From 248733de443d1460b396a15ee6fbb1bfbf446a57 Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Wed, 14 Feb 2018 17:00:10 +0100 Subject: [PATCH] Add reencryption test for LUKS2 tokens. Test tokens are transferred properly to new LUKS2 header. --- tests/reencryption-compat-test2 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/reencryption-compat-test2 b/tests/reencryption-compat-test2 index 9b21977a..e5c0ea7d 100755 --- a/tests/reencryption-compat-test2 +++ b/tests/reencryption-compat-test2 @@ -340,5 +340,24 @@ check_hash $PWD1 $HASH5 echo $PWD1 | $REENC $LOOPDEV1 -q --decrypt check_hash_dev $LOOPDEV1 $HASH4 +echo "[11] Reencryption with tokens" +prepare 8192 +echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_ARGON $LOOPDEV1 || fail +wipe $PWD1 +check_hash $PWD1 $HASH5 +echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey -S23 $FAST_PBKDF_ARGON $LOOPDEV1 || fail +echo -e "$PWD1\n$PWD3" | $CRYPTSETUP -q luksAddKey -S1 $FAST_PBKDF_ARGON $LOOPDEV1 || fail +echo -e "$PWD1\n$PWD3" | $CRYPTSETUP -q luksAddKey -S3 $FAST_PBKDF_ARGON $LOOPDEV1 || fai +$CRYPTSETUP token add --key-description key-name0 --key-slot 23 --token-id 0 $LOOPDEV1 +$CRYPTSETUP token add --key-description key-name2 --key-slot 1 --token-id 2 $LOOPDEV1 +$CRYPTSETUP token add --key-description key-name31 --token-id 31 $LOOPDEV1 +echo $PWD1 | $CRYPTSETUP -q luksKillSlot $LOOPDEV1 3 || fail +echo $PWD2 | $REENC $FAST_PBKDF_ARGON -S 23 -q $LOOPDEV1 || fail +$CRYPTSETUP luksDump $LOOPDEV1 | grep "0: luks2-keyring" >/dev/null || fail +[ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A2 -m1 "0: luks2-keyring" | grep Keyslot: | sed -e 's/[[[:space:]]\+Keyslot:\ \+//g')" -eq 23 ] || fail +$CRYPTSETUP luksDump $LOOPDEV1 | grep "2: luks2-keyring" >/dev/null || fail +$CRYPTSETUP luksDump $LOOPDEV1 | grep "31: luks2-keyring" >/dev/null || fail +[ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A2 -m1 "31: luks2-keyring" | grep Keyslot: | sed -e 's/[[[:space:]]\+Keyslot:\ \+//g')" -eq 23 ] || fail + remove_mapping exit 0