Cryptsetup disk benchmark script

1. #!/bin/bash
2. set -x
3.  
4. echo "Cryptsetup disk benchmark script"
5.  
6. # Default settings assume a 1G tmpfs is mount at /tmp and mostly unused
7. # add this to /etc/fstab and reboot:
8. #tmpfs /tmp tmpfs nodev,nosuid,size=1G 0 0
9. # Alternatively, change SRCDEV to an existing disk.
10.  
11. SRCDEV="$1"
12. if [[ -z "$SRCDEV" ]]; then
13. SRCDEV=/dev/sda1
14. #SRCDEV=/tmp/testcontainer.bin
15. fi
16. SRCDEVSIZE=939524096
17. TESTKEY=/tmp/testkey.key
18. TESTKEYSIZE=512
19. PASSHASH=sha512
20. FILEBLOCKSIZE=8M
21. FILEBLOCKCOUNT=100
22. CRYPTDEVNAME=test
23. MOUNTPOINT=/mnt
24. # conv=fsync causes write test to flush more often but less intelligently
25. DDWRITEEXTRACMDS="conv=fsync"
26. DDREADEXTRACMDS=""
27.  
28. if [[ "$USER" != "root" ]]; then
29. echo "Must be root"
30. exit 1
31. fi
32.  
33. echo -e "\nDEVICE: ${SRCDEV}\nKEYFILE: ${TESTKEY}\n"
34. echo "WARNING: THIS TEST IS DESTRUCTIVE TO THE TARGET DEVICE - BACKUP DATA FIRST - KERNEL BUGS COULD ALSO AFFECT OTHER PARTITIONS/FILES ON THE SAME DRIVE"
35. read -r -N 1 -p "PRESS 'Y' TO START, ANY OTHER KEY TO EXIT... " VALREPLY
36. if [[ "${VALREPLY}" != "y" ]] && [[ "${VALREPLY}" != "Y" ]]; then
37. echo ""
38. echo "Aborted."
39. exit 2
40. fi
41. echo ""
42.  
43. if [[ ! -e "$SRCDEV" ]]; then
44. fallocate -l $SRCDEVSIZE "$SRCDEV" || { echo "ERROR allocating"; exit 1; }
45. fi
46.  
47. if [[ ! -e "$TESTKEY" ]]; then
48. dd if=/dev/urandom of="$TESTKEY" bs=${TESTKEYSIZE} count=1 ; sync || { echo "ERROR making key"; exit 1; }
49. fi
50.  
51. if [[ ! -d "$MOUNTPOINT" ]]; then
52. mkdir -p "$MOUNTPOINT" || { echo "ERROR making mount point"; exit 1; }
53. fi
54.  
55. clear_caches()
56. {
57. sync
58. echo 3 > /proc/sys/vm/drop_caches
59. sync
60. }
61.  
62. test_cipher()
63. {
64. local cipher="$1"
65. local keysize="$2"
66. echo ""
67. echo "$cipher ($keysize bit key)"
68. cryptsetup luksFormat -q -d "$TESTKEY" --cipher $cipher -h $PASSHASH -s $keysize "$SRCDEV" && sync && \
69. cryptsetup open -q -d "$TESTKEY" "$SRCDEV" ${CRYPTDEVNAME} && mkfs.ext4 -q /dev/mapper/${CRYPTDEVNAME} && sync && mount /dev/mapper/${CRYPTDEVNAME} "$MOUNTPOINT" && cd "$MOUNTPOINT" && clear_caches && \
70. echo "WRITE:" && dd ${DDWRITEEXTRACMDS} if=/dev/zero of=temp.bin bs=$FILEBLOCKSIZE count=$FILEBLOCKCOUNT && clear_caches &&
71. echo "READ:" && dd ${DDREADEXTRACMDS} if=temp.bin of=/dev/null bs=$FILEBLOCKSIZE count=$FILEBLOCKCOUNT && clear_caches && \
72. cd / && umount "$MOUNTPOINT" && cryptsetup close -q ${CRYPTDEVNAME} && sync
73. }
74.  
75. control_c()
76. {
77. cd /
78. sync
79. if mount | grep -qP "^/dev/mapper/${CRYPTDEVNAME}\\s"; then
80. echo "Unmounting..."
81. umount "$MOUNTPOINT"
82. fi
83. sync
84. if [[ -e "/dev/mapper/${CRYPTDEVNAME}" ]]; then
85. echo "Closing crypt device..."
86. cryptsetup close ${CRYPTDEVNAME}
87. fi
88. exit 0
89. }
90.  
91. trap control_c EXIT
92.  
93. test_cipher aes-cbc-essiv:sha256 128 && \
94. test_cipher aes-cbc-essiv:sha256 256 && \
95. test_cipher aes-xts-plain64 256 && \
96. test_cipher aes-xts-plain64 512 && \
97. test_cipher twofish-cbc-essiv:sha256 128 && \
98. test_cipher twofish-cbc-essiv:sha256 256 && \
99. test_cipher twofish-xts-plain64 256 && \
100. test_cipher twofish-xts-plain64 512 && \
101. test_cipher serpent-cbc-essiv:sha256 128 && \
102. test_cipher serpent-cbc-essiv:sha256 256 && \
103. test_cipher serpent-xts-plain64 256 && \
104. test_cipher serpent-xts-plain64 512 && \
105. true || { echo "ERROR in test"; exit 1; }
106.  
107. exit 0