~ubuntu-branches/ubuntu/maverick/cryptsetup/maverick-proposed

Committer: Bazaar Package Importer
Author(s): Steve Langasek
Date: 2010-06-14 21:47:28 UTC
mfrom: (0.1.12 sid)
Revision ID: james.westby@ubuntu.com-20100614214728-tm8kdwg6chjejlbq

Tags: 2:1.1.2-1ubuntu1

* Merge from Debian unstable (LP: #594365).  Remaining changes:
  - debian/control:
    + Bump initramfs-tools Suggests to Depends: so system is not
      potentially rendered unbootable.
    + Depend on plymouth.
  - Add debian/cryptdisks-{enable,udev}.upstart.
  - debian/cryptdisks.functions:
    + new function, crypttab_start_one_disk, to look for the named source
      device in /etc/crypttab (by device name, UUID, or label) and start it
      if configured to do so
    + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
      we only ever have one of these running at a time; otherwise multiple
      invocations could steal each other's input and/or write over each
      other's output
    + initially create the device under a temporary name and rename it only
      at the end using 'dmsetup rename', to ensure that upstart/mountall
      doesn't see our device before it's ready to go.
    + do_tmp should mount under /var/run/cryptsetup for changing the
      permissions of the filesystem root, not directly on /tmp, since
      mounting on /tmp a) is racy, b) confuses mountall something fierce.
    + when called by cryptdisks-enable, check that we don't already have a
      corresponding cryptdisks-udev job running (probably waiting for a
      passphrase); if there is, wait until it's finished before continuing.
  - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
    script a no-op, this should be handled entirely by the upstart job;
    and fix the LSB header to not declare this should be started in
    runlevel 'S'
  - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
    upgrade.
  - debian/rules: Do not install start symlinks for init scripts, and
    install debian/cryptdisks-{enable,udev}.upstart scripts.
  - Add debian/cryptsetup.apport: Apport package hook. Install in
    debian/rules and create dir in debian/cryptsetup.dirs.
  - debian/rules: link dynamically against libgcrypt and libgpg-error.
  - debian/cryptsetup.postrm: call update-initramfs on package removal.
* Dropped changes, merged/superseded in Debian:
  - Add ext4 support to passdev.
  - cryptroot-hook: don't call copy_modules_dir with empty arguments when
    archcrypto isn't found
  - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
    the initramfs.
  - change interaction to use plymouth directly if present, and if not, to
    fall back to /lib/cryptsetup/askpass as before
  - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
  - debian/initramfs/cryptroot-script: if plymouth is present in the
    initramfs, use this directly, bypassing the cryptsetup askpass script
  - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
    grepping /etc/crypttab so that we don't incorrectly match device names
    that are substrings of one another.
  - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
    file descriptor to subprocesses.
  - Fix grammar error in debian/initramfs/cryptroot-script
    ("setup" -> "set up")
  - debian/initramfs/cryptroot-script: Fix this to work with current
    initramfs-tools:
    + Source /scripts/functions after checking for prerequisites.
    + prereqs(): Do not assume we are running within initramfs, and
      calculate relative path correctly.

