d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

geli: convert most tests from TAP to ATF

Browse Source 
I'm leaving readonly_test and nokey_test alone for now. In a future commit
they should be broken up into several smaller test cases and distributed
between multiple files.

Reviewed by:	ngie
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D13717
This commit is contained in:
Alan Somers 2018-01-07 00:44:22 +00:00
parent 98b306dcfd
commit f397a004de
26 changed files with 1104 additions and 1379 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ObsoleteFiles.inc
View File

@ -38,6 +38,20 @@
# xargs -n1 | sort | uniq -d;
# done
# 20180106: Convert most geli(8) tests to ATF
OLD_FILES+=tests/sys/geom/class/eli/attach_d_test.sh
OLD_FILES+=tests/sys/geom/class/eli/configure_b_B_test.sh
OLD_FILES+=tests/sys/geom/class/eli/detach_l_test.sh
OLD_FILES+=tests/sys/geom/class/eli/init_B_test.sh
OLD_FILES+=tests/sys/geom/class/eli/init_J_test.sh
OLD_FILES+=tests/sys/geom/class/eli/init_a_test.sh
OLD_FILES+=tests/sys/geom/class/eli/init_alias_test.sh
OLD_FILES+=tests/sys/geom/class/eli/init_i_P_test.sh
OLD_FILES+=tests/sys/geom/class/eli/integrity_copy_test.sh
OLD_FILES+=tests/sys/geom/class/eli/integrity_data_test.sh
OLD_FILES+=tests/sys/geom/class/eli/integrity_hmac_test.sh
OLD_FILES+=tests/sys/geom/class/eli/onetime_a_test.sh
OLD_FILES+=tests/sys/geom/class/eli/onetime_d_test.sh
# 20171230: Remove /etc/skel from mtree
OLD_DIRS+=/etc/skel
# 20171208: Remove basename_r(3)

36
tests/sys/geom/class/eli/Makefile
View File

@ -7,36 +7,20 @@ PACKAGE= tests
TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T}
ATF_TESTS_C= pbkdf2_test
ATF_TESTS_SH+= attach_test
ATF_TESTS_SH+= configure_test
ATF_TESTS_SH+= delkey_test
ATF_TESTS_SH+= detach_test
ATF_TESTS_SH+= init_test
ATF_TESTS_SH+= integrity_test
ATF_TESTS_SH+= kill_test
ATF_TESTS_SH+= onetime_test
ATF_TESTS_SH+= resize_test
ATF_TESTS_SH+= setkey_test
TAP_TESTS_SH+= attach_d_test
TAP_TESTS_SH+= configure_b_B_test
TAP_TESTS_SH+= delkey_test
TAP_TESTS_SH+= detach_l_test
TAP_TESTS_SH+= init_B_test
TAP_TESTS_SH+= init_J_test
TAP_TESTS_SH+= init_a_test
TAP_TESTS_SH+= init_alias_test
TAP_TESTS_SH+= init_i_P_test
TAP_TESTS_SH+= init_test
TAP_TESTS_SH+= integrity_copy_test
TAP_TESTS_SH+= integrity_data_test
TAP_TESTS_SH+= integrity_hmac_test
TAP_TESTS_SH+= kill_test
TAP_TESTS_SH+= nokey_test
TAP_TESTS_SH+= onetime_a_test
TAP_TESTS_SH+= onetime_d_test
TAP_TESTS_SH+= onetime_test
TAP_TESTS_SH+= readonly_test
TAP_TESTS_SH+= resize_test
TAP_TESTS_SH+= setkey_test
TEST_METADATA.init_a_test+= timeout="3600"
TEST_METADATA.init_test+= timeout="600"
TEST_METADATA.integrity_copy_test+= timeout="3600"
TEST_METADATA.integrity_data_test+= timeout="1800"
TEST_METADATA.integrity_hmac_test+= timeout="1800"
TEST_METADATA.onetime_a_test+= timeout="1800"
TEST_METADATA.onetime_test+= timeout="1800"
${PACKAGE}FILES+= conf.sh

38
tests/sys/geom/class/eli/attach_d_test.sh
View File

@ -1,38 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
keyfile=`mktemp $base.XXXXXX` || exit 1
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..3"
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
geli init -B none -P -K $keyfile ${md}
geli attach -d -p -k $keyfile ${md}
if [ -c /dev/${md}.eli ]; then
echo "ok 1"
else
echo "not ok 1"
fi
# Be sure it doesn't detach on read.
dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
sleep 1
if [ -c /dev/${md}.eli ]; then
echo "ok 2"
else
echo "not ok 2"
fi
true > /dev/${md}.eli
sleep 1
if [ ! -c /dev/${md}.eli ]; then
echo "ok 3"
else
echo "not ok 3"
fi
rm -f $keyfile

45
tests/sys/geom/class/eli/attach_test.sh Executable file
View File

@ -0,0 +1,45 @@
# $FreeBSD$
atf_test_case attach_d cleanup
attach_d_head()
{
atf_set "descr" "geli attach -d will cause the provider to detach on last close"
atf_set "require.user" "root"
}
attach_d_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
atf_check geli init -B none -P -K keyfile ${md}
atf_check geli attach -d -p -k keyfile ${md}
# Be sure it doesn't detach on read.
atf_check dd if=/dev/${md}.eli of=/dev/null status=none
sleep 1
if [ ! -c /dev/${md}.eli ]; then
atf_fail "Detached on last close of a reader"
fi
# It should detach on last close of a writer
true > /dev/${md}.eli
sleep 1
if [ -c /dev/${md}.eli ]; then
atf_fail "Did not detach on last close of a writer"
fi
}
attach_d_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_init_test_cases()
{
atf_add_test_case attach_d
}

23
tests/sys/geom/class/eli/conf.sh
View File

@ -2,7 +2,18 @@
# $FreeBSD$
class="eli"
base=`basename $0`
base=$(atf_get ident)
[ -z "$base" ] && base=`basename $0` # for TAP compatibility
TEST_MDS_FILE=md.devs
attach_md()
{
local test_md
test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)"
echo $test_md >> $TEST_MDS_FILE || exit
echo $test_md
}
# Execute `func` for each combination of cipher, sectorsize, and hmac algo
# `func` usage should be:
@ -23,7 +34,11 @@ for_each_geli_config() {
for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \
hmac/sha384 hmac/sha512; do
for secsize in 512 1024 2048 4096 8192; do
bytes=`expr $secsize \* $sectors + 512`b
# Double the requested sector size to allow
# for the HMACs' storage space.
osecsize=$(( $secsize * 2 ))
# geli needs 512B for the label.
bytes=`expr $osecsize \* $sectors + 512`b
md=$(attach_md -t malloc -s $bytes)
${func} $cipher $aalgo $secsize
geli detach ${md} 2>/dev/null
@ -50,6 +65,7 @@ for_each_geli_config_nointegrity() {
ealgo=${cipher%%:*}
keylen=${cipher##*:}
for secsize in 512 1024 2048 4096 8192; do
# geli needs 512B for the label.
bytes=`expr $secsize \* $sectors + 512`b
md=$(attach_md -t malloc -s $bytes)
${func} $cipher $secsize
@ -69,8 +85,9 @@ geli_test_cleanup()
mdconfig -d -u $md 2>/dev/null
done < $TEST_MDS_FILE
fi
rm -f "$TEST_MDS_FILE"
true
}
# TODO: remove the trap statement once all TAP tests are converted
trap geli_test_cleanup ABRT EXIT INT TERM
. `dirname $0`/../geom_subr.sh

