xref: /freebsd/tests/sys/geom/class/eli/init_test.sh (revision 8df8b2d3e51d1b816201d8a1fe8bc29fe192e562)
1#!/bin/sh
2# $FreeBSD$
3
4. $(atf_get_srcdir)/conf.sh
5
6init_test()
7{
8	cipher=$1
9	secsize=$2
10	ealgo=${cipher%%:*}
11	keylen=${cipher##*:}
12
13	atf_check -s exit:0 -e ignore \
14		geli init -B none -e $ealgo -l $keylen -P -K keyfile \
15		-s $secsize ${md}
16	atf_check geli attach -p -k keyfile ${md}
17
18	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} \
19		status=none
20
21	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
22	atf_check_equal 0 $?
23	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
24	atf_check_equal 0 $?
25	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
26	atf_check_equal 0 $?
27
28	if [ ${md_rnd} != ${md_ddev} ]; then
29		atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
30	fi
31	if [ ${md_rnd} == ${md_edev} ]; then
32		atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
33	fi
34}
35atf_test_case init cleanup
36init_head()
37{
38	atf_set "descr" "Basic I/O with geli"
39	atf_set "require.user" "root"
40	atf_set "timeout" 600
41}
42init_body()
43{
44	geli_test_setup
45
46	sectors=32
47
48	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
49	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \
50		status=none
51	for_each_geli_config_nointegrity init_test
52}
53init_cleanup()
54{
55	geli_test_cleanup
56}
57
58atf_test_case init_B cleanup
59init_B_head()
60{
61	atf_set "descr" "init -B can select an alternate backup metadata file"
62	atf_set "require.user" "root"
63}
64init_B_body()
65{
66	geli_test_setup
67
68	sectors=100
69
70	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
71
72	md=$(attach_md -t malloc -s $sectors)
73
74	# -B none
75	rm -f /var/backups/${md}.eli
76	atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md}
77	if [ -f /var/backups/${md}.eli ]; then
78		atf_fail "geli created a backup file even with -B none"
79	fi
80
81	# no -B
82	rm -f /var/backups/${md}.eli
83	atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md}
84	if [ ! -f /var/backups/${md}.eli ]; then
85		atf_fail "geli did not create a backup file"
86	fi
87	atf_check geli clear ${md}
88	atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
89	atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md}
90	atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md}
91	atf_check geli detach ${md}
92	rm -f /var/backups/${md}.eli
93
94	# -B file
95	rm -f backupfile
96	atf_check -s exit:0 -o ignore \
97		geli init -B backupfile -P -K keyfile ${md}
98	if [ ! -f backupfile ]; then
99		atf_fail "geli init -B did not create a backup file"
100	fi
101	atf_check geli clear ${md}
102	atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
103	atf_check geli restore backupfile ${md}
104	atf_check geli attach -p -k keyfile ${md}
105}
106init_B_cleanup()
107{
108	geli_test_cleanup
109}
110
111atf_test_case init_J cleanup
112init_J_head()
113{
114	atf_set "descr" "init -J accepts a passfile"
115	atf_set "require.user" "root"
116}
117init_J_body()
118{
119	geli_test_setup
120
121	sectors=100
122	md=$(attach_md -t malloc -s `expr $sectors + 1`)
123
124	atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none
125	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
126	dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0
127	atf_check_equal 0 $?
128	dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1
129	atf_check_equal 0 $?
130
131	for iter in -1 0 64; do
132		atf_check -s not-exit:0 -e ignore \
133			geli init -i ${iter} -B none -J passfile0 -P ${md}
134		atf_check -s not-exit:0 -e ignore \
135			geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md}
136		atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md}
137		atf_check -s not-exit:0 -e ignore \
138			geli attach -k keyfile0 -p ${md}
139		atf_check -s not-exit:0 -e ignore \
140			geli attach -j passfile0 ${md}
141		atf_check -s not-exit:0 -e ignore \
142			geli attach -j keyfile0 ${md}
143		atf_check -s not-exit:0 -e ignore \
144			geli attach -k passfile0 -p ${md}
145		atf_check -s not-exit:0 -e ignore \
146			geli attach -j keyfile0 -k passfile0 ${md}
147		atf_check -s not-exit:0 -e ignore \
148			geli attach -j keyfile0 -k keyfile0 ${md}
149		atf_check -s not-exit:0 -e ignore \
150			geli attach -j passfile0 -k passfile0 ${md}
151		atf_check -s exit:0 -e ignore \
152			geli attach -j passfile0 -k keyfile0 ${md}
153		atf_check -s exit:0 -e ignore geli detach ${md}
154		atf_check -s exit:0 -e ignore -x \
155			"cat keyfile0 | geli attach -j passfile0 -k - ${md}"
156		atf_check -s exit:0 -e ignore geli detach ${md}
157		atf_check -s exit:0 -e ignore -x \
158			"cat passfile0 | geli attach -j - -k keyfile0 ${md}"
159		atf_check -s exit:0 -e ignore geli detach ${md}
160
161		atf_check -s not-exit:0 -e ignore \
162			geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md}
163		atf_check -s not-exit:0 -e ignore \
164			geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md}
165		atf_check -s exit:0 -e ignore \
166			geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md}
167		atf_check -s not-exit:0 -e ignore \
168			geli attach -k keyfile0 -p ${md}
169		atf_check -s not-exit:0 -e ignore \
170			geli attach -k keyfile1 -p ${md}
171		atf_check -s not-exit:0 -e ignore \
172			geli attach -j passfile0 ${md}
173		atf_check -s not-exit:0 -e ignore \
174			geli attach -j passfile1 ${md}
175		atf_check -s not-exit:0 -e ignore \
176			geli attach -k keyfile0 -k keyfile1 -p ${md}
177		atf_check -s not-exit:0 -e ignore \
178			geli attach -j passfile0 -j passfile1 ${md}
179		atf_check -s not-exit:0 -e ignore \
180			geli attach -k keyfile0 -j passfile0 ${md}
181		atf_check -s not-exit:0 -e ignore \
182			geli attach -k keyfile0 -j passfile1 ${md}
183		atf_check -s not-exit:0 -e ignore \
184			geli attach -k keyfile1 -j passfile0 ${md}
185		atf_check -s not-exit:0 -e ignore \
186			geli attach -k keyfile1 -j passfile1 ${md}
187		atf_check -s not-exit:0 -e ignore \
188			geli attach -k keyfile0 -j passfile0 -j passfile1 ${md}
189		atf_check -s not-exit:0 -e ignore \
190			geli attach -k keyfile1 -j passfile0 -j passfile1 ${md}
191		atf_check -s not-exit:0 -e ignore \
192			geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md}
193		atf_check -s not-exit:0 -e ignore \
194			geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md}
195		atf_check -s not-exit:0 -e ignore \
196			geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md}
197		atf_check -s not-exit:0 -e ignore \
198			geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md}
199		atf_check -s not-exit:0 -e ignore \
200			geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md}
201		atf_check -s exit:0 -e ignore \
202			geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md}
203		atf_check -s exit:0 -e ignore geli detach ${md}
204		atf_check -s exit:0 -e ignore -x \
205			"cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}"
206		atf_check -s exit:0 -e ignore geli detach ${md}
207		atf_check -s exit:0 -e ignore -x \
208			"cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}"
209		atf_check -s exit:0 -e ignore geli detach ${md}
210		atf_check -s exit:0 -e ignore -x \
211			"cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}"
212		atf_check -s exit:0 -e ignore geli detach ${md}
213		atf_check -s exit:0 -e ignore -x \
214			"cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}"
215		atf_check -s exit:0 -e ignore geli detach ${md}
216		atf_check -s exit:0 -e ignore -x \
217			"cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}"
218		atf_check -s exit:0 -e ignore geli detach ${md}
219		atf_check -s exit:0 -e ignore -x \
220			"cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}"
221		atf_check -s exit:0 -e ignore geli detach ${md}
222	done
223}
224init_J_cleanup()
225{
226	geli_test_cleanup
227}
228
229init_a_test()
230{
231	cipher=$1
232	aalgo=$2
233	secsize=$3
234	ealgo=${cipher%%:*}
235	keylen=${cipher##*:}
236
237	atf_check -s exit:0 -e ignore \
238		geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
239		-s $secsize ${md}
240	atf_check geli attach -p -k keyfile ${md}
241
242	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
243
244	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
245	atf_check_equal 0 $?
