2 * cryptsetup library LUKS2 API check functions
4 * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2009-2021 Milan Broz
6 * Copyright (C) 2016-2021 Ondrej Kozina
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
32 #include <sys/types.h>
34 #include <linux/keyctl.h>
35 #include <sys/syscall.h>
36 #ifndef HAVE_KEY_SERIAL_T
37 #define HAVE_KEY_SERIAL_T
39 typedef int32_t key_serial_t;
45 #include "libcryptsetup.h"
47 #define DMDIR "/dev/mapper/"
49 #define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
50 #define DEVICE_EMPTY_name "crypt_zero"
51 #define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
52 #define DEVICE_ERROR_name "crypt_error"
53 #define DEVICE_ERROR DMDIR DEVICE_ERROR_name
55 #define CDEVICE_1 "ctest1"
56 #define CDEVICE_2 "ctest2"
57 #define CDEVICE_WRONG "O_o"
58 #define H_DEVICE "head_ok"
59 #define H_DEVICE_WRONG "head_wr"
60 #define L_DEVICE_1S "luks_onesec"
61 #define L_DEVICE_0S "luks_zerosec"
62 #define L_DEVICE_WRONG "luks_wr"
63 #define L_DEVICE_OK "luks_ok"
64 #define REQS_LUKS2_HEADER "luks2_header_requirements"
65 #define NO_REQS_LUKS2_HEADER "luks2_header_requirements_free"
66 #define BACKUP_FILE "csetup_backup_file"
67 #define IMAGE1 "compatimage2.img"
68 #define IMAGE_EMPTY "empty.img"
69 #define IMAGE_EMPTY_SMALL "empty_small.img"
70 #define IMAGE_EMPTY_SMALL_2 "empty_small2.img"
71 #define IMAGE_PV_LUKS2_SEC "blkid-luks2-pv.img"
73 #define KEYFILE1 "key1.file"
74 #define KEY1 "compatkey"
76 #define KEYFILE2 "key2.file"
77 #define KEY2 "0123456789abcdef"
79 #define PASSPHRASE "blabla"
80 #define PASSPHRASE1 "albalb"
82 #define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc"
84 #define DEVICE_WRONG "/dev/Ooo_"
85 #define DEVICE_CHAR "/dev/zero"
86 #define THE_LFILE_TEMPLATE "cryptsetup-tstlp.XXXXXX"
88 #define KEY_DESC_TEST0 "cs_token_test:test_key0"
89 #define KEY_DESC_TEST1 "cs_token_test:test_key1"
91 #define CONV_DIR "conversion_imgs"
92 #define CONV_L1_128 "l1_128b"
93 #define CONV_L1_256 "l1_256b"
94 #define CONV_L1_512 "l1_512b"
95 #define CONV_L2_128 "l2_128b"
96 #define CONV_L2_128_FULL "l2_128b_full"
97 #define CONV_L2_256 "l2_256b"
98 #define CONV_L2_256_FULL "l2_256b_full"
99 #define CONV_L2_512 "l2_512b"
100 #define CONV_L2_512_FULL "l2_512b_full"
101 #define CONV_L1_128_DET "l1_128b_det"
102 #define CONV_L1_256_DET "l1_256b_det"
103 #define CONV_L1_512_DET "l1_512b_det"
104 #define CONV_L2_128_DET "l2_128b_det"
105 #define CONV_L2_128_DET_FULL "l2_128b_det_full"
106 #define CONV_L2_256_DET "l2_256b_det"
107 #define CONV_L2_256_DET_FULL "l2_256b_det_full"
108 #define CONV_L2_512_DET "l2_512b_det"
109 #define CONV_L2_512_DET_FULL "l2_512b_det_full"
110 #define CONV_L1_256_LEGACY "l1_256b_legacy_offset"
111 #define CONV_L1_256_UNMOVABLE "l1_256b_unmovable"
122 /* Allow to run without config.h */
123 #ifndef DEFAULT_LUKS1_HASH
124 #define DEFAULT_LUKS1_HASH "sha256"
125 #define DEFAULT_LUKS1_ITER_TIME 2000
126 #define DEFAULT_LUKS2_ITER_TIME 2000
127 #define DEFAULT_LUKS2_MEMORY_KB 1048576
128 #define DEFAULT_LUKS2_PARALLEL_THREADS 4
129 #define DEFAULT_LUKS2_PBKDF "argon2i"
132 static int _fips_mode = 0;
134 static char *DEVICE_1 = NULL;
135 static char *DEVICE_2 = NULL;
136 static char *DEVICE_3 = NULL;
137 static char *DEVICE_4 = NULL;
138 static char *DEVICE_5 = NULL;
139 static char *DEVICE_6 = NULL;
141 static char *tmp_file_1 = NULL;
142 static char *test_loop_file = NULL;
144 unsigned int test_progress_steps;
146 struct crypt_device *cd = NULL, *cd2 = NULL;
150 static unsigned cpus_online(void)
155 r = sysconf(_SC_NPROCESSORS_ONLN);
163 static uint32_t adjusted_pbkdf_memory(void)
165 long pagesize = sysconf(_SC_PAGESIZE);
166 long pages = sysconf(_SC_PHYS_PAGES);
169 if (pagesize <= 0 || pages <= 0)
170 return DEFAULT_LUKS2_MEMORY_KB;
172 memory_kb = pagesize / 1024 * pages / 2;
174 if (memory_kb < DEFAULT_LUKS2_MEMORY_KB)
175 return (uint32_t)memory_kb;
177 return DEFAULT_LUKS2_MEMORY_KB;
180 static unsigned _min(unsigned a, unsigned b)
182 return a < b ? a : b;
185 static int get_luks2_offsets(int metadata_device,
186 unsigned int alignpayload_sec,
187 unsigned int sector_size,
188 uint64_t *r_header_size,
189 uint64_t *r_payload_offset)
191 struct crypt_device *cd = NULL;
192 static uint64_t default_header_size = 0;
194 if (!default_header_size) {
195 if (crypt_init(&cd, THE_LOOP_DEV))
197 if (crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL)) {
202 default_header_size = crypt_get_data_offset(cd);
208 sector_size = 512; /* default? */
210 if ((sector_size % 512) && (sector_size % 4096))
213 if (r_payload_offset) {
215 *r_payload_offset = alignpayload_sec * sector_size;
217 *r_payload_offset = DIV_ROUND_UP_MODULO(default_header_size * 512, (alignpayload_sec ?: 1) * sector_size);
219 *r_payload_offset /= sector_size;
223 *r_header_size = default_header_size;
228 static void _remove_keyfiles(void)
234 #if HAVE_DECL_DM_TASK_RETRY_REMOVE
235 #define DM_RETRY "--retry "
240 #define DM_NOSTDERR " 2>/dev/null"
242 static void _cleanup_dmdevices(void)
246 if (!stat(DMDIR H_DEVICE, &st))
247 _system("dmsetup remove " DM_RETRY H_DEVICE DM_NOSTDERR, 0);
249 if (!stat(DMDIR H_DEVICE_WRONG, &st))
250 _system("dmsetup remove " DM_RETRY H_DEVICE_WRONG DM_NOSTDERR, 0);
252 if (!stat(DMDIR L_DEVICE_0S, &st))
253 _system("dmsetup remove " DM_RETRY L_DEVICE_0S DM_NOSTDERR, 0);
255 if (!stat(DMDIR L_DEVICE_1S, &st))
256 _system("dmsetup remove " DM_RETRY L_DEVICE_1S DM_NOSTDERR, 0);
258 if (!stat(DMDIR L_DEVICE_WRONG, &st))
259 _system("dmsetup remove " DM_RETRY L_DEVICE_WRONG DM_NOSTDERR, 0);
261 if (!stat(DMDIR L_DEVICE_OK, &st))
262 _system("dmsetup remove " DM_RETRY L_DEVICE_OK DM_NOSTDERR, 0);
267 static void _cleanup(void)
274 //_system("udevadm settle", 0);
276 if (!stat(DMDIR CDEVICE_1, &st))
277 _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0);
279 if (!stat(DMDIR CDEVICE_2, &st))
280 _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0);
282 if (!stat(DEVICE_EMPTY, &st))
283 _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0);
285 if (!stat(DEVICE_ERROR, &st))
286 _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0);
288 _cleanup_dmdevices();
290 if (loop_device(THE_LOOP_DEV))
291 loop_detach(THE_LOOP_DEV);
293 if (loop_device(DEVICE_1))
294 loop_detach(DEVICE_1);
296 if (loop_device(DEVICE_2))
297 loop_detach(DEVICE_2);
299 if (loop_device(DEVICE_3))
300 loop_detach(DEVICE_3);
302 if (loop_device(DEVICE_4))
303 loop_detach(DEVICE_4);
305 if (loop_device(DEVICE_5))
306 loop_detach(DEVICE_5);
308 if (loop_device(DEVICE_6))
309 loop_detach(DEVICE_6);
311 _system("rm -f " IMAGE_EMPTY, 0);
312 _system("rm -f " IMAGE1, 0);
313 _system("rm -rf " CONV_DIR, 0);
316 remove(test_loop_file);
320 remove(REQS_LUKS2_HEADER);
321 remove(NO_REQS_LUKS2_HEADER);
323 remove(IMAGE_PV_LUKS2_SEC);
324 remove(IMAGE_PV_LUKS2_SEC ".bcp");
325 remove(IMAGE_EMPTY_SMALL);
326 remove(IMAGE_EMPTY_SMALL_2);
331 free(test_loop_file);
341 static int _setup(void)
346 test_loop_file = strdup(THE_LFILE_TEMPLATE);
347 if ((fd=mkstemp(test_loop_file)) == -1) {
348 printf("cannot create temporary file with template %s\n", test_loop_file);
352 snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
353 test_loop_file, SECTOR_SIZE, TST_LOOP_FILE_SIZE);
357 fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro);
360 tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
361 if ((fd=mkstemp(tmp_file_1)) == -1) {
362 printf("cannot create temporary file with template %s\n", tmp_file_1);
366 snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
367 tmp_file_1, SECTOR_SIZE, 10);
371 _system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1);
372 _system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1);
374 _system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1);
375 fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro);
378 _system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=32 2>/dev/null", 1);
379 fd = loop_attach(&DEVICE_2, IMAGE_EMPTY, 0, 0, &ro);
382 _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL " bs=1M count=7 2>/dev/null", 1);
384 _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1);
386 _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && xz -dk " NO_REQS_LUKS2_HEADER ".xz", 1);
387 fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro);
390 _system(" [ ! -e " REQS_LUKS2_HEADER " ] && xz -dk " REQS_LUKS2_HEADER ".xz", 1);
391 fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro);
394 _system(" [ ! -e " IMAGE_PV_LUKS2_SEC " ] && xz -dk " IMAGE_PV_LUKS2_SEC ".xz", 1);
395 _system(" [ ! -e " IMAGE_PV_LUKS2_SEC ".bcp ] && cp " IMAGE_PV_LUKS2_SEC " " IMAGE_PV_LUKS2_SEC ".bcp", 1);
396 fd = loop_attach(&DEVICE_6, IMAGE_PV_LUKS2_SEC, 0, 0, &ro);
399 _system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/null", 1);
401 if (_system("modprobe dm-crypt", 1))
404 if (t_dm_check_versions())
407 _system("rmmod dm-crypt", 0);
409 _fips_mode = fips_mode();
411 printf("FIPS MODE: %d\n", _fips_mode);
413 /* Use default log callback */
414 crypt_set_log_callback(NULL, &global_log_callback, NULL);
419 #ifdef KERNEL_KEYRING
420 static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring)
422 return syscall(__NR_add_key, type, description, payload, plen, keyring);
425 static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring)
427 return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring);
430 static key_serial_t request_key(const char *type,
431 const char *description,
432 const char *callout_info,
433 key_serial_t keyring)
435 return syscall(__NR_request_key, type, description, callout_info, keyring);
438 static key_serial_t _kernel_key_by_segment(struct crypt_device *cd, int segment)
440 char key_description[1024];
442 if (snprintf(key_description, sizeof(key_description), "cryptsetup:%s-d%u", crypt_get_uuid(cd), segment) < 1)
445 return request_key("logon", key_description, NULL, 0);
448 static int _volume_key_in_keyring(struct crypt_device *cd, int segment)
450 return _kernel_key_by_segment(cd, segment) >= 0 ? 0 : -1;
453 static int _drop_keyring_key(struct crypt_device *cd, int segment)
455 key_serial_t kid = _kernel_key_by_segment(cd, segment);
460 return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING);
464 static int test_open(struct crypt_device *cd,
470 const char *str = (const char *)usrptr;
472 *buffer = strdup(str);
475 *buffer_len = strlen(*buffer);
480 static int test_validate(struct crypt_device *cd, const char *json)
482 return (strstr(json, "magic_string") == NULL);
485 static void UseLuks2Device(void)
490 OK_(crypt_init(&cd, DEVICE_1));
491 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
492 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
493 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
494 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
495 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
496 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
497 OK_(crypt_deactivate(cd, CDEVICE_1));
498 FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
501 // repeat previous tests and check kernel keyring is released when not needed
502 if (t_dm_crypt_keyring_support()) {
503 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
504 FAIL_(_drop_keyring_key(cd, 0), "");
505 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), CRYPT_ACTIVATE_KEYRING_KEY));
506 OK_(_drop_keyring_key(cd, 0));
507 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
508 OK_(_drop_keyring_key(cd, 0));
509 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
510 FAIL_(_volume_key_in_keyring(cd, 0), "");
511 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
512 OK_(crypt_deactivate(cd, CDEVICE_1));
513 FAIL_(_volume_key_in_keyring(cd, 0), "");
518 OK_(strcmp("aes", crypt_get_cipher(cd)));
519 OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));
520 OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));
521 EQ_((int)key_size, crypt_get_volume_key_size(cd));
522 EQ_(8192, crypt_get_data_offset(cd));
524 EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
525 OK_(crypt_volume_key_verify(cd, key, key_size));
526 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
527 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
528 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
529 OK_(crypt_deactivate(cd, CDEVICE_1));
532 FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
533 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
538 static void SuspendDevice(void)
540 struct crypt_active_device cad;
544 uint64_t r_payload_offset;
545 const struct crypt_pbkdf_type fast_pbkdf = {
549 .flags = CRYPT_PBKDF_NO_BENCHMARK
552 OK_(crypt_init(&cd, DEVICE_1));
553 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
554 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
556 suspend_status = crypt_suspend(cd, CDEVICE_1);
557 if (suspend_status == -ENOTSUP) {
558 printf("WARNING: Suspend/Resume not supported, skipping test.\n");
559 OK_(crypt_deactivate(cd, CDEVICE_1));
565 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
566 EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
567 #ifdef KERNEL_KEYRING
568 FAIL_(_volume_key_in_keyring(cd, 0), "");
570 FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
572 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
573 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
574 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
576 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
577 EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
579 OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
580 OK_(crypt_suspend(cd, CDEVICE_1));
581 FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
582 FAIL_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key");
583 OK_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0));
584 FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
585 OK_(crypt_deactivate(cd, CDEVICE_1));
588 /* create LUKS device with detached header */
589 OK_(crypt_init(&cd, DEVICE_1));
590 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
591 OK_(crypt_set_data_device(cd, DEVICE_2));
592 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
595 /* Should be able to suspend but not resume if not header specified */
596 OK_(crypt_init_by_name(&cd, CDEVICE_1));
597 OK_(crypt_suspend(cd, CDEVICE_1));
598 FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
599 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header");
602 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_1));
603 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
605 /* Resume by volume key */
606 OK_(crypt_suspend(cd, CDEVICE_1));
607 key_size = sizeof(key);
608 memset(key, 0, key_size);
609 FAIL_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size), "wrong key");
610 OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
611 OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
612 OK_(crypt_deactivate(cd, CDEVICE_1));
615 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
616 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
618 /* Resume device with cipher_null */
619 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
620 OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
621 OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
622 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
623 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
624 OK_(crypt_suspend(cd, CDEVICE_1));
625 OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
626 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
627 EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
628 OK_(crypt_suspend(cd, CDEVICE_1));
629 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE)));
630 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
631 EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
632 OK_(crypt_deactivate(cd, CDEVICE_1));
636 _cleanup_dmdevices();
639 static void AddDeviceLuks2(void)
641 enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 };
642 struct crypt_pbkdf_type pbkdf = {
643 .type = CRYPT_KDF_ARGON2I,
645 .parallel_threads = 4,
646 .max_memory_kb = 1024,
649 struct crypt_params_luks2 params = {
651 .data_device = DEVICE_2,
654 char key[128], key2[128], key3[128];
656 const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd";
657 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
658 const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
659 size_t key_size = strlen(mk_hex) / 2;
660 const char *cipher = "aes";
661 const char *cipher_mode = "cbc-essiv:sha256";
662 uint64_t r_payload_offset, r_header_size, r_size_1;
664 /* Cannot use Argon2 in FIPS */
666 pbkdf.type = CRYPT_KDF_PBKDF2;
667 pbkdf.parallel_threads = 0;
668 pbkdf.max_memory_kb = 0;
671 crypt_decode_key(key, mk_hex, key_size);
672 crypt_decode_key(key3, mk_hex2, key_size);
675 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
676 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
677 OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1));
681 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
682 params.data_alignment = 0;
683 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Not enough space for keyslots material");
686 // test payload_offset = 0 for encrypted device with external header device
687 OK_(crypt_init(&cd, DMDIR H_DEVICE));
688 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
689 EQ_(crypt_get_data_offset(cd), 0);
692 params.data_alignment = 0;
693 params.data_device = NULL;
695 // test payload_offset = 0. format() should look up alignment offset from device topology
696 OK_(crypt_init(&cd, DEVICE_2));
697 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
698 OK_(!(crypt_get_data_offset(cd) > 0));
701 // set_data_offset has priority, alignment must be 0 or must be compatible
702 params.data_alignment = 0;
703 OK_(crypt_init(&cd, DEVICE_2));
704 OK_(crypt_set_data_offset(cd, OFFSET_8M));
705 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
706 EQ_(crypt_get_data_offset(cd), OFFSET_8M);
709 // Load gets the value from metadata
710 OK_(crypt_init(&cd, DEVICE_2));
711 OK_(crypt_set_data_offset(cd, OFFSET_2M));
712 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
713 EQ_(crypt_get_data_offset(cd), OFFSET_8M);
716 params.data_alignment = OFFSET_4M;
717 OK_(crypt_init(&cd, DEVICE_2));
