* [Buildroot] [PATCH 1/1] support/testing: add cryptsetup runtime test
@ 2024-01-26 23:05 Julien Olivain
2024-02-05 21:37 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Julien Olivain @ 2024-01-26 23:05 UTC (permalink / raw)
To: buildroot; +Cc: Julien Olivain
Signed-off-by: Julien Olivain <ju.o@free.fr>
---
DEVELOPERS | 2 +
.../testing/tests/package/test_cryptsetup.py | 137 ++++++++++++++++++
.../test_cryptsetup/linux-cryptsetup.fragment | 5 +
3 files changed, 144 insertions(+)
create mode 100644 support/testing/tests/package/test_cryptsetup.py
create mode 100644 support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment
diff --git a/DEVELOPERS b/DEVELOPERS
index 9528837dd0..18bdde6e69 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1764,6 +1764,8 @@ F: support/testing/tests/package/test_bc.py
F: support/testing/tests/package/test_brotli.py
F: support/testing/tests/package/test_bzip2.py
F: support/testing/tests/package/test_compressor_base.py
+F: support/testing/tests/package/test_cryptsetup.py
+F: support/testing/tests/package/test_cryptsetup/
F: support/testing/tests/package/test_ddrescue.py
F: support/testing/tests/package/test_ddrescue/
F: support/testing/tests/package/test_dos2unix.py
diff --git a/support/testing/tests/package/test_cryptsetup.py b/support/testing/tests/package/test_cryptsetup.py
new file mode 100644
index 0000000000..759dfd7c5f
--- /dev/null
+++ b/support/testing/tests/package/test_cryptsetup.py
@@ -0,0 +1,137 @@
+import os
+import subprocess
+
+import infra.basetest
+
+
+class TestCryptSetup(infra.basetest.BRTest):
+ # A specific configuration is needed for using cryptsetup:
+ # - A kernel config fragment enables all the parts needed for
+ # mounting a LUKS2 volume,
+ # - Enable OpenSSL for cryptsetup crypto backend library,
+ # - Enable e2fsprog for formatting a ext4 filesystem.
+ kern_frag = \
+ infra.filepath("tests/package/test_cryptsetup/linux-cryptsetup.fragment")
+ config = \
+ f"""
+ BR2_aarch64=y
+ BR2_TOOLCHAIN_EXTERNAL=y
+ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
+ BR2_LINUX_KERNEL=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1.75"
+ BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
+ BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-virt/linux.config"
+ BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="{kern_frag}"
+ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
+ BR2_PACKAGE_CRYPTSETUP=y
+ BR2_PACKAGE_E2FSPROGS=y
+ BR2_PACKAGE_OPENSSL=y
+ BR2_TARGET_ROOTFS_CPIO=y
+ BR2_TARGET_ROOTFS_CPIO_GZIP=y
+ # BR2_TARGET_ROOTFS_TAR is not set
+ """
+
+ def test_run(self):
+ disk_file = os.path.join(self.builddir, "images", "disk.img")
+ self.emulator.logfile.write(f"Creating disk image: {disk_file}")
+ subprocess.check_call(
+ ["dd", "if=/dev/urandom", f"of={disk_file}", "bs=1M", "count=20"],
+ stdout=self.emulator.logfile,
+ stderr=self.emulator.logfile)
+
+ img = os.path.join(self.builddir, "images", "rootfs.cpio.gz")
+ kern = os.path.join(self.builddir, "images", "Image")
+
+ bootargs = ["console=ttyAMA0"]
+ qemu_opts = ["-M", "virt", "-cpu", "cortex-a57", "-m", "256M",
+ "-initrd", img,
+ "-drive", f"file={disk_file},if=virtio,format=raw"]
+ self.emulator.boot(arch="aarch64",
+ kernel=kern,
+ kernel_cmdline=bootargs,
+ options=qemu_opts)
+ self.emulator.login()
+
+ # Check the program can execute.
+ self.assertRunOk("cryptsetup --version")
+
+ passkey = "ThisIsAPassKey."
+ dev = "/dev/vda"
+ dm_name = "luks-vol"
+ dm_dev = f"/dev/mapper/{dm_name}"
+ mnt_pt = "/mnt/secure-volume"
+
+ # Check the device is NOT detected as a LUKS volume, because
+ # it is not formatted yet.
+ is_luks_cmd = f"cryptsetup isLuks {dev}"
+ _, ret = self.emulator.run(is_luks_cmd)
+ self.assertNotEqual(ret, 0)
+
+ # Format the LUKS volume.
