summaryrefslogtreecommitdiffstats
path: root/tests/api-test-2.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 08:06:26 +0000
commit1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5 (patch)
tree6cf8220b628ebd2ccfc1375dd6516c6996e9abcc /tests/api-test-2.c
parentInitial commit. (diff)
downloadcryptsetup-1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5.tar.xz
cryptsetup-1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5.zip
Adding upstream version 2:2.6.1.upstream/2%2.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/api-test-2.c')
-rw-r--r--tests/api-test-2.c5139
1 files changed, 5139 insertions, 0 deletions
diff --git a/tests/api-test-2.c b/tests/api-test-2.c
new file mode 100644
index 0000000..824ae65
--- /dev/null
+++ b/tests/api-test-2.c
@@ -0,0 +1,5139 @@
+/*
+ * cryptsetup library LUKS2 API check functions
+ *
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2016-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <signal.h>
+#include <sys/stat.h>
+#include <inttypes.h>
+#include <sys/types.h>
+#ifdef KERNEL_KEYRING
+#include <linux/keyctl.h>
+#include <sys/syscall.h>
+#ifndef HAVE_KEY_SERIAL_T
+#define HAVE_KEY_SERIAL_T
+#include <stdint.h>
+typedef int32_t key_serial_t;
+#endif
+#endif
+
+#include "api_test.h"
+#include "luks1/luks.h"
+#include "libcryptsetup.h"
+
+#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
+#define DEVICE_EMPTY_name "crypt_zero"
+#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
+#define DEVICE_ERROR_name "crypt_error"
+#define DEVICE_ERROR DMDIR DEVICE_ERROR_name
+
+#define CDEVICE_1 "ctest1"
+#define CDEVICE_2 "ctest2"
+#define CDEVICE_WRONG "O_o"
+#define H_DEVICE "head_ok"
+#define H_DEVICE_WRONG "head_wr"
+#define L_DEVICE_1S "luks_onesec"
+#define L_DEVICE_0S "luks_zerosec"
+#define L_DEVICE_WRONG "luks_wr"
+#define L_DEVICE_OK "luks_ok"
+#define REQS_LUKS2_HEADER "luks2_header_requirements"
+#define NO_REQS_LUKS2_HEADER "luks2_header_requirements_free"
+#define BACKUP_FILE "csetup_backup_file"
+#define IMAGE1 "compatimage2.img"
+#define IMAGE_EMPTY "empty.img"
+#define IMAGE_EMPTY_SMALL "empty_small.img"
+#define IMAGE_EMPTY_SMALL_2 "empty_small2.img"
+#define IMAGE_PV_LUKS2_SEC "blkid-luks2-pv.img"
+
+#define KEYFILE1 "key1.file"
+#define KEY1 "compatkey"
+
+#define KEYFILE2 "key2.file"
+#define KEY2 "0123456789abcdef"
+
+#define PASSPHRASE "blablabl"
+#define PASSPHRASE1 "albalbal"
+
+#define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc"
+
+#define DEVICE_WRONG "/dev/Ooo_"
+#define DEVICE_CHAR "/dev/zero"
+#define THE_LFILE_TEMPLATE "cryptsetup-tstlp.XXXXXX"
+
+#define KEY_DESC_TEST0 "cs_token_test:test_key0"
+#define KEY_DESC_TEST1 "cs_token_test:test_key1"
+
+#define CONV_DIR "conversion_imgs"
+#define CONV_L1_128 "l1_128b"
+#define CONV_L1_256 "l1_256b"
+#define CONV_L1_512 "l1_512b"
+#define CONV_L2_128 "l2_128b"
+#define CONV_L2_128_FULL "l2_128b_full"
+#define CONV_L2_256 "l2_256b"
+#define CONV_L2_256_FULL "l2_256b_full"
+#define CONV_L2_512 "l2_512b"
+#define CONV_L2_512_FULL "l2_512b_full"
+#define CONV_L1_128_DET "l1_128b_det"
+#define CONV_L1_256_DET "l1_256b_det"
+#define CONV_L1_512_DET "l1_512b_det"
+#define CONV_L2_128_DET "l2_128b_det"
+#define CONV_L2_128_DET_FULL "l2_128b_det_full"
+#define CONV_L2_256_DET "l2_256b_det"
+#define CONV_L2_256_DET_FULL "l2_256b_det_full"
+#define CONV_L2_512_DET "l2_512b_det"
+#define CONV_L2_512_DET_FULL "l2_512b_det_full"
+#define CONV_L1_256_LEGACY "l1_256b_legacy_offset"
+#define CONV_L1_256_UNMOVABLE "l1_256b_unmovable"
+#define PASS0 "aaablabl"
+#define PASS1 "hhhblabl"
+#define PASS2 "cccblabl"
+#define PASS3 "dddblabl"
+#define PASS4 "eeeblabl"
+#define PASS5 "fffblabl"
+#define PASS6 "gggblabl"
+#define PASS7 "bbbblabl"
+#define PASS8 "iiiblabl"
+
+static int _fips_mode = 0;
+
+static char *DEVICE_1 = NULL;
+static char *DEVICE_2 = NULL;
+static char *DEVICE_3 = NULL;
+static char *DEVICE_4 = NULL;
+static char *DEVICE_5 = NULL;
+static char *DEVICE_6 = NULL;
+
+static char *tmp_file_1 = NULL;
+static char *test_loop_file = NULL;
+
+unsigned int test_progress_steps;
+
+struct crypt_device *cd = NULL, *cd2 = NULL;
+
+static const char *default_luks1_hash = NULL;
+static uint32_t default_luks1_iter_time = 0;
+
+static const char *default_luks2_pbkdf = NULL;
+static uint32_t default_luks2_iter_time = 0;
+static uint32_t default_luks2_memory_kb = 0;
+static uint32_t default_luks2_parallel_threads = 0;
+
+static struct crypt_pbkdf_type min_pbkdf2 = {
+ .type = "pbkdf2",
+ .iterations = 1000,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+}, min_argon2 = {
+ .type = "argon2id",
+ .iterations = 4,
+ .max_memory_kb = 32,
+ .parallel_threads = 1,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+};
+
+// Helpers
+
+static unsigned cpus_online(void)
+{
+ static long r = -1;
+
+ if (r < 0) {
+ r = sysconf(_SC_NPROCESSORS_ONLN);
+ if (r < 0)
+ r = 1;
+ }
+
+ return r;
+}
+
+static uint32_t adjusted_pbkdf_memory(void)
+{
+ long pagesize = sysconf(_SC_PAGESIZE);
+ long pages = sysconf(_SC_PHYS_PAGES);
+ uint64_t memory_kb;
+
+ if (pagesize <= 0 || pages <= 0)
+ return default_luks2_memory_kb;
+
+ memory_kb = pagesize / 1024 * pages / 2;
+
+ if (memory_kb < default_luks2_memory_kb)
+ return (uint32_t)memory_kb;
+
+ return default_luks2_memory_kb;
+}
+
+static unsigned _min(unsigned a, unsigned b)
+{
+ return a < b ? a : b;
+}
+
+static int get_luks2_offsets(int metadata_device,
+ unsigned int alignpayload_sec,
+ unsigned int sector_size,
+ uint64_t *r_header_size,
+ uint64_t *r_payload_offset)
+{
+ struct crypt_device *cd = NULL;
+ static uint64_t default_header_size = 0;
+
+ if (r_header_size)
+ *r_header_size = 0;
+ if (r_payload_offset)
+ *r_payload_offset = 0;
+
+ if (!default_header_size) {
+ if (crypt_init(&cd, THE_LOOP_DEV))
+ return -EINVAL;
+ if (crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL)) {
+ crypt_free(cd);
+ return -EINVAL;
+ }
+
+ default_header_size = crypt_get_data_offset(cd);
+
+ crypt_free(cd);
+ }
+
+ if (!sector_size)
+ sector_size = 512; /* default? */
+
+ if ((sector_size % 512) && (sector_size % 4096))
+ return -1;
+
+ if (r_payload_offset) {
+ if (metadata_device)
+ *r_payload_offset = alignpayload_sec * sector_size;
+ else
+ *r_payload_offset = DIV_ROUND_UP_MODULO(default_header_size * 512, (alignpayload_sec ?: 1) * sector_size);
+
+ *r_payload_offset /= sector_size;
+ }
+
+ if (r_header_size)
+ *r_header_size = default_header_size;
+
+ return 0;
+}
+
+static bool get_luks_pbkdf_defaults(void)
+{
+ const struct crypt_pbkdf_type *pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS1);
+
+ if (!pbkdf_defaults)
+ return false;
+
+ default_luks1_hash = pbkdf_defaults->hash;
+ default_luks1_iter_time = pbkdf_defaults->time_ms;
+
+ pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS2);
+ if (!pbkdf_defaults)
+ return false;
+
+ default_luks2_pbkdf = pbkdf_defaults->type;
+ default_luks2_iter_time = pbkdf_defaults->time_ms;
+ default_luks2_memory_kb = pbkdf_defaults->max_memory_kb;
+ default_luks2_parallel_threads = pbkdf_defaults->parallel_threads;
+
+ return true;
+}
+
+static void _remove_keyfiles(void)
+{
+ remove(KEYFILE1);
+ remove(KEYFILE2);
+}
+
+#if HAVE_DECL_DM_TASK_RETRY_REMOVE
+#define DM_RETRY "--retry "
+#else
+#define DM_RETRY ""
+#endif
+
+#define DM_NOSTDERR " 2>/dev/null"
+
+static void _cleanup_dmdevices(void)
+{
+ struct stat st;
+
+ if (!stat(DMDIR H_DEVICE, &st))
+ _system("dmsetup remove " DM_RETRY H_DEVICE DM_NOSTDERR, 0);
+
+ if (!stat(DMDIR H_DEVICE_WRONG, &st))
+ _system("dmsetup remove " DM_RETRY H_DEVICE_WRONG DM_NOSTDERR, 0);
+
+ if (!stat(DMDIR L_DEVICE_0S, &st))
+ _system("dmsetup remove " DM_RETRY L_DEVICE_0S DM_NOSTDERR, 0);
+
+ if (!stat(DMDIR L_DEVICE_1S, &st))
+ _system("dmsetup remove " DM_RETRY L_DEVICE_1S DM_NOSTDERR, 0);
+
+ if (!stat(DMDIR L_DEVICE_WRONG, &st))
+ _system("dmsetup remove " DM_RETRY L_DEVICE_WRONG DM_NOSTDERR, 0);
+
+ if (!stat(DMDIR L_DEVICE_OK, &st))
+ _system("dmsetup remove " DM_RETRY L_DEVICE_OK DM_NOSTDERR, 0);
+
+ t_dev_offset = 0;
+}
+
+static void _cleanup(void)
+{
+ struct stat st;
+
+ CRYPT_FREE(cd);
+ CRYPT_FREE(cd2);
+
+ //_system("udevadm settle", 0);
+
+ if (!stat(DMDIR CDEVICE_1, &st))
+ _system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0);
+
+ if (!stat(DMDIR CDEVICE_2, &st))
+ _system("dmsetup remove " DM_RETRY CDEVICE_2 DM_NOSTDERR, 0);
+
+ if (!stat(DEVICE_EMPTY, &st))
+ _system("dmsetup remove " DM_RETRY DEVICE_EMPTY_name DM_NOSTDERR, 0);
+
+ if (!stat(DEVICE_ERROR, &st))
+ _system("dmsetup remove " DM_RETRY DEVICE_ERROR_name DM_NOSTDERR, 0);
+
+ _cleanup_dmdevices();
+
+ if (loop_device(THE_LOOP_DEV))
+ loop_detach(THE_LOOP_DEV);
+
+ if (loop_device(DEVICE_1))
+ loop_detach(DEVICE_1);
+
+ if (loop_device(DEVICE_2))
+ loop_detach(DEVICE_2);
+
+ if (loop_device(DEVICE_3))
+ loop_detach(DEVICE_3);
+
+ if (loop_device(DEVICE_4))
+ loop_detach(DEVICE_4);
+
+ if (loop_device(DEVICE_5))
+ loop_detach(DEVICE_5);
+
+ if (loop_device(DEVICE_6))
+ loop_detach(DEVICE_6);
+
+ _system("rm -f " IMAGE_EMPTY, 0);
+ _system("rm -f " IMAGE1, 0);
+ _system("rm -rf " CONV_DIR, 0);
+
+ if (test_loop_file)
+ remove(test_loop_file);
+ if (tmp_file_1)
+ remove(tmp_file_1);
+
+ remove(REQS_LUKS2_HEADER);
+ remove(NO_REQS_LUKS2_HEADER);
+ remove(BACKUP_FILE);
+ remove(IMAGE_PV_LUKS2_SEC);
+ remove(IMAGE_PV_LUKS2_SEC ".bcp");
+ remove(IMAGE_EMPTY_SMALL);
+ remove(IMAGE_EMPTY_SMALL_2);
+
+ _remove_keyfiles();
+
+ free(tmp_file_1);
+ free(test_loop_file);
+ free(THE_LOOP_DEV);
+ free(DEVICE_1);
+ free(DEVICE_2);
+ free(DEVICE_3);
+ free(DEVICE_4);
+ free(DEVICE_5);
+ free(DEVICE_6);
+}
+
+static int _setup(void)
+{
+ int fd, ro = 0;
+ char cmd[128];
+
+ test_loop_file = strdup(THE_LFILE_TEMPLATE);
+ if (!test_loop_file)
+ return 1;
+
+ if ((fd=mkstemp(test_loop_file)) == -1) {
+ printf("cannot create temporary file with template %s\n", test_loop_file);
+ return 1;
+ }
+ close(fd);
+ if (snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
+ test_loop_file, TST_SECTOR_SIZE, TST_LOOP_FILE_SIZE) < 0)
+ return 1;
+ if (_system(cmd, 1))
+ return 1;
+
+ fd = loop_attach(&THE_LOOP_DEV, test_loop_file, 0, 0, &ro);
+ close(fd);
+
+ tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
+ if (!tmp_file_1)
+ return 1;
+
+ if ((fd=mkstemp(tmp_file_1)) == -1) {
+ printf("cannot create temporary file with template %s\n", tmp_file_1);
+ return 1;
+ }
+ close(fd);
+ if (snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
+ tmp_file_1, TST_SECTOR_SIZE, 10) < 0)
+ return 1;
+ if (_system(cmd, 1))
+ return 1;
+
+ _system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1);
+ _system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1);
+
+ if (t_set_readahead(DEVICE_ERROR, 0))
+ printf("cannot set read ahead on device %s\n", DEVICE_ERROR);
+
+ _system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1);
+ fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro);
+ close(fd);
+
+ _system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=32 2>/dev/null", 1);
+ fd = loop_attach(&DEVICE_2, IMAGE_EMPTY, 0, 0, &ro);
+ close(fd);
+
+ _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL " bs=1M count=7 2>/dev/null", 1);
+
+ _system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1);
+
+ _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && tar xJf " REQS_LUKS2_HEADER ".tar.xz", 1);
+ fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro);
+ close(fd);
+
+ _system(" [ ! -e " REQS_LUKS2_HEADER " ] && tar xJf " REQS_LUKS2_HEADER ".tar.xz", 1);
+ fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro);
+ close(fd);
+
+ _system(" [ ! -e " IMAGE_PV_LUKS2_SEC " ] && xz -dk " IMAGE_PV_LUKS2_SEC ".xz", 1);
+ _system(" [ ! -e " IMAGE_PV_LUKS2_SEC ".bcp ] && cp " IMAGE_PV_LUKS2_SEC " " IMAGE_PV_LUKS2_SEC ".bcp", 1);
+ fd = loop_attach(&DEVICE_6, IMAGE_PV_LUKS2_SEC, 0, 0, &ro);
+ close(fd);
+
+ _system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/null", 1);
+
+ if (_system("modprobe dm-crypt >/dev/null 2>&1", 1))
+ return 1;
+
+ if (t_dm_check_versions())
+ return 1;
+
+ _system("rmmod dm-crypt >/dev/null 2>&1", 0);
+
+ _fips_mode = fips_mode();
+ if (_debug)
+ printf("FIPS MODE: %d\n", _fips_mode);
+
+ /* Use default log callback */
+ crypt_set_log_callback(NULL, &global_log_callback, NULL);
+
+ if (!get_luks_pbkdf_defaults())
+ return 1;
+
+ min_pbkdf2.hash = min_argon2.hash = default_luks1_hash;
+
+ return 0;
+}
+
+static int set_fast_pbkdf(struct crypt_device *cd)
+{
+ const struct crypt_pbkdf_type *pbkdf = &min_argon2;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode)
+ pbkdf = &min_pbkdf2;
+
+ return crypt_set_pbkdf_type(cd, pbkdf);
+}
+
+#ifdef KERNEL_KEYRING
+static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring)
+{
+ return syscall(__NR_add_key, type, description, payload, plen, keyring);
+}
+
+static key_serial_t keyctl_unlink(key_serial_t key, key_serial_t keyring)
+{
+ return syscall(__NR_keyctl, KEYCTL_UNLINK, key, keyring);
+}
+
+static key_serial_t request_key(const char *type,
+ const char *description,
+ const char *callout_info,
+ key_serial_t keyring)
+{
+ return syscall(__NR_request_key, type, description, callout_info, keyring);
+}
+
+static key_serial_t _kernel_key_by_segment(struct crypt_device *cd, int segment)
+{
+ char key_description[1024];
+
+ if (snprintf(key_description, sizeof(key_description), "cryptsetup:%s-d%u", crypt_get_uuid(cd), segment) < 1)
+ return -1;
+
+ return request_key("logon", key_description, NULL, 0);
+}
+
+static int _volume_key_in_keyring(struct crypt_device *cd, int segment)
+{
+ return _kernel_key_by_segment(cd, segment) >= 0 ? 0 : -1;
+}
+
+static int _drop_keyring_key(struct crypt_device *cd, int segment)
+{
+ key_serial_t kid = _kernel_key_by_segment(cd, segment);
+
+ if (kid < 0)
+ return -1;
+
+ return keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING);
+}
+#endif
+
+static int test_open(struct crypt_device *cd __attribute__((unused)),
+ int token __attribute__((unused)),
+ char **buffer,
+ size_t *buffer_len,
+ void *usrptr)
+{
+ const char *str = (const char *)usrptr;
+
+ *buffer = strdup(str);
+ if (!*buffer)
+ return -ENOMEM;
+ *buffer_len = strlen(*buffer);
+
+ return 0;
+}
+
+static int test_validate(struct crypt_device *cd __attribute__((unused)), const char *json)
+{
