static char global_log[4096];
static int global_lines = 0;
-static int gcrypt_compatible = 0;
-
// Helpers
static int _prepare_keyfile(const char *name, const char *passphrase)
{
static void NonFIPSAlg(void)
{
struct crypt_device *cd;
- struct crypt_params_luks1 params = {
- .hash = "whirlpool",
- };
+ struct crypt_params_luks1 params = {0};
char key[128] = "";
size_t key_size = 128;
char *cipher = "aes";
char *cipher_mode = "cbc-essiv:sha256";
+ int ret;
- if (!gcrypt_compatible) {
- printf("WARNING: old libgcrypt, skipping test.\n");
- return;
- }
OK_(crypt_init(&cd, DEVICE_2));
+ params.hash = "sha256";
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
+ params.hash = "whirlpool";
+ ret = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms);
+ if (ret < 0) {
+ printf("WARNING: whirlpool not supported, skipping test.\n");
+ crypt_free(cd);
+ return;
+ }
+
params.hash = "md5";
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms),
"MD5 unsupported, too short");
crypt_free(cd);
}
-
-static void _gcrypt_compatible()
-{
- int maj, min, patch;
- FILE *f;
-
- if (!(f = popen("libgcrypt-config --version", "r")))
- return;
-
- if (fscanf(f, "%d.%d.%d", &maj, &min, &patch) == 3 &&
- maj >= 1 && min >= 4)
- gcrypt_compatible = 1;
- if (_debug)
- printf("libgcrypt version %d.%d.%d detected.\n", maj, min, patch);
-
- (void)fclose(f);
- return;
-}
-
int main (int argc, char *argv[])
{
int i;
_cleanup();
_setup();
- _gcrypt_compatible();
crypt_set_debug_level(_debug ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE);
$CRYPTSETUP -q resize $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "19997 sectors" || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
-echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV || fail
+echo "key0" | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
-echo "key0" | $CRYPTSETUP -q create $DEV_NAME $LOOPDEV || fail
+echo "key0" | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
# verify is ignored on non-tty input
-echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --verify-passphrase || fail
+echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
-$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
+$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d blah 2>/dev/null && fail
$CRYPTSETUP -q remove $DEV_NAME || fail
dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
sync
dmremove $2
- echo $PASSWORD | $CRYPTSETUP create -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
+
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
ret=$?
VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
[ -z "$OUT" ] && OUT=$1
printf "%-25s" "$1"
- echo $PASSWORD | $CRYPTSETUP create -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo -n -e "PLAIN:"
dmcrypt_check "$DEV_NAME"_"$1" $OUT
fi
# repeated device creation must return the same checksum
- echo $PASSWORD | $CRYPTSETUP create -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo -n -e " CHECKSUM:"
dmcrypt_check_sum "$1" "$DEV_NAME"_"$1"