129
tests/sys/geom/class/eli/configure_b_B_test.sh
View File

@ -1,129 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..17"
geli init -B none -P -K /dev/null ${md}
if [ $? -eq 0 ]; then
echo "ok 1"
else
echo "not ok 1"
fi
geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 2"
else
echo "not ok 2"
fi
geli init -B none -b -P -K /dev/null ${md}
if [ $? -eq 0 ]; then
echo "ok 3"
else
echo "not ok 3"
fi
geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 4"
else
echo "not ok 4"
fi
geli configure -B ${md}
if [ $? -eq 0 ]; then
echo "ok 5"
else
echo "not ok 5"
fi
geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 6"
else
echo "not ok 6"
fi
geli configure -b ${md}
if [ $? -eq 0 ]; then
echo "ok 7"
else
echo "not ok 7"
fi
geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 8"
else
echo "not ok 8"
fi
geli attach -p -k /dev/null ${md}
if [ $? -eq 0 ]; then
echo "ok 9"
else
echo "not ok 9"
fi
geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 10"
else
echo "not ok 10"
fi
geli configure -B ${md}
if [ $? -eq 0 ]; then
echo "ok 11"
else
echo "not ok 11"
fi
geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
if [ $? -ne 0 ]; then
echo "ok 12"
else
echo "not ok 12"
fi
geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 13"
else
echo "not ok 13"
fi
geli configure -b ${md}
if [ $? -eq 0 ]; then
echo "ok 14"
else
echo "not ok 14"
fi
geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 15"
else
echo "not ok 15"
fi
geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
if [ $? -eq 0 ]; then
echo "ok 16"
else
echo "not ok 16"
fi
geli detach ${md}
if [ $? -eq 0 ]; then
echo "ok 17"
else
echo "not ok 17"
fi

59
tests/sys/geom/class/eli/configure_test.sh Executable file
View File

@ -0,0 +1,59 @@
# $FreeBSD$
atf_test_case configure_b_B cleanup
configure_b_B_head()
{
atf_set "descr" "geli configure -b will set the BOOT flag"
atf_set "require.user" "root"
}
configure_b_B_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
atf_check geli init -B none -P -K /dev/null ${md}
atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
atf_check geli init -B none -b -P -K /dev/null ${md}
atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
atf_check geli configure -B ${md}
atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
atf_check geli configure -b ${md}
atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
atf_check geli attach -p -k /dev/null ${md}
atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli
atf_check geli configure -B ${md}
atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli
atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
atf_check geli configure -b ${md}
atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli
atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
atf_check geli detach ${md}
}
configure_b_B_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_init_test_cases()
{
atf_add_test_case configure_b_B
}

184
tests/sys/geom/class/eli/delkey_test.sh
View File

@ -1,140 +1,86 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
atf_test_case delkey cleanup
delkey_head()
{
atf_set "descr" "geli delkey can destroy the master key"
atf_set "require.user" "root"
}
delkey_body()
{
. $(atf_get_srcdir)/conf.sh
base=`basename $0`
sectors=100
keyfile1=`mktemp $base.XXXXXX` || exit 1
keyfile2=`mktemp $base.XXXXXX` || exit 1
keyfile3=`mktemp $base.XXXXXX` || exit 1
keyfile4=`mktemp $base.XXXXXX` || exit 1
md=$(attach_md -t malloc -s `expr $sectors + 1`)
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..14"
atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
atf_check geli init -B none -P -K keyfile1 ${md}
atf_check geli attach -p -k keyfile1 ${md}
atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md}
geli init -B none -P -K $keyfile1 ${md}
geli attach -p -k $keyfile1 ${md}
geli setkey -n 1 -P -K $keyfile2 ${md}
# Remove key 0 for attached provider.
atf_check geli delkey -n 0 ${md}
atf_check geli detach ${md}
# Remove key 0 for attached provider.
geli delkey -n 0 ${md}
if [ $? -eq 0 ]; then
echo "ok 1"
else
echo "not ok 1"
fi
geli detach ${md}
# We cannot use keyfile1 anymore.
atf_check -s not-exit:0 -e match:"Wrong key" \
geli attach -p -k keyfile1 ${md}
# We cannot use keyfile1 anymore.
geli attach -p -k $keyfile1 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 2"
else
echo "not ok 2"
fi
# Attach with key 1.
atf_check geli attach -p -k keyfile2 ${md}
# Attach with key 1.
geli attach -p -k $keyfile2 ${md}
if [ $? -eq 0 ]; then
echo "ok 3"
else
echo "not ok 3"
fi
# We cannot remove last key without -f option (for attached provider).
atf_check -s not-exit:0 -e match:"This is the last Master Key" \
geli delkey -n 1 ${md}
# We cannot remove last key without -f option (for attached provider).
geli delkey -n 1 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 4"
else
echo "not ok 4"
fi
# Remove last key for attached provider.
atf_check geli delkey -f -n 1 ${md}
# Remove last key for attached provider.
geli delkey -f -n 1 ${md}
if [ $? -eq 0 ]; then
echo "ok 5"
else
echo "not ok 5"
fi
# If there are no valid keys, but provider is attached, we can save situation.
atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md}
atf_check geli detach ${md}
# If there are no valid keys, but provider is attached, we can save situation.
geli setkey -n 0 -P -K $keyfile3 ${md}
if [ $? -eq 0 ]; then
echo "ok 6"
else
echo "not ok 6"
fi
geli detach ${md}
# We cannot use keyfile2 anymore.
atf_check -s not-exit:0 -e match:"Wrong key" \
geli attach -p -k keyfile2 ${md}
# We cannot use keyfile2 anymore.
geli attach -p -k $keyfile2 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 7"
else
echo "not ok 7"
fi
# Attach with key 0.
atf_check geli attach -p -k keyfile3 ${md}
# Attach with key 0.
geli attach -p -k $keyfile3 ${md}
if [ $? -eq 0 ]; then
echo "ok 8"
else
echo "not ok 8"
fi
# Setup key 1.
atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md}
atf_check geli detach ${md}
# Setup key 1.
geli setkey -n 1 -P -K $keyfile4 ${md}
if [ $? -eq 0 ]; then
echo "ok 9"
else
echo "not ok 9"
fi
geli detach ${md}
# Remove key 1 for detached provider.
atf_check geli delkey -n 1 ${md}
# Remove key 1 for detached provider.
geli delkey -n 1 ${md}
if [ $? -eq 0 ]; then
echo "ok 10"
else
echo "not ok 10"
fi
# We cannot use keyfile4 anymore.
atf_check -s not-exit:0 -e match:"Wrong key" \
geli attach -p -k keyfile4 ${md}
# We cannot use keyfile4 anymore.
geli attach -p -k $keyfile4 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 11"
else
echo "not ok 11"
fi
# We cannot remove last key without -f option (for detached provider).
atf_check -s not-exit:0 -e match:"This is the last Master Key" \
geli delkey -n 0 ${md}
# We cannot remove last key without -f option (for detached provider).
geli delkey -n 0 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 12"
else
echo "not ok 12"
fi
# Remove last key for detached provider.
atf_check geli delkey -f -n 0 ${md}
# Remove last key for detached provider.
geli delkey -f -n 0 ${md}
if [ $? -eq 0 ]; then
echo "ok 13"
else
echo "not ok 13"
fi
# We cannot use keyfile3 anymore.
atf_check -s not-exit:0 -e match:"No valid keys" \
geli attach -p -k keyfile3 ${md}
}
delkey_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
# We cannot use keyfile3 anymore.
geli attach -p -k $keyfile3 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 14"
else
echo "not ok 14"
fi
rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4
atf_init_test_cases()
{
atf_add_test_case delkey
}

