3 # check tcrypt images parsing
5 [ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
6 CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
9 PASSWORD="aaaaaaaaaaaa"
10 PASSWORD_HIDDEN="bbbbbbbbbbbb"
11 PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
14 [ -z "$srcdir" ] && srcdir="."
16 function remove_mapping()
18 [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
19 [ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
20 [ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
25 [ -n "$1" ] && echo "$1"
27 echo "FAILED backtrace:"
28 while caller $frame; do ((frame++)); done
35 [ -n "$1" ] && echo "$1"
40 function test_one() # cipher mode keysize rm_pattern
42 $CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1
43 if [ $? -ne 0 ] ; then
45 IMGS=$(ls $TST_DIR/[tv]c* | grep "$4")
46 [ -n "$IMGS" ] && rm $IMGS
53 function test_kdf() # hash
55 $CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1
56 if [ $? -ne 0 ] ; then
57 echo "pbkdf2-$1 [N/A]"
58 IMGS=$(ls $TST_DIR/[tv]c* | grep "$1")
59 [ -n "$IMGS" ] && rm $IMGS
65 function test_required()
67 which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
69 echo "REQUIRED KDF TEST"
76 echo "REQUIRED CIPHERS TEST"
77 test_one aes cbc 256 cbc-aes
78 test_one aes lrw 384 lrw-aes
79 test_one aes xts 512 xts-aes
81 test_one twofish ecb 256 twofish
82 test_one twofish cbc 256 cbc-twofish
83 test_one twofish lrw 384 lrw-twofish
84 test_one twofish xts 512 xts-twofish
86 test_one serpent ecb 256 serpent
87 test_one serpent cbc 256 cbc-serpent
88 test_one serpent lrw 384 lrw-serpent
89 test_one serpent xts 512 xts-serpent
91 test_one blowfish cbc 256 blowfish
93 test_one des3_ede cbc 192 des3_ede
94 test_one cast5 cbc 128 cast5
96 test_one camellia xts 512 camellia
97 test_one kuznyechik xts 512 kuznyechik
99 ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images."
103 [ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner
107 for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
110 [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
112 [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
113 echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT $file >/dev/null || fail
117 echo "HEADER CHECK (HIDDEN)"
118 for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
119 echo -n " $file (hidden)"
120 echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail
124 echo "HEADER KEYFILES CHECK"
125 for file in $(ls $TST_DIR/[tv]ck_*) ; do
128 [[ $file =~ vck_1_nopw.* ]] && PWD=""
129 [[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
130 echo $PWD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
135 if [ $(id -u) != 0 ]; then
136 echo "WARNING: You must be root to run activation part of test, test skipped."
140 echo "ACTIVATION FS UUID CHECK"
141 for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_* $TST_DIR/sys_[tv]c_*) ; do
144 [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
146 [[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
147 out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt $SYS_OPT $PIM_OPT -r $file $MAP 2>&1)
149 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
150 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
151 [ $ret -ne 0 ] && fail
152 $CRYPTSETUP status $MAP >/dev/null || fail
153 $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
154 UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
155 $CRYPTSETUP remove $MAP || fail
156 [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
160 echo "ACTIVATION FS UUID (HIDDEN) CHECK"
161 for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
163 out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1)
165 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
166 [ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
167 [ $ret -ne 0 ] && fail
168 UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
169 $CRYPTSETUP remove $MAP || fail
170 [ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."