718 FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k
719 OK_(crypt_set_data_offset(cd, OFFSET_2M));
720 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Alignment not compatible");
721 OK_(crypt_set_data_offset(cd, OFFSET_4M));
722 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
723 EQ_(crypt_get_data_offset(cd), OFFSET_4M);
727 * test limit values for backing device size
729 params.data_alignment = OFFSET_4M;
730 OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
731 OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
732 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
733 OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1));
735 // 1 sector less than required
736 OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG));
737 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device too small");
740 // 0 sectors for encrypted area
741 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
742 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
743 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Encrypted area too small");
746 // 1 sector for encrypted area
747 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
748 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
749 EQ_(crypt_get_data_offset(cd), r_payload_offset);
750 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
751 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
752 OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1));
753 EQ_(r_size_1, SECTOR_SIZE);
754 OK_(crypt_deactivate(cd, CDEVICE_1));
755 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
756 // restrict format only to empty context
757 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted");
758 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted");
759 // change data device to wrong one
760 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S));
761 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
762 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S));
763 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
764 OK_(crypt_deactivate(cd, CDEVICE_1));
767 params.data_alignment = 0;
768 params.data_device = DEVICE_2;
770 // generate keyslot material at the end of luks header
771 OK_(crypt_init(&cd, DMDIR H_DEVICE));
772 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
773 EQ_((int)key_size, crypt_get_volume_key_size(cd));
774 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
775 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
777 OK_(crypt_keyslot_get_pbkdf(cd, 7, &pbkdf_tmp));
778 OK_(strcmp(pbkdf_tmp.type, pbkdf.type));
780 NULL_(pbkdf_tmp.hash);
781 OK_(!(pbkdf_tmp.max_memory_kb >= 32));
782 OK_(!(pbkdf_tmp.parallel_threads >= 1));
784 OK_(strcmp(pbkdf_tmp.hash, pbkdf.hash));
785 OK_(!(pbkdf_tmp.iterations >= 4));
786 EQ_(0, pbkdf_tmp.time_ms); /* not usable in per-keyslot call */
789 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
790 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted");
791 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
793 // check active status without header
794 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL));
795 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
796 NULL_(crypt_get_type(cd));
797 OK_(strcmp(cipher, crypt_get_cipher(cd)));
798 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
799 EQ_((int)key_size, crypt_get_volume_key_size(cd));
800 OK_(crypt_deactivate(cd, CDEVICE_1));
803 params.data_alignment = OFFSET_1M;
804 params.data_device = NULL;
806 // test uuid mismatch and _init_by_name_and_header
807 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
808 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
809 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
811 params.data_alignment = 0;
812 params.data_device = DEVICE_2;
813 OK_(crypt_init(&cd, DMDIR H_DEVICE));
814 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
816 // there we've got uuid mismatch
817 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
818 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
819 NULL_(crypt_get_type(cd));
820 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device is active");
821 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active");
822 EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
823 OK_(crypt_deactivate(cd, CDEVICE_1));
826 params.data_device = NULL;
828 OK_(crypt_init(&cd, DEVICE_2));
829 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
831 // even with no keyslots defined it can be activated by volume key
832 OK_(crypt_volume_key_verify(cd, key, key_size));
833 OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
834 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
835 OK_(crypt_deactivate(cd, CDEVICE_2));
838 EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
839 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
840 EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
841 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
842 OK_(crypt_deactivate(cd, CDEVICE_2));
844 crypt_set_iteration_time(cd, 1);
845 EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
846 OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
847 OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
848 EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0));
849 FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2, 0, 1), "wrong key");
850 EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE2, 0, 1));
851 EQ_(4, crypt_keyslot_add_by_keyfile_offset(cd, 4, KEYFILE2, 0, 1, KEYFILE1, 0, 1));
852 FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
853 EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
854 EQ_(3, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 1, 0));
855 EQ_(4, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, 1, 0));
856 FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2), 2, 0), "not enough data");
857 FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, strlen(KEY2) + 1, 0), "cannot seek");
858 FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 2, 0), "wrong key");
859 EQ_(2, crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
860 OK_(crypt_keyslot_destroy(cd, 1));
861 OK_(crypt_keyslot_destroy(cd, 2));
862 OK_(crypt_keyslot_destroy(cd, 3));
863 OK_(crypt_keyslot_destroy(cd, 4));
864 OK_(crypt_deactivate(cd, CDEVICE_2));
867 FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
869 FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
871 EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));
872 EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
874 FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
875 FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
876 FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
877 OK_(crypt_keyslot_destroy(cd, 7));
878 EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
879 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
881 EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
882 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
883 EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
884 EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
886 EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
887 OK_(crypt_volume_key_verify(cd, key2, key_size));
888 OK_(memcmp(key, key2, key_size));
890 OK_(strcmp(cipher, crypt_get_cipher(cd)));
891 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
892 EQ_((int)key_size, crypt_get_volume_key_size(cd));
893 EQ_(r_payload_offset, crypt_get_data_offset(cd));
894 OK_(strcmp(DEVICE_2, crypt_get_device_name(cd)));
898 OK_(!(global_lines != 0));
901 FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format");
902 OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID));
903 OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd)));
905 FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
907 _cleanup_dmdevices();
909 /* LUKSv2 format tests */
911 /* very basic test */
912 OK_(crypt_init(&cd, DEVICE_2));
913 crypt_set_iteration_time(cd, 1);
914 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 0, NULL), "Wrong key size");
915 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
917 /* some invalid parameters known to cause troubles */
918 OK_(crypt_init(&cd, DEVICE_2));
919 crypt_set_iteration_time(cd, 0); /* wrong for argon2 but we don't know the pbkdf type yet, ignored */
920 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
922 OK_(crypt_init(&cd, DEVICE_2));
923 crypt_set_iteration_time(cd, 1);
924 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
925 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
928 OK_(crypt_init(&cd, DEVICE_2));
929 crypt_set_iteration_time(cd, 1);
930 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, NULL));
931 FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
932 FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
935 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
936 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
937 crypt_set_iteration_time(cd, 1);
938 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
939 EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 3);
940 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0");
944 * Check regression in getting keyslot encryption parameters when
945 * volume key size is unknown (no active keyslots).
947 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
948 crypt_set_iteration_time(cd, 1);
949 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
950 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
951 /* drop context copy of volume key */
953 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
954 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
955 EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
956 OK_(crypt_keyslot_destroy(cd, 0));
957 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
960 _cleanup_dmdevices();
963 static void Luks2MetadataSize(void)
965 struct crypt_pbkdf_type pbkdf = {
966 .type = CRYPT_KDF_ARGON2I,
968 .parallel_threads = 1,
969 .max_memory_kb = 128,
971 .flags = CRYPT_PBKDF_NO_BENCHMARK
973 struct crypt_params_luks2 params = {
975 .data_device = DEVICE_2,
978 char key[128], tmp[128];
980 const char *passphrase = "blabla";
981 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
982 size_t key_size = strlen(mk_hex) / 2;
983 const char *cipher = "aes";
984 const char *cipher_mode = "cbc-essiv:sha256";
985 uint64_t r_header_size, default_mdata_size, default_keyslots_size, mdata_size,
986 keyslots_size, r_header_wrong_size = 14336;
988 /* Cannot use Argon2 in FIPS */
990 pbkdf.type = CRYPT_KDF_PBKDF2;
991 pbkdf.parallel_threads = 0;
992 pbkdf.max_memory_kb = 0;
993 pbkdf.iterations = 1000;
996 crypt_decode_key(key, mk_hex, key_size);
999 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
1000 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
1001 OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_wrong_size)); /* 7 MiBs only */
1002 //default metadata sizes
1003 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1004 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1006 EQ_(keyslots_size, 0);
1007 OK_(crypt_set_metadata_size(cd, 0, 0));
1008 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1010 EQ_(keyslots_size, 0);
1011 OK_(crypt_set_metadata_size(cd, 0x004000, 0x004000));
1012 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1013 EQ_(mdata_size, 0x004000);
1014 EQ_(keyslots_size, 0x004000);
1015 OK_(crypt_set_metadata_size(cd, 0x008000, 0x008000));
1016 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1017 EQ_(mdata_size, 0x008000);
1018 EQ_(keyslots_size, 0x008000);
1019 FAIL_(crypt_set_metadata_size(cd, 0x008001, 0x008000), "Wrong size");
1020 FAIL_(crypt_set_metadata_size(cd, 0x008000, 0x008001), "Wrong size");
1023 // metadata settings
1024 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1025 OK_(crypt_set_metadata_size(cd, 0x080000, 0x080000));
1026 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1027 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
1029 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1030 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1031 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1032 EQ_(mdata_size, 0x080000);
1033 EQ_(keyslots_size, 0x080000);
1036 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1037 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1038 OK_(crypt_get_metadata_size(cd, &default_mdata_size, &default_keyslots_size));
1039 EQ_(default_mdata_size, 0x04000);
1040 EQ_(default_keyslots_size, (r_header_size * 512) - 2 * 0x04000);
1042 // check keyslots size calculation is correct
1043 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1044 OK_(crypt_set_metadata_size(cd, 0x80000, 0));
1045 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1046 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1047 EQ_(mdata_size, 0x80000);
1048 EQ_(keyslots_size, (r_header_size * 512) - 2 * 0x80000);
1051 // various metadata size checks combined with data offset
1052 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1053 OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size + 4096));
1054 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small.");
1055 OK_(crypt_set_metadata_size(cd, 0x20000, (r_header_size * 512) - 2 * 0x20000 + 4096));
1056 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small.");
1059 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1060 OK_(crypt_set_metadata_size(cd, 0x80000, 0));
1061 OK_(crypt_set_data_offset(cd, 0x80000 / 512 - 8));
1062 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Data offset is too small.");
1065 // H_DEVICE_WRONG size is 7MiB
1066 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
1067 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1068 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1069 EQ_(mdata_size, default_mdata_size);
1070 EQ_(keyslots_size, (r_header_wrong_size * 512) - 2 * default_mdata_size);
1073 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
1074 OK_(crypt_set_metadata_size(cd, 0x400000, 0));
1075 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device is too small.");
1078 // IMAGE_EMPTY_SMALL size is 7MiB but now it's regulare file
1079 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
1080 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1081 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1082 EQ_(mdata_size, default_mdata_size);
1083 EQ_(keyslots_size, default_keyslots_size);
1084 EQ_(crypt_get_data_offset(cd), 0);
1087 sprintf(tmp, "truncate -s %" PRIu64 " " IMAGE_EMPTY_SMALL, r_header_wrong_size * 512);
1090 // check explicit keyslots size and data offset are respected even with regular file mdevice
1091 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
1092 OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size));
1093 OK_(crypt_set_data_offset(cd, r_header_size + 8));
1094 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1095 OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
1096 EQ_(mdata_size, default_mdata_size);
1097 EQ_(keyslots_size, default_keyslots_size);
1098 EQ_(crypt_get_data_offset(cd), r_header_size + 8);
1101 _cleanup_dmdevices();
1104 static void UseTempVolumes(void)
1108 // Tepmporary device without keyslot but with on-disk LUKS header
1109 OK_(crypt_init(&cd, DEVICE_2));
1110 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "not yet formatted");
1111 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL));
1112 OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0));
1113 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
1116 OK_(crypt_init_by_name(&cd, CDEVICE_2));
1117 OK_(crypt_deactivate(cd, CDEVICE_2));
1120 // Dirty checks: device without UUID
1121 // we should be able to remove it but not manipulate with it
1122 snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
1123 "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
1124 "%s 2048\"", CDEVICE_2, DEVICE_2);
1126 OK_(crypt_init_by_name(&cd, CDEVICE_2));
1127 OK_(crypt_deactivate(cd, CDEVICE_2));
1128 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "No known device type");
1131 // Dirty checks: device with UUID but LUKS header key fingerprint must fail)
1132 snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
1133 "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
1134 "%s 2048\" -u CRYPT-LUKS2-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-ctest1",
1135 CDEVICE_2, DEVICE_2);
1137 OK_(crypt_init_by_name(&cd, CDEVICE_2));
1138 OK_(crypt_deactivate(cd, CDEVICE_2));
1139 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "wrong volume key");
1143 OK_(crypt_init(&cd, DEVICE_2));
1144 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1145 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "volume key is lost");
1149 static void Luks2HeaderRestore(void)
1152 struct crypt_pbkdf_type pbkdf = {
1153 .type = CRYPT_KDF_ARGON2I,
1155 .parallel_threads = 4,
1156 .max_memory_kb = 1024,
1159 struct crypt_params_luks2 params = {
1161 .data_alignment = 8192, // 4M, data offset will be 4096
1164 struct crypt_params_plain pl_params = {
1170 struct crypt_params_luks1 luks1 = {
1171 .data_alignment = 8192, // 4M offset to pass alignment test
1175 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1176 size_t key_size = strlen(mk_hex) / 2;
1177 const char *cipher = "aes";
1178 const char *cipher_mode = "cbc-essiv:sha256";
1179 uint64_t r_payload_offset;
1181 /* Cannot use Argon2 in FIPS */
1183 pbkdf.type = CRYPT_KDF_PBKDF2;
1184 pbkdf.parallel_threads = 0;
1185 pbkdf.max_memory_kb = 0;
1188 crypt_decode_key(key, mk_hex, key_size);
1190 OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
1191 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000));
1193 // do not restore header over plain device
1194 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1195 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, &pl_params));
1196 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1197 FAIL_(crypt_header_restore(cd, CRYPT_PLAIN, NO_REQS_LUKS2_HEADER), "Cannot restore header to PLAIN type device");
1198 FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Cannot restore header over PLAIN type device");
1199 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1200 OK_(crypt_deactivate(cd, CDEVICE_1));
1203 // FIXME: does following test make a sense in LUKS2?
