eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 02:40:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2637c5d497db72c37ba20d4986da36b6bc8bc7f
cryptsetup/tests/password-hash-test
Milan Broz 31a4d552a2 Support keyfile offset and keyfile size option even for plain volumes. 
For historic reasons, in the plain mode the hashing is not used
if keyfile is used (with exception of --key-file=-).

Print warning if the parameters are ignored.

For other cases, uses keyfile offset, keyfile size and hash
as psecified on commandline.

Partially fixes issue#243
2015-02-20 12:55:21 +01:00

172 lines
6.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# check hash processing in create command
CRYPTSETUP=../src/cryptsetup
DEV_NAME=dmc_test
KEY_FILE=keyfile
DEV2=$DEV_NAME"_x"
dmremove() { # device
udevadm settle >/dev/null 2>&1
dmsetup remove $1 >/dev/null 2>&1
}
cleanup() {
[ -b /dev/mapper/$DEV2 ] && dmremove $DEV2
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
rm -f $KEY_FILE
exit $1
}
function fail()
{
echo " $1 [FAILED]"
cleanup 2
}
crypt_key() # hash keysize pwd/file name outkey [limit] [offset]
{
DEV2=$DEV_NAME"_x"
LIMIT=""
MODE=aes-cbc-essiv:sha256
[ $2 -gt 256 ] && MODE=aes-xts-plain
[ -n "$6" ] && LIMIT="-l $6"
[ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7"
echo -n "HASH: $1 KSIZE: $2 / $3"
case "$3" in
pwd)
echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
ret=$?
;;
std-)
echo -e -n "$4" | $CRYPTSETUP create -c $MODE -d "-" -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
ret=$?
;;
stdin)
echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
ret=$?
;;
cat)
cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
ret=$?
;;
cat-)
cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null
ret=$?
;;
file)
$CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
ret=$?
;;
failpwd)
echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null && fail "Expecting failure"
echo " [OK]"
return
;;
*)
fail ""
;;
esac
# ignore these cases, not all libs/kernel supports it
if [ "$1" == "ripemd160" -o $2 -gt 256 ] ; then
if [ $ret -ne 0 ] ; then
echo " [N/A] ($ret, SKIPPED)"
return
fi
fi
VKEY=$(dmsetup table $DEV2 --showkeys 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 5)
if [ "$VKEY" != "$5" ] ; then
echo " [FAILED]"
echo "expected: $5"
echo "real key: $VKEY"
cleanup 100
else
echo " [OK]"
fi
dmremove $DEV2
}
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run this test, test skipped."
exit 0
fi
dmsetup create $DEV_NAME --table "0 10240 zero" >/dev/null 2>&1
crypt_key ripemd160 0 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
crypt_key ripemd160 256 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
crypt_key ripemd160 128 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f
crypt_key sha1 256 pwd "xxx" b60d121b438a380c343d5ec3c2037564b82ffef30b1e0a6ad9af7a73aa91c197
crypt_key sha1 128 pwd "xxx" b60d121b438a380c343d5ec3c2037564
crypt_key sha256 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
crypt_key sha256 128 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7
crypt_key sha256 0 std- "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
crypt_key sha256 256 std- "xxx\n" 042aea10a0f14f2d391373599be69d53a75dde9951fc3d3cd10b6100aa7a9f24
crypt_key sha256 128 std- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" \
2a42b97084779dcedf2c66405c5d296c
crypt_key sha256 256 stdin "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
crypt_key sha256 0 stdin "xxx\n" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
# with keyfile, hash is ignored
crypt_key ripemd160 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
crypt_key sha256 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
crypt_key unknown* 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
# limiting key
crypt_key sha256:20 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b4580588000000000000000000000000
crypt_key sha256:32 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
crypt_key sha256: 256 failpwd "xxx" x
crypt_key sha256:xx 256 failpwd "xxx" x
# key file, 80 chars
echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \
"2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE
KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133"
# ignore hash if keyfile is specified
crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
crypt_key sha256 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
crypt_key sha256 128 file $KEY_FILE ${KEY_FILE_HEX:0:32}
crypt_key sha256 512 file $KEY_FILE $KEY_FILE_HEX
# stdin can be limited
crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 16
crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 17
# read key only up to \n
crypt_key plain 128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14
# read full key, ignore keyfile length
crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32}
crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14
# but do not ignore hash if keysgfile is "-"
crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5
crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0
crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80
crypt_key sha256 128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
crypt_key sha256 128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2
crypt_key sha256 128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40
# limiting plain (no hash)
crypt_key plain 256 pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000
crypt_key plain:2 256 pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000
crypt_key plain:9 256 failpwd "xxxxxxxx" x
crypt_key sha256 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
crypt_key sha256:14 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1f0000 14
crypt_key sha256 128 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd 16
crypt_key sha256 128 pwd "0123456789abcdef" 1be2e452b46d7a0d9656bbb1f768e824 4
crypt_key sha256 128 pwd "0123" 1be2e452b46d7a0d9656bbb1f768e824 4
cleanup 0
Reference in New Issue View Git Blame Copy Permalink