Add an integration test for loadable crypto module

The test shows that dm-crypt fails to load cammilia with this error message: [ 8.853839] device-mapper: table: 254:0: crypt: Error allocating crypto tfm (-ENOENT) [ 8.854683] device-mapper: ioctl: error adding target to table [ 8.871073] booster: dm ioctl (cmd=0xc138fd09): no such file or directory Issue #188
anatol · Sep 28, 2022 · 7110988 · 7110988
1 parent 132c4ec
commit 7110988
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 15 deletions.
diff --git a/tests/assets.go b/tests/assets.go
@@ -22,20 +22,22 @@ var assetGenerators = map[string]assetGenerator{
 	"luks2.clevis.tang.img":    {"luks.sh", []string{"LUKS_VERSION=2", "LUKS_PASSWORD=1234", "LUKS_UUID=f2473f71-9a68-4b16-ae54-8f942b2daf50", "FS_UUID=7acb3a9e-9b50-4aa2-9965-e41ae8467d8a", "CLEVIS_PIN=tang", `CLEVIS_CONFIG={"url":"http://10.0.2.100:5697", "adv":"assets/tang/key.pub"}`}},
 	"luks2.clevis.yubikey.img": {"luks.sh", []string{"LUKS_VERSION=2", "LUKS_PASSWORD=1234", "LUKS_UUID=f2473f71-9a61-4b16-ae54-8f942b2daf52", "FS_UUID=7acb3a9e-9b50-4aa2-9965-e41ae8467d8a", "CLEVIS_PIN=yubikey", `CLEVIS_CONFIG={"slot":2}`}},
 	"luks2.clevis.remote.img":  {"luks.sh", []string{"LUKS_VERSION=2", "LUKS_PASSWORD=1234", "LUKS_UUID=f2473f71-9a61-4b16-ae54-8f942b2daf22", "FS_UUID=7acb3a9e-9b51-4aa2-9965-e41ae8467d8a", "CLEVIS_PIN=remote", `CLEVIS_CONFIG={"adv":"assets/remote/key.pub", "port":34551}`}},
-	"gpt.img":                  {"gpt.sh", []string{"FS_UUID=e5404205-ac6a-4e94-bb3b-14433d0af7d1", "FS_LABEL=newpart"}},
-	"gpt_4ksector.img":         {"gpt_4ksector.sh", nil},
-	"lvm.img":                  {"lvm.sh", []string{"FS_UUID=74c9e30c-506f-4106-9f61-a608466ef29c", "FS_LABEL=lvmr00t"}},
-	"mdraid_raid1.img":         {"mdraid_raid1.sh", []string{"FS_UUID=98b1a905-3c72-42f0-957a-6c23b303b1fd", "FS_LABEL=boosmdraid"}},
-	"mdraid_raid5.img":         {"mdraid_raid5.sh", []string{"FS_UUID=e62c7dc0-5728-4571-b475-7745de2eef1e", "FS_LABEL=boosmdraid"}},
-	"archlinux.ext4.raw":       {"archlinux_ext4.sh", nil},
-	"archlinux.btrfs.raw":      {"archlinux_btrfs.sh", []string{"LUKS_PASSWORD=hello"}},
-	"voidlinux.img":            {"voidlinux.sh", nil},
-	"alpinelinux.img":          {"alpinelinux.sh", nil},
-	"systemd-fido2.img":        {"systemd_fido2.sh", []string{"LUKS_UUID=b12cbfef-da87-429f-ac96-7dda7232c189", "FS_UUID=bb351f0d-07f2-4fe4-bc53-d6ae39fa1c23", "LUKS_PASSWORD=567", "FIDO2_PIN=1111"}}, // use yubikey-manager-qt (or fido2-token -C) to setup FIDO2 pin value to 1111
-	"systemd-tpm2.img":         {"systemd_tpm2.sh", []string{"LUKS_UUID=5cbc48ce-0e78-4c6b-ac90-a8a540514b90", "FS_UUID=d8673e36-d4a3-4408-a87d-be0cb79f91a2", "LUKS_PASSWORD=567"}},
-	"systemd-recovery.img":     {"systemd_recovery.sh", []string{"LUKS_UUID=62020168-58b9-4095-a3d0-176403353d20", "FS_UUID=b0cfeb48-c1e2-459d-a327-4d611804ac24", "LUKS_PASSWORD=2211"}},
-	"swap.raw":                 {"swap.sh", nil},
-	"zfs.img":                  {"zfs.sh", nil},
+	// camellia is a loadable module at Arch and it is a good candidate to verify loading it works correctly
+	"luks2.external.module.img": {"luks.sh", []string{"LUKS_VERSION=2", "LUKS_PASSWORD=1234", "LUKS_UUID=ad575500-a9e3-4692-b1b2-eed95a6e8ce2", "FS_UUID=0118f2b1-3c4f-4eff-9663-b58447ad797c", `LUKS_PARAMS=-c camellia-xts-plain64 -s 512 -h sha512 -i 8000 --pbkdf argon2id --pbkdf-memory 4100000`}},
+	"gpt.img":                   {"gpt.sh", []string{"FS_UUID=e5404205-ac6a-4e94-bb3b-14433d0af7d1", "FS_LABEL=newpart"}},
+	"gpt_4ksector.img":          {"gpt_4ksector.sh", nil},
+	"lvm.img":                   {"lvm.sh", []string{"FS_UUID=74c9e30c-506f-4106-9f61-a608466ef29c", "FS_LABEL=lvmr00t"}},
+	"mdraid_raid1.img":          {"mdraid_raid1.sh", []string{"FS_UUID=98b1a905-3c72-42f0-957a-6c23b303b1fd", "FS_LABEL=boosmdraid"}},
+	"mdraid_raid5.img":          {"mdraid_raid5.sh", []string{"FS_UUID=e62c7dc0-5728-4571-b475-7745de2eef1e", "FS_LABEL=boosmdraid"}},
+	"archlinux.ext4.raw":        {"archlinux_ext4.sh", nil},
+	"archlinux.btrfs.raw":       {"archlinux_btrfs.sh", []string{"LUKS_PASSWORD=hello"}},
+	"voidlinux.img":             {"voidlinux.sh", nil},
+	"alpinelinux.img":           {"alpinelinux.sh", nil},
+	"systemd-fido2.img":         {"systemd_fido2.sh", []string{"LUKS_UUID=b12cbfef-da87-429f-ac96-7dda7232c189", "FS_UUID=bb351f0d-07f2-4fe4-bc53-d6ae39fa1c23", "LUKS_PASSWORD=567", "FIDO2_PIN=1111"}}, // use yubikey-manager-qt (or fido2-token -C) to setup FIDO2 pin value to 1111
+	"systemd-tpm2.img":          {"systemd_tpm2.sh", []string{"LUKS_UUID=5cbc48ce-0e78-4c6b-ac90-a8a540514b90", "FS_UUID=d8673e36-d4a3-4408-a87d-be0cb79f91a2", "LUKS_PASSWORD=567"}},
+	"systemd-recovery.img":      {"systemd_recovery.sh", []string{"LUKS_UUID=62020168-58b9-4095-a3d0-176403353d20", "FS_UUID=b0cfeb48-c1e2-459d-a327-4d611804ac24", "LUKS_PASSWORD=2211"}},
+	"swap.raw":                  {"swap.sh", nil},
+	"zfs.img":                   {"zfs.sh", nil},
 