1204 // volume key_size mismatch
1205 // OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1206 // memcpy(key2, key, key_size / 2);
1207 // OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key2, key_size / 2, ¶ms));
1208 // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Volume keysize mismatch");
1211 // payload offset mismatch
1212 params.data_alignment = 8193;
1213 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1214 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1215 FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Payload offset mismatch");
1217 params.data_alignment = 4096;
1218 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1219 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1220 // FIXME: either format has to fail or next line must be true
1221 // EQ_(crypt_get_data_offset(cd), params.data_alignment);
1222 // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Payload offset mismatch");
1225 // do not allow restore over LUKS1 header on device
1226 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1227 crypt_set_iteration_time(cd, 1);
1228 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &luks1));
1230 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1231 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1232 FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "LUKS1 format detected");
1235 /* check crypt_header_restore() properly loads crypt_device context */
1236 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1237 OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
1238 OK_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER));
1239 /* check LUKS2 specific API call returns non-error code */
1240 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
1242 /* same test, any LUKS */
1243 OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
1244 OK_(crypt_header_restore(cd, CRYPT_LUKS, NO_REQS_LUKS2_HEADER));
1245 /* check LUKS2 specific API call returns non-error code */
1246 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
1251 _cleanup_dmdevices();
1254 static void Luks2HeaderLoad(void)
1256 struct crypt_pbkdf_type pbkdf = {
1257 .type = CRYPT_KDF_ARGON2I,
1259 .parallel_threads = 4,
1260 .max_memory_kb = 1024,
1263 struct crypt_params_luks2 params = {
1265 .data_alignment = 8192, // 4M, data offset will be 4096
1266 .data_device = DEVICE_2,
1269 struct crypt_params_plain pl_params = {
1275 char key[128], cmd[256];
1277 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1278 size_t key_size = strlen(mk_hex) / 2;
1279 const char *cipher = "aes";
1280 const char *cipher_mode = "cbc-essiv:sha256";
1281 uint64_t r_payload_offset, r_header_size, img_size;
1283 /* Cannot use Argon2 in FIPS */
1285 pbkdf.type = CRYPT_KDF_PBKDF2;
1286 pbkdf.parallel_threads = 0;
1287 pbkdf.max_memory_kb = 0;
1290 crypt_decode_key(key, mk_hex, key_size);
1292 // hardcoded values for existing image IMAGE1
1295 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
1296 // external header device
1297 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
1298 // prepared header on a device too small to contain header and payload
1299 //OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
1300 OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, img_size - 1));
1301 snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32 " count=%" PRIu64 " 2>/dev/null", params.sector_size, img_size - 1);
1302 OK_(_system(cmd, 1));
1304 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
1306 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_header_size + 1));
1307 // 0 sectors device for payload
1308 OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_header_size));
1310 // valid metadata and device size
1311 params.data_alignment = 0;
1312 params.data_device = DMDIR L_DEVICE_OK;
1313 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1314 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1316 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1317 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1318 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1319 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1320 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1321 OK_(!crypt_get_metadata_device_name(cd));
1322 EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
1323 OK_(crypt_deactivate(cd, CDEVICE_1));
1326 // repeat with init with two devices
1327 OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
1328 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1330 OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
1331 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1332 OK_(!crypt_get_metadata_device_name(cd));
1333 EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
1336 // bad header: device too small (payloadOffset > device_size)
1337 OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
1338 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Device too small");
1339 NULL_(crypt_get_type(cd));
1342 // 0 secs for encrypted data area
1343 params.data_alignment = 8192;
1344 params.data_device = NULL;
1345 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
1346 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1348 // load should be ok
1349 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
1350 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1351 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
1352 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
1356 OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8 2>/dev/null", 1));
1357 OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 seek=32 count=8 2>/dev/null", 1));
1358 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1359 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Header not found");
1363 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1364 FAIL_(crypt_load(cd, CRYPT_PLAIN, NULL), "Can't load nonLUKS device type");
1366 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1367 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, &pl_params));
1368 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Can't load over nonLUKS device type");
1372 OK_(crypt_init(&cd, DEVICE_4));
1373 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1375 OK_(crypt_init(&cd, DEVICE_4));
1376 crypt_set_iteration_time(cd, 0); /* invalid for argon2 pbkdf, ignored */
1377 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1380 /* check load sets proper device type */
1381 OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
1382 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1383 EQ_(strcmp(CRYPT_LUKS2, crypt_get_type(cd)), 0);
1386 _cleanup_dmdevices();
1389 static void Luks2HeaderBackup(void)
1391 struct crypt_pbkdf_type pbkdf = {
1392 .type = CRYPT_KDF_ARGON2I,
1394 .parallel_threads = 4,
1395 .max_memory_kb = 1024,
1398 struct crypt_params_luks2 params = {
1400 .data_alignment = 8192, // 4M, data offset will be 4096
1401 .data_device = DEVICE_2,
1405 int fd, ro = O_RDONLY;
1407 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1408 size_t key_size = strlen(mk_hex) / 2;
1409 const char *cipher = "aes";
1410 const char *cipher_mode = "cbc-essiv:sha256";
1411 uint64_t r_payload_offset;
1413 const char *passphrase = PASSPHRASE;
1415 /* Cannot use Argon2 in FIPS */
1417 pbkdf.type = CRYPT_KDF_PBKDF2;
1418 pbkdf.parallel_threads = 0;
1419 pbkdf.max_memory_kb = 0;
1422 crypt_decode_key(key, mk_hex, key_size);
1424 OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset));
1425 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
1427 // create LUKS device and backup the header
1428 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1429 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1430 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1431 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
1432 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0);
1433 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
1434 OK_(crypt_deactivate(cd, CDEVICE_1));
1437 // restore header from backup
1438 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1439 OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
1440 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1441 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1442 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1443 OK_(crypt_deactivate(cd, CDEVICE_1));
1446 // exercise luksOpen using backup header in file
1447 OK_(crypt_init(&cd, BACKUP_FILE));
1448 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1449 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1450 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
1451 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1452 OK_(crypt_deactivate(cd, CDEVICE_1));
1455 OK_(crypt_init(&cd, BACKUP_FILE));
1456 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1457 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1458 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
1459 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1460 OK_(crypt_deactivate(cd, CDEVICE_1));
1463 // exercise luksOpen using backup header on block device
1464 fd = loop_attach(&DEVICE_3, BACKUP_FILE, 0, 0, &ro);
1465 NOTFAIL_(fd, "Bad loop device.");
1467 OK_(crypt_init(&cd, DEVICE_3));
1468 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1469 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1470 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
1471 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1472 OK_(crypt_deactivate(cd, CDEVICE_1));
1475 OK_(crypt_init(&cd, DEVICE_3));
1476 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1477 OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
1478 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
1479 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1480 OK_(crypt_deactivate(cd, CDEVICE_1));
1483 _cleanup_dmdevices();
1486 static void ResizeDeviceLuks2(void)
1488 struct crypt_pbkdf_type pbkdf = {
1489 .type = CRYPT_KDF_ARGON2I,
1491 .parallel_threads = 4,
1492 .max_memory_kb = 1024,
1495 struct crypt_params_luks2 params = {
1497 .data_alignment = 8192, // 4M, data offset will be 4096
1502 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
1503 size_t key_size = strlen(mk_hex) / 2;
1504 const char *cipher = "aes";
1505 const char *cipher_mode = "cbc-essiv:sha256";
1506 uint64_t r_payload_offset, r_header_size, r_size;
1508 /* Cannot use Argon2 in FIPS */
1510 pbkdf.type = CRYPT_KDF_PBKDF2;
1511 pbkdf.parallel_threads = 0;
1512 pbkdf.max_memory_kb = 0;
1515 crypt_decode_key(key, mk_hex, key_size);
1518 OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
1519 OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
1520 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
1521 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
1522 OK_(create_dmdevice_over_loop(L_DEVICE_0S, 1000));
1523 OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 1000));
1525 // test header and encrypted payload all in one device
1526 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1527 // disable loading VKs in kernel keyring (compatible mode)
1528 OK_(crypt_volume_key_keyring(cd, 0));
1529 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1530 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1531 OK_(crypt_resize(cd, CDEVICE_1, 0));
1532 OK_(crypt_resize(cd, CDEVICE_1, 42));
1533 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1534 EQ_(42, r_size >> SECTOR_SHIFT);
1535 OK_(crypt_resize(cd, CDEVICE_1, 0));
1536 // autodetect encrypted device area size
1537 OK_(crypt_resize(cd, CDEVICE_1, 0));
1538 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1539 EQ_(1000, r_size >> SECTOR_SHIFT);
1540 FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
1541 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1542 EQ_(1000, r_size >> SECTOR_SHIFT);
1543 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1544 OK_(crypt_deactivate(cd, CDEVICE_1));
1547 params.data_alignment = 0;
1548 params.data_device = DMDIR L_DEVICE_0S;
1549 // test case for external header
1550 OK_(crypt_init(&cd, DMDIR H_DEVICE));
1551 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
1552 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1553 OK_(crypt_resize(cd, CDEVICE_1, 666));
1554 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1555 EQ_(666, r_size >> SECTOR_SHIFT);
1556 // autodetect encrypted device size
1557 OK_(crypt_resize(cd, CDEVICE_1, 0));
1558 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1559 EQ_(1000, r_size >> SECTOR_SHIFT);
1560 FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
1561 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1562 EQ_(1000, r_size >> SECTOR_SHIFT);
1563 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
1564 OK_(crypt_deactivate(cd, CDEVICE_1));
1567 #ifdef KERNEL_KEYRING
1568 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1569 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1570 // enable loading VKs in kernel keyring (default mode)
1571 OK_(crypt_volume_key_keyring(cd, 1));
1572 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1573 // erase volume key from kernel keyring
1574 if (t_dm_crypt_keyring_support())
1575 OK_(_drop_keyring_key(cd, 0));
1577 FAIL_(_drop_keyring_key(cd, 0), "key not found");
1579 OK_(crypt_resize(cd, CDEVICE_1, 0));
1580 // kernel fails to find the volume key in keyring
1581 if (t_dm_crypt_keyring_support())
1582 FAIL_(crypt_resize(cd, CDEVICE_1, 42), "Unable to find volume key in keyring");
1584 OK_(crypt_resize(cd, CDEVICE_1, 42));
1585 // test mode must not load vk in keyring
1586 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
1587 if (t_dm_crypt_keyring_support())
1588 FAIL_(crypt_resize(cd, CDEVICE_1, 44), "VK must be in keyring to perform resize");
1590 OK_(crypt_resize(cd, CDEVICE_1, 44));
1591 // reinstate the volume key in keyring
1592 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
1593 OK_(crypt_resize(cd, CDEVICE_1, 43));
1594 if (!t_device_size(DMDIR CDEVICE_1, &r_size))
1595 EQ_(43, r_size >> SECTOR_SHIFT);
1598 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1599 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
1600 // check userspace gets hint volume key must be properly loaded in kernel keyring
1601 if (t_dm_crypt_keyring_support())
1602 EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
1604 OK_(crypt_resize(cd, CDEVICE_1, 0));
1607 // same as above for handles initialised by name
1608 OK_(crypt_init_by_name(&cd, CDEVICE_1));
1609 if (t_dm_crypt_keyring_support())
1610 EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
1612 OK_(crypt_resize(cd, CDEVICE_1, 0));
1613 OK_(crypt_deactivate(cd, CDEVICE_1));
1616 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
1617 OK_(crypt_load(cd, NULL, NULL));
1618 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
1620 /* create second LUKS2 device */
1621 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
1622 OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, ¶ms));
1623 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
1624 /* do not allow resize of other device */
1625 FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
1626 OK_(crypt_deactivate(cd2, CDEVICE_2));
1629 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
1630 crypt_set_iteration_time(cd2, 1);
1631 OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, NULL));
1632 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
1633 FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
1634 OK_(crypt_deactivate(cd2, CDEVICE_2));
1637 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
1638 OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, NULL));
1639 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
1640 FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
1641 OK_(crypt_deactivate(cd2, CDEVICE_2));
1644 OK_(crypt_deactivate(cd, CDEVICE_1));
1647 _cleanup_dmdevices();
1650 static void TokenActivationByKeyring(void)
1652 #ifdef KERNEL_KEYRING
1653 key_serial_t kid, kid1;
1654 struct crypt_active_device cad;
1656 const char *cipher = "aes";
1657 const char *cipher_mode = "xts-plain64";
1659 const struct crypt_token_params_luks2_keyring params = {
1660 .key_description = KEY_DESC_TEST0
1662 .key_description = KEY_DESC_TEST1
1664 uint64_t r_payload_offset;
1666 if (!t_dm_crypt_keyring_support()) {
1667 printf("WARNING: Kernel keyring not supported, skipping test.\n");
1671 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
1672 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1674 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
1675 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
1677 // prepare the device
1678 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1679 crypt_set_iteration_time(cd, 1);
1680 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
1681 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
1682 EQ_(crypt_token_luks2_keyring_set(cd, 3, ¶ms), 3);
1683 EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3);
1686 // test thread keyring key in token 0
1687 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1688 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1689 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0);
1690 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), "already open");
1691 OK_(crypt_deactivate(cd, CDEVICE_1));
1694 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
1696 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_PROCESS_KEYRING);
1697 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1699 // add token 1 with process keyring key
1700 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1701 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1702 EQ_(crypt_token_json_set(cd, 3, NULL), 3);
1703 EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms), 1);
1704 EQ_(crypt_token_assign_keyslot(cd, 1, 0), 1);
1707 // test process keyring key in token 1
1708 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1709 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1710 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 0);
1711 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), "already open");
1712 OK_(crypt_deactivate(cd, CDEVICE_1));
1715 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING), "Test or kernel keyring are broken.");
1717 // create two tokens and let the cryptsetup unlock the volume with the valid one
1718 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
1719 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1721 kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
1722 NOTFAIL_(kid1, "Test or kernel keyring are broken.");
1724 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1725 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1726 EQ_(crypt_token_luks2_keyring_set(cd, 0, ¶ms), 0);
1727 EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
1728 EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms2), 1);
1729 FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist");
1730 crypt_set_iteration_time(cd, 1);
1731 EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1);
1732 EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1);
1735 // activate by specific token
1736 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1737 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1738 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0);
1739 if (t_dm_crypt_keyring_support()) {
1740 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
1741 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
1743 OK_(crypt_deactivate(cd, CDEVICE_1));
1744 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 1);
1745 OK_(crypt_deactivate(cd, CDEVICE_1));
1748 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
1750 // activate by any token with token 0 having absent pass from keyring
1751 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1752 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1753 EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
1754 if (t_dm_crypt_keyring_support()) {
1755 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
1756 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
1758 OK_(crypt_deactivate(cd, CDEVICE_1));
1761 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
1762 NOTFAIL_(kid, "Test or kernel keyring are broken.");
1764 // replace pass for keyslot 0 making token 0 invalid
1765 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1766 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1767 OK_(crypt_keyslot_destroy(cd, 0));
1768 crypt_set_iteration_time(cd, 1);
1769 EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
1772 // activate by any token with token 0 having wrong pass for keyslot 0
1773 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1774 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1775 EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
1776 OK_(crypt_deactivate(cd, CDEVICE_1));
1779 // create new device, with two tokens:
1780 // 1st token being invalid (missing key in keyring)
1781 // 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass)
1782 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1783 crypt_set_iteration_time(cd, 1);
1784 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
1785 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
1786 EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
1787 EQ_(crypt_token_luks2_keyring_set(cd, 0, ¶ms), 0);
1788 EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
1789 EQ_(crypt_token_luks2_keyring_set(cd, 2, ¶ms2), 2);
1790 EQ_(crypt_token_assign_keyslot(cd, 2, 1), 2);
1793 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
1795 kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
1796 NOTFAIL_(kid1, "Test or kernel keyring are broken.");
1798 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1799 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
1800 EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
1801 OK_(crypt_deactivate(cd, CDEVICE_1));
1803 _cleanup_dmdevices();
1805 printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
1809 static void Tokens(void)
1811 #define TEST_TOKEN_JSON(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
1812 "\"key_length\":32,\"a_field\":\"magic_string\"}"
1814 #define TEST_TOKEN_JSON_INVALID(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
1815 "\"key_length\":32}"
