7 files changed, 100 insertions, 12 deletions

diff --git a/debian/tests/control b/debian/tests/control
index 52752a3..193d0f0 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -131,3 +131,7 @@ Depends: linux-image-generic,
          linux-image-686-pae [i386]
 Restrictions: hint-testsuite-triggers
 Architecture: amd64 i386
+
+Tests: crypto-backend
+Depends: cryptsetup-bin
+Restrictions: superficial
diff --git a/debian/tests/cryptdisks b/debian/tests/cryptdisks
index 3d3223b..b8c6bcc 100755
--- a/debian/tests/cryptdisks
+++ b/debian/tests/cryptdisks
@@ -151,7 +151,7 @@ cryptdisks_stop plain_crypt
 
 disk_setup
 cat >/etc/crypttab <<-EOF
-	sector_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-cbc-essiv:sha256,size=256,sector-size=4096
+	sector_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-xts-plain64,size=256,sector-size=4096
 EOF
 
 cryptdisks_start sector_crypt
@@ -168,7 +168,7 @@ cryptdisks_stop sector_crypt
 disk_setup
 cat /proc/sys/kernel/random/uuid >"$TMPDIR/passphrase"
 cat >/etc/crypttab <<-EOF
-	hash_crypt $CRYPT_DEV none plain,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
+	hash_crypt $CRYPT_DEV none plain,cipher=aes-xts-plain64,size=256,hash=sha256
 EOF
 
 cryptdisks_start hash_crypt </dev/tty & pid=$!
@@ -192,7 +192,7 @@ offset=2048 # in 512 byte sectors
 skip=256    # in 512 byte sectors
 disk_setup
 cat >/etc/crypttab <<-EOF
-	offset_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-cbc-essiv:sha256,size=256,offset=$offset,skip=$skip
+	offset_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-xts-plain64,size=256,offset=$offset,skip=$skip
 EOF
 
 # having an existing file system before the offset has no effect (cf. #994056)
diff --git a/debian/tests/cryptdisks.init b/debian/tests/cryptdisks.init
index 408c325..2019e03 100755
--- a/debian/tests/cryptdisks.init
+++ b/debian/tests/cryptdisks.init
@@ -23,7 +23,7 @@ dmsetup create disk12 <<-EOF
 	$((64 * 2*1024)) $((64 * 2*1024)) linear /dev/mapper/disk2 0
 EOF
 
-cipher="aes-cbc-essiv:sha256"
+cipher="aes-xts-plain64"
 size=32 # bytes
 cat >/etc/crypttab <<-EOF
 	crypt_disk0   /dev/mapper/disk0        /dev/urandom plain,cipher=$cipher,size=$((8*size))
diff --git a/debian/tests/crypto-backend b/debian/tests/crypto-backend
new file mode 100755
index 0000000..47dc5a8
--- /dev/null
+++ b/debian/tests/crypto-backend
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+# Check crypto backend, see https://gitlab.com/cryptsetup/cryptsetup/-/issues/851 .
+
+set -ue
+PATH="/usr/bin:/bin"
+export PATH
+
+CRYPTSETUP="/sbin/cryptsetup"
+
+NAME="crypto-backend"
+TEMPDIR="$AUTOPKGTEST_TMP/$NAME"
+
+mkdir "$TEMPDIR"
+trap 'rm -rf -- "$TEMPDIR"' EXIT INT TERM
+
+IMG="$TEMPDIR/disk.img"
+KEYFILE="$TEMPDIR/keyfile"
+DEBUG="$TEMPDIR/debug"
+
+dd if=/dev/zero bs=1M count=64 status="none" of="$IMG"
+head -c32 /dev/urandom >"$KEYFILE"
+
+"$CRYPTSETUP" luksFormat --batch-mode \
+    --key-file="$KEYFILE" \
+    --type=luks2 \
+    --pbkdf=argon2id \
+    --pbkdf-force-iterations=4 \
+    --pbkdf-memory=32 \
+    -- "$IMG"
+
+"$CRYPTSETUP" luksOpen --debug --key-file="$KEYFILE" --test-passphrase "$IMG" >"$DEBUG"
+sed -nri '/^# Crypto backend\s+/ {s/.*?\(([^()]+)\).*/\1/p;q}' "$DEBUG"
+cat "$DEBUG"
+
+if ! grep -qE '^OpenSSL\b' <"$DEBUG"; then
+    echo "ERROR: Crypto backend isn't OpenSSL" >&2
+    exit 1
+fi
+
+sed -ri 's/^[^\[]*//' "$DEBUG"
+# " [cryptsetup libargon2]": bundled libargon2
+# " [external libargon2]": system libargon2
+# "][argon2]": crypto backend's own implementation
+if ! grep -qF " [external libargon2]" <"$DEBUG"; then
+    echo "ERROR: Unexpected argon2 backend" >&2
+    exit 1
+fi
+
+LIBCRYPTSETUP="$(env --unset=LD_PRELOAD ldd "$CRYPTSETUP" | sed -nr '/^\s*libcryptsetup\.so(\.[0-9]+)*\s+=>\s+/ {s///;s/\s.*//;p;q}')"
+if [ -z "$LIBCRYPTSETUP" ] || [ ! -e "$LIBCRYPTSETUP" ]; then
+    echo "ERROR: $CRYPTSETUP doesn't link against libcryptsetup??" >&2
+    exit 1
+fi
+
+assert_linked_argon2() {
+    local path="$1"
+    if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
+        echo "ERROR: $path does not link against libargon2" >&2
+        exit 1
+    fi
+    return 0
+}
+
+assert_linked_argon2 "$CRYPTSETUP"
+assert_linked_argon2 "$LIBCRYPTSETUP"
diff --git a/debian/tests/cryptroot-nested.d/preinst b/debian/tests/cryptroot-nested.d/preinst
index c5f576b..bf5876a 100644
--- a/debian/tests/cryptroot-nested.d/preinst
+++ b/debian/tests/cryptroot-nested.d/preinst
@@ -2,7 +2,7 @@
 cat >/etc/crypttab <<-EOF
 	md0_crypt UUID=$(blkid -s UUID -o value /dev/md0) none
 	vdd_crypt UUID=$(blkid -s UUID -o value /dev/vdd) none
-	testvg-lv0_crypt /dev/mapper/testvg-lv0 none plain,cipher=aes-cbc-essiv:sha256,size=256,hash=ripemd160
+	testvg-lv0_crypt /dev/mapper/testvg-lv0 none plain,cipher=aes-xts-plain64,size=256,hash=sha256
 	testvg-lv1_crypt UUID=$(blkid -s UUID -o value /dev/testvg/lv1) none
 EOF
 
