From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1o1Xmu-0006FE-6O
	for mharc-grub-devel@gnu.org; Wed, 15 Jun 2022 14:30:44 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55202)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1o1Xms-0006F0-OI
 for grub-devel@gnu.org; Wed, 15 Jun 2022 14:30:42 -0400
Received: from mail-qk1-x72d.google.com ([2607:f8b0:4864:20::72d]:33675)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1o1Xmp-00015O-1Y
 for grub-devel@gnu.org; Wed, 15 Jun 2022 14:30:42 -0400
Received: by mail-qk1-x72d.google.com with SMTP id d23so9428655qke.0
 for <grub-devel@gnu.org>; Wed, 15 Jun 2022 11:30:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=efficientek-com.20210112.gappssmtp.com; s=20210112;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=UaVoepSc9f0I/UEGR8g68f9jscKhIL0kmIvqdLUSRAs=;
 b=0rz0hZyvhk0+OYEWYeJV/IOsFb2EkexE6dJ5v1ZeqFrp3dLHYuyb15gW4ChJK9jw0i
 GRbqe7KfWZYaGQ//duspr3bQFvU+weCygaTA5MYUj5I2SegiJ/RH+LhXNtGPbSTue7OU
 U6G5pw5MLcNoiOtt6is9nZWoXn5VAi4lN9IAkZ0Klkq0ctaaKQPAfC8dykwGKLYcM55J
 stp9/dBVsJpi94VUEpSLvsuR+Mu1daJLRlqs6JyI5/BcZm+1zp6TrDWxVZXDGy8lbU7l
 MSGonjomhb1WM/aRXCNEdjWyc5LB6jQq/xplLAVHALEoNCXVYJbUO2D5QUvDLmel7G6R
 Zm4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=UaVoepSc9f0I/UEGR8g68f9jscKhIL0kmIvqdLUSRAs=;
 b=bDsnU9NZF4EqRDyoVilir4Lvjfgukc2elYNz0vJvMZEaZYykn0DLDEWwZHeamyWaCP
 wTXWIFhUm0RnmO0XasMPQ4jeJvJ6mFffLl9wZokN4s0qgeFy8mLKlM4f4m/Gidnb4ZaY
 P3/vFpljTsCta2K1ZfzpyC8MVp8oHIxJsrAwFyg9YNs1YJpU89ZQDoxTyhec9qUWQGEc
 GluOV9qZlPNZ5rOC07AwA8yV3oxorxGM0s0GY0W206mr2jkwh94Q3sE8GvKPbeyD/VnP
 /9UPBA9LTIYfRJUOUDqDxefSred5tl7Vi/kzFgWudRO7nffu4A3Upf7uOdkfjjCYUSaA
 FAGw==
X-Gm-Message-State: AJIora+gpZtu6VWwSXznw37WK6u2+GFBgTpQkwwYeixWUZBkJ5txmLpg
 5s9b2ibBvSS9rISPUlmwzWWXiaaofvTgqQ==
X-Google-Smtp-Source: AGRyM1sJQtniTjvR1TLwXnxpimumUwywD4TOlKGubRibmRkAi/+NL56LcsQhSNRmZGIXP/clGrW2+g==
X-Received: by 2002:a05:620a:4142:b0:6a7:59d7:6f53 with SMTP id
 k2-20020a05620a414200b006a759d76f53mr834786qko.671.1655317836964; 
 Wed, 15 Jun 2022 11:30:36 -0700 (PDT)
Received: from localhost.localdomain ([37.218.244.249])
 by smtp.gmail.com with ESMTPSA id
 c23-20020ac85197000000b003051fbe450csm9923057qtn.31.2022.06.15.11.30.34
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 15 Jun 2022 11:30:35 -0700 (PDT)
From: Glenn Washburn <development@efficientek.com>
To: grub-devel@gnu.org,
	Daniel Kiper <dkiper@net-space.pl>
Cc: Fabian Vogt <fvogt@suse.de>,
 Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>,
 Glenn Washburn <development@efficientek.com>
Subject: [PATCH v4] grub-fs-tester: Add luks1 and luks2 support
Date: Wed, 15 Jun 2022 13:30:22 -0500
Message-Id: <20220615183022.92091-1-development@efficientek.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::72d;
 envelope-from=development@efficientek.com; helo=mail-qk1-x72d.google.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2022 18:30:43 -0000

