mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-13 11:50:10 +01:00
cbc143bf95
AFAIK older versions of the POSIX Standard didn't specify a way to
locate commands. Many operating systems and distributions added a
which(1) utility for that purpose, unfortunately without consistent
behavior across the board.
OTOH POSIX.1-2008 (or was it older? POSIX.1-2001 mentions it too, but
with a restriction: “On systems supporting the User Portability Utilities
option”) specifies that `command -v` can be used for that purpose:
https://pubs.opengroup.org/onlinepubs/9699919799.2008edition/utilities/command.html
Moreover the standard adds that if the argument is neither a valid
utility, builtin, shell function nor alias then “no output shall be
written and the exit status shall reflect that the name was not found”.
It's therefore no longer needed to void the error output (spewing error
messages was one of the inconsistent behavior of the different which(1)
utilities).
The upcoming Debian 12 (codename Bookworm) appears to have deprecated
its which(1) utility (as a first step for its removal from the base
system):
$ which foo
/usr/bin/which: this version of `which' is deprecated; use `command -v' in scripts instead.
In most places the deprecation notice isn't visible when running the
test suite because most `which` calls run with the error output
redirected to /dev/null, however this is not the case everywhere:
https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.4.3/tests/integrity-compat-test#L333
https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.4.3/tests/reencryption-compat-test2#L232
This commit replaces all `which` calls from tests/* with `command -v`,
and removes the error output redirection.
238 lines
11 KiB
Bash
Executable File
238 lines
11 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#turn on debug mode by following env. variable _DEBUG=1
|
|
|
|
PS4='$LINENO:'
|
|
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
|
|
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
|
|
|
|
CRYPTSETUP_VALGRIND=../.libs/cryptsetup
|
|
CRYPTSETUP_LIB_VALGRIND=../.libs
|
|
|
|
START_DIR=$(pwd)
|
|
|
|
IMG=luks2-backend.img
|
|
ORIG_IMG=luks2_valid_hdr.img
|
|
TST_IMGS=$START_DIR/luks2-images
|
|
|
|
GEN_DIR=generators
|
|
|
|
FAILS=0
|
|
|
|
[ -z "$srcdir" ] && srcdir="."
|
|
|
|
function remove_mapping()
|
|
{
|
|
rm -rf $IMG $TST_IMGS >/dev/null 2>&1
|
|
}
|
|
|
|
function fail()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
echo "FAILED backtrace:"
|
|
while caller $frame; do ((frame++)); done
|
|
cd $START_DIR
|
|
remove_mapping
|
|
exit 2
|
|
}
|
|
|
|
fail_count()
|
|
{
|
|
echo "$1"
|
|
FAILS=$((FAILS+1))
|
|
}
|
|
|
|
function skip()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
exit 77
|
|
}
|
|
|
|
function prepare() # $1 dev1_size
|
|
{
|
|
remove_mapping
|
|
|
|
test -d $TST_IMGS || mkdir $TST_IMGS
|
|
|
|
test -e $ORIG_IMG || xz -dkc $srcdir/$ORIG_IMG.xz >$ORIG_IMG
|
|
cp $ORIG_IMG $TST_IMGS
|
|
cp $ORIG_IMG $IMG
|
|
}
|
|
|
|
function test_load()
|
|
{
|
|
local _debug=
|
|
|
|
test -z "$_DEBUG" || _debug="--debug"
|
|
|
|
case "$1" in
|
|
R)
|
|
if [ -n "$_debug" ]; then
|
|
$CRYPTSETUP luksDump $_debug $IMG
|
|
else
|
|
$CRYPTSETUP luksDump $_debug $IMG > /dev/null 2>&1
|
|
fi
|
|
test $? -eq 0 || return 1
|
|
;;
|
|
F)
|
|
if [ -n "$_debug" ]; then
|
|
$CRYPTSETUP luksDump $_debug $IMG
|
|
else
|
|
$CRYPTSETUP luksDump $_debug $IMG > /dev/null 2>&1
|
|
fi
|
|
test $? -ne 0 || return 1
|
|
;;
|
|
*)
|
|
fail "Internal test error"
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function RUN()
|
|
{
|
|
echo -n "Test image: $1..."
|
|
cp $TST_IMGS/$1 $IMG || fail "Missing test image"
|
|
test_load $2 "$3"
|
|
if [ $? -ne 0 ]; then
|
|
fail_count "$3"
|
|
else
|
|
echo "OK"
|
|
fi
|
|
}
|
|
|
|
function valgrind_setup()
|
|
{
|
|
command -v valgrind >/dev/null || fail "Cannot find valgrind."
|
|
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
|
|
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
|
|
}
|
|
|
|
function valgrind_run()
|
|
{
|
|
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
|
|
}
|
|
|
|
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
|
|
|
|
command -v jq >/dev/null || skip "Cannot find jq, test skipped."
