| #!/bin/bash |
| |
| # check tcrypt images parsing |
| |
| CRYPTSETUP=../src/cryptsetup |
| TST_DIR=tcrypt-images |
| MAP=tctst |
| PASSWORD="aaaaaaaaaaaa" |
| PASSWORD_HIDDEN="bbbbbbbbbbbb" |
| |
| function remove_mapping() |
| { |
| [ -b /dev/mapper/$MAP ] && dmsetup remove $MAP |
| [ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove "$MAP"_1 |
| [ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove "$MAP"_2 |
| } |
| |
| function fail() |
| { |
| [ -n "$1" ] && echo "$1" |
| echo " [FAILED]" |
| remove_mapping |
| exit 2 |
| } |
| |
| function skip() |
| { |
| [ -n "$1" ] && echo "$1" |
| echo "Test skipped." |
| exit 0 |
| } |
| |
| function test_one() |
| { |
| $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip |
| } |
| |
| function test_required() |
| { |
| which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required." |
| |
| echo "REQUIRED KDF TEST" |
| $CRYPTSETUP benchmark -h ripemd160 | grep "N/A" && skip |
| $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip |
| |
| echo "REQUIRED CIPHERS TEST" |
| echo "# Algorithm | Key | Encryption | Decryption" |
| |
| test_one aes-cbc 256 |
| test_one aes-lrw 384 |
| test_one aes-xts 512 |
| |
| test_one twofish-cbc 256 |
| test_one twofish-lrw 384 |
| test_one twofish-xts 512 |
| |
| test_one serpent-cbc 256 |
| test_one serpent-lrw 384 |
| test_one serpent-xts 512 |
| |
| test_one blowfish-cbc 256 |
| |
| test_one des3_ede-cbc 192 |
| test_one cast5 128 |
| } |
| |
| test_required |
| export LANG=C |
| |
| [ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2 --no-same-owner |
| |
| echo "HEADER CHECK" |
| for file in $(ls $TST_DIR/[tv]c_*) ; do |
| echo -n " $file" |
| echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $file >/dev/null || fail |
| echo " [OK]" |
| done |
| |
| echo "HEADER CHECK (HIDDEN)" |
| for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do |
| echo -n " $file (hidden)" |
| echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail |
| echo " [OK]" |
| done |
| |
| echo "HEADER KEYFILES CHECK" |
| for file in $(ls $TST_DIR/[tv]ck_*) ; do |
| echo -n " $file" |
| echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail |
| echo " [OK]" |
| done |
| |
| |
| if [ $(id -u) != 0 ]; then |
| echo "WARNING: You must be root to run activation part of test, test skipped." |
| exit 0 |
| fi |
| |
| echo "ACTIVATION FS UUID CHECK" |
| for file in $(ls $TST_DIR/[tv]c_*) ; do |
| echo -n " $file" |
| out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP 2>&1) |
| ret=$? |
| [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue |
| [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue |
| [ $ret -ne 0 ] && fail |
| $CRYPTSETUP status $MAP >/dev/null || fail |
| $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail |
| UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) |
| $CRYPTSETUP remove $MAP || fail |
| [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." |
| echo " [OK]" |
| done |
| |
| echo "ACTIVATION FS UUID (HIDDEN) CHECK" |
| for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do |
| echo -n " $file" |
| out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1) |
| ret=$? |
| [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue |
| [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue |
| [ $ret -ne 0 ] && fail |
| UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) |
| $CRYPTSETUP remove $MAP || fail |
| [ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed." |
| echo " [OK]" |
| done |