#!/bin/bash
-CRYPTSETUP="../src/cryptsetup"
+[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
+CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
MNT_DIR="./mnt_luks"
DEV_NAME="dummy"
+DEV_NAME2="ymmud"
PWD1="93R4P4pIqAH8"
PWD2="mymJeD8ivEhE"
+FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
+SKIP_COUNT=0
cleanup() {
- [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
+ [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
udevadm settle >/dev/null 2>&1
if [ -d "$MNT_DIR" ] ; then
umount -f $MNT_DIR 2>/dev/null
fail()
{
- if [ -n "$1" ] ; then echo "FAIL $1" ; else echo "FAIL" ; fi
+ [ -n "$1" ] && echo "FAIL $1"
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
cleanup
exit 100
}
{
echo "TEST SKIPPED: $1"
cleanup
- exit 0
+ exit 77
}
-format() # key_bits expected [forced]
+function dm_crypt_features()
{
- dd if=/dev/zero of=$DEV bs=1M count=5 >/dev/null 2>&1
+ VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
+ [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
- echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c aes-cbc-essiv:sha256
+ VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
+ VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+ VER_PTC=$(echo $VER_STR | cut -f 3 -d.)
+
+ [ $VER_MAJ -lt 1 ] && return
+ [ $VER_MAJ -gt 1 ] && {
+ DM_PERF_CPU=1
+ DM_SECTOR_SIZE=1
+ test -d /proc/sys/kernel/keys && DM_KEYRING=1
+ return
+ }
+
+ [ $VER_MIN -lt 14 ] && return
+ DM_PERF_CPU=1
+ if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then
+ DM_SECTOR_SIZE=1
+ fi
+ if [ $VER_MIN -gt 18 -o \( $VER_MIN -eq 18 -a $VER_PTC -ge 1 \) ]; then
+ test -d /proc/sys/kernel/keys && DM_KEYRING=1
+ fi
+}
+
+function dm_crypt_keyring_support()
+{
+ VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
+ [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
+
+ VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
+ VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+
+ # run the test with dm-crypt v1.15.0+ on purpose
+ # the fix is in dm-crypt v1.18.1+
+ [ $VER_MAJ -gt 1 ] && return 0
+ [ $VER_MAJ -lt 1 ] && return 1
+ [ $VER_MIN -ge 15 ]
+}
+
+format() # format
+{
+ dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1
+
+ echo $PWD1 | $CRYPTSETUP luksFormat --type $1 $DEV -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256
[ $? -ne 0 ] && fail "Format failed."
# test some operation, just in case
[ $? -ne 0 ] && fail "Keyslot removal failed."
}
+check_sector_size() # $1 expected sector size
+{
+ $CRYPTSETUP status $DEV_NAME | grep "sector size" | grep -q $1 || fail
+ if [ $S -gt 512 ]; then
+ dmsetup table $DEV_NAME | grep -q "sector_size:$1" || fail
+ fi
+}
+
if [ $(id -u) != 0 ]; then
- echo "WARNING: You must be root to run this test, test skipped."
- exit 0
+ skip "You must be root to run this test, test skipped."
fi
+dm_crypt_features
+
[ ! -d $MNT_DIR ] && mkdir $MNT_DIR
echo "[1] Using tmpfs for image"
DEV="$MNT_DIR/test.img"
mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available."
-format
+format luks1
-echo "[2] Kernel dmcrypt performace options"
-echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt >/dev/null 2>&1
-if [ $? -ne 0 ] ; then
+echo "[2] Kernel dmcrypt performance options"
+if [ -z "$DM_PERF_CPU" ]; then
echo "TEST SKIPPED: dmcrypt options not available"
+ SKIP_COUNT=$((SKIP_COUNT+1))
else
- $CRYPTSETUP close $DEV_NAME || fail
# plain
- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
$CRYPTSETUP close $DEV_NAME || fail
- echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
+ # Hash affects volume key for plain device. Check we can detect it
+ echo -e "$PWD1" | $CRYPTSETUP refresh -q $DEV_NAME --hash sha512 --perf-same_cpu_crypt --allow-discards 2>/dev/null && fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --allow-discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 $DEV $DEV_NAME2 2>/dev/null && fail
$CRYPTSETUP close $DEV_NAME || fail
# LUKS
echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
$CRYPTSETUP close $DEV_NAME || fail
+ echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME --allow-discards --perf-same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
+ $CRYPTSETUP close $DEV_NAME || fail
+
+ format luks2
+ echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ # Stored in metadata
+ echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+
+ echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME --persistent || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus --persistent || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards --persistent || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --perf-submit_from_crypt_cpus || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --persistent || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt && fail
+ $CRYPTSETUP status $DEV_NAME | grep -q discards && fail
+ $CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus && fail
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME --disable-keyring || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q keyring && fail
+ if [ -n "$DM_KEYRING" ]; then
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME || fail
+ $CRYPTSETUP status $DEV_NAME | grep -q keyring || fail
+ fi
+ echo -e "$PWD1" | $CRYPTSETUP refresh $DEV $DEV_NAME2 2>/dev/null && fail
+ $CRYPTSETUP close $DEV_NAME || fail
+fi
+
+echo "[3] Kernel dmcrypt sector size options"
+echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 4096 >/dev/null 2>&1
+ret=$?
+[ -z "$DM_SECTOR_SIZE" -a $ret -eq 0 ] && fail "cryptsetup activated device with --sector-size option on incompatible kernel!"
+if [ $ret -ne 0 ] ; then
+ SKIP_COUNT=$((SKIP_COUNT+1))
+ if [ $SKIP_COUNT -ge 2 ]; then
+ skip "dmcrypt sector-size option not available"
+ fi
+ echo "TEST SKIPPED: dmcrypt sector-size option not available"
+else
+ $CRYPTSETUP close $DEV_NAME || fail
+
+ echo -n "PLAIN sector size:"
+ echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --sector-size 1234 >/dev/null 2>&1 && fail
+ for S in 512 1024 2048 4096; do
+ echo -n "[$S]"
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S || fail
+ check_sector_size $S
+ $CRYPTSETUP close $DEV_NAME || fail
+ done
+
+ echo -e "$PWD1" | $CRYPTSETUP open --type plain --hash sha256 $DEV $DEV_NAME --iv-large-sectors >/dev/null 2>&1 && fail
+ for S in 1024 2048 4096; do
+ echo -n "[$S/IV]"
+ echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --sector-size $S --iv-large-sectors || fail
+ check_sector_size $S
+ dmsetup table $DEV_NAME | grep -q "iv_large_sectors" || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ done
+ echo
+
+ echo -n "LUKS2 sector size:"
+ echo -e "$PWD1" | $CRYPTSETUP luksFormat --type luks2 -$DEV --sector-size 1234 >/dev/null 2>&1 && fail
+ for S in 512 1024 2048 4096; do
+ echo -n "[$S]"
+ echo -e "$PWD1" | $CRYPTSETUP -q luksFormat --type luks2 --pbkdf pbkdf2 --pbkdf-force-iterations 1000 $DEV --sector-size $S || fail
+ echo -e "$PWD1" | $CRYPTSETUP open $DEV $DEV_NAME || fail
+ check_sector_size $S
+ $CRYPTSETUP close $DEV_NAME || fail
+ done
+ echo
fi
cleanup
projects / platform / upstream / cryptsetup.git / blobdiff