xref: /freebsd/tests/sys/geom/class/eli/setkey_test.sh (revision 56e53cb8ef000c3ef72337a4095987a932cdedef)
1#!/bin/sh
2# $FreeBSD$
3
4atf_test_case setkey cleanup
5setkey_head()
6{
7	atf_set "descr" "geli setkey can change the key for an existing provider"
8	atf_set "require.user" "root"
9}
10setkey_body()
11{
12	. $(atf_get_srcdir)/conf.sh
13
14	sectors=100
15	md=$(attach_md -t malloc -s `expr $sectors + 1`)
16
17	atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none
18	hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5`
19	atf_check_equal 0 $?
20	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
21	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
22	atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
23	atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
24	atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none
25
26	atf_check geli init -B none -P -K keyfile1 ${md}
27	atf_check geli attach -p -k keyfile1 ${md}
28
29	atf_check \
30		dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none
31	hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
32	atf_check_equal 0 $?
33
34	# Change current key (0) for attached provider.
35	atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md}
36	atf_check geli detach ${md}
37
38	# We cannot use keyfile1 anymore.
39	atf_check -s not-exit:0 -e match:"Wrong key" \
40		geli attach -p -k keyfile1 ${md}
41
42	# Attach with new key.
43	atf_check geli attach -p -k keyfile2 ${md}
44	hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
45	atf_check_equal 0 $?
46
47	# Change key 1 for attached provider.
48	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md}
49	atf_check geli detach ${md}
50
51	# Attach with key 1.
52	atf_check geli attach -p -k keyfile3 ${md}
53	hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
54	atf_check_equal 0 $?
55	atf_check geli detach ${md}
56
57	# Change current (1) key for detached provider.
58	atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md}
59
60	# We cannot use keyfile3 anymore.
61	atf_check -s not-exit:0 -e match:"Wrong key" \
62		geli attach -p -k keyfile3 ${md}
63
64	# Attach with key 1.
65	atf_check geli attach -p -k keyfile4 ${md}
66	hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
67	atf_check_equal 0 $?
68	atf_check geli detach ${md}
69
70	# Change key 0 for detached provider.
71	atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md}
72
73	# We cannot use keyfile2 anymore.
74	atf_check -s not-exit:0 -e match:"Wrong key" \
75		geli attach -p -k keyfile2 ${md} 2>/dev/null
76
77	# Attach with key 0.
78	atf_check geli attach -p -k keyfile5 ${md}
79	hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
80	atf_check_equal 0 $?
81	atf_check geli detach ${md}
82
83	atf_check_equal ${hash1} ${hash2}
84	atf_check_equal ${hash1} ${hash3}
85	atf_check_equal ${hash1} ${hash4}
86	atf_check_equal ${hash1} ${hash5}
87	atf_check_equal ${hash1} ${hash6}
88}
89setkey_cleanup()
90{
91	. $(atf_get_srcdir)/conf.sh
92	geli_test_cleanup
93}
94
95atf_test_case setkey_readonly cleanup
96setkey_readonly_head()
97{
98	atf_set "descr" "geli setkey cannot change the keys of a readonly provider"
99	atf_set "require.user" "root"
100}
101setkey_readonly_body()
102{
103	. $(atf_get_srcdir)/conf.sh
104
105	sectors=100
106	md=$(attach_md -t malloc -s `expr $sectors + 1`)
107	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
108
109	atf_check geli init -B none -P -K keyfile ${md}
110	atf_check geli attach -r -p -k keyfile ${md}
111
112	atf_check -s not-exit:0 -e match:"read-only" \
113		geli setkey -n 1 -P -K /dev/null ${md}
114}
115setkey_readonly_cleanup()
116{
117	. $(atf_get_srcdir)/conf.sh
118	geli_test_cleanup
119}
120
121atf_test_case nokey cleanup
122nokey_head()
123{
124	atf_set "descr" "geli setkey can change the key for an existing provider"
125	atf_set "require.user" "root"
126}
127nokey_body()
128{
129	. $(atf_get_srcdir)/conf.sh
130
131	sectors=100
132	md=$(attach_md -t malloc -s `expr $sectors + 1`)
133	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
134	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
135
136	atf_check geli init -B none -P -K keyfile1 ${md}
137
138	# Try to set the key for a detached device without providing any
139	# components for the old key.
140	atf_check -s not-exit:0 -e match:"No key components given" \
141		geli setkey -n 0 -p -P -K keyfile2 ${md}
142
143	# Try to set the key for a detached device without providing any
144	# components for the new key
145	atf_check -s not-exit:0 -e match:"No key components given" \
146		geli setkey -n 0 -p -k keyfile1 -P ${md}
147
148	# Try to set a new key for an attached device with no components
149	atf_check geli attach -p -k keyfile1 ${md}
150	atf_check -s not-exit:0 -e match:"No key components given" \
151		geli setkey -n 0 -P ${md}
152}
153nokey_cleanup()
154{
155	. $(atf_get_srcdir)/conf.sh
156	geli_test_cleanup
157}
158
159atf_init_test_cases()
160{
161	atf_add_test_case setkey
162	atf_add_test_case setkey_readonly
163	atf_add_test_case nokey
164}
165