summaryrefslogtreecommitdiffstats
path: root/tests/sys/geom/class/eli
diff options
context:
space:
mode:
Diffstat (limited to 'tests/sys/geom/class/eli')
-rw-r--r--tests/sys/geom/class/eli/Makefile42
-rw-r--r--tests/sys/geom/class/eli/attach_d_test.sh38
-rwxr-xr-xtests/sys/geom/class/eli/conf.sh21
-rw-r--r--tests/sys/geom/class/eli/configure_b_B_test.sh129
-rw-r--r--tests/sys/geom/class/eli/delkey_test.sh140
-rw-r--r--tests/sys/geom/class/eli/detach_l_test.sh44
-rw-r--r--tests/sys/geom/class/eli/init_B_test.sh104
-rw-r--r--tests/sys/geom/class/eli/init_J_test.sh126
-rw-r--r--tests/sys/geom/class/eli/init_a_test.sh60
-rw-r--r--tests/sys/geom/class/eli/init_i_P_test.sh22
-rw-r--r--tests/sys/geom/class/eli/init_test.sh65
-rw-r--r--tests/sys/geom/class/eli/integrity_copy_test.sh99
-rw-r--r--tests/sys/geom/class/eli/integrity_data_test.sh69
-rw-r--r--tests/sys/geom/class/eli/integrity_hmac_test.sh69
-rw-r--r--tests/sys/geom/class/eli/kill_test.sh97
-rw-r--r--tests/sys/geom/class/eli/nokey_test.sh65
-rw-r--r--tests/sys/geom/class/eli/onetime_a_test.sh54
-rw-r--r--tests/sys/geom/class/eli/onetime_d_test.sh34
-rw-r--r--tests/sys/geom/class/eli/onetime_test.sh59
-rw-r--r--tests/sys/geom/class/eli/readonly_test.sh94
-rw-r--r--tests/sys/geom/class/eli/resize_test.sh148
-rw-r--r--tests/sys/geom/class/eli/setkey_test.sh156
22 files changed, 1735 insertions, 0 deletions
diff --git a/tests/sys/geom/class/eli/Makefile b/tests/sys/geom/class/eli/Makefile
new file mode 100644
index 0000000..8f4ca60
--- /dev/null
+++ b/tests/sys/geom/class/eli/Makefile
@@ -0,0 +1,42 @@
+# $FreeBSD$
+
+TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T}
+
+TAP_TESTS_SH+= attach_d_test
+TAP_TESTS_SH+= configure_b_B_test
+TAP_TESTS_SH+= delkey_test
+TAP_TESTS_SH+= detach_l_test
+TAP_TESTS_SH+= init_B_test
+TAP_TESTS_SH+= init_J_test
+TAP_TESTS_SH+= init_a_test
+TAP_TESTS_SH+= init_i_P_test
+TAP_TESTS_SH+= init_test
+TAP_TESTS_SH+= integrity_copy_test
+TAP_TESTS_SH+= integrity_data_test
+TAP_TESTS_SH+= integrity_hmac_test
+TAP_TESTS_SH+= kill_test
+TAP_TESTS_SH+= nokey_test
+TAP_TESTS_SH+= onetime_a_test
+TAP_TESTS_SH+= onetime_d_test
+TAP_TESTS_SH+= onetime_test
+TAP_TESTS_SH+= readonly_test
+TAP_TESTS_SH+= resize_test
+TAP_TESTS_SH+= setkey_test
+
+TEST_METADATA.init_a_test+= timeout="1200"
+TEST_METADATA.init_test+= timeout="300"
+TEST_METADATA.integrity_copy_test+= timeout="1200"
+TEST_METADATA.integrity_data_test+= timeout="600"
+TEST_METADATA.integrity_hmac_test+= timeout="600"
+TEST_METADATA.onetime_a_test+= timeout="600"
+TEST_METADATA.onetime_test+= timeout="600"
+
+FILES+= conf.sh
+FILESNAME_conf.sh= conf.sh
+FILESDIR= ${TESTSDIR}
+
+.for t in ${TAP_TESTS_SH}
+TEST_METADATA.$t+= required_user="root"
+.endfor
+
+.include <bsd.test.mk>
diff --git a/tests/sys/geom/class/eli/attach_d_test.sh b/tests/sys/geom/class/eli/attach_d_test.sh
new file mode 100644
index 0000000..5d700b3
--- /dev/null
+++ b/tests/sys/geom/class/eli/attach_d_test.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..3"
+
+dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -P -K $keyfile md${no}
+geli attach -d -p -k $keyfile md${no}
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+# Be sure it doesn't detach on read.
+dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+sleep 1
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+true > /dev/md${no}.eli
+sleep 1
+if [ ! -c /dev/md${no}.eli ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+
+rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/conf.sh b/tests/sys/geom/class/eli/conf.sh
new file mode 100755
index 0000000..0646e83
--- /dev/null
+++ b/tests/sys/geom/class/eli/conf.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+# $FreeBSD$
+
+class="eli"
+base=`basename $0`
+
+# We need to use linear probing in order to detect the first available md(4)
+# device instead of using mdconfig -a -t, because geli(8) attachs md(4) devices
+no=0
+while [ -c /dev/md$no ]; do
+ : $(( no += 1 ))
+done
+
+geli_test_cleanup()
+{
+ [ -c /dev/md${no}.eli ] && geli detach md${no}.eli
+ mdconfig -d -u $no
+}
+trap geli_test_cleanup ABRT EXIT INT TERM
+
+. `dirname $0`/../geom_subr.sh
diff --git a/tests/sys/geom/class/eli/configure_b_B_test.sh b/tests/sys/geom/class/eli/configure_b_B_test.sh
new file mode 100644
index 0000000..b6cdf4f
--- /dev/null
+++ b/tests/sys/geom/class/eli/configure_b_B_test.sh
@@ -0,0 +1,129 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..17"
+
+geli init -B none -P -K /dev/null md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+
+geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+
+geli init -B none -b -P -K /dev/null md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+
+geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 4"
+else
+ echo "not ok 4"
+fi
+
+geli configure -B md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 5"
+else
+ echo "not ok 5"
+fi
+
+geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 6"
+else
+ echo "not ok 6"
+fi
+
+geli configure -b md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 7"
+else
+ echo "not ok 7"
+fi
+
+geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 8"
+else
+ echo "not ok 8"
+fi
+
+geli attach -p -k /dev/null md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 9"
+else
+ echo "not ok 9"
+fi
+
+geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 10"
+else
+ echo "not ok 10"
+fi
+
+geli configure -B md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 11"
+else
+ echo "not ok 11"
+fi
+
+geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 12"
+else
+ echo "not ok 12"
+fi
+
+geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 13"
+else
+ echo "not ok 13"
+fi
+
+geli configure -b md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 14"
+else
+ echo "not ok 14"
+fi
+
+geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 15"
+else
+ echo "not ok 15"
+fi
+
+geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 16"
+else
+ echo "not ok 16"
+fi
+
+geli detach md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 17"
+else
+ echo "not ok 17"
+fi
diff --git a/tests/sys/geom/class/eli/delkey_test.sh b/tests/sys/geom/class/eli/delkey_test.sh
new file mode 100644
index 0000000..67b253e
--- /dev/null
+++ b/tests/sys/geom/class/eli/delkey_test.sh
@@ -0,0 +1,140 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile1=`mktemp $base.XXXXXX` || exit 1
+keyfile2=`mktemp $base.XXXXXX` || exit 1
+keyfile3=`mktemp $base.XXXXXX` || exit 1
+keyfile4=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..14"
+
+dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -P -K $keyfile1 md${no}
+geli attach -p -k $keyfile1 md${no}
+geli setkey -n 1 -P -K $keyfile2 md${no}
+
+# Remove key 0 for attached provider.
+geli delkey -n 0 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+geli detach md${no}
+
+# We cannot use keyfile1 anymore.
+geli attach -p -k $keyfile1 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+
+# Attach with key 1.
+geli attach -p -k $keyfile2 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+
+# We cannot remove last key without -f option (for attached provider).
+geli delkey -n 1 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 4"
+else
+ echo "not ok 4"
+fi
+
+# Remove last key for attached provider.
+geli delkey -f -n 1 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 5"
+else
+ echo "not ok 5"
+fi
+
+# If there are no valid keys, but provider is attached, we can save situation.
+geli setkey -n 0 -P -K $keyfile3 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 6"
+else
+ echo "not ok 6"
+fi
+geli detach md${no}
+
+# We cannot use keyfile2 anymore.
+geli attach -p -k $keyfile2 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 7"
+else
+ echo "not ok 7"
+fi
+
+# Attach with key 0.
+geli attach -p -k $keyfile3 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 8"
+else
+ echo "not ok 8"
+fi
+
+# Setup key 1.
+geli setkey -n 1 -P -K $keyfile4 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 9"
+else
+ echo "not ok 9"
+fi
+geli detach md${no}
+
+# Remove key 1 for detached provider.
+geli delkey -n 1 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 10"
+else
+ echo "not ok 10"
+fi
+
+# We cannot use keyfile4 anymore.
+geli attach -p -k $keyfile4 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 11"
+else
+ echo "not ok 11"
+fi
+
+# We cannot remove last key without -f option (for detached provider).
+geli delkey -n 0 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 12"
+else
+ echo "not ok 12"
+fi
+
+# Remove last key for detached provider.
+geli delkey -f -n 0 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 13"
+else
+ echo "not ok 13"
+fi
+
+# We cannot use keyfile3 anymore.
+geli attach -p -k $keyfile3 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 14"
+else
+ echo "not ok 14"
+fi
+
+rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4
diff --git a/tests/sys/geom/class/eli/detach_l_test.sh b/tests/sys/geom/class/eli/detach_l_test.sh
new file mode 100644
index 0000000..605ae94
--- /dev/null
+++ b/tests/sys/geom/class/eli/detach_l_test.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..4"
+
+dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -P -K $keyfile md${no}
+geli attach -p -k $keyfile md${no}
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+# Be sure it doesn't detach before 'detach -l'.
+dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+sleep 1
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+geli detach -l md${no}
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+sleep 1
+if [ ! -c /dev/md${no}.eli ]; then
+ echo "ok 4"
+else
+ echo "not ok 4"
+fi
+
+rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/init_B_test.sh b/tests/sys/geom/class/eli/init_B_test.sh
new file mode 100644
index 0000000..3ba743c
--- /dev/null
+++ b/tests/sys/geom/class/eli/init_B_test.sh
@@ -0,0 +1,104 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+backupfile=`mktemp $base.XXXXXX` || exit 1
+
+echo "1..13"
+
+dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+mdconfig -a -t malloc -s $sectors -u $no || exit 1
+
+# -B none
+rm -f /var/backups/md${no}.eli
+geli init -B none -P -K $keyfile md${no} 2>/dev/null
+if [ ! -f /var/backups/md${no}.eli ]; then
+ echo "ok 1 - -B none"
+else
+ echo "not ok 1 - -B none"
+fi
+
+# no -B
+rm -f /var/backups/md${no}.eli
+geli init -P -K $keyfile md${no} >/dev/null 2>&1
+if [ -f /var/backups/md${no}.eli ]; then
+ echo "ok 2 - no -B"
+else
+ echo "not ok 2 - no -B"
+fi
+geli clear md${no}
+geli attach -p -k $keyfile md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 3 - no -B"
+else
+ echo "not ok 3 - no -B"
+fi
+if [ ! -c /dev/md${no}.eli ]; then
+ echo "ok 4 - no -B"
+else
+ echo "not ok 4 - no -B"
+fi
+geli restore /var/backups/md${no}.eli md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 5 - no -B"
+else
+ echo "not ok 5 - no -B"
+fi
+geli attach -p -k $keyfile md${no} 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 6 - no -B"
+else
+ echo "not ok 6 - no -B"
+fi
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 7 - no -B"
+else
+ echo "not ok 7 - no -B"
+fi
+geli detach md${no}
+rm -f /var/backups/md${no}.eli
+
+# -B file
+rm -f $backupfile
+geli init -B $backupfile -P -K $keyfile md${no} >/dev/null 2>&1
+if [ -f $backupfile ]; then
+ echo "ok 8 - -B file"
+else
+ echo "not ok 8 - -B file"
+fi
+geli clear md${no}
+geli attach -p -k $keyfile md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 9 - -B file"
+else
+ echo "not ok 9 - -B file"
+fi
+if [ ! -c /dev/md${no}.eli ]; then
+ echo "ok 10 - -B file"
+else
+ echo "not ok 10 - -B file"
+fi
+geli restore $backupfile md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 11 - -B file"
+else
+ echo "not ok 11 - -B file"
+fi
+geli attach -p -k $keyfile md${no} 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 12 - -B file"
+else
+ echo "not ok 12 - -B file"
+fi
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 13 - -B file"
+else
+ echo "not ok 13 - -B file"
+fi
+
+rm -f $backupfile $keyfile
diff --git a/tests/sys/geom/class/eli/init_J_test.sh b/tests/sys/geom/class/eli/init_J_test.sh
new file mode 100644
index 0000000..266a3d5
--- /dev/null
+++ b/tests/sys/geom/class/eli/init_J_test.sh
@@ -0,0 +1,126 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile0=`mktemp $base.XXXXXX` || exit 1
+keyfile1=`mktemp $base.XXXXXX` || exit 1
+passfile0=`mktemp $base.XXXXXX` || exit 1
+passfile1=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..150"
+
+dd if=/dev/random of=${keyfile0} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile0}
+dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile1}
+
+i=1
+for iter in -1 0 64; do
+ geli init -i ${iter} -B none -J ${passfile0} -P md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${passfile0} -p md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${keyfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${keyfile0} -k ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${passfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${passfile0} -k ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${keyfile0} | geli attach -j ${passfile0} -k - md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${passfile0} | geli attach -j - -k ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+
+ geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+ geli detach md${no} || echo -n "not "
+ echo "ok ${i}"; i=$((i+1))
+done
+
+rm -f ${keyfile0} ${keyfile1} ${passfile0} ${passfile1}
diff --git a/tests/sys/geom/class/eli/init_a_test.sh b/tests/sys/geom/class/eli/init_a_test.sh
new file mode 100644
index 0000000..dbb24fe
--- /dev/null
+++ b/tests/sys/geom/class/eli/init_a_test.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+
+echo "1..1380"
+
+i=1
+for cipher in aes:0 aes:128 aes:256 \
+ aes-xts:0 aes-xts:128 aes-xts:256 \
+ aes-cbc:0 aes-cbc:128 aes-cbc:192 aes-cbc:256 \
+ 3des:0 3des:192 \
+ 3des-cbc:0 3des-cbc:192 \
+ blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \
+ blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \
+ blowfish:416 blowfish:448 \
+ blowfish-cbc:0 blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 blowfish-cbc:224 \
+ blowfish-cbc:256 blowfish-cbc:288 blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \
+ blowfish-cbc:416 blowfish-cbc:448 \
+ camellia:0 camellia:128 camellia:192 camellia:256 \
+ camellia-cbc:0 camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+ for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do
+ for secsize in 512 1024 2048 4096 8192; do
+ rnd=`mktemp $base.XXXXXX` || exit 1
+ mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
+
+ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+ geli attach -p -k $keyfile md${no}
+
+ secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+
+ dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
+ dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+
+ md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
+ md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+
+ if [ ${md_rnd} = ${md_ddev} ]; then
+ echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ rm -f $rnd
+ mdconfig -d -u $no
+ done
+ done
+done
+
+rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/init_i_P_test.sh b/tests/sys/geom/class/eli/init_i_P_test.sh
new file mode 100644
index 0000000..1c59a97
--- /dev/null
