[CRYPTOMOUNT-TEST v2 7/7] test: Add cryptomount test.

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CRYPTOMOUNT-TEST v2 7/7] test: Add cryptomount test.

From:	Glenn Washburn
Subject:	[CRYPTOMOUNT-TEST v2 7/7] test: Add cryptomount test.
Date:	Mon, 17 Aug 2020 04:57:49 -0500

Signed-off-by: Glenn Washburn <development@efficientek.com>
---
 Makefile.util.def             |   6 ++
 tests/grub_cmd_cryptomount.in | 154 ++++++++++++++++++++++++++++++++++
 2 files changed, 160 insertions(+)
 create mode 100644 tests/grub_cmd_cryptomount.in

diff --git a/Makefile.util.def b/Makefile.util.def
index cfc71f1ab..f0f87f1a6 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -1044,6 +1044,12 @@ script = {
   common = tests/grub_script_return.in;
 };
 
+script = {
+  testcase;
+  name = grub_cmd_cryptomount;
+  common = tests/grub_cmd_cryptomount.in;
+};
+
 script = {
   testcase;
   name = grub_cmd_regexp;
diff --git a/tests/grub_cmd_cryptomount.in b/tests/grub_cmd_cryptomount.in
new file mode 100644
index 000000000..dc666085d
--- /dev/null
+++ b/tests/grub_cmd_cryptomount.in
@@ -0,0 +1,154 @@
+#! @BUILD_SHEBANG@ -e
+
+# Run GRUB script in a Qemu instance
+# Copyright (C) 2010  Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+
+if [ "x$EUID" = "x" ] ; then
+  EUID=`id -u`
+fi
+
+if [ "$EUID" != 0 ] ; then
+   exit 77
+fi
+
+if ! which cryptsetup >/dev/null 2>&1; then
+   echo "cryptsetup not installed; cannot test cryptomount."
+   exit 77
+fi
+
+if ! which mkfs.vfat >/dev/null 2>&1; then
+   echo "mkfs.vfat not installed; cannot test cryptomount."
+   exit 77
+fi
+
+COMMON_OPTS='--cs-opts="--pbkdf-force-iterations 1000"'
+
+_testcase() {
+    local EXPECTEDRES=$1
+    local LOGPREFIX=$2
+    local res=0
+    local output
+    shift 2
+    output=`"$@" 2>&1` || res=$?
+
+    if [ "$res" -eq "$EXPECTEDRES" ]; then
+        if [ "$res" -eq 0 ]; then
+            echo $LOGPREFIX PASS
+        else
+            echo $LOGPREFIX XFAIL
+        fi
+    else
+        echo "Error[$res]: $output"
+        if [ "$res" -eq 0 ]; then
+            echo $LOGPREFIX XPASS
+        elif [ "$res" -eq 1 ]; then
+            echo $LOGPREFIX FAIL
+        else
+            # Any exit code other than 1 or 0, indicates a hard error,
+            # not a test error
+            echo $LOGPREFIX ERROR
+            return 99
+        fi
+        return 1
+    fi
+}
+
+testcase() { _testcase 0 "$@"; }
+testcase_fail() { _testcase 1 "$@"; }
+
+### LUKS1 tests
+eval testcase "'LUKS1 test cryptsetup defaults:'" \
+    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS
+
+eval testcase "'LUKS1 test with twofish cipher:'" \
+    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+        "--cs-opts='--cipher twofish-xts-plain64'"
+
+eval testcase_fail "'LUKS1 test detached header support:'" \
+    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+        --detached-header
+
+eval testcase "'LUKS1 test key file support:'" \
+    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+        --keyfile
+
+eval testcase "'LUKS1 test key file with offset:'" \
+    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+        --keyfile --cs-opts="--keyfile-offset=237"
+
+eval testcase "'LUKS1 test key file with offset and size:'" \
+    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+        --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'"
+
+eval testcase_fail "'LUKS1 test both detached header and key file:'" \
+    @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \
+        --keyfile --detached-header
+
+### LUKS2 tests (mirroring the LUKS1 tests above)
+LUKS2_COMMON_OPTS="--luks=2 --cs-opts=--pbkdf=pbkdf2"
+eval testcase_fail "'LUKS2 test cryptsetup defaults:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS
+
+eval testcase_fail "'LUKS2 test with twofish cipher:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        "--cs-opts='--cipher twofish-xts-plain64'"
+
+eval testcase_fail "'LUKS2 test detached header support:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        --detached-header
+
+eval testcase_fail "'LUKS2 test key file support:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        --keyfile
+
+eval testcase_fail "'LUKS2 test key file with offset:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        --keyfile --cs-opts="--keyfile-offset=237"
+
+eval testcase_fail "'LUKS2 test key file with offset and size:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'"
+
+eval testcase_fail "'LUKS2 test both detached header and key file:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        --keyfile --detached-header
+
+### LUKS2 specific tests
+eval testcase_fail "'LUKS2 test with 1k sector size:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        "--cs-opts='--sector-size 1024'"
+
+eval testcase_fail "'LUKS2 test with 2k sector size:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        "--cs-opts='--sector-size 2048'"
+
+eval testcase_fail "'LUKS2 test with 4k sector size:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        "--cs-opts='--sector-size 4096'"
+
+eval testcase_fail "'LUKS2 test with non-default key slot:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        "--cs-opts='--key-slot 5'"
+
+eval testcase_fail "'LUKS2 test with different metadata size:'" \
+    @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \
+        "--cs-opts='--luks2-metadata-size 512k'"
+
+eval testcase_fail "'LUKS2 test with argon2 pbkdf:'" \
+    @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \
+        "--cs-opts='--pbkdf-memory 32'" "--cs-opts='--pbkdf-parallel 1'"
+
+exit 0
-- 
2.25.1

[Prev in Thread]

Current Thread

[Next in Thread]

[CRYPTOMOUNT-TEST 7/7] test: Add cryptomount test., Glenn Washburn, 2020/08/16
- [CRYPTOMOUNT-TEST v2 7/7] test: Add cryptomount test., Glenn Washburn <=

Prev by Date: Re: Some grub functional tests failing
Next by Date: [CRYPTOMOUNT-TEST v2 6/7] tests: Add grub-shell-luks-tester to facilitate functional LUKS1/2 testing.
Previous by thread: [CRYPTOMOUNT-TEST 7/7] test: Add cryptomount test.
Next by thread: GRUB build failure
Index(es):
- Date
- Thread