44
tests/sys/geom/class/eli/detach_l_test.sh
View File

@ -1,44 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
keyfile=`mktemp $base.XXXXXX` || exit 1
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..4"
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
geli init -B none -P -K $keyfile ${md}
geli attach -p -k $keyfile ${md}
if [ -c /dev/${md}.eli ]; then
echo "ok 1"
else
echo "not ok 1"
fi
# Be sure it doesn't detach before 'detach -l'.
dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
sleep 1
if [ -c /dev/${md}.eli ]; then
echo "ok 2"
else
echo "not ok 2"
fi
geli detach -l ${md}
if [ -c /dev/${md}.eli ]; then
echo "ok 3"
else
echo "not ok 3"
fi
dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
sleep 1
if [ ! -c /dev/${md}.eli ]; then
echo "ok 4"
else
echo "not ok 4"
fi
rm -f $keyfile

46
tests/sys/geom/class/eli/detach_test.sh Executable file
View File

@ -0,0 +1,46 @@
# $FreeBSD$
atf_test_case detach_l cleanup
detach_l_head()
{
atf_set "descr" "geli detach -l will cause a provider to detach on last close"
atf_set "require.user" "root"
}
detach_l_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
atf_check geli init -B none -P -K keyfile ${md}
atf_check geli attach -p -k keyfile ${md}
# Be sure it doesn't detach before 'detach -l'.
atf_check dd if=/dev/${md}.eli of=/dev/null status=none
sleep 1
if [ ! -c /dev/${md}.eli ]; then
atf_fail "provider detached on last close without detach -l"
fi
atf_check geli detach -l ${md}
if [ ! -c /dev/${md}.eli ]; then
atf_fail "Provider detached before last close"
fi
atf_check dd if=/dev/${md}.eli of=/dev/null status=none
sleep 1
if [ -c /dev/${md}.eli ]; then
atf_fail "Provider did not detach on last close"
fi
}
detach_l_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_init_test_cases()
{
atf_add_test_case detach_l
}

104
tests/sys/geom/class/eli/init_B_test.sh
View File

@ -1,104 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
keyfile=`mktemp $base.XXXXXX` || exit 1
backupfile=`mktemp $base.XXXXXX` || exit 1
echo "1..13"
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
md=$(attach_md -t malloc -s `expr $sectors`)
# -B none
rm -f /var/backups/${md}.eli
geli init -B none -P -K $keyfile ${md} 2>/dev/null
if [ ! -f /var/backups/${md}.eli ]; then
echo "ok 1 - -B none"
else
echo "not ok 1 - -B none"
fi
# no -B
rm -f /var/backups/${md}.eli
geli init -P -K $keyfile ${md} >/dev/null 2>&1
if [ -f /var/backups/${md}.eli ]; then
echo "ok 2 - no -B"
else
echo "not ok 2 - no -B"
fi
geli clear ${md}
geli attach -p -k $keyfile ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 3 - no -B"
else
echo "not ok 3 - no -B"
fi
if [ ! -c /dev/${md}.eli ]; then
echo "ok 4 - no -B"
else
echo "not ok 4 - no -B"
fi
geli restore /var/backups/${md}.eli ${md}
if [ $? -eq 0 ]; then
echo "ok 5 - no -B"
else
echo "not ok 5 - no -B"
fi
geli attach -p -k $keyfile ${md} 2>/dev/null
if [ $? -eq 0 ]; then
echo "ok 6 - no -B"
else
echo "not ok 6 - no -B"
fi
if [ -c /dev/${md}.eli ]; then
echo "ok 7 - no -B"
else
echo "not ok 7 - no -B"
fi
geli detach ${md}
rm -f /var/backups/${md}.eli
# -B file
rm -f $backupfile
geli init -B $backupfile -P -K $keyfile ${md} >/dev/null 2>&1
if [ -f $backupfile ]; then
echo "ok 8 - -B file"
else
echo "not ok 8 - -B file"
fi
geli clear ${md}
geli attach -p -k $keyfile ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 9 - -B file"
else
echo "not ok 9 - -B file"
fi
if [ ! -c /dev/${md}.eli ]; then
echo "ok 10 - -B file"
else
echo "not ok 10 - -B file"
fi
geli restore $backupfile ${md}
if [ $? -eq 0 ]; then
echo "ok 11 - -B file"
else
echo "not ok 11 - -B file"
fi
geli attach -p -k $keyfile ${md} 2>/dev/null
if [ $? -eq 0 ]; then
echo "ok 12 - -B file"
else
echo "not ok 12 - -B file"
fi
if [ -c /dev/${md}.eli ]; then
echo "ok 13 - -B file"
else
echo "not ok 13 - -B file"
fi
rm -f $backupfile $keyfile

126
tests/sys/geom/class/eli/init_J_test.sh
View File

@ -1,126 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
keyfile0=`mktemp $base.XXXXXX` || exit 1
keyfile1=`mktemp $base.XXXXXX` || exit 1
passfile0=`mktemp $base.XXXXXX` || exit 1
passfile1=`mktemp $base.XXXXXX` || exit 1
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..150"
dd if=/dev/random of=${keyfile0} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile0}
dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile1}
i=1
for iter in -1 0 64; do
geli init -i ${iter} -B none -J ${passfile0} -P ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${keyfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${passfile0} -p ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${keyfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${keyfile0} -k ${keyfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${passfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${passfile0} -k ${keyfile0} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${keyfile0} | geli attach -j ${passfile0} -k - ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${passfile0} | geli attach -j - -k ${keyfile0} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
echo "ok ${i}"; i=$((i+1))
geli detach ${md} || echo -n "not "
echo "ok ${i}"; i=$((i+1))
done
rm -f ${keyfile0} ${keyfile1} ${passfile0} ${passfile1}

46
tests/sys/geom/class/eli/init_a_test.sh
View File

@ -1,46 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
keyfile=`mktemp $base.XXXXXX` || exit 1
rnd=`mktemp $base.XXXXXX` || exit 1
do_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
geli attach -p -k $keyfile ${md}
secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
if [ ${md_rnd} = ${md_ddev} ]; then
echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
}
echo "1..600"
i=1
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${rnd} bs=8192 count=${sectors} >/dev/null 2>&1
for_each_geli_config do_test
rm -f $rnd
rm -f $keyfile

