tests/password-hash-test

   1 #!/bin/bash
   2
   3 # check hash processing in create command
   4
   5 CRYPTSETUP=../src/cryptsetup
   6 DEV_NAME=dmc_test
   7 KEY_FILE=keyfile
   8
   9 DEV2=$DEV_NAME"_x"
  10
  11 dmremove() { # device
  12         udevadm settle >/dev/null 2>&1
  13         dmsetup remove $1 >/dev/null 2>&1
  14 }
  15
  16 cleanup() {
  17         [ -b /dev/mapper/$DEV2 ] && dmremove $DEV2
  18         [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
  19         rm -f $KEY_FILE
  20         exit $1
  21 }
  22
  23 crypt_key() # hash keysize pwd/file name outkey [limit]
  24 {
  25         DEV2=$DEV_NAME"_x"
  26         LIMIT=""
  27         MODE=aes-cbc-essiv:sha256
  28         [ $2 -gt 256 ] && MODE=aes-xts-plain
  29         [ -n "$6" ] && LIMIT="-l $6"
  30
  31         echo -n "HASH: $1 KSIZE: $2 / $3"
  32         case "$3" in
  33         pwd)
  34                 echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
  35                 ret=$?
  36                 ;;
  37         std-)
  38                 echo -e -n "$4" | $CRYPTSETUP create -c $MODE -d "-" -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
  39                 ret=$?
  40                 ;;
  41         stdin)
  42                 echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
  43                 ret=$?
  44                 ;;
  45         cat)
  46                 cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
  47                 ret=$?
  48                 ;;
  49         file)
  50                 $CRYPTSETUP create -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
  51                 ret=$?
  52                 ;;
  53         *)
  54                 fail
  55                 ;;
  56         esac
  57
  58         # ignore these cases, not all libs/kernel supports it
  59         if [ "$1" == "ripemd160" -o $2 -gt 256 ] ; then
  60                 if [ $ret -ne 0 ] ; then
  61                         echo " [N/A] ($ret, SKIPPED)"
  62                         return
  63                 fi
  64         fi
  65
  66         VKEY=$(dmsetup table $DEV2 --showkeys 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 5)
  67         if [ "$VKEY" != "$5" ] ; then
  68                 echo " [FAILED]"
  69                 echo "expected: $5"
  70                 echo "real key: $VKEY"
  71                 cleanup 100
  72         else
  73                 echo " [OK]"
  74         fi
  75
  76         dmremove $DEV2
  77 }
  78
  79 if [ $(id -u) != 0 ]; then
  80         echo "WARNING: You must be root to run this test, test skipped."
  81         exit 0
  82 fi
  83
  84 dmsetup create $DEV_NAME --table "0 10240 zero" >/dev/null 2>&1
  85
  86 crypt_key ripemd160   0 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
  87 crypt_key ripemd160 256 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca
  88 crypt_key ripemd160 128 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f
  89 crypt_key sha1      256 pwd "xxx" b60d121b438a380c343d5ec3c2037564b82ffef30b1e0a6ad9af7a73aa91c197
  90 crypt_key sha1      128 pwd "xxx" b60d121b438a380c343d5ec3c2037564
  91 crypt_key sha256    256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
  92 crypt_key sha256    128 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7
  93
  94 crypt_key sha256   0 std- "xxx"    cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
  95 crypt_key sha256 256 std- "xxx\n"  042aea10a0f14f2d391373599be69d53a75dde9951fc3d3cd10b6100aa7a9f24
  96 crypt_key sha256 128 std- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" \
  97                                    2a42b97084779dcedf2c66405c5d296c
  98 crypt_key sha256 256 stdin "xxx"   cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
  99 crypt_key sha256   0 stdin "xxx\n" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
 100
 101 # with keyfile, hash is ignored
 102 crypt_key ripemd160 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
 103 crypt_key sha256    256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
 104 crypt_key unknown*  256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000
 105
 106 # limiting key
 107 crypt_key sha256:20 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b4580588000000000000000000000000
 108 crypt_key sha256:32 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860
 109
 110 # key file, 80 chars
 111 echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \
 112            "2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE
 113 KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133"
 114
 115 crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 116 crypt_key sha256    256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 117 crypt_key sha256    128 file $KEY_FILE ${KEY_FILE_HEX:0:32}
 118 crypt_key sha256    512 file $KEY_FILE $KEY_FILE_HEX
 119
 120 # stdin can be limited
 121 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 16
 122 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 17
 123 crypt_key plain     128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14
 124 crypt_key sha256    128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
 125 crypt_key sha256:14 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1f0000 14
 126
 127 crypt_key sha256    128 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd 16
 128 crypt_key sha256    128 pwd "0123456789abcdef" 1be2e452b46d7a0d9656bbb1f768e824  4
 129 crypt_key sha256    128 pwd "0123"             1be2e452b46d7a0d9656bbb1f768e824  4
 130
 131 cleanup 0