Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/geom/class/eli/init_test.sh
39635 views
1
#!/bin/sh

2


3
. $(atf_get_srcdir)/conf.sh

4


5
init_test()

6
{

7
	cipher=$1

8
	secsize=$2

9
	ealgo=${cipher%%:*}

10
	keylen=${cipher##*:}

11


12
	atf_check -s exit:0 -e ignore \

13
		geli init -B none -e $ealgo -l $keylen -P -K keyfile \

14
		-s $secsize ${md}

15
	atf_check geli attach -p -k keyfile ${md}

16


17
	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} \

18
		status=none

19


20
	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`

21
	atf_check_equal 0 $?

22
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`

23
	atf_check_equal 0 $?

24
	md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`

25
	atf_check_equal 0 $?

26


27
	if [ ${md_rnd} != ${md_ddev} ]; then

28
		atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"

29
	fi

30
	if [ ${md_rnd} == ${md_edev} ]; then

31
		atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"

32
	fi

33
}

34
atf_test_case init cleanup

35
init_head()

36
{

37
	atf_set "descr" "Basic I/O with geli"

38
	atf_set "require.user" "root"

39
	atf_set "timeout" 600

40
}

41
init_body()

42
{

43
	geli_test_setup

44


45
	sectors=32

46


47
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

48
	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \

49
		status=none

50
	for_each_geli_config_nointegrity init_test

51
}

52
init_cleanup()

53
{

54
	geli_test_cleanup

55
}

56


57
atf_test_case init_B cleanup

58
init_B_head()

59
{

60
	atf_set "descr" "init -B can select an alternate backup metadata file"

61
	atf_set "require.user" "root"

62
}

63
init_B_body()

64
{

65
	geli_test_setup

66


67
	sectors=100

68


69
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

70


71
	attach_md md -t malloc -s $sectors

72


73
	# -B none

74
	rm -f /var/backups/${md}.eli

75
	atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md}

76
	if [ -f /var/backups/${md}.eli ]; then

77
		atf_fail "geli created a backup file even with -B none"

78
	fi

79


80
	# no -B

81
	rm -f /var/backups/${md}.eli

82
	atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md}

83
	if [ ! -f /var/backups/${md}.eli ]; then

84
		atf_fail "geli did not create a backup file"

85
	fi

86
	atf_check geli clear ${md}

87
	atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}

88
	atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md}

89
	atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md}

90
	atf_check geli detach ${md}

91
	rm -f /var/backups/${md}.eli

92


93
	# -B file

94
	rm -f backupfile

95
	atf_check -s exit:0 -o ignore \

96
		geli init -B backupfile -P -K keyfile ${md}

97
	if [ ! -f backupfile ]; then

98
		atf_fail "geli init -B did not create a backup file"

99
	fi

100
	atf_check geli clear ${md}

101
	atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}

102
	atf_check geli restore backupfile ${md}

103
	atf_check geli attach -p -k keyfile ${md}

104
}

105
init_B_cleanup()

106
{

107
	geli_test_cleanup

108
}

109


110
atf_test_case init_J cleanup

111
init_J_head()

112
{

113
	atf_set "descr" "init -J accepts a passfile"

114
	atf_set "require.user" "root"

115
}

116
init_J_body()

117
{

118
	geli_test_setup

119


120
	sectors=100

121
	attach_md md -t malloc -s `expr $sectors + 1`

122


123
	atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none

124
	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none

125
	dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0

126
	atf_check_equal 0 $?

127
	dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1

128
	atf_check_equal 0 $?

