2
* cryptsetup library API check functions
4
* Copyright (C) 2009 Red Hat, Inc. All rights reserved.
6
* This program is free software; you can redistribute it and/or
7
* modify it under the terms of the GNU General Public License
8
* version 2 as published by the Free Software Foundation.
10
* This program is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
* GNU General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, write to the Free Software
17
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28
#include "libcryptsetup.h"
30
#define DMDIR "/dev/mapper/"
32
#define DEVICE_1 "/dev/loop5"
33
#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
34
#define DEVICE_2 "/dev/loop6"
35
#define DEVICE_EMPTY_name "crypt_zero"
36
#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
37
#define DEVICE_ERROR_name "crypt_error"
38
#define DEVICE_ERROR DMDIR DEVICE_ERROR_name
40
#define CDEVICE_1 "ctest1"
41
#define CDEVICE_2 "ctest2"
42
#define CDEVICE_WRONG "O_o"
44
#define IMAGE1 "compatimage.img"
45
#define IMAGE_EMPTY "empty.img"
47
#define KEYFILE1 "key1.file"
48
#define KEY1 "compatkey"
50
#define KEYFILE2 "key2.file"
51
#define KEY2 "0123456789abcdef"
53
static int _debug = 0;
54
static int _verbose = 1;
56
static char global_log[4096];
57
static int global_lines = 0;
60
static int _prepare_keyfile(const char *name, const char *passphrase)
64
fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR);
66
r = write(fd, passphrase, strlen(passphrase));
71
return r == strlen(passphrase) ? 0 : 1;
74
static void _remove_keyfiles(void)
80
// Decode key from its hex representation
81
static int crypt_decode_key(unsigned char *key, const char *hex, unsigned int size)
89
for (i = 0; i < size; i++) {
93
key[i] = (unsigned char)strtoul(buffer, &endp, 16);
95
if (endp != &buffer[2])
105
static int yesDialog(char *msg)
110
static void cmdLineLog(int class, char *msg)
112
strncat(global_log, msg, sizeof(global_log));
116
static void new_log(int class, const char *msg, void *usrptr)
118
cmdLineLog(class, (char*)msg);
122
static void reset_log()
124
memset(global_log, 0, sizeof(global_log));
128
static struct interface_callbacks cmd_icb = {
129
.yesDialog = yesDialog,
133
static void _cleanup(void)
137
//system("udevadm settle");
139
if (!stat(DMDIR CDEVICE_1, &st))
140
system("dmsetup remove " CDEVICE_1);
142
if (!stat(DMDIR CDEVICE_2, &st))
143
system("dmsetup remove " CDEVICE_2);
145
if (!stat(DEVICE_EMPTY, &st))
146
system("dmsetup remove " DEVICE_EMPTY_name);
148
if (!stat(DEVICE_ERROR, &st))
149
system("dmsetup remove " DEVICE_ERROR_name);
151
if (!strncmp("/dev/loop", DEVICE_1, 9))
152
system("losetup -d " DEVICE_1);
154
if (!strncmp("/dev/loop", DEVICE_2, 9))
155
system("losetup -d " DEVICE_2);
157
system("rm -f " IMAGE_EMPTY);
161
static void _setup(void)
163
system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"");
164
system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"");
165
if (!strncmp("/dev/loop", DEVICE_1, 9))
166
system("losetup " DEVICE_1 " " IMAGE1);
167
if (!strncmp("/dev/loop", DEVICE_2, 9)) {
168
system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4");
169
system("losetup " DEVICE_2 " " IMAGE_EMPTY);
174
void check_ok(int status, int line, const char *func)
179
crypt_get_error(buf, sizeof(buf));
180
printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);
186
void check_ko(int status, int line, const char *func)
190
memset(buf, 0, sizeof(buf));
191
crypt_get_error(buf, sizeof(buf));
193
printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, buf);
197
printf(" => errno %d, errmsg: %s\n", status, buf);
200
void check_equal(int line, const char *func)
202
printf("FAIL line %d [%s]: expected equal values differs.\n", line, func);
