mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-12 03:10:08 +01:00
2eb25910a1
Previous fix for longer passhphrases increased maximal passphrase length even if it was not needed, for example if used with SHA256 hash in combination with keyfiles. This patch tries to fix the problem, so some older volumes can be opened again. Also some test images are added for regression testing. Fixes: #542.
173 lines
4.7 KiB
Bash
Executable File
173 lines
4.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# check tcrypt images parsing
|
|
|
|
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
|
|
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
|
|
TST_DIR=tcrypt-images
|
|
MAP=tctst
|
|
PASSWORD="aaaaaaaaaaaa"
|
|
PASSWORD_HIDDEN="bbbbbbbbbbbb"
|
|
PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
|
|
PIM=1234
|
|
|
|
[ -z "$srcdir" ] && srcdir="."
|
|
|
|
function remove_mapping()
|
|
{
|
|
[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
|
|
[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
|
|
[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
|
|
}
|
|
|
|
function fail()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
echo " [FAILED]"
|
|
echo "FAILED backtrace:"
|
|
while caller $frame; do ((frame++)); done
|
|
remove_mapping
|
|
exit 2
|
|
}
|
|
|
|
function skip()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
echo "Test skipped."
|
|
exit 77
|
|
}
|
|
|
|
function test_one() # cipher mode keysize rm_pattern
|
|
{
|
|
$CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1
|
|
if [ $? -ne 0 ] ; then
|
|
echo "$1-$2 [N/A]"
|
|
IMGS=$(ls $TST_DIR/[tv]c* | grep "$4")
|
|
[ -n "$IMGS" ] && rm $IMGS
|
|
#echo $IMGS
|
|
else
|
|
echo "$1-$2 [OK]"
|
|
fi
|
|
}
|
|
|
|
function test_kdf() # hash
|
|
{
|
|
$CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1
|
|
if [ $? -ne 0 ] ; then
|
|
echo "pbkdf2-$1 [N/A]"
|
|
IMGS=$(ls $TST_DIR/[tv]c* | grep "$1")
|
|
[ -n "$IMGS" ] && rm $IMGS
|
|
else
|
|
echo "pbkdf2-$1 [OK]"
|
|
fi
|
|
}
|
|
|
|
function test_required()
|
|
{
|
|
which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
|
|
|
|
echo "REQUIRED KDF TEST"
|
|
test_kdf sha256
|
|
test_kdf sha512
|
|
test_kdf ripemd160
|
|
test_kdf whirlpool
|
|
test_kdf stribog512
|
|
|
|
echo "REQUIRED CIPHERS TEST"
|
|
test_one aes cbc 256 cbc-aes
|
|
test_one aes lrw 384 lrw-aes
|
|
test_one aes xts 512 xts-aes
|
|
|
|
test_one twofish ecb 256 twofish
|
|
test_one twofish cbc 256 cbc-twofish
|
|
test_one twofish lrw 384 lrw-twofish
|
|
test_one twofish xts 512 xts-twofish
|
|
|
|
test_one serpent ecb 256 serpent
|
|
test_one serpent cbc 256 cbc-serpent
|
|
test_one serpent lrw 384 lrw-serpent
|
|
test_one serpent xts 512 xts-serpent
|
|
|
|
test_one blowfish cbc 256 blowfish
|
|
|
|
test_one des3_ede cbc 192 des3_ede
|
|
test_one cast5 cbc 128 cast5
|
|
|
|
test_one camellia xts 512 camellia
|
|
test_one kuznyechik xts 512 kuznyechik
|
|
|
|
ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images."
|
|
}
|
|
|
|
export LANG=C
|
|
[ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner
|
|
test_required
|
|
|
|
echo "HEADER CHECK"
|
|
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
|
|
echo -n " $file"
|
|
PIM_OPT=""
|
|
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
|
|
SYS_OPT=""
|
|
[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
|
|
echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT $file >/dev/null || fail
|
|
echo " [OK]"
|
|
done
|
|
|
|
echo "HEADER CHECK (HIDDEN)"
|
|
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
|
|
echo -n " $file (hidden)"
|
|
echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail
|
|
echo " [OK]"
|
|
done
|
|
|
|
echo "HEADER KEYFILES CHECK"
|
|
for file in $(ls $TST_DIR/[tv]ck_*) ; do
|
|
echo -n " $file"
|
|
PWD=$PASSWORD
|
|
[[ $file =~ vck_1_nopw.* ]] && PWD=""
|
|
[[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
|
|
echo $PWD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
|
|
echo " [OK]"
|
|
done
|
|
|
|
|
|
if [ $(id -u) != 0 ]; then
|
|
echo "WARNING: You must be root to run activation part of test, test skipped."
|
|
exit 0
|
|
fi
|
|
|
|
echo "ACTIVATION FS UUID CHECK"
|
|
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
|
|
echo -n " $file"
|
|
PIM_OPT=""
|
|
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
|
|
SYS_OPT=""
|
|
[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
|
|
out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt $SYS_OPT $PIM_OPT -r $file $MAP 2>&1)
|
|
ret=$?
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
|
|
[ $ret -ne 0 ] && fail
|
|
$CRYPTSETUP status $MAP >/dev/null || fail
|
|
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
|
|
UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
|
|
$CRYPTSETUP remove $MAP || fail
|
|
[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
|
|
echo " [OK]"
|
|
done
|
|
|
|
echo "ACTIVATION FS UUID (HIDDEN) CHECK"
|
|
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
|
|
echo -n " $file"
|
|
out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1)
|
|
ret=$?
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
|
|
[ $ret -ne 0 ] && fail
|
|
UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
|
|
$CRYPTSETUP remove $MAP || fail
|
|
[ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."
|
|
echo " [OK]"
|
|
done
|