1#!/bin/sh 2# $FreeBSD$ 3 4. $(atf_get_srcdir)/conf.sh 5 6init_test() 7{ 8 cipher=$1 9 secsize=$2 10 ealgo=${cipher%%:*} 11 keylen=${cipher##*:} 12 13 atf_check -s exit:0 -e ignore \ 14 geli init -B none -e $ealgo -l $keylen -P -K keyfile \ 15 -s $secsize ${md} 16 atf_check geli attach -p -k keyfile ${md} 17 18 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} \ 19 status=none 20 21 md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` 22 atf_check_equal 0 $? 23 md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` 24 atf_check_equal 0 $? 25 md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5` 26 atf_check_equal 0 $? 27 28 if [ ${md_rnd} != ${md_ddev} ]; then 29 atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" 30 fi 31 if [ ${md_rnd} == ${md_edev} ]; then 32 atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" 33 fi 34} 35atf_test_case init cleanup 36init_head() 37{ 38 atf_set "descr" "Basic I/O with geli" 39 atf_set "require.user" "root" 40 atf_set "timeout" 600 41} 42init_body() 43{ 44 geli_test_setup 45 46 sectors=32 47 48 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 49 atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \ 50 status=none 51 for_each_geli_config_nointegrity init_test 52} 53init_cleanup() 54{ 55 geli_test_cleanup 56} 57 58atf_test_case init_B cleanup 59init_B_head() 60{ 61 atf_set "descr" "init -B can select an alternate backup metadata file" 62 atf_set "require.user" "root" 63} 64init_B_body() 65{ 66 geli_test_setup 67 68 sectors=100 69 70 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 71 72 md=$(attach_md -t malloc -s $sectors) 73 74 # -B none 75 rm -f /var/backups/${md}.eli 76 atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md} 77 if [ -f /var/backups/${md}.eli ]; then 78 atf_fail "geli created a backup file even with -B none" 79 fi 80 81 # no -B 82 rm -f /var/backups/${md}.eli 83 atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md} 84 if [ ! -f /var/backups/${md}.eli ]; then 85 atf_fail "geli did not create a backup file" 86 fi 87 atf_check geli clear ${md} 88 atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} 89 atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md} 90 atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md} 91 atf_check geli detach ${md} 92 rm -f /var/backups/${md}.eli 93 94 # -B file 95 rm -f backupfile 96 atf_check -s exit:0 -o ignore \ 97 geli init -B backupfile -P -K keyfile ${md} 98 if [ ! -f backupfile ]; then 99 atf_fail "geli init -B did not create a backup file" 100 fi 101 atf_check geli clear ${md} 102 atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} 103 atf_check geli restore backupfile ${md} 104 atf_check geli attach -p -k keyfile ${md} 105} 106init_B_cleanup() 107{ 108 geli_test_cleanup 109} 110 111atf_test_case init_J cleanup 112init_J_head() 113{ 114 atf_set "descr" "init -J accepts a passfile" 115 atf_set "require.user" "root" 116} 117init_J_body() 118{ 119 geli_test_setup 120 121 sectors=100 122 md=$(attach_md -t malloc -s `expr $sectors + 1`) 123 124 atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none 125 atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none 126 dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0 127 atf_check_equal 0 $? 128 dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1 129 atf_check_equal 0 $? 