64
tests/sys/geom/class/eli/init_alias_test.sh
View File

@ -1,64 +0,0 @@
#!/bin/sh
# $FreeBSD$
# Test "geli init"'s various cipher aliases
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
keyfile=`mktemp $base.XXXXXX` || exit 1
rnd=`mktemp $base.XXXXXX` || exit 1
do_test() {
ealgo=$1
keylen=$2
expected_ealgo=$3
expected_keylen=$4
geli init -B none -e $ealgo -l $keylen -P -K $keyfile ${md} 2>/dev/null
geli attach -p -k $keyfile ${md}
real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
if [ ${real_ealgo} = ${expected_ealgo} ]; then
echo "ok $i - ${ealgo} aliased to ${real_ealgo}"
else
echo "not ok $i - expected ${expected_ealgo} but got ${real_ealgo}"
fi
i=$((i+1))
if [ ${real_keylen} = ${expected_keylen} ]; then
echo "ok $i - keylen=${keylen} for ealgo=${ealgo} aliases to ${real_keylen}"
else
echo "not ok $i - expected ${expected_keylen} but got ${real_keylen}"
fi
i=$((i+1))
geli detach ${md}
}
echo "1..38"
i=1
md=$(attach_md -t malloc -s 1024k)
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \
blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \
blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \
blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \
blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \
blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \
blowfish:448:Blowfish-CBC:448 \
camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \
camellia:256:CAMELLIA-CBC:256 ; do
ealgo=`echo $spec | cut -d : -f 1`
keylen=`echo $spec | cut -d : -f 2`
expected_ealgo=`echo $spec | cut -d : -f 3`
expected_keylen=`echo $spec | cut -d : -f 4`
do_test $ealgo $keylen $expected_ealgo $expected_keylen
done
rm -f $keyfile

22
tests/sys/geom/class/eli/init_i_P_test.sh
View File

@ -1,22 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
keyfile=`mktemp $base.XXXXXX` || exit 1
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..1"
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
geli init -B none -i 64 -P -K ${keyfile} ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 1"
else
echo "not ok 1"
fi
rm -f $keyfile

380
tests/sys/geom/class/eli/init_test.sh
View File

@ -1,50 +1,368 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=32
keyfile=`mktemp $base.XXXXXX` || exit 1
rnd=`mktemp $base.XXXXXX` || exit 1
echo "1..200"
do_test() {
init_test()
{
cipher=$1
secsize=$2
ealgo=${cipher%%:*}
keylen=${cipher##*:}
geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
geli attach -p -k $keyfile ${md}
atf_check -s exit:0 -e ignore \
geli init -B none -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md}
atf_check geli attach -p -k keyfile ${md}
secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
atf_check dd if=/dev/random of=rnd bs=${secsize} count=${secs} status=none
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none
md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5`
atf_check_equal 0 $?
md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
if [ ${md_rnd} = ${md_ddev} ]; then
echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
if [ ${md_rnd} != ${md_ddev} ]; then
atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
if [ ${md_rnd} != ${md_edev} ]; then
echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
if [ ${md_rnd} == ${md_edev} ]; then
atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
}
atf_test_case init cleanup
init_head()
{
atf_set "descr" "Basic I/O with geli"
atf_set "require.user" "root"
atf_set "timeout" 600
}
init_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=32
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
atf_check dd if=/dev/random of=rnd bs=8192 count=${sectors} status=none
for_each_geli_config_nointegrity init_test
}
init_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
i=1
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
for_each_geli_config_nointegrity do_test
atf_test_case init_B cleanup
init_B_head()
{
atf_set "descr" "init -B can select an alternate backup metadata file"
atf_set "require.user" "root"
}
init_B_body()
{
. $(atf_get_srcdir)/conf.sh
rm -f $rnd
rm -f $keyfile
sectors=100
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
md=$(attach_md -t malloc -s $sectors)
# -B none
rm -f /var/backups/${md}.eli
atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md}
if [ -f /var/backups/${md}.eli ]; then
atf_fail "geli created a backup file even with -B none"
fi
# no -B
rm -f /var/backups/${md}.eli
atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md}
if [ ! -f /var/backups/${md}.eli ]; then
atf_fail "geli did not create a backup file"
fi
atf_check geli clear ${md}
atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md}
atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md}
atf_check geli detach ${md}
rm -f /var/backups/${md}.eli
# -B file
rm -f backupfile
atf_check -s exit:0 -o ignore \
geli init -B backupfile -P -K keyfile ${md}
if [ ! -f backupfile ]; then
atf_fail "geli init -B did not create a backup file"
fi
atf_check geli clear ${md}
atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
atf_check geli restore backupfile ${md}
atf_check geli attach -p -k keyfile ${md}
}
init_B_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_test_case init_J cleanup
init_J_head()
{
atf_set "descr" "init -J accepts a passfile"
atf_set "require.user" "root"
}
init_J_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0
atf_check_equal 0 $?
dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1
atf_check_equal 0 $?
for iter in -1 0 64; do
atf_check -s not-exit:0 -e ignore \
geli init -i ${iter} -B none -J passfile0 -P ${md}
atf_check -s not-exit:0 -e ignore \
geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md}
atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -p ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j passfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j keyfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k passfile0 -p ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j keyfile0 -k passfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j keyfile0 -k keyfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j passfile0 -k passfile0 ${md}
atf_check -s exit:0 -e ignore \
geli attach -j passfile0 -k keyfile0 ${md}
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat keyfile0 | geli attach -j passfile0 -k - ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat passfile0 | geli attach -j - -k keyfile0 ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s not-exit:0 -e ignore \
geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md}
atf_check -s not-exit:0 -e ignore \
geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md}
atf_check -s exit:0 -e ignore \
geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -p ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile1 -p ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j passfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -k keyfile1 -p ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -j passfile0 -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -j passfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile1 -j passfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile1 -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -j passfile0 -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile1 -j passfile0 -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md}
atf_check -s not-exit:0 -e ignore \
geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md}
atf_check -s exit:0 -e ignore \
geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md}
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
atf_check -s exit:0 -e ignore -x \
"cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}"
atf_check -s exit:0 -e ignore geli detach ${md}
done
}
init_J_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
init_a_test()
{
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
atf_check -s exit:0 -e ignore geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md}
atf_check geli attach -p -k keyfile ${md}
secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none
md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
if [ ${md_rnd} != ${md_ddev} ]; then
atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
}
atf_test_case init_a cleanup
init_a_head()
{
atf_set "descr" "I/O with geli and HMACs"
atf_set "require.user" "root"
atf_set "timeout" 3600
}
init_a_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
atf_check dd if=/dev/random of=rnd bs=8192 count=${sectors} status=none
for_each_geli_config init_a_test
true
}
init_a_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
init_alias_test() {
ealgo=$1
keylen=$2
expected_ealgo=$3
expected_keylen=$4
atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md}
atf_check geli attach -p -k keyfile ${md}
real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
if [ "${real_ealgo}" != "${expected_ealgo}" ]; then
atf_fail "expected ${expected_ealgo} but got ${real_ealgo}"
fi
if [ "${real_keylen}" != "${expected_keylen}" ]; then
atf_fail "expected ${expected_keylen} but got ${real_keylen}"
fi
atf_check geli detach ${md}
}
atf_test_case init_alias cleanup
init_alias_head()
{
atf_set "descr" "geli init accepts cipher aliases"
atf_set "require.user" "root"
}
init_alias_body()
{
. $(atf_get_srcdir)/conf.sh
md=$(attach_md -t malloc -s 1024k)
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \
blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \
blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \
blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \
blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \
blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \
blowfish:448:Blowfish-CBC:448 \
camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \
camellia:256:CAMELLIA-CBC:256 ; do
ealgo=`echo $spec | cut -d : -f 1`
keylen=`echo $spec | cut -d : -f 2`
expected_ealgo=`echo $spec | cut -d : -f 3`
expected_keylen=`echo $spec | cut -d : -f 4`
init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen
done
}
init_alias_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_test_case init_i_P cleanup
init_i_P_head()
{
atf_set "descr" "geli: Options -i and -P are mutually exclusive"
atf_set "require.user" "root"
}
init_i_P_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
atf_check -s exit:1 -e "match:Options -i and -P are mutually exclusive"\
geli init -B none -i 64 -P -K keyfile $md
}
init_i_P_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_init_test_cases()
{
atf_add_test_case init
atf_add_test_case init_B
atf_add_test_case init_J
atf_add_test_case init_a
atf_add_test_case init_alias
atf_add_test_case init_i_P
}

