blob: fdb4cd39a4fc7b039f94d07da53f3d5c7be93509 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
#!/bin/bash
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
CRYPTSETUP_VALGRIND=../.libs/cryptsetup
CRYPTSETUP_LIB_VALGRIND=../.libs
# try to validate using loop-AES losetup/kernel if available
LOSETUP_AES=/losetup-aes.old
LOOP_DD_PARAM="bs=1k count=10000"
DEV_NAME=dummy
IMG=loopaes.img
KEYv1=key_v1
KEYv2=key_v2
KEYv3=key_v3
LOOPDEV=$(losetup -f 2>/dev/null)
function dmremove() { # device
udevadm settle >/dev/null 2>&1
dmsetup remove --retry $1 >/dev/null 2>&1
}
function remove_mapping()
{
[ -b /dev/mapper/$DEV_NAME2 ] && dmremove $DEV_NAME2
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $IMG $KEYv1 $KEYv2 $KEYv3 >/dev/null 2>&1
}
function fail()
{
echo "FAILED backtrace:"
while caller $frame; do ((frame++)); done
remove_mapping
exit 2
}
function skip()
{
remove_mapping
[ -n "$1" ] && echo "$1"
exit 77
}
function valgrind_setup()
{
command -v valgrind >/dev/null || fail "Cannot find valgrind."
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}
function valgrind_run()
{
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}
function prepare()
{
remove_mapping
dd if=/dev/zero of=$IMG $LOOP_DD_PARAM >/dev/null 2>&1
sync
losetup $LOOPDEV $IMG
# Prepare raw key: v1 - one key, v2 - 64 keys, v3 - 64 + one IV
if [ ! -e $KEYv3 ]; then
head -c 3705 /dev/urandom | uuencode -m - | head -n 66 | tail -n 65 >$KEYv3
head -n 1 $KEYv3 > $KEYv1
head -n 64 $KEYv3 > $KEYv2
fi
[ -n "$1" ] && echo -n "$1 "
}
function check_exists()
{
[ -b /dev/mapper/$DEV_NAME ] || fail
}
function get_offset_params() # $offset
{
offset=$1
if [ "${offset:0:1}" = "@" ] ; then
echo "-o $((${offset:1} / 512)) -p 0"
else
echo "-o $((offset / 512))"
fi
}
function get_expsum() # $offset
{
case $1 in
0)
echo "31e00e0e4c233c89051cd748122fde2c98db0121ca09ba93a3820817ea037bc5"
;;
@8192 | 8192)
echo "bfd94392d1dd8f5d477251d21b3c736e177a4945cd4937847fc7bace82996aed"
;;
@8388608 | 8388608)
echo "33838fe36928a929bd7971bed7e82bd426c88193fcd692c2e6f1b9c9bfecd4d6"
;;
*) fail
;;
esac
}
function check_sum() # $key $keysize $offset [stdin|keyfile]
{
$CRYPTSETUP close $DEV_NAME || fail
EXPSUM=$(get_expsum $3)
if [ "$4" == "stdin" ] ; then
cat $1 | $CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file - $(get_offset_params $3) >/dev/null 2>&1
else
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $2 --key-file $1 $(get_offset_params $3) >/dev/null 2>&1
fi
ret=$?
VSUM=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo -n "[$4:OK]"
else
echo "[$4:FAIL]"
[ "$VSUM" != "$EXPSUM" ] && echo " Expecting $EXPSUM got $VSUM."
fail
fi
}
function check_sum_losetup() # $key $alg
{
[ ! -x $LOSETUP_AES ] && echo && return
echo -n " Verification using loop-AES: "
losetup -d $LOOPDEV >/dev/null 2>&1
cat $1 | $LOSETUP_AES -p 0 -e $2 -o $3 $LOOPDEV $IMG
ret=$?
VSUM=$(sha256sum $LOOPDEV | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
echo "[OK]"
else
echo "[FAIL]"
[ "$VSUM" != "$EXPSUM" ] && echo " Expecting $EXPSUM got $VSUM (loop-AES)."
fail
fi
losetup -d $LOOPDEV >/dev/null 2>&1
}
function check_version()
{
VER_STR=$(dmsetup version | grep Driver)
VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
VER_PATCH=$(echo $VER_STR | cut -f 3 -d.)
test $VER_MIN -lt 19 && return 1
test $VER_MIN -eq 19 -a $VER_PATCH -ge 6 && return 1 # RHEL
return 0
}
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
command -v uuencode >/dev/null || skip "WARNING: test require uuencode binary, test skipped."
check_version || skip "Probably old kernel, test skipped."
# loop-AES tests
KEY_SIZES="128 256"
KEY_FILES="$KEYv1 $KEYv2 $KEYv3"
DEV_OFFSET="0 8192 @8192 8388608 @8388608"
for key_size in $KEY_SIZES ; do
for key in $KEY_FILES ; do
for offset in $DEV_OFFSET ; do
prepare "Open loop-AES $key / AES-$key_size / offset $offset"
$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME \
-s $key_size --key-file $key $(get_offset_params $offset) \
2>/dev/null
[ $? -ne 0 ] && echo "[SKIPPED]" && continue
check_exists
# Fill device with zeroes and reopen it
dd if=/dev/zero of=/dev/mapper/$DEV_NAME $LOOP_DD_PARAM >/dev/null 2>&1
check_sum $key $key_size $offset keyfile
check_sum $key $key_size $offset stdin
$CRYPTSETUP loopaesClose $DEV_NAME || fail
check_sum_losetup $key AES$key_size $offset
done
done
done
remove_mapping
exit 0
|
