All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] support/testing: add cryptsetup runtime test
@ 2024-01-26 23:05 Julien Olivain
  2024-02-05 21:37 ` Thomas Petazzoni via buildroot
  0 siblings, 1 reply; 2+ messages in thread
From: Julien Olivain @ 2024-01-26 23:05 UTC (permalink / raw)
  To: buildroot; +Cc: Julien Olivain

Signed-off-by: Julien Olivain <ju.o@free.fr>
---
 DEVELOPERS                                    |   2 +
 .../testing/tests/package/test_cryptsetup.py  | 137 ++++++++++++++++++
 .../test_cryptsetup/linux-cryptsetup.fragment |   5 +
 3 files changed, 144 insertions(+)
 create mode 100644 support/testing/tests/package/test_cryptsetup.py
 create mode 100644 support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment

diff --git a/DEVELOPERS b/DEVELOPERS
index 9528837dd0..18bdde6e69 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1764,6 +1764,8 @@ F:	support/testing/tests/package/test_bc.py
 F:	support/testing/tests/package/test_brotli.py
 F:	support/testing/tests/package/test_bzip2.py
 F:	support/testing/tests/package/test_compressor_base.py
+F:	support/testing/tests/package/test_cryptsetup.py
+F:	support/testing/tests/package/test_cryptsetup/
 F:	support/testing/tests/package/test_ddrescue.py
 F:	support/testing/tests/package/test_ddrescue/
 F:	support/testing/tests/package/test_dos2unix.py
diff --git a/support/testing/tests/package/test_cryptsetup.py b/support/testing/tests/package/test_cryptsetup.py
new file mode 100644
index 0000000000..759dfd7c5f
--- /dev/null
+++ b/support/testing/tests/package/test_cryptsetup.py
@@ -0,0 +1,137 @@
+import os
+import subprocess
+
+import infra.basetest
+
+
+class TestCryptSetup(infra.basetest.BRTest):
+    # A specific configuration is needed for using cryptsetup:
+    # - A kernel config fragment enables all the parts needed for
+    #   mounting a LUKS2 volume,
+    # - Enable OpenSSL for cryptsetup crypto backend library,
+    # - Enable e2fsprog for formatting a ext4 filesystem.
+    kern_frag = \
+        infra.filepath("tests/package/test_cryptsetup/linux-cryptsetup.fragment")
+    config = \
+        f"""
+        BR2_aarch64=y
+        BR2_TOOLCHAIN_EXTERNAL=y
+        BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
+        BR2_LINUX_KERNEL=y
+        BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+        BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1.75"
+        BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
+        BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-virt/linux.config"
+        BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="{kern_frag}"
+        BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
+        BR2_PACKAGE_CRYPTSETUP=y
+        BR2_PACKAGE_E2FSPROGS=y
+        BR2_PACKAGE_OPENSSL=y
+        BR2_TARGET_ROOTFS_CPIO=y
+        BR2_TARGET_ROOTFS_CPIO_GZIP=y
+        # BR2_TARGET_ROOTFS_TAR is not set
+        """
+
+    def test_run(self):
+        disk_file = os.path.join(self.builddir, "images", "disk.img")
+        self.emulator.logfile.write(f"Creating disk image: {disk_file}")
+        subprocess.check_call(
+            ["dd", "if=/dev/urandom", f"of={disk_file}", "bs=1M", "count=20"],
+            stdout=self.emulator.logfile,
+            stderr=self.emulator.logfile)
+
+        img = os.path.join(self.builddir, "images", "rootfs.cpio.gz")
+        kern = os.path.join(self.builddir, "images", "Image")
+
+        bootargs = ["console=ttyAMA0"]
+        qemu_opts = ["-M", "virt", "-cpu", "cortex-a57", "-m", "256M",
+                     "-initrd", img,
+                     "-drive", f"file={disk_file},if=virtio,format=raw"]
+        self.emulator.boot(arch="aarch64",
+                           kernel=kern,
+                           kernel_cmdline=bootargs,
+                           options=qemu_opts)
+        self.emulator.login()
+
+        # Check the program can execute.
