X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=tests%2Fdevice-test;h=0898b455289d78f6971385ccb0c6271d1932cde2;hb=322b430a2589cdc7985e98a14ec12322b91c9d5e;hp=1a6c8d20039cbb26f6648fdc4797d368174e1346;hpb=ad21d48762fa70838d4ab4fbe8fe2a2e8a4dcef1;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/tests/device-test b/tests/device-test index 1a6c8d2..0898b45 100755 --- a/tests/device-test +++ b/tests/device-test @@ -1,13 +1,17 @@ #!/bin/bash -CRYPTSETUP="../src/cryptsetup" +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup MNT_DIR="./mnt_luks" DEV_NAME="dummy" +DEV_NAME2="ymmud" PWD1="93R4P4pIqAH8" PWD2="mymJeD8ivEhE" +FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" +SKIP_COUNT=0 cleanup() { - [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME udevadm settle >/dev/null 2>&1 if [ -d "$MNT_DIR" ] ; then umount -f $MNT_DIR 2>/dev/null @@ -18,7 +22,9 @@ cleanup() { fail() { - if [ -n "$1" ] ; then echo "FAIL $1" ; else echo "FAIL" ; fi + [ -n "$1" ] && echo "FAIL $1" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done cleanup exit 100 } @@ -27,14 +33,56 @@ skip() { echo "TEST SKIPPED: $1" cleanup - exit 0 + exit 77 } -format() # key_bits expected [forced] +function dm_crypt_features() { - dd if=/dev/zero of=$DEV bs=1M count=5 >/dev/null 2>&1 + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." - echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c aes-cbc-essiv:sha256 + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + VER_PTC=$(echo $VER_STR | cut -f 3 -d.) + + [ $VER_MAJ -lt 1 ] && return + [ $VER_MAJ -gt 1 ] && { + DM_PERF_CPU=1 + DM_SECTOR_SIZE=1 + test -d /proc/sys/kernel/keys && DM_KEYRING=1 + return + } + + [ $VER_MIN -lt 14 ] && return + DM_PERF_CPU=1 + if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then + DM_SECTOR_SIZE=1 + fi + if [ $VER_MIN -gt 18 -o \( $VER_MIN -eq 18 -a $VER_PTC -ge 1 \) ]; then + test -d /proc/sys/kernel/keys && DM_KEYRING=1 + fi +} + +function dm_crypt_keyring_support() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + + # run the test with dm-crypt v1.15.0+ on purpose + # the fix is in dm-crypt v1.18.1+ + [ $VER_MAJ -gt 1 ] && return 0 + [ $VER_MAJ -lt 1 ] && return 1 + [ $VER_MIN -ge 15 ] +} + +format() # format +{ + dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1 + + echo $PWD1 | $CRYPTSETUP luksFormat --type $1 $DEV -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256 [ $? -ne 0 ] && fail "Format failed." # test some operation, just in case @@ -45,32 +93,54 @@ format() # key_bits expected [forced] [ $? -ne 0 ] && fail "Keyslot removal failed." } +check_sector_size() # $1 expected sector size +{ + $CRYPTSETUP status $DEV_NAME | grep "sector size" | grep -q $1 || fail + if [ $S -gt 512 ]; then + dmsetup table $DEV_NAME | grep -q "sector_size:$1" || fail + fi +} + if [ $(id -u) != 0 ]; then - echo "WARNING: You must be root to run this test, test skipped." - exit 0 + skip "You must be root to run this test, test skipped." fi +dm_crypt_features + [ ! -d $MNT_DIR ] && mkdir $MNT_DIR echo "[1] Using tmpfs for image" DEV="$MNT_DIR/test.img" mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available." -format +format luks1 -echo "[2] Kernel dmcrypt performace options" -echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt >/dev/null 2>&1 -if [ $? -ne 0 ] ; then +echo "[2] Kernel dmcrypt performance options" +if [ -z "$DM_PERF_CPU" ]; then echo "TEST SKIPPED: dmcrypt options not available" + SKIP_COUNT=$((SKIP_COUNT+1)) else - $CRYPTSETUP close $DEV_NAME || fail # plain - echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail $CRYPTSETUP close $DEV_NAME || fail - echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + $CRYPTSETUP close $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail + # Hash affects volume key for plain device. Check we can detect it + echo -e "$PWD1" | $CRYPTSETUP refresh -q $DEV_NAME --hash sha512 --perf-same_cpu_crypt --allow-discards 2>/dev/null && fail $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --allow-discards || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail + echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards && fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail + echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 $DEV $DEV_NAME2 2>/dev/null && fail $CRYPTSETUP close $DEV_NAME || fail # LUKS echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail @@ -81,6 +151,115 @@ else $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail $CRYPTSETUP status $DEV_NAME | grep -q discards || fail $CRYPTSETUP close $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards --perf-same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards && fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail + $CRYPTSETUP close $DEV_NAME || fail + + format luks2 + echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail + $CRYPTSETUP close $DEV_NAME || fail + # Stored in metadata + echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail + $CRYPTSETUP close $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + $CRYPTSETUP close $DEV_NAME || fail + echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + $CRYPTSETUP close $DEV_NAME || fail + + echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --persistent || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail + $CRYPTSETUP status $DEV_NAME | grep -q discards && fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-submit_from_crypt_cpus || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail + $CRYPTSETUP status $DEV_NAME | grep -q discards || fail + $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --persistent || fail + $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail + $CRYPTSETUP status $DEV_NAME | grep -q discards && fail + $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --disable-keyring || fail + $CRYPTSETUP status $DEV_NAME | grep -q keyring && fail + if [ -n "$DM_KEYRING" ]; then + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME | grep -q keyring || fail + fi + echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail + $CRYPTSETUP close $DEV_NAME || fail +fi + +echo "[3] Kernel dmcrypt sector size options" +echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 4096 >/dev/null 2>&1 +ret=$? +[ -z "$DM_SECTOR_SIZE" -a $ret -eq 0 ] && fail "cryptsetup activated device with --sector-size option on incompatible kernel!" +if [ $ret -ne 0 ] ; then + SKIP_COUNT=$((SKIP_COUNT+1)) + if [ $SKIP_COUNT -ge 2 ]; then + skip "dmcrypt sector-size option not available" + fi + echo "TEST SKIPPED: dmcrypt sector-size option not available" +else + $CRYPTSETUP close $DEV_NAME || fail + + echo -n "PLAIN sector size:" + echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail + for S in 512 1024 2048 4096; do + echo -n "[$S]" + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S || fail + check_sector_size $S + $CRYPTSETUP close $DEV_NAME || fail + done + + echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --iv-large-sectors >/dev/null 2>&1 && fail + for S in 1024 2048 4096; do + echo -n "[$S/IV]" + echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S --iv-large-sectors || fail + check_sector_size $S + dmsetup table $DEV_NAME | grep -q "iv_large_sectors" || fail + $CRYPTSETUP close $DEV_NAME || fail + done + echo + + echo -n "LUKS2 sector size:" + echo -e "$PWD1" | $CRYPTSETUP luksFormat --type luks2 -$DEV --sector-size 1234 >/dev/null 2>&1 && fail + for S in 512 1024 2048 4096; do + echo -n "[$S]" + echo -e "$PWD1" | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 1000 $DEV --sector-size $S || fail + echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail + check_sector_size $S + $CRYPTSETUP close $DEV_NAME || fail + done + echo fi cleanup