xref: /freebsd/tests/sys/geom/class/eli/setkey_test.sh (revision 22cf89c938886d14f5796fc49f9f020c23ea8eaf)
1#!/bin/sh
2
3. $(atf_get_srcdir)/conf.sh
4
5atf_test_case setkey cleanup
6setkey_head()
7{
8	atf_set "descr" "geli setkey can change the key for an existing provider"
9	atf_set "require.user" "root"
10}
11setkey_body()
12{
13	geli_test_setup
14
15	sectors=100
16	md=$(attach_md -t malloc -s `expr $sectors + 1`)
17
18	atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none
19	hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5`
20	atf_check_equal 0 $?
21	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
22	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
23	atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
24	atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
25	atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none
26
27	atf_check geli init -B none -P -K keyfile1 ${md}
28	atf_check geli attach -p -k keyfile1 ${md}
29
30	atf_check \
31		dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none
32	hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
33	atf_check_equal 0 $?
34
35	# Change current key (0) for attached provider.
36	atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md}
37	atf_check geli detach ${md}
38
39	# We cannot use keyfile1 anymore.
40	atf_check -s not-exit:0 -e match:"Wrong key" \
41		geli attach -p -k keyfile1 ${md}
42
43	# Attach with new key.
44	atf_check geli attach -p -k keyfile2 ${md}
45	hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
46	atf_check_equal 0 $?
47
48	# Change key 1 for attached provider.
49	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md}
50	atf_check geli detach ${md}
51
52	# Attach with key 1.
53	atf_check geli attach -p -k keyfile3 ${md}
54	hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
55	atf_check_equal 0 $?
56	atf_check geli detach ${md}
57
58	# Change current (1) key for detached provider.
59	atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md}
60
61	# We cannot use keyfile3 anymore.
62	atf_check -s not-exit:0 -e match:"Wrong key" \
63		geli attach -p -k keyfile3 ${md}
64
65	# Attach with key 1.
66	atf_check geli attach -p -k keyfile4 ${md}
67	hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
68	atf_check_equal 0 $?
69	atf_check geli detach ${md}
70
71	# Change key 0 for detached provider.
72	atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md}
73
74	# We cannot use keyfile2 anymore.
75	atf_check -s not-exit:0 -e match:"Wrong key" \
76		geli attach -p -k keyfile2 ${md} 2>/dev/null
77
78	# Attach with key 0.
79	atf_check geli attach -p -k keyfile5 ${md}
80	hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
81	atf_check_equal 0 $?
82	atf_check geli detach ${md}
83
84	atf_check_equal ${hash1} ${hash2}
85	atf_check_equal ${hash1} ${hash3}
86	atf_check_equal ${hash1} ${hash4}
87	atf_check_equal ${hash1} ${hash5}
88	atf_check_equal ${hash1} ${hash6}
89}
90setkey_cleanup()
91{
92	geli_test_cleanup
93}
94
95atf_test_case setkey_passphrase cleanup
96setkey_passphrase_head()
97{
98	atf_set "descr" "geli setkey can change the passphrase for a provider"
99	atf_set "require.user" "root"
100}
101setkey_passphrase_body()
102{
103	geli_test_setup
104
105	sectors=100
106	md=$(attach_md -t malloc -s `expr $sectors + 1`)
107
108	atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none
109	hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5`
110	atf_check_equal 0 $?
111	atf_check dd if=/dev/random of=pass1 bs=512 count=32 status=none
112	atf_check dd if=/dev/random of=pass2 bs=512 count=32 status=none
113	atf_check dd if=/dev/random of=pass3 bs=512 count=32 status=none
114
115	atf_check geli init -B none -J pass1 ${md}
116	atf_check geli attach -j pass1 ${md}
117
118	atf_check \
119		dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none
120	hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
121	atf_check_equal 0 $?
122
123	atf_check geli detach ${md}
124
125	# Change from passphrase 1 to passphrase 2 for the detached provider.
126	atf_check -s exit:0 -o ignore geli setkey -j pass1 -J pass2 ${md}
127
128	# Make sure that we can attach with passphrase 2 but not with
129	# passphrase 1.
130	atf_check -s not-exit:0 -e match:"Wrong key" \
131		geli attach -j pass1 ${md}
132	atf_check -s exit:0 geli attach -j pass2 ${md}
133	hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
134
135	# Change from passphrase 2 to passphrase 3 for the attached provider.
136	atf_check -s exit:0 -o ignore geli setkey -j pass2 -J pass3 ${md}
137	hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
138	atf_check geli detach ${md}
139
140        # Make sure that we cannot attach with passphrase 2 anymore.
141	atf_check -s not-exit:0 -e match:"Wrong key" \
142		geli attach -j pass2 ${md}
143
144	atf_check_equal ${hash1} ${hash2}
145	atf_check_equal ${hash1} ${hash3}
146	atf_check_equal ${hash1} ${hash4}
147}
148setkey_passphrase_cleanup()
149{
150	geli_test_cleanup
151}
152
153atf_test_case setkey_readonly cleanup
154setkey_readonly_head()
155{
156	atf_set "descr" "geli setkey cannot change the keys of a readonly provider"
157	atf_set "require.user" "root"
158}
159setkey_readonly_body()
160{
161	geli_test_setup
162
163	sectors=100
164	md=$(attach_md -t malloc -s `expr $sectors + 1`)
165	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
166
167	atf_check geli init -B none -P -K keyfile ${md}
168	atf_check geli attach -r -p -k keyfile ${md}
169
170	atf_check -s not-exit:0 -e match:"read-only" \
171		geli setkey -n 1 -P -K /dev/null ${md}
172}
173setkey_readonly_cleanup()
174{
175	geli_test_cleanup
176}
177
178atf_test_case nokey cleanup
179nokey_head()
180{
181	atf_set "descr" "geli setkey can change the key for an existing provider"
182	atf_set "require.user" "root"
183}
184nokey_body()
185{
186	geli_test_setup
187
188	sectors=100
189	md=$(attach_md -t malloc -s `expr $sectors + 1`)
190	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
191	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
192
193	atf_check geli init -B none -P -K keyfile1 ${md}
194
195	# Try to set the key for a detached device without providing any
196	# components for the old key.
197	atf_check -s not-exit:0 -e match:"No key components given" \
198		geli setkey -n 0 -p -P -K keyfile2 ${md}
199
200	# Try to set the key for a detached device without providing any
201	# components for the new key
202	atf_check -s not-exit:0 -e match:"No key components given" \
203		geli setkey -n 0 -p -k keyfile1 -P ${md}
204
205	# Try to set a new key for an attached device with no components
206	atf_check geli attach -p -k keyfile1 ${md}
207	atf_check -s not-exit:0 -e match:"No key components given" \
208		geli setkey -n 0 -P ${md}
209}
210nokey_cleanup()
211{
212	geli_test_cleanup
213}
214
215atf_init_test_cases()
216{
217	atf_add_test_case setkey
218	atf_add_test_case setkey_passphrase
219	atf_add_test_case setkey_readonly
220	atf_add_test_case nokey
221}
222