From owner-svn-src-head@freebsd.org Sun Jan 7 00:44:24 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C9C5DFDCAC; Sun, 7 Jan 2018 00:44:24 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BC126A807; Sun, 7 Jan 2018 00:44:24 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 74BE019D62; Sun, 7 Jan 2018 00:44:23 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w070iNRt047873; Sun, 7 Jan 2018 00:44:23 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w070iMGX047862; Sun, 7 Jan 2018 00:44:22 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201801070044.w070iMGX047862@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Sun, 7 Jan 2018 00:44:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r327662 - in head: . tests/sys/geom/class/eli X-SVN-Group: head X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: in head: . tests/sys/geom/class/eli X-SVN-Commit-Revision: 327662 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jan 2018 00:44:24 -0000 Author: asomers Date: Sun Jan 7 00:44:22 2018 New Revision: 327662 URL: https://svnweb.freebsd.org/changeset/base/327662 Log: geli: convert most tests from TAP to ATF I'm leaving readonly_test and nokey_test alone for now. In a future commit they should be broken up into several smaller test cases and distributed between multiple files. Reviewed by: ngie MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D13717 Added: head/tests/sys/geom/class/eli/attach_test.sh (contents, props changed) head/tests/sys/geom/class/eli/configure_test.sh (contents, props changed) head/tests/sys/geom/class/eli/detach_test.sh (contents, props changed) head/tests/sys/geom/class/eli/integrity_test.sh (contents, props changed) Deleted: head/tests/sys/geom/class/eli/attach_d_test.sh head/tests/sys/geom/class/eli/configure_b_B_test.sh head/tests/sys/geom/class/eli/detach_l_test.sh head/tests/sys/geom/class/eli/init_B_test.sh head/tests/sys/geom/class/eli/init_J_test.sh head/tests/sys/geom/class/eli/init_a_test.sh head/tests/sys/geom/class/eli/init_alias_test.sh head/tests/sys/geom/class/eli/init_i_P_test.sh head/tests/sys/geom/class/eli/integrity_copy_test.sh head/tests/sys/geom/class/eli/integrity_data_test.sh head/tests/sys/geom/class/eli/integrity_hmac_test.sh head/tests/sys/geom/class/eli/onetime_a_test.sh head/tests/sys/geom/class/eli/onetime_d_test.sh Modified: head/ObsoleteFiles.inc head/tests/sys/geom/class/eli/Makefile head/tests/sys/geom/class/eli/conf.sh head/tests/sys/geom/class/eli/delkey_test.sh head/tests/sys/geom/class/eli/init_test.sh head/tests/sys/geom/class/eli/kill_test.sh head/tests/sys/geom/class/eli/onetime_test.sh head/tests/sys/geom/class/eli/resize_test.sh head/tests/sys/geom/class/eli/setkey_test.sh Modified: head/ObsoleteFiles.inc ============================================================================== --- head/ObsoleteFiles.inc Sun Jan 7 00:38:34 2018 (r327661) +++ head/ObsoleteFiles.inc Sun Jan 7 00:44:22 2018 (r327662) @@ -38,6 +38,20 @@ # xargs -n1 | sort | uniq -d; # done +# 20180106: Convert most geli(8) tests to ATF +OLD_FILES+=tests/sys/geom/class/eli/attach_d_test.sh +OLD_FILES+=tests/sys/geom/class/eli/configure_b_B_test.sh +OLD_FILES+=tests/sys/geom/class/eli/detach_l_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_B_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_J_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_a_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_alias_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_i_P_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_copy_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_data_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_hmac_test.sh +OLD_FILES+=tests/sys/geom/class/eli/onetime_a_test.sh +OLD_FILES+=tests/sys/geom/class/eli/onetime_d_test.sh # 20171230: Remove /etc/skel from mtree OLD_DIRS+=/etc/skel # 20171208: Remove basename_r(3) Modified: head/tests/sys/geom/class/eli/Makefile ============================================================================== --- head/tests/sys/geom/class/eli/Makefile Sun Jan 7 00:38:34 2018 (r327661) +++ head/tests/sys/geom/class/eli/Makefile Sun Jan 7 00:44:22 2018 (r327662) @@ -7,36 +7,20 @@ PACKAGE= tests TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T} ATF_TESTS_C= pbkdf2_test +ATF_TESTS_SH+= attach_test +ATF_TESTS_SH+= configure_test +ATF_TESTS_SH+= delkey_test +ATF_TESTS_SH+= detach_test +ATF_TESTS_SH+= init_test +ATF_TESTS_SH+= integrity_test +ATF_TESTS_SH+= kill_test +ATF_TESTS_SH+= onetime_test +ATF_TESTS_SH+= resize_test +ATF_TESTS_SH+= setkey_test -TAP_TESTS_SH+= attach_d_test -TAP_TESTS_SH+= configure_b_B_test -TAP_TESTS_SH+= delkey_test -TAP_TESTS_SH+= detach_l_test -TAP_TESTS_SH+= init_B_test -TAP_TESTS_SH+= init_J_test -TAP_TESTS_SH+= init_a_test -TAP_TESTS_SH+= init_alias_test -TAP_TESTS_SH+= init_i_P_test -TAP_TESTS_SH+= init_test -TAP_TESTS_SH+= integrity_copy_test -TAP_TESTS_SH+= integrity_data_test -TAP_TESTS_SH+= integrity_hmac_test -TAP_TESTS_SH+= kill_test TAP_TESTS_SH+= nokey_test -TAP_TESTS_SH+= onetime_a_test -TAP_TESTS_SH+= onetime_d_test -TAP_TESTS_SH+= onetime_test TAP_TESTS_SH+= readonly_test -TAP_TESTS_SH+= resize_test -TAP_TESTS_SH+= setkey_test -TEST_METADATA.init_a_test+= timeout="3600" -TEST_METADATA.init_test+= timeout="600" -TEST_METADATA.integrity_copy_test+= timeout="3600" -TEST_METADATA.integrity_data_test+= timeout="1800" -TEST_METADATA.integrity_hmac_test+= timeout="1800" -TEST_METADATA.onetime_a_test+= timeout="1800" -TEST_METADATA.onetime_test+= timeout="1800" ${PACKAGE}FILES+= conf.sh Added: head/tests/sys/geom/class/eli/attach_test.