83
tests/sys/geom/class/eli/integrity_copy_test.sh
View File

@ -1,83 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=2
keyfile=`mktemp $base.XXXXXX` || exit 1
sector=`mktemp $base.XXXXXX` || exit 1
echo "1..2400"
do_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
geli attach -p -k $keyfile ${md}
dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
geli detach ${md}
# Copy first small sector to the second small sector.
# This should be detected as corruption.
dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
dd if=${sector} of=/dev/${md} bs=512 count=1 seek=1 >/dev/null 2>&1
geli attach -p -k $keyfile ${md}
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`
ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`
usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
# Fix the corruption
dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1
dd if=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
geli detach ${md}
# Copy first big sector to the second big sector.
# This should be detected as corruption.
dd if=/dev/${md} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1
dd if=${sector} of=/dev/${md} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1
geli attach -p -k $keyfile ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
}
i=1
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
for_each_geli_config do_test
rm -f $keyfile $sector

42
tests/sys/geom/class/eli/integrity_data_test.sh
View File

@ -1,42 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=2
keyfile=`mktemp $base.XXXXXX` || exit 1
sector=`mktemp $base.XXXXXX` || exit 1
echo "1..600"
do_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
# Corrupt 8 bytes of data.
dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1
dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1
geli attach -p -k $keyfile ${md}
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
}
i=1
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
for_each_geli_config do_test
rm -f $keyfile $sector

43
tests/sys/geom/class/eli/integrity_hmac_test.sh
View File

@ -1,43 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=2
keyfile=`mktemp $base.XXXXXX` || exit 1
sector=`mktemp $base.XXXXXX` || exit 1
echo "1..600"
do_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
# Corrupt 8 bytes of HMAC.
dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1
dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1
geli attach -p -k $keyfile ${md}
dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
}
i=1
dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
for_each_geli_config do_test
rm -f $keyfile $sector

160
tests/sys/geom/class/eli/integrity_test.sh Executable file
View File

@ -0,0 +1,160 @@
# $FreeBSD$
copy_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
atf_check -s exit:0 -e ignore \
geli init -B none -a $aalgo -e $ealgo -l $keylen -P \
-K keyfile -s $secsize ${md}
atf_check geli attach -p -k keyfile ${md}
atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 status=none
atf_check geli detach ${md}
# Copy first small sector to the second small sector.
# This should be detected as corruption.
atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
atf_check dd if=sector of=/dev/${md} bs=512 count=1 seek=1 status=none
atf_check geli attach -p -k keyfile ${md}
atf_check -s not-exit:0 -e ignore \
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
# Fix the corruption
atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 status=none
atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 status=none
# Copy first big sector to the second big sector.
# This should be detected as corruption.
ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`
ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`
usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
atf_check geli detach ${md}
atf_check dd if=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 512 )) of=sector status=none
atf_check dd of=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 256 )) if=sector status=none
atf_check -s exit:0 -e ignore geli attach -p -k keyfile ${md}
atf_check -s not-exit:0 -e ignore \
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns
}
atf_test_case copy cleanup
copy_head()
{
atf_set "descr" "geli will detect misdirected writes as corruption"
atf_set "require.user" "root"
atf_set "timeout" 3600
}
copy_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=2
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
for_each_geli_config copy_test
}
copy_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
data_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
atf_check -s exit:0 -e ignore \
geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
-s $secsize ${md}
# Corrupt 8 bytes of data.
atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
atf_check dd if=/dev/random of=sector bs=1 count=8 seek=64 conv=notrunc status=none
atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none
atf_check geli attach -p -k keyfile ${md}
# Try to read from the corrupt sector
atf_check -s not-exit:0 -e ignore \
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
}
atf_test_case data cleanup
data_head()
{
atf_set "descr" "With HMACs, geli will detect data corruption"
atf_set "require.user" "root"
atf_set "timeout" 1800
}
data_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=2
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
for_each_geli_config data_test
}
data_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
hmac_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
atf_check -s exit:0 -e ignore \
geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
-s $secsize ${md}
# Corrupt 8 bytes of HMAC.
atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
atf_check dd if=/dev/random of=sector bs=1 count=16 conv=notrunc status=none
atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none
atf_check geli attach -p -k keyfile ${md}
# Try to read from the corrupt sector
atf_check -s not-exit:0 -e ignore \
dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
}
atf_test_case hmac cleanup
hmac_head()
{
atf_set "descr" "geli will detect corruption of HMACs"
atf_set "require.user" "root"
atf_set "timeout" 1800
}
hmac_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=2
atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
for_each_geli_config hmac_test
}
hmac_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_init_test_cases()
{
atf_add_test_case copy
atf_add_test_case data
atf_add_test_case hmac
}