1817 #define TEST_TOKEN1_JSON(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
1818 "\"key_length\":32,\"a_field\":\"magic_string\"}"
1820 #define TEST_TOKEN1_JSON_INVALID(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
1821 "\"key_length\":32}"
1823 #define BOGUS_TOKEN0_JSON "{\"type\":\"luks2-\",\"keyslots\":[]}"
1824 #define BOGUS_TOKEN1_JSON "{\"type\":\"luks2-a\",\"keyslots\":[]}"
1826 #define LUKS2_KEYRING_TOKEN_JSON(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
1827 "\"key_description\":" y "}"
1829 #define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
1830 "\"key_description\":" y ", \"some_field\":\"some_value\"}"
1835 const char *cipher = "aes";
1836 const char *cipher_mode = "xts-plain64";
1837 char passptr[] = PASSPHRASE;
1838 char passptr1[] = PASSPHRASE1;
1840 static const crypt_token_handler th = {
1841 .name = "test_token",
1843 .validate = test_validate
1845 .name = "test_token",
1848 .name = "test_token1",
1850 .validate = test_validate
1852 .name = "luks2-prefix",
1856 struct crypt_token_params_luks2_keyring params = {
1857 .key_description = "desc"
1859 uint64_t r_payload_offset;
1861 OK_(crypt_token_register(&th));
1862 FAIL_(crypt_token_register(&th2), "Token handler with the name already registered.");
1864 FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix");
1866 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
1867 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
1869 // basic token API tests
1870 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
1871 crypt_set_iteration_time(cd, 1);
1872 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
1873 EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID);
1874 EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID);
1875 EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_INACTIVE);
1876 EQ_(crypt_token_status(cd, 31, NULL), CRYPT_TOKEN_INACTIVE);
1877 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
1878 EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
1879 FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON_INVALID("\"0\"")), "Token validation failed");
1880 EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON("\"0\"")), 0);
1881 EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_EXTERNAL);
1882 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), 0);
1883 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), "already active");
1884 OK_(crypt_deactivate(cd, CDEVICE_1));
1886 // write invalid token and verify that validate() can detect it after handler being registered
1887 EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON_INVALID("\"1\"")), 1);
1888 EQ_(crypt_token_status(cd, 1, NULL), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
1889 EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON("\"1\"")), 2);
1890 EQ_(crypt_token_status(cd, 2, &dummy), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
1891 OK_(strcmp(dummy, "test_token1"));
1892 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Unknown token handler");
1893 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Unknown token handler");
1894 OK_(crypt_token_register(&th3));
1895 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Token validation failed");
1896 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), 1);
1897 OK_(crypt_deactivate(cd, CDEVICE_1));
1899 // test crypt_token_json_get returns correct token id
1900 EQ_(crypt_token_json_get(cd, 2, &dummy), 2);
1902 // exercise assign/unassign keyslots API
1903 EQ_(crypt_token_unassign_keyslot(cd, 2, 1), 2);
1904 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Token assigned to no keyslot");
1905 EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
1906 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Wrong passphrase");
1907 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
1908 OK_(crypt_deactivate(cd, CDEVICE_1));
1909 EQ_(crypt_token_json_set(cd, 1, NULL), 1);
1910 FAIL_(crypt_token_json_get(cd, 1, &dummy), "Token is not there");
1911 EQ_(crypt_token_unassign_keyslot(cd, 2, CRYPT_ANY_SLOT), 2);
1912 EQ_(crypt_token_unassign_keyslot(cd, 0, CRYPT_ANY_SLOT), 0);
1914 // various tests related to unassigned keyslot to volume segment
1915 EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
1916 EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
1917 EQ_(crypt_token_assign_keyslot(cd, 0, 3), 0);
1919 EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
1920 EQ_(crypt_activate_by_token(cd, NULL, 0, passptr1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
1921 // FIXME: useless error message here (or missing one to be specific)
1922 FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), "No volume key available in token keyslots");
1923 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
1924 OK_(crypt_deactivate(cd, CDEVICE_1));
1925 EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
1926 OK_(crypt_token_is_assigned(cd, 0, 1));
1927 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), 1);
1928 OK_(crypt_deactivate(cd, CDEVICE_1));
1930 EQ_(crypt_token_assign_keyslot(cd, 2, 3), 2);
1931 OK_(crypt_token_is_assigned(cd, 2, 3));
1932 EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
1933 EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
1934 OK_(crypt_deactivate(cd, CDEVICE_1));
1936 #ifdef KERNEL_KEYRING
1937 if (t_dm_crypt_keyring_support()) {
1938 EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), 0);
1939 OK_(_volume_key_in_keyring(cd, 0));
1941 OK_(crypt_volume_key_keyring(cd, 0));
1943 FAIL_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), "Can't use keyring when disabled in library");
1944 OK_(crypt_volume_key_keyring(cd, 1));
1946 EQ_(crypt_token_luks2_keyring_set(cd, 5, ¶ms), 5);
1947 EQ_(crypt_token_status(cd, 5, &dummy), CRYPT_TOKEN_INTERNAL);
1948 OK_(strcmp(dummy, "luks2-keyring"));
1950 FAIL_(crypt_token_luks2_keyring_get(cd, 2, ¶ms), "Token is not luks2-keyring type");
1952 FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN0_JSON), "luks2- reserved prefix.");
1953 FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN1_JSON), "luks2- reserved prefix.");
1955 // test we can use crypt_token_json_set for valid luks2-keyring token
1956 FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON_BAD("\"0\"", "\"my_desc_x\"")), "Strict luks2-keyring token validation failed");
1957 EQ_(crypt_token_status(cd, 12, NULL), CRYPT_TOKEN_INACTIVE);
1958 FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON("\"5\"", "\"my_desc\"")), "Missing keyslot 5.");
1959 EQ_(crypt_token_json_set(cd, 10, LUKS2_KEYRING_TOKEN_JSON("\"1\"", "\"my_desc\"")), 10);
1960 EQ_(crypt_token_status(cd, 10, &dummy), CRYPT_TOKEN_INTERNAL);
1961 OK_(strcmp(dummy, "luks2-keyring"));
1962 params.key_description = NULL;
1963 EQ_(crypt_token_luks2_keyring_get(cd, 10, ¶ms), 10);
1964 OK_(strcmp(params.key_description, "my_desc"));
1966 OK_(crypt_token_is_assigned(cd, 10, 1));
1968 EQ_(crypt_token_is_assigned(cd, 10, 21), -ENOENT);
1969 EQ_(crypt_token_is_assigned(cd, 21, 1), -ENOENT);
1970 // wrong keyslot or token id tests
1971 EQ_(crypt_token_is_assigned(cd, -1, 1), -EINVAL);
1972 EQ_(crypt_token_is_assigned(cd, 32, 1), -EINVAL);
1973 EQ_(crypt_token_is_assigned(cd, 10, -1), -EINVAL);
1974 EQ_(crypt_token_is_assigned(cd, 10, 32), -EINVAL);
1975 EQ_(crypt_token_is_assigned(cd, -1, -1), -EINVAL);
1976 EQ_(crypt_token_is_assigned(cd, 32, 32), -EINVAL);
1978 // test crypt_keyslot_change_by_passphrase does not erase token references
1979 EQ_(crypt_keyslot_change_by_passphrase(cd, 1, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
1980 OK_(crypt_token_is_assigned(cd, 10, 5));
1981 ks = crypt_keyslot_change_by_passphrase(cd, 5, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1));
1982 NOTFAIL_(ks, "Failed to change keyslot passphrase.");
1983 OK_(crypt_token_is_assigned(cd, 10, ks));
1987 _cleanup_dmdevices();
1990 static void LuksConvert(void)
1992 uint64_t offset, r_payload_offset;
1994 const char *json = "{\"type\":\"convert_block\",\"keyslots\":[]}";
1995 const struct crypt_pbkdf_type argon = {
1996 .type = CRYPT_KDF_ARGON2I,
1999 .max_memory_kb = 1024,
2000 .parallel_threads = 1
2002 .type = CRYPT_KDF_PBKDF2,
2007 struct crypt_params_luks1 luks1 = {
2009 .data_device = DMDIR L_DEVICE_1S
2012 struct crypt_params_luks2 luks2 = {
2017 const char *cipher = "aes";
2018 const char *cipher_mode = "xts-plain64";
2020 // prepare the device
2021 OK_(crypt_init(&cd, DEVICE_1));
2022 crypt_set_iteration_time(cd, 1);
2023 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NULL));
2024 offset = crypt_get_data_offset(cd);
2025 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2026 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 7);
2029 // convert LUKSv1 -> LUKSv2
2030 OK_(crypt_init(&cd, DEVICE_1));
2031 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2032 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
2033 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2034 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "device is active");
2035 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2036 OK_(crypt_deactivate(cd, CDEVICE_1));
2037 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2038 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2042 OK_(crypt_init(&cd, DEVICE_1));
2043 FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "wrong luks format");
2044 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2045 EQ_(crypt_get_data_offset(cd), offset);
2046 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2047 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2048 OK_(crypt_deactivate(cd, CDEVICE_1));
2049 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
2050 OK_(crypt_deactivate(cd, CDEVICE_1));
2051 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "format is already LUKSv2");
2052 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2055 // convert LUKSv2 -> LUKSv1
2056 OK_(crypt_init(&cd, DEVICE_1));
2057 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2058 EQ_(crypt_get_data_offset(cd), offset);
2059 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2060 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "device is active");
2061 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
2062 OK_(crypt_deactivate(cd, CDEVICE_1));
2063 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2064 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2068 OK_(crypt_init(&cd, DEVICE_1));
2069 FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "wrong luks format");
2070 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2071 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2072 EQ_(crypt_get_data_offset(cd), offset);
2073 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2074 OK_(crypt_deactivate(cd, CDEVICE_1));
2075 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
2076 OK_(crypt_deactivate(cd, CDEVICE_1));
2077 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
2078 OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
2081 // exercice non-pbkdf2 LUKSv2 conversion
2083 OK_(crypt_init(&cd, DEVICE_1));
2084 OK_(crypt_set_data_offset(cd, offset));
2085 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
2086 OK_(crypt_set_pbkdf_type(cd, &argon));
2087 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2088 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Incompatible pbkdf with LUKSv1 format");
2092 // exercice non LUKS1 compatible keyslot
2093 OK_(crypt_init(&cd, DEVICE_1));
2094 OK_(crypt_set_data_offset(cd, offset));
2095 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
2096 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2097 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
2098 // FIXME: following test fails as expected but for a different reason
2099 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Unassigned keyslots are incompatible with LUKSv1 format");
2102 // exercice LUKSv2 conversion with single pbkdf2 keyslot being active
2103 OK_(crypt_init(&cd, DEVICE_1));
2104 OK_(crypt_set_data_offset(cd, offset));
2105 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2106 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
2107 offset = crypt_get_data_offset(cd);
2108 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2110 OK_(crypt_set_pbkdf_type(cd, &argon));
2111 EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 1);
2112 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Different hash for digest and keyslot.");
2113 OK_(crypt_keyslot_destroy(cd, 1));
2115 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2116 EQ_(crypt_get_data_offset(cd), offset);
2118 OK_(crypt_init(&cd, DEVICE_1));
2119 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2120 EQ_(crypt_get_data_offset(cd), offset);
2121 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2124 // do not allow conversion on keyslot No > 7
2125 OK_(crypt_init(&cd, DEVICE_1));
2126 OK_(crypt_set_data_offset(cd, offset));
2127 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
2128 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
2129 EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
2130 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert keyslot No 8");
2133 // do not allow conversion with token
2134 OK_(crypt_init(&cd, DEVICE_1));
2135 OK_(crypt_set_data_offset(cd, offset));
2136 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
2137 OK_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json));
2138 FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert header with token.");
2141 // should be enough for both luks1 and luks2 devices with all vk lengths
2142 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
2143 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
2145 // do not allow conversion for legacy luks1 device (non-aligned keyslot offset)
2146 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_LEGACY " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2147 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2148 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2149 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
2153 * do not allow conversion on images if there's not enough space between
2154 * last keyslot and data offset (should not happen on headers created
2157 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_UNMOVABLE " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2158 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2159 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2160 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
2163 // compat conversion tests
2167 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2169 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2170 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2171 offset = crypt_get_data_offset(cd);
2172 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2173 EQ_(crypt_get_data_offset(cd), offset);
2174 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2175 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2176 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2178 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2179 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2180 EQ_(crypt_get_data_offset(cd), offset);
2181 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2182 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2186 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2188 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2189 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2190 offset = crypt_get_data_offset(cd);
2191 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2192 EQ_(crypt_get_data_offset(cd), offset);
2193 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2194 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2195 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2197 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2198 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2199 EQ_(crypt_get_data_offset(cd), offset);
2200 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2201 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2205 OK_(_system("dd if=" CONV_DIR "/" CONV_L1_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
2207 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2208 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2209 offset = crypt_get_data_offset(cd);
2210 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2211 EQ_(crypt_get_data_offset(cd), offset);
2212 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2213 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2214 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2216 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2217 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2218 EQ_(crypt_get_data_offset(cd), offset);
2219 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2220 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2223 // detached LUKS1 header conversion
2224 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
2225 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2226 offset = crypt_get_data_offset(cd);
2227 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2228 EQ_(crypt_get_data_offset(cd), offset);
2229 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2230 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2231 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2233 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
2234 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2235 EQ_(crypt_get_data_offset(cd), offset);
2236 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2237 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2241 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
2242 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2243 offset = crypt_get_data_offset(cd);
2244 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2245 EQ_(crypt_get_data_offset(cd), offset);
2246 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2247 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2248 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2250 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
2251 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2252 EQ_(crypt_get_data_offset(cd), offset);
2253 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2254 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2258 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
2259 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2260 offset = crypt_get_data_offset(cd);
2261 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2262 EQ_(crypt_get_data_offset(cd), offset);
2263 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
2264 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2265 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2267 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
2268 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2269 EQ_(crypt_get_data_offset(cd), offset);
2270 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2271 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2276 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2278 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2279 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2280 offset = crypt_get_data_offset(cd);
2281 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2282 EQ_(crypt_get_data_offset(cd), offset);
2283 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2284 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2285 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2287 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2288 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2289 EQ_(crypt_get_data_offset(cd), offset);
2290 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2291 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2294 // 128b all LUKS1 keyslots used
2295 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2296 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2297 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2298 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2299 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2301 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2302 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2303 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2304 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2305 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2306 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2307 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2308 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2309 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2310 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2314 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2316 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2317 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2318 offset = crypt_get_data_offset(cd);
2319 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2320 EQ_(crypt_get_data_offset(cd), offset);
2321 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2322 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2323 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2325 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2326 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2327 EQ_(crypt_get_data_offset(cd), offset);
2328 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2329 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2332 // 256b all LUKS1 keyslots used
2333 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2334 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2335 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2336 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2337 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2339 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2340 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2341 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2342 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2343 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2344 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2345 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2346 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2347 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2348 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2352 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2354 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2355 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2356 offset = crypt_get_data_offset(cd);