files added:
debian/README.gnupg

debian/initramfs/cryptgnupg-hook

debian/scripts/decrypt_gnupg

debian/source

debian/source/format

lib/nls.h

lib/utils_debug.c

m4/gettext.m4

m4/iconv.m4

m4/lib-ld.m4

m4/lib-link.m4

m4/lib-prefix.m4

m4/libtool.m4

m4/ltoptions.m4

m4/ltsugar.m4

m4/ltversion.m4

m4/lt~obsolete.m4

m4/nls.m4

m4/po.m4

m4/progtest.m4

po/fr.gmo

po/fr.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/nl.gmo

po/nl.po

po/vi.gmo

po/vi.po

tests/align-test

tests/api-test.c

tests/compat-test

files removed:
debian/README.source

debian/patches

debian/patches/02_manpage.patch

debian/patches/03_add_missing_headers.patch

debian/patches/series

debian/scripts/decrypt_gpg

po/ChangeLog

tests/apitest.c

files modified:
ChangeLog

Makefile.in

aclocal.m4

config.h.in

configure

configure.in

debian/NEWS

debian/README.Debian

debian/README.initramfs

debian/changelog

debian/control

debian/cryptdisks.functions

debian/cryptsetup.docs

debian/cryptsetup.lintian-overrides

debian/cryptsetup.postinst

debian/cryptsetup.preinst

debian/doc/crypttab.xml

debian/initramfs/cryptpassdev-hook

debian/initramfs/cryptroot-conf

debian/initramfs/cryptroot-hook

debian/initramfs/cryptroot-script

debian/passdev.c

debian/rules

debian/scripts/cryptdisks_start

debian/scripts/cryptdisks_stop

debian/scripts/luksformat

debian/watch

lib/Makefile.am

lib/Makefile.in

lib/gcrypt.c

lib/internal.h

lib/libcryptsetup.h

lib/libcryptsetup.pc.in

lib/libdevmapper.c

lib/setup.c

lib/utils.c

ltmain.sh

luks/Makefile.am

luks/Makefile.in

luks/keyencryption.c

luks/keymanage.c

luks/luks.h

man/Makefile.in

man/cryptsetup.8

po/LINGUAS

po/Makevars

po/POTFILES.in

po/cryptsetup.pot

po/de.gmo

po/de.po

po/sv.gmo

po/sv.po

src/Makefile.am

src/Makefile.in

src/cryptsetup.c

src/cryptsetup.h

tests/Makefile.am

tests/Makefile.in

Show diffs side-by-side

added added

removed removed

tests/apitest.c

* cryptsetup library API check functions

* This program is free software; you can redistribute it and/or

* modify it under the terms of the GNU General Public License

* version 2 as published by the Free Software Foundation.

* This program is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program; if not, write to the Free Software

* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <fcntl.h>

#include <linux/fs.h>

#include <errno.h>

#include <sys/stat.h>

#include "libcryptsetup.h"

#define DMDIR "/dev/mapper/"

#define DEVICE_1 "/dev/loop5"

#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"

#define DEVICE_2 "/dev/loop6"

#define DEVICE_EMPTY_name "crypt_zero"

#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name

#define DEVICE_ERROR_name "crypt_error"

#define DEVICE_ERROR DMDIR DEVICE_ERROR_name

#define CDEVICE_1 "ctest1"

#define CDEVICE_2 "ctest2"

#define CDEVICE_WRONG "O_o"

#define IMAGE1 "compatimage.img"

#define IMAGE_EMPTY "empty.img"

#define KEYFILE1 "key1.file"

#define KEY1 "compatkey"

#define KEYFILE2 "key2.file"

#define KEY2 "0123456789abcdef"

static int _debug = 0;

static int _verbose = 1;

static char global_log[4096];

static int global_lines = 0;

// Helpers

static int _prepare_keyfile(const char *name, const char *passphrase)

{

int fd, r;

fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR);

if (fd != -1) {

r = write(fd, passphrase, strlen(passphrase));

close(fd);

} else

r = 0;

return r == strlen(passphrase) ? 0 : 1;

}

static void _remove_keyfiles(void)

{

remove(KEYFILE1);

remove(KEYFILE2);

}

// Decode key from its hex representation

static int crypt_decode_key(unsigned char *key, const char *hex, unsigned int size)

{

char buffer[3];

char *endp;

unsigned int i;

buffer[2] = '\0';

for (i = 0; i < size; i++) {

buffer[0] = *hex++;

buffer[1] = *hex++;

key[i] = (unsigned char)strtoul(buffer, &endp, 16);

if (endp != &buffer[2])

return -1;

}

if (*hex != '\0')

100

return -1;

101

102

return 0;

103

}

104

105

static int yesDialog(char *msg)

106

{

107

return 1;

108

}

109

110

static void cmdLineLog(int class, char *msg)

111

{

112

strncat(global_log, msg, sizeof(global_log));

113

global_lines++;

114

}

115

116

static void new_log(int class, const char *msg, void *usrptr)