138
tests/sys/geom/class/eli/kill_test.sh
View File

@ -1,97 +1,71 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
atf_test_case kill cleanup
kill_head()
{
atf_set "descr" "geli kill will wipe a provider's metadata"
atf_set "require.user" "root"
}
kill_body()
{
. $(atf_get_srcdir)/conf.sh
base=`basename $0`
sectors=100
keyfile1=`mktemp $base.XXXXXX` || exit 1
keyfile2=`mktemp $base.XXXXXX` || exit 1
md=$(attach_md -t malloc -s `expr $sectors + 1`)
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..9"
atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
atf_check geli init -B none -P -K keyfile1 ${md}
atf_check geli attach -p -k keyfile1 ${md}
atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md}
geli init -B none -P -K $keyfile1 ${md}
geli attach -p -k $keyfile1 ${md}
geli setkey -n 1 -P -K $keyfile2 ${md}
# Kill attached provider.
atf_check geli kill ${md}
sleep 1
# Provider should be automatically detached.
if [ -c /dev/${md}.eli ]; then
atf_fail "Provider did not detach when killed"
fi
# Kill attached provider.
geli kill ${md}
if [ $? -eq 0 ]; then
echo "ok 1"
else
echo "not ok 1"
fi
sleep 1
# Provider should be automatically detached.
if [ ! -c /dev/${md}.eli ]; then
echo "ok 2"
else
echo "not ok 2"
fi
# We cannot use keyfile1 anymore.
atf_check -s not-exit:0 -e match:"Cannot read metadata" \
geli attach -p -k keyfile1 ${md}
# We cannot use keyfile1 anymore.
geli attach -p -k $keyfile1 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 3"
else
echo "not ok 3"
fi
# We cannot use keyfile2 anymore.
atf_check -s not-exit:0 -e match:"Cannot read metadata" \
geli attach -p -k keyfile2 ${md}
# We cannot use keyfile2 anymore.
geli attach -p -k $keyfile2 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 4"
else
echo "not ok 4"
fi
atf_check geli init -B none -P -K keyfile1 ${md}
atf_check -s exit:0 -o ignore \
geli setkey -n 1 -p -k keyfile1 -P -K keyfile2 ${md}
geli init -B none -P -K $keyfile1 ${md}
geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 ${md}
# Should be possible to attach with keyfile1.
atf_check geli attach -p -k keyfile1 ${md}
atf_check geli detach ${md}
# Should be possible to attach with keyfile1.
geli attach -p -k $keyfile1 ${md}
if [ $? -eq 0 ]; then
echo "ok 5"
else
echo "not ok 5"
fi
geli detach ${md}
# Should be possible to attach with keyfile2.
atf_check geli attach -p -k keyfile2 ${md}
atf_check geli detach ${md}
# Should be possible to attach with keyfile2.
geli attach -p -k $keyfile2 ${md}
if [ $? -eq 0 ]; then
echo "ok 6"
else
echo "not ok 6"
fi
geli detach ${md}
# Kill detached provider.
atf_check geli kill ${md}
# Kill detached provider.
geli kill ${md}
if [ $? -eq 0 ]; then
echo "ok 7"
else
echo "not ok 7"
fi
# We cannot use keyfile1 anymore.
atf_check -s not-exit:0 -e match:"Cannot read metadata" \
geli attach -p -k keyfile1 ${md}
# We cannot use keyfile1 anymore.
geli attach -p -k $keyfile1 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 8"
else
echo "not ok 8"
fi
# We cannot use keyfile2 anymore.
atf_check -s not-exit:0 -e match:"Cannot read metadata" \
geli attach -p -k keyfile2 ${md}
}
kill_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
# We cannot use keyfile2 anymore.
geli attach -p -k $keyfile2 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 9"
else
echo "not ok 9"
fi
rm -f $keyfile1 $keyfile2
atf_init_test_cases()
{
atf_add_test_case kill
}

41
tests/sys/geom/class/eli/onetime_a_test.sh
View File

@ -1,41 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=8
rnd=`mktemp $base.XXXXXX` || exit 1
echo "1..600"
do_test() {
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null
secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
if [ ${md_rnd} = ${md_ddev} ]; then
echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
i=$((i+1))
}
i=1
dd if=/dev/random of=${rnd} bs=1024 count=1024 >/dev/null 2>&1
for_each_geli_config do_test
rm -f $rnd

34
tests/sys/geom/class/eli/onetime_d_test.sh
View File

@ -1,34 +0,0 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
md=$(attach_md -t malloc -s $sectors)
echo "1..3"
geli onetime -d ${md}
if [ -c /dev/${md}.eli ]; then
echo "ok 1"
else
echo "not ok 1"
fi
# Be sure it doesn't detach on read.
dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
sleep 1
if [ -c /dev/${md}.eli ]; then
echo "ok 2"
else
echo "not ok 2"
fi
true > /dev/${md}.eli
sleep 1
if [ ! -c /dev/${md}.eli ]; then
echo "ok 3"
else
echo "not ok 3"
fi
mdconfig -d -u ${md}

153
tests/sys/geom/class/eli/onetime_test.sh
View File

@ -1,47 +1,140 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
base=`basename $0`
sectors=100
echo "1..200"
do_test() {
onetime_test()
{
cipher=$1
secsize=$2
ealgo=${cipher%%:*}
keylen=${cipher##*:}
rnd=`mktemp $base.XXXXXX` || exit 1
geli onetime -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null
atf_check -s exit:0 -o ignore -e ignore \
geli onetime -e $ealgo -l $keylen -s $secsize ${md}
secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
atf_check dd if=/dev/random of=rnd bs=${secsize} count=${secs} status=none
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none
md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5`
md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
if [ ${md_rnd} = ${md_ddev} ]; then
echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
if [ ${md_rnd} != ${md_ddev} ]; then
atf_fail "geli did not return the original data"
fi
i=$((i+1))
if [ ${md_rnd} != ${md_edev} ]; then
echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
else
echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
if [ ${md_rnd} == ${md_edev} ]; then
atf_fail "geli did not encrypt the data"
fi
i=$((i+1))
}
atf_test_case onetime cleanup
onetime_head()
{
atf_set "descr" "geli onetime can create temporary providers"
atf_set "require.user" "root"
atf_set "timeout" 1800
}
onetime_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
rm -f $rnd
for_each_geli_config_nointegrity onetime_test
}
onetime_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
i=1
for_each_geli_config_nointegrity do_test
onetime_a_test()
{
cipher=$1
aalgo=$2
secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
atf_check -s exit:0 -o ignore -e ignore \
geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md}
secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none
md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} status=none | md5`
atf_check_equal 0 $?
if [ ${md_rnd} != ${md_ddev} ]; then
atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
}
atf_test_case onetime_a cleanup
onetime_a_head()
{
atf_set "descr" "geli onetime with HMACs"
atf_set "require.user" "root"
atf_set "timeout" 1800
}
onetime_a_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=8
atf_check dd if=/dev/random of=rnd bs=1024 count=1024 status=none
for_each_geli_config onetime_a_test
}
onetime_a_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_test_case onetime_d cleanup
onetime_d_head()
{
atf_set "descr" "geli onetime -d will create providers that detach on last close"
atf_set "require.user" "root"
}
onetime_d_body()
{
. $(atf_get_srcdir)/conf.sh
sectors=100
md=$(attach_md -t malloc -s $sectors)
atf_check geli onetime -d ${md}
if [ ! -c /dev/${md}.eli ]; then
atf_fail "Provider not created, or immediately detached"
fi
# Be sure it doesn't detach on read.
atf_check dd if=/dev/${md}.eli of=/dev/null status=none
sleep 1
if [ ! -c /dev/${md}.eli ]; then
atf_fail "Provider detached when a reader closed"
fi
# It should detach when a writer closes
true > /dev/${md}.eli
sleep 1
if [ -c /dev/${md}.eli ]; then
atf_fail "Provider didn't detach on last close of a writer"
fi
}
onetime_d_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
atf_init_test_cases()
{
atf_add_test_case onetime
atf_add_test_case onetime_a
atf_add_test_case onetime_d
}