 	// non-images
 	"tpm2/tpm2-00.permall.pristine": {"swtpm.sh", nil},

diff --git a/tests/generators/luks.sh b/tests/generators/luks.sh
@@ -32,7 +32,7 @@ fi
 
 truncate --size 40M "${OUTPUT}"
 lodev=$(sudo losetup -f -P --show "${OUTPUT}")
-sudo cryptsetup luksFormat --uuid "${LUKS_UUID}" --type "${LUKS_TYPE}" "${lodev}" <<< "${LUKS_PASSWORD}"
+sudo cryptsetup luksFormat --uuid "${LUKS_UUID}" --type "${LUKS_TYPE}" ${LUKS_PARAMS} "${lodev}" <<< "${LUKS_PASSWORD}"
 
 if [ "${CLEVIS_PIN}" != "" ]; then
   # custom TPM2TOOLS_TCTI does not work due to https://github.com/latchset/clevis/issues/244

diff --git a/tests/luks_test.go b/tests/luks_test.go
@@ -70,3 +70,18 @@ func TestLUKS2WithQuotesOverUUID(t *testing.T) {
 	require.NoError(t, vm.ConsoleWrite("1234\n"))
 	require.NoError(t, vm.ConsoleExpect("Hello, booster!"))
 }
+
+// test that loadable crypto modules work https://github.com/anatol/booster/issues/188
+func TestLoadableCryptoModule(t *testing.T) {
+	vm, err := buildVmInstance(t, Opts{
+		disk:             "assets/luks2.external.module.img",
+		modulesForceLoad: "camellia_generic,camellia_aesni_avx2,camellia_aesni_avx_x86_64,camellia_x86_64,crypto_simd,cryptd,dm_crypt,dm_mod",
+		kernelArgs:       []string{"rd.luks.name=ad575500-a9e3-4692-b1b2-eed95a6e8ce2=cryptroot", "root=/dev/mapper/cryptroot"},
+	})
+	require.NoError(t, err)
+	defer vm.Shutdown()
+
+	require.NoError(t, vm.ConsoleExpect("Enter passphrase for cryptroot:"))
+	require.NoError(t, vm.ConsoleWrite("1234\n"))
+	require.NoError(t, vm.ConsoleExpect("Hello, booster!"))
+}