117

{

118

cmdLineLog(class, (char*)msg);

119

}

120

121

122

static void reset_log()

123

{

124

memset(global_log, 0, sizeof(global_log));

125

global_lines = 0;

126

}

127

128

static struct interface_callbacks cmd_icb = {

129

.yesDialog = yesDialog,

130

.log = cmdLineLog,

131

};

132

133

static void _cleanup(void)

134

{

135

struct stat st;

136

137

//system("udevadm settle");

138

139

if (!stat(DMDIR CDEVICE_1, &st))

140

system("dmsetup remove " CDEVICE_1);

141

142

if (!stat(DMDIR CDEVICE_2, &st))

143

system("dmsetup remove " CDEVICE_2);

144

145

if (!stat(DEVICE_EMPTY, &st))

146

system("dmsetup remove " DEVICE_EMPTY_name);

147

148

if (!stat(DEVICE_ERROR, &st))

149

system("dmsetup remove " DEVICE_ERROR_name);

150

151

if (!strncmp("/dev/loop", DEVICE_1, 9))

152

system("losetup -d " DEVICE_1);

153

154

if (!strncmp("/dev/loop", DEVICE_2, 9))

155

system("losetup -d " DEVICE_2);

156

157

system("rm -f " IMAGE_EMPTY);

158

_remove_keyfiles();

159

}

160

161

static void _setup(void)

162

{

163

system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"");

164

system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"");

165

if (!strncmp("/dev/loop", DEVICE_1, 9))

166

system("losetup " DEVICE_1 " " IMAGE1);

167

if (!strncmp("/dev/loop", DEVICE_2, 9)) {

168

system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4");

169

system("losetup " DEVICE_2 " " IMAGE_EMPTY);

170

}

171

172

}

173

174

void check_ok(int status, int line, const char *func)

175

{

176

char buf[256];

177

178

if (status) {

179

crypt_get_error(buf, sizeof(buf));

180

printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);

181

_cleanup();

182

exit(-1);

183

}

184

}

185

186

void check_ko(int status, int line, const char *func)

187

{

188

char buf[256];

189

190

memset(buf, 0, sizeof(buf));

191

crypt_get_error(buf, sizeof(buf));

192

if (status >= 0) {

193

printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);

194

_cleanup();

195

exit(-1);

196

} else if (_verbose)

197

printf(" => errno %d, errmsg: %s\n", status, buf);

198

}

199

200

void check_equal(int line, const char *func)

201

{

202

printf("FAIL line %d [%s]: expected equal values differs.\n", line, func);

203

_cleanup();

204

exit(-1);

205

}

206

207

void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt)

208

{

209

if (_verbose) {

210

if (txt)

211

printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt);

212

else

213

printf(" [%s,%s:%d] %s\n", msg, func, line, tst);

214

}

215

}

216

#define OK_(x) do { xlog("(success)", #x, __FUNCTION__, __LINE__, NULL); \

217

check_ok((x), __LINE__, __FUNCTION__); \

218

} while(0)

219

#define FAIL_(x, y) do { xlog("(fail) ", #x, __FUNCTION__, __LINE__, y); \

220

check_ko((x), __LINE__, __FUNCTION__); \

221

} while(0)

222

#define EQ_(x, y) do { xlog("(equal) ", #x " == " #y, __FUNCTION__, __LINE__, NULL); \

223

if ((x) != (y)) check_equal(__LINE__, __FUNCTION__); \

224

} while(0)

225

226

#define RUN_(x, y) do { printf("%s: %s\n", #x, (y)); x(); } while (0)

227

228

// OLD API TESTS

229

static void LuksUUID(void)

230

{

231

struct crypt_options co = { .icb = &cmd_icb };

232

233

co.device = DEVICE_EMPTY;

234

EQ_(crypt_luksUUID(&co), -EINVAL);

235

236

co.device = DEVICE_ERROR;

237

EQ_(crypt_luksUUID(&co), -EINVAL);

238

239

reset_log();

240

co.device = DEVICE_1;

241

OK_(crypt_luksUUID(&co));

