3 # check tcrypt images parsing
5 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
6 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
9 PASSWORD="aaaaaaaaaaaa"
10 PASSWORD_HIDDEN="bbbbbbbbbbbb"
11 PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
14 CRYPTSETUP_VALGRIND=../.libs/cryptsetup
15 CRYPTSETUP_LIB_VALGRIND=../.libs
17 [ -z "$srcdir" ] && srcdir="."
19 function remove_mapping()
21 [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
22 [ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
23 [ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
29 [ -n "$1" ] && echo "$1"
31 echo "FAILED backtrace:"
32 while caller $frame; do ((frame++)); done
39 [ -n "$1" ] && echo "$1"
44 function test_one() # cipher mode keysize rm_pattern
46 $CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1
47 if [ $? -ne 0 ] ; then
49 IMGS=$(ls $TST_DIR/[tv]c* | grep "$4")
50 [ -n "$IMGS" ] && rm $IMGS
57 function test_kdf() # hash
59 $CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1
60 if [ $? -ne 0 ] ; then
61 echo "pbkdf2-$1 [N/A]"
62 IMGS=$(ls $TST_DIR/[tv]c* | grep "$1")
63 [ -n "$IMGS" ] && rm $IMGS
69 function get_HASH_CIPHER() # filename
71 # speed up the test by limiting options for hash and (first) cipher
72 HASH=$(echo $file | cut -d'-' -f3)
73 CIPHER=$(echo $file | cut -d'-' -f5)
76 function test_required()
78 command -v blkid >/dev/null || skip "blkid tool required, test skipped."
80 echo "REQUIRED KDF TEST"
87 echo "REQUIRED CIPHERS TEST"
88 test_one aes cbc 256 cbc-aes
89 test_one aes lrw 384 lrw-aes
90 test_one aes xts 512 xts-aes
92 test_one twofish ecb 256 twofish
93 test_one twofish cbc 256 cbc-twofish
94 test_one twofish lrw 384 lrw-twofish
95 test_one twofish xts 512 xts-twofish
97 test_one serpent ecb 256 serpent
98 test_one serpent cbc 256 cbc-serpent
99 test_one serpent lrw 384 lrw-serpent
100 test_one serpent xts 512 xts-serpent
102 test_one blowfish cbc 256 blowfish
104 test_one des3_ede cbc 192 des3_ede
105 test_one cast5 cbc 128 cast5
107 test_one camellia xts 512 camellia
108 test_one kuznyechik xts 512 kuznyechik
110 ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images, test skipped."
113 function valgrind_setup()
115 command -v valgrind >/dev/null || fail "Cannot find valgrind."
116 [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
117 export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
120 function valgrind_run()
122 INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
126 [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
127 [ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner
129 [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
134 for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
137 [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
139 [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
140 get_HASH_CIPHER $file
141 echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h $HASH -c $CIPHER $file >/dev/null || fail
142 if [[ $file =~ .*-sha512-xts-aes$ ]] ; then
143 echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c aes $file >/dev/null || fail
144 echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h xxxx $file 2>/dev/null && fail
145 echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c xxx $file 2>/dev/null && fail
150 echo "HEADER CHECK (TCRYPT only)"
151 for file in $(ls $TST_DIR/vc_* $TST_DIR/vcpim_*) ; do
154 [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
155 get_HASH_CIPHER $file
156 echo $PASSWORD | $CRYPTSETUP tcryptDump --disable-veracrypt $PIM_OPT -h $HASH -c $CIPHER $file >/dev/null 2>&1 && fail
160 echo "HEADER CHECK (HIDDEN)"
161 for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
162 echo -n " $file (hidden)"
163 get_HASH_CIPHER $file
164 echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden -h $HASH -c $CIPHER $file >/dev/null || fail
168 echo "HEADER KEYFILES CHECK"
169 for file in $(ls $TST_DIR/[tv]ck_*) ; do
172 [[ $file =~ vck_1_nopw.* ]] && PWD=""
173 [[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
174 get_HASH_CIPHER $file
175 echo $PWD | $CRYPTSETUP tcryptDump -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 -h $HASH -c $CIPHER $file >/dev/null || fail
180 if [ $(id -u) != 0 ]; then
181 echo "WARNING: You must be root to run activation part of test, test skipped."
186 echo "ACTIVATION FS UUID CHECK"
187 for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
190 [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
192 [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
193 get_HASH_CIPHER $file
194 out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen $SYS_OPT $PIM_OPT -r -h $HASH -c $CIPHER $file $MAP 2>&1)
196 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
197 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
198 [ $ret -ne 0 ] && fail
199 $CRYPTSETUP status $MAP >/dev/null || fail
200 $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
201 UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
202 $CRYPTSETUP remove $MAP || fail
203 [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
207 echo "ACTIVATION FS UUID (HIDDEN) CHECK"
208 for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
210 get_HASH_CIPHER $file
211 out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen -r -h $HASH -c $CIPHER $file $MAP --tcrypt-hidden 2>&1)
213 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
214 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
215 [ $ret -ne 0 ] && fail
216 UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
217 $CRYPTSETUP remove $MAP || fail
218 [ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."