X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=tests%2Fkeyring-compat-test;h=ea88c21011aea82637fc53739e618f55cdcb05f4;hb=6497abd1df88001eb1f45f7348534911b33d05b5;hp=7a49936e2b9b27c86873c1cdfdfd6f9647d5a1d4;hpb=f7fc3bb4e50cce23dd95111b246b6e034537e2cf;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/tests/keyring-compat-test b/tests/keyring-compat-test index 7a49936..ea88c21 100755 --- a/tests/keyring-compat-test +++ b/tests/keyring-compat-test @@ -21,12 +21,15 @@ NAME=testcryptdev CHKS_DMCRYPT=vk_in_dmcrypt.chk CHKS_KEYRING=vk_in_keyring.chk -PWD="aaa" +PWD="aaablabl" [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup -[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + +FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) function remove_mapping() { @@ -35,7 +38,7 @@ function remove_mapping() # unlink whole test keyring [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null - rmmod scsi_debug 2>/dev/null + rmmod scsi_debug >/dev/null 2>&1 rm -f $CHKS_DMCRYPT $CHKS_KEYRING } @@ -47,6 +50,18 @@ function skip() exit 77 } +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + function fail() { [ -n "$1" ] && echo "$1" @@ -92,11 +107,17 @@ function test_and_prepare_keyring() { function fips_mode() { - [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] + [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ] } add_device() { - modprobe scsi_debug $@ delay=0 + rmmod scsi_debug >/dev/null 2>&1 + if [ -d /sys/module/scsi_debug ] ; then + echo "Cannot use scsi_debug module (in use or compiled-in), test skipped." + exit 77 + fi + + modprobe scsi_debug $@ delay=0 >/dev/null 2>&1 if [ $? -ne 0 ] ; then echo "This kernel seems to not support proper scsi_debug module, test skipped." exit 77 @@ -109,12 +130,14 @@ add_device() { [ -b $DEV ] || fail "Cannot find $DEV." } +[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." -which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped" -which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped" -which xxd >/dev/null 2>&1 || skip "Cannot find xxd, test skipped" -which sha1sum > /dev/null 2>&1 || skip "Cannot find sha1sum, test skipped" -modprobe dm-crypt || fail "dm-crypt failed to load" +command -v dmsetup >/dev/null || skip "Cannot find dmsetup, test skipped" +command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped" +command -v xxd >/dev/null || skip "Cannot find xxd, test skipped" +command -v sha256sum >/dev/null || skip "Cannot find sha256sum, test skipped" +modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load" dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped." test_and_prepare_keyring @@ -126,23 +149,23 @@ dd if=/dev/urandom of=$DEV bs=1M count=$DEVSIZEMB oflag=direct > /dev/null 2>&1 #test aes cipher with xts mode, plain IV echo -n "Testing $CIPHER_XTS_PLAIN..." dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail +sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail dmsetup remove --retry $NAME || fail load_key "$HEXKEY_32" logon $LOGON_KEY_32_OK "$TEST_KEYRING" || fail "Cannot load 32 byte logon key type" dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN :32:logon:$LOGON_KEY_32_OK 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail +sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail dmsetup remove --retry $NAME || fail diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)" # same test using message dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail +sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail dmsetup remove --retry $NAME || fail dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail dmsetup suspend $NAME || fail dmsetup message $NAME 0 key wipe || fail dmsetup message $NAME 0 "key set :32:logon:$LOGON_KEY_32_OK" || fail dmsetup resume $NAME || fail -sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail +sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail dmsetup remove --retry $NAME || fail diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)" echo "OK" @@ -150,23 +173,23 @@ echo "OK" #test aes cipher, xts mode, essiv IV echo -n "Testing $CIPHER_CBC_ESSIV..." dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail +sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail dmsetup remove --retry $NAME || fail load_key "$HEXKEY_16" logon $LOGON_KEY_16_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type" dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV :16:logon:$LOGON_KEY_16_OK 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail +sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail dmsetup remove --retry $NAME || fail diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)" # same test using message dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail +sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail dmsetup remove --retry $NAME || fail dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail dmsetup suspend $NAME || fail dmsetup message $NAME 0 key wipe || fail dmsetup message $NAME 0 "key set :16:logon:$LOGON_KEY_16_OK" || fail dmsetup resume $NAME || fail -sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail +sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail dmsetup remove --retry $NAME || fail diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)" echo "OK" @@ -175,23 +198,23 @@ echo "OK" fips_mode || { echo -n "Testing $CIPHER_CBC_TCW..." dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail +sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail dmsetup remove --retry $NAME || fail load_key "$HEXKEY_64" logon $LOGON_KEY_64_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type" dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW :64:logon:$LOGON_KEY_64_OK 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail +sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail dmsetup remove --retry $NAME || fail diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)" # same test using message dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail -sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail +sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail dmsetup remove --retry $NAME || fail dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail dmsetup suspend $NAME || fail dmsetup message $NAME 0 key wipe || fail dmsetup message $NAME 0 "key set :64:logon:$LOGON_KEY_64_OK" || fail dmsetup resume $NAME || fail -sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail +sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail dmsetup remove --retry $NAME || fail diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)" echo "OK" @@ -201,10 +224,10 @@ echo -n "Test LUKS2 key refresh..." echo $PWD | $CRYPTSETUP luksFormat --type luks2 --luks2-metadata-size 16k --luks2-keyslots-size 4064k --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --force-password $DEV || fail echo $PWD | $CRYPTSETUP open $DEV $NAME || fail $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" || skip "LUKS2 can't use keyring. Test skipped." -dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_KEYRING || fail +dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_KEYRING || fail echo $PWD | $CRYPTSETUP refresh $NAME --disable-keyring || fail $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" && fail "Key is still in keyring" -dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_DMCRYPT || fail +dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_DMCRYPT || fail diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)" echo "OK"