+ return (strstr(json, "magic_string") == NULL);
+}
+
+static void UseLuks2Device(void)
+{
+ char key[128];
+ size_t key_size;
+
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
+ OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+ FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
+
+#if KERNEL_KEYRING
+ // repeat previous tests and check kernel keyring is released when not needed
+ if (t_dm_crypt_keyring_support()) {
+ OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+ FAIL_(_drop_keyring_key(cd, 0), "");
+ OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), CRYPT_ACTIVATE_KEYRING_KEY));
+ OK_(_drop_keyring_key(cd, 0));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+ OK_(_drop_keyring_key(cd, 0));
+ FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
+ FAIL_(_volume_key_in_keyring(cd, 0), "");
+ OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ FAIL_(_volume_key_in_keyring(cd, 0), "");
+ }
+#endif
+
+ key_size = 16;
+ OK_(strcmp("aes", crypt_get_cipher(cd)));
+ OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));
+ OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));
+ EQ_((int)key_size, crypt_get_volume_key_size(cd));
+ EQ_(8192, crypt_get_data_offset(cd));
+
+ EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
+ OK_(crypt_volume_key_verify(cd, key, key_size));
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ key[1] = ~key[1];
+ FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
+
+ CRYPT_FREE(cd);
+}
+
+static void SuspendDevice(void)
+{
+ struct crypt_active_device cad;
+ char key[128];
+ size_t key_size;
+ int suspend_status;
+ uint64_t r_payload_offset;
+
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+
+ suspend_status = crypt_suspend(cd, CDEVICE_1);
+ if (suspend_status == -ENOTSUP) {
+ printf("WARNING: Suspend/Resume not supported, skipping test.\n");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+ return;
+ }
+
+ OK_(suspend_status);
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+#ifdef KERNEL_KEYRING
+ FAIL_(_volume_key_in_keyring(cd, 0), "");
+#endif
+ FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
+
+ FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
+ OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
+ FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
+
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+
+ OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
+ OK_(crypt_suspend(cd, CDEVICE_1));
+ FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
+ FAIL_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key");
+ OK_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0));
+ FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ /* create LUKS device with detached header */
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_data_device(cd, DEVICE_2));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+ CRYPT_FREE(cd);
+
+ /* Should be able to suspend but not resume if not header specified */
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+ OK_(crypt_suspend(cd, CDEVICE_1));
+ FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
+ FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header");
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_1));
+ OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
+
+ /* Resume by volume key */
+ OK_(crypt_suspend(cd, CDEVICE_1));
+ key_size = sizeof(key);
+ memset(key, 0, key_size);
+ FAIL_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size), "wrong key");
+ OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
+ OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
+
+ /* Resume device with cipher_null */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ OK_(crypt_suspend(cd, CDEVICE_1));
+ OK_(crypt_resume_by_volume_key(cd, CDEVICE_1, key, key_size));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+ OK_(crypt_suspend(cd, CDEVICE_1));
+ OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ _remove_keyfiles();
+ _cleanup_dmdevices();
+}
+
+static void AddDeviceLuks2(void)
+{
+ enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 };
+ struct crypt_pbkdf_type pbkdf = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha256",
+ .parallel_threads = 4,
+ .max_memory_kb = 1024,
+ .time_ms = 1
+ }, pbkdf_tmp;
+ struct crypt_params_luks2 params = {
+ .pbkdf = &pbkdf,
+ .data_device = DEVICE_2,
+ .sector_size = 512
+ };
+ char key[128], key2[128], key3[128];
+
+ const char *tmp_buf, *passphrase = PASSPHRASE, *passphrase2 = "nsdkFI&Y#.sd";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset, r_header_size, r_size_1;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ }
+
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key3, vk_hex2, key_size);
+
+ // init test devices
+ OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1));
+
+
+ // format
+ OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
+ params.data_alignment = 0;
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Not enough space for keyslots material");
+ CRYPT_FREE(cd);
+
+ // test payload_offset = 0 for encrypted device with external header device
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ EQ_(crypt_get_data_offset(cd), 0);
+ CRYPT_FREE(cd);
+
+ params.data_alignment = 0;
+ params.data_device = NULL;
+
+ // test payload_offset = 0. format() should look up alignment offset from device topology
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(!(crypt_get_data_offset(cd) > 0));
+ CRYPT_FREE(cd);
+
+ // set_data_offset has priority, alignment must be 0 or must be compatible
+ params.data_alignment = 0;
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_set_data_offset(cd, OFFSET_8M));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ EQ_(crypt_get_data_offset(cd), OFFSET_8M);
+ CRYPT_FREE(cd);
+
+ // Load gets the value from metadata
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(crypt_set_data_offset(cd, OFFSET_2M));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), OFFSET_8M);
+ CRYPT_FREE(cd);
+
+ params.data_alignment = OFFSET_4M;
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
+ FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k
+ OK_(crypt_set_data_offset(cd, OFFSET_2M));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Alignment not compatible");
+ OK_(crypt_set_data_offset(cd, OFFSET_4M));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ EQ_(crypt_get_data_offset(cd), OFFSET_4M);
+ CRYPT_FREE(cd);
+
+ /*
+ * test limit values for backing device size
+ */
+ params.data_alignment = OFFSET_4M;
+ OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
+ OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1));
+
+ // 1 sector less than required
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG));
+ OK_(set_fast_pbkdf(cd));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device too small");
+ CRYPT_FREE(cd);
+
+ // 0 sectors for encrypted area
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Encrypted area too small");
+ CRYPT_FREE(cd);
+
+ // 1 sector for encrypted area
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ EQ_(crypt_get_data_offset(cd), r_payload_offset);
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1));
+ EQ_(r_size_1, TST_SECTOR_SIZE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
+ // restrict format only to empty context
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted");
+ // change data device to wrong one
+ OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
+ OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ params.data_alignment = 0;
+ params.data_device = DEVICE_2;
+
+ // generate keyslot material at the end of luks header
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ EQ_((int)key_size, crypt_get_volume_key_size(cd));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
+
+ OK_(crypt_keyslot_get_pbkdf(cd, 7, &pbkdf_tmp));
+ OK_(strcmp(pbkdf_tmp.type, pbkdf.type));
+ if (!_fips_mode) {
+ NULL_(pbkdf_tmp.hash);
+ OK_(!(pbkdf_tmp.max_memory_kb >= 32));
+ OK_(!(pbkdf_tmp.parallel_threads >= 1));
+ } else
+ OK_(strcmp(pbkdf_tmp.hash, pbkdf.hash));
+ OK_(!(pbkdf_tmp.iterations >= 4));
+ EQ_(0, pbkdf_tmp.time_ms); /* not usable in per-keyslot call */
+
+ CRYPT_FREE(cd);
+ OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ CRYPT_FREE(cd);
+ // check active status without header
+ OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL));
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ NULL_(crypt_get_type(cd));
+ OK_(strcmp(cipher, crypt_get_cipher(cd)));
+ OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
+ EQ_((int)key_size, crypt_get_volume_key_size(cd));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ params.data_alignment = OFFSET_1M;
+ params.data_device = NULL;
+
+ // test uuid mismatch and _init_by_name_and_header
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ EQ_(0, crypt_header_is_detached(cd));
+ CRYPT_FREE(cd);
+ params.data_alignment = 0;
+ params.data_device = DEVICE_2;
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ CRYPT_FREE(cd);
+ // there we've got uuid mismatch
+ OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ NULL_(crypt_get_type(cd));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device is active");
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active");
+ EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_header_is_detached(cd), 1);
+ CRYPT_FREE(cd);
+
+ params.data_device = NULL;
+
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+
+ // even with no keyslots defined it can be activated by volume key
+ OK_(crypt_volume_key_verify(cd, key, key_size));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
+ GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_2));
+
+ // now with keyslot
+ EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
+ EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
+ EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
+ GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_2));
+
+ EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
+ OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
+ OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
+ EQ_(2, crypt_keyslot_add_by_keyfile(cd, 2, KEYFILE1, 0, KEYFILE2, 0));
+ FAIL_(crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 1, KEYFILE2, 0, 1), "wrong key");
+ EQ_(3, crypt_keyslot_add_by_keyfile_offset(cd, 3, KEYFILE1, 0, 0, KEYFILE2, 0, 1));
+ EQ_(4, crypt_keyslot_add_by_keyfile_offset(cd, 4, KEYFILE2, 0, 1, KEYFILE1, 0, 1));
+ FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
+ EQ_(2, crypt_activate_by_keyfile(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
+ EQ_(3, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE2, 0, 1, 0));
+ EQ_(4, crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, 1, 0));
+ FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2), 2, 0), "not enough data");
+ FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, strlen(KEY2) + 1, 0), "cannot seek");
+ FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 2, 0), "wrong key");
+ EQ_(2, crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, 0));
+ OK_(crypt_keyslot_destroy(cd, 1));
+ OK_(crypt_keyslot_destroy(cd, 2));
+ OK_(crypt_keyslot_destroy(cd, 3));
+ OK_(crypt_keyslot_destroy(cd, 4));
+ OK_(crypt_deactivate(cd, CDEVICE_2));
+ _remove_keyfiles();
+
+ FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
+ key[1] = ~key[1];
+ FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
+ key[1] = ~key[1];
+ EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase2, strlen(passphrase2)));
+ EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
+
+ FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
+ FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
+ FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
+ OK_(crypt_keyslot_destroy(cd, 7));
+ EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
+ EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
+
+ EQ_(6, crypt_keyslot_change_by_passphrase(cd, 6, CRYPT_ANY_SLOT, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
+ EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
+ EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
+ EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
+ EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
+ EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
+
+ EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
+ OK_(crypt_volume_key_verify(cd, key2, key_size));
+ OK_(memcmp(key, key2, key_size));
+
+ OK_(strcmp(cipher, crypt_get_cipher(cd)));
+ OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
+ EQ_((int)key_size, crypt_get_volume_key_size(cd));
+ EQ_(r_payload_offset, crypt_get_data_offset(cd));
+ OK_(strcmp(DEVICE_2, crypt_get_device_name(cd)));
+
+ reset_log();
+ OK_(crypt_dump(cd));
+ OK_(!(global_lines != 0));
+ reset_log();
+
+ FAIL_(crypt_dump_json(cd, NULL, 42), "flags be used later");
+ OK_(crypt_dump_json(cd, NULL, 0));
+ OK_(!(global_lines != 0));
+ reset_log();
+ OK_(crypt_dump_json(cd, &tmp_buf, 0));
+ OK_(!(tmp_buf && strlen(tmp_buf) != 0));
+
+ FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format");
+ OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID));
+ OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd)));
+
+ FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
+ CRYPT_FREE(cd);
+ _cleanup_dmdevices();
+
+ /* LUKSv2 format tests */
+
+ /* very basic test */
+ OK_(crypt_init(&cd, DEVICE_2));
+ crypt_set_iteration_time(cd, 1);
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 0, NULL), "Wrong key size");
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
+ CRYPT_FREE(cd);
+ /* some invalid parameters known to cause troubles */
+ OK_(crypt_init(&cd, DEVICE_2));
+ crypt_set_iteration_time(cd, 0); /* wrong for argon2 but we don't know the pbkdf type yet, ignored */
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, NULL));
+ FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
+ FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
+ CRYPT_FREE(cd);
+
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 3);
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0");
+ CRYPT_FREE(cd);
+
+ /*
+ * Check regression in getting keyslot encryption parameters when
+ * volume key size is unknown (no active keyslots).
