cryptsetup/tests/tcrypt-compat-test

#!/bin/bash

# check tcrypt images parsing

CRYPTSETUP=../cryptsetup
TST_DIR=tcrypt-images
MAP=tctst
PASSWORD="aaaaaaaaaaaa"
PASSWORD_HIDDEN="bbbbbbbbbbbb"
PIM=1234

[ -z "$srcdir" ] && srcdir="."

function remove_mapping()
{
	[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
	[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove "$MAP"_1
	[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove "$MAP"_2
}

function fail()
{
	[ -n "$1" ] && echo "$1"
	echo " [FAILED]"
	remove_mapping
	exit 2
}

function skip()
{
	[ -n "$1" ] && echo "$1"
	echo "Test skipped."
	exit 77
}

function test_one()
{
	$CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
}

function test_required()
{
	which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."

	echo "REQUIRED KDF TEST"
	$CRYPTSETUP benchmark -h ripemd160 | grep "N/A" && skip
	$CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip

	echo "REQUIRED CIPHERS TEST"
	echo "#     Algorithm         Key        Encryption        Decryption"

	test_one aes-cbc 256
	test_one aes-lrw 384
	test_one aes-xts 512

	test_one twofish-cbc 256
	test_one twofish-lrw 384
	test_one twofish-xts 512

	test_one serpent-cbc 256
	test_one serpent-lrw 384
	test_one serpent-xts 512

	test_one blowfish-cbc 256

	test_one des3_ede-cbc 192
	test_one cast5 128
}

test_required
export LANG=C

[ ! -d $TST_DIR ] && tar xjf $srcdir/tcrypt-images.tar.bz2 --no-same-owner

echo "HEADER CHECK"
for file in $(ls $TST_DIR/[t]c_* $TST_DIR/vcpim_*) ; do
	echo -n " $file"
	PIM_OPT=""
	[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
	echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $PIM_OPT $file >/dev/null || fail
	echo " [OK]"
done

echo "HEADER CHECK (HIDDEN)"
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
	echo -n " $file (hidden)"
	echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail
	echo " [OK]"
done

echo "HEADER KEYFILES CHECK"
for file in $(ls $TST_DIR/[tv]ck_*) ; do
	echo -n " $file"
	echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
	echo " [OK]"
done


if [ $(id -u) != 0 ]; then
	echo "WARNING: You must be root to run activation part of test, test skipped."
	exit 0
fi

echo "ACTIVATION FS UUID CHECK"
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_*) ; do
	echo -n " $file"
	PIM_OPT=""
	[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
	out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt $PIM_OPT -r $file $MAP 2>&1)
	ret=$?
	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
	[ $ret -ne 0 ] && fail
	$CRYPTSETUP status $MAP >/dev/null || fail
	$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
	$CRYPTSETUP remove $MAP || fail
	[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
	echo " [OK]"
done

echo "ACTIVATION FS UUID (HIDDEN) CHECK"
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
	echo -n " $file"
	out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1)
	ret=$?
	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
	[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
	[ $ret -ne 0 ] && fail
	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
	$CRYPTSETUP remove $MAP || fail
	[ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."
	echo " [OK]"
done