # test hash-fec area overlap
  356         $VERITYSETUP format $IMG $IMG $PARAMS --hash-offset=$2 >/dev/null 2>&1
  357         RET=$?
  358         [ "$(($2 + $HASH_SIZE))" -gt "$5" ] && [ "$RET" -eq "0" ] && fail "Test [hash/fec area overlap] failed"
  359     fi
  360 
  361     echo "[OK]"
  362     remove_mapping
  363 }
  364 
  365 # $1 size, $2 block size, $3 roots, $4 hash offset, $5 fec offset,
  366 # $6 one dev(1 - one device, 2 - one device for data and hash, one device for fec data, 3 - three separate devices),
  367 # $7 #{corrupted bytes}
  368 function checkUserSpaceRepair()
  369 {
  370     BS=512
  371     COUNT=50000
  372     dd if=/dev/zero of=$IMG bs=$BS count=$COUNT >/dev/null 2>&1
  373     PARAMS="--data-block-size=$2 --hash-block-size=$2 --fec-roots=$3"
  374     [ "$1" -gt 0 ] && PARAMS="$PARAMS --data-blocks=$1" && BS=$2 && COUNT=$1
  375 
  376     # different parameters for different number of devices
  377     [ "$6" -eq 1 ] && HASH_DEV=$IMG && FEC=$IMG && PARAMS="$PARAMS --hash-offset=$4 --fec-offset=$5" && echo -n "[One device]"
  378     [ "$6" -eq 2 ] && HASH_DEV=$IMG && FEC=$FEC_DEV && PARAMS="$PARAMS --hash-offset=$4" && echo -n "[Two separate data/hash and fec devices]"
  379     [ "$6" -eq 3 ] && HASH_DEV=$IMG_HASH && FEC=$FEC_DEV && echo -n "[Three separate devices]"
  380 
  381     echo -n "[nroots::$3]"
  382 
  383     ARR=(`$VERITYSETUP format $IMG $HASH_DEV --fec-device $FEC $PARAMS --salt=$DEV_SALT --uuid=$DEV_UUID`)
  384     ROOT_HASH=${ARR[28]}
  385 
  386     echo -n "[Errors can be corrected]"
  387     corrupt_device $IMG $(($BS*$COUNT)) $7
  388     $VERITYSETUP verify $IMG $HASH_DEV $ROOT_HASH --fec-device=$FEC $PARAMS >/dev/null 2>&1
  389     RET=$?
  390     [ "$RET" -ne 0 ] && fail "Device can be corrected, but it wasn't."
  391     echo -n "[OK]"
  392 
  393     echo -n "[Errors cannot be corrected]"
  394     dd if=/dev/urandom of=$IMG bs=$BS count=$COUNT conv=notrunc >/dev/null 2>&1
  395     $VERITYSETUP verify $IMG $HASH_DEV $ROOT_HASH --fec-device=$FEC $PARAMS >/dev/null 2>&1
  396     RET=$?
  397     [ "$RET" -eq 0 ] && fail "Device cannot be correct, but it didn't fail."
  398     echo "[OK]"
  399 }
  400 
  401 function check_concurrent() # $1 hash
  402 {
  403     DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
  404 
  405     # First check that with two sequential opens, we are returning the expected -EEXIST
  406     $VERITYSETUP format $DEV_PARAMS >/dev/null 2>&1 || fail
  407     $VERITYSETUP create $DEV_NAME $DEV_PARAMS $1 >/dev/null 2>&1 || fail
  408     check_exists
  409     $VERITYSETUP create $DEV_NAME $DEV_PARAMS $1 2>&1 >/dev/null | grep -q "Device $DEV_NAME already exists" || fail
  410     $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
  411 
  412     # Then do two concurrent opens, and check that libdevmapper did not return -EINVAL, which is
  413     # not gracefully recoverable. Either could fail depending on scheduling, so just check that
  414     # the libdevmapper error does not appear in either of the outputs.
