mudslinger

Cryptmount是对Linux系统下的文件系统以及用户设备、文档等进行加密的系统.

#!/bin/bash
# testing script for cryptmount (compiled with -DTESTING)
# $Revision: 125 $, $Date: 2006-09-22 20:39:18 +0100 (Fri, 22 Sep 2006) $
# RW Penney, December 2005

TMPDIR=/tmp/cm-$$
CM=./cryptmount
PASSWD="hopeless"
USER1=bin
USER2=nobody
LOSETUP=/sbin/losetup
LOOPDEV=/dev/loop7
LOOPDEV2=/dev/loop5


#
# testing infrastructure
#

NTESTS_RUN=0
NTESTS_FAILED=0
NTESTS_PASSED=0
NTESTS_ABORTED=0

function test_start() {
    # syntax: test_start <test-name>
    echo -n "testing $1..."
    echo -e "\n\n----  test \"$1\" ----\n" 1>&3
    if [ ${NTESTS_ABORTED} -gt 0 ]; then
        test_abort
        false
        return
    else
        NTESTS_RUN=`expr ${NTESTS_RUN} + 1`
        true
        return
    fi
};

function test_fail() {
    echo "  FAILED!   [$1]"
    echo "!!! TEST FAILED [$1] !!!" 1>&3
    NTESTS_FAILED=`expr ${NTESTS_FAILED} + 1`
};

function test_pass() {
    echo "  passed"
    echo "(test passed)" 1>&3
    NTESTS_PASSED=`expr ${NTESTS_PASSED} + 1`
};

function test_abort() {
    echo "  aborted"
    echo "(test aborted)" 1>&3
    NTESTS_ABORTED=`expr ${NTESTS_ABORTED} + 1`
};

function test_summary() {
    echo "========"
    echo "${NTESTS_RUN} tests run"
    echo "  ${NTESTS_FAILED} tests failed"
    echo "  ${NTESTS_PASSED} tests passed"
    echo -e "\n\n${NTESTS_RUN}/${NTESTS_FAILED}/${NTESTS_PASSED} tests run/failed/passed" 1>&3
};



#
# utility routines
#

function mkkeyfile() {
    # syntax: mkkeyfile <bytes> <message_digest> <cipher>
    dd if=/dev/urandom bs=${1}c count=1 2>/dev/null | \
    openssl enc -e -pass pass:${PASSWD} -md $2 -${3}
};

function mkrandshort() {
    # create random digit
    od -An -N2 -t x2 /dev/urandom | sed 's% *%%g'
};

function mkbingrep() {
    # create simple binary-grep for block-offset test
    cat <<EOF > "${1}.c"
#include <unistd.h>
#include <stdio.h>
#define BLKLEN 32

int main(int argc, char*argv[])
{   int i,notzeros,state=0;
    long fpos=0;
    char buff[BLKLEN];

    while (read(STDIN_FILENO,(void*)buff,BLKLEN) == BLKLEN && state < 2) {
        for (notzeros=0,i=0; !notzeros && i<BLKLEN; ++i) {
            notzeros |= buff[i];
        }
        if (state == 0 && notzeros) {
            printf("%ld ", fpos);
            ++state;
        } else if (state == 1 && !notzeros) {
            printf("%ld\n", fpos);
            ++state;
        }
        fpos += BLKLEN;
    }
    return 0;
}
EOF
    gcc -O "${1}.c" -o "${1}" && rm "${1}.c"
};


#
# specific test-cases
#

function test_version() {
    # check that cryptmount has been compiled properly for further tests
    if test_start "version"; then true; else return; fi
    echo "#nothing here!" > ${TMPDIR}/cmtab
    if ${CM} --config-dir ${TMPDIR} --version 2>&3; then
        test_pass
    else
        test_abort
        echo "*** please ensure cryptmount has been compiled with -DTESTING"
        echo "*** or rebuild using 'make clean cmtest'"
    fi
};


function test_binary() {
    # run built-in unit-tests
    if test_start "binary self-test"; then true; else return; fi
    if ${CM} --self-test 2>&3; then
        test_pass
    else
        test_abort
    fi
};


function test_setup_dev() {
    # basic test of prepare/release on raw device
    if test_start "basic setup (device)"; then true; else return; fi
    mkkeyfile 16 md5 aes-128-cbc > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${LOOPDEV}
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=defaults cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=md5 keycipher=aes-128-cbc
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if mke2fs -q /dev/mapper/target${idx}; then true; else test_fail mke2fs; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi
    test_pass
};


