xref: /freebsd/tests/sys/geom/class/eli/delkey_test.sh (revision 734e82fe33aa764367791a7d603b383996c6b40b)
1#!/bin/sh
2
3. $(atf_get_srcdir)/conf.sh
4
5atf_test_case delkey cleanup
6delkey_head()
7{
8	atf_set "descr" "geli delkey can destroy the master key"
9	atf_set "require.user" "root"
10}
11delkey_body()
12{
13	geli_test_setup
14
15	sectors=100
16	md=$(attach_md -t malloc -s `expr $sectors + 1`)
17
18	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
19	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
20	atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
21	atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
22
23	atf_check geli init -B none -P -K keyfile1 ${md}
24	atf_check geli attach -p -k keyfile1 ${md}
25	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md}
26
27	# Remove key 0 for attached provider.
28	atf_check geli delkey -n 0 ${md}
29	atf_check geli detach ${md}
30
31	# We cannot use keyfile1 anymore.
32	atf_check -s not-exit:0 -e match:"Wrong key" \
33		geli attach -p -k keyfile1 ${md}
34
35	# Attach with key 1.
36	atf_check geli attach -p -k keyfile2 ${md}
37
38	# We cannot remove last key without -f option (for attached provider).
39	atf_check -s not-exit:0 -e match:"This is the last Master Key" \
40		geli delkey -n 1 ${md}
41
42	# Remove last key for attached provider.
43	atf_check geli delkey -f -n 1 ${md}
44
45	# If there are no valid keys, but provider is attached, we can save situation.
46	atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md}
47	atf_check geli detach ${md}
48
49	# We cannot use keyfile2 anymore.
50	atf_check -s not-exit:0 -e match:"Wrong key" \
51		geli attach -p -k keyfile2 ${md}
52
53	# Attach with key 0.
54	atf_check geli attach -p -k keyfile3 ${md}
55
56	# Setup key 1.
57	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md}
58	atf_check geli detach ${md}
59
60	# Remove key 1 for detached provider.
61	atf_check geli delkey -n 1 ${md}
62
63	# We cannot use keyfile4 anymore.
64	atf_check -s not-exit:0 -e match:"Wrong key" \
65		geli attach -p -k keyfile4 ${md}
66
67	# We cannot remove last key without -f option (for detached provider).
68	atf_check -s not-exit:0 -e match:"This is the last Master Key" \
69		geli delkey -n 0 ${md}
70
71	# Remove last key for detached provider.
72	atf_check geli delkey -f -n 0 ${md}
73
74	# We cannot use keyfile3 anymore.
75	atf_check -s not-exit:0 -e match:"No valid keys" \
76		geli attach -p -k keyfile3 ${md}
77}
78delkey_cleanup()
79{
80	geli_test_cleanup
81}
82
83atf_test_case delkey_readonly cleanup
84delkey_readonly_head()
85{
86	atf_set "descr" "geli delkey cannot work on a read-only provider"
87	atf_set "require.user" "root"
88}
89delkey_readonly_body()
90{
91	geli_test_setup
92
93	sectors=100
94	md=$(attach_md -t malloc -s `expr $sectors + 1`)
95	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
96
97	atf_check geli init -B none -P -K keyfile ${md}
98	atf_check geli attach -r -p -k keyfile ${md}
99
100	atf_check -s not-exit:0 -e match:"read-only" geli delkey -n 0 ${md}
101	# Even with -f (force) it should still fail
102	atf_check -s not-exit:0 -e match:"read-only" geli delkey -f -n 0 ${md}
103}
104delkey_readonly_cleanup()
105{
106	geli_test_cleanup
107}
108
109atf_init_test_cases()
110{
111	atf_add_test_case delkey
112	atf_add_test_case delkey_readonly
113}
114