109d98641SEnji Cooper#!/bin/sh 209d98641SEnji Cooper 3cf551b8aSAlan Somers. $(atf_get_srcdir)/conf.sh 4cf551b8aSAlan Somers 5f397a004SAlan Somersatf_test_case setkey cleanup 6f397a004SAlan Somerssetkey_head() 7f397a004SAlan Somers{ 8f397a004SAlan Somers atf_set "descr" "geli setkey can change the key for an existing provider" 9f397a004SAlan Somers atf_set "require.user" "root" 10f397a004SAlan Somers} 11f397a004SAlan Somerssetkey_body() 12f397a004SAlan Somers{ 13cf551b8aSAlan Somers geli_test_setup 1409d98641SEnji Cooper 1509d98641SEnji Cooper sectors=100 16*96950419SGleb Smirnoff attach_md md -t malloc -s `expr $sectors + 1` 1709d98641SEnji Cooper 18f397a004SAlan Somers atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none 19f397a004SAlan Somers hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5` 20f397a004SAlan Somers atf_check_equal 0 $? 21f397a004SAlan Somers atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none 22f397a004SAlan Somers atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none 23f397a004SAlan Somers atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none 24f397a004SAlan Somers atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none 25f397a004SAlan Somers atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none 2609d98641SEnji Cooper 27f397a004SAlan Somers atf_check geli init -B none -P -K keyfile1 ${md} 28f397a004SAlan Somers atf_check geli attach -p -k keyfile1 ${md} 2909d98641SEnji Cooper 30f397a004SAlan Somers atf_check \ 31f397a004SAlan Somers dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none 32041999e3SAlan Somers hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 33f397a004SAlan Somers atf_check_equal 0 $? 3409d98641SEnji Cooper 3509d98641SEnji Cooper # Change current key (0) for attached provider. 36f397a004SAlan Somers atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md} 37f397a004SAlan Somers atf_check geli detach ${md} 3809d98641SEnji Cooper 3909d98641SEnji Cooper # We cannot use keyfile1 anymore. 40f397a004SAlan Somers atf_check -s not-exit:0 -e match:"Wrong key" \ 41f397a004SAlan Somers geli attach -p -k keyfile1 ${md} 4209d98641SEnji Cooper 4309d98641SEnji Cooper # Attach with new key. 44f397a004SAlan Somers atf_check geli attach -p -k keyfile2 ${md} 45041999e3SAlan Somers hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 46f397a004SAlan Somers atf_check_equal 0 $? 4709d98641SEnji Cooper 4809d98641SEnji Cooper # Change key 1 for attached provider. 49f397a004SAlan Somers atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md} 50f397a004SAlan Somers atf_check geli detach ${md} 5109d98641SEnji Cooper 5209d98641SEnji Cooper # Attach with key 1. 53f397a004SAlan Somers atf_check geli attach -p -k keyfile3 ${md} 54041999e3SAlan Somers hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 55f397a004SAlan Somers atf_check_equal 0 $? 56f397a004SAlan Somers atf_check geli detach ${md} 5709d98641SEnji Cooper 5809d98641SEnji Cooper # Change current (1) key for detached provider. 59f397a004SAlan Somers atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md} 6009d98641SEnji Cooper 6109d98641SEnji Cooper # We cannot use keyfile3 anymore. 62f397a004SAlan Somers atf_check -s not-exit:0 -e match:"Wrong key" \ 63f397a004SAlan Somers geli attach -p -k keyfile3 ${md} 6409d98641SEnji Cooper 6509d98641SEnji Cooper # Attach with key 1. 66f397a004SAlan Somers atf_check geli attach -p -k keyfile4 ${md} 67041999e3SAlan Somers hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 68f397a004SAlan Somers atf_check_equal 0 $? 69f397a004SAlan Somers atf_check geli detach ${md} 7009d98641SEnji Cooper 7109d98641SEnji Cooper # Change key 0 for detached provider. 72f397a004SAlan Somers atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md} 7309d98641SEnji Cooper 7409d98641SEnji Cooper # We cannot use keyfile2 anymore. 75f397a004SAlan Somers atf_check -s not-exit:0 -e match:"Wrong key" \ 76f397a004SAlan Somers geli attach -p -k keyfile2 ${md} 2>/dev/null 7709d98641SEnji Cooper 7809d98641SEnji Cooper # Attach with key 0. 79f397a004SAlan Somers atf_check geli attach -p -k keyfile5 ${md} 80041999e3SAlan Somers hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 81f397a004SAlan Somers atf_check_equal 0 $? 82f397a004SAlan Somers atf_check geli detach ${md} 8309d98641SEnji Cooper 84f397a004SAlan Somers atf_check_equal ${hash1} ${hash2} 85f397a004SAlan Somers atf_check_equal ${hash1} ${hash3} 86f397a004SAlan Somers atf_check_equal ${hash1} ${hash4} 87f397a004SAlan Somers atf_check_equal ${hash1} ${hash5} 88f397a004SAlan Somers atf_check_equal ${hash1} ${hash6} 89f397a004SAlan Somers} 90f397a004SAlan Somerssetkey_cleanup() 91f397a004SAlan Somers{ 92f397a004SAlan Somers geli_test_cleanup 93f397a004SAlan Somers} 9409d98641SEnji Cooper 952b7b09acSMark Johnstonatf_test_case setkey_passphrase cleanup 962b7b09acSMark Johnstonsetkey_passphrase_head() 972b7b09acSMark Johnston{ 982b7b09acSMark Johnston atf_set "descr" "geli setkey can change the passphrase for a provider" 992b7b09acSMark Johnston atf_set "require.user" "root" 1002b7b09acSMark Johnston} 1012b7b09acSMark Johnstonsetkey_passphrase_body() 1022b7b09acSMark Johnston{ 1032b7b09acSMark Johnston geli_test_setup 1042b7b09acSMark Johnston 1052b7b09acSMark Johnston sectors=100 106*96950419SGleb Smirnoff attach_md md -t malloc -s `expr $sectors + 1` 1072b7b09acSMark Johnston 1082b7b09acSMark Johnston atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none 1092b7b09acSMark Johnston hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5` 1102b7b09acSMark Johnston atf_check_equal 0 $? 111c4b927c3SMark Johnston atf_check dd if=/dev/random of=pass1 bs=512 count=1 status=none 112c4b927c3SMark Johnston atf_check dd if=/dev/random of=pass2 bs=512 count=1 status=none 113c4b927c3SMark Johnston atf_check dd if=/dev/random of=pass3 bs=512 count=1 status=none 1142b7b09acSMark Johnston 1152b7b09acSMark Johnston atf_check geli init -B none -J pass1 ${md} 1162b7b09acSMark Johnston atf_check geli attach -j pass1 ${md} 1172b7b09acSMark Johnston 1182b7b09acSMark Johnston atf_check \ 1192b7b09acSMark Johnston dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none 1202b7b09acSMark Johnston hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 1212b7b09acSMark Johnston atf_check_equal 0 $? 1222b7b09acSMark Johnston 1232b7b09acSMark Johnston atf_check geli detach ${md} 1242b7b09acSMark Johnston 1252b7b09acSMark Johnston # Change from passphrase 1 to passphrase 2 for the detached provider. 1262b7b09acSMark Johnston atf_check -s exit:0 -o ignore geli setkey -j pass1 -J pass2 ${md} 1272b7b09acSMark Johnston 1282b7b09acSMark Johnston # Make sure that we can attach with passphrase 2 but not with 1292b7b09acSMark Johnston # passphrase 1. 1302b7b09acSMark Johnston atf_check -s not-exit:0 -e match:"Wrong key" \ 1312b7b09acSMark Johnston geli attach -j pass1 ${md} 1322b7b09acSMark Johnston atf_check -s exit:0 geli attach -j pass2 ${md} 1332b7b09acSMark Johnston hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 1342b7b09acSMark Johnston 1352b7b09acSMark Johnston # Change from passphrase 2 to passphrase 3 for the attached provider. 1362b7b09acSMark Johnston atf_check -s exit:0 -o ignore geli setkey -j pass2 -J pass3 ${md} 1372b7b09acSMark Johnston hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` 1382b7b09acSMark Johnston atf_check geli detach ${md} 1392b7b09acSMark Johnston 1402b7b09acSMark Johnston # Make sure that we cannot attach with passphrase 2 anymore. 