+ cmd = f"echo {passkey} | cryptsetup luksFormat {dev}"
+ self.assertRunOk(cmd, timeout=30)
+
+ # Check the device is now detected as a LUKS device.
+ self.assertRunOk(is_luks_cmd)
+
+ # Dump LUKS device header information.
+ self.assertRunOk(f"cryptsetup luksDump {dev}")
+
+ # Open the LUKS device
+ luks_open_cmd = f"echo {passkey} | "
+ luks_open_cmd += f"cryptsetup open --type luks {dev} {dm_name}"
+ self.assertRunOk(luks_open_cmd, timeout=10)
+
+ # Create an ext4 filesystem.
+ self.assertRunOk(f"mke2fs -T ext4 {dm_dev}", timeout=10)
+
+ # Create the mount point directory.
+ self.assertRunOk(f"mkdir {mnt_pt}")
+
+ # Mount the LUKS device.
+ mount_cmd = f"mount {dm_dev} {mnt_pt}"
+ self.assertRunOk(mount_cmd)
+
+ # Create a plain text file in the mounted filesystem.
+ msg = "This is a plain text message"
+ plain_file = f"{mnt_pt}/file.txt"
+ self.assertRunOk(f"echo '{msg}' > {plain_file}")
+
+ # Unmount.
+ self.assertRunOk(f"umount {mnt_pt}")
+
+ # We are supposed to see our plain text message on the
+ # dm-crypt device.
+ self.assertRunOk(f"grep -Fq '{msg}' {dm_dev}", timeout=10)
+
+ # Close the LUKS device
+ self.assertRunOk(f"cryptsetup close {dm_name}")
+
+ # We are NOT supposed to find our plain text message on the
+ # crypted storage device.
+ _, ret = self.emulator.run(f"grep -Fq '{msg}' {dev}", timeout=10)
+ self.assertNotEqual(ret, 0)
+
+ # Try to open LUKS volume with a wrong password. This is
+ # expected to fail.
+ cmd = f"echo 'Wrong{passkey}' | "
+ cmd += f"cryptsetup open --type luks {dev} {dm_name}"
+ _, ret = self.emulator.run(cmd, timeout=10)
+ self.assertNotEqual(ret, 0)
+
+ # Check the device-mapper device was NOT created (since we
+ # tried to open it with a wrong password).
+ self.assertRunOk(f"test ! -e {dm_dev}")
+
+ # Reopen the LUKS device, with the good passkey this time...
+ self.assertRunOk(luks_open_cmd, timeout=10)
+
+ # ...remount...
+ self.assertRunOk(mount_cmd)
+
+ # ...and read back our plain text file. We check we get back
+ # our original message.
+ out, ret = self.emulator.run(f"cat {plain_file}")
+ self.assertEqual(ret, 0)
+ self.assertEqual(out[0], msg)
diff --git a/support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment b/support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment
new file mode 100644
index 0000000000..37d5494fc2
--- /dev/null
+++ b/support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment
@@ -0,0 +1,5 @@
+CONFIG_BLK_DEV_DM=y
+CONFIG_CRYPTO_AES=y
+CONFIG_CRYPTO_XTS=y
+CONFIG_DM_CRYPT=y
+CONFIG_MD=y
--
2.43.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] support/testing: add cryptsetup runtime test
2024-01-26 23:05 [Buildroot] [PATCH 1/1] support/testing: add cryptsetup runtime test Julien Olivain
@ 2024-02-05 21:37 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-02-05 21:37 UTC (permalink / raw)
To: Julien Olivain; +Cc: buildroot
On Sat, 27 Jan 2024 00:05:20 +0100
Julien Olivain <ju.o@free.fr> wrote:
> Signed-off-by: Julien Olivain <ju.o@free.fr>
> ---
> DEVELOPERS | 2 +
> .../testing/tests/package/test_cryptsetup.py | 137 ++++++++++++++++++
> .../test_cryptsetup/linux-cryptsetup.fragment | 5 +
> 3 files changed, 144 insertions(+)
> create mode 100644 support/testing/tests/package/test_cryptsetup.py
> create mode 100644 support/testing/tests/package/test_cryptsetup/linux-cryptsetup.fragment
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-05 21:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-26 23:05 [Buildroot] [PATCH 1/1] support/testing: add cryptsetup runtime test Julien Olivain
2024-02-05 21:37 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox