mode-test 3.94 KB
Newer Older
1 2 3 4
#!/bin/bash
#
# Test mode compatibility, check input + kernel and cryptsetup cipher status
#
5 6
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
7 8 9
DEV_NAME=dmc_test
HEADER_IMG=mode-test.img
PASSWORD=3xrododenron
10
PASSWORD1=$PASSWORD
11 12 13 14 15 16

# cipher-chainmode-ivopts:ivmode
CIPHERS="aes twofish serpent"
MODES="cbc lrw xts"
IVMODES="null benbi plain plain64 essiv:sha256"

17 18
LOOPDEV=$(losetup -f 2>/dev/null)

19
dmremove() { # device
20 21
	udevadm settle >/dev/null 2>&1
	dmsetup remove $1 >/dev/null 2>&1
22 23
}

24 25
cleanup() {
	for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
26
		dmremove $dev
27
		sleep 2
28
	done
29
	[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
30 31 32 33 34 35 36
	losetup -d $LOOPDEV >/dev/null 2>&1
	rm -f $HEADER_IMG >/dev/null 2>&1
}

fail()
{
	[ -n "$1" ] && echo "$1"
37
	echo "FAILED at line $(caller)"
38 39 40 41
	cleanup
	exit 100
}

42 43 44
skip()
{
	[ -n "$1" ] && echo "$1"
45
	exit 77
46 47
}

48
add_device() {
49
	cleanup
50 51 52 53 54 55 56 57
	dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
	sync
	losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
	dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1
}

dmcrypt_check() # device outstring
{
58
	X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 4)
59
	if [ "$X" = $2 ] ; then
Milan Broz's avatar
Milan Broz committed
60
		echo -n "[table OK]"
61
	else
Milan Broz's avatar
Milan Broz committed
62
		echo "[table FAIL]"
63 64 65 66
		echo " Expecting $2 got $X."
		fail
	fi

67
	X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//)
68
	if [ $X = $2 ] ; then
Milan Broz's avatar
Milan Broz committed
69
		echo -n "[status OK]"
70
	else
Milan Broz's avatar
Milan Broz committed
71
		echo "[status FAIL]"
72
		echo " Expecting $2 got \"$X\"."
73 74
		fail
	fi
Milan Broz's avatar
Milan Broz committed
75

76
	dmremove $1
Milan Broz's avatar
Milan Broz committed
77 78
}

79
dmcrypt_check_sum() # cipher device
Milan Broz's avatar
Milan Broz committed
80 81 82 83 84
{
	EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
	# Fill device with zeroes and reopen it
	dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
	sync
85
	dmremove $2
86 87

	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
Milan Broz's avatar
Milan Broz committed
88 89 90 91 92 93 94 95 96 97
	ret=$?
	VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
	if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
		echo -n "[OK]"
	else
		echo "[FAIL]"
		echo " Expecting $EXPSUM got $VSUM."
		fail
	fi

98
	dmremove $2
99 100 101 102 103 104
}

dmcrypt()
{
	OUT=$2
	[ -z "$OUT" ] && OUT=$1
105
	printf "%-31s" "$1"
106

107
	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
108
	if [ $? -eq 0 ] ; then
Milan Broz's avatar
Milan Broz committed
109
		echo -n -e "PLAIN:"
110
		dmcrypt_check "$DEV_NAME"_tstdev $OUT
111
	else
Milan Broz's avatar
Milan Broz committed
112
		echo -n "[n/a]"
113 114
	fi

115
	echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
116
	if [ $? -eq 0 ] ; then
117 118 119 120 121 122 123 124 125 126
		echo -n -e " LUKS1:"
		echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1
		dmcrypt_check "$DEV_NAME"_tstdev $OUT
	fi

	echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
	if [ $? -eq 0 ] ; then
		echo -n -e " LUKS2:"
		echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1
		dmcrypt_check "$DEV_NAME"_tstdev $OUT
127
	fi
Milan Broz's avatar
Milan Broz committed
128 129

	# repeated device creation must return the same checksum
130
	echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
Milan Broz's avatar
Milan Broz committed
131 132
	if [ $? -eq 0 ] ; then
		echo -n -e " CHECKSUM:"
133
		dmcrypt_check_sum "$1" "$DEV_NAME"_tstdev
Milan Broz's avatar
Milan Broz committed
134 135
	fi
	echo
136 137
}

138 139
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
140

141 142 143 144 145 146
add_device

# compatibility modes
dmcrypt aes aes-cbc-plain
dmcrypt aes-plain aes-cbc-plain

147
# empty cipher
148
PASSWORD=""
149
dmcrypt null cipher_null-ecb
150
dmcrypt cipher_null cipher_null-ecb
151
dmcrypt cipher_null-ecb
152

153
PASSWORD=$PASSWORD1
154 155 156 157 158 159 160 161 162 163 164 165 166
# codebook doesn't support IV at all
for cipher in $CIPHERS ; do
	dmcrypt "$cipher-ecb"
done

for cipher in $CIPHERS ; do
	for mode in $MODES ; do
		for ivmode in $IVMODES ; do
			dmcrypt "$cipher-$mode-$ivmode"
		done
	done
done

167 168 169
dmcrypt xchacha12,aes-adiantum-plain64
dmcrypt xchacha20,aes-adiantum-plain64

170
cleanup