armoon

Cryptsetup disk benchmark script

Jan 24th, 2018
97
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. set -x
  3.  
  4. echo "Cryptsetup disk benchmark script"
  5.  
  6. # Default settings assume a 1G tmpfs is mount at /tmp and mostly unused
  7. # add this to /etc/fstab and reboot:
  8. #tmpfs /tmp tmpfs nodev,nosuid,size=1G 0 0
  9. # Alternatively, change SRCDEV to an existing disk.
  10.  
  11. SRCDEV="$1"
  12. if [[ -z "$SRCDEV" ]]; then
  13. SRCDEV=/dev/sda1
  14. #SRCDEV=/tmp/testcontainer.bin
  15. fi
  16. SRCDEVSIZE=939524096
  17. TESTKEY=/tmp/testkey.key
  18. TESTKEYSIZE=512
  19. PASSHASH=sha512
  20. FILEBLOCKSIZE=8M
  21. FILEBLOCKCOUNT=100
  22. CRYPTDEVNAME=test
  23. MOUNTPOINT=/mnt
  24. # conv=fsync causes write test to flush more often but less intelligently
  25. DDWRITEEXTRACMDS="conv=fsync"
  26. DDREADEXTRACMDS=""
  27.  
  28. if [[ "$USER" != "root" ]]; then
  29. echo "Must be root"
  30. exit 1
  31. fi
  32.  
  33. echo -e "\nDEVICE: ${SRCDEV}\nKEYFILE: ${TESTKEY}\n"
  34. echo "WARNING: THIS TEST IS DESTRUCTIVE TO THE TARGET DEVICE - BACKUP DATA FIRST - KERNEL BUGS COULD ALSO AFFECT OTHER PARTITIONS/FILES ON THE SAME DRIVE"
  35. read -r -N 1 -p "PRESS 'Y' TO START, ANY OTHER KEY TO EXIT... " VALREPLY
  36. if [[ "${VALREPLY}" != "y" ]] && [[ "${VALREPLY}" != "Y" ]]; then
  37. echo ""
  38. echo "Aborted."
  39. exit 2
  40. fi
  41. echo ""
  42.  
  43. if [[ ! -e "$SRCDEV" ]]; then
  44. fallocate -l $SRCDEVSIZE "$SRCDEV" || { echo "ERROR allocating"; exit 1; }
  45. fi
  46.  
  47. if [[ ! -e "$TESTKEY" ]]; then
  48. dd if=/dev/urandom of="$TESTKEY" bs=${TESTKEYSIZE} count=1 ; sync || { echo "ERROR making key"; exit 1; }
  49. fi
  50.  
  51. if [[ ! -d "$MOUNTPOINT" ]]; then
  52. mkdir -p "$MOUNTPOINT" || { echo "ERROR making mount point"; exit 1; }
  53. fi
  54.  
  55. clear_caches()
  56. {
  57. sync
  58. echo 3 > /proc/sys/vm/drop_caches
  59. sync
  60. }
  61.  
  62. test_cipher()
  63. {
  64. local cipher="$1"
  65. local keysize="$2"
  66. echo ""
  67. echo "$cipher ($keysize bit key)"
  68. cryptsetup luksFormat -q -d "$TESTKEY" --cipher $cipher -h $PASSHASH -s $keysize "$SRCDEV" && sync && \
  69. cryptsetup open -q -d "$TESTKEY" "$SRCDEV" ${CRYPTDEVNAME} && mkfs.ext4 -q /dev/mapper/${CRYPTDEVNAME} && sync && mount /dev/mapper/${CRYPTDEVNAME} "$MOUNTPOINT" && cd "$MOUNTPOINT" && clear_caches && \
  70. echo "WRITE:" && dd ${DDWRITEEXTRACMDS} if=/dev/zero of=temp.bin bs=$FILEBLOCKSIZE count=$FILEBLOCKCOUNT && clear_caches &&
  71. echo "READ:" && dd ${DDREADEXTRACMDS} if=temp.bin of=/dev/null bs=$FILEBLOCKSIZE count=$FILEBLOCKCOUNT && clear_caches && \
  72. cd / && umount "$MOUNTPOINT" && cryptsetup close -q ${CRYPTDEVNAME} && sync
  73. }
  74.  
  75. control_c()
  76. {
  77. cd /
  78. sync
  79. if mount | grep -qP "^/dev/mapper/${CRYPTDEVNAME}\\s"; then
  80. echo "Unmounting..."
  81. umount "$MOUNTPOINT"
  82. fi
  83. sync
  84. if [[ -e "/dev/mapper/${CRYPTDEVNAME}" ]]; then
  85. echo "Closing crypt device..."
  86. cryptsetup close ${CRYPTDEVNAME}
  87. fi
  88. exit 0
  89. }
  90.  
  91. trap control_c EXIT
  92.  
  93. test_cipher aes-cbc-essiv:sha256 128 && \
  94. test_cipher aes-cbc-essiv:sha256 256 && \
  95. test_cipher aes-xts-plain64 256 && \
  96. test_cipher aes-xts-plain64 512 && \
  97. test_cipher twofish-cbc-essiv:sha256 128 && \
  98. test_cipher twofish-cbc-essiv:sha256 256 && \
  99. test_cipher twofish-xts-plain64 256 && \
  100. test_cipher twofish-xts-plain64 512 && \
  101. test_cipher serpent-cbc-essiv:sha256 128 && \
  102. test_cipher serpent-cbc-essiv:sha256 256 && \
  103. test_cipher serpent-xts-plain64 256 && \
  104. test_cipher serpent-xts-plain64 512 && \
  105. true || { echo "ERROR in test"; exit 1; }
  106.  
  107. exit 0
RAW Paste Data