+ */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ /* drop context copy of volume key */
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ OK_(crypt_keyslot_destroy(cd, 0));
+ OK_(set_fast_pbkdf(cd));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void Luks2MetadataSize(void)
+{
+ struct crypt_pbkdf_type pbkdf = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha256",
+ .parallel_threads = 1,
+ .max_memory_kb = 128,
+ .iterations = 4,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+ };
+ struct crypt_params_luks2 params = {
+ .pbkdf = &pbkdf,
+ .data_device = DEVICE_2,
+ .sector_size = 512
+ };
+ char key[128], tmp[128];
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_header_size, default_mdata_size, default_keyslots_size, mdata_size,
+ keyslots_size, r_header_wrong_size = 14336;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ pbkdf.iterations = 1000;
+ }
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ // init test devices
+ OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_wrong_size)); /* 7 MiBs only */
+ //default metadata sizes
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, 0);
+ EQ_(keyslots_size, 0);
+ OK_(crypt_set_metadata_size(cd, 0, 0));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, 0);
+ EQ_(keyslots_size, 0);
+ OK_(crypt_set_metadata_size(cd, 0x004000, 0x004000));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, 0x004000);
+ EQ_(keyslots_size, 0x004000);
+ OK_(crypt_set_metadata_size(cd, 0x008000, 0x008000));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, 0x008000);
+ EQ_(keyslots_size, 0x008000);
+ FAIL_(crypt_set_metadata_size(cd, 0x008001, 0x008000), "Wrong size");
+ FAIL_(crypt_set_metadata_size(cd, 0x008000, 0x008001), "Wrong size");
+ CRYPT_FREE(cd);
+
+ // metadata settings
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_metadata_size(cd, 0x080000, 0x080000));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, 0x080000);
+ EQ_(keyslots_size, 0x080000);
+ CRYPT_FREE(cd);
+ // default
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_get_metadata_size(cd, &default_mdata_size, &default_keyslots_size));
+ EQ_(default_mdata_size, 0x04000);
+ EQ_(default_keyslots_size, (r_header_size * 512) - 2 * 0x04000);
+ CRYPT_FREE(cd);
+ // check keyslots size calculation is correct
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_metadata_size(cd, 0x80000, 0));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, 0x80000);
+ EQ_(keyslots_size, (r_header_size * 512) - 2 * 0x80000);
+ CRYPT_FREE(cd);
+
+ // various metadata size checks combined with data offset
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size + 4096));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device is too small.");
+ OK_(crypt_set_metadata_size(cd, 0x20000, (r_header_size * 512) - 2 * 0x20000 + 4096));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device is too small.");
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_metadata_size(cd, 0x80000, 0));
+ OK_(crypt_set_data_offset(cd, 0x80000 / 512 - 8));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Data offset is too small.");
+ CRYPT_FREE(cd);
+
+ // H_DEVICE_WRONG size is 7MiB
+ OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, default_mdata_size);
+ EQ_(keyslots_size, (r_header_wrong_size * 512) - 2 * default_mdata_size);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
+ OK_(crypt_set_metadata_size(cd, 0x400000, 0));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Device is too small.");
+ CRYPT_FREE(cd);
+
+ // IMAGE_EMPTY_SMALL size is 7MiB but now it's regulare file
+ OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, default_mdata_size);
+ EQ_(keyslots_size, default_keyslots_size);
+ EQ_(crypt_get_data_offset(cd), 0);
+ CRYPT_FREE(cd);
+
+ sprintf(tmp, "truncate -s %" PRIu64 " " IMAGE_EMPTY_SMALL, r_header_wrong_size * 512);
+ _system(tmp, 1);
+
+ // check explicit keyslots size and data offset are respected even with regular file mdevice
+ OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
+ OK_(crypt_set_metadata_size(cd, 0, default_keyslots_size));
+ OK_(crypt_set_data_offset(cd, r_header_size + 8));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
+ EQ_(mdata_size, default_mdata_size);
+ EQ_(keyslots_size, default_keyslots_size);
+ EQ_(crypt_get_data_offset(cd), r_header_size + 8);
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void UseTempVolumes(void)
+{
+ char tmp[256];
+
+ // Tepmporary device without keyslot but with on-disk LUKS header
+ OK_(crypt_init(&cd, DEVICE_2));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "not yet formatted");
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0));
+ GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init_by_name(&cd, CDEVICE_2));
+ OK_(crypt_deactivate(cd, CDEVICE_2));
+ CRYPT_FREE(cd);
+
+ // Dirty checks: device without UUID
+ // we should be able to remove it but not manipulate with it
+ GE_(snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
+ "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
+ "%s 2048\"", CDEVICE_2, DEVICE_2), 0);
+ _system(tmp, 1);
+ OK_(crypt_init_by_name(&cd, CDEVICE_2));
+ OK_(crypt_deactivate(cd, CDEVICE_2));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "No known device type");
+ CRYPT_FREE(cd);
+
+ // Dirty checks: device with UUID but LUKS header key fingerprint must fail)
+ GE_(snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
+ "0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
+ "%s 2048\" -u CRYPT-LUKS2-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-ctest1",
+ CDEVICE_2, DEVICE_2), 0);
+ _system(tmp, 1);
+ OK_(crypt_init_by_name(&cd, CDEVICE_2));
+ OK_(crypt_deactivate(cd, CDEVICE_2));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "wrong volume key");
+ CRYPT_FREE(cd);
+
+ // No slots
+ OK_(crypt_init(&cd, DEVICE_2));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, NULL, 0, 0), "volume key is lost");
+ CRYPT_FREE(cd);
+}
+
+static void Luks2HeaderRestore(void)
+{
+ char key[128];
+ struct crypt_pbkdf_type pbkdf = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha256",
+ .parallel_threads = 4,
+ .max_memory_kb = 1024,
+ .time_ms = 1
+ };
+ struct crypt_params_luks2 params = {
+ .pbkdf = &pbkdf,
+ .data_alignment = 8192, // 4M, data offset will be 4096
+ .sector_size = 512
+ };
+ struct crypt_params_plain pl_params = {
+ .hash = "sha256",
+ .skip = 0,
+ .offset = 0,
+ .size = 0
+ };
+ struct crypt_params_luks1 luks1 = {
+ .data_alignment = 8192, // 4M offset to pass alignment test
+ };
+ uint32_t flags = 0;
+
+ const char *vk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ }
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000));
+
+ // do not restore header over plain device
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, &pl_params));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ FAIL_(crypt_header_restore(cd, CRYPT_PLAIN, NO_REQS_LUKS2_HEADER), "Cannot restore header to PLAIN type device");
+ FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Cannot restore header over PLAIN type device");
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ // FIXME: does following test make a sense in LUKS2?
+ // volume key_size mismatch
+ // OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ // memcpy(key2, key, key_size / 2);
+ // OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key2, key_size / 2, &params));
+ // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Volume keysize mismatch");
+ // CRYPT_FREE(cd);
+
+ // payload offset mismatch
+ params.data_alignment = 8193;
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "Payload offset mismatch");
+ CRYPT_FREE(cd);
+ params.data_alignment = 4096;
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ // FIXME: either format has to fail or next line must be true
+ // EQ_(crypt_get_data_offset(cd), params.data_alignment);
+ // FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, VALID_LUKS2_HEADER), "Payload offset mismatch");
+ CRYPT_FREE(cd);
+
+ // do not allow restore over LUKS1 header on device
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &luks1));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ FAIL_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER), "LUKS1 format detected");
+ CRYPT_FREE(cd);
+
+ /* check crypt_header_restore() properly loads crypt_device context */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
+ OK_(crypt_header_restore(cd, CRYPT_LUKS2, NO_REQS_LUKS2_HEADER));
+ /* check LUKS2 specific API call returns non-error code */
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
+ EQ_(flags, 0);
+ /* same test, any LUKS */
+ OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 1*1024*1024, 1*1024*1024, 0, NULL, NULL));
+ OK_(crypt_header_restore(cd, CRYPT_LUKS, NO_REQS_LUKS2_HEADER));
+ /* check LUKS2 specific API call returns non-error code */
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
+ EQ_(flags, 0);
+
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void Luks2HeaderLoad(void)
+{
+ struct crypt_pbkdf_type pbkdf = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha256",
+ .parallel_threads = 4,
+ .max_memory_kb = 1024,
+ .time_ms = 1
+ };
+ struct crypt_params_luks2 params = {
+ .pbkdf = &pbkdf,
+ .data_alignment = 8192, // 4M, data offset will be 4096
+ .data_device = DEVICE_2,
+ .sector_size = 512
+ };
+ struct crypt_params_plain pl_params = {
+ .hash = "sha256",
+ .skip = 0,
+ .offset = 0,
+ .size = 0
+ };
+ char key[128], cmd[256];
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset, r_header_size, img_size;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ }
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ // hardcoded values for existing image IMAGE1
+ img_size = 8192;
+ // prepare test env
+ OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
+ // external header device
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ // prepared header on a device too small to contain header and payload
+ //OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
+ OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, img_size - 1));
+ GE_(snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32
+ " count=%" PRIu64 " 2>/dev/null", params.sector_size, img_size - 1), 0);
+ OK_(_system(cmd, 1));
+ // some device
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
+ // 1 sector device
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_header_size + 1));
+ // 0 sectors device for payload
+ OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_header_size));
+
+ // valid metadata and device size
+ params.data_alignment = 0;
+ params.data_device = DMDIR L_DEVICE_OK;
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(!crypt_get_metadata_device_name(cd));
+ EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(1, crypt_header_is_detached(cd));
+ CRYPT_FREE(cd);
+
+ // repeat with init with two devices
+ OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ CRYPT_FREE(cd);
+ OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(!crypt_get_metadata_device_name(cd));
+ EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
+ EQ_(1, crypt_header_is_detached(cd));
+ CRYPT_FREE(cd);
+
+ // bad header: device too small (payloadOffset > device_size)
+ OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
+ FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Device too small");
+ NULL_(crypt_get_type(cd));
+ CRYPT_FREE(cd);
+
+ // 0 secs for encrypted data area
+ params.data_alignment = 8192;
+ params.data_device = NULL;
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ CRYPT_FREE(cd);
+ // load should be ok
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
+ EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
+ CRYPT_FREE(cd);
+
+ // damaged header
+ OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8 2>/dev/null", 1));
+ OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 seek=32 count=8 2>/dev/null", 1));
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Header not found");
+ CRYPT_FREE(cd);
+
+ // plain device
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ FAIL_(crypt_load(cd, CRYPT_PLAIN, NULL), "Can't load nonLUKS device type");
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, &pl_params));
+ FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "Can't load over nonLUKS device type");
+ CRYPT_FREE(cd);
+
+ //LUKSv2 device
+ OK_(crypt_init(&cd, DEVICE_4));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DEVICE_4));
+ crypt_set_iteration_time(cd, 0); /* invalid for argon2 pbkdf, ignored */
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ CRYPT_FREE(cd);
+
+ /* check load sets proper device type */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ EQ_(strcmp(CRYPT_LUKS2, crypt_get_type(cd)), 0);
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void Luks2HeaderBackup(void)
+{
+ struct crypt_pbkdf_type pbkdf = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha256",
+ .parallel_threads = 4,
+ .max_memory_kb = 1024,
+ .time_ms = 1
+ };
+ struct crypt_params_luks2 params = {
+ .pbkdf = &pbkdf,
+ .data_alignment = 8192, // 4M, data offset will be 4096
+ .data_device = DEVICE_2,
+ .sector_size = 512
+ };
+ char key[128];
+ int fd, ro = O_RDONLY;
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset;
+
+ const char *passphrase = PASSPHRASE;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ }
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
+
+ // create LUKS device and backup the header
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0);
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ // restore header from backup
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(0, crypt_header_is_detached(cd));
+ CRYPT_FREE(cd);
+
+ // exercise luksOpen using backup header in file
+ OK_(crypt_init(&cd, BACKUP_FILE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(1, crypt_header_is_detached(cd));
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, BACKUP_FILE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ // exercise luksOpen using backup header on block device
+ fd = loop_attach(&DEVICE_3, BACKUP_FILE, 0, 0, &ro);
+ NOTFAIL_(fd, "Bad loop device.");
+ close(fd);
+ OK_(crypt_init(&cd, DEVICE_3));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DEVICE_3));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_OK));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void ResizeDeviceLuks2(void)
+{
+ struct crypt_pbkdf_type pbkdf = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha256",
+ .parallel_threads = 4,
+ .max_memory_kb = 1024,
+ .time_ms = 1
+ };
+ struct crypt_params_luks2 params = {
+ .pbkdf = &pbkdf,
+ .data_alignment = 8192, // 4M, data offset will be 4096
+ .sector_size = 512
+ };
+ char key[128];
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes", *capi_cipher = "capi:cbc(aes)";
+ const char *cipher_mode = "cbc-essiv:sha256", *capi_cipher_mode = "essiv:sha256";
+ uint64_t r_payload_offset, r_header_size, r_size;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ }
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ // prepare env
+ OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
+ OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
+ OK_(create_dmdevice_over_loop(L_DEVICE_0S, 1000));
+ OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 1000));
+
+ // test header and encrypted payload all in one device
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ // disable loading VKs in kernel keyring (compatible mode)
+ OK_(crypt_volume_key_keyring(cd, 0));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ OK_(crypt_resize(cd, CDEVICE_1, 42));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(42, r_size >> TST_SECTOR_SHIFT);
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ // autodetect encrypted device area size
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
+ FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ params.data_alignment = 0;
+ params.data_device = DMDIR L_DEVICE_0S;
+ // test case for external header
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ OK_(crypt_resize(cd, CDEVICE_1, 666));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(666, r_size >> TST_SECTOR_SHIFT);
+ // autodetect encrypted device size
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
+ FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+#ifdef KERNEL_KEYRING
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ // enable loading VKs in kernel keyring (default mode)
+ OK_(crypt_volume_key_keyring(cd, 1));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ // erase volume key from kernel keyring
+ if (t_dm_crypt_keyring_support())
+ OK_(_drop_keyring_key(cd, 0));
+ else
+ FAIL_(_drop_keyring_key(cd, 0), "key not found");
+ // same size is ok
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ // kernel fails to find the volume key in keyring
+ if (t_dm_crypt_keyring_support())
+ FAIL_(crypt_resize(cd, CDEVICE_1, 42), "Unable to find volume key in keyring");
+ else
+ OK_(crypt_resize(cd, CDEVICE_1, 42));
+ // test mode must not load vk in keyring
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+ if (t_dm_crypt_keyring_support())
+ FAIL_(crypt_resize(cd, CDEVICE_1, 44), "VK must be in keyring to perform resize");
+ else
+ OK_(crypt_resize(cd, CDEVICE_1, 44));
+ // reinstate the volume key in keyring
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
+ OK_(crypt_resize(cd, CDEVICE_1, 43));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(43, r_size >> TST_SECTOR_SHIFT);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ // check userspace gets hint volume key must be properly loaded in kernel keyring
+ if (t_dm_crypt_keyring_support())
+ EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
+ else
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ CRYPT_FREE(cd);
+
+ // same as above for handles initialised by name
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+ if (t_dm_crypt_keyring_support())
+ EQ_(crypt_resize(cd, CDEVICE_1, 0), -EPERM);
+ else
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+#endif
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, NULL, NULL));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+
+ /* create second LUKS2 device */
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
+ OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, &params));
+ OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
+ /* do not allow resize of other device */
+ FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ CRYPT_FREE(cd2);
+
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
+ OK_(crypt_set_pbkdf_type(cd2, &min_pbkdf2));
+ OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, NULL));
+ OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
+ FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ CRYPT_FREE(cd2);
+
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
+ OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, cipher_mode, NULL, key, key_size, NULL));
+ OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
+ FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ CRYPT_FREE(cd2);
+
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ if (t_dm_capi_string_supported()) {
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS2, capi_cipher, capi_cipher_mode, NULL, key, key_size, NULL));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ OK_(crypt_resize(cd, CDEVICE_1, 8));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(8, r_size >> TST_SECTOR_SHIFT);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+ }
+
+ _cleanup_dmdevices();
+}
+
+static void TokenActivationByKeyring(void)
+{
+#ifdef KERNEL_KEYRING
+ key_serial_t kid, kid1;
+ struct crypt_active_device cad;
+
+ const char *cipher = "aes";
+ const char *cipher_mode = "xts-plain64";
+
+ const struct crypt_token_params_luks2_keyring params = {
+ .key_description = KEY_DESC_TEST0
+ }, params2 = {
+ .key_description = KEY_DESC_TEST1
+ }, params_invalid = {};
+ uint64_t r_payload_offset;
+
+ if (!t_dm_crypt_keyring_support()) {
+ printf("WARNING: Kernel keyring not supported, skipping test.\n");
+ return;
+ }
+
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
+
+ // prepare the device
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ FAIL_(crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, &params_invalid), "Invalid key description property.");
