tests/password-hash-test - manifest_repos/cryptsetup - Git at Google

 #!/bin/bash

 # check hash processing in create command

 CRYPTSETUP=../src/cryptsetup
 DEV_NAME=dmc_test
 KEY_FILE=keyfile

 DEV2=$DEV_NAME"_x"

 dmremove() { # device
 	udevadm settle >/dev/null 2>&1
 	dmsetup remove $1 >/dev/null 2>&1
 }

 cleanup() {
 	[ -b /dev/mapper/$DEV2 ] && dmremove $DEV2
 	[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
 	rm -f $KEY_FILE
 	exit $1
 }

 function fail()
 {
         echo " $1 [FAILED]"
         cleanup 2
 }

 crypt_key() # hash keysize pwd/file name outkey [limit] [offset]
 {
 	DEV2=$DEV_NAME"_x"
 	LIMIT=""
 	MODE=aes-cbc-essiv:sha256
 	[ $2 -gt 256 ] && MODE=aes-xts-plain
 	[ -n "$6" ] && LIMIT="-l $6"
 	[ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7"

 	echo -n "HASH: $1 KSIZE: $2 / $3"
 	case "$3" in
 	pwd)
 		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	std-)
 		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -d "-" -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	stdin)
 		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	cat)
 		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	cat-)
 		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	file)
 		$CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	failpwd)
 		echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null && fail "Expecting failure"
 		echo " [OK]"
 		return
 		;;
 	*)
 		fail ""
 		;;
 	esac

 	# ignore these cases, not all libs/kernel supports it
 	if [ "$1" == "ripemd160" -o $2 -gt 256 ] ; then
 		if [ $ret -ne 0 ] ; then
 			echo " [N/A] ($ret, SKIPPED)"
 			return
 		fi
 	fi

 	VKEY=$(dmsetup table $DEV2 --showkeys 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 5)
 	if [ "$VKEY" != "$5" ] ; then
 		echo " [FAILED]"
 		echo "expected: $5"
 		echo "real key: $VKEY"
 		cleanup 100
 	else
 		echo " [OK]"
 	fi

 	dmremove $DEV2
 }

 if [ $(id -u) != 0 ]; then
 	echo "WARNING: You must be root to run this test, test skipped."
 	exit 0
 fi

 dmsetup create $DEV_NAME --table "0 10240 zero" >/dev/null 2>&1

 crypt_key ripemd160   0 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
 crypt_key ripemd160 256 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
 crypt_key ripemd160 128 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f
 crypt_key sha1      256 pwd "xxx" b60d121b438a380c343d5ec3c2037564b82ffef30b1e0a6ad9af7a73aa91c197
 crypt_key sha1      128 pwd "xxx" b60d121b438a380c343d5ec3c2037564
 crypt_key sha256    256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
 crypt_key sha256    128 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7

 crypt_key sha256   0 std- "xxx"    cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
 crypt_key sha256 256 std- "xxx\n"  042aea10a0f14f2d391373599be69d53a75dde9951fc3d3cd10b6100aa7a9f24
 crypt_key sha256 128 std- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" \
 				   2a42b97084779dcedf2c66405c5d296c
 crypt_key sha256 256 stdin "xxx"   cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
 crypt_key sha256   0 stdin "xxx\n" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860

 # with keyfile, hash is ignored
 crypt_key ripemd160 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
 crypt_key sha256    256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
 crypt_key unknown*  256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000

 # limiting key
 crypt_key sha256:20 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b4580588000000000000000000000000
 crypt_key sha256:32 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860

 crypt_key sha256:   256 failpwd "xxx" x
 crypt_key sha256:xx 256 failpwd "xxx" x

 # key file, 80 chars
 echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \
 	   "2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE
 KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133"

 # ignore hash if keyfile is specified
 crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 crypt_key sha256    256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 crypt_key sha256    128 file $KEY_FILE ${KEY_FILE_HEX:0:32}
 crypt_key sha256    512 file $KEY_FILE $KEY_FILE_HEX

 # stdin can be limited
 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 16
 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 17

 # read key only up to \n
 crypt_key plain     128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14

 # read full key, ignore keyfile length
 crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32}
 crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14

 # but do not ignore hash if keysgfile is "-"
 crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5
 crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0
 crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80
 crypt_key sha256    128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
 crypt_key sha256    128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2
 crypt_key sha256    128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40

