From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1k7Sek-0007lf-8y for mharc-grub-devel@gnu.org; Sun, 16 Aug 2020 20:05:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39616) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k7Sei-0007iF-CK for grub-devel@gnu.org; Sun, 16 Aug 2020 20:05:40 -0400 Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]:42268) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k7Seg-00064p-4L for grub-devel@gnu.org; Sun, 16 Aug 2020 20:05:40 -0400 Received: by mail-pl1-x62d.google.com with SMTP id f5so6622855plr.9 for ; Sun, 16 Aug 2020 17:05:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficientek-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5BcDcneOUkufgyd6d5+Sd7j2EnXHZqbPI4jRBy5TlGk=; b=cera/X9GapSW0bqRGve+iqedc8LwMJDrYSQQo+b6PNTmlCPzVSxzMj/gQpU7Qg1jqa WZVHidu3qAmOfJ3aBa4FSc78VIuL2g8d2Hsn7qG3AuG2Akc10PoTqVZj+X0zlOtN7Y8+ virQny5z6tV7RlGRpvuLVA7ey04q5WX6oSlyMGrzv7ale9Dleg0rWnpcY2OMDaHaMrIY afaAAF8E0yVwSnIsofMxw2mZ2HYlGqzlj6kiAAWotwvMo6PubKsvFNKYoRg4QbyFGl2t 1d6ty9ospfRw0KGRMyA8kX5sJ8RB2OogWjuVoCPI3tZrDZDD4bNgKiy8vpvr40yMC61n gb4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=5BcDcneOUkufgyd6d5+Sd7j2EnXHZqbPI4jRBy5TlGk=; b=iiHE7Cg5pGiieysPG2XdOkHmJtN/XYnbaDvHpT2ypbOek1azP6r0K8/8idXh5Tb8fb EzT98re9cTG7nIcuMCgw80NUkyhbumyT0/zw2J42P9jGHWORg/hyn9+PGxweI+uckzsK P2I0XqGhRvXRxq8NC6f2aLqd4M0DdtdMgaVphgnq73UBLZG2vUJprTAOz0v2wC91h+8X xVO/D46EGardRxaL+3xWrNeo8/um4Ja1ch7XlWoqX8ePYm98ScZhtJDVc5kaaU1epZfj TBns0eNn6eEF/JU4yHb0waQRIx57iSjsQcGiHq0c2Wez4QmLNmc37FNG6eHUuQSpjQXb jbHA== X-Gm-Message-State: AOAM530QMMzDlSHHyzQBoVPTUIKV7AgbMfd6B1jHunWtVB7FvtPCb7mv hP4EkabhWzlDHuZwPkAiFZwmJS+CxazEQA== X-Google-Smtp-Source: ABdhPJyiGkggRMJg9y2Tlja1RslnQ28+ZpAuJdr6dTsBDbMPp0dRk55NVlCOVrnbHQ2mxanix7dZVg== X-Received: by 2002:a17:90a:6fc5:: with SMTP id e63mr9938913pjk.200.1597622736388; Sun, 16 Aug 2020 17:05:36 -0700 (PDT) Received: from crass-HP-ZBook-15-G2.lan ([136.49.44.103]) by smtp.gmail.com with ESMTPSA id h19sm14967000pjv.41.2020.08.16.17.05.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 16 Aug 2020 17:05:36 -0700 (PDT) From: Glenn Washburn To: grub-devel@gnu.org Cc: Glenn Washburn Subject: [CRYPTOMOUNT-TEST 7/7] test: Add cryptomount test. Date: Sun, 16 Aug 2020 19:05:18 -0500 Message-Id: <20200817000518.4006518-8-development@efficientek.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::62d; envelope-from=development@efficientek.com; helo=mail-pl1-x62d.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Aug 2020 00:05:40 -0000 Signed-off-by: Glenn Washburn --- Makefile.util.def | 6 ++ tests/grub_cmd_cryptomount.in | 156 ++++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 tests/grub_cmd_cryptomount.in diff --git a/Makefile.util.def b/Makefile.util.def index cfc71f1ab..f0f87f1a6 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -1044,6 +1044,12 @@ script = { common = tests/grub_script_return.in; }; +script = { + testcase; + name = grub_cmd_cryptomount; + common = tests/grub_cmd_cryptomount.in; +}; + script = { testcase; name = grub_cmd_regexp; diff --git a/tests/grub_cmd_cryptomount.in b/tests/grub_cmd_cryptomount.in new file mode 100644 index 000000000..b156b6acc --- /dev/null +++ b/tests/grub_cmd_cryptomount.in @@ -0,0 +1,156 @@ +#! @BUILD_SHEBANG@ -e + +# Run GRUB script in a Qemu instance +# Copyright (C) 2010 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +if [ "x$EUID" = "x" ] ; then + EUID=`id -u` +fi + +if [ "$EUID" != 0 ] ; then + exit 77 +fi + +if ! which cryptsetup >/dev/null 2>&1; then + echo "cryptsetup not installed; cannot test cryptomount." + exit 77 +fi + +if ! which mkfs.vfat >/dev/null 2>&1; then + echo "mkfs.vfat not