xref: /freebsd/tests/sys/geom/class/eli/delkey_test.sh (revision 4f52dfbb8d6c4d446500c5b097e3806ec219fbd4)
1#!/bin/sh
2# $FreeBSD$
3
4atf_test_case delkey cleanup
5delkey_head()
6{
7	atf_set "descr" "geli delkey can destroy the master key"
8	atf_set "require.user" "root"
9}
10delkey_body()
11{
12	. $(atf_get_srcdir)/conf.sh
13
14	sectors=100
15	md=$(attach_md -t malloc -s `expr $sectors + 1`)
16
17	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
18	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
19	atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
20	atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
21
22	atf_check geli init -B none -P -K keyfile1 ${md}
23	atf_check geli attach -p -k keyfile1 ${md}
24	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md}
25
26	# Remove key 0 for attached provider.
27	atf_check geli delkey -n 0 ${md}
28	atf_check geli detach ${md}
29
30	# We cannot use keyfile1 anymore.
31	atf_check -s not-exit:0 -e match:"Wrong key" \
32		geli attach -p -k keyfile1 ${md}
33
34	# Attach with key 1.
35	atf_check geli attach -p -k keyfile2 ${md}
36
37	# We cannot remove last key without -f option (for attached provider).
38	atf_check -s not-exit:0 -e match:"This is the last Master Key" \
39		geli delkey -n 1 ${md}
40
41	# Remove last key for attached provider.
42	atf_check geli delkey -f -n 1 ${md}
43
44	# If there are no valid keys, but provider is attached, we can save situation.
45	atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md}
46	atf_check geli detach ${md}
47
48	# We cannot use keyfile2 anymore.
49	atf_check -s not-exit:0 -e match:"Wrong key" \
50		geli attach -p -k keyfile2 ${md}
51
52	# Attach with key 0.
53	atf_check geli attach -p -k keyfile3 ${md}
54
55	# Setup key 1.
56	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md}
57	atf_check geli detach ${md}
58
59	# Remove key 1 for detached provider.
60	atf_check geli delkey -n 1 ${md}
61
62	# We cannot use keyfile4 anymore.
63	atf_check -s not-exit:0 -e match:"Wrong key" \
64		geli attach -p -k keyfile4 ${md}
65
66	# We cannot remove last key without -f option (for detached provider).
67	atf_check -s not-exit:0 -e match:"This is the last Master Key" \
68		geli delkey -n 0 ${md}
69
70	# Remove last key for detached provider.
71	atf_check geli delkey -f -n 0 ${md}
72
73	# We cannot use keyfile3 anymore.
74	atf_check -s not-exit:0 -e match:"No valid keys" \
75		geli attach -p -k keyfile3 ${md}
76}
77delkey_cleanup()
78{
79	. $(atf_get_srcdir)/conf.sh
80	geli_test_cleanup
81}
82
83atf_test_case delkey_readonly cleanup
84delkey_readonly_head()
85{
86	atf_set "descr" "geli delkey cannot work on a read-only provider"
87	atf_set "require.user" "root"
88}
89delkey_readonly_body()
90{
91	. $(atf_get_srcdir)/conf.sh
92
93	sectors=100
94	md=$(attach_md -t malloc -s `expr $sectors + 1`)
95	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
96
97	atf_check geli init -B none -P -K keyfile ${md}
98	atf_check geli attach -r -p -k keyfile ${md}
99
100	atf_check -s not-exit:0 -e match:"read-only" geli delkey -n 0 ${md}
101	# Even with -f (force) it should still fail
102	atf_check -s not-exit:0 -e match:"read-only" geli delkey -f -n 0 ${md}
103}
104delkey_readonly_cleanup()
105{
106	. $(atf_get_srcdir)/conf.sh
107	geli_test_cleanup
108}
109
110atf_init_test_cases()
111{
112	atf_add_test_case delkey
113	atf_add_test_case delkey_readonly
114}
115