mudslinger

Cryptmount是对Linux系统下的文件系统以及用户设备、文档等进行加密的系统.

    mkkeyfile 16 md4 aes192 > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    cat <<EOF > ${TMPDIR}/cmtab
    target${idx} {
        flags=user,nofsck
        dev=${TMPDIR}/devfile
        dir=${TMPDIR}/mnt
        fstype=ext3 fsoptions=,,,noatime cipher=blowfish
        keyfile=${TMPDIR}/keyfile keyhash=md4 keycipher=aes192
    }
EOF
    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
    if mke2fs -q -j /dev/mapper/target${idx}; then true; else test_fail mke2fs; return; fi
    if ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3; then true; else test_fail release; return; fi
    for mntopt in "" "-m" "--mount"
    do
        for unmopt in "-u" "--unmount"
        do
            echo "mount[${mntopt}] unmount[${unmopt}]" 1>&3
            if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} ${mntopt} target${idx}" 2>&3; then true; else test_fail mount; return; fi
            if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} ${unmopt} target${idx}" 2>&3; then true; else test_fail unmount; return; fi

        done
    done
    test_pass
};


function test_offsets() {
    # check if startsector/numsectors parameters operate correctly
    if test_start "block offsets"; then true; else return; fi
    mkkeyfile 16 md4 des > ${TMPDIR}/keyfile
    for offset in 0 16 256
    do
        for length in 128 512 2048
        do
            idx=`mkrandshort`
            cat <<EOF > ${TMPDIR}/cmtab
                target${idx} {
                    flags=user,nofsck
                    dev=${TMPDIR}/devfile
                    startsector=${offset}
                    numsectors=${length}
                    dir=${TMPDIR}/mnt
                    fstype=ext2 fsoptions=defaults
                    cipher=aes ivoffset=16
                    keyfile=${TMPDIR}/keyfile keyhash=md4
                    keycipher=des
                }
EOF
            dd if=/dev/zero of=${LOOPDEV} 2>/dev/null
            if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then
                dd if=/dev/zero of=/dev/mapper/target${idx} bs=1b count=`expr ${length} + 16` 2>&3
                locs=`${TMPDIR}/bingrep < ${LOOPDEV}`
                first=`echo $locs | awk '{printf"%d",($1 / 512)}'`
                extent=`echo $locs | awk '{printf"%d", ($2 - $1) / 512}'`
                if [ "${first}" -ne "${offset}" -o "${extent}" -ne "${length}" ]; then
                    test_fail "offset/length mismatch"
                    return
                fi
                ${CM} --config-dir ${TMPDIR} --release target${idx} 2>&3
            else
                test_fail prepare
                return
            fi
        done
    done
    test_pass
};


function test_swap() {
    # basic test of swapon/swapoff on raw device
    if test_start "swapon (device)"; then true; else return; fi
    for cfg in ext2,mkswap,fail swap,mkswap,pass swap,nomkswap,fail
    do
        fst=`echo $cfg | sed 's%^\([^,]*\),.*%\1%'`
        flg=`echo $cfg | sed 's%.*,\(.*\),.*%\1%'`
        exp=`echo $cfg | sed 's%[^,]*,[^,]*,\(.*\)%\1%'`

        idx=`mkrandshort`
        cat <<EOF > ${TMPDIR}/cmtab
        swap${idx} {
            dev=${LOOPDEV}
            fstype=${fst} flags=${flg} cipher=twofish
            keyfile=/dev/urandom keymaxlen=32 keycipher=none
        }
EOF
        echo "config: $cfg" 1>&3
        if su -p ${USER1} -c "${CM} --config-dir ${TMPDIR} --password ${PASSWD} --swapon swap${idx}" 2>&3; then test_fail privilege; return; fi
        if grep -q swap${idx} /proc/swaps; then test_fail pre-existing; return; fi
        ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --swapon swap${idx} 2>&3;
	stat=$?
	echo "stat: $stat" 1>&3
	if [ \( "$stat" -eq 0 -a "$exp" != "pass" \) -o \( "$stat" -ne 0 -a "$exp" != "fail" \) ]; then
	    test_fail swapon
	    return
	fi
	if [ "$stat" -eq 0 ]; then
            if grep -q swap${idx} /proc/swaps; then true; else test_fail proc+swaps; return; fi
	fi
        ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --swapoff swap${idx} 2>&3;
	if [ \( "$stat" -eq 0 -a "$exp" != "pass" \) -o \( "$stat" -ne 0 -a "$exp" != "fail" \) ]; then
            test_fail swapoff
	    return
	fi
	if [ "$stat" -eq 0 ]; then
            if grep -q swap${idx} /proc/swaps; then test_fail proc-swaps; return; fi
	fi
    done

    test_pass
};


