#!/bin/bash

#

# Test mode compatibility, check input + kernel and cryptsetup cipher status

#

[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."

CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup

DEV_NAME=dmc_test

HEADER_IMG=mode-test.img

PASSWORD=3xrododenron

PASSWORD1=$PASSWORD

# cipher-chainmode-ivopts:ivmode

CIPHERS="aes twofish serpent"

MODES="cbc lrw xts"

IVMODES="null benbi plain plain64 essiv:sha256"

LOOPDEV=$(losetup -f 2>/dev/null)

dmremove() { # device

	udevadm settle >/dev/null 2>&1

	dmsetup remove --retry $1 >/dev/null 2>&1

}

cleanup() {

	for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do

		dmremove $dev

		sleep 2

	done

	[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME

	losetup -d $LOOPDEV >/dev/null 2>&1

	rm -f $HEADER_IMG >/dev/null 2>&1

}

fail()

{

	[ -n "$1" ] && echo "$1"

	echo "FAILED backtrace:"

	while caller $frame; do ((frame++)); done

	cleanup

	exit 100

}

skip()

{

	[ -n "$1" ] && echo "$1"

	exit 77

}

add_device() {

	cleanup

	dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1

	sync

	losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1

	dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1

}

dmcrypt_check() # device outstring

{

	X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 4)

	if [ "$X" = $2 ] ; then

		echo -n "[table OK]"

	else

		echo "[table FAIL]"

		echo " Expecting $2 got $X."

		fail

	fi

	X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//)

	if [ $X = $2 ] ; then

		echo -n "[status OK]"

	else

		echo "[status FAIL]"

		echo " Expecting $2 got \"$X\"."

		fail

	fi

	dmremove $1

}

dmcrypt_check_sum() # cipher device

{

	EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"

	# Fill device with zeroes and reopen it

	dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1

	sync

	dmremove $2

	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1

	ret=$?

	VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)

	if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then

		echo -n "[OK]"

	else

		echo "[FAIL]"

		echo " Expecting $EXPSUM got $VSUM."

		fail

	fi

	dmremove $2

}

dmcrypt()

{

	OUT=$2

	[ -z "$OUT" ] && OUT=$1

	printf "%-31s" "$1"

	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1

	if [ $? -eq 0 ] ; then

		echo -n -e "PLAIN:"

		dmcrypt_check "$DEV_NAME"_tstdev $OUT

	else

		echo -n "[n/a]"

	fi

	echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1

	if [ $? -eq 0 ] ; then

		echo -n -e " LUKS1:"

		echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail

		dmcrypt_check "$DEV_NAME"_tstdev $OUT

	fi

	echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 -i 1 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1

	if [ $? -eq 0 ] ; then

		echo -n -e " LUKS2:"

		echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail

		dmcrypt_check "$DEV_NAME"_tstdev $OUT

	fi

	# repeated device creation must return the same checksum

	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1

	if [ $? -eq 0 ] ; then

		echo -n -e " CHECKSUM:"

		dmcrypt_check_sum "$1" "$DEV_NAME"_tstdev

	fi

	echo

}

[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."

[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."

add_device

# compatibility modes

dmcrypt aes aes-cbc-plain

dmcrypt aes-plain aes-cbc-plain

# empty cipher

PASSWORD=""

dmcrypt null cipher_null-ecb

dmcrypt cipher_null cipher_null-ecb

dmcrypt cipher_null-ecb

PASSWORD=$PASSWORD1

# codebook doesn't support IV at all

for cipher in $CIPHERS ; do

	dmcrypt "$cipher-ecb"

done

for cipher in $CIPHERS ; do

	for mode in $MODES ; do

		for ivmode in $IVMODES ; do

			dmcrypt "$cipher-$mode-$ivmode"

		done

	done

done

dmcrypt xchacha12,aes-adiantum-plain64

dmcrypt xchacha20,aes-adiantum-plain64

cleanup