2357 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2358 EQ_(crypt_get_data_offset(cd), offset);
2359 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2360 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2361 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2363 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2364 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2365 EQ_(crypt_get_data_offset(cd), offset);
2366 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2367 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2370 // 512b all LUKS1 keyslots used
2371 OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
2372 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2373 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2374 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2375 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2377 OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
2378 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2379 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2380 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2381 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2382 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2383 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2384 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2385 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2386 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2391 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
2392 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2393 offset = crypt_get_data_offset(cd);
2394 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2395 EQ_(crypt_get_data_offset(cd), offset);
2396 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2397 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2398 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2400 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
2401 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2402 EQ_(crypt_get_data_offset(cd), offset);
2403 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2404 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2407 // 128b all LUKS1 keyslots used
2408 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
2409 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2410 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2411 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2413 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
2414 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2415 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2416 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2417 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2418 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2419 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2420 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2421 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2422 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2426 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
2427 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2428 offset = crypt_get_data_offset(cd);
2429 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2430 EQ_(crypt_get_data_offset(cd), offset);
2431 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2432 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2433 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2435 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
2436 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2437 EQ_(crypt_get_data_offset(cd), offset);
2438 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2439 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2442 // 256b all LUKS1 keyslots used
2443 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
2444 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2445 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2446 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2448 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
2449 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2450 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2451 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2452 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2453 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2454 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2455 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2456 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2457 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2461 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
2462 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2463 offset = crypt_get_data_offset(cd);
2464 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2465 EQ_(crypt_get_data_offset(cd), offset);
2466 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2467 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2468 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2470 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
2471 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2472 EQ_(crypt_get_data_offset(cd), offset);
2473 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2474 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2477 // 512b all LUKS1 keyslots used
2478 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
2479 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2480 OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
2481 EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
2483 OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
2484 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
2485 EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
2486 EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
2487 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
2488 EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
2489 EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
2490 EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
2491 EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
2492 EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
2495 // detached LUKS1 header upconversion
2496 OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header should fit there
2497 OK_(crypt_init(&cd, DMDIR H_DEVICE));
2498 crypt_set_iteration_time(cd, 1);
2499 //OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2500 OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
2501 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
2502 FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space.");
2505 // 2050 sectors, empty file
2506 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2));
2507 //OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2508 crypt_set_iteration_time(cd, 1);
2509 OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
2510 EQ_(crypt_get_data_offset(cd), 0);
2511 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
2512 OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
2515 _cleanup_dmdevices();
2518 static void Pbkdf(void)
2520 const struct crypt_pbkdf_type *pbkdf;
2522 const char *cipher = "aes", *mode="xts-plain64";
2523 struct crypt_pbkdf_type argon2 = {
2524 .type = CRYPT_KDF_ARGON2I,
2525 .hash = DEFAULT_LUKS1_HASH,
2527 .max_memory_kb = 1024,
2528 .parallel_threads = 1
2530 .type = CRYPT_KDF_PBKDF2,
2531 .hash = DEFAULT_LUKS1_HASH,
2534 .type = "hamster_pbkdf",
2535 .hash = DEFAULT_LUKS1_HASH
2537 struct crypt_params_plain params = {
2543 struct crypt_params_luks1 luks1 = {
2544 .hash = "sha512", // test non-standard hash
2545 .data_alignment = 2048,
2548 uint64_t r_payload_offset;
2550 /* Only PBKDF2 is allowed in FIPS, these tests cannot be run. */
2554 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
2555 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
2557 NULL_(crypt_get_pbkdf_type_params(NULL));
2558 NULL_(crypt_get_pbkdf_type_params("suslik"));
2559 NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2));
2560 OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
2561 NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2I));
2562 OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2I));
2563 NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2ID));
2564 OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2ID));
2566 // test empty context
2567 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2568 NULL_(crypt_get_pbkdf_type(cd));
2569 OK_(crypt_set_pbkdf_type(cd, &argon2));
2570 NOTNULL_(crypt_get_pbkdf_type(cd));
2571 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2572 NOTNULL_(crypt_get_pbkdf_type(cd));
2573 OK_(crypt_set_pbkdf_type(cd, NULL));
2574 NOTNULL_(crypt_get_pbkdf_type(cd));
2576 // test plain device
2577 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, mode, NULL, NULL, 32, ¶ms));
2578 OK_(crypt_set_pbkdf_type(cd, &argon2));
2579 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2580 OK_(crypt_set_pbkdf_type(cd, NULL));
2581 NOTNULL_(crypt_get_pbkdf_type(cd));
2584 // test LUKSv1 device
2585 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2586 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
2587 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Unsupported with non-LUKS2 devices");
2588 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2589 OK_(crypt_set_pbkdf_type(cd, NULL));
2590 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2591 EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME);
2593 // test value set in crypt_set_iteration_time() can be obtained via following crypt_get_pbkdf_type()
2594 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2595 crypt_set_iteration_time(cd, 42);
2596 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
2597 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2598 EQ_(pbkdf->time_ms, 42);
2599 // test crypt_get_pbkdf_type() returns expected values for LUKSv1
2600 OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
2601 OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
2602 EQ_(pbkdf->max_memory_kb, 0);
2603 EQ_(pbkdf->parallel_threads, 0);
2604 crypt_set_iteration_time(cd, 43);
2605 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2606 EQ_(pbkdf->time_ms, 43);
2608 // test whether crypt_get_pbkdf_type() after double crypt_load()
2609 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2610 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2611 crypt_set_iteration_time(cd, 42);
2612 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2613 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2614 EQ_(pbkdf->time_ms, 42);
2616 // test whether hash passed via *params in crypt_load() has higher priority
2617 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2618 crypt_set_iteration_time(cd, 1);
2619 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, &luks1));
2620 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2621 OK_(strcmp(pbkdf->hash, luks1.hash));
2622 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2623 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2624 OK_(strcmp(pbkdf->hash, luks1.hash));
2627 // test LUKSv2 device
2628 // test default values are set
2629 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2630 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
2631 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2632 OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
2633 OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
2634 EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
2635 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2636 EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
2637 // set and verify argon2 type
2638 OK_(crypt_set_pbkdf_type(cd, &argon2));
2639 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2640 OK_(strcmp(pbkdf->type, argon2.type));
2641 OK_(strcmp(pbkdf->hash, argon2.hash));
2642 EQ_(pbkdf->time_ms, argon2.time_ms);
2643 EQ_(pbkdf->max_memory_kb, argon2.max_memory_kb);
2644 EQ_(pbkdf->parallel_threads, argon2.parallel_threads);
2645 // set and verify pbkdf2 type
2646 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2647 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2648 OK_(strcmp(pbkdf->type, pbkdf2.type));
2649 OK_(strcmp(pbkdf->hash, pbkdf2.hash));
2650 EQ_(pbkdf->time_ms, pbkdf2.time_ms);
2651 EQ_(pbkdf->max_memory_kb, pbkdf2.max_memory_kb);
2652 EQ_(pbkdf->parallel_threads, pbkdf2.parallel_threads);
2653 // reset and verify default values
2654 crypt_set_iteration_time(cd, 1); // it's supposed to override this call
2655 OK_(crypt_set_pbkdf_type(cd, NULL));
2656 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2657 OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
2658 OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
2659 EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
2660 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2661 EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
2662 // try to pass illegal values
2663 argon2.parallel_threads = 0;
2664 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0");
2665 argon2.parallel_threads = 1;
2666 argon2.max_memory_kb = 0;
2667 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Memory can't be 0");
2668 argon2.max_memory_kb = 1024;
2669 pbkdf2.parallel_threads = 1;
2670 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Parallel threads can't be set with pbkdf2 type");
2671 pbkdf2.parallel_threads = 0;
2672 pbkdf2.max_memory_kb = 512;
2673 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Memory can't be set with pbkdf2 type");
2674 FAIL_(crypt_set_pbkdf_type(cd, &bad), "Unknown type member");
2675 bad.type = CRYPT_KDF_PBKDF2;
2677 FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty");
2679 bad.hash = DEFAULT_LUKS1_HASH;
2680 FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
2681 bad.hash = "hamster_hash";
2682 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
2684 // test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
2685 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2686 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2687 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2688 OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
2689 OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
2690 EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
2691 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2692 EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
2693 crypt_set_iteration_time(cd, 1);
2694 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
2695 OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
2696 OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
2697 EQ_(pbkdf->time_ms, 1);
2698 EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
2699 EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
2702 // test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time()
2703 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2704 crypt_set_iteration_time(cd, 0);
2705 OK_(crypt_set_pbkdf_type(cd, &argon2));
2706 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2707 OK_(strcmp(pbkdf->type, argon2.type));
2708 EQ_(pbkdf->time_ms, argon2.time_ms);
2711 argon2.iterations = 33;
2712 argon2.flags = CRYPT_PBKDF_NO_BENCHMARK;
2713 OK_(crypt_set_pbkdf_type(cd, &argon2));
2714 NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
2715 EQ_(pbkdf->iterations, 33);
2716 EQ_(pbkdf->flags, CRYPT_PBKDF_NO_BENCHMARK);
2718 // time may be unset with iterations
2720 OK_(crypt_set_pbkdf_type(cd, &argon2));
2721 argon2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
2722 FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Illegal time value.");
2725 pbkdf2.flags = CRYPT_PBKDF_NO_BENCHMARK;
2726 pbkdf2.parallel_threads = 0;
2727 pbkdf2.max_memory_kb = 0;
2728 pbkdf2.iterations = 1000;
2729 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2730 pbkdf2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
2731 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Illegal time value.");
2733 // hash is relevant only with pbkdf2
2736 FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2");
2737 pbkdf2.hash = "sha1";
2738 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
2741 argon2.hash = "sha1"; // will be ignored
2742 OK_(crypt_set_pbkdf_type(cd, &argon2));
2744 OK_(crypt_set_pbkdf_type(cd, &argon2));
2748 NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1));
2749 OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
2750 EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME);
2751 OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
2752 EQ_(pbkdf->max_memory_kb, 0);
2753 EQ_(pbkdf->parallel_threads, 0);
2755 NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2));
2756 OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
2757 EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
2758 OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
2759 EQ_(pbkdf->max_memory_kb, DEFAULT_LUKS2_MEMORY_KB);
2760 EQ_(pbkdf->parallel_threads, DEFAULT_LUKS2_PARALLEL_THREADS);
2762 NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN));
2764 _cleanup_dmdevices();
2767 static void Luks2KeyslotAdd(void)
2769 char key[128], key2[128], key_ret[128];
2770 const char *cipher = "aes", *cipher_mode="xts-plain64";
2771 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
2772 const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
2773 size_t key_ret_len, key_size = strlen(mk_hex) / 2;
2774 uint64_t r_payload_offset;
2775 struct crypt_pbkdf_type pbkdf = {
2779 .max_memory_kb = 32,
2780 .parallel_threads = 1,
2781 .flags = CRYPT_PBKDF_NO_BENCHMARK,
2783 struct crypt_params_luks2 params2 = {
2785 .sector_size = SECTOR_SIZE
2788 crypt_decode_key(key, mk_hex, key_size);
2789 crypt_decode_key(key2, mk_hex2, key_size);
2791 /* Cannot use Argon2 in FIPS */
2793 pbkdf.type = CRYPT_KDF_PBKDF2;
2794 pbkdf.parallel_threads = 0;
2795 pbkdf.max_memory_kb = 0;
2796 pbkdf.iterations = 1000;
2799 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
2800 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
2802 /* test crypt_keyslot_add_by_key */
2803 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2804 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms2));
2805 EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
2806 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
2807 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
2808 EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_UNBOUND);
2809 /* must not activate volume with keyslot unassigned to a segment */
2810 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0), "Key doesn't match volume key digest");
2811 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), "Keyslot not assigned to volume");
2812 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), "No keyslot assigned to volume with this passphrase");
2813 /* unusable for volume activation even in test mode */
2814 FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Key doesn't match volume key digest");
2815 /* otoh passphrase check should pass */
2816 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
2817 EQ_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
2818 /* in general crypt_keyslot_add_by_key must allow any reasonable key size
2819 * even though such keyslot will not be usable for segment encryption */
2820 EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size-1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
2821 EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 13, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
2823 FAIL_(crypt_keyslot_get_key_size(cd, CRYPT_ANY_SLOT), "Bad keyslot specification.");
2824 EQ_(crypt_get_volume_key_size(cd), key_size);
2825 EQ_(crypt_keyslot_get_key_size(cd, 0), key_size);
2826 EQ_(crypt_keyslot_get_key_size(cd, 1), key_size);
2827 EQ_(crypt_keyslot_get_key_size(cd, 2), key_size-1);
2828 EQ_(crypt_keyslot_get_key_size(cd, 3), 13);
2830 key_ret_len = key_size - 1;
2831 FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "Wrong size");
2834 FAIL_(crypt_volume_key_get(cd, 2, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "wrong size");
2835 EQ_(crypt_volume_key_get(cd, 3, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 3);
2836 FAIL_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0), "Not a volume key");
2837 key_ret_len = key_size;
2838 EQ_(crypt_volume_key_get(cd, 1, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
2840 /* test force volume key change works as expected */
2841 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
2842 OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
2843 OK_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0));
2844 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0));
2845 OK_(crypt_deactivate(cd, CDEVICE_1));
2846 EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
2847 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
2848 OK_(crypt_deactivate(cd, CDEVICE_1));
2849 /* old keyslot must be unusable */
2850 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Key doesn't match volume key digest");
2851 FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Key doesn't match volume key digest");
2852 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "Keyslot not assigned to volume");
2853 EQ_(crypt_keyslot_add_by_passphrase(cd, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
2854 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1)), 6);
2855 /* regression test. check new keyslot is properly assigned to new volume key digest */
2856 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
2857 OK_(crypt_deactivate(cd, CDEVICE_1));
2858 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE1, strlen(PASSPHRASE1), 0), 6);
2859 OK_(crypt_deactivate(cd, CDEVICE_1));
2863 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2864 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms2));
2865 /* keyslot 0, volume key, digest 0 */
