|
Packit |
94f725 |
#!/bin/bash
|
|
Packit |
94f725 |
#
|
|
Packit |
94f725 |
# Test mode compatibility, check input + kernel and cryptsetup cipher status
|
|
Packit |
94f725 |
#
|
|
Packit |
94f725 |
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
|
|
Packit |
94f725 |
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
|
|
Packit |
94f725 |
DEV_NAME=dmc_test
|
|
Packit |
94f725 |
HEADER_IMG=mode-test.img
|
|
Packit |
94f725 |
PASSWORD=3xrododenron
|
|
Packit |
94f725 |
PASSWORD1=$PASSWORD
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
# cipher-chainmode-ivopts:ivmode
|
|
Packit |
94f725 |
CIPHERS="aes twofish serpent"
|
|
Packit |
94f725 |
MODES="cbc lrw xts"
|
|
Packit |
94f725 |
IVMODES="null benbi plain plain64 essiv:sha256"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
LOOPDEV=$(losetup -f 2>/dev/null)
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
dmremove() { # device
|
|
Packit |
94f725 |
udevadm settle >/dev/null 2>&1
|
|
Packit |
94f725 |
dmsetup remove --retry $1 >/dev/null 2>&1
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
cleanup() {
|
|
Packit |
94f725 |
for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
|
|
Packit |
94f725 |
dmremove $dev
|
|
Packit |
94f725 |
sleep 2
|
|
Packit |
94f725 |
done
|
|
Packit |
94f725 |
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
|
|
Packit |
94f725 |
losetup -d $LOOPDEV >/dev/null 2>&1
|
|
Packit |
94f725 |
rm -f $HEADER_IMG >/dev/null 2>&1
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
fail()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
[ -n "$1" ] && echo "$1"
|
|
Packit |
94f725 |
echo "FAILED backtrace:"
|
|
Packit |
94f725 |
while caller $frame; do ((frame++)); done
|
|
Packit |
94f725 |
cleanup
|
|
Packit |
94f725 |
exit 100
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
skip()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
[ -n "$1" ] && echo "$1"
|
|
Packit |
94f725 |
exit 77
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
add_device() {
|
|
Packit |
94f725 |
cleanup
|
|
Packit |
94f725 |
dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
|
|
Packit |
94f725 |
sync
|
|
Packit |
94f725 |
losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
|
|
Packit |
94f725 |
dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
dmcrypt_check() # device outstring
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 4)
|
|
Packit |
94f725 |
if [ "$X" = $2 ] ; then
|
|
Packit |
94f725 |
echo -n "[table OK]"
|
|
Packit |
94f725 |
else
|
|
Packit |
94f725 |
echo "[table FAIL]"
|
|
Packit |
94f725 |
echo " Expecting $2 got $X."
|
|
Packit |
94f725 |
fail
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//)
|
|
Packit |
94f725 |
if [ $X = $2 ] ; then
|
|
Packit |
94f725 |
echo -n "[status OK]"
|
|
Packit |
94f725 |
else
|
|
Packit |
94f725 |
echo "[status FAIL]"
|
|
Packit |
94f725 |
echo " Expecting $2 got \"$X\"."
|
|
Packit |
94f725 |
fail
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
dmremove $1
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
dmcrypt_check_sum() # cipher device
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
|
|
Packit |
94f725 |
# Fill device with zeroes and reopen it
|
|
Packit |
94f725 |
dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
|
|
Packit |
94f725 |
sync
|
|
Packit |
94f725 |
dmremove $2
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
Packit |
94f725 |
ret=$?
|
|
Packit |
94f725 |
VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
|
|
Packit |
94f725 |
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
|
|
Packit |
94f725 |
echo -n "[OK]"
|
|
Packit |
94f725 |
else
|
|
Packit |
94f725 |
echo "[FAIL]"
|
|
Packit |
94f725 |
echo " Expecting $EXPSUM got $VSUM."
|
|
Packit |
94f725 |
fail
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
dmremove $2
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
dmcrypt()
|
|
Packit |
94f725 |
{
|
|
Packit |
94f725 |
OUT=$2
|
|
Packit |
94f725 |
[ -z "$OUT" ] && OUT=$1
|
|
Packit |
94f725 |
printf "%-31s" "$1"
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
Packit |
94f725 |
if [ $? -eq 0 ] ; then
|
|
Packit |
94f725 |
echo -n -e "PLAIN:"
|
|
Packit |
94f725 |
dmcrypt_check "$DEV_NAME"_tstdev $OUT
|
|
Packit |
94f725 |
else
|
|
Packit |
94f725 |
echo -n "[n/a]"
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
Packit |
94f725 |
if [ $? -eq 0 ] ; then
|
|
Packit |
94f725 |
echo -n -e " LUKS1:"
|
|
Packit |
94f725 |
echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
|
|
Packit |
94f725 |
dmcrypt_check "$DEV_NAME"_tstdev $OUT
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 -i 1 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
Packit |
94f725 |
if [ $? -eq 0 ] ; then
|
|
Packit |
94f725 |
echo -n -e " LUKS2:"
|
|
Packit |
94f725 |
echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
|
|
Packit |
94f725 |
dmcrypt_check "$DEV_NAME"_tstdev $OUT
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
# repeated device creation must return the same checksum
|
|
Packit |
94f725 |
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
Packit |
94f725 |
if [ $? -eq 0 ] ; then
|
|
Packit |
94f725 |
echo -n -e " CHECKSUM:"
|
|
Packit |
94f725 |
dmcrypt_check_sum "$1" "$DEV_NAME"_tstdev
|
|
Packit |
94f725 |
fi
|
|
Packit |
94f725 |
echo
|
|
Packit |
94f725 |
}
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
|
|
Packit |
94f725 |
[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
add_device
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
# compatibility modes
|
|
Packit |
94f725 |
dmcrypt aes aes-cbc-plain
|
|
Packit |
94f725 |
dmcrypt aes-plain aes-cbc-plain
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
# empty cipher
|
|
Packit |
94f725 |
PASSWORD=""
|
|
Packit |
94f725 |
dmcrypt null cipher_null-ecb
|
|
Packit |
94f725 |
dmcrypt cipher_null cipher_null-ecb
|
|
Packit |
94f725 |
dmcrypt cipher_null-ecb
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
PASSWORD=$PASSWORD1
|
|
Packit |
94f725 |
# codebook doesn't support IV at all
|
|
Packit |
94f725 |
for cipher in $CIPHERS ; do
|
|
Packit |
94f725 |
dmcrypt "$cipher-ecb"
|
|
Packit |
94f725 |
done
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
for cipher in $CIPHERS ; do
|
|
Packit |
94f725 |
for mode in $MODES ; do
|
|
Packit |
94f725 |
for ivmode in $IVMODES ; do
|
|
Packit |
94f725 |
dmcrypt "$cipher-$mode-$ivmode"
|
|
Packit |
94f725 |
done
|
|
Packit |
94f725 |
done
|
|
Packit |
94f725 |
done
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
dmcrypt xchacha12,aes-adiantum-plain64
|
|
Packit |
94f725 |
dmcrypt xchacha20,aes-adiantum-plain64
|
|
Packit |
94f725 |
|
|
Packit |
94f725 |
cleanup
|