|
Packit |
94f725 |
#!/bin/bash
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
#turn on debug mode by following env. variable _DEBUG=1
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
PS4='$LINENO:'
|
|
Packit |
94f725 |
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
|
|
Packit |
94f725 |
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
CRYPTSETUP_VALGRIND=../.libs/cryptsetup
|
|
Packit |
94f725 |
CRYPTSETUP_LIB_VALGRIND=../.libs
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
START_DIR=$(pwd)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
IMG=luks2-backend.img
|
|
Packit |
94f725 |
ORIG_IMG=luks2_valid_hdr.img
|
|
Packit |
94f725 |
TST_IMGS=$START_DIR/luks2-images
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
GEN_DIR=generators
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
FAILS=0
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
[ -z "$srcdir" ] && srcdir="."
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function remove_mapping()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
rm -rf $IMG $TST_IMGS >/dev/null 2>&1
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function fail()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
[ -n "$1" ] && echo "$1"
|
|
Packit |
94f725 |
echo "FAILED backtrace:"
|
|
Packit |
94f725 |
while caller $frame; do ((frame++)); done
|
|
Packit |
94f725 |
cd $START_DIR
|
|
Packit |
94f725 |
remove_mapping
|
|
Packit |
94f725 |
exit 2
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
fail_count()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
echo "$1"
|
|
Packit |
94f725 |
FAILS=$((FAILS+1))
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function skip()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
[ -n "$1" ] && echo "$1"
|
|
Packit |
94f725 |
exit 77
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function prepare() # $1 dev1_size
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
remove_mapping
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
test -d $TST_IMGS || mkdir $TST_IMGS
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
test -e $ORIG_IMG || xz -dkc $srcdir/$ORIG_IMG.xz >$ORIG_IMG
|
|
Packit |
94f725 |
cp $ORIG_IMG $TST_IMGS
|
|
Packit |
94f725 |
cp $ORIG_IMG $IMG
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function test_load()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
local _debug=
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
test -z "$_DEBUG" || _debug="--debug"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
case "$1" in
|
|
Packit |
94f725 |
R)
|
|
Packit |
94f725 |
if [ -n "$_debug" ]; then
|
|
Packit |
94f725 |
$CRYPTSETUP luksDump $_debug $IMG
|
|
Packit |
94f725 |
else
|
|
Packit |
94f725 |
$CRYPTSETUP luksDump $_debug $IMG > /dev/null 2>&1
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
test $? -eq 0 || return 1
|
|
Packit |
94f725 |
;;
|
|
Packit |
94f725 |
F)
|
|
Packit |
94f725 |
if [ -n "$_debug" ]; then
|
|
Packit |
94f725 |
$CRYPTSETUP luksDump $_debug $IMG
|
|
Packit |
94f725 |
else
|
|
Packit |
94f725 |
$CRYPTSETUP luksDump $_debug $IMG > /dev/null 2>&1
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
test $? -ne 0 || return 1
|
|
Packit |
94f725 |
;;
|
|
Packit |
94f725 |
*)
|
|
Packit |
94f725 |
fail "Internal test error"
|
|
Packit |
94f725 |
;;
|
|
Packit |
94f725 |
esac
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function RUN()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
echo -n "Test image: $1..."
|
|
Packit |
94f725 |
cp $TST_IMGS/$1 $IMG || fail "Missing test image"
|
|
Packit |
94f725 |
test_load $2 "$3"
|
|
Packit |
94f725 |
if [ $? -ne 0 ]; then
|
|
Packit |
94f725 |
fail_count "$3"
|
|
Packit |
94f725 |
else
|
|
Packit |
94f725 |
echo "OK"
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function valgrind_setup()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
|
|
Packit |
94f725 |
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
|
|
Packit |
94f725 |
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
function valgrind_run()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
which jq >/dev/null 2>&1 || skip "Cannot find jq, test skipped."
