#!/bin/bash

# check luks1 images parsing

# NOTE: if image with whirlpool hash fails, check
# that you are not using old gcrypt with flawed whirlpool
# (see cryptsetup debug output)

CRYPTSETUP=../src/cryptsetup
TST_DIR=luks1-images
MAP=luks1tst
KEYFILE=keyfile1

function remove_mapping()
{
	[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
}

function fail()
{
	[ -n "$1" ] && echo "$1"
	echo " [FAILED]"
	remove_mapping
	exit 2
}

function skip()
{
	[ -n "$1" ] && echo "$1"
	echo "Test skipped."
	exit 0
}

function test_one()
{
	$CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
}

function test_required()
{
	which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."

	echo "REQUIRED KDF TEST"
	$CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip

	echo "REQUIRED CIPHERS TEST"
	echo "#  Algorithm | Key |  Encryption |  Decryption"

	test_one aes-xts 256
	test_one twofish-xts 256
	test_one serpent-xts 256
	test_one aes-cbc 256
	test_one aes-lrw 256
}

export LANG=C

if [ $(id -u) != 0 ]; then
	echo "WARNING: You must be root to run activation part of test, test skipped."
	exit 0
fi

test_required
[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2

echo "ACTIVATION FS UUID CHECK"
for file in $(ls $TST_DIR/luks1_*) ; do
	echo -n " $file"
	$CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null
	ret=$?
	# ignore missing whirlpool (pwd failed is exit code 2)
	[ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
	[ $ret -ne 0 ] && fail
	$CRYPTSETUP status $MAP >/dev/null || fail
	$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
	$CRYPTSETUP remove $MAP || fail
	[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
	echo " [OK]"
done