3 # check luks1 images parsing
5 # NOTE: if image with whirlpool hash fails, check
6 # that you are not using old gcrypt with flawed whirlpool
7 # (see cryptsetup debug output)
9 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
10 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
15 [ -z "$srcdir" ] && srcdir="."
17 function remove_mapping()
19 [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
24 [ -n "$1" ] && echo "$1"
26 echo "FAILED backtrace:"
27 while caller $frame; do ((frame++)); done
34 [ -n "$1" ] && echo "$1"
41 $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
44 function test_required()
46 which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
48 echo "REQUIRED KDF TEST"
49 $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip
51 echo "REQUIRED CIPHERS TEST"
52 echo "# Algorithm | Key | Encryption | Decryption"
55 test_one twofish-xts 256
56 test_one serpent-xts 256
64 [ ! -d $TST_DIR ] && tar xJf $srcdir/luks1-images.tar.xz --no-same-owner
66 echo "PASSPHRASE CHECK"
67 for file in $(ls $TST_DIR/luks1_*) ; do
69 $CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file --test-passphrase 2>/dev/null
71 # ignore missing whirlpool (pwd failed is exit code 2)
72 [ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
73 # ignore flawed whirlpool (pwd failed is exit code 2)
74 [ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
75 ($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
76 echo " [IGNORED (flawed Whirlpool library)]" && continue
77 [ $ret -ne 0 ] && fail
81 if [ $(id -u) != 0 ]; then
82 echo "WARNING: You must be root to run activation part of test, test skipped."
86 echo "ACTIVATION FS UUID CHECK"
87 for file in $(ls $TST_DIR/luks1_*) ; do
89 $CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null
91 # ignore missing whirlpool (pwd failed is exit code 2)
92 [ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
93 # ignore flawed whirlpool (pwd failed is exit code 2)
94 [ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
95 ($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
96 echo " [IGNORED (flawed Whirlpool library)]" && continue
97 [ $ret -ne 0 ] && fail
98 $CRYPTSETUP status $MAP >/dev/null || fail
99 $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
100 UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
101 $CRYPTSETUP remove $MAP || fail
102 [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."