2866 EQ_(crypt_keyslot_add_by_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
2867 /* keyslot 1, unbound key, digest 1 */
2868 EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
2869 /* keyslot 2, unbound key, digest 1 */
2870 EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 2);
2871 /* keyslot 3, unbound key, digest 2 */
2872 EQ_(crypt_keyslot_add_by_key(cd, 3, key2, key_size - 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 3);
2873 /* keyslot 4, unbound key, digest 1 */
2874 EQ_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 4);
2875 FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET), "Illegal");
2876 FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET | CRYPT_VOLUME_KEY_DIGEST_REUSE), "Illegal");
2877 /* Such key doesn't exist, nothing to reuse */
2878 FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size - 2, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), "Key digest doesn't match any existing.");
2879 /* Keyslot 5, volume key, digest 0 */
2880 EQ_(crypt_keyslot_add_by_key(cd, 5, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), 5);
2882 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
2883 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
2884 OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
2885 FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Not a volume key");
2886 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
2887 OK_(crypt_deactivate(cd, CDEVICE_1));
2888 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 2, PASSPHRASE1, strlen(PASSPHRASE1), 0), 2);
2889 OK_(crypt_deactivate(cd, CDEVICE_1));
2890 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "No volume key keyslot");
2892 /* TODO: key is unusable with aes-xts */
2893 // FAIL_(crypt_keyslot_add_by_key(cd, 3, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), "Unusable key with segment cipher");
2895 EQ_(crypt_keyslot_add_by_key(cd, 5, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 5);
2896 FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Not a volume key");
2897 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
2898 OK_(crypt_deactivate(cd, CDEVICE_1));
2902 _cleanup_dmdevices();
2905 static void Luks2KeyslotParams(void)
2907 char key[128], key2[128];
2908 const char *cipher = "aes", *cipher_mode="xts-plain64";
2909 const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-essiv:sha256";
2910 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
2911 const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
2912 size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16;
2913 uint64_t r_payload_offset;
2914 const struct crypt_pbkdf_type fast_pbkdf = {
2918 .flags = CRYPT_PBKDF_NO_BENCHMARK
2921 crypt_decode_key(key, mk_hex, key_size);
2922 crypt_decode_key(key2, mk_hex2, key_size);
2924 OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
2925 OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
2927 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
2928 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
2930 EQ_(key_size, 2 * keyslot_key_size);
2931 /* test crypt_keyslot_add_by_key */
2932 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2933 OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
2934 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
2935 NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
2936 OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
2937 EQ_(key_size_ret, key_size);
2940 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
2941 EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
2942 EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
2943 EQ_(6, crypt_keyslot_add_by_keyfile(cd, 6, KEYFILE1, 0, KEYFILE2, 0));
2945 // Slots with different encryption type
2946 OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
2947 OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_keyslot));
2948 EQ_(key_size_ret, keyslot_key_size);
2950 EQ_(3, crypt_keyslot_add_by_volume_key(cd, 3, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
2951 EQ_(4, crypt_keyslot_add_by_passphrase(cd, 4, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
2952 EQ_(5, crypt_keyslot_add_by_key(cd, 5, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
2953 EQ_(7, crypt_keyslot_add_by_keyfile(cd, 7, KEYFILE1, 0, KEYFILE2, 0));
2957 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
2958 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
2960 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE);
2961 OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
2962 EQ_(key_size_ret, key_size);
2964 EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE);
2965 OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_spec));
2966 EQ_(key_size_ret, key_size);
2968 EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_UNBOUND);
2969 OK_(strcmp(crypt_keyslot_get_encryption(cd, 2, &key_size_ret), cipher_spec));
2970 EQ_(key_size_ret, key_size);
2972 EQ_(crypt_keyslot_status(cd, 6), CRYPT_SLOT_ACTIVE);
2973 OK_(strcmp(crypt_keyslot_get_encryption(cd, 6, &key_size_ret), cipher_spec));
2974 EQ_(key_size_ret, key_size);
2976 EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE);
2977 OK_(strcmp(crypt_keyslot_get_encryption(cd, 3, &key_size_ret), cipher_keyslot));
2978 EQ_(key_size_ret, keyslot_key_size);
2980 EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE);
2981 OK_(strcmp(crypt_keyslot_get_encryption(cd, 4, &key_size_ret), cipher_keyslot));
2982 EQ_(key_size_ret, keyslot_key_size);
2984 EQ_(crypt_keyslot_status(cd, 5), CRYPT_SLOT_UNBOUND);
2985 OK_(strcmp(crypt_keyslot_get_encryption(cd, 5, &key_size_ret), cipher_keyslot));
2986 EQ_(key_size_ret, keyslot_key_size);
2988 EQ_(crypt_keyslot_status(cd, 7), CRYPT_SLOT_ACTIVE);
2989 OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_keyslot));
2990 EQ_(key_size_ret, keyslot_key_size);
2992 OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
2993 EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
2994 OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spec));
2995 EQ_(key_size_ret, key_size);
2997 /* Revert to default */
2998 EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
2999 OK_(strcmp(crypt_keyslot_get_encryption(cd, 9, &key_size_ret), cipher_spec));
3000 EQ_(key_size_ret, key_size);
3002 /* Set new encryption params */
3003 OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
3005 EQ_(1, crypt_keyslot_change_by_passphrase(cd, 8, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
3006 OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_keyslot));
3007 EQ_(key_size_ret, keyslot_key_size);
3009 EQ_(10, crypt_keyslot_change_by_passphrase(cd, 2, 10, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
3010 OK_(strcmp(crypt_keyslot_get_encryption(cd, 10, &key_size_ret), cipher_keyslot));
3011 EQ_(key_size_ret, keyslot_key_size);
3013 EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
3014 OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_keyslot));
3015 EQ_(key_size_ret, keyslot_key_size);
3019 /* LUKS1 compatible calls */
3020 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3021 OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
3022 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL));
3023 NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
3024 OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
3025 EQ_(key_size_ret, key_size);
3026 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
3027 OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
3028 EQ_(key_size_ret, key_size);
3031 /* LUKS2 cipher null checks */
3032 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3033 OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
3034 OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
3035 FAIL_(crypt_keyslot_set_encryption(cd, "null", 32), "cipher null is not allowed");
3036 FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null", 32), "cipher null is not allowed");
3037 FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null-ecb", 32), "cipher null is not allowed");
3038 EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
3039 NOTNULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
3040 NULL_(strstr(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), "null"));
3043 _cleanup_dmdevices();
3047 static void Luks2ActivateByKeyring(void)
3049 #ifdef KERNEL_KEYRING
3051 key_serial_t kid, kid1;
3052 uint64_t r_payload_offset;
3054 const char *cipher = "aes";
3055 const char *cipher_mode = "xts-plain64";
3057 if (!t_dm_crypt_keyring_support()) {
3058 printf("WARNING: Kernel keyring not supported, skipping test.\n");
3062 kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
3063 NOTFAIL_(kid, "Test or kernel keyring are broken.");
3064 kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
3065 NOTFAIL_(kid1, "Test or kernel keyring are broken.");
3067 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
3068 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
3070 // prepare the device
3071 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3072 crypt_set_iteration_time(cd, 1);
3073 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
3074 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
3075 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
3076 EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 2);
3079 // FIXME: all following tests work as expected but most error messages are missing
3080 // check activate by keyring works exactly same as by passphrase
3081 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3082 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3083 EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0), 0);
3084 EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), 0);
3085 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
3086 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), "already open");
3087 OK_(crypt_deactivate(cd, CDEVICE_1));
3088 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
3089 EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
3090 EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 2, 0), 2);
3091 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 1, 0), "Keyslot not assigned to volume");
3092 EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), 2);
3093 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
3094 OK_(crypt_deactivate(cd, CDEVICE_1));
3095 EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, CRYPT_ANY_SLOT, 0), 2);
3096 OK_(crypt_deactivate(cd, CDEVICE_1));
3097 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 2, 0), "Failed to unclock keyslot");
3098 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 0, 0), "Failed to unclock keyslot");
3101 NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
3102 NOTFAIL_(keyctl_unlink(kid1, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
3104 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3105 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3106 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
3107 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
3108 FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), "no such key in keyring");
3109 FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, 0), "no such key in keyring");
3111 _cleanup_dmdevices();
3113 printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
3117 static void Luks2Requirements(void)
3121 size_t key_size = 128;
3122 const struct crypt_pbkdf_type *pbkdf;
3123 #ifdef KERNEL_KEYRING
3127 uint64_t dummy, r_payload_offset;
3128 struct crypt_active_device cad;
3130 const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}";
3131 struct crypt_pbkdf_type argon2 = {
3132 .type = CRYPT_KDF_ARGON2I,
3133 .hash = DEFAULT_LUKS1_HASH,
3135 .max_memory_kb = 1024,
3136 .parallel_threads = 1
3138 .type = CRYPT_KDF_PBKDF2,
3139 .hash = DEFAULT_LUKS1_HASH,
3142 struct crypt_token_params_luks2_keyring params_get, params = {
3143 .key_description = KEY_DESC_TEST0
3146 OK_(prepare_keyfile(KEYFILE1, "aaa", 3));
3147 OK_(prepare_keyfile(KEYFILE2, "xxx", 3));
3149 /* crypt_load (unrestricted) */
3150 OK_(crypt_init(&cd, DEVICE_5));
3151 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
3154 OK_(crypt_init(&cd, DEVICE_5));
3155 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3157 /* crypt_dump (unrestricted) */
3159 OK_(crypt_dump(cd));
3160 OK_(!(global_lines != 0));
3163 /* get & set pbkdf params (unrestricted) */
3165 OK_(crypt_set_pbkdf_type(cd, &argon2));
3166 NOTNULL_(crypt_get_pbkdf_type(cd));
3169 OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
3170 NOTNULL_(crypt_get_pbkdf_type(cd));
3172 /* crypt_set_iteration_time (unrestricted) */
3173 crypt_set_iteration_time(cd, 1);
3174 pbkdf = crypt_get_pbkdf_type(cd);
3176 EQ_(pbkdf->time_ms, 1);
3178 /* crypt_convert (restricted) */
3179 FAIL_((r = crypt_convert(cd, CRYPT_LUKS1, NULL)), "Unmet requirements detected");
3182 /* crypt_set_uuid (restricted) */
3183 FAIL_((r = crypt_set_uuid(cd, NULL)), "Unmet requirements detected");
3186 /* crypt_set_label (restricted) */
3187 FAIL_((r = crypt_set_label(cd, "label", "subsystem")), "Unmet requirements detected");
3190 /* crypt_repair (with current repair capabilities it's unrestricted) */
3191 OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
3193 /* crypt_keyslot_add_passphrase (restricted) */
3194 FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
3197 /* crypt_keyslot_change_by_passphrase (restricted) */
3198 FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
3201 /* crypt_keyslot_add_by_keyfile (restricted) */
3202 FAIL_((r = crypt_keyslot_add_by_keyfile(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, KEYFILE2, 0)), "Unmet requirements detected");
3205 /* crypt_keyslot_add_by_keyfile_offset (restricted) */
3206 FAIL_((r = crypt_keyslot_add_by_keyfile_offset(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, 0, KEYFILE2, 0, 0)), "Unmet requirements detected");
3209 /* crypt_volume_key_get (unrestricted, but see below) */
3210 OK_(crypt_volume_key_get(cd, 0, key, &key_size, "aaa", 3));
3212 /* crypt_keyslot_add_by_volume_key (restricted) */
3213 FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3)), "Unmet requirements detected");
3216 /* crypt_keyslot_add_by_key (restricted) */
3217 FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, "xxx", 3, CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected");
3220 /* crypt_keyslot_add_by_key (restricted) */
3221 FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3, 0)), "Unmet requirements detected");
3224 /* crypt_persistent_flasgs_set (restricted) */
3225 FAIL_((r = crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, CRYPT_ACTIVATE_ALLOW_DISCARDS)), "Unmet requirements detected");
3228 /* crypt_persistent_flasgs_get (unrestricted) */
3229 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
3230 EQ_(flags, (uint32_t) CRYPT_REQUIREMENT_UNKNOWN);
3232 /* crypt_activate_by_passphrase (restricted for activation only) */
3233 FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)), "Unmet requirements detected");
3235 OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, 0));
3236 OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3237 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
3239 /* crypt_activate_by_keyfile (restricted for activation only) */
3240 FAIL_((r = crypt_activate_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
3242 OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, 0));
3243 OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3245 /* crypt_activate_by_volume_key (restricted for activation only) */
3246 FAIL_((r = crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)), "Unmet requirements detected");
3248 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
3249 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3251 #ifdef KERNEL_KEYRING
3252 if (t_dm_crypt_keyring_support()) {
3253 kid = add_key("user", KEY_DESC_TEST0, "aaa", 3, KEY_SPEC_THREAD_KEYRING);
3254 NOTFAIL_(kid, "Test or kernel keyring are broken.");
3256 /* crypt_activate_by_keyring (restricted for activation only) */
3257 FAIL_((r = crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0)), "Unmet requirements detected");
3258 EQ_(r, t_dm_crypt_keyring_support() ? -ETXTBSY : -EINVAL);
3259 OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0));
3260 OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY));
3264 /* crypt_volume_key_verify (unrestricted) */
3265 OK_(crypt_volume_key_verify(cd, key, key_size));
3267 /* crypt_get_cipher (unrestricted) */
3268 OK_(strcmp(crypt_get_cipher(cd)?:"", "aes"));
3270 /* crypt_get_cipher_mode (unrestricted) */
3271 OK_(strcmp(crypt_get_cipher_mode(cd)?:"", "xts-plain64"));
3273 /* crypt_get_uuid (unrestricted) */
3274 NOTNULL_(crypt_get_uuid(cd));
3276 /* crypt_get_device_name (unrestricted) */
3277 NOTNULL_(crypt_get_device_name(cd));
3279 /* crypt_get_data_offset (unrestricted) */
3280 OK_(!crypt_get_data_offset(cd));
3282 /* crypt_get_iv_offset (unrestricted, nothing to test) */
3284 /* crypt_get_volume_key_size (unrestricted) */
3285 EQ_(crypt_get_volume_key_size(cd), key_size);
3287 /* crypt_keyslot_status (unrestricted) */
3288 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
3289 EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_INACTIVE);
3291 /* crypt_keyslot_get_priority (unrestricted) */
3292 EQ_(crypt_keyslot_get_priority(cd, 0), CRYPT_SLOT_PRIORITY_NORMAL);
3294 /* crypt_keyslot_set_priority (restricted) */
3295 FAIL_((r = crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_PREFER)), "Unmet requirements detected");
3298 /* crypt_keyslot_area (unrestricted) */
3299 OK_(crypt_keyslot_area(cd, 0, &dummy, &dummy));
3302 /* crypt_header_backup (unrestricted) */
3303 remove(BACKUP_FILE);
3304 OK_(crypt_header_backup(cd, CRYPT_LUKS, BACKUP_FILE));
3306 /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
3307 FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
3309 remove(BACKUP_FILE);
3311 /* crypt_token_json_set (restricted) */
3312 FAIL_((r = crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json)), "Unmet requirements detected");
3315 /* crypt_token_json_get (unrestricted) */
3316 OK_(crypt_token_json_get(cd, 0, &token));
3317 NOTNULL_(strstr(token, "user_type"));
3319 /* crypt_token_status (unrestricted) */
3320 EQ_(crypt_token_status(cd, 0, &token), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
3321 OK_(strcmp(token, "user_type"));
3322 EQ_(crypt_token_status(cd, 1, &token), CRYPT_TOKEN_INTERNAL);
3323 OK_(strcmp(token, "luks2-keyring"));
3324 EQ_(crypt_token_status(cd, 2, NULL), CRYPT_TOKEN_INACTIVE);
3325 EQ_(crypt_token_status(cd, 6, &token), CRYPT_TOKEN_INTERNAL_UNKNOWN);
3327 /* crypt_token_luks2_keyring_set (restricted) */
3328 FAIL_((r = crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, ¶ms)), "Unmet requirements detected");
3331 /* crypt_token_luks2_keyring_get (unrestricted) */
3332 EQ_(crypt_token_luks2_keyring_get(cd, 1, ¶ms_get), 1);
3333 OK_(strcmp(params_get.key_description, KEY_DESC_TEST0));
3335 /* crypt_token_assign_keyslot (unrestricted) */
3336 FAIL_((r = crypt_token_assign_keyslot(cd, 0, 1)), "Unmet requirements detected");
3339 /* crypt_token_unassign_keyslot (unrestricted) */
3340 FAIL_((r = crypt_token_unassign_keyslot(cd, CRYPT_ANY_TOKEN, CRYPT_ANY_SLOT)), "Unmet requirements detected");
3343 /* crypt_activate_by_token (restricted for activation only) */
3344 #ifdef KERNEL_KEYRING
3345 if (t_dm_crypt_keyring_support()) {
3346 FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent
3348 OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0));
3349 OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY));
3352 OK_(get_luks2_offsets(0, 8192, 0, NULL, &r_payload_offset));
3353 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 2));
3354 //OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" NO_REQS_LUKS2_HEADER " bs=4096 2>/dev/null", 1));
3355 OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3357 /* need to fake activated LUKSv2 device with requirements features */
3359 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3360 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
3361 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
3362 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
3363 /* replace header with no requirements */
3364 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3367 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_5));
3369 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3371 /* crypt_header_restore (restricted with confirmation required) */
3372 /* allow force restore over device header w/ requirements */
3373 OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
3374 remove(BACKUP_FILE);
3375 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3376 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); /* create backup with requirements */
3378 /* crypt_suspend (restricted) */
3379 FAIL_((r = crypt_suspend(cd, CDEVICE_1)), "Unmet requirements detected");
3383 /* replace header again to suspend the device */
3384 OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3385 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3386 OK_(crypt_suspend(cd, CDEVICE_1));
3388 /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
3389 /* refuse to overwrite header w/ backup including requirements */
3390 FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
3395 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3396 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3398 /* crypt_resume_by_passphrase (restricted) */
3399 FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)), "Unmet requirements detected");
3402 /* crypt_resume_by_keyfile (restricted) */
3403 FAIL_((r = crypt_resume_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0)), "Unmet requirements detected");
3406 /* crypt_resume_by_keyfile_offset (restricted) */
3407 FAIL_((r = crypt_resume_by_keyfile_offset(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
3411 OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3412 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3413 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3));
3415 OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
3417 OK_(crypt_init_by_name(&cd, CDEVICE_1));
3418 /* load VK in keyring */
3419 OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
