BTW. I created a script that tests all possible ciphers, keysizes,
chaining modes and iv modes for dm-crypt. arc4 is the only one that fails.
You can add it your regression testsuite if you want.
Mikulas
#!/bin/sh
dmsetup remove cr0
set -e
cipher="$@"
cryptsetup -d key $cipher create cr0 /dev/ram0
mkfs.ext3 -b 1024 /dev/mapper/cr0
fsck.ext2 -fn /dev/mapper/cr0
dmsetup remove cr0
cryptsetup -d key $cipher create cr0 /dev/ram0
fsck.ext2 -fn /dev/mapper/cr0
dmsetup remove cr0
#!/bin/sh
set -e
>log
# arc4 - doesn't work
for cipher in aes anubis blowfish camellia cast5 cast6 des des3_ede fcrypt khazad seed serpent tnepres tea xtea xeta; do
if [ -n "$1" -a "$cipher" != "$1" ]; then
continue
fi
if [ $cipher = aes ]; then
keysizes="128 192 256"
blocksize=128
elif [ $cipher = anubis ]; then
keysizes="`seq 128 32 320`"
blocksize=128
elif [ $cipher = arc4 ]; then
keysizes="`seq 8 256 2048` 2048"
blocksize=1
elif [ $cipher = blowfish ]; then
keysizes="`seq 32 8 448`"
blocksize=64
elif [ $cipher = camellia ]; then
keysizes="128 192 256"
blocksize=128
elif [ $cipher = cast5 ]; then
keysizes="`seq 40 8 128`"
blocksize=64
elif [ $cipher = cast6 ]; then
keysizes="`seq 128 32 256`"
blocksize=128
elif [ $cipher = des ]; then
keysizes=64
blocksize=64
elif [ $cipher = des3_ede ]; then
keysizes=192
blocksize=64
elif [ $cipher = fcrypt ]; then
keysizes=64
blocksize=64
elif [ $cipher = khazad ]; then
keysizes=128
blocksize=64
elif [ $cipher = seed ]; then
keysizes=128
blocksize=128
elif [ $cipher = serpent -o $cipher = tnepres ]; then
keysizes="`seq 0 8 256`"
blocksize=128
elif [ $cipher = tea -o $cipher = xtea -o $cipher = xeta ]; then
keysizes=128
blocksize=64
elif [ $cipher = twofish ]; then
keysizes="128 192 256"
blocksize=128
else
echo UNKNOWN CIPHER
exit 1
fi
for keysize in $keysizes; do
# if ! echo $keysizes | grep -qw $keysize$; then continue; fi
for chaining in cbc ctr ecb lrw pcbc xts; do
chaining_keysize=$keysize
if [ $chaining = xts ]; then
chaining_keysize=`expr $chaining_keysize \* 2 | cat`;
if [ $blocksize != 128 ]; then continue; fi
fi
if [ $chaining = lrw ]; then
chaining_keysize=`expr $chaining_keysize + $blocksize | cat`
if [ $blocksize != 128 ]; then continue; fi
fi
for iv in null plain benbi essiv:md4 essiv:md5 essiv:michael_mic essiv:rmd128 essiv:rmd160 essiv:rmd256 essiv:rmd320 essiv:sha1 essiv:sha224 essiv:sha256 essiv:sha384 essiv:sha512 essiv:tgr128 essiv:tgr160 essiv:tgr192 essiv:wp256 essiv:wp384 essiv:wp512; do
if [ $chaining = ecb ] && echo "$iv" | grep -q ^essiv; then continue; fi
if [ $iv = essiv:md4 ] && ! echo $keysizes | grep -qw 128; then continue; fi
if [ $iv = essiv:md5 ] && ! echo $keysizes | grep -qw 128; then continue; fi
if [ $iv = essiv:michael_mic ] && ! echo $keysizes | grep -qw 64; then continue; fi
if [ $iv = essiv:rmd128 ] && ! echo $keysizes | grep -qw 128; then continue; fi
if [ $iv = essiv:rmd160 ] && ! echo $keysizes | grep -qw 160; then continue; fi
if [ $iv = essiv:rmd256 ] && ! echo $keysizes | grep -qw 256; then continue; fi
if [ $iv = essiv:rmd320 ] && ! echo $keysizes | grep -qw 320; then continue; fi
if [ $iv = essiv:sha1 ] && ! echo $keysizes | grep -qw 160; then continue; fi
if [ $iv = essiv:sha224 ] && ! echo $keysizes | grep -qw 224; then continue; fi
if [ $iv = essiv:sha256 ] && ! echo $keysizes | grep -qw 256; then continue; fi
if [ $iv = essiv:sha384 ] && ! echo $keysizes | grep -qw 384; then continue; fi
if [ $iv = essiv:sha512 ] && ! echo $keysizes | grep -qw 512; then continue; fi
if [ $iv = essiv:tgr128 ] && ! echo $keysizes | grep -qw 128; then continue; fi
if [ $iv = essiv:tgr160 ] && ! echo $keysizes | grep -qw 160; then continue; fi
if [ $iv = essiv:tgr192 ] && ! echo $keysizes | grep -qw 192; then continue; fi
if [ $iv = essiv:wp256 ] && ! echo $keysizes | grep -qw 256; then continue; fi
if [ $iv = essiv:wp384 ] && ! echo $keysizes | grep -qw 384; then continue; fi
if [ $iv = essiv:wp512 ] && ! echo $keysizes | grep -qw 512; then continue; fi
echo TESTING: CIPHER $cipher, KEYSIZE $chaining_keysize, CHAINING $chaining, IV $iv | tee -a log
./test-cipher -s $chaining_keysize -c $cipher-$chaining-$iv
done
done
done
done
echo PASSED
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel