CHKS_DMCRYPT=vk_in_dmcrypt.chk
CHKS_KEYRING=vk_in_keyring.chk
-PWD="aaa"
+PWD="aaablabl"
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
function remove_mapping()
{
# unlink whole test keyring
[ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
- rmmod scsi_debug 2>/dev/null
+ rmmod scsi_debug >/dev/null 2>&1
rm -f $CHKS_DMCRYPT $CHKS_KEYRING
}
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
function fail()
{
[ -n "$1" ] && echo "$1"
function fips_mode()
{
- [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
+ [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
}
add_device() {
- modprobe scsi_debug $@ delay=0
+ rmmod scsi_debug >/dev/null 2>&1
+ if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+ fi
+
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "This kernel seems to not support proper scsi_debug module, test skipped."
exit 77
[ -b $DEV ] || fail "Cannot find $DEV."
}
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
-which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped"
-which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
-which xxd >/dev/null 2>&1 || skip "Cannot find xxd, test skipped"
-which sha1sum > /dev/null 2>&1 || skip "Cannot find sha1sum, test skipped"
-modprobe dm-crypt || fail "dm-crypt failed to load"
+command -v dmsetup >/dev/null || skip "Cannot find dmsetup, test skipped"
+command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped"
+command -v xxd >/dev/null || skip "Cannot find xxd, test skipped"
+command -v sha256sum >/dev/null || skip "Cannot find sha256sum, test skipped"
+modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped."
test_and_prepare_keyring
#test aes cipher with xts mode, plain IV
echo -n "Testing $CIPHER_XTS_PLAIN..."
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
load_key "$HEXKEY_32" logon $LOGON_KEY_32_OK "$TEST_KEYRING" || fail "Cannot load 32 byte logon key type"
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN :32:logon:$LOGON_KEY_32_OK 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
# same test using message
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
dmsetup suspend $NAME || fail
dmsetup message $NAME 0 key wipe || fail
dmsetup message $NAME 0 "key set :32:logon:$LOGON_KEY_32_OK" || fail
dmsetup resume $NAME || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
echo "OK"
#test aes cipher, xts mode, essiv IV
echo -n "Testing $CIPHER_CBC_ESSIV..."
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
load_key "$HEXKEY_16" logon $LOGON_KEY_16_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV :16:logon:$LOGON_KEY_16_OK 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
# same test using message
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
dmsetup suspend $NAME || fail
dmsetup message $NAME 0 key wipe || fail
dmsetup message $NAME 0 "key set :16:logon:$LOGON_KEY_16_OK" || fail
dmsetup resume $NAME || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
echo "OK"
fips_mode || {
echo -n "Testing $CIPHER_CBC_TCW..."
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
load_key "$HEXKEY_64" logon $LOGON_KEY_64_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW :64:logon:$LOGON_KEY_64_OK 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
# same test using message
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
dmsetup suspend $NAME || fail
dmsetup message $NAME 0 key wipe || fail
dmsetup message $NAME 0 "key set :64:logon:$LOGON_KEY_64_OK" || fail
dmsetup resume $NAME || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
echo "OK"
echo $PWD | $CRYPTSETUP luksFormat --type luks2 --luks2-metadata-size 16k --luks2-keyslots-size 4064k --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --force-password $DEV || fail
echo $PWD | $CRYPTSETUP open $DEV $NAME || fail
$CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" || skip "LUKS2 can't use keyring. Test skipped."
-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_KEYRING || fail
+dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_KEYRING || fail
echo $PWD | $CRYPTSETUP refresh $NAME --disable-keyring || fail
$CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" && fail "Key is still in keyring"
-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_DMCRYPT || fail
+dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_DMCRYPT || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
echo "OK"