+++ b/tests/sys/geom/class/eli/init_i_P_test.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..1"
+
+dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -i 64 -P -K ${keyfile} md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+
+rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/init_test.sh b/tests/sys/geom/class/eli/init_test.sh
new file mode 100644
index 0000000..71dd6e2
--- /dev/null
+++ b/tests/sys/geom/class/eli/init_test.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+
+echo "1..460"
+
+i=1
+for cipher in aes:0 aes:128 aes:256 \
+ aes-xts:0 aes-xts:128 aes-xts:256 \
+ aes-cbc:0 aes-cbc:128 aes-cbc:192 aes-cbc:256 \
+ 3des:0 3des:192 \
+ 3des-cbc:0 3des-cbc:192 \
+ blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \
+ blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \
+ blowfish:416 blowfish:448 \
+ blowfish-cbc:0 blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 blowfish-cbc:224 \
+ blowfish-cbc:256 blowfish-cbc:288 blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \
+ blowfish-cbc:416 blowfish-cbc:448 \
+ camellia:0 camellia:128 camellia:192 camellia:256 \
+ camellia-cbc:0 camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+ for secsize in 512 1024 2048 4096 8192; do
+ rnd=`mktemp $base.XXXXXX` || exit 1
+ mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
+
+ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+ geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+ geli attach -p -k $keyfile md${no}
+
+ secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+
+ dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
+ dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+
+ md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
+ md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+ md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5`
+
+ if [ ${md_rnd} = ${md_ddev} ]; then
+ echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+ if [ ${md_rnd} != ${md_edev} ]; then
+ echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ rm -f $rnd
+ mdconfig -d -u $no
+ done
+done
+
+rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/integrity_copy_test.sh b/tests/sys/geom/class/eli/integrity_copy_test.sh
new file mode 100644
index 0000000..4c8efd3
--- /dev/null
+++ b/tests/sys/geom/class/eli/integrity_copy_test.sh
@@ -0,0 +1,99 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+sector=`mktemp $base.XXXXXX` || exit 1
+
+echo "1..5520"
+
+i=1
+for cipher in aes:0 aes:128 aes:256 \
+ aes-xts:0 aes-xts:128 aes-xts:256 \
+ aes-cbc:0 aes-cbc:128 aes-cbc:192 aes-cbc:256 \
+ 3des:0 3des:192 \
+ 3des-cbc:0 3des-cbc:192 \
+ blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \
+ blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \
+ blowfish:416 blowfish:448 \
+ blowfish-cbc:0 blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 blowfish-cbc:224 \
+ blowfish-cbc:256 blowfish-cbc:288 blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \
+ blowfish-cbc:416 blowfish-cbc:448 \
+ camellia:0 camellia:128 camellia:192 camellia:256 \
+ camellia-cbc:0 camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+ for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do
+ for secsize in 512 1024 2048 4096 8192; do
+ #mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1
+ mdconfig -a -t malloc -s $sectors -u $no || exit 1
+
+ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+ geli attach -p -k $keyfile md${no}
+
+ dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+
+ dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ # Copy first small sector to the second small sector.
+ # This should be detected as corruption.
+ dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
+ dd if=${sector} of=/dev/md${no} bs=512 count=1 seek=1 >/dev/null 2>&1
+ geli attach -p -k $keyfile md${no}
+
+ dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ ms=`diskinfo /dev/md${no} | awk '{print $3 - 512}'`
+ ns=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+ usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
+
+ dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1
+
+ dd if=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ # Copy first big sector to the second big sector.
+ # This should be detected as corruption.
+ dd if=/dev/md${no} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1
+ dd if=${sector} of=/dev/md${no} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1
+ geli attach -p -k $keyfile md${no}
+
+ dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ mdconfig -d -u $no
+ done
+ done
+done
+
+rm -f $keyfile $sector
diff --git a/tests/sys/geom/class/eli/integrity_data_test.sh b/tests/sys/geom/class/eli/integrity_data_test.sh
new file mode 100644
index 0000000..7ea7c96b
--- /dev/null
+++ b/tests/sys/geom/class/eli/integrity_data_test.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+sector=`mktemp $base.XXXXXX` || exit 1
+
+echo "1..2760"
+
+i=1
+for cipher in aes:0 aes:128 aes:256 \
+ aes-xts:0 aes-xts:128 aes-xts:256 \
+ aes-cbc:0 aes-cbc:128 aes-cbc:192 aes-cbc:256 \
+ 3des:0 3des:192 \
+ 3des-cbc:0 3des-cbc:192 \
+ blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \
+ blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \
+ blowfish:416 blowfish:448 \
+ blowfish-cbc:0 blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 blowfish-cbc:224 \
+ blowfish-cbc:256 blowfish-cbc:288 blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \
+ blowfish-cbc:416 blowfish-cbc:448 \
+ camellia:0 camellia:128 camellia:192 camellia:256 \
+ camellia-cbc:0 camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+ for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do
+ for secsize in 512 1024 2048 4096 8192; do
+ mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1
+
+ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+ geli attach -p -k $keyfile md${no}
+
+ dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+
+ dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ # Corrupt 8 bytes of data.
+ dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
+ dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1
+ dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1
+ geli attach -p -k $keyfile md${no}
+
+ dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ mdconfig -d -u $no
+ done
+ done
+done
+
+rm -f $keyfile $sector
diff --git a/tests/sys/geom/class/eli/integrity_hmac_test.sh b/tests/sys/geom/class/eli/integrity_hmac_test.sh
new file mode 100644
index 0000000..243eac9
--- /dev/null
+++ b/tests/sys/geom/class/eli/integrity_hmac_test.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+sector=`mktemp $base.XXXXXX` || exit 1
+
+echo "1..2760"
+
+i=1
+for cipher in aes:0 aes:128 aes:256 \
+ aes-xts:0 aes-xts:128 aes-xts:256 \
+ aes-cbc:0 aes-cbc:128 aes-cbc:192 aes-cbc:256 \
+ 3des:0 3des:192 \
+ 3des-cbc:0 3des-cbc:192 \
+ blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \
+ blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \
+ blowfish:416 blowfish:448 \
+ blowfish-cbc:0 blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 blowfish-cbc:224 \
+ blowfish-cbc:256 blowfish-cbc:288 blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \
+ blowfish-cbc:416 blowfish-cbc:448 \
+ camellia:0 camellia:128 camellia:192 camellia:256 \
+ camellia-cbc:0 camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+ for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do
+ for secsize in 512 1024 2048 4096 8192; do
+ mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1
+
+ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+ geli attach -p -k $keyfile md${no}
+
+ dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+
+ dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ # Corrupt 8 bytes of HMAC.
+ dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
+ dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1
+ dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1
+ geli attach -p -k $keyfile md${no}
+
+ dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ mdconfig -d -u $no
+ done
+ done
+done
+
+rm -f $keyfile $sector
diff --git a/tests/sys/geom/class/eli/kill_test.sh b/tests/sys/geom/class/eli/kill_test.sh
new file mode 100644
index 0000000..ccced9f
--- /dev/null
+++ b/tests/sys/geom/class/eli/kill_test.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile1=`mktemp $base.XXXXXX` || exit 1
+keyfile2=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..9"
+
+dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -P -K $keyfile1 md${no}
+geli attach -p -k $keyfile1 md${no}
+geli setkey -n 1 -P -K $keyfile2 md${no}
+
+# Kill attached provider.
+geli kill md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+sleep 1
+# Provider should be automatically detached.
+if [ ! -c /dev/md{$no}.eli ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+
+# We cannot use keyfile1 anymore.
+geli attach -p -k $keyfile1 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+
+# We cannot use keyfile2 anymore.
+geli attach -p -k $keyfile2 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 4"
+else
+ echo "not ok 4"
+fi
+
+geli init -B none -P -K $keyfile1 md${no}
+geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 md${no}
+
+# Should be possible to attach with keyfile1.
+geli attach -p -k $keyfile1 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 5"
+else
+ echo "not ok 5"
+fi
+geli detach md${no}
+
+# Should be possible to attach with keyfile2.
+geli attach -p -k $keyfile2 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 6"
+else
+ echo "not ok 6"
+fi
+geli detach md${no}
+
+# Kill detached provider.
+geli kill md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 7"
+else
+ echo "not ok 7"
+fi
+
+# We cannot use keyfile1 anymore.
+geli attach -p -k $keyfile1 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 8"
+else
+ echo "not ok 8"
+fi
+
+# We cannot use keyfile2 anymore.
