diff options
Diffstat (limited to '')
84 files changed, 4144 insertions, 0 deletions
diff --git a/tests/generators/generate-luks2-area-in-json-hdr-space-json0.img.sh b/tests/generators/generate-luks2-area-in-json-hdr-space-json0.img.sh new file mode 100755 index 0000000..a7d3147 --- /dev/null +++ b/tests/generators/generate-luks2-area-in-json-hdr-space-json0.img.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with one area accessing luks +# header space +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # make area 7 access the luks2 header space + OFFS=$((2*LUKS2_HDR_SIZE*512-1)) + LEN=1 + json_str=$(jq -c --arg off $OFFS --arg len $LEN \ + '.keyslots."0".area.offset = $off | .keyslots."0".area.size = $len' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c --arg off $OFFS --arg len $LEN \ + 'if (.keyslots."0".area.offset != $off) or (.keyslots."0".area.size != $len) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-argon2-leftover-params.img.sh b/tests/generators/generate-luks2-argon2-leftover-params.img.sh new file mode 100755 index 0000000..f0b74d7 --- /dev/null +++ b/tests/generators/generate-luks2-argon2-leftover-params.img.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with luks2 keyslot kdf object +# having left over params. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # add keyslot 1 to second digest + obj_len=$(jq -c -M '.keyslots."1".kdf | length' $TMPDIR/json0) + json_str=$(jq -r -c -M '.keyslots."1".kdf.type = "pbkdf2" | .keyslots."1".kdf.iterations = 1001 | .keyslots."1".kdf.hash = "sha256"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_obj_len=$(jq -c -M '.keyslots."1".kdf | length' $TMPDIR/json_res0) + test $((obj_len+2)) -eq $new_obj_len || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-correct-full-json0.img.sh b/tests/generators/generate-luks2-correct-full-json0.img.sh new file mode 100755 index 0000000..5cba271 --- /dev/null +++ b/tests/generators/generate-luks2-correct-full-json0.img.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with correct json of maximal size in primary slot. +# Secondary header is broken on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +PATTERN="\"config\":{" +KEY="\"config_key\":\"" + +function generate() +{ + read -r json_str < $TMPDIR/json0 + json_len=${#json_str} + pindex=$(strindex $json_str $PATTERN) + test $pindex -gt 0 || exit 2 + + offset=${#PATTERN} + offset=$((offset+pindex)) + key_len=${#KEY} + remain=$((LUKS2_JSON_SIZE*512-json_len-key_len-2)) # -2: closing '"' and terminating '\0' + if [ ${json_str:offset:1} = "}" ]; then + format_str="%s%s%s" + else + format_str="%s%s,%s" + remain=$((remain-1)) # also count with separating ',' + fi + test $remain -gt 0 || exit 2 + + fill=$(repeat_str "X" $remain)"\"" + + printf $format_str $KEY $fill ${json_str:$offset} | _dd of=$TMPDIR/json0 bs=1 seek=$offset conv=notrunc + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + #json_str_res0=$(< $TMPDIR/json_res0) + read -r json_str_res0 < $TMPDIR/json_res0 + test ${#json_str_res0} -eq $((LUKS2_JSON_SIZE*512-1)) || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-corrupted-hdr0-with-correct-chks.img.sh b/tests/generators/generate-luks2-corrupted-hdr0-with-correct-chks.img.sh new file mode 100755 index 0000000..1365e0c --- /dev/null +++ b/tests/generators/generate-luks2-corrupted-hdr0-with-correct-chks.img.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with malformed json but correct checksum in primary header +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str < $TMPDIR/json0 + json_len=${#json_str} + json_len=$((json_len-1)) # to replace json closing '}' + json_new_str="${json_str:0:json_len},\"" + + while [ ${#json_new_str} -le $((LUKS2_JSON_SIZE*512)) ]; do + json_new_str=$json_new_str"all_work_and_no_play_makes_Jack_a_dull_boy_" + done + + printf "%s" $json_new_str | _dd of=$TMPDIR/json0 bs=512 count=$LUKS2_JSON_SIZE + + lib_mangle_json_hdr0 +} + +function check() +{ + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + read -r json_str_res0 < $TMPDIR/json_res0 + test ${#json_str_res0} -eq $((LUKS2_JSON_SIZE*512)) || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-corrupted-hdr1-with-correct-chks.img.sh b/tests/generators/generate-luks2-corrupted-hdr1-with-correct-chks.img.sh new file mode 100755 index 0000000..fcbbb1e --- /dev/null +++ b/tests/generators/generate-luks2-corrupted-hdr1-with-correct-chks.img.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with malformed json but correct checksum in secondary header +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str < $TMPDIR/json1 + json_len=${#json_str} + json_len=$((json_len-1)) # to replace json closing '}' + json_new_str="${json_str:0:json_len},\"" + + while [ ${#json_new_str} -le $((LUKS2_JSON_SIZE*512)) ]; do + json_new_str=$json_new_str"all_work_and_no_play_makes_Jack_a_dull_boy_" + done + + printf "%s" $json_new_str | _dd of=$TMPDIR/json1 bs=512 count=$LUKS2_JSON_SIZE + + lib_mangle_json_hdr1 +} + +function check() +{ + lib_hdr1_checksum || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 + read -r json_str_res1 < $TMPDIR/json_res1 + test ${#json_str_res1} -eq $((LUKS2_JSON_SIZE*512)) || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-checksum-both-hdrs.img.sh b/tests/generators/generate-luks2-invalid-checksum-both-hdrs.img.sh new file mode 100755 index 0000000..925763e --- /dev/null +++ b/tests/generators/generate-luks2-invalid-checksum-both-hdrs.img.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with bad checksum in both binary headerer +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + CHKS0=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin) + CHKS1=$(echo "D'oh!: arbitrary chosen string" | calc_sha256_checksum_stdin) + write_checksum $CHKS0 $TGT_IMG + write_checksum $CHKS1 $TMPDIR/hdr1 + write_luks2_bin_hdr1 $TMPDIR/hdr1 $TGT_IMG +} + +function check() +{ + lib_hdr0_checksum || exit 2 + lib_hdr1_checksum || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-checksum-hdr0.img.sh b/tests/generators/generate-luks2-invalid-checksum-hdr0.img.sh new file mode 100755 index 0000000..ae8c595 --- /dev/null +++ b/tests/generators/generate-luks2-invalid-checksum-hdr0.img.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with bad checksum in primary binary header +# + +# 1 full target dir +# 2 full source luks2 image + +function generate() +{ + CHKS0=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin) + write_checksum $CHKS0 $TGT_IMG +} + +function check() +{ + lib_hdr0_checksum || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-checksum-hdr1.img.sh b/tests/generators/generate-luks2-invalid-checksum-hdr1.img.sh new file mode 100755 index 0000000..a56695d --- /dev/null +++ b/tests/generators/generate-luks2-invalid-checksum-hdr1.img.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with bad checksum in secondary binary header +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + CHKS1=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin) + write_checksum $CHKS1 $TMPDIR/hdr1 + write_luks2_bin_hdr1 $TMPDIR/hdr1 $TGT_IMG +} + +function check() +{ + lib_hdr1_checksum || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-json-size-c0.img.sh b/tests/generators/generate-luks2-invalid-json-size-c0.img.sh new file mode 100755 index 0000000..13dea92 --- /dev/null +++ b/tests/generators/generate-luks2-invalid-json-size-c0.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with invalid json_size in config section +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + JS=$(((LUKS2_HDR_SIZE-LUKS2_BIN_HDR_SIZE)*512+4096)) + json_str=$(jq -c --arg js $JS '.config.json_size = ($js | tostring)' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c --arg js $JS 'if .config.json_size != ($js | tostring ) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-json-size-c1.img.sh b/tests/generators/generate-luks2-invalid-json-size-c1.img.sh new file mode 100755 index 0000000..5cdc7ce --- /dev/null +++ b/tests/generators/generate-luks2-invalid-json-size-c1.