3 #turn on debug mode by following env. variable _DEBUG=1
6 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
7 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
9 CRYPTSETUP_VALGRIND=../.libs/cryptsetup
10 CRYPTSETUP_LIB_VALGRIND=../.libs
15 ORIG_IMG=luks2_valid_hdr.img
16 TST_IMGS=$START_DIR/luks2-images
22 [ -z "$srcdir" ] && srcdir="."
24 function remove_mapping()
26 rm -rf $IMG $TST_IMGS >/dev/null 2>&1
31 [ -n "$1" ] && echo "$1"
32 echo "FAILED backtrace:"
33 while caller $frame; do ((frame++)); done
47 [ -n "$1" ] && echo "$1"
51 function prepare() # $1 dev1_size
55 test -d $TST_IMGS || mkdir $TST_IMGS
57 test -e $ORIG_IMG || xz -dkc $srcdir/$ORIG_IMG.xz >$ORIG_IMG
58 cp $ORIG_IMG $TST_IMGS
66 test -z "$_DEBUG" || _debug="--debug"
70 if [ -n "$_debug" ]; then
71 $CRYPTSETUP luksDump $_debug $IMG
73 $CRYPTSETUP luksDump $_debug $IMG > /dev/null 2>&1
75 test $? -eq 0 || return 1
78 if [ -n "$_debug" ]; then
79 $CRYPTSETUP luksDump $_debug $IMG
81 $CRYPTSETUP luksDump $_debug $IMG > /dev/null 2>&1
83 test $? -ne 0 || return 1
86 fail "Internal test error"
93 echo -n "Test image: $1..."
94 cp $TST_IMGS/$1 $IMG || fail "Missing test image"
103 function valgrind_setup()
105 which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
106 [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
107 export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
110 function valgrind_run()
112 INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
115 [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
117 which jq >/dev/null 2>&1 || skip "Cannot find jq, test skipped."
121 echo "[0] Generating test headers"
123 for scr in ./generate-*.sh; do
124 echo -n "$(basename $scr)..."
125 $scr $TST_IMGS $TST_IMGS/$ORIG_IMG || fail "Header generator $scr failed: '$?'"
130 echo "[1] Test basic auto-recovery"
131 RUN luks2-invalid-checksum-hdr0.img "R" "Failed to recover from trivial header corruption at offset 0"
132 # TODO: check epoch is incresed after recovery
133 # TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
135 RUN luks2-invalid-checksum-hdr1.img "R" "Failed to recover from trivial header corruption at offset 16384"
136 # TODO: check epoch is incresed after recovery
137 # TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
139 RUN luks2-invalid-checksum-both-hdrs.img "F" "Failed to recognise corrupted header beyond repair"
141 echo "[2] Test ability to auto-correct mallformed json area"
142 RUN luks2-corrupted-hdr0-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 512"
143 # TODO: check epoch is incresed after recovery
144 # TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
146 RUN luks2-corrupted-hdr1-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 16896"
147 # TODO: check epoch is incresed after recovery
148 # TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
150 RUN luks2-correct-full-json0.img "R" "Failed to parse full and correct json area"
151 # TODO: detect noop (norecovery, epoch untouched)
152 # TODO: check epoch is NOT incresed after recovery of secondary header
154 # these tests auto-correct json in-memory only. It'll get fixed on-disk after write operation
155 RUN luks2-argon2-leftover-params.img "R" "Failed to repair keyslot with old argon2 parameters."
156 RUN luks2-pbkdf2-leftover-params-0.img "R" "Failed to repair keyslot with old pbkdf2 parameters."
157 RUN luks2-pbkdf2-leftover-params-1.img "R" "Failed to repair keyslot with old pbkdf2 parameters."
159 # Secondary header is always broken in following tests
160 echo "[3] Test LUKS2 json area restrictions"
