mudslinger

Cryptmount是对Linux系统下的文件系统以及用户设备、文档等进行加密的系统.

        fstype=minix
    else
        fstype=ext3
    fi
    for variant in "" "/" "//" "/./" "/.//./"
    do
        cat <<EOF > ${TMPDIR}/cmtab
        target${idx} {
            flags=user,nofsck
            dev=${TMPDIR}/loopfile
            dir=${TMPDIR}/mnt${variant}
            fstype=${fstype} fsoptions=ro,noexec cipher=cast5
            keyfile=${TMPDIR}/keyfile keyhash=sha1 keycipher=cast5-cfb
        }
EOF
        echo "variant=\"${variant}\"" >&3
        if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
        if mkfs -t ${fstype} /dev/mapper/target${idx} 1>&3 2>&3; then true; else
            ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3;
            test_fail mkfs.${fstype}; return
        fi
        if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi

        if [ `df -k | grep -c /dev/mapper/target${idx}` -ne 0 ]; then test_fail pre-existing; return; fi
        if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --mount target${idx}" 2>&3; then true; else test_fail mount; return; fi
        if [ `df -k | grep -c "/dev/mapper/target${idx}"` -ne 1 ]; then test_fail unregistered; return; fi
        if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --unmount target${idx}" 2>&3; then true; else test_fail unmount; return; fi
        if [ `df -k | grep -c /dev/mapper/target${idx}` -ne 0 ]; then test_fail remnant; return; fi
    done

    test_pass
};


function test_listing() {
    # test listing of cmtab targets
    if test_start "listing targets"; then true; else return; fi
    cat < /dev/null > ${TMPDIR}/cmtab
    tlist=""
    for tgt in 0 1 2 3 4 5 6 7
    do
        idx=`mkrandshort`
        idx2=`mkrandshort`
        cat <<EOF >> ${TMPDIR}/cmtab
            target${idx} { dev=${TMPDIR}/loopfile dir=/mnt/point-${idx2}
                fstype=brokenfs fsoptions=nosuid,noatime,sync cipher=blowfish
                keyfile=${TMPDIR}/keyfile keyhash=md5 keycipher=aes }
EOF
        tlist="${tlist} target${idx},/mnt/point-${idx2}"
    done
    if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --list" > ${TMPDIR}/tlist 2>&3; then true; else test_fail listing; return; fi
    for marker in ${tlist}
    do
        tgt=`echo $marker | sed 's/^\(.*\),.*/\1/'`
        dir=`echo $marker | sed 's/^.*,\(.*\)/\1/'`
        dirq=`awk "/^${tgt}/{ printf\"%s\",\\$5 }" ${TMPDIR}/tlist`
        if [ "${dirq}" = "" ]; then test_fail absent; return; fi
        if [ "${dirq}" != "\"${dir}\"" ]; then test_fail mismatched; return; fi
    done
    rm ${TMPDIR}/tlist
    test_pass
};


function test_bad_passwd() {
    # test of password mismatch
    if test_start "basic password mismatch"; then true; else return; fi
    mkkeyfile 32 md5 aes-128-cbc > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${LOOPDEV}
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=defaults cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=md5 keycipher=aes-128-cbc
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password NOT${PASSWD} --prepare target${idx} 2>&3; then
        ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3
        test_fail prepare
    else
        test_pass;
    fi
};


function test_bad_keyalg() {
    # test of unavailable keycipher algorithm
    if test_start "unavailable key-cipher"; then true; else return; fi
    mkkeyfile 32 md5 aes-128-cbc > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${LOOPDEV}
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=defaults cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=md5 keycipher=aes-123-ebc
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then
        ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3
        test_fail prepare
    else
        test_pass;
    fi
};


function test_bad_keyhash() {
    # test of unavailable keyhash algorithm
    if test_start "unavailable key-hashing"; then true; else return; fi
    mkkeyfile 32 md5 aes-128-cbc > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        dev=${LOOPDEV}
        dir=${TMPDIR}/mnt
        fstype=ext2 fsoptions=defaults cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=md15 keycipher=aes-128-cbc
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then
        ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3
        test_fail prepare
    else
        test_pass;
    fi
};


function test_frenzy() {
    # test multiple targets being (un)mounted in parallel
    if test_start "frenetic activity"; then true; else return; fi
    mkkeyfile 32 md4 aes-128-cbc > ${TMPDIR}/keyfile
    tgtlist=""
    pos=0
    fsz=2048
    cat /dev/null > ${TMPDIR}/cmtab
    for cnt in 0 1 2 3 4 5 6 7; do
        if [ ! -d ${TMPDIR}/mnt${cnt} ]; then mkdir ${TMPDIR}/mnt${cnt}; fi
        idx=`mkrandshort`
        while ( echo ${tgtlist} | grep -q target${idx} ); do
            idx=`mkrandshort`
	done
        tgtlist="$tgtlist target${idx}"
	cat <<EOF >> ${TMPDIR}/cmtab
        target${idx} {
            dev=${LOOPDEV} startsector=${pos} numsectors=${fsz}
            dir=${TMPDIR}/mnt${cnt} flags=user,nofsck
            fstype=ext2 fsoptions=defaults cipher=blowfish
            keyfile=${TMPDIR}/keyfile keyhash=md4 keycipher=aes-128-cbc }
EOF
        pos=`expr ${pos} + ${fsz}`
    done
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare --all 2>&3; then true; else test_fail prepare; return; fi
    for tgt in ${tgtlist}; do
        if mke2fs -q /dev/mapper/${tgt}; then true; else test_fail mke2fs; return; fi
        if ${CM} --config-dir ${TMPDIR} --release ${tgt} 2>&3; then true; else test_fail release; fi
    done
    srtlist=`echo ${tgtlist} | awk '{for (i=1; i<=NF; ++i) printf"%s\n",\$i}' | sort`
    for tgt in ${srtlist}; do
        su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --mount ${tgt}" 2>&3 &
    done
    wait
    cat ${TMPDIR}/cmstatus 1>&3
    if [ `wc -l ${TMPDIR}/cmstatus | awk '{printf"%d",$1}'` -ne 10 ]; then test_fail cmstatus; return; fi
    if [ `df -k | grep -c /dev/mapper/target` -lt 8 ]; then test_fail df; return; fi
    if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --unmount --all" 2>&3; then true; else test_fail unmount; return; fi
    test_pass
};


