#!/bin/bash # check tcrypt images parsing CRYPTSETUP=../cryptsetup TST_DIR=tcrypt-images MAP=tctst PASSWORD="aaaaaaaaaaaa" PASSWORD_HIDDEN="bbbbbbbbbbbb" PIM=1234 [ -z "$srcdir" ] && srcdir="." function remove_mapping() { [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP [ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1 [ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2 } function fail() { [ -n "$1" ] && echo "$1" echo " [FAILED]" echo "FAILED at line $(caller)" remove_mapping exit 2 } function skip() { [ -n "$1" ] && echo "$1" echo "Test skipped." exit 77 } function test_one() # cipher mode keysize rm_pattern { $CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1 if [ $? -ne 0 ] ; then echo "$1-$2 [N/A]" IMGS=$(ls $TST_DIR/[tv]c* | grep "$4") [ -n "$IMGS" ] && rm $IMGS #echo $IMGS else echo "$1-$2 [OK]" fi } function test_kdf() # hash { $CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1 if [ $? -ne 0 ] ; then echo "pbkdf2-$1 [N/A]" IMGS=$(ls $TST_DIR/[tv]c* | grep "$1") [ -n "$IMGS" ] && rm $IMGS else echo "pbkdf2-$1 [OK]" fi } function test_required() { which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required." echo "REQUIRED KDF TEST" test_kdf sha256 test_kdf sha512 test_kdf ripemd160 test_kdf whirlpool test_kdf stribog512 echo "REQUIRED CIPHERS TEST" test_one aes cbc 256 cbc-aes test_one aes lrw 384 lrw-aes test_one aes xts 512 xts-aes test_one twofish ecb 256 twofish test_one twofish cbc 256 cbc-twofish test_one twofish lrw 384 lrw-twofish test_one twofish xts 512 xts-twofish test_one serpent ecb 256 serpent test_one serpent cbc 256 cbc-serpent test_one serpent lrw 384 lrw-serpent test_one serpent xts 512 xts-serpent test_one blowfish cbc 256 blowfish test_one des3_ede cbc 192 des3_ede test_one cast5 cbc 128 cast5 test_one camellia xts 512 camellia test_one kuznyechik xts 512 kuznyechik ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images." } export LANG=C [ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner test_required echo "HEADER CHECK" for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_*) ; do echo -n " $file" PIM_OPT="" [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM" echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $PIM_OPT $file >/dev/null || fail echo " [OK]" done echo "HEADER CHECK (HIDDEN)" for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do echo -n " $file (hidden)" echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail echo " [OK]" done echo "HEADER KEYFILES CHECK" for file in $(ls $TST_DIR/[tv]ck_*) ; do echo -n " $file" echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail echo " [OK]" done if [ $(id -u) != 0 ]; then echo "WARNING: You must be root to run activation part of test, test skipped." exit 0 fi echo "ACTIVATION FS UUID CHECK" for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_*) ; do echo -n " $file" PIM_OPT="" [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM" out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt $PIM_OPT -r $file $MAP 2>&1) ret=$? [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue [ $ret -ne 0 ] && fail $CRYPTSETUP status $MAP >/dev/null || fail $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) $CRYPTSETUP remove $MAP || fail [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." echo " [OK]" done echo "ACTIVATION FS UUID (HIDDEN) CHECK" for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do echo -n " $file" out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1) ret=$? [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue [ $ret -ne 0 ] && fail UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) $CRYPTSETUP remove $MAP || fail [ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed." echo " [OK]" done