| /* |
| * cryptsetup library API test utilities |
| * |
| * Copyright (C) 2009-2018 Red Hat, Inc. All rights reserved. |
| * Copyright (C) 2009-2018, Milan Broz |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License |
| * as published by the Free Software Foundation; either version 2 |
| * of the License, or (at your option) any later version. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| */ |
| |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <inttypes.h> |
| #include <stdlib.h> |
| #include <libdevmapper.h> |
| #include <linux/fs.h> |
| #include <sys/ioctl.h> |
| #include <sys/stat.h> |
| #include <sys/types.h> |
| #include <unistd.h> |
| #ifdef HAVE_SYS_SYSMACROS_H |
| # include <sys/sysmacros.h> |
| #endif |
| #include <linux/loop.h> |
| |
| #include "api_test.h" |
| #include "libcryptsetup.h" |
| |
| static char last_error[256]; |
| static char global_log[4096]; |
| static uint32_t t_dm_crypt_flags = 0; |
| |
| char *THE_LOOP_DEV = NULL; |
| int _debug = 0; |
| int global_lines = 0; |
| int _quit = 0; |
| int _verbose = 0; |
| uint64_t t_dev_offset = 0; |
| |
| static void (*_cleanup)(void); |
| |
| void register_cleanup(void (*cleanup)(void)) |
| { |
| _cleanup = cleanup; |
| } |
| |
| void check_ok(int status, int line, const char *func) |
| { |
| if (status) { |
| printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error); |
| _cleanup(); |
| exit(-1); |
| } |
| } |
| |
| void check_ko(int status, int line, const char *func) |
| { |
| if (status >= 0) { |
| printf("FAIL line %d [%s]: code %d, %s\n", line, func, status, last_error); |
| _cleanup(); |
| exit(-1); |
| } else if (_verbose) |
| printf(" => errno %d, errmsg: %s\n", status, last_error); |
| } |
| |
| void check_equal(int line, const char *func, int64_t x, int64_t y) |
| { |
| printf("FAIL line %d [%s]: expected equal values differs: %" |
| PRIi64 " != %" PRIi64 "\n", line, func, x, y); |
| _cleanup(); |
| exit(-1); |
| } |
| |
| void check_null(int line, const char *func, const void *x) |
| { |
| if (x) { |
| printf("FAIL line %d [%s]: expected NULL value: %p\n", line, func, x); |
| _cleanup(); |
| exit(-1); |
| } |
| } |
| |
| void check_notnull(int line, const char *func, const void *x) |
| { |
| if (!x) { |
| printf("FAIL line %d [%s]: expected not NULL value: %p\n", line, func, x); |
| _cleanup(); |
| exit(-1); |
| } |
| } |
| |
| void xlog(const char *msg, const char *tst, const char *func, int line, const char *txt) |
| { |
| if (_verbose) { |
| if (txt) |
| printf(" [%s,%s:%d] %s [%s]\n", msg, func, line, tst, txt); |
| else |
| printf(" [%s,%s:%d] %s\n", msg, func, line, tst); |
| } |
| if (_quit) { |
| if (_verbose) |
| printf("Interrupted by a signal.\n"); |
| _cleanup(); |
| exit(-1); |
| } |
| } |
| |
| int t_device_size(const char *device, uint64_t *size) |
| { |
| int devfd, r = 0; |
| |
| devfd = open(device, O_RDONLY); |
| if(devfd == -1) |
| return -EINVAL; |
| |
| if (ioctl(devfd, BLKGETSIZE64, size) < 0) |
| r = -EINVAL; |
| close(devfd); |
| return r; |
| } |
| |
| int fips_mode(void) |
| { |
| int fd; |
| char buf = 0; |
| |
| fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY); |
| |
| if (fd < 0) |
| return 0; |
| |
| if (read(fd, &buf, 1) != 1) |
| buf = '0'; |
| |
| close(fd); |
| |
| return (buf == '1'); |
| } |
| |
| /* |
| * Creates dm-linear target over the test loop device. Offset is held in |
| * global variables so that size can be tested whether it fits into remaining |
| * size of the loop device or not |
| */ |
| int create_dmdevice_over_loop(const char *dm_name, const uint64_t size) |
| { |
