eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2026-01-08 08:25:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,114 Commits 13 Branches 81 Tags
5d6bcc2c3bc6ea4f240f3717b321ef7cb4a7ebcf
Commit Graph

981 Commits

Author SHA1 Message Date
Ondrej Kozina
5c3dba8688 Add regression test for resuming LUKS1 decryption. 2024-03-06 09:52:55 +01:00
Ondrej Kozina
5a0208cd06 Allow --link-vk-to-keyring with --test-passphrase option. 
To make it possible to upload volume key in user specified kernel
keyring without need to (re)activate the device.
 2024-02-29 16:25:17 +01:00
Ondrej Kozina
db635c428b Fix abort triggered by initializing decryption via --active-name. 
The invalid test unfortunately hid an error in processing
of --active-name command line option.
 2024-02-28 17:11:46 +01:00
Ondrej Kozina
35cd898c63 Fix crypto vectors test in meson. 
Otherwise it gets skipped in meson everytime.
 2024-02-21 15:56:14 +01:00
Tobias Rosenkranz
91c1d2202a Skip test if keyctl is missing 2024-02-18 14:46:37 +01:00
Milan Broz
4dde8f078f Version 2.7.0. 2024-01-24 10:47:32 +01:00
Milan Broz
bd0ef58b3a Update copyright notice to include 2024 year. 2024-01-23 16:10:44 +01:00
Ondrej Kozina
cbc7253400 Unify error code for missing key description. 
Use -ESRCH for similar error code as with
crypt_activate_by_keyslot_context. Here it's not
confliciting with previous use for the very code but
let's make it easier and use same code for similar case.
 2024-01-23 12:08:43 +01:00
Ondrej Kozina
7eca077490 Replace code for missing key error in API. 
While trying to activate device in LUKS2 reencryption
we originally used -ENOKEY error code for case
where one or more volume keys could not be unlocked or
were not provided direclty by (CRYPT_KC_TYPE_KEY or
CRYPT_KC_TYPE_VK_KEYRING) keyslot contexts.

We missed the fact the error code was already previously
used for signaling case when dm subsystem could not load
device table due to key in kernel keyring could not be
read from kernel. It's propagated by libdevmapper.

For it we replace -ENOKEY with -ESRCH for signaling the missing
keyslot context or volume key for devices in LUKS2 reencryption.
 2024-01-23 11:55:12 +01:00
Ondrej Kozina
8dd3266599 tests: use per-test keyring for caching VKs. 2024-01-22 17:28:19 +01:00
Milan Broz
de1cd97fde Fix typo in verity test. 2024-01-20 19:01:25 +01:00
Milan Broz
f040f74f46 Fix autoconf valgrind test. 
All environment variables are predefined in make run,
use it in $(VAR) from, as shell variables processing does not work here.
 2024-01-20 10:56:22 +01:00
Daniel Zatovic
136ba21c65 Add tests for device activation using multiple VKs. 2024-01-19 16:26:30 +00:00
Daniel Zatovic
4321992561 Add tests for storing VK in keyring during resume. 2024-01-19 16:26:30 +00:00
Daniel Zatovic
f354a0b038 Add tests for storing multiple VKs in a custom keyring. 2024-01-19 16:26:30 +00:00
Milan Broz
e0eb4dad95 Fix tests to support --disable-keyring option. 
Also remove unused function in test.
 2024-01-19 13:40:25 +00:00
Ondrej Kozina
a50a39a192 tests: add in-place LUKS2 encryption api test. 
Simple test for plaintext data placed at specified offset
(non zero offset relative to head of data device).
 2024-01-05 14:22:07 +01:00
Ondrej Kozina
adc83f6dca tests: add helper for creating arbitrary linear mapping. 2024-01-05 14:22:07 +01:00
Daniel Zatovic
d1b32a3b64 Add keyring linking API placeholders for multi-key scenarios. 2023-12-20 14:02:07 +01:00
Ondrej Kozina
31027b9240 test: check if device remains usable after failed attempt to double activation. 2023-12-13 20:59:14 +00:00
Ondrej Kozina
0f642a8397 Add missing vectors tests in valgrind setup. 2023-12-04 09:33:21 +00:00
Ondrej Kozina
b653567e3e Simplify meson tests. 
Valgrind tests is now run with:

meson test -C <build_dir> --setup=valgrind
 2023-12-04 09:33:21 +00:00
Milan Broz
85d23dde79 Revert "tests: Temporarily disable veritysetup tasklet option test." 
This reverts commit 0e44494aba.

Kernel fix is in mainline and on the way to stable kernels.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/md?id=2a695062a5a42aead8c539a344168d4806b3fda2
 2023-11-30 14:53:42 +00:00
Milan Broz
5e7bd7a36b fuzz: Try to limit image size in crypt2_load_proto_plain_json_fuzz 
It seems that we see a lot of out of space in fuzzer run,
so try to avoid writing excessive big images here.
 2023-11-30 15:01:04 +01:00
Milan Broz
e1ef5214e7 Fix some typos found by lintian. 2023-11-29 09:49:55 +01:00
Milan Broz
6262da3a11 fuzz: add missing flex (util-linux req.) to fix fuzzing build 2023-11-26 10:39:22 +01:00
Milan Broz
dfbb7752b5 tests: fail early if PSID reset does not work for device. 
This should stop user from using wrong device for tests.
 2023-11-22 15:48:48 +01:00
Milan Broz
0f51b5bacb Do not run sector read check on suspended device. 
This can affect status command, but later also device
stack with authenticated encryption (*_dif device).

