Commit | Line | Data |
---|---|---|
858fe96d | 1 | #!/usr/bin/env bash |
bf114f1d | 2 | |
89c9342a | 3 | CRYPTSETUP=/sbin/cryptsetup |
bf114f1d | 4 | |
89c9342a | 5 | LOOPDEV=/dev/vn1 |
bf114f1d AH |
6 | DEV_NAME=dummy |
7 | DEV_NAME2=dummy2 | |
8 | ORIG_IMG=luks-test-orig | |
9 | IMG=luks-test | |
10 | IMG1=luks-test1 | |
11 | KEY1=key1 | |
12 | ||
13 | LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591" | |
14 | KEY_SLOT0="S208-211 S212-215 R216-247 S248-251 S251-255" | |
15 | KEY_MATERIAL0="R4096-68096" | |
16 | KEY_MATERIAL0_EXT="R4096-68096" | |
17 | ||
18 | KEY_SLOT1="S256-259 S260-263 R264-295 S296-299 S300-303" | |
19 | KEY_MATERIAL1="R69632-133632" | |
20 | KEY_MATERIAL1_EXT="S69632-133632" | |
21 | ||
22 | function remove_mapping() | |
23 | { | |
89c9342a AH |
24 | [ -e /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 |
25 | [ -e /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME | |
26 | vnconfig -u $LOOPDEV >/dev/null 2>&1 | |
27 | # losetup -d $LOOPDEV >/dev/null 2>&1 | |
bf114f1d AH |
28 | rm -f $ORIG_IMG $IMG $IMG1 $KEY1 >/dev/null 2>&1 |
29 | } | |
30 | ||
31 | function fail() | |
32 | { | |
89c9342a | 33 | echo "last ret: $?" |
bf114f1d AH |
34 | remove_mapping |
35 | echo "FAILED" | |
36 | exit 2 | |
37 | } | |
38 | ||
39 | function prepare() | |
40 | { | |
41 | if [ $(id -u) != 0 ]; then | |
42 | echo "WARNING: You must be root to run this test, test skipped." | |
43 | exit 0 | |
44 | fi | |
45 | ||
89c9342a | 46 | [ -e /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME |
bf114f1d AH |
47 | |
48 | if [ ! -e $KEY1 ]; then | |
49 | dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 | |
50 | fi | |
51 | ||
52 | if [ ! -e $IMG ]; then | |
53 | bzip2 -cd compatimage.img.bz2 > $IMG | |
89c9342a AH |
54 | vnconfig -u $LOOPDEV >/dev/null 2>&1 |
55 | vnconfig -S labels -T $LOOPDEV $IMG | |
56 | # losetup -d $LOOPDEV >/dev/null 2>&1 | |
57 | # losetup $LOOPDEV $IMG | |
bf114f1d AH |
58 | fi |
59 | ||
60 | cp $IMG $ORIG_IMG | |
61 | ||
89c9342a | 62 | echo "CASE: $1" |
bf114f1d AH |
63 | } |
64 | ||
65 | function check() | |
66 | { | |
89c9342a AH |
67 | sync |
68 | sync | |
bf114f1d AH |
69 | sync |
70 | ./fileDiffer.py $IMG $ORIG_IMG $1|| fail | |
71 | } | |
72 | ||
73 | function check_exists() | |
74 | { | |
89c9342a | 75 | [ -e /dev/mapper/$DEV_NAME ] || fail |
bf114f1d AH |
76 | check $1 |
77 | } | |
78 | ||
79 | # LUKS tests | |
80 | ||
81 | prepare "[1] open - compat image - acceptance check" | |
82 | echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail | |
83 | check_exists | |
84 | ||
85 | prepare "[2] open - compat image - denial check" | |
86 | echo "wrongkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail | |
87 | check | |
88 | ||
89 | # All headers items and first key material section must change | |
90 | prepare "[3] format" | |
91 | echo "key0" | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail | |
92 | check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" | |
93 | ||
94 | prepare "[4] format using hash sha512" | |
95 | echo "key0" | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail | |
96 | check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" | |
97 | ||
98 | prepare "[5] open" | |
99 | echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail | |
100 | check_exists | |
101 | ||
102 | # Key Slot 1 and key material section 1 must change, the rest must not. | |
103 | prepare "[6] add key" | |
104 | echo -e "key0\nkey1" | $CRYPTSETUP luksAddKey $LOOPDEV || fail | |
105 | check "$KEY_SLOT1 $KEY_MATERIAL1" | |
106 | echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail | |
107 | ||
108 | # Unsuccessful Key Delete - nothing may change | |
109 | prepare "[7] unsuccessful delete" | |
110 | echo "invalid" | $CRYPTSETUP luksDelKey $LOOPDEV 1 && fail | |
111 | check | |
112 | ||
113 | # Delete Key Test | |
114 | # Key Slot 1 and key material section 1 must change, the rest must not | |
115 | prepare "[8] successful delete" | |
116 | $CRYPTSETUP -q luksDelKey $LOOPDEV 1 || fail | |
117 | check "$KEY_SLOT1 $KEY_MATERIAL1_EXT" | |
118 | echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail | |
119 | echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail | |
120 | ||
121 | # Key Slot 1 and key material section 1 must change, the rest must not | |
122 | prepare "[9] add key test for key files" | |
123 | echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail | |
124 | check "$KEY_SLOT1 $KEY_MATERIAL1" | |
125 | $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail | |
126 | ||
127 | # Key Slot 1 and key material section 1 must change, the rest must not | |
128 | prepare "[10] delete key test with key1 as remaining key" | |
129 | $CRYPTSETUP -d $KEY1 luksDelKey $LOOPDEV 0 || fail | |
130 | check "$KEY_SLOT0 $KEY_MATERIAL0_EXT" | |
131 | echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail | |
132 | $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail | |
133 | ||
134 | # Delete last slot | |
135 | prepare "[11] delete last key" | |
136 | echo "key0" | $CRYPTSETUP luksFormat $LOOPDEV || fail | |
137 | echo "key0" | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail | |
138 | echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail | |
139 | ||
140 | # Format test for ESSIV, and some other parameters. | |
141 | prepare "[12] parameter variation test" | |
142 | $CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV $KEY1 || fail | |
143 | check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" | |
144 | $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail | |
145 | ||
146 | prepare "[13] open/close - stacked devices" | |
147 | echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail | |
148 | echo "key0" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail | |
149 | echo "key0" | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail | |
150 | echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail | |
151 | $CRYPTSETUP -q luksClose $DEV_NAME2 || fail | |
152 | $CRYPTSETUP -q luksClose $DEV_NAME || fail | |
153 | ||
154 | prepare "[14] format/open - passphrase on stdin & new line" | |
155 | # stdin defined by "-" must take even newline | |
156 | echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail | |
157 | echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail | |
158 | $CRYPTSETUP -q luksClose $DEV_NAME || fail | |
159 | echo -n $'foo\nbar' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME && fail | |
160 | # now also try --key-file | |
161 | echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail | |
162 | echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail | |
163 | $CRYPTSETUP -q luksClose $DEV_NAME || fail | |
164 | # process newline if from stdin | |
165 | echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV || fail | |
166 | echo 'foo' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail | |
167 | $CRYPTSETUP -q luksClose $DEV_NAME || fail | |
168 | ||
169 | remove_mapping | |
170 | exit 0 |