3 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
4 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
10 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
14 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
15 udevadm settle >/dev/null 2>&1
16 if [ -d "$MNT_DIR" ] ; then
17 umount -f $MNT_DIR 2>/dev/null
18 rmdir $MNT_DIR 2>/dev/null
20 rmmod scsi_debug 2>/dev/null
25 [ -n "$1" ] && echo "FAIL $1"
26 echo "FAILED backtrace:"
27 while caller $frame; do ((frame++)); done
34 echo "TEST SKIPPED: $1"
40 modprobe scsi_debug $@ delay=0
41 [ $? -ne 0 ] && skip "This kernel seems to not support proper scsi_debug module."
44 SCSI_DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
46 [ -b "/dev/$SCSI_DEV" ] || fail "Cannot find $SCSI_DEV."
49 function dm_crypt_features()
51 modprobe dm-crypt || fail "dm-crypt failed to load"
52 VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
53 [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
55 VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
56 VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
57 VER_PTC=$(echo $VER_STR | cut -f 3 -d.)
59 [ $VER_MAJ -lt 1 ] && return
60 [ $VER_MAJ -gt 1 ] && {
63 test -d /proc/sys/kernel/keys && DM_KEYRING=1
67 [ $VER_MIN -lt 14 ] && return
69 if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then
72 if [ $VER_MIN -gt 18 -o \( $VER_MIN -eq 18 -a $VER_PTC -ge 1 \) ]; then
73 test -d /proc/sys/kernel/keys && DM_KEYRING=1
76 [ $VER_MIN -lt 22 ] && return
77 DM_PERF_NO_WORKQUEUE=1
80 function dm_crypt_keyring_support()
82 VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
83 [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
85 VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
86 VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
88 # run the test with dm-crypt v1.15.0+ on purpose
89 # the fix is in dm-crypt v1.18.1+
90 [ $VER_MAJ -gt 1 ] && return 0
91 [ $VER_MAJ -lt 1 ] && return 1
97 dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1
99 echo $PWD1 | $CRYPTSETUP luksFormat --type $1 $DEV -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256
100 [ $? -ne 0 ] && fail "Format failed."
102 # test some operation, just in case
103 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1
104 [ $? -ne 0 ] && fail "Keyslot add failed."
106 $CRYPTSETUP -q luksKillSlot $DEV 1
107 [ $? -ne 0 ] && fail "Keyslot removal failed."
110 check_sector_size() # $1 expected sector size
112 $CRYPTSETUP status $DEV_NAME | grep "sector size" | grep -q $1 || fail
113 if [ $S -gt 512 ]; then
114 dmsetup table $DEV_NAME | grep -q "sector_size:$1" || fail
118 if [ $(id -u) != 0 ]; then
119 skip "You must be root to run this test, test skipped."
124 [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
126 echo "[1] Using tmpfs for image"
127 DEV="$MNT_DIR/test.img"
128 mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available."
131 echo "[2] Kernel dmcrypt performance options"
132 if [ -z "$DM_PERF_CPU" ]; then
133 echo "TEST SKIPPED: dmcrypt options not available"
134 SKIP_COUNT=$((SKIP_COUNT+1))
136 echo -n "PLAIN: same_cpu_crypt submit_from_cpus "
137 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
138 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
139 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
140 $CRYPTSETUP close $DEV_NAME || fail
141 echo -n "allow_discards "
142 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
143 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
144 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
145 $CRYPTSETUP close $DEV_NAME || fail
146 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME || fail
147 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
148 # Hash affects volume key for plain device. Check we can detect it
149 echo -e "$PWD1" | $CRYPTSETUP refresh -q $DEV_NAME --hash sha512 --perf-same_cpu_crypt --allow-discards 2>/dev/null && fail
150 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
151 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
152 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --allow-discards || fail
153 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
154 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
155 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME || fail
156 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
157 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
158 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 $DEV $DEV_NAME2 2>/dev/null && fail
159 if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
160 echo -n "no_read_workqueue no_write_workqueue"
161 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue || fail
162 $CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
163 $CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
165 $CRYPTSETUP close $DEV_NAME || fail
168 echo -n "LUKS: same_cpu_crypt submit_from_cpus "
169 echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
170 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
171 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
172 $CRYPTSETUP close $DEV_NAME || fail
173 echo -n "allow_discards "
174 echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
175 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
176 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
177 $CRYPTSETUP close $DEV_NAME || fail
178 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
179 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards || fail
180 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
181 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
182 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards --perf-same_cpu_crypt || fail
183 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
184 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
185 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
186 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
187 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
