| #!/bin/bash |
| # |
| # Test mode compatibility, check input + kernel and cryptsetup cipher status |
| # |
| CRYPTSETUP=../src/cryptsetup |
| DEV_NAME=dmc_test |
| HEADER_IMG=mode-test.img |
| PASSWORD=3xrododenron |
| PASSWORD1=$PASSWORD |
| |
| # cipher-chainmode-ivopts:ivmode |
| CIPHERS="aes twofish serpent" |
| MODES="cbc lrw xts" |
| IVMODES="null benbi plain plain64 essiv:sha256" |
| |
| LOOPDEV=$(losetup -f 2>/dev/null) |
| |
| dmremove() { # device |
| udevadm settle >/dev/null 2>&1 |
| dmsetup remove $1 >/dev/null 2>&1 |
| } |
| |
| cleanup() { |
| for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do |
| dmremove $dev |
| done |
| sleep 2 |
| [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME |
| losetup -d $LOOPDEV >/dev/null 2>&1 |
| rm -f $HEADER_IMG >/dev/null 2>&1 |
| } |
| |
| fail() |
| { |
| [ -n "$1" ] && echo "$1" |
| cleanup |
| exit 100 |
| } |
| |
| skip() |
| { |
| [ -n "$1" ] && echo "$1" |
| exit 0 |
| } |
| |
| add_device() { |
| dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1 |
| sync |
| losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1 |
| dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1 |
| } |
| |
| dmcrypt_check() # device outstring |
| { |
| X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 4) |
| if [ "$X" = $2 ] ; then |
| echo -n "[table OK]" |
| else |
| echo "[table FAIL]" |
| echo " Expecting $2 got $X." |
| fail |
| fi |
| |
| X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//) |
| if [ $X = $2 ] ; then |
| echo -n "[status OK]" |
| else |
| echo "[status FAIL]" |
| echo " Expecting $2 got \"$X\"." |
| fail |
| fi |
| |
| dmremove $1 |
| } |
| |
| dmcrypt_check_sum() # cipher device outstring |
| { |
| EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29" |
| # Fill device with zeroes and reopen it |
| dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1 |
| sync |
| dmremove $2 |
| |
| echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1 |
| ret=$? |
| VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1) |
| if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then |
| echo -n "[OK]" |
| else |
| echo "[FAIL]" |
| echo " Expecting $EXPSUM got $VSUM." |
| fail |
| fi |
| |
| dmremove $2 |
| } |
| |
| dmcrypt() |
| { |
| OUT=$2 |
| [ -z "$OUT" ] && OUT=$1 |
| printf "%-25s" "$1" |
| |
| echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1 |
| if [ $? -eq 0 ] ; then |
| echo -n -e "PLAIN:" |
| dmcrypt_check "$DEV_NAME"_"$1" $OUT |
| else |
| echo -n "[n/a]" |
| fi |
| |
| echo $PASSWORD | $CRYPTSETUP luksFormat -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1 |
| if [ $? -eq 0 ] ; then |
| echo -n -e " LUKS:" |
| echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_"$1" >/dev/null 2>&1 |
| dmcrypt_check "$DEV_NAME"_"$1" $OUT |
| fi |
| |
| # repeated device creation must return the same checksum |
| echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1 |
| if [ $? -eq 0 ] ; then |
| echo -n -e " CHECKSUM:" |
| dmcrypt_check_sum "$1" "$DEV_NAME"_"$1" |
| fi |
| echo |
| } |
| |
| [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." |
| [ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped." |
| |
| add_device |
| |
| # compatibility modes |
| dmcrypt aes aes-cbc-plain |
| dmcrypt aes-plain aes-cbc-plain |
| |
| # empty cipher |
| PASSWORD="" |
| dmcrypt null cipher_null-ecb |
| dmcrypt cipher_null cipher_null-cbc-plain |
| dmcrypt cipher_null-ecb |
| |
| PASSWORD=$PASSWORD1 |
| # codebook doesn't support IV at all |
| for cipher in $CIPHERS ; do |
| dmcrypt "$cipher-ecb" |
| done |
| |
| for cipher in $CIPHERS ; do |
| for mode in $MODES ; do |
| for ivmode in $IVMODES ; do |
| dmcrypt "$cipher-$mode-$ivmode" |
| done |
| done |
| done |
| |
| cleanup |