installed; cannot test cryptomount." + exit 77 +fi + +COMMON_OPTS='--cs-opts="--pbkdf-force-iterations 1000"' + +_testcase() { + local EXPECTEDRES=$1 + local LOGPREFIX=$2 + local res=0 + local output + shift 2 + output=`"$@" 2>&1` || res=$? + + if [ "$res" -eq "$EXPECTEDRES" ]; then + if [ "$res" -eq 0 ]; then + echo $LOGPREFIX PASS + else + echo $LOGPREFIX XFAIL + fi + else + echo "Error[$res]: $output" + if [ "$res" -eq 0 ]; then + echo $LOGPREFIX XPASS + elif [ "$res" -eq 1 ]; then + echo $LOGPREFIX FAIL + else + # Any exit code other than 1 or 0, indicates a hard error, + # not a test error + echo $LOGPREFIX ERROR + return 99 + fi + return 1 + fi +} + +testcase() { _testcase 0 "$@"; } +testcase_fail() { _testcase 1 "$@"; } + +### LUKS1 tests +eval testcase "'LUKS1 test cryptsetup defaults:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS + +eval testcase "'LUKS1 test with twofish cipher:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + "--cs-opts='--cipher twofish-xts-plain64'" + +eval testcase_fail "'LUKS1 test detached header support:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --detached-header + +eval testcase "'LUKS1 test key file support:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile + +eval testcase "'LUKS1 test key file with offset:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile --cs-opts="--keyfile-offset=237" + +eval testcase "'LUKS1 test key file with offset and size:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'" + +eval testcase_fail "'LUKS1 test both detached header and key file:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile --detached-header + +### LUKS2 tests +LUKS2_COMMON_OPTS="--luks=2 --cs-opts=--pbkdf=pbkdf2" +eval testcase_fail "'LUKS2 test cryptsetup defaults:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS + +eval testcase_fail "'LUKS2 test with twofish cipher:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--cipher twofish-xts-plain64'" + +eval testcase_fail "'LUKS2 test detached header support:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --detached-header + +eval testcase_fail "'LUKS2 test key file support:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile + +eval testcase_fail "'LUKS2 test both detached header and key file:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile --detached-header + +eval testcase_fail "'LUKS2 test both detached header and key file with offset:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile --detached-header \ + --cs-opts="--keyfile-offset=237" + +eval testcase_fail "'LUKS2 test both detached header and key file with offset and size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile --detached-header \ + "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'" + +### LUKS2 specific tests +eval testcase_fail "'LUKS2 test with 1k sector size:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--sector-size 1024'" + +eval testcase_fail "'LUKS2 test with 2k sector size:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--sector-size 2048'" + +eval testcase_fail "'LUKS2 test with 4k sector size:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--sector-size 4096'" + +eval testcase_fail "'LUKS2 test with non-default key slot:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--key-slot 5'" + +eval testcase_fail "'LUKS2 test with different metadata size:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + --cs-opts="--pbkdf=pbkdf2" "--cs-opts='--luks2-metadata-size 512k'" + +eval testcase_fail "'LUKS2 test with argon2 pbkdf:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + "--cs-opts='--pbkdf-memory 32'" "--cs-opts='--pbkdf-parallel 1'" + +exit 0 -- 2.25.1