diff options
Diffstat (limited to 'tests/mode-test')
-rwxr-xr-x | tests/mode-test | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/tests/mode-test b/tests/mode-test new file mode 100755 index 0000000..d16482f --- /dev/null +++ b/tests/mode-test @@ -0,0 +1,171 @@ +#!/bin/bash +# +# Test mode compatibility, check input + kernel and cryptsetup cipher status +# +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +DEV_NAME=dmc_test +HEADER_IMG=mode-test.img +PASSWORD=3xrododenron +PASSWORD1=$PASSWORD + +# cipher-chainmode-ivopts:ivmode +CIPHERS="aes twofish serpent" +MODES="cbc lrw xts" +IVMODES="null benbi plain plain64 essiv:sha256" + +LOOPDEV=$(losetup -f 2>/dev/null) + +dmremove() { # device + udevadm settle >/dev/null 2>&1 + dmsetup remove --retry $1 >/dev/null 2>&1 +} + +cleanup() { + for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do + dmremove $dev + sleep 2 + done + [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME + losetup -d $LOOPDEV >/dev/null 2>&1 + rm -f $HEADER_IMG >/dev/null 2>&1 +} + +fail() +{ + [ -n "$1" ] && echo "$1" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + cleanup + exit 100 +} + +skip() +{ + [ -n "$1" ] && echo "$1" + exit 77 +} + +add_device() { + cleanup + dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1 + sync + losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1 + dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1 +} + +dmcrypt_check() # device outstring +{ + X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 4) + if [ "$X" = $2 ] ; then + echo -n "[table OK]" + else + echo "[table FAIL]" + echo " Expecting $2 got $X." + fail + fi + + X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//) + if [ $X = $2 ] ; then + echo -n "[status OK]" + else + echo "[status FAIL]" + echo " Expecting $2 got \"$X\"." + fail + fi + + dmremove $1 +} + +dmcrypt_check_sum() # cipher device +{ + EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29" + # Fill device with zeroes and reopen it + dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1 + sync + dmremove $2 + + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1 + ret=$? + VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1) + if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then + echo -n "[OK]" + else + echo "[FAIL]" + echo " Expecting $EXPSUM got $VSUM." + fail + fi + + dmremove $2 +} + +dmcrypt() +{ + OUT=$2 + [ -z "$OUT" ] && OUT=$1 + printf "%-31s" "$1" + + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1 + if [ $? -eq 0 ] ; then + echo -n -e "PLAIN:" + dmcrypt_check "$DEV_NAME"_tstdev $OUT + else + echo -n "[n/a]" + fi + + echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1 + if [ $? -eq 0 ] ; then + echo -n -e " LUKS1:" + echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail + dmcrypt_check "$DEV_NAME"_tstdev $OUT + fi + + echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 -i 1 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1 + if [ $? -eq 0 ] ; then + echo -n -e " LUKS2:" + echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail + dmcrypt_check "$DEV_NAME"_tstdev $OUT + fi + + # repeated device creation must return the same checksum + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1 + if [ $? -eq 0 ] ; then + echo -n -e " CHECKSUM:" + dmcrypt_check_sum "$1" "$DEV_NAME"_tstdev + fi + echo +} + +[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." +[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped." + +add_device + +# compatibility modes +dmcrypt aes aes-cbc-plain +dmcrypt aes-plain aes-cbc-plain + +# empty cipher +PASSWORD="" +dmcrypt null cipher_null-ecb +dmcrypt cipher_null cipher_null-ecb +dmcrypt cipher_null-ecb + +PASSWORD=$PASSWORD1 +# codebook doesn't support IV at all +for cipher in $CIPHERS ; do + dmcrypt "$cipher-ecb" +done + +for cipher in $CIPHERS ; do + for mode in $MODES ; do + for ivmode in $IVMODES ; do + dmcrypt "$cipher-$mode-$ivmode" + done + done +done + +dmcrypt xchacha12,aes-adiantum-plain64 +dmcrypt xchacha20,aes-adiantum-plain64 + +cleanup |