diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:04:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 08:04:28 +0000 |
commit | 6504f7fe43e9264a110527374f4bbe20f8e0004d (patch) | |
tree | 6cf8220b628ebd2ccfc1375dd6516c6996e9abcc /tests/password-hash-test | |
parent | Initial commit. (diff) | |
download | cryptsetup-6504f7fe43e9264a110527374f4bbe20f8e0004d.tar.xz cryptsetup-6504f7fe43e9264a110527374f4bbe20f8e0004d.zip |
Adding upstream version 2:2.6.1.upstream/2%2.6.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-x | tests/password-hash-test | 213 |
1 files changed, 213 insertions, 0 deletions
diff --git a/tests/password-hash-test b/tests/password-hash-test new file mode 100755 index 0000000..6e3c78c --- /dev/null +++ b/tests/password-hash-test @@ -0,0 +1,213 @@ +#!/bin/bash + +# check hash processing in create command + +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +DEV_NAME=dmc_test +KEY_FILE=keyfile + +DEV2=$DEV_NAME"_x" + +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + +dmremove() { # device + udevadm settle >/dev/null 2>&1 + dmsetup remove --retry $1 >/dev/null 2>&1 +} + +cleanup() { + [ -b /dev/mapper/$DEV2 ] && dmremove $DEV2 + [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME + rm -f $KEY_FILE + exit $1 +} + +function fail() +{ + echo " $1 [FAILED]" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + cleanup 2 +} + +skip() +{ + echo "TEST SKIPPED: $1" + cleanup 77 +} + +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + +crypt_key() # hash keysize pwd/file name outkey [limit] [offset] +{ + DEV2=$DEV_NAME"_x" + LIMIT="" + MODE=aes-cbc-essiv:sha256 + [ $2 -gt 256 ] && MODE=aes-xts-plain + [ -n "$6" ] && LIMIT="-l $6" + [ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7" + + echo -n "HASH: $1 KSIZE: $2 / $3" + case "$3" in + pwd) + echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null + ret=$? + ;; + std-) + echo -e -n "$4" | $CRYPTSETUP create -c $MODE -d "-" -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null + ret=$? + ;; + stdin) + echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null + ret=$? + ;; + cat) + cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null + ret=$? + ;; + cat-) + cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null + ret=$? + ;; + file) + $CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null + ret=$? + ;; + failpwd) + echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null && fail "Expecting failure" + echo " [OK]" + return + ;; + *) + fail "" + ;; + esac + + # ignore these cases, not all libs/kernel supports it + if [ "$1" != "sha256" ] || [ $2 -gt 256 ] ; then + if [ $ret -ne 0 ] ; then + echo " [N/A] ($ret, SKIPPED)" + return + fi + fi + + VKEY=$(dmsetup table $DEV2 --showkeys 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 5) + if [ "$VKEY" != "$5" ] ; then + echo " [FAILED]" + echo "expected: $5" + echo "real key: $VKEY" + cleanup 100 + else + echo " [OK]" + fi + + dmremove $DEV2 +} + +[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run +if [ $(id -u) != 0 ]; then + echo "WARNING: You must be root to run this test, test skipped." + exit 77 +fi + +dmsetup create $DEV_NAME --table "0 10240 zero" >/dev/null 2>&1 + +crypt_key ripemd160 0 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca +crypt_key ripemd160 256 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca +crypt_key ripemd160 128 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f +crypt_key sha1 256 pwd "xxx" b60d121b438a380c343d5ec3c2037564b82ffef30b1e0a6ad9af7a73aa91c197 +crypt_key sha1 128 pwd "xxx" b60d121b438a380c343d5ec3c2037564 +crypt_key sha256 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 +crypt_key sha256 128 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7 + +crypt_key sha256 0 std- "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 +crypt_key sha256 256 std- "xxx\n" 042aea10a0f14f2d391373599be69d53a75dde9951fc3d3cd10b6100aa7a9f24 +crypt_key sha256 128 std- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" \ + 2a42b97084779dcedf2c66405c5d296c +crypt_key sha256 256 stdin "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 +crypt_key sha256 0 stdin "xxx\n" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 + +# with keyfile, hash is ignored +crypt_key ripemd160 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000 +crypt_key sha256 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000 +crypt_key unknown* 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000 + +# limiting key +crypt_key sha256:20 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b4580588000000000000000000000000 +crypt_key sha256:32 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 + +crypt_key sha256: 256 failpwd "xxx" x +crypt_key sha256:xx 256 failpwd "xxx" x + +# key file, 80 chars +echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \ + "2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE +KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133" + + +# ignore hash if keyfile is specified +crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64} +crypt_key sha256 256 file $KEY_FILE ${KEY_FILE_HEX:0:64} +crypt_key sha256 128 file $KEY_FILE ${KEY_FILE_HEX:0:32} +crypt_key sha256 512 file $KEY_FILE $KEY_FILE_HEX + +# stdin can be limited +crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 16 +crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 17 + +# read key only up to \n +crypt_key plain 128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14 + +# read full key, ignore keyfile length +crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} +crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14 + +# but do not ignore hash if keysgfile is "-" +crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 +crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0 +crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80 +crypt_key sha256 128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14 +crypt_key sha256 128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2 +crypt_key sha256 128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40 + +# limiting plain (no hash) +crypt_key plain 256 pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000 +crypt_key plain:2 256 pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000 +crypt_key plain:9 256 failpwd "xxxxxxxx" x + +crypt_key sha256 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14 +crypt_key sha256:14 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1f0000 14 + +crypt_key sha256 128 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd 16 +crypt_key sha256 128 pwd "0123456789abcdef" 1be2e452b46d7a0d9656bbb1f768e824 4 +crypt_key sha256 128 pwd "0123" 1be2e452b46d7a0d9656bbb1f768e824 4 + +# Test list of various hash algorithms +crypt_key sha1 256 pwd "0123456789abcdef" fe5567e8d769550852182cdf69d74bb16dff8e295e4b6077d6d3fc73e7fe33b0 +crypt_key sha224 256 pwd "0123456789abcdef" 7330215f6741fd2bacbd3658681a70f65e2e90a02887989018974ce83775a568 +crypt_key sha256 256 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd2b796bfc7365c9c28b548e564176929f +crypt_key sha384 256 pwd "0123456789abcdef" fc6304023487cb6f85ac80e47817760c6b153c02da46c6429649e963b031e525 +crypt_key sha512 256 pwd "0123456789abcdef" 1c043fbe4bca7c7920dae536c680fd44c15d71ec12cd82a2a9491b0043b57f4d +crypt_key ripemd160 256 pwd "0123456789abcdef" edf4e38018cd71dd489b9c1e54b32054eb42dfad9fdcc22d629d756391a24982 +crypt_key whirlpool 256 pwd "0123456789abcdef" b21fc274d47d79ba45f94d67077f0846f75a7acc1a4dc560eacca300179cc142 +crypt_key sha3-224 256 pwd "0123456789abcdef" bbb7d56cc80a8c80e907f7d9240edc0be264aa173266b30918bc1065d59a9388 +crypt_key sha3-256 256 pwd "0123456789abcdef" a5df4caae9fdb5dbacf667075b709a2f30a115c43168af332062b42d4b0da01f +crypt_key sha3-384 256 pwd "0123456789abcdef" 56f351f754c418892eab4009e5f85c8d5436a591014503563e9395b895526413 +crypt_key sha3-512 256 pwd "0123456789abcdef" 59d06155d25dffdb982729de8dce9d7855ca094d8bab8124b347c40668477056 +crypt_key sm3 256 pwd "0123456789abcdef" a34fdd8e843802b31a262dce5b1f501bed68ef81520de14b39657aecffaf8a86 +crypt_key stribog512 256 pwd "0123456789abcdef" ab1284a64c2325c0ad52494e696df9aa9b92e701605a9a1258b58be08e8240ea + +cleanup 0 |