eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

TCRYPT: update system encryption images and test.

Browse Source
This commit is contained in:
Milan Broz
2024-06-29 22:20:24 +02:00
parent 0cc686af59
commit a5e409c186
2 changed files with 60 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
tests/tcrypt-compat-test
View File

@@ -10,6 +10,8 @@ PASSWORD="aaaaaaaaaaaa"
PASSWORD_HIDDEN="bbbbbbbbbbbb" PASSWORD_HIDDEN="bbbbbbbbbbbb"
PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff" PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
PIM=1234 PIM=1234
LOOP_SYS=""
PART_IMG=tctst-part-img
if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then
CRYPTSETUP_VALGRIND=$CRYPTSETUP CRYPTSETUP_VALGRIND=$CRYPTSETUP
@@ -25,7 +27,8 @@ function remove_mapping()
[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1 [ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2 [ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
rm -rf $TST_DIR [ -n "$LOOP_SYS" ] && losetup -d $LOOP_SYS
rm -rf $TST_DIR $PART_IMG
} }
function fail() function fail()
@@ -52,7 +55,6 @@ function test_one() # cipher mode keysize rm_pattern
echo "$1-$2 [N/A]" echo "$1-$2 [N/A]"
IMGS=$(ls $TST_DIR/[tv]c* | grep "$4") IMGS=$(ls $TST_DIR/[tv]c* | grep "$4")
[ -n "$IMGS" ] && rm $IMGS [ -n "$IMGS" ] && rm $IMGS
#echo $IMGS
else else
echo "$1-$2 [OK]" echo "$1-$2 [OK]"
fi fi
@@ -115,6 +117,12 @@ function test_required()
ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images, test skipped." ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images, test skipped."
} }
function check_uuid()
{
UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
[ "$UUID" != "$1" ] && fail "UUID check failed."
}
function valgrind_setup() function valgrind_setup()
{ {
command -v valgrind >/dev/null || fail "Cannot find valgrind." command -v valgrind >/dev/null || fail "Cannot find valgrind."
@@ -184,7 +192,6 @@ for file in $(ls $TST_DIR/[tv]ck_*) ; do
echo " [OK]" echo " [OK]"
done done
if [ $(id -u) != 0 ]; then if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run activation part of test, test skipped." echo "WARNING: You must be root to run activation part of test, test skipped."
remove_mapping remove_mapping
@@ -192,23 +199,64 @@ if [ $(id -u) != 0 ]; then
fi fi
echo "ACTIVATION FS UUID CHECK" echo "ACTIVATION FS UUID CHECK"
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_*) ; do
echo -n " $file" echo -n " $file"
PIM_OPT="" PIM_OPT=""
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM" [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
SYS_OPT=""
[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
get_HASH_CIPHER $file get_HASH_CIPHER $file
out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen $SYS_OPT $PIM_OPT -r -h $HASH -c $CIPHER $file $MAP 2>&1) out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen $PIM_OPT -r -h $HASH -c $CIPHER $file $MAP 2>&1)
ret=$? ret=$?
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
[ $ret -ne 0 ] && fail [ $ret -ne 0 ] && fail
$CRYPTSETUP status $MAP >/dev/null || fail $CRYPTSETUP status $MAP >/dev/null || fail
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP) check_uuid DEAD-BABE
$CRYPTSETUP remove $MAP || fail $CRYPTSETUP close $MAP || fail
[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." echo " [OK]"
done
echo "ACTIVATION SYSTEM FS UUID CHECK"
for file in $(ls $TST_DIR/sys_[tv]c_*) ; do
echo -n " $file"
LOOP_SYS=$(losetup -r -f --show -P $file)
if [ -z "$LOOP_SYS" ]; then
echo " [N/A]"
continue
fi
if [ -b "$LOOP_SYS"p3 ]; then
LOOP_PART="$LOOP_SYS"p3
else
LOOP_PART="$LOOP_SYS"p1
fi
get_HASH_CIPHER $file
# map through partition name
echo -n " [PART]"
echo $PASSWORD | $CRYPTSETUP tcryptOpen --tcrypt-system -r -h $HASH -c $CIPHER $LOOP_PART $MAP || fail
check_uuid DEAD-BABE
$CRYPTSETUP close $MAP || fail
if [[ $file =~ _part ]]; then
# map through image only (TCRYPT hdr contains partition offset and size)
echo -n "[IMG]"
echo $PASSWORD | $CRYPTSETUP tcryptOpen --tcrypt-system -r -h $HASH -c $CIPHER $file $MAP 2>/dev/null || fail
check_uuid DEAD-BABE
$CRYPTSETUP close $MAP || fail
# map through full device (TCRYPT hdr contains partition offset and size)
echo -n "[DRIVE]"
echo $PASSWORD | $CRYPTSETUP tcryptOpen --tcrypt-system -r -h $HASH -c $CIPHER $LOOP_SYS $MAP || fail
check_uuid DEAD-BABE
$CRYPTSETUP close $MAP || fail
elif [[ $file =~ _full ]]; then
# map through image + header in real partition (whole system)
dd if=$LOOP_PART of=$PART_IMG bs=1M >/dev/null 2>&1
echo -n "[PART+IMG]"
echo $PASSWORD | $CRYPTSETUP tcryptOpen --tcrypt-system -r -h $HASH -c $CIPHER --header $LOOP_PART $PART_IMG $MAP || fail
check_uuid DEAD-BABE
$CRYPTSETUP close $MAP || fail
rm $PART_IMG
fi
losetup -d $LOOP_SYS
LOOP_SYS=""
echo " [OK]" echo " [OK]"
done done
@@ -221,9 +269,8 @@ for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
[ $ret -ne 0 ] && fail [ $ret -ne 0 ] && fail
UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP) check_uuid CAFE-BABE
$CRYPTSETUP remove $MAP || fail $CRYPTSETUP close $MAP || fail
[ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."
echo " [OK]" echo " [OK]"
done done

BIN
tests/tcrypt-images.tar.xz
View File

Binary file not shown.