diff options
| author | asomers <asomers@FreeBSD.org> | 2018-02-02 21:57:00 +0000 |
|---|---|---|
| committer | asomers <asomers@FreeBSD.org> | 2018-02-02 21:57:00 +0000 |
| commit | 3ee9dc3bc419eb0408a1251e27f8de7c736ce9a1 (patch) | |
| tree | a4a7d862bf96a17abb9b72ed22413782558e2713 | |
| parent | e1157f670d8d555bd9838f6f343deda54fe51583 (diff) | |
| download | FreeBSD-src-3ee9dc3bc419eb0408a1251e27f8de7c736ce9a1.zip FreeBSD-src-3ee9dc3bc419eb0408a1251e27f8de7c736ce9a1.tar.gz | |
MFC geli test suite changes
MFC r306188, r306395, r327346-r327347, r327352-r327353, r327662, r327666, r327682-r327683, r327685
r306188 by br:
Use bsdlabel as we don't have hardlink disklabel -> bsdlabel
on some platforms.
Reviewed by: ngie
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
Differential Revision: https://reviews.freebsd.org/D7968
r306395 by br:
Increase timeouts for geli tests. It takes 2-3x more time to proceed the
tests on MIPS64EB in QEMU.
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
r327346:
Fix potential TOCTTOU bug in the geli tests
This change mostly reverts r293436, which introduced the bug due to a belief
that geli(8) would allocate md(4) devices by itself. However, that belief is
incorrect. Instead of using linear probing to find available md(4) numbers,
it's best to use the existing attach_md function.
Reviewed by: ngie
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D13666
r327347:
geli: factor out some common code in the geli tests
No functional change.
Sponsored by: Spectra Logic Corp
r327352:
Fix a harmless typo from r310786
I copy/pasted a reference to an undefined shell variable.
r327353:
geli: fix the resize test on arm64
The resize test used bsdlabel(8), which is not available on all
architectures. Change it to use gpart(8) instead, which should be available
everywhere.
PR: 221763
Reported by: andrew
r327662:
geli: convert most tests from TAP to ATF
I'm leaving readonly_test and nokey_test alone for now. In a future commit
they should be broken up into several smaller test cases and distributed
between multiple files.
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D13717
r327666:
geli: fix parallel execution of tests
The trick is not to destroy an md(4) device during a test. That can create
a "double-free" situation, because we also destroy md devices during test
cleanup.
r327682:
Fix typo from r327666
X-MFC-With: 327666
r327683:
geli: convert remaining TAP tests to ATF
r327685:
geli: optimize tests
Reduce the geli tests' runtime by about a third:
* In integrity_test:copy, use a file-backed md(4) device instead of a
malloc'd one. That way we can corrupt the underlying storage without
needing to detach and reattach the geli device.
* In integrity_test:{copy, hmac, data} and onetime_test:{onetime,
onetime_a}, move reads of /dev/random out of the loop.
28 files changed, 1379 insertions, 1626 deletions
diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index cb3d5e4..d862455 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -38,6 +38,22 @@ # xargs -n1 | sort | uniq -d; # done +# 20180202: Convert geli(8) tests to ATF +OLD_FILES+=tests/sys/geom/class/eli/nokey_test.sh +OLD_FILES+=tests/sys/geom/class/eli/readonly_test.sh +OLD_FILES+=tests/sys/geom/class/eli/attach_d_test.sh +OLD_FILES+=tests/sys/geom/class/eli/configure_b_B_test.sh +OLD_FILES+=tests/sys/geom/class/eli/detach_l_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_B_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_J_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_a_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_alias_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_i_P_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_copy_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_data_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_hmac_test.sh +OLD_FILES+=tests/sys/geom/class/eli/onetime_a_test.sh +OLD_FILES+=tests/sys/geom/class/eli/onetime_d_test.sh # 20171226: new clang import which bumps version from 5.0.0 to 5.0.1. OLD_FILES+=usr/lib/clang/5.0.0/include/sanitizer/allocator_interface.h OLD_FILES+=usr/lib/clang/5.0.0/include/sanitizer/asan_interface.h diff --git a/tests/sys/geom/class/eli/Makefile b/tests/sys/geom/class/eli/Makefile index cc71e5a..2acf3c4 100644 --- a/tests/sys/geom/class/eli/Makefile +++ b/tests/sys/geom/class/eli/Makefile @@ -7,36 +7,16 @@ PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T} ATF_TESTS_C= pbkdf2_test - -TAP_TESTS_SH+= attach_d_test -TAP_TESTS_SH+= configure_b_B_test -TAP_TESTS_SH+= delkey_test -TAP_TESTS_SH+= detach_l_test -TAP_TESTS_SH+= init_B_test -TAP_TESTS_SH+= init_J_test -TAP_TESTS_SH+= init_a_test -TAP_TESTS_SH+= init_alias_test -TAP_TESTS_SH+= init_i_P_test -TAP_TESTS_SH+= init_test -TAP_TESTS_SH+= integrity_copy_test -TAP_TESTS_SH+= integrity_data_test -TAP_TESTS_SH+= integrity_hmac_test -TAP_TESTS_SH+= kill_test -TAP_TESTS_SH+= nokey_test -TAP_TESTS_SH+= onetime_a_test -TAP_TESTS_SH+= onetime_d_test -TAP_TESTS_SH+= onetime_test -TAP_TESTS_SH+= readonly_test -TAP_TESTS_SH+= resize_test -TAP_TESTS_SH+= setkey_test - -TEST_METADATA.init_a_test+= timeout="1200" -TEST_METADATA.init_test+= timeout="300" -TEST_METADATA.integrity_copy_test+= timeout="1200" -TEST_METADATA.integrity_data_test+= timeout="600" -TEST_METADATA.integrity_hmac_test+= timeout="600" -TEST_METADATA.onetime_a_test+= timeout="600" -TEST_METADATA.onetime_test+= timeout="600" +ATF_TESTS_SH+= attach_test +ATF_TESTS_SH+= configure_test +ATF_TESTS_SH+= delkey_test +ATF_TESTS_SH+= detach_test +ATF_TESTS_SH+= init_test +ATF_TESTS_SH+= integrity_test +ATF_TESTS_SH+= kill_test +ATF_TESTS_SH+= onetime_test +ATF_TESTS_SH+= resize_test +ATF_TESTS_SH+= setkey_test ${PACKAGE}FILES+= conf.sh diff --git a/tests/sys/geom/class/eli/attach_d_test.sh b/tests/sys/geom/class/eli/attach_d_test.sh deleted file mode 100644 index 5d700b3..0000000 --- a/tests/sys/geom/class/eli/attach_d_test.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..3" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile md${no} -geli attach -d -p -k $keyfile md${no} -if [ -c /dev/md${no}.eli ]; then - echo "ok 1" -else - echo "not ok 1" -fi -# Be sure it doesn't detach on read. -dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ -c /dev/md${no}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi -true > /dev/md${no}.eli -sleep 1 -if [ ! -c /dev/md${no}.eli ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -rm -f $keyfile diff --git a/tests/sys/geom/class/eli/attach_test.sh b/tests/sys/geom/class/eli/attach_test.sh new file mode 100755 index 0000000..4223005 --- /dev/null +++ b/tests/sys/geom/class/eli/attach_test.sh @@ -0,0 +1,100 @@ +# $FreeBSD$ + +atf_test_case attach_d cleanup +attach_d_head() +{ + atf_set "descr" "geli attach -d will cause the provider to detach on last close" + atf_set "require.user" "root" +} +attach_d_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check geli attach -d -p -k keyfile ${md} + + # Be sure it doesn't detach on read. + atf_check dd if=/dev/${md}.eli of=/dev/null status=none + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Detached on last close of a reader" + fi + + # It should detach on last close of a writer + true > /dev/${md}.eli + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Did not detach on last close of a writer" + fi + +} +attach_d_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case attach_r cleanup +attach_r_head() +{ + atf_set "descr" "geli attach -r will create a readonly provider" + atf_set "require.user" "root" +} +attach_r_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check geli attach -r -p -k keyfile ${md} + + atf_check -o match:"^Flags: .