124 lines
4.5 KiB
Diff
124 lines
4.5 KiB
Diff
From 619b533bfbb8e6782687eda9e2ba16fc2f73bd15 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Kozina <okozina@redhat.com>
|
|
Date: Tue, 7 Aug 2018 10:17:31 +0200
|
|
Subject: [PATCH 5/7] Make reencryption-compat-test2 ready for different LUKS2
|
|
hdr size.
|
|
|
|
---
|
|
tests/reencryption-compat-test2 | 40 +++++++++++++++++++++++++++++-----------
|
|
1 file changed, 29 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/tests/reencryption-compat-test2 b/tests/reencryption-compat-test2
|
|
index 411df1f..9656c7b 100755
|
|
--- a/tests/reencryption-compat-test2
|
|
+++ b/tests/reencryption-compat-test2
|
|
@@ -19,6 +19,10 @@ PWD3="1-9Qu5Ejfnqv"
|
|
MNT_DIR=./mnt_luks
|
|
START_DIR=$(pwd)
|
|
|
|
+# FIXME: we need some sane API to get this information. This is hack.
|
|
+LUKS2_HDR_DEFAULT_LEN=$(grep -e "#define LUKS2_HDR_DEFAULT_LEN" ../lib/luks2/luks2.h | cut -d ' ' -f 3)
|
|
+LUKS2_HDR_DEFAULT_LEN_SECTORS=$((LUKS2_HDR_DEFAULT_LEN/512))
|
|
+
|
|
function dm_crypt_features()
|
|
{
|
|
local VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
|
|
@@ -48,6 +52,7 @@ function remove_mapping()
|
|
umount $MNT_DIR > /dev/null 2>&1
|
|
rmdir $MNT_DIR > /dev/null 2>&1
|
|
del_scsi_device
|
|
+ test -z "$TMP_LOOP" || losetup -d "$TMP_LOOP"
|
|
}
|
|
|
|
function fail()
|
|
@@ -113,9 +118,21 @@ function prepare() # $1 dev1_siz
|
|
fi
|
|
}
|
|
|
|
-function check_hash_dev() # $1 dev, $2 hash
|
|
+function check_hash_dev() # $1 dev, $2 hash, [$3 optional max size in KiBs]
|
|
{
|
|
- HASH=$(sha256sum $1 | cut -d' ' -f 1)
|
|
+ local _dev=$1
|
|
+ if [ $# -gt 2 ]; then
|
|
+ _dev=$(losetup -f)
|
|
+ losetup -f --sizelimit $3K $1 || fail
|
|
+ TMP_LOOP=$_dev
|
|
+ test -b $TMP_LOOP || fail
|
|
+ fi
|
|
+
|
|
+ HASH=$(sha256sum $_dev | cut -d' ' -f 1)
|
|
+ test -b "$TMP_LOOP" && {
|
|
+ losetup -d "$TMP_LOOP"
|
|
+ unset TMP_LOOP
|
|
+ }
|
|
[ $HASH != "$2" ] && fail "HASH differs ($HASH)"
|
|
}
|
|
|
|
@@ -218,7 +235,7 @@ HASH5=bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
|
|
HASH6=4d9cbaf3aa0935a8c113f139691b3daf9c94c8d6c278aedc8eec66a4b9f6c8ae
|
|
|
|
echo "[1] Reencryption"
|
|
-prepare 8192
|
|
+prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2))
|
|
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-plain $FAST_PBKDF_ARGON --align-payload 4096 $IMG || fail
|
|
wipe $PWD1
|
|
check_hash $PWD1 $HASH5
|
|
@@ -260,9 +277,9 @@ $CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
|
|
|
|
echo "[4] Encryption of not yet encrypted device"
|
|
# well, movin' zeroes :-)
|
|
-OFFSET=8192 # default LUKS2 header size
|
|
-prepare 8192
|
|
-check_hash_dev $IMG $HASH4
|
|
+OFFSET=$LUKS2_HDR_DEFAULT_LEN_SECTORS # default LUKS2 header size
|
|
+prepare $((4096+$OFFSET/2)) # in KiBs
|
|
+check_hash_dev $IMG $HASH4 8192
|
|
echo $PWD1 | $REENC --type luks2 $IMG -c aes-cbc-essiv:sha256 -s 128 --new --reduce-device-size "$OFFSET"S -q $FAST_PBKDF_ARGON
|
|
check_hash $PWD1 $HASH5
|
|
$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
|
|
@@ -299,11 +316,11 @@ echo -e "$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD3" | $REENC -q $IM
|
|
check_slot 0 1 2 3 4 5 6 22 || fail "All keyslots expected to be enabled"
|
|
|
|
echo "[7] Reencryption of block devices with different block size"
|
|
-add_scsi_device sector_size=512 dev_size_mb=8
|
|
+add_scsi_device sector_size=512 dev_size_mb=16
|
|
simple_scsi_reenc "[512 sector]"
|
|
-add_scsi_device sector_size=4096 dev_size_mb=8
|
|
+add_scsi_device sector_size=4096 dev_size_mb=16
|
|
simple_scsi_reenc "[4096 sector]"
|
|
-add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=8
|
|
+add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=16
|
|
simple_scsi_reenc "[4096/512 sector]"
|
|
echo "[OK]"
|
|
|
|
@@ -350,7 +367,7 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fa
|
|
wipe $PWD1
|
|
check_hash $PWD1 $HASH5
|
|
echo $PWD1 | $REENC $IMG -q --decrypt
|
|
-check_hash_dev $IMG $HASH4
|
|
+check_hash_dev $IMG $HASH4 8192
|
|
|
|
echo "[11] Reencryption with tokens"
|
|
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
|
@@ -403,7 +420,7 @@ $CRYPTSETUP isLuks $IMG_HDR || fail
|
|
$CRYPTSETUP luksDump $IMG_HDR | grep -q "0: luks2" || fail
|
|
|
|
echo "[14] Reencryption with unbound keyslot"
|
|
-prepare 8192
|
|
+prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2))
|
|
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
|
echo $PWD2 | $CRYPTSETUP -q luksAddKey -S 3 --unbound --key-size 64 $FAST_PBKDF_ARGON $IMG || fail
|
|
wipe $PWD1
|
|
@@ -421,6 +438,7 @@ check_hash $PWD1 $HASH1
|
|
$CRYPTSETUP -q convert --type luks2 $IMG || fail
|
|
echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_PBKDF2 || fail
|
|
check_hash $PWD1 $HASH1
|
|
+prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2))
|
|
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_PBKDF2 $IMG || fail
|
|
wipe $PWD1
|
|
check_hash $PWD1 $HASH5
|
|
--
|
|
1.8.3.1
|
|
|