Add validation tests for json area in non compact version.

The non compact json area may contiain whitespace characters in between json object key and value (e.g.: {"key": "the_value"}). For LUKS2 write optimization we need to check and do regression testing for the case where LUKS2 metadata would contain valid LUKS2 json area in non compact format. The test is meant to verify if the write optimization does not leave invalid characters beyond valid and properly terminated LUKS2 json area.
2025-12-05 16:00:05 +01:00 · 2025-03-04 16:48:28 +01:00
parent cb0f568932
commit fcf266667b
3 changed files with 128 additions and 0 deletions
--- a/tests/generators/generate-luks2-non-compact-json-4k-token-0.img.sh
+++ b/tests/generators/generate-luks2-non-compact-json-4k-token-0.img.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate LUKS2 header with non compact (valid!)
+# json and additional token with id 0 with json
+# format aligned to 4K boundary.
+#
+# The image is tested for correct LUKS2 write optimization
+# where non compact json trailing bytes must not remain in LUKS2 json
+# area after write of shorter (e.g. compact) json.
+
+# $1 full target dir
+# $2 full source luks2 image
+
+generate()
+{
+	# add empty token
+	json_str=$(jq -c '.tokens."0" = {"type":"a", "keyslots":[]}' $TMPDIR/json0)
+	json_len_orig=${#json_str}
+	test $json_len_orig -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+	# align to 4k and full 4K of whitespace if already aligned
+	json_fill_len=$((4096-(json_len_orig%4096)))
+	fill=$(repeat_str " " $json_fill_len)
+	json_str_new=$(echo -e $json_str | sed -e "s/\(\"type\":\)\(\"luks2\"\)/\1""$fill""\2/")
+	json_len_new=${#json_str_new}
+
+	test $((json_len_new%4096)) -eq 0 || exit 2
+	test $json_len_new -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+	test $json_len_new -gt $json_len_orig || exit 2
+
+	printf '%s' "$json_str_new" | _dd of=$TMPDIR/json0 bs=4K conv=notrunc
+	printf '%s' "$json_str_new" | _dd of=$TMPDIR/json1 bs=4K conv=notrunc
+
+	lib_mangle_json_hdr0
+	lib_mangle_json_hdr1
+}
+
+check()
+{
+	lib_hdr0_checksum || exit 2
+	lib_hdr1_checksum || exit 2
+
+	read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+
+	read -r json_str_res < $TMPDIR/json_res0
+	test $((${#json_str_res}%4096)) -eq 0 || exit 2
+	test ${#json_str_res} -gt $json_len_orig || exit 2
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- a/tests/generators/generate-luks2-non-compact-json-token-0.img.sh
+++ b/tests/generators/generate-luks2-non-compact-json-token-0.img.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate LUKS2 header with non compact (valid!)
+# json and additional token with id 0.
+#
+# The image is tested for correct LUKS2 write optimization
+# where non compact json trailing bytes must not remain in LUKS2 json
+# area after write of shorter (e.g. compact) json.
+
+# $1 full target dir
+# $2 full source luks2 image
+
+generate()
+{
+	# add empty token
+	json_str=$(jq -c '.tokens."0" = {"type":"a", "keyslots":[]}' $TMPDIR/json0)
+	json_len_orig=${#json_str}
+	test $json_len_orig -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+	json_str_new=$(echo -n $json_str | sed -e 's/\(\"type\":\)\(\"luks2\"\)/\1 \2/')
+	json_len_new=${#json_str_new}
+
+	test $json_len_new -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+	test $json_len_new -gt $json_len_orig || exit 2
+
+	printf '%s' "$json_str_new" | _dd of=$TMPDIR/json0 bs=1 conv=notrunc
+	printf '%s' "$json_str_new" | _dd of=$TMPDIR/json1 bs=1 conv=notrunc
+
+	lib_mangle_json_hdr0
+	lib_mangle_json_hdr1
+}
+
+check()
+{
+	lib_hdr0_checksum || exit 2
+	lib_hdr1_checksum || exit 2
+
+	read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+
+	read -r json_str_res < $TMPDIR/json_res0
+	test ${#json_str_res} -gt $json_len_orig || exit 2
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- a/tests/luks2-validation-test
+++ b/tests/luks2-validation-test
@@ -73,6 +73,20 @@ test_load()
 	test -z "$_DEBUG" || _debug="--debug"

 	case "$1" in
+	T)
+		if [ -n "$_debug" ]; then
+			$CRYPTSETUP token remove --token-id 0 $_debug $IMG
+		else
+			$CRYPTSETUP token remove --token-id 0 $IMG > /dev/null 2>&1
+		fi
+		test $? -eq 0 || return 1
+		if [ -n "$_debug" ]; then
+			$CRYPTSETUP luksDump $_debug $IMG
+		else
+			$CRYPTSETUP luksDump $IMG > /dev/null 2>&1
+		fi
+		test $? -eq 0 || return 1
+		;;
 	R)
 		if [ -n "$_debug" ]; then
 			$CRYPTSETUP luksDump $_debug $IMG
@@ -255,6 +269,10 @@ RUN luks2-keyslot-invalid-area-size.img			"F" "Invalid keyslot area size that ca
 RUN luks2-keyslot-invalid-objects.img			"F" "Invalid keyslot objects not rejected"
 RUN luks2-keyslot-invalid-af.img			"F" "Invalid keyslot objects types not rejected"

+echo "[8] Test non compact json does not break write optimization"
+RUN luks2-non-compact-json-token-0.img			"T" "Non compact json area corrupted after write"
+RUN luks2-non-compact-json-4k-token-0.img		"T" "Non compact 4K aligned json area corrupted after write"
+
 remove_mapping

 test $FAILS -eq 0 || fail "($FAILS wrong result(s) in total)"