Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/geom/class/eli/integrity_test.sh
39635 views
1


2
. $(atf_get_srcdir)/conf.sh

3


4
copy_test() {

5
	cipher=$1

6
	aalgo=$2

7
	secsize=$3

8
	ealgo=${cipher%%:*}

9
	keylen=${cipher##*:}

10


11
	atf_check -s exit:0 -e ignore \

12
		geli init -B none -a $aalgo -e $ealgo -l $keylen -P \

13
		-K keyfile -s $secsize ${md}

14
	atf_check geli attach -p -k keyfile ${md}

15


16
	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none

17


18
	# Copy first small sector to the second small sector.

19
	# This should be detected as corruption.

20
	atf_check dd if=backing_file of=sector bs=512 count=1 \

21
		conv=notrunc status=none

22
	atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \

23
		conv=notrunc status=none

24


25
	atf_check -s not-exit:0 -e ignore \

26
		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1

27


28
	# Fix the corruption

29
	atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none

30
	atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \

31
		status=none

32


33
	# Copy first big sector to the second big sector.

34
	# This should be detected as corruption.

35
	ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`

36
	ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`

37
	usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`

38
	atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \

39
		seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none

40
	atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \

41
		seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none

42
	atf_check -s not-exit:0 -e ignore \

43
		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns

44
}

45


46
atf_test_case copy cleanup

47
copy_head()

48
{

49
	atf_set "descr" "geli will detect misdirected writes as corruption"

50
	atf_set "require.user" "root"

51
	atf_set "timeout" 3600

52
}

53
copy_body()

54
{

55
	geli_test_setup

56


57
	sectors=2

58


59
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

60
	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none

61


62
	for_each_geli_config copy_test backing_file

63
}

64
copy_cleanup()

65
{

66
	geli_test_cleanup

67
}

68


69


70
data_test() {

71
	cipher=$1

72
	aalgo=$2

73
	secsize=$3

74
	ealgo=${cipher%%:*}

75
	keylen=${cipher##*:}

76


77
	atf_check -s exit:0 -e ignore \

78
		geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \

79
		-s $secsize ${md}

80


81
	# Corrupt 8 bytes of data.

82
	atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none

83
	atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none

84
	atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none

85
	atf_check geli attach -p -k keyfile ${md}

86


87
	# Try to read from the corrupt sector

88
	atf_check -s not-exit:0 -e ignore \

89
		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1

90
}

91


92
atf_test_case data cleanup

93
data_head()

94
{

95
	atf_set "descr" "With HMACs, geli will detect data corruption"

96
	atf_set "require.user" "root"

97
	atf_set "timeout" 1800

98
}

99
data_body()

100
{

101
	geli_test_setup

102


103
	sectors=2

104


105
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

106
	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none

107
	for_each_geli_config data_test

108
}

109
data_cleanup()

110
{

111
	geli_test_cleanup

112
}

113


114
hmac_test() {

115
	cipher=$1

116
	aalgo=$2

117
	secsize=$3

118
	ealgo=${cipher%%:*}

119
	keylen=${cipher##*:}

120


121
	atf_check -s exit:0 -e ignore \

122
		geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \

123
		-s $secsize ${md}

124


125
	# Corrupt 8 bytes of HMAC.

126
	atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none

127
	atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none

128
	atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none

129
	atf_check geli attach -p -k keyfile ${md}

130


131
	# Try to read from the corrupt sector

132
	atf_check -s not-exit:0 -e ignore \

133
		dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1

134
}

135


136
atf_test_case hmac cleanup

137
hmac_head()

138
{

139
	atf_set "descr" "geli will detect corruption of HMACs"

140
	atf_set "require.user" "root"

141
	atf_set "timeout" 1800

142
}

143
hmac_body()

144
{

145
	geli_test_setup

146


147
	sectors=2

148


149
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

150
	dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none

151
	for_each_geli_config hmac_test

152
}

153
hmac_cleanup()

154
{

155
	geli_test_cleanup

156
}

157


158
atf_init_test_cases()

159
{

160
	atf_add_test_case copy

161
	atf_add_test_case data

162
	atf_add_test_case hmac

163
}

164


165