2 * cryptsetup library API test utilities
4 * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2009-2021 Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #include <libdevmapper.h>
28 #include <sys/ioctl.h>
30 #include <sys/types.h>
33 # include <linux/keyctl.h>
34 # include <sys/syscall.h>
36 #ifdef HAVE_SYS_SYSMACROS_H
37 # include <sys/sysmacros.h>
39 #include <linux/loop.h>
42 #include "libcryptsetup.h"
44 static char last_error[256];
45 static char global_log[4096];
46 static uint32_t t_dm_crypt_flags = 0;
48 char *THE_LOOP_DEV = NULL;
53 uint64_t t_dev_offset = 0;
55 static void (*_cleanup)(void);
57 void register_cleanup(void (*cleanup)(void))
62 void check_ok(int status, int line, const char *func)
65 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error);
71 void check_ok_return(int status, int line, const char *func)
74 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error);
80 void check_ko(int status, int line, const char *func)
83 printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error);
87 printf(" => errno %d, errmsg: %s\n", status, last_error);
90 void check_equal(int line, const char *func, int64_t x, int64_t y)
92 printf("FAIL line %d [%s]: expected equal values differs: %"
93 PRIi64 " != %" PRIi64 "\n", line, func, x, y);
98 void check_ge_equal(int line, const char *func, int64_t x, int64_t y)
100 printf("FAIL line %d [%s]: expected greater or equal values differs: %"
101 PRIi64 " < %" PRIi64 "\n", line, func, x, y);
106 void check_null(int line, const char *func, const void *x)
109 printf("FAIL line %d [%s]: expected NULL value: %p\n", line, func, x);
115 void check_notnull(int line, const char *func, const void *x)
118 printf("FAIL line %d [%s]: expected not NULL value: %p\n", line, func, x);
124 void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt)
128 printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt);
130 printf(" [%s,%s:%d] %s\n", msg, func, line, tst);
134 printf("Interrupted by a signal.\n");
140 int t_device_size(const char *device, uint64_t *size)
144 devfd = open(device, O_RDONLY);
148 if (ioctl(devfd, BLKGETSIZE64, size) < 0)
159 fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
164 if (read(fd, &buf, 1) != 1)
173 * Creates dm-linear target over the test loop device. Offset is held in
174 * global variables so that size can be tested whether it fits into remaining
175 * size of the loop device or not
177 int create_dmdevice_over_loop(const char *dm_name, const uint64_t size)
183 if (t_device_size(THE_LOOP_DEV, &r_size) < 0 || r_size <= t_dev_offset || !size)
185 if ((r_size - t_dev_offset) < size) {
186 printf("No enough space on backing loop device\n.");
189 snprintf(cmd, sizeof(cmd),
190 "dmsetup create %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"",
191 dm_name, size, THE_LOOP_DEV, t_dev_offset);
192 if (!(r = _system(cmd, 1)))
193 t_dev_offset += size;
197 // Get key from kernel dm mapping table using dm-ioctl
198 int get_key_dm(const char *name, char *buffer, unsigned int buffer_size)
202 uint64_t start, length;
203 char *target_type, *key, *params;
207 if (!(dmt = dm_task_create(DM_DEVICE_TABLE)))
209 if (!dm_task_set_name(dmt, name))
211 if (!dm_task_run(dmt))
213 if (!dm_task_get_info(dmt, &dmi))
218 next = dm_get_next_target(dmt, next, &start, &length, &target_type, ¶ms);
219 if (!target_type || strcmp(target_type, "crypt") != 0)
222 (void)strsep(¶ms, " "); /* rcipher */
223 key = strsep(¶ms, " ");
225 if (buffer_size <= strlen(key))
228 strncpy(buffer, key, buffer_size);
232 dm_task_destroy(dmt);
237 int prepare_keyfile(const char *name, const char *passphrase, int size)
241 fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR|S_IWUSR);
243 r = write(fd, passphrase, size);
248 return r == size ? 0 : 1;
251 // Decode key from its hex representation
252 int crypt_decode_key(char *key, const char *hex, unsigned int size)
260 for (i = 0; i < size; i++) {
264 key[i] = (unsigned char)strtoul(buffer, &endp, 16);
266 if (endp != &buffer[2])
276 void global_log_callback(int level, const char *msg, void *usrptr)
281 if (level == CRYPT_LOG_DEBUG)
282 fprintf(stdout, "# %s", msg);
284 fprintf(stdout, "%s", msg);
287 if (level <= CRYPT_LOG_DEBUG)
290 len = strlen(global_log);
292 if (len + strlen(msg) > sizeof(global_log)) {
293 printf("Log buffer is too small, fix the test.\n");
297 strncat(global_log, msg, sizeof(global_log) - len);
299 if (level == CRYPT_LOG_ERROR) {
301 if (len > sizeof(last_error))
302 len = sizeof(last_error);
303 strncpy(last_error, msg, sizeof(last_error));
304 last_error[len-1] = '\0';
310 memset(global_log, 0, sizeof(global_log));
311 memset(last_error, 0, sizeof(last_error));
315 int _system(const char *command, int warn)
319 printf("Running system: %s\n", command);
320 if ((r=system(command)) < 0 && warn)
321 printf("System command failed: %s", command);
325 static int keyring_check(void)
327 #ifdef KERNEL_KEYRING
328 return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS;
334 static int t_dm_satisfies_version(unsigned target_maj, unsigned target_min, unsigned target_patch,
335 unsigned actual_maj, unsigned actual_min, unsigned actual_patch)
337 if (actual_maj > target_maj)
339 if (actual_maj == target_maj && actual_min > target_min)
341 if (actual_maj == target_maj && actual_min == target_min && actual_patch >= target_patch)
346 static void t_dm_set_crypt_compat(const char *dm_version, unsigned crypt_maj,
347 unsigned crypt_min, unsigned crypt_patch)
349 unsigned dm_maj = 0, dm_min = 0, dm_patch = 0;
351 if (sscanf(dm_version, "%u.%u.%u", &dm_maj, &dm_min, &dm_patch) != 3) {
357 if (t_dm_satisfies_version(1, 2, 0, crypt_maj, crypt_min, 0))
358 t_dm_crypt_flags |= T_DM_KEY_WIPE_SUPPORTED;
360 if (t_dm_satisfies_version(1, 10, 0, crypt_maj, crypt_min, 0))
361 t_dm_crypt_flags |= T_DM_LMK_SUPPORTED;
363 if (t_dm_satisfies_version(4, 20, 0, dm_maj, dm_min, 0))
364 t_dm_crypt_flags |= T_DM_SECURE_SUPPORTED;
366 if (t_dm_satisfies_version(1, 8, 0, crypt_maj, crypt_min, 0))
367 t_dm_crypt_flags |= T_DM_PLAIN64_SUPPORTED;
369 if (t_dm_satisfies_version(1, 11, 0, crypt_maj, crypt_min, 0))
370 t_dm_crypt_flags |= T_DM_DISCARDS_SUPPORTED;
372 if (t_dm_satisfies_version(1, 13, 0, crypt_maj, crypt_min, 0))
373 t_dm_crypt_flags |= T_DM_TCW_SUPPORTED;
375 if (t_dm_satisfies_version(1, 14, 0, crypt_maj, crypt_min, 0)) {
376 t_dm_crypt_flags |= T_DM_SAME_CPU_CRYPT_SUPPORTED;
377 t_dm_crypt_flags |= T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED;
380 if (t_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch) && keyring_check())
381 t_dm_crypt_flags |= T_DM_KERNEL_KEYRING_SUPPORTED;
384 static void t_dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
385 unsigned verity_min, unsigned verity_patch)
388 t_dm_crypt_flags |= T_DM_VERITY_SUPPORTED;
392 * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1)
393 * ignore_zero_blocks since 1.3 (kernel 4.5)
394 * (but some dm-verity targets 1.2 don't support it)
395 * FEC is added in 1.3 as well.