242

EQ_(strlen(global_log), 37); /* UUID + "\n" */

243

EQ_(strncmp(global_log, DEVICE_1_UUID, strlen(DEVICE_1_UUID)), 0);

244

245

}

246

247

static void IsLuks(void)

248

{

249

struct crypt_options co = { .icb = &cmd_icb };

250

251

co.device = DEVICE_EMPTY;

252

EQ_(crypt_isLuks(&co), -EINVAL);

253

254

co.device = DEVICE_ERROR;

255

EQ_(crypt_isLuks(&co), -EINVAL);

256

257

co.device = DEVICE_1;

258

OK_(crypt_isLuks(&co));

259

}

260

261

static void LuksOpen(void)

262

{

263

struct crypt_options co = {

264

.name = CDEVICE_1,

265

//.passphrase = "blabla",

266

.icb = &cmd_icb,

267

};

268

269

OK_(_prepare_keyfile(KEYFILE1, KEY1));

270

co.key_file = KEYFILE1;

271

272

co.device = DEVICE_EMPTY;

273

EQ_(crypt_luksOpen(&co), -EINVAL);

274

275

co.device = DEVICE_ERROR;

276

EQ_(crypt_luksOpen(&co), -EINVAL);

277

278

co.device = DEVICE_1;

279

OK_(crypt_luksOpen(&co));

280

FAIL_(crypt_luksOpen(&co), "already open");

281

282

_remove_keyfiles();

283

}

284

285

static void query_device(void)

286

{

287

struct crypt_options co = {. icb = &cmd_icb };

288

289

co.name = CDEVICE_WRONG;

290

EQ_(crypt_query_device(&co), 0);

291

292

co.name = CDEVICE_1;

293

EQ_(crypt_query_device(&co), 1);

294

295

OK_(strncmp(crypt_get_dir(), DMDIR, 11));

296

OK_(strcmp(co.cipher, "aes-cbc-essiv:sha256"));

297

EQ_(co.key_size, 16);

298

EQ_(co.offset, 1032);

299

EQ_(co.flags & CRYPT_FLAG_READONLY, 0);

300

EQ_(co.skip, 0);

301

crypt_put_options(&co);

302

}

303

304

static void remove_device(void)

305

{

306

int fd;

307

struct crypt_options co = {. icb = &cmd_icb };

308

309

co.name = CDEVICE_WRONG;

310

EQ_(crypt_remove_device(&co), -ENODEV);

311

312

fd = open(DMDIR CDEVICE_1, O_RDONLY);

313

co.name = CDEVICE_1;

314

FAIL_(crypt_remove_device(&co), "device busy");

315

close(fd);

316

317

OK_(crypt_remove_device(&co));

318

}

319

320

static void LuksFormat(void)

321

{

322

struct crypt_options co = {

323

.device = DEVICE_2,

324

.key_size = 256 / 8,

325

.key_slot = -1,

326

.cipher = "aes-cbc-essiv:sha256",

327

.hash = "sha1",

328

.flags = 0,

329

.iteration_time = 10,

330

.align_payload = 0,

331

.icb = &cmd_icb,

332

};

333

334

OK_(_prepare_keyfile(KEYFILE1, KEY1));

335

336

co.new_key_file = KEYFILE1;

337

co.device = DEVICE_ERROR;

338

FAIL_(crypt_luksFormat(&co), "error device");

339

340

co.device = DEVICE_2;

341

OK_(crypt_luksFormat(&co));

342

343

co.new_key_file = NULL;

344

co.key_file = KEYFILE1;

345

co.name = CDEVICE_2;

346

OK_(crypt_luksOpen(&co));

347

OK_(crypt_remove_device(&co));

348

_remove_keyfiles();

349

}

350

351

static void LuksKeyGame(void)

352

{

353

int i;

354

struct crypt_options co = {

355

.device = DEVICE_2,

356

.key_size = 256 / 8,

357

.key_slot = -1,

358

.cipher = "aes-cbc-essiv:sha256",

359

.hash = "sha1",

360

.flags = 0,

361

.iteration_time = 10,

362

.align_payload = 0,

363

.icb = &cmd_icb,

364

};

