Fix geli's null cipher, and add a test case
PR: 247954 Submitted by: jhb (sys), asomers (tests) Reviewed by: jhb (tests), asomers (sys) MFC after: 2 weeks Sponsored by: Axcient
This commit is contained in:
parent
716df522b8
commit
aafaa8b794
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=363402
@ -536,13 +536,15 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
crp->crp_digest_start = 0;
|
||||
crp->crp_payload_start = sc->sc_alen;
|
||||
crp->crp_payload_length = data_secsize;
|
||||
crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
|
||||
if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) == 0) {
|
||||
crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
|
||||
encr_secsize);
|
||||
}
|
||||
g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
|
||||
sizeof(crp->crp_iv));
|
||||
if (g_eli_ivlen(sc->sc_ealgo) != 0) {
|
||||
crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
|
||||
g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
|
||||
sizeof(crp->crp_iv));
|
||||
}
|
||||
|
||||
g_eli_auth_keygen(sc, dstoff, authkey);
|
||||
crp->crp_auth_key = authkey;
|
||||
|
@ -281,13 +281,15 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *bp)
|
||||
|
||||
crp->crp_payload_start = 0;
|
||||
crp->crp_payload_length = secsize;
|
||||
crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
|
||||
if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0) {
|
||||
crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
|
||||
secsize);
|
||||
}
|
||||
g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
|
||||
sizeof(crp->crp_iv));
|
||||
if (g_eli_ivlen(sc->sc_ealgo) != 0) {
|
||||
crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
|
||||
g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
|
||||
sizeof(crp->crp_iv));
|
||||
}
|
||||
|
||||
error = crypto_dispatch(crp);
|
||||
KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",
|
||||
|
@ -130,9 +130,54 @@ onetime_d_cleanup()
|
||||
geli_test_cleanup
|
||||
}
|
||||
|
||||
atf_test_case onetime cleanup
|
||||
onetime_null_head()
|
||||
{
|
||||
atf_set "descr" "geli onetime can use the null cipher"
|
||||
atf_set "require.user" "root"
|
||||
}
|
||||
onetime_null_body()
|
||||
{
|
||||
geli_test_setup
|
||||
|
||||
sectors=100
|
||||
|
||||
dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
|
||||
|
||||
secsize=512
|
||||
ealgo=${cipher%%:*}
|
||||
keylen=${cipher##*:}
|
||||
|
||||
md=$(attach_md -t malloc -s 100k)
|
||||
|
||||
atf_check -s exit:0 -o ignore -e ignore \
|
||||
geli onetime -e null -s ${secsize} ${md}
|
||||
|
||||
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
|
||||
|
||||
md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
|
||||
atf_check_equal 0 $?
|
||||
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
|
||||
atf_check_equal 0 $?
|
||||
md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
|
||||
atf_check_equal 0 $?
|
||||
|
||||
if [ ${md_rnd} != ${md_ddev} ]; then
|
||||
atf_fail "geli did not return the original data"
|
||||
fi
|
||||
if [ ${md_rnd} != ${md_edev} ]; then
|
||||
atf_fail "geli encrypted the data even with the null cipher"
|
||||
fi
|
||||
}
|
||||
onetime_null_cleanup()
|
||||
{
|
||||
geli_test_cleanup
|
||||
}
|
||||
|
||||
atf_init_test_cases()
|
||||
{
|
||||
atf_add_test_case onetime
|
||||
atf_add_test_case onetime_a
|
||||
atf_add_test_case onetime_d
|
||||
atf_add_test_case onetime_null
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user