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/geom/class/eli/attach_test.sh Sun Jan 7 00:44:22 2018 (r327662) @@ -0,0 +1,45 @@ +# $FreeBSD$ + +atf_test_case attach_d cleanup +attach_d_head() +{ + atf_set "descr" "geli attach -d will cause the provider to detach on last close" + atf_set "require.user" "root" +} +attach_d_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check geli attach -d -p -k keyfile ${md} + + # Be sure it doesn't detach on read. + atf_check dd if=/dev/${md}.eli of=/dev/null status=none + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Detached on last close of a reader" + fi + + # It should detach on last close of a writer + true > /dev/${md}.eli + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Did not detach on last close of a writer" + fi + +} +attach_d_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case attach_d +} Modified: head/tests/sys/geom/class/eli/conf.sh ============================================================================== --- head/tests/sys/geom/class/eli/conf.sh Sun Jan 7 00:38:34 2018 (r327661) +++ head/tests/sys/geom/class/eli/conf.sh Sun Jan 7 00:44:22 2018 (r327662) @@ -2,8 +2,19 @@ # $FreeBSD$ class="eli" -base=`basename $0` +base=$(atf_get ident) +[ -z "$base" ] && base=`basename $0` # for TAP compatibility +TEST_MDS_FILE=md.devs +attach_md() +{ + local test_md + + test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)" + echo $test_md >> $TEST_MDS_FILE || exit + echo $test_md +} + # Execute `func` for each combination of cipher, sectorsize, and hmac algo # `func` usage should be: # func @@ -23,7 +34,11 @@ for_each_geli_config() { for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \ hmac/sha384 hmac/sha512; do for secsize in 512 1024 2048 4096 8192; do - bytes=`expr $secsize \* $sectors + 512`b + # Double the requested sector size to allow + # for the HMACs' storage space. + osecsize=$(( $secsize * 2 )) + # geli needs 512B for the label. + bytes=`expr $osecsize \* $sectors + 512`b md=$(attach_md -t malloc -s $bytes) ${func} $cipher $aalgo $secsize geli detach ${md} 2>/dev/null @@ -50,6 +65,7 @@ for_each_geli_config_nointegrity() { ealgo=${cipher%%:*} keylen=${cipher##*:} for secsize in 512 1024 2048 4096 8192; do + # geli needs 512B for the label. bytes=`expr $secsize \* $sectors + 512`b md=$(attach_md -t malloc -s $bytes) ${func} $cipher $secsize @@ -69,8 +85,9 @@ geli_test_cleanup() mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi - rm -f "$TEST_MDS_FILE" + true } +# TODO: remove the trap statement once all TAP tests are converted trap geli_test_cleanup ABRT EXIT INT TERM . `dirname $0`/../geom_subr.sh Added: head/tests/sys/geom/class/eli/configure_test.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/geom/class/eli/configure_test.sh Sun Jan 7 00:44:22 2018 (r327662) @@ -0,0 +1,59 @@ +# $FreeBSD$ + +atf_test_case configure_b_B cleanup +configure_b_B_head() +{ + atf_set "descr" "geli configure -b will set the BOOT flag" + atf_set "require.user" "root" +} +configure_b_B_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check geli init -B none -P -K /dev/null ${md} + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check geli init -B none -b -P -K /dev/null ${md} + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check geli configure -B ${md} + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check geli configure -b ${md} + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check geli attach -p -k /dev/null ${md} + + atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check geli configure -B ${md} + + atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check geli configure -b ${md} + + atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check geli detach ${md} +} +configure_b_B_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case configure_b_B +} Modified: head/tests/sys/geom/class/eli/delkey_test.sh ============================================================================== --- head/tests/sys/geom/class/eli/delkey_test.sh Sun Jan 7 00:38:34 2018 (r327661) +++ head/tests/sys/geom/class/eli/delkey_test.sh Sun Jan 7 00:44:22 2018 (r327662) @@ -1,140 +1,86 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +atf_test_case delkey cleanup +delkey_head() +{ + atf_set "descr" "geli delkey can destroy the master key" + atf_set "require.user" "root" +} +delkey_body() +{ + . $(atf_get_srcdir)/conf.sh -base=`basename $0` -sectors=100 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -keyfile2=`mktemp $base.XXXXXX` || exit 1 -keyfile3=`mktemp $base.XXXXXX` || exit 1 -keyfile4=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) -echo "1..14" + atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1 + atf_check geli init -B none -P -K