+geli attach -p -k $keyfile2 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 9"
+else
+ echo "not ok 9"
+fi
+
+rm -f $keyfile1 $keyfile2
diff --git a/tests/sys/geom/class/eli/nokey_test.sh b/tests/sys/geom/class/eli/nokey_test.sh
new file mode 100644
index 0000000..f32e1a4
--- /dev/null
+++ b/tests/sys/geom/class/eli/nokey_test.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..8"
+
+geli init -B none -P md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+
+dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -P -K ${keyfile} md${no} 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+geli attach -p md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+geli attach -p -k ${keyfile} md${no} 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 4"
+else
+ echo "not ok 4"
+fi
+geli setkey -n 0 -P md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 5"
+else
+ echo "not ok 5"
+fi
+geli detach md${no} 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 6"
+else
+ echo "not ok 6"
+fi
+geli setkey -n 0 -p -P -K ${keyfile} md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 7"
+else
+ echo "not ok 7"
+fi
+geli setkey -n 0 -p -k ${keyfile} -P md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 8"
+else
+ echo "not ok 8"
+fi
+
+rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/onetime_a_test.sh b/tests/sys/geom/class/eli/onetime_a_test.sh
new file mode 100644
index 0000000..4e26dfb
--- /dev/null
+++ b/tests/sys/geom/class/eli/onetime_a_test.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+
+echo "1..1380"
+
+i=1
+for cipher in aes:0 aes:128 aes:256 \
+ aes-xts:0 aes-xts:128 aes-xts:256 \
+ aes-cbc:0 aes-cbc:128 aes-cbc:192 aes-cbc:256 \
+ 3des:0 3des:192 \
+ 3des-cbc:0 3des-cbc:192 \
+ blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \
+ blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \
+ blowfish:416 blowfish:448 \
+ blowfish-cbc:0 blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 blowfish-cbc:224 \
+ blowfish-cbc:256 blowfish-cbc:288 blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \
+ blowfish-cbc:416 blowfish-cbc:448 \
+ camellia:0 camellia:128 camellia:192 camellia:256 \
+ camellia-cbc:0 camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+ for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do
+ for secsize in 512 1024 2048 4096 8192; do
+ rnd=`mktemp $base.XXXXXX` || exit 1
+ mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
+
+ geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null
+
+ secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+
+ dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
+ dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+
+ md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
+ md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+
+ if [ ${md_rnd} = ${md_ddev} ]; then
+ echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ rm -f $rnd
+ mdconfig -d -u $no
+ done
+ done
+done
diff --git a/tests/sys/geom/class/eli/onetime_d_test.sh b/tests/sys/geom/class/eli/onetime_d_test.sh
new file mode 100644
index 0000000..51a6abb
--- /dev/null
+++ b/tests/sys/geom/class/eli/onetime_d_test.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+mdconfig -a -t malloc -s $sectors -u $no || exit 1
+
+echo "1..3"
+
+geli onetime -d md${no}
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+# Be sure it doesn't detach on read.
+dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+sleep 1
+if [ -c /dev/md${no}.eli ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+true > /dev/md${no}.eli
+sleep 1
+if [ ! -c /dev/md${no}.eli ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+
+mdconfig -d -u $no
diff --git a/tests/sys/geom/class/eli/onetime_test.sh b/tests/sys/geom/class/eli/onetime_test.sh
new file mode 100644
index 0000000..17061d0
--- /dev/null
+++ b/tests/sys/geom/class/eli/onetime_test.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+
+echo "1..460"
+
+i=1
+for cipher in aes:0 aes:128 aes:256 \
+ aes-xts:0 aes-xts:128 aes-xts:256 \
+ aes-cbc:0 aes-cbc:128 aes-cbc:192 aes-cbc:256 \
+ 3des:0 3des:192 \
+ 3des-cbc:0 3des-cbc:192 \
+ blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \
+ blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \
+ blowfish:416 blowfish:448 \
+ blowfish-cbc:0 blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 blowfish-cbc:224 \
+ blowfish-cbc:256 blowfish-cbc:288 blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \
+ blowfish-cbc:416 blowfish-cbc:448 \
+ camellia:0 camellia:128 camellia:192 camellia:256 \
+ camellia-cbc:0 camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+ for secsize in 512 1024 2048 4096 8192; do
+ rnd=`mktemp $base.XXXXXX` || exit 1
+ mdconfig -a -t malloc -s `expr $secsize \* $sectors`b -u $no || exit 1
+
+ geli onetime -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null
+
+ secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+
+ dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
+ dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+
+ md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
+ md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+ md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5`
+
+ if [ ${md_rnd} = ${md_ddev} ]; then
+ echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+ if [ ${md_rnd} != ${md_edev} ]; then
+ echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ else
+ echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ i=$((i+1))
+
+ geli detach md${no}
+ rm -f $rnd
+ mdconfig -d -u $no
+ done
+done
diff --git a/tests/sys/geom/class/eli/readonly_test.sh b/tests/sys/geom/class/eli/readonly_test.sh
new file mode 100644
index 0000000..721ad62
--- /dev/null
+++ b/tests/sys/geom/class/eli/readonly_test.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+keyfile=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..11"
+
+dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -P -K $keyfile md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+
+geli attach -r -p -k $keyfile md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+
+sh -c "true >/dev/md${no}.eli" 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+
+geli kill md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 4"
+else
+ echo "not ok 4"
+fi
+
+# kill should detach provider...
+if [ ! -c /dev/md{$no}.eli ]; then
+ echo "ok 5"
+else
+ echo "not ok 5"
+fi
+
+# ...but not destroy the metadata.
