summaryrefslogtreecommitdiffstats
path: root/tests/bitlk-compat-test
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 17:44:12 +0000
commit1be69c2c660b70ac2f4de2a5326e27e3e60eb82d (patch)
treebb299ab6f411f4fccd735907035de710e4ec6abc /tests/bitlk-compat-test
parentInitial commit. (diff)
downloadcryptsetup-upstream.tar.xz
cryptsetup-upstream.zip
Adding upstream version 2:2.3.7.upstream/2%2.3.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/bitlk-compat-test')
-rwxr-xr-xtests/bitlk-compat-test162
1 files changed, 162 insertions, 0 deletions
diff --git a/tests/bitlk-compat-test b/tests/bitlk-compat-test
new file mode 100755
index 0000000..c8210b5
--- /dev/null
+++ b/tests/bitlk-compat-test
@@ -0,0 +1,162 @@
+#!/bin/bash
+
+# check bitlk images parsing
+
+[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
+CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
+TST_DIR=bitlk-images
+MAP=bitlktst
+
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
+[ -z "$srcdir" ] && srcdir="."
+
+function remove_mapping()
+{
+ [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
+}
+
+function fail()
+{
+ [ -n "$1" ] && echo "$1"
+ echo " [FAILED]"
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
+ remove_mapping
+ exit 2
+}
+
+function skip()
+{
+ [ -n "$1" ] && echo "$1"
+ echo "Test skipped."
+ exit 77
+}
+
+function load_vars()
+{
+ local file=$(echo $1 | sed -e s/^$TST_DIR\\/// | sed -e s/\.img$//)
+ source <(grep = <(grep -A8 "\[$file\]" $TST_DIR/images.conf))
+}
+
+function check_dump()
+{
+ dump=$1
+ file=$2
+
+ # load variables for this image from config file
+ load_vars $file
+
+ # GUID
+ dump_guid=$(echo "$dump" | grep Version -A 1 | tail -1 | cut -d: -f2 | tr -d "\t\n ")
+ [ ! -z "$GUID" -a "$dump_guid" = "$GUID" ] || fail " GUID check from dump failed."
+
+ # cipher
+ dump_cipher=$(echo "$dump" | grep "Cipher name" | cut -d: -f2 | tr -d "\t\n ")
+ dump_mode=$(echo "$dump" | grep "Cipher mode" | cut -d: -f2 | tr -d "\t\n ")
+ cipher=$(echo "$dump_cipher-$dump_mode")
+ [ ! -z "$CIPHER" -a "$cipher" = "$CIPHER" ] || fail " cipher check from dump failed."
+
+ if echo "$file" | grep -q -e "smart-card"; then
+ # smart card protected VMK GUID
+ dump_sc_vmk=$(echo "$dump" | grep "VMK protected with smart card" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$SC_VMK_GUID" -a "$dump_sc_vmk" = "$SC_VMK_GUID" ] || fail " smart card protected VMK GUID check from dump failed."
+ elif echo "$file" | grep -q -e "startup-key"; then
+ # startup key protected VMK GUID
+ dump_sk_vmk=$(echo "$dump" | grep "VMK protected with startup key" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$SK_VMK_GUID" -a "$dump_sk_vmk" = "$SK_VMK_GUID" ] || fail " startup key protected VMK GUID check from dump failed."
+ else
+ # password protected VMK GUID
+ dump_pw_vmk=$(echo "$dump" | grep "VMK protected with passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$PW_VMK_GUID" -a "$dump_pw_vmk" = "$PW_VMK_GUID" ] || fail " password protected VMK GUID check from dump failed."
+ fi
+
+ # recovery password protected VMK GUID
+ dump_rp_vmk=$(echo "$dump" | grep "VMK protected with recovery passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$RP_VMK_GUID" -a "$dump_rp_vmk" = "$RP_VMK_GUID" ] || fail " recovery password protected VMK GUID check from dump failed."
+
+}
+
+function valgrind_setup()
+{
+ which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
+export LANG=C
+[ ! -d $TST_DIR ] && tar xJSf $srcdir/bitlk-images.tar.xz --no-same-owner
+
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
+
+echo "HEADER CHECK"
+for file in $(ls $TST_DIR/bitlk-*) ; do
+ echo -n " $file"
+ out=$($CRYPTSETUP bitlkDump $file)
+ check_dump "$out" "$file"
+ echo " [OK]"
+done
+
+if [ $(id -u) != 0 ]; then
+ echo "WARNING: You must be root to run activation part of test, test skipped."
+ exit 0
+fi
+
+remove_mapping
+
+echo "ACTIVATION FS UUID CHECK"
+for file in $(ls $TST_DIR/bitlk-*) ; do
+ # load variables for this image from config file
+ load_vars $file
+
+ # test with both passphrase and recovery passphrase
+ for PASSPHRASE in $PW $RP ; do
+ echo -n " $file"
+ echo $PASSPHRASE | $CRYPTSETUP bitlkOpen -r $file --test-passphrase >/dev/null 2>&1
+ ret=$?
+ [ $ret -eq 1 ] && echo " [N/A]" && continue
+ echo $PASSPHRASE | $CRYPTSETUP bitlkOpen -r $file $MAP >/dev/null 2>&1
+ ret=$?
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "aes-cbc" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "aes-cbc-elephant" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "clearkey" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "eow" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "-4k.img" ) && echo " [N/A]" && continue
+ [ $ret -eq 0 ] || fail " failed to open $file ($ret)"
+ $CRYPTSETUP status $MAP >/dev/null || fail
+ $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
+ uuid=$(lsblk -n -o UUID /dev/mapper/$MAP)
+ sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1)
+ $CRYPTSETUP remove $MAP || fail
+ [ "$uuid" = "$UUID" ] || fail " UUID check failed."
+ [ "$sha256sum" = "$SHA256SUM" ] || fail " SHA256 sum check failed."
+ echo " [OK]"
+ done
+
+ # startup key test -- we need to use BEK file from the archive
+ if echo "$file" | grep -q -e "startup-key"; then
+ echo -n " $file"
+ bek_file=$(echo $SK_VMK_GUID.BEK | tr /a-z/ /A-Z/)
+ $CRYPTSETUP bitlkOpen -r $file --test-passphrase --key-file $TST_DIR/$bek_file
+ ret=$?
+ [ $ret -eq 1 ] && echo " [N/A]" && continue
+ $CRYPTSETUP bitlkOpen -r $file $MAP --key-file $TST_DIR/$bek_file >/dev/null 2>&1
+ ret=$?
+ [ $ret -eq 0 ] || fail " failed to open $file ($ret)"
+ $CRYPTSETUP status $MAP >/dev/null || fail
+ $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
+ uuid=$(lsblk -n -o UUID /dev/mapper/$MAP)
+ sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1)
+ $CRYPTSETUP remove $MAP || fail
+ [ "$uuid" = "$UUID" ] || fail " UUID check failed."
+ [ "$sha256sum" = "$SHA256SUM" ] || fail " SHA256 sum check failed."
+ echo " [OK]"
+
+ fi
+done