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
prepare
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo "[0] Generating test headers"
|
|
Packit |
94f725 |
cd $srcdir/$GEN_DIR
|
|
Packit |
94f725 |
for scr in ./generate-*.sh; do
|
|
Packit |
94f725 |
echo -n "$(basename $scr)..."
|
|
Packit |
94f725 |
$scr $TST_IMGS $TST_IMGS/$ORIG_IMG || fail "Header generator $scr failed: '$?'"
|
|
Packit |
94f725 |
echo "done"
|
|
Packit |
94f725 |
done
|
|
Packit |
94f725 |
cd $START_DIR
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo "[1] Test basic auto-recovery"
|
|
Packit |
94f725 |
RUN luks2-invalid-checksum-hdr0.img "R" "Failed to recover from trivial header corruption at offset 0"
|
|
Packit |
94f725 |
# TODO: check epoch is incresed after recovery
|
|
Packit |
94f725 |
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
RUN luks2-invalid-checksum-hdr1.img "R" "Failed to recover from trivial header corruption at offset 16384"
|
|
Packit |
94f725 |
# TODO: check epoch is incresed after recovery
|
|
Packit |
94f725 |
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
RUN luks2-invalid-checksum-both-hdrs.img "F" "Failed to recognise corrupted header beyond repair"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo "[2] Test ability to auto-correct mallformed json area"
|
|
Packit |
94f725 |
RUN luks2-corrupted-hdr0-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 512"
|
|
Packit |
94f725 |
# TODO: check epoch is incresed after recovery
|
|
Packit |
94f725 |
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
RUN luks2-corrupted-hdr1-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 16896"
|
|
Packit |
94f725 |
# TODO: check epoch is incresed after recovery
|
|
Packit |
94f725 |
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
RUN luks2-correct-full-json0.img "R" "Failed to parse full and correct json area"
|
|
Packit |
94f725 |
# TODO: detect noop (norecovery, epoch untouched)
|
|
Packit |
94f725 |
# TODO: check epoch is NOT incresed after recovery of secondary header
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
# these tests auto-correct json in-memory only. It'll get fixed on-disk after write operation
|
|
Packit |
94f725 |
RUN luks2-argon2-leftover-params.img "R" "Failed to repair keyslot with old argon2 parameters."
|
|
Packit |
94f725 |
RUN luks2-pbkdf2-leftover-params-0.img "R" "Failed to repair keyslot with old pbkdf2 parameters."
|
|
Packit |
94f725 |
RUN luks2-pbkdf2-leftover-params-1.img "R" "Failed to repair keyslot with old pbkdf2 parameters."
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
# Secondary header is always broken in following tests
|
|
Packit |
94f725 |
echo "[3] Test LUKS2 json area restrictions"
|
|
Packit |
94f725 |
RUN luks2-non-null-byte-beyond-json0.img "F" "Failed to detect illegal data right beyond json data string"
|
|
Packit |
94f725 |
RUN luks2-non-null-bytes-beyond-json0.img "F" "Failed to detect illegal data in json area"
|
|
Packit |
94f725 |
RUN luks2-missing-trailing-null-byte-json0.img "F" "Failed to detect missing terminal null byte"
|
|
Packit |
94f725 |
RUN luks2-invalid-opening-char-json0.img "F" "Failed to detect invalid opening character in json area"
|
|
Packit |
94f725 |
RUN luks2-invalid-object-type-json0.img "F" "Failed to detect invalid json object type"
|
|
Packit |
94f725 |
RUN luks2-overlapping-areas-c0-json0.img "F" "Failed to detect two exactly same area specifications"
|
|
Packit |
94f725 |
RUN luks2-overlapping-areas-c1-json0.img "F" "Failed to detect two intersecting area specifications"
|
|
Packit |
94f725 |
RUN luks2-overlapping-areas-c2-json0.img "F" "Failed to detect two slightly intersecting area specifications"
|
|
Packit |
94f725 |
RUN luks2-area-in-json-hdr-space-json0.img "F" "Failed to detect area referencing LUKS2 header space"
|
|
Packit |
94f725 |
RUN luks2-missing-keyslot-referenced-in-digest.img "F" "Failed to detect missing keyslot referenced in digest"
|
|
Packit |
94f725 |
RUN luks2-missing-segment-referenced-in-digest.img "F" "Failed to detect missing segment referenced in digest"
|
|
Packit |
94f725 |
RUN luks2-missing-keyslot-referenced-in-token.img "F" "Failed to detect missing keyslots referenced in token"
|
|
Packit |
94f725 |
RUN luks2-keyslot-missing-digest.img "F" "Failed to detect missing keyslot digest."
|
|
Packit |
94f725 |
RUN luks2-keyslot-too-many-digests.img "F" "Failed to detect keyslot has too many digests."