+geli attach -r -p -k $keyfile md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 6"
+else
+ echo "not ok 6"
+fi
+
+geli setkey -n 1 -P -K /dev/null md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 7"
+else
+ echo "not ok 7"
+fi
+
+geli delkey -n 0 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 8"
+else
+ echo "not ok 8"
+fi
+
+geli delkey -f -n 0 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 9"
+else
+ echo "not ok 9"
+fi
+
+geli list md${no}.eli | egrep '^Flags: .*READ-ONLY' >/dev/null
+if [ $? -eq 0 ]; then
+ echo "ok 10"
+else
+ echo "not ok 10"
+fi
+
+geli detach md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 11"
+else
+ echo "not ok 11"
+fi
+
+mdconfig -d -u $no
+rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/resize_test.sh b/tests/sys/geom/class/eli/resize_test.sh
new file mode 100644
index 0000000..67d6291
--- /dev/null
+++ b/tests/sys/geom/class/eli/resize_test.sh
@@ -0,0 +1,148 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+echo 1..27
+
+BLK=512
+BLKS_PER_MB=2048
+
+md=$(mdconfig -s40m) || exit 1
+unit=${md#md}
+i=1
+
+setsize() {
+ partszMB=$1 unitszMB=$2
+
+ {
+ echo a: $(($partszMB * $BLKS_PER_MB)) 0 4.2BSD 1024 8192
+ echo c: $(($unitszMB * $BLKS_PER_MB)) 0 unused 0 0
+ } | disklabel -R $md /dev/stdin
+}
+
+# Initialise
+
+setsize 10 40 || echo -n "not "
+echo ok $i - "Sized ${md}a to 10m"
+i=$((i + 1))
+
+echo secret >tmp.key
+geli init -Bnone -PKtmp.key ${md}a || echo -n "not "
+echo ok $i - "Initialised geli on ${md}a"
+i=$((i + 1))
+geli attach -pk tmp.key ${md}a || echo -n "not "
+echo ok $i - "Attached ${md}a as ${md}a.eli"
+i=$((i + 1))
+
+newfs -U ${md}a.eli >/dev/null || echo -n "not "
+echo ok $i - "Initialised the filesystem on ${md}a.eli"
+i=$((i + 1))
+out=$(fsck -tufs -y ${md}a.eli)
+echo "$out" | fgrep -q MODIFIED && echo -n "not "
+echo ok $i - "fsck says ${md}a.eli is clean," $(echo $(echo "$out" | wc -l)) \
+ "lines of output"
+i=$((i + 1))
+
+
+# Doing a backup, resize & restore must be forced (with -f) as geli
+# verifies that the provider size in the metadata matches the consumer.
+
+geli backup ${md}a tmp.meta || echo -n "not "
+echo ok $i - "Backed up ${md}a metadata"
+i=$((i + 1))
+
+geli detach ${md}a.eli || echo -n "not "
+echo ok $i - "Detached ${md}a.eli"
+i=$((i + 1))
+
+setsize 20 40 || echo -n "not "
+echo ok $i - "Sized ${md}a to 20m"
+i=$((i + 1))
+geli attach -pktmp.key ${md}a && echo -n "not "
+echo ok $i - "Attaching ${md}a fails after resizing the consumer"
+i=$((i + 1))
+
+geli restore tmp.meta ${md}a && echo -n "not "
+echo ok $i - "Restoring metadata on ${md}a.eli fails without -f"
+i=$((i + 1))
+geli restore -f tmp.meta ${md}a || echo -n "not "
+echo ok $i - "Restoring metadata on ${md}a.eli can be forced"
+i=$((i + 1))
+
+geli attach -pktmp.key ${md}a || echo -n "not "
+echo ok $i - "Attaching ${md}a is now possible"
+i=$((i + 1))
+
+growfs -y ${md}a.eli >/dev/null || echo -n "not "
+echo ok $i - "Extended the filesystem on ${md}a.eli"
+i=$((i + 1))
+
+out=$(fsck -tufs -y ${md}a.eli)
+echo "$out" | fgrep -q MODIFIED && echo -n "not "
+echo ok $i - "fsck says ${md}a.eli is clean," $(echo $(echo "$out" | wc -l)) \
+ "lines of output"
+i=$((i + 1))
+
+
+# Now do the resize properly
+
+geli detach ${md}a.eli || echo -n "not "
+echo ok $i - "Detached ${md}a.eli"
+i=$((i + 1))
+
+setsize 30 40 || echo -n "not "
+echo ok $i - "Sized ${md}a to 30m"
+i=$((i + 1))
+
+geli resize -s20m ${md}a || echo -n "not "
+echo ok $i - "Resizing works ok"
+i=$((i + 1))
+geli resize -s20m ${md}a && echo -n "not "
+echo ok $i - "Resizing doesn't work a 2nd time (no old metadata)"
+i=$((i + 1))
+
+geli attach -pktmp.key ${md}a || echo -n "not "
+echo ok $i - "Attaching ${md}a works ok"
+i=$((i + 1))
+
+growfs -y ${md}a.eli >/dev/null || echo -n "not "
+echo ok $i - "Extended the filesystem on ${md}a.eli"
+i=$((i + 1))
+
+out=$(fsck -tufs -y ${md}a.eli)
+echo "$out" | fgrep -q MODIFIED && echo -n "not "
+echo ok $i - "fsck says ${md}a.eli is clean," $(echo $(echo "$out" | wc -l)) \
+ "lines of output"
+i=$((i + 1))
+
+geli detach ${md}a.eli
+gpart destroy -F $md >/dev/null
+
+
+# Verify that the man page example works, changing ada0 to $md,
+# 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none
+# to geli init.