365

366

OK_(_prepare_keyfile(KEYFILE1, KEY1));

367

OK_(_prepare_keyfile(KEYFILE2, KEY2));

368

369

co.new_key_file = KEYFILE1;

370

co.device = DEVICE_2;

371

co.key_slot = 8;

372

FAIL_(crypt_luksFormat(&co), "wrong slot #");

373

374

co.key_slot = 7; // last slot

375

OK_(crypt_luksFormat(&co));

376

377

co.new_key_file = KEYFILE1;

378

co.key_file = KEYFILE1;

379

co.key_slot = 8;

380

FAIL_(crypt_luksAddKey(&co), "wrong slot #");

381

co.key_slot = 7;

382

FAIL_(crypt_luksAddKey(&co), "slot already used");

383

384

co.key_slot = 6;

385

OK_(crypt_luksAddKey(&co));

386

387

co.key_file = KEYFILE2 "blah";

388

co.key_slot = 5;

389

FAIL_(crypt_luksAddKey(&co), "keyfile not found");

390

391

co.new_key_file = KEYFILE2; // key to add

392

co.key_file = KEYFILE1;

393

co.key_slot = -1;

394

for (i = 0; i < 6; i++)

395

OK_(crypt_luksAddKey(&co)); //FIXME: EQ_(i)?

396

397

FAIL_(crypt_luksAddKey(&co), "all slots full");

398

399

// REMOVE KEY

400

co.new_key_file = KEYFILE1; // key to remove

401

co.key_file = NULL;

402

co.key_slot = 8; // should be ignored

403

// only 2 slots should use KEYFILE1

404

OK_(crypt_luksRemoveKey(&co));

405

OK_(crypt_luksRemoveKey(&co));

406

FAIL_(crypt_luksRemoveKey(&co), "no slot with this passphrase");

407

408

co.new_key_file = KEYFILE2 "blah";

409

co.key_file = NULL;

410

FAIL_(crypt_luksRemoveKey(&co), "keyfile not found");

411

412

// KILL SLOT

413

co.new_key_file = NULL;

414

co.key_file = NULL;

415

co.key_slot = 8;

416

FAIL_(crypt_luksKillSlot(&co), "wrong slot #");

417

co.key_slot = 7;

418

FAIL_(crypt_luksKillSlot(&co), "slot already wiped");

419

420

co.key_slot = 5;

421

OK_(crypt_luksKillSlot(&co));

422

423

_remove_keyfiles();

424

}

425

426

size_t _get_device_size(const char *device)

427

{

428

unsigned long size = 0;

429

int fd;

430

431

fd = open(device, O_RDONLY);

432

if (fd == -1)

433

return 0;

434

(void)ioctl(fd, BLKGETSIZE, &size);

435

close(fd);

436

437

return size;

438

}

439

440

void DeviceResizeGame(void)

441

{

442

size_t orig_size;

443

struct crypt_options co = {

444

.name = CDEVICE_2,

445

.device = DEVICE_2,

446

.key_size = 128 / 8,

447

.cipher = "aes-cbc-plain",

448

.hash = "sha1",

449

.offset = 333,

450

.skip = 0,

451

.icb = &cmd_icb,

452

};

453

454

orig_size = _get_device_size(DEVICE_2);

455

456

OK_(_prepare_keyfile(KEYFILE2, KEY2));

457

458

co.key_file = KEYFILE2;

459

co.size = 1000;

460

OK_(crypt_create_device(&co));

461

EQ_(_get_device_size(DMDIR CDEVICE_2), 1000);

462

463

co.size = 2000;

464

OK_(crypt_resize_device(&co));

465

EQ_(_get_device_size(DMDIR CDEVICE_2), 2000);

466

467

co.size = 0;

468

OK_(crypt_resize_device(&co));

469

EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 333));

470

471

co.size = 0;

472

co.offset = 444;

473

co.skip = 555;

474

co.cipher = "aes-cbc-benbi";

