2 * cryptsetup library API test utilities
4 * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2009-2023 Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 #include <libdevmapper.h>
29 #include <sys/ioctl.h>
31 #include <sys/types.h>
34 # include <linux/keyctl.h>
35 # include <sys/syscall.h>
37 #ifdef HAVE_SYS_SYSMACROS_H
38 # include <sys/sysmacros.h>
40 #include <linux/loop.h>
43 #include "libcryptsetup.h"
45 #ifndef LOOP_CONFIGURE
46 #define LOOP_CONFIGURE 0x4C0A
50 struct loop_info64 info;
55 static char last_error[256];
56 static char global_log[4096];
57 static uint32_t t_dm_crypt_flags = 0;
59 char *THE_LOOP_DEV = NULL;
64 uint64_t t_dev_offset = 0;
66 static void (*_cleanup)(void);
68 void register_cleanup(void (*cleanup)(void))
73 void check_ok(int status, int line, const char *func)
76 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error);
82 void check_ok_return(int status, int line, const char *func)
85 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error);
91 void check_ko(int status, int line, const char *func)
94 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error);
98 printf(" => errno %d, errmsg: %s\n", status, last_error);
101 void check_equal(int line, const char *func, int64_t x, int64_t y)
103 printf("FAIL line %d [%s]: expected equal values differs: %"
104 PRIi64 " != %" PRIi64 "\n", line, func, x, y);
109 void check_ge_equal(int line, const char *func, int64_t x, int64_t y)
111 printf("FAIL line %d [%s]: expected greater or equal values differs: %"
112 PRIi64 " < %" PRIi64 "\n", line, func, x, y);
117 void check_null(int line, const char *func, const void *x)
120 printf("FAIL line %d [%s]: expected NULL value: %p\n", line, func, x);
126 void check_notnull(int line, const char *func, const void *x)
129 printf("FAIL line %d [%s]: expected not NULL value: %p\n", line, func, x);
135 void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt)
139 printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt);
141 printf(" [%s,%s:%d] %s\n", msg, func, line, tst);
145 printf("Interrupted by a signal.\n");
151 int t_device_size(const char *device, uint64_t *size)
155 devfd = open(device, O_RDONLY);
159 if (ioctl(devfd, BLKGETSIZE64, size) < 0)
165 int t_set_readahead(const char *device, unsigned value)
169 devfd = open(device, O_RDONLY);
173 if (ioctl(devfd, BLKRASET, value) < 0)
184 fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
189 if (read(fd, &buf, 1) != 1)
198 * Creates dm-linear target over the test loop device. Offset is held in
199 * global variables so that size can be tested whether it fits into remaining
200 * size of the loop device or not
202 int create_dmdevice_over_loop(const char *dm_name, const uint64_t size)
208 if (t_device_size(THE_LOOP_DEV, &r_size) < 0 || r_size <= t_dev_offset || !size)
210 if ((r_size - t_dev_offset) < size) {
211 printf("No enough space on backing loop device\n.");
214 r = snprintf(cmd, sizeof(cmd),
215 "dmsetup create %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"",
216 dm_name, size, THE_LOOP_DEV, t_dev_offset);
217 if (r < 0 || (size_t)r >= sizeof(cmd))
220 if (!(r = _system(cmd, 1)))
221 t_dev_offset += size;
225 __attribute__((format(printf, 3, 4)))
226 static int _snprintf(char **r_ptr, size_t *r_remains, const char *format, ...)
