2 * cryptsetup library API check functions
4 * Copyright (C) 2009 Red Hat, Inc. All rights reserved.
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #include <sys/ioctl.h>
30 #include "libcryptsetup.h"
32 #define DMDIR "/dev/mapper/"
34 #define DEVICE_1 "/dev/loop5"
35 #define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
36 #define DEVICE_2 "/dev/loop6"
37 #define DEVICE_EMPTY_name "crypt_zero"
38 #define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
39 #define DEVICE_ERROR_name "crypt_error"
40 #define DEVICE_ERROR DMDIR DEVICE_ERROR_name
42 #define CDEVICE_1 "ctest1"
43 #define CDEVICE_2 "ctest2"
44 #define CDEVICE_WRONG "O_o"
46 #define IMAGE1 "compatimage.img"
47 #define IMAGE_EMPTY "empty.img"
49 #define KEYFILE1 "key1.file"
50 #define KEY1 "compatkey"
52 #define KEYFILE2 "key2.file"
53 #define KEY2 "0123456789abcdef"
55 static int _debug = 0;
56 static int _verbose = 1;
58 static char global_log[4096];
59 static int global_lines = 0;
61 static int gcrypt_compatible = 0;
64 static int _prepare_keyfile(const char *name, const char *passphrase)
68 fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR);
70 r = write(fd, passphrase, strlen(passphrase));
75 return r == strlen(passphrase) ? 0 : 1;
78 static void _remove_keyfiles(void)
84 // Decode key from its hex representation
85 static int crypt_decode_key(char *key, char *hex, unsigned int size)
93 for (i = 0; i < size; i++) {
97 key[i] = (unsigned char)strtoul(buffer, &endp, 16);
99 if (endp != &buffer[2])
109 static int yesDialog(char *msg)
114 static void cmdLineLog(int level, char *msg)
116 strncat(global_log, msg, sizeof(global_log) - strlen(global_log));
120 static void new_log(int level, const char *msg, void *usrptr)
122 cmdLineLog(level, (char*)msg);
126 static void reset_log()
128 memset(global_log, 0, sizeof(global_log));
132 static struct interface_callbacks cmd_icb = {
133 .yesDialog = yesDialog,
137 static void _cleanup(void)
142 //r = system("udevadm settle");
144 if (!stat(DMDIR CDEVICE_1, &st))
145 r = system("dmsetup remove " CDEVICE_1);
147 if (!stat(DMDIR CDEVICE_2, &st))
148 r = system("dmsetup remove " CDEVICE_2);
150 if (!stat(DEVICE_EMPTY, &st))
151 r = system("dmsetup remove " DEVICE_EMPTY_name);
153 if (!stat(DEVICE_ERROR, &st))
154 r = system("dmsetup remove " DEVICE_ERROR_name);
156 if (!strncmp("/dev/loop", DEVICE_1, 9))
157 r = system("losetup -d " DEVICE_1);
159 if (!strncmp("/dev/loop", DEVICE_2, 9))
160 r = system("losetup -d " DEVICE_2);
162 r = system("rm -f " IMAGE_EMPTY);
166 static void _setup(void)
170 r = system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"");
171 r = system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"");
172 if (!strncmp("/dev/loop", DEVICE_1, 9)) {
173 r = system(" [ ! -e " IMAGE1 " ] && bzip2 -dk " IMAGE1 ".bz2");
174 r = system("losetup " DEVICE_1 " " IMAGE1);
176 if (!strncmp("/dev/loop", DEVICE_2, 9)) {
177 r = system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4");
178 r = system("losetup " DEVICE_2 " " IMAGE_EMPTY);
183 void check_ok(int status, int line, const char *func)
188 crypt_get_error(buf, sizeof(buf));
189 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);
195 void check_ko(int status, int line, const char *func)
199 memset(buf, 0, sizeof(buf));
200 crypt_get_error(buf, sizeof(buf));
202 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);
206 printf(" => errno %d, errmsg: %s\n", status, buf);
209 void check_equal(int line, const char *func)
211 printf("FAIL line %d [%s]: expected equal values differs.\n", line, func);
216 void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt)
220 printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt);
