xref: /freebsd/tests/sys/geom/class/eli/integrity_test.sh (revision 214e3e09b3381e44bf5d9c1dcd19c4b1b923a796)
1
2. $(atf_get_srcdir)/conf.sh
3
4copy_test() {
5	cipher=$1
6	aalgo=$2
7	secsize=$3
8	ealgo=${cipher%%:*}
9	keylen=${cipher##*:}
10
11	atf_check -s exit:0 -e ignore \
12		geli init -B none -a $aalgo -e $ealgo -l $keylen -P \
13		-K keyfile -s $secsize ${md}
14	atf_check geli attach -p -k keyfile ${md}
15
16	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none
17
18	# Copy first small sector to the second small sector.
19	# This should be detected as corruption.
20	atf_check dd if=backing_file of=sector bs=512 count=1 \
21		conv=notrunc status=none
22	atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \
23		conv=notrunc status=none
24
25	atf_check -s not-exit:0 -e ignore \
26		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
27
28	# Fix the corruption
29	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none
30	atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \
31		status=none
32
33	# Copy first big sector to the second big sector.
34	# This should be detected as corruption.
35	ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`
36	ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`
37	usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
38	atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \
39		seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none
40	atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \
41		seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none
42	atf_check -s not-exit:0 -e ignore \
43		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns
44}
45
46atf_test_case copy cleanup
47copy_head()
48{
49	atf_set "descr" "geli will detect misdirected writes as corruption"
50	atf_set "require.user" "root"
51	atf_set "timeout" 3600
52}
53copy_body()
54{
55	geli_test_setup
56
57	sectors=2
58
59	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
60	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
61
62	for_each_geli_config copy_test backing_file
63}
64copy_cleanup()
65{
66	geli_test_cleanup
67}
68
69
70data_test() {
71	cipher=$1
72	aalgo=$2
73	secsize=$3
74	ealgo=${cipher%%:*}
75	keylen=${cipher##*:}
76
77	atf_check -s exit:0 -e ignore \
78		geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
79		-s $secsize ${md}
80
81	# Corrupt 8 bytes of data.
82	atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
83	atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none
84	atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none
85	atf_check geli attach -p -k keyfile ${md}
86
87	# Try to read from the corrupt sector
88	atf_check -s not-exit:0 -e ignore \
89		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
90}
91
92atf_test_case data cleanup
93data_head()
94{
95	atf_set "descr" "With HMACs, geli will detect data corruption"
96	atf_set "require.user" "root"
97	atf_set "timeout" 1800
98}
99data_body()
100{
101	geli_test_setup
102
103	sectors=2
104
105	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
106	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
107	for_each_geli_config data_test
108}
109data_cleanup()
110{
111	geli_test_cleanup
112}
113
114hmac_test() {
115	cipher=$1
116	aalgo=$2
117	secsize=$3
118	ealgo=${cipher%%:*}
119	keylen=${cipher##*:}
120
121	atf_check -s exit:0 -e ignore \
122		geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
123		-s $secsize ${md}
124
125	# Corrupt 8 bytes of HMAC.
126	atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
127	atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none
128	atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none
129	atf_check geli attach -p -k keyfile ${md}
130
131	# Try to read from the corrupt sector
132	atf_check -s not-exit:0 -e ignore \
133		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
134}
135
136atf_test_case hmac cleanup
137hmac_head()
138{
139	atf_set "descr" "geli will detect corruption of HMACs"
140	atf_set "require.user" "root"
141	atf_set "timeout" 1800
142}
143hmac_body()
144{
145	geli_test_setup
146
147	sectors=2
148
149	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
150	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
151	for_each_geli_config hmac_test
152}
153hmac_cleanup()
154{
155	geli_test_cleanup
156}
157
158atf_init_test_cases()
159{
160	atf_add_test_case copy
161	atf_add_test_case data
162	atf_add_test_case hmac
163}
164