xref: /freebsd/tests/sys/geom/class/eli/onetime_test.sh (revision e1e636193db45630c7881246d25902e57c43d24e)
1
2. $(atf_get_srcdir)/conf.sh
3
4onetime_test()
5{
6	cipher=$1
7	secsize=$2
8	ealgo=${cipher%%:*}
9	keylen=${cipher##*:}
10
11	atf_check -s exit:0 -o ignore -e ignore \
12		geli onetime -e $ealgo -l $keylen -s $secsize ${md}
13
14	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
15
16	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
17	atf_check_equal 0 $?
18	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
19	atf_check_equal 0 $?
20	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
21	atf_check_equal 0 $?
22
23	if [ ${md_rnd} != ${md_ddev} ]; then
24		atf_fail "geli did not return the original data"
25	fi
26	if [ ${md_rnd} == ${md_edev} ]; then
27		atf_fail "geli did not encrypt the data"
28	fi
29}
30atf_test_case onetime cleanup
31onetime_head()
32{
33	atf_set "descr" "geli onetime can create temporary providers"
34	atf_set "require.user" "root"
35	atf_set "timeout" 1800
36}
37onetime_body()
38{
39	geli_test_setup
40
41	sectors=100
42
43	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
44	for_each_geli_config_nointegrity onetime_test
45}
46onetime_cleanup()
47{
48	geli_test_cleanup
49}
50
51onetime_a_test()
52{
53	cipher=$1
54	aalgo=$2
55	secsize=$3
56	ealgo=${cipher%%:*}
57	keylen=${cipher##*:}
58
59	atf_check -s exit:0 -o ignore -e ignore \
60		geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md}
61
62	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
63
64	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
65	atf_check_equal 0 $?
66	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
67	atf_check_equal 0 $?
68
69	if [ ${md_rnd} != ${md_ddev} ]; then
70		atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
71	fi
72}
73atf_test_case onetime_a cleanup
74onetime_a_head()
75{
76	atf_set "descr" "geli onetime with HMACs"
77	atf_set "require.user" "root"
78	atf_set "timeout" 1800
79}
80onetime_a_body()
81{
82	geli_test_setup
83
84	sectors=8
85
86	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \
87		status=none
88	for_each_geli_config onetime_a_test
89}
90onetime_a_cleanup()
91{
92	geli_test_cleanup
93}
94
95atf_test_case onetime_d cleanup
96onetime_d_head()
97{
98	atf_set "descr" "geli onetime -d will create providers that detach on last close"
99	atf_set "require.user" "root"
100}
101onetime_d_body()
102{
103	geli_test_setup
104
105	sectors=100
106	attach_md md -t malloc -s $sectors
107
108	atf_check geli onetime -d ${md}
109	if [ ! -c /dev/${md}.eli ]; then
110		atf_fail "Provider not created, or immediately detached"
111	fi
112
113	# Be sure it doesn't detach on read.
114	atf_check dd if=/dev/${md}.eli of=/dev/null status=none
115	sleep 1
116	if [ ! -c /dev/${md}.eli ]; then
117		atf_fail "Provider detached when a reader closed"
118	fi
119
120	# It should detach when a writer closes
121	true > /dev/${md}.eli
122	sleep 1
123	if [ -c /dev/${md}.eli ]; then
124		atf_fail "Provider didn't detach on last close of a writer"
125	fi
126}
127onetime_d_cleanup()
128{
129	geli_test_cleanup
130}
131
132atf_test_case onetime_null cleanup
133onetime_null_head()
134{
135	atf_set "descr" "geli onetime can use the null cipher"
136	atf_set "require.user" "root"
137}
138onetime_null_body()
139{
140	geli_test_setup
141
142	sectors=100
143
144	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
145
146	secsize=512
147	ealgo=${cipher%%:*}
148	keylen=${cipher##*:}
149
150	attach_md md -t malloc -s 100k
151
152	atf_check -s exit:0 -o ignore -e ignore \
153		geli onetime -e null -s ${secsize} ${md}
154
155	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
156
157	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
158	atf_check_equal 0 $?
159	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
160	atf_check_equal 0 $?
161	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
162	atf_check_equal 0 $?
163
164	if [ ${md_rnd} != ${md_ddev} ]; then
165		atf_fail "geli did not return the original data"
166	fi
167	if [ ${md_rnd} != ${md_edev} ]; then
168		atf_fail "geli encrypted the data even with the null cipher"
169	fi
170}
171onetime_null_cleanup()
172{
173	geli_test_cleanup
174}
175
176atf_init_test_cases()
177{
178	atf_add_test_case onetime
179	atf_add_test_case onetime_a
180	atf_add_test_case onetime_d
181	atf_add_test_case onetime_null
182}
183