#!/bin/bash # check hash processing in create command CRYPTSETUP=../src/cryptsetup DEV_NAME=dmc_test KEY_FILE=keyfile DEV2=$DEV_NAME"_x" dmremove() { # device udevadm settle >/dev/null 2>&1 dmsetup remove $1 >/dev/null 2>&1 } cleanup() { [ -b /dev/mapper/$DEV2 ] && dmremove $DEV2 [ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME rm -f $KEY_FILE exit $1 } function fail() { echo " $1 [FAILED]" cleanup 2 } crypt_key() # hash keysize pwd/file name outkey [limit] [offset] { DEV2=$DEV_NAME"_x" LIMIT="" MODE=aes-cbc-essiv:sha256 [ $2 -gt 256 ] && MODE=aes-xts-plain [ -n "$6" ] && LIMIT="-l $6" [ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7" echo -n "HASH: $1 KSIZE: $2 / $3" case "$3" in pwd) echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null ret=$? ;; std-) echo -e -n "$4" | $CRYPTSETUP create -c $MODE -d "-" -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null ret=$? ;; stdin) echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null ret=$? ;; cat) cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null ret=$? ;; cat-) cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null ret=$? ;; file) $CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null ret=$? ;; failpwd) echo -e -n "$4" | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null && fail "Expecting failure" echo " [OK]" return ;; *) fail "" ;; esac # ignore these cases, not all libs/kernel supports it if [ "$1" == "ripemd160" -o $2 -gt 256 ] ; then if [ $ret -ne 0 ] ; then echo " [N/A] ($ret, SKIPPED)" return fi fi VKEY=$(dmsetup table $DEV2 --showkeys 2>/dev/null | sed 's/.*: //' | cut -d' ' -f 5) if [ "$VKEY" != "$5" ] ; then echo " [FAILED]" echo "expected: $5" echo "real key: $VKEY" cleanup 100 else echo " [OK]" fi dmremove $DEV2 } if [ $(id -u) != 0 ]; then echo "WARNING: You must be root to run this test, test skipped." exit 0 fi dmsetup create $DEV_NAME --table "0 10240 zero" >/dev/null 2>&1 crypt_key ripemd160 0 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca crypt_key ripemd160 256 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f091e99aa5d3ff06866d4ce9f620f7aca crypt_key ripemd160 128 pwd "xxx" aeb26d1f69eb6dddfb9381eed4d7299f crypt_key sha1 256 pwd "xxx" b60d121b438a380c343d5ec3c2037564b82ffef30b1e0a6ad9af7a73aa91c197 crypt_key sha1 128 pwd "xxx" b60d121b438a380c343d5ec3c2037564 crypt_key sha256 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 crypt_key sha256 128 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7 crypt_key sha256 0 std- "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 crypt_key sha256 256 std- "xxx\n" 042aea10a0f14f2d391373599be69d53a75dde9951fc3d3cd10b6100aa7a9f24 crypt_key sha256 128 std- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" \ 2a42b97084779dcedf2c66405c5d296c crypt_key sha256 256 stdin "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 crypt_key sha256 0 stdin "xxx\n" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 # with keyfile, hash is ignored crypt_key ripemd160 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000 crypt_key sha256 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000 crypt_key unknown* 256 file /dev/zero 0000000000000000000000000000000000000000000000000000000000000000 # limiting key crypt_key sha256:20 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b4580588000000000000000000000000 crypt_key sha256:32 256 pwd "xxx" cd2eb0837c9b4c962c22d2ff8b5441b7b45805887f051d39bf133b583baf6860 crypt_key sha256: 256 failpwd "xxx" x crypt_key sha256:xx 256 failpwd "xxx" x # key file, 80 chars echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \ "2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133" # ignore hash if keyfile is specified crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64} crypt_key sha256 256 file $KEY_FILE ${KEY_FILE_HEX:0:64} crypt_key sha256 128 file $KEY_FILE ${KEY_FILE_HEX:0:32} crypt_key sha256 512 file $KEY_FILE $KEY_FILE_HEX # stdin can be limited crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 16 crypt_key plain 128 cat /dev/zero 00000000000000000000000000000000 17 # read key only up to \n crypt_key plain 128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14 # read full key, ignore keyfile length crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} crypt_key plain 128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14 # but do not ignore hash if keysgfile is "-" crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0 crypt_key sha256 128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80 crypt_key sha256 128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14 crypt_key sha256 128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2 crypt_key sha256 128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40 # limiting plain (no hash) crypt_key plain 256 pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000 crypt_key plain:2 256 pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000 crypt_key plain:9 256 failpwd "xxxxxxxx" x crypt_key sha256 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14 crypt_key sha256:14 128 cat $KEY_FILE a82c9227cc54c7475620ce85ba1f0000 14 crypt_key sha256 128 pwd "0123456789abcdef" 9f9f5111f7b27a781f1f1ddde5ebc2dd 16 crypt_key sha256 128 pwd "0123456789abcdef" 1be2e452b46d7a0d9656bbb1f768e824 4 crypt_key sha256 128 pwd "0123" 1be2e452b46d7a0d9656bbb1f768e824 4 cleanup 0