*READ-ONLY" geli list ${md}.eli + + # Verify that writes are verbotten + atf_check -s not-exit:0 -e match:"Read-only" \ + dd if=/dev/zero of=/dev/${md}.eli count=1 +} +attach_r_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case nokey cleanup +nokey_head() +{ + atf_set "descr" "geli attach fails if called with no key component" + atf_set "require.user" "root" +} +nokey_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check -s not-exit:0 -e match:"No key components given" \ + geli attach -p ${md} 2>/dev/null +} +nokey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case attach_d + atf_add_test_case attach_r + atf_add_test_case nokey +} diff --git a/tests/sys/geom/class/eli/conf.sh b/tests/sys/geom/class/eli/conf.sh index 5ac291b..52885a1 100644 --- a/tests/sys/geom/class/eli/conf.sh +++ b/tests/sys/geom/class/eli/conf.sh @@ -2,20 +2,39 @@ # $FreeBSD$ class="eli" -base=`basename $0` +base=$(atf_get ident) +MAX_SECSIZE=8192 +TEST_MDS_FILE=md.devs -# We need to use linear probing in order to detect the first available md(4) -# device instead of using mdconfig -a -t, because geli(8) attachs md(4) devices -no=0 -while [ -c /dev/md$no ]; do - : $(( no += 1 )) -done +attach_md() +{ + local test_md + + test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)" + echo $test_md >> $TEST_MDS_FILE || exit + echo $test_md +} # Execute `func` for each combination of cipher, sectorsize, and hmac algo # `func` usage should be: # func <cipher> <aalgo> <secsize> for_each_geli_config() { func=$1 + backing_filename=$2 + + # Double the sector size to allow for the HMACs' storage space. + osecsize=$(( $MAX_SECSIZE * 2 )) + # geli needs 512B for the label. + bytes=`expr $osecsize \* $sectors + 512`b + + if [ -n "$backing_filename" ]; then + # Use a file-backed md(4) device, so we can deliberatly corrupt + # it without detaching the geli device first. + truncate -s $bytes backing_file + md=$(attach_md -t vnode -f backing_file) + else + md=$(attach_md -t malloc -s $bytes) + fi for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ @@ -29,8 +48,9 @@ for_each_geli_config() { keylen=${cipher##*:} for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \ hmac/sha384 hmac/sha512; do - for secsize in 512 1024 2048 4096 8192; do + for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $aalgo $secsize + geli detach ${md} 2>/dev/null done done done @@ -42,6 +62,9 @@ for_each_geli_config() { for_each_geli_config_nointegrity() { func=$1 + # geli needs 512B for the label. + bytes=`expr $MAX_SECSIZE \* $sectors + 512`b + md=$(attach_md -t malloc -s $bytes) for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ 3des-cbc:192 \ @@ -52,8 +75,9 @@ for_each_geli_config_nointegrity() { camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} - for secsize in 512 1024 2048 4096 8192; do - ${func} $cipher $aalgo $secsize + for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do + ${func} $cipher $secsize + geli detach ${md} 2>/dev/null done done } @@ -61,9 +85,14 @@ for_each_geli_config_nointegrity() { geli_test_cleanup() { - [ -c /dev/md${no}.eli ] && geli detach md${no}.eli - mdconfig -d -u $no + if [ -f "$TEST_MDS_FILE" ]; then + while read md; do + [ -c /dev/${md}.eli ] && \ + geli detach $md.eli 2>/dev/null + mdconfig -d -u $md 2>/dev/null + done < $TEST_MDS_FILE + fi + true } -trap geli_test_cleanup ABRT EXIT INT TERM . `dirname $0`/../geom_subr.sh diff --git a/tests/sys/geom/class/eli/configure_b_B_test.sh b/tests/sys/geom/class/eli/configure_b_B_test.sh deleted file mode 100644 index b6cdf4f..0000000 --- a/tests/sys/geom/class/eli/configure_b_B_test.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..17" - -geli init -B none -P -K /dev/null md${no} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi - -geli dump md${no} | egrep 'flags: 0x0$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -geli init -B none -b -P -K /dev/null md${no} -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -geli dump md${no} | egrep 'flags: 0x2$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -geli configure -B md${no} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi - -geli dump md${no} | egrep 'flags: 0x0$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi - -geli configure -b md${no} -if [ $? -eq 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi - -geli dump md${no} | egrep 'flags: 0x2$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi - -geli attach -p -k /dev/null md${no} -if [ $? -eq 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi - -geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi - -geli configure -B md${no} -if [ $? -eq 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi - -geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null -if [ $? -ne 0 ]; then - echo "ok 12" -else - echo "not ok 12" -fi - -geli dump md${no} | egrep 'flags: 0x0$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 13" -else - echo "not ok 13" -fi - -geli configure -b md${no} -if [ $? -eq 0 ]; then - echo "ok 14" -else - echo "not ok 14" -fi - -geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 15" -else - echo "not ok 15" -fi - -geli dump md${no} | egrep 'flags: 0x2$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 16" -else - echo "not ok 16" -fi - -geli detach md${no} -if [ $? -eq 0 ]; then - echo "ok 17" -else - echo "not ok 17" -fi diff --git a/tests/sys/geom/class/eli/configure_test.sh b/tests/sys/geom/class/eli/configure_test.sh new file mode 100755 index 0000000..da060e6 --- /dev/null +++ b/tests/sys/geom/class/eli/configure_test.sh @@ -0,0 +1,59 @@ +# $FreeBSD$ + +atf_test_case configure_b_B cleanup +configure_b_B_head() +{ + atf_set "descr" "geli configure -b will set the BOOT flag" + atf_set "require.user" "root" +} +configure_b_B_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check geli init -B none -P -K /dev/null ${md} + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check geli init -B none -b -P -K /dev/null ${md} + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check geli configure -B ${md} + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check geli configure -b ${md} + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check geli attach -p -k /dev/null ${md} + + atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check geli configure -B ${md} + + atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check geli configure -b ${md} + + atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check geli detach ${md} +} +configure_b_B_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case configure_b_B +} diff --git a/tests/sys/geom/class/eli/delkey_test.sh b/tests/sys/geom/class/eli/delkey_test.sh index 67b253e..9542e01 100644 --- a/tests/sys/geom/class/eli/delkey_test.sh +++ b/tests/sys/geom/class/eli/delkey_test.sh @@ -1,140 +1,114 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -keyfile2=`mktemp $base.XXXXXX` || exit 1 -keyfile3=`mktemp $base.XXXXXX` || exit 1 -keyfile4=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..14" - -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile1 md${no} -geli attach -p -k $keyfile1 md${no} -geli setkey -n 1 -P -K $keyfile2 md${no} - -# Remove key 0 for attached provider. -geli delkey -n 0 md${no} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi -geli detach md${no} - -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -# Attach with key 1. -geli attach -p -k $keyfile2 md${no} -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -# We cannot remove last key without -f option (for attached provider). -geli delkey -n 1 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -# Remove last key for attached provider. -geli delkey -f -n 1 md${no} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi - -# If there are no valid keys, but provider is attached, we can save situation. -geli setkey -n 0 -P -K $keyfile3 md${no} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi -geli detach md${no} - -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi - -# Attach with key 0. -geli attach -p -k $keyfile3 md${no} -if [ $? -eq 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi - -# Setup key 1. -geli setkey -n 1 -P -K $keyfile4 md${no} -if [ $? -eq 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi -geli detach md${no} - -# Remove key 1 for detached provider. -geli delkey -n 1 md${no} -if [ $? -eq 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi - -# We cannot use keyfile4 anymore. -geli attach -p -k $keyfile4 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi - -# We cannot remove last key without -f option (for detached provider). -geli delkey -n 0 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 12" -else - echo "not ok 12" -fi - -# Remove last key for detached provider. -geli delkey -f -n 0 md${no} -if [ $? -eq 0 ]; then - echo "ok 13" -else - echo "not ok 13" -fi - -# We cannot use keyfile3 anymore. -geli attach -p -k $keyfile3 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 14" -else - echo "not ok 14" -fi - -rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4 +atf_test_case delkey cleanup +delkey_head() +{ + atf_set "descr" "geli delkey can destroy the master key" + atf_set "require.user" "root" +} +delkey_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile1 ${md} + atf_check geli attach -p -k keyfile1 ${md} + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md} + + # Remove key 0 for attached provider. + atf_check geli delkey -n 0 ${md} + atf_check geli detach ${md} + + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile1 ${md} + + # Attach with key 1. + atf_check geli attach -p -k keyfile2 ${md} + + # We cannot remove last key without -f option (for attached provider). + atf_check -s not-exit:0 -e match:"This is the last Master Key" \ + geli delkey -n 1 ${md} + + # Remove last key for attached provider. + atf_check geli delkey -f -n 1 ${md} + + # If there are no valid keys, but provider is attached, we can save situation. + atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md} + atf_check geli detach ${md} + + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile2 ${md} + + # Attach with key 0. + atf_check geli attach -p -k keyfile3 ${md} + + # Setup key 1. + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md} + atf_check geli detach ${md} + + # Remove key 1 for detached provider. + atf_check geli delkey -n 1 ${md} + + # We cannot use keyfile4 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile4 ${md} + + # We cannot remove last key without -f option (for detached provider). + atf_check -s not-exit:0 -e match:"This is the last Master Key" \ + geli delkey -n 0 ${md} + + # Remove last key for detached provider. + atf_check geli delkey -f -n 0 ${md} + + # We cannot use keyfile3 anymore. + atf_check -s not-exit:0 -e match:"No valid keys" \ + geli attach -p -k keyfile3 ${md} +} +delkey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case delkey_readonly cleanup +delkey_readonly_head() +{ + atf_set "descr" "geli delkey cannot work on a read-only provider" + atf_set "require.user" "root" +} +delkey_readonly_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check geli attach -r -p -k keyfile ${md} + + atf_check -s not-exit:0 -e match:"read-only" geli delkey -n 0 ${md} + # Even with -f (force) it should still fail + atf_check -s not-exit:0 -e match:"read-only" geli delkey -f -n 0 ${md} +} +delkey_readonly_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case delkey + atf_add_test_case delkey_readonly +} diff --git a/tests/sys/geom/class/eli/detach_l_test.sh b/tests/sys/geom/class/eli/detach_l_test.sh deleted file mode 100644 index 605ae94..0000000 --- a/tests/sys/geom/class/eli/detach_l_test.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..4" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile md${no} -geli attach -p -k $keyfile md${no} -if [ -c /dev/md${no}.eli ]; then - echo "ok 1" -else - echo "not ok 1" -fi -# Be sure it doesn't detach before 'detach -l'. -dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ -c /dev/md${no}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi -geli detach -l md${no} -if [ -c /dev/md${no}.eli ]; then - echo "ok 3" -else - echo "not ok 3" -fi -dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ ! -c /dev/md${no}.eli ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -rm -f $keyfile diff --git a/tests/sys/geom/class/eli/detach_test.sh b/tests/sys/geom/class/eli/detach_test.sh new file mode 100755 index 0000000..1a3bd38 --- /dev/null +++ b/tests/sys/geom/class/eli/detach_test.sh @@ -0,0 +1,46 @@ +# $FreeBSD$ + +atf_test_case detach_l cleanup +detach_l_head() +{ + atf_set "descr" "geli detach -l will cause a provider to detach on last close" + atf_set "require.user" "root" +} +detach_l_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check geli attach -p -k keyfile ${md} + + # Be sure it doesn't detach before 'detach -l'. + atf_check dd if=/dev/${md}.eli of=/dev/null status=none + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "provider detached on last close without detach -l" + fi + atf_check geli detach -l ${md} + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Provider detached before last close" + fi + atf_check dd if=/dev/${md}.eli of=/dev/null status=none + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Provider did not detach on last close" + fi +} +detach_l_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case detach_l +} diff --git a/tests/sys/geom/class/eli/init_B_test.sh b/tests/sys/geom/class/eli/init_B_test.sh deleted file mode 100644 index 3ba743c..0000000 --- a/tests/sys/geom/class/eli/init_B_test.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -backupfile=`mktemp $base.XXXXXX` || exit 1 - -echo "1..13" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -mdconfig -a -t malloc -s $sectors -u $no || exit 1 - -# -B none -rm -f /var/backups/md${no}.eli -geli init -B none -P -K $keyfile md${no} 2>/dev/null -if [ ! -f /var/backups/md${no}.eli ]; then - echo "ok 1 - -B none" -else - echo "not ok 1 - -B none" -fi - -# no -B -rm -f /var/backups/md${no}.eli -geli init -P -K $keyfile md${no} >/dev/null 2>&1 -if [ -f /var/backups/md${no}.eli ]; then - echo "ok 2 - no -B" -else - echo "not ok 2 - no -B" -fi -geli clear md${no} -geli attach -p -k $keyfile md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 3 - no -B" -else - echo "not ok 3 - no -B" -fi -if [ ! -c /dev/md${no}.eli ]; then - echo "ok 4 - no -B" -else - echo "not ok 4 - no -B" -fi -geli restore /var/backups/md${no}.eli md${no} -if [ $? -eq 0 ]; then - echo "ok 5 - no -B" -else - echo "not ok 5 - no -B" -fi -geli attach -p -k $keyfile md${no} 2>/dev/null -if [ $? -eq 0 ]; then - echo "ok 6 - no -B" -else - echo "not ok 6 - no -B" -fi -if [ -c /dev/md${no}.eli ]; then - echo "ok 7 - no -B" -else - echo "not ok 7 - no -B" -fi -geli detach md${no} -rm -f /var/backups/md${no}.eli - -# -B file -rm -f $backupfile -geli init -B $backupfile -P -K $keyfile md${no} >/dev/null 2>&1 -if [ -f $backupfile ]; then - echo "ok 8 - -B file" -else - echo "not ok 8 - -B file" -fi -geli clear md${no} -geli attach -p -k $keyfile md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 9 - -B file" -else - echo "not ok 9 - -B file" -fi -if [ ! -c /dev/md${no}.eli ]; then - echo "ok 10 - -B file" -else - echo "not ok 10 - -B file" -fi -geli restore $backupfile md${no} -if [ $? -eq 0 ]; then - echo "ok 11 - -B file" -else - echo "not ok 11 - -B file" -fi -geli attach -p -k $keyfile md${no} 2>/dev/null -if [ $? -eq 0 ]; then - echo "ok 12 - -B file" -else - echo "not ok 12 - -B file" -fi -if [ -c /dev/md${no}.eli ]; then - echo "ok 13 - -B file" -else - echo "not ok 13 - -B file" -fi - -rm -f $backupfile $keyfile diff --git a/tests/sys/geom/class/eli/init_J_test.sh b/tests/sys/geom/class/eli/init_J_test.sh deleted file mode 100644 index 266a3d5..0000000 --- a/tests/sys/geom/class/eli/init_J_test.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile0=`mktemp $base.XXXXXX` || exit 1 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -passfile0=`mktemp $base.XXXXXX` || exit 1 -passfile1=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..150" - -dd if=/dev/random of=${keyfile0} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile0} -dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile1} - -i=1 -for iter in -1 0 64; do - geli init -i ${iter} -B none -J ${passfile0} -P md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${keyfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${passfile0} -p md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${keyfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${keyfile0} -k ${keyfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -k ${keyfile0} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile0} | geli attach -j ${passfile0} -k - md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile0} | geli attach -j - -k ${keyfile0} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - - geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -j ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach md${no} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) -done - -rm -f ${keyfile0} ${keyfile1} ${passfile0} ${passfile1} diff --git a/tests/sys/geom/class/eli/init_a_test.sh b/tests/sys/geom/class/eli/init_a_test.sh deleted file mode 100644 index 9b5b251..0000000 --- a/tests/sys/geom/class/eli/init_a_test.