eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3a8feb8be78dabb7024aad2d1c48dcaa145e67dc
cryptsetup/tests
History
Maxim Suhanov 68d4749d8a bitlk: implement validation of FVE metadata 
This commit implements FVE metadata block validation based on:
* CRC-32 (to detect random corruption);
* AES-CCM-encrypted SHA-256 (to detect malicious manipulations).

The hash-based validation requires us to decrypt the VMK first, so
it's only performed when obtaining the volume key.

This allows us to detect corrupted/altered FVE metadata blocks and
pick the valid one (before this commit: the first FVE metadata block
is always selected).

Fixes: #953

tests: add BitLocker image with corrupted headers

The image contains 2 manually corrupted metadata blocks (out of 3),
the library should use the third one to correctly load the volume.

Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
2025-08-29 15:16:36 +02:00
..
fuzz
fuzz: Better log from installation script
2025-02-15 14:57:19 +01:00
generators
Add validation tests for json area in non compact version.
2025-03-07 15:44:41 +01:00
00modules-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
align-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
align-test2
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
all-symbols-test.c
Use #if for rest of defines.
2025-01-27 11:05:08 +00:00
api_test.h
integrity: Add inline flag to API
2025-05-22 14:48:56 +02:00
api-test-2.c
Version 2.8.1.
2025-08-19 10:57:12 +02:00
api-test.c
Fix bug in parsing of tcrypt device in crypt_init_by_name.
2025-07-29 13:49:37 +02:00
bitlk-compat-test
bitlk-compat-test: Use eval in load_vars().
2025-06-16 17:34:12 +02:00
bitlk-images.tar.xz
bitlk: implement validation of FVE metadata
2025-08-29 15:16:36 +02:00
blkid-luks2-pv.img.xz
Test basic LUKS2 repair capabilities.
2018-07-11 22:23:10 +02:00
blockwise-compat-test
tests: Add trap for segfault and sigabrt
2025-01-27 20:42:25 +01:00
compat-args-test
Allow --reduce-device-size and --device-size in encrypt action.
2025-06-02 17:10:02 +02:00
compat-test
tests: Use truncate and detect failure.
2025-06-18 10:10:52 +02:00
compat-test2
Do not silently decrease PBKDF parallel cost (threads)
2025-08-01 12:31:02 +02:00
compat-test-opal
tests: Do not use --key-size for --hw-opal-only format
2025-05-27 13:42:08 +02:00
compatimage2.img.xz
tests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+)
2024-05-13 10:22:02 +00:00
compatimage.img.xz
Get rid of SHA1 in tests.
2022-01-21 12:29:36 +01:00
compatv10image.img.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
conversion_imgs.tar.xz
Change tests to use passphrases with minimal 8 chars length.
2022-12-08 11:03:09 +00:00
crypto-check.c
Update copyright year.
2025-01-15 23:09:36 +01:00
crypto-vectors.c
test: fix warning about missing NUL terminator
2025-08-13 11:03:30 +02:00
cryptsetup-valg-supps
Fix typos found by codespell.
2022-04-20 14:37:13 +00:00
device-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
differ.c
Update copyright year.
2025-01-15 23:09:36 +01:00
discards-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
evil_hdr-keyslot_overlap.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
evil_hdr-luks_hdr_damage.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
evil_hdr-payload_overwrite.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
evil_hdr-small_luks_device.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
evil_hdr-stripes_payload_dmg.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
fake_systemd_tpm_path.c
Use SPDX license identifiers.
2024-06-03 16:38:15 +00:00
fvault2-compat-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
fvault2-images.tar.xz
Fvault2: add basic test
2022-11-14 21:50:18 +01:00
generate-symbols-list
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
img_fs_ext4.img.xz
Fix ext4 image to work without CONFIG_LBDAF.
2018-11-05 12:00:01 +01:00
img_fs_vfat.img.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
img_fs_xfs5.img.xz
Add xfs V5 image to tests.
2024-03-07 11:30:21 +00:00
img_fs_xfs.img.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
integrity-compat-test
tests: Reinitialize integrity device after inline test
2025-06-22 09:35:39 +02:00
keyring-compat-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
keyring-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
keyring-trusted-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
loopaes-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
luks1-compat-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
luks1-images.tar.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
luks2_header_requirements.tar.xz
tests: Use only PBKDF2 in api-test-2 images (FIPS with OpenSSL 3.2+)
2024-05-13 10:22:02 +00:00
luks2_invalid_cipher.img.xz
Fix activation of LUKS2 with capi format cipher and kernel crypt name.
2023-06-26 13:26:13 +02:00
luks2_keyslot_unassigned.img.xz
tests: Use only PBKDF2 in luks2_keyslot_unassigned.img (FIPS with OpenSSL 3.2+)
2024-05-13 10:22:02 +00:00
luks2_mda_images.tar.xz
Update LUKS2 test images.
2018-11-29 13:32:02 +01:00
luks2_valid_hdr.img.xz
Extend baseline LUKS2 validation image to 16 MiBs.
2018-11-26 16:28:01 +01:00
luks2-integrity-test
tests: add LUKS2 integrity tests
2025-05-22 14:53:27 +02:00
luks2-reencryption-mangle-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
luks2-reencryption-test
tests: Use truncate and detect failure.
2025-06-18 10:10:52 +02:00
luks2-validation-test
Add validation tests for json area in non compact version.
2025-03-07 15:44:41 +01:00
LUKS-d238e48a-0ed3-4169-b841-f26b44693134.tar.xz
Add regression test for resuming LUKS1 decryption.
2024-03-05 14:58:02 +01:00
Makefile.am
Add trusted/encrypted keyring test (for plain format).
2024-11-25 14:55:55 +01:00
Makefile.localtest
tests: compile fake_tpm_path util also for localtest
2022-11-24 14:54:18 +01:00
meson.build
Add trusted/encrypted keyring test (for plain format).
2024-11-25 14:55:55 +01:00
mode-test
tests: Fix targets/kernel version detection
2025-02-19 13:50:24 +01:00
password-hash-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
reencryption-compat-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
run-all-symbols
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
ssh-test-plugin
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
systemd-test-plugin
Drop unused variable in systemd-test-plugin.
2025-06-26 14:38:08 +02:00
tcrypt-compat-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
tcrypt-images.tar.xz
TCRYPT: update system encryption images and test.
2024-07-02 13:04:30 +00:00
test_utils.c
integrity: Add inline flag to API
2025-05-22 14:48:56 +02:00
unit-utils-crypt.c
Update copyright year.
2025-01-15 23:09:36 +01:00
unit-utils-io.c
Update copyright year.
2025-01-15 23:09:36 +01:00
unit-wipe-test
tests: Remove function xx() bashism.
2025-01-27 20:43:33 +01:00
unit-wipe.c
Update copyright year.
2025-01-15 23:09:36 +01:00
valg-api.sh
Add day do valglog (valgrind test output files).
2021-05-24 12:12:39 +02:00
valg.sh
Add day do valglog (valgrind test output files).
2021-05-24 12:12:39 +02:00
valid_header_file.xz
Use only xz archives in tests.
2018-08-06 13:48:54 +02:00
verity-compat-test
tests: Fix targets/kernel version detection
2025-02-19 13:50:24 +01:00
xfs_512_block_size.img.xz
Do not allow dangerous sector size change during reencryption.
2022-04-19 13:27:37 +00:00