222 printf(" [%s,%s:%d] %s\n", msg, func, line, tst);
225 #define OK_(x) do { xlog("(success)", #x, __FUNCTION__, __LINE__, NULL); \
226 check_ok((x), __LINE__, __FUNCTION__); \
228 #define FAIL_(x, y) do { xlog("(fail) ", #x, __FUNCTION__, __LINE__, y); \
229 check_ko((x), __LINE__, __FUNCTION__); \
231 #define EQ_(x, y) do { xlog("(equal) ", #x " == " #y, __FUNCTION__, __LINE__, NULL); \
232 if ((x) != (y)) check_equal(__LINE__, __FUNCTION__); \
235 #define RUN_(x, y) do { printf("%s: %s\n", #x, (y)); x(); } while (0)
238 static void LuksUUID(void)
240 struct crypt_options co = { .icb = &cmd_icb };
242 co.device = DEVICE_EMPTY;
243 EQ_(crypt_luksUUID(&co), -EINVAL);
245 co.device = DEVICE_ERROR;
246 EQ_(crypt_luksUUID(&co), -EINVAL);
249 co.device = DEVICE_1;
250 OK_(crypt_luksUUID(&co));
251 EQ_(strlen(global_log), 37); /* UUID + "\n" */
252 EQ_(strncmp(global_log, DEVICE_1_UUID, strlen(DEVICE_1_UUID)), 0);
256 static void IsLuks(void)
258 struct crypt_options co = { .icb = &cmd_icb };
260 co.device = DEVICE_EMPTY;
261 EQ_(crypt_isLuks(&co), -EINVAL);
263 co.device = DEVICE_ERROR;
264 EQ_(crypt_isLuks(&co), -EINVAL);
266 co.device = DEVICE_1;
267 OK_(crypt_isLuks(&co));
270 static void LuksOpen(void)
272 struct crypt_options co = {
274 //.passphrase = "blabla",
278 OK_(_prepare_keyfile(KEYFILE1, KEY1));
279 co.key_file = KEYFILE1;
281 co.device = DEVICE_EMPTY;
282 EQ_(crypt_luksOpen(&co), -EINVAL);
284 co.device = DEVICE_ERROR;
285 EQ_(crypt_luksOpen(&co), -EINVAL);
287 co.device = DEVICE_1;
288 OK_(crypt_luksOpen(&co));
289 FAIL_(crypt_luksOpen(&co), "already open");
294 static void query_device(void)
296 struct crypt_options co = {. icb = &cmd_icb };
298 co.name = CDEVICE_WRONG;
299 EQ_(crypt_query_device(&co), 0);
302 EQ_(crypt_query_device(&co), 1);
304 OK_(strncmp(crypt_get_dir(), DMDIR, 11));
305 OK_(strcmp(co.cipher, "aes-cbc-essiv:sha256"));
306 EQ_(co.key_size, 16);
307 EQ_(co.offset, 1032);
308 EQ_(co.flags & CRYPT_FLAG_READONLY, 0);
310 crypt_put_options(&co);
313 static void remove_device(void)
316 struct crypt_options co = {. icb = &cmd_icb };
318 co.name = CDEVICE_WRONG;
319 EQ_(crypt_remove_device(&co), -ENODEV);
321 fd = open(DMDIR CDEVICE_1, O_RDONLY);
323 FAIL_(crypt_remove_device(&co), "device busy");
326 OK_(crypt_remove_device(&co));
329 static void LuksFormat(void)
331 struct crypt_options co = {
335 .cipher = "aes-cbc-essiv:sha256",
338 .iteration_time = 10,
343 OK_(_prepare_keyfile(KEYFILE1, KEY1));
345 co.new_key_file = KEYFILE1;
346 co.device = DEVICE_ERROR;
347 FAIL_(crypt_luksFormat(&co), "error device");
349 co.device = DEVICE_2;
350 OK_(crypt_luksFormat(&co));
352 co.new_key_file = NULL;
353 co.key_file = KEYFILE1;
355 OK_(crypt_luksOpen(&co));
356 OK_(crypt_remove_device(&co));
360 static void LuksKeyGame(void)
363 struct crypt_options co = {
367 .cipher = "aes-cbc-essiv:sha256",
370 .iteration_time = 10,
375 OK_(_prepare_keyfile(KEYFILE1, KEY1));
376 OK_(_prepare_keyfile(KEYFILE2, KEY2));
378 co.new_key_file = KEYFILE1;
379 co.device = DEVICE_2;
381 FAIL_(crypt_luksFormat(&co), "wrong slot #");
383 co.key_slot = 7; // last slot
384 OK_(crypt_luksFormat(&co));
386 co.new_key_file = KEYFILE1;
387 co.key_file = KEYFILE1;
389 FAIL_(crypt_luksAddKey(&co), "wrong slot #");
391 FAIL_(crypt_luksAddKey(&co), "slot already used");
394 OK_(crypt_luksAddKey(&co));
396 co.key_file = KEYFILE2 "blah";
398 FAIL_(crypt_luksAddKey(&co), "keyfile not found");
400 co.new_key_file = KEYFILE2; // key to add
401 co.key_file = KEYFILE1;
403 for (i = 0; i < 6; i++)
404 OK_(crypt_luksAddKey(&co)); //FIXME: EQ_(i)?
406 FAIL_(crypt_luksAddKey(&co), "all slots full");