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo "[4] Test integers value limits"
|
|
Packit |
94f725 |
RUN luks2-uint64-max-segment-size.img "R" "Validation rejected correct value"
|
|
Packit |
94f725 |
RUN luks2-uint64-overflow-segment-size.img "F" "Failed to detect uint64_t overflow"
|
|
Packit |
94f725 |
RUN luks2-uint64-signed-segment-size.img "F" "Failed to detect negative value"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo "[5] Test segments validation"
|
|
Packit |
94f725 |
RUN luks2-segment-missing-type.img "F" "Failed to detect missing type field"
|
|
Packit |
94f725 |
RUN luks2-segment-wrong-type.img "F" "Failed to detect invalid type field"
|
|
Packit |
94f725 |
RUN luks2-segment-missing-offset.img "F" "Failed to detect missing offset field"
|
|
Packit |
94f725 |
RUN luks2-segment-wrong-offset.img "F" "Failed to detect invalid offset field"
|
|
Packit |
94f725 |
RUN luks2-segment-missing-size.img "F" "Failed to detect missing size field"
|
|
Packit |
94f725 |
RUN luks2-segment-wrong-size-0.img "F" "Failed to detect invalid size field"
|
|
Packit |
94f725 |
RUN luks2-segment-wrong-size-1.img "F" "Failed to detect invalid size field"
|
|
Packit |
94f725 |
RUN luks2-segment-wrong-size-2.img "F" "Failed to detect invalid size field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-missing-encryption.img "F" "Failed to detect missing encryption field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-wrong-encryption.img "F" "Failed to detect invalid encryption field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-missing-ivoffset.img "F" "Failed to detect missing iv_tweak field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-wrong-ivoffset.img "F" "Failed to detect invalid iv_tweak field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-missing-sectorsize.img "F" "Failed to detect missing sector_size field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-wrong-sectorsize-0.img "F" "Failed to detect invalid sector_size field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-wrong-sectorsize-1.img "F" "Failed to detect invalid sector_size field"
|
|
Packit |
94f725 |
RUN luks2-segment-crypt-wrong-sectorsize-2.img "F" "Failed to detect invalid sector_size field"
|
|
Packit |
94f725 |
RUN luks2-segment-unknown-type.img "R" "Validation rejected segment with all mandatory fields correct"
|
|
Packit |
94f725 |
RUN luks2-segment-two.img "R" "Validation rejected two valid segments"
|
|
Packit |
94f725 |
RUN luks2-segment-wrong-flags.img "F" "Failed to detect invalid flags field"
|
|
Packit |
94f725 |
RUN luks2-segment-wrong-flags-element.img "F" "Failed to detect invalid flags content"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo "[6] Test metadata size and keyslots size (config section)"
|
|
Packit |
94f725 |
RUN luks2-invalid-keyslots-size-c0.img "F" "Failed to detect too large keyslots_size in config section"
|
|
Packit |
94f725 |
RUN luks2-invalid-keyslots-size-c1.img "F" "Failed to detect unaligned keyslots_size in config section"
|
|
Packit |
94f725 |
RUN luks2-invalid-keyslots-size-c2.img "F" "Failed to detect too small keyslots_size config section"
|
|
Packit |
94f725 |
RUN luks2-invalid-json-size-c0.img "F" "Failed to detect invalid json_size config section"
|
|
Packit |
94f725 |
RUN luks2-invalid-json-size-c1.img "F" "Failed to detect invalid json_size config section"
|
|
Packit |
94f725 |
RUN luks2-invalid-json-size-c2.img "F" "Failed to detect mismatching json size in config and binary hdr"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-32k.img "R" "Valid 32KiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-64k.img "R" "Valid 64KiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-64k-inv-area-c0.img "F" "Failed to detect keyslot area trespassing in json area"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-64k-inv-area-c1.img "F" "Failed to detect keyslot area overflowing keyslots area"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-64k-inv-keyslots-size-c0.img "F" "Failed to detect keyslots size overflowing in data area"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-128k.img "R" "Valid 128KiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-256k.img "R" "Valid 256KiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-512k.img "R" "Valid 512KiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-1m.img "R" "Valid 1MiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-2m.img "R" "Valid 2MiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-4m.img "R" "Valid 4MiB metadata size failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-16k-secondary.img "R" "Valid 16KiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-32k-secondary.img "R" "Valid 32KiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-64k-secondary.img "R" "Valid 64KiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-128k-secondary.img "R" "Valid 128KiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-256k-secondary.img "R" "Valid 256KiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-512k-secondary.img "R" "Valid 512KiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-1m-secondary.img "R" "Valid 1MiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-2m-secondary.img "R" "Valid 2MiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
RUN luks2-metadata-size-4m-secondary.img "R" "Valid 4MiB metadata size in secondary hdr failed to validate"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
remove_mapping
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
test $FAILS -eq 0 || fail "($FAILS wrong result(s) in total)"
|