3420 /* crypt_resize (restricted) */
3421 FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected");
3423 GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
3425 /* crypt_get_active_device (unrestricted) */
3426 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3427 #ifdef KERNEL_KEYRING
3428 if (t_dm_crypt_keyring_support())
3429 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
3432 /* crypt_deactivate (unrestricted) */
3433 OK_(crypt_deactivate(cd, CDEVICE_1));
3435 /* crypt_token_is_assigned (unrestricted) */
3436 OK_(crypt_token_is_assigned(cd, 1, 0));
3437 OK_(crypt_token_is_assigned(cd, 6, 0));
3438 EQ_(crypt_token_is_assigned(cd, 0, 0), -ENOENT);
3440 /* crypt_keyslot_destroy (unrestricted) */
3441 OK_(crypt_keyslot_destroy(cd, 0));
3444 _cleanup_dmdevices();
3447 static void Luks2Integrity(void)
3449 struct crypt_params_integrity ip = {};
3450 struct crypt_params_luks2 params = {
3452 .integrity = "hmac(sha256)"
3454 size_t key_size = 32 + 32;
3455 const char *passphrase = "blabla";
3456 const char *cipher = "aes";
3457 const char *cipher_mode = "xts-random";
3460 // FIXME: This is just a stub
3461 OK_(crypt_init(&cd, DEVICE_2));
3462 ret = crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, ¶ms);
3464 printf("WARNING: cannot format integrity device, skipping test.\n");
3469 EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, passphrase, strlen(passphrase)), 7);
3470 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, passphrase, strlen(passphrase) ,0), 7);
3471 GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
3474 OK_(crypt_init_by_name_and_header(&cd, CDEVICE_2, NULL));
3475 OK_(crypt_get_integrity_info(cd, &ip));
3476 OK_(strcmp(cipher, crypt_get_cipher(cd)));
3477 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
3478 OK_(strcmp("hmac(sha256)", ip.integrity));
3479 EQ_(32, ip.integrity_key_size);
3480 EQ_(32+16, ip.tag_size);
3481 OK_(crypt_deactivate(cd, CDEVICE_2));
3484 OK_(crypt_init(&cd, DEVICE_2));
3485 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size - 32, ¶ms), "Wrong key size.");
3486 FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, "xts-plainx", NULL, NULL, key_size, ¶ms), "Wrong cipher.");
3490 static int set_fast_pbkdf(struct crypt_device *cd)
3492 struct crypt_pbkdf_type pbkdf = {
3496 .max_memory_kb = 32,
3497 .parallel_threads = 1,
3498 .flags = CRYPT_PBKDF_NO_BENCHMARK
3501 /* Cannot use Argon2 in FIPS */
3503 pbkdf.type = CRYPT_KDF_PBKDF2;
3504 pbkdf.parallel_threads = 0;
3505 pbkdf.max_memory_kb = 0;
3506 pbkdf.iterations = 1000;
3508 return crypt_set_pbkdf_type(cd, &pbkdf);
3511 static int check_flag(uint32_t flags, uint32_t flag)
3513 return (flags & flag) ? 0 : -1;
3516 static void Luks2Refresh(void)
3518 uint64_t r_payload_offset;
3519 char key[128], key1[128];
3520 const char *cipher = "aes", *mode = "xts-plain64";
3521 const char *mk_hex = "bb21158c733229347bd4e681891e213d94c645be6a5b84818afe7a78a6de7a1a";
3522 const char *mk_hex2 = "bb22158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
3523 size_t key_size = strlen(mk_hex) / 2;
3524 struct crypt_params_luks2 params = {
3528 struct crypt_active_device cad = {};
3530 crypt_decode_key(key, mk_hex, key_size);
3531 crypt_decode_key(key1, mk_hex2, key_size);
3533 OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
3534 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
3535 OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 5000));
3536 OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
3537 OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset));
3539 /* prepare test device */
3540 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3541 OK_(set_fast_pbkdf(cd));
3542 OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, key, 32, NULL));
3543 OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
3544 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
3546 /* check we can refresh significant flags */
3547 if (t_dm_crypt_discard_support()) {
3548 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS));
3549 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3550 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_ALLOW_DISCARDS));
3554 if (t_dm_crypt_cpu_switch_support()) {
3555 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT));
3556 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3557 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SAME_CPU_CRYPT));
3560 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3561 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3562 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3565 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3566 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3567 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3571 OK_(crypt_volume_key_keyring(cd, 0));
3572 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3573 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3574 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised.");
3577 #ifdef KERNEL_KEYRING
3578 if (t_dm_crypt_keyring_support()) {
3579 OK_(crypt_volume_key_keyring(cd, 1));
3580 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3581 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3582 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY));
3587 /* multiple flags at once */
3588 if (t_dm_crypt_discard_support() && t_dm_crypt_cpu_switch_support()) {
3589 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
3590 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3591 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
3595 /* do not allow reactivation with read-only (and drop flag silently because activation behaves exactly same) */
3596 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY));
3597 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3598 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY), "Reactivated with read-only flag.");
3601 /* reload flag is dropped silently */
3602 OK_(crypt_deactivate(cd, CDEVICE_1));
3603 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3605 /* check read-only flag is not lost after reload */
3606 OK_(crypt_deactivate(cd, CDEVICE_1));
3607 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_READONLY));
3608 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3609 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3610 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY));
3613 /* check LUKS2 with auth. enc. reload */
3614 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
3615 if (!crypt_format(cd2, CRYPT_LUKS2, "aes", "gcm-random", crypt_get_uuid(cd), key, 32, ¶ms)) {
3616 OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, "aaa", 3));
3617 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, 0));
3618 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL));
3619 OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
3620 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL));
3622 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3623 OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
3624 OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
3626 OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
3627 OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
3628 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL), "");
3629 FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS), "");
3630 FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context");
3631 OK_(crypt_deactivate(cd2, CDEVICE_2));
3633 printf("WARNING: cannot format integrity device, skipping few reload tests.\n");
3637 /* Use LUKS1 context on LUKS2 device */
3638 OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
3639 OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
3640 OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, "aaa", 3));
3641 FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context");
3644 /* Use PLAIN context on LUKS2 device */
3645 OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
3646 OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, mode, NULL, key, 32, NULL));
3647 OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
3648 FAIL_(crypt_activate_by_volume_key(cd2, CDEVICE_1, key, key_size, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with PLAIN context");
3649 OK_(crypt_deactivate(cd2, CDEVICE_2));
3652 /* (snapshot-like case) */
3653 /* try to refresh almost identical device (differs only in major:minor of data device) */
3654 OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
3655 OK_(set_fast_pbkdf(cd2));
3656 OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
3657 OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
3658 FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device");
3660 OK_(crypt_deactivate(cd, CDEVICE_1));
3665 _cleanup_dmdevices();
3668 static void Luks2Flags(void)
3670 uint32_t flags = 42;
3672 OK_(crypt_init(&cd, DEVICE_1));
3673 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3675 /* check library erase passed variable on success when no flags set */
3676 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
3679 /* check set and get behave as expected */
3680 flags = CRYPT_ACTIVATE_ALLOW_DISCARDS;
3681 OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
3683 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
3684 EQ_(flags, CRYPT_ACTIVATE_ALLOW_DISCARDS);
3686 flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
3687 OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
3688 flags = (uint32_t)~0;
3689 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
3690 EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS);
3695 #if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
3696 static int test_progress(uint64_t size, uint64_t offset, void *usrptr)
3698 while (--test_progress_steps)
3703 static void Luks2Reencryption(void)
3705 /* reencryption currently depends on kernel keyring support */
3707 * - reencryption requires luks2 parameters. can we avoid it?
3710 uint64_t r_header_size, r_size_1;
3711 struct crypt_active_device cad;
3712 struct crypt_pbkdf_type pbkdf = {
3713 .type = CRYPT_KDF_ARGON2I,
3715 .parallel_threads = 1,
3716 .max_memory_kb = 128,
3718 .flags = CRYPT_PBKDF_NO_BENCHMARK
3720 struct crypt_params_luks2 params2 = {
3724 struct crypt_params_reencrypt retparams = {}, rparams = {
3725 .direction = CRYPT_REENCRYPT_FORWARD,
3726 .resilience = "checksum",
3731 const char *mk_hex = "bb21babe733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
3732 size_t key_size = strlen(mk_hex) / 2;
3735 crypt_decode_key(key, mk_hex, key_size);
3737 /* reencryption currently depends on kernel keyring support in dm-crypt */
3738 if (!t_dm_crypt_keyring_support())
3741 /* Cannot use Argon2 in FIPS */
3743 pbkdf.type = CRYPT_KDF_PBKDF2;
3744 pbkdf.parallel_threads = 0;
3745 pbkdf.max_memory_kb = 0;
3746 pbkdf.iterations = 1000;
3749 OK_(get_luks2_offsets(1, 0, 0, &r_header_size, NULL));
3750 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
3751 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
3754 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3755 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
3756 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
3757 EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
3759 /* add several unbound keys */
3760 EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
3761 EQ_(crypt_keyslot_add_by_key(cd, 10, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 10);
3762 EQ_(crypt_keyslot_add_by_key(cd, 11, NULL, 42, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 11);
3763 EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE_LAST);
3765 /* test cipher parameters validation */
3766 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 11, "aes", "xts-plain64", &rparams), "Cipher not compatible with new volume key size.");
3767 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "tHeHamstErciphErr", "xts-plain64", &rparams), "Wrong cipher.");
3768 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "HamSterMoOode-plain64", &rparams), "Wrong mode.");
3770 /* test reencryption flags */
3771 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
3772 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption not initialized.");
3773 rparams.flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY;
3774 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid flags combination.");
3776 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3777 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
3778 FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized.");
3780 rparams.flags &= ~CRYPT_REENCRYPT_RESUME_ONLY;
3781 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
3782 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3783 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
3785 /* check reencrypt status is correct */
3786 EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
3787 EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
3788 EQ_(retparams.direction, CRYPT_REENCRYPT_FORWARD);
3789 EQ_(retparams.data_shift, 0);
3790 EQ_(retparams.device_size, 0);
3792 /* check reencryption flag in metadata */
3793 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3794 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
3796 /* some parameters are expected to change immediately after reencryption initialization */
3797 EQ_(crypt_get_volume_key_size(cd), 64);
3798 OK_(strcmp(crypt_get_cipher_mode(cd), "xts-plain64"));
3799 EQ_(crypt_get_sector_size(cd), 4096);
3800 /* reencrypt keyslot must be unbound */
3801 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_UNBOUND);
3802 /* keyslot assigned to new segment is switched to last active */
3803 EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST);
3804 /* keyslot assigned to old segment remains active */
3805 EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE);
3807 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "xts-plain", &rparams), "Reencryption already initialized.");
3810 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
3811 OK_(crypt_reencrypt(cd, NULL));
3813 /* check keyslots are reassigned to segment after reencryption */
3814 EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INACTIVE);
3815 EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST);
3816 EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND);
3817 EQ_(crypt_keyslot_status(cd, 11), CRYPT_SLOT_UNBOUND);
3818 EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_INACTIVE);
3820 EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
3821 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
3822 params2.sector_size = 512;
3823 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
3825 /* fixed device size parameter impact */
3826 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
3827 rparams.device_size = 24;
3828 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size.");
3829 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3830 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
3831 rparams.device_size = 15;
3832 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size alignment.");
3833 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3834 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
3835 FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized.");
3836 rparams.device_size = 16;
3837 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
3838 OK_(crypt_reencrypt(cd, NULL));
3839 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3840 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
3842 /* limited hotzone size parameter impact */
3843 EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
3844 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
3845 rparams.device_size = 0;
3846 params2.sector_size = 4096;
3847 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
3849 /* max hotzone size parameter impact */
3850 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
3851 rparams.max_hotzone_size = 1;
3852 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid hotzone size alignment.");
3853 rparams.max_hotzone_size = 24; /* should be ok. Device size is 16 sectors and the parameter defines upper limit, not lower */
3854 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
3855 rparams.max_hotzone_size = 8;
3856 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
3859 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3860 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
3861 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
3863 rparams.max_hotzone_size = 0;
3864 rparams.resilience = "haMster";
3865 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience mode.");
3866 rparams.resilience = "checksum";
3867 rparams.hash = "hamSter";
3868 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash.");
3870 rparams.hash = "sha1";
3871 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
3872 OK_(crypt_reencrypt(cd, NULL));
3874 /* FIXME: this is a bug, but not critical (data shift parameter is ignored after initialization) */
3875 //rparams.data_shift = 8;
3876 //FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid reencryption parameters.");
3878 EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
3880 rparams.resilience = "none";
3881 rparams.max_hotzone_size = 2048;
3882 /* online reencryption on inactive device */
3883 FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device is not active.");
3884 /* FIXME: this is minor bug. In fact we need only key from keyslot 9 */
3885 //EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 9, PASSPHRASE, strlen(PASSPHRASE), 0), 9);
3886 NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device.");
3887 /* offline reencryption on active device */
3888 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device mounted or active.");
3889 OK_(crypt_deactivate(cd, CDEVICE_1));
3890 /* Wrong context checks */
3891 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
3892 /* cd is ready for reencryption */
3893 OK_(crypt_init(&cd2, DMDIR L_DEVICE_OK));
3894 OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
3895 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
3896 FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
3898 FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
3899 FAIL_(crypt_reencrypt(cd2, NULL), "Invalid reencryption context.");
3900 OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3901 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
3902 OK_(crypt_persistent_flags_get(cd2, CRYPT_FLAGS_REQUIREMENTS, &getflags));
3903 EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
3904 EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
3905 EQ_(crypt_reencrypt_status(cd2, NULL), CRYPT_REENCRYPT_CLEAN);
3906 FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
3907 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
3908 OK_(crypt_reencrypt(cd, NULL));
3912 /* Partial device reencryption parameter */
3913 params2.sector_size = 512;
3914 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3915 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
3916 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
3917 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
3918 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
3920 rparams.device_size = 2;
3921 rparams.max_hotzone_size = 1;
3922 rparams.resilience = "none";
3923 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
3925 /* interrupt reencryption after 'test_progress_steps' */
3926 test_progress_steps = 1;
3927 OK_(crypt_reencrypt(cd, &test_progress));
3928 EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
3930 NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Could not activate device in reencryption.");
3931 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3933 EQ_(cad.offset, r_header_size);
3934 /* TODO: this should work in future releases unless reencryption process is running */
3935 FAIL_(crypt_resize(cd, CDEVICE_1, 1), "Device in reencryption.");
3936 FAIL_(crypt_resize(cd, CDEVICE_1, 0), "Device in reencryption.");
3938 rparams.max_hotzone_size = 0;
3939 rparams.device_size = 3;
3940 FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
3941 crypt_deactivate(cd, CDEVICE_1);
3942 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
3943 rparams.device_size = 2;
3944 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
3945 NOTFAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Failed to initialize reencryption.");
3946 OK_(crypt_reencrypt(cd, NULL));
3947 EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
3948 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
3949 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
3950 /* after reencryption use whole device again */
3952 OK_(crypt_deactivate(cd, CDEVICE_1));
3954 /* Reencrypt device with wrong size */
3955 EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
3956 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
3957 OK_(crypt_resize(cd, CDEVICE_1, 7));
3958 rparams.device_size = 0;
3960 params2.sector_size = 4096;
3961 FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Active device size is not aligned to new sector size.");
3962 rparams.device_size = 8;
3963 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Reduced reencryption size does not match active device.");
3964 /* FIXME: allow after resize in reencryption is supported */
3965 //NOTFAIL_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY | CRYPT_ACTIVATE_KEYRING_KEY), "Failed to load keys.");
3966 // OK_(crypt_resize(cd, CDEVICE_1, 8));
3967 OK_(crypt_deactivate(cd, CDEVICE_1));
3970 params2.sector_size = 512;
3971 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
3972 OK_(crypt_init(&cd2, DMDIR H_DEVICE));
3973 OK_(crypt_set_data_offset(cd2, r_header_size - 8));
3974 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
3975 OK_(crypt_set_pbkdf_type(cd2, &pbkdf));
3976 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
3977 OK_(crypt_format(cd2, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
3978 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
3979 EQ_(crypt_keyslot_add_by_volume_key(cd2, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
3980 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
3981 EQ_(crypt_keyslot_add_by_key(cd2, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