409 co.new_key_file = KEYFILE1; // key to remove
411 co.key_slot = 8; // should be ignored
412 // only 2 slots should use KEYFILE1
413 OK_(crypt_luksRemoveKey(&co));
414 OK_(crypt_luksRemoveKey(&co));
415 FAIL_(crypt_luksRemoveKey(&co), "no slot with this passphrase");
417 co.new_key_file = KEYFILE2 "blah";
419 FAIL_(crypt_luksRemoveKey(&co), "keyfile not found");
422 co.new_key_file = NULL;
425 FAIL_(crypt_luksKillSlot(&co), "wrong slot #");
427 FAIL_(crypt_luksKillSlot(&co), "slot already wiped");
430 OK_(crypt_luksKillSlot(&co));
435 size_t _get_device_size(const char *device)
437 unsigned long size = 0;
440 fd = open(device, O_RDONLY);
443 (void)ioctl(fd, BLKGETSIZE, &size);
449 void DeviceResizeGame(void)
452 struct crypt_options co = {
456 .cipher = "aes-cbc-plain",
463 orig_size = _get_device_size(DEVICE_2);
465 OK_(_prepare_keyfile(KEYFILE2, KEY2));
467 co.key_file = KEYFILE2;
469 OK_(crypt_create_device(&co));
470 EQ_(_get_device_size(DMDIR CDEVICE_2), 1000);
473 OK_(crypt_resize_device(&co));
474 EQ_(_get_device_size(DMDIR CDEVICE_2), 2000);
477 OK_(crypt_resize_device(&co));
478 EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 333));
482 co.cipher = "aes-cbc-essiv:sha256";
483 OK_(crypt_update_device(&co));
484 EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 444));
486 memset(&co, 0, sizeof(co));
489 EQ_(crypt_query_device(&co), 1);
490 EQ_(strcmp(co.cipher, "aes-cbc-essiv:sha256"), 0);
491 EQ_(co.key_size, 128 / 8);
494 crypt_put_options(&co);
496 // dangerous switch device still works
497 memset(&co, 0, sizeof(co));
499 co.device = DEVICE_1;
500 co.key_file = KEYFILE2;
501 co.key_size = 128 / 8;
502 co.cipher = "aes-cbc-plain";
505 OK_(crypt_update_device(&co));
507 memset(&co, 0, sizeof(co));
510 EQ_(crypt_query_device(&co), 1);
511 EQ_(strcmp(co.cipher, "aes-cbc-plain"), 0);
512 EQ_(co.key_size, 128 / 8);
515 // This expect lookup returns prefered /dev/loopX
516 EQ_(strcmp(co.device, DEVICE_1), 0);
517 crypt_put_options(&co);
519 memset(&co, 0, sizeof(co));
522 OK_(crypt_remove_device(&co));
529 static void AddDevicePlain(void)
531 struct crypt_device *cd;
532 struct crypt_params_plain params = {
538 char key[128], key2[128], path[128];
540 char *passphrase = "blabla";
541 char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
542 size_t key_size = strlen(mk_hex) / 2;
543 char *cipher = "aes";
544 char *cipher_mode = "cbc-essiv:sha256";
546 crypt_decode_key(key, mk_hex, key_size);
548 FAIL_(crypt_init(&cd, ""), "empty device string");
550 // default is "plain" hash - no password hash
551 OK_(crypt_init(&cd, DEVICE_1));
552 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, NULL));
553 FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "cannot verify key with plain");
554 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
555 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
556 // FIXME: this should get key from active device?
557 //OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
558 //OK_(memcmp(key, key2, key_size));
559 OK_(crypt_deactivate(cd, CDEVICE_1));
562 // Now use hashed password
563 OK_(crypt_init(&cd, DEVICE_1));
564 OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
565 FAIL_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),
566 "cannot verify passphrase with plain" );
567 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
569 // device status check
570 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
571 snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1);
572 fd = open(path, O_RDONLY);
573 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_BUSY);
574 FAIL_(crypt_deactivate(cd, CDEVICE_1), "Device is busy");
576 OK_(crypt_deactivate(cd, CDEVICE_1));