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with invalid json_size in config section +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + JS=$(((LUKS2_HDR_SIZE-LUKS2_BIN_HDR_SIZE)*512-4096)) + json_str=$(jq -c --arg js $JS '.config.json_size = ($js | tostring)' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c --arg js $JS 'if .config.json_size != ($js | tostring ) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-json-size-c2.img.sh b/tests/generators/generate-luks2-invalid-json-size-c2.img.sh new file mode 100755 index 0000000..4122338 --- /dev/null +++ b/tests/generators/generate-luks2-invalid-json-size-c2.img.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with config json size mismatching +# value in binary header +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + JS=$(((LUKS2_HDR_SIZE-LUKS2_BIN_HDR_SIZE)*512)) + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_32K + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + + json_str=$(jq -c '.' $TMPDIR/json0) + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 + local str_res1=$(head -c 4 $TMPDIR/hdr_res0) + test "$str_res1" = "LUKS" || exit 2 + + read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE + local str_res1=$(head -c 4 $TMPDIR/hdr_res1) + test "$str_res1" = "SKUL" || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c --arg js $JS 'if .config.json_size != ( $js | tostring ) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-keyslots-size-c0.img.sh b/tests/generators/generate-luks2-invalid-keyslots-size-c0.img.sh new file mode 100755 index 0000000..8187b72 --- /dev/null +++ b/tests/generators/generate-luks2-invalid-keyslots-size-c0.img.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with too large keyslots_size set in config section +# (iow config.keyslots_size = data_offset - keyslots_offset + 512) +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # make area 7 being included in area 6 + OFFS=$((2*LUKS2_HDR_SIZE*512)) + json_str=$(jq -c --arg off $OFFS '.config.keyslots_size = (.segments."0".offset | tonumber - ($off | tonumber) + 4096 | tostring)' $TMPDIR/json0) + test -n "$json_str" || exit 2 + # [.keyslots[].area.offset | tonumber] | max | tostring ---> max offset in keyslot areas + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c --arg off $OFFS 'if .config.keyslots_size != ( .segments."0".offset | tonumber - ($off | tonumber) + 4096 | tostring ) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-keyslots-size-c1.img.sh b/tests/generators/generate-luks2-invalid-keyslots-size-c1.img.sh new file mode 100755 index 0000000..2ba1a9b --- /dev/null +++ b/tests/generators/generate-luks2-invalid-keyslots-size-c1.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with unaligned keyslots_size config section +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c '.config.keyslots_size = (.config.keyslots_size | tonumber - 1 | tostring)' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.config.keyslots_size | tonumber % 4096) == 0 + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-keyslots-size-c2.img.sh b/tests/generators/generate-luks2-invalid-keyslots-size-c2.img.sh new file mode 100755 index 0000000..f983438 --- /dev/null +++ b/tests/generators/generate-luks2-invalid-keyslots-size-c2.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with keyslots_size less than sum of all keyslots area +# in json +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq '.config.keyslots_size = ([.keyslots[].area.size] | map(tonumber) | add - 4096 | tostring )' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .config.keyslots_size != ([.keyslots[].area.size ] | map(tonumber) | add - 4096 | tostring) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-object-type-json0.img.sh b/tests/generators/generate-luks2-invalid-object-type-json0.img.sh new file mode 100755 index 0000000..616120b --- /dev/null +++ b/tests/generators/generate-luks2-invalid-object-type-json0.img.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with well-formed json format +# where top level value is not of type object. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str < $TMPDIR/json0 + json_str="[$json_str]" # make top level value an array + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + printf "%s" "$json_str" | _dd of=$TMPDIR/json0 bs=1 conv=notrunc + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + read -r json_str_res0 < $TMPDIR/json_res0 + test "$json_str" = "$json_str_res0" || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-opening-char-json0.img.sh b/tests/generators/generate-luks2-invalid-opening-char-json0.img.sh new file mode 100755 index 0000000..3f34692 --- /dev/null +++ b/tests/generators/generate-luks2-invalid-opening-char-json0.img.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with well-formed json prefixed +# with useless whitespace. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str < $TMPDIR/json0 + json_str=" $json_str" # add useless opening whitespace + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + printf "%s" "$json_str" | _dd of=$TMPDIR/json0 bs=1 conv=notrunc + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + IFS= read -r json_str_res0 < $TMPDIR/json_res0 + test "$json_str" = "$json_str_res0" || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-tokens.img.sh b/tests/generators/generate-luks2-invalid-tokens.img.sh new file mode 100755 index 0000000..9719cf7 --- /dev/null +++ b/tests/generators/generate-luks2-invalid-tokens.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with well-formed json format +# where keyslot is not of type object. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c 'del(.tokens) | .tokens = 42' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + write_luks2_json "$json_str" $TMPDIR/json1 + + lib_mangle_json_hdr0 + lib_mangle_json_hdr1 +} + +function check() +{ + lib_hdr0_checksum || exit 2 + lib_hdr1_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .tokens != 42 + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-invalid-top-objects.img.sh b/tests/generators/generate-luks2-invalid-top-objects.img.sh new file mode 100755 index 0000000..174dc2c --- /dev/null +++ b/tests/generators/generate-luks2-invalid-top-objects.img.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with well-formed json format +# where multiple top objects are not of type object. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c 'del(.tokens) | .tokens = 42 | + del(.digests) | .digests = 42 | + del(.keyslots) | .keyslots = [] | + del(.segments) | .segments = "hi"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + write_luks2_json "$json_str" $TMPDIR/json1 + + lib_mangle_json_hdr0 + lib_mangle_json_hdr1 +} + +function check() +{ + lib_hdr0_checksum || exit 2 + lib_hdr1_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.tokens != 42) or (.digests != 42) or (.keyslots != []) or (.segments != "hi") + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-keyslot-invalid-af.img.sh b/tests/generators/generate-luks2-keyslot-invalid-af.img.sh new file mode 100755 index 0000000..99f7679 --- /dev/null +++ b/tests/generators/generate-luks2-keyslot-invalid-af.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with well-formed json format +# where keyslot AF type is invalid. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c 'del(.keyslots."0".af.type) | .keyslots."0".af.type = 42' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + write_luks2_json "$json_str" $TMPDIR/json1 + + lib_mangle_json_hdr0 + lib_mangle_json_hdr1 +} + +function check() +{ + lib_hdr0_checksum || exit 2 + lib_hdr1_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.keyslots."0".af.type != 42) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-keyslot-invalid-area-size.img.sh b/tests/generators/generate-luks2-keyslot-invalid-area-size.img.sh new file mode 100755 index 0000000..723d58a --- /dev/null +++ b/tests/generators/generate-luks2-keyslot-invalid-area-size.