From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1k7buC-0000AS-Vg for mharc-grub-devel@gnu.org; Mon, 17 Aug 2020 05:58:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32812) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k7buA-00009r-Rq for grub-devel@gnu.org; Mon, 17 Aug 2020 05:58:14 -0400 Received: from mail-qk1-x735.google.com ([2607:f8b0:4864:20::735]:38150) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k7bu8-0004yh-GF for grub-devel@gnu.org; Mon, 17 Aug 2020 05:58:14 -0400 Received: by mail-qk1-x735.google.com with SMTP id 77so14414419qkm.5 for ; Mon, 17 Aug 2020 02:58:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficientek-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ufU/mIH1MOfmRrJ8QAq9vtjUSOF6cSkR+T2o2KBdjt8=; b=NuAJZ+pDYb5V5u+vMkQD0oy48xXNtaIf1InK3gavhr0XsoyaGI0Dzp26mZJFrFpALa xbfdMm/ryUVuzX9DhA7fgIi+W56xbZ8UIyl8j794s0+c0e3U8XMP7xfnTXv7bLvcjqAQ GjtuqAILwxYz4ukq0xMDmfLh+cOd6ufgq3P0fWzdnkK4rKd4ZwCUau02bM8NzxdqrvGg 9mzL9VQr5PfMXThVK6n4bqQHwZKanTq3dhER5N8Kvug9/ohcOdBRjFxTQpHJKG4wtIhQ tdc4x0CxvozoVKW+ciY4J9auPyB3ycH7vlHQmPsLl0fo9vsfxPwSFWaqpDxBoKrS0OUc K5Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ufU/mIH1MOfmRrJ8QAq9vtjUSOF6cSkR+T2o2KBdjt8=; b=ZWuM7QdadxGJOLv7Rut6BVIH/9Q6AniDiLKRt9BmSzmJRjeT/edqFcKKJXPTTq6I6P NC6mDH9rrD/nYfamCRE1kbS3cs2BKie7AsbaVZWBF7tRG0Ewut+0McKomUW43/pngL5U rxikNFsYyuSjQ5k3m6xQnw/I5BS7bYKEZGb9XIzeOhWCwHKu0YB9x2C7QZPQa8CTvJb+ p6sq/blFNCnnPV2HqKJ4AH51jKhtfFwWqSZWulum4DdgiSrwmkUoXgx/3Is+Zfnq7UwZ 1YPjSNIulS5iiUyxC3z3DiP4GaW9H+GzwrM/eIC5debzMhnHA0MXjMKGxOST9sJQqEf6 ukkA== X-Gm-Message-State: AOAM532NV7f9VvsBorPNBFFDhcDVEDsj0LomBZPf3rYot2ItD2ZrLSiz 3OHLA6l8VRg7arxB4ZDEOoYXOTTXMg4m/A== X-Google-Smtp-Source: ABdhPJzIGKPCag6Kg1LC8lyCLhWO2o8wd4o26Kteo66M/1NLpD7EICjEt2n2lVNGTKEK41IKGGaCMg== X-Received: by 2002:a37:61d4:: with SMTP id v203mr12484443qkb.390.1597658290355; Mon, 17 Aug 2020 02:58:10 -0700 (PDT) Received: from crass-HP-ZBook-15-G2.lan ([136.49.44.103]) by smtp.gmail.com with ESMTPSA id m17sm18436844qkn.45.2020.08.17.02.58.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Aug 2020 02:58:09 -0700 (PDT) From: Glenn Washburn To: grub-devel@gnu.org Cc: Glenn Washburn Subject: [CRYPTOMOUNT-TEST v2 7/7] test: Add cryptomount test. Date: Mon, 17 Aug 2020 04:57:49 -0500 Message-Id: <20200817095749.14968-1-development@efficientek.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200817000518.4006518-8-development@efficientek.com> References: <20200817000518.4006518-8-development@efficientek.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::735; envelope-from=development@efficientek.com; helo=mail-qk1-x735.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Aug 2020 09:58:15 -0000 Signed-off-by: Glenn Washburn --- Makefile.util.def | 6 ++ tests/grub_cmd_cryptomount.in | 154 ++++++++++++++++++++++++++++++++++ 2 files changed, 160 insertions(+) create mode 100644 tests/grub_cmd_cryptomount.in diff --git a/Makefile.util.def b/Makefile.util.def index cfc71f1ab..f0f87f1a6 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -1044,6 +1044,12 @@ script = { common = tests/grub_script_return.in; }; +script = { + testcase; + name = grub_cmd_cryptomount; + common = tests/grub_cmd_cryptomount.in; +}; + script = { testcase; name = grub_cmd_regexp; diff --git a/tests/grub_cmd_cryptomount.in b/tests/grub_cmd_cryptomount.in new file mode 100644 index 000000000..dc666085d --- /dev/null +++ b/tests/grub_cmd_cryptomount.in @@ -0,0 +1,154 @@ +#! @BUILD_SHEBANG@ -e + +# Run GRUB script in a Qemu instance +# Copyright (C) 2010 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +if [ "x$EUID" = "x" ] ; then + EUID=`id -u` +fi + +if [ "$EUID" != 0 ] ; then + exit 77 +fi + +if ! which cryptsetup >/dev/null 2>&1; then + echo "cryptsetup not installed; cannot test cryptomount." + exit 77 +fi + +if ! which mkfs.vfat >/dev/null 2>&1; then + echo "mkfs.vfat not installed; cannot test cryptomount." + exit 77 +fi + +COMMON_OPTS='--cs-opts="--pbkdf-force-iterations 1000"' + +_testcase() { + local EXPECTEDRES=$1 + local LOGPREFIX=$2 + local res=0 + local output + shift 2 + output=`"$@" 2>&1` || res=$? + + if [ "$res" -eq "$EXPECTEDRES" ]; then + if [ "$res" -eq 0 ]; then + echo $LOGPREFIX PASS + else + echo $LOGPREFIX XFAIL + fi + else + echo "Error[$res]: $output" + if [ "$res" -eq 0 ]; then + echo $LOGPREFIX XPASS + elif [ "$res" -eq 1 ]; then + echo $LOGPREFIX FAIL + else + # Any exit code other than 1 or 0, indicates a hard error, + # not a test error + echo $LOGPREFIX ERROR + return 99 + fi + return 1 + fi +} + +testcase() { _testcase 0 "$@"; } +testcase_fail() { _testcase 1 "$@"; } + +### LUKS1 tests +eval testcase "'LUKS1 test cryptsetup defaults:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS + +eval testcase "'LUKS1 test with twofish cipher:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + "--cs-opts='--cipher twofish-xts-plain64'" + +eval testcase_fail "'LUKS1 test detached header support:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --detached-header + +eval testcase "'LUKS1 test key file support:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile + +eval testcase "'LUKS1 test key file with offset:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile --cs-opts="--keyfile-offset=237" + +eval testcase "'LUKS1 test key file with offset and size:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'" + +eval testcase_fail "'LUKS1 test both detached header and key file:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile --detached-header + +### LUKS2 tests (mirroring the LUKS1 tests above) +LUKS2_COMMON_OPTS="--luks=2 --cs-opts=--pbkdf=pbkdf2" +eval testcase_fail "'LUKS2 test cryptsetup defaults:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS + +eval testcase_fail "'LUKS2 test with twofish cipher:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--cipher twofish-xts-plain64'" + +eval testcase_fail "'LUKS2 test detached header support:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --detached-header + +eval testcase_fail "'LUKS2 test key file support:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile + +eval testcase_fail "'LUKS2 test key file with offset:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile --cs-opts="--keyfile-offset=237" + +eval testcase_fail "'LUKS2 test key file with offset and size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'" + +eval testcase_fail "'LUKS2 test both detached header and key file:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile --detached-header + +### LUKS2 specific tests +eval testcase_fail "'LUKS2 test with 1k sector size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--sector-size 1024'" + +eval testcase_fail "'LUKS2 test with 2k sector size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--sector-size 2048'" + +eval testcase_fail "'LUKS2 test with 4k sector size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--sector-size 4096'" + +eval testcase_fail "'LUKS2 test with non-default key slot:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--key-slot 5'" + +eval testcase_fail "'LUKS2 test with different metadata size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--luks2-metadata-size 512k'" + +eval testcase_fail "'LUKS2 test with argon2 pbkdf:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + "--cs-opts='--pbkdf-memory 32'" "--cs-opts='--pbkdf-parallel 1'" + +exit 0 -- 2.25.1