From: Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>

The logical sector size used by LUKS1 is 512 bytes and LUKS2 uses 512 to
4069 bytes. The deafualt password used is "pass", but can be overridden
by setting the PASS environment variable. The device mapper name is set
to the name of the temp directory so that its easy to corrolate device
mapper name with a particular test run. Also since this name is unique
per test run, multiple simultaneous test runs are allowed.

Note that cryptsetup is passing the --disable-locks parameter to allow
cryptsetup run successfully when /run/lock/cryptsetup is not accessible.
Since the device mapper name is unique per test run, there is no need to
worry about locking the device to serialize access.

Signed-off-by: Pierre-Louis Bonicoli <pierre-louis.bonicoli@libregerbil.fr>
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
Update from v3:
 * Add --force-password so that cryptsetup does not fail with the default
   password on systems where cryptsetup is built with the password quality
   checking library. Cryptsetup is not built this way on Debian or Ubuntu
   systems, but on Fabian's test system, which I presume is a SUSE variant,
   it is.

This is a heavily modified version of Pierre-Louis's v2 patch. It has
been tested with Fabian's v3 and Josselin's v4 series for x86_64-efi.
Some notable differences from the previous version:
 * Rebase on to master accounting for cleanup() changes
 * Allow multple tests runs to run simultaneously
 * Allow specifying alternate password with environment variable
 * Fixed bug in previous version where LC_ALL=C was being set for echo and
   not run_it
 * Make output on UUID fail consistent with other filesystems
 * Allow tests to work with older cryptsetups
 * Fixed bug where luks1 tests were actually testing luks2
 * Address my review comments

Note: The luks2 test will fail without some form of working grub-probe
support for luks2. This patch is independent of the above mentioned
patch series, will apply without them just fine, and can be reviewed
independently.

Glenn
---
 .gitignore                   |  2 ++
 Makefile.util.def            | 12 ++++++++
 tests/luks1_test.in          | 23 +++++++++++++++
 tests/luks2_test.in          | 23 +++++++++++++++
 tests/util/grub-fs-tester.in | 57 ++++++++++++++++++++++++++++++++++--
 5 files changed, 115 insertions(+), 2 deletions(-)
 create mode 100644 tests/luks1_test.in
 create mode 100644 tests/luks2_test.in

diff --git a/.gitignore b/.gitignore
index f6a1bd051..4064d3d1e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -230,6 +230,8 @@ widthspec.bin
 /lib/libgcrypt-grub
 /libgrub_a_init.c
 /lzocompress_test
+/luks1_test
+/luks2_test
 /m4/
 /minixfs_test
 /missing
diff --git a/Makefile.util.def b/Makefile.util.def
index d919c562c..3f1162b76 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -1213,6 +1213,18 @@ script = {
   common = tests/syslinux_test.in;
 };
 