207
void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt)
211
printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt);
213
printf(" [%s,%s:%d] %s\n", msg, func, line, tst);
216
#define OK_(x) do { xlog("(success)", #x, __FUNCTION__, __LINE__, NULL); \
217
check_ok((x), __LINE__, __FUNCTION__); \
219
#define FAIL_(x, y) do { xlog("(fail) ", #x, __FUNCTION__, __LINE__, y); \
220
check_ko((x), __LINE__, __FUNCTION__); \
222
#define EQ_(x, y) do { xlog("(equal) ", #x " == " #y, __FUNCTION__, __LINE__, NULL); \
223
if ((x) != (y)) check_equal(__LINE__, __FUNCTION__); \
226
#define RUN_(x, y) do { printf("%s: %s\n", #x, (y)); x(); } while (0)
229
static void LuksUUID(void)
231
struct crypt_options co = { .icb = &cmd_icb };
233
co.device = DEVICE_EMPTY;
234
EQ_(crypt_luksUUID(&co), -EINVAL);
236
co.device = DEVICE_ERROR;
237
EQ_(crypt_luksUUID(&co), -EINVAL);
240
co.device = DEVICE_1;
241
OK_(crypt_luksUUID(&co));
242
EQ_(strlen(global_log), 37); /* UUID + "\n" */
243
EQ_(strncmp(global_log, DEVICE_1_UUID, strlen(DEVICE_1_UUID)), 0);
247
static void IsLuks(void)
249
struct crypt_options co = { .icb = &cmd_icb };
251
co.device = DEVICE_EMPTY;
252
EQ_(crypt_isLuks(&co), -EINVAL);
254
co.device = DEVICE_ERROR;
255
EQ_(crypt_isLuks(&co), -EINVAL);
257
co.device = DEVICE_1;
258
OK_(crypt_isLuks(&co));
261
static void LuksOpen(void)
263
struct crypt_options co = {
265
//.passphrase = "blabla",
269
OK_(_prepare_keyfile(KEYFILE1, KEY1));
270
co.key_file = KEYFILE1;
272
co.device = DEVICE_EMPTY;
273
EQ_(crypt_luksOpen(&co), -EINVAL);
275
co.device = DEVICE_ERROR;
276
EQ_(crypt_luksOpen(&co), -EINVAL);
278
co.device = DEVICE_1;
279
OK_(crypt_luksOpen(&co));
280
FAIL_(crypt_luksOpen(&co), "already open");
285
static void query_device(void)
287
struct crypt_options co = {. icb = &cmd_icb };
289
co.name = CDEVICE_WRONG;
290
EQ_(crypt_query_device(&co), 0);
293
EQ_(crypt_query_device(&co), 1);
295
OK_(strncmp(crypt_get_dir(), DMDIR, 11));
296
OK_(strcmp(co.cipher, "aes-cbc-essiv:sha256"));
297
EQ_(co.key_size, 16);
298
EQ_(co.offset, 1032);
299
EQ_(co.flags & CRYPT_FLAG_READONLY, 0);
301
crypt_put_options(&co);
304
static void remove_device(void)
307
struct crypt_options co = {. icb = &cmd_icb };
309
co.name = CDEVICE_WRONG;
310
EQ_(crypt_remove_device(&co), -ENODEV);
312
fd = open(DMDIR CDEVICE_1, O_RDONLY);
314
FAIL_(crypt_remove_device(&co), "device busy");
317
OK_(crypt_remove_device(&co));
320
static void LuksFormat(void)
322
struct crypt_options co = {
326
.cipher = "aes-cbc-essiv:sha256",
329
.iteration_time = 10,
334
OK_(_prepare_keyfile(KEYFILE1, KEY1));
336
co.new_key_file = KEYFILE1;
337
co.device = DEVICE_ERROR;
338
FAIL_(crypt_luksFormat(&co), "error device");
340
co.device = DEVICE_2;
341
OK_(crypt_luksFormat(&co));
343
co.new_key_file = NULL;
344
co.key_file = KEYFILE1;
346
OK_(crypt_luksOpen(&co));
347
OK_(crypt_remove_device(&co));
351
static void LuksKeyGame(void)
354
struct crypt_options co = {
358
.cipher = "aes-cbc-essiv:sha256",
361
.iteration_time = 10,
366
OK_(_prepare_keyfile(KEYFILE1, KEY1));
367
OK_(_prepare_keyfile(KEYFILE2, KEY2));
369
co.new_key_file = KEYFILE1;
370
co.device = DEVICE_2;
372
FAIL_(crypt_luksFormat(&co), "wrong slot #");
374
co.key_slot = 7; // last slot
375
OK_(crypt_luksFormat(&co));
377
co.new_key_file = KEYFILE1;
378
co.key_file = KEYFILE1;
380
FAIL_(crypt_luksAddKey(&co), "wrong slot #");
382
FAIL_(crypt_luksAddKey(&co), "slot already used");
385
OK_(crypt_luksAddKey(&co));
387
co.key_file = KEYFILE2 "blah";
389
FAIL_(crypt_luksAddKey(&co), "keyfile not found");
391
co.new_key_file = KEYFILE2; // key to add
392
co.key_file = KEYFILE1;
394
for (i = 0; i < 6; i++)
395
OK_(crypt_luksAddKey(&co)); //FIXME: EQ_(i)?