  415     exec {out_1}< <($VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 2>&1)
  416     exec {out_2}< <($VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 2>&1)
  417     wait
  418     cat <&${out_1} | grep -q "Command failed with code .* (wrong or missing parameters)" && fail
  419     cat <&${out_2} | grep -q "Command failed with code .* (wrong or missing parameters)" && fail
  420     check_exists
  421     $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
  422 
  423     echo "[OK]"
  424 }
  425 
  426 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
  427 [ ! -x "$VERITYSETUP" ] && skip "Cannot find $VERITYSETUP, test skipped."
  428 
  429 [ -n "$VALG" ] && valgrind_setup && VERITYSETUP=valgrind_run
  430 modprobe dm-verity >/dev/null 2>&1
  431 dmsetup targets | grep verity >/dev/null 2>&1 || skip "Cannot find dm-verity target, test skipped."
  432 
  433 # VERITYSETUP tests
  434 
  435 SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
  436 
  437 echo "Verity tests [separate devices]"
  438 prepare 8192 1024
  439 check_root_hash_fail
  440 
  441 check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256
  442 check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256
  443 check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256
  444 # version 0
  445 check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256
  446 # no salt
  447 check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256
  448 # sha1
  449 check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1
  450 check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1
  451 
  452 echo "Verity tests [one device offset]"
  453 prepare $((8192 + 1024))
  454 check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 8388608
  455 check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256 8388608
  456 check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256 8388608
  457 # version 0
  458 check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256 8388608
  459 # no salt
  460 check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256 8388608
  461 # sha1
  462 check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 8388608
  463 check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 8388608
  464 
  465 if check_version 1 3; then
  466     echo "Verity data corruption options test."
  467     SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
  468     HASH=9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
  469     prepare 8192 1024
  470     check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption" "ignore_corruption"
  471     check_option 512 $HASH $SALT 1 sha256 "--restart-on-corruption" "restart_on_corruption"
  472     check_option 512 $HASH $SALT 1 sha256 "--ignore-zero-blocks" "ignore_zero_blocks"
  473     check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption --ignore-zero-blocks" "ignore_corruption"
  474     if check_version 1 4; then
  475         check_option 512 $HASH $SALT 1 sha256 "--check-at-most-once" "check_at_most_once"
  476     fi
  477     if check_version 1 7; then
  478         check_option 512 $HASH $SALT 1 sha256 "--panic-on-corruption" "panic_on_corruption"
  479     fi
  480 fi
  481 
  482 echo "Veritysetup [hash-offset bigger than 2G works] "
  483 checkOffsetBug 3000000000 2499997696 256
  484 checkOffsetBug 10000000000 8000000000 128
  485 
  486 echo "Veritysetup [overlap-detection] "
  487 checkOverlapBug 2097152 1433600
  488 checkOverlapBug 2097152 1433600 350 4096
  489 checkOverlapBug 2097152 1228800 350 4096 # data-hash overlap
  490 checkOverlapBug 2097152 0 350 4096 1228800 # data-fec overlap
  491 checkOverlapBug 10240000 256000 400 512 256512 # hash-fec overlap
  492 
  493 if check_version 1 3; then
  494     echo "Veritysetup [FEC tests]"
  495     for INDEX in  {1..4}; do
  496       # in the first iteration check if we can use FEC (it can be compiled-out)
  497       (check_fec $IMG $IMG $IMG 4096 30 150 163840 409600 $(($RANDOM % 23 + 2)) $(($INDEX * 4)) )
