mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-14 12:20:00 +01:00
8531a8a753
If there is no cryptsetup, some tests returns ok while noting was tested in reality. Just mark them skipped.
211 lines
5.9 KiB
Bash
Executable File
211 lines
5.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# check tcrypt images parsing
|
|
|
|
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
|
|
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
|
|
TST_DIR=tcrypt-images
|
|
MAP=tctst
|
|
PASSWORD="aaaaaaaaaaaa"
|
|
PASSWORD_HIDDEN="bbbbbbbbbbbb"
|
|
PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
|
|
PIM=1234
|
|
|
|
CRYPTSETUP_VALGRIND=../.libs/cryptsetup
|
|
CRYPTSETUP_LIB_VALGRIND=../.libs
|
|
|
|
[ -z "$srcdir" ] && srcdir="."
|
|
|
|
function remove_mapping()
|
|
{
|
|
[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
|
|
[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
|
|
[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
|
|
rm -rf $TST_DIR
|
|
}
|
|
|
|
function fail()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
echo " [FAILED]"
|
|
echo "FAILED backtrace:"
|
|
while caller $frame; do ((frame++)); done
|
|
remove_mapping
|
|
exit 2
|
|
}
|
|
|
|
function skip()
|
|
{
|
|
[ -n "$1" ] && echo "$1"
|
|
remove_mapping
|
|
exit 77
|
|
}
|
|
|
|
function test_one() # cipher mode keysize rm_pattern
|
|
{
|
|
$CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1
|
|
if [ $? -ne 0 ] ; then
|
|
echo "$1-$2 [N/A]"
|
|
IMGS=$(ls $TST_DIR/[tv]c* | grep "$4")
|
|
[ -n "$IMGS" ] && rm $IMGS
|
|
#echo $IMGS
|
|
else
|
|
echo "$1-$2 [OK]"
|
|
fi
|
|
}
|
|
|
|
function test_kdf() # hash
|
|
{
|
|
$CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1
|
|
if [ $? -ne 0 ] ; then
|
|
echo "pbkdf2-$1 [N/A]"
|
|
IMGS=$(ls $TST_DIR/[tv]c* | grep "$1")
|
|
[ -n "$IMGS" ] && rm $IMGS
|
|
else
|
|
echo "pbkdf2-$1 [OK]"
|
|
fi
|
|
}
|
|
|
|
function test_required()
|
|
{
|
|
command -v lsblk >/dev/null || skip "lsblk tool required, test skipped."
|
|
|
|
echo "REQUIRED KDF TEST"
|
|
test_kdf sha256
|
|
test_kdf sha512
|
|
test_kdf ripemd160
|
|
test_kdf whirlpool
|
|
test_kdf stribog512
|
|
|
|
echo "REQUIRED CIPHERS TEST"
|
|
test_one aes cbc 256 cbc-aes
|
|
test_one aes lrw 384 lrw-aes
|
|
test_one aes xts 512 xts-aes
|
|
|
|
test_one twofish ecb 256 twofish
|
|
test_one twofish cbc 256 cbc-twofish
|
|
test_one twofish lrw 384 lrw-twofish
|
|
test_one twofish xts 512 xts-twofish
|
|
|
|
test_one serpent ecb 256 serpent
|
|
test_one serpent cbc 256 cbc-serpent
|
|
test_one serpent lrw 384 lrw-serpent
|
|
test_one serpent xts 512 xts-serpent
|
|
|
|
test_one blowfish cbc 256 blowfish
|
|
|
|
test_one des3_ede cbc 192 des3_ede
|
|
test_one cast5 cbc 128 cast5
|
|
|
|
test_one camellia xts 512 camellia
|
|
test_one kuznyechik xts 512 kuznyechik
|
|
|
|
ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images, test skipped."
|
|
}
|
|
|
|
function valgrind_setup()
|
|
{
|
|
command -v valgrind >/dev/null || fail "Cannot find valgrind."
|
|
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
|
|
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
|
|
}
|
|
|
|
function valgrind_run()
|
|
{
|
|
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
|
|
}
|
|
|
|
export LANG=C
|
|
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
|
|
[ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner
|
|
|
|
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
|
|
|
|
test_required
|
|
|
|
echo "HEADER CHECK"
|
|
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
|
|
echo -n " $file"
|
|
PIM_OPT=""
|
|
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
|
|
SYS_OPT=""
|
|
[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
|
|
echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT $file >/dev/null || fail
|
|
if [[ $file =~ .*-sha512-xts-aes$ ]] ; then
|
|
echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c aes $file >/dev/null || fail
|
|
echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h xxxx $file 2>/dev/null && fail
|
|
echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c xxx $file 2>/dev/null && fail
|
|
fi
|
|
echo " [OK]"
|
|
done
|
|
|
|
echo "HEADER CHECK (TCRYPT only)"
|
|
for file in $(ls $TST_DIR/vc_* $TST_DIR/vcpim_*) ; do
|
|
echo -n " $file"
|
|
PIM_OPT=""
|
|
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
|
|
echo $PASSWORD | $CRYPTSETUP tcryptDump --disable-veracrypt $PIM_OPT $file >/dev/null 2>&1 && fail
|
|
echo " [OK]"
|
|
done
|
|
|
|
echo "HEADER CHECK (HIDDEN)"
|
|
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
|
|
echo -n " $file (hidden)"
|
|
echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden $file >/dev/null || fail
|
|
echo " [OK]"
|
|
done
|
|
|
|
echo "HEADER KEYFILES CHECK"
|
|
for file in $(ls $TST_DIR/[tv]ck_*) ; do
|
|
echo -n " $file"
|
|
PWD=$PASSWORD
|
|
[[ $file =~ vck_1_nopw.* ]] && PWD=""
|
|
[[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
|
|
echo $PWD | $CRYPTSETUP tcryptDump -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
|
|
echo " [OK]"
|
|
done
|
|
|
|
|
|
if [ $(id -u) != 0 ]; then
|
|
echo "WARNING: You must be root to run activation part of test, test skipped."
|
|
remove_mapping
|
|
exit 0
|
|
fi
|
|
|
|
echo "ACTIVATION FS UUID CHECK"
|
|
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
|
|
echo -n " $file"
|
|
PIM_OPT=""
|
|
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
|
|
SYS_OPT=""
|
|
[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
|
|
out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen $SYS_OPT $PIM_OPT -r $file $MAP 2>&1)
|
|
ret=$?
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
|
|
[ $ret -ne 0 ] && fail
|
|
$CRYPTSETUP status $MAP >/dev/null || fail
|
|
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
|
|
UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
|
|
$CRYPTSETUP remove $MAP || fail
|
|
[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
|
|
echo " [OK]"
|
|
done
|
|
|
|
echo "ACTIVATION FS UUID (HIDDEN) CHECK"
|
|
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
|
|
echo -n " $file"
|
|
out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen -r $file $MAP --tcrypt-hidden 2>&1)
|
|
ret=$?
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
|
|
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
|
|
[ $ret -ne 0 ] && fail
|
|
UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
|
|
$CRYPTSETUP remove $MAP || fail
|
|
[ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."
|
|
echo " [OK]"
|
|
done
|
|
|
|
remove_mapping
|
|
exit 0
|