Makefile: Add security compiling option (RELRO, SC, and FORTIFY)

[platform/upstream/cryptsetup.git] / tests / luks1-compat-test

#!/bin/bash

[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
TST_DIR=luks1-images
MAP=luks1tst
KEYFILE=keyfile1

CRYPTSETUP_VALGRIND=../.libs/cryptsetup
CRYPTSETUP_LIB_VALGRIND=../.libs

[ -z "$srcdir" ] && srcdir="."

function remove_mapping()
{
        [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
        rm -rf $TST_DIR
}

function fail()
{
        [ -n "$1" ] && echo "$1"
        echo " [FAILED]"
        echo "FAILED backtrace:"
        while caller $frame; do ((frame++)); done
        remove_mapping
        exit 2
}

function skip()
{
        [ -n "$1" ] && echo "$1"
        remove_mapping
        exit 77
}

function valgrind_setup()
{
        command -v valgrind >/dev/null || fail "Cannot find valgrind."
        [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
        export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}

function valgrind_run()
{
        INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}

function remove_imgs()
{
        echo "WARNING: $1 not available, not testing some images."
        rm $(ls $TST_DIR/*$1*.img)
}

function test_one()
{
        $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || remove_imgs $1
}

function test_required()
{
        echo "REQUIRED KDF TEST"
        $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && remove_imgs whirlpool

        echo "REQUIRED CIPHERS TEST"
        echo "#     Algorithm | Key |  Encryption |  Decryption"

        test_one aes-xts 256
        test_one twofish-xts 256
        test_one serpent-xts 256
        test_one aes-cbc 256
        test_one aes-lrw 256
}

export LANG=C
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
command -v blkid >/dev/null || skip "blkid tool required, test skipped."
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
[ ! -d $TST_DIR ] && tar xJf $srcdir/luks1-images.tar.xz --no-same-owner
test_required

echo "PASSPHRASE CHECK"
for file in $(ls $TST_DIR/luks1_*) ; do
        echo -n " $file"
        $CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file --test-passphrase 2>/dev/null
        ret=$?
        # ignore missing whirlpool (pwd failed is exit code 2)
        [ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
        # ignore flawed whirlpool (pwd failed is exit code 2)
        [ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
                ($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
                echo " [IGNORED (flawed Whirlpool library)]" && continue
        [ $ret -ne 0 ] && fail
        echo " [OK]"
done

if [ $(id -u) != 0 ]; then
        echo "WARNING: You must be root to run activation part of test, test skipped."
        remove_mapping
        exit 0
fi

echo "ACTIVATION FS UUID CHECK"
for file in $(ls $TST_DIR/luks1_*) ; do
        echo -n " $file"
        $CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null
        ret=$?
        # ignore missing whirlpool (pwd failed is exit code 2)
        [ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
        # ignore flawed whirlpool (pwd failed is exit code 2)
        [ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
                ($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
                echo " [IGNORED (flawed Whirlpool library)]" && continue
        [ $ret -ne 0 ] && fail
        $CRYPTSETUP status $MAP >/dev/null || fail
        $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
        UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
        $CRYPTSETUP remove $MAP || fail
        [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
        echo " [OK]"
done

remove_mapping
exit 0