| char cmd[128]; |
| int r; |
| uint64_t r_size; |
| |
| if (t_device_size(THE_LOOP_DEV, &r_size) < 0 || r_size <= t_dev_offset || !size) |
| return -1; |
| if ((r_size - t_dev_offset) < size) { |
| printf("No enough space on backing loop device\n."); |
| return -2; |
| } |
| snprintf(cmd, sizeof(cmd), |
| "dmsetup create %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"", |
| dm_name, size, THE_LOOP_DEV, t_dev_offset); |
| if (!(r = _system(cmd, 1))) |
| t_dev_offset += size; |
| return r; |
| } |
| |
| // Get key from kernel dm mapping table using dm-ioctl |
| int get_key_dm(const char *name, char *buffer, unsigned int buffer_size) |
| { |
| struct dm_task *dmt; |
| struct dm_info dmi; |
| uint64_t start, length; |
| char *target_type, *key, *params; |
| void *next = NULL; |
| int r = -EINVAL; |
| |
| if (!(dmt = dm_task_create(DM_DEVICE_TABLE))) |
| goto out; |
| if (!dm_task_set_name(dmt, name)) |
| goto out; |
| if (!dm_task_run(dmt)) |
| goto out; |
| if (!dm_task_get_info(dmt, &dmi)) |
| goto out; |
| if (!dmi.exists) |
| goto out; |
| |
| next = dm_get_next_target(dmt, next, &start, &length, &target_type, ¶ms); |
| if (!target_type || strcmp(target_type, "crypt") != 0) |
| goto out; |
| |
| (void)strsep(¶ms, " "); /* rcipher */ |
| key = strsep(¶ms, " "); |
| |
| if (buffer_size <= strlen(key)) |
| goto out; |
| |
| strncpy(buffer, key, buffer_size); |
| r = 0; |
| out: |
| if (dmt) |
| dm_task_destroy(dmt); |
| |
| return r; |
| } |
| |
| int prepare_keyfile(const char *name, const char *passphrase, int size) |
| { |
| int fd, r; |
| |
| fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR|S_IWUSR); |
| if (fd != -1) { |
| r = write(fd, passphrase, size); |
| close(fd); |
| } else |
| r = 0; |
| |
| return r == size ? 0 : 1; |
| } |
| |
| // Decode key from its hex representation |
| int crypt_decode_key(char *key, const char *hex, unsigned int size) |
| { |
| char buffer[3]; |
| char *endp; |
| unsigned int i; |
| |
| buffer[2] = '\0'; |
| |
| for (i = 0; i < size; i++) { |
| buffer[0] = *hex++; |
| buffer[1] = *hex++; |
| |
| key[i] = (unsigned char)strtoul(buffer, &endp, 16); |
| |
| if (endp != &buffer[2]) |
| return -1; |
| } |
| |
| if (*hex != '\0') |
| return -1; |
| |
| return 0; |
| } |
| |
| void global_log_callback(int level, const char *msg, void *usrptr) |
| { |
| int len; |
| |
| if (_debug) { |
| if (level == CRYPT_LOG_DEBUG) |
| fprintf(stdout, "# %s\n", msg); |
| else |
| fprintf(stdout, "%s", msg); |
| } |
| |
| if (level == CRYPT_LOG_DEBUG) |
| return; |
| |
| strncat(global_log, msg, sizeof(global_log) - strlen(global_log)); |
| global_lines++; |
| if (level == CRYPT_LOG_ERROR) { |
| len = strlen(msg); |
| if (len > sizeof(last_error)) |
| len = sizeof(last_error); |
| strncpy(last_error, msg, sizeof(last_error)); |
| last_error[len-1] = '\0'; |
| } |
| } |
| |
| void reset_log(void) |
| { |
| memset(global_log, 0, sizeof(global_log)); |
| memset(last_error, 0, sizeof(last_error)); |
| global_lines = 0; |
| } |
| |
| int _system(const char *command, int warn) |
| { |
| int r; |
| if (_debug) |
| printf("Running system: %s\n", command); |
| if ((r=system(command)) < 0 && warn) |
| printf("System command failed: %s", command); |
| return r; |
| } |
| |
| static int t_dm_satisfies_version(unsigned target_maj, unsigned target_min, unsigned target_patch, |
| unsigned actual_maj, unsigned actual_min, unsigned actual_patch) |
| { |
| if (actual_maj > target_maj) |
| return 1; |
| if (actual_maj == target_maj && actual_min > target_min) |
| return 1; |
| if (actual_maj == target_maj && actual_min == target_min && actual_patch >= target_patch) |
| return 1; |
| return 0; |
| } |
| |
| static void t_dm_set_crypt_compat(const char *dm_version, unsigned crypt_maj, |
| unsigned crypt_min, unsigned crypt_patch) |
| { |
| unsigned dm_maj = 0, dm_min = 0, dm_patch = 0; |
| |
| if (sscanf(dm_version, "%u.%u.%u", &dm_maj, &dm_min, &dm_patch) != 3) { |
| dm_maj = 0; |
| dm_min = 0; |
| dm_patch = 0; |
| } |
| |
| if (t_dm_satisfies_version(1, 2, 0, crypt_maj, crypt_min, 0)) |
| t_dm_crypt_flags |= T_DM_KEY_WIPE_SUPPORTED; |
| |
| if (t_dm_satisfies_version(1, 10, 0, crypt_maj, crypt_min, 0)) |
| t_dm_crypt_flags |= T_DM_LMK_SUPPORTED; |
| |
| if (t_dm_satisfies_version(4, 20, 0, dm_maj, dm_min, 0)) |
| t_dm_crypt_flags |= T_DM_SECURE_SUPPORTED; |
| |
| if (t_dm_satisfies_version(1, 8, 0, crypt_maj, crypt_min, 0)) |
| t_dm_crypt_flags |= T_DM_PLAIN64_SUPPORTED; |
| |
| if (t_dm_satisfies_version(1, 11, 0, crypt_maj, crypt_min, 0)) |
| t_dm_crypt_flags |= T_DM_DISCARDS_SUPPORTED; |
| |
| if (t_dm_satisfies_version(1, 13, 0, crypt_maj, crypt_min, 0)) |
| t_dm_crypt_flags |= T_DM_TCW_SUPPORTED; |
| |
| if (t_dm_satisfies_version(1, 14, 0, crypt_maj, crypt_min, 0)) { |
| t_dm_crypt_flags |= T_DM_SAME_CPU_CRYPT_SUPPORTED; |
| t_dm_crypt_flags |= T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED; |
| } |
| |
| if (t_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch)) |
| t_dm_crypt_flags |= T_DM_KERNEL_KEYRING_SUPPORTED; |
| } |
| |
| static void t_dm_set_verity_compat(const char *dm_version, unsigned verity_maj, |
| unsigned verity_min, unsigned verity_patch) |
| { |
| if (verity_maj > 0) |
| t_dm_crypt_flags |= T_DM_VERITY_SUPPORTED; |
| else |
| return; |
| /* |
| * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1) |
| * ignore_zero_blocks since 1.3 (kernel 4.5) |
| * (but some dm-verity targets 1.2 don't support it) |
| * FEC is added in 1.3 as well. |
| */ |
| if (t_dm_satisfies_version(1, 3, 0, verity_maj, verity_min, 0)) { |
| t_dm_crypt_flags |= T_DM_VERITY_ON_CORRUPTION_SUPPORTED; |
| t_dm_crypt_flags |= T_DM_VERITY_FEC_SUPPORTED; |
| } |
| } |
| |
| static void t_dm_set_integrity_compat(const char *dm_version, unsigned integrity_maj, |
| unsigned integrity_min, unsigned integrity_patch) |
| { |
| if (integrity_maj > 0) |
| t_dm_crypt_flags |= T_DM_INTEGRITY_SUPPORTED; |
| } |
| |
| int t_dm_check_versions(void) |
| { |
| struct dm_task *dmt; |
| struct dm_versions *target, *last_target; |
| char dm_version[16]; |
| int r = 1; |
| |
| if (!(dmt = dm_task_create(DM_DEVICE_LIST_VERSIONS))) |
| goto out; |
| |
| if (!dm_task_run(dmt)) |
| goto out; |
| |
| if (!dm_task_get_driver_version(dmt, dm_version, sizeof(dm_version))) |
| goto out; |
| |
| target = dm_task_get_versions(dmt); |
| do { |
| last_target = target; |
| if (!strcmp("crypt", target->name)) { |
| t_dm_set_crypt_compat(dm_version, |
| (unsigned)target->version[0], |
| (unsigned)target->version[1], |
| (unsigned)target->version[2]); |
| } else if (!strcmp("verity", target->name)) { |
| t_dm_set_verity_compat(dm_version, |
| (unsigned)target->version[0], |
| (unsigned)target->version[1], |
| (unsigned)target->version[2]); |
| } else if (!strcmp("integrity", target->name)) { |
| t_dm_set_integrity_compat(dm_version, |
| (unsigned)target->version[0], |
| (unsigned)target->version[1], |
| (unsigned)target->version[2]); |
| } |
| target = (struct dm_versions *)((char *) target + target->next); |
| } while (last_target != target); |
| |
| r = 0; |
| out: |
| if (dmt) |
| dm_task_destroy(dmt); |
| |
| return r; |
| } |
| |
| int t_dm_crypt_keyring_support(void) |