397 if (t_dm_satisfies_version(1, 3, 0, verity_maj, verity_min, 0)) {
398 t_dm_crypt_flags |= T_DM_VERITY_ON_CORRUPTION_SUPPORTED;
399 t_dm_crypt_flags |= T_DM_VERITY_FEC_SUPPORTED;
403 static void t_dm_set_integrity_compat(const char *dm_version, unsigned integrity_maj,
404 unsigned integrity_min, unsigned integrity_patch)
406 if (integrity_maj > 0)
407 t_dm_crypt_flags |= T_DM_INTEGRITY_SUPPORTED;
410 int t_dm_check_versions(void)
413 struct dm_versions *target, *last_target;
417 if (!(dmt = dm_task_create(DM_DEVICE_LIST_VERSIONS)))
420 if (!dm_task_run(dmt))
423 if (!dm_task_get_driver_version(dmt, dm_version, sizeof(dm_version)))
426 target = dm_task_get_versions(dmt);
428 last_target = target;
429 if (!strcmp("crypt", target->name)) {
430 t_dm_set_crypt_compat(dm_version,
431 (unsigned)target->version[0],
432 (unsigned)target->version[1],
433 (unsigned)target->version[2]);
434 } else if (!strcmp("verity", target->name)) {
435 t_dm_set_verity_compat(dm_version,
436 (unsigned)target->version[0],
437 (unsigned)target->version[1],
438 (unsigned)target->version[2]);
439 } else if (!strcmp("integrity", target->name)) {
440 t_dm_set_integrity_compat(dm_version,
441 (unsigned)target->version[0],
442 (unsigned)target->version[1],
443 (unsigned)target->version[2]);
445 target = (struct dm_versions *)((char *) target + target->next);
446 } while (last_target != target);
451 dm_task_destroy(dmt);
456 int t_dm_crypt_keyring_support(void)
458 return t_dm_crypt_flags & T_DM_KERNEL_KEYRING_SUPPORTED;
461 int t_dm_crypt_cpu_switch_support(void)
463 return t_dm_crypt_flags & (T_DM_SAME_CPU_CRYPT_SUPPORTED |
464 T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED);
467 int t_dm_crypt_discard_support(void)
469 return t_dm_crypt_flags & T_DM_DISCARDS_SUPPORTED;
474 #define LOOP_DEV_MAJOR 7
476 #ifndef LO_FLAGS_AUTOCLEAR
477 #define LO_FLAGS_AUTOCLEAR 4
480 #ifndef LOOP_CTL_GET_FREE
481 #define LOOP_CTL_GET_FREE 0x4C82
484 #ifndef LOOP_SET_CAPACITY
485 #define LOOP_SET_CAPACITY 0x4C07
488 int loop_device(const char *loop)
495 if (stat(loop, &st) || !S_ISBLK(st.st_mode) ||
496 major(st.st_rdev) != LOOP_DEV_MAJOR)
502 static char *crypt_loop_get_device_old(void)
506 struct loop_info64 lo64 = {0};
508 for (i = 0; i < 256; i++) {
509 sprintf(dev, "/dev/loop%d", i);
511 loop_fd = open(dev, O_RDONLY);
515 if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) &&
526 static char *crypt_loop_get_device(void)
532 loop_fd = open("/dev/loop-control", O_RDONLY);
534 return crypt_loop_get_device_old();
536 i = ioctl(loop_fd, LOOP_CTL_GET_FREE);
543 if (sprintf(dev, "/dev/loop%d", i) < 0)
546 if (stat(dev, &st) || !S_ISBLK(st.st_mode))
552 int loop_attach(char **loop, const char *file, int offset,
553 int autoclear, int *readonly)
555 struct loop_info64 lo64 = {0};
557 int loop_fd = -1, file_fd = -1, r = 1;
561 file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
562 if (file_fd < 0 && (errno == EROFS || errno == EACCES) && !*readonly) {
564 file_fd = open(file, O_RDONLY | O_EXCL);
569 while (loop_fd < 0) {
570 *loop = crypt_loop_get_device();
574 loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
578 if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) {
589 lo_file_name = (char*)lo64.lo_file_name;
590 lo_file_name[LO_NAME_SIZE-1] = '\0';
591 strncpy(lo_file_name, file, LO_NAME_SIZE-1);
592 lo64.lo_offset = offset;
594 lo64.lo_flags |= LO_FLAGS_AUTOCLEAR;
596 if (ioctl(loop_fd, LOOP_SET_STATUS64, &lo64) < 0) {
597 (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
601 /* Verify that autoclear is really set */
603 memset(&lo64, 0, sizeof(lo64));
604 if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) < 0 ||
605 !(lo64.lo_flags & LO_FLAGS_AUTOCLEAR)) {
606 (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
613 if (r && loop_fd >= 0)
621 return r ? -1 : loop_fd;
624 int loop_detach(const char *loop)
626 int loop_fd = -1, r = 1;
628 loop_fd = open(loop, O_RDONLY);
632 if (!ioctl(loop_fd, LOOP_CLR_FD, 0))