188 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
189 if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
190 echo -n "no_read_workqueue no_write_workqueue"
191 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue || fail
192 $CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
193 $CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
195 $CRYPTSETUP close $DEV_NAME || fail
199 echo -n "LUKS2: same_cpu_crypt submit_from_cpus "
200 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail
201 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
202 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
203 $CRYPTSETUP close $DEV_NAME || fail
205 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
206 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
207 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
208 $CRYPTSETUP close $DEV_NAME || fail
209 echo -n "allow_discards [persistent flags] "
210 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail
211 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
212 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
213 $CRYPTSETUP close $DEV_NAME || fail
214 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
215 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
216 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
217 $CRYPTSETUP close $DEV_NAME || fail
219 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --persistent || fail
220 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
221 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
222 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail
223 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
224 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
225 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
226 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
227 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
228 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail
229 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
230 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
231 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
232 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
233 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
234 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-submit_from_crypt_cpus || fail
235 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
236 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
237 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
238 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail
239 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail
240 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --persistent || fail
241 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
242 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
243 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail
244 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --disable-keyring || fail
245 $CRYPTSETUP status $DEV_NAME | grep -q keyring && fail
246 if [ -n "$DM_KEYRING" ]; then
248 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail
249 $CRYPTSETUP status $DEV_NAME | grep -q keyring || fail
251 if [ -n "$DM_PERF_NO_WORKQUEUE" ]; then
252 echo -n "no_read_workqueue no_write_workqueue"
253 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue --persistent || fail
254 $CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
255 $CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
256 $CRYPTSETUP close $DEV_NAME || fail
257 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
258 $CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
259 $CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
261 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
262 $CRYPTSETUP close $DEV_NAME || fail
266 echo "[3] Kernel dmcrypt sector size options"
267 echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 4096 >/dev/null 2>&1
269 [ -z "$DM_SECTOR_SIZE" -a $ret -eq 0 ] && fail "cryptsetup activated device with --sector-size option on incompatible kernel!"
270 if [ $ret -ne 0 ] ; then
271 SKIP_COUNT=$((SKIP_COUNT+1))
272 if [ $SKIP_COUNT -ge 2 ]; then
273 skip "dmcrypt sector-size option not available"
275 echo "TEST SKIPPED: dmcrypt sector-size option not available"
277 $CRYPTSETUP close $DEV_NAME || fail
279 echo -n "PLAIN sector size:"
280 echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail
281 for S in 512 1024 2048 4096; do
283 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S || fail
285 $CRYPTSETUP close $DEV_NAME || fail
288 echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --iv-large-sectors >/dev/null 2>&1 && fail
289 for S in 1024 2048 4096; do
291 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S --iv-large-sectors || fail
293 dmsetup table $DEV_NAME | grep -q "iv_large_sectors" || fail
294 $CRYPTSETUP close $DEV_NAME || fail
298 echo -n "LUKS2 sector size:"
299 echo -e "$PWD1" | $CRYPTSETUP luksFormat --type luks2 -$DEV --sector-size 1234 >/dev/null 2>&1 && fail
300 for S in 512 1024 2048 4096; do
302 echo -e "$PWD1" | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 1000 $DEV --sector-size $S || fail
303 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
305 $CRYPTSETUP close $DEV_NAME || fail
310 echo "[4] Disappeared device test:"
311 KEY="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"
312 for F in LUKS1 LUKS2 BITLK TCRYPT; do
314 add_device dev_size_mb=1 sector_size=512 num_tgts=1 lbpu=1
315 # Fake CRYPT UUID to force code to parse type-specific path
316 dmsetup create $DEV_NAME --uuid CRYPT-$F-$DEV_NAME --table "0 1024 crypt aes-xts-plain64 $KEY 16 /dev/$SCSI_DEV 16"
317 $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 || fail
318 echo 1 > /sys/block/$SCSI_DEV/device/delete
319 udevadm settle >/dev/null 2>&1
320 $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 || fail
321 dmsetup remove $DEV_NAME --retry || fail