397
FAIL_(crypt_luksAddKey(&co), "all slots full");
400
co.new_key_file = KEYFILE1; // key to remove
402
co.key_slot = 8; // should be ignored
403
// only 2 slots should use KEYFILE1
404
OK_(crypt_luksRemoveKey(&co));
405
OK_(crypt_luksRemoveKey(&co));
406
FAIL_(crypt_luksRemoveKey(&co), "no slot with this passphrase");
408
co.new_key_file = KEYFILE2 "blah";
410
FAIL_(crypt_luksRemoveKey(&co), "keyfile not found");
413
co.new_key_file = NULL;
416
FAIL_(crypt_luksKillSlot(&co), "wrong slot #");
418
FAIL_(crypt_luksKillSlot(&co), "slot already wiped");
421
OK_(crypt_luksKillSlot(&co));
426
size_t _get_device_size(const char *device)
428
unsigned long size = 0;
431
fd = open(device, O_RDONLY);
434
(void)ioctl(fd, BLKGETSIZE, &size);
440
void DeviceResizeGame(void)
443
struct crypt_options co = {
447
.cipher = "aes-cbc-plain",
454
orig_size = _get_device_size(DEVICE_2);
456
OK_(_prepare_keyfile(KEYFILE2, KEY2));
458
co.key_file = KEYFILE2;
460
OK_(crypt_create_device(&co));
461
EQ_(_get_device_size(DMDIR CDEVICE_2), 1000);
464
OK_(crypt_resize_device(&co));
465
EQ_(_get_device_size(DMDIR CDEVICE_2), 2000);
468
OK_(crypt_resize_device(&co));
469
EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 333));
474
co.cipher = "aes-cbc-benbi";
475
OK_(crypt_update_device(&co));
476
EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 444));
478
memset(&co, 0, sizeof(co));
481
EQ_(crypt_query_device(&co), 1);
482
EQ_(strcmp(co.cipher, "aes-cbc-benbi"), 0);
483
EQ_(co.key_size, 128 / 8);
486
OK_(crypt_remove_device(&co));
488
crypt_put_options(&co);
495
static void AddDevicePlain(void)
497
struct crypt_device *cd;
498
struct crypt_params_plain params = {
504
unsigned char key[128], key2[128], path[128];
506
char *passphrase = "blabla";
507
char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
508
size_t key_size = strlen(mk_hex) / 2;
509
char *cipher = "aes";
510
char *cipher_mode = "cbc-essiv:sha256";
512
crypt_decode_key(key, mk_hex, key_size);
514
FAIL_(crypt_init(&cd, ""), "empty device string");
516
OK_(crypt_init(&cd, DEVICE_1));
517
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
518
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
520
// device status check
521
EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);
522
snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1);
523
fd = open(path, O_RDONLY);
524
EQ_(crypt_status(cd, CDEVICE_1), BUSY);
525
FAIL_(crypt_deactivate(cd, CDEVICE_1), "Device is busy");
527
OK_(crypt_deactivate(cd, CDEVICE_1));
528
EQ_(crypt_status(cd, CDEVICE_1), INACTIVE);
530
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
531
EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);
533
// retrieve volume key check
534
memset(key2, 0, key_size);
537
FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer");
539
OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
541
OK_(memcmp(key, key2, key_size));
542
OK_(strcmp(cipher, crypt_get_cipher(cd)));
543
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
544
EQ_(key_size, crypt_get_volume_key_size(cd));
545
EQ_(0, crypt_get_data_offset(cd));
546
OK_(crypt_deactivate(cd, CDEVICE_1));
550
static void UseLuksDevice(void)
552
struct crypt_device *cd;
557
OK_(crypt_init(&cd, DEVICE_1));
558
OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
559
EQ_(crypt_status(cd, CDEVICE_1), INACTIVE);
560
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
561
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
562
EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);
563
OK_(crypt_deactivate(cd, CDEVICE_1));
564
FAIL_(crypt_deactivate(cd, CDEVICE_1), "no such device");
567
OK_(strcmp("aes", crypt_get_cipher(cd)));
568
OK_(strcmp("cbc-essiv:sha256", crypt_get_cipher_mode(cd)));
569
OK_(strcmp(DEVICE_1_UUID, crypt_get_uuid(cd)));
570
EQ_(key_size, crypt_get_volume_key_size(cd));
571
EQ_(1032, crypt_get_data_offset(cd));
573
EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
574
OK_(crypt_volume_key_verify(cd, key, key_size));
575
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
576
EQ_(crypt_status(cd, CDEVICE_1), ACTIVE);
577
OK_(crypt_deactivate(cd, CDEVICE_1));