161 RUN luks2-non-null-byte-beyond-json0.img "F" "Failed to detect illegal data right beyond json data string"
162 RUN luks2-non-null-bytes-beyond-json0.img "F" "Failed to detect illegal data in json area"
163 RUN luks2-missing-trailing-null-byte-json0.img "F" "Failed to detect missing terminal null byte"
164 RUN luks2-invalid-opening-char-json0.img "F" "Failed to detect invalid opening character in json area"
165 RUN luks2-invalid-object-type-json0.img "F" "Failed to detect invalid json object type"
166 RUN luks2-overlapping-areas-c0-json0.img "F" "Failed to detect two exactly same area specifications"
167 RUN luks2-overlapping-areas-c1-json0.img "F" "Failed to detect two intersecting area specifications"
168 RUN luks2-overlapping-areas-c2-json0.img "F" "Failed to detect two slightly intersecting area specifications"
169 RUN luks2-area-in-json-hdr-space-json0.img "F" "Failed to detect area referencing LUKS2 header space"
170 RUN luks2-missing-keyslot-referenced-in-digest.img "F" "Failed to detect missing keyslot referenced in digest"
171 RUN luks2-missing-segment-referenced-in-digest.img "F" "Failed to detect missing segment referenced in digest"
172 RUN luks2-missing-keyslot-referenced-in-token.img "F" "Failed to detect missing keyslots referenced in token"
173 RUN luks2-keyslot-missing-digest.img "F" "Failed to detect missing keyslot digest."
174 RUN luks2-keyslot-too-many-digests.img "F" "Failed to detect keyslot has too many digests."
176 echo "[4] Test integers value limits"
177 RUN luks2-uint64-max-segment-size.img "R" "Validation rejected correct value"
178 RUN luks2-uint64-overflow-segment-size.img "F" "Failed to detect uint64_t overflow"
179 RUN luks2-uint64-signed-segment-size.img "F" "Failed to detect negative value"
181 echo "[5] Test segments validation"
182 RUN luks2-segment-missing-type.img "F" "Failed to detect missing type field"
183 RUN luks2-segment-wrong-type.img "F" "Failed to detect invalid type field"
184 RUN luks2-segment-missing-offset.img "F" "Failed to detect missing offset field"
185 RUN luks2-segment-wrong-offset.img "F" "Failed to detect invalid offset field"
186 RUN luks2-segment-missing-size.img "F" "Failed to detect missing size field"
187 RUN luks2-segment-wrong-size-0.img "F" "Failed to detect invalid size field"
188 RUN luks2-segment-wrong-size-1.img "F" "Failed to detect invalid size field"
189 RUN luks2-segment-wrong-size-2.img "F" "Failed to detect invalid size field"
190 RUN luks2-segment-crypt-missing-encryption.img "F" "Failed to detect missing encryption field"
191 RUN luks2-segment-crypt-wrong-encryption.img "F" "Failed to detect invalid encryption field"
192 RUN luks2-segment-crypt-missing-ivoffset.img "F" "Failed to detect missing iv_tweak field"
193 RUN luks2-segment-crypt-wrong-ivoffset.img "F" "Failed to detect invalid iv_tweak field"
194 RUN luks2-segment-crypt-missing-sectorsize.img "F" "Failed to detect missing sector_size field"
195 RUN luks2-segment-crypt-wrong-sectorsize-0.img "F" "Failed to detect invalid sector_size field"
196 RUN luks2-segment-crypt-wrong-sectorsize-1.img "F" "Failed to detect invalid sector_size field"
197 RUN luks2-segment-crypt-wrong-sectorsize-2.img "F" "Failed to detect invalid sector_size field"
198 RUN luks2-segment-unknown-type.img "R" "Validation rejected segment with all mandatory fields correct"
199 RUN luks2-segment-two.img "R" "Validation rejected two valid segments"
200 RUN luks2-segment-wrong-flags.img "F" "Failed to detect invalid flags field"
201 RUN luks2-segment-wrong-flags-element.img "F" "Failed to detect invalid flags content"
203 echo "[6] Test metadata size and keyslots size (config section)"
204 RUN luks2-invalid-keyslots-size-c0.img "F" "Failed to detect too large keyslots_size in config section"
205 RUN luks2-invalid-keyslots-size-c1.img "F" "Failed to detect unaligned keyslots_size in config section"
206 RUN luks2-invalid-keyslots-size-c2.img "F" "Failed to detect too small keyslots_size config section"
207 RUN luks2-invalid-json-size-c0.img "F" "Failed to detect invalid json_size config section"
208 RUN luks2-invalid-json-size-c1.img "F" "Failed to detect invalid json_size config section"
209 RUN luks2-invalid-json-size-c2.img "F" "Failed to detect mismatching json size in config and binary hdr"
210 RUN luks2-metadata-size-32k.img "R" "Valid 32KiB metadata size failed to validate"
211 RUN luks2-metadata-size-64k.img "R" "Valid 64KiB metadata size failed to validate"
212 RUN luks2-metadata-size-64k-inv-area-c0.img "F" "Failed to detect keyslot area trespassing in json area"
213 RUN luks2-metadata-size-64k-inv-area-c1.img "F" "Failed to detect keyslot area overflowing keyslots area"
214 RUN luks2-metadata-size-64k-inv-keyslots-size-c0.img "F" "Failed to detect keyslots size overflowing in data area"
215 RUN luks2-metadata-size-128k.img "R" "Valid 128KiB metadata size failed to validate"
216 RUN luks2-metadata-size-256k.img "R" "Valid 256KiB metadata size failed to validate"
217 RUN luks2-metadata-size-512k.img "R" "Valid 512KiB metadata size failed to validate"
218 RUN luks2-metadata-size-1m.img "R" "Valid 1MiB metadata size failed to validate"
219 RUN luks2-metadata-size-2m.img "R" "Valid 2MiB metadata size failed to validate"
220 RUN luks2-metadata-size-4m.img "R" "Valid 4MiB metadata size failed to validate"
221 RUN luks2-metadata-size-16k-secondary.img "R" "Valid 16KiB metadata size in secondary hdr failed to validate"
222 RUN luks2-metadata-size-32k-secondary.img "R" "Valid 32KiB metadata size in secondary hdr failed to validate"
223 RUN luks2-metadata-size-64k-secondary.img "R" "Valid 64KiB metadata size in secondary hdr failed to validate"
224 RUN luks2-metadata-size-128k-secondary.img "R" "Valid 128KiB metadata size in secondary hdr failed to validate"
225 RUN luks2-metadata-size-256k-secondary.img "R" "Valid 256KiB metadata size in secondary hdr failed to validate"
226 RUN luks2-metadata-size-512k-secondary.img "R" "Valid 512KiB metadata size in secondary hdr failed to validate"
227 RUN luks2-metadata-size-1m-secondary.img "R" "Valid 1MiB metadata size in secondary hdr failed to validate"
228 RUN luks2-metadata-size-2m-secondary.img "R" "Valid 2MiB metadata size in secondary hdr failed to validate"
229 RUN luks2-metadata-size-4m-secondary.img "R" "Valid 4MiB metadata size in secondary hdr failed to validate"
233 test $FAILS -eq 0 || fail "($FAILS wrong result(s) in total)"