#
# Test mode compatibility, check input + kernel and cryptsetup cipher status
#
-CRYPTSETUP=../src/cryptsetup
+[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
+CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
DEV_NAME=dmc_test
HEADER_IMG=mode-test.img
PASSWORD=3xrododenron
+PASSWORD1=$PASSWORD
+FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
# cipher-chainmode-ivopts:ivmode
CIPHERS="aes twofish serpent"
LOOPDEV=$(losetup -f 2>/dev/null)
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
dmremove() { # device
udevadm settle >/dev/null 2>&1
- dmsetup remove $1 >/dev/null 2>&1
+ dmsetup remove --retry $1 >/dev/null 2>&1
}
cleanup() {
- for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
- dmremove $dev
- done
- sleep 2
+ [ -b /dev/mapper/"$DEV_NAME"_tstdev ] && dmremove "$DEV_NAME"_tstdev
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $HEADER_IMG >/dev/null 2>&1
fail()
{
[ -n "$1" ] && echo "$1"
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
cleanup
exit 100
}
skip()
{
[ -n "$1" ] && echo "$1"
- exit 0
+ exit 77
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}
+
add_device() {
+ cleanup
dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
sync
losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
dmcrypt_check() # device outstring
{
X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 4)
- if [ $X = $2 ] ; then
+ if [ "$X" = $2 ] ; then
echo -n "[table OK]"
else
echo "[table FAIL]"
echo -n "[status OK]"
else
echo "[status FAIL]"
- echo " Expecting $2 got $X."
+ echo " Expecting $2 got \"$X\"."
fail
fi
dmremove $1
}
-dmcrypt_check_sum() # cipher device outstring
+dmcrypt_check_sum() # cipher device
{
EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
# Fill device with zeroes and reopen it
{
OUT=$2
[ -z "$OUT" ] && OUT=$1
- printf "%-25s" "$1"
+ printf "%-31s" "$1"
- echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo -n -e "PLAIN:"
- dmcrypt_check "$DEV_NAME"_"$1" $OUT
+ dmcrypt_check "$DEV_NAME"_tstdev $OUT
else
echo -n "[n/a]"
fi
- echo $PASSWORD | $CRYPTSETUP luksFormat -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF2 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
- echo -n -e " LUKS:"
- echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_"$1" >/dev/null 2>&1
- dmcrypt_check "$DEV_NAME"_"$1" $OUT
+ echo -n -e " LUKS1:"
+ echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
+ dmcrypt_check "$DEV_NAME"_tstdev $OUT
+ fi
+
+ echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 $FAST_PBKDF2 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ if [ $? -eq 0 ] ; then
+ echo -n -e " LUKS2:"
+ echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
+ dmcrypt_check "$DEV_NAME"_tstdev $OUT
fi
# repeated device creation must return the same checksum
- echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo -n -e " CHECKSUM:"
- dmcrypt_check_sum "$1" "$DEV_NAME"_"$1"
+ dmcrypt_check_sum "$1" "$DEV_NAME"_tstdev
fi
echo
}
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
add_device
dmcrypt aes-plain aes-cbc-plain
# empty cipher
+PASSWORD=""
dmcrypt null cipher_null-ecb
-dmcrypt cipher_null cipher_null-cbc-plain
+dmcrypt cipher_null cipher_null-ecb
dmcrypt cipher_null-ecb
+PASSWORD=$PASSWORD1
# codebook doesn't support IV at all
for cipher in $CIPHERS ; do
dmcrypt "$cipher-ecb"
done
done
+dmcrypt xchacha12,aes-adiantum-plain64
+dmcrypt xchacha20,aes-adiantum-plain64
+
cleanup