tests/mode-test

   1 #!/bin/bash
   2 #
   3 # Test mode compatibility, check input + kernel and cryptsetup cipher status
   4 #
   5 CRYPTSETUP=../src/cryptsetup
   6 DEV_NAME=dmc_test
   7 LOOPDEV=/dev/loop5
   8 HEADER_IMG=mode-test.img
   9 PASSWORD=3xrododenron
  10
  11 # cipher-chainmode-ivopts:ivmode
  12 CIPHERS="aes twofish serpent"
  13 MODES="cbc lrw xts"
  14 IVMODES="null benbi plain plain64 essiv:sha256"
  15
  16 dmremove() { # device
  17         udevadm settle 2>/dev/null 2>&1
  18         dmsetup remove $1 2>/dev/null 2>&1
  19 }
  20
  21 cleanup() {
  22         for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
  23                 dmremove $dev
  24         done
  25         sleep 2
  26         [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
  27         losetup -d $LOOPDEV >/dev/null 2>&1
  28         rm -f $HEADER_IMG >/dev/null 2>&1
  29 }
  30
  31 fail()
  32 {
  33         [ -n "$1" ] && echo "$1"
  34         cleanup
  35         exit 100
  36 }
  37
  38 add_device() {
  39         dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
  40         sync
  41         losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
  42         dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1
  43 }
  44
  45 dmcrypt_check() # device outstring
  46 {
  47         X=$(dmsetup table $1 2>/dev/null | cut -d' '  -f 4)
  48         if [ $X = $2 ] ; then
  49                 echo -n "[table OK]"
  50         else
  51                 echo "[table FAIL]"
  52                 echo " Expecting $2 got $X."
  53                 fail
  54         fi
  55
  56         X=$($CRYPTSETUP status $1 | grep cipher | sed s/\.\*cipher:\\s*//)
  57         if [ $X = $2 ] ; then
  58                 echo -n "[status OK]"
  59         else
  60                 echo "[status FAIL]"
  61                 echo " Expecting $2 got $X."
  62                 fail
  63         fi
  64
  65         dmremove $1
  66 }
  67
  68 dmcrypt_check_sum() # cipher device outstring
  69 {
  70         EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
  71         # Fill device with zeroes and reopen it
  72         dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
  73         sync
  74         dmremove $2
  75
  76         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
  77         ret=$?
  78         VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
  79         if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
  80                 echo -n "[OK]"
  81         else
  82                 echo "[FAIL]"
  83                 echo " Expecting $EXPSUM got $VSUM."
  84                 fail
  85         fi
  86
  87         dmremove $2
  88 }
  89
  90 dmcrypt()
  91 {
  92         OUT=$2
  93         [ -z "$OUT" ] && OUT=$1
  94         printf "%-25s" "$1"
  95
  96         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
  97         if [ $? -eq 0 ] ; then
  98                 echo -n -e "PLAIN:"
  99                 dmcrypt_check "$DEV_NAME"_"$1" $OUT
 100         else
 101                 echo -n "[n/a]"
 102         fi
 103
 104         echo $PASSWORD | $CRYPTSETUP luksFormat -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
 105         if [ $? -eq 0 ] ; then
 106                 echo -n -e " LUKS:"
 107                 echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_"$1" >/dev/null 2>&1
 108                 dmcrypt_check "$DEV_NAME"_"$1" $OUT
 109         fi
 110
 111         # repeated device creation must return the same checksum
 112         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
 113         if [ $? -eq 0 ] ; then
 114                 echo -n -e " CHECKSUM:"
 115                 dmcrypt_check_sum "$1" "$DEV_NAME"_"$1"
 116         fi
 117         echo
 118 }
 119
 120 if [ $(id -u) != 0 ]; then
 121         echo "WARNING: You must be root to run this test, test skipped."
 122         exit 0
 123 fi
 124
 125 add_device
 126
 127 # compatibility modes
 128 dmcrypt aes aes-cbc-plain
 129 dmcrypt aes-plain aes-cbc-plain
 130
 131 # codebook doesn't support IV at all
 132 for cipher in $CIPHERS ; do
 133         dmcrypt "$cipher-ecb"
 134 done
 135
 136 for cipher in $CIPHERS ; do
 137         for mode in $MODES ; do
 138                 for ivmode in $IVMODES ; do
 139                         dmcrypt "$cipher-$mode-$ivmode"
 140                 done
 141         done
 142 done
 143
 144 cleanup