xref: /freebsd/tests/sys/geom/class/eli/onetime_test.sh (revision dd41de95a84d979615a2ef11df6850622bf6184e)
1# $FreeBSD$
2
3. $(atf_get_srcdir)/conf.sh
4
5onetime_test()
6{
7	cipher=$1
8	secsize=$2
9	ealgo=${cipher%%:*}
10	keylen=${cipher##*:}
11
12	atf_check -s exit:0 -o ignore -e ignore \
13		geli onetime -e $ealgo -l $keylen -s $secsize ${md}
14
15	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
16
17	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
18	atf_check_equal 0 $?
19	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
20	atf_check_equal 0 $?
21	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
22	atf_check_equal 0 $?
23
24	if [ ${md_rnd} != ${md_ddev} ]; then
25		atf_fail "geli did not return the original data"
26	fi
27	if [ ${md_rnd} == ${md_edev} ]; then
28		atf_fail "geli did not encrypt the data"
29	fi
30}
31atf_test_case onetime cleanup
32onetime_head()
33{
34	atf_set "descr" "geli onetime can create temporary providers"
35	atf_set "require.user" "root"
36	atf_set "timeout" 1800
37}
38onetime_body()
39{
40	geli_test_setup
41
42	sectors=100
43
44	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
45	for_each_geli_config_nointegrity onetime_test
46}
47onetime_cleanup()
48{
49	geli_test_cleanup
50}
51
52onetime_a_test()
53{
54	cipher=$1
55	aalgo=$2
56	secsize=$3
57	ealgo=${cipher%%:*}
58	keylen=${cipher##*:}
59
60	atf_check -s exit:0 -o ignore -e ignore \
61		geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md}
62
63	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
64
65	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
66	atf_check_equal 0 $?
67	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
68	atf_check_equal 0 $?
69
70	if [ ${md_rnd} != ${md_ddev} ]; then
71		atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
72	fi
73}
74atf_test_case onetime_a cleanup
75onetime_a_head()
76{
77	atf_set "descr" "geli onetime with HMACs"
78	atf_set "require.user" "root"
79	atf_set "timeout" 1800
80}
81onetime_a_body()
82{
83	geli_test_setup
84
85	sectors=8
86
87	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \
88		status=none
89	for_each_geli_config onetime_a_test
90}
91onetime_a_cleanup()
92{
93	geli_test_cleanup
94}
95
96atf_test_case onetime_d cleanup
97onetime_d_head()
98{
99	atf_set "descr" "geli onetime -d will create providers that detach on last close"
100	atf_set "require.user" "root"
101}
102onetime_d_body()
103{
104	geli_test_setup
105
106	sectors=100
107	md=$(attach_md -t malloc -s $sectors)
108
109	atf_check geli onetime -d ${md}
110	if [ ! -c /dev/${md}.eli ]; then
111		atf_fail "Provider not created, or immediately detached"
112	fi
113
114	# Be sure it doesn't detach on read.
115	atf_check dd if=/dev/${md}.eli of=/dev/null status=none
116	sleep 1
117	if [ ! -c /dev/${md}.eli ]; then
118		atf_fail "Provider detached when a reader closed"
119	fi
120
121	# It should detach when a writer closes
122	true > /dev/${md}.eli
123	sleep 1
124	if [ -c /dev/${md}.eli ]; then
125		atf_fail "Provider didn't detach on last close of a writer"
126	fi
127}
128onetime_d_cleanup()
129{
130	geli_test_cleanup
131}
132
133atf_test_case onetime_null cleanup
134onetime_null_head()
135{
136	atf_set "descr" "geli onetime can use the null cipher"
137	atf_set "require.user" "root"
138}
139onetime_null_body()
140{
141	geli_test_setup
142
143	sectors=100
144
145	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
146
147	secsize=512
148	ealgo=${cipher%%:*}
149	keylen=${cipher##*:}
150
151	md=$(attach_md -t malloc -s 100k)
152
153	atf_check -s exit:0 -o ignore -e ignore \
154		geli onetime -e null -s ${secsize} ${md}
155
156	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
157
158	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
159	atf_check_equal 0 $?
160	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
161	atf_check_equal 0 $?
162	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
163	atf_check_equal 0 $?
164
165	if [ ${md_rnd} != ${md_ddev} ]; then
166		atf_fail "geli did not return the original data"
167	fi
168	if [ ${md_rnd} != ${md_edev} ]; then
169		atf_fail "geli encrypted the data even with the null cipher"
170	fi
171}
172onetime_null_cleanup()
173{
174	geli_test_cleanup
175}
176
177atf_init_test_cases()
178{
179	atf_add_test_case onetime
180	atf_add_test_case onetime_a
181	atf_add_test_case onetime_d
182	atf_add_test_case onetime_null
183}
184