tests/mode-test

   1 #!/bin/bash
   2
   3 #
   4 # Test mode compatibility, check input + kernel and cryptsetup cipher status
   5 #
   6 # FIXME: add checkum test of data
   7 #
   8
   9 CRYPTSETUP="../src/cryptsetup.static"
  10 DEV_NAME=dmc_test
  11 LOOPDEV=/dev/loop5
  12 HEADER_IMG=mode-test.img
  13 PASSWORD=3xrododenron
  14
  15 # cipher-chainmode-ivopts:ivmode
  16 CIPHERS="aes twofish serpent"
  17 MODES="cbc lrw xts"
  18 IVMODES="null benbi plain plain64 essiv:sha256"
  19
  20 cleanup() {
  21         for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
  22                 dmsetup remove $dev
  23         done
  24         udevadm settle 2>/dev/null 2>&1
  25         sleep 2
  26         [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
  27         losetup -d $LOOPDEV >/dev/null 2>&1
  28         rm -f $HEADER_IMG >/dev/null 2>&1
  29 }
  30
  31 fail()
  32 {
  33         [ -n "$1" ] && echo "$1"
  34         cleanup
  35         exit 100
  36 }
  37
  38 add_device() {
  39         dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
  40         sync
  41         losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
  42         dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1
  43 }
  44
  45 dmcrypt_check() # device outstring
  46 {
  47         X=$(dmsetup table $1 2>/dev/null | cut -d' '  -f 4)
  48         if [ $X = $2 ] ; then
  49                 echo -n "OK]"
  50         else
  51                 echo -n "FAIL]"
  52                 echo " Expecting $2 got $X."
  53                 fail
  54         fi
  55
  56         X=$($CRYPTSETUP status $1 | grep cipher | sed s/\.\*cipher:\\s*//)
  57         if [ $X = $2 ] ; then
  58                 echo " [OK]"
  59         else
  60                 echo " [FAIL]"
  61                 echo " Expecting $2 got $X."
  62                 fail
  63         fi
  64 }
  65
  66 dmcrypt()
  67 {
  68         OUT=$2
  69         [ -z "$OUT" ] && OUT=$1
  70
  71         echo -n -e "TESTING(PLAIN): $1 ["
  72         echo $PASSWORD | $CRYPTSETUP create -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
  73         if [ $? -eq 0 ] ; then
  74                 dmcrypt_check "$DEV_NAME"_"$1" $OUT
  75                 dmsetup remove "$DEV_NAME"_"$1" >/dev/null 2>&1
  76         else
  77                 echo "SKIPPED]"
  78         fi
  79
  80         echo -n -e "TESTING(LUKS): $1 ["
  81         echo $PASSWORD | $CRYPTSETUP luksFormat -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
  82         if [ $? -eq 0 ] ; then
  83                 echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_"$1" >/dev/null 2>&1
  84                 dmcrypt_check "$DEV_NAME"_"$1" $OUT
  85                 dmsetup remove "$DEV_NAME"_"$1" >/dev/null 2>&1
  86         else
  87                 echo "SKIPPED]"
  88         fi
  89 }
  90
  91 if [ $(id -u) != 0 ]; then
  92         echo "WARNING: You must be root to run this test, test skipped."
  93         exit 0
  94 fi
  95
  96 add_device
  97
  98 # compatibility modes
  99 dmcrypt aes aes-cbc-plain
 100 dmcrypt aes-plain aes-cbc-plain
 101
 102 # codebook doesn't support IV at all
 103 for cipher in $CIPHERS ; do
 104         dmcrypt "$cipher-ecb"
 105 done
 106
 107 for cipher in $CIPHERS ; do
 108         for mode in $MODES ; do
 109                 for ivmode in $IVMODES ; do
 110                         dmcrypt "$cipher-$mode-$ivmode"
 111                 done
 112         done
 113 done
 114
 115 cleanup