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with well-formed json format +# where keyslot area object size is UINT64_MAX and will overflow with added length +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c '.keyslots."0"."area".size = "18446744073709551615"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + write_luks2_json "$json_str" $TMPDIR/json1 + + lib_mangle_json_hdr0 + lib_mangle_json_hdr1 +} + +function check() +{ + lib_hdr0_checksum || exit 2 + lib_hdr1_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.keyslots."0"."area".size != "18446744073709551615") + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-keyslot-invalid-area.img.sh b/tests/generators/generate-luks2-keyslot-invalid-area.img.sh new file mode 100755 index 0000000..c41037e --- /dev/null +++ b/tests/generators/generate-luks2-keyslot-invalid-area.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with well-formed json format +# where keyslot area object is not of type object. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c 'del(.keyslots."0".area) | .keyslots."0".area = 42' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + write_luks2_json "$json_str" $TMPDIR/json1 + + lib_mangle_json_hdr0 + lib_mangle_json_hdr1 +} + +function check() +{ + lib_hdr0_checksum || exit 2 + lib_hdr1_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.keyslots."0".area != 42) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-keyslot-invalid-objects.img.sh b/tests/generators/generate-luks2-keyslot-invalid-objects.img.sh new file mode 100755 index 0000000..5fcfef2 --- /dev/null +++ b/tests/generators/generate-luks2-keyslot-invalid-objects.img.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate header with well-formed json format +# where multiple keyslots objects are not of type object. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c 'del(.keyslots."0".kdf) | .keyslots."0".kdf = 42 | + del(.keyslots."0".af) | .keyslots."0".af = 42' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + write_luks2_json "$json_str" $TMPDIR/json1 + + lib_mangle_json_hdr0 + lib_mangle_json_hdr1 +} + +function check() +{ + lib_hdr0_checksum || exit 2 + lib_hdr1_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.keyslots."0".kdf != 42) or (.keyslots."0".af != 42) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-keyslot-missing-digest.img.sh b/tests/generators/generate-luks2-keyslot-missing-digest.img.sh new file mode 100755 index 0000000..49aeff1 --- /dev/null +++ b/tests/generators/generate-luks2-keyslot-missing-digest.img.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with luks2 keyslot not assigned +# to any digest. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str_orig < $TMPDIR/json0 + arr_len=$(jq -c -M '.digests."0".keyslots | length' $TMPDIR/json0) + # remove first element from digests."0".keyslots array + json_str=$(jq -r -c -M 'del(.digests."0".keyslots[0])' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_arr_len=$(jq -c -M '.digests."0".keyslots | length' $TMPDIR/json_res0) + test $((arr_len-1)) -eq $new_arr_len || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-keyslot-too-many-digests.img.sh b/tests/generators/generate-luks2-keyslot-too-many-digests.img.sh new file mode 100755 index 0000000..5ba55f1 --- /dev/null +++ b/tests/generators/generate-luks2-keyslot-too-many-digests.img.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with luks2 keyslot assigned +# to more than 1 digest. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # add keyslot 1 to second digest + json_str=$(jq -r -c -M '.digests."1" = .digests."0" | .digests."1".keyslots = ["1"]' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_arr_len=$(jq -c -M '.digests."1".keyslots | length' $TMPDIR/json_res0) + test 1 -eq $new_arr_len || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-128k-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-128k-secondary.img.sh new file mode 100755 index 0000000..2a44678 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-128k-secondary.img.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate secondary header with one of allowed json area +# size values. Test whether auto-recovery code is able +# to validate secondary header with non-default json area +# size. +# +# primary header is corrupted on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 128 KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_128K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-128k.img.sh b/tests/generators/generate-luks2-metadata-size-128k.img.sh new file mode 100755 index 0000000..79cccbd --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-128k.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 128KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_128K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-16k-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-16k-secondary.img.sh new file mode 100755 index 0000000..f0e6e8d --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-16k-secondary.img.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate secondary header with one of allowed json area +# size values. Test whether auto-recovery code is able +# to validate secondary header with non-default json area +# size. +# +# primary header is corrupted on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 16 KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-1m-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-1m-secondary.img.sh new file mode 100755 index 0000000..25c19c1 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-1m-secondary.img.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate secondary header with one of allowed json area +# size values. Test whether auto-recovery code is able +# to validate secondary header with non-default json area +# size. +# +# primary header is corrupted on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 1 MiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_1M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-1m.img.sh b/tests/generators/generate-luks2-metadata-size-1m.img.sh new file mode 100755 index 0000000..9228fe5 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-1m.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 1 MiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_1M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-256k-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-256k-secondary.img.sh new file mode 100755 index 0000000..b4c1027 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-256k-secondary.img.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate secondary header with one of allowed json area +# size values. Test whether auto-recovery code is able +# to validate secondary header with non-default json area +# size. +# +# primary header is corrupted on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 256 KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_256K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-256k.img.sh b/tests/generators/generate-luks2-metadata-size-256k.img.sh new file mode 100755 index 0000000..60ec878 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-256k.img.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + + +function generate() +{ + # 256KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_256K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-2m-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-2m-secondary.img.sh new file mode 100755 index 0000000..0c68905 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-2m-secondary.img.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 2 MiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_2M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-2m.img.sh b/tests/generators/generate-luks2-metadata-size-2m.img.sh new file mode 100755 index 0000000..0dbb521 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-2m.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 2 MiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_2M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-32k-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-32k-secondary.img.sh new file mode 100755 index 0000000..effd244 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-32k-secondary.img.