Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/geom/class/eli/setkey_test.sh
39635 views
1
#!/bin/sh

2


3
. $(atf_get_srcdir)/conf.sh

4


5
atf_test_case setkey cleanup

6
setkey_head()

7
{

8
	atf_set "descr" "geli setkey can change the key for an existing provider"

9
	atf_set "require.user" "root"

10
}

11
setkey_body()

12
{

13
	geli_test_setup

14


15
	sectors=100

16
	attach_md md -t malloc -s `expr $sectors + 1`

17


18
	atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none

19
	hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5`

20
	atf_check_equal 0 $?

21
	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none

22
	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none

23
	atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none

24
	atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none

25
	atf_check dd if=/dev/random of=keyfile5 bs=512 count=16 status=none

26


27
	atf_check geli init -B none -P -K keyfile1 ${md}

28
	atf_check geli attach -p -k keyfile1 ${md}

29


30
	atf_check \

31
		dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none

32
	hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

33
	atf_check_equal 0 $?

34


35
	# Change current key (0) for attached provider.

36
	atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md}

37
	atf_check geli detach ${md}

38


39
	# We cannot use keyfile1 anymore.

40
	atf_check -s not-exit:0 -e match:"Wrong key" \

41
		geli attach -p -k keyfile1 ${md}

42


43
	# Attach with new key.

44
	atf_check geli attach -p -k keyfile2 ${md}

45
	hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

46
	atf_check_equal 0 $?

47


48
	# Change key 1 for attached provider.

49
	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md}

50
	atf_check geli detach ${md}

51


52
	# Attach with key 1.

53
	atf_check geli attach -p -k keyfile3 ${md}

54
	hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

55
	atf_check_equal 0 $?

56
	atf_check geli detach ${md}

57


58
	# Change current (1) key for detached provider.

59
	atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md}

60


61
	# We cannot use keyfile3 anymore.

62
	atf_check -s not-exit:0 -e match:"Wrong key" \

63
		geli attach -p -k keyfile3 ${md}

64


65
	# Attach with key 1.

66
	atf_check geli attach -p -k keyfile4 ${md}

67
	hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

68
	atf_check_equal 0 $?

69
	atf_check geli detach ${md}

70


71
	# Change key 0 for detached provider.

72
	atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md}

73


74
	# We cannot use keyfile2 anymore.

75
	atf_check -s not-exit:0 -e match:"Wrong key" \

76
		geli attach -p -k keyfile2 ${md} 2>/dev/null

77


78
	# Attach with key 0.

79
	atf_check geli attach -p -k keyfile5 ${md}

80
	hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

81
	atf_check_equal 0 $?

82
	atf_check geli detach ${md}

83


84
	atf_check_equal ${hash1} ${hash2}

85
	atf_check_equal ${hash1} ${hash3}

86
	atf_check_equal ${hash1} ${hash4}

87
	atf_check_equal ${hash1} ${hash5}

88
	atf_check_equal ${hash1} ${hash6}

89
}

90
setkey_cleanup()

91
{

92
	geli_test_cleanup

93
}

94


95
atf_test_case setkey_passphrase cleanup

96
setkey_passphrase_head()

97
{

98
	atf_set "descr" "geli setkey can change the passphrase for a provider"

99
	atf_set "require.user" "root"

100
}

101
setkey_passphrase_body()

102
{

103
	geli_test_setup

104


105
	sectors=100

106
	attach_md md -t malloc -s `expr $sectors + 1`

107


108
	atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none

109
	hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5`

110
	atf_check_equal 0 $?

111
	atf_check dd if=/dev/random of=pass1 bs=512 count=1 status=none

112
	atf_check dd if=/dev/random of=pass2 bs=512 count=1 status=none

113
	atf_check dd if=/dev/random of=pass3 bs=512 count=1 status=none

114


115
	atf_check geli init -B none -J pass1 ${md}

116
	atf_check geli attach -j pass1 ${md}

117


118
	atf_check \

119
		dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none

120
	hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

121
	atf_check_equal 0 $?

122


123
	atf_check geli detach ${md}

124


125
	# Change from passphrase 1 to passphrase 2 for the detached provider.

126
	atf_check -s exit:0 -o ignore geli setkey -j pass1 -J pass2 ${md}

127


128
	# Make sure that we can attach with passphrase 2 but not with

129
	# passphrase 1.

130
	atf_check -s not-exit:0 -e match:"Wrong key" \

131
		geli attach -j pass1 ${md}

132
	atf_check -s exit:0 geli attach -j pass2 ${md}

133
	hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

134


135
	# Change from passphrase 2 to passphrase 3 for the attached provider.

136
	atf_check -s exit:0 -o ignore geli setkey -j pass2 -J pass3 ${md}

137
	hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`

138
	atf_check geli detach ${md}

139


140
        # Make sure that we cannot attach with passphrase 2 anymore.

141
	atf_check -s not-exit:0 -e match:"Wrong key" \

142
		geli attach -j pass2 ${md}

143


144
	atf_check_equal ${hash1} ${hash2}

145
	atf_check_equal ${hash1} ${hash3}

146
	atf_check_equal ${hash1} ${hash4}

147
}

148
setkey_passphrase_cleanup()

149
{

150
	geli_test_cleanup

151
}

152


153
atf_test_case setkey_readonly cleanup

154
setkey_readonly_head()

155
{

156
	atf_set "descr" "geli setkey cannot change the keys of a readonly provider"

157
	atf_set "require.user" "root"

158
}

159
setkey_readonly_body()

160
{

161
	geli_test_setup

162


163
	sectors=100

164
	attach_md md -t malloc -s `expr $sectors + 1`

165
	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none

166


167
	atf_check geli init -B none -P -K keyfile ${md}

168
	atf_check geli attach -r -p -k keyfile ${md}

169


170
	atf_check -s not-exit:0 -e match:"read-only" \

171
		geli setkey -n 1 -P -K /dev/null ${md}

172
}

173
setkey_readonly_cleanup()

174
{

175
	geli_test_cleanup

176
}

177


178
atf_test_case nokey cleanup

179
nokey_head()

180
{

181
	atf_set "descr" "geli setkey can change the key for an existing provider"

182
	atf_set "require.user" "root"

183
}

184
nokey_body()

185
{

186
	geli_test_setup

187


188
	sectors=100

189
	attach_md md -t malloc -s `expr $sectors + 1`

190
	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none

191
	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none

192


193
	atf_check geli init -B none -P -K keyfile1 ${md}

194


195
	# Try to set the key for a detached device without providing any

196
	# components for the old key.

197
	atf_check -s not-exit:0 -e match:"No key components given" \

198
		geli setkey -n 0 -p -P -K keyfile2 ${md}

199


200
	# Try to set the key for a detached device without providing any

201
	# components for the new key

202
	atf_check -s not-exit:0 -e match:"No key components given" \

203
		geli setkey -n 0 -p -k keyfile1 -P ${md}

204


205
	# Try to set a new key for an attached device with no components

206
	atf_check geli attach -p -k keyfile1 ${md}

207
	atf_check -s not-exit:0 -e match:"No key components given" \

208
		geli setkey -n 0 -P ${md}

209
}

210
nokey_cleanup()

211
{

212
	geli_test_cleanup

213
}

214


215
atf_init_test_cases()

216
{

217
	atf_add_test_case setkey

218
	atf_add_test_case setkey_passphrase

219
	atf_add_test_case setkey_readonly

220
	atf_add_test_case nokey

221
}

222


223