Makefile: Add security compiling option (RELRO, SC, and FORTIFY)

[platform/upstream/cryptsetup.git] / tests / fvault2-compat-test

#!/bin/bash

[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
MAP=fvault2test
TST_DIR=fvault2-images

CRYPTSETUP_VALGRIND=../.libs/cryptsetup
CRYPTSETUP_LIB_VALGRIND=../.libs

[ -z "$srcdir" ] && srcdir="."

function create_mapping()
{
        local image=$1
        local passphrase=$2
        echo -n "$passphrase" | "$CRYPTSETUP" open --type fvault2 --key-file - \
                "$image" "$MAP"
}

function remove_mapping()
{
        [ -b "/dev/mapper/$MAP" ] && dmsetup remove --retry "$MAP"
        rm -rf $TST_DIR
}

function fail()
{
        [ -n "$1" ] && echo "$1"
        echo " [FAILED]"
        echo "FAILED backtrace:"
        while caller $frame; do ((frame++)); done
        remove_mapping
        exit 2
}

function skip()
{
        [ -n "$1" ] && echo "$1"
        echo "Test skipped."
        remove_mapping
        exit 77
}

function produce_dump()
{
        "$CRYPTSETUP" fvault2Dump "$1" || fail
}

function produce_dump_key()
{
        echo "$2" | "$CRYPTSETUP" fvault2Dump "$1" --dump-volume-key || fail
}

function check_dump()
{
        local dump=$1
        local key=$2
        local exp_value=$3
        local regex="$key:\s*\(.*\)"
        local value=$(echo "$dump" | sed -n "s|$regex|\1|p" | sed 's|\s*$||')
        [ "$value" = "$exp_value" ] || fail \
                "$key check failed: expected \"$exp_value\", got \"$value\""
}

function check_uuid()
{
        local exp_uuid=$1
        local uuid=$(blkid -po value -s UUID "/dev/mapper/$MAP")
        [ "$uuid" = "$exp_uuid" ] || fail \
                "UUID check failed: expected \"$exp_uuid\", got \"$uuid\""
}

function check_sha256()
{
        local exp_sum=$1
        local sum=$(sha256sum /dev/mapper/$MAP | head -c 64)
        [ "$sum" = "$exp_sum" ] || fail \
                "SHA256 sum check failed: expected \"$exp_sum\", got \"$sum\""
}

function valgrind_setup()
{
        command -v valgrind >/dev/null || fail "Cannot find valgrind."
        [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
        export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}

function valgrind_run()
{
        INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}

export LANG=C
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."

if [ ! -d $TST_DIR ]; then
        tar xJSf $srcdir/fvault2-images.tar.xz --no-same-owner 2>/dev/null || skip "Incompatible tar."
fi

[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run

echo "HEADER CHECK"
IMG="$TST_DIR/small"
PWD="heslo123"

echo -n " $IMG"
dump=$(produce_dump $IMG)
check_dump "$dump" 'Physical volume UUID' fc52bfae-5a1f-4f9b-b3a6-f33303a0e401
check_dump "$dump" 'Family UUID' 33a76caa-1481-4bc5-8d04-1ac1707c19c0
check_dump "$dump" 'Logical volume offset' '67108864 [bytes]'
check_dump "$dump" 'Logical volume size' '167772160 [bytes]'
check_dump "$dump" 'PBKDF2 iterations' 204222
check_dump "$dump" 'PBKDF2 salt' '2c 24 9e db 66 63 d6 fb cc 79 05 b7 a4 d7 27 52'
dump=$(produce_dump_key $IMG heslo123)
check_dump "$dump" 'Volume key' '20 73 4d 33 89 21 27 74 d7 61 0c 29 d7 32 88 09 16 f3 be 14 c4 b1 2a c7 aa f0 7e 5c cc 77 b3 19'
echo $PWD | $CRYPTSETUP open --type fvault2 --test-passphrase $IMG || fail
echo " [OK]"

if [ $(id -u) != 0 ]; then
        echo "WARNING: You must be root to run activation part of test, test skipped."
        remove_mapping
        exit 0
fi

echo "ACTIVATION CHECK"
echo -n " $IMG"
create_mapping $IMG heslo123
check_uuid de124d8a-2164-394e-924f-8e28db0a09cb
check_sha256 2c662e36c0f7e2f5583e6a939bbcbdc660805692d0fccaa45ad4052beb3b8e18
echo " [OK]"

remove_mapping
exit 0