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate secondary header with one of allowed json area +# size values. Test whether auto-recovery code is able +# to validate secondary header with non-default json area +# size. +# +# primary header is corrupted on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 32 KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_32K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-32k.img.sh b/tests/generators/generate-luks2-metadata-size-32k.img.sh new file mode 100755 index 0000000..f970144 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-32k.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with non-default metadata json_size. +# There's only limited set of values allowed as json size in +# config section of LUKS2 metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 32KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_32K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-4m-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-4m-secondary.img.sh new file mode 100755 index 0000000..f423850 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-4m-secondary.img.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 4 MiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_4M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-4m.img.sh b/tests/generators/generate-luks2-metadata-size-4m.img.sh new file mode 100755 index 0000000..b15ad4b --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-4m.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 4 MiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_4M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-512k-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-512k-secondary.img.sh new file mode 100755 index 0000000..4980816 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-512k-secondary.img.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate secondary header with one of allowed json area +# size values. Test whether auto-recovery code is able +# to validate secondary header with non-default json area +# size. +# +# primary header is corrupted on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 512 KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_512K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-512k.img.sh b/tests/generators/generate-luks2-metadata-size-512k.img.sh new file mode 100755 index 0000000..f3da37f --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-512k.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 512KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_512K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-64k-inv-area-c0.img.sh b/tests/generators/generate-luks2-metadata-size-64k-inv-area-c0.img.sh new file mode 100755 index 0000000..3913f03 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-64k-inv-area-c0.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with non-default metadata json_size +# and keyslots area trespassing in json area. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 64KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_64K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024-1)) + # overlap in json area by exactly one byte + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024-1)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-64k-inv-area-c1.img.sh b/tests/generators/generate-luks2-metadata-size-64k-inv-area-c1.img.sh new file mode 100755 index 0000000..b01f933 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-64k-inv-area-c1.img.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with non-default metadata json_size +# and keyslot area overflowing out of keyslots area. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 64KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_64K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + --arg mda $((2*TEST_MDA_SIZE_BYTES)) \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .keyslots."7".area.offset = ( ((.config.keyslots_size | tonumber) + ($mda | tonumber) - (.keyslots."7".area.size | tonumber) + 1) | tostring ) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE +# .keyslots.7.area.offset = ( ((.config.keyslots_size | tonumber) + ($mda | tonumber) - (.keyslots.7.area.size | tonumber) + 1) | tostring ) | + jq -c --arg mda $((2*TEST_MDA_SIZE_BYTES)) --arg jsize $JSON_SIZE \ + 'if (.keyslots."7".area.offset != ( ((.config.keyslots_size | tonumber) + ($mda | tonumber) - (.keyslots."7".area.size | tonumber) + 1) | tostring )) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-64k-inv-keyslots-size-c0.img.sh b/tests/generators/generate-luks2-metadata-size-64k-inv-keyslots-size-c0.img.sh new file mode 100755 index 0000000..5b8517a --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-64k-inv-keyslots-size-c0.img.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size where keyslots size +# overflows in data area (segment offset) +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 64KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_64K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + --arg mda $((2*TEST_MDA_SIZE_BYTES)) \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .config.keyslots_size = (((($off | tonumber) - ($mda | tonumber) + 4096)) | tostring ) | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE --arg off $DATA_OFFSET --arg mda $((2*TEST_MDA_SIZE_BYTES)) \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) or + (.config.keyslots_size != (((($off | tonumber) - ($mda | tonumber) + 4096)) | tostring )) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-64k-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-64k-secondary.img.sh new file mode 100755 index 0000000..9635ab7 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-64k-secondary.img.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate secondary header with one of allowed json area +# size values. Test whether auto-recovery code is able +# to validate secondary header with non-default json area +# size. +# +# primary header is corrupted on purpose. +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 64 KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_64K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-64k.img.sh b/tests/generators/generate-luks2-metadata-size-64k.img.sh new file mode 100755 index 0000000..50941b8 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-64k.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # 64KiB metadata + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_64K + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-invalid-secondary.img.sh b/tests/generators/generate-luks2-metadata-size-invalid-secondary.img.sh new file mode 100755 index 0000000..d2ddd61 --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-invalid-secondary.img.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_1M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_MDA_SIZE_BOGUS_BYTES=$((TEST_MDA_SIZE*512*2*1024)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BOGUS_BYTES + + write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE +} + +function check() +{ + lib_hdr0_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-metadata-size-invalid.img.sh b/tests/generators/generate-luks2-metadata-size-invalid.img.sh new file mode 100755 index 0000000..745fc5c --- /dev/null +++ b/tests/generators/generate-luks2-metadata-size-invalid.img.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary with predefined json_size. There's only limited +# set of values allowed as json size in config section of LUKS2 +# metadata +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + TEST_MDA_SIZE=$LUKS2_HDR_SIZE_1M + + TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512)) + TEST_MDA_SIZE_BOGUS_BYTES=$((TEST_MDA_SIZE*512*2*1024)) + TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE)) + KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024)) + JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024)) + JSON_SIZE=$((TEST_JSN_SIZE*512)) + DATA_OFFSET=16777216 + + json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \ + '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) | + .config.json_size = $jsize | + .segments."0".offset = $off' $TMPDIR/json0) + test -n "$json_str" || exit 2 + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE + write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE + + write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BOGUS_BYTES + write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BOGUS_BYTES + + lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE + lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill +} + +function check() +{ + lib_hdr1_killed $TEST_MDA_SIZE || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE + jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \ + 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or + (.config.json_size != $jsize) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-missing-keyslot-referenced-in-digest.img.sh b/tests/generators/generate-luks2-missing-keyslot-referenced-in-digest.img.sh new file mode 100755 index 0000000..a0ca53c --- /dev/null +++ b/tests/generators/generate-luks2-missing-keyslot-referenced-in-digest.img.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with missing keyslot object referenced +# in digest object +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str_orig < $TMPDIR/json0 + arr_len=$(jq -c -M '.digests."0".keyslots | length' $TMPDIR/json0) + # add missing keyslot reference in keyslots array of digest '0' + json_str=$(jq -r -c -M 'def arr: ["digests", "0", "keyslots"]; + def missks: getpath(["keyslots"]) | keys | max | tonumber + 1 | tostring; + setpath(arr; getpath(arr) + [ missks ])' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_arr_len=$(jq -c -M '.digests."0".keyslots | length' $TMPDIR/json_res0) + test $((arr_len+1)) -eq $new_arr_len || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-missing-keyslot-referenced-in-token.img.sh b/tests/generators/generate-luks2-missing-keyslot-referenced-in-token.img.sh new file mode 100755 index 0000000..84d7ed2 --- /dev/null +++ b/tests/generators/generate-luks2-missing-keyslot-referenced-in-token.img.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with missing keyslot object referenced +# in token object +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str_orig < $TMPDIR/json0 + # add missing keyslot reference in keyslots array of token '0' + json_str=$(jq -r -c -M 'def missks: getpath(["keyslots"]) | keys | max | tonumber + 1 | tostring; + .tokens += {"0":{"type":"dummy","keyslots":[ "0", missks ]}}' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_arr_len=$(jq -c -M '.tokens."0".keyslots | length' $TMPDIR/json_res0) + test $new_arr_len -eq 2 || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-missing-segment-referenced-in-digest.img.sh b/tests/generators/generate-luks2-missing-segment-referenced-in-digest.img.sh new file mode 100755 index 0000000..300c2dc --- /dev/null +++ b/tests/generators/generate-luks2-missing-segment-referenced-in-digest.img.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with missing segment object referenced +# in digest object +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str_orig < $TMPDIR/json0 + arr_len=$(jq -c -M '.digests."0".segments | length' $TMPDIR/json0) + # add missing keyslot reference in keyslots array of digest '0' + json_str=$(jq -c 'def arr: ["digests", "0", "segments"]; + def missseg: getpath(["segments"]) | keys | max | tonumber + 1 | tostring; + setpath(arr; getpath(arr) + [ missseg ])' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_arr_len=$(jq -c -M '.digests."0".segments | length' $TMPDIR/json_res0) + test $((arr_len+1)) -eq $new_arr_len || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-missing-trailing-null-byte-json0.img.sh b/tests/generators/generate-luks2-missing-trailing-null-byte-json0.img.sh new file mode 100755 index 0000000..9c5ed0b --- /dev/null +++ b/tests/generators/generate-luks2-missing-trailing-null-byte-json0.img.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with well-formed json but missing +# trailing null byte. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +PATTERN="\"config\":{" +KEY="\"config_key\":\"" + +function generate() +{ + read -r json_str < $TMPDIR/json0 + json_len=${#json_str} + pindex=$(strindex $json_str $PATTERN) + test $pindex -gt 0 || exit 2 + + offset=${#PATTERN} + offset=$((offset+pindex)) + key_len=${#KEY} + remain=$((LUKS2_JSON_SIZE*512-key_len-json_len-1)) # -1: closing '"' + if [ ${json_str:offset:1} = "}" ]; then + format_str="%s%s%s" + else + format_str="%s%s,%s" + remain=$((remain-1)) # also count with separating ',' + fi + test $remain -gt 0 || exit 2 + + fill=$(repeat_str "X" $remain) + fill=$(repeat_str "X" $remain)"\"" + + printf $format_str $KEY $fill ${json_str:$offset} | _dd of=$TMPDIR/json0 bs=1 seek=$offset conv=notrunc + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + read -r json_str_res0 < $TMPDIR/json_res0 + test ${#json_str_res0} -eq $((LUKS2_JSON_SIZE*512)) || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh b/tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh new file mode 100755 index 0000000..6f4aa7d --- /dev/null +++ b/tests/generators/generate-luks2-non-null-byte-beyond-json0.img.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with json area concluded with illegal +# byte beyond terminating '}' character. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + read -r json_str < $TMPDIR/json0 + json_str="$json_str"X # add illegal 'X' beyond json format + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + printf '%s' $json_str | _dd of=$TMPDIR/json0 bs=1 conv=notrunc + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + read -r json_str_res0 < $TMPDIR/json_res0 + local len=${#json_str_res0} + len=$((len-1)) + test ${json_str_res0:len:1} = "X" || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-non-null-bytes-beyond-json0.img.sh b/tests/generators/generate-luks2-non-null-bytes-beyond-json0.img.sh new file mode 100755 index 0000000..18abf23 --- /dev/null +++ b/tests/generators/generate-luks2-non-null-bytes-beyond-json0.img.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with json area containing illegal bytes +# beyond well-formed json format. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +QUOTE="[Homer J. Simpson]: Keep looking shocked and move slowly towards the cake." +SPACE=20 + +function generate() +{ + read -r json_str < $TMPDIR/json0 + json_len_orig=${#json_str} + json_len=$((json_len_orig+${#QUOTE}+SPACE)) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + printf '%s' "$QUOTE" | _dd of=$TMPDIR/json0 seek=$((json_len_orig+SPACE)) bs=1 conv=notrunc + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + + _dd if=$TMPDIR/json_res0 of=$TMPDIR/quote skip=$((json_len_orig+SPACE)) count=${#QUOTE} bs=1 + json_str_res0=$(head -c ${#QUOTE} $TMPDIR/quote) + test "$json_str_res0" = "$QUOTE" || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-overlapping-areas-c0-json0.img.sh b/tests/generators/generate-luks2-overlapping-areas-c0-json0.img.sh new file mode 100755 index 0000000..23883bb --- /dev/null +++ b/tests/generators/generate-luks2-overlapping-areas-c0-json0.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with two exactly same areas in terms of 'offset' and 'length'. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # copy area 6 offset and length into area 7 + json_str=$(jq -c '.keyslots."7".area.offset = .keyslots."6".area.offset | + .keyslots."7".area.size = .keyslots."6".area.size' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.keyslots."6".area.offset != .keyslots."7".area.offset) or (.keyslots."6".area.size != .keyslots."7".area.size) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh b/tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh new file mode 100755 index 0000000..0733627 --- /dev/null +++ b/tests/generators/generate-luks2-overlapping-areas-c1-json0.img.