3 CRYPTSETUP
=/sbin
/cryptsetup
8 ORIG_IMG
=luks-test-orig
13 LUKS_HEADER
="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
14 KEY_SLOT0
="S208-211 S212-215 R216-247 S248-251 S251-255"
15 KEY_MATERIAL0
="R4096-68096"
16 KEY_MATERIAL0_EXT
="R4096-68096"
18 KEY_SLOT1
="S256-259 S260-263 R264-295 S296-299 S300-303"
19 KEY_MATERIAL1
="R69632-133632"
20 KEY_MATERIAL1_EXT
="S69632-133632"
22 function remove_mapping
()
24 [ -e /dev
/mapper
/$DEV_NAME2 ] && dmsetup remove
$DEV_NAME2
25 [ -e /dev
/mapper
/$DEV_NAME ] && dmsetup remove
$DEV_NAME
26 vnconfig
-u $LOOPDEV >/dev
/null
2>&1
27 # losetup -d $LOOPDEV >/dev/null 2>&1
28 rm -f $ORIG_IMG $IMG $IMG1 $KEY1 >/dev
/null
2>&1
41 if [ $
(id
-u) != 0 ]; then
42 echo "WARNING: You must be root to run this test, test skipped."
46 [ -e /dev
/mapper
/$DEV_NAME ] && dmsetup remove
$DEV_NAME
48 if [ ! -e $KEY1 ]; then
49 dd if=/dev
/urandom of
=$KEY1 count
=1 bs
=32 >/dev
/null
2>&1
52 if [ ! -e $IMG ]; then
53 bzip2 -cd compatimage.img.bz2
> $IMG
54 vnconfig
-u $LOOPDEV >/dev
/null
2>&1
55 vnconfig
-S labels
-T $LOOPDEV $IMG
56 # losetup -d $LOOPDEV >/dev/null 2>&1
57 # losetup $LOOPDEV $IMG
70 .
/fileDiffer.py
$IMG $ORIG_IMG $1|| fail
73 function check_exists
()
75 [ -e /dev
/mapper
/$DEV_NAME ] || fail
81 prepare
"[1] open - compat image - acceptance check"
82 echo "compatkey" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME || fail
85 prepare
"[2] open - compat image - denial check"
86 echo "wrongkey" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME && fail
89 # All headers items and first key material section must change
91 echo "key0" |
$CRYPTSETUP -i 1000 -c aes-cbc-essiv
:sha256
-s 128 luksFormat
$LOOPDEV || fail
92 check
"$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
94 prepare
"[4] format using hash sha512"
95 echo "key0" |
$CRYPTSETUP -i 1000 -h sha512
-c aes-cbc-essiv
:sha256
-s 128 luksFormat
$LOOPDEV || fail
96 check
"$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
99 echo "key0" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME || fail
102 # Key Slot 1 and key material section 1 must change, the rest must not.
103 prepare
"[6] add key"
104 echo -e "key0\nkey1" |
$CRYPTSETUP luksAddKey
$LOOPDEV || fail
105 check
"$KEY_SLOT1 $KEY_MATERIAL1"
106 echo "key1" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME || fail
108 # Unsuccessful Key Delete - nothing may change
109 prepare
"[7] unsuccessful delete"
110 echo "invalid" |
$CRYPTSETUP luksDelKey
$LOOPDEV 1 && fail
114 # Key Slot 1 and key material section 1 must change, the rest must not
115 prepare
"[8] successful delete"
116 $CRYPTSETUP -q luksDelKey
$LOOPDEV 1 || fail
117 check
"$KEY_SLOT1 $KEY_MATERIAL1_EXT"
118 echo "key1" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME && fail
119 echo "key0" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME || fail
121 # Key Slot 1 and key material section 1 must change, the rest must not
122 prepare
"[9] add key test for key files"
123 echo "key0" |
$CRYPTSETUP luksAddKey
$LOOPDEV $KEY1 || fail
124 check
"$KEY_SLOT1 $KEY_MATERIAL1"
125 $CRYPTSETUP -d $KEY1 luksOpen
$LOOPDEV $DEV_NAME || fail
127 # Key Slot 1 and key material section 1 must change, the rest must not
128 prepare
"[10] delete key test with key1 as remaining key"
129 $CRYPTSETUP -d $KEY1 luksDelKey
$LOOPDEV 0 || fail
130 check
"$KEY_SLOT0 $KEY_MATERIAL0_EXT"
131 echo "key0" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME && fail
132 $CRYPTSETUP luksOpen
-d $KEY1 $LOOPDEV $DEV_NAME || fail
135 prepare
"[11] delete last key"
136 echo "key0" |
$CRYPTSETUP luksFormat
$LOOPDEV || fail
137 echo "key0" |
$CRYPTSETUP luksKillSlot
$LOOPDEV 0 || fail
138 echo "key0" |
$CRYPTSETUP luksOpen
$LOOPDEV $DEV_NAME && fail
140 # Format test for ESSIV, and some other parameters.
141 prepare
"[12] parameter variation test"
142 $CRYPTSETUP -q -i 1000 -c aes-cbc-essiv
:sha256
-s 128 luksFormat
$LOOPDEV $KEY1 || fail
143 check
"$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
144 $CRYPTSETUP -d $KEY1 luksOpen
$LOOPDEV $DEV_NAME || fail
146 prepare
"[13] open/close - stacked devices"
147 echo "key0" |
$CRYPTSETUP -q luksFormat
$LOOPDEV || fail
148 echo "key0" |
$CRYPTSETUP -q luksOpen
$LOOPDEV $DEV_NAME || fail
149 echo "key0" |
$CRYPTSETUP -q luksFormat
/dev
/mapper
/$DEV_NAME || fail
150 echo "key0" |
$CRYPTSETUP -q luksOpen
/dev
/mapper
/$DEV_NAME $DEV_NAME2 || fail
151 $CRYPTSETUP -q luksClose
$DEV_NAME2 || fail
152 $CRYPTSETUP -q luksClose
$DEV_NAME || fail
154 prepare
"[14] format/open - passphrase on stdin & new line"
155 # stdin defined by "-" must take even newline
156 echo -n $
'foo\nbar' |
$CRYPTSETUP -q luksFormat
$LOOPDEV - || fail
157 echo -n $
'foo\nbar' |
$CRYPTSETUP -q --key-file=- luksOpen
$LOOPDEV $DEV_NAME || fail
158 $CRYPTSETUP -q luksClose
$DEV_NAME || fail
159 echo -n $
'foo\nbar' |
$CRYPTSETUP -q luksOpen
$LOOPDEV $DEV_NAME && fail
160 # now also try --key-file
161 echo -n $
'foo\nbar' |
$CRYPTSETUP -q luksFormat
$LOOPDEV --key-file=- || fail
162 echo -n $
'foo\nbar' |
$CRYPTSETUP -q --key-file=- luksOpen
$LOOPDEV $DEV_NAME || fail
163 $CRYPTSETUP -q luksClose
$DEV_NAME || fail
164 # process newline if from stdin
165 echo -n $
'foo\nbar' |
$CRYPTSETUP -q luksFormat
$LOOPDEV || fail
166 echo 'foo' |
$CRYPTSETUP -q luksOpen
$LOOPDEV $DEV_NAME || fail
167 $CRYPTSETUP -q luksClose
$DEV_NAME || fail