234 va_start(argp, format);
236 len = vsnprintf(*r_ptr, *r_remains, format, argp);
237 if (len < 0 || (size_t)len >= *r_remains) {
249 int dmdevice_error_io(const char *dm_name,
250 const char *dm_device,
251 const char *error_device,
252 uint64_t data_offset,
257 char str[256], cmd[384];
263 if (t_device_size(dm_device, &dev_size) < 0 || !length)
266 dev_size >>= TST_SECTOR_SHIFT;
268 if (dev_size <= offset)
271 if (ei == ERR_REMOVE) {
272 r = snprintf(cmd, sizeof(cmd),
273 "dmsetup load %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"",
274 dm_name, dev_size, THE_LOOP_DEV, data_offset);
275 if (r < 0 || (size_t)r >= sizeof(str))
278 if ((r = _system(cmd, 1)))
281 r = snprintf(cmd, sizeof(cmd), "dmsetup resume %s", dm_name);
282 if (r < 0 || (size_t)r >= sizeof(cmd))
285 return _system(cmd, 1);
288 if ((dev_size - offset) < length) {
289 printf("Not enough space on target device\n.");
293 remains = sizeof(str);
297 r = _snprintf(&ptr, &remains,
298 "0 %" PRIu64 " linear %s %" PRIu64 "\n",
299 offset, THE_LOOP_DEV, data_offset);
303 r = _snprintf(&ptr, &remains, "%" PRIu64 " %" PRIu64 " delay ",
308 if (ei == ERR_RW || ei == ERR_RD) {
309 r = _snprintf(&ptr, &remains, "%s 0 0",
314 r = _snprintf(&ptr, &remains, " %s %" PRIu64 " 0",
315 THE_LOOP_DEV, data_offset + offset);
319 } else if (ei == ERR_WR) {
320 r = _snprintf(&ptr, &remains, "%s %" PRIu64 " 0 %s 0 0",
321 THE_LOOP_DEV, data_offset + offset, error_device);
326 if (dev_size > (offset + length)) {
327 r = _snprintf(&ptr, &remains,
328 "\n%" PRIu64 " %" PRIu64 " linear %s %" PRIu64,
329 offset + length, dev_size - offset - length, THE_LOOP_DEV,
330 data_offset + offset + length);
336 * Hello darkness, my old friend...
338 * On few old distributions there's issue with
339 * processing multiline tables via dmsetup load --table.
340 * This workaround passes on all systems we run tests on.
342 r = snprintf(cmd, sizeof(cmd), "dmsetup load %s <<EOF\n%s\nEOF", dm_name, str);
343 if (r < 0 || (size_t)r >= sizeof(cmd))
346 if ((r = _system(cmd, 1)))
349 r = snprintf(cmd, sizeof(cmd), "dmsetup resume %s", dm_name);
350 if (r < 0 || (size_t)r >= sizeof(cmd))
353 if ((r = _system(cmd, 1)))
356 return t_set_readahead(dm_device, 0);
359 // Get key from kernel dm mapping table using dm-ioctl
360 int get_key_dm(const char *name, char *buffer, unsigned int buffer_size)
364 uint64_t start, length;
365 char *target_type, *key, *params;
368 if (!(dmt = dm_task_create(DM_DEVICE_TABLE)))
370 if (!dm_task_set_name(dmt, name))
372 if (!dm_task_run(dmt))
374 if (!dm_task_get_info(dmt, &dmi))
379 dm_get_next_target(dmt, NULL, &start, &length, &target_type, ¶ms);
380 if (!target_type || strcmp(target_type, "crypt") != 0)
383 (void)strsep(¶ms, " "); /* rcipher */
384 key = strsep(¶ms, " ");
386 if (buffer_size <= strlen(key))
389 strncpy(buffer, key, buffer_size);
393 dm_task_destroy(dmt);
398 int prepare_keyfile(const char *name, const char *passphrase, int size)
402 fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR|S_IWUSR);
404 r = write(fd, passphrase, size);
409 return r == size ? 0 : 1;
412 // Decode key from its hex representation
413 int crypt_decode_key(char *key, const char *hex, unsigned int size)
421 for (i = 0; i < size; i++) {
425 key[i] = (unsigned char)strtoul(buffer, &endp, 16);
427 if (endp != &buffer[2])
437 void global_log_callback(int level, const char *msg, void *usrptr __attribute__((unused)))
442 if (level == CRYPT_LOG_DEBUG)
