From 619b533bfbb8e6782687eda9e2ba16fc2f73bd15 Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Tue, 7 Aug 2018 10:17:31 +0200 Subject: [PATCH 5/7] Make reencryption-compat-test2 ready for different LUKS2 hdr size. --- tests/reencryption-compat-test2 | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/tests/reencryption-compat-test2 b/tests/reencryption-compat-test2 index 411df1f..9656c7b 100755 --- a/tests/reencryption-compat-test2 +++ b/tests/reencryption-compat-test2 @@ -19,6 +19,10 @@ PWD3="1-9Qu5Ejfnqv" MNT_DIR=./mnt_luks START_DIR=$(pwd) +# FIXME: we need some sane API to get this information. This is hack. +LUKS2_HDR_DEFAULT_LEN=$(grep -e "#define LUKS2_HDR_DEFAULT_LEN" ../lib/luks2/luks2.h | cut -d ' ' -f 3) +LUKS2_HDR_DEFAULT_LEN_SECTORS=$((LUKS2_HDR_DEFAULT_LEN/512)) + function dm_crypt_features() { local VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) @@ -48,6 +52,7 @@ function remove_mapping() umount $MNT_DIR > /dev/null 2>&1 rmdir $MNT_DIR > /dev/null 2>&1 del_scsi_device + test -z "$TMP_LOOP" || losetup -d "$TMP_LOOP" } function fail() @@ -113,9 +118,21 @@ function prepare() # $1 dev1_siz fi } -function check_hash_dev() # $1 dev, $2 hash +function check_hash_dev() # $1 dev, $2 hash, [$3 optional max size in KiBs] { - HASH=$(sha256sum $1 | cut -d' ' -f 1) + local _dev=$1 + if [ $# -gt 2 ]; then + _dev=$(losetup -f) + losetup -f --sizelimit $3K $1 || fail + TMP_LOOP=$_dev + test -b $TMP_LOOP || fail + fi + + HASH=$(sha256sum $_dev | cut -d' ' -f 1) + test -b "$TMP_LOOP" && { + losetup -d "$TMP_LOOP" + unset TMP_LOOP + } [ $HASH != "$2" ] && fail "HASH differs ($HASH)" } @@ -218,7 +235,7 @@ HASH5=bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8 HASH6=4d9cbaf3aa0935a8c113f139691b3daf9c94c8d6c278aedc8eec66a4b9f6c8ae echo "[1] Reencryption" -prepare 8192 +prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2)) echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-plain $FAST_PBKDF_ARGON --align-payload 4096 $IMG || fail wipe $PWD1 check_hash $PWD1 $HASH5 @@ -260,9 +277,9 @@ $CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail echo "[4] Encryption of not yet encrypted device" # well, movin' zeroes :-) -OFFSET=8192 # default LUKS2 header size -prepare 8192 -check_hash_dev $IMG $HASH4 +OFFSET=$LUKS2_HDR_DEFAULT_LEN_SECTORS # default LUKS2 header size +prepare $((4096+$OFFSET/2)) # in KiBs +check_hash_dev $IMG $HASH4 8192 echo $PWD1 | $REENC --type luks2 $IMG -c aes-cbc-essiv:sha256 -s 128 --new --reduce-device-size "$OFFSET"S -q $FAST_PBKDF_ARGON check_hash $PWD1 $HASH5 $CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail @@ -299,11 +316,11 @@ echo -e "$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD3" | $REENC -q $IM check_slot 0 1 2 3 4 5 6 22 || fail "All keyslots expected to be enabled" echo "[7] Reencryption of block devices with different block size" -add_scsi_device sector_size=512 dev_size_mb=8 +add_scsi_device sector_size=512 dev_size_mb=16 simple_scsi_reenc "[512 sector]" -add_scsi_device sector_size=4096 dev_size_mb=8 +add_scsi_device sector_size=4096 dev_size_mb=16 simple_scsi_reenc "[4096 sector]" -add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=8 +add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=16 simple_scsi_reenc "[4096/512 sector]" echo "[OK]" @@ -350,7 +367,7 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fa wipe $PWD1 check_hash $PWD1 $HASH5 echo $PWD1 | $REENC $IMG -q --decrypt -check_hash_dev $IMG $HASH4 +check_hash_dev $IMG $HASH4 8192 echo "[11] Reencryption with tokens" echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail @@ -403,7 +420,7 @@ $CRYPTSETUP isLuks $IMG_HDR || fail $CRYPTSETUP luksDump $IMG_HDR | grep -q "0: luks2" || fail echo "[14] Reencryption with unbound keyslot" -prepare 8192 +prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2)) echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail echo $PWD2 | $CRYPTSETUP -q luksAddKey -S 3 --unbound --key-size 64 $FAST_PBKDF_ARGON $IMG || fail wipe $PWD1 @@ -421,6 +438,7 @@ check_hash $PWD1 $HASH1 $CRYPTSETUP -q convert --type luks2 $IMG || fail echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_PBKDF2 || fail check_hash $PWD1 $HASH1 +prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2)) echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_PBKDF2 $IMG || fail wipe $PWD1 check_hash $PWD1 $HASH5 -- 1.8.3.1