215
tests/sys/geom/class/eli/resize_test.sh
View File

@ -1,145 +1,88 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
echo 1..27
BLK=512
BLKS_PER_MB=2048
md=$(attach_md -t malloc -s40m)
i=1
fsck_md()
atf_test_case resize cleanup
resize_head()
{
local is_clean
atf_set "descr" "geli resize will resize a geli provider"
atf_set "require.user" "root"
}
resize_body()
{
. $(atf_get_srcdir)/conf.sh
BLK=512
BLKS_PER_MB=2048
out=$(fsck_ffs -Ffy ${md}a.eli)
if [ $? -eq 0 -o $? -eq 7 ]; then
echo "ok $i - fsck says ${md}a.eli is clean"
else
echo "not ok $i - fsck says ${md}a.eli is dirty"
md=$(attach_md -t malloc -s40m)
# Initialise
atf_check -s exit:0 -o ignore gpart create -s BSD ${md}
atf_check -s exit:0 -o ignore gpart add -t freebsd-ufs -s 10m ${md}
echo secret >tmp.key
atf_check geli init -Bnone -PKtmp.key ${md}a
atf_check geli attach -pk tmp.key ${md}a
atf_check -s exit:0 -o ignore newfs -U ${md}a.eli
atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli
# Doing a backup, resize & restore must be forced (with -f) as geli
# verifies that the provider size in the metadata matches the consumer.
atf_check geli backup ${md}a tmp.meta
atf_check geli detach ${md}a.eli
atf_check -s exit:0 -o match:resized gpart resize -i1 -s 20m ${md}
atf_check -s not-exit:0 -e ignore geli attach -pktmp.key ${md}a
atf_check -s not-exit:0 -e ignore geli restore tmp.meta ${md}a
atf_check geli restore -f tmp.meta ${md}a
atf_check geli attach -pktmp.key ${md}a
atf_check -s exit:0 -o ignore growfs -y ${md}a.eli
atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli
# Now do the resize properly
atf_check geli detach ${md}a.eli
atf_check -s exit:0 -o match:resized gpart resize -i1 -s 30m ${md}
atf_check geli resize -s20m ${md}a
atf_check -s not-exit:0 -e match:"Inconsistent provider.*metadata" \
geli resize -s20m ${md}a
atf_check geli attach -pktmp.key ${md}a
atf_check -s exit:0 -o ignore growfs -y ${md}a.eli
atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli
atf_check geli detach ${md}a.eli
atf_check -s exit:0 -o ignore gpart destroy -F $md
# Verify that the man page example works, changing ada0 to $md,
# 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none
# to geli init.
atf_check -s exit:0 -o ignore gpart create -s GPT $md
atf_check -s exit:0 -o ignore gpart add -s 20m -t freebsd-ufs -i 1 $md
atf_check geli init -B none -K tmp.key -P ${md}p1
atf_check -s exit:0 -o match:resized gpart resize -s 30m -i 1 $md
atf_check geli resize -s 20m ${md}p1
atf_check geli attach -k tmp.key -p ${md}p1
}
resize_cleanup()
{
. $(atf_get_srcdir)/conf.sh
if [ -f "$TEST_MDS_FILE" ]; then
while read md; do
[ -c /dev/${md}a.eli ] && \
geli detach ${md}a.eli 2>/dev/null
[ -c /dev/${md}p1.eli ] && \
geli detach ${md}p1.eli
[ -c /dev/${md}.eli ] && \
geli detach ${md}.eli 2>/dev/null
mdconfig -d -u $md 2>/dev/null
done < $TEST_MDS_FILE
fi
i=$((i + 1))
}
setsize() {
partszMB=$1
gpart resize -i 1 -s ${partszMB}m ${md}
atf_init_test_cases()
{
atf_add_test_case resize
}
# Initialise
gpart create -s BSD ${md}
gpart add -t freebsd-ufs -s 10m ${md}
setsize 10 || echo -n "not "
echo ok $i - "Sized ${md}a to 10m"
i=$((i + 1))
echo secret >tmp.key
geli init -Bnone -PKtmp.key ${md}a || echo -n "not "
echo ok $i - "Initialised geli on ${md}a"
i=$((i + 1))
geli attach -pk tmp.key ${md}a || echo -n "not "
echo ok $i - "Attached ${md}a as ${md}a.eli"
i=$((i + 1))
newfs -U ${md}a.eli >/dev/null || echo -n "not "
echo ok $i - "Initialised the filesystem on ${md}a.eli"
i=$((i + 1))
fsck_md
# Doing a backup, resize & restore must be forced (with -f) as geli
# verifies that the provider size in the metadata matches the consumer.
geli backup ${md}a tmp.meta || echo -n "not "
echo ok $i - "Backed up ${md}a metadata"
i=$((i + 1))
geli detach ${md}a.eli || echo -n "not "
echo ok $i - "Detached ${md}a.eli"
i=$((i + 1))
setsize 20 || echo -n "not "
echo ok $i - "Sized ${md}a to 20m"
i=$((i + 1))
geli attach -pktmp.key ${md}a && echo -n "not "
echo ok $i - "Attaching ${md}a fails after resizing the consumer"
i=$((i + 1))
geli restore tmp.meta ${md}a && echo -n "not "
echo ok $i - "Restoring metadata on ${md}a.eli fails without -f"
i=$((i + 1))
geli restore -f tmp.meta ${md}a || echo -n "not "
echo ok $i - "Restoring metadata on ${md}a.eli can be forced"
i=$((i + 1))
geli attach -pktmp.key ${md}a || echo -n "not "
echo ok $i - "Attaching ${md}a is now possible"
i=$((i + 1))
growfs -y ${md}a.eli >/dev/null || echo -n "not "
echo ok $i - "Extended the filesystem on ${md}a.eli"
i=$((i + 1))
fsck_md
# Now do the resize properly
geli detach ${md}a.eli || echo -n "not "
echo ok $i - "Detached ${md}a.eli"
i=$((i + 1))
setsize 30 || echo -n "not "
echo ok $i - "Sized ${md}a to 30m"
i=$((i + 1))
geli resize -s20m ${md}a || echo -n "not "
echo ok $i - "Resizing works ok"
i=$((i + 1))
geli resize -s20m ${md}a && echo -n "not "
echo ok $i - "Resizing doesn't work a 2nd time (no old metadata)"
i=$((i + 1))
geli attach -pktmp.key ${md}a || echo -n "not "
echo ok $i - "Attaching ${md}a works ok"
i=$((i + 1))
growfs -y ${md}a.eli >/dev/null || echo -n "not "
echo ok $i - "Extended the filesystem on ${md}a.eli"
i=$((i + 1))
fsck_md
geli detach ${md}a.eli
gpart destroy -F $md >/dev/null
# Verify that the man page example works, changing ada0 to $md,
# 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none
# to geli init.
gpart create -s GPT $md || echo -n "not "
echo ok $i - "Installed a GPT on ${md}"
i=$((i + 1))
gpart add -s 20m -t freebsd-ufs -i 1 $md || echo -n "not "
echo ok $i - "Added a 20m partition in slot 1"
i=$((i + 1))
geli init -B none -K tmp.key -P ${md}p1 || echo -n "not "
echo ok $i - "Initialised geli on ${md}p1"
i=$((i + 1))
gpart resize -s 30m -i 1 $md || echo -n "not "
echo ok $i - "Resized partition ${md}p1 to 30m"
i=$((i + 1))
geli resize -s 20m ${md}p1 || echo -n "not "
echo ok $i - "Resized geli on ${md}p1 to 30m"
i=$((i + 1))
geli attach -k tmp.key -p ${md}p1 || echo -n "not "
echo ok $i - "Attached ${md}p1.eli"
i=$((i + 1))
geli detach ${md}p1.eli
rm tmp.*

