xref: /dflybsd-src/contrib/cryptsetup/tests/compat-test (revision 8bd3d23cacb2ee28cb21ee3d50f68e868fa018cc) 
1#!/bin/bash
2
3CRYPTSETUP=../src/cryptsetup
4
5LOOPDEV=/dev/loop5
6DEV_NAME=dummy
7DEV_NAME2=dummy2
8ORIG_IMG=luks-test-orig
9IMG=luks-test
10IMG1=luks-test1
11KEY1=key1
12
13LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
14KEY_SLOT0="S208-211 S212-215 R216-247 S248-251 S251-255"
15KEY_MATERIAL0="R4096-68096"
16KEY_MATERIAL0_EXT="R4096-68096"
17
18KEY_SLOT1="S256-259 S260-263 R264-295 S296-299 S300-303"
19KEY_MATERIAL1="R69632-133632"
20KEY_MATERIAL1_EXT="S69632-133632"
21
22function remove_mapping()
23{
24	[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2
25	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
26	losetup -d $LOOPDEV >/dev/null 2>&1
27	rm -f $ORIG_IMG $IMG $IMG1 $KEY1 >/dev/null 2>&1
28}
29
30function fail()
31{
32	remove_mapping
33	echo "FAILED"
34	exit 2
35}
36
37function prepare()
38{
39	if [ $(id -u) != 0 ]; then
40		echo "WARNING: You must be root to run this test, test skipped."
41		exit 0
42	fi
43
44	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
45
46	if [ ! -e $KEY1 ]; then
47		dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
48	fi
49
50	if [ ! -e $IMG ]; then
51		bzip2 -cd compatimage.img.bz2 > $IMG
52		losetup -d $LOOPDEV >/dev/null 2>&1
53		losetup $LOOPDEV $IMG
54	fi
55
56	cp $IMG $ORIG_IMG
57
58	[ -n "$1" ] && echo "CASE: $1"
59}
60
61function check()
62{
63	sync
64	./fileDiffer.py $IMG $ORIG_IMG $1|| fail
65}
66
67function check_exists()
68{
69	[ -b /dev/mapper/$DEV_NAME ] || fail
70	check $1
71}
72
73# LUKS tests
74
75prepare	"[1] open - compat image - acceptance check"
76echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
77check_exists
78
79prepare "[2] open - compat image - denial check"
80echo "wrongkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
81check
82
83# All headers items and first key material section must change
84prepare "[3] format"
85echo "key0" | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
86check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
87
88prepare "[4] format using hash sha512"
89echo "key0" | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
90check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
91
92prepare "[5] open"
93echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
94check_exists
95
96# Key Slot 1 and key material section 1 must change, the rest must not.
97prepare "[6] add key"
98echo -e "key0\nkey1" | $CRYPTSETUP luksAddKey $LOOPDEV || fail
99check "$KEY_SLOT1 $KEY_MATERIAL1"
100echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
101
102# Unsuccessful Key Delete - nothing may change
103prepare "[7] unsuccessful delete"
104echo "invalid" | $CRYPTSETUP luksDelKey $LOOPDEV 1 && fail
105check
106
107# Delete Key Test
108# Key Slot 1 and key material section 1 must change, the rest must not
109prepare "[8] successful delete"
110$CRYPTSETUP -q luksDelKey $LOOPDEV 1 || fail
111check "$KEY_SLOT1 $KEY_MATERIAL1_EXT"
112echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
113echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
114
115# Key Slot 1 and key material section 1 must change, the rest must not
116prepare "[9] add key test for key files"
117echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail
118check "$KEY_SLOT1 $KEY_MATERIAL1"
119$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
120
121# Key Slot 1 and key material section 1 must change, the rest must not
122prepare "[10] delete key test with key1 as remaining key"
123$CRYPTSETUP -d $KEY1 luksDelKey $LOOPDEV 0 || fail
124check "$KEY_SLOT0 $KEY_MATERIAL0_EXT"
125echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
126$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
127
128# Delete last slot
129prepare "[11] delete last key"
130echo "key0" | $CRYPTSETUP luksFormat $LOOPDEV || fail
131echo "key0" | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail
132echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME && fail
133
134# Format test for ESSIV, and some other parameters.
135prepare "[12] parameter variation test"
136$CRYPTSETUP -q -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV $KEY1 || fail
137check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
138$CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
139
140prepare	"[13] open/close - stacked devices"
141echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
142echo "key0" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
143echo "key0" | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail
144echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
145$CRYPTSETUP -q luksClose  $DEV_NAME2 || fail
146$CRYPTSETUP -q luksClose  $DEV_NAME || fail
147
148prepare	"[14] format/open - passphrase on stdin & new line"
149# stdin defined by "-" must take even newline
150echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
151echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
152$CRYPTSETUP -q luksClose  $DEV_NAME || fail
153echo -n $'foo\nbar' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME && fail
154# now also try --key-file
155echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail
156echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
157$CRYPTSETUP -q luksClose  $DEV_NAME || fail
158# process newline if from stdin
159echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
160echo 'foo' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
161$CRYPTSETUP -q luksClose  $DEV_NAME || fail
162
163remove_mapping
164exit 0
165