Rename hash-start to hash-offset and switch to use bytes units.
[platform/upstream/cryptsetup.git] / tests / verity-compat-test
1 #!/bin/bash
2
3 VERITYSETUP=../src/veritysetup
4
5 DEV_NAME=verity3273
6 DEV_OUT="$DEV_NAME.out"
7 IMG=verity-data
8 IMG_HASH=verity-hash
9
10 function remove_mapping()
11 {
12         [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
13         [ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1
14         [ ! -z "$LOOPDEV2" ] && losetup -d $LOOPDEV2 >/dev/null 2>&1
15         rm -f $IMG $IMG_HASH $DEV_OUT >/dev/null 2>&1
16         LOOPDEV1=""
17         LOOPDEV2=""
18 }
19
20 function fail()
21 {
22         [ -n "$1" ] && echo "$1"
23         echo "FAILED"
24         [ -f $DEV_OUT ] && cat $DEV_OUT
25         remove_mapping
26         exit 2
27 }
28
29 function skip()
30 {
31         [ -n "$1" ] && echo "$1"
32         exit 0
33 }
34
35 function prepare() # $1 dev1_siz [$2 dev2_size]
36 {
37         remove_mapping
38
39         dd if=/dev/zero of=$IMG      bs=1k count=$1 >/dev/null 2>&1
40         LOOPDEV1=$(losetup -f 2>/dev/null)
41         [ -z "$LOOPDEV1" ] && fail "No free loop device"
42         losetup $LOOPDEV1 $IMG
43
44         [ -z "$2" ] && return
45         dd if=/dev/zero of=$IMG_HASH bs=1k count=$2 >/dev/null 2>&1
46         LOOPDEV2=$(losetup -f 2>/dev/null)
47         [ -z "$LOOPDEV2" ] && fail "No free loop device"
48         losetup $LOOPDEV2 $IMG_HASH
49 }
50
51 function wipe()
52 {
53         dd if=/dev/zero of=$LOOPDEV1 bs=256k >/dev/null 2>&1
54         dd if=/dev/zero of=$LOOPDEV2 bs=256k >/dev/null 2>&1
55         rm -f $DEV_OUT >/dev/null 2>&1
56 }
57
58 function check_exists()
59 {
60         [ -b /dev/mapper/$DEV_NAME ] || fail
61 }
62
63 function compare_out() # $1 what, $2 expected
64 {
65         OPT=$(grep -v "^#" $DEV_OUT | grep -i "$1" | sed -e s/.*\:\ // )
66         [ -z "$OPT" ] && fail
67         [ $OPT != $2 ] && fail "$1 differs ($2)"
68 }
69
70 function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset]
71 {
72         if [ -z "$LOOPDEV2" ] ; then
73                 BLOCKS=$(($6 / $1))
74                 DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \
75                            --hash-offset $6 \
76                            --data-blocks=$BLOCKS --debug"
77         else
78                 DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
79         fi
80
81         for sb in yes no; do
82         FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --hash=$5 --salt=$3"
83         if [ $sb == yes ] ; then
84                 VERIFY_PARAMS=""
85         else
86                 FORMAT_PAFAMS="$FORMAT_PARAMS --no-superlock"
87                 VERIFY_PARAMS=$FORMAT_PARAMS
88         fi
89
90         for fail in data hash; do
91         wipe
92         echo -n "V$4(sb=$sb) $5 block size $1: "
93         $VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT || fail
94
95         echo -n "[root hash]"
96         compare_out "root hash" $2
97         compare_out "salt" "$3"
98
99         $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 || fail
100         echo -n "[verify]"
101
102         $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2  >>$DEV_OUT 2>&1 || fail
103         check_exists
104         echo -n "[activate]"
105
106         dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null
107         dmsetup status $DEV_NAME | grep "verity V" >/dev/null || fail
108         echo -n "[in-kernel verify]"
109
110         $VERITYSETUP remove $DEV_NAME || fail
111
112         case $fail in
113         data)
114                 dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=3456 count=1 2>/dev/null
115                 TXT="data_dev"
116                 ;;
117         hash)
118                 if [ -z "$LOOPDEV2" ] ; then
119                         dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=$((8193 + $4)) count=1 2>/dev/null
120                 else
121                         dd if=/dev/urandom of=$LOOPDEV2 bs=1 seek=8193 count=1 2>/dev/null
122                 fi
123                 TXT="hash_dev"
124                 ;;
125         esac
126
127         $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 && \
128                 fail "userspace check for $TXT corruption"
129         $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 || \
130                 fail "activation"
131         dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null
132         dmsetup status $DEV_NAME | grep "verity V" >/dev/null && \
133                 fail "in-kernel check for $TXT corruption"
134         $VERITYSETUP remove $DEV_NAME || fail "deactivation"
135         echo "[$TXT corruption]"
136         done
137         done
138 }
139
140 function valgrind_setup()
141 {
142         which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
143         [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
144         #export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
145 }
146
147 function valgrind_run()
148 {
149         INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${VERITYSETUP} "$@"
150 }
151
152 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
153 [ ! -x "$VERITYSETUP" ] && skip "Cannot find $VERITYSETUP, test skipped."
154
155 [ -n "$VALG" ] && valgrind_setup && VERITYSETUP=valgrind_run
156
157 # VERITYSETUP tests
158
159 SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
160
161 echo "Verity tests [separate devices]"
162 prepare 8192 1024
163 check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256
164 check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256
165 check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256
166 # version 0
167 check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256
168 # no salt
169 check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256
170 # sha1
171 check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1
172 check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1
173
174 echo "Verity tests [one device offset]"
175 prepare $((8192 + 1024))
176 check_root_hash  512 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 $SALT 1 sha256 8388608
177 check_root_hash 1024 54d92778750495d1f80832b486ebd007617d746271511bbf0e295e143da2b3df $SALT 1 sha256 8388608
178 check_root_hash 4096 e522df0f97da4febb882ac40f30b37dc0b444bf6df418929463fa25280f09d5c $SALT 1 sha256 8388608
179 # version 0
180 check_root_hash 4096 cbbf4ebd004ef65e29b935bb635a39cf754d677f3fa10b0126da725bbdf10f7d $SALT 0 sha256 8388608
181 # no salt
182 check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4fb9bf - 1 sha256 8388608
183 # sha1
184 check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 8388608
185 check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 8388608
186
187 remove_mapping
188 exit 0