Signed-off-by: Glenn Washburn <developm...@efficientek.com> --- Makefile.util.def | 6 ++ tests/grub_cmd_cryptomount.in | 154 ++++++++++++++++++++++++++++++++++ 2 files changed, 160 insertions(+) create mode 100644 tests/grub_cmd_cryptomount.in
diff --git a/Makefile.util.def b/Makefile.util.def index cfc71f1ab..f0f87f1a6 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -1044,6 +1044,12 @@ script = { common = tests/grub_script_return.in; }; +script = { + testcase; + name = grub_cmd_cryptomount; + common = tests/grub_cmd_cryptomount.in; +}; + script = { testcase; name = grub_cmd_regexp; diff --git a/tests/grub_cmd_cryptomount.in b/tests/grub_cmd_cryptomount.in new file mode 100644 index 000000000..dc666085d --- /dev/null +++ b/tests/grub_cmd_cryptomount.in @@ -0,0 +1,154 @@ +#! @BUILD_SHEBANG@ -e + +# Run GRUB script in a Qemu instance +# Copyright (C) 2010 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see <http://www.gnu.org/licenses/>. + +if [ "x$EUID" = "x" ] ; then + EUID=`id -u` +fi + +if [ "$EUID" != 0 ] ; then + exit 77 +fi + +if ! which cryptsetup >/dev/null 2>&1; then + echo "cryptsetup not installed; cannot test cryptomount." + exit 77 +fi + +if ! which mkfs.vfat >/dev/null 2>&1; then + echo "mkfs.vfat not installed; cannot test cryptomount." + exit 77 +fi + +COMMON_OPTS='--cs-opts="--pbkdf-force-iterations 1000"' + +_testcase() { + local EXPECTEDRES=$1 + local LOGPREFIX=$2 + local res=0 + local output + shift 2 + output=`"$@" 2>&1` || res=$? + + if [ "$res" -eq "$EXPECTEDRES" ]; then + if [ "$res" -eq 0 ]; then + echo $LOGPREFIX PASS + else + echo $LOGPREFIX XFAIL + fi + else + echo "Error[$res]: $output" + if [ "$res" -eq 0 ]; then + echo $LOGPREFIX XPASS + elif [ "$res" -eq 1 ]; then + echo $LOGPREFIX FAIL + else + # Any exit code other than 1 or 0, indicates a hard error, + # not a test error + echo $LOGPREFIX ERROR + return 99 + fi + return 1 + fi +} + +testcase() { _testcase 0 "$@"; } +testcase_fail() { _testcase 1 "$@"; } + +### LUKS1 tests +eval testcase "'LUKS1 test cryptsetup defaults:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS + +eval testcase "'LUKS1 test with twofish cipher:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + "--cs-opts='--cipher twofish-xts-plain64'" + +eval testcase_fail "'LUKS1 test detached header support:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --detached-header + +eval testcase "'LUKS1 test key file support:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile + +eval testcase "'LUKS1 test key file with offset:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile --cs-opts="--keyfile-offset=237" + +eval testcase "'LUKS1 test key file with offset and size:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'" + +eval testcase_fail "'LUKS1 test both detached header and key file:'" \ + @builddir@/grub-shell-luks-tester --luks=1 $COMMON_OPTS \ + --keyfile --detached-header + +### LUKS2 tests (mirroring the LUKS1 tests above) +LUKS2_COMMON_OPTS="--luks=2 --cs-opts=--pbkdf=pbkdf2" +eval testcase_fail "'LUKS2 test cryptsetup defaults:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS + +eval testcase_fail "'LUKS2 test with twofish cipher:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--cipher twofish-xts-plain64'" + +eval testcase_fail "'LUKS2 test detached header support:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --detached-header + +eval testcase_fail "'LUKS2 test key file support:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile + +eval testcase_fail "'LUKS2 test key file with offset:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile --cs-opts="--keyfile-offset=237" + +eval testcase_fail "'LUKS2 test key file with offset and size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile "--cs-opts='--keyfile-offset=237 --keyfile-size=1023'" + +eval testcase_fail "'LUKS2 test both detached header and key file:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + --keyfile --detached-header + +### LUKS2 specific tests +eval testcase_fail "'LUKS2 test with 1k sector size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--sector-size 1024'" + +eval testcase_fail "'LUKS2 test with 2k sector size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--sector-size 2048'" + +eval testcase_fail "'LUKS2 test with 4k sector size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--sector-size 4096'" + +eval testcase_fail "'LUKS2 test with non-default key slot:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--key-slot 5'" + +eval testcase_fail "'LUKS2 test with different metadata size:'" \ + @builddir@/grub-shell-luks-tester $LUKS2_COMMON_OPTS $COMMON_OPTS \ + "--cs-opts='--luks2-metadata-size 512k'" + +eval testcase_fail "'LUKS2 test with argon2 pbkdf:'" \ + @builddir@/grub-shell-luks-tester --luks=2 $COMMON_OPTS \ + "--cs-opts='--pbkdf-memory 32'" "--cs-opts='--pbkdf-parallel 1'" + +exit 0 -- 2.25.1 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel