mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-11 19:00:02 +01:00
93bc8997ea
It is really not a good idea to check minor version without checking major version is not lower first. Also try to prepare for situation when major target versions increases.
242 lines
6.3 KiB
Bash
Executable File
242 lines
6.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Test mode compatibility, check input + kernel and cryptsetup cipher status
|
|
#
|
|
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
|
|
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
|
|
DEV_NAME=dmc_test
|
|
HEADER_IMG=mode-test.img
|
|
PASSWORD=3xrododenron
|
|
PASSWORD1=$PASSWORD
|
|
KEY="7c0dc5dfd0c9191381d92e6ebb3b29e7f0dba53b0de132ae23f5726727173540"
|
|
FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
|
|
|
|
# cipher-chainmode-ivopts:ivmode
|
|
CIPHERS="aes twofish serpent"
|
|
MODES="cbc lrw xts"
|
|
IVMODES="null benbi plain plain64 essiv:sha256"
|
|
|
|
LOOPDEV=$(losetup -f 2>/dev/null)
|
|
|
|
if [ -n "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then
|
|
CRYPTSETUP_VALGRIND=$CRYPTSETUP
|
|
else
|
|
CRYPTSETUP_VALGRIND=../.libs/cryptsetup
|
|
CRYPTSETUP_LIB_VALGRIND=../.libs
|
|
fi
|
|
|
|
dmremove() { # device
|
|
udevadm settle >/dev/null 2>&1
|
|
dmsetup remove --retry $1 >/dev/null 2>&1
|
|
}
|
|
|
|
cleanup() {
|
|
[ -b /dev/mapper/"$DEV_NAME"_tstdev ] && dmremove "$DEV_NAME"_tstdev
|
|
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
|
|
losetup -d $LOOPDEV >/dev/null 2>&1
|
|
rm -f $HEADER_IMG >/dev/null 2>&1
|
|
}
|
|
|
|
fail()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
echo "FAILED backtrace:"
|
|
while caller $frame; do ((frame++)); done
|
|
cleanup
|
|
exit 100
|
|
}
|
|
|
|
_sigchld() { local c=$?; [ $c -eq 139 ] && fail "Segfault"; [ $c -eq 134 ] && fail "Aborted"; }
|
|
trap _sigchld CHLD
|
|
|
|
skip()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
exit 77
|
|
}
|
|
|
|
dm_crypt_capi_support()
|
|
{
|
|
VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
|
|
[ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
|
|
|
|
VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
|
|
VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
|
|
VER_PTC=$(echo $VER_STR | cut -f 3 -d.)
|
|
|
|
[ $VER_MAJ -gt 1 ] && return 0
|
|
if [ $VER_MIN -ge 16 ]; then
|
|
return 0
|
|
fi
|
|
|
|
return 1
|
|
}
|
|
|
|
valgrind_setup()
|
|
{
|
|
command -v valgrind >/dev/null || fail "Cannot find valgrind."
|
|
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
|
|
[ ! -f valg.sh ] && fail "Unable to get location of valg runner script."
|
|
if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then
|
|
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
|
|
fi
|
|
}
|
|
|
|
valgrind_run()
|
|
{
|
|
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
|
|
}
|
|
|
|
|
|
add_device() {
|
|
cleanup
|
|
dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
|
|
sync
|
|
losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
|
|
dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1
|
|
}
|
|
|
|
dmcrypt_check() # device outstring
|
|
{
|
|
X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 4)
|
|
if [ "$X" = $2 ] ; then
|
|
echo -n "[table OK]"
|
|
else
|
|
echo "[table FAIL]"
|
|
echo " Expecting $2 got $X."
|
|
fail
|
|
fi
|
|
|
|
X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//)
|
|
if [ $X = $2 ] ; then
|
|
echo -n "[status OK]"
|
|
else
|
|
echo "[status FAIL]"
|
|
echo " Expecting $2 got \"$X\"."
|
|
fail
|
|
fi
|
|
|
|
dmremove $1
|
|
}
|
|
|
|
dmcrypt_check_sum() # cipher device
|
|
{
|
|
EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
|
|
# Fill device with zeroes and reopen it
|
|
dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
|
|
sync
|
|
dmremove $2
|
|
|
|
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
ret=$?
|
|
VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
|
|
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
|
|
echo -n "[OK]"
|
|
else
|
|
echo "[FAIL]"
|
|
echo " Expecting $EXPSUM got $VSUM."
|
|
fail
|
|
fi
|
|
|
|
dmremove $2
|
|
}
|
|
|
|
dmcrypt()
|
|
{
|
|
OUT=$2
|
|
[ -z "$OUT" ] && OUT=$1
|
|
printf "%-31s" "$1"
|
|
|
|
echo -n -e "PLAIN:"
|
|
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
if [ $? -eq 0 ] ; then
|
|
dmcrypt_check "$DEV_NAME"_tstdev $OUT
|
|
else
|
|
echo -n "[N/A]"
|
|
fi
|
|
|
|
echo -n -e " LUKS1:"
|
|
echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF2 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
if [ $? -eq 0 ] ; then
|
|
echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
|
|
dmcrypt_check "$DEV_NAME"_tstdev $OUT
|
|
else
|
|
echo -n "[N/A]"
|
|
fi
|
|
|
|
echo -n -e " LUKS2:"
|
|
echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 $FAST_PBKDF2 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
if [ $? -eq 0 ] ; then
|
|
echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
|
|
dmcrypt_check "$DEV_NAME"_tstdev $OUT
|
|
else
|
|
echo -n "[N/A]"
|
|
fi
|
|
|
|
# repeated device creation must return the same checksum
|
|
echo -n -e " CHECKSUM:"
|
|
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
|
|
if [ $? -eq 0 ] ; then
|
|
dmcrypt_check_sum "$1" "$DEV_NAME"_tstdev
|
|
else
|
|
echo -n "[N/A]"
|
|
fi
|
|
echo
|
|
}
|
|
|
|
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
|
|
[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
|
|
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
|
|
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
|
|
|
|
add_device
|
|
|
|
# compatibility modes
|
|
dmcrypt aes aes-cbc-plain
|
|
dmcrypt aes-plain aes-cbc-plain
|
|
|
|
# empty cipher
|
|
PASSWORD=""
|
|
dmcrypt null cipher_null-ecb
|
|
dmcrypt cipher_null cipher_null-ecb
|
|
dmcrypt cipher_null-ecb
|
|
|
|
PASSWORD=$PASSWORD1
|
|
# codebook doesn't support IV at all
|
|
for cipher in $CIPHERS ; do
|
|
dmcrypt "$cipher-ecb"
|
|
done
|
|
|
|
for cipher in $CIPHERS ; do
|
|
for mode in $MODES ; do
|
|
for ivmode in $IVMODES ; do
|
|
dmcrypt "$cipher-$mode-$ivmode"
|
|
done
|
|
done
|
|
done
|
|
|
|
dmcrypt xchacha12,aes-adiantum-plain64
|
|
dmcrypt xchacha20,aes-adiantum-plain64
|
|
|
|
dmcrypt aes-hctr2-plain64
|
|
|
|
echo -n "CAPI format:"
|
|
if dm_crypt_capi_support ; then
|
|
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail
|
|
$CRYPTSETUP close "$DEV_NAME"_tstdev || fail
|
|
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail
|
|
dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail
|
|
$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail
|
|
$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail
|
|
|
|
# Do not confuse aes-plain with capi:xts(plain)-plain
|
|
echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail
|
|
$CRYPTSETUP close "$DEV_NAME"_tstdev || fail
|
|
echo [OK]
|
|
else
|
|
echo [N/A]
|
|
fi
|
|
|
|
cleanup
|
|
exit 0
|