aboutsummaryrefslogtreecommitdiff
path: root/tests/sys/geom/class/eli/onetime_test.sh
blob: 479d4d771877ce550669d980fc6df2e660159bca (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# $FreeBSD$

. $(atf_get_srcdir)/conf.sh

onetime_test()
{
	cipher=$1
	secsize=$2
	ealgo=${cipher%%:*}
	keylen=${cipher##*:}

	atf_check -s exit:0 -o ignore -e ignore \
		geli onetime -e $ealgo -l $keylen -s $secsize ${md}

	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none

	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?

	if [ ${md_rnd} != ${md_ddev} ]; then
		atf_fail "geli did not return the original data"
	fi
	if [ ${md_rnd} == ${md_edev} ]; then
		atf_fail "geli did not encrypt the data"
	fi
}
atf_test_case onetime cleanup
onetime_head()
{
	atf_set "descr" "geli onetime can create temporary providers"
	atf_set "require.user" "root"
	atf_set "timeout" 1800
}
onetime_body()
{
	geli_test_setup

	sectors=100

	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
	for_each_geli_config_nointegrity onetime_test
}
onetime_cleanup()
{
	geli_test_cleanup
}

onetime_a_test()
{
	cipher=$1
	aalgo=$2
	secsize=$3
	ealgo=${cipher%%:*}
	keylen=${cipher##*:}

	atf_check -s exit:0 -o ignore -e ignore \
		geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md}

	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none

	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?

	if [ ${md_rnd} != ${md_ddev} ]; then
		atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
	fi
}
atf_test_case onetime_a cleanup
onetime_a_head()
{
	atf_set "descr" "geli onetime with HMACs"
	atf_set "require.user" "root"
	atf_set "timeout" 1800
}
onetime_a_body()
{
	geli_test_setup

	sectors=8

	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \
		status=none
	for_each_geli_config onetime_a_test
}
onetime_a_cleanup()
{
	geli_test_cleanup
}

atf_test_case onetime_d cleanup
onetime_d_head()
{
	atf_set "descr" "geli onetime -d will create providers that detach on last close"
	atf_set "require.user" "root"
}
onetime_d_body()
{
	geli_test_setup

	sectors=100
	md=$(attach_md -t malloc -s $sectors)

	atf_check geli onetime -d ${md}
	if [ ! -c /dev/${md}.eli ]; then
		atf_fail "Provider not created, or immediately detached"
	fi

	# Be sure it doesn't detach on read.
	atf_check dd if=/dev/${md}.eli of=/dev/null status=none
	sleep 1
	if [ ! -c /dev/${md}.eli ]; then
		atf_fail "Provider detached when a reader closed"
	fi

	# It should detach when a writer closes
	true > /dev/${md}.eli
	sleep 1
	if [ -c /dev/${md}.eli ]; then
		atf_fail "Provider didn't detach on last close of a writer"
	fi
}
onetime_d_cleanup()
{
	geli_test_cleanup
}

atf_test_case onetime cleanup
onetime_null_head()
{
	atf_set "descr" "geli onetime can use the null cipher"
	atf_set "require.user" "root"
}
onetime_null_body()
{
	geli_test_setup

	sectors=100

	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none

	secsize=512
	ealgo=${cipher%%:*}
	keylen=${cipher##*:}

	md=$(attach_md -t malloc -s 100k)

	atf_check -s exit:0 -o ignore -e ignore \
		geli onetime -e null -s ${secsize} ${md}

	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none

	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?

	if [ ${md_rnd} != ${md_ddev} ]; then
		atf_fail "geli did not return the original data"
	fi
	if [ ${md_rnd} != ${md_edev} ]; then
		atf_fail "geli encrypted the data even with the null cipher"
	fi
}
onetime_null_cleanup()
{
	geli_test_cleanup
}

atf_init_test_cases()
{
	atf_add_test_case onetime
	atf_add_test_case onetime_a
	atf_add_test_case onetime_d
	atf_add_test_case onetime_null
}