475

OK_(crypt_update_device(&co));

476

EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 444));

477

478

memset(&co, 0, sizeof(co));

479

co.icb = &cmd_icb,

480

co.name = CDEVICE_2;

481

EQ_(crypt_query_device(&co), 1);

482

EQ_(strcmp(co.cipher, "aes-cbc-benbi"), 0);

483

EQ_(co.key_size, 128 / 8);

484

EQ_(co.offset, 444);

485

EQ_(co.skip, 555);

486

OK_(crypt_remove_device(&co));

487

488

crypt_put_options(&co);

489

490

_remove_keyfiles();

491

}

492

493

// NEW API tests

494

495

static void AddDevicePlain(void)

496

{

497

struct crypt_device *cd;

498

struct crypt_params_plain params = {

499

.hash = "sha1",

500

.skip = 0,

501

.offset = 0,

502

};

503

int fd;

504

unsigned char key[128], key2[128], path[128];

505

506

char *passphrase = "blabla";

507

char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";

508

size_t key_size = strlen(mk_hex) / 2;

509

char *cipher = "aes";

510

char *cipher_mode = "cbc-essiv:sha256";

511

512

crypt_decode_key(key, mk_hex, key_size);

513

514

FAIL_(crypt_init(&cd, ""), "empty device string");

515

516

OK_(crypt_init(&cd, DEVICE_1));

517

OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, &params));

518

OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));

519

520

// device status check

521

EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);

522

snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1);

523

fd = open(path, O_RDONLY);

524

EQ_(crypt_status(cd, CDEVICE_1), BUSY);

525

FAIL_(crypt_deactivate(cd, CDEVICE_1), "Device is busy");

526

close(fd);

527

OK_(crypt_deactivate(cd, CDEVICE_1));

528

EQ_(crypt_status(cd, CDEVICE_1), INACTIVE);

529

530

OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));

531

EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);

532

533

// retrieve volume key check

534

memset(key2, 0, key_size);

535

key_size--;

536

// small buffer

537

FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer");

538

key_size++;

539

OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));

540

541

OK_(memcmp(key, key2, key_size));

542

OK_(strcmp(cipher, crypt_get_cipher(cd)));

543

OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));

544

EQ_(key_size, crypt_get_volume_key_size(cd));

545

EQ_(0, crypt_get_data_offset(cd));

546

OK_(crypt_deactivate(cd, CDEVICE_1));

547

crypt_free(cd);

548

}

549

550

static void UseLuksDevice(void)

551

{

552

struct crypt_device *cd;

553

char key[128];

554

size_t key_size;

555

int fd;

556

557

OK_(crypt_init(&cd, DEVICE_1));

558

OK_(crypt_load(cd, CRYPT_LUKS1, NULL));

559

EQ_(crypt_status(cd, CDEVICE_1), INACTIVE);

560

OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));

561

FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");

562

EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);

563

OK_(crypt_deactivate(cd, CDEVICE_1));

564

FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");

565

566

key_size = 16;

567

OK_(strcmp("aes", crypt_get_cipher(cd)));

568

OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));

569

OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));

570

EQ_(key_size, crypt_get_volume_key_size(cd));

571

EQ_(1032, crypt_get_data_offset(cd));

572

573

EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));

574

OK_(crypt_volume_key_verify(cd, key, key_size));

575

OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));

576

EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);

577

OK_(crypt_deactivate(cd, CDEVICE_1));

578

579

key[1] = ~key[1];

580

FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");

581

FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");

582

crypt_free(cd);

583

}

584

585

static void SuspendDevice(void)

586

{

587

struct crypt_device *cd;

588

char key[128];

589

size_t key_size;

590

int fd;

591

592

OK_(crypt_init(&cd, DEVICE_1));

593

OK_(crypt_load(cd, CRYPT_LUKS1, NULL));

594

OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));

595

596

OK_(crypt_suspend(cd, CDEVICE_1));

597

FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");

598

599

FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");

600

OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));

601

FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");

602

603

OK_(_prepare_keyfile(KEYFILE1, KEY1));