  498       RET=$?
  499       [ "$RET" -eq "3" ] && break
  500       [ "$RET" -eq "0" ] || fail "FEC repair failed"
  501 
  502       (check_fec $IMG $IMG $IMG 512  500 50000 2457600 4915200 $(($RANDOM % 23 + 2)) $(($INDEX * 4)) 'n' $SALT) || fail "FEC repair failed"
  503       (check_fec $IMG $IMG $IMG 512  500 50000 2457600 4915200 $(($RANDOM % 23 + 2)) $(($INDEX * 4)) 'y' $SALT) || fail "FEC repair failed"
  504       (check_fec $IMG $IMG $IMG 4096  64 6250  4194304 8388608 $(($RANDOM % 23 + 2)) $(($INDEX * 4)) 'n' $SALT) || fail "FEC repair failed"
  505       (check_fec $IMG $IMG $IMG 4096  64 6250  4194304 8388608 $(($RANDOM % 23 + 2)) $(($INDEX * 4)) 'y' $SALT) || fail "FEC repair failed"
  506 
  507       (check_fec $IMG $IMG_HASH $FEC_DEV 4096 30 30 0 0 $(($RANDOM % 23 + 2)) $(($INDEX * 4)) 'n' $SALT) || fail "FEC repair failed"
  508       (check_fec $IMG $IMG_HASH $FEC_DEV 4096 35 35 0 0 $(($RANDOM % 23 + 2)) $(($INDEX * 4))) || fail "FEC repair failed"
  509       (check_fec $IMG $IMG_HASH $FEC_DEV 512 2000 2000 0 0 $(($RANDOM % 23 + 2)) $(($INDEX * 4))) || fail "FEC repair failed"
  510       (check_fec $IMG $IMG_HASH $FEC_DEV 1024 2000 2000 0 0 $(($RANDOM % 23 + 2)) $(($INDEX * 4))) || fail "FEC repair failed"
  511       # this test should fail
  512       (check_fec $IMG $IMG_HASH $FEC_DEV 4096 30 30 0 0 $(($RANDOM % 23 + 2)) $(($RANDOM % 200 + 200))) && fail "FEC repair must fail"
  513       echo "[OK]"
  514     done
  515 fi
  516 
  517 echo "Correction in userspace: "
  518 # checkUserSpaceRepair <#blocks> <block_size> <roots> <hash_offset> <fec_offset> <#devices> <#corrupted bytes>
  519 checkUserSpaceRepair -1  512  2 0       0       3 100
  520 checkUserSpaceRepair 400 512  2 256000  0       2 50
  521 checkUserSpaceRepair 500 512  2 2457600  4915200  1 1
  522 checkUserSpaceRepair -1  4096 2 0       0       3 10
  523 checkUserSpaceRepair 400 4096 2 2048000 0       2 1
  524 checkUserSpaceRepair 500 4096 2 2457600 4915200 1 2
  525 
  526 echo -n "Verity concurrent opening tests:"
  527 prepare 8192 1024
  528 check_concurrent 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
  529 
  530 echo -n "Deferred removal of device:"
  531 prepare 8192 1024
  532 $VERITYSETUP format $LOOPDEV1 $IMG_HASH --format=1 --data-block-size=512 --hash-block-size=512 --hash=sha256 --salt=$SALT >/dev/null 2>&1 || fail "Cannot format device."
  533 $VERITYSETUP open $LOOPDEV1 $DEV_NAME $DEV $IMG_HASH 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 || fail "Cannot activate device."
  534 dmsetup create $DEV_NAME2 --table "0 8 linear /dev/mapper/$DEV_NAME 0"
  535 [ ! -b /dev/mapper/$DEV_NAME2 ] && fail
  536 $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 && fail
  537 $VERITYSETUP status $DEV_NAME >/dev/null 2>&1 || fail
  538 $VERITYSETUP close --deferred $DEV_NAME >/dev/null 2>&1
  539 if [ $? -eq 0 ] ; then
  540   dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
  541   $VERITYSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
  542   dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail
  543   $VERITYSETUP close --deferred $DEV_NAME >/dev/null 2>&1
  544   dmsetup remove $DEV_NAME2 || fail
  545   $VERITYSETUP status $DEV_NAME >/dev/null 2>&1 && fail
  546   echo "[OK]"
  547 else
  548   dmsetup remove $DEV_NAME2 >/dev/null 2>&1
  549   $VERITYSETUP close $DEV_NAME >/dev/null 2>&1
  550   echo "[N/A]"
  551 fi
  552 
  553 remove_mapping
  554 exit 0