summaryrefslogtreecommitdiff
path: root/tests/dm.ktest
blob: dda9fa344b62eb28104249605f44ab54c7c5a4d3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

#!/bin/bash

require-lib test-libs.sh
config-timeout $(stress_timeout)

require-kernel-config DM_CRYPT

lOOPS=1
if [ "$1" == "--intensive" ]; then
	lOOPS=20
fi


cRYPT_MODE_CBC="--cipher=aes-cbc-essiv:sha256 --hash=sha256"
cRYPT_MODE_XTS="--cipher=aes-xts-plain64:sha512 --hash=sha512"
tEST_DATA_SIZE="32M"

# Size of crypt device should be at least tEST_DATA_SIZE+LUKS headers
cRYTP_DEV_SIZE="34M"

s5p_sss_cryptsetup_cleanup() {
	print_msg "Exit trap, cleaning up..."
	s5p_sss_cryptsetup_unprepare $dev
	trap - EXIT
}

# s5p_sss_cryptsetup_prepare <dev_name> <mode (as cryptsetup argument list)> [luksformat]
s5p_sss_cryptsetup_prepare() {
	local name="s5p-sss cryptsetup"
	local dev="$1"
	local mode="$2"
	local luks="$3"

	local status="$(cryptsetup status $dev | head -n 1)"
	if [ "$status" != "/dev/mapper/testcrypt is inactive." ]; then
		echo "ERROR: Crypt device $dev is being used"
		return 1
	fi

	test -f /tmp/${dev} && { echo "ERROR: /tmp/${dev} already exists"; return 1 ; }
	test -f /tmp/${dev}-keyfile && { echo "ERROR: /tmp/${dev}-keyfile already exists"; return 1 ; }

	dd if=/dev/zero of=/tmp/${dev} bs=${cRYTP_DEV_SIZE} count=0 seek=1 status=none

	if [ "$luks" != "" ]; then
		dd if=/dev/urandom of=/tmp/${dev}-keyfile bs=1 count=32
		cryptsetup -v -q $mode \
			--key-file=/tmp/${dev}-keyfile --master-key-file=/tmp/${dev}-keyfile \
			--keyfile-size=32 --key-size=256 \
			luksFormat /tmp/${dev}
		local status=`file /tmp/${dev} | grep -c "/tmp/${dev}: LUKS encrypted file, ver 1"`
		if [ "$status" != "1" ]; then
			echo "ERROR: Crypt device $dev not detected as LUKS"
			return 1
		fi
		cryptsetup -v -q $mode \
			--key-file=/tmp/${dev}-keyfile --master-key-file=/tmp/${dev}-keyfile \
			--keyfile-size=32 --key-size=256 --type luks \
			open /tmp/${dev} $dev
	else
		cryptsetup -v -q $mode \
			--key-file=/dev/urandom --master-key-file=/dev/urandom \
			--keyfile-size=32 --key-size=256 --type plain \
			open /tmp/${dev} $dev
	fi
	cryptsetup status $dev
	local detected_type="$(cryptsetup status $dev | grep 'type:')"
	local expected_type="  type:    PLAIN"
	if [ "$luks" != "" ]; then
		local expected_type="  type:    LUKS1"
	fi
	if [ "$detected_type" != "$expected_type" ]; then
		# FIXME: cleanup in trap hook?
		s5p_sss_cryptsetup_unprepare $dev
		echo "ERROR: Wrong type of crypt device (\"$detected_type\" != \"$expected_type\")"
		return 1
	fi

	return 0
}

s5p_sss_cryptsetup_unprepare() {
	local name="s5p-sss cryptsetup"
	local dev="$1"

	# Need to echo so shell will not exit if cleanup command fails
	cryptsetup close $dev || echo "Closing $dev failed"

	rm -f /tmp/${dev} /tmp/${dev}-keyfile
}

s5p_sss_cryptsetup_run() {
	local name="s5p-sss cryptsetup"
	local dev="$1"

	for i in `seq 0 50`; do
		echo "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" \
			| dd of=/dev/mapper/${dev} bs=1 seek=$(($i * 160)) status=none
	done
	sync && sync && sync

	dd if=/dev/mapper/${dev} of=/dev/null bs=${tEST_DATA_SIZE} count=1
	sync && sync && sync

	dd if=/dev/zero of=/dev/mapper/${dev} bs=${tEST_DATA_SIZE} count=1
	sync && sync && sync

	dd if=/dev/mapper/${dev} of=/dev/null bs=${tEST_DATA_SIZE} count=1
	sync && sync && sync
}

test_s5p_sss_cryptsetup() {
	local name="s5p-sss cryptsetup"
	local dev="testcrypt"
	echo "Testing..."

	s5p_sss_cryptsetup_prepare $dev "$cRYPT_MODE_CBC" ""
	for i in `seq 1 $lOOPS`; do
		test $lOOPS -gt 1 && echo "Test ${i}/${lOOPS}"
		s5p_sss_cryptsetup_run $dev
	done
	s5p_sss_cryptsetup_unprepare $dev

	s5p_sss_cryptsetup_prepare $dev "$cRYPT_MODE_XTS" ""
	for i in `seq 1 $lOOPS`; do
		test $lOOPS -gt 1 && echo "Test ${i}/${lOOPS}"
		s5p_sss_cryptsetup_run $dev
	done
	s5p_sss_cryptsetup_unprepare $dev

	s5p_sss_cryptsetup_prepare $dev "$cRYPT_MODE_CBC" yes
	for i in `seq 1 $lOOPS`; do
		test $lOOPS -gt 1 && echo "Test ${i}/${lOOPS}"
		s5p_sss_cryptsetup_run $dev
	done
	s5p_sss_cryptsetup_unprepare $dev

	s5p_sss_cryptsetup_prepare $dev "$cRYPT_MODE_XTS" yes
	for i in `seq 1 $lOOPS`; do
		test $lOOPS -gt 1 && echo "Test ${i}/${lOOPS}"
		s5p_sss_cryptsetup_run $dev
	done
	s5p_sss_cryptsetup_unprepare $dev

	echo "OK"
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 06:06:12 +0000