function test_cscompat() {
    # check compatibility with cryptsetup
    if test_start "cryptsetup compatibility"; then true; else return; fi
    if which cryptsetup 1>&3; then true; else test_fail "not available"; return; fi
    mkkeyfile 32 md5 aes192 > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    for cipher in blowfish serpent
    do
        for length in 4096 8192
        do
            for startsec in 0 32
            do
                for ivoffset in 0 172 932
                do
                    echo "${cipher},${length},${startsec},${ivoffset}" 1>&3
                    openssl enc -d -aes192 -md md5 -in ${TMPDIR}/keyfile -pass pass:${PASSWD}| \
                    cryptsetup -d /dev/stdin -c ${cipher} -b ${length} -o ${startsec} -p ${ivoffset} create cstarget${idx} ${LOOPDEV} 2>&3 
                    if [ -b /dev/mapper/cstarget${idx} ]; then
                        mke2fs -q -j /dev/mapper/cstarget${idx}
                        cryptsetup remove cstarget${idx}
                    else
                        test_fail cryptsetup
                        return
                    fi
                    cat <<EOF > ${TMPDIR}/cmtab
                    target${idx} {
                        flags=user,nofsck
                        dev=${LOOPDEV}
                        startsector=${startsec} numsectors=${length}
                        dir=${TMPDIR}/mnt
                        fstype=ext3 fsoptions=defaults
                        cipher=${cipher} ivoffset=${ivoffset}
                        keyfile=${TMPDIR}/keyfile keyhash=md5 keycipher=aes192
                    }
EOF
                    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} target${idx} 2>&3; then true; else test_fail mount; return; fi
                    if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --unmount target${idx} 2>&3; then true; else test_fail unmount; return; fi
                done
            done
        done
    done
    test_pass
};


function test_loopset() {
    # check that 'loopdev' parameter correction targets specific loopback dev
    if test_start "loopdev specification"; then true; else return; fi
    mkkeyfile 16 md4 bf-ecb > ${TMPDIR}/keyfile
    idx=`mkrandshort`
    for ldev in /dev/loop{3,6,1,0,7,4,2,5}
    do
        if losetup $ldev >/dev/null 2>&1; then
            # loop-device is already in use
            true
        else
            cat <<EOF > ${TMPDIR}/cmtab
                target${idx} {
                    dev=${TMPDIR}/loopfile
                    loop=${ldev}
                    dir=${TMPDIR}/mnt
                    fstype=ext2 fsoptions=,,,ro,,,noatime cipher=twofish
                    keyfile=${TMPDIR}/keyfile keyhash=md4
                    keycipher=bf-ecb
                }
EOF
            if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --prepare target${idx} 2>&3; then true; else test_fail prepare; return; fi
            if losetup $ldev 1>&3 2>&3; then
                if ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --release target${idx} 2>&3; then true; else test_fail release; return; fi
            else
                ${CM} --config-dir ${TMPDIR} --password ${PASSWD} --release target${idx} 2>&3
                test_fail "loopback unconfigured";
                return
            fi
        fi
    done
    test_pass
};

function test_residues() {
    # check if any zombie device-mapper targets have been created
    if test_start "device-mapper residue targets"; then true; else return; fi
    sleep 1	# give time for old targets to die
    dmsetup ls | grep '^target' > ${TMPDIR}/dm-list1
    if cmp -s "${TMPDIR}/dm-list0" "${TMPDIR}/dm-list1"; then
        test_pass
    else
        test_fail
        for tgt in `awk '{printf"%s\n",$1}' ${TMPDIR}/dm-list1`
        do
            if grep -q "${tgt}" ${TMPDIR}/dm-list0; then true; else
                echo "removing ${tgt}"
                umount "/dev/mapper/${tgt}" 2>&3
                dmsetup remove ${tgt} 2>&3
            fi
        done
    fi
    rm "${TMPDIR}/dm-list1"
};


#
# main program
#


# prepare log-file:
exec 3> mudslinger.log
uname -a >&3
date >&3
if [ -r /usr/include/linux/version.h ]; then
    cat /usr/include/linux/version.h >&3
fi

if [ ! -d ${TMPDIR} ]; then
    mkdir ${TMPDIR} ${TMPDIR}/mnt
else
    echo "${TMPDIR} already exists - exiting"
    exit 1
fi

if [ ! -u ${CM} ]; then
    chown root ${CM}
    chmod u+s ${CM}
fi

# prepare loopback file & pseudo device file:
set -e
touch ${TMPDIR}/keyfile
dd if=/dev/zero of=${TMPDIR}/loopfile bs=1M count=64 2>&3 1>&2
dd if=/dev/zero of=${TMPDIR}/devfile bs=1M count=64 2>&3 1>&2
${LOSETUP} ${LOOPDEV} ${TMPDIR}/devfile
set +e

# keep record of existing device-mapper targets
dmsetup ls | grep '^target' > ${TMPDIR}/dm-list0

# prepare binary-search tool:
mkbingrep ${TMPDIR}/bingrep

# run all tests:
test_version
test_binary
test_setup_dev
test_setup_loop
test_setup_roloop
test_null
test_keygen
test_passchange
test_mtab
test_listing
test_bad_passwd
test_bad_keyalg
test_bad_keyhash
test_mountlock
test_userflags
test_frenzy
test_algorithms
test_mountsynonyms
test_offsets
test_loopset
test_swap
test_cscompat
test_residues

test_summary

${LOSETUP} -d ${LOOPDEV}
rm ${TMPDIR}/loopfile ${TMPDIR}/devfile ${TMPDIR}/keyfile \
    ${TMPDIR}/cmtab ${TMPDIR}/cmstatus \
    ${TMPDIR}/dm-list0 ${TMPDIR}/bingrep
rmdir ${TMPDIR}/mnt* ${TMPDIR}

exit 0