keyfile1 ${md} + atf_check geli attach -p -k keyfile1 ${md} + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md} -geli init -B none -P -K $keyfile1 ${md} -geli attach -p -k $keyfile1 ${md} -geli setkey -n 1 -P -K $keyfile2 ${md} + # Remove key 0 for attached provider. + atf_check geli delkey -n 0 ${md} + atf_check geli detach ${md} -# Remove key 0 for attached provider. -geli delkey -n 0 ${md} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi -geli detach ${md} + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile1 ${md} -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi + # Attach with key 1. + atf_check geli attach -p -k keyfile2 ${md} -# Attach with key 1. -geli attach -p -k $keyfile2 ${md} -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi + # We cannot remove last key without -f option (for attached provider). + atf_check -s not-exit:0 -e match:"This is the last Master Key" \ + geli delkey -n 1 ${md} -# We cannot remove last key without -f option (for attached provider). -geli delkey -n 1 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi + # Remove last key for attached provider. + atf_check geli delkey -f -n 1 ${md} -# Remove last key for attached provider. -geli delkey -f -n 1 ${md} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi + # If there are no valid keys, but provider is attached, we can save situation. + atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md} + atf_check geli detach ${md} -# If there are no valid keys, but provider is attached, we can save situation. -geli setkey -n 0 -P -K $keyfile3 ${md} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi -geli detach ${md} + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile2 ${md} -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi + # Attach with key 0. + atf_check geli attach -p -k keyfile3 ${md} -# Attach with key 0. -geli attach -p -k $keyfile3 ${md} -if [ $? -eq 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi + # Setup key 1. + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md} + atf_check geli detach ${md} -# Setup key 1. -geli setkey -n 1 -P -K $keyfile4 ${md} -if [ $? -eq 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi -geli detach ${md} + # Remove key 1 for detached provider. + atf_check geli delkey -n 1 ${md} -# Remove key 1 for detached provider. -geli delkey -n 1 ${md} -if [ $? -eq 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi + # We cannot use keyfile4 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile4 ${md} -# We cannot use keyfile4 anymore. -geli attach -p -k $keyfile4 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi + # We cannot remove last key without -f option (for detached provider). + atf_check -s not-exit:0 -e match:"This is the last Master Key" \ + geli delkey -n 0 ${md} -# We cannot remove last key without -f option (for detached provider). -geli delkey -n 0 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 12" -else - echo "not ok 12" -fi + # Remove last key for detached provider. + atf_check geli delkey -f -n 0 ${md} -# Remove last key for detached provider. -geli delkey -f -n 0 ${md} -if [ $? -eq 0 ]; then - echo "ok 13" -else - echo "not ok 13" -fi + # We cannot use keyfile3 anymore. + atf_check -s not-exit:0 -e match:"No valid keys" \ + geli attach -p -k keyfile3 ${md} +} +delkey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} -# We cannot use keyfile3 anymore. -geli attach -p -k $keyfile3 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 14" -else - echo "not ok 14" -fi - -rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4 +atf_init_test_cases() +{ + atf_add_test_case delkey +} Added: head/tests/sys/geom/class/eli/detach_test.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/geom/class/eli/detach_test.sh Sun Jan 7 00:44:22 2018 (r327662) @@ -0,0 +1,46 @@ +# $FreeBSD$ + +atf_test_case detach_l cleanup +detach_l_head() +{ + atf_set "descr" "geli detach -l will cause a provider to detach on last close" + atf_set "require.user" "root" +} +detach_l_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check geli init -B none -P -K keyfile ${md} + atf_check geli attach -p -k keyfile ${md} + + # Be sure it doesn't detach before 'detach -l'. + atf_check dd if=/dev/${md}.eli of=/dev/null status=none + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "provider detached on last close without detach -l" + fi + atf_check geli detach -l ${md} + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Provider detached before last close" + fi + atf_check dd if=/dev/${md}.eli of=/dev/null status=none + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Provider did not detach on last close" + fi +} +detach_l_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case detach_l +} Modified: head/tests/sys/geom/class/eli/init_test.sh ============================================================================== --- head/tests/sys/geom/class/eli/init_test.sh Sun Jan 7 00:38:34 2018 (r327661) +++ head/tests/sys/geom/class/eli/init_test.sh Sun Jan 7 00:44:22 2018 (r327662) @@ -1,50 +1,368 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +init_test() +{ + cipher=$1 + secsize=$2 + ealgo=${cipher%%:*} + keylen=${cipher##*:} -base=`basename $0` -sectors=32 -keyfile=`mktemp $base.XXXXXX` || exit 1 -rnd=`mktemp $base.XXXXXX` || exit 1 + atf_check -s exit:0 -e ignore \ + geli init -B none -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md} + atf_check geli attach -p -k keyfile ${md} -echo "1..200" + secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` -do_test() { + atf_check dd if=/dev/random of=rnd bs=${secsize} count=${secs} status=none + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none + + md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5` + atf_check_equal 0 $? + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` + atf_check_equal 0 $? + md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} status=none | md5` + atf_check_equal 0 $? + + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + if [ ${md_rnd} == ${md_edev} ]; then + atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi +} +atf_test_case init cleanup +init_head() +{ + atf_set "descr" "Basic I/O with geli" + atf_set "require.user" "root" + atf_set "timeout" 600 +} +init_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=32 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + atf_check dd if=/dev/random of=rnd bs=8192 count=${sectors} status=none + for_each_geli_config_nointegrity init_test +} +init_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_B cleanup +init_B_head() +{ + atf_set "descr" "init -B can select an alternate backup metadata file" + atf_set "require.user" "root" +} +init_B_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + md=$(attach_md -t malloc -s $sectors) + + # -B none + rm -f /var/backups/${md}.eli + atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md} + if [ -f /var/backups/${md}.eli ]; then + atf_fail "geli created a backup file even with -B none" + fi + + # no -B + rm -f /var/backups/${md}.eli + atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md} + if [ ! -f /var/backups/${md}.eli ]; then + atf_fail "geli did not create a backup file" + fi + atf_check geli clear ${md} + atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md} + atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md} + atf_check geli detach ${md} + rm -f /var/backups/${md}.eli + + # -B file + rm -f backupfile + atf_check -s exit:0 -o ignore \ + geli init -B backupfile -P -K keyfile ${md} + if [ ! -f backupfile ]; then + atf_fail "geli init -B did not create a backup file" + fi + atf_check geli clear ${md} + atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check geli restore backupfile ${md} + atf_check geli attach -p -k keyfile ${md} +} +init_B_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_J cleanup +init_J_head() +{ + atf_set "descr" "init -J accepts a passfile" + atf_set "require.user" "root" +} +init_J_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none + atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none + dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0 + atf_check_equal 0 $? + dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1 + atf_check_equal 0 $? + + for iter in -1 0 64; do + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -P ${md} + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md} + atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k passfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 -k passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 -k keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 -k passfile0 ${md} + atf_check -s exit:0 -e ignore \ + geli attach -j passfile0 -k keyfile0 ${md} + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 | geli attach -j passfile0 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 | geli attach -j - -k keyfile0 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md} + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md} + atf_check -s exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md} + atf_check -s exit:0 -e ignore \ + geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md} + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + done +} +init_J_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +init_a_test() +{ cipher=$1 - secsize=$2 + aalgo=$2 + secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null - geli attach -p -k $keyfile ${md} + atf_check -s exit:0 -e ignore geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md} + atf_check geli attach -p -k keyfile ${md} secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` - dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 - dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` - md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5` + md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5` + atf_check_equal 0 $? + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} status=none | md5` + atf_check_equal 0 $? - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi - i=$((i+1)) - if [ ${md_rnd} != ${md_edev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" +} +atf_test_case init_a cleanup +init_a_head() +{ + atf_set "descr" "I/O with geli and HMACs" + atf_set "require.user" "root" + atf_set "timeout" 3600 +} +init_a_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + atf_check dd if=/dev/random of=rnd bs=8192 count=${sectors} status=none + for_each_geli_config init_a_test + true +} +init_a_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +init_alias_test() { + ealgo=$1 + keylen=$2 + expected_ealgo=$3 + expected_keylen=$4 + + atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md} + atf_check geli attach -p -k keyfile ${md} + real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'` + real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'` + + if [ "${real_ealgo}" != "${expected_ealgo}" ]; then + atf_fail "expected ${expected_ealgo} but got ${real_ealgo}" fi - i=$((i+1)) + + if [ "${real_keylen}" != "${expected_keylen}" ]; then + atf_fail "expected ${expected_keylen} but got ${real_keylen}" + fi + atf_check geli detach ${md} } +atf_test_case init_alias cleanup +init_alias_head() +{ + atf_set "descr" "geli init accepts cipher aliases" + atf_set "require.user" "root" +} +init_alias_body() +{ + . $(atf_get_srcdir)/conf.sh -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -for_each_geli_config_nointegrity do_test + md=$(attach_md -t malloc -s 1024k) + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none -rm -f $rnd -rm -f $keyfile + for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ + 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ + blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ + blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ + blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ + blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ + blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ + blowfish:448:Blowfish-CBC:448 \ + camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ + camellia:256:CAMELLIA-CBC:256 ; do + + ealgo=`echo $spec | cut -d : -f 1` + keylen=`echo $spec | cut -d : -f 2` + expected_ealgo=`echo $spec | cut -d : -f 3` + expected_keylen=`echo $spec | cut -d : -f 4` + + init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen + done +} +init_alias_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_i_P cleanup +init_i_P_head() +{ + atf_set "descr" "geli: Options -i and -P are mutually exclusive" + atf_set "require.user" "root" +} +init_i_P_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + + atf_check -s exit:1 -e "match:Options -i and -P are mutually exclusive"\ + geli init -B none -i 64 -P -K keyfile $md +} +init_i_P_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case init + atf_add_test_case init_B + atf_add_test_case init_J + atf_add_test_case init_a + atf_add_test_case init_alias + atf_add_test_case init_i_P +} Added: head/tests/sys/geom/class/eli/integrity_test.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/geom/class/eli/integrity_test.sh Sun Jan 7 00:44:22 2018 (r327662) @@ -0,0 +1,160 @@ +# $FreeBSD$ + +copy_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P \ + -K keyfile -s $secsize ${md} + atf_check geli attach -p -k keyfile ${md} + + atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 status=none + + atf_check geli detach ${md} + # Copy first small sector to the second small sector. + # This should be detected as corruption. + atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none + atf_check dd if=sector of=/dev/${md} bs=512 count=1 seek=1 status=none + atf_check geli attach -p -k keyfile ${md} + + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 + + # Fix the corruption + atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 status=none + atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 status=none + + # Copy first big sector to the second big sector. + # This should be detected as corruption. + ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` + ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` + usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` + atf_check geli detach ${md} + atf_check dd if=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 512 )) of=sector status=none + atf_check dd of=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 256 )) if=sector status=none + atf_check -s exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns +} + +atf_test_case copy cleanup +copy_head() +{ + atf_set "descr" "geli will detect misdirected writes as corruption" + atf_set "require.user" "root" + atf_set "timeout" 3600 +} +copy_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + for_each_geli_config copy_test +} +copy_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + + +data_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ + -s $secsize ${md} + + # Corrupt 8 bytes of data. + atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none + atf_check dd if=/dev/random of=sector bs=1 count=8 seek=64 conv=notrunc status=none + atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none + atf_check geli attach -p -k keyfile ${md} + + # Try to read from the corrupt sector + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 +} + +atf_test_case data cleanup +data_head() +{ + atf_set "descr" "With HMACs, geli will detect data corruption" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +data_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***