1#!/usr/bin/env bash 2 3CRYPTSETUP=/sbin/cryptsetup 4 5LOOPDEV=/dev/vn1 6DEV_NAME=dummy 7DEV_NAME2=dummy2 8ORIG_IMG=luks-test-orig 9IMG=luks-test 10IMG1=luks-test1 11KEY1=key1 12 13LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591" 14KEY_SLOT0="S208-211 S212-215 R216-247 S248-251 S251-255" 15KEY_MATERIAL0="R4096-68096" 16KEY_MATERIAL0_EXT="R4096-68096" 17 18KEY_SLOT1="S256-259 S260-263 R264-295 S296-299 S300-303" 19KEY_MATERIAL1="R69632-133632" 20KEY_MATERIAL1_EXT="S69632-133632" 21 22function remove_mapping() 23{ 24 [ -e /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 25 [ -e /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME 26 vnconfig -u $LOOPDEV >/dev/null 2>&1 27# losetup -d $LOOPDEV >/dev/null 2>&1 28 rm -f $ORIG_IMG $IMG $IMG1 $KEY1 >/dev/null 2>&1 29} 30 31function fail() 32{ 33 echo "last ret: $?" 34 remove_mapping 35 echo "FAILED" 36 exit 2 37} 38 39function prepare() 40{ 41 if [ $(id -u) != 0 ]; then 42 echo "WARNING: You must be root to run this test, test skipped." 43 exit 0 44 fi 45 46 [ -e /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME 47 48 if [ ! -e $KEY1 ]; then 49 dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1 50 fi 51 52 if [ ! -e $IMG ]; then 53 bzip2 -cd compatimage.img.bz2 > $IMG 54 vnconfig -u $LOOPDEV >/dev/null 2>&1 55 vnconfig -S labels -T $LOOPDEV $IMG 56# losetup -d $LOOPDEV >/dev/null 2>&1 57# losetup $LOOPDEV $IMG 58 fi 59 60 cp $IMG $ORIG_IMG 61 62 echo "CASE: $1" 63} 64 65function check() 66{ 67 sync 68 sync 69 sync 70 ./fileDiffer.py $IMG $ORIG_IMG $1|| fail 71} 72 73function check_exists() 74{ 75 [ -e /dev/mapper/$DEV_NAME ] || fail 76 check $1 77} 78 79# LUKS tests 80 81prepare "[1] open - compat image - acceptance check" 82echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail 83check_exists 84 85prepare "[2] open - compat image - denial check" 86echo "wrongkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail 87check 88 89# All headers items and first key material section must change 90prepare "[3] format" 91echo "key0" | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail 92check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" 93 94prepare "[4] format using hash sha512" 95echo "key0" | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail 96check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" 97 98prepare "[5] open" 99echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail 100check_exists 101 102# Key Slot 1 and key material section 1 must change, the rest must not. 103prepare "[6] add key" 104echo -e "key0\nkey1" | $CRYPTSETUP luksAddKey $LOOPDEV || fail 105check "$KEY_SLOT1 $KEY_MATERIAL1" 106echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail 107 108# Unsuccessful Key Delete - nothing may change 109prepare "[7] unsuccessful delete" 110echo "invalid" | $CRYPTSETUP luksDelKey $LOOPDEV 1 && fail 111check 112 113# Delete Key Test 114# Key Slot 1 and key material section 1 must change, the rest must not 115prepare "[8] successful delete" 116$CRYPTSETUP -q luksDelKey $LOOPDEV 1 || fail 117check "$KEY_SLOT1 $KEY_MATERIAL1_EXT" 118echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail 119echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail 120 121# Key Slot 1 and key material section 1 must change, the rest must not 122prepare "[9] add key test for key files" 123echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail 124check "$KEY_SLOT1 $KEY_MATERIAL1" 125$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail 126 127# Key Slot 1 and key material section 1 must change, the rest must not 128prepare "[10] delete key test with key1 as remaining key" 129$CRYPTSETUP -d $KEY1 luksDelKey $LOOPDEV 0 || fail 130check "$KEY_SLOT0 $KEY_MATERIAL0_EXT" 131echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail 132$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail 133 134# Delete last slot 135prepare "[11] delete last key" 136echo "key0" | $CRYPTSETUP luksFormat $LOOPDEV || fail 137echo "key0" | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail 138echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail 139 140# Format test for ESSIV, and some other parameters. 141prepare "[12] parameter variation test" 142$CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV $KEY1 || fail 143check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0" 144$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail 145 146prepare "[13] open/close - stacked devices" 147echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail 148echo "key0" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail 149echo "key0" | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail 150echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail 151$CRYPTSETUP -q luksClose $DEV_NAME2 || fail 152$CRYPTSETUP -q luksClose $DEV_NAME || fail 153 154prepare "[14] format/open - passphrase on stdin & new line" 155# stdin defined by "-" must take even newline 156echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail 157echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail 158$CRYPTSETUP -q luksClose $DEV_NAME || fail 159echo -n $'foo\nbar' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME && fail 160# now also try --key-file 161echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail 162echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail 163$CRYPTSETUP -q luksClose $DEV_NAME || fail 164# process newline if from stdin 165echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV || fail 166echo 'foo' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail 167$CRYPTSETUP -q luksClose $DEV_NAME || fail 168 169remove_mapping 170exit 0 171