diff options
Diffstat (limited to 'debian/tests/crypto-backend')
| -rwxr-xr-x | debian/tests/crypto-backend | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/debian/tests/crypto-backend b/debian/tests/crypto-backend new file mode 100755 index 0000000..47dc5a8 --- /dev/null +++ b/debian/tests/crypto-backend @@ -0,0 +1,66 @@ +#!/bin/sh + +# Check crypto backend, see https://gitlab.com/cryptsetup/cryptsetup/-/issues/851 . + +set -ue +PATH="/usr/bin:/bin" +export PATH + +CRYPTSETUP="/sbin/cryptsetup" + +NAME="crypto-backend" +TEMPDIR="$AUTOPKGTEST_TMP/$NAME" + +mkdir "$TEMPDIR" +trap 'rm -rf -- "$TEMPDIR"' EXIT INT TERM + +IMG="$TEMPDIR/disk.img" +KEYFILE="$TEMPDIR/keyfile" +DEBUG="$TEMPDIR/debug" + +dd if=/dev/zero bs=1M count=64 status="none" of="$IMG" +head -c32 /dev/urandom >"$KEYFILE" + +"$CRYPTSETUP" luksFormat --batch-mode \ + --key-file="$KEYFILE" \ + --type=luks2 \ + --pbkdf=argon2id \ + --pbkdf-force-iterations=4 \ + --pbkdf-memory=32 \ + -- "$IMG" + +"$CRYPTSETUP" luksOpen --debug --key-file="$KEYFILE" --test-passphrase "$IMG" >"$DEBUG" +sed -nri '/^# Crypto backend\s+/ {s/.*?\(([^()]+)\).*/\1/p;q}' "$DEBUG" +cat "$DEBUG" + +if ! grep -qE '^OpenSSL\b' <"$DEBUG"; then + echo "ERROR: Crypto backend isn't OpenSSL" >&2 + exit 1 +fi + +sed -ri 's/^[^\[]*//' "$DEBUG" +# " [cryptsetup libargon2]": bundled libargon2 +# " [external libargon2]": system libargon2 +# "][argon2]": crypto backend's own implementation +if ! grep -qF " [external libargon2]" <"$DEBUG"; then + echo "ERROR: Unexpected argon2 backend" >&2 + exit 1 +fi + +LIBCRYPTSETUP="$(env --unset=LD_PRELOAD ldd "$CRYPTSETUP" | sed -nr '/^\s*libcryptsetup\.so(\.[0-9]+)*\s+=>\s+/ {s///;s/\s.*//;p;q}')" +if [ -z "$LIBCRYPTSETUP" ] || [ ! -e "$LIBCRYPTSETUP" ]; then + echo "ERROR: $CRYPTSETUP doesn't link against libcryptsetup??" >&2 + exit 1 +fi + +assert_linked_argon2() { + local path="$1" + if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then + echo "ERROR: $path does not link against libargon2" >&2 + exit 1 + fi + return 0 +} + +assert_linked_argon2 "$CRYPTSETUP" +assert_linked_argon2 "$LIBCRYPTSETUP" |