443 fprintf(stdout, "# %s", msg);
445 fprintf(stdout, "%s", msg);
448 if (level <= CRYPT_LOG_DEBUG)
451 len = strlen(global_log);
453 if (len + strlen(msg) > sizeof(global_log)) {
454 printf("Log buffer is too small, fix the test.\n");
458 strncat(global_log, msg, sizeof(global_log) - len);
460 if (level == CRYPT_LOG_ERROR) {
462 if (len > sizeof(last_error))
463 len = sizeof(last_error);
464 strncpy(last_error, msg, sizeof(last_error));
465 last_error[len-1] = '\0';
471 memset(global_log, 0, sizeof(global_log));
472 memset(last_error, 0, sizeof(last_error));
476 int _system(const char *command, int warn)
480 printf("Running system: %s\n", command);
481 if ((r=system(command)) < 0 && warn)
482 printf("System command failed: %s", command);
486 static int _keyring_check(void)
488 #ifdef KERNEL_KEYRING
489 return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS;
495 static int t_dm_satisfies_version(unsigned target_maj, unsigned target_min, unsigned target_patch,
496 unsigned actual_maj, unsigned actual_min, unsigned actual_patch)
498 if (actual_maj > target_maj)
500 if (actual_maj == target_maj && actual_min > target_min)
502 if (actual_maj == target_maj && actual_min == target_min && actual_patch >= target_patch)
507 static void t_dm_set_crypt_compat(const char *dm_version, unsigned crypt_maj,
508 unsigned crypt_min, unsigned crypt_patch)
510 unsigned dm_maj = 0, dm_min = 0, dm_patch = 0;
512 if (sscanf(dm_version, "%u.%u.%u", &dm_maj, &dm_min, &dm_patch) != 3) {
518 if (t_dm_satisfies_version(1, 2, 0, crypt_maj, crypt_min, 0))
519 t_dm_crypt_flags |= T_DM_KEY_WIPE_SUPPORTED;
521 if (t_dm_satisfies_version(1, 10, 0, crypt_maj, crypt_min, 0))
522 t_dm_crypt_flags |= T_DM_LMK_SUPPORTED;
524 if (t_dm_satisfies_version(4, 20, 0, dm_maj, dm_min, 0))
525 t_dm_crypt_flags |= T_DM_SECURE_SUPPORTED;
527 if (t_dm_satisfies_version(1, 8, 0, crypt_maj, crypt_min, 0))
528 t_dm_crypt_flags |= T_DM_PLAIN64_SUPPORTED;
530 if (t_dm_satisfies_version(1, 11, 0, crypt_maj, crypt_min, 0))
531 t_dm_crypt_flags |= T_DM_DISCARDS_SUPPORTED;
533 if (t_dm_satisfies_version(1, 13, 0, crypt_maj, crypt_min, 0))
534 t_dm_crypt_flags |= T_DM_TCW_SUPPORTED;
536 if (t_dm_satisfies_version(1, 14, 0, crypt_maj, crypt_min, 0)) {
537 t_dm_crypt_flags |= T_DM_SAME_CPU_CRYPT_SUPPORTED;
538 t_dm_crypt_flags |= T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED;
541 if (t_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch) && _keyring_check())
542 t_dm_crypt_flags |= T_DM_KERNEL_KEYRING_SUPPORTED;
544 if (t_dm_satisfies_version(1, 17, 0, crypt_maj, crypt_min, crypt_patch)) {
545 t_dm_crypt_flags |= T_DM_SECTOR_SIZE_SUPPORTED;
546 t_dm_crypt_flags |= T_DM_CAPI_STRING_SUPPORTED;
549 if (t_dm_satisfies_version(1, 19, 0, crypt_maj, crypt_min, crypt_patch))
550 t_dm_crypt_flags |= T_DM_BITLK_EBOIV_SUPPORTED;
552 if (t_dm_satisfies_version(1, 20, 0, crypt_maj, crypt_min, crypt_patch))
553 t_dm_crypt_flags |= T_DM_BITLK_ELEPHANT_SUPPORTED;
555 if (t_dm_satisfies_version(1, 22, 0, crypt_maj, crypt_min, crypt_patch))
556 t_dm_crypt_flags |= T_DM_CRYPT_NO_WORKQUEUE_SUPPORTED;
559 static void t_dm_set_verity_compat(const char *dm_version __attribute__((unused)),
562 unsigned verity_patch __attribute__((unused)))
565 t_dm_crypt_flags |= T_DM_VERITY_SUPPORTED;
569 * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1)
570 * ignore_zero_blocks since 1.3 (kernel 4.5)
571 * (but some dm-verity targets 1.2 don't support it)
572 * FEC is added in 1.3 as well.