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with one area included within another one (in terms of 'offset' + 'length') +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # make area 7 being included in area 6 + json_str=$(jq -c '.keyslots."7".area.offset = (.keyslots."6".area.offset | tonumber + 1 | tostring ) | + .keyslots."7".area.size = ( .keyslots."6".area.size | tonumber - 1 | tostring)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if (.keyslots."7".area.offset != (.keyslots."6".area.offset | tonumber + 1 | tostring)) or + (.keyslots."7".area.size != (.keyslots."6".area.size | tonumber - 1 | tostring)) or + (.keyslots."7".area.size | tonumber <= 0) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-overlapping-areas-c2-json0.img.sh b/tests/generators/generate-luks2-overlapping-areas-c2-json0.img.sh new file mode 100755 index 0000000..6699b38 --- /dev/null +++ b/tests/generators/generate-luks2-overlapping-areas-c2-json0.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with one area slightly cross the boundary of another one +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # make area 7 being included in area 6 + json_str=$(jq -c '.keyslots."7".area.offset = ([ .keyslots."6".area.offset, .keyslots."6".area.size ] | map(tonumber) | add - 1 | tostring)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .keyslots."7".area.offset != ([.keyslots."6".area.offset, .keyslots."6".area.size ] | map(tonumber) | add - 1 | tostring) + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-pbkdf2-leftover-params-0.img.sh b/tests/generators/generate-luks2-pbkdf2-leftover-params-0.img.sh new file mode 100755 index 0000000..e035f94 --- /dev/null +++ b/tests/generators/generate-luks2-pbkdf2-leftover-params-0.img.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with luks2 keyslot kdf object +# having left over params. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # add keyslot 1 to second digest + obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json0) + json_str=$(jq -r -c -M '.keyslots."2".kdf.type = "argon2i" | .keyslots."2".kdf.iterations = 1001 | .keyslots."2".kdf.hash = "sha256"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json_res0) + test $((obj_len+2)) -eq $new_obj_len || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-pbkdf2-leftover-params-1.img.sh b/tests/generators/generate-luks2-pbkdf2-leftover-params-1.img.sh new file mode 100755 index 0000000..d82c2bd --- /dev/null +++ b/tests/generators/generate-luks2-pbkdf2-leftover-params-1.img.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with luks2 keyslot kdf object +# having left over params. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # add keyslot 1 to second digest + obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json0) + json_str=$(jq -r -c -M '.keyslots."2".kdf.type = "argon2id" | .keyslots."2".kdf.iterations = 1001 | .keyslots."2".kdf.hash = "sha256"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + lib_hdr0_checksum || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + new_obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json_res0) + test $((obj_len+2)) -eq $new_obj_len || exit 2 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-empty-encryption.img.sh b/tests/generators/generate-luks2-segment-crypt-empty-encryption.img.sh new file mode 100755 index 0000000..ca17aac --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-empty-encryption.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment empty encryption field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".encryption = ""' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".encryption != "" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-missing-encryption.img.sh b/tests/generators/generate-luks2-segment-crypt-missing-encryption.img.sh new file mode 100755 index 0000000..e92bc2a --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-missing-encryption.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment encryption field missing +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c 'del(.segments."0".encryption)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".encryption + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-missing-ivoffset.img.sh b/tests/generators/generate-luks2-segment-crypt-missing-ivoffset.img.sh new file mode 100755 index 0000000..77beb53 --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-missing-ivoffset.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment iv_tweak field missing +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c 'del(.segments."0".iv_tweak)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".iv_tweak + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-missing-sectorsize.img.sh b/tests/generators/generate-luks2-segment-crypt-missing-sectorsize.img.sh new file mode 100755 index 0000000..0609533 --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-missing-sectorsize.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment sector_size field missing +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c 'del(.segments."0".sector_size)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".sector_size + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-wrong-encryption.img.sh b/tests/generators/generate-luks2-segment-crypt-wrong-encryption.img.sh new file mode 100755 index 0000000..9d7e584 --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-wrong-encryption.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment wrong encryption field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".encryption = {}' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".encryption | type != "object" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-wrong-ivoffset.img.sh b/tests/generators/generate-luks2-segment-crypt-wrong-ivoffset.img.sh new file mode 100755 index 0000000..0830a16 --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-wrong-ivoffset.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment iv_tweak field missing +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".iv_tweak = "dynamic"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".iv_tweak != "dynamic" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-0.img.sh b/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-0.img.sh new file mode 100755 index 0000000..069b6c0 --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-0.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment sector_size field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".sector_size = 1023' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".sector_size != 1023 + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-1.img.sh b/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-1.img.sh new file mode 100755 index 0000000..c310ff1 --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-1.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment sector_size field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".sector_size = "4096"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".sector_size != "4096" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-2.img.sh b/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-2.img.sh new file mode 100755 index 0000000..b4b8b39 --- /dev/null +++ b/tests/generators/generate-luks2-segment-crypt-wrong-sectorsize-2.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment sector_size field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".sector_size = -1024' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".sector_size != -1024 + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-missing-offset.img.sh b/tests/generators/generate-luks2-segment-missing-offset.img.sh new file mode 100755 index 0000000..6d5811e --- /dev/null +++ b/tests/generators/generate-luks2-segment-missing-offset.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment offset field missing +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c 'del(.segments."0".offset)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".offset + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-missing-size.img.sh b/tests/generators/generate-luks2-segment-missing-size.img.sh new file mode 100755 index 0000000..579858f --- /dev/null +++ b/tests/generators/generate-luks2-segment-missing-size.