mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-11 19:00:02 +01:00
Workarounds for larger LUKS2 header for tests.
This commit is contained in:
Milan Broz
@@ -9,7 +9,7 @@ PWD1="93R4P4pIqAH8"
|
||||
PWD2="mymJeD8ivEhE"
|
||||
FAST_PBKDF="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
|
||||
|
||||
EXPCT=8192
|
||||
EXPCT=32768
|
||||
|
||||
cleanup() {
|
||||
udevadm settle >/dev/null 2>&1
|
||||
@@ -166,7 +166,7 @@ cleanup
|
||||
|
||||
echo "# Create desktop-class 4K drive"
|
||||
echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0)"
|
||||
add_device dev_size_mb=16 sector_size=512 physblk_exp=3 num_tgts=1
|
||||
add_device dev_size_mb=32 sector_size=512 physblk_exp=3 num_tgts=1
|
||||
format $EXPCT
|
||||
format $EXPCT s1024
|
||||
format $EXPCT s2048
|
||||
@@ -191,7 +191,7 @@ cleanup
|
||||
|
||||
echo "# Create desktop-class 4K drive with misaligned opt-io (some bad USB enclosures)"
|
||||
echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0, opt-io=1025)"
|
||||
add_device dev_size_mb=16 sector_size=512 physblk_exp=3 num_tgts=1 opt_blks=1025
|
||||
add_device dev_size_mb=32 sector_size=512 physblk_exp=3 num_tgts=1 opt_blks=1025
|
||||
format $EXPCT
|
||||
format $EXPCT s1024
|
||||
format $EXPCT s2048
|
||||
@@ -216,7 +216,7 @@ cleanup
|
||||
|
||||
echo "# Create desktop-class 4K drive w/ 1-sector shift (original bug report)"
|
||||
echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=512)"
|
||||
add_device dev_size_mb=16 sector_size=512 physblk_exp=3 lowest_aligned=1 num_tgts=1
|
||||
add_device dev_size_mb=32 sector_size=512 physblk_exp=3 lowest_aligned=1 num_tgts=1
|
||||
format $((EXPCT+1))
|
||||
format_fail $((EXPCT+1)) s1024
|
||||
format_fail $((EXPCT+1)) s2048
|
||||
@@ -241,7 +241,7 @@ cleanup
|
||||
|
||||
echo "# Create desktop-class 4K drive w/ 63-sector DOS partition compensation"
|
||||
echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=3584)"
|
||||
add_device dev_size_mb=16 sector_size=512 physblk_exp=3 lowest_aligned=7 num_tgts=1
|
||||
add_device dev_size_mb=32 sector_size=512 physblk_exp=3 lowest_aligned=7 num_tgts=1
|
||||
format $((EXPCT+7))
|
||||
format_fail $((EXPCT+7)) s1024
|
||||
format_fail $((EXPCT+7)) s2048
|
||||
@@ -266,7 +266,7 @@ cleanup
|
||||
|
||||
echo "# Create enterprise-class 4K drive"
|
||||
echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)"
|
||||
add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
|
||||
add_device dev_size_mb=32 sector_size=4096 num_tgts=1 opt_blks=64
|
||||
format $EXPCT
|
||||
format $EXPCT s1024
|
||||
format $EXPCT s2048
|
||||
@@ -292,10 +292,10 @@ cleanup
|
||||
|
||||
echo "# Create classic 512B drive and stack dm-linear"
|
||||
echo "# (logical_block_size=512, physical_block_size=512, alignment_offset=0)"
|
||||
add_device dev_size_mb=16 sector_size=512 num_tgts=1
|
||||
add_device dev_size_mb=32 sector_size=512 num_tgts=1
|
||||
DEV2=$DEV
|
||||
DEV=/dev/mapper/$DEV_STACKED
|
||||
dmsetup create $DEV_STACKED --table "0 32768 linear $DEV2 0"
|
||||
dmsetup create $DEV_STACKED --table "0 65536 linear $DEV2 0"
|
||||
format $EXPCT
|
||||
format $EXPCT s1024
|
||||
format $EXPCT s2048
|
||||
@@ -327,7 +327,7 @@ for file in $(ls img_fs_*.img.xz) ; do
|
||||
xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"
|
||||
[ ! -d $MNT_DIR ] && mkdir $MNT_DIR
|
||||
mount $DEV $MNT_DIR || skip "Mounting image is not available."
|
||||
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img || fail
|
||||
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --offset 8192 || fail
|
||||
echo $PWD2 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail
|
||||
umount $MNT_DIR
|
||||
done
|
||||
|
||||
@@ -81,7 +81,7 @@ function dm_crypt_keyring_support()
|
||||
|
||||
format() # format
|
||||
{
|
||||
dd if=/dev/zero of=$DEV bs=1M count=9 >/dev/null 2>&1
|
||||
dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1
|
||||
|
||||
echo $PWD1 | $CRYPTSETUP luksFormat --type $1 $DEV -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256
|
||||
[ $? -ne 0 ] && fail "Format failed."
|
||||
|
||||
@@ -91,7 +91,7 @@ intformat() # alg integrity integrity_out key_size int_key_size sector_size csum
|
||||
echo -n "[$1:$2:$4:$6]"
|
||||
echo -n "[FORMAT]"
|
||||
$CRYPTSETUP luksFormat --type luks2 -q -c $1 --integrity $2 --sector-size $6 -s $4 \
|
||||
$FAST_PBKDF_OPT -d $KEY_FILE $DEV >/dev/null 2>&1
|
||||
$FAST_PBKDF_OPT -d $KEY_FILE $DEV --offset 8192 >/dev/null 2>&1
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "[N/A]"
|
||||
return
|
||||
|
||||
@@ -231,7 +231,7 @@ HASH7=5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
|
||||
|
||||
echo "[1] Reencryption"
|
||||
prepare 8192
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-plain $FAST_PBKDF_ARGON --align-payload 4096 $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-plain $FAST_PBKDF_ARGON --offset 8192 $IMG || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_ARGON
|
||||
@@ -249,7 +249,7 @@ check_hash $PWD1 $HASH5
|
||||
$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
|
||||
|
||||
echo "[2] Reencryption with data shift"
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF_ARGON --align-payload 2048 $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF_ARGON --offset 8192 $IMG || fail
|
||||
wipe $PWD1
|
||||
echo $PWD1 | $REENC $IMG -q -s 256 --reduce-device-size 1024S $FAST_PBKDF_ARGON || fail
|
||||
check_hash $PWD1 $HASH6
|
||||
@@ -258,7 +258,7 @@ check_hash $PWD1 $HASH6
|
||||
$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
|
||||
|
||||
echo "[3] Reencryption with keyfile"
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -d $KEY1 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF_ARGON --align-payload 4096 $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -d $KEY1 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF_ARGON --offset 8192 $IMG || fail
|
||||
wipe
|
||||
check_hash "" $HASH5
|
||||
echo $PWD1 | $CRYPTSETUP -q luksAddKey -d $KEY1 $IMG $FAST_PBKDF_ARGON || fail
|
||||
@@ -288,7 +288,7 @@ $CRYPTSETUP --type luks2 luksDump $IMG > /dev/null || fail
|
||||
prepare 8192
|
||||
|
||||
echo "[5] Reencryption using specific keyslot"
|
||||
echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
|
||||
echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 1 $IMG || fail
|
||||
echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 2 $IMG || fail
|
||||
echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 3 $IMG || fail
|
||||
@@ -319,16 +319,16 @@ echo -e "$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD3" | $REENC -q $IM
|
||||
check_slot 0 1 2 3 4 5 6 22 || fail "All keyslots expected to be enabled"
|
||||
|
||||
echo "[7] Reencryption of block devices with different block size"
|
||||
add_scsi_device sector_size=512 dev_size_mb=8
|
||||
add_scsi_device sector_size=512 dev_size_mb=32
|
||||
simple_scsi_reenc "[512 sector]"
|
||||
add_scsi_device sector_size=4096 dev_size_mb=8
|
||||
add_scsi_device sector_size=4096 dev_size_mb=32
|
||||
simple_scsi_reenc "[4096 sector]"
|
||||
add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=8
|
||||
add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=32
|
||||
simple_scsi_reenc "[4096/512 sector]"
|
||||
echo "[OK]"
|
||||
|
||||
echo "[8] Header only reencryption (hash and iteration time)"
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
echo $PWD1 | $REENC $IMG -q --keep-key || fail
|
||||
@@ -356,7 +356,7 @@ check_slot 21 || fail "Only keyslot 21 expected to be enabled"
|
||||
$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
|
||||
|
||||
echo "[9] Test log I/Os on various underlaying block devices"
|
||||
echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
|
||||
add_scsi_device sector_size=512 dev_size_mb=32
|
||||
test_logging "[512 sector]" || fail
|
||||
add_scsi_device sector_size=4096 dev_size_mb=32
|
||||
@@ -366,14 +366,14 @@ test_logging "[4096/512 sector]" || fail
|
||||
test_logging_tmpfs || fail
|
||||
|
||||
echo "[10] Removal of encryption"
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
echo $PWD1 | $REENC $IMG -q --decrypt
|
||||
check_hash_dev $IMG $HASH4
|
||||
|
||||
echo "[11] Reencryption with tokens"
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey -S23 $FAST_PBKDF_ARGON $IMG || fail
|
||||
@@ -392,7 +392,7 @@ $CRYPTSETUP luksDump $IMG | grep "31: luks2-keyring" >/dev/null || fail
|
||||
|
||||
echo "[12] Reencryption with persistent flags"
|
||||
dm_crypt_features
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
echo $PWD1 | $CRYPTSETUP open $IMG $DEV_NAME $ALLOW_DISCARDS $PERF_CPU --persistent || fail
|
||||
@@ -424,7 +424,7 @@ $CRYPTSETUP luksDump $IMG_HDR | grep -q "0: luks2" || fail
|
||||
|
||||
echo "[14] Reencryption with unbound keyslot"
|
||||
prepare 8192
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
|
||||
echo $PWD2 | $CRYPTSETUP -q luksAddKey -S 3 --unbound --key-size 64 $FAST_PBKDF_ARGON $IMG || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
@@ -435,13 +435,13 @@ $CRYPTSETUP luksDump $IMG | grep -q "3: luks2 (unbound)" || fail
|
||||
|
||||
echo "[15] Reencryption after conversion"
|
||||
prepare 8192
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_PBKDF2 $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_PBKDF2 $IMG --offset 4096 || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH1
|
||||
$CRYPTSETUP -q convert --type luks2 $IMG || fail
|
||||
echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_PBKDF2 || fail
|
||||
check_hash $PWD1 $HASH1
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_PBKDF2 $IMG || fail
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_PBKDF2 $IMG --offset 8192 || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
$CRYPTSETUP -q convert --type luks1 $IMG || fail
|
||||
|
||||
Reference in New Issue
Block a user