tests/mode-test

   1 #!/bin/bash
   2 #
   3 # Test mode compatibility, check input + kernel and cryptsetup cipher status
   4 #
   5 CRYPTSETUP=../src/cryptsetup
   6 DEV_NAME=dmc_test
   7 HEADER_IMG=mode-test.img
   8 PASSWORD=3xrododenron
   9
  10 # cipher-chainmode-ivopts:ivmode
  11 CIPHERS="aes twofish serpent"
  12 MODES="cbc lrw xts"
  13 IVMODES="null benbi plain plain64 essiv:sha256"
  14
  15 LOOPDEV=$(losetup -f 2>/dev/null)
  16
  17 dmremove() { # device
  18         udevadm settle >/dev/null 2>&1
  19         dmsetup remove $1 >/dev/null 2>&1
  20 }
  21
  22 cleanup() {
  23         for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
  24                 dmremove $dev
  25         done
  26         sleep 2
  27         [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
  28         losetup -d $LOOPDEV >/dev/null 2>&1
  29         rm -f $HEADER_IMG >/dev/null 2>&1
  30 }
  31
  32 fail()
  33 {
  34         [ -n "$1" ] && echo "$1"
  35         cleanup
  36         exit 100
  37 }
  38
  39 skip()
  40 {
  41         [ -n "$1" ] && echo "$1"
  42         exit 0
  43 }
  44
  45 add_device() {
  46         dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
  47         sync
  48         losetup $LOOPDEV $HEADER_IMG >/dev/null 2>&1
  49         dmsetup create $DEV_NAME --table "0 10240 linear $LOOPDEV 8" >/dev/null 2>&1
  50 }
  51
  52 dmcrypt_check() # device outstring
  53 {
  54         X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 4)
  55         if [ $X = $2 ] ; then
  56                 echo -n "[table OK]"
  57         else
  58                 echo "[table FAIL]"
  59                 echo " Expecting $2 got $X."
  60                 fail
  61         fi
  62
  63         X=$($CRYPTSETUP status $1 | grep cipher: | sed s/\.\*cipher:\\s*//)
  64         if [ $X = $2 ] ; then
  65                 echo -n "[status OK]"
  66         else
  67                 echo "[status FAIL]"
  68                 echo " Expecting $2 got $X."
  69                 fail
  70         fi
  71
  72         dmremove $1
  73 }
  74
  75 dmcrypt_check_sum() # cipher device outstring
  76 {
  77         EXPSUM="c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29"
  78         # Fill device with zeroes and reopen it
  79         dd if=/dev/zero of=/dev/mapper/$2 bs=1M count=6 >/dev/null 2>&1
  80         sync
  81         dmremove $2
  82
  83         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 $2 /dev/mapper/$DEV_NAME >/dev/null 2>&1
  84         ret=$?
  85         VSUM=$(sha256sum /dev/mapper/$2 | cut -d' ' -f 1)
  86         if [ $ret -eq 0 -a "$VSUM" = "$EXPSUM" ] ; then
  87                 echo -n "[OK]"
  88         else
  89                 echo "[FAIL]"
  90                 echo " Expecting $EXPSUM got $VSUM."
  91                 fail
  92         fi
  93
  94         dmremove $2
  95 }
  96
  97 dmcrypt()
  98 {
  99         OUT=$2
 100         [ -z "$OUT" ] && OUT=$1
 101         printf "%-25s" "$1"
 102
 103         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
 104         if [ $? -eq 0 ] ; then
 105                 echo -n -e "PLAIN:"
 106                 dmcrypt_check "$DEV_NAME"_"$1" $OUT
 107         else
 108                 echo -n "[n/a]"
 109         fi
 110
 111         echo $PASSWORD | $CRYPTSETUP luksFormat -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
 112         if [ $? -eq 0 ] ; then
 113                 echo -n -e " LUKS:"
 114                 echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_"$1" >/dev/null 2>&1
 115                 dmcrypt_check "$DEV_NAME"_"$1" $OUT
 116         fi
 117
 118         # repeated device creation must return the same checksum
 119         echo $PASSWORD | $CRYPTSETUP create -h sha256 -c $1 -s 256 "$DEV_NAME"_"$1" /dev/mapper/$DEV_NAME >/dev/null 2>&1
 120         if [ $? -eq 0 ] ; then
 121                 echo -n -e " CHECKSUM:"
 122                 dmcrypt_check_sum "$1" "$DEV_NAME"_"$1"
 123         fi
 124         echo
 125 }
 126
 127 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
 128 [ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
 129
 130 add_device
 131
 132 # compatibility modes
 133 dmcrypt aes aes-cbc-plain
 134 dmcrypt aes-plain aes-cbc-plain
 135
 136 # empty cipher
 137 dmcrypt null cipher_null-ecb
 138 dmcrypt cipher_null cipher_null-cbc-plain
 139 dmcrypt cipher_null-ecb
 140
 141 # codebook doesn't support IV at all
 142 for cipher in $CIPHERS ; do
 143         dmcrypt "$cipher-ecb"
 144 done
 145
 146 for cipher in $CIPHERS ; do
 147         for mode in $MODES ; do
 148                 for ivmode in $IVMODES ; do
 149                         dmcrypt "$cipher-$mode-$ivmode"
 150                 done
 151         done
 152 done
 153
 154 cleanup