diff --git a/debian/tests/cryptroot-nested.d/setup b/debian/tests/cryptroot-nested.d/setup
index 6fb6ccd..b08da17 100644
--- a/debian/tests/cryptroot-nested.d/setup
+++ b/debian/tests/cryptroot-nested.d/setup
@@ -44,9 +44,9 @@ udevadm settle
 echo -n "testvg-lv0_crypt" >/keyfile
 cryptsetup open --batch-mode \
     --type=plain \
-    --cipher="aes-cbc-essiv:sha256" \
+    --cipher="aes-xts-plain64" \
     --key-size=256 \
-    --hash="ripemd160" \
+    --hash="sha256" \
     -- "/dev/testvg/lv0" "testvg-lv0_crypt" </keyfile
 udevadm settle
 
diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm
index 10db3e6..8bddfa0 100644
--- a/debian/tests/utils/mock.pm
+++ b/debian/tests/utils/mock.pm
@@ -25,7 +25,7 @@ our $PS1 = qr/root\@[\-\.0-9A-Z_a-z]+ : [~\/][\-\.\/0-9A-Z_a-z]* [\#\$]\ /aax;
 package CryptrootTest::Utils;
 
 use Socket qw/PF_UNIX SOCK_STREAM SOCK_CLOEXEC SOCK_NONBLOCK SHUT_RD SHUT_WR/;
-use Errno qw/EINTR ENOENT ECONNREFUSED/;
+use Errno qw/EINTR ENOENT ECONNREFUSED ECONNRESET/;
 use Time::HiRes ();
 
 my (%SOCKET, %BUFFER, $WBITS, $RBITS);
@@ -62,11 +62,12 @@ sub read_data($) {
     my $bits = shift;
     while (my ($chan, $fh) = each %SOCKET) {
         next unless vec($bits, fileno($fh), 1); # nothing to read here
-        my $n = sysread($fh, my $buf, 4096) // die "read: $!";
-        if ($n > 0) {
+        my $n = sysread($fh, my $buf, 4096);
+        if (defined $n and $n > 0) {
             STDOUT->printflush($buf);
             $BUFFER{$chan} .= $buf;
         } else {
+            die "read: $!" unless defined $n or $! == ECONNRESET;
             #print STDERR "INFO done reading from $chan\n";
             shutdown($fh, SHUT_RD) or die "shutdown: $!";
             vec($RBITS, fileno($fh), 1) = 0;
@@ -228,6 +229,8 @@ sub shell($%) {
 
 # enter S3 sleep state (suspend to ram aka standby)
 sub suspend() {
+    @QMP::EVENTS = (); # flush the event queue
+
     write_data($CONSOLE => q{systemctl suspend});
     # while the command is asynchronous the system might suspend before
     # we have a chance to read the next $PS1
@@ -242,6 +245,8 @@ sub suspend() {
 }
 
 sub wakeup() {
+    @QMP::EVENTS = (); # flush the event queue
+
     my $r = QMP::command(q{system_wakeup});
     die if %$r;
 
@@ -256,6 +261,8 @@ sub wakeup() {
 
 # enter S4 sleep state (suspend to disk aka hibernate)
 sub hibernate() {
+    @QMP::EVENTS = (); # flush the event queue
+
     # an alternative is to send {"execute":"guest-suspend-disk"} on the
     # guest agent socket, but we don't want to require qemu-guest-agent
     # on the guest so this will have to do
@@ -267,6 +274,8 @@ sub hibernate() {
 }
 
 sub poweroff() {
+    @QMP::EVENTS = (); # flush the event queue
+
     # XXX would be nice to use the QEMU monitor here but the guest
     # doesn't seem to respond to system_powerdown QMP commands
     write_data($CONSOLE => q{poweroff});
@@ -283,6 +292,7 @@ package QMP;
 # https://qemu.readthedocs.io/en/latest/interop/qemu-qmp-ref.html
 
 use JSON ();
+our @EVENTS;
 
 # read and decode a QMP server line
 sub getline() {
@@ -305,6 +315,7 @@ sub command($;$) {
         my $resp = QMP::getline() // next;
         # ignore unsolicited server responses (such as events)
         return $resp->{return} if exists $resp->{return};
+        push @EVENTS, $resp;
     }
 }
 
@@ -330,9 +341,16 @@ BEGIN {
 
 sub wait_for_event($) {
     my $event_name = shift;
+    my @events2;
     while(1) {
-        my $resp = QMP::getline() // next;
-        return if exists $resp->{event} and $resp->{event} eq $event_name;
+        my $resp = @EVENTS ? shift @EVENTS : QMP::getline();
+        next unless defined $resp;
+        if (exists $resp->{event} and $resp->{event} eq $event_name) {
+            @EVENTS = @events2;
+            return;
+        } else {
+            push @events2, $resp;
+        }
     }
 }