diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:38:45 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:38:45 +0000 |
| commit | 435fbf74bfdf383db1238633326be558ef2d3ff2 (patch) | |
| tree | a372c8e3c5f2fe60e812d5f6a73ce54872139ee2 /tests | |
| parent | Releasing progress-linux version 2:2.7.1-1~progress7.99u1. (diff) | |
| download | cryptsetup-435fbf74bfdf383db1238633326be558ef2d3ff2.tar.xz cryptsetup-435fbf74bfdf383db1238633326be558ef2d3ff2.zip | |
Merging upstream version 2:2.7.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/00modules-test | 5 | ||||
| -rwxr-xr-x | tests/compat-test-opal | 112 | ||||
| -rw-r--r-- | tests/meson.build | 2 |
3 files changed, 65 insertions, 54 deletions
diff --git a/tests/00modules-test b/tests/00modules-test index f816b80..e9876cd 100755 --- a/tests/00modules-test +++ b/tests/00modules-test @@ -34,6 +34,11 @@ pversion integritysetup $CRYPTSETUP_PATH/cryptsetup --help | sed -n '/optional key file for/,$p' | tail -n +3 } +if [ -b "$OPAL2_DEV" ]; then + echo "OPAL test device:" + lsblk "$OPAL2_DEV" -d -o NAME,TRAN,MODEL,REV,MIN-IO,PHY-SEC,LOG-SEC,DISC-ALN,DISC-GRAN,DISC-MAX,DISC-ZERO 2>/dev/null +fi + [ $(id -u) != 0 ] && exit 77 modprobe dm-crypt >/dev/null 2>&1 diff --git a/tests/compat-test-opal b/tests/compat-test-opal index 09384d9..3a71f12 100755 --- a/tests/compat-test-opal +++ b/tests/compat-test-opal @@ -415,6 +415,60 @@ function test_device_detached_header() #hdr, #opal_mode, #format_params, #--inte rm -f $1 } +function run_token_tests() { + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --token-id 3 || fail + $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" || fail + # keyslot 5 is inactive + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 5 2> /dev/null && fail + # key description is not reachable + $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase && fail + # wrong passphrase + load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase 2>/dev/null && fail + load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" + $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase || fail + $CRYPTSETUP open --token-only $OPAL2_DEV $DEV_NAME || fail + $CRYPTSETUP status $DEV_NAME > /dev/null || fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + $CRYPTSETUP luksResume $DEV_NAME <&- || fail + $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" && fail + $CRYPTSETUP luksSuspend $DEV_NAME || fail + $CRYPTSETUP luksResume $DEV_NAME --token-type luks2-keyring <&- || fail + $CRYPTSETUP close $DEV_NAME || fail + + # check --token-type sort of works (TODO: extend tests when native systemd tokens are available) + echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 22 || fail + # this excludes keyring tokens from unlocking device + $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV --test-passphrase && fail + $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV $DEV_NAME && fail + $CRYPTSETUP status $DEV_NAME > /dev/null && fail + + $CRYPTSETUP token remove --token-id 3 $OPAL2_DEV || fail + $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" && fail + + # test we can remove keyslot with token + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S4 $FAST_PBKDF_OPT $OPAL2_DEV || fail + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 4 --token-id 0 || fail + $CRYPTSETUP -q luksKillSlot $OPAL2_DEV 4 || fail + $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail + + # test we can add unassigned token + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --unbound --token-id 0 || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail + $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail + + # test token unassign works + $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 -S0 --token-id 0 || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV || fail + $CRYPTSETUP token unassign --token-id 0 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign -S0 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV || fail + $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail + $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 0 -S44 $OPAL2_DEV 2>/dev/null && fail + $CRYPTSETUP token unassign --token-id 44 -S0 $OPAL2_DEV 2>/dev/null && fail +} + export LANG=C [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." @@ -916,62 +970,14 @@ if dm_crypt_keyring_support && dm_crypt_keyring_new_kernel; then fi prepare "[28] tokens" wipe -echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV || fail if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then - test_and_prepare_keyring + echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal $OPAL2_DEV -q || fail + run_token_tests + keyctl unlink "%user:$TEST_TOKEN0" $TEST_KEYRING || fail - $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --token-id 3 || fail - $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" || fail - # keyslot 5 is inactive - $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 5 2> /dev/null && fail - # key description is not reachable - $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase && fail - # wrong passphrase - load_key user $TEST_TOKEN0 "blabla" "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" - $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase 2>/dev/null && fail - load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type" - $CRYPTSETUP open --token-only $OPAL2_DEV --test-passphrase || fail - $CRYPTSETUP open --token-only $OPAL2_DEV $DEV_NAME || fail - $CRYPTSETUP status $DEV_NAME > /dev/null || fail - $CRYPTSETUP luksSuspend $DEV_NAME || fail - $CRYPTSETUP luksResume $DEV_NAME <&- || fail - $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" && fail - $CRYPTSETUP luksSuspend $DEV_NAME || fail - $CRYPTSETUP luksResume $DEV_NAME --token-type luks2-keyring <&- || fail - $CRYPTSETUP close $DEV_NAME || fail - - # check --token-type sort of works (TODO: extend tests when native systemd tokens are available) - echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 22 || fail - # this excludes keyring tokens from unlocking device - $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV --test-passphrase && fail - $CRYPTSETUP open --token-only --token-type some_type $OPAL2_DEV $DEV_NAME && fail - $CRYPTSETUP status $DEV_NAME > /dev/null && fail - - $CRYPTSETUP token remove --token-id 3 $OPAL2_DEV || fail - $CRYPTSETUP luksDump $OPAL2_DEV | grep -q -e "3: luks2-keyring" && fail - - # test we can remove keyslot with token - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S4 $FAST_PBKDF_OPT $OPAL2_DEV || fail - $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN1 --key-slot 4 --token-id 0 || fail - $CRYPTSETUP -q luksKillSlot $OPAL2_DEV 4 || fail - $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail - - # test we can add unassigned token - $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 --unbound --token-id 0 || fail - $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail - $CRYPTSETUP token remove --token-id 0 $OPAL2_DEV || fail - - # test token unassign works - $CRYPTSETUP token add $OPAL2_DEV --key-description $TEST_TOKEN0 -S0 --token-id 0 || fail - $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV || fail - $CRYPTSETUP token unassign --token-id 0 $OPAL2_DEV 2>/dev/null && fail - $CRYPTSETUP token unassign -S0 $OPAL2_DEV 2>/dev/null && fail - $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV || fail - $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $OPAL2_DEV && fail - $CRYPTSETUP token unassign --token-id 0 -S0 $OPAL2_DEV 2>/dev/null && fail - $CRYPTSETUP token unassign --token-id 0 -S44 $OPAL2_DEV 2>/dev/null && fail - $CRYPTSETUP token unassign --token-id 44 -S0 $OPAL2_DEV 2>/dev/null && fail + echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 --hw-opal-only $OPAL2_DEV -q || fail + run_token_tests fi echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 10 || fail echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $OPAL2_DEV --token-id 11 --json-file - || fail diff --git a/tests/meson.build b/tests/meson.build index e6341e7..de31c05 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -471,7 +471,7 @@ if get_option('ssh-token') and not enable_static ]) endif -if get_option('external-tokens') and not enable_static +if get_option('external-tokens') and get_option('systemd-tokens-test') and not enable_static test('systemd-test-plugin', find_program('systemd-test-plugin'), workdir: meson.current_build_dir(), |