+ EQ_(crypt_token_luks2_keyring_set(cd, 3, &params), 3);
+ EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3);
+ CRYPT_FREE(cd);
+
+ // test thread keyring key in token 0
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0);
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), "already open");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
+
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_PROCESS_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+
+ // add token 1 with process keyring key
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_token_json_set(cd, 3, NULL), 3);
+ EQ_(crypt_token_luks2_keyring_set(cd, 1, &params), 1);
+ EQ_(crypt_token_assign_keyslot(cd, 1, 0), 1);
+ CRYPT_FREE(cd);
+
+ // test process keyring key in token 1
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 0);
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), "already open");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_PROCESS_KEYRING), "Test or kernel keyring are broken.");
+
+ // create two tokens and let the cryptsetup unlock the volume with the valid one
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+
+ kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid1, "Test or kernel keyring are broken.");
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0);
+ EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
+ EQ_(crypt_token_luks2_keyring_set(cd, 1, &params2), 1);
+ FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist");
+ OK_(set_fast_pbkdf(cd));
+ EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1);
+ EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1);
+ CRYPT_FREE(cd);
+
+ // activate by specific token
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0);
+ if (t_dm_crypt_keyring_support()) {
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
+ }
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 1);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
+
+ // activate by any token with token 0 having absent pass from keyring
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
+ if (t_dm_crypt_keyring_support()) {
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
+ }
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+
+ // replace pass for keyslot 0 making token 0 invalid
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_keyslot_destroy(cd, 0));
+ OK_(set_fast_pbkdf(cd));
+ EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
+ CRYPT_FREE(cd);
+
+ // activate by any token with token 0 having wrong pass for keyslot 0
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ // create new device, with two tokens:
+ // 1st token being invalid (missing key in keyring)
+ // 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass)
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
+ EQ_(crypt_token_luks2_keyring_set(cd, 0, &params), 0);
+ EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
+ EQ_(crypt_token_luks2_keyring_set(cd, 2, &params2), 2);
+ EQ_(crypt_token_assign_keyslot(cd, 2, 1), 2);
+ CRYPT_FREE(cd);
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
+
+ kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid1, "Test or kernel keyring are broken.");
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+ _cleanup_dmdevices();
+#else
+ printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
+#endif
+}
+
+static void Tokens(void)
+{
+#define TEST_TOKEN_JSON(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
+ "\"key_length\":32,\"a_field\":\"magic_string\"}"
+
+#define TEST_TOKEN_JSON_INVALID(x) "{\"type\":\"test_token\",\"keyslots\":[" x "]," \
+ "\"key_length\":32}"
+
+#define TEST_TOKEN1_JSON(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
+ "\"key_length\":32,\"a_field\":\"magic_string\"}"
+
+#define TEST_TOKEN1_JSON_INVALID(x) "{\"type\":\"test_token1\",\"keyslots\":[" x "]," \
+ "\"key_length\":32}"
+
+#define BOGUS_TOKEN0_JSON "{\"type\":\"luks2-\",\"keyslots\":[]}"
+#define BOGUS_TOKEN1_JSON "{\"type\":\"luks2-a\",\"keyslots\":[]}"
+
+#define LUKS2_KEYRING_TOKEN_JSON(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
+ "\"key_description\":" y "}"
+
+#define LUKS2_KEYRING_TOKEN_JSON_BAD(x, y) "{\"type\":\"luks2-keyring\",\"keyslots\":[" x "]," \
+ "\"key_description\":" y ", \"some_field\":\"some_value\"}"
+
+
+ int ks, token_max;
+ const char *dummy;
+ const char *cipher = "aes";
+ const char *cipher_mode = "xts-plain64";
+ char passptr[] = PASSPHRASE;
+ char passptr1[] = PASSPHRASE1;
+ struct crypt_active_device cad;
+
+ static const crypt_token_handler th = {
+ .name = "test_token",
+ .open = test_open,
+ .validate = test_validate
+ }, th2 = {
+ .name = "test_token",
+ .open = test_open
+ }, th3 = {
+ .name = "test_token1",
+ .open = test_open,
+ .validate = test_validate
+ }, th_reserved = {
+ .name = "luks2-prefix",
+ .open = test_open
+ };
+
+ struct crypt_token_params_luks2_keyring params = {
+ .key_description = "desc"
+ };
+ uint64_t r_payload_offset;
+
+ OK_(crypt_token_register(&th));
+ FAIL_(crypt_token_register(&th2), "Token handler with the name already registered.");
+
+ FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix");
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
+
+ // basic token API tests
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID);
+ EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID);
+ EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_INACTIVE);
+ EQ_(crypt_token_status(cd, 31, NULL), CRYPT_TOKEN_INACTIVE);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
+ FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON_INVALID("\"0\"")), "Token validation failed");
+ EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN_JSON("\"0\"")), 0);
+ EQ_(crypt_token_status(cd, 0, NULL), CRYPT_TOKEN_EXTERNAL);
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), 0);
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr, 0), "already active");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ // write invalid token and verify that validate() can detect it after handler being registered
+ EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON_INVALID("\"1\"")), 1);
+ EQ_(crypt_token_status(cd, 1, NULL), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
+ EQ_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, TEST_TOKEN1_JSON("\"1\"")), 2);
+ EQ_(crypt_token_status(cd, 2, &dummy), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
+ OK_(strcmp(dummy, "test_token1"));
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Unknown token handler");
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Unknown token handler");
+ OK_(crypt_token_register(&th3));
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, passptr1, 0), "Token validation failed");
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), 1);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ // test crypt_token_json_get returns correct token id
+ EQ_(crypt_token_json_get(cd, 2, &dummy), 2);
+
+ // exercise assign/unassign keyslots API
+ EQ_(crypt_token_unassign_keyslot(cd, 2, 1), 2);
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Token assigned to no keyslot");
+ EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr1, 0), "Wrong passphrase");
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_token_json_set(cd, 1, NULL), 1);
+ FAIL_(crypt_token_json_get(cd, 1, &dummy), "Token is not there");
+ EQ_(crypt_token_unassign_keyslot(cd, 2, CRYPT_ANY_SLOT), 2);
+ EQ_(crypt_token_unassign_keyslot(cd, 0, CRYPT_ANY_SLOT), 0);
+
+ // various tests related to unassigned keyslot to volume segment
+ EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
+ EQ_(crypt_token_assign_keyslot(cd, 2, 0), 2);
+ EQ_(crypt_token_assign_keyslot(cd, 0, 3), 0);
+
+ EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
+ EQ_(crypt_activate_by_token(cd, NULL, 0, passptr1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
+ // FIXME: useless error message here (or missing one to be specific)
+ FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), "No volume key available in token keyslots");
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
+ OK_(crypt_token_is_assigned(cd, 0, 1));
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, passptr1, 0), 1);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ EQ_(crypt_token_assign_keyslot(cd, 2, 3), 2);
+ OK_(crypt_token_is_assigned(cd, 2, 3));
+ EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, 0), 0);
+ EQ_(crypt_activate_by_token(cd, CDEVICE_1, 2, passptr, 0), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+#ifdef KERNEL_KEYRING
+ if (t_dm_crypt_keyring_support()) {
+ EQ_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), 0);
+ OK_(_volume_key_in_keyring(cd, 0));
+ }
+ OK_(crypt_volume_key_keyring(cd, 0));
+#endif
+ FAIL_(crypt_activate_by_token(cd, NULL, 2, passptr, CRYPT_ACTIVATE_KEYRING_KEY), "Can't use keyring when disabled in library");
+ OK_(crypt_volume_key_keyring(cd, 1));
+
+ EQ_(crypt_token_luks2_keyring_set(cd, 5, &params), 5);
+ EQ_(crypt_token_status(cd, 5, &dummy), CRYPT_TOKEN_INTERNAL);
+ OK_(strcmp(dummy, "luks2-keyring"));
+
+ FAIL_(crypt_token_luks2_keyring_get(cd, 2, &params), "Token is not luks2-keyring type");
+
+ FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN0_JSON), "luks2- reserved prefix.");
+ FAIL_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, BOGUS_TOKEN1_JSON), "luks2- reserved prefix.");
+
+ // test we can use crypt_token_json_set for valid luks2-keyring token
+ FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON_BAD("\"0\"", "\"my_desc_x\"")), "Strict luks2-keyring token validation failed");
+ EQ_(crypt_token_status(cd, 12, NULL), CRYPT_TOKEN_INACTIVE);
+ FAIL_(crypt_token_json_set(cd, 12, LUKS2_KEYRING_TOKEN_JSON("\"5\"", "\"my_desc\"")), "Missing keyslot 5.");
+ EQ_(crypt_token_json_set(cd, 10, LUKS2_KEYRING_TOKEN_JSON("\"1\"", "\"my_desc\"")), 10);
+ EQ_(crypt_token_status(cd, 10, &dummy), CRYPT_TOKEN_INTERNAL);
+ OK_(strcmp(dummy, "luks2-keyring"));
+ params.key_description = NULL;
+ EQ_(crypt_token_luks2_keyring_get(cd, 10, &params), 10);
+ OK_(strcmp(params.key_description, "my_desc"));
+
+ OK_(crypt_token_is_assigned(cd, 10, 1));
+ // unassigned tests
+ EQ_(crypt_token_is_assigned(cd, 10, 21), -ENOENT);
+ EQ_(crypt_token_is_assigned(cd, 21, 1), -ENOENT);
+ // wrong keyslot or token id tests
+ EQ_(crypt_token_is_assigned(cd, -1, 1), -EINVAL);
+ EQ_(crypt_token_is_assigned(cd, 32, 1), -EINVAL);
+ EQ_(crypt_token_is_assigned(cd, 10, -1), -EINVAL);
+ EQ_(crypt_token_is_assigned(cd, 10, 32), -EINVAL);
+ EQ_(crypt_token_is_assigned(cd, -1, -1), -EINVAL);
+ EQ_(crypt_token_is_assigned(cd, 32, 32), -EINVAL);
+
+ // test crypt_keyslot_change_by_passphrase does not erase token references
+ EQ_(crypt_keyslot_change_by_passphrase(cd, 1, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
+ OK_(crypt_token_is_assigned(cd, 10, 5));
+ ks = crypt_keyslot_change_by_passphrase(cd, 5, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1));
+ NOTFAIL_(ks, "Failed to change keyslot passphrase.");
+ OK_(crypt_token_is_assigned(cd, 10, ks));
+ CRYPT_FREE(cd);
+
+ // test token activation respects keyslot priorities
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 5, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 5);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 12, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 12);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 31, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 31);
+
+ OK_(crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_IGNORE));
+ OK_(crypt_keyslot_set_priority(cd, 3, CRYPT_SLOT_PRIORITY_PREFER));
+ OK_(crypt_keyslot_set_priority(cd, 8, CRYPT_SLOT_PRIORITY_PREFER));
+ OK_(crypt_keyslot_set_priority(cd, 12,CRYPT_SLOT_PRIORITY_PREFER));
+
+ // expected unusable with CRYPT_ANY_TOKEN
+ EQ_(crypt_token_json_set(cd, 1, TEST_TOKEN_JSON("\"0\", \"3\"")), 1);
+
+ // expected unusable (-EPERM)
+ EQ_(crypt_token_json_set(cd, 5, TEST_TOKEN_JSON("\"8\"")), 5);
+
+ // expected unusable (-EPERM)
+ EQ_(crypt_token_json_set(cd, 4, TEST_TOKEN_JSON("\"8\", \"3\"")), 4);
+
+ // expected unusable (-ENOENT)
+ EQ_(crypt_token_json_set(cd, 6, TEST_TOKEN_JSON("\"3\"")), 6);
+
+ // expected unusable (-ENOENT)
+ EQ_(crypt_token_json_set(cd, 11, TEST_TOKEN_JSON("")), 11);
+
+ token_max = crypt_token_max(CRYPT_LUKS2) - 1;
+ GE_(token_max, 0);
+
+ // expected to be used first with CRYPT_ANY_TOKEN (unlocks with high priority ks 12)
+ EQ_(crypt_token_json_set(cd, token_max, TEST_TOKEN_JSON("\"12\", \"0\", \"3\"")), token_max);
+
+ // expected usable with CRYPT_ANY_TOKEN
+ EQ_(crypt_token_json_set(cd, 8, TEST_TOKEN_JSON("\"5\", \"0\", \"3\"")), 8);
+
+ // of all tokens keyslot 12 has highest priority now
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
+ EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ // with explicit token priority ignore may be used
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 1, NULL, 0, passptr, 0), 0);
+ EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", 1, NULL, 0, passptr, 0), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ EQ_(crypt_token_json_set(cd, token_max, NULL), token_max);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 5);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 5, NULL, 0, passptr, 0), -EPERM);
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 4, NULL, 0, passptr, 0), -EPERM);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, 0), -ENOENT);
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, 0), -ENOENT);
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), -ENOENT);
+
+ // test crypt_resume_by_token_pin
+ EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 5);
+ OK_(crypt_suspend(cd, CDEVICE_1));
+ EQ_(crypt_resume_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr), 5);
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ EQ_(crypt_token_max(CRYPT_LUKS2), 32);
+ FAIL_(crypt_token_max(CRYPT_LUKS1), "No token support in LUKS1");
+ FAIL_(crypt_token_max(NULL), "No LUKS format specified");
+ _cleanup_dmdevices();
+}
+
+static void LuksConvert(void)
+{
+ uint64_t offset, r_payload_offset;
+
+ const char *json = "{\"type\":\"convert_block\",\"keyslots\":[]}";
+ const struct crypt_pbkdf_type argon = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha512",
+ .time_ms = 1,
+ .max_memory_kb = 1024,
+ .parallel_threads = 1
+ }, pbkdf2 = {
+ .type = CRYPT_KDF_PBKDF2,
+ .hash = "sha256",
+ .time_ms = 1
+ };
+
+ struct crypt_params_luks1 luks1 = {
+ .hash = "sha256",
+ .data_device = DMDIR L_DEVICE_1S
+ };
+
+ struct crypt_params_luks2 luks2 = {
+ .pbkdf = &pbkdf2,
+ .sector_size = 512
+ };
+
+ const char *cipher = "aes";
+ const char *cipher_mode = "xts-plain64";
+
+ // prepare the device
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ offset = crypt_get_data_offset(cd);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 7);
+ CRYPT_FREE(cd);
+
+ // convert LUKSv1 -> LUKSv2
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "device is active");
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
+ CRYPT_FREE(cd);
+
+ // check result
+ OK_(crypt_init(&cd, DEVICE_1));
+ FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "wrong luks format");
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "format is already LUKSv2");
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
+ CRYPT_FREE(cd);
+
+ // convert LUKSv2 -> LUKSv1
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "device is active");
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS2));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
+ CRYPT_FREE(cd);
+
+ // check result
+ OK_(crypt_init(&cd, DEVICE_1));
+ FAIL_(crypt_load(cd, CRYPT_LUKS2, NULL), "wrong luks format");
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "format is already LUKSv1");
+ OK_(strcmp(crypt_get_type(cd), CRYPT_LUKS1));
+ CRYPT_FREE(cd);
+
+ // exercice non-pbkdf2 LUKSv2 conversion
+ if (!_fips_mode) {
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_set_data_offset(cd, offset));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ OK_(crypt_set_pbkdf_type(cd, &argon));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Incompatible pbkdf with LUKSv1 format");
+ CRYPT_FREE(cd);
+ }
+
+ // exercice non LUKS1 compatible keyslot
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_set_data_offset(cd, offset));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ // FIXME: following test fails as expected but for a different reason
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Unassigned keyslots are incompatible with LUKSv1 format");
+ CRYPT_FREE(cd);
+
+ // exercice LUKSv2 conversion with single pbkdf2 keyslot being active
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_set_data_offset(cd, offset));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ offset = crypt_get_data_offset(cd);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ if (!_fips_mode) {
+ OK_(crypt_set_pbkdf_type(cd, &argon));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 1);
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Different hash for digest and keyslot.");
+ OK_(crypt_keyslot_destroy(cd, 1));
+ }
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ CRYPT_FREE(cd);
+
+ // do not allow conversion on keyslot No > 7
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_set_data_offset(cd, offset));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert keyslot No 8");
+ CRYPT_FREE(cd);
+
+ // do not allow conversion with token
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_set_data_offset(cd, offset));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
+ OK_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json));
+ FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert header with token.");
+ CRYPT_FREE(cd);
+
+ // should be enough for both luks1 and luks2 devices with all vk lengths
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
+
+ // do not allow conversion for legacy luks1 device (non-aligned keyslot offset)
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_LEGACY " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
+ CRYPT_FREE(cd);
+
+ /*
+ * do not allow conversion on images if there's not enough space between
+ * last keyslot and data offset (should not happen on headers created
+ * with cryptsetup)
+ */
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256_UNMOVABLE " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Can't convert device with unaligned keyslot offset");
+ CRYPT_FREE(cd);
+
+ // compat conversion tests
+ // LUKS1 -> LUKS2
+
+ // 128b key
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L1_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 256b key
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L1_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 512b key
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L1_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=2 oflag=direct 2>/dev/null", 1));
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // detached LUKS1 header conversion
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_128_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 256b key
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_256_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 512b key
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS2), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L1_512_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // LUKS2 -> LUKS1
+ // 128b key
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 128b all LUKS1 keyslots used
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L2_128_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
+ CRYPT_FREE(cd);
+
+ // 256b key
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 256b all LUKS1 keyslots used
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L2_256_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
+ CRYPT_FREE(cd);
+
+ // 512b key
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512 " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 512b all LUKS1 keyslots used
+ OK_(_system("dd if=" CONV_DIR "/" CONV_L2_512_FULL " of=" DMDIR L_DEVICE_1S " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