| { |
| return t_dm_crypt_flags & T_DM_KERNEL_KEYRING_SUPPORTED; |
| } |
| |
| /* loop helpers */ |
| |
| #define LOOP_DEV_MAJOR 7 |
| |
| #ifndef LO_FLAGS_AUTOCLEAR |
| #define LO_FLAGS_AUTOCLEAR 4 |
| #endif |
| |
| #ifndef LOOP_CTL_GET_FREE |
| #define LOOP_CTL_GET_FREE 0x4C82 |
| #endif |
| |
| #ifndef LOOP_SET_CAPACITY |
| #define LOOP_SET_CAPACITY 0x4C07 |
| #endif |
| |
| int loop_device(const char *loop) |
| { |
| struct stat st; |
| |
| if (!loop) |
| return 0; |
| |
| if (stat(loop, &st) || !S_ISBLK(st.st_mode) || |
| major(st.st_rdev) != LOOP_DEV_MAJOR) |
| return 0; |
| |
| return 1; |
| } |
| |
| static char *crypt_loop_get_device_old(void) |
| { |
| char dev[20]; |
| int i, loop_fd; |
| struct loop_info64 lo64 = {0}; |
| |
| for (i = 0; i < 256; i++) { |
| sprintf(dev, "/dev/loop%d", i); |
| |
| loop_fd = open(dev, O_RDONLY); |
| if (loop_fd < 0) |
| return NULL; |
| |
| if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) && |
| errno == ENXIO) { |
| close(loop_fd); |
| return strdup(dev); |
| } |
| close(loop_fd); |
| } |
| |
| return NULL; |
| } |
| |
| static char *crypt_loop_get_device(void) |
| { |
| char dev[64]; |
| int i, loop_fd; |
| struct stat st; |
| |
| loop_fd = open("/dev/loop-control", O_RDONLY); |
| if (loop_fd < 0) |
| return crypt_loop_get_device_old(); |
| |
| i = ioctl(loop_fd, LOOP_CTL_GET_FREE); |
| if (i < 0) { |
| close(loop_fd); |
| return NULL; |
| } |
| close(loop_fd); |
| |
| if (sprintf(dev, "/dev/loop%d", i) < 0) |
| return NULL; |
| |
| if (stat(dev, &st) || !S_ISBLK(st.st_mode)) |
| return NULL; |
| |
| return strdup(dev); |
| } |
| |
| int loop_attach(char **loop, const char *file, int offset, |
| int autoclear, int *readonly) |
| { |
| struct loop_info64 lo64 = {0}; |
| char *lo_file_name; |
| int loop_fd = -1, file_fd = -1, r = 1; |
| |
| *loop = NULL; |
| |
| file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL); |
| if (file_fd < 0 && (errno == EROFS || errno == EACCES) && !*readonly) { |
| *readonly = 1; |
| file_fd = open(file, O_RDONLY | O_EXCL); |
| } |
| if (file_fd < 0) |
| goto out; |
| |
| while (loop_fd < 0) { |
| *loop = crypt_loop_get_device(); |
| if (!*loop) |
| goto out; |
| |
| loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR); |
| if (loop_fd < 0) |
| goto out; |
| |
| if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) { |
| if (errno != EBUSY) |
| goto out; |
| free(*loop); |
| *loop = NULL; |
| |
| close(loop_fd); |
| loop_fd = -1; |
| } |
| } |
| |
| lo_file_name = (char*)lo64.lo_file_name; |
| lo_file_name[LO_NAME_SIZE-1] = '\0'; |
| strncpy(lo_file_name, file, LO_NAME_SIZE-1); |
| lo64.lo_offset = offset; |
| if (autoclear) |
| lo64.lo_flags |= LO_FLAGS_AUTOCLEAR; |
| |
| if (ioctl(loop_fd, LOOP_SET_STATUS64, &lo64) < 0) { |
| (void)ioctl(loop_fd, LOOP_CLR_FD, 0); |
| goto out; |
| } |
| |
| /* Verify that autoclear is really set */ |
| if (autoclear) { |
| memset(&lo64, 0, sizeof(lo64)); |
| if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) < 0 || |
| !(lo64.lo_flags & LO_FLAGS_AUTOCLEAR)) { |
| (void)ioctl(loop_fd, LOOP_CLR_FD, 0); |
| goto out; |
| } |
| } |
| |
| r = 0; |
| out: |
| if (r && loop_fd >= 0) |
| close(loop_fd); |
| if (file_fd >= 0) |
| close(file_fd); |
| if (r && *loop) { |
| free(*loop); |
| *loop = NULL; |
| } |
| return r ? -1 : loop_fd; |
| } |
| |
| int loop_detach(const char *loop) |
| { |
| int loop_fd = -1, r = 1; |
| |
| loop_fd = open(loop, O_RDONLY); |
| if (loop_fd < 0) |
| return 1; |
| |
| if (!ioctl(loop_fd, LOOP_CLR_FD, 0)) |
| r = 0; |
| |
| close(loop_fd); |
| return r; |
| } |