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment size field missing +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c 'del(.segments."0".size)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".size + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-missing-type.img.sh b/tests/generators/generate-luks2-segment-missing-type.img.sh new file mode 100755 index 0000000..5b74c5d --- /dev/null +++ b/tests/generators/generate-luks2-segment-missing-type.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment type field missing +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c 'del(.segments."0".type)' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".type + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-two.img.sh b/tests/generators/generate-luks2-segment-two.img.sh new file mode 100755 index 0000000..798c5be --- /dev/null +++ b/tests/generators/generate-luks2-segment-two.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with two segments +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".size = "512" | .segments."1" = {type:"some", offset: (.segments."0".offset | tonumber + 512 | tostring), size: "dynamic"}' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."1" | type != "object" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-unknown-type.img.sh b/tests/generators/generate-luks2-segment-unknown-type.img.sh new file mode 100755 index 0000000..814344a --- /dev/null +++ b/tests/generators/generate-luks2-segment-unknown-type.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with generic (unknown) segment type. +# It should pass the validation. +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0" = {type:"some_type", offset: .segments."0".offset, size: .segments."0".size, a_field:0}' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".type != "some_type" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-backup-key-0.img.sh b/tests/generators/generate-luks2-segment-wrong-backup-key-0.img.sh new file mode 100755 index 0000000..3ba9d47 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-backup-key-0.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong backup segment id +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # create illegal backup segment key (used to be bug in 32bit implementations) + json_str=$(jq -c '.segments[(.segments | length + 1 | tostring)] = { "type" : "linear", "offset" : "512", "size" : "512", "flags":["backup-x"]}' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments | length < 2 + then error("Unexpected segments count") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-backup-key-1.img.sh b/tests/generators/generate-luks2-segment-wrong-backup-key-1.img.sh new file mode 100755 index 0000000..11a94d7 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-backup-key-1.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong backup segment id +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # create illegal backup segment key (used to be bug in 32bit implementations) + json_str=$(jq -c '(.segments."0".offset | tonumber) as $i | .segments[range(1;65) | tostring] = { "type" : "linear", "offset" : ($i + 512 | tostring), "size" : "512" } | .segments."268435472" = { "type":"linear","offset":"512","size":"512","flags":["backup-x"]}' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments | length < 64 + then error("Unexpected segments count") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-flags-element.img.sh b/tests/generators/generate-luks2-segment-wrong-flags-element.img.sh new file mode 100755 index 0000000..72da1f1 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-flags-element.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment flags containing invalid type +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".flags = [ "hello", 1 ]' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".flags != [ "hello", 1 ] + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-flags.img.sh b/tests/generators/generate-luks2-segment-wrong-flags.img.sh new file mode 100755 index 0000000..19d6340 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-flags.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment flags field of invalid type +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".flags = "hello"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".flags != "hello" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-offset.img.sh b/tests/generators/generate-luks2-segment-wrong-offset.img.sh new file mode 100755 index 0000000..c9b1b50 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-offset.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment offset field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".offset = "-42"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".offset != "-42" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-size-0.img.sh b/tests/generators/generate-luks2-segment-wrong-size-0.img.sh new file mode 100755 index 0000000..b9227a7 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-size-0.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment size field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".size = 4096' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".size != 4096 + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-size-1.img.sh b/tests/generators/generate-luks2-segment-wrong-size-1.img.sh new file mode 100755 index 0000000..6be5031 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-size-1.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment size field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".size = "automatic"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".size != "automatic" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-size-2.img.sh b/tests/generators/generate-luks2-segment-wrong-size-2.img.sh new file mode 100755 index 0000000..311c0e8 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-size-2.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment size field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".size = "511"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".size != "511" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-segment-wrong-type.img.sh b/tests/generators/generate-luks2-segment-wrong-type.img.sh new file mode 100755 index 0000000..c041157 --- /dev/null +++ b/tests/generators/generate-luks2-segment-wrong-type.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with wrong segment type field +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # remove mandatory encryption field + json_str=$(jq -c '.segments."0".type = 42' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".type != 42 + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-uint64-max-segment-size.img.sh b/tests/generators/generate-luks2-uint64-max-segment-size.img.sh new file mode 100755 index 0000000..f966e1d --- /dev/null +++ b/tests/generators/generate-luks2-uint64-max-segment-size.img.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment size set to UINT64_MAX - 511 +# (512 sector aligned value) +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # UINT64_MAX - 511 (so that it's sector aligned) + json_str=$(jq -c '.segments."0".size = "18446744073709551104"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".size != "18446744073709551104" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-uint64-overflow-segment-size.img.sh b/tests/generators/generate-luks2-uint64-overflow-segment-size.img.sh new file mode 100755 index 0000000..4e064e4 --- /dev/null +++ b/tests/generators/generate-luks2-uint64-overflow-segment-size.img.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment size set to UINT64_MAX + 1 +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + json_str=$(jq -c '.segments."0".size = "18446744073709551616"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".size != "18446744073709551616" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/generate-luks2-uint64-signed-segment-size.img.sh b/tests/generators/generate-luks2-uint64-signed-segment-size.img.sh new file mode 100755 index 0000000..6687f35 --- /dev/null +++ b/tests/generators/generate-luks2-uint64-signed-segment-size.img.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +. lib.sh + +# +# *** Description *** +# +# generate primary header with segment size set to -512 +# +# secondary header is corrupted on purpose as well +# + +# $1 full target dir +# $2 full source luks2 image + +function generate() +{ + # UINT64_MAX + 1 (it's 512 sector aligned) + json_str=$(jq -c '.segments."0".size = "-512"' $TMPDIR/json0) + test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2 + + write_luks2_json "$json_str" $TMPDIR/json0 + + lib_mangle_json_hdr0_kill_hdr1 +} + +function check() +{ + lib_hdr1_killed || exit 2 + + read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 + jq -c 'if .segments."0".size != "-512" + then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5 +} + +lib_prepare $@ +generate +check +lib_cleanup diff --git a/tests/generators/lib.sh b/tests/generators/lib.sh new file mode 100644 index 0000000..c0e9cc1 --- /dev/null +++ b/tests/generators/lib.sh @@ -0,0 +1,283 @@ +#!/bin/bash + +# all in 512 bytes blocks (including binary hdr (4KiB)) +LUKS2_HDR_SIZE=32 # 16 KiB +LUKS2_HDR_SIZE_32K=64 # 32 KiB +LUKS2_HDR_SIZE_64K=128 # 64 KiB +LUKS2_HDR_SIZE_128K=256 # 128 KiB +LUKS2_HDR_SIZE_256K=512 # 256 KiB +LUKS2_HDR_SIZE_512K=1024 # 512 KiB +LUKS2_HDR_SIZE_1M=2048 # 1 MiB +LUKS2_HDR_SIZE_2M=4096 # 2 MiB +LUKS2_HDR_SIZE_4M=8192 # 4 MiB + +LUKS2_BIN_HDR_SIZE=8 # 4 KiB +LUKS2_JSON_SIZE=$((LUKS2_HDR_SIZE-LUKS2_BIN_HDR_SIZE)) + +LUKS2_BIN_HDR_CHKS_OFFSET=0x1C0 +LUKS2_BIN_HDR_CHKS_LENGTH=64 + +[ -z "$srcdir" ] && srcdir="." +TMPDIR=$srcdir/tmp + +# to be set by individual generator +TGT_IMG="" +SRC_IMG="" + +repeat_str() { + printf "$1"'%.0s' $(eval "echo {1.."$(($2))"}"); +} + +function strindex() +{ + local x="${1%%$2*}" + [[ $x = $1 ]] && echo -1 || echo ${#x} +} + +function test_img_name() +{ + local str=$(basename $1) + str=${str#generate-} + str=${str%%.sh} + echo $str +} + +# read primary bin hdr +# 1:from 2:to +function read_luks2_bin_hdr0() +{ + _dd if=$1 of=$2 bs=512 count=$LUKS2_BIN_HDR_SIZE +} + +# read primary json area +# 1:from 2:to 3:[json only size (defaults to 12KiB)] +function read_luks2_json0() +{ + local _js=${4:-$LUKS2_JSON_SIZE} + local _js=$((_js*512/4096)) + _dd if=$1 of=$2 bs=4096 skip=1 count=$_js +} + +# read secondary bin hdr +# 1:from 2:to 3:[metadata size (defaults to 16KiB)] +function read_luks2_bin_hdr1() +{ + _dd if=$1 of=$2 skip=${3:-$LUKS2_HDR_SIZE} bs=512 count=$LUKS2_BIN_HDR_SIZE +} + +# read secondary json area +# 1:from 2:to 3:[json only size (defaults to 12KiB)] +function read_luks2_json1() +{ + local _js=${3:-$LUKS2_JSON_SIZE} + _dd if=$1 of=$2 bs=512 skip=$((2*LUKS2_BIN_HDR_SIZE+_js)) count=$_js +} + +# read primary metadata area (bin + json) +# 1:from 2:to 3:[metadata size (defaults to 16KiB)] +function read_luks2_hdr_area0() +{ + local _as=${3:-$LUKS2_HDR_SIZE} + local _as=$((_as*512)) + _dd if=$1 of=$2 bs=$_as count=1 +} + +# read secondary metadata area (bin + json) +# 1:from 2:to 3:[metadata size (defaults to 16KiB)] +function read_luks2_hdr_area1() +{ + local _as=${3:-$LUKS2_HDR_SIZE} + local _as=$((_as*512)) + _dd if=$1 of=$2 bs=$_as skip=1 count=1 +} + +# write secondary bin hdr +# 1:from 2:to 3:[metadata size (defaults to 16KiB)] +function write_luks2_bin_hdr1() +{ + _dd if=$1 of=$2 bs=512 seek=${3:-$LUKS2_HDR_SIZE} count=$LUKS2_BIN_HDR_SIZE conv=notrunc +} + +# write primary metadata area (bin + json) +# 1:from 2:to 3:[metadata size (defaults to 16KiB)] +function write_luks2_hdr0() +{ + local _as=${3:-$LUKS2_HDR_SIZE} + local _as=$((_as*512)) + _dd if=$1 of=$2 bs=$_as count=1 conv=notrunc +} + +# write secondary metadata area (bin + json) +# 1:from 2:to 3:[metadata size (defaults to 16KiB)] +function write_luks2_hdr1() +{ + local _as=${3:-$LUKS2_HDR_SIZE} + local _as=$((_as*512)) + _dd if=$1 of=$2 bs=$_as seek=1 count=1 conv=notrunc +} + +# write json (includes padding) +# 1:json_string 2:to 3:[json size (defaults to 12KiB)] +function write_luks2_json() +{ + local _js=${3:-$LUKS2_JSON_SIZE} + local len=${#1} + echo -n -E "$1" > $2 + truncate -s $((_js*512)) $2 +} + +function kill_bin_hdr() +{ + printf "VACUUM" | _dd of=$1 bs=1 conv=notrunc +} + +function erase_checksum() +{ + _dd if=/dev/zero of=$1 bs=1 seek=$(printf %d $LUKS2_BIN_HDR_CHKS_OFFSET) count=$LUKS2_BIN_HDR_CHKS_LENGTH conv=notrunc +} + +function read_sha256_checksum() +{ + _dd if=$1 bs=1 skip=$(printf %d $LUKS2_BIN_HDR_CHKS_OFFSET) count=32 | xxd -c 32 -p +} + +# 1 - string with checksum +function write_checksum() +{ + test $# -eq 2 || return 1 + test $((${#1}/2)) -le $LUKS2_BIN_HDR_CHKS_LENGTH || { echo "too long"; return 1; } + + echo $1 | xxd -r -p | _dd of=$2 bs=1 seek=$(printf %d $LUKS2_BIN_HDR_CHKS_OFFSET) conv=notrunc +} + +function calc_sha256_checksum_file() +{ + sha256sum $1 | cut -d ' ' -f 1 +} + +function calc_sha256_checksum_stdin() +{ + sha256sum - | cut -d ' ' -f 1 +} + +# merge bin hdr with json to form metadata area +# 1:bin_hdr 2:json 3:to 4:[json size (defaults to 12KiB)] +function merge_bin_hdr_with_json() +{ + local _js=${4:-$LUKS2_JSON_SIZE} + local _js=$((_js*512/4096)) + _dd if=$1 of=$3 bs=4096 count=1 + _dd if=$2 of=$3 bs=4096 seek=1 count=$_js +} + +function _dd() +{ + dd $@ status=none +} + +function write_bin_hdr_size() { + printf '%016x' $2 | xxd -r -p -l 16 | _dd of=$1 bs=8 count=1 seek=1 conv=notrunc +} + +function write_bin_hdr_offset() { + printf '%016x' $2 | xxd -r -p -l 16 | _dd of=$1 bs=8 count=1 seek=32 conv=notrunc +} + +# generic header helpers +# $TMPDIR/json0 - JSON hdr1 +# $TMPDIR/json1 - JSON hdr2 +# $TMPDIR/hdr0 - bin hdr1 +# $TMPDIR/hdr1 - bin hdr2 + +# 1:target_dir 2:source_image +function lib_prepare() +{ + test $# -eq 2 || exit 1 + + TGT_IMG=$1/$(test_img_name $0) + SRC_IMG=$2 + + # wipe checksums + CHKS0=0 + CHKS1=0 + + cp $SRC_IMG $TGT_IMG + test -d $TMPDIR || mkdir $TMPDIR + read_luks2_json0 $TGT_IMG $TMPDIR/json0 + read_luks2_json1 $TGT_IMG $TMPDIR/json1 + read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0 + read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1 +} + +function lib_cleanup() +{ + rm -f $TMPDIR/* + rm -fd $TMPDIR +} + +function lib_mangle_json_hdr0() +{ + local mda_sz=${1:-} + local jsn_sz=${2:-} + local kill_hdr=${3:-} + + merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $jsn_sz + erase_checksum $TMPDIR/area0 + CHKS0=$(calc_sha256_checksum_file $TMPDIR/area0) + write_checksum $CHKS0 $TMPDIR/area0 + test -n "$kill_hdr" && kill_bin_hdr $TMPDIR/area0 + write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $mda_sz +} + +function lib_mangle_json_hdr1() +{ + local mda_sz=${1:-} + local jsn_sz=${2:-} + local kill_hdr=${3:-} + + merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json1 $TMPDIR/area1 $jsn_sz + erase_checksum $TMPDIR/area1 + CHKS1=$(calc_sha256_checksum_file $TMPDIR/area1) + write_checksum $CHKS1 $TMPDIR/area1 + test -n "$kill_hdr" && kill_bin_hdr $TMPDIR/area1 + write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $mda_sz +} + +function lib_mangle_json_hdr0_kill_hdr1() +{ + lib_mangle_json_hdr0 + + kill_bin_hdr $TMPDIR/hdr1 + write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG +} + +function lib_hdr0_killed() +{ + local mda_sz=${1:-} + + read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $mda_sz + local str_res0=$(head -c 6 $TMPDIR/hdr_res0) + test "$str_res0" = "VACUUM" +} + +function lib_hdr1_killed() +{ + local mda_sz=${1:-} + + read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $mda_sz + local str_res1=$(head -c 6 $TMPDIR/hdr_res1) + test "$str_res1" = "VACUUM" +} + +function lib_hdr0_checksum() +{ + local chks_res0=$(read_sha256_checksum $TGT_IMG) + test "$CHKS0" = "$chks_res0" +} + +function lib_hdr1_checksum() +{ + read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 + local chks_res1=$(read_sha256_checksum $TMPDIR/hdr_res1) + test "$CHKS1" = "$chks_res1" +} |