246	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
247	atf_check_equal 0 $?
248
249	if [ ${md_rnd} != ${md_ddev} ]; then
250		atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
251	fi
252}
253atf_test_case init_a cleanup
254init_a_head()
255{
256	atf_set "descr" "I/O with geli and HMACs"
257	atf_set "require.user" "root"
258	atf_set "timeout" 3600
259}
260init_a_body()
261{
262	geli_test_setup
263
264	sectors=100
265
266	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
267	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \
268		status=none
269	for_each_geli_config init_a_test
270	true
271}
272init_a_cleanup()
273{
274	geli_test_cleanup
275}
276
277init_alias_test() {
278	ealgo=$1
279	keylen=$2
280	expected_ealgo=$3
281	expected_keylen=$4
282
283	atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md}
284	atf_check geli attach -p -k keyfile ${md}
285	real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
286	real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
287
288	if [ "${real_ealgo}" != "${expected_ealgo}" ]; then
289		atf_fail "expected ${expected_ealgo} but got ${real_ealgo}"
290	fi
291
292	if [ "${real_keylen}" != "${expected_keylen}" ]; then
293		atf_fail "expected ${expected_keylen} but got ${real_keylen}"
294	fi
295	atf_check geli detach ${md}
296}
297atf_test_case init_alias cleanup
298init_alias_head()
299{
300	atf_set "descr" "geli init accepts cipher aliases"
301	atf_set "require.user" "root"
302}
303init_alias_body()
304{
305	geli_test_setup
306
307	md=$(attach_md -t malloc -s 1024k)
308	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
309
310	for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
311		3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \
312		blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \
313		blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \
314		blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \
315		blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \
316		blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \
317		blowfish:448:Blowfish-CBC:448 \
318		camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \
319		camellia:256:CAMELLIA-CBC:256 ; do
320
321		ealgo=`echo $spec | cut -d : -f 1`
322		keylen=`echo $spec | cut -d : -f 2`
323		expected_ealgo=`echo $spec | cut -d : -f 3`
324		expected_keylen=`echo $spec | cut -d : -f 4`
325
326		init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen
327	done
328}
329init_alias_cleanup()
330{
331	geli_test_cleanup
332}
333
334atf_test_case init_i_P cleanup
335init_i_P_head()
336{
337	atf_set "descr" "geli: Options -i and -P are mutually exclusive"
338	atf_set "require.user" "root"
339}
340init_i_P_body()
341{
342	geli_test_setup
343
344	sectors=100
345	md=$(attach_md -t malloc -s `expr $sectors + 1`)
346
347	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
348
349	atf_check -s not-exit:0 -e "match:Options -i and -P are mutually exclusive"\
350		geli init -B none -i 64 -P -K keyfile $md
351}
352init_i_P_cleanup()
353{
354	geli_test_cleanup
355}
356
357atf_test_case nokey cleanup
358nokey_head()
359{
360	atf_set "descr" "geli init fails if called with no key component"
361	atf_set "require.user" "root"
362}
363nokey_body()
364{
365	geli_test_setup
366
367	sectors=100
368	md=$(attach_md -t malloc -s `expr $sectors + 1`)
369
370	atf_check -s not-exit:0 -e match:"No key components given" \
371		geli init -B none -P ${md}
372}
373nokey_cleanup()
374{
375	geli_test_cleanup
376}
377
378atf_init_test_cases()
379{
380	atf_add_test_case init
381	atf_add_test_case init_B
382	atf_add_test_case init_J
383	atf_add_test_case init_a
384	atf_add_test_case init_alias
385	atf_add_test_case init_i_P
386	atf_add_test_case nokey
387}
388