#!/bin/bash
-
#
# Test mode compatibility, check input + kernel and cryptsetup cipher status
#
-# FIXME: add checkum test of data
-#
-
-CRYPTSETUP="../src/cryptsetup.static"
+CRYPTSETUP=../src/cryptsetup
DEV_NAME=dmc_test
-LOOPDEV=/dev/loop5
HEADER_IMG=mode-test.img
PASSWORD=3xrododenron
MODES="cbc lrw xts"
IVMODES="null benbi plain plain64 essiv:sha256"
+LOOPDEV=$(losetup -f 2>/dev/null)
+
+dmremove() { # device
+ udevadm settle >/dev/null 2>&1
+ dmsetup remove $1 >/dev/null 2>&1
+}
+
cleanup() {
for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
- dmsetup remove $dev
+ dmremove $dev
done
- udevadm settle 2>/dev/null 2>&1
sleep 2
- [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
+ [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $HEADER_IMG >/dev/null 2>&1
}
exit 100
}
+skip()
+{
+ [ -n "$1" ] && echo "$1"
+ exit 0
+}
+
add_device() {
dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
sync
dmcrypt_check() # device outstring
{
- X=$(dmsetup table $1 2>/dev/null | cut -d' ' -f 4)
+ X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 4)
if [ $X = $2 ] ; then
- echo -n "OK]"
+ echo -n "[table OK]"
else
- echo -n "FAIL]"
+ echo "[table FAIL]"
echo " Expecting $2 got $X."
fail
fi
- X=$($CRYPTSETUP status $1 | grep cipher | sed s/\.\*cipher:\\s*//)
+ X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//)
if [ $X = $2 ] ; then
- echo " [OK]"
+ echo -n "[status OK]"
else
- echo " [FAIL]"
+ echo "[status FAIL]"
echo " Expecting $2 got $X."
fail
fi
+
+ dmremove $1
+}
+
+dmcrypt_check_sum() # cipher device outstring
+{
+ EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
+ # Fill device with zeroes and reopen it
+ dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
+ sync
+ dmremove $2
+
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ ret=$?
+ VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
+ if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
+ echo -n "[OK]"
+ else
+ echo "[FAIL]"
+ echo " Expecting $EXPSUM got $VSUM."
+ fail
+ fi
+
+ dmremove $2
}
dmcrypt()
{
OUT=$2
[ -z "$OUT" ] && OUT=$1
+ printf "%-25s" "$1"
- echo -n -e "TESTING(PLAIN): $1 ["
- echo $PASSWORD | $CRYPTSETUP create -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
+ echo -n -e "PLAIN:"
dmcrypt_check "$DEV_NAME"_"$1" $OUT
- dmsetup remove "$DEV_NAME"_"$1" >/dev/null 2>&1
else
- echo "SKIPPED]"
+ echo -n "[n/a]"
fi
- echo -n -e "TESTING(LUKS): $1 ["
echo $PASSWORD | $CRYPTSETUP luksFormat -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
+ echo -n -e " LUKS:"
echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_"$1" >/dev/null 2>&1
dmcrypt_check "$DEV_NAME"_"$1" $OUT
- dmsetup remove "$DEV_NAME"_"$1" >/dev/null 2>&1
- else
- echo "SKIPPED]"
fi
+
+ # repeated device creation must return the same checksum
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ if [ $? -eq 0 ] ; then
+ echo -n -e " CHECKSUM:"
+ dmcrypt_check_sum "$1" "$DEV_NAME"_"$1"
+ fi
+ echo
}
-if [ $(id -u) != 0 ]; then
- echo "WARNING: You must be root to run this test, test skipped."
- exit 0
-fi
+[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
+[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
add_device
dmcrypt aes aes-cbc-plain
dmcrypt aes-plain aes-cbc-plain
+# empty cipher
+dmcrypt null cipher_null-ecb
+dmcrypt cipher_null cipher_null-cbc-plain
+dmcrypt cipher_null-ecb
+
# codebook doesn't support IV at all
for cipher in $CIPHERS ; do
dmcrypt "$cipher-ecb"