+script = {
+  testcase = native;
+  name = luks1_test;
+  common = tests/luks1_test.in;
+};
+
+script = {
+  testcase = native;
+  name = luks2_test;
+  common = tests/luks2_test.in;
+};
+
 program = {
   testcase = native;
   name = example_unit_test;
diff --git a/tests/luks1_test.in b/tests/luks1_test.in
new file mode 100644
index 000000000..cd28fd714
--- /dev/null
+++ b/tests/luks1_test.in
@@ -0,0 +1,23 @@
+#!@BUILD_SHEBANG@
+
+set -e
+
+if [ "x$EUID" = "x" ] ; then
+  EUID=`id -u`
+fi
+
+if [ "$EUID" != 0 ] ; then
+   exit 99
+fi
+
+if ! which mkfs.ext2 >/dev/null 2>&1; then
+   echo "mkfs.ext2 not installed; cannot test luks."
+   exit 99
+fi
+
+if ! which cryptsetup >/dev/null 2>&1; then
+   echo "cryptsetup not installed; cannot test luks."
+   exit 99
+fi
+
+"@builddir@/grub-fs-tester" luks1
diff --git a/tests/luks2_test.in b/tests/luks2_test.in
new file mode 100644
index 000000000..6a26ba626
--- /dev/null
+++ b/tests/luks2_test.in
@@ -0,0 +1,23 @@
+#!@BUILD_SHEBANG@
+
+set -e
+
+if [ "x$EUID" = "x" ] ; then
+  EUID=`id -u`
+fi
+
+if [ "$EUID" != 0 ] ; then
+   exit 99
+fi
+
+if ! which mkfs.ext2 >/dev/null 2>&1; then
+   echo "mkfs.ext2 not installed; cannot test luks2."
+   exit 99
+fi
+
+if ! which cryptsetup >/dev/null 2>&1; then
+   echo "cryptsetup not installed; cannot test luks2."
+   exit 99
+fi
+
+"@builddir@/grub-fs-tester" luks2
diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in
index 43f6175c3..de4430ae9 100644
--- a/tests/util/grub-fs-tester.in
+++ b/tests/util/grub-fs-tester.in
@@ -6,6 +6,7 @@ export BLKID_FILE=/dev/null
 fs="$1"
 
 GRUBFSTEST="@builddir@/grub-fstest"
+GRUBPROBE="@builddir@/grub-probe"
 
 tempdir=`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(date '+%Y%m%d%H%M%S%N').${fs}.XXX"` ||
 { echo "Failed to make temporary directory"; exit 99; }
@@ -13,6 +14,8 @@ tempdir=`mktemp -d "${TMPDIR:-/tmp}/${0##*/}.$(date '+%Y%m%d%H%M%S%N').${fs}.XXX
 # xorriso -as mkisofs options to ignore locale when processing file names and
 # FSLABEL. This is especially needed for the conversion to Joliet UCS-2.
 XORRISOFS_CHARSET="-input-charset UTF-8 -output-charset UTF-8"
+DMNAME="${tempdir##*/}"
+PASS="${PASS:-pass}"
 
 MOUNTS=
 LODEVICES=
@@ -28,6 +31,10 @@ cleanup() {
 	umount "$i" || :
     done
 
+    if [ -e /dev/mapper/"$DMNAME" ]; then
+	cryptsetup close --disable-locks "$DMNAME"
+    fi
+
     for lodev in $LODEVICES; do
 	local i=600
 	while losetup -l -O NAME | grep -q "^$lodev\$"; do
@@ -68,7 +75,12 @@ run_grubfstest () {
 	need_images="$need_images $FSIMAGEP${i}.img";
     done
 
-    run_it -c $NEED_IMAGES_N $need_images  "$@"
+    case x"$fs" in
+	xluks*)
+	    echo -n "$PASS" | run_it -C -c $NEED_IMAGES_N $need_images  "$@";;
+	*)
+	    run_it -c $NEED_IMAGES_N $need_images  "$@";;
+    esac
 }
 
