#!/bin/bash CRYPTSETUP=../cryptsetup # try to validate using loop-AES losetup/kernel if available LOSETUP_AES=/losetup-aes.old LOOP_DD_PARAM="bs=1k count=10000" DEV_NAME=dummy IMG=loopaes.img KEYv1=key_v1 KEYv2=key_v2 KEYv3=key_v3 LOOPDEV=$(losetup -f 2>/dev/null) function dmremove() { # device udevadm settle >/dev/null 2>&1 dmsetup remove $1 >/dev/null 2>&1 } function remove_mapping() { [ -b /dev/mapper/$DEV_NAME2 ] && dmremove $DEV_NAME2 [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME losetup -d $LOOPDEV >/dev/null 2>&1 rm -f $IMG $KEYv1 $KEYv2 $KEYv3 >/dev/null 2>&1 } function fail() { echo "FAILED at line $(caller)" remove_mapping exit 2 } function skip() { [ -n "$1" ] && echo "$1" exit 77 } function prepare() { remove_mapping dd if=/dev/zero of=$IMG $LOOP_DD_PARAM >/dev/null 2>&1 sync losetup $LOOPDEV $IMG # Prepare raw key: v1 - one key, v2 - 64 keys, v3 - 64 + one IV if [ ! -e $KEYv3 ]; then head -c 3705 /dev/urandom | uuencode -m - | head -n 66 | tail -n 65 >$KEYv3 head -n 1 $KEYv3 > $KEYv1 head -n 64 $KEYv3 > $KEYv2 fi [ -n "$1" ] && echo -n "$1 " } function check_exists() { [ -b /dev/mapper/$DEV_NAME ] || fail } function get_offset_params() # $offset { offset=$1 if [ "${offset:0:1}" = "@" ] ; then echo "-o $((${offset:1} / 512)) -p 0" else echo "-o $((offset / 512))" fi } function get_expsum() # $offset { case $1 in 0) echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5" ;; @8192 | 8192) echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed" ;; @8388608 | 8388608) echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6" ;; *) fail ;; esac } function check_sum() # $key $keysize $offset [stdin|keyfile] { # Fill device with zeroes and reopen it dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1k $LOOP_DD_PARAM >/dev/null 2>&1 sync dmremove $DEV_NAME EXPSUM=$(get_expsum $3) if [ "$4" == "stdin" ] ; then cat $1 | $CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file - $(get_offset_params $3) >/dev/null 2>&1 else $CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 $(get_offset_params $3) >/dev/null 2>&1 fi ret=$? VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1) if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then echo -n "[$4:OK]" else echo "[$4:FAIL]" [ "$VSUM" != "$EXPSUM" ] && echo " Expecting $EXPSUM got $VSUM." fail fi } function check_sum_losetup() # $key $alg { [ ! -x $LOSETUP_AES ] && echo && return echo -n " Verification using loop-AES: " losetup -d $LOOPDEV >/dev/null 2>&1 cat $1 | $LOSETUP_AES -p 0 -e $2 -o $3 $LOOPDEV $IMG ret=$? VSUM=$(sha256sum $LOOPDEV | cut -d' ' -f 1) if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then echo "[OK]" else echo "[FAIL]" [ "$VSUM" != "$EXPSUM" ] && echo " Expecting $EXPSUM got $VSUM (loop-AES)." fail fi losetup -d $LOOPDEV >/dev/null 2>&1 } function check_version() { VER_STR=$(dmsetup version | grep Driver) VER_MIN=$(echo $VER_STR | cut -f 2 -d.) VER_PATCH=$(echo $VER_STR | cut -f 3 -d.) test $VER_MIN -lt 19 && return 1 test $VER_MIN -eq 19 -a $VER_PATCH -ge 6 && return 1 # RHEL return 0 } [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." [ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped." which uuencode >/dev/null 2>&1 || skip "WARNING: test require uuencode binary, test skipped." check_version || skip "Probably old kernel, test skipped." # loop-AES tests KEY_SIZES="128 256" KEY_FILES="$KEYv1 $KEYv2 $KEYv3" DEV_OFFSET="0 8192 @8192 8388608 @8388608" for key_size in $KEY_SIZES ; do for key in $KEY_FILES ; do for offset in $DEV_OFFSET ; do prepare "Open loop-AES $key / AES-$key_size / offset $offset" $CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME \ -s $key_size --key-file $key $(get_offset_params $offset) \ 2>/dev/null [ $? -ne 0 ] && echo "[SKIPPED]" && continue check_exists check_sum $key $key_size $offset keyfile $CRYPTSETUP loopaesClose $DEV_NAME || fail check_sum $key $key_size $offset stdin $CRYPTSETUP loopaesClose $DEV_NAME || fail check_sum_losetup $key AES$key_size $offset done done done remove_mapping exit 0