geli: optimize tests

Reduce the geli tests' runtime by about a third:

* In integrity_test:copy, use a file-backed md(4) device instead of a
  malloc'd one.  That way we can corrupt the underlying storage without
  needing to detach and reattach the geli device.

* In integrity_test:{copy, hmac, data} and onetime_test:{onetime,
  onetime_a}, move reads of /dev/random out of the loop.

MFC after:	2 weeks
This commit is contained in:
Alan Somers 2018-01-08 00:10:45 +00:00
parent 4b6b56b32b
commit 1d23aa6ec7
3 changed files with 32 additions and 17 deletions

View File

@ -20,12 +20,22 @@ attach_md()
# func <cipher> <aalgo> <secsize>
for_each_geli_config() {
func=$1
backing_filename=$2
# Double the sector size to allow for the HMACs' storage space.
osecsize=$(( $MAX_SECSIZE * 2 ))
# geli needs 512B for the label.
bytes=`expr $osecsize \* $sectors + 512`b
md=$(attach_md -t malloc -s $bytes)
if [ -n "$backing_filename" ]; then
# Use a file-backed md(4) device, so we can deliberatly corrupt
# it without detaching the geli device first.
truncate -s $bytes backing_file
md=$(attach_md -t vnode -f backing_file)
else
md=$(attach_md -t malloc -s $bytes)
fi
for cipher in aes-xts:128 aes-xts:256 \
aes-cbc:128 aes-cbc:192 aes-cbc:256 \
3des-cbc:192 \

View File

@ -12,31 +12,32 @@ copy_test() {
-K keyfile -s $secsize ${md}
atf_check geli attach -p -k keyfile ${md}
atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 status=none
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none
atf_check geli detach ${md}
# Copy first small sector to the second small sector.
# This should be detected as corruption.
atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
atf_check dd if=sector of=/dev/${md} bs=512 count=1 seek=1 status=none
atf_check geli attach -p -k keyfile ${md}
atf_check dd if=backing_file of=sector bs=512 count=1 \
conv=notrunc status=none
atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \
conv=notrunc status=none
atf_check -s not-exit:0 -e ignore \
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
# Fix the corruption
atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 status=none
atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 status=none
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none
atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \
status=none
# Copy first big sector to the second big sector.
# This should be detected as corruption.
ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`
ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`
usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
atf_check geli detach ${md}
atf_check dd if=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 512 )) of=sector status=none
atf_check dd of=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 256 )) if=sector status=none
atf_check -s exit:0 -e ignore geli attach -p -k keyfile ${md}
atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \
seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none
atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \
seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none
atf_check -s not-exit:0 -e ignore \
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns
}
@ -55,7 +56,9 @@ copy_body()
sectors=2
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
for_each_geli_config copy_test
dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
for_each_geli_config copy_test backing_file
}
copy_cleanup()
{
@ -77,7 +80,7 @@ data_test() {
# Corrupt 8 bytes of data.
atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
atf_check dd if=/dev/random of=sector bs=1 count=8 seek=64 conv=notrunc status=none
atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none
atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none
atf_check geli attach -p -k keyfile ${md}
@ -100,6 +103,7 @@ data_body()
sectors=2
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
for_each_geli_config data_test
}
data_cleanup()
@ -121,7 +125,7 @@ hmac_test() {
# Corrupt 8 bytes of HMAC.
atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
atf_check dd if=/dev/random of=sector bs=1 count=16 conv=notrunc status=none
atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none
atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none
atf_check geli attach -p -k keyfile ${md}
@ -144,6 +148,7 @@ hmac_body()
sectors=2
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
for_each_geli_config hmac_test
}
hmac_cleanup()

View File

@ -10,7 +10,6 @@ onetime_test()
atf_check -s exit:0 -o ignore -e ignore \
geli onetime -e $ealgo -l $keylen -s $secsize ${md}
atf_check dd if=/dev/random of=rnd bs=${secsize} count=${sectors} status=none
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
@ -82,7 +81,8 @@ onetime_a_body()
. $(atf_get_srcdir)/conf.sh
sectors=8
atf_check dd if=/dev/random of=rnd bs=1024 count=1024 status=none
atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \
status=none
for_each_geli_config onetime_a_test
}
onetime_a_cleanup()