eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 00:10:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix tests if compiled with --disable-blkid.

Browse Source 
Note that htere are some systems with blkid but without
blkid support for secondary LUKS2 header (CentOS6 for example).
This commit is contained in:
Milan Broz
2022-04-14 16:22:09 +02:00
parent ebabf3ffee
commit 81a63aca22
4 changed files with 84 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/api-test-2.c
View File

@@ -4568,6 +4568,15 @@ static void Luks2Reencryption(void)
} }
#endif #endif
static int _crypt_load_check(struct crypt_device *cd)
{
#ifdef HAVE_BLKID
return crypt_load(cd, CRYPT_LUKS, NULL);
#else
return -ENOTSUP;
#endif
}
static void Luks2Repair(void) static void Luks2Repair(void)
{ {
char rollback[256]; char rollback[256];
@@ -4577,7 +4586,7 @@ static void Luks2Repair(void)
OK_(crypt_init(&cd, DEVICE_6)); OK_(crypt_init(&cd, DEVICE_6));
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device"); FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
/* check explicit LUKS2 repair works */ /* check explicit LUKS2 repair works */
@@ -4588,7 +4597,7 @@ static void Luks2Repair(void)
/* rollback */ /* rollback */
OK_(_system(rollback, 1)); OK_(_system(rollback, 1));
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
/* check repair with type detection works */ /* check repair with type detection works */
OK_(crypt_repair(cd, CRYPT_LUKS, NULL)); OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
@@ -4600,7 +4609,7 @@ static void Luks2Repair(void)
OK_(crypt_init(&cd, DEVICE_6)); OK_(crypt_init(&cd, DEVICE_6));
OK_(crypt_metadata_locking(cd, 0)); OK_(crypt_metadata_locking(cd, 0));
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device"); FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
/* check explicit LUKS2 repair works */ /* check explicit LUKS2 repair works */
@@ -4611,7 +4620,7 @@ static void Luks2Repair(void)
/* rollback */ /* rollback */
OK_(_system(rollback, 1)); OK_(_system(rollback, 1));
FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected"); FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
/* check repair with type detection works */ /* check repair with type detection works */
OK_(crypt_repair(cd, CRYPT_LUKS, NULL)); OK_(crypt_repair(cd, CRYPT_LUKS, NULL));

7
tests/compat-test2
View File

@@ -244,6 +244,11 @@ function setup_luks2_env() {
else else
HAVE_KEYRING=0 HAVE_KEYRING=0
fi fi
if $($CRYPTSETUP --version | grep -q "BLKID"); then
HAVE_BLKID=1
else
HAVE_BLKID=0
fi
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
} }
@@ -747,10 +752,12 @@ $CRYPTSETUP -q luksDump $HEADER_IMG | grep -q "offset: $((512 * 131072)) \[byte
prepare "[29] Repair metadata" wipe prepare "[29] Repair metadata" wipe
xz -dk $HEADER_LUKS2_PV.xz xz -dk $HEADER_LUKS2_PV.xz
if [ "$HAVE_BLKID" -gt 0 ]; then
$CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail
$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
$CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail
$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail
fi
$CRYPTSETUP -q repair $HEADER_LUKS2_PV || fail $CRYPTSETUP -q repair $HEADER_LUKS2_PV || fail
$CRYPTSETUP isLuks $HEADER_LUKS2_PV || fail $CRYPTSETUP isLuks $HEADER_LUKS2_PV || fail
$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV || fail $CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV || fail

