eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 03:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add integrity key tests.

Browse Source
This commit is contained in:
Milan Broz
2024-11-28 17:20:13 +01:00
parent 5eda5f6a38
commit ea39aecba3
2 changed files with 56 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
tests/api-test.c
View File

@@ -2004,15 +2004,24 @@ static void IntegrityTest(void)
.tag_size = 4,
.integrity = "crc32c",
.sector_size = 4096,
}, ip = {};
}, ip = {}, params2 = {
.tag_size = 32,
.integrity = "hmac(sha256)",
.sector_size = 4096,
};
struct crypt_active_device cad;
int ret;
// FIXME: this should be more detailed
const char *key_integrity_hex = "e9668637426e277d126fe848e47417953701a511eee43b53c671342cec400d6e";
size_t integrity_key_size = strlen(key_integrity_hex) / 2;
char integrity_key[128];
OK_(crypt_init(&cd,DEVICE_1));
FAIL_(crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,NULL), "params field required");
ret = crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,&params);
crypt_decode_key(integrity_key, key_integrity_hex, integrity_key_size);
params2.integrity_key_size = integrity_key_size;
OK_(crypt_init(&cd, DEVICE_1));
FAIL_(crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, NULL, 0, NULL), "params field required");
ret = crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, NULL, 0, &params);
if (ret < 0) {
printf("WARNING: cannot format integrity device, skipping test.\n");
CRYPT_FREE(cd);
@@ -2027,7 +2036,7 @@ static void IntegrityTest(void)
EQ_(ip.journal_watermark, params.journal_watermark);
EQ_(ip.integrity_key_size, 0);
OK_(strcmp(ip.integrity,params.integrity));
FAIL_(crypt_set_uuid(cd,DEVICE_1_UUID),"can't set uuid to integrity device");
FAIL_(crypt_set_uuid(cd,DEVICE_1_UUID), "can't set uuid to integrity device");
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_1));
@@ -2047,8 +2056,8 @@ static void IntegrityTest(void)
OK_(crypt_init_by_name(&cd, CDEVICE_1));
OK_(crypt_get_integrity_info(cd, &ip));
EQ_(ip.tag_size, params.tag_size);
OK_(strcmp(ip.integrity,params.integrity));
OK_(strcmp(CRYPT_INTEGRITY,crypt_get_type(cd)));
OK_(strcmp(ip.integrity, params.integrity));
OK_(strcmp(CRYPT_INTEGRITY, crypt_get_type(cd)));
if (t_dm_integrity_recalculate_support()) {
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
@@ -2060,6 +2069,31 @@ static void IntegrityTest(void)
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
// legacy format with NULL
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, NULL, 0, &params2));
OK_(crypt_get_integrity_info(cd, &ip));
EQ_(ip.tag_size, params2.tag_size);
EQ_(ip.integrity_key_size, integrity_key_size);
OK_(strcmp(ip.integrity, params2.integrity));
CRYPT_FREE(cd);
// provide specific key
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, integrity_key, integrity_key_size, &params2));
OK_(crypt_get_integrity_info(cd, &ip));
EQ_(ip.tag_size, params2.tag_size);
EQ_(ip.integrity_key_size, integrity_key_size);
OK_(strcmp(ip.integrity, params2.integrity));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_INTEGRITY, NULL));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
}
static void WipeTest(void)

17
tests/luks2-integrity-test
View File

@@ -120,10 +120,18 @@ int_error_detection() # alg int sector_size
intformat() # alg integrity integrity_out key_size int_key_size sector_size csum [test_hdr]
{
echo -n "[$1:$2:$4:$6]"
echo -n "[$1:$2:$4:$6:$5]"
echo -n "[FORMAT]"
$CRYPTSETUP luksFormat --type luks2 -q -c $1 --integrity $2 --sector-size $6 -s $4 \
$FAST_PBKDF_OPT -d $KEY_FILE $DEV --offset 8192 --integrity-legacy-padding >/dev/null 2>&1
# just trick, if int key size is not multiple of 16, use explicit flag
if [ $(($5 % 16)) -eq 0 ]; then
INT_PARAMS="--integrity $2 --integrity-legacy-padding"
else
INT_PARAMS="--integrity $2 --integrity-key-size $5 --integrity-legacy-padding"
fi
$CRYPTSETUP luksFormat --type luks2 -q -c $1 $INT_PARAMS --sector-size $6 -s $4 \
$FAST_PBKDF_OPT -d $KEY_FILE $DEV --offset 8192 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "[N/A]"
return
@@ -206,6 +214,9 @@ intformat aes-xts-random hmac-sha512 hmac\(sha512\) 512 512 4096 621f6c03f
intformat aes-xts-plain64 hmac-sha1 hmac\(sha1\) 512 160 4096 7370c66a92708fb71b186931468be6aa9b26f4f88373b00b1c57360b9ee1304e
intformat aes-xts-random hmac-sha1 hmac\(sha1\) 512 160 4096 8c0463f5ac09613674bdf40b0ff6f985edbc3de04e51fdc688873cb333ef3cda
intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 512 264 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c
intformat aes-xts-plain64 hmac-sha512 hmac\(sha512\) 512 792 512 9040d276d8bfab30bbc4bf389e152e08c13ac6fa84d49d11c1bee6e1638fd8f1
intformat aes-gcm-random aead aead 128 0 512 5f6f3f6be03c74d9aaaeaf40dd310c99a20e2786045f78a1fc6a0b189d231f57
intformat aes-gcm-random aead aead 128 0 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b
intformat aes-gcm-random aead aead 256 0 512 5f6f3f6be03c74d9aaaeaf40dd310c99a20e2786045f78a1fc6a0b189d231f57