Imported Upstream version 2.3.7

[platform/upstream/cryptsetup.git] / tests / tcrypt-compat-test

#!/bin/bash

# check tcrypt images parsing

[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
TST_DIR=tcrypt-images
MAP=tctst
PASSWORD="aaaaaaaaaaaa"
PASSWORD_HIDDEN="bbbbbbbbbbbb"
PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
PIM=1234

[ -z "$srcdir" ] && srcdir="."

function remove_mapping()
{
        [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
        [ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
        [ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
}

function fail()
{
        [ -n "$1" ] && echo "$1"
        echo " [FAILED]"
        echo "FAILED backtrace:"
        while caller $frame; do ((frame++)); done
        remove_mapping
        exit 2
}

function skip()
{
        [ -n "$1" ] && echo "$1"
        echo "Test skipped."
        exit 77
}

function test_one() # cipher mode keysize rm_pattern
{
        $CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1
        if [ $? -ne 0 ] ; then
                echo "$1-$2 [N/A]"
                IMGS=$(ls $TST_DIR/[tv]c* | grep "$4")
                [ -n "$IMGS" ] && rm $IMGS
                #echo $IMGS
        else
                echo "$1-$2 [OK]"
        fi
}

function test_kdf() # hash
{
        $CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1
        if [ $? -ne 0 ] ; then
                echo "pbkdf2-$1 [N/A]"
                IMGS=$(ls $TST_DIR/[tv]c* | grep "$1")
                [ -n "$IMGS" ] && rm $IMGS
        else
                echo "pbkdf2-$1 [OK]"
        fi
}

function test_required()
{
        which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."

        echo "REQUIRED KDF TEST"
        test_kdf sha256
        test_kdf sha512
        test_kdf ripemd160
        test_kdf whirlpool
        test_kdf stribog512

        echo "REQUIRED CIPHERS TEST"
        test_one aes cbc 256 cbc-aes
        test_one aes lrw 384 lrw-aes
        test_one aes xts 512 xts-aes

        test_one twofish ecb 256 twofish
        test_one twofish cbc 256 cbc-twofish
        test_one twofish lrw 384 lrw-twofish
        test_one twofish xts 512 xts-twofish

        test_one serpent ecb 256 serpent
        test_one serpent cbc 256 cbc-serpent
        test_one serpent lrw 384 lrw-serpent
        test_one serpent xts 512 xts-serpent

        test_one blowfish cbc 256 blowfish

        test_one des3_ede cbc 192 des3_ede
        test_one cast5 cbc 128 cast5

        test_one camellia xts 512 camellia
        test_one kuznyechik xts 512 kuznyechik

        ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images."
}

export LANG=C
[ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner
test_required

echo "HEADER CHECK"
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
        echo -n " $file"
        PIM_OPT=""
        [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
        SYS_OPT=""
        [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
        echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT $file >/dev/null || fail
        echo " [OK]"
done

echo "HEADER CHECK (HIDDEN)"
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
        echo -n " $file (hidden)"
        echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail
        echo " [OK]"
done

echo "HEADER KEYFILES CHECK"
for file in $(ls $TST_DIR/[tv]ck_*) ; do
        echo -n " $file"
        PWD=$PASSWORD
        [[ $file =~ vck_1_nopw.* ]] && PWD=""
        [[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
        echo $PWD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
        echo " [OK]"
done


if [ $(id -u) != 0 ]; then
        echo "WARNING: You must be root to run activation part of test, test skipped."
        exit 0
fi

echo "ACTIVATION FS UUID CHECK"
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
        echo -n " $file"
        PIM_OPT=""
        [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
        SYS_OPT=""
        [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
        out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt $SYS_OPT $PIM_OPT -r $file $MAP 2>&1)
        ret=$?
        [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
        [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
        [ $ret -ne 0 ] && fail
        $CRYPTSETUP status $MAP >/dev/null || fail
        $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
        UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
        $CRYPTSETUP remove $MAP || fail
        [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
        echo " [OK]"
done

echo "ACTIVATION FS UUID (HIDDEN) CHECK"
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
        echo -n " $file"
        out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1)
        ret=$?
        [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
        [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
        [ $ret -ne 0 ] && fail
        UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
        $CRYPTSETUP remove $MAP || fail
        [ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."
        echo " [OK]"
done