tests/mode-test

   1 #!/bin/bash
   2 #
   3 # Test mode compatibility, check input + kernel and cryptsetup cipher status
   4 #
   5 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
   6 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
   7 DEV_NAME=dmc_test
   8 HEADER_IMG=mode-test.img
   9 PASSWORD=3xrododenron
  10 PASSWORD1=$PASSWORD
  11
  12 # cipher-chainmode-ivopts:ivmode
  13 CIPHERS="aes twofish serpent"
  14 MODES="cbc lrw xts"
  15 IVMODES="null benbi plain plain64 essiv:sha256"
  16
  17 LOOPDEV=$(losetup -f 2>/dev/null)
  18
  19 dmremove() { # device
  20         udevadm settle >/dev/null 2>&1
  21         dmsetup remove --retry $1 >/dev/null 2>&1
  22 }
  23
  24 cleanup() {
  25         for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
  26                 dmremove $dev
  27                 sleep 2
  28         done
  29         [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
  30         losetup -d $LOOPDEV >/dev/null 2>&1
  31         rm -f $HEADER_IMG >/dev/null 2>&1
  32 }
  33
  34 fail()
  35 {
  36         [ -n "$1" ] && echo "$1"
  37         echo "FAILED backtrace:"
  38         while caller $frame; do ((frame++)); done
  39         cleanup
  40         exit 100
  41 }
  42
  43 skip()
  44 {
  45         [ -n "$1" ] && echo "$1"
  46         exit 77
  47 }
  48
  49 add_device() {
  50         cleanup
  51         dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
  52         sync
  53         losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
  54         dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1
  55 }
  56
  57 dmcrypt_check() # device outstring
  58 {
  59         X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 4)
  60         if [ "$X" = $2 ] ; then
  61                 echo -n "[table OK]"
  62         else
  63                 echo "[table FAIL]"
  64                 echo " Expecting $2 got $X."
  65                 fail
  66         fi
  67
  68         X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//)
  69         if [ $X = $2 ] ; then
  70                 echo -n "[status OK]"
  71         else
  72                 echo "[status FAIL]"
  73                 echo " Expecting $2 got \"$X\"."
  74                 fail
  75         fi
  76
  77         dmremove $1
  78 }
  79
  80 dmcrypt_check_sum() # cipher device
  81 {
  82         EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
  83         # Fill device with zeroes and reopen it
  84         dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
  85         sync
  86         dmremove $2
  87
  88         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
  89         ret=$?
  90         VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
  91         if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
  92                 echo -n "[OK]"
  93         else
  94                 echo "[FAIL]"
  95                 echo " Expecting $EXPSUM got $VSUM."
  96                 fail
  97         fi
  98
  99         dmremove $2
 100 }
 101
 102 dmcrypt()
 103 {
 104         OUT=$2
 105         [ -z "$OUT" ] && OUT=$1
 106         printf "%-31s" "$1"
 107
 108         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
 109         if [ $? -eq 0 ] ; then
 110                 echo -n -e "PLAIN:"
 111                 dmcrypt_check "$DEV_NAME"_tstdev $OUT
 112         else
 113                 echo -n "[n/a]"
 114         fi
 115
 116         echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
 117         if [ $? -eq 0 ] ; then
 118                 echo -n -e " LUKS1:"
 119                 echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
 120                 dmcrypt_check "$DEV_NAME"_tstdev $OUT
 121         fi
 122
 123         echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 -i 1 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1
 124         if [ $? -eq 0 ] ; then
 125                 echo -n -e " LUKS2:"
 126                 echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
 127                 dmcrypt_check "$DEV_NAME"_tstdev $OUT
 128         fi
 129
 130         # repeated device creation must return the same checksum
 131         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
 132         if [ $? -eq 0 ] ; then
 133                 echo -n -e " CHECKSUM:"
 134                 dmcrypt_check_sum "$1" "$DEV_NAME"_tstdev
 135         fi
 136         echo
 137 }
 138
 139 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
 140 [ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
 141
 142 add_device
 143
 144 # compatibility modes
 145 dmcrypt aes aes-cbc-plain
 146 dmcrypt aes-plain aes-cbc-plain
 147
 148 # empty cipher
 149 PASSWORD=""
 150 dmcrypt null cipher_null-ecb
 151 dmcrypt cipher_null cipher_null-ecb
 152 dmcrypt cipher_null-ecb
 153
 154 PASSWORD=$PASSWORD1
 155 # codebook doesn't support IV at all
 156 for cipher in $CIPHERS ; do
 157         dmcrypt "$cipher-ecb"
 158 done
 159
 160 for cipher in $CIPHERS ; do
 161         for mode in $MODES ; do
 162                 for ivmode in $IVMODES ; do
 163                         dmcrypt "$cipher-$mode-$ivmode"
 164                 done
 165         done
 166 done
 167
 168 dmcrypt xchacha12,aes-adiantum-plain64
 169 dmcrypt xchacha20,aes-adiantum-plain64
 170
 171 cleanup