+ CRYPT_FREE(cd);
+
+ // detached headers
+ // 128b
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 128b all LUKS1 keyslots used
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_128_DET_FULL));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
+ CRYPT_FREE(cd);
+
+ // 256b key
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 256b all LUKS1 keyslots used
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_256_DET_FULL));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
+ CRYPT_FREE(cd);
+
+ // 512b key
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ offset = crypt_get_data_offset(cd);
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_get_data_offset(cd), offset);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ CRYPT_FREE(cd);
+
+ // 512b all LUKS1 keyslots used
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
+ EQ_(strcmp(crypt_get_type(cd), CRYPT_LUKS1), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, CONV_DIR "/" CONV_L2_512_DET_FULL));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
+ CRYPT_FREE(cd);
+
+ // detached LUKS1 header upconversion
+ OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header should fit there
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
+ FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space.");
+ CRYPT_FREE(cd);
+
+ // 2050 sectors, empty file
+ OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
+ EQ_(crypt_get_data_offset(cd), 0);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
+ OK_(crypt_convert(cd, CRYPT_LUKS2, NULL));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void Pbkdf(void)
+{
+ const struct crypt_pbkdf_type *pbkdf;
+
+ const char *cipher = "aes", *mode="xts-plain64";
+ struct crypt_pbkdf_type argon2 = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = default_luks1_hash,
+ .time_ms = 6,
+ .max_memory_kb = 1024,
+ .parallel_threads = 1
+ }, pbkdf2 = {
+ .type = CRYPT_KDF_PBKDF2,
+ .hash = default_luks1_hash,
+ .time_ms = 9
+ }, bad = {
+ .type = "hamster_pbkdf",
+ .hash = default_luks1_hash
+ };
+ struct crypt_params_plain params = {
+ .hash = "sha256",
+ .skip = 0,
+ .offset = 0,
+ .size = 0
+ };
+ struct crypt_params_luks1 luks1 = {
+ .hash = "sha512", // test non-standard hash
+ .data_alignment = 2048,
+ };
+
+ uint64_t r_payload_offset;
+
+ /* Only PBKDF2 is allowed in FIPS, these tests cannot be run. */
+ if (_fips_mode)
+ return;
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
+
+ NULL_(crypt_get_pbkdf_type_params(NULL));
+ NULL_(crypt_get_pbkdf_type_params("suslik"));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2));
+ OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2I));
+ OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2I));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_ARGON2ID));
+ OK_(strcmp(pbkdf->type, CRYPT_KDF_ARGON2ID));
+
+ // test empty context
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ NULL_(crypt_get_pbkdf_type(cd));
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ NOTNULL_(crypt_get_pbkdf_type(cd));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ NOTNULL_(crypt_get_pbkdf_type(cd));
+ OK_(crypt_set_pbkdf_type(cd, NULL));
+ NOTNULL_(crypt_get_pbkdf_type(cd));
+
+ // test plain device
+ OK_(crypt_format(cd, CRYPT_PLAIN, cipher, mode, NULL, NULL, 32, &params));
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ OK_(crypt_set_pbkdf_type(cd, NULL));
+ NOTNULL_(crypt_get_pbkdf_type(cd));
+ CRYPT_FREE(cd);
+
+ // test LUKSv1 device
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
+ FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Unsupported with non-LUKS2 devices");
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ OK_(crypt_set_pbkdf_type(cd, NULL));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ EQ_(pbkdf->time_ms, default_luks1_iter_time);
+ CRYPT_FREE(cd);
+ // test value set in crypt_set_iteration_time() can be obtained via following crypt_get_pbkdf_type()
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ crypt_set_iteration_time(cd, 42);
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, NULL));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ EQ_(pbkdf->time_ms, 42);
+ // test crypt_get_pbkdf_type() returns expected values for LUKSv1
+ OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->max_memory_kb, 0);
+ EQ_(pbkdf->parallel_threads, 0);
+ crypt_set_iteration_time(cd, 43);
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ EQ_(pbkdf->time_ms, 43);
+ CRYPT_FREE(cd);
+ // test whether crypt_get_pbkdf_type() after double crypt_load()
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ crypt_set_iteration_time(cd, 42);
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ EQ_(pbkdf->time_ms, 42);
+ CRYPT_FREE(cd);
+ // test whether hash passed via *params in crypt_load() has higher priority
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ crypt_set_iteration_time(cd, 1);
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, mode, NULL, NULL, 32, &luks1));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->hash, luks1.hash));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->hash, luks1.hash));
+ CRYPT_FREE(cd);
+
+ // test LUKSv2 device
+ // test default values are set
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
+ EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
+ // set and verify argon2 type
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->type, argon2.type));
+ OK_(strcmp(pbkdf->hash, argon2.hash));
+ EQ_(pbkdf->time_ms, argon2.time_ms);
+ EQ_(pbkdf->max_memory_kb, argon2.max_memory_kb);
+ EQ_(pbkdf->parallel_threads, argon2.parallel_threads);
+ // set and verify pbkdf2 type
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->type, pbkdf2.type));
+ OK_(strcmp(pbkdf->hash, pbkdf2.hash));
+ EQ_(pbkdf->time_ms, pbkdf2.time_ms);
+ EQ_(pbkdf->max_memory_kb, pbkdf2.max_memory_kb);
+ EQ_(pbkdf->parallel_threads, pbkdf2.parallel_threads);
+ // reset and verify default values
+ crypt_set_iteration_time(cd, 1); // it's supposed to override this call
+ OK_(crypt_set_pbkdf_type(cd, NULL));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
+ EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
+ // try to pass illegal values
+ argon2.parallel_threads = 0;
+ FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0");
+ argon2.parallel_threads = 1;
+ argon2.max_memory_kb = 0;
+ FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Memory can't be 0");
+ argon2.max_memory_kb = 1024;
+ pbkdf2.parallel_threads = 1;
+ FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Parallel threads can't be set with pbkdf2 type");
+ pbkdf2.parallel_threads = 0;
+ pbkdf2.max_memory_kb = 512;
+ FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Memory can't be set with pbkdf2 type");
+ FAIL_(crypt_set_pbkdf_type(cd, &bad), "Unknown type member");
+ bad.type = CRYPT_KDF_PBKDF2;
+ bad.hash = NULL;
+ FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty");
+ bad.type = NULL;
+ bad.hash = default_luks1_hash;
+ FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
+ bad.hash = "hamster_hash";
+ FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
+ CRYPT_FREE(cd);
+ // test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
+ EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
+ crypt_set_iteration_time(cd, 1);
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->time_ms, 1);
+ EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
+ CRYPT_FREE(cd);
+
+ // test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time()
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ crypt_set_iteration_time(cd, 0);
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ OK_(strcmp(pbkdf->type, argon2.type));
+ EQ_(pbkdf->time_ms, argon2.time_ms);
+
+ // force iterations
+ argon2.iterations = 33;
+ argon2.flags = CRYPT_PBKDF_NO_BENCHMARK;
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
+ EQ_(pbkdf->iterations, 33);
+ EQ_(pbkdf->flags, CRYPT_PBKDF_NO_BENCHMARK);
+
+ // time may be unset with iterations
+ argon2.time_ms = 0;
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ argon2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
+ FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Illegal time value.");
+
+ pbkdf2.time_ms = 0;
+ pbkdf2.flags = CRYPT_PBKDF_NO_BENCHMARK;
+ pbkdf2.parallel_threads = 0;
+ pbkdf2.max_memory_kb = 0;
+ pbkdf2.iterations = 1000;
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ pbkdf2.flags &= ~CRYPT_PBKDF_NO_BENCHMARK;
+ FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Illegal time value.");
+
+ // hash is relevant only with pbkdf2
+ pbkdf2.time_ms = 9;
+ pbkdf2.hash = NULL;
+ FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2");
+ pbkdf2.hash = "sha256";
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+
+ argon2.time_ms = 9;
+ argon2.hash = "sha256"; // will be ignored
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ argon2.hash = NULL;
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+
+ CRYPT_FREE(cd);
+
+ NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1));
+ OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
+ EQ_(pbkdf->time_ms, default_luks1_iter_time);
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->max_memory_kb, 0);
+ EQ_(pbkdf->parallel_threads, 0);
+
+ NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2));
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->max_memory_kb, default_luks2_memory_kb);
+ EQ_(pbkdf->parallel_threads, default_luks2_parallel_threads);
+
+ NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN));
+
+ _cleanup_dmdevices();
+}
+
+static void Luks2KeyslotAdd(void)
+{
+ char key[128], key2[128], key_ret[128];
+ const char *cipher = "aes", *cipher_mode="xts-plain64";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_ret_len, key_size = strlen(vk_hex) / 2;
+ uint64_t r_payload_offset;
+ struct crypt_pbkdf_type pbkdf = {
+ .type = "argon2i",
+ .hash = "sha256",
+ .iterations = 4,
+ .max_memory_kb = 32,
+ .parallel_threads = 1,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK,
+ };
+ struct crypt_params_luks2 params2 = {
+ .pbkdf = &pbkdf,
+ .sector_size = TST_SECTOR_SIZE
+ };
+
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key2, vk_hex2, key_size);
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ pbkdf.iterations = 1000;
+ }
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
+
+ /* test crypt_keyslot_add_by_key */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params2));
+ EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
+ EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_UNBOUND);
+ /* must not activate volume with keyslot unassigned to a segment */
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0), "Key doesn't match volume key digest");
+ FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), "Keyslot not assigned to volume");
+ FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), "No keyslot assigned to volume with this passphrase");
+ /* unusable for volume activation even in test mode */
+ FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Key doesn't match volume key digest");
+ /* otoh passphrase check should pass */
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
+ EQ_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
+ /* in general crypt_keyslot_add_by_key must allow any reasonable key size
+ * even though such keyslot will not be usable for segment encryption */
+ EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size-1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
+ EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 13, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
+
+ FAIL_(crypt_keyslot_get_key_size(cd, CRYPT_ANY_SLOT), "Bad keyslot specification.");
+ EQ_(crypt_get_volume_key_size(cd), key_size);
+ EQ_(crypt_keyslot_get_key_size(cd, 0), key_size);
+ EQ_(crypt_keyslot_get_key_size(cd, 1), key_size);
+ EQ_(crypt_keyslot_get_key_size(cd, 2), key_size-1);
+ EQ_(crypt_keyslot_get_key_size(cd, 3), 13);
+
+ key_ret_len = key_size - 1;
+ FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "Wrong size");
+
+ key_ret_len = 13;
+ FAIL_(crypt_volume_key_get(cd, 2, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "wrong size");
+ EQ_(crypt_volume_key_get(cd, 3, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 3);
+ FAIL_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0), "Not a volume key");
+ key_ret_len = key_size;
+ EQ_(crypt_volume_key_get(cd, 1, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
+
+ /* test force volume key change works as expected */
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
+ OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
+ OK_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key2, key_size, 0));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ /* old keyslot must be unusable */
+ FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Key doesn't match volume key digest");
+ FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Key doesn't match volume key digest");
+ FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "Keyslot not assigned to volume");
+ EQ_(crypt_keyslot_add_by_passphrase(cd, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1)), 6);
+ /* regression test. check new keyslot is properly assigned to new volume key digest */
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE1, strlen(PASSPHRASE1), 0), 6);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params2));
+ /* keyslot 0, volume key, digest 0 */
+ EQ_(crypt_keyslot_add_by_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ /* keyslot 1, unbound key, digest 1 */
+ EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ /* keyslot 2, unbound key, digest 1 */
+ EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 2);
+ /* keyslot 3, unbound key, digest 2 */
+ EQ_(crypt_keyslot_add_by_key(cd, 3, key2, key_size - 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 3);
+ /* keyslot 4, unbound key, digest 1 */
+ EQ_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 4);
+ FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET), "Illegal");
+ FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET | CRYPT_VOLUME_KEY_DIGEST_REUSE), "Illegal");
+ /* Such key doesn't exist, nothing to reuse */
+ FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size - 2, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), "Key digest doesn't match any existing.");
+ /* Keyslot 5, volume key, digest 0 */
+ EQ_(crypt_keyslot_add_by_key(cd, 5, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), 5);
+
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
+ OK_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0));
+ FAIL_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0), "Not a volume key");
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 2, PASSPHRASE1, strlen(PASSPHRASE1), 0), 2);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "No volume key keyslot");
+
+ /* TODO: key is unusable with aes-xts */
+ // FAIL_(crypt_keyslot_add_by_key(cd, 3, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), "Unusable key with segment cipher");
+
+ EQ_(crypt_keyslot_add_by_key(cd, 5, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 5);
+ FAIL_(crypt_activate_by_volume_key(cd, NULL, key2, key_size, 0), "Not a volume key");
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void Luks2KeyslotParams(void)
+{
+ char key[128], key2[128];
+ const char *cipher = "aes", *cipher_mode="xts-plain64";
+ const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-essiv:sha256";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size_ret, key_size = strlen(vk_hex) / 2, keyslot_key_size = 16;
+ uint64_t r_payload_offset;
+
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key2, vk_hex2, key_size);
+
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
+
+ EQ_(key_size, 2 * keyslot_key_size);
+ /* test crypt_keyslot_add_by_key */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
+ NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+
+ // Normal slots
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
+ EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
+ EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
+ EQ_(6, crypt_keyslot_add_by_keyfile(cd, 6, KEYFILE1, 0, KEYFILE2, 0));
+
+ // Slots with different encryption type
+ OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ EQ_(3, crypt_keyslot_add_by_volume_key(cd, 3, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
+ EQ_(4, crypt_keyslot_add_by_passphrase(cd, 4, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
+ EQ_(5, crypt_keyslot_add_by_key(cd, 5, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
+ EQ_(7, crypt_keyslot_add_by_keyfile(cd, 7, KEYFILE1, 0, KEYFILE2, 0));
+
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+
+ EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+
+ EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+
+ EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_UNBOUND);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 2, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+
+ EQ_(crypt_keyslot_status(cd, 6), CRYPT_SLOT_ACTIVE);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 6, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+
+ EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 3, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 4, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ EQ_(crypt_keyslot_status(cd, 5), CRYPT_SLOT_UNBOUND);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 5, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ EQ_(crypt_keyslot_status(cd, 7), CRYPT_SLOT_ACTIVE);
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+
+ /* Revert to default */
+ EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 9, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+
+ /* Set new encryption params */
+ OK_(crypt_keyslot_set_encryption(cd, cipher_keyslot, keyslot_key_size));
+
+ EQ_(1, crypt_keyslot_change_by_passphrase(cd, 8, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 1, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ EQ_(10, crypt_keyslot_change_by_passphrase(cd, 2, 10, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 10, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_keyslot));
+ EQ_(key_size_ret, keyslot_key_size);
+
+ CRYPT_FREE(cd);
+
+ /* LUKS1 compatible calls */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL));
+ NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(strcmp(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), cipher_spec));
+ EQ_(key_size_ret, key_size);
+ CRYPT_FREE(cd);
+
+ /* LUKS2 cipher null checks */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
+ FAIL_(crypt_keyslot_set_encryption(cd, "null", 32), "cipher null is not allowed");
+ FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null", 32), "cipher null is not allowed");
+ FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null-ecb", 32), "cipher null is not allowed");
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
+ NOTNULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
+ NULL_(strstr(crypt_keyslot_get_encryption(cd, 0, &key_size_ret), "null"));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ _remove_keyfiles();
+}
+
+static void Luks2ActivateByKeyring(void)
+{
+#ifdef KERNEL_KEYRING
+
+ key_serial_t kid, kid1;
+ uint64_t r_payload_offset;
+
+ const char *cipher = "aes";
+ const char *cipher_mode = "xts-plain64";
+
+ if (!t_dm_crypt_keyring_support()) {
+ printf("WARNING: Kernel keyring not supported, skipping test.\n");
+ return;
+ }
+
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+ kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid1, "Test or kernel keyring are broken.");
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
+
+ // prepare the device
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 2);
+ CRYPT_FREE(cd);
+
+ // FIXME: all following tests work as expected but most error messages are missing
+ // check activate by keyring works exactly same as by passphrase
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0), 0);
+ EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), 0);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), "already open");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
+ EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
+ EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 2, 0), 2);
+ FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 1, 0), "Keyslot not assigned to volume");
+ EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), 2);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, CRYPT_ANY_SLOT, 0), 2);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 2, 0), "Failed to unclock keyslot");
+ FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 0, 0), "Failed to unclock keyslot");
+ CRYPT_FREE(cd);
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
+ NOTFAIL_(keyctl_unlink(kid1, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
+ FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
+ FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST1, 2, 0), "no such key in keyring");
+ FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST1, 1, 0), "no such key in keyring");
+ CRYPT_FREE(cd);
+ _cleanup_dmdevices();
+#else
+ printf("WARNING: cryptsetup compiled with kernel keyring service disabled, skipping test.\n");
+#endif
+}
+
+static void Luks2Requirements(void)
+{
+ int r;
+ char key[128];
+ size_t key_size = 128;
+ const struct crypt_pbkdf_type *pbkdf;
+#ifdef KERNEL_KEYRING
+ key_serial_t kid;
+#endif
+ uint32_t flags;
+ uint64_t dummy, r_payload_offset;
+ struct crypt_active_device cad;
+
+ const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}";
+ struct crypt_pbkdf_type argon2 = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = default_luks1_hash,
+ .time_ms = 6,
+ .max_memory_kb = 1024,
+ .parallel_threads = 1
+ }, pbkdf2 = {
+ .type = CRYPT_KDF_PBKDF2,
+ .hash = default_luks1_hash,
+ .time_ms = 9
+ };
+ struct crypt_token_params_luks2_keyring params_get, params = {
+ .key_description = KEY_DESC_TEST0
+ };
+
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
+
+ /* crypt_load (unrestricted) */
+ OK_(crypt_init(&cd, DEVICE_5));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DEVICE_5));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+
+ /* crypt_dump (unrestricted) */
+ reset_log();
+ OK_(crypt_dump(cd));
+ OK_(!(global_lines != 0));
+ reset_log();
+
+ /* get & set pbkdf params (unrestricted) */
+ if (!_fips_mode) {
+ OK_(crypt_set_pbkdf_type(cd, &argon2));
+ NOTNULL_(crypt_get_pbkdf_type(cd));
+ }
+
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ NOTNULL_(crypt_get_pbkdf_type(cd));
+
+ /* crypt_set_iteration_time (unrestricted) */
+ crypt_set_iteration_time(cd, 1);
+ pbkdf = crypt_get_pbkdf_type(cd);
+ NOTNULL_(pbkdf);
+ EQ_(pbkdf->time_ms, 1);
+
+ /* crypt_convert (restricted) */
+ FAIL_((r = crypt_convert(cd, CRYPT_LUKS1, NULL)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_set_uuid (restricted) */
+ FAIL_((r = crypt_set_uuid(cd, NULL)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_set_label (restricted) */
+ FAIL_((r = crypt_set_label(cd, "label", "subsystem")), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_get_label (unrestricted) */
+ NOTNULL_(crypt_get_label(cd));
+ OK_(strcmp("", crypt_get_label(cd)));
+ /* crypt_get_subsystem (unrestricted) */
+ NOTNULL_(crypt_get_subsystem(cd));
+ OK_(strcmp("", crypt_get_subsystem(cd)));
+
+ /* crypt_repair (with current repair capabilities it's unrestricted) */
+ OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
+
+ /* crypt_keyslot_add_passphrase (restricted) */
+ FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), "bbb", 3)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_keyslot_change_by_passphrase (restricted) */
+ FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, PASSPHRASE, strlen(PASSPHRASE), "bbb", 3)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_keyslot_add_by_keyfile (restricted) */
+ FAIL_((r = crypt_keyslot_add_by_keyfile(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, KEYFILE2, 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_keyslot_add_by_keyfile_offset (restricted) */
+ FAIL_((r = crypt_keyslot_add_by_keyfile_offset(cd, CRYPT_ANY_SLOT, KEYFILE1, 0, 0, KEYFILE2, 0, 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_volume_key_get (unrestricted, but see below) */
+ OK_(crypt_volume_key_get(cd, 0, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)));
+
+ /* crypt_keyslot_add_by_volume_key (restricted) */
+ FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1))), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_keyslot_add_by_key (restricted) */
+ FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_keyslot_add_by_key (restricted) */
+ FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_persistent_flasgs_set (restricted) */
+ FAIL_((r = crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, CRYPT_ACTIVATE_ALLOW_DISCARDS)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_persistent_flasgs_get (unrestricted) */
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
+ EQ_(flags, CRYPT_REQUIREMENT_UNKNOWN);
+
+ /* crypt_activate_by_passphrase (restricted for activation only) */
+ FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+ OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0));
+ OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
+ EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
+
+ /* crypt_activate_by_keyfile (restricted for activation only) */
+ FAIL_((r = crypt_activate_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+ OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, 0));
+ OK_(crypt_activate_by_keyfile(cd, NULL, 0, KEYFILE1, 0, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
+
+ /* crypt_activate_by_volume_key (restricted for activation only) */
+ FAIL_((r = crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
+
+#ifdef KERNEL_KEYRING
+ if (t_dm_crypt_keyring_support()) {
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+
+ /* crypt_activate_by_keyring (restricted for activation only) */
+ FAIL_((r = crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0)), "Unmet requirements detected");
+ EQ_(r, t_dm_crypt_keyring_support() ? -ETXTBSY : -EINVAL);
+ OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0));
+ OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY));
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
+ }
+#endif
+
+ /* crypt_volume_key_verify (unrestricted) */
+ OK_(crypt_volume_key_verify(cd, key, key_size));
+
+ /* crypt_get_cipher (unrestricted) */
+ OK_(strcmp(crypt_get_cipher(cd)?:"", "aes"));
+
+ /* crypt_get_cipher_mode (unrestricted) */
+ OK_(strcmp(crypt_get_cipher_mode(cd)?:"", "xts-plain64"));
+
+ /* crypt_get_uuid (unrestricted) */
+ NOTNULL_(crypt_get_uuid(cd));
+
+ /* crypt_get_device_name (unrestricted) */
+ NOTNULL_(crypt_get_device_name(cd));
+
+ /* crypt_get_data_offset (unrestricted) */
+ OK_(!crypt_get_data_offset(cd));
+
+ /* crypt_get_iv_offset (unrestricted, nothing to test) */
+
+ /* crypt_get_volume_key_size (unrestricted) */
+ EQ_(crypt_get_volume_key_size(cd), key_size);
+
+ /* crypt_keyslot_status (unrestricted) */
+ EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE_LAST);
+ EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_INACTIVE);
+
+ /* crypt_keyslot_get_priority (unrestricted) */
+ EQ_(crypt_keyslot_get_priority(cd, 0), CRYPT_SLOT_PRIORITY_NORMAL);
+
+ /* crypt_keyslot_set_priority (restricted) */
+ FAIL_((r = crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_PREFER)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_keyslot_area (unrestricted) */
+ OK_(crypt_keyslot_area(cd, 0, &dummy, &dummy));
+ OK_(!dummy);
+
+ /* crypt_header_backup (unrestricted) */
+ remove(BACKUP_FILE);
+ OK_(crypt_header_backup(cd, CRYPT_LUKS, BACKUP_FILE));
+
+ /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
+ FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+ remove(BACKUP_FILE);
+
+ /* crypt_token_json_set (restricted) */
+ FAIL_((r = crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_token_json_get (unrestricted) */
+ OK_(crypt_token_json_get(cd, 0, &token));
+ NOTNULL_(strstr(token, "user_type"));
+
+ /* crypt_token_status (unrestricted) */
+ EQ_(crypt_token_status(cd, 0, &token), CRYPT_TOKEN_EXTERNAL_UNKNOWN);
+ OK_(strcmp(token, "user_type"));
+ EQ_(crypt_token_status(cd, 1, &token), CRYPT_TOKEN_INTERNAL);
+ OK_(strcmp(token, "luks2-keyring"));
+ EQ_(crypt_token_status(cd, 2, NULL), CRYPT_TOKEN_INACTIVE);
+ EQ_(crypt_token_status(cd, 6, &token), CRYPT_TOKEN_INTERNAL_UNKNOWN);
+
+ /* crypt_token_luks2_keyring_set (restricted) */
+ FAIL_((r = crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, &params)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_token_luks2_keyring_get (unrestricted) */
+ EQ_(crypt_token_luks2_keyring_get(cd, 1, &params_get), 1);
+ OK_(strcmp(params_get.key_description, KEY_DESC_TEST0));
+
+ /* crypt_token_assign_keyslot (unrestricted) */
+ FAIL_((r = crypt_token_assign_keyslot(cd, 0, 1)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_token_unassign_keyslot (unrestricted) */
+ FAIL_((r = crypt_token_unassign_keyslot(cd, CRYPT_ANY_TOKEN, CRYPT_ANY_SLOT)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_activate_by_token (restricted for activation only) */
+#ifdef KERNEL_KEYRING
+ if (t_dm_crypt_keyring_support()) {
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+
+ FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent
+ EQ_(r, -ETXTBSY);
+ OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0));
+ OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY));
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
+ }
+#endif
+ OK_(get_luks2_offsets(0, 8192, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 2));
+ //OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" NO_REQS_LUKS2_HEADER " bs=4096 2>/dev/null", 1));
+ OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+
+ /* need to fake activated LUKSv2 device with requirements features */
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0));
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ /* replace header with no requirements */
+ OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_5));
+ CRYPT_FREE(cd);
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+
+ /* crypt_header_restore (restricted with confirmation required) */
+ /* allow force restore over device header w/ requirements */
+ OK_(crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE));
+ remove(BACKUP_FILE);
+ OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE)); /* create backup with requirements */
+
+ /* crypt_suspend (restricted) */
+ FAIL_((r = crypt_suspend(cd, CDEVICE_1)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+ CRYPT_FREE(cd);
+
+ /* replace header again to suspend the device */
+ OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+ OK_(crypt_suspend(cd, CDEVICE_1));
+
+ /* crypt_header_restore (restricted, do not drop the test until we have safe option) */
+ /* refuse to overwrite header w/ backup including requirements */
+ FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ CRYPT_FREE(cd);
+
+ OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+
+ /* crypt_resume_by_passphrase (restricted) */
+ FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE))), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_resume_by_keyfile (restricted) */
+ FAIL_((r = crypt_resume_by_keyfile(cd, CDEVICE_1, 0, KEYFILE1, 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+
+ /* crypt_resume_by_keyfile_offset (restricted) */
+ FAIL_((r = crypt_resume_by_keyfile_offset(cd, CDEVICE_1, 0, KEYFILE1, 0, 0)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+ CRYPT_FREE(cd);
+
+ OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+ OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE)));
+ CRYPT_FREE(cd);
+ OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
+
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+ /* load VK in keyring */
+ OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
+ /* crypt_resize (restricted) */
+ FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected");
+ EQ_(r, -ETXTBSY);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+
+ /* crypt_get_active_device (unrestricted) */
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+#ifdef KERNEL_KEYRING
+ if (t_dm_crypt_keyring_support())
+ EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, CRYPT_ACTIVATE_KEYRING_KEY);
+#endif
+
+ /* crypt_deactivate (unrestricted) */
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ /* crypt_token_is_assigned (unrestricted) */
+ OK_(crypt_token_is_assigned(cd, 1, 0));
+ OK_(crypt_token_is_assigned(cd, 6, 0));
+ EQ_(crypt_token_is_assigned(cd, 0, 0), -ENOENT);
+
+ /* crypt_keyslot_destroy (unrestricted) */
+ OK_(crypt_keyslot_destroy(cd, 0));
+
+ CRYPT_FREE(cd);
+ _cleanup_dmdevices();
+}
+
+static void Luks2Integrity(void)
+{
+ struct crypt_params_integrity ip = {};
+ struct crypt_params_luks2 params = {
+ .sector_size = 512,
+ .integrity = "hmac(sha256)"
+ };
+ size_t key_size = 32 + 32;
+ const char *cipher = "aes";
+ const char *cipher_mode = "xts-random";
+ int ret;
+
+ // FIXME: This is just a stub
+ OK_(crypt_init(&cd, DEVICE_2));
+ ret = crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, &params);
+ if (ret < 0) {
+ printf("WARNING: cannot format integrity device, skipping test.\n");
+ CRYPT_FREE(cd);
+ return;
+ }
+
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 7);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, PASSPHRASE, strlen(PASSPHRASE) ,0), 7);
+ GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init_by_name_and_header(&cd, CDEVICE_2, NULL));
+ OK_(crypt_get_integrity_info(cd, &ip));
+ OK_(strcmp(cipher, crypt_get_cipher(cd)));
+ OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
+ OK_(strcmp("hmac(sha256)", ip.integrity));
+ EQ_(32, ip.integrity_key_size);
+ EQ_(32+16, ip.tag_size);
+ OK_(crypt_deactivate(cd, CDEVICE_2));
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DEVICE_2));
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size - 32, &params), "Wrong key size.");
+ FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, "xts-plainx", NULL, NULL, key_size, &params), "Wrong cipher.");
+ CRYPT_FREE(cd);
+}
+
+static int check_flag(uint32_t flags, uint32_t flag)
+{
+ return (flags & flag) ? 0 : -1;
+}
+
+static void Luks2Refresh(void)
+{
+ uint64_t r_payload_offset;
+ char key[128], key1[128];
+ const char *cipher = "aes", *mode = "xts-plain64";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c645be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb22158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
+ struct crypt_params_luks2 params = {
+ .sector_size = 512,
+ .integrity = "aead"
+ };
+ struct crypt_active_device cad = {};
+
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key1, vk_hex2, key_size);
+
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
+ OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset + 5000));
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset));
+
+ /* prepare test device */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, key, 32, NULL));
+ OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0));
+
+ /* check we can refresh significant flags */
+ if (t_dm_crypt_discard_support()) {
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_ALLOW_DISCARDS));
+ cad.flags = 0;
+ }
+
+ if (t_dm_crypt_cpu_switch_support()) {
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SAME_CPU_CRYPT));
+ cad.flags = 0;
+
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ cad.flags = 0;
+
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ cad.flags = 0;
+ }
+
+ OK_(crypt_volume_key_keyring(cd, 0));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised.");
+ cad.flags = 0;
+
+#ifdef KERNEL_KEYRING
+ if (t_dm_crypt_keyring_support()) {
+ OK_(crypt_volume_key_keyring(cd, 1));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY));
+ cad.flags = 0;
+ }
+#endif
+
+ /* multiple flags at once */
+ if (t_dm_crypt_discard_support() && t_dm_crypt_cpu_switch_support()) {
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
+ cad.flags = 0;
+ }
+
+ /* do not allow reactivation with read-only (and drop flag silently because activation behaves exactly same) */
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY), "Reactivated with read-only flag.");
+ cad.flags = 0;
+
+ /* reload flag is dropped silently */
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
+
+ /* check read-only flag is not lost after reload */
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_READONLY));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY));
+ cad.flags = 0;
+
+ /* check LUKS2 with auth. enc. reload */
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
+ if (!crypt_format(cd2, CRYPT_LUKS2, "aes", "gcm-random", crypt_get_uuid(cd), key, 32, &params)) {
+ OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, 0));
+ OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL));
+ OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL));
+ cad.flags = 0;
+ OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
+ OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ cad.flags = 0;
+ OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
+ FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL), "");
+ FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS), "");
+ FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context");
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ } else {
+ printf("WARNING: cannot format integrity device, skipping few reload tests.\n");
+ }
+ CRYPT_FREE(cd2);
+
+ /* Use LUKS1 context on LUKS2 device */
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
+ OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
+ OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)));
+ FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context");
+ CRYPT_FREE(cd2);
+
+ /* Use PLAIN context on LUKS2 device */
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
+ OK_(crypt_format(cd2, CRYPT_PLAIN, cipher, mode, NULL, key, 32, NULL));
+ OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
+ FAIL_(crypt_activate_by_volume_key(cd2, CDEVICE_1, key, key_size, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with PLAIN context");
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ CRYPT_FREE(cd2);
+
+ /* (snapshot-like case) */
+ /* try to refresh almost identical device (differs only in major:minor of data device) */
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
+ OK_(set_fast_pbkdf(cd2));
+ OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
+ OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, PASSPHRASE, strlen(PASSPHRASE)));
+ FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device");
+
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ CRYPT_FREE(cd);
+ CRYPT_FREE(cd2);
+
+ _cleanup_dmdevices();
+}
+
+static void Luks2Flags(void)
+{
+ uint32_t flags = 42;
+
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+
+ /* check library erase passed variable on success when no flags set */
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
+ EQ_(flags, 0);
+
+ /* check set and get behave as expected */
+ flags = CRYPT_ACTIVATE_ALLOW_DISCARDS;
+ OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
+ flags = 0;
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
+ EQ_(flags, CRYPT_ACTIVATE_ALLOW_DISCARDS);
+
+ flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
+ OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
+ flags = ~UINT32_C(0);
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
+ EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS);
+
+ /* label and subsystem (second label */
+ OK_(crypt_set_label(cd, "label", "subsystem"));
+ OK_(strcmp("label", crypt_get_label(cd)));
+ OK_(strcmp("subsystem", crypt_get_subsystem(cd)));
+
+ OK_(crypt_set_label(cd, NULL, NULL));
+ OK_(strcmp("", crypt_get_label(cd)));
+ OK_(strcmp("", crypt_get_subsystem(cd)));
+
+ CRYPT_FREE(cd);
+}
+
+#if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
+static int test_progress(uint64_t size __attribute__((unused)),
+ uint64_t offset __attribute__((unused)),
+ void *usrptr __attribute__((unused)))
+{
+ while (--test_progress_steps)
+ return 0;
+ return 1;
+}
+
+static void Luks2Reencryption(void)
+{
+/* reencryption currently depends on kernel keyring support */
+ /* NOTES:
+ * - reencryption requires luks2 parameters. can we avoid it?