130 131 for iter in -1 0 64; do 132 atf_check -s not-exit:0 -e ignore \ 133 geli init -i ${iter} -B none -J passfile0 -P ${md} 134 atf_check -s not-exit:0 -e ignore \ 135 geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md} 136 atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md} 137 atf_check -s not-exit:0 -e ignore \ 138 geli attach -k keyfile0 -p ${md} 139 atf_check -s not-exit:0 -e ignore \ 140 geli attach -j passfile0 ${md} 141 atf_check -s not-exit:0 -e ignore \ 142 geli attach -j keyfile0 ${md} 143 atf_check -s not-exit:0 -e ignore \ 144 geli attach -k passfile0 -p ${md} 145 atf_check -s not-exit:0 -e ignore \ 146 geli attach -j keyfile0 -k passfile0 ${md} 147 atf_check -s not-exit:0 -e ignore \ 148 geli attach -j keyfile0 -k keyfile0 ${md} 149 atf_check -s not-exit:0 -e ignore \ 150 geli attach -j passfile0 -k passfile0 ${md} 151 atf_check -s exit:0 -e ignore \ 152 geli attach -j passfile0 -k keyfile0 ${md} 153 atf_check -s exit:0 -e ignore geli detach ${md} 154 atf_check -s exit:0 -e ignore -x \ 155 "cat keyfile0 | geli attach -j passfile0 -k - ${md}" 156 atf_check -s exit:0 -e ignore geli detach ${md} 157 atf_check -s exit:0 -e ignore -x \ 158 "cat passfile0 | geli attach -j - -k keyfile0 ${md}" 159 atf_check -s exit:0 -e ignore geli detach ${md} 160 161 atf_check -s not-exit:0 -e ignore \ 162 geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md} 163 atf_check -s not-exit:0 -e ignore \ 164 geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md} 165 atf_check -s exit:0 -e ignore \ 166 geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md} 167 atf_check -s not-exit:0 -e ignore \ 168 geli attach -k keyfile0 -p ${md} 169 atf_check -s not-exit:0 -e ignore \ 170 geli attach -k keyfile1 -p ${md} 171 atf_check -s not-exit:0 -e ignore \ 172 geli attach -j passfile0 ${md} 173 atf_check -s not-exit:0 -e ignore \ 174 geli attach -j passfile1 ${md} 175 atf_check -s not-exit:0 -e ignore \ 176 geli attach -k keyfile0 -k keyfile1 -p ${md} 177 atf_check -s not-exit:0 -e ignore \ 178 geli attach -j passfile0 -j passfile1 ${md} 179 atf_check -s not-exit:0 -e ignore \ 180 geli attach -k keyfile0 -j passfile0 ${md} 181 atf_check -s not-exit:0 -e ignore \ 182 geli attach -k keyfile0 -j passfile1 ${md} 183 atf_check -s not-exit:0 -e ignore \ 184 geli attach -k keyfile1 -j passfile0 ${md} 185 atf_check -s not-exit:0 -e ignore \ 186 geli attach -k keyfile1 -j passfile1 ${md} 187 atf_check -s not-exit:0 -e ignore \ 188 geli attach -k keyfile0 -j passfile0 -j passfile1 ${md} 189 atf_check -s not-exit:0 -e ignore \ 190 geli attach -k keyfile1 -j passfile0 -j passfile1 ${md} 191 atf_check -s not-exit:0 -e ignore \ 192 geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md} 193 atf_check -s not-exit:0 -e ignore \ 194 geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md} 195 atf_check -s not-exit:0 -e ignore \ 196 geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md} 197 atf_check -s not-exit:0 -e ignore \ 198 geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md} 199 atf_check -s not-exit:0 -e ignore \ 200 geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md} 201 atf_check -s exit:0 -e ignore \ 202 geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md} 203 atf_check -s exit:0 -e ignore geli detach ${md} 204 atf_check -s exit:0 -e ignore -x \ 205 "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}" 206 atf_check -s exit:0 -e ignore geli detach ${md} 207 atf_check -s exit:0 -e ignore -x \ 208 "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}" 209 atf_check -s exit:0 -e ignore geli detach ${md} 210 atf_check -s exit:0 -e ignore -x \ 211 "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}" 212 atf_check -s exit:0 -e ignore geli detach ${md} 213 atf_check -s exit:0 -e ignore -x \ 214 "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}" 215 atf_check -s exit:0 -e ignore geli detach ${md} 216 atf_check -s exit:0 -e ignore -x \ 217 "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}" 218 atf_check -s exit:0 -e ignore geli detach ${md} 219 atf_check -s exit:0 -e ignore -x \ 220 "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}" 221 atf_check -s exit:0 -e ignore geli detach ${md} 222 done 223} 224init_J_cleanup() 225{ 226 geli_test_cleanup 227} 228 229init_a_test() 230{ 231 cipher=$1 232 aalgo=$2 233 secsize=$3 234 ealgo=${cipher%%:*} 235 keylen=${cipher##*:} 236 237 atf_check -s exit:0 -e ignore \ 238 geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ 239 -s $secsize ${md} 240 atf_check geli attach -p -k keyfile ${md} 241 242 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none 243 244 md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` 245 atf_check_equal 0 $? 246 md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` 247 atf_check_equal 0 $? 248 249 if [ ${md_rnd} != ${md_ddev} ]; then 250 atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" 251 fi 252} 253atf_test_case init_a cleanup 254init_a_head() 255{ 256 atf_set "descr" "I/O with geli and HMACs" 257 atf_set "require.user" "root" 258 atf_set "timeout" 3600 259} 260init_a_body() 261{ 262 geli_test_setup 263 264 sectors=100 265 266 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 267 atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \ 268 status=none 269 for_each_geli_config init_a_test 270 true 271} 272init_a_cleanup() 273{ 274 geli_test_cleanup 275} 276 277init_alias_test() { 278 ealgo=$1 279 keylen=$2 280 expected_ealgo=$3 281 expected_keylen=$4 282 283 atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md} 284 atf_check geli attach -p -k keyfile ${md} 285 real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'` 286 real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'` 287 288 if [ "${real_ealgo}" != "${expected_ealgo}" ]; then 289 atf_fail "expected ${expected_ealgo} but got ${real_ealgo}" 290 fi 291 292 if [ "${real_keylen}" != "${expected_keylen}" ]; then 293 atf_fail "expected ${expected_keylen} but got ${real_keylen}" 294 fi 295 atf_check geli detach ${md} 296} 297atf_test_case init_alias cleanup 298init_alias_head() 299{ 300 atf_set "descr" "geli init accepts cipher aliases" 301 atf_set "require.user" "root" 302} 303init_alias_body() 304{ 305 geli_test_setup 306 307 md=$(attach_md -t malloc -s 1024k) 308 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 309 310 for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ 311 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ 312 blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ 313 blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ 314 blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ 315 blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ 316 blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ 317 blowfish:448:Blowfish-CBC:448 \ 318 camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ 319 camellia:256:CAMELLIA-CBC:256 ; do 320 321 ealgo=`echo $spec | cut -d : -f 1` 322 keylen=`echo $spec | cut -d : -f 2` 323 expected_ealgo=`echo $spec | cut -d : -f 3` 324 expected_keylen=`echo $spec | cut -d : -f 4` 325 326 init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen 327 done 328} 329init_alias_cleanup() 330{ 331 geli_test_cleanup 332} 333 334atf_test_case init_i_P cleanup 335init_i_P_head() 336{ 337 atf_set "descr" "geli: Options -i and -P are mutually exclusive" 338 atf_set "require.user" "root" 339} 340init_i_P_body() 341{ 342 geli_test_setup 343 344 sectors=100 345 md=$(attach_md -t malloc -s `expr $sectors + 1`) 346 347 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 348 349 atf_check -s not-exit:0 -e "match:Options -i and -P are mutually exclusive"\ 350 geli init -B none -i 64 -P -K keyfile $md 351} 352init_i_P_cleanup() 353{ 354 geli_test_cleanup 355} 356 357atf_test_case nokey cleanup 358nokey_head() 359{ 360 atf_set "descr" "geli init fails if called with no key component" 361 atf_set "require.user" "root" 362} 363nokey_body() 364{ 365 geli_test_setup 366 367 sectors=100 368 md=$(attach_md -t malloc -s `expr $sectors + 1`) 369 370 atf_check -s not-exit:0 -e match:"No key components given" \ 371 geli init -B none -P ${md} 372} 373nokey_cleanup() 374{ 375 geli_test_cleanup 376} 377 378atf_init_test_cases() 379{ 380 atf_add_test_case init 381 atf_add_test_case init_B 382 atf_add_test_case init_J 383 atf_add_test_case init_a 384 atf_add_test_case init_alias 385 atf_add_test_case init_i_P 386 atf_add_test_case nokey 387} 388