From: Glenn Washburn <development@efficientek.com>
To: grub-devel@gnu.org
Cc: Glenn Washburn <development@efficientek.com>
Subject: [CRYPTOMOUNT-TEST 7/7] test: Add cryptomount test.
Date: Sun, 16 Aug 2020 19:05:18 -0500 [thread overview]
Message-ID: <20200817000518.4006518-8-development@efficientek.com> (raw)
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
Makefile.util.def | 6 ++
tests/grub_cmd_cryptomount.in | 156 ++++++++++++++++++++++++++++++++++
2 files changed, 162 insertions(+)
create mode 100644 tests/grub_cmd_cryptomount.in
diff --git a/Makefile.util.def b/Makefile.util.def
index cfc71f1ab..f0f87f1a6 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -1044,6 +1044,12 @@ script = {
common = tests/grub_script_return.in;
};
+script = {
+ testcase;
+ name = grub_cmd_cryptomount;
+ common = tests/grub_cmd_cryptomount.in;
+};
+
script = {
testcase;
name = grub_cmd_regexp;
diff --git a/tests/grub_cmd_cryptomount.in b/tests/grub_cmd_cryptomount.in
new file mode 100644
index 000000000..b156b6acc
--- /dev/null
+++ b/tests/grub_cmd_cryptomount.in
@@ -0,0 +1,156 @@
+#! @BUILD_SHEBANG@ -e
+
+# Run GRUB script in a Qemu instance
+# Copyright (C) 2010 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+if [ "x$EUID" = "x" ] ; then
+ EUID=`id -u`
+fi
+
+if [ "$EUID" != 0 ] ; then
+ exit 77
+fi
+
+if ! which cryptsetup >/dev/null 2>&1; then
+ echo "cryptsetup not installed; cannot test cryptomount."
+ exit 77
+fi
+
+if ! which mkfs.vfat >/dev/null 2>&1; then
+ echo "mkfs.vfat not installed; cannot test cryptomount."
+ exit 77
+fi
+
+COMMON_OPTS='--cs-opts="--pbkdf-force-iterations 1000"'
+
+_testcase() {
+ local EXPECTEDRES=$1
+ local LOGPREFIX=$2
+ local res=0
+ local output
+ shift 2
+ output=`"$@" 2>&1` || res=$?
+
+ if [ "$res" -eq "$EXPECTEDRES" ]; then
+ if [ "$res" -eq 0 ]; then
+ echo $LOGPREFIX PASS
+ else
+ echo $LOGPREFIX XFAIL
+ fi
+ else
+ echo "Error[$res]: $output"
+ if [ "$res" -eq 0 ]; then
+ echo $LOGPREFIX XPASS
+ elif [ "$res" -eq 1 ]; then
+ echo $LOGPREFIX FAIL
+ else
+ # Any exit code other than 1 or 0, indicates a hard error,
+ # not a test error
+ echo $LOGPREFIX ERROR
+ return 99
+ fi
+ return 1
+ fi
+}
+
+testcase() { _testcase 0 "$@"; }
+testcase_fail() { _testcase 1 "$@"; }
+
+### LUKS1 tests
+eval testcase "'LUKS1 test cryptsetup defaults:'" \
+ @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS
+
+eval testcase "'LUKS1 test with twofish cipher:'" \
+ @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+ "--cs-opts='--cipher twofish-xts-plain64'"
+
+eval testcase_fail "'LUKS1 test detached header support:'" \
+ @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+ --detached-header
+
+eval testcase "'LUKS1 test key file support:'" \
+ @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+ --keyfile
+
+eval testcase "'LUKS1 test key file with offset:'" \
+ @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+ --keyfile --cs-opts="--keyfile-offset=237"
+
+eval testcase "'LUKS1 test key file with offset and size:'" \
+ @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+ --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'"
+
+eval testcase_fail "'LUKS1 test both detached header and key file:'" \
+ @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+ --keyfile --detached-header
+
+### LUKS2 tests
+LUKS2_COMMON_OPTS="--luks=2 --cs-opts=--pbkdf=pbkdf2"
+eval testcase_fail "'LUKS2 test cryptsetup defaults:'" \
+ @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS
+
+eval testcase_fail "'LUKS2 test with twofish cipher:'" \
+ @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+ "--cs-opts='--cipher twofish-xts-plain64'"
+
+eval testcase_fail "'LUKS2 test detached header support:'" \
+ @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+ --detached-header
+
+eval testcase_fail "'LUKS2 test key file support:'" \
+ @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+ --keyfile
+
+eval testcase_fail "'LUKS2 test both detached header and key file:'" \
+ @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+ --keyfile --detached-header
+
+eval testcase_fail "'LUKS2 test both detached header and key file with offset:'" \
+ @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+ --keyfile --detached-header \
+ --cs-opts="--keyfile-offset=237"
+
+eval testcase_fail "'LUKS2 test both detached header and key file with offset and size:'" \
+ @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+ --keyfile --detached-header \
+ "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'"
+
+### LUKS2 specific tests
+eval testcase_fail "'LUKS2 test with 1k sector size:'" \
+ @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+ --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--sector-size 1024'"
+
+eval testcase_fail "'LUKS2 test with 2k sector size:'" \
+ @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+ --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--sector-size 2048'"
+
+eval testcase_fail "'LUKS2 test with 4k sector size:'" \
+ @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+ --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--sector-size 4096'"
+
+eval testcase_fail "'LUKS2 test with non-default key slot:'" \
+ @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+ --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--key-slot 5'"
+
+eval testcase_fail "'LUKS2 test with different metadata size:'" \
+ @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+ --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--luks2-metadata-size 512k'"
+
+eval testcase_fail "'LUKS2 test with argon2 pbkdf:'" \
+ @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+ "--cs-opts='--pbkdf-memory 32'" "--cs-opts='--pbkdf-parallel 1'"
+
+exit 0
--
2.25.1
next reply other threads:[~2020-08-17 0:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 0:05 Glenn Washburn [this message]
2020-08-17 9:57 ` [CRYPTOMOUNT-TEST v2 7/7] test: Add cryptomount test Glenn Washburn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200817000518.4006518-8-development@efficientek.com \
--to=development@efficientek.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.