580
FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
581
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
585
static void SuspendDevice(void)
587
struct crypt_device *cd;
592
OK_(crypt_init(&cd, DEVICE_1));
593
OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
594
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
596
OK_(crypt_suspend(cd, CDEVICE_1));
597
FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
599
FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
600
OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
601
FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
603
OK_(_prepare_keyfile(KEYFILE1, KEY1));
604
OK_(crypt_suspend(cd, CDEVICE_1));
605
FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
606
OK_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0));
607
FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
610
OK_(crypt_deactivate(cd, CDEVICE_1));
614
static void AddDeviceLuks(void)
616
struct crypt_device *cd;
617
struct crypt_params_luks1 params = {
619
.data_alignment = 2048, // 4M, data offset will be 4096
622
unsigned char key[128], key2[128], path[128];
624
char *passphrase = "blabla";
625
char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
626
size_t key_size = strlen(mk_hex) / 2;
627
char *cipher = "aes";
628
char *cipher_mode = "cbc-essiv:sha256";
630
crypt_decode_key(key, mk_hex, key_size);
632
OK_(crypt_init(&cd, DEVICE_2));
633
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
635
// even with no keyslots defined it can be activated by volume key
636
OK_(crypt_volume_key_verify(cd, key, key_size));
637
OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0));
638
EQ_(crypt_status(cd, CDEVICE_2), ACTIVE);
639
OK_(crypt_deactivate(cd, CDEVICE_2));
642
EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
643
EQ_(SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
644
EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
645
EQ_(crypt_status(cd, CDEVICE_2), ACTIVE);
646
OK_(crypt_deactivate(cd, CDEVICE_2));
648
FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
650
FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
652
EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));
653
EQ_(SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
655
FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
656
FAIL_(crypt_keyslot_destroy(cd, CRYPT_ANY_SLOT), "invalid keyslot");
657
FAIL_(crypt_keyslot_destroy(cd, 0), "keyslot not used");
658
OK_(crypt_keyslot_destroy(cd, 7));
659
EQ_(SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
660
EQ_(SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
662
EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
663
OK_(crypt_volume_key_verify(cd, key2, key_size));
665
OK_(memcmp(key, key2, key_size));
666
OK_(strcmp(cipher, crypt_get_cipher(cd)));
667
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
668
EQ_(key_size, crypt_get_volume_key_size(cd));
669
EQ_(4096, crypt_get_data_offset(cd));
672
crypt_set_log_callback(cd, &new_log, NULL);
674
OK_(!(global_lines != 0));
675
crypt_set_log_callback(cd, NULL, NULL);
678
FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
682
int main (int argc, char *argv[])
687
printf("You must be root to run this test.\n");
691
for (i = 1; i < argc; i++) {
692
if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i]))
694
else if (!strcmp("--debug", argv[i]))
695
_debug = _verbose = 1;
701
crypt_set_debug_level(_debug ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);
703
RUN_(LuksUUID, "luksUUID API call");
704
RUN_(IsLuks, "isLuks API call");
705
RUN_(LuksOpen, "luksOpen API call");
706
RUN_(query_device, "crypt_query_device API call");
707
RUN_(remove_device, "crypt_remove_device API call");
708
RUN_(LuksFormat, "luksFormat API call");
709
RUN_(LuksKeyGame, "luksAddKey, RemoveKey, KillSlot API calls");
710
RUN_(DeviceResizeGame, "regular crypto, resize calls");
712
RUN_(AddDevicePlain, "plain device API creation exercise");
713
RUN_(AddDeviceLuks, "Format and use LUKS device");
714
RUN_(UseLuksDevice, "Use pre-formated LUKS device");
715
RUN_(SuspendDevice, "Suspend/Resume test");