xref: /freebsd/tests/sys/geom/class/eli/onetime_test.sh (revision 96950419f15510287080c557174e0d8409f06956)

. $(atf_get_srcdir)/conf.sh

onetime_test()
{
	cipher=$1
	secsize=$2
	ealgo=${cipher%%:*}
	keylen=${cipher##*:}

	atf_check -s exit:0 -o ignore -e ignore \
		geli onetime -e $ealgo -l $keylen -s $secsize ${md}

	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none

	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?

	if [ ${md_rnd} != ${md_ddev} ]; then
		atf_fail "geli did not return the original data"
	fi
	if [ ${md_rnd} == ${md_edev} ]; then
		atf_fail "geli did not encrypt the data"
	fi
}
atf_test_case onetime cleanup
onetime_head()
{
	atf_set "descr" "geli onetime can create temporary providers"
	atf_set "require.user" "root"
	atf_set "timeout" 1800
}
onetime_body()
{
	geli_test_setup

	sectors=100

	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
	for_each_geli_config_nointegrity onetime_test
}
onetime_cleanup()
{
	geli_test_cleanup
}

onetime_a_test()
{
	cipher=$1
	aalgo=$2
	secsize=$3
	ealgo=${cipher%%:*}
	keylen=${cipher##*:}

	atf_check -s exit:0 -o ignore -e ignore \
		geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md}

	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none

	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?

	if [ ${md_rnd} != ${md_ddev} ]; then
		atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
	fi
}
atf_test_case onetime_a cleanup
onetime_a_head()
{
	atf_set "descr" "geli onetime with HMACs"
	atf_set "require.user" "root"
	atf_set "timeout" 1800
}
onetime_a_body()
{
	geli_test_setup

	sectors=8

	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \
		status=none
	for_each_geli_config onetime_a_test
}
onetime_a_cleanup()
{
	geli_test_cleanup
}

atf_test_case onetime_d cleanup
onetime_d_head()
{
	atf_set "descr" "geli onetime -d will create providers that detach on last close"
	atf_set "require.user" "root"
}
onetime_d_body()
{
	geli_test_setup

	sectors=100
	attach_md md -t malloc -s $sectors

	atf_check geli onetime -d ${md}
	if [ ! -c /dev/${md}.eli ]; then
		atf_fail "Provider not created, or immediately detached"
	fi

	# Be sure it doesn't detach on read.
	atf_check dd if=/dev/${md}.eli of=/dev/null status=none
	sleep 1
	if [ ! -c /dev/${md}.eli ]; then
		atf_fail "Provider detached when a reader closed"
	fi

	# It should detach when a writer closes
	true > /dev/${md}.eli
	sleep 1
	if [ -c /dev/${md}.eli ]; then
		atf_fail "Provider didn't detach on last close of a writer"
	fi
}
onetime_d_cleanup()
{
	geli_test_cleanup
}

atf_test_case onetime_null cleanup
onetime_null_head()
{
	atf_set "descr" "geli onetime can use the null cipher"
	atf_set "require.user" "root"
}
onetime_null_body()
{
	geli_test_setup

	sectors=100

	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none

	secsize=512
	ealgo=${cipher%%:*}
	keylen=${cipher##*:}

	attach_md md -t malloc -s 100k

	atf_check -s exit:0 -o ignore -e ignore \
		geli onetime -e null -s ${secsize} ${md}

	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none

	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?
	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
	atf_check_equal 0 $?

	if [ ${md_rnd} != ${md_ddev} ]; then
		atf_fail "geli did not return the original data"
	fi
	if [ ${md_rnd} != ${md_edev} ]; then
		atf_fail "geli encrypted the data even with the null cipher"
	fi
}
onetime_null_cleanup()
{
	geli_test_cleanup
}

atf_init_test_cases()
{
	atf_add_test_case onetime
	atf_add_test_case onetime_a
	atf_add_test_case onetime_d
	atf_add_test_case onetime_null
}