|
|
|
|
prepare
|
|
|
|
echo "[0] Generating test headers"
|
|
cd $srcdir/$GEN_DIR
|
|
for scr in ./generate-*.sh; do
|
|
echo -n "$(basename $scr)..."
|
|
$scr $TST_IMGS $TST_IMGS/$ORIG_IMG || fail "Header generator $scr failed: '$?'"
|
|
echo "done"
|
|
done
|
|
cd $START_DIR
|
|
|
|
echo "[1] Test basic auto-recovery"
|
|
RUN luks2-invalid-checksum-hdr0.img "R" "Failed to recover from trivial header corruption at offset 0"
|
|
# TODO: check epoch is incresed after recovery
|
|
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
|
|
|
|
RUN luks2-invalid-checksum-hdr1.img "R" "Failed to recover from trivial header corruption at offset 16384"
|
|
# TODO: check epoch is incresed after recovery
|
|
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
|
|
|
|
RUN luks2-invalid-checksum-both-hdrs.img "F" "Failed to recognise corrupted header beyond repair"
|
|
|
|
echo "[2] Test ability to auto-correct mallformed json area"
|
|
RUN luks2-corrupted-hdr0-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 512"
|
|
# TODO: check epoch is incresed after recovery
|
|
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
|
|
|
|
RUN luks2-corrupted-hdr1-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 16896"
|
|
# TODO: check epoch is incresed after recovery
|
|
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
|
|
|
|
RUN luks2-correct-full-json0.img "R" "Failed to parse full and correct json area"
|
|
# TODO: detect noop (norecovery, epoch untouched)
|
|
# TODO: check epoch is NOT incresed after recovery of secondary header
|
|
|
|
# these tests auto-correct json in-memory only. It'll get fixed on-disk after write operation
|
|
RUN luks2-argon2-leftover-params.img "R" "Failed to repair keyslot with old argon2 parameters."
|
|
RUN luks2-pbkdf2-leftover-params-0.img "R" "Failed to repair keyslot with old pbkdf2 parameters."
|
|
RUN luks2-pbkdf2-leftover-params-1.img "R" "Failed to repair keyslot with old pbkdf2 parameters."
|
|
|
|
# Secondary header is always broken in following tests
|
|
echo "[3] Test LUKS2 json area restrictions"
|
|
RUN luks2-non-null-byte-beyond-json0.img "F" "Failed to detect illegal data right beyond json data string"
|
|
RUN luks2-non-null-bytes-beyond-json0.img "F" "Failed to detect illegal data in json area"
|
|
RUN luks2-missing-trailing-null-byte-json0.img "F" "Failed to detect missing terminal null byte"
|
|
RUN luks2-invalid-opening-char-json0.img "F" "Failed to detect invalid opening character in json area"
|
|
RUN luks2-invalid-object-type-json0.img "F" "Failed to detect invalid json object type"
|
|
RUN luks2-overlapping-areas-c0-json0.img "F" "Failed to detect two exactly same area specifications"
|
|
RUN luks2-overlapping-areas-c1-json0.img "F" "Failed to detect two intersecting area specifications"
|
|
RUN luks2-overlapping-areas-c2-json0.img "F" "Failed to detect two slightly intersecting area specifications"
|
|
RUN luks2-area-in-json-hdr-space-json0.img "F" "Failed to detect area referencing LUKS2 header space"
|
|
RUN luks2-missing-keyslot-referenced-in-digest.img "F" "Failed to detect missing keyslot referenced in digest"
|
|
RUN luks2-missing-segment-referenced-in-digest.img "F" "Failed to detect missing segment referenced in digest"
|
|
RUN luks2-missing-keyslot-referenced-in-token.img "F" "Failed to detect missing keyslots referenced in token"
|
|
RUN luks2-keyslot-missing-digest.img "F" "Failed to detect missing keyslot digest."
|
|
RUN luks2-keyslot-too-many-digests.img "F" "Failed to detect keyslot has too many digests."