+
+gpart create -s GPT $md || echo -n "not "
+echo ok $i - "Installed a GPT on ${md}"
+i=$((i + 1))
+gpart add -s 20m -t freebsd-ufs -i 1 $md || echo -n "not "
+echo ok $i - "Added a 20m partition in slot 1"
+i=$((i + 1))
+geli init -B none -K tmp.key -P ${md}p1 || echo -n "not "
+echo ok $i - "Initialised geli on ${md}p1"
+i=$((i + 1))
+gpart resize -s 30m -i 1 $md || echo -n "not "
+echo ok $i - "Resized partition ${md}p1 to 30m"
+i=$((i + 1))
+geli resize -s 20m ${md}p1 || echo -n "not "
+echo ok $i - "Resized geli on ${md}p1 to 30m"
+i=$((i + 1))
+geli attach -k tmp.key -p ${md}p1 || echo -n "not "
+echo ok $i - "Attached ${md}p1.eli"
+i=$((i + 1))
+
+geli detach ${md}p1.eli
+
+rm tmp.*
diff --git a/tests/sys/geom/class/eli/setkey_test.sh b/tests/sys/geom/class/eli/setkey_test.sh
new file mode 100644
index 0000000..458100c
--- /dev/null
+++ b/tests/sys/geom/class/eli/setkey_test.sh
@@ -0,0 +1,156 @@
+#!/bin/sh
+# $FreeBSD$
+
+. $(dirname $0)/conf.sh
+
+base=`basename $0`
+sectors=100
+rnd=`mktemp $base.XXXXXX` || exit 1
+keyfile1=`mktemp $base.XXXXXX` || exit 1
+keyfile2=`mktemp $base.XXXXXX` || exit 1
+keyfile3=`mktemp $base.XXXXXX` || exit 1
+keyfile4=`mktemp $base.XXXXXX` || exit 1
+keyfile5=`mktemp $base.XXXXXX` || exit 1
+mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+
+echo "1..16"
+
+dd if=/dev/random of=${rnd} bs=512 count=${sectors} >/dev/null 2>&1
+hash1=`dd if=${rnd} bs=512 count=${sectors} 2>/dev/null | md5`
+dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
+dd if=/dev/random of=${keyfile5} bs=512 count=16 >/dev/null 2>&1
+
+geli init -B none -P -K $keyfile1 md${no}
+geli attach -p -k $keyfile1 md${no}
+
+dd if=${rnd} of=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null
+rm -f $rnd
+hash2=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+
+# Change current key (0) for attached provider.
+geli setkey -P -K $keyfile2 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 1"
+else
+ echo "not ok 1"
+fi
+geli detach md${no}
+
+# We cannot use keyfile1 anymore.
+geli attach -p -k $keyfile1 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 2"
+else
+ echo "not ok 2"
+fi
+
+# Attach with new key.
+geli attach -p -k $keyfile2 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 3"
+else
+ echo "not ok 3"
+fi
+hash3=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+
+# Change key 1 for attached provider.
+geli setkey -n 1 -P -K $keyfile3 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 4"
+else
+ echo "not ok 4"
+fi
+geli detach md${no}
+
+# Attach with key 1.
+geli attach -p -k $keyfile3 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 5"
+else
+ echo "not ok 5"
+fi
+hash4=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach md${no}
+
+# Change current (1) key for detached provider.
+geli setkey -p -k $keyfile3 -P -K $keyfile4 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 6"
+else
+ echo "not ok 6"
+fi
+
+# We cannot use keyfile3 anymore.
+geli attach -p -k $keyfile3 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 7"
+else
+ echo "not ok 7"
+fi
+
+# Attach with key 1.
+geli attach -p -k $keyfile4 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 8"
+else
+ echo "not ok 8"
+fi
+hash5=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach md${no}
+
+# Change key 0 for detached provider.
+geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 9"
+else
+ echo "not ok 9"
+fi
+
+# We cannot use keyfile2 anymore.
+geli attach -p -k $keyfile2 md${no} 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "ok 10"
+else
+ echo "not ok 10"
+fi
+
+# Attach with key 0.
+geli attach -p -k $keyfile5 md${no}
+if [ $? -eq 0 ]; then
+ echo "ok 11"
+else
+ echo "not ok 11"
+fi
+hash6=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach md${no}
+
+if [ ${hash1} = ${hash2} ]; then
+ echo "ok 12"
+else
+ echo "not ok 12"
+fi
+if [ ${hash1} = ${hash3} ]; then
+ echo "ok 13"
+else
+ echo "not ok 13"
+fi
+if [ ${hash1} = ${hash4} ]; then
+ echo "ok 14"
+else
+ echo "not ok 14"
+fi
+if [ ${hash1} = ${hash5} ]; then
+ echo "ok 15"
+else
+ echo "not ok 15"
+fi
+if [ ${hash1} = ${hash6} ]; then
+ echo "ok 16"
+else
+ echo "not ok 16"
+fi
+
+rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4 $keyfile5
OpenPOWER on IntegriCloud