1412b7b09acSMark Johnston atf_check -s not-exit:0 -e match:"Wrong key" \ 1422b7b09acSMark Johnston geli attach -j pass2 ${md} 1432b7b09acSMark Johnston 1442b7b09acSMark Johnston atf_check_equal ${hash1} ${hash2} 1452b7b09acSMark Johnston atf_check_equal ${hash1} ${hash3} 1462b7b09acSMark Johnston atf_check_equal ${hash1} ${hash4} 1472b7b09acSMark Johnston} 1482b7b09acSMark Johnstonsetkey_passphrase_cleanup() 1492b7b09acSMark Johnston{ 1502b7b09acSMark Johnston geli_test_cleanup 1512b7b09acSMark Johnston} 1522b7b09acSMark Johnston 153565a0a2cSAlan Somersatf_test_case setkey_readonly cleanup 154565a0a2cSAlan Somerssetkey_readonly_head() 155565a0a2cSAlan Somers{ 156565a0a2cSAlan Somers atf_set "descr" "geli setkey cannot change the keys of a readonly provider" 157565a0a2cSAlan Somers atf_set "require.user" "root" 158565a0a2cSAlan Somers} 159565a0a2cSAlan Somerssetkey_readonly_body() 160565a0a2cSAlan Somers{ 161cf551b8aSAlan Somers geli_test_setup 162565a0a2cSAlan Somers 163565a0a2cSAlan Somers sectors=100 164*96950419SGleb Smirnoff attach_md md -t malloc -s `expr $sectors + 1` 165565a0a2cSAlan Somers atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none 166565a0a2cSAlan Somers 167565a0a2cSAlan Somers atf_check geli init -B none -P -K keyfile ${md} 168565a0a2cSAlan Somers atf_check geli attach -r -p -k keyfile ${md} 169565a0a2cSAlan Somers 170565a0a2cSAlan Somers atf_check -s not-exit:0 -e match:"read-only" \ 171565a0a2cSAlan Somers geli setkey -n 1 -P -K /dev/null ${md} 172565a0a2cSAlan Somers} 173565a0a2cSAlan Somerssetkey_readonly_cleanup() 174565a0a2cSAlan Somers{ 175565a0a2cSAlan Somers geli_test_cleanup 176565a0a2cSAlan Somers} 177565a0a2cSAlan Somers 178565a0a2cSAlan Somersatf_test_case nokey cleanup 179565a0a2cSAlan Somersnokey_head() 180565a0a2cSAlan Somers{ 181565a0a2cSAlan Somers atf_set "descr" "geli setkey can change the key for an existing provider" 182565a0a2cSAlan Somers atf_set "require.user" "root" 183565a0a2cSAlan Somers} 184565a0a2cSAlan Somersnokey_body() 185565a0a2cSAlan Somers{ 186cf551b8aSAlan Somers geli_test_setup 187565a0a2cSAlan Somers 188565a0a2cSAlan Somers sectors=100 189*96950419SGleb Smirnoff attach_md md -t malloc -s `expr $sectors + 1` 190565a0a2cSAlan Somers atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none 191565a0a2cSAlan Somers atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none 192565a0a2cSAlan Somers 193565a0a2cSAlan Somers atf_check geli init -B none -P -K keyfile1 ${md} 194565a0a2cSAlan Somers 195565a0a2cSAlan Somers # Try to set the key for a detached device without providing any 196565a0a2cSAlan Somers # components for the old key. 197565a0a2cSAlan Somers atf_check -s not-exit:0 -e match:"No key components given" \ 198565a0a2cSAlan Somers geli setkey -n 0 -p -P -K keyfile2 ${md} 199565a0a2cSAlan Somers 200565a0a2cSAlan Somers # Try to set the key for a detached device without providing any 201565a0a2cSAlan Somers # components for the new key 202565a0a2cSAlan Somers atf_check -s not-exit:0 -e match:"No key components given" \ 203565a0a2cSAlan Somers geli setkey -n 0 -p -k keyfile1 -P ${md} 204565a0a2cSAlan Somers 205565a0a2cSAlan Somers # Try to set a new key for an attached device with no components 206565a0a2cSAlan Somers atf_check geli attach -p -k keyfile1 ${md} 207565a0a2cSAlan Somers atf_check -s not-exit:0 -e match:"No key components given" \ 208565a0a2cSAlan Somers geli setkey -n 0 -P ${md} 209565a0a2cSAlan Somers} 210565a0a2cSAlan Somersnokey_cleanup() 211565a0a2cSAlan Somers{ 212565a0a2cSAlan Somers geli_test_cleanup 213565a0a2cSAlan Somers} 214565a0a2cSAlan Somers 215f397a004SAlan Somersatf_init_test_cases() 216f397a004SAlan Somers{ 217f397a004SAlan Somers atf_add_test_case setkey 2182b7b09acSMark Johnston atf_add_test_case setkey_passphrase 219565a0a2cSAlan Somers atf_add_test_case setkey_readonly 220565a0a2cSAlan Somers atf_add_test_case nokey 221f397a004SAlan Somers} 222