blob: 47dc5a8c0ac04c0a3993e00659c106976ff595b8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
#!/bin/sh
# Check crypto backend, see https://gitlab.com/cryptsetup/cryptsetup/-/issues/851 .
set -ue
PATH="/usr/bin:/bin"
export PATH
CRYPTSETUP="/sbin/cryptsetup"
NAME="crypto-backend"
TEMPDIR="$AUTOPKGTEST_TMP/$NAME"
mkdir "$TEMPDIR"
trap 'rm -rf -- "$TEMPDIR"' EXIT INT TERM
IMG="$TEMPDIR/disk.img"
KEYFILE="$TEMPDIR/keyfile"
DEBUG="$TEMPDIR/debug"
dd if=/dev/zero bs=1M count=64 status="none" of="$IMG"
head -c32 /dev/urandom >"$KEYFILE"
"$CRYPTSETUP" luksFormat --batch-mode \
--key-file="$KEYFILE" \
--type=luks2 \
--pbkdf=argon2id \
--pbkdf-force-iterations=4 \
--pbkdf-memory=32 \
-- "$IMG"
"$CRYPTSETUP" luksOpen --debug --key-file="$KEYFILE" --test-passphrase "$IMG" >"$DEBUG"
sed -nri '/^# Crypto backend\s+/ {s/.*?\(([^()]+)\).*/\1/p;q}' "$DEBUG"
cat "$DEBUG"
if ! grep -qE '^OpenSSL\b' <"$DEBUG"; then
echo "ERROR: Crypto backend isn't OpenSSL" >&2
exit 1
fi
sed -ri 's/^[^\[]*//' "$DEBUG"
# " [cryptsetup libargon2]": bundled libargon2
# " [external libargon2]": system libargon2
# "][argon2]": crypto backend's own implementation
if ! grep -qF " [external libargon2]" <"$DEBUG"; then
echo "ERROR: Unexpected argon2 backend" >&2
exit 1
fi
LIBCRYPTSETUP="$(env --unset=LD_PRELOAD ldd "$CRYPTSETUP" | sed -nr '/^\s*libcryptsetup\.so(\.[0-9]+)*\s+=>\s+/ {s///;s/\s.*//;p;q}')"
if [ -z "$LIBCRYPTSETUP" ] || [ ! -e "$LIBCRYPTSETUP" ]; then
echo "ERROR: $CRYPTSETUP doesn't link against libcryptsetup??" >&2
exit 1
fi
assert_linked_argon2() {
local path="$1"
if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
echo "ERROR: $path does not link against libargon2" >&2
exit 1
fi
return 0
}
assert_linked_argon2 "$CRYPTSETUP"
assert_linked_argon2 "$LIBCRYPTSETUP"
|