 # OS LIMITATION: GNU/Linux has no AFS support, so we use a premade image and a reference tar file. I.a. no multiblocksize test
@@ -76,6 +88,8 @@ run_grubfstest () {
 MINLOGSECSIZE=9
 MAXLOGSECSIZE=9
 case x"$fs" in
+    xluks2)
+	MAXLOGSECSIZE=12;;
     xntfs*)
 	MINLOGSECSIZE=8
 	MAXLOGSECSIZE=12;;
@@ -363,7 +377,7 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    #FSLABEL="g;/_é莭莽😁кит u"
 		    ;;
 		# FS LIMITATION: reiserfs, extN and jfs label is at most 16 UTF-8 characters
-		x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"mdraid"* | x"jfs" | x"jfs_caseins")
+		x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"luks"* | x"mdraid"* | x"jfs" | x"jfs_caseins")
 		    FSLABEL="g;/éт 莭😁";;
 		# FS LIMITATION: No underscore, space, semicolon, slash or international characters in UFS* in label. Limited to 32 UTF-8 characters
 		x"ufs1" | x"ufs1_sun" | x"ufs2")
@@ -832,6 +846,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    MOUNTDEVICE="/dev/mapper/grub_test-testvol"
 		    MOUNTFS=ext2
 		    "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}"  ;;
+		x"luks"*)
+		    echo -n "$PASS" | cryptsetup luksFormat --type "$fs" --sector-size $SECSIZE --pbkdf pbkdf2 --force-password --disable-locks $LODEVICE
+		    echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$DMNAME"
+		    MOUNTDEVICE="/dev/mapper/${DMNAME}"
+		    MOUNTFS=ext2
+		    "mkfs.ext2" -L "$FSLABEL" -q "${MOUNTDEVICE}"  ;;
 		xf2fs)
 		    "mkfs.f2fs" -l "$FSLABEL" -q "${MOUNTDEVICE}" ;;
 		xnilfs2)
@@ -944,6 +964,22 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    GRUBDEVICE="mduuid/`mdadm --detail --export $MOUNTDEVICE | grep MD_UUID=|sed 's,MD_UUID=,,g;s,:,,g'`";;
 		xlvm*)
 		    GRUBDEVICE="lvm/grub_test-testvol";;
+		xluks*)
+		    if test x"$fs" = xluks2 && ! (cryptsetup luksDump --debug-json --disable-locks $LODEVICE | grep -q "\"sector_size\":$SECSIZE"); then
+			    echo "Unexpected sector size for $LODEVICE (expected: $SECSIZE)"
+			    exit 1
+		    fi
+
+		    UUID=$(cryptsetup luksUUID --disable-locks $LODEVICE | tr -d '-')
+		    PROBE_UUID=$("$GRUBPROBE" --device $MOUNTDEVICE --target=cryptodisk_uuid)
+		    if [ x"$UUID" != x"$PROBE_UUID" ]; then
+			echo "UUID FAIL"
+			echo "$UUID"
+			echo "$PROBE_UUID"
+			exit 1
+		    fi
+		    GRUBDEVICE="cryptouuid/${UUID}"
+		    ;;
 	    esac
 	    GRUBDIR="($GRUBDEVICE)"
 	    case x"$fs" in
@@ -1102,6 +1138,15 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    sleep 1
 		    vgchange -a n grub_test
 		    ;;
+		xluks*)
+		    for try in $(range 0 20 1); do
+			if umount "$MNTPOINTRW" ; then
+			    break;
+			fi
+		    done
+		    UMOUNT_TIME=$(date -u "+%Y-%m-%d %H:%M:%S")
+		    cryptsetup close --disable-locks "$DMNAME"
+		    ;;
 		xmdraid*)
 		    sleep 1
 		    for try in $(range 0 20 1); do
@@ -1152,6 +1197,11 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}${SELINUXOPTS}ro
 		    MOUNTS="$MOUNTS $MNTPOINTRO"
 		    ;;
+		xluks*)
+		    echo -n "$PASS" | cryptsetup open --disable-locks $LODEVICE "$DMNAME"
+		    mount -t "$MOUNTFS" "${MOUNTDEVICE}" "$MNTPOINTRO" -o ${MOUNTOPTS}${SELINUXOPTS}ro
+		    MOUNTS="$MOUNTS $MNTPOINTRO"
+		    ;;
 		xmdraid*)
 		    mdadm --assemble /dev/md/"${fs}_$NDEVICES" $LODEVICES
 		    sleep 1
@@ -1600,6 +1650,9 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
 		    vgchange -a n grub_test
 		    sleep 1
 		    ;;
+		xluks*)
+		    cryptsetup close --disable-locks "$DMNAME"
+		    ;;
 	    esac
 	    case x"$fs" in
 		x"tarfs" | x"cpio_"* | x"iso9660" | xrockridge | xjoliet | xrockridge_joliet | x"ziso9660" | x"romfs" | x"squash4_"* | x"iso9660_1999" | xrockridge_1999 | xjoliet_1999 | xrockridge_joliet_1999) ;;
-- 
2.34.1