eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

tests: Add a BITLK test image with two recovery passphrases

Browse Source 
It is possible to add multiple recovery passphrases to a BitLocker
device so we should make sure we check both key slots when trying
to activate the device.
This commit is contained in:
Vojtech Trefny
2025-03-09 11:23:48 +01:00
parent c1b7ad8979
commit bf5d56d804
2 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
tests/bitlk-compat-test
View File

@@ -46,8 +46,15 @@ skip()
load_vars()
{
if echo "$1" | grep -q -e "two-recovery"; then
# 2 extra variables for image with 2 recovery passphrases
num_vars=10
else
num_vars=8
fi
local file=$(echo $1 | sed -e s/^$TST_DIR\\/// | sed -e s/\.img$//)
source <(grep = <(grep -A8 "\[$file\]" $TST_DIR/images.conf))
source <(grep = <(grep -A$num_vars "\[$file\]" $TST_DIR/images.conf))
}
check_dump()
@@ -56,11 +63,11 @@ check_dump()
file=$2
# load variables for this image from config file
load_vars $file
load_vars $file $num_vars
# volume size
dump_size=$(echo "$dump" | grep "Volume size:" | cut -d: -f2 | tr -d "\t\n ")
[ "$dump_size" = "104857600[bytes]" -o "$dump_size" = "134217728[bytes]" ] || fail " volume size check from dump failed."
[ "$dump_size" = "104857600[bytes]" -o "$dump_size" = "134217728[bytes]" -o "$dump_size" = "105906176[bytes]" ] || fail " volume size check from dump failed."
# description
dump_desc=$(echo "$dump" | grep Description: | cut -d: -f2 | tr -d "\t\n ")
@@ -84,6 +91,10 @@ check_dump()
# startup key protected VMK GUID
dump_sk_vmk=$(echo "$dump" | grep "VMK protected with startup key" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
[ ! -z "$SK_VMK_GUID" -a "$dump_sk_vmk" = "$SK_VMK_GUID" ] || fail " startup key protected VMK GUID check from dump failed."
elif echo "$file" | grep -q -e "two-recovery"; then
# second recovery passphrase protected VMK GUID
dump_rp2_vmk=$(echo "$dump" | grep "VMK protected with recovery passphrase" -B 1 | tail -2 | head -1 | cut -d: -f2 | tr -d "\t ")
[ ! -z "$RP2_VMK_GUID" -a "$dump_rp2_vmk" = "$RP2_VMK_GUID" ] || fail " second recovery passphrase protected VMK GUID check from dump failed."
else
# password protected VMK GUID
dump_pw_vmk=$(echo "$dump" | grep "VMK protected with passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
@@ -207,6 +218,26 @@ for file in $(ls $TST_DIR/bitlk-*) ; do
echo " [OK]"
fi
# second recovery key
if echo "$file" | grep -q -e "two-recovery"; then
echo -n " $file"
echo $RP2 | $CRYPTSETUP bitlkOpen -r $file --test-passphrase >/dev/null 2>&1
ret=$?
[ $ret -eq 1 ] && echo " [N/A]" && continue
echo $RP2 | $CRYPTSETUP bitlkOpen -r $file $MAP >/dev/null 2>&1
ret=$?
[ $ret -eq 0 ] || fail " failed to open $file ($ret)"
$CRYPTSETUP status $MAP >/dev/null || fail
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
uuid=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1)
$CRYPTSETUP remove $MAP || fail
[ "$uuid" = "$UUID" ] || fail " UUID check failed."
[ "$sha256sum" = "$SHA256SUM" ] || fail " SHA256 sum check failed."
echo " [OK]"
fi
done
remove_mapping

BIN
tests/bitlk-images.tar.xz
View File

Binary file not shown.