+ */
+ uint32_t getflags;
+ uint64_t r_header_size, r_size_1;
+ struct crypt_active_device cad;
+ struct crypt_pbkdf_type pbkdf = {
+ .type = CRYPT_KDF_ARGON2I,
+ .hash = "sha256",
+ .parallel_threads = 1,
+ .max_memory_kb = 128,
+ .iterations = 4,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+ };
+ struct crypt_params_luks2 params2 = {
+ .pbkdf = &pbkdf,
+ .sector_size = 4096
+ };
+ struct crypt_params_reencrypt retparams = {}, rparams = {
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "checksum",
+ .hash = "sha256",
+ .luks2 = &params2,
+ };
+ dev_t devno;
+
+ const char *vk_hex = "bb21babe733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
+ char key[128];
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ /* reencryption currently depends on kernel keyring support in dm-crypt */
+ if (!t_dm_crypt_keyring_support())
+ return;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode) {
+ pbkdf.type = CRYPT_KDF_PBKDF2;
+ pbkdf.parallel_threads = 0;
+ pbkdf.max_memory_kb = 0;
+ pbkdf.iterations = 1000;
+ }
+
+ OK_(get_luks2_offsets(1, 0, 0, &r_header_size, NULL));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
+
+ /* create device */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
+
+ /* add several unbound keys */
+ EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
+ EQ_(crypt_keyslot_add_by_key(cd, 10, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 10);
+ EQ_(crypt_keyslot_add_by_key(cd, 11, NULL, 42, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 11);
+ EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE_LAST);
+
+ /* test cipher parameters validation */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 11, "aes", "xts-plain64", &rparams), "Cipher not compatible with new volume key size.");
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "tHeHamstErciphErr", "xts-plain64", &rparams), "Wrong cipher.");
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "HamSterMoOode-plain64", &rparams), "Wrong mode.");
+
+ /* test reencryption flags */
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption not initialized.");
+ rparams.flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid flags combination.");
+
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
+ FAIL_(crypt_reencrypt_run(cd, NULL, NULL), "Reencryption context not initialized.");
+
+ rparams.flags &= ~CRYPT_REENCRYPT_RESUME_ONLY;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
+
+ /* check reencrypt status is correct */
+ EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
+ EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
+ EQ_(retparams.direction, CRYPT_REENCRYPT_FORWARD);
+ EQ_(retparams.data_shift, 0);
+ EQ_(retparams.device_size, 0);
+
+ /* check reencryption flag in metadata */
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
+
+ /* some parameters are expected to change immediately after reencryption initialization */
+ EQ_(crypt_get_volume_key_size(cd), 64);
+ OK_(strcmp(crypt_get_cipher_mode(cd), "xts-plain64"));
+ EQ_(crypt_get_sector_size(cd), 4096);
+ /* reencrypt keyslot must be unbound */
+ EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_UNBOUND);
+ /* keyslot assigned to new segment is switched to last active */
+ EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST);
+ /* keyslot assigned to old segment remains active */
+ EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_ACTIVE);
+
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "xts-plain", &rparams), "Reencryption already initialized.");
+
+ rparams.flags = 0;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+
+ /* check keyslots are reassigned to segment after reencryption */
+ EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INACTIVE);
+ EQ_(crypt_keyslot_status(cd, 9), CRYPT_SLOT_ACTIVE_LAST);
+ EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND);
+ EQ_(crypt_keyslot_status(cd, 11), CRYPT_SLOT_UNBOUND);
+ EQ_(crypt_keyslot_status(cd, 21), CRYPT_SLOT_INACTIVE);
+
+ EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ params2.sector_size = 512;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
+
+ /* fixed device size parameter impact */
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ rparams.device_size = 24;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size.");
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
+ rparams.device_size = 15;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size alignment.");
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
+ FAIL_(crypt_reencrypt_run(cd, NULL, NULL), "Reencryption context not initialized.");
+ rparams.device_size = 16;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
+
+ /* limited hotzone size parameter impact */
+ EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ rparams.device_size = 0;
+ params2.sector_size = 4096;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+
+ /* max hotzone size parameter impact */
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ rparams.max_hotzone_size = 1;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid hotzone size alignment.");
+ rparams.max_hotzone_size = 24; /* should be ok. Device size is 16 sectors and the parameter defines upper limit, not lower */
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+ rparams.max_hotzone_size = 8;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+
+ rparams.max_hotzone_size = 0;
+ rparams.resilience = "haMster";
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience mode.");
+ rparams.resilience = "checksum";
+ rparams.hash = "hamSter";
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash.");
+
+ rparams.hash = "sha256";
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+
+ /* FIXME: this is a bug, but not critical (data shift parameter is ignored after initialization) */
+ //rparams.data_shift = 8;
+ //FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid reencryption parameters.");
+
+ EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
+ rparams.flags = 0;
+ rparams.resilience = "none";
+ rparams.max_hotzone_size = 2048;
+ /* online reencryption on inactive device */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device is not active.");
+ /* FIXME: this is minor bug. In fact we need only key from keyslot 9 */
+ //EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 9, PASSPHRASE, strlen(PASSPHRASE), 0), 9);
+ NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device.");
+ /* offline reencryption on active device */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device mounted or active.");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ /* Wrong context checks */
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
+ /* cd is ready for reencryption */
+ OK_(crypt_init(&cd2, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
+ rparams.flags = 0;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
+ FAIL_(crypt_reencrypt_run(cd2, NULL, NULL), "Invalid reencryption context.");
+ OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
+ OK_(crypt_persistent_flags_get(cd2, CRYPT_FLAGS_REQUIREMENTS, &getflags));
+ EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
+ EQ_(crypt_reencrypt_status(cd2, NULL), CRYPT_REENCRYPT_CLEAN);
+ FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
+ FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+ CRYPT_FREE(cd2);
+
+ /* Partial device reencryption parameter */
+ params2.sector_size = 512;
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+
+ rparams.device_size = 2;
+ rparams.max_hotzone_size = 1;
+ rparams.resilience = "none";
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
+
+ /* interrupt reencryption after 'test_progress_steps' */
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
+
+ NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Could not activate device in reencryption.");
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.size, 2);
+ EQ_(cad.offset, r_header_size);
+ /* TODO: this should work in future releases unless reencryption process is running */
+ FAIL_(crypt_resize(cd, CDEVICE_1, 1), "Device in reencryption.");
+ FAIL_(crypt_resize(cd, CDEVICE_1, 0), "Device in reencryption.");
+
+ rparams.max_hotzone_size = 0;
+ rparams.device_size = 3;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
+ crypt_deactivate(cd, CDEVICE_1);
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
+ rparams.device_size = 2;
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ NOTFAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Failed to initialize reencryption.");
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ /* after reencryption use whole device again */
+ EQ_(cad.size, 16);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ /* Reencrypt device with wrong size */
+ EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
+ OK_(crypt_resize(cd, CDEVICE_1, 7));
+ rparams.device_size = 0;
+ rparams.flags = 0;
+ params2.sector_size = 4096;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Active device size is not aligned to new sector size.");
+ rparams.device_size = 8;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Reduced reencryption size does not match active device.");
+ /* FIXME: allow after resize in reencryption is supported */
+ //NOTFAIL_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY | CRYPT_ACTIVATE_KEYRING_KEY), "Failed to load keys.");
+ // OK_(crypt_resize(cd, CDEVICE_1, 8));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ params2.sector_size = 512;
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_init(&cd2, DMDIR H_DEVICE));
+ OK_(crypt_set_data_offset(cd2, r_header_size - 8));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ OK_(crypt_set_pbkdf_type(cd2, &pbkdf));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_format(cd2, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_volume_key(cd2, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ EQ_(crypt_keyslot_add_by_key(cd2, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
+ EQ_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ /* reference wrong device in active device name */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device.");
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device.");
+ EQ_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
+ FAIL_(crypt_set_data_device(cd2, DMDIR L_DEVICE_OK), "Device in reencryption.");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ CRYPT_FREE(cd);
+ CRYPT_FREE(cd2);
+
+ /* data shift related tests */
+ params2.sector_size = 512;
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.direction = CRYPT_REENCRYPT_BACKWARD;
+ rparams.resilience = "datashift";
+ rparams.data_shift = 8;
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ rparams.luks2 = &params2;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
+ EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
+ EQ_(retparams.data_shift, 8);
+ EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
+ OK_(strcmp(retparams.resilience, "datashift"));
+ EQ_(crypt_get_data_offset(cd), 32776);
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.size, 8);
+ EQ_(crypt_get_data_offset(cd), 32776);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ rparams.flags = 0;
+ EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Device is too small.");
+ CRYPT_FREE(cd);
+ // BUG: We need reencrypt abort flag
+ /* it fails, but it's already initialized and we have no way to abort yet */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1);
+ EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
+ rparams.direction = CRYPT_REENCRYPT_FORWARD;
+ rparams.resilience = "datashift";
+ rparams.data_shift = 8;
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
+ EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
+ EQ_(retparams.data_shift, 8);
+ EQ_(retparams.mode, CRYPT_REENCRYPT_REENCRYPT);
+ OK_(strcmp(retparams.resilience, "datashift"));
+ EQ_(crypt_get_data_offset(cd), 32760);
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.size, 24);
+ EQ_(crypt_get_data_offset(cd), 32760);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ /* data shift with online device */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ rparams.direction = CRYPT_REENCRYPT_BACKWARD;
+ rparams.resilience = "datashift";
+ rparams.data_shift = 8;
+ rparams.flags = 0;
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Active device too large.");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.size, 8);
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+
+ /* encryption with datashift and moved segment (limit values for data shift) */
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2));
+
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+
+ memset(&rparams, 0, sizeof(rparams));
+ params2.sector_size = 512;
+ params2.data_device = DMDIR L_DEVICE_OK;
+ rparams.mode = CRYPT_REENCRYPT_ENCRYPT;
+ rparams.direction = CRYPT_REENCRYPT_BACKWARD;
+ rparams.resilience = "datashift";
+ rparams.data_shift = 8192;
+ rparams.luks2 = &params2;
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
+ OK_(crypt_set_data_offset(cd, 8192));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_reencrypt_status(cd, &retparams), CRYPT_REENCRYPT_CLEAN);
+ EQ_(retparams.mode, CRYPT_REENCRYPT_ENCRYPT);
+ OK_(strcmp(retparams.resilience, "datashift"));
+ EQ_(retparams.data_shift, 8192);
+ EQ_(retparams.flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT, CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT);
+ EQ_(crypt_get_data_offset(cd), 8192);
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, 8*1024*2+1));
+
+ /* encryption with datashift and moved segment (data shift + 1 sector) */
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
+ OK_(crypt_set_data_offset(cd, 8192));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_header_restore(cd, CRYPT_LUKS2, DMDIR H_DEVICE));
+ EQ_(crypt_get_data_offset(cd), 8192);
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, 2*8200));
+
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+
+ /* encryption with datashift and moved segment (data shift + data offset <= device size) */
+ memset(&rparams, 0, sizeof(rparams));
+ params2.sector_size = 512;
+ params2.data_device = DMDIR L_DEVICE_OK;
+ rparams.mode = CRYPT_REENCRYPT_ENCRYPT;
+ rparams.direction = CRYPT_REENCRYPT_BACKWARD;
+ rparams.resilience = "datashift";
+ rparams.data_shift = 8200;
+ rparams.luks2 = &params2;
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
+ OK_(crypt_set_data_offset(cd, 8200));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), "Data device is too small");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 1));
+
+ /* decryption backward */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ params2.data_device = NULL;
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.mode = CRYPT_REENCRYPT_DECRYPT;
+ rparams.direction = CRYPT_REENCRYPT_BACKWARD;
+ rparams.resilience = "none";
+ rparams.max_hotzone_size = 2048;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), r_header_size);
+ EQ_(crypt_get_volume_key_size(cd), 0);
+ OK_(strcmp(crypt_get_cipher(cd), "cipher_null"));
+ CRYPT_FREE(cd);
+
+ /* decryption forward */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ params2.data_device = NULL;
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.mode = CRYPT_REENCRYPT_DECRYPT;
+ rparams.direction = CRYPT_REENCRYPT_FORWARD;
+ rparams.resilience = "none";
+ rparams.max_hotzone_size = 2048;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+
+ /* decryption forward (online) */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ params2.data_device = NULL;
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.mode = CRYPT_REENCRYPT_DECRYPT;
+ rparams.direction = CRYPT_REENCRYPT_FORWARD;
+ rparams.resilience = "none";
+ rparams.max_hotzone_size = 2048;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+
+ /* decryption with data shift */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ params2.data_device = NULL;
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ remove(BACKUP_FILE);
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ CRYPT_FREE(cd);
+ // FIXME: we need write flock
+ OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), r_header_size);
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.mode = CRYPT_REENCRYPT_DECRYPT;
+ rparams.direction = CRYPT_REENCRYPT_FORWARD;
+ rparams.resilience = "datashift";
+ rparams.data_shift = r_header_size;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
+ EQ_(crypt_get_data_offset(cd), 0);
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ remove(BACKUP_FILE);
+ CRYPT_FREE(cd);
+
+ /* online decryption with data shift (future feature) */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ params2.data_device = NULL;
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
+ OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1));
+ EQ_(r_size_1, 512);
+ // store devno for later size check
+ OK_(t_get_devno(CDEVICE_2, &devno));
+ // create placeholder device to block automatic deactivation after decryption
+ OK_(_system("dmsetup create " CDEVICE_1 " --table \"0 1 linear " DMDIR CDEVICE_2 " 0\"", 1));
+ remove(BACKUP_FILE);
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ CRYPT_FREE(cd);
+ // FIXME: we need write flock
+ OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_get_data_offset(cd), r_header_size);
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.mode = CRYPT_REENCRYPT_DECRYPT;
+ rparams.direction = CRYPT_REENCRYPT_FORWARD;
+ rparams.resilience = "datashift";
+ rparams.data_shift = r_header_size;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
+ EQ_(crypt_get_data_offset(cd), 0);
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ remove(BACKUP_FILE);
+ OK_(t_device_size_by_devno(devno, &r_size_1));
+ EQ_(r_size_1, 512);
+ OK_(_system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size));
+ OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_header_size));
+
+ /* check detached header misuse (mismatching keys in table and mda) */
+ OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ params2.data_device = DMDIR L_DEVICE_WRONG;
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
+ /* activate second device using same header */
+ OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_pbkdf_type(cd2, &pbkdf));
+ EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
+ CRYPT_FREE(cd2);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.resilience = "none";
+ rparams.max_hotzone_size = 16*2048;
+ rparams.luks2 = &params2;
+
+ OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+
+ OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
+ OK_(crypt_set_pbkdf_type(cd2, &pbkdf));
+ EQ_(crypt_keyslot_add_by_key(cd2, 2, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
+ rparams.flags = CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table.");
+ OK_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams));
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table.");
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ CRYPT_FREE(cd);
+ CRYPT_FREE(cd2);
+
+ /* check detached header misuse (mismatching progress data in active device and mda) */
+ OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ params2.data_device = DMDIR L_DEVICE_WRONG;
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ rparams.flags = 0;
+ rparams.max_hotzone_size = 8;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
+ /* reencrypt 8 sectors of device */
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
+
+ /* activate another data device with same LUKS2 header (this is wrong, but we can't detect such mistake) */
+ OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
+ NOTFAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_2, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
+ CRYPT_FREE(cd2);
+
+ /* reencrypt yet another 8 sectors of first device */
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
+
+ /* Now active mapping for second data device does not match its metadata */
+ OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams), "Mismatching device table.");
+ OK_(crypt_deactivate(cd2, CDEVICE_2));
+ CRYPT_FREE(cd2);
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
+
+ /* Test LUKS2 reencryption honors flags device was activate with */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ params2.sector_size = 512;
+ params2.data_device = NULL;
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ OK_(crypt_volume_key_keyring(cd, 0)); /* disable keyring */
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_ALLOW_DISCARDS), 6);
+ OK_(crypt_volume_key_keyring(cd, 1));
+ rparams.mode = CRYPT_REENCRYPT_REENCRYPT;
+ rparams.direction = CRYPT_REENCRYPT_FORWARD,
+ rparams.resilience = "none",
+ rparams.max_hotzone_size = 8;
+ rparams.luks2 = &params2;
+ rparams.flags = 0;
+ EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
+ OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS);
+ EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0);
+ CRYPT_FREE(cd);
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
+ rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS);
+ EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_header_size + 16));
+
+ rparams.mode = CRYPT_REENCRYPT_REENCRYPT;
+ rparams.direction = CRYPT_REENCRYPT_FORWARD;
+ rparams.resilience = "none";
+ rparams.hash = NULL;
+ rparams.data_shift = 0;
+ rparams.max_hotzone_size = 0;
+ rparams.device_size = 0;
+ rparams.luks2 = &params2;
+ rparams.flags = 0;
+
+ /* Test support for specific key reencryption */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 3);
+ EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
+ EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10);
+ OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 3, 9, "aes", "xts-plain64", &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+ OK_(crypt_keyslot_destroy(cd, 9));
+ OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, 2 * r_header_size));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "datashift-checksum",
+ .hash = "sha256",
+ .data_shift = r_header_size,
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
+ };
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL));
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ CRYPT_FREE(cd);
+
+ params2.data_device = DMDIR L_DEVICE_OK;
+ params2.sector_size = 512;
+
+ /* create detached LUKS2 header (with data_offset == 0) */
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, &params2));
+ EQ_(crypt_get_data_offset(cd), 0);
+ OK_(set_fast_pbkdf(cd));
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)));
+ CRYPT_FREE(cd);
+
+ /* initiate LUKS2 decryption with datashift on bogus LUKS2 header (data_offset == 0) */
+ OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Illegal data offset");
+ /* reencryption must not initialize */
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ CRYPT_FREE(cd);
+ /* original data device must stay untouched */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ CRYPT_FREE(cd);
+
+ OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+
+ /* simulate read error at first segment beyond data offset*/
+ OK_(dmdevice_error_io(L_DEVICE_OK, DMDIR L_DEVICE_OK, DEVICE_ERROR, 0, r_header_size, 8, ERR_RD));
+
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Could not read first data segment");
+ CRYPT_FREE(cd);
+
+ /* Device must not be in reencryption */
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ /* simulate write error in original LUKS2 header area */
+ OK_(dmdevice_error_io(L_DEVICE_OK, DMDIR L_DEVICE_OK, DEVICE_ERROR, 0, 0, 8, ERR_WR));
+
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Could not write first data segment");
+ CRYPT_FREE(cd);
+
+ /* Device must not be in reencryption */
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ CRYPT_FREE(cd);
+ remove(BACKUP_FILE);
+
+ /* remove error mapping */
+ OK_(dmdevice_error_io(L_DEVICE_OK, DMDIR L_DEVICE_OK, DEVICE_ERROR, 0, 0, 8, ERR_REMOVE));
+
+ /* test various bogus reencryption resilience parameters */
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "checksum", /* should have been datashift-checksum */
+ .hash = "sha256",
+ .data_shift = r_header_size,
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
+ };
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL));
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ CRYPT_FREE(cd);
+
+ OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+
+ /* decryption on device with data offset and no datashift subvariant mode */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "journal"; /* should have been datashift-journal */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "datashift-checksum",
+ .hash = "sha256",
+ .data_shift = 0, /* must be non zero */
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
+ };
+
+ /* datashift = 0 */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "datashift-journal";
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "datashift"; /* datashift only is not supported in decryption mode with moved segment */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, &params2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
+
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_REENCRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "datashift-checksum",
+ .hash = "sha256",
+ .data_shift = r_header_size,
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY
+ };
+
+ /* regular reencryption must not accept datashift subvariants */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "datashift-journal";
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ CRYPT_FREE(cd);
+ _cleanup_dmdevices();
+}
+#endif
+
+static void LuksKeyslotAdd(void)
+{
+ struct crypt_params_luks2 params = {
+ .sector_size = 512
+ };
+ char key[128], key3[128];
+#ifdef KERNEL_KEYRING
+ int ks;
+ key_serial_t kid;
+#endif
+ const struct crypt_token_params_luks2_keyring tparams = {
+ .key_description = KEY_DESC_TEST0
+ };
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset;
+ struct crypt_keyslot_context *um1, *um2;
+
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key3, vk_hex2, key_size);
+
+ // init test devices
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1));
+
+ // test support for embedded key (after crypt_format)
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3);
+ EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE_LAST);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+ CRYPT_FREE(cd);
+
+ // test add by volume key
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE1, strlen(PASSPHRASE1), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um2, 0), 0);
+ EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // Add by same passphrase
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um1, 0), 1);
+ EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+
+ // new passphrase can't be provided by key method
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 1, um1, CRYPT_ANY_SLOT, um2, 0), "Can't get passphrase via selected unlock method");
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // add by keyfile
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1)));
+ OK_(prepare_keyfile(KEYFILE2, KEY1, strlen(KEY1)));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, 0, um1, 2, um2, 0), 2);
+ EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // add by same keyfile
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, 2, um1, 4, um1, 0), 4);
+ EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+
+ // keyslot already exists
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 0, um2, 0), "Keyslot already exists.");
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // generate new unbound key
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, 9, &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 10, um2, CRYPT_VOLUME_KEY_NO_SEGMENT), 10);
+ EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ EQ_(crypt_token_luks2_keyring_set(cd, 3, &tparams), 3);
+ EQ_(crypt_token_assign_keyslot(cd, 3, 1), 3);
+ EQ_(crypt_token_assign_keyslot(cd, 3, 3), 3);
+
+ // test unlocking/adding keyslot by LUKS2 token
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ // passphrase not in keyring
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available.");
+#ifdef KERNEL_KEYRING
+ // wrong passphrase in keyring
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available.");
+
+ // token unlocks keyslot
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), 13);
+ EQ_(crypt_keyslot_status(cd, 13), CRYPT_SLOT_ACTIVE);
+
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // token provides passphrase for new keyslot
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 30, um2, 0), 30);
+ EQ_(crypt_keyslot_status(cd, 30), CRYPT_SLOT_ACTIVE);
+ OK_(crypt_token_is_assigned(cd, 3, 30));
+
+ // unlock and add by same token
+ crypt_keyslot_context_free(um1);
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
+ ks = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um1, 0);
+ GE_(ks, 0);
+ EQ_(crypt_keyslot_status(cd, ks), CRYPT_SLOT_ACTIVE);
+ OK_(crypt_token_is_assigned(cd, 3, ks));
+#endif
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void VolumeKeyGet(void)
+{
+ struct crypt_params_luks2 params = {
+ .sector_size = 512
+ };
+ char key[256], key2[256];
+#ifdef KERNEL_KEYRING
+ key_serial_t kid;
+ const struct crypt_token_params_luks2_keyring tparams = {
+ .key_description = KEY_DESC_TEST0
+ };
+#endif
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"
+ "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1b";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "xts-plain64";
+ uint64_t r_payload_offset;
+ struct crypt_keyslot_context *um1, *um2;
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1)));
+
+#ifdef KERNEL_KEYRING
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+#endif
+
+ // init test devices
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1));
+
+ // test support for embedded key (after crypt_format)
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, &params));
+ key_size--;
+ FAIL_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL), "buffer too small");
+
+ // check cached generated volume key can be retrieved
+ key_size++;
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL));
+ OK_(crypt_volume_key_verify(cd, key2, key_size));
+ CRYPT_FREE(cd);
+
+ // check we can add keyslot via retrieved key
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+ CRYPT_FREE(cd);
+
+ // check selected volume key can be retrieved and added
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params));
+ memset(key2, 0, key_size);
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL));
+ OK_(memcmp(key, key2, key_size));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 0, um2, 0), 0);
+ crypt_keyslot_context_free(um2);
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um2, 0), 1);
+ crypt_keyslot_context_free(um2);
+#ifdef KERNEL_KEYRING
+ EQ_(crypt_token_luks2_keyring_set(cd, 0, &tparams), 0);
+ EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
+#endif
+ crypt_keyslot_context_free(um1);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ // check key context is not usable
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), -EINVAL);
+ crypt_keyslot_context_free(um1);
+
+ // by passphrase
+ memset(key2, 0, key_size);
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 0);
+ OK_(memcmp(key, key2, key_size));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, 0, key2, &key_size, um1), 0);
+ OK_(memcmp(key, key2, key_size));
+ crypt_keyslot_context_free(um1);
+
+ // by keyfile
+ memset(key2, 0, key_size);
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1);
+ OK_(memcmp(key, key2, key_size));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, 1, key2, &key_size, um1), 1);
+ crypt_keyslot_context_free(um1);
+
+#ifdef KERNEL_KEYRING
+ // by token
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1);
+ OK_(memcmp(key, key2, key_size));
+ crypt_keyslot_context_free(um1);
+#endif
+ CRYPT_FREE(cd);
+
+ _remove_keyfiles();
+ _cleanup_dmdevices();
+}
+
+static int _crypt_load_check(struct crypt_device *cd)
+{
+#ifdef HAVE_BLKID
+ return crypt_load(cd, CRYPT_LUKS, NULL);
+#else
+ return -ENOTSUP;
+#endif
+}
+
+static void Luks2Repair(void)
+{
+ char rollback[256];
+
+ GE_(snprintf(rollback, sizeof(rollback),
+ "dd if=" IMAGE_PV_LUKS2_SEC ".bcp of=%s bs=1M 2>/dev/null", DEVICE_6), 0);
+
+ OK_(crypt_init(&cd, DEVICE_6));
+
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
+ FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
+
+ /* check explicit LUKS2 repair works */
+ OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DEVICE_6));
+
+ /* rollback */
+ OK_(_system(rollback, 1));
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
+
+ /* check repair with type detection works */
+ OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ CRYPT_FREE(cd);
+
+ /* repeat with locking disabled (must not have any effect) */
+ OK_(_system(rollback, 1));
+ OK_(crypt_init(&cd, DEVICE_6));
+ OK_(crypt_metadata_locking(cd, 0));
+
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
+ FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
+
+ /* check explicit LUKS2 repair works */
+ OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
+ OK_(crypt_load(cd, CRYPT_LUKS, NULL));
+ CRYPT_FREE(cd);
+ OK_(crypt_init(&cd, DEVICE_6));
+
+ /* rollback */
+ OK_(_system(rollback, 1));
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
+
+ /* check repair with type detection works */
+ OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ CRYPT_FREE(cd);
+}
+
+static void int_handler(int sig __attribute__((__unused__)))
+{
+ _quit++;
+}
+
+int main(int argc, char *argv[])
+{
+ struct sigaction sa = { .sa_handler = int_handler };
+ int i;
+
+ if (getuid() != 0) {
+ printf("You must be root to run this test.\n");
+ exit(77);
+ }
+#ifndef NO_CRYPTSETUP_PATH
+ if (getenv("CRYPTSETUP_PATH")) {
+ printf("Cannot run this test with CRYPTSETUP_PATH set.\n");
+ exit(77);
+ }
+#endif
+ for (i = 1; i < argc; i++) {
+ if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i]))
+ _verbose = 1;
+ else if (!strcmp("--debug", argv[i]))
+ _debug = _verbose = 1;
+ }
+
+ /* Handle interrupt properly */
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGTERM, &sa, NULL);
+
+ register_cleanup(_cleanup);
+
+ _cleanup();
+ if (_setup()) {
+ printf("Cannot set test devices.\n");
+ _cleanup();
+ exit(77);
+ }
+
+ crypt_set_debug_level(_debug ? CRYPT_DEBUG_JSON : CRYPT_DEBUG_NONE);
+
+ RUN_(AddDeviceLuks2, "Format and use LUKS2 device");
+ RUN_(Luks2MetadataSize, "LUKS2 metadata settings");
+ RUN_(Luks2HeaderLoad, "LUKS2 header load");
+ RUN_(Luks2HeaderRestore, "LUKS2 header restore");
+ RUN_(Luks2HeaderBackup, "LUKS2 header backup");
+ RUN_(ResizeDeviceLuks2, "LUKS2 device resize tests");
+ RUN_(UseLuks2Device, "Use pre-formated LUKS2 device");
+ RUN_(SuspendDevice, "LUKS2 Suspend/Resume");
+ RUN_(UseTempVolumes, "Format and use temporary encrypted device");
+ RUN_(Tokens, "General tokens API");
+ RUN_(TokenActivationByKeyring, "Builtin kernel keyring token");
+ RUN_(LuksConvert, "LUKS1 <-> LUKS2 conversions");
+ RUN_(Pbkdf, "Default PBKDF manipulation routines");
+ RUN_(Luks2KeyslotParams, "Add a new keyslot with different encryption");
+ RUN_(Luks2KeyslotAdd, "Add a new keyslot by unused key");
+ RUN_(Luks2ActivateByKeyring, "LUKS2 activation by passphrase in keyring");
+ RUN_(Luks2Requirements, "LUKS2 requirements flags");
+ RUN_(Luks2Integrity, "LUKS2 with data integrity");
+ RUN_(Luks2Refresh, "Active device table refresh");
+ RUN_(Luks2Flags, "LUKS2 persistent flags");
+#if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
+ RUN_(Luks2Reencryption, "LUKS2 reencryption");
+#endif
+ RUN_(LuksKeyslotAdd, "Adding keyslot via new API");
+ RUN_(VolumeKeyGet, "Getting volume key via keyslot context API");
+ RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run always last!
+
+ _cleanup();
+ return 0;
+}