diff --git a/tests/luks2-reencryption-test b/tests/luks2-reencryption-test index 4fc8cc7b..d88618b6 100755 --- a/tests/luks2-reencryption-test +++ b/tests/luks2-reencryption-test @@ -1643,5 +1643,46 @@ echo $PWD1 | $CRYPTSETUP open --test-passphrase $IMG_HDR || fail echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 8M $FAST_PBKDF_ARGON $DEV || fail echo $PWD1 | $CRYPTSETUP open --test-passphrase $DEV || fail +echo "[28] Prevent nested encryption" +prepare_linear_dev 32 opt_blks=64 $OPT_XFERLEN_EXP + +#device already LUKS2 +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF2 $DEV || fail + +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --reduce-device-size 2m $FAST_PBKDF2 $DEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail +test -f $IMG_HDR && fail +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --reduce-device-size 2m $FAST_PBKDF2 $DEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail +test -f $IMG_HDR && fail +#type mismatch +echo $PWD1 | $CRYPTSETUP reencrypt -q --type luks1 $DEV 2>/dev/null && fail +wipe_dev $DEV + +#detached header already LUKS2 +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail + +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail +echo $PWD1 | $CRYPTSETUP reencrypt -q --type luks1 --header $IMG_HDR $DEV 2>/dev/null && fail +rm -f $IMG_HDR + +#data device already in reencryption +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF2 $DEV || fail +echo $PWD1 | $CRYPTSETUP reencrypt --init-only $FAST_PBKDF $DEV || fail + +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail +test -f $IMG_HDR && fail +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail +test -f $IMG_HDR && fail +#type mismatch +echo $PWD1 | $CRYPTSETUP reencrypt -q --type luks1 $DEV 2>/dev/null && fail +wipe_dev $DEV +rm -f $IMG_HDR + +#header in reencryption (type mismatch) +echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --init-only --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail +echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail + remove_mapping exit 0 diff --git a/tests/reencryption-compat-test b/tests/reencryption-compat-test index 9d4c2971..3ca5517f 100755 --- a/tests/reencryption-compat-test +++ b/tests/reencryption-compat-test @@ -4,7 +4,7 @@ CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup REENC_BIN=$CRYPTSETUP REENC="$REENC_BIN reencrypt" -FAST_PBKDF="--pbkdf-force-iterations 1000" +FAST_PBKDF="--pbkdf-force-iterations 1000 --pbkdf pbkdf2" DEV_NAME=reenc9768 DEV_NAME2=reenc1273 @@ -398,5 +398,23 @@ check_hash $PWD1 $HASH4 $IMG_HDR $CRYPTSETUP isLuks $LOOPDEV1 && fail $CRYPTSETUP isLuks $IMG_HDR || fail +echo "[12] Prevent nested encryption" +prepare 8192 +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail + +#data device is already LUKS device (prevent nested encryption) +echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --reduce-device-size 1024S 2>/dev/null && fail +echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR 2>/dev/null && fail +test -f $IMG_HDR && fail +echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --reduce-device-size 2048S 2>/dev/null && fail +echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR 2>/dev/null && fail +test -f $IMG_HDR && fail + +wipe_dev $LOOPDEV1 +echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --header $IMG_HDR $FAST_PBKDF $LOOPDEV1 || fail + +echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR 2>/dev/null && fail +echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR 2>/dev/null && fail + remove_mapping exit 0