 # limiting plain (no hash)
 crypt_key plain   256     pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000
 crypt_key plain:2 256     pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000
 crypt_key plain:9 256 failpwd "xxxxxxxx" x

 crypt_key sha256    128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
 crypt_key sha256:14 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1f0000 14

 crypt_key sha256    128 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd 16
 crypt_key sha256    128 pwd "0123456789abcdef" 1be2e452b46d7a0d9656bbb1f768e824  4
 crypt_key sha256    128 pwd "0123"             1be2e452b46d7a0d9656bbb1f768e824  4

 cleanup 0
	#!/bin/bash

	# check hash processing in create command

	CRYPTSETUP=../src/cryptsetup
	DEV_NAME=dmc_test
	KEY_FILE=keyfile

	DEV2=$DEV_NAME"_x"

	dmremove() { # device
	udevadm settle >/dev/null 2>&1
	dmsetup remove $1 >/dev/null 2>&1
	}

	cleanup() {
	[ -b /dev/mapper/$DEV2 ] && dmremove $DEV2
	[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
	rm -f $KEY_FILE
	exit $1
	}

	function fail()
	{
	echo " $1 [FAILED]"
	cleanup 2
	}

	crypt_key() # hash keysize pwd/file name outkey [limit] [offset]
	{
	DEV2=$DEV_NAME"_x"
	LIMIT=""
	MODE=aes-cbc-essiv:sha256
	[ $2 -gt 256 ] && MODE=aes-xts-plain
	[ -n "$6" ] && LIMIT="-l $6"
	[ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7"

	echo -n "HASH: $1 KSIZE: $2 / $3"
	case "$3" in
	pwd)
	echo -e -n "$4" \| $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
	ret=$?
	;;
	std-)
	echo -e -n "$4" \| $CRYPTSETUP create -c $MODE -d "-" -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
	ret=$?
	;;
	stdin)
	echo -e -n "$4" \| $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
	ret=$?
	;;
	cat)
	cat $4 \| $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
	ret=$?
	;;
	cat-)
	cat $4 \| $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null
	ret=$?
	;;
	file)
	$CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
	ret=$?
	;;
	failpwd)
	echo -e -n "$4" \| $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null && fail "Expecting failure"
	echo " [OK]"
	return
	;;
	*)
	fail ""
	;;
	esac

	# ignore these cases, not all libs/kernel supports it
	if [ "$1" == "ripemd160" -o $2 -gt 256 ] ; then
	if [ $ret -ne 0 ] ; then
	echo " [N/A] ($ret, SKIPPED)"
	return
	fi
	fi

	VKEY=$(dmsetup table $DEV2 --showkeys 2>/dev/null \| sed 's/.*: //' \| cut -d' ' -f 5)
	if [ "$VKEY" != "$5" ] ; then
	echo " [FAILED]"
	echo "expected: $5"
	echo "real key: $VKEY"
	cleanup 100
	else
	echo " [OK]"
	fi

	dmremove $DEV2
	}

	if [ $(id -u) != 0 ]; then
	echo "WARNING: You must be root to run this test, test skipped."
	exit 0
	fi

	dmsetup create $DEV_NAME --table "0 10240 zero" >/dev/null 2>&1

	crypt_key ripemd160 0 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
	crypt_key ripemd160 256 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
	crypt_key ripemd160 128 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f
	crypt_key sha1 256 pwd "xxx" b60d121b438a380c343d5ec3c2037564b82ffef30b1e0a6ad9af7a73aa91c197
	crypt_key sha1 128 pwd "xxx" b60d121b438a380c343d5ec3c2037564
	crypt_key sha256 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
	crypt_key sha256 128 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7

	crypt_key sha256 0 std- "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
	crypt_key sha256 256 std- "xxx\n" 042aea10a0f14f2d391373599be69d53a75dde9951fc3d3cd10b6100aa7a9f24
	crypt_key sha256 128 std- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" \
	2a42b97084779dcedf2c66405c5d296c
	crypt_key sha256 256 stdin "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
	crypt_key sha256 0 stdin "xxx\n" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860

	# with keyfile, hash is ignored
	crypt_key ripemd160 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
	crypt_key sha256 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
	crypt_key unknown* 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000

	# limiting key
	crypt_key sha256:20 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b4580588000000000000000000000000
	crypt_key sha256:32 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860

	crypt_key sha256: 256 failpwd "xxx" x
	crypt_key sha256:xx 256 failpwd "xxx" x

	# key file, 80 chars
	echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \
	"2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE
	KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133"

	# ignore hash if keyfile is specified
	crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
	crypt_key sha256 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
	crypt_key sha256 128 file $KEY_FILE ${KEY_FILE_HEX:0:32}
	crypt_key sha256 512 file $KEY_FILE $KEY_FILE_HEX

	# stdin can be limited
	crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 16
	crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 17

	# read key only up to \n
	crypt_key plain 128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14

	# read full key, ignore keyfile length
	crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32}
	crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14

	# but do not ignore hash if keysgfile is "-"
	crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5
	crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0
	crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80
	crypt_key sha256 128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
	crypt_key sha256 128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2
	crypt_key sha256 128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40

	# limiting plain (no hash)
	crypt_key plain 256 pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000
	crypt_key plain:2 256 pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000
	crypt_key plain:9 256 failpwd "xxxxxxxx" x

	crypt_key sha256 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
	crypt_key sha256:14 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1f0000 14

	crypt_key sha256 128 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd 16
	crypt_key sha256 128 pwd "0123456789abcdef" 1be2e452b46d7a0d9656bbb1f768e824 4
	crypt_key sha256 128 pwd "0123" 1be2e452b46d7a0d9656bbb1f768e824 4

	cleanup 0