From c494eb94f4b4f705fc7e7055bd71fa0e0b9c0938 Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Mon, 7 Jan 2019 15:51:48 +0100
Subject: [PATCH] Add LUKS2 refresh test.

Test refresh doesn't affect device vk.
---
 tests/keyring-compat-test | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/keyring-compat-test b/tests/keyring-compat-test
index c5fcbde6..a24c344e 100755
--- a/tests/keyring-compat-test
+++ b/tests/keyring-compat-test
@@ -21,6 +21,9 @@ NAME=testcryptdev
 CHKS_DMCRYPT=vk_in_dmcrypt.chk
 CHKS_KEYRING=vk_in_keyring.chk
 
+PWD="aaa"
+CRYPTSETUP=../cryptsetup
+
 function remove_mapping()
 {
 	[ -b /dev/mapper/$NAME ] && dmsetup remove $NAME
@@ -182,4 +185,15 @@ dmsetup remove $NAME || fail
 diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
 echo "OK"
 
+echo -n "Test LUKS2 key refresh..."
+echo $PWD | $CRYPTSETUP luksFormat --type luks2 --luks2-metadata-size 16k --luks2-keyslots-size 4064k --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --force-password $DEV || fail
+echo $PWD | $CRYPTSETUP open $DEV $NAME || fail
+$CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" || skip "LUKS2 can't use keyring. Test skipped."
+dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_KEYRING || fail
+echo $PWD | $CRYPTSETUP refresh $NAME --disable-keyring || fail
+$CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" && fail "Key is still in keyring"
+dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_DMCRYPT || fail
+diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
+echo "OK"
+
 remove_mapping