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -rnd=`mktemp $base.XXXXXX` || exit 1 - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1 - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null - geli attach -p -k $keyfile md${no} - - secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` - - dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null - - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` - md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach md${no} - mdconfig -d -u $no -} - -echo "1..600" - -i=1 - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${rnd} bs=8192 count=${sectors} >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $rnd -rm -f $keyfile diff --git a/tests/sys/geom/class/eli/init_alias_test.sh b/tests/sys/geom/class/eli/init_alias_test.sh deleted file mode 100644 index 0422bee..0000000 --- a/tests/sys/geom/class/eli/init_alias_test.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -# Test "geli init"'s various cipher aliases -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -rnd=`mktemp $base.XXXXXX` || exit 1 - -do_test() { - ealgo=$1 - keylen=$2 - expected_ealgo=$3 - expected_keylen=$4 - - geli init -B none -e $ealgo -l $keylen -P -K $keyfile md${no} 2>/dev/null - geli attach -p -k $keyfile md${no} - real_ealgo=`geli list md${no}.eli | awk '/EncryptionAlgorithm/ {print $2}'` - real_keylen=`geli list md${no}.eli | awk '/KeyLength/ {print $2}'` - - if [ ${real_ealgo} = ${expected_ealgo} ]; then - echo "ok $i - ${ealgo} aliased to ${real_ealgo}" - else - echo "not ok $i - expected ${expected_ealgo} but got ${real_ealgo}" - fi - i=$((i+1)) - - if [ ${real_keylen} = ${expected_keylen} ]; then - echo "ok $i - keylen=${keylen} for ealgo=${ealgo} aliases to ${real_keylen}" - else - echo "not ok $i - expected ${expected_keylen} but got ${real_keylen}" - fi - i=$((i+1)) - - geli detach md${no} -} - -echo "1..38" -i=1 -mdconfig -a -t malloc -s 1024k -u $no || exit 1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ - 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ - blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ - blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ - blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ - blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ - blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ - blowfish:448:Blowfish-CBC:448 \ - camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ - camellia:256:CAMELLIA-CBC:256 ; do - - ealgo=`echo $spec | cut -d : -f 1` - keylen=`echo $spec | cut -d : -f 2` - expected_ealgo=`echo $spec | cut -d : -f 3` - expected_keylen=`echo $spec | cut -d : -f 4` - - do_test $ealgo $keylen $expected_ealgo $expected_keylen -done - -rm -f $keyfile diff --git a/tests/sys/geom/class/eli/init_i_P_test.sh b/tests/sys/geom/class/eli/init_i_P_test.sh deleted file mode 100644 index 1c59a97..0000000 --- a/tests/sys/geom/class/eli/init_i_P_test.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..1" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -i 64 -P -K ${keyfile} md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi - -rm -f $keyfile diff --git a/tests/sys/geom/class/eli/init_test.sh b/tests/sys/geom/class/eli/init_test.sh index 31fca55..b07d853 100644 --- a/tests/sys/geom/class/eli/init_test.sh +++ b/tests/sys/geom/class/eli/init_test.sh @@ -1,55 +1,392 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +init_test() +{ + cipher=$1 + secsize=$2 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -e $ealgo -l $keylen -P -K keyfile \ + -s $secsize ${md} + atf_check geli attach -p -k keyfile ${md} + + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} \ + status=none + + md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + if [ ${md_rnd} == ${md_edev} ]; then + atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi +} +atf_test_case init cleanup +init_head() +{ + atf_set "descr" "Basic I/O with geli" + atf_set "require.user" "root" + atf_set "timeout" 600 +} +init_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=32 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \ + status=none + for_each_geli_config_nointegrity init_test +} +init_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_B cleanup +init_B_head() +{ + atf_set "descr" "init -B can select an alternate backup metadata file" + atf_set "require.user" "root" +} +init_B_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + md=$(attach_md -t malloc -s $sectors) + + # -B none + rm -f /var/backups/${md}.eli + atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md} + if [ -f /var/backups/${md}.eli ]; then + atf_fail "geli created a backup file even with -B none" + fi + + # no -B + rm -f /var/backups/${md}.eli + atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md} + if [ ! -f /var/backups/${md}.eli ]; then + atf_fail "geli did not create a backup file" + fi + atf_check geli clear ${md} + atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md} + atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md} + atf_check geli detach ${md} + rm -f /var/backups/${md}.eli + + # -B file + rm -f backupfile + atf_check -s exit:0 -o ignore \ + geli init -B backupfile -P -K keyfile ${md} + if [ ! -f backupfile ]; then + atf_fail "geli init -B did not create a backup file" + fi + atf_check geli clear ${md} + atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check geli restore backupfile ${md} + atf_check geli attach -p -k keyfile ${md} +} +init_B_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_J cleanup +init_J_head() +{ + atf_set "descr" "init -J accepts a passfile" + atf_set "require.user" "root" +} +init_J_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) -base=`basename $0` -sectors=32 -keyfile=`mktemp $base.XXXXXX` || exit 1 -rnd=`mktemp $base.XXXXXX` || exit 1 + atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none + dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0 + atf_check_equal 0 $? + dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1 + atf_check_equal 0 $? -echo "1..200" + for iter in -1 0 64; do + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -P ${md} + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md} + atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k passfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 -k passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 -k keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 -k passfile0 ${md} + atf_check -s exit:0 -e ignore \ + geli attach -j passfile0 -k keyfile0 ${md} + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 | geli attach -j passfile0 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 | geli attach -j - -k keyfile0 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} -do_test() { + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md} + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md} + atf_check -s exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md} + atf_check -s exit:0 -e ignore \ + geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md} + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + done +} +init_J_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +init_a_test() +{ cipher=$1 - secsize=$2 + aalgo=$2 + secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1 + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ + -s $secsize ${md} + atf_check geli attach -p -k keyfile ${md} + + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none + + md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi +} +atf_test_case init_a cleanup +init_a_head() +{ + atf_set "descr" "I/O with geli and HMACs" + atf_set "require.user" "root" + atf_set "timeout" 3600 +} +init_a_body() +{ + . $(atf_get_srcdir)/conf.sh - geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null - geli attach -p -k $keyfile md${no} + sectors=100 - secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \ + status=none + for_each_geli_config init_a_test + true +} +init_a_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} - dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 - dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null +init_alias_test() { + ealgo=$1 + keylen=$2 + expected_ealgo=$3 + expected_keylen=$4 - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` - md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5` + atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md} + atf_check geli attach -p -k keyfile ${md} + real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'` + real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'` - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + if [ "${real_ealgo}" != "${expected_ealgo}" ]; then + atf_fail "expected ${expected_ealgo} but got ${real_ealgo}" fi - i=$((i+1)) - if [ ${md_rnd} != ${md_edev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + + if [ "${real_keylen}" != "${expected_keylen}" ]; then + atf_fail "expected ${expected_keylen} but got ${real_keylen}" fi - i=$((i+1)) + atf_check geli detach ${md} +} +atf_test_case init_alias cleanup +init_alias_head() +{ + atf_set "descr" "geli init accepts cipher aliases" + atf_set "require.user" "root" +} +init_alias_body() +{ + . $(atf_get_srcdir)/conf.sh + + md=$(attach_md -t malloc -s 1024k) + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none - geli detach md${no} - mdconfig -d -u $no + for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ + 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ + blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ + blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ + blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ + blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ + blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ + blowfish:448:Blowfish-CBC:448 \ + camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ + camellia:256:CAMELLIA-CBC:256 ; do + + ealgo=`echo $spec | cut -d : -f 1` + keylen=`echo $spec | cut -d : -f 2` + expected_ealgo=`echo $spec | cut -d : -f 3` + expected_keylen=`echo $spec | cut -d : -f 4` + + init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen + done +} +init_alias_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_i_P cleanup +init_i_P_head() +{ + atf_set "descr" "geli: Options -i and -P are mutually exclusive" + atf_set "require.user" "root" +} +init_i_P_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check -s not-exit:0 -e "match:Options -i and -P are mutually exclusive"\ + geli init -B none -i 64 -P -K keyfile $md +} +init_i_P_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case nokey cleanup +nokey_head() +{ + atf_set "descr" "geli init fails if called with no key component" + atf_set "require.user" "root" } +nokey_body() +{ + . $(atf_get_srcdir)/conf.sh -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -for_each_geli_config_nointegrity do_test + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) -rm -f $rnd -rm -f $keyfile + atf_check -s not-exit:0 -e match:"No key components given" \ + geli init -B none -P ${md} +} +nokey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case init + atf_add_test_case init_B + atf_add_test_case init_J + atf_add_test_case init_a + atf_add_test_case init_alias + atf_add_test_case init_i_P + atf_add_test_case nokey +} diff --git a/tests/sys/geom/class/eli/integrity_copy_test.sh b/tests/sys/geom/class/eli/integrity_copy_test.sh deleted file mode 100644 index ae345d7..0000000 --- a/tests/sys/geom/class/eli/integrity_copy_test.sh +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -keyfile=`mktemp $base.XXXXXX` || exit 1 -sector=`mktemp $base.XXXXXX` || exit 1 - -echo "1..2400" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1 - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null - geli attach -p -k $keyfile md${no} - - dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 - - dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach md${no} - # Copy first small sector to the second small sector. - # This should be detected as corruption. - dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1 - dd if=${sector} of=/dev/md${no} bs=512 count=1 seek=1 >/dev/null 2>&1 - geli attach -p -k $keyfile md${no} - - dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - ms=`diskinfo /dev/md${no} | awk '{print $3 - 512}'` - ns=`diskinfo /dev/md${no}.eli | awk '{print $4}'` - usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` - - # Fix the corruption - dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1 - - dd if=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach md${no} - # Copy first big sector to the second big sector. - # This should be detected as corruption. - dd if=/dev/md${no} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1 - dd if=${sector} of=/dev/md${no} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1 - geli attach -p -k $keyfile md${no} - - dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach md${no} - mdconfig -d -u $no -} - - -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $keyfile $sector diff --git a/tests/sys/geom/class/eli/integrity_data_test.sh b/tests/sys/geom/class/eli/integrity_data_test.sh deleted file mode 100644 index 73b950a..0000000 --- a/tests/sys/geom/class/eli/integrity_data_test.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -keyfile=`mktemp $base.XXXXXX` || exit 1 -sector=`mktemp $base.XXXXXX` || exit 1 - -echo "1..600" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1 - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null - - # Corrupt 8 bytes of data. - dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1 - dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1 - dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1 - geli attach -p -k $keyfile md${no} - - dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach md${no} - mdconfig -d -u $no -} - -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $keyfile $sector diff --git a/tests/sys/geom/class/eli/integrity_hmac_test.sh b/tests/sys/geom/class/eli/integrity_hmac_test.sh deleted file mode 100644 index 6e1dfa5..0000000 --- a/tests/sys/geom/class/eli/integrity_hmac_test.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -keyfile=`mktemp $base.XXXXXX` || exit 1 -sector=`mktemp $base.XXXXXX` || exit 1 - -echo "1..600" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 2 - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null - - # Corrupt 8 bytes of HMAC. - dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1 - dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1 - dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1 - geli attach -p -k $keyfile md${no} - - dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach md${no} - mdconfig -d -u $no -} - - -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $keyfile $sector diff --git a/tests/sys/geom/class/eli/integrity_test.sh b/tests/sys/geom/class/eli/integrity_test.sh new file mode 100755 index 0000000..f2bc8a3 --- /dev/null +++ b/tests/sys/geom/class/eli/integrity_test.sh @@ -0,0 +1,165 @@ +# $FreeBSD$ + +copy_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P \ + -K keyfile -s $secsize ${md} + atf_check geli attach -p -k keyfile ${md} + + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none + + # Copy first small sector to the second small sector. + # This should be detected as corruption. + atf_check dd if=backing_file of=sector bs=512 count=1 \ + conv=notrunc status=none + atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \ + conv=notrunc status=none + + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 + + # Fix the corruption + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none + atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \ + status=none + + # Copy first big sector to the second big sector. + # This should be detected as corruption. + ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` + ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` + usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` + atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ + seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none + atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ + seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns +} + +atf_test_case copy cleanup +copy_head() +{ + atf_set "descr" "geli will detect misdirected writes as corruption" + atf_set "require.user" "root" + atf_set "timeout" 3600 +} +copy_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none + + for_each_geli_config copy_test backing_file +} +copy_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + + +data_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ + -s $secsize ${md} + + # Corrupt 8 bytes of data. + atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none + atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none + atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none + atf_check geli attach -p -k keyfile ${md} + + # Try to read from the corrupt sector + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 +} + +atf_test_case data cleanup +data_head() +{ + atf_set "descr" "With HMACs, geli will detect data corruption" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +data_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none + for_each_geli_config data_test +} +data_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +hmac_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ + -s $secsize ${md} + + # Corrupt 8 bytes of HMAC. + atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none + atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none + atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none + atf_check geli attach -p -k keyfile ${md} + + # Try to read from the corrupt sector + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 +} + +atf_test_case hmac cleanup +hmac_head() +{ + atf_set "descr" "geli will detect corruption of HMACs" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +hmac_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none + for_each_geli_config hmac_test +} +hmac_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case copy + atf_add_test_case data + atf_add_test_case hmac +} diff --git a/tests/sys/geom/class/eli/kill_test.sh b/tests/sys/geom/class/eli/kill_test.sh index ccced9f..ef7f068 100644 --- a/tests/sys/geom/class/eli/kill_test.sh +++ b/tests/sys/geom/class/eli/kill_test.sh @@ -1,97 +1,102 @@ -#!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -keyfile2=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..9" - -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile1 md${no} -geli attach -p -k $keyfile1 md${no} -geli setkey -n 1 -P -K $keyfile2 md${no} - -# Kill attached provider. -geli kill md${no} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi -sleep 1 -# Provider should be automatically detached. -if [ ! -c /dev/md{$no}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -geli init -B none -P -K $keyfile1 md${no} -geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 md${no} - -# Should be possible to attach with keyfile1. -geli attach -p -k $keyfile1 md${no} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi -geli detach md${no} - -# Should be possible to attach with keyfile2. -geli attach -p -k $keyfile2 md${no} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi -geli detach md${no} - -# Kill detached provider. -geli kill md${no} -if [ $? -eq 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi - -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi - -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi - -rm -f $keyfile1 $keyfile2 +atf_test_case kill cleanup +kill_head() +{ + atf_set "descr" "geli kill will wipe a provider's metadata" + atf_set "require.user" "root" +} +kill_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile1 ${md} + atf_check geli attach -p -k keyfile1 ${md} + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md} + + # Kill attached provider. + atf_check geli kill ${md} + sleep 1 + # Provider should be automatically detached. + if [ -c /dev/${md}.eli ]; then + atf_fail "Provider did not detach when killed" + fi + + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile1 ${md} + + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile2 ${md} + + atf_check geli init -B none -P -K keyfile1 ${md} + atf_check -s exit:0 -o ignore \ + geli setkey -n 1 -p -k keyfile1 -P -K keyfile2 ${md} + + # Should be possible to attach with keyfile1. + atf_check geli attach -p -k keyfile1 ${md} + atf_check geli detach ${md} + + # Should be possible to attach with keyfile2. + atf_check geli attach -p -k keyfile2 ${md} + atf_check geli detach ${md} + + # Kill detached provider. + atf_check geli kill ${md} + + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile1 ${md} + + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile2 ${md} +} +kill_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case kill_readonly cleanup +kill_readonly_head() +{ + atf_set "descr" "geli kill will not destroy the keys of a readonly provider" + atf_set "require.user" "root" +} +kill_readonly_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + # Attach read-only + atf_check geli attach -r -p -k keyfile ${md} + + atf_check geli kill ${md} + # The provider will be detached + atf_check [ ! -c /dev/${md}.eli ] + # But its keys should not be destroyed + atf_check geli attach -p -k keyfile ${md} +} +kill_readonly_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case kill + atf_add_test_case kill_readonly +} diff --git a/tests/sys/geom/class/eli/nokey_test.sh b/tests/sys/geom/class/eli/nokey_test.sh deleted file mode 100644 index f32e1a4..0000000 --- a/tests/sys/geom/class/eli/nokey_test.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..8" - -geli init -B none -P md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K ${keyfile} md${no} 2>/dev/null -if [ $? -eq 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi -geli attach -p md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi -geli attach -p -k ${keyfile} md${no} 2>/dev/null -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi -geli setkey -n 0 -P md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi -geli detach md${no} 2>/dev/null -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi -geli setkey -n 0 -p -P -K ${keyfile} md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi -geli setkey -n 0 -p -k ${keyfile} -P md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi - -rm -f $keyfile diff --git a/tests/sys/geom/class/eli/onetime_a_test.sh b/tests/sys/geom/class/eli/onetime_a_test.sh deleted file mode 100644 index 0cccf30..0000000 --- a/tests/sys/geom/class/eli/onetime_a_test.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=8 -rnd=`mktemp $base.XXXXXX` || exit 1 - -echo "1..600" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1 - geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null - - secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` - - dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null - - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` - md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach md${no} - mdconfig -d -u $no -} - -i=1 -dd if=/dev/random of=${rnd} bs=1024 count=1024 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $rnd diff --git a/tests/sys/geom/class/eli/onetime_d_test.sh b/tests/sys/geom/class/eli/onetime_d_test.sh deleted file mode 100644 index 51a6abb..0000000 --- a/tests/sys/geom/class/eli/onetime_d_test.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -mdconfig -a -t malloc -s $sectors -u $no || exit 1 - -echo "1..3" - -geli onetime -d md${no} -if [ -c /dev/md${no}.eli ]; then - echo "ok 1" -else - echo "not ok 1" -fi -# Be sure it doesn't detach on read. -dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ -c /dev/md${no}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi -true > /dev/md${no}.eli -sleep 1 -if [ ! -c /dev/md${no}.eli ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -mdconfig -d -u $no diff --git a/tests/sys/geom/class/eli/onetime_test.sh b/tests/sys/geom/class/eli/onetime_test.sh index 3cade15..fff1a1f 100644 --- a/tests/sys/geom/class/eli/onetime_test.sh +++ b/tests/sys/geom/class/eli/onetime_test.sh @@ -1,50 +1,137 @@ -#!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +onetime_test() +{ + cipher=$1 + secsize=$2 + ealgo=${cipher%%:*} + keylen=${cipher##*:} -base=`basename $0` -sectors=100 + atf_check -s exit:0 -o ignore -e ignore \ + geli onetime -e $ealgo -l $keylen -s $secsize ${md} -echo "1..200" + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none + + md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "geli did not return the original data" + fi + if [ ${md_rnd} == ${md_edev} ]; then + atf_fail "geli did not encrypt the data" + fi +} +atf_test_case onetime cleanup +onetime_head() +{ + atf_set "descr" "geli onetime can create temporary providers" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +onetime_body() +{ + . $(atf_get_srcdir)/conf.sh + sectors=100 + + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none + for_each_geli_config_nointegrity onetime_test +} +onetime_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} -do_test() { +onetime_a_test() +{ cipher=$1 - secsize=$2 + aalgo=$2 + secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - rnd=`mktemp $base.XXXXXX` || exit 1 - mdconfig -a -t malloc -s `expr $secsize \* $sectors`b -u $no || exit 1 + atf_check -s exit:0 -o ignore -e ignore \ + geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} - geli