#!/bin/bash -x trap 'exit' ERR export tmp=`mktemp /tmp/luksmeta.XXXXXXXXXX` export tmpdata=`mktemp /tmp/luksmeta.XXXXXXXXXX` function onexit() { rm -f $tmp rm -f "${tmpdata}" } trap 'onexit' EXIT truncate -s 4M $tmp echo -n foo | cryptsetup luksFormat --type luks1 $tmp - ! ./luksmeta test -d $tmp ./luksmeta init -f -d $tmp ./luksmeta test -d $tmp ./luksmeta init -f -d $tmp for slot in `seq 0 7`; do test "`./luksmeta show -s $slot -d $tmp`" == "" echo hi | ./luksmeta save -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp test "`./luksmeta show -s $slot -d $tmp`" == "23149359-1b61-4803-b818-774ab730fbec" test "`./luksmeta load -s $slot -d $tmp`" == "hi" test "`./luksmeta load -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp`" == "hi" ! ./luksmeta load -s $slot -u 23149359-1b61-4803-b818-774ab730fbed -d $tmp ! ./luksmeta wipe -f -s $slot -u 23149359-1b61-4803-b818-774ab730fbed -d $tmp ./luksmeta wipe -f -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp ! ./luksmeta load -s $slot -d $tmp echo hi | ./luksmeta save -s $slot -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp ./luksmeta wipe -f -s $slot -d $tmp ! ./luksmeta load -s $slot -d $tmp done # Test nuking ./luksmeta test -d $tmp ./luksmeta init -f -d $tmp ./luksmeta nuke -f -d $tmp ! ./luksmeta test -d $tmp # Test implicit nuking ./luksmeta init -f -d $tmp echo hi | ./luksmeta save -s 0 -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp test "`./luksmeta load -s 0 -d $tmp`" == "hi" ./luksmeta init -n -f -d $tmp ! ./luksmeta load -s 0 -d $tmp # CVE-2025-11568 - test attempt to store extremely large amount of data in a slot. ./luksmeta init -f -d "${tmp}" dd bs=1024k count=1 "${tmpdata}" ! ./luksmeta save -s 1 -u 23149359-1b61-4803-b818-774ab730fbec -d "${tmp}" < "${tmpdata}" # Additional test for CVE-2025-11568 boundary conditions. # Verify overflow protection with multiple existing slots at various offsets. ./luksmeta init -f -d "${tmp}" echo "a" | ./luksmeta save -s 0 -u 11111111-1111-1111-1111-111111111111 -d "${tmp}" echo "b" | ./luksmeta save -s 1 -u 22222222-2222-2222-2222-222222222222 -d "${tmp}" dd bs=1024 count=900 "${tmpdata}" ! ./luksmeta save -s 2 -u 33333333-3333-3333-3333-333333333333 -d "${tmp}" < "${tmpdata}"