214
tests/sys/geom/class/eli/setkey_test.sh
View File

@ -1,156 +1,98 @@
#!/bin/sh
# $FreeBSD$
. $(dirname $0)/conf.sh
atf_test_case setkey cleanup
setkey_head()
{
atf_set "descr" "geli setkey can change the key for an existing provider"
atf_set "require.user" "root"
}
setkey_body()
{
. $(atf_get_srcdir)/conf.sh
base=`basename $0`
sectors=100
rnd=`mktemp $base.XXXXXX` || exit 1
keyfile1=`mktemp $base.XXXXXX` || exit 1
keyfile2=`mktemp $base.XXXXXX` || exit 1
keyfile3=`mktemp $base.XXXXXX` || exit 1
keyfile4=`mktemp $base.XXXXXX` || exit 1
keyfile5=`mktemp $base.XXXXXX` || exit 1
md=$(attach_md -t malloc -s `expr $sectors + 1`)
sectors=100
md=$(attach_md -t malloc -s `expr $sectors + 1`)
echo "1..16"
atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none
hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5`
atf_check_equal 0 $?
atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none
dd if=/dev/random of=${rnd} bs=512 count=${sectors} >/dev/null 2>&1
hash1=`dd if=${rnd} bs=512 count=${sectors} 2>/dev/null | md5`
dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
dd if=/dev/random of=${keyfile5} bs=512 count=16 >/dev/null 2>&1
atf_check geli init -B none -P -K keyfile1 ${md}
atf_check geli attach -p -k keyfile1 ${md}
geli init -B none -P -K $keyfile1 ${md}
geli attach -p -k $keyfile1 ${md}
atf_check \
dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none
hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
atf_check_equal 0 $?
dd if=${rnd} of=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null
rm -f $rnd
hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
# Change current key (0) for attached provider.
atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md}
atf_check geli detach ${md}
# Change current key (0) for attached provider.
geli setkey -P -K $keyfile2 ${md}
if [ $? -eq 0 ]; then
echo "ok 1"
else
echo "not ok 1"
fi
geli detach ${md}
# We cannot use keyfile1 anymore.
atf_check -s not-exit:0 -e match:"Wrong key" \
geli attach -p -k keyfile1 ${md}
# We cannot use keyfile1 anymore.
geli attach -p -k $keyfile1 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 2"
else
echo "not ok 2"
fi
# Attach with new key.
atf_check geli attach -p -k keyfile2 ${md}
hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
atf_check_equal 0 $?
# Attach with new key.
geli attach -p -k $keyfile2 ${md}
if [ $? -eq 0 ]; then
echo "ok 3"
else
echo "not ok 3"
fi
hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
# Change key 1 for attached provider.
atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md}
atf_check geli detach ${md}
# Change key 1 for attached provider.
geli setkey -n 1 -P -K $keyfile3 ${md}
if [ $? -eq 0 ]; then
echo "ok 4"
else
echo "not ok 4"
fi
geli detach ${md}
# Attach with key 1.
atf_check geli attach -p -k keyfile3 ${md}
hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
atf_check_equal 0 $?
atf_check geli detach ${md}
# Attach with key 1.
geli attach -p -k $keyfile3 ${md}
if [ $? -eq 0 ]; then
echo "ok 5"
else
echo "not ok 5"
fi
hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
geli detach ${md}
# Change current (1) key for detached provider.
atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md}
# Change current (1) key for detached provider.
geli setkey -p -k $keyfile3 -P -K $keyfile4 ${md}
if [ $? -eq 0 ]; then
echo "ok 6"
else
echo "not ok 6"
fi
# We cannot use keyfile3 anymore.
atf_check -s not-exit:0 -e match:"Wrong key" \
geli attach -p -k keyfile3 ${md}
# We cannot use keyfile3 anymore.
geli attach -p -k $keyfile3 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 7"
else
echo "not ok 7"
fi
# Attach with key 1.
atf_check geli attach -p -k keyfile4 ${md}
hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
atf_check_equal 0 $?
atf_check geli detach ${md}
# Attach with key 1.
geli attach -p -k $keyfile4 ${md}
if [ $? -eq 0 ]; then
echo "ok 8"
else
echo "not ok 8"
fi
hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
geli detach ${md}
# Change key 0 for detached provider.
atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md}
# Change key 0 for detached provider.
geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 ${md}
if [ $? -eq 0 ]; then
echo "ok 9"
else
echo "not ok 9"
fi
# We cannot use keyfile2 anymore.
atf_check -s not-exit:0 -e match:"Wrong key" \
geli attach -p -k keyfile2 ${md} 2>/dev/null
# We cannot use keyfile2 anymore.
geli attach -p -k $keyfile2 ${md} 2>/dev/null
if [ $? -ne 0 ]; then
echo "ok 10"
else
echo "not ok 10"
fi
# Attach with key 0.
atf_check geli attach -p -k keyfile5 ${md}
hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
atf_check_equal 0 $?
atf_check geli detach ${md}
# Attach with key 0.
geli attach -p -k $keyfile5 ${md}
if [ $? -eq 0 ]; then
echo "ok 11"
else
echo "not ok 11"
fi
hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
geli detach ${md}
atf_check_equal ${hash1} ${hash2}
atf_check_equal ${hash1} ${hash3}
atf_check_equal ${hash1} ${hash4}
atf_check_equal ${hash1} ${hash5}
atf_check_equal ${hash1} ${hash6}
}
setkey_cleanup()
{
. $(atf_get_srcdir)/conf.sh
geli_test_cleanup
}
if [ ${hash1} = ${hash2} ]; then
echo "ok 12"
else
echo "not ok 12"
fi
if [ ${hash1} = ${hash3} ]; then
echo "ok 13"
else
echo "not ok 13"
fi
if [ ${hash1} = ${hash4} ]; then
echo "ok 14"
else
echo "not ok 14"
fi
if [ ${hash1} = ${hash5} ]; then
echo "ok 15"
else
echo "not ok 15"
fi
if [ ${hash1} = ${hash6} ]; then
echo "ok 16"
else
echo "not ok 16"
fi
rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4 $keyfile5
atf_init_test_cases()
{
atf_add_test_case setkey
}