diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:12 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:12 +0000 |
commit | 1be69c2c660b70ac2f4de2a5326e27e3e60eb82d (patch) | |
tree | bb299ab6f411f4fccd735907035de710e4ec6abc /tests/luks1-compat-test | |
parent | Initial commit. (diff) | |
download | cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.tar.xz cryptsetup-1be69c2c660b70ac2f4de2a5326e27e3e60eb82d.zip |
Adding upstream version 2:2.3.7.upstream/2%2.3.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/luks1-compat-test')
-rwxr-xr-x | tests/luks1-compat-test | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/tests/luks1-compat-test b/tests/luks1-compat-test new file mode 100755 index 0000000..311a559 --- /dev/null +++ b/tests/luks1-compat-test @@ -0,0 +1,104 @@ +#!/bin/bash + +# check luks1 images parsing + +# NOTE: if image with whirlpool hash fails, check +# that you are not using old gcrypt with flawed whirlpool +# (see cryptsetup debug output) + +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +TST_DIR=luks1-images +MAP=luks1tst +KEYFILE=keyfile1 + +[ -z "$srcdir" ] && srcdir="." + +function remove_mapping() +{ + [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP +} + +function fail() +{ + [ -n "$1" ] && echo "$1" + echo " [FAILED]" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + remove_mapping + exit 2 +} + +function skip() +{ + [ -n "$1" ] && echo "$1" + echo "Test skipped." + exit 77 +} + +function test_one() +{ + $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip +} + +function test_required() +{ + which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required." + + echo "REQUIRED KDF TEST" + $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip + + echo "REQUIRED CIPHERS TEST" + echo "# Algorithm | Key | Encryption | Decryption" + + test_one aes-xts 256 + test_one twofish-xts 256 + test_one serpent-xts 256 + test_one aes-cbc 256 + test_one aes-lrw 256 +} + +export LANG=C + +test_required +[ ! -d $TST_DIR ] && tar xJf $srcdir/luks1-images.tar.xz --no-same-owner + +echo "PASSPHRASE CHECK" +for file in $(ls $TST_DIR/luks1_*) ; do + echo -n " $file" + $CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file --test-passphrase 2>/dev/null + ret=$? + # ignore missing whirlpool (pwd failed is exit code 2) + [ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue + # ignore flawed whirlpool (pwd failed is exit code 2) + [ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \ + ($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \ + echo " [IGNORED (flawed Whirlpool library)]" && continue + [ $ret -ne 0 ] && fail + echo " [OK]" +done + +if [ $(id -u) != 0 ]; then + echo "WARNING: You must be root to run activation part of test, test skipped." + exit 0 +fi + +echo "ACTIVATION FS UUID CHECK" +for file in $(ls $TST_DIR/luks1_*) ; do + echo -n " $file" + $CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null + ret=$? + # ignore missing whirlpool (pwd failed is exit code 2) + [ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue + # ignore flawed whirlpool (pwd failed is exit code 2) + [ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \ + ($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \ + echo " [IGNORED (flawed Whirlpool library)]" && continue + [ $ret -ne 0 ] && fail + $CRYPTSETUP status $MAP >/dev/null || fail + $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail + UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) + $CRYPTSETUP remove $MAP || fail + [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." + echo " [OK]" +done |