Ignoring direct-io should not be problem here.
The logic shoudl be simplified in future anyway...
 2023-11-21 22:44:16 +01:00
Ondrej Kozina
722c77c883 Fix wrong key id set when resuming LUKS2 device. 
If volume key digest id was not 0 it failed on assert
in LUKS2 resume path later.
 2023-11-21 21:43:34 +00:00
Ondrej Kozina
8c0a943e5c Drop fake_token_path symbol from tests. 
It's no longer used.
 2023-11-17 10:42:23 +01:00
Ondrej Kozina
5ef1878b34 Do not use fake-token-path in ssh and systemd plugin tests. 2023-11-17 10:42:23 +01:00
Ondrej Kozina
31f82fd37c Drop deprecated use of implicit meson setup command. 2023-11-15 19:22:27 +00:00
Ondrej Kozina
9ca46971f2 Fix systemd-test-plugin initialization. 
check for .git subdirectory to decide if systemd
repository needs to be cloned.
 2023-11-15 19:22:27 +00:00
Ondrej Kozina
7aeb1c3aea Fix fake systemd tpm path symbol. 
The prototype for the function in systemd has changed.
Otrherwise the tests abort with SEGFAULT.
 2023-11-15 19:22:27 +00:00
Ondrej Kozina
cf7874de4b compat-test-opal does not depend on differ util. 2023-11-15 18:41:02 +01:00
Ondrej Kozina
d82a1843ba Speed up compat-test-opal valgrind test. 
By not testing cleanup routines repeatingly
for leaks.
 2023-11-15 18:41:02 +01:00
Ondrej Kozina
9a5a3855a0 Enable valgrind tests in meson. 2023-11-15 18:40:44 +01:00
Ondrej Kozina
564379618a Increase minimal meson version to 0.64 
It's inital cryptsetup upstream release with
meson support so let's not pollute scripts
with if-then-else branching from the very
beginning.
 2023-11-15 13:33:05 +01:00
Milan Broz
0e44494aba tests: Temporarily disable veritysetup tasklet option test. 
Kernel bug reporte here:
  https://lore.kernel.org/dm-devel/fa17b8d8-2d84-45c8-ac6a-1876f1f55a52@gmail.com/
 2023-11-13 12:00:13 +01:00
Milan Broz
371cfc4394 tests: Clean up also dm-integrity device in OPAL test 2023-11-07 19:39:37 +01:00
Milan Broz
2a9752b6c8 tests: Do not run OPAL test with valgrind if variables are not set 
Otherwise it will break run with exit code 77.
 2023-11-06 17:12:57 +00:00
Ondrej Kozina
ee31159c68 Enable tests fixed with recent commits. 2023-11-06 16:49:28 +01:00
Ondrej Kozina
abf7e3e359 Fix memleak in test. 
By defining custom buffer free function in test token handler
the default call to free() gets skipped.
 2023-11-03 21:27:59 +00:00
Ondrej Kozina
0154893ad5 Remove inital opal-test. 
Test fully included in compat-test-opal.
 2023-11-02 17:15:14 +01:00
Ondrej Kozina
b23e9f32f2 Add basic compat-opal-test. 
The aim of the test is verify compatibility with
SW only LUKS2 devices for basic operations like
activation, deactivation, suspend, resume and
token based activation.
 2023-11-02 17:15:14 +01:00
Milan Broz
800ec5d1ed fuzzing: Fix crypt2_load_fuzz to not touch const data 
The crypt2_load_fuzz fuzzer needs to calculate LUKS2 header checksum
to speed up fuzzing. Currently we incorrectly touch const data input.

This patch
 - calculates only primary LUKS2 header checksum (ignores secondary header)
 - uses temporary struct for modified data
 - keps fuzzer going even with original data if checksum calc fails.

Hopefully solves unknown write issue in fuzzer (not real utils) on oss-fuzz.
 2023-10-30 13:11:31 +01:00
Milan Broz
0c9258484a tests: fix oss-fuzz build 
- xz now requires some configure options to build with sanitizer
- lvm2 official repository moved
 2023-10-27 09:03:50 +02:00
Ondrej Kozina
385c0afebe Fix tests in FIPS mode. 
In FIPS mode, if test passphrase is shorter
than 8 bytes, keyslot passphrase check routine
returns different error code (-EINVAL) than
expected (-EPERM).
 2023-10-18 15:02:09 +02:00
Ondrej Kozina
1f007061d6 Respect keyslot id while activating device by token. 
Also by using --test-passphrase option this patch allows
cryptsetup to check if specific token (--token-id) is
able to unlock specific keyslot (--key-slot/-S).

It uses recently added crypt_activate_by_keyslot_context
API.

Fixes: #784.
 2023-10-16 17:23:32 +00:00
Milan Broz
8f442bc97a tests: Avoid new plain type warnings if missing options. 2023-10-05 10:31:41 +02:00