604

OK_(crypt_suspend(cd, CDEVICE_1));

605

FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");

606

OK_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0));

607

FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");

608

_remove_keyfiles();

609

610

OK_(crypt_deactivate(cd, CDEVICE_1));

611

crypt_free(cd);

612

}

613

614

static void AddDeviceLuks(void)

615

{

616

struct crypt_device *cd;

617

struct crypt_params_luks1 params = {

618

.hash = "sha512",

619

.data_alignment = 2048, // 4M, data offset will be 4096

620

};

621

int fd;

622

unsigned char key[128], key2[128], path[128];

623

624

char *passphrase = "blabla";

625

char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";

626

size_t key_size = strlen(mk_hex) / 2;

627

char *cipher = "aes";

628

char *cipher_mode = "cbc-essiv:sha256";

629

630

crypt_decode_key(key, mk_hex, key_size);

631

632

OK_(crypt_init(&cd, DEVICE_2));

633

OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params));

634

635

// even with no keyslots defined it can be activated by volume key

636

OK_(crypt_volume_key_verify(cd, key, key_size));

637

OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));

638

EQ_(crypt_status(cd, CDEVICE_2), ACTIVE);

639

OK_(crypt_deactivate(cd, CDEVICE_2));

640

641

// now with keyslot

642

EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));

643

EQ_(SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));

644

EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));

645

EQ_(crypt_status(cd, CDEVICE_2), ACTIVE);

646

OK_(crypt_deactivate(cd, CDEVICE_2));

647

648

FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");

649

key[1] = ~key[1];

650

FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");

651

key[1] = ~key[1];

652

EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));

653

EQ_(SLOT_ACTIVE, crypt_keyslot_status(cd, 6));

654

655

FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");

656

FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");

657

FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");

658

OK_(crypt_keyslot_destroy(cd, 7));

659

EQ_(SLOT_INACTIVE, crypt_keyslot_status(cd, 7));

660

EQ_(SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));

661

662

EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));

663

OK_(crypt_volume_key_verify(cd, key2, key_size));

664

665

OK_(memcmp(key, key2, key_size));

666

OK_(strcmp(cipher, crypt_get_cipher(cd)));

667

OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));

668

EQ_(key_size, crypt_get_volume_key_size(cd));

669

EQ_(4096, crypt_get_data_offset(cd));

670

671

reset_log();

672

crypt_set_log_callback(cd, &new_log, NULL);

673

OK_(crypt_dump(cd));

674

OK_(!(global_lines != 0));

675

crypt_set_log_callback(cd, NULL, NULL);

676

reset_log();

677

678

FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");

679

crypt_free(cd);

680

}

681

682

int main (int argc, char *argv[])

683

{

684

int i;

685

686

if (getuid() != 0) {

687

printf("You must be root to run this test.\n");

688

exit(0);

689

}

690

691

for (i = 1; i < argc; i++) {

692

if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i]))

693

_verbose = 1;

694

else if (!strcmp("--debug", argv[i]))

695

_debug = _verbose = 1;

696

}

697

698

_cleanup();

699

_setup();

700

701

crypt_set_debug_level(_debug ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);

702

703

RUN_(LuksUUID, "luksUUID API call");

704

RUN_(IsLuks, "isLuks API call");

705

RUN_(LuksOpen, "luksOpen API call");

706

RUN_(query_device, "crypt_query_device API call");

707

RUN_(remove_device, "crypt_remove_device API call");

708

RUN_(LuksFormat, "luksFormat API call");

709

RUN_(LuksKeyGame, "luksAddKey, RemoveKey, KillSlot API calls");

710

RUN_(DeviceResizeGame, "regular crypto, resize calls");

711

712

RUN_(AddDevicePlain, "plain device API creation exercise");

713

RUN_(AddDeviceLuks, "Format and use LUKS device");

714

RUN_(UseLuksDevice, "Use pre-formated LUKS device");

715

RUN_(SuspendDevice, "Suspend/Resume test");

716

717

718

_cleanup();

719

return 0;

720

}

Older »