diff options
Diffstat (limited to '')
-rwxr-xr-x | tests/tcrypt-compat-test | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/tests/tcrypt-compat-test b/tests/tcrypt-compat-test new file mode 100755 index 0000000..c0fc50a --- /dev/null +++ b/tests/tcrypt-compat-test @@ -0,0 +1,223 @@ +#!/bin/bash + +# check tcrypt images parsing + +[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".." +CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup +TST_DIR=tcrypt-images +MAP=tctst +PASSWORD="aaaaaaaaaaaa" +PASSWORD_HIDDEN="bbbbbbbbbbbb" +PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff" +PIM=1234 + +CRYPTSETUP_VALGRIND=../.libs/cryptsetup +CRYPTSETUP_LIB_VALGRIND=../.libs + +[ -z "$srcdir" ] && srcdir="." + +function remove_mapping() +{ + [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP + [ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1 + [ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2 + rm -rf $TST_DIR +} + +function fail() +{ + [ -n "$1" ] && echo "$1" + echo " [FAILED]" + echo "FAILED backtrace:" + while caller $frame; do ((frame++)); done + remove_mapping + exit 2 +} + +function skip() +{ + [ -n "$1" ] && echo "$1" + remove_mapping + exit 77 +} + +function test_one() # cipher mode keysize rm_pattern +{ + $CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1 + if [ $? -ne 0 ] ; then + echo "$1-$2 [N/A]" + IMGS=$(ls $TST_DIR/[tv]c* | grep "$4") + [ -n "$IMGS" ] && rm $IMGS + #echo $IMGS + else + echo "$1-$2 [OK]" + fi +} + +function test_kdf() # hash +{ + $CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1 + if [ $? -ne 0 ] ; then + echo "pbkdf2-$1 [N/A]" + IMGS=$(ls $TST_DIR/[tv]c* | grep "$1") + [ -n "$IMGS" ] && rm $IMGS + else + echo "pbkdf2-$1 [OK]" + fi +} + +function get_HASH_CIPHER() # filename +{ + # speed up the test by limiting options for hash and (first) cipher + HASH=$(echo $file | cut -d'-' -f3) + CIPHER=$(echo $file | cut -d'-' -f5) +} + +function test_required() +{ + command -v blkid >/dev/null || skip "blkid tool required, test skipped." + + echo "REQUIRED KDF TEST" + test_kdf sha256 + test_kdf sha512 + test_kdf ripemd160 + test_kdf whirlpool + test_kdf stribog512 + + echo "REQUIRED CIPHERS TEST" + test_one aes cbc 256 cbc-aes + test_one aes lrw 384 lrw-aes + test_one aes xts 512 xts-aes + + test_one twofish ecb 256 twofish + test_one twofish cbc 256 cbc-twofish + test_one twofish lrw 384 lrw-twofish + test_one twofish xts 512 xts-twofish + + test_one serpent ecb 256 serpent + test_one serpent cbc 256 cbc-serpent + test_one serpent lrw 384 lrw-serpent + test_one serpent xts 512 xts-serpent + + test_one blowfish cbc 256 blowfish + + test_one des3_ede cbc 192 des3_ede + test_one cast5 cbc 128 cast5 + + test_one camellia xts 512 camellia + test_one kuznyechik xts 512 kuznyechik + + ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images, test skipped." +} + +function valgrind_setup() +{ + command -v valgrind >/dev/null || fail "Cannot find valgrind." + [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable." + export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH" +} + +function valgrind_run() +{ + INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@" +} + +export LANG=C +[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." +[ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner + +[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run + +test_required + +echo "HEADER CHECK" +for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do + echo -n " $file" + PIM_OPT="" + [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM" + SYS_OPT="" + [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system" + get_HASH_CIPHER $file + echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h $HASH -c $CIPHER $file >/dev/null || fail + if [[ $file =~ .*-sha512-xts-aes$ ]] ; then + echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c aes $file >/dev/null || fail + echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h xxxx $file 2>/dev/null && fail + echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c xxx $file 2>/dev/null && fail + fi + echo " [OK]" +done + +echo "HEADER CHECK (TCRYPT only)" +for file in $(ls $TST_DIR/vc_* $TST_DIR/vcpim_*) ; do + echo -n " $file" + PIM_OPT="" + [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM" + get_HASH_CIPHER $file + echo $PASSWORD | $CRYPTSETUP tcryptDump --disable-veracrypt $PIM_OPT -h $HASH -c $CIPHER $file >/dev/null 2>&1 && fail + echo " [OK]" +done + +echo "HEADER CHECK (HIDDEN)" +for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do + echo -n " $file (hidden)" + get_HASH_CIPHER $file + echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden -h $HASH -c $CIPHER $file >/dev/null || fail + echo " [OK]" +done + +echo "HEADER KEYFILES CHECK" +for file in $(ls $TST_DIR/[tv]ck_*) ; do + echo -n " $file" + PWD=$PASSWORD + [[ $file =~ vck_1_nopw.* ]] && PWD="" + [[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C + get_HASH_CIPHER $file + echo $PWD | $CRYPTSETUP tcryptDump -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 -h $HASH -c $CIPHER $file >/dev/null || fail + echo " [OK]" +done + + +if [ $(id -u) != 0 ]; then + echo "WARNING: You must be root to run activation part of test, test skipped." + remove_mapping + exit 0 +fi + +echo "ACTIVATION FS UUID CHECK" +for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do + echo -n " $file" + PIM_OPT="" + [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM" + SYS_OPT="" + [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system" + get_HASH_CIPHER $file + out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen $SYS_OPT $PIM_OPT -r -h $HASH -c $CIPHER $file $MAP 2>&1) + ret=$? + [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue + [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue + [ $ret -ne 0 ] && fail + $CRYPTSETUP status $MAP >/dev/null || fail + $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail + UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP) + $CRYPTSETUP remove $MAP || fail + [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." + echo " [OK]" +done + +echo "ACTIVATION FS UUID (HIDDEN) CHECK" +for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do + echo -n " $file" + get_HASH_CIPHER $file + out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen -r -h $HASH -c $CIPHER $file $MAP --tcrypt-hidden 2>&1) + ret=$? + [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue + [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue + [ $ret -ne 0 ] && fail + UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP) + $CRYPTSETUP remove $MAP || fail + [ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed." + echo " [OK]" +done + +remove_mapping +exit 0 |