577 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
579 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
580 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
582 // retrieve volume key check
583 memset(key2, 0, key_size);
586 FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer");
588 OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
590 OK_(memcmp(key, key2, key_size));
591 OK_(strcmp(cipher, crypt_get_cipher(cd)));
592 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
593 EQ_(key_size, crypt_get_volume_key_size(cd));
594 EQ_(0, crypt_get_data_offset(cd));
595 OK_(crypt_deactivate(cd, CDEVICE_1));
599 static void UseLuksDevice(void)
601 struct crypt_device *cd;
605 OK_(crypt_init(&cd, DEVICE_1));
606 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
607 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
608 OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
609 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
610 FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
611 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
612 OK_(crypt_deactivate(cd, CDEVICE_1));
613 FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
616 OK_(strcmp("aes", crypt_get_cipher(cd)));
617 OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));
618 OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));
619 EQ_(key_size, crypt_get_volume_key_size(cd));
620 EQ_(1032, crypt_get_data_offset(cd));
622 EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
623 OK_(crypt_volume_key_verify(cd, key, key_size));
624 OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
625 OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
626 EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
627 OK_(crypt_deactivate(cd, CDEVICE_1));
630 FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
631 FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
635 static void SuspendDevice(void)
638 struct crypt_device *cd;
640 OK_(crypt_init(&cd, DEVICE_1));
641 OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
642 OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
644 suspend_status = crypt_suspend(cd, CDEVICE_1);
645 if (suspend_status == -ENOTSUP) {
646 printf("WARNING: Suspend/Resume not supported, skipping test.\n");
650 FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
652 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
653 OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
654 FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
656 OK_(_prepare_keyfile(KEYFILE1, KEY1));
657 OK_(crypt_suspend(cd, CDEVICE_1));
658 FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
659 OK_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0));
660 FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
663 OK_(crypt_deactivate(cd, CDEVICE_1));
667 static void AddDeviceLuks(void)
669 struct crypt_device *cd;
670 struct crypt_params_luks1 params = {
672 .data_alignment = 2048, // 4M, data offset will be 4096
674 char key[128], key2[128];
676 char *passphrase = "blabla";
677 char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
678 size_t key_size = strlen(mk_hex) / 2;
679 char *cipher = "aes";
680 char *cipher_mode = "cbc-essiv:sha256";
682 crypt_decode_key(key, mk_hex, key_size);
684 OK_(crypt_init(&cd, DEVICE_2));
685 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
687 // even with no keyslots defined it can be activated by volume key
688 OK_(crypt_volume_key_verify(cd, key, key_size));
689 OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
690 EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
691 OK_(crypt_deactivate(cd, CDEVICE_2));