+        self.assertRunOk("cryptsetup --version")
+
+        passkey = "ThisIsAPassKey."
+        dev = "/dev/vda"
+        dm_name = "luks-vol"
+        dm_dev = f"/dev/mapper/{dm_name}"
+        mnt_pt = "/mnt/secure-volume"
+
+        # Check the device is NOT detected as a LUKS volume, because
+        # it is not formatted yet.
+        is_luks_cmd = f"cryptsetup isLuks {dev}"
+        _, ret = self.emulator.run(is_luks_cmd)
+        self.assertNotEqual(ret, 0)
+
+        # Format the LUKS volume.
+        cmd = f"echo {passkey} | cryptsetup luksFormat {dev}"
+        self.assertRunOk(cmd, timeout=30)
+
+        # Check the device is now detected as a LUKS device.
+        self.assertRunOk(is_luks_cmd)
+
+        # Dump LUKS device header information.
+        self.assertRunOk(f"cryptsetup luksDump {dev}")
+
+        # Open the LUKS device
+        luks_open_cmd = f"echo {passkey} | "
+        luks_open_cmd += f"cryptsetup open --type luks {dev} {dm_name}"
+        self.assertRunOk(luks_open_cmd, timeout=10)
+
+        # Create an ext4 filesystem.
+        self.assertRunOk(f"mke2fs -T ext4 {dm_dev}", timeout=10)
+
+        # Create the mount point directory.
+        self.assertRunOk(f"mkdir {mnt_pt}")
+
+        # Mount the LUKS device.
+        mount_cmd = f"mount {dm_dev} {mnt_pt}"
+        self.assertRunOk(mount_cmd)
+
+        # Create a plain text file in the mounted filesystem.
+        msg = "This is a plain text message"
+        plain_file = f"{mnt_pt}/file.txt"
+        self.assertRunOk(f"echo '{msg}' > {plain_file}")
+
+        # Unmount.
+        self.assertRunOk(f"umount {mnt_pt}")
+
+        # We are supposed to see our plain text message on the
+        # dm-crypt device.
+        self.assertRunOk(f"grep -Fq '{msg}' {dm_dev}", timeout=10)
+
+        # Close the LUKS device
+        self.assertRunOk(f"cryptsetup close {dm_name}")
+
+        # We are NOT supposed to find our plain text message on the
+        # crypted storage device.
+        _, ret = self.emulator.run(f"grep -Fq '{msg}' {dev}", timeout=10)
+        self.assertNotEqual(ret, 0)
+
+        # Try to open LUKS volume with a wrong password. This is
+        # expected to fail.
+        cmd = f"echo 'Wrong{passkey}' | "
+        cmd += f"cryptsetup open --type luks {dev} {dm_name}"
+        _, ret = self.emulator.run(cmd, timeout=10)
+        self.assertNotEqual(ret, 0)
+
+        # Check the device-mapper device was NOT created (since we
+        # tried to open it with a wrong password).
+        self.assertRunOk(f"test ! -e {dm_dev}")
+
+        # Reopen the LUKS device, with the good passkey this time...
+        self.assertRunOk(luks_open_cmd, timeout=10)
+
+        # ...remount...
+        self.assertRunOk(mount_cmd)
+
+        # ...and read back our plain text file. We check we get back
+        # our original message.
+        out, ret = self.emulator.run(f"cat {plain_file}")
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[0], msg)
diff --git a/support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment b/support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment
new file mode 100644
index 0000000000..37d5494fc2
--- /dev/null
+++ b/support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment
@@ -0,0 +1,5 @@
+CONFIG_BLK_DEV_DM=y
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_XTS=y
+CONFIG_DM_CRYPT=y
+CONFIG_MD=y
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-05 21:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-26 23:05 [Buildroot] [PATCH 1/1] support/testing: add cryptsetup runtime test Julien Olivain
2024-02-05 21:37 ` Thomas Petazzoni via buildroot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.