function test_setup_loop() {
    # basic test of prepare/release via loopback device
    if test_start "basic setup (loopback)"; then true; else return; fi
    mkkeyfile 24 sha aes-192-ecb > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${TMPDIR}/loopfile
        loop=auto
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=defaults cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=sha keycipher=aes-192-ecb
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if mke2fs -q /dev/mapper/target${idx}; then true; else test_fail mke2fs; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi
    test_pass
};


function test_setup_roloop() {
    # test prepare/release of loopback on read-only device
    if test_start "read-only loopback"; then true else return; fi
    mkkeyfile 24 sha aes-192-ecb > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    mkdir ${TMPDIR}/romnt
    dd if=/dev/zero of=${TMPDIR}/roloopfile bs=1M count=16 2>/dev/null
    losetup ${LOOPDEV2} ${TMPDIR}/roloopfile
    mke2fs -q ${LOOPDEV2}
    mount -t ext2 ${LOOPDEV2} ${TMPDIR}/romnt
    dd if=/dev/zero of=${TMPDIR}/romnt/lpfl bs=1M count=8 2>/dev/null
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${TMPDIR}/romnt/lpfl flags=nofsck
        loop=auto
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=ro cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=sha keycipher=aes-192-ecb
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if mke2fs -q /dev/mapper/target${idx}; then true; else test_fail mke2fs; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi
    mount -o remount,ro ${TMPDIR}/romnt
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --mount target${idx} 2>&3; then true; else test_fail mount-ro; return; fi
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --unmount target${idx} 2>&3; then true; else test_fail unmount-ro; return; fi
    # ideally we should try rw-mounting the filesystem,
    # and checking that the operation fails, but libdevmapper-1.01 apparently
    # does not deal well with read-only loopback devices
    umount ${TMPDIR}/romnt
    losetup -d ${LOOPDEV2}
    rm ${TMPDIR}/roloopfile
    rmdir ${TMPDIR}/romnt
    test_pass
};

function test_null() {
    # test robustness to null cmtab targets
    if test_start "null targets"; then true; else return; fi
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --list 1>&3 2>&3 ; then true; else test_fail list; return; fi
    if ${CM} --config-dir ${TMPDIR} --list target${idx} 1>&3 2>&3; then true; else test_fail list; return; fi
    test_pass
};


function test_keygen() {
    # test automatic key generation
    if test_start "key generation"; then true; else return; fi
    if [ -f ${TMPDIR}/keyfile ]; then rm ${TMPDIR}/keyfile; fi
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${LOOPDEV}
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=defaults cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=sha keycipher=aes-192-cbc
    }
EOF
    if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --newpassword ${PASSWD} --generate-key 16 target${idx}" 2>&3; then test_fail "privilege violation"; return; fi
    if ${CM} --config-dir ${TMPDIR} --newpassword ${PASSWD} --generate-key 16 target${idx} 2>&3; then true; else test_fail make-key; return; fi
    if [ ! -f ${TMPDIR}/keyfile ]; then test_fail missing-key; return; fi
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi
    if ${CM} --config-dir ${TMPDIR} --newpassword ${PASSWD} --generate-key 16 target${idx} 2>&3; then test_fail key-overwrite; return; fi
    test_pass
};


function test_passchange() {
    # test password-changing
    if test_start "password changing"; then true; else return; fi
    if [ -f ${TMPDIR}/keyfile ]; then rm ${TMPDIR}/keyfile; fi
    idx=`mkrandshort`
    NEWPASSWD="${PASSWD}-new${idx}"
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${LOOPDEV}
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=defaults cipher=blowfish
        keyfile=${TMPDIR}/keyfile keyhash=rmd160 keycipher=des-ede-cbc
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --newpassword ${PASSWD} --generate-key 16 target${idx} 2>&3; then true; else test_fail make-key; return; fi
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi

    rm -f ${TMPDIR}/keyfile-old
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --newpassword ${NEWPASSWD} --change-password target${idx} 2>&3; then true; else test_fail "changing password"; return; fi
    if [ -f ${TMPDIR}/keyfile-old ]; then rm ${TMPDIR}/keyfile-old; else test_fail "missing backup key"; return; fi
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then test_fail "old password"; return; fi
    if ${CM} --config-dir ${TMPDIR} --password ${NEWPASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare-new; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release-new; return; fi
    test_pass
};


function test_mtab() {
    # test of updates to mtab
    if test_start "mtab updates"; then true; else return; fi
    mkkeyfile 7 sha1 cast5-cfb > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    if [ -x /sbin/mkfs.minix ]; then