| #!/bin/bash |
| |
| # check luks1 images parsing |
| |
| # NOTE: if image with whirlpool hash fails, check |
| # that you are not using old gcrypt with flawed whirlpool |
| # (see cryptsetup debug output) |
| |
| CRYPTSETUP=../src/cryptsetup |
| TST_DIR=luks1-images |
| MAP=luks1tst |
| KEYFILE=keyfile1 |
| |
| function remove_mapping() |
| { |
| [ -b /dev/mapper/$MAP ] && dmsetup remove $MAP |
| } |
| |
| function fail() |
| { |
| [ -n "$1" ] && echo "$1" |
| echo " [FAILED]" |
| remove_mapping |
| exit 2 |
| } |
| |
| function skip() |
| { |
| [ -n "$1" ] && echo "$1" |
| echo "Test skipped." |
| exit 0 |
| } |
| |
| function test_one() |
| { |
| $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip |
| } |
| |
| function test_required() |
| { |
| which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required." |
| |
| echo "REQUIRED KDF TEST" |
| $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip |
| |
| echo "REQUIRED CIPHERS TEST" |
| echo "# Algorithm | Key | Encryption | Decryption" |
| |
| test_one aes-xts 256 |
| test_one twofish-xts 256 |
| test_one serpent-xts 256 |
| test_one aes-cbc 256 |
| test_one aes-lrw 256 |
| } |
| |
| export LANG=C |
| |
| if [ $(id -u) != 0 ]; then |
| echo "WARNING: You must be root to run activation part of test, test skipped." |
| exit 0 |
| fi |
| |
| test_required |
| [ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2 --no-same-owner |
| |
| echo "ACTIVATION FS UUID CHECK" |
| for file in $(ls $TST_DIR/luks1_*) ; do |
| echo -n " $file" |
| $CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null |
| ret=$? |
| # ignore missing whirlpool (pwd failed is exit code 2) |
| [ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue |
| # ignore flawed whirlpool (pwd failed is exit code 2) |
| [ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \ |
| ($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \ |
| echo " [IGNORED (flawed Whirlpool library)]" && continue |
| [ $ret -ne 0 ] && fail |
| $CRYPTSETUP status $MAP >/dev/null || fail |
| $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail |
| UUID=$(lsblk -n -o UUID /dev/mapper/$MAP) |
| $CRYPTSETUP remove $MAP || fail |
| [ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed." |
| echo " [OK]" |
| done |