File: test-luksmeta

package info (click to toggle)
luksmeta 10-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 272 kB
  • sloc: ansic: 1,497; sh: 141; makefile: 88
file content (74 lines) | stat: -rwxr-xr-x 2,501 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
#!/bin/bash -x

trap 'exit' ERR

export tmp=`mktemp /tmp/luksmeta.XXXXXXXXXX`
export tmpdata=`mktemp /tmp/luksmeta.XXXXXXXXXX`


function onexit() {
    rm -f $tmp
    rm -f "${tmpdata}"
}

trap 'onexit' EXIT

truncate -s 4M $tmp
PRE="$(md5sum $tmp)"
echo -n foo | /usr/sbin/cryptsetup luksFormat --type luks1 $tmp - || true
PST="$(md5sum $tmp)"
if [ "$PRE" = "$PST" ] ; then
    echo 'cryptsetup failed, assuming AF_ALG,SOCK_SEQPACKET failure'
    exit 77
fi

! ./luksmeta test -d $tmp

./luksmeta init -f -d $tmp
./luksmeta test -d $tmp
./luksmeta init -f -d $tmp

for slot in `seq 0 7`; do
    test "`./luksmeta show -s $slot -d $tmp`" == ""

    echo hi | ./luksmeta save -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp
    test "`./luksmeta show -s $slot -d $tmp`" == "23149359-1b61-4803-b818-774ab730fbec"

    test "`./luksmeta load -s $slot -d $tmp`" == "hi"
    test "`./luksmeta load -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp`" == "hi"
    ! ./luksmeta load -s $slot -u 23149359-1b61-4803-b818-774ab730fbed -d $tmp

    ! ./luksmeta wipe -f -s $slot -u 23149359-1b61-4803-b818-774ab730fbed -d $tmp
    ./luksmeta wipe -f -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp
    ! ./luksmeta load -s $slot -d $tmp

    echo hi | ./luksmeta save -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp
    ./luksmeta wipe -f -s $slot -d $tmp
    ! ./luksmeta load -s $slot -d $tmp
done

# Test nuking
./luksmeta test -d $tmp
./luksmeta init -f -d $tmp
./luksmeta nuke -f -d $tmp
! ./luksmeta test -d $tmp

# Test implicit nuking
./luksmeta init -f -d $tmp
echo hi | ./luksmeta save -s 0 -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp
test "`./luksmeta load -s 0 -d $tmp`" == "hi"
./luksmeta init -n -f -d $tmp
! ./luksmeta load -s 0 -d $tmp

# CVE-2025-11568 - test attempt to store extremely large amount of data in a slot.
./luksmeta init -f -d "${tmp}"
dd bs=1024k count=1 </dev/zero >"${tmpdata}"
! ./luksmeta save -s 1 -u 23149359-1b61-4803-b818-774ab730fbec -d "${tmp}" < "${tmpdata}"

# Additional test for CVE-2025-11568 boundary conditions.
# Verify overflow protection with multiple existing slots at various offsets.
./luksmeta init -f -d "${tmp}"
echo "a" | ./luksmeta save -s 0 -u 11111111-1111-1111-1111-111111111111 -d "${tmp}"
echo "b" | ./luksmeta save -s 1 -u 22222222-2222-2222-2222-222222222222 -d "${tmp}"
dd bs=1024 count=900 </dev/zero >"${tmpdata}"
! ./luksmeta save -s 2 -u 33333333-3333-3333-3333-333333333333 -d "${tmp}" < "${tmpdata}"