1# $FreeBSD$ 2 3. $(atf_get_srcdir)/conf.sh 4 5copy_test() { 6 cipher=$1 7 aalgo=$2 8 secsize=$3 9 ealgo=${cipher%%:*} 10 keylen=${cipher##*:} 11 12 atf_check -s exit:0 -e ignore \ 13 geli init -B none -a $aalgo -e $ealgo -l $keylen -P \ 14 -K keyfile -s $secsize ${md} 15 atf_check geli attach -p -k keyfile ${md} 16 17 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none 18 19 # Copy first small sector to the second small sector. 20 # This should be detected as corruption. 21 atf_check dd if=backing_file of=sector bs=512 count=1 \ 22 conv=notrunc status=none 23 atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \ 24 conv=notrunc status=none 25 26 atf_check -s not-exit:0 -e ignore \ 27 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 28 29 # Fix the corruption 30 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none 31 atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \ 32 status=none 33 34 # Copy first big sector to the second big sector. 35 # This should be detected as corruption. 36 ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` 37 ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` 38 usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` 39 atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ 40 seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none 41 atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ 42 seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none 43 atf_check -s not-exit:0 -e ignore \ 44 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns 45} 46 47atf_test_case copy cleanup 48copy_head() 49{ 50 atf_set "descr" "geli will detect misdirected writes as corruption" 51 atf_set "require.user" "root" 52 atf_set "timeout" 3600 53} 54copy_body() 55{ 56 geli_test_setup 57 58 sectors=2 59 60 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 61 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none 62 63 for_each_geli_config copy_test backing_file 64} 65copy_cleanup() 66{ 67 geli_test_cleanup 68} 69 70 71data_test() { 72 cipher=$1 73 aalgo=$2 74 secsize=$3 75 ealgo=${cipher%%:*} 76 keylen=${cipher##*:} 77 78 atf_check -s exit:0 -e ignore \ 79 geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ 80 -s $secsize ${md} 81 82 # Corrupt 8 bytes of data. 83 atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none 84 atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none 85 atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none 86 atf_check geli attach -p -k keyfile ${md} 87 88 # Try to read from the corrupt sector 89 atf_check -s not-exit:0 -e ignore \ 90 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 91} 92 93atf_test_case data cleanup 94data_head() 95{ 96 atf_set "descr" "With HMACs, geli will detect data corruption" 97 atf_set "require.user" "root" 98 atf_set "timeout" 1800 99} 100data_body() 101{ 102 geli_test_setup 103 104 sectors=2 105 106 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 107 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none 108 for_each_geli_config data_test 109} 110data_cleanup() 111{ 112 geli_test_cleanup 113} 114 115hmac_test() { 116 cipher=$1 117 aalgo=$2 118 secsize=$3 119 ealgo=${cipher%%:*} 120 keylen=${cipher##*:} 121 122 atf_check -s exit:0 -e ignore \ 123 geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ 124 -s $secsize ${md} 125 126 # Corrupt 8 bytes of HMAC. 127 atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none 128 atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none 129 atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none 130 atf_check geli attach -p -k keyfile ${md} 131 132 # Try to read from the corrupt sector 133 atf_check -s not-exit:0 -e ignore \ 134 dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 135} 136 137atf_test_case hmac cleanup 138hmac_head() 139{ 140 atf_set "descr" "geli will detect corruption of HMACs" 141 atf_set "require.user" "root" 142 atf_set "timeout" 1800 143} 144hmac_body() 145{ 146 geli_test_setup 147 148 sectors=2 149 150 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 151 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none 152 for_each_geli_config hmac_test 153} 154hmac_cleanup() 155{ 156 geli_test_cleanup 157} 158 159atf_init_test_cases() 160{ 161 atf_add_test_case copy 162 atf_add_test_case data 163 atf_add_test_case hmac 164} 165