tests/luks1-compat-test - manifest_repos/cryptsetup - Git at Google

 #!/bin/bash

 # check luks1 images parsing

 # NOTE: if image with whirlpool hash fails, check
 # that you are not using old gcrypt with flawed whirlpool
 # (see cryptsetup debug output)

 CRYPTSETUP=../src/cryptsetup
 TST_DIR=luks1-images
 MAP=luks1tst
 KEYFILE=keyfile1

 function remove_mapping()
 {
 	[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
 }

 function fail()
 {
 	[ -n "$1" ] && echo "$1"
 	echo " [FAILED]"
 	remove_mapping
 	exit 2
 }

 function skip()
 {
 	[ -n "$1" ] && echo "$1"
 	echo "Test skipped."
 	exit 0
 }

 function test_one()
 {
 	$CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
 }

 function test_required()
 {
 	which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."

 	echo "REQUIRED KDF TEST"
 	$CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip

 	echo "REQUIRED CIPHERS TEST"
 	echo "#  Algorithm | Key |  Encryption |  Decryption"

 	test_one aes-xts 256
 	test_one twofish-xts 256
 	test_one serpent-xts 256
 	test_one aes-cbc 256
 	test_one aes-lrw 256
 }

 export LANG=C

 if [ $(id -u) != 0 ]; then
 	echo "WARNING: You must be root to run activation part of test, test skipped."
 	exit 0
 fi

 test_required
 [ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2 --no-same-owner

 echo "ACTIVATION FS UUID CHECK"
 for file in $(ls $TST_DIR/luks1_*) ; do
 	echo -n " $file"
 	$CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null
 	ret=$?
 	# ignore missing whirlpool (pwd failed is exit code 2)
 	[ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
 	# ignore flawed whirlpool (pwd failed is exit code 2)
 	[ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
 		($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
 		echo " [IGNORED (flawed Whirlpool library)]" && continue
 	[ $ret -ne 0 ] && fail
 	$CRYPTSETUP status $MAP >/dev/null || fail
 	$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
 	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
 	$CRYPTSETUP remove $MAP || fail
 	[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
 	echo " [OK]"
 done
	#!/bin/bash

	# check luks1 images parsing

	# NOTE: if image with whirlpool hash fails, check
	# that you are not using old gcrypt with flawed whirlpool
	# (see cryptsetup debug output)

	CRYPTSETUP=../src/cryptsetup
	TST_DIR=luks1-images
	MAP=luks1tst
	KEYFILE=keyfile1

	function remove_mapping()
	{
	[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
	}

	function fail()
	{
	[ -n "$1" ] && echo "$1"
	echo " [FAILED]"
	remove_mapping
	exit 2
	}

	function skip()
	{
	[ -n "$1" ] && echo "$1"
	echo "Test skipped."
	exit 0
	}

	function test_one()
	{
	$CRYPTSETUP benchmark -c "$1" -s "$2" \| grep -v "#" \|\| skip
	}

	function test_required()
	{
	which lsblk >/dev/null 2>&1 \|\| skip "WARNING: lsblk tool required."

	echo "REQUIRED KDF TEST"
	$CRYPTSETUP benchmark -h whirlpool \| grep "N/A" && skip

	echo "REQUIRED CIPHERS TEST"
	echo "# Algorithm \| Key \| Encryption \| Decryption"

	test_one aes-xts 256
	test_one twofish-xts 256
	test_one serpent-xts 256
	test_one aes-cbc 256
	test_one aes-lrw 256
	}

	export LANG=C

	if [ $(id -u) != 0 ]; then
	echo "WARNING: You must be root to run activation part of test, test skipped."
	exit 0
	fi

	test_required
	[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2 --no-same-owner

	echo "ACTIVATION FS UUID CHECK"
	for file in $(ls $TST_DIR/luks1_*) ; do
	echo -n " $file"
	$CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null
	ret=$?
	# ignore missing whirlpool (pwd failed is exit code 2)
	[ $ret -eq 1 ] && (echo $file \| grep -q -e "whirlpool") && echo " [N/A]" && continue
	# ignore flawed whirlpool (pwd failed is exit code 2)
	[ $ret -eq 2 ] && (echo $file \| grep -q -e "whirlpool") && \
	($CRYPTSETUP luksDump $file --debug \| grep -q -e "flawed whirlpool") && \
	echo " [IGNORED (flawed Whirlpool library)]" && continue
	[ $ret -ne 0 ] && fail
	$CRYPTSETUP status $MAP >/dev/null \|\| fail
	$CRYPTSETUP status /dev/mapper/$MAP >/dev/null \|\| fail
	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
	$CRYPTSETUP remove $MAP \|\| fail
	[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
	echo " [OK]"
	done