test: Fix tests on RHEL7 clones (no keyring in dm-crypt).

mbroz · Mar 7, 2024 · 9906bc4 · 9906bc4
1 parent dc669a1
commit 9906bc4
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 19 deletions.
diff --git a/tests/api-test-2.c b/tests/api-test-2.c
@@ -5304,6 +5304,11 @@ static void KeyslotContextAndKeyringLink(void)
 		pbkdf.iterations = 1000;
 	}
 
+	if (!t_dm_crypt_keyring_support()) {
+		printf("WARNING: dm-crypt does not support keyring, skipping test.\n");
+		return;
+	}
+
 	OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
 	OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
 

diff --git a/tests/compat-test2 b/tests/compat-test2
@@ -173,6 +173,20 @@ function valgrind_run()
 	INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
 }
 
+function dm_crypt_capi_support()
+{
+	VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
+	[ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
+
+	VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
+	VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+
+	if [ $VER_MIN -ge 16 ]; then
+		return 0
+	fi
+	return 1
+}
+
 function dm_crypt_keyring_support()
 {
 	$CRYPTSETUP --version | grep -q KEYRING || return 1
@@ -1454,17 +1468,19 @@ if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then
 	$CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail
 fi
 
-prepare "[44] LUKS2 invalid cipher (kernel cipher driver name)" wipe
-xz -dk $HEADER_LUKS2_INV.xz
-dd if=$HEADER_LUKS2_INV of=$IMG conv=notrunc >/dev/null 2>&1
-$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "capi:xts(ecb(aes-generic))-plain64" || fail
-echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail
-echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME 2>&1 | grep -q "No known cipher specification pattern" || fail
-echo $PWD1 | $CRYPTSETUP reencrypt $LOOPDEV >/dev/null 2>&1 && fail
-dmsetup create $DEV_NAME --uuid CRYPT-LUKS2-3d20686f551748cb89911ad32379821b-test --table \
-  "0 8 crypt capi:xts(ecb(aes-generic))-plain64 edaa40709797973715e572bf7d86fcbb9cfe2051083c33c28d58fe4e1e7ff642 0 $LOOPDEV 32768"
-$CRYPTSETUP status $DEV_NAME | grep -q "n/a" || fail
-$CRYPTSETUP close $DEV_NAME ||fail
+if dm_crypt_capi_support; then
+	prepare "[44] LUKS2 invalid cipher (kernel cipher driver name)" wipe
+	xz -dk $HEADER_LUKS2_INV.xz
+	dd if=$HEADER_LUKS2_INV of=$IMG conv=notrunc >/dev/null 2>&1
+	$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "capi:xts(ecb(aes-generic))-plain64" || fail
+	echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail
+	echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME 2>&1 | grep -q "No known cipher specification pattern" || fail
+	echo $PWD1 | $CRYPTSETUP reencrypt $LOOPDEV >/dev/null 2>&1 && fail
+	dmsetup create $DEV_NAME --uuid CRYPT-LUKS2-3d20686f551748cb89911ad32379821b-test --table \
+         "0 8 crypt capi:xts(ecb(aes-generic))-plain64 edaa40709797973715e572bf7d86fcbb9cfe2051083c33c28d58fe4e1e7ff642 0 $LOOPDEV 32768"
+	$CRYPTSETUP status $DEV_NAME | grep -q "n/a" || fail
+	$CRYPTSETUP close $DEV_NAME ||fail
+fi
 
 if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then
 	prepare "[45] Link VK to a keyring and use custom VK type." wipe

diff --git a/tests/mode-test b/tests/mode-test
@@ -52,6 +52,22 @@ skip()
 	exit 77
 }
 
+function dm_crypt_capi_support()
+{
+	VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
+	[ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
+
+	VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
+	VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+	VER_PTC=$(echo $VER_STR | cut -f 3 -d.)
+
+	if [ $VER_MIN -ge 16 ]; then
+		return 0
+	fi
+
+	return 1
+}
+
 function valgrind_setup()
 {
 	command -v valgrind >/dev/null || fail "Cannot find valgrind."
@@ -132,7 +148,7 @@ dmcrypt()
 		echo -n -e "PLAIN:"
 		dmcrypt_check "$DEV_NAME"_tstdev $OUT
 	else
-		echo -n "[n/a]"
+		echo -n "[N/A]"
 	fi
 
 	echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF2 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
@@ -193,12 +209,17 @@ dmcrypt xchacha12,aes-adiantum-plain64
 dmcrypt xchacha20,aes-adiantum-plain64
 
 echo -n "CAPI format:"
-echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail
-$CRYPTSETUP close "$DEV_NAME"_tstdev || fail
-echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail
-dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail
-$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail
-$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail
-echo [OK]
+if dm_crypt_capi_support ; then
+	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME --debug || fail
+	$CRYPTSETUP close "$DEV_NAME"_tstdev || fail
+	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail
+	dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail
+	$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail
+	$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail
+	echo [OK]
+else
+	echo [N/A]
+fi
 
 cleanup
+exit 0