129


130
	for iter in -1 0 64; do

131
		atf_check -s not-exit:0 -e ignore \

132
			geli init -i ${iter} -B none -J passfile0 -P ${md}

133
		atf_check -s not-exit:0 -e ignore \

134
			geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md}

135
		atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md}

136
		atf_check -s not-exit:0 -e ignore \

137
			geli attach -k keyfile0 -p ${md}

138
		atf_check -s not-exit:0 -e ignore \

139
			geli attach -j passfile0 ${md}

140
		atf_check -s not-exit:0 -e ignore \

141
			geli attach -j keyfile0 ${md}

142
		atf_check -s not-exit:0 -e ignore \

143
			geli attach -k passfile0 -p ${md}

144
		atf_check -s not-exit:0 -e ignore \

145
			geli attach -j keyfile0 -k passfile0 ${md}

146
		atf_check -s not-exit:0 -e ignore \

147
			geli attach -j keyfile0 -k keyfile0 ${md}

148
		atf_check -s not-exit:0 -e ignore \

149
			geli attach -j passfile0 -k passfile0 ${md}

150
		atf_check -s exit:0 -e ignore \

151
			geli attach -j passfile0 -k keyfile0 ${md}

152
		atf_check -s exit:0 -e ignore geli detach ${md}

153
		atf_check -s exit:0 -e ignore -x \

154
			"cat keyfile0 | geli attach -j passfile0 -k - ${md}"

155
		atf_check -s exit:0 -e ignore geli detach ${md}

156
		atf_check -s exit:0 -e ignore -x \

157
			"cat passfile0 | geli attach -j - -k keyfile0 ${md}"

158
		atf_check -s exit:0 -e ignore geli detach ${md}

159


160
		atf_check -s not-exit:0 -e ignore \

161
			geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md}

162
		atf_check -s not-exit:0 -e ignore \

163
			geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md}

164
		atf_check -s exit:0 -e ignore \

165
			geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md}

166
		atf_check -s not-exit:0 -e ignore \

167
			geli attach -k keyfile0 -p ${md}

168
		atf_check -s not-exit:0 -e ignore \

169
			geli attach -k keyfile1 -p ${md}

170
		atf_check -s not-exit:0 -e ignore \

171
			geli attach -j passfile0 ${md}

172
		atf_check -s not-exit:0 -e ignore \

173
			geli attach -j passfile1 ${md}

174
		atf_check -s not-exit:0 -e ignore \

175
			geli attach -k keyfile0 -k keyfile1 -p ${md}

176
		atf_check -s not-exit:0 -e ignore \

177
			geli attach -j passfile0 -j passfile1 ${md}

178
		atf_check -s not-exit:0 -e ignore \

179
			geli attach -k keyfile0 -j passfile0 ${md}

180
		atf_check -s not-exit:0 -e ignore \

181
			geli attach -k keyfile0 -j passfile1 ${md}

182
		atf_check -s not-exit:0 -e ignore \

183
			geli attach -k keyfile1 -j passfile0 ${md}

184
		atf_check -s not-exit:0 -e ignore \

185
			geli attach -k keyfile1 -j passfile1 ${md}

186
		atf_check -s not-exit:0 -e ignore \

187
			geli attach -k keyfile0 -j passfile0 -j passfile1 ${md}

188
		atf_check -s not-exit:0 -e ignore \

189
			geli attach -k keyfile1 -j passfile0 -j passfile1 ${md}

190
		atf_check -s not-exit:0 -e ignore \

191
			geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md}

192
		atf_check -s not-exit:0 -e ignore \

193
			geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md}

194
		atf_check -s not-exit:0 -e ignore \

195
			geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md}

196
		atf_check -s not-exit:0 -e ignore \

197
			geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md}

198
		atf_check -s not-exit:0 -e ignore \

199
			geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md}

200
		atf_check -s exit:0 -e ignore \

201
			geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md}

202
		atf_check -s exit:0 -e ignore geli detach ${md}

203
		atf_check -s exit:0 -e ignore -x \

204
			"cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}"

205
		atf_check -s exit:0 -e ignore geli detach ${md}

206
		atf_check -s exit:0 -e ignore -x \

207
			"cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}"

208
		atf_check -s exit:0 -e ignore geli detach ${md}

209
		atf_check -s exit:0 -e ignore -x \

210
			"cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}"

211
		atf_check -s exit:0 -e ignore geli detach ${md}

212
		atf_check -s exit:0 -e ignore -x \

213
			"cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}"

214
		atf_check -s exit:0 -e ignore geli detach ${md}

215
		atf_check -s exit:0 -e ignore -x \

216
			"cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}"

217
		atf_check -s exit:0 -e ignore geli detach ${md}

218
		atf_check -s exit:0 -e ignore -x \

219
			"cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}"

220
		atf_check -s exit:0 -e ignore geli detach ${md}

221
	done

222
}

223
init_J_cleanup()

224
{

225
	geli_test_cleanup

226
}

227


228
init_a_test()

229
{

230
	cipher=$1

231
	aalgo=$2

232
	secsize=$3

233
	ealgo=${cipher%%:*}

234
	keylen=${cipher##*:}

235


236
	atf_check -s exit:0 -e ignore \

237
		geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \

238
		-s $secsize ${md}

239
	atf_check geli attach -p -k keyfile ${md}

240


241
	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none

242


243
	md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`

244
	atf_check_equal 0 $?

