blob: 2ac6c954b949db47ef1e5121f5e374a26da5fd4b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
#!/bin/bash
# check luks1 images parsing
# NOTE: if image with whirlpool hash fails, check
# that you are not using old gcrypt with flawed whirlpool
# (see cryptsetup debug output)
CRYPTSETUP=../cryptsetup
TST_DIR=luks1-images
MAP=luks1tst
KEYFILE=keyfile1
[ -z "$srcdir" ] && srcdir="."
function remove_mapping()
{
[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
}
function fail()
{
[ -n "$1" ] && echo "$1"
echo " [FAILED]"
echo "FAILED at line $(caller)"
remove_mapping
exit 2
}
function skip()
{
[ -n "$1" ] && echo "$1"
echo "Test skipped."
exit 77
}
function test_one()
{
$CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
}
function test_required()
{
which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
echo "REQUIRED KDF TEST"
$CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip
echo "REQUIRED CIPHERS TEST"
echo "# Algorithm | Key | Encryption | Decryption"
test_one aes-xts 256
test_one twofish-xts 256
test_one serpent-xts 256
test_one aes-cbc 256
test_one aes-lrw 256
}
export LANG=C
test_required
[ ! -d $TST_DIR ] && tar xJf $srcdir/luks1-images.tar.xz --no-same-owner
echo "PASSPHRASE CHECK"
for file in $(ls $TST_DIR/luks1_*) ; do
echo -n " $file"
$CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file --test-passphrase 2>/dev/null
ret=$?
# ignore missing whirlpool (pwd failed is exit code 2)
[ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
# ignore flawed whirlpool (pwd failed is exit code 2)
[ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
echo " [IGNORED (flawed Whirlpool library)]" && continue
[ $ret -ne 0 ] && fail
echo " [OK]"
done
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run activation part of test, test skipped."
exit 0
fi
echo "ACTIVATION FS UUID CHECK"
for file in $(ls $TST_DIR/luks1_*) ; do
echo -n " $file"
$CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null
ret=$?
# ignore missing whirlpool (pwd failed is exit code 2)
[ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
# ignore flawed whirlpool (pwd failed is exit code 2)
[ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
echo " [IGNORED (flawed Whirlpool library)]" && continue
[ $ret -ne 0 ] && fail
$CRYPTSETUP status $MAP >/dev/null || fail
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
$CRYPTSETUP remove $MAP || fail
[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
echo " [OK]"
done
|