3982 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
3983 EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
3984 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
3985 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
3986 EQ_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
3987 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
3988 /* reference wrong device in active device name */
3989 FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device.");
3990 FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device.");
3991 EQ_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
3992 FAIL_(crypt_set_data_device(cd2, DMDIR L_DEVICE_OK), "Device in reencryption.");
3993 OK_(crypt_deactivate(cd, CDEVICE_1));
3994 OK_(crypt_deactivate(cd2, CDEVICE_2));
3998 /* data shift related tests */
3999 params2.sector_size = 512;
4000 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4001 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4002 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4003 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
4004 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
4005 memset(&rparams, 0, sizeof(rparams));
4006 rparams.direction = CRYPT_REENCRYPT_BACKWARD;
4007 rparams.resilience = "datashift";
4008 rparams.data_shift = 8;
4009 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
4010 rparams.luks2 = ¶ms2;
4011 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
4012 EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
4013 EQ_(retparams.data_shift, 8);
4014 EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
4015 OK_(strcmp(retparams.resilience, "datashift"));
4016 EQ_(crypt_get_data_offset(cd), 32776);
4017 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4018 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
4019 OK_(crypt_reencrypt(cd, NULL));
4021 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4022 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4023 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4024 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
4025 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
4027 EQ_(crypt_get_data_offset(cd), 32776);
4028 OK_(crypt_deactivate(cd, CDEVICE_1));
4030 EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
4031 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Device is too small.");
4033 // BUG: We need reencrypt abort flag
4034 /* it fails, but it's already initialized and we have no way to abort yet */
4035 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4036 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4037 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4038 EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1);
4039 EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
4040 rparams.direction = CRYPT_REENCRYPT_FORWARD;
4041 rparams.resilience = "datashift";
4042 rparams.data_shift = 8;
4043 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
4044 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
4045 EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
4046 EQ_(retparams.data_shift, 8);
4047 EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
4048 OK_(strcmp(retparams.resilience, "datashift"));
4049 EQ_(crypt_get_data_offset(cd), 32760);
4050 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4051 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
4052 OK_(crypt_reencrypt(cd, NULL));
4054 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4055 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4056 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
4057 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
4059 EQ_(crypt_get_data_offset(cd), 32760);
4060 OK_(crypt_deactivate(cd, CDEVICE_1));
4063 /* data shift with online device */
4064 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4065 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4066 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4067 EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
4068 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
4069 rparams.direction = CRYPT_REENCRYPT_BACKWARD;
4070 rparams.resilience = "datashift";
4071 rparams.data_shift = 8;
4073 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
4074 FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Active device too large.");
4075 OK_(crypt_deactivate(cd, CDEVICE_1));
4076 NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
4077 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
4079 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4080 EQ_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
4081 OK_(crypt_reencrypt(cd, NULL));
4082 OK_(crypt_deactivate(cd, CDEVICE_1));
4085 _cleanup_dmdevices();
4087 /* encryption with datashift and moved segment (limit values for data shift) */
4088 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
4089 OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2));
4091 OK_(crypt_init(&cd, DMDIR H_DEVICE));
4093 memset(&rparams, 0, sizeof(rparams));
4094 params2.sector_size = 512;
4095 params2.data_device = DMDIR L_DEVICE_OK;
4096 rparams.mode = CRYPT_REENCRYPT_ENCRYPT;
4097 rparams.direction = CRYPT_REENCRYPT_BACKWARD;
4098 rparams.resilience = "datashift";
4099 rparams.data_shift = 8192;
4100 rparams.luks2 = ¶ms2;
4101 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
4102 OK_(crypt_set_data_offset(cd, 8192));
4103 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2));
4104 EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
4105 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0);
4107 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4108 OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE));
4110 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4111 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4112 EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
4113 EQ_(retparams.mode, CRYPT_REENCRYPT_ENCRYPT);
4114 OK_(strcmp(retparams.resilience, "datashift"));
4115 EQ_(retparams.data_shift, 8192);
4116 EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT);
4117 EQ_(crypt_get_data_offset(cd), 8192);
4118 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4119 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
4120 OK_(crypt_reencrypt(cd, NULL));
4123 _cleanup_dmdevices();
4124 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
4125 OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2+1));
4127 /* encryption with datashift and moved segment (data shift + 1 sector) */
4128 OK_(crypt_init(&cd, DMDIR H_DEVICE));
4129 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
4130 OK_(crypt_set_data_offset(cd, 8192));
4131 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2));
4132 EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
4133 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0);
4135 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4136 OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE));
4137 EQ_(crypt_get_data_offset(cd), 8192);
4138 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4139 EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
4140 OK_(crypt_reencrypt(cd, NULL));
4143 _cleanup_dmdevices();
4144 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
4145 OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2));
4147 OK_(crypt_init(&cd, DMDIR H_DEVICE));
4149 /* encryption with datashift and moved segment (data shift + data offset > device size) */
4150 memset(&rparams, 0, sizeof(rparams));
4151 params2.sector_size = 512;
4152 params2.data_device = DMDIR L_DEVICE_OK;
4153 rparams.mode = CRYPT_REENCRYPT_ENCRYPT;
4154 rparams.direction = CRYPT_REENCRYPT_BACKWARD;
4155 rparams.resilience = "datashift";
4156 rparams.data_shift = 8200;
4157 rparams.luks2 = ¶ms2;
4158 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
4159 OK_(crypt_set_data_offset(cd, 8200));
4160 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2));
4161 EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
4162 FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), "Data device is too small");
4163 EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
4166 _cleanup_dmdevices();
4167 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
4168 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 1));
4170 /* decryption backward */
4171 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4172 params2.data_device = NULL;
4173 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4174 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4175 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
4176 memset(&rparams, 0, sizeof(rparams));
4177 rparams.mode = CRYPT_REENCRYPT_DECRYPT;
4178 rparams.direction = CRYPT_REENCRYPT_BACKWARD;
4179 rparams.resilience = "none";
4180 rparams.max_hotzone_size = 2048;
4181 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
4182 OK_(crypt_reencrypt(cd, NULL));
4184 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4185 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4186 EQ_(crypt_get_data_offset(cd), r_header_size);
4187 EQ_(crypt_get_volume_key_size(cd), 0);
4188 OK_(strcmp(crypt_get_cipher(cd), "cipher_null"));
4191 /* decryption forward */
4192 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4193 params2.data_device = NULL;
4194 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4195 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4196 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
4197 memset(&rparams, 0, sizeof(rparams));
4198 rparams.mode = CRYPT_REENCRYPT_DECRYPT;
4199 rparams.direction = CRYPT_REENCRYPT_FORWARD;
4200 rparams.resilience = "none";
4201 rparams.max_hotzone_size = 2048;
4202 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
4203 OK_(crypt_reencrypt(cd, NULL));
4206 /* decryption with data shift */
4207 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4208 params2.data_device = NULL;
4209 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4210 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4211 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
4212 remove(BACKUP_FILE);
4213 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
4215 // FIXME: we need write flock
4216 OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
4217 OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
4218 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4219 EQ_(crypt_get_data_offset(cd), r_header_size);
4220 memset(&rparams, 0, sizeof(rparams));
4221 rparams.mode = CRYPT_REENCRYPT_DECRYPT;
4222 rparams.direction = CRYPT_REENCRYPT_FORWARD;
4223 rparams.resilience = "datashift";
4224 rparams.data_shift = r_header_size;
4225 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
4226 EQ_(crypt_get_data_offset(cd), 0);
4227 OK_(crypt_reencrypt(cd, NULL));
4228 remove(BACKUP_FILE);
4231 /* online decryption with data shift (future feature) */
4232 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4233 params2.data_device = NULL;
4234 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4235 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4236 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
4237 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
4238 OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1));
4240 // create placeholder device to block automatic deactivation after decryption
4241 OK_(_system("dmsetup create " CDEVICE_1 " --table \"0 1 linear " DMDIR CDEVICE_2 " 0\"", 1));
4242 remove(BACKUP_FILE);
4243 OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
4245 // FIXME: we need write flock
4246 OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
4247 OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
4248 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4249 EQ_(crypt_get_data_offset(cd), r_header_size);
4250 memset(&rparams, 0, sizeof(rparams));
4251 rparams.mode = CRYPT_REENCRYPT_DECRYPT;
4252 rparams.direction = CRYPT_REENCRYPT_FORWARD;
4253 rparams.resilience = "datashift";
4254 rparams.data_shift = r_header_size;
4255 OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
4256 EQ_(crypt_get_data_offset(cd), 0);
4257 OK_(crypt_reencrypt(cd, NULL));
4258 remove(BACKUP_FILE);
4259 OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1));
4261 OK_(_system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0));
4264 _cleanup_dmdevices();
4265 OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
4266 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size));
4267 OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_header_size));
4269 /* check detached header misuse (mismatching keys in table and mda) */
4270 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
4271 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4272 params2.data_device = DMDIR L_DEVICE_WRONG;
4273 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4274 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
4275 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
4276 /* activate second device using same header */
4277 OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
4278 OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
4279 OK_(crypt_set_pbkdf_type(cd2, &pbkdf));
4280 EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
4282 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
4284 memset(&rparams, 0, sizeof(rparams));
4285 rparams.resilience = "none";
4286 rparams.max_hotzone_size = 16*2048;
4287 rparams.luks2 = ¶ms2;
4289 OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
4290 OK_(crypt_reencrypt(cd, NULL));
4292 OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
4293 OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
4294 OK_(crypt_set_pbkdf_type(cd2, &pbkdf));
4295 EQ_(crypt_keyslot_add_by_key(cd2, 2, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
4296 rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
4297 FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table.");
4298 OK_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams));
4299 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4300 FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table.");
4301 OK_(crypt_deactivate(cd, CDEVICE_1));
4302 OK_(crypt_deactivate(cd2, CDEVICE_2));
4306 /* check detached header misuse (mismatching progress data in active device and mda) */
4307 OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
4308 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4309 params2.data_device = DMDIR L_DEVICE_WRONG;
4310 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4311 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
4312 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
4314 rparams.max_hotzone_size = 8;
4315 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
4316 /* reencrypt 8 srectors of device */
4317 test_progress_steps = 1;
4318 OK_(crypt_reencrypt(cd, &test_progress));
4320 /* activate another data device with same LUKS2 header (this is wrong, but we can't detect such mistake) */
4321 OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
4322 OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
4323 NOTFAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_2, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
4326 /* reencrypt yet another 8 sectors of first device */
4327 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4328 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
4329 test_progress_steps = 1;
4330 OK_(crypt_reencrypt(cd, &test_progress));
4332 /* Now active mapping for second data device does not match its metadata */
4333 OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
4334 OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
4335 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4336 FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams), "Mismatching device table.");
4337 OK_(crypt_deactivate(cd2, CDEVICE_2));
4341 _cleanup_dmdevices();
4342 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
4344 /* Test LUKS2 reencryption honors flags device was activate with */
4345 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4346 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4347 params2.sector_size = 512;
4348 params2.data_device = NULL;
4349 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4350 EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
4351 OK_(crypt_volume_key_keyring(cd, 0)); /* disable keyring */
4352 EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_ALLOW_DISCARDS), 6);
4353 OK_(crypt_volume_key_keyring(cd, 1));
4354 rparams.mode = CRYPT_REENCRYPT_REENCRYPT;
4355 rparams.direction = CRYPT_REENCRYPT_FORWARD,
4356 rparams.resilience = "none",
4357 rparams.max_hotzone_size = 8;
4358 rparams.luks2 = ¶ms2;
4360 EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
4361 OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
4362 test_progress_steps = 1;
4363 OK_(crypt_reencrypt(cd, &test_progress));
4364 EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
4365 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
4366 EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS);
4367 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0);
4369 OK_(crypt_init_by_name(&cd, CDEVICE_1));
4370 rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
4371 OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
4372 OK_(crypt_reencrypt(cd, NULL));
4373 OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
4374 EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS);
4375 EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0);
4376 OK_(crypt_deactivate(cd, CDEVICE_1));
4379 _cleanup_dmdevices();
4380 OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
4382 rparams.mode = CRYPT_REENCRYPT_REENCRYPT;
4383 rparams.direction = CRYPT_REENCRYPT_FORWARD;
4384 rparams.resilience = "none";
4385 rparams.hash = NULL;
4386 rparams.data_shift = 0;
4387 rparams.max_hotzone_size = 0;
4388 rparams.device_size = 0;
4389 rparams.luks2 = ¶ms2;
4392 /* Test support for specific key reencryption */
4393 OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
4394 OK_(crypt_set_pbkdf_type(cd, &pbkdf));
4395 OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
4396 EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 3);
4397 EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
4398 EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10);
4399 OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 3, 9, "aes", "xts-plain64", &rparams));
4400 OK_(crypt_reencrypt(cd, NULL));
4401 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
4402 OK_(crypt_keyslot_destroy(cd, 9));
4403 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
4406 _cleanup_dmdevices();
4410 static void Luks2Repair(void)
4414 snprintf(rollback, sizeof(rollback),
4415 "dd if=" IMAGE_PV_LUKS2_SEC ".bcp of=%s bs=1M 2>/dev/null",
4418 OK_(crypt_init(&cd, DEVICE_6));
4420 FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
4421 FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
4423 /* check explicit LUKS2 repair works */
4424 OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
4425 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
4427 OK_(crypt_init(&cd, DEVICE_6));
4430 OK_(_system(rollback, 1));
4431 FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
4433 /* check repair with type detection works */
4434 OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
4435 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4438 /* repeat with locking disabled (must not have any effect) */
4439 OK_(_system(rollback, 1));
4440 OK_(crypt_init(&cd, DEVICE_6));
4441 OK_(crypt_metadata_locking(cd, 0));
4443 FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
4444 FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
4446 /* check explicit LUKS2 repair works */
4447 OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
4448 OK_(crypt_load(cd, CRYPT_LUKS, NULL));
4450 OK_(crypt_init(&cd, DEVICE_6));
4453 OK_(_system(rollback, 1));
4454 FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
4456 /* check repair with type detection works */
4457 OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
4458 OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
4462 static void int_handler(int sig __attribute__((__unused__)))
4467 int main(int argc, char *argv[])
4469 struct sigaction sa = { .sa_handler = int_handler };
4472 if (getuid() != 0) {
4473 printf("You must be root to run this test.\n");
4476 #ifndef NO_CRYPTSETUP_PATH
4477 if (getenv("CRYPTSETUP_PATH")) {
4478 printf("Cannot run this test with CRYPTSETUP_PATH set.\n");
4482 for (i = 1; i < argc; i++) {
4483 if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i]))
4485 else if (!strcmp("--debug", argv[i]))
4486 _debug = _verbose = 1;
4489 /* Handle interrupt properly */
4490 sigaction(SIGINT, &sa, NULL);
4491 sigaction(SIGTERM, &sa, NULL);
4493 register_cleanup(_cleanup);
4497 printf("Cannot set test devices.\n");
4502 crypt_set_debug_level(_debug ? CRYPT_DEBUG_JSON : CRYPT_DEBUG_NONE);
4504 RUN_(AddDeviceLuks2, "Format and use LUKS2 device");
4505 RUN_(Luks2MetadataSize, "LUKS2 metadata settings");
4506 RUN_(Luks2HeaderLoad, "LUKS2 header load");
4507 RUN_(Luks2HeaderRestore, "LUKS2 header restore");
4508 RUN_(Luks2HeaderBackup, "LUKS2 header backup");
4509 RUN_(ResizeDeviceLuks2, "LUKS2 device resize tests");
4510 RUN_(UseLuks2Device, "Use pre-formated LUKS2 device");
4511 RUN_(SuspendDevice, "LUKS2 Suspend/Resume");
4512 RUN_(UseTempVolumes, "Format and use temporary encrypted device");
4513 RUN_(Tokens, "General tokens API");
4514 RUN_(TokenActivationByKeyring, "Builtin kernel keyring token");
4515 RUN_(LuksConvert, "LUKS1 <-> LUKS2 conversions");
4516 RUN_(Pbkdf, "Default PBKDF manipulation routines");
4517 RUN_(Luks2KeyslotParams, "Add a new keyslot with different encryption");
4518 RUN_(Luks2KeyslotAdd, "Add a new keyslot by unused key");
4519 RUN_(Luks2ActivateByKeyring, "LUKS2 activation by passphrase in keyring");
4520 RUN_(Luks2Requirements, "LUKS2 requirements flags");
4521 RUN_(Luks2Integrity, "LUKS2 with data integrity");
4522 RUN_(Luks2Refresh, "Active device table refresh");
4523 RUN_(Luks2Flags, "LUKS2 persistent flags");
4524 #if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
4525 RUN_(Luks2Reencryption, "LUKS2 reencryption");
4527 RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run always last!