3 CRYPTSETUP=../src/cryptsetup
8 ORIG_IMG=luks-test-orig
12 LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
13 KEY_SLOT0="S208-211 S212-215 R216-247 A248-251 A251-255"
14 KEY_MATERIAL0="R4096-68096"
15 KEY_MATERIAL0_EXT="R4096-68096"
17 KEY_SLOT1="S256-259 S260-263 R264-295 A296-299 A300-303"
18 KEY_MATERIAL1="R69632-133632"
19 KEY_MATERIAL1_EXT="S69632-133632"
21 TEST_UUID="12345678-1234-1234-1234-123456789abc"
23 function remove_mapping()
25 [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2
26 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
27 losetup -d $LOOPDEV >/dev/null 2>&1
28 rm -f $ORIG_IMG $IMG $KEY1 >/dev/null 2>&1
40 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
45 dd if=/dev/zero of=$IMG bs=1k count=10000 >/dev/null 2>&1
51 bzip2 -cd compatimage.img.bz2 > $IMG
55 if [ ! -e $IMG ]; then
56 bzip2 -cd compatimage.img.bz2 > $IMG
62 if [ ! -e $KEY1 ]; then
63 dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
67 [ -n "$1" ] && echo "CASE: $1"
74 ./differ $ORIG_IMG $IMG $1 || fail
77 function check_exists()
79 [ -b /dev/mapper/$DEV_NAME ] || fail
83 if [ $(id -u) != 0 ]; then
84 echo "WARNING: You must be root to run this test, test skipped."
90 prepare "[1] open - compat image - acceptance check" new
91 echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
94 prepare "[2] open - compat image - denial check" new
95 echo "wrongkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
98 # All headers items and first key material section must change
99 prepare "[3] format" wipe
100 echo "key0" | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
101 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
103 prepare "[4] format using hash sha512" wipe
104 echo "key0" | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
105 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
108 echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
111 # Key Slot 1 and key material section 1 must change, the rest must not.
112 prepare "[6] add key"
113 echo -e "key0\nkey1" | $CRYPTSETUP luksAddKey $LOOPDEV || fail
114 check "$KEY_SLOT1 $KEY_MATERIAL1"
115 echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
117 # Unsuccessful Key Delete - nothing may change
118 prepare "[7] unsuccessful delete"
119 echo "invalid" | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
123 # Key Slot 1 and key material section 1 must change, the rest must not
124 prepare "[8] successful delete"
125 $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
126 check "$KEY_SLOT1 $KEY_MATERIAL1_EXT"
127 echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail
128 echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
130 # Key Slot 1 and key material section 1 must change, the rest must not
131 prepare "[9] add key test for key files"
132 echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail
133 check "$KEY_SLOT1 $KEY_MATERIAL1"
134 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
136 # Key Slot 1 and key material section 1 must change, the rest must not
137 prepare "[10] delete key test with key1 as remaining key"
138 $CRYPTSETUP -d $KEY1 luksKillSlot $LOOPDEV 0 || fail
139 check "$KEY_SLOT0 $KEY_MATERIAL0_EXT"
140 echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
141 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
144 prepare "[11] delete last key" wipe
145 echo "key0" | $CRYPTSETUP luksFormat $LOOPDEV || fail
146 echo "key0" | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail
147 echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
149 # Format test for ESSIV, and some other parameters.
150 prepare "[12] parameter variation test" wipe
151 $CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV $KEY1 || fail
152 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
153 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
155 prepare "[13] open/close - stacked devices" wipe
156 echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
157 echo "key0" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
158 echo "key0" | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail
159 echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
160 $CRYPTSETUP -q luksClose $DEV_NAME2 || fail
161 $CRYPTSETUP -q luksClose $DEV_NAME || fail
163 prepare "[14] format/open - passphrase on stdin & new line" wipe
164 # stdin defined by "-" must take even newline
165 echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
166 echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
167 $CRYPTSETUP -q luksClose $DEV_NAME || fail
168 echo -n $'foo\nbar' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
169 # now also try --key-file
170 echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail
171 echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
172 $CRYPTSETUP -q luksClose $DEV_NAME || fail
173 # process newline if from stdin
174 echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
175 echo 'foo' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
176 $CRYPTSETUP -q luksClose $DEV_NAME || fail
178 prepare "[15] UUID - use and report provided UUID" wipe
179 echo "key0" | $CRYPTSETUP -q luksFormat --uuid blah $LOOPDEV 2>/dev/null && fail
180 echo "key0" | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV || fail
181 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
182 [ "$tst"x = "$TEST_UUID"x ] || fail
183 echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
184 $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail
185 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
186 [ "$tst"x = "$TEST_UUID"x ] || fail
188 prepare "[16] luksFormat" wipe
189 echo "key0" | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV || fail
190 echo "key0" | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
191 $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom -s 128 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
192 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
193 $CRYPTSETUP -q luksClose $DEV_NAME || fail