245
	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`

246
	atf_check_equal 0 $?

247


248
	if [ ${md_rnd} != ${md_ddev} ]; then

249
		atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"

250
	fi

251
}

252
atf_test_case init_a cleanup

253
init_a_head()

254
{

255
	atf_set "descr" "I/O with geli and HMACs"

256
	atf_set "require.user" "root"

257
	atf_set "timeout" 3600

258
}

259
init_a_body()

260
{

261
	geli_test_setup

262


263
	sectors=100

264


265
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

266
	atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \

267
		status=none

268
	for_each_geli_config init_a_test

269
	true

270
}

271
init_a_cleanup()

272
{

273
	geli_test_cleanup

274
}

275


276
init_alias_test() {

277
	ealgo=$1

278
	keylen=$2

279
	expected_ealgo=$3

280
	expected_keylen=$4

281


282
	atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md}

283
	atf_check geli attach -p -k keyfile ${md}

284
	real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`

285
	real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`

286


287
	if [ "${real_ealgo}" != "${expected_ealgo}" ]; then

288
		atf_fail "expected ${expected_ealgo} but got ${real_ealgo}"

289
	fi

290


291
	if [ "${real_keylen}" != "${expected_keylen}" ]; then

292
		atf_fail "expected ${expected_keylen} but got ${real_keylen}"

293
	fi

294
	atf_check geli detach ${md}

295
}

296
atf_test_case init_alias cleanup

297
init_alias_head()

298
{

299
	atf_set "descr" "geli init accepts cipher aliases"

300
	atf_set "require.user" "root"

301
}

302
init_alias_body()

303
{

304
	geli_test_setup

305


306
	attach_md md -t malloc -s 1024k

307
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

308


309
	for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \

310
		camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \

311
		camellia:256:CAMELLIA-CBC:256 ; do

312


313
		ealgo=`echo $spec | cut -d : -f 1`

314
		keylen=`echo $spec | cut -d : -f 2`

315
		expected_ealgo=`echo $spec | cut -d : -f 3`

316
		expected_keylen=`echo $spec | cut -d : -f 4`

317


318
		init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen

319
	done

320
}

321
init_alias_cleanup()

322
{

323
	geli_test_cleanup

324
}

325


326
atf_test_case init_i_P cleanup

327
init_i_P_head()

328
{

329
	atf_set "descr" "geli: Options -i and -P are mutually exclusive"

330
	atf_set "require.user" "root"

331
}

332
init_i_P_body()

333
{

334
	geli_test_setup

335


336
	sectors=100

337
	attach_md md -t malloc -s `expr $sectors + 1`

338


339
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

340


341
	atf_check -s not-exit:0 -e "match:Options -i and -P are mutually exclusive"\

342
		geli init -B none -i 64 -P -K keyfile $md

343
}

344
init_i_P_cleanup()

345
{

346
	geli_test_cleanup

347
}

348


349
atf_test_case nokey cleanup

350
nokey_head()

351
{

352
	atf_set "descr" "geli init fails if called with no key component"

353
	atf_set "require.user" "root"

354
}

355
nokey_body()

356
{

357
	geli_test_setup

358


359
	sectors=100

360
	attach_md md -t malloc -s `expr $sectors + 1`

361


362
	atf_check -s not-exit:0 -e match:"No key components given" \

363
		geli init -B none -P ${md}

364
}

365
nokey_cleanup()

366
{

367
	geli_test_cleanup

368
}

369


370
atf_init_test_cases()

371
{

372
	atf_add_test_case init

373
	atf_add_test_case init_B

374
	atf_add_test_case init_J

375
	atf_add_test_case init_a

376
	atf_add_test_case init_alias

377
	atf_add_test_case init_i_P

378
	atf_add_test_case nokey

379
}

380


381