|
|
|
|
echo "[4] Test integers value limits"
|
|
RUN luks2-uint64-max-segment-size.img "R" "Validation rejected correct value"
|
|
RUN luks2-uint64-overflow-segment-size.img "F" "Failed to detect uint64_t overflow"
|
|
RUN luks2-uint64-signed-segment-size.img "F" "Failed to detect negative value"
|
|
|
|
echo "[5] Test segments validation"
|
|
RUN luks2-segment-missing-type.img "F" "Failed to detect missing type field"
|
|
RUN luks2-segment-wrong-type.img "F" "Failed to detect invalid type field"
|
|
RUN luks2-segment-missing-offset.img "F" "Failed to detect missing offset field"
|
|
RUN luks2-segment-wrong-offset.img "F" "Failed to detect invalid offset field"
|
|
RUN luks2-segment-missing-size.img "F" "Failed to detect missing size field"
|
|
RUN luks2-segment-wrong-size-0.img "F" "Failed to detect invalid size field"
|
|
RUN luks2-segment-wrong-size-1.img "F" "Failed to detect invalid size field"
|
|
RUN luks2-segment-wrong-size-2.img "F" "Failed to detect invalid size field"
|
|
RUN luks2-segment-crypt-missing-encryption.img "F" "Failed to detect missing encryption field"
|
|
RUN luks2-segment-crypt-wrong-encryption.img "F" "Failed to detect invalid encryption field"
|
|
RUN luks2-segment-crypt-missing-ivoffset.img "F" "Failed to detect missing iv_tweak field"
|
|
RUN luks2-segment-crypt-wrong-ivoffset.img "F" "Failed to detect invalid iv_tweak field"
|
|
RUN luks2-segment-crypt-missing-sectorsize.img "F" "Failed to detect missing sector_size field"
|
|
RUN luks2-segment-crypt-wrong-sectorsize-0.img "F" "Failed to detect invalid sector_size field"
|
|
RUN luks2-segment-crypt-wrong-sectorsize-1.img "F" "Failed to detect invalid sector_size field"
|
|
RUN luks2-segment-crypt-wrong-sectorsize-2.img "F" "Failed to detect invalid sector_size field"
|
|
RUN luks2-segment-unknown-type.img "R" "Validation rejected segment with all mandatory fields correct"
|
|
RUN luks2-segment-two.img "R" "Validation rejected two valid segments"
|
|
RUN luks2-segment-wrong-flags.img "F" "Failed to detect invalid flags field"
|
|
RUN luks2-segment-wrong-flags-element.img "F" "Failed to detect invalid flags content"
|
|
RUN luks2-segment-wrong-backup-key-0.img "F" "Failed to detect gap in backup segments"
|
|
RUN luks2-segment-wrong-backup-key-1.img "F" "Failed to detect gap in backup segments"
|
|
|
|
echo "[6] Test metadata size and keyslots size (config section)"
|
|
RUN luks2-invalid-keyslots-size-c0.img "F" "Failed to detect too large keyslots_size in config section"
|
|
RUN luks2-invalid-keyslots-size-c1.img "F" "Failed to detect unaligned keyslots_size in config section"
|
|
RUN luks2-invalid-keyslots-size-c2.img "F" "Failed to detect too small keyslots_size config section"
|
|
RUN luks2-invalid-json-size-c0.img "F" "Failed to detect invalid json_size config section"
|
|
RUN luks2-invalid-json-size-c1.img "F" "Failed to detect invalid json_size config section"
|
|
RUN luks2-invalid-json-size-c2.img "F" "Failed to detect mismatching json size in config and binary hdr"
|
|
RUN luks2-metadata-size-32k.img "R" "Valid 32KiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-64k.img "R" "Valid 64KiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-64k-inv-area-c0.img "F" "Failed to detect keyslot area trespassing in json area"
|
|
RUN luks2-metadata-size-64k-inv-area-c1.img "F" "Failed to detect keyslot area overflowing keyslots area"
|
|
RUN luks2-metadata-size-64k-inv-keyslots-size-c0.img "F" "Failed to detect keyslots size overflowing in data area"
|
|
RUN luks2-metadata-size-128k.img "R" "Valid 128KiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-256k.img "R" "Valid 256KiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-512k.img "R" "Valid 512KiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-1m.img "R" "Valid 1MiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-2m.img "R" "Valid 2MiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-4m.img "R" "Valid 4MiB metadata size failed to validate"
|
|
RUN luks2-metadata-size-16k-secondary.img "R" "Valid 16KiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-32k-secondary.img "R" "Valid 32KiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-64k-secondary.img "R" "Valid 64KiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-128k-secondary.img "R" "Valid 128KiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-256k-secondary.img "R" "Valid 256KiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-512k-secondary.img "R" "Valid 512KiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-1m-secondary.img "R" "Valid 1MiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-2m-secondary.img "R" "Valid 2MiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-4m-secondary.img "R" "Valid 4MiB metadata size in secondary hdr failed to validate"
|
|
RUN luks2-metadata-size-invalid.img "F" "Invalid metadata size in secondary hdr not rejected"
|
|
RUN luks2-metadata-size-invalid-secondary.img "F" "Invalid metadata size in secondary hdr not rejected"
|
|
|
|
remove_mapping
|
|
|
|
test $FAILS -eq 0 || fail "($FAILS wrong result(s) in total)"
|