This change moves the tests added in r313962 to an existing directory
structure used by the geli TAP tests. It also, renames the test from
pbkdf2 to pbkdf2_test .
The changes to ObsoleteFiles.inc are being committed separately as they
aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests
is done all in one commit.
MFC after: 2 weeks
X-MFC with: r313962, r313972-r313973
Reviewed by: allanjude
Sponsored by: Dell EMC Isilon
Differential Revision: D9985
committed in r313972
The code committed in r313962 implicitly relies on python 2.x to generate
testvect.h . There are a handful of issues with this approach:
- python is not an explicit build dependency for FreeBSD
- python 2.x is deprecated and will be removed sometime in the future
(potentially before 11.x's EOL), and the script does not function with
python 3.5 (it uses deprecated idioms and incompatible function calls).
- python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and
gentestvect.py is a dependency of testvect.h (prior to r313972) which
means that if the mtime of the generator script was newer than the
mtime of the test vector, it could cause a spurious build failure in
build time or at install time.
A better solution using C/C++ should be devised.
Discussed with: allanjude
MFC after: 2 weeks
X-MFC with: r313962, r313972
Sponsored by: Dell EMC Isilon
Using relative paths imply working directory (in this case .OBJDIR), whereas the
sources live in the .CURDIR-relative path.
MFC after: 2 weeks
X-MFC with: r313962
Pointyhat to: allanjude
Sponsored by: Dell EMC Isilon
The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be
GELI's PBKDF2 uses a simple benchmark to determine a number of iterations
that will takes approximately 2 seconds. The security provided is actually
half what is expected, because an attacker could use the optimized
algorithm to brute force the key in half the expected time.
With this change, all newly generated GELI keys will be approximately 2x
as strong. Previously generated keys will talk half as long to calculate,
resulting in faster mounting of encrypted volumes. Users may choose to
rekey, to generate a new key with the larger default number of iterations
using the geli(8) setkey command.
Security of existing data is not compromised, as ~1 second per brute force
attempt is still a very high threshold.
PR: 202365
Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/
Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version)
Reviewed by: ed, pjd, delphij
Approved by: secteam, pjd (maintainer)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D8236
results of commands
As noted in r313008, the underlying issue was that geom_gate device
creation wasn't created at ggatel command completion, but some short
time after. ggatec(8) employs similar logic when creating geom_gate(4)
devices.
Switch from retry loops (after the ggatec/dd write calls) to
wait_for_ggate_device function calls after calling ggatec(8) instead
to detect the presence of the /dev/ggate* device, as this function is
sufficient for determining whether or not the character device is ready
for testing
While here, use atf_check consistently with all dd calls to ensure that
data output is as expected.
MFC after: 1 week
Reviewed by: asomers
Differential Revision: D9409
Sponsored by: Dell EMC Isilon
The test assumed that `ggatel create` created a device on completion, but that's
incorrect. This squashes the race by waiting for the device to appear, as
`ggatel create` daemonizes before issuing an ioctl to geom_gate(4) if not called
with `-v`.
Discussed with: asomers
MFC after: 1 week
PR: 204616
Sponsored by: Dell EMC Isilon
This ensures their cleanup routines will be run even if they should timeout.
tests/sys/geom/class/gate/ggate_test.sh
tests/sys/geom/class/gate/Makefile
Add an ATF test with three testcases, one for each TAP test. Use
ATF-style cleanup functions, and convert sleeps to polling loops.
ObsoleteFiles.inc
tests/sys/geom/class/gate/conf.sh
tests/sys/geom/class/gate/1_test.sh
tests/sys/geom/class/gate/2_test.sh
tests/sys/geom/class/gate/3_test.sh
Delete TAP test files
Reviewed by: ngie
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D8891
Also, add test cases for the -p, -P, and -s options to gnop create
Reviewed by: ngie
MFC after: 4 weeks
Differential Revision: https://reviews.freebsd.org/D8892
There is no reduction in test coverage. On my system runtime is reduced
from 38m32s to 6m24s.
tests/sys/geom/class/eli/conf.sh
tests/sys/geom/class/eli/init_a_test.sh
tests/sys/geom/class/eli/init_test.sh
tests/sys/geom/class/eli/integrity_copy_test.sh
tests/sys/geom/class/eli/integrity_data_test.sh
tests/sys/geom/class/eli/integrity_hmac_test.sh
tests/sys/geom/class/eli/onetime_a_test.sh
tests/sys/geom/class/eli/onetime_test.sh
Move the looping code into common functions in conf.sh, and remove
alias ciphers from the list.
tests/sys/geom/class/eli/init_a_test.sh
tests/sys/geom/class/eli/init_test.sh
tests/sys/geom/class/eli/integrity_copy_test.sh
tests/sys/geom/class/eli/integrity_data_test.sh
tests/sys/geom/class/eli/integrity_hmac_test.sh
tests/sys/geom/class/eli/onetime_a_test.sh
Move a few commands that don't need to be in the inner loop out.
tests/sys/geom/class/eli/init_test.sh
tests/sys/geom/class/eli/onetime_a_test.sh
Reduce the sector count
tests/sys/geom/class/eli/Makefile
tests/sys/geom/class/eli/init_alias_test.sh
Add a test for initializing a GELI device using one of the cipher
aliases, and check that the alias is correctly interpreted.
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D8814
have both big and little-endian images in tree).
Also we don't known the endianness of the platform the
image was generated on.
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
after r298107
Summary of changes:
- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
namespacing is kept with FILES appropriately, and that this shouldn't need
to be repeated if the namespace changes -- only the definition of PACKAGE
needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
`tests`. In the event we get to the point where things can be split up
enough in the base system, it would make more sense to group the tests
with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)
Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.
MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
root, or the geom class can't be loaded cleanly [*]
This makes sure that scenarios that are easy to hit aren't counted
as false positives with kyua test
MFC after: 1 week
PR: 208101
Sponsored by: EMC / Isilon Storage Division
before calling dd to defeat a race when writing out to the geom_gate(4)
device
MFC after: 1 month
Reported by: Jenkins
Sponsored by: EMC / Isilon Storage Division
ggated(8) daemon used by the tests is the instance specifically invoked by
the tests instead of one or more daemon instances running on the system
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
dd to defeat a race when writing out to the geom_gate(4) device
This will quell the Jenkins failure emails until I come up with a better
solution
MFC after: 1 month
Reported by: Jenkins
Sponsored by: EMC / Isilon Storage Division
tools/regression/geom_{concat,eli,gate,mirror,nop,raid3,shsec,stripe,uzip}
in to the FreeBSD test suite as
tests/sys/geom/class/{concat,eli,gate,mirror,nop,raid3,shsec,stripe,uzip}
The tools/regression/geom and tools/regression/geom_part testcases are being
left alone because both test sets are both currently broken.
The majority of this work was done on ^/user/ngie/more-tests2 . The differences
are as follows:
- tests/sys/geom/class/Makefile.inc is not present; it was
inlined into the class's Makefiles for explicitness.
- The testcases officially require root via kyua
- The geom_gate(4) tests don't use the pidfile changes proposed in
https://reviews.freebsd.org/D4836 .
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