694 EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
695 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
696 EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
697 EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
698 OK_(crypt_deactivate(cd, CDEVICE_2));
700 EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
701 OK_(_prepare_keyfile(KEYFILE1, KEY1));
702 OK_(_prepare_keyfile(KEYFILE2, KEY2));
703 EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0));
704 FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
705 EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
706 EQ_(2, crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
707 OK_(crypt_keyslot_destroy(cd, 1));
708 OK_(crypt_keyslot_destroy(cd, 2));
709 OK_(crypt_deactivate(cd, CDEVICE_2));
712 FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
714 FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
716 EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));
717 EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
719 FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
720 FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
721 FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
722 OK_(crypt_keyslot_destroy(cd, 7));
723 EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
724 EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
726 EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
727 OK_(crypt_volume_key_verify(cd, key2, key_size));
729 OK_(memcmp(key, key2, key_size));
730 OK_(strcmp(cipher, crypt_get_cipher(cd)));
731 OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
732 EQ_(key_size, crypt_get_volume_key_size(cd));
733 EQ_(4096, crypt_get_data_offset(cd));
736 crypt_set_log_callback(cd, &new_log, NULL);
738 OK_(!(global_lines != 0));
739 crypt_set_log_callback(cd, NULL, NULL);
742 FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
746 // Check that gcrypt is properly initialised in format
747 static void NonFIPSAlg(void)
749 struct crypt_device *cd;
750 struct crypt_params_luks1 params = {
754 size_t key_size = 128;
755 char *cipher = "aes";
756 char *cipher_mode = "cbc-essiv:sha256";
758 if (!gcrypt_compatible) {
759 printf("WARNING: old libgcrypt, skipping test.\n");
762 OK_(crypt_init(&cd, DEVICE_2));
763 OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
768 static void _gcrypt_compatible()
773 if (!(f = popen("libgcrypt-config --version", "r")))
776 if (fscanf(f, "%d.%d.%d", &maj, &min, &patch) == 3 &&
777 maj >= 1 && min >= 4)
778 gcrypt_compatible = 1;
780 printf("libgcrypt version %d.%d.%d detected.\n", maj, min, patch);
786 int main (int argc, char *argv[])
791 printf("You must be root to run this test.\n");
795 for (i = 1; i < argc; i++) {
796 if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i]))
798 else if (!strcmp("--debug", argv[i]))
799 _debug = _verbose = 1;
804 _gcrypt_compatible();
806 crypt_set_debug_level(_debug ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);
808 RUN_(NonFIPSAlg, "Crypto is properly initialised in format"); //must be the first!
809 RUN_(LuksUUID, "luksUUID API call");
810 RUN_(IsLuks, "isLuks API call");
811 RUN_(LuksOpen, "luksOpen API call");
812 RUN_(query_device, "crypt_query_device API call");
813 RUN_(remove_device, "crypt_remove_device API call");
814 RUN_(LuksFormat, "luksFormat API call");
815 RUN_(LuksKeyGame, "luksAddKey, RemoveKey, KillSlot API calls");
816 RUN_(DeviceResizeGame, "regular crypto, resize calls");
818 RUN_(AddDevicePlain, "plain device API creation exercise");
819 RUN_(AddDeviceLuks, "Format and use LUKS device");
820 RUN_(UseLuksDevice, "Use pre-formated LUKS device");
821 RUN_(SuspendDevice, "Suspend/Resume test");