3 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
4 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
10 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
14 [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
15 udevadm settle >/dev/null 2>&1
16 if [ -d "$MNT_DIR" ] ; then
17 umount -f $MNT_DIR 2>/dev/null
18 rmdir $MNT_DIR 2>/dev/null
25 [ -n "$1" ] && echo "FAIL $1"
26 echo "FAILED backtrace:"
27 while caller $frame; do ((frame++)); done
34 echo "TEST SKIPPED: $1"
39 function dm_crypt_features()
41 VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
42 [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
44 VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
45 VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
46 VER_PTC=$(echo $VER_STR | cut -f 3 -d.)
48 [ $VER_MAJ -lt 1 ] && return
49 [ $VER_MAJ -gt 1 ] && {
52 test -d /proc/sys/kernel/keys && DM_KEYRING=1
56 [ $VER_MIN -lt 14 ] && return
58 if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then
61 if [ $VER_MIN -gt 18 -o \( $VER_MIN -eq 18 -a $VER_PTC -ge 1 \) ]; then
62 test -d /proc/sys/kernel/keys && DM_KEYRING=1
66 function dm_crypt_keyring_support()
68 VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
69 [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
71 VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
72 VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
74 # run the test with dm-crypt v1.15.0+ on purpose
75 # the fix is in dm-crypt v1.18.1+
76 [ $VER_MAJ -gt 1 ] && return 0
77 [ $VER_MAJ -lt 1 ] && return 1
83 dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1
85 echo $PWD1 | $CRYPTSETUP luksFormat --type $1 $DEV -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256
86 [ $? -ne 0 ] && fail "Format failed."
88 # test some operation, just in case
89 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1
90 [ $? -ne 0 ] && fail "Keyslot add failed."
92 $CRYPTSETUP -q luksKillSlot $DEV 1
93 [ $? -ne 0 ] && fail "Keyslot removal failed."
96 check_sector_size() # $1 expected sector size
98 $CRYPTSETUP status $DEV_NAME | grep "sector size" | grep -q $1 || fail
99 if [ $S -gt 512 ]; then
100 dmsetup table $DEV_NAME | grep -q "sector_size:$1" || fail
104 if [ $(id -u) != 0 ]; then
105 skip "You must be root to run this test, test skipped."
110 [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
112 echo "[1] Using tmpfs for image"
113 DEV="$MNT_DIR/test.img"
114 mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available."
117 echo "[2] Kernel dmcrypt performance options"
118 if [ -z "$DM_PERF_CPU" ]; then
119 echo "TEST SKIPPED: dmcrypt options not available"
120 SKIP_COUNT=$((SKIP_COUNT+1))
123 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
124 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
125 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
126 $CRYPTSETUP close $DEV_NAME || fail
127 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
128 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
129 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
130 $CRYPTSETUP close $DEV_NAME || fail
131 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME || fail
132 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
133 # Hash affects volume key for plain device. Check we can detect it
134 echo -e "$PWD1" | $CRYPTSETUP refresh -q $DEV_NAME --hash sha512 --perf-same_cpu_crypt --allow-discards 2>/dev/null && fail
135 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
136 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
137 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --allow-discards || fail
138 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
139 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
140 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME || fail
141 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
142 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
143 echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 $DEV $DEV_NAME2 2>/dev/null && fail
144 $CRYPTSETUP close $DEV_NAME || fail
146 echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
147 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
148 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
149 $CRYPTSETUP close $DEV_NAME || fail
150 echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
151 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
152 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
153 $CRYPTSETUP close $DEV_NAME || fail
154 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
155 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards || fail
156 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
157 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
158 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards --perf-same_cpu_crypt || fail
159 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
160 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
161 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
162 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
163 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
164 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
165 $CRYPTSETUP close $DEV_NAME || fail
168 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail
169 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
170 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
171 $CRYPTSETUP close $DEV_NAME || fail
173 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
174 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
175 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
176 $CRYPTSETUP close $DEV_NAME || fail
177 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail
178 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
179 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
180 $CRYPTSETUP close $DEV_NAME || fail
181 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
182 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
183 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
184 $CRYPTSETUP close $DEV_NAME || fail
186 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --persistent || fail
187 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
188 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
189 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail
190 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
191 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
192 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
193 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
194 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
195 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail
196 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
197 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
198 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
199 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
200 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
201 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-submit_from_crypt_cpus || fail
202 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
203 $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
204 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
205 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail
206 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail
207 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --persistent || fail
208 $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
209 $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
210 $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail
211 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --disable-keyring || fail
212 $CRYPTSETUP status $DEV_NAME | grep -q keyring && fail
213 if [ -n "$DM_KEYRING" ]; then
214 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail
215 $CRYPTSETUP status $DEV_NAME | grep -q keyring || fail
217 echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
218 $CRYPTSETUP close $DEV_NAME || fail
221 echo "[3] Kernel dmcrypt sector size options"
222 echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 4096 >/dev/null 2>&1
224 [ -z "$DM_SECTOR_SIZE" -a $ret -eq 0 ] && fail "cryptsetup activated device with --sector-size option on incompatible kernel!"
225 if [ $ret -ne 0 ] ; then
226 SKIP_COUNT=$((SKIP_COUNT+1))
227 if [ $SKIP_COUNT -ge 2 ]; then
228 skip "dmcrypt sector-size option not available"
230 echo "TEST SKIPPED: dmcrypt sector-size option not available"
232 $CRYPTSETUP close $DEV_NAME || fail
234 echo -n "PLAIN sector size:"
235 echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail
236 for S in 512 1024 2048 4096; do
238 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S || fail
240 $CRYPTSETUP close $DEV_NAME || fail
243 echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --iv-large-sectors >/dev/null 2>&1 && fail
244 for S in 1024 2048 4096; do
246 echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S --iv-large-sectors || fail
248 dmsetup table $DEV_NAME | grep -q "iv_large_sectors" || fail
249 $CRYPTSETUP close $DEV_NAME || fail
253 echo -n "LUKS2 sector size:"
254 echo -e "$PWD1" | $CRYPTSETUP luksFormat --type luks2 -$DEV --sector-size 1234 >/dev/null 2>&1 && fail
255 for S in 512 1024 2048 4096; do
257 echo -e "$PWD1" | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 1000 $DEV --sector-size $S || fail
258 echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
260 $CRYPTSETUP close $DEV_NAME || fail