eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

tests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+)

Browse Source 
For compatimage2 also add keyslot 1 that uses Argon2id PBKDF2 to keep
check for compatibility on non-fips system.
This commit is contained in:
Milan Broz
2024-05-05 13:48:23 +02:00
parent 0d6d4e4255
commit 9b822800b3
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
tests/api-test-2.c
View File

@@ -687,6 +687,17 @@ static void UseLuks2Device(void)
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device"); FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
if (!_fips_mode) {
/* keyslot 0 is PBKDF2, keyslot 1 is Argon2id */
OK_(crypt_activate_by_passphrase(cd, NULL, 0, KEY1, strlen(KEY1), 0));
EQ_(crypt_activate_by_passphrase(cd, NULL, 1, KEY2, strlen(KEY2), 0), 1);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, KEY2, strlen(KEY2), 0), 1);
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, KEY2, strlen(KEY2), 0), "already open");
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
}
#if KERNEL_KEYRING #if KERNEL_KEYRING
// repeat previous tests and check kernel keyring is released when not needed // repeat previous tests and check kernel keyring is released when not needed
if (t_dm_crypt_keyring_support()) { if (t_dm_crypt_keyring_support()) {
@@ -701,6 +712,21 @@ static void UseLuks2Device(void)
OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0)); OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
OK_(crypt_deactivate(cd, CDEVICE_1)); OK_(crypt_deactivate(cd, CDEVICE_1));
FAIL_(_volume_key_in_keyring(cd, 0), ""); FAIL_(_volume_key_in_keyring(cd, 0), "");
if (!_fips_mode) {
/* keyslot 0 is PBKDF2, keyslot 1 is Argon2id */
EQ_(crypt_activate_by_passphrase(cd, NULL, 1, KEY2, strlen(KEY2), 0), 1);
FAIL_(_drop_keyring_key(cd, 0), "");
EQ_(crypt_activate_by_passphrase(cd, NULL, 1, KEY2, strlen(KEY2), CRYPT_ACTIVATE_KEYRING_KEY), 1);
OK_(_drop_keyring_key(cd, 0));
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, KEY2, strlen(KEY2), 0), 1);
OK_(_drop_keyring_key(cd, 0));
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, KEY2, strlen(KEY2), 0), "already open");
FAIL_(_volume_key_in_keyring(cd, 0), "");
EQ_(crypt_activate_by_passphrase(cd, NULL, 1, KEY2, strlen(KEY2), 0), 1);
OK_(crypt_deactivate(cd, CDEVICE_1));
FAIL_(_volume_key_in_keyring(cd, 0), "");
}
} }
#endif #endif

BIN
tests/compatimage2.img.xz
View File

Binary file not shown.

BIN
tests/luks2_header_requirements.tar.xz
View File

Binary file not shown.