1#!/bin/sh 2 3. $(atf_get_srcdir)/conf.sh 4 5atf_test_case setkey cleanup 6setkey_head() 7{ 8 atf_set "descr" "geli setkey can change the key for an existing provider" 9 atf_set "require.user" "root" 10} 11setkey_body() 12{ 13 geli_test_setup 14 15 sectors=100 16 attach_md md -t malloc -s `expr $sectors + 1` 17 18 atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none 19 hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5` 20 atf_check_equal 0 $? 21 atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none 22 atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none 23 atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none 24 atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none 25 atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none 26 27 atf_check geli init -B none -P -K keyfile1 ${md} 28 atf_check geli attach -p -k keyfile1 ${md} 29 30 atf_check \ 31 dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none 32 hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 33 atf_check_equal 0 $? 34 35 # Change current key (0) for attached provider. 36 atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md} 37 atf_check geli detach ${md} 38 39 # We cannot use keyfile1 anymore. 40 atf_check -s not-exit:0 -e match:"Wrong key" \ 41 geli attach -p -k keyfile1 ${md} 42 43 # Attach with new key. 44 atf_check geli attach -p -k keyfile2 ${md} 45 hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 46 atf_check_equal 0 $? 47 48 # Change key 1 for attached provider. 49 atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md} 50 atf_check geli detach ${md} 51 52 # Attach with key 1. 53 atf_check geli attach -p -k keyfile3 ${md} 54 hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 55 atf_check_equal 0 $? 56 atf_check geli detach ${md} 57 58 # Change current (1) key for detached provider. 59 atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md} 60 61 # We cannot use keyfile3 anymore. 62 atf_check -s not-exit:0 -e match:"Wrong key" \ 63 geli attach -p -k keyfile3 ${md} 64 65 # Attach with key 1. 66 atf_check geli attach -p -k keyfile4 ${md} 67 hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 68 atf_check_equal 0 $? 69 atf_check geli detach ${md} 70 71 # Change key 0 for detached provider. 72 atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md} 73 74 # We cannot use keyfile2 anymore. 75 atf_check -s not-exit:0 -e match:"Wrong key" \ 76 geli attach -p -k keyfile2 ${md} 2>/dev/null 77 78 # Attach with key 0. 79 atf_check geli attach -p -k keyfile5 ${md} 80 hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 81 atf_check_equal 0 $? 82 atf_check geli detach ${md} 83 84 atf_check_equal ${hash1} ${hash2} 85 atf_check_equal ${hash1} ${hash3} 86 atf_check_equal ${hash1} ${hash4} 87 atf_check_equal ${hash1} ${hash5} 88 atf_check_equal ${hash1} ${hash6} 89} 90setkey_cleanup() 91{ 92 geli_test_cleanup 93} 94 95atf_test_case setkey_passphrase cleanup 96setkey_passphrase_head() 97{ 98 atf_set "descr" "geli setkey can change the passphrase for a provider" 99 atf_set "require.user" "root" 100} 101setkey_passphrase_body() 102{ 103 geli_test_setup 104 105 sectors=100 106 attach_md md -t malloc -s `expr $sectors + 1` 107 108 atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none 109 hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5` 110 atf_check_equal 0 $? 111 atf_check dd if=/dev/random of=pass1 bs=512 count=1 status=none 112 atf_check dd if=/dev/random of=pass2 bs=512 count=1 status=none 113 atf_check dd if=/dev/random of=pass3 bs=512 count=1 status=none 114 115 atf_check geli init -B none -J pass1 ${md} 116 atf_check geli attach -j pass1 ${md} 117 118 atf_check \ 119 dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none 120 hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 121 atf_check_equal 0 $? 122 123 atf_check geli detach ${md} 124 125 # Change from passphrase 1 to passphrase 2 for the detached provider. 126 atf_check -s exit:0 -o ignore geli setkey -j pass1 -J pass2 ${md} 127 128 # Make sure that we can attach with passphrase 2 but not with 129 # passphrase 1. 130 atf_check -s not-exit:0 -e match:"Wrong key" \ 131 geli attach -j pass1 ${md} 132 atf_check -s exit:0 geli attach -j pass2 ${md} 133 hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 134 135 # Change from passphrase 2 to passphrase 3 for the attached provider. 136 atf_check -s exit:0 -o ignore geli setkey -j pass2 -J pass3 ${md} 137 hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 138 atf_check geli detach ${md} 139 140 # Make sure that we cannot attach with passphrase 2 anymore. 141 atf_check -s not-exit:0 -e match:"Wrong key" \ 142 geli attach -j pass2 ${md} 143 144 atf_check_equal ${hash1} ${hash2} 145 atf_check_equal ${hash1} ${hash3} 146 atf_check_equal ${hash1} ${hash4} 147} 148setkey_passphrase_cleanup() 149{ 150 geli_test_cleanup 151} 152 153atf_test_case setkey_readonly cleanup 154setkey_readonly_head() 155{ 156 atf_set "descr" "geli setkey cannot change the keys of a readonly provider" 157 atf_set "require.user" "root" 158} 159setkey_readonly_body() 160{ 161 geli_test_setup 162 163 sectors=100 164 attach_md md -t malloc -s `expr $sectors + 1` 165 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 166 167 atf_check geli init -B none -P -K keyfile ${md} 168 atf_check geli attach -r -p -k keyfile ${md} 169 170 atf_check -s not-exit:0 -e match:"read-only" \ 171 geli setkey -n 1 -P -K /dev/null ${md} 172} 173setkey_readonly_cleanup() 174{ 175 geli_test_cleanup 176} 177 178atf_test_case nokey cleanup 179nokey_head() 180{ 181 atf_set "descr" "geli setkey can change the key for an existing provider" 182 atf_set "require.user" "root" 183} 184nokey_body() 185{ 186 geli_test_setup 187 188 sectors=100 189 attach_md md -t malloc -s `expr $sectors + 1` 190 atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none 191 atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none 192 193 atf_check geli init -B none -P -K keyfile1 ${md} 194 195 # Try to set the key for a detached device without providing any 196 # components for the old key. 197 atf_check -s not-exit:0 -e match:"No key components given" \ 198 geli setkey -n 0 -p -P -K keyfile2 ${md} 199 200 # Try to set the key for a detached device without providing any 201 # components for the new key 202 atf_check -s not-exit:0 -e match:"No key components given" \ 203 geli setkey -n 0 -p -k keyfile1 -P ${md} 204 205 # Try to set a new key for an attached device with no components 206 atf_check geli attach -p -k keyfile1 ${md} 207 atf_check -s not-exit:0 -e match:"No key components given" \ 208 geli setkey -n 0 -P ${md} 209} 210nokey_cleanup() 211{ 212 geli_test_cleanup 213} 214 215atf_init_test_cases() 216{ 217 atf_add_test_case setkey 218 atf_add_test_case setkey_passphrase 219 atf_add_test_case setkey_readonly 220 atf_add_test_case nokey 221} 222