1# $FreeBSD$ 2 3copy_test() { 4 cipher=$1 5 aalgo=$2 6 secsize=$3 7 ealgo=${cipher%%:*} 8 keylen=${cipher##*:} 9 10 atf_check -s exit:0 -e ignore \ 11 geli init -B none -a $aalgo -e $ealgo -l $keylen -P \ 12 -K keyfile -s $secsize ${md} 13 atf_check geli attach -p -k keyfile ${md} 14 15 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none 16 17 # Copy first small sector to the second small sector. 18 # This should be detected as corruption. 19 atf_check dd if=backing_file of=sector bs=512 count=1 \ 20 conv=notrunc status=none 21 atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \ 22 conv=notrunc status=none 23 24 atf_check -s not-exit:0 -e ignore \ 25 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 26 27 # Fix the corruption 28 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none 29 atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \ 30 status=none 31 32 # Copy first big sector to the second big sector. 33 # This should be detected as corruption. 34 ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` 35 ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` 36 usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` 37 atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ 38 seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none 39 atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ 40 seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none 41 atf_check -s not-exit:0 -e ignore \ 42 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns 43} 44 45atf_test_case copy cleanup 46copy_head() 47{ 48 atf_set "descr" "geli will detect misdirected writes as corruption" 49 atf_set "require.user" "root" 50 atf_set "timeout" 3600 51} 52copy_body() 53{ 54 . $(atf_get_srcdir)/conf.sh 55 56 sectors=2 57 58 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 59 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none 60 61 for_each_geli_config copy_test backing_file 62} 63copy_cleanup() 64{ 65 . $(atf_get_srcdir)/conf.sh 66 geli_test_cleanup 67} 68 69 70data_test() { 71 cipher=$1 72 aalgo=$2 73 secsize=$3 74 ealgo=${cipher%%:*} 75 keylen=${cipher##*:} 76 77 atf_check -s exit:0 -e ignore \ 78 geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ 79 -s $secsize ${md} 80 81 # Corrupt 8 bytes of data. 82 atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none 83 atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none 84 atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none 85 atf_check geli attach -p -k keyfile ${md} 86 87 # Try to read from the corrupt sector 88 atf_check -s not-exit:0 -e ignore \ 89 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 90} 91 92atf_test_case data cleanup 93data_head() 94{ 95 atf_set "descr" "With HMACs, geli will detect data corruption" 96 atf_set "require.user" "root" 97 atf_set "timeout" 1800 98} 99data_body() 100{ 101 . $(atf_get_srcdir)/conf.sh 102 103 sectors=2 104 105 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 106 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none 107 for_each_geli_config data_test 108} 109data_cleanup() 110{ 111 . $(atf_get_srcdir)/conf.sh 112 geli_test_cleanup 113} 114 115hmac_test() { 116 cipher=$1 117 aalgo=$2 118 secsize=$3 119 ealgo=${cipher%%:*} 120 keylen=${cipher##*:} 121 122 atf_check -s exit:0 -e ignore \ 123 geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ 124 -s $secsize ${md} 125 126 # Corrupt 8 bytes of HMAC. 127 atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none 128 atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none 129 atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none 130 atf_check geli attach -p -k keyfile ${md} 131 132 # Try to read from the corrupt sector 133 atf_check -s not-exit:0 -e ignore \ 134 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 135} 136 137atf_test_case hmac cleanup 138hmac_head() 139{ 140 atf_set "descr" "geli will detect corruption of HMACs" 141 atf_set "require.user" "root" 142 atf_set "timeout" 1800 143} 144hmac_body() 145{ 146 . $(atf_get_srcdir)/conf.sh 147 148 sectors=2 149 150 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 151 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none 152 for_each_geli_config hmac_test 153} 154hmac_cleanup() 155{ 156 . $(atf_get_srcdir)/conf.sh 157 geli_test_cleanup 158} 159 160atf_init_test_cases() 161{ 162 atf_add_test_case copy 163 atf_add_test_case data 164 atf_add_test_case hmac 165} 166