From 9906bc40e120f6694c59c510cd9a42848f8c708f Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 7 Mar 2024 12:39:35 +0100 Subject: [PATCH] test: Fix tests on RHEL7 clones (no keyring in dm-crypt). --- tests/api-test-2.c | 5 +++++ tests/compat-test2 | 38 +++++++++++++++++++++++++++----------- tests/mode-test | 37 +++++++++++++++++++++++++++++-------- 3 files changed, 61 insertions(+), 19 deletions(-) diff --git a/tests/api-test-2.c b/tests/api-test-2.c index 8a7a60eb2..9442c63fa 100644 --- a/tests/api-test-2.c +++ b/tests/api-test-2.c @@ -5304,6 +5304,11 @@ static void KeyslotContextAndKeyringLink(void) pbkdf.iterations = 1000; } + if (!t_dm_crypt_keyring_support()) { + printf("WARNING: dm-crypt does not support keyring, skipping test.\n"); + return; + } + OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset)); OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1)); diff --git a/tests/compat-test2 b/tests/compat-test2 index 96d51602a..5a5875a2b 100755 --- a/tests/compat-test2 +++ b/tests/compat-test2 @@ -173,6 +173,20 @@ function valgrind_run() INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" } +function dm_crypt_capi_support() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + + if [ $VER_MIN -ge 16 ]; then + return 0 + fi + return 1 +} + function dm_crypt_keyring_support() { $CRYPTSETUP --version | grep -q KEYRING || return 1 @@ -1454,17 +1468,19 @@ if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail fi -prepare "[44] LUKS2 invalid cipher (kernel cipher driver name)" wipe -xz -dk $HEADER_LUKS2_INV.xz -dd if=$HEADER_LUKS2_INV of=$IMG conv=notrunc >/dev/null 2>&1 -$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "capi:xts(ecb(aes-generic))-plain64" || fail -echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail -echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME 2>&1 | grep -q "No known cipher specification pattern" || fail -echo $PWD1 | $CRYPTSETUP reencrypt $LOOPDEV >/dev/null 2>&1 && fail -dmsetup create $DEV_NAME --uuid CRYPT-LUKS2-3d20686f551748cb89911ad32379821b-test --table \ - "0 8 crypt capi:xts(ecb(aes-generic))-plain64 edaa40709797973715e572bf7d86fcbb9cfe2051083c33c28d58fe4e1e7ff642 0 $LOOPDEV 32768" -$CRYPTSETUP status $DEV_NAME | grep -q "n/a" || fail -$CRYPTSETUP close $DEV_NAME ||fail +if dm_crypt_capi_support; then + prepare "[44] LUKS2 invalid cipher (kernel cipher driver name)" wipe + xz -dk $HEADER_LUKS2_INV.xz + dd if=$HEADER_LUKS2_INV of=$IMG conv=notrunc >/dev/null 2>&1 + $CRYPTSETUP -q luksDump $LOOPDEV | grep -q "capi:xts(ecb(aes-generic))-plain64" || fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail + echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME 2>&1 | grep -q "No known cipher specification pattern" || fail + echo $PWD1 | $CRYPTSETUP reencrypt $LOOPDEV >/dev/null 2>&1 && fail + dmsetup create $DEV_NAME --uuid CRYPT-LUKS2-3d20686f551748cb89911ad32379821b-test --table \ + "0 8 crypt capi:xts(ecb(aes-generic))-plain64 edaa40709797973715e572bf7d86fcbb9cfe2051083c33c28d58fe4e1e7ff642 0 $LOOPDEV 32768" + $CRYPTSETUP status $DEV_NAME | grep -q "n/a" || fail + $CRYPTSETUP close $DEV_NAME ||fail +fi if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then prepare "[45] Link VK to a keyring and use custom VK type." wipe diff --git a/tests/mode-test b/tests/mode-test index 81780cd66..06daa4043 100755 --- a/tests/mode-test +++ b/tests/mode-test @@ -52,6 +52,22 @@ skip() exit 77 } +function dm_crypt_capi_support() +{ + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) + [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version." + + VER_MAJ=$(echo $VER_STR | cut -f 1 -d.) + VER_MIN=$(echo $VER_STR | cut -f 2 -d.) + VER_PTC=$(echo $VER_STR | cut -f 3 -d.) + + if [ $VER_MIN -ge 16 ]; then + return 0 + fi + + return 1 +} + function valgrind_setup() { command -v valgrind >/dev/null || fail "Cannot find valgrind." @@ -132,7 +148,7 @@ dmcrypt() echo -n -e "PLAIN:" dmcrypt_check "$DEV_NAME"_tstdev $OUT else - echo -n "[n/a]" + echo -n "[N/A]" fi echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF2 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1 @@ -193,12 +209,17 @@ dmcrypt xchacha12,aes-adiantum-plain64 dmcrypt xchacha20,aes-adiantum-plain64 echo -n "CAPI format:" -echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail -$CRYPTSETUP close "$DEV_NAME"_tstdev || fail -echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail -dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail -$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail -$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail -echo [OK] +if dm_crypt_capi_support ; then + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME --debug || fail + $CRYPTSETUP close "$DEV_NAME"_tstdev || fail + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail + dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail + $CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail + $CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail + echo [OK] +else + echo [N/A] +fi cleanup +exit 0