574 if (t_dm_satisfies_version(1, 3, 0, verity_maj, verity_min, 0)) {
575 t_dm_crypt_flags |= T_DM_VERITY_ON_CORRUPTION_SUPPORTED;
576 t_dm_crypt_flags |= T_DM_VERITY_FEC_SUPPORTED;
579 if (t_dm_satisfies_version(1, 5, 0, verity_maj, verity_min, verity_patch))
580 t_dm_crypt_flags |= T_DM_VERITY_SIGNATURE_SUPPORTED;
582 if (t_dm_satisfies_version(1, 7, 0, verity_maj, verity_min, verity_patch))
583 t_dm_crypt_flags |= T_DM_VERITY_PANIC_CORRUPTION_SUPPORTED;
585 if (t_dm_satisfies_version(1, 9, 0, verity_maj, verity_min, verity_patch))
586 t_dm_crypt_flags |= T_DM_VERITY_TASKLETS_SUPPORTED;
589 static void t_dm_set_integrity_compat(const char *dm_version __attribute__((unused)),
590 unsigned integrity_maj __attribute__((unused)),
591 unsigned integrity_min __attribute__((unused)),
592 unsigned integrity_patch __attribute__((unused)))
594 if (integrity_maj > 0)
595 t_dm_crypt_flags |= T_DM_INTEGRITY_SUPPORTED;
597 if (t_dm_satisfies_version(1, 2, 0, integrity_maj, integrity_min, integrity_patch))
598 t_dm_crypt_flags |= T_DM_INTEGRITY_RECALC_SUPPORTED;
600 if (t_dm_satisfies_version(1, 3, 0, integrity_maj, integrity_min, integrity_patch))
601 t_dm_crypt_flags |= T_DM_INTEGRITY_BITMAP_SUPPORTED;
603 if (t_dm_satisfies_version(1, 4, 0, integrity_maj, integrity_min, integrity_patch))
604 t_dm_crypt_flags |= T_DM_INTEGRITY_FIX_PADDING_SUPPORTED;
606 if (t_dm_satisfies_version(1, 6, 0, integrity_maj, integrity_min, integrity_patch))
607 t_dm_crypt_flags |= T_DM_INTEGRITY_DISCARDS_SUPPORTED;
609 if (t_dm_satisfies_version(1, 7, 0, integrity_maj, integrity_min, integrity_patch))
610 t_dm_crypt_flags |= T_DM_INTEGRITY_FIX_HMAC_SUPPORTED;
612 if (t_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch))
613 t_dm_crypt_flags |= T_DM_INTEGRITY_RESET_RECALC_SUPPORTED;
616 int t_dm_check_versions(void)
619 struct dm_versions *target, *last_target;
623 if (!(dmt = dm_task_create(DM_DEVICE_LIST_VERSIONS)))
626 if (!dm_task_run(dmt))
629 if (!dm_task_get_driver_version(dmt, dm_version, sizeof(dm_version)))
632 target = dm_task_get_versions(dmt);
634 last_target = target;
635 if (!strcmp("crypt", target->name)) {
636 t_dm_set_crypt_compat(dm_version,
637 (unsigned)target->version[0],
638 (unsigned)target->version[1],
639 (unsigned)target->version[2]);
640 } else if (!strcmp("verity", target->name)) {
641 t_dm_set_verity_compat(dm_version,
642 (unsigned)target->version[0],
643 (unsigned)target->version[1],
644 (unsigned)target->version[2]);
645 } else if (!strcmp("integrity", target->name)) {
646 t_dm_set_integrity_compat(dm_version,
647 (unsigned)target->version[0],
648 (unsigned)target->version[1],
649 (unsigned)target->version[2]);
651 target = VOIDP_CAST(struct dm_versions *)((char *) target + target->next);
652 } while (last_target != target);
657 dm_task_destroy(dmt);
662 int t_dm_crypt_keyring_support(void)
664 return t_dm_crypt_flags & T_DM_KERNEL_KEYRING_SUPPORTED;
667 int t_dm_crypt_cpu_switch_support(void)
669 return t_dm_crypt_flags & (T_DM_SAME_CPU_CRYPT_SUPPORTED |
670 T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED);
673 int t_dm_crypt_discard_support(void)
675 return t_dm_crypt_flags & T_DM_DISCARDS_SUPPORTED;
678 int t_dm_integrity_resize_support(void)
680 return t_dm_crypt_flags & T_DM_INTEGRITY_RESIZE_SUPPORTED;
683 int t_dm_integrity_recalculate_support(void)
685 return t_dm_crypt_flags & T_DM_INTEGRITY_RECALC_SUPPORTED;