function test_algorithms() {
    # test usability of different encryption & hashing algorithms
    if test_start "algorithm availability"; then true; else return; fi
    for keycipher in aes-128-cbc des rc4-40
    do
        for keyhash in md5 sha1
        do
            for CipherLen in aes,32 blowfish,48 serpent,16
            do
                cipher=`echo $CipherLen | sed 's/^\(.*\),.*/\1/'`
                len=`echo $CipherLen | sed 's/^.*,\(.*\)/\1/'`
                echo "keycipher=${keycipher} keyhash=${keyhash} cipher=${CipherLen}" 1>&3

                mkkeyfile ${len} ${keyhash} ${keycipher} > ${TMPDIR}/keyfile
                idx=`mkrandshort`
                cat <<EOF > ${TMPDIR}/cmtab
                    target${idx} {
                        flags=user,nofsck
                        dev=${TMPDIR}/loopfile
                        dir=${TMPDIR}/mnt
                        fstype=ext3 fsoptions=noatime,sync cipher=${cipher}
                        keyfile=${TMPDIR}/keyfile keyhash=${keyhash}
                        keycipher=${keycipher}
                    }
EOF
                if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
                if mke2fs -q -j /dev/mapper/target${idx}; then true; else test_fail mke2fs; return; fi
                if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi

                if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --mount target${idx}" 2>&3; then true; else test_fail mount; return; fi
                if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --unmount target${idx}" 2>&3; then true; else test_fail unmount; return; fi

            done
        done
    done
    test_pass
};


function test_mountlock() {
    # test of mounting & user-locking
    if test_start "mounting & user-locking"; then true; else return; fi
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
	flags=user,nofsck
        dev=${TMPDIR}/loopfile
        dir=${TMPDIR}/mnt
        fstype=ext3 fsoptions=nosuid,noexec cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=sha1 keycipher=cast5-cfb
    }
EOF
    rm -f ${TMPDIR}/keyfile
    if ${CM} --config-dir ${TMPDIR} --generate-key 32 --newpassword ${PASSWD} target${idx} 2>&3; then true; else test_fail make-key; return; fi
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if mke2fs -q -j /dev/mapper/target${idx}; then true; else test_fail mke2fs; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi

    if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --mount target${idx}" 2>&3; then true; else test_fail mount; return; fi
    if su -p ${USER2} -c "${CM} --config-dir ${TMPDIR} --unmount target${idx}" 2>&3; then test_fail bad-unmount; return; fi
    if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --unmount target${idx}" 2>&3; then true; else test_fail unmount; return; fi

    test_pass
};


function test_userflags() {
    # test of mounting with user/nouser flags
    if test_start "mounting & user-flags"; then true; else return; fi
    mkkeyfile 24 sha1 cast5-cfb > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
	flags=nouser,nofsck
        dev=${TMPDIR}/loopfile
        dir=${TMPDIR}/mnt
        fstype=ext3 fsoptions=nosuid,noexec cipher=twofish
        keyfile=${TMPDIR}/keyfile keyhash=sha1 keycipher=cast5-cfb
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if mke2fs -q -j /dev/mapper/target${idx}; then true; else test_fail mke2fs; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi

    for cfg in user,${USER1},pass user,root,pass nouser,${USER1},fail nouser,root,pass
    do
        flgs=`echo $cfg | sed 's%^\([^,]*\),.*%\1%'`
        usr=`echo $cfg | sed 's%.*,\(.*\),.*%\1%'`
        exp=`echo $cfg | sed 's%[^,]*,[^,]*,\(.*\)%\1%'`
        ed -s ${TMPDIR}/cmtab <<EOF 2>/dev/null 1>&2
/flags=/
c
flags=${flgs},nofsck
.
w
q
EOF
        echo "config: $cfg" 1>&3
        su -p ${usr} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --mount target${idx}" 2>&3
        stat=$?
        if [ \( "$stat" -eq 0 -a "$exp" != "pass" \) -o \( "$stat" -ne 0 -a "$exp" != "fail" \) ]; then
            test_fail bad-mount
            return
        fi
        su -p ${usr} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --unmount target${idx}" 2>&3
        stat=$?
        if [ \( "$stat" -eq 0 -a "$exp" != "pass" \) -o \( "$stat" -ne 0 -a "$exp" != "fail" \) ]; then
            test_fail bad-unmount
            return
        fi
    done

    test_pass
};


function test_mountsynonyms() {
    # test for synonyms of (un)mount
    if test_start "mount synonyms"; then true; else return; fi