onetime -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none - secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` + md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? - dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 - dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi +} +atf_test_case onetime_a cleanup +onetime_a_head() +{ + atf_set "descr" "geli onetime with HMACs" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +onetime_a_body() +{ + . $(atf_get_srcdir)/conf.sh + sectors=8 - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` - md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5` + atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \ + status=none + for_each_geli_config onetime_a_test +} +onetime_a_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" +atf_test_case onetime_d cleanup +onetime_d_head() +{ + atf_set "descr" "geli onetime -d will create providers that detach on last close" + atf_set "require.user" "root" +} +onetime_d_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s $sectors) + + atf_check geli onetime -d ${md} + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Provider not created, or immediately detached" fi - i=$((i+1)) - if [ ${md_rnd} != ${md_edev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + + # Be sure it doesn't detach on read. + atf_check dd if=/dev/${md}.eli of=/dev/null status=none + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Provider detached when a reader closed" fi - i=$((i+1)) - geli detach md${no} - rm -f $rnd - mdconfig -d -u $no + # It should detach when a writer closes + true > /dev/${md}.eli + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Provider didn't detach on last close of a writer" + fi +} +onetime_d_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup } -i=1 -for_each_geli_config_nointegrity do_test +atf_init_test_cases() +{ + atf_add_test_case onetime + atf_add_test_case onetime_a + atf_add_test_case onetime_d +} diff --git a/tests/sys/geom/class/eli/readonly_test.sh b/tests/sys/geom/class/eli/readonly_test.sh deleted file mode 100644 index 721ad62..0000000 --- a/tests/sys/geom/class/eli/readonly_test.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..11" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile md${no} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi - -geli attach -r -p -k $keyfile md${no} -if [ $? -eq 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -sh -c "true >/dev/md${no}.eli" 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -geli kill md${no} -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -# kill should detach provider... -if [ ! -c /dev/md{$no}.eli ]; then - echo "ok 5" -else - echo "not ok 5" -fi - -# ...but not destroy the metadata. -geli attach -r -p -k $keyfile md${no} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi - -geli setkey -n 1 -P -K /dev/null md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi - -geli delkey -n 0 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi - -geli delkey -f -n 0 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi - -geli list md${no}.eli | egrep '^Flags: .*READ-ONLY' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi - -geli detach md${no} -if [ $? -eq 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi - -mdconfig -d -u $no -rm -f $keyfile diff --git a/tests/sys/geom/class/eli/resize_test.sh b/tests/sys/geom/class/eli/resize_test.sh index e5ce6fd..21406a4 100644 --- a/tests/sys/geom/class/eli/resize_test.sh +++ b/tests/sys/geom/class/eli/resize_test.sh @@ -1,147 +1,88 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh - -echo 1..27 - -BLK=512 -BLKS_PER_MB=2048 - -md=$(mdconfig -s40m) || exit 1 -unit=${md#md} -i=1 - -fsck_md() +atf_test_case resize cleanup +resize_head() { - local is_clean - - out=$(fsck_ffs -Ffy ${md}a.eli) - if [ $? -eq 0 -o $? -eq 7 ]; then - echo "ok $i - fsck says ${md}a.eli is clean" - else - echo "not ok $i - fsck says ${md}a.eli is dirty" + atf_set "descr" "geli resize will resize a geli provider" + atf_set "require.user" "root" +} +resize_body() +{ + . $(atf_get_srcdir)/conf.sh + BLK=512 + BLKS_PER_MB=2048 + + md=$(attach_md -t malloc -s40m) + + # Initialise + atf_check -s exit:0 -o ignore gpart create -s BSD ${md} + atf_check -s exit:0 -o ignore gpart add -t freebsd-ufs -s 10m ${md} + + echo secret >tmp.key + atf_check geli init -Bnone -PKtmp.key ${md}a + atf_check geli attach -pk tmp.key ${md}a + + atf_check -s exit:0 -o ignore newfs -U ${md}a.eli + atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli + + # Doing a backup, resize & restore must be forced (with -f) as geli + # verifies that the provider size in the metadata matches the consumer. + + atf_check geli backup ${md}a tmp.meta + atf_check geli detach ${md}a.eli + atf_check -s exit:0 -o match:resized gpart resize -i1 -s 20m ${md} + atf_check -s not-exit:0 -e ignore geli attach -pktmp.key ${md}a + atf_check -s not-exit:0 -e ignore geli restore tmp.meta ${md}a + atf_check geli restore -f tmp.meta ${md}a + atf_check geli attach -pktmp.key ${md}a + atf_check -s exit:0 -o ignore growfs -y ${md}a.eli + atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli + + # Now do the resize properly + + atf_check geli detach ${md}a.eli + atf_check -s exit:0 -o match:resized gpart resize -i1 -s 30m ${md} + atf_check geli resize -s20m ${md}a + atf_check -s not-exit:0 -e match:"Inconsistent provider.*metadata" \ + geli resize -s20m ${md}a + atf_check geli attach -pktmp.key ${md}a + atf_check -s exit:0 -o ignore growfs -y ${md}a.eli + atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli + + atf_check geli detach ${md}a.eli + atf_check -s exit:0 -o ignore gpart destroy -F $md + + + # Verify that the man page example works, changing ada0 to $md, + # 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none + # to geli init. + + atf_check -s exit:0 -o ignore gpart create -s GPT $md + atf_check -s exit:0 -o ignore gpart add -s 20m -t freebsd-ufs -i 1 $md + atf_check geli init -B none -K tmp.key -P ${md}p1 + atf_check -s exit:0 -o match:resized gpart resize -s 30m -i 1 $md + atf_check geli resize -s 20m ${md}p1 + atf_check geli attach -k tmp.key -p ${md}p1 +} +resize_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + + if [ -f "$TEST_MDS_FILE" ]; then + while read md; do + [ -c /dev/${md}a.eli ] && \ + geli detach ${md}a.eli 2>/dev/null + [ -c /dev/${md}p1.eli ] && \ + geli detach ${md}p1.eli + [ -c /dev/${md}.eli ] && \ + geli detach ${md}.eli 2>/dev/null + mdconfig -d -u $md 2>/dev/null + done < $TEST_MDS_FILE fi - i=$((i + 1)) } -setsize() { - partszMB=$1 unitszMB=$2 - - { - echo a: $(($partszMB * $BLKS_PER_MB)) 0 4.2BSD 1024 8192 - echo c: $(($unitszMB * $BLKS_PER_MB)) 0 unused 0 0 - } | disklabel -R $md /dev/stdin +atf_init_test_cases() +{ + atf_add_test_case resize } - -# Initialise - -setsize 10 40 || echo -n "not " -echo ok $i - "Sized ${md}a to 10m" -i=$((i + 1)) - -echo secret >tmp.key -geli init -Bnone -PKtmp.key ${md}a || echo -n "not " -echo ok $i - "Initialised geli on ${md}a" -i=$((i + 1)) -geli attach -pk tmp.key ${md}a || echo -n "not " -echo ok $i - "Attached ${md}a as ${md}a.eli" -i=$((i + 1)) - -newfs -U ${md}a.eli >/dev/null || echo -n "not " -echo ok $i - "Initialised the filesystem on ${md}a.eli" -i=$((i + 1)) -fsck_md - -# Doing a backup, resize & restore must be forced (with -f) as geli -# verifies that the provider size in the metadata matches the consumer. - -geli backup ${md}a tmp.meta || echo -n "not " -echo ok $i - "Backed up ${md}a metadata" -i=$((i + 1)) - -geli detach ${md}a.eli || echo -n "not " -echo ok $i - "Detached ${md}a.eli" -i=$((i + 1)) - -setsize 20 40 || echo -n "not " -echo ok $i - "Sized ${md}a to 20m" -i=$((i + 1)) -geli attach -pktmp.key ${md}a && echo -n "not " -echo ok $i - "Attaching ${md}a fails after resizing the consumer" -i=$((i + 1)) - -geli restore tmp.meta ${md}a && echo -n "not " -echo ok $i - "Restoring metadata on ${md}a.eli fails without -f" -i=$((i + 1)) -geli restore -f tmp.meta ${md}a || echo -n "not " -echo ok $i - "Restoring metadata on ${md}a.eli can be forced" -i=$((i + 1)) - -geli attach -pktmp.key ${md}a || echo -n "not " -echo ok $i - "Attaching ${md}a is now possible" -i=$((i + 1)) - -growfs -y ${md}a.eli >/dev/null || echo -n "not " -echo ok $i - "Extended the filesystem on ${md}a.eli" -i=$((i + 1)) - -fsck_md - -# Now do the resize properly - -geli detach ${md}a.eli || echo -n "not " -echo ok $i - "Detached ${md}a.eli" -i=$((i + 1)) - -setsize 30 40 || echo -n "not " -echo ok $i - "Sized ${md}a to 30m" -i=$((i + 1)) - -geli resize -s20m ${md}a || echo -n "not " -echo ok $i - "Resizing works ok" -i=$((i + 1)) -geli resize -s20m ${md}a && echo -n "not " -echo ok $i - "Resizing doesn't work a 2nd time (no old metadata)" -i=$((i + 1)) - -geli attach -pktmp.key ${md}a || echo -n "not " -echo ok $i - "Attaching ${md}a works ok" -i=$((i + 1)) - -growfs -y ${md}a.eli >/dev/null || echo -n "not " -echo ok $i - "Extended the filesystem on ${md}a.eli" -i=$((i + 1)) - -fsck_md - -geli detach ${md}a.eli -gpart destroy -F $md >/dev/null - - -# Verify that the man page example works, changing ada0 to $md, -# 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none -# to geli init. - -gpart create -s GPT $md || echo -n "not " -echo ok $i - "Installed a GPT on ${md}" -i=$((i + 1)) -gpart add -s 20m -t freebsd-ufs -i 1 $md || echo -n "not " -echo ok $i - "Added a 20m partition in slot 1" -i=$((i + 1)) -geli init -B none -K tmp.key -P ${md}p1 || echo -n "not " -echo ok $i - "Initialised geli on ${md}p1" -i=$((i + 1)) -gpart resize -s 30m -i 1 $md || echo -n "not " -echo ok $i - "Resized partition ${md}p1 to 30m" -i=$((i + 1)) -geli resize -s 20m ${md}p1 || echo -n "not " -echo ok $i - "Resized geli on ${md}p1 to 30m" -i=$((i + 1)) -geli attach -k tmp.key -p ${md}p1 || echo -n "not " -echo ok $i - "Attached ${md}p1.eli" -i=$((i + 1)) - -geli detach ${md}p1.eli - -rm tmp.* diff --git a/tests/sys/geom/class/eli/setkey_test.sh b/tests/sys/geom/class/eli/setkey_test.sh index 458100c..bd5e2dc 100644 --- a/tests/sys/geom/class/eli/setkey_test.sh +++ b/tests/sys/geom/class/eli/setkey_test.sh @@ -1,156 +1,164 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -rnd=`mktemp $base.XXXXXX` || exit 1 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -keyfile2=`mktemp $base.XXXXXX` || exit 1 -keyfile3=`mktemp $base.XXXXXX` || exit 1 -keyfile4=`mktemp $base.XXXXXX` || exit 1 -keyfile5=`mktemp $base.XXXXXX` || exit 1 -mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 - -echo "1..16" - -dd if=/dev/random of=${rnd} bs=512 count=${sectors} >/dev/null 2>&1 -hash1=`dd if=${rnd} bs=512 count=${sectors} 2>/dev/null | md5` -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile5} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile1 md${no} -geli attach -p -k $keyfile1 md${no} - -dd if=${rnd} of=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null -rm -f $rnd -hash2=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5` - -# Change current key (0) for attached provider. -geli setkey -P -K $keyfile2 md${no} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi -geli detach md${no} - -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -# Attach with new key. -geli attach -p -k $keyfile2 md${no} -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi -hash3=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5` - -# Change key 1 for attached provider. -geli setkey -n 1 -P -K $keyfile3 md${no} -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi -geli detach md${no} - -# Attach with key 1. -geli attach -p -k $keyfile3 md${no} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi -hash4=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5` -geli detach md${no} - -# Change current (1) key for detached provider. -geli setkey -p -k $keyfile3 -P -K $keyfile4 md${no} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi - -# We cannot use keyfile3 anymore. -geli attach -p -k $keyfile3 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi - -# Attach with key 1. -geli attach -p -k $keyfile4 md${no} -if [ $? -eq 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi -hash5=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5` -geli detach md${no} - -# Change key 0 for detached provider. -geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 md${no} -if [ $? -eq 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi - -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 md${no} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi - -# Attach with key 0. -geli attach -p -k $keyfile5 md${no} -if [ $? -eq 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi -hash6=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5` -geli detach md${no} - -if [ ${hash1} = ${hash2} ]; then - echo "ok 12" -else - echo "not ok 12" -fi -if [ ${hash1} = ${hash3} ]; then - echo "ok 13" -else - echo "not ok 13" -fi -if [ ${hash1} = ${hash4} ]; then - echo "ok 14" -else - echo "not ok 14" -fi -if [ ${hash1} = ${hash5} ]; then - echo "ok 15" -else - echo "not ok 15" -fi -if [ ${hash1} = ${hash6} ]; then - echo "ok 16" -else - echo "not ok 16" -fi - -rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4 $keyfile5 +atf_test_case setkey cleanup +setkey_head() +{ + atf_set "descr" "geli setkey can change the key for an existing provider" + atf_set "require.user" "root" +} +setkey_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none + hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5` + atf_check_equal 0 $? + atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile1 ${md} + atf_check geli attach -p -k keyfile1 ${md} + + atf_check \ + dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none + hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check_equal 0 $? + + # Change current key (0) for attached provider. + atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md} + atf_check geli detach ${md} + + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile1 ${md} + + # Attach with new key. + atf_check geli attach -p -k keyfile2 ${md} + hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check_equal 0 $? + + # Change key 1 for attached provider. + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md} + atf_check geli detach ${md} + + # Attach with key 1. + atf_check geli attach -p -k keyfile3 ${md} + hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check_equal 0 $? + atf_check geli detach ${md} + + # Change current (1) key for detached provider. + atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md} + + # We cannot use keyfile3 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile3 ${md} + + # Attach with key 1. + atf_check geli attach -p -k keyfile4 ${md} + hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check_equal 0 $? + atf_check geli detach ${md} + + # Change key 0 for detached provider. + atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md} + + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile2 ${md} 2>/dev/null + + # Attach with key 0. + atf_check geli attach -p -k keyfile5 ${md} + hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check_equal 0 $? + atf_check geli detach ${md} + + atf_check_equal ${hash1} ${hash2} + atf_check_equal ${hash1} ${hash3} + atf_check_equal ${hash1} ${hash4} + atf_check_equal ${hash1} ${hash5} + atf_check_equal ${hash1} ${hash6} +} +setkey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case setkey_readonly cleanup +setkey_readonly_head() +{ + atf_set "descr" "geli setkey cannot change the keys of a readonly provider" + atf_set "require.user" "root" +} +setkey_readonly_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check geli attach -r -p -k keyfile ${md} + + atf_check -s not-exit:0 -e match:"read-only" \ + geli setkey -n 1 -P -K /dev/null ${md} +} +setkey_readonly_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case nokey cleanup +nokey_head() +{ + atf_set "descr" "geli setkey can change the key for an existing provider" + atf_set "require.user" "root" +} +nokey_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile1 ${md} + + # Try to set the key for a detached device without providing any + # components for the old key. + atf_check -s not-exit:0 -e match:"No key components given" \ + geli setkey -n 0 -p -P -K keyfile2 ${md} + + # Try to set the key for a detached device without providing any + # components for the new key + atf_check -s not-exit:0 -e match:"No key components given" \ + geli setkey -n 0 -p -k keyfile1 -P ${md} + + # Try to set a new key for an attached device with no components + atf_check geli attach -p -k keyfile1 ${md} + atf_check -s not-exit:0 -e match:"No key components given" \ + geli setkey -n 0 -P ${md} +} +nokey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case setkey + atf_add_test_case setkey_readonly + atf_add_test_case nokey +} |