27
tests/luks2-reencryption-test
View File

@@ -706,6 +706,20 @@ function setup_luks2_env() {
$CRYPTSETUP close $DEV_NAME || fail $CRYPTSETUP close $DEV_NAME || fail
} }
function check_blkid() {
bin_check blkid
xz -dkf $HEADER_LUKS2_PV.xz
if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
HAVE_BLKID=0
elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
HAVE_BLKID=1
xz -dkf $IMG_FS.xz
blkid $IMG_FS | grep -q BLOCK_SIZE && BLKID_BLOCK_SIZE_SUPPORT=1
else
HAVE_BLKID=0
fi
}
function valgrind_setup() function valgrind_setup()
{ {
command -v valgrind >/dev/null || fail "Cannot find valgrind." command -v valgrind >/dev/null || fail "Cannot find valgrind."
@@ -1715,9 +1729,11 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKD
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
check_blkid
if [ "$HAVE_BLKID" -gt 0 ]; then
echo "[30] Prevent nested encryption of broken LUKS device" echo "[30] Prevent nested encryption of broken LUKS device"
rm -f $IMG_HDR rm -f $IMG_HDR
xz -dk $HEADER_LUKS2_PV.xz xz -dkf $HEADER_LUKS2_PV.xz
wipe_dev $DEV wipe_dev $DEV
# broken header # broken header
@@ -1729,13 +1745,12 @@ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
# broken data device only # broken data device only
echo $PWD1 | $CRYPTSETUP reencrypt -q --header $IMG_HDR $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP reencrypt -q --header $IMG_HDR $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 2>/dev/null && fail
test -f $IMG_HDR && fail test -f $IMG_HDR && fail
fi
echo "[31] Prevent dangerous sector size increase"
bin_check blkid
preparebig 64
xz -dk $IMG_FS.xz
blkid $IMG_FS | grep -q BLOCK_SIZE && BLKID_BLOCK_SIZE_SUPPORT=1
if [ -n "$DM_SECTOR_SIZE" -a -n "$BLKID_BLOCK_SIZE_SUPPORT" ]; then if [ -n "$DM_SECTOR_SIZE" -a -n "$BLKID_BLOCK_SIZE_SUPPORT" ]; then
echo "[31] Prevent dangerous sector size increase"
preparebig 64
xz -dkf $IMG_FS.xz
# encryption checks must work in offline mode # encryption checks must work in offline mode
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --header $IMG_HDR $IMG_FS $FAST_PBKDF_ARGON --init-only --type luks2 2>/dev/null && fail echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --header $IMG_HDR $IMG_FS $FAST_PBKDF_ARGON --init-only --type luks2 2>/dev/null && fail
test -f $IMG_HDR && fail test -f $IMG_HDR && fail

17
tests/reencryption-compat-test
View File

@@ -217,6 +217,17 @@ function test_logging() {
echo echo
} }
function check_blkid() {
xz -dkf $HEADER_LUKS2_PV.xz
if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
HAVE_BLKID=0
elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
HAVE_BLKID=1
else
HAVE_BLKID=0
fi
}
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ ! -x "$REENC_BIN" ] && skip "Cannot find $REENC_BIN, test skipped." [ ! -x "$REENC_BIN" ] && skip "Cannot find $REENC_BIN, test skipped."
command -v wipefs >/dev/null || skip "Cannot find wipefs, test skipped." command -v wipefs >/dev/null || skip "Cannot find wipefs, test skipped."
@@ -417,11 +428,12 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --header $IMG_HDR $FAST_PBKD
echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR 2>/dev/null && fail echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR 2>/dev/null && fail
echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR 2>/dev/null && fail echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR 2>/dev/null && fail
check_blkid
if [ "$HAVE_BLKID" -gt 0 ]; then
echo "[13] Prevent nested encryption of broken LUKS device" echo "[13] Prevent nested encryption of broken LUKS device"
rm -f $IMG_HDR rm -f $IMG_HDR
wipe_dev $LOOPDEV1 wipe_dev $LOOPDEV1
xz -dk $HEADER_LUKS2_PV.xz xz -dkf $HEADER_LUKS2_PV.xz
# broken header # broken header
echo $PWD1 | $REENC --header $HEADER_LUKS2_PV $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail echo $PWD1 | $REENC --header $HEADER_LUKS2_PV $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
@@ -431,6 +443,7 @@ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
# broken data device only # broken data device only
echo $PWD1 | $REENC --header $IMG_HDR $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail echo $PWD1 | $REENC --header $IMG_HDR $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
test -f $IMG_HDR && fail test -f $IMG_HDR && fail
fi
remove_mapping remove_mapping
exit 0 exit 0