688 int t_dm_capi_string_supported(void)
690 return t_dm_crypt_flags & T_DM_CAPI_STRING_SUPPORTED;
695 #define LOOP_DEV_MAJOR 7
697 #ifndef LO_FLAGS_AUTOCLEAR
698 #define LO_FLAGS_AUTOCLEAR 4
701 #ifndef LOOP_CTL_GET_FREE
702 #define LOOP_CTL_GET_FREE 0x4C82
705 #ifndef LOOP_SET_CAPACITY
706 #define LOOP_SET_CAPACITY 0x4C07
709 int loop_device(const char *loop)
716 if (stat(loop, &st) || !S_ISBLK(st.st_mode) ||
717 major(st.st_rdev) != LOOP_DEV_MAJOR)
723 static char *crypt_loop_get_device_old(void)
727 struct loop_info64 lo64 = {0};
729 for (i = 0; i < 256; i++) {
730 sprintf(dev, "/dev/loop%d", i);
732 loop_fd = open(dev, O_RDONLY);
736 if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) &&
747 static char *crypt_loop_get_device(void)
753 loop_fd = open("/dev/loop-control", O_RDONLY);
755 return crypt_loop_get_device_old();
757 i = ioctl(loop_fd, LOOP_CTL_GET_FREE);
764 if (sprintf(dev, "/dev/loop%d", i) < 0)
767 if (stat(dev, &st) || !S_ISBLK(st.st_mode))
773 int loop_attach(char **loop, const char *file, int offset,
774 int autoclear, int *readonly)
776 struct loop_config config = {0};
778 int loop_fd = -1, file_fd = -1, r = 1;
783 file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
784 if (file_fd < 0 && (errno == EROFS || errno == EACCES) && !*readonly) {
786 file_fd = open(file, O_RDONLY | O_EXCL);
793 lo_file_name = (char*)config.info.lo_file_name;
794 lo_file_name[LO_NAME_SIZE-1] = '\0';
795 strncpy(lo_file_name, file, LO_NAME_SIZE-1);
796 config.info.lo_offset = offset;
798 config.info.lo_flags |= LO_FLAGS_AUTOCLEAR;
800 while (loop_fd < 0) {
801 *loop = crypt_loop_get_device();
805 loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
808 if (ioctl(loop_fd, LOOP_CONFIGURE, &config) < 0) {
809 if (errno == EINVAL || errno == ENOTTY) {
816 /* kernel doesn't support LOOP_CONFIGURE */
832 while (loop_fd < 0) {
833 *loop = crypt_loop_get_device();
837 loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
840 if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) {
851 if (ioctl(loop_fd, LOOP_SET_STATUS64, &config.info) < 0) {
852 (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
857 /* Verify that autoclear is really set */
859 memset(&config.info, 0, sizeof(config.info));
860 if (ioctl(loop_fd, LOOP_GET_STATUS64, &config.info) < 0 ||
861 !(config.info.lo_flags & LO_FLAGS_AUTOCLEAR)) {
862 (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
869 if (r && loop_fd >= 0)
877 return r ? -1 : loop_fd;
880 int loop_detach(const char *loop)
882 int loop_fd = -1, r = 1;
884 loop_fd = open(loop, O_RDONLY);
888 if (!ioctl(loop_fd, LOOP_CLR_FD, 0))
895 int t_get_devno(const char *name, dev_t *devno)
901 r = snprintf(path, sizeof(path), DMDIR "%s", name);
902 if (r < 0 || (size_t)r >= sizeof(path))
905 if (stat(path, &st) || !S_ISBLK(st.st_mode))
913 static int _read_uint64(const char *sysfs_path, uint64_t *value)
918 if ((fd = open(sysfs_path, O_RDONLY)) < 0)
920 r = read(fd, tmp, sizeof(tmp));
926 if (sscanf(tmp, "%" PRIu64, value) != 1)
932 static int _sysfs_get_uint64(int major, int minor, uint64_t *value, const char *attr)
936 if (snprintf(path, sizeof(path), "/sys/dev/block/%d:%d/%s",
937 major, minor, attr) < 0)
940 return _read_uint64(path, value);
943 int t_device_size_by_devno(dev_t devno, uint64_t *retval)
945 if (!_sysfs_get_uint64(major(devno), minor(devno), retval, "size"))