svn commit: r327662 - in head: . tests/sys/geom/class/eli
Alan Somers
asomers at FreeBSD.org
Sun Jan 7 00:44:24 UTC 2018
Author: asomers
Date: Sun Jan 7 00:44:22 2018
New Revision: 327662
URL: https://svnweb.freebsd.org/changeset/base/327662
Log:
geli: convert most tests from TAP to ATF
I'm leaving readonly_test and nokey_test alone for now. In a future commit
they should be broken up into several smaller test cases and distributed
between multiple files.
Reviewed by: ngie
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D13717
Added:
head/tests/sys/geom/class/eli/attach_test.sh (contents, props changed)
head/tests/sys/geom/class/eli/configure_test.sh (contents, props changed)
head/tests/sys/geom/class/eli/detach_test.sh (contents, props changed)
head/tests/sys/geom/class/eli/integrity_test.sh (contents, props changed)
Deleted:
head/tests/sys/geom/class/eli/attach_d_test.sh
head/tests/sys/geom/class/eli/configure_b_B_test.sh
head/tests/sys/geom/class/eli/detach_l_test.sh
head/tests/sys/geom/class/eli/init_B_test.sh
head/tests/sys/geom/class/eli/init_J_test.sh
head/tests/sys/geom/class/eli/init_a_test.sh
head/tests/sys/geom/class/eli/init_alias_test.sh
head/tests/sys/geom/class/eli/init_i_P_test.sh
head/tests/sys/geom/class/eli/integrity_copy_test.sh
head/tests/sys/geom/class/eli/integrity_data_test.sh
head/tests/sys/geom/class/eli/integrity_hmac_test.sh
head/tests/sys/geom/class/eli/onetime_a_test.sh
head/tests/sys/geom/class/eli/onetime_d_test.sh
Modified:
head/ObsoleteFiles.inc
head/tests/sys/geom/class/eli/Makefile
head/tests/sys/geom/class/eli/conf.sh
head/tests/sys/geom/class/eli/delkey_test.sh
head/tests/sys/geom/class/eli/init_test.sh
head/tests/sys/geom/class/eli/kill_test.sh
head/tests/sys/geom/class/eli/onetime_test.sh
head/tests/sys/geom/class/eli/resize_test.sh
head/tests/sys/geom/class/eli/setkey_test.sh
Modified: head/ObsoleteFiles.inc
==============================================================================
--- head/ObsoleteFiles.inc Sun Jan 7 00:38:34 2018 (r327661)
+++ head/ObsoleteFiles.inc Sun Jan 7 00:44:22 2018 (r327662)
@@ -38,6 +38,20 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20180106: Convert most geli(8) tests to ATF
+OLD_FILES+=tests/sys/geom/class/eli/attach_d_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/configure_b_B_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/detach_l_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/init_B_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/init_J_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/init_a_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/init_alias_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/init_i_P_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/integrity_copy_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/integrity_data_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/integrity_hmac_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/onetime_a_test.sh
+OLD_FILES+=tests/sys/geom/class/eli/onetime_d_test.sh
# 20171230: Remove /etc/skel from mtree
OLD_DIRS+=/etc/skel
# 20171208: Remove basename_r(3)
Modified: head/tests/sys/geom/class/eli/Makefile
==============================================================================
--- head/tests/sys/geom/class/eli/Makefile Sun Jan 7 00:38:34 2018 (r327661)
+++ head/tests/sys/geom/class/eli/Makefile Sun Jan 7 00:44:22 2018 (r327662)
@@ -7,36 +7,20 @@ PACKAGE= tests
TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T}
ATF_TESTS_C= pbkdf2_test
+ATF_TESTS_SH+= attach_test
+ATF_TESTS_SH+= configure_test
+ATF_TESTS_SH+= delkey_test
+ATF_TESTS_SH+= detach_test
+ATF_TESTS_SH+= init_test
+ATF_TESTS_SH+= integrity_test
+ATF_TESTS_SH+= kill_test
+ATF_TESTS_SH+= onetime_test
+ATF_TESTS_SH+= resize_test
+ATF_TESTS_SH+= setkey_test
-TAP_TESTS_SH+= attach_d_test
-TAP_TESTS_SH+= configure_b_B_test
-TAP_TESTS_SH+= delkey_test
-TAP_TESTS_SH+= detach_l_test
-TAP_TESTS_SH+= init_B_test
-TAP_TESTS_SH+= init_J_test
-TAP_TESTS_SH+= init_a_test
-TAP_TESTS_SH+= init_alias_test
-TAP_TESTS_SH+= init_i_P_test
-TAP_TESTS_SH+= init_test
-TAP_TESTS_SH+= integrity_copy_test
-TAP_TESTS_SH+= integrity_data_test
-TAP_TESTS_SH+= integrity_hmac_test
-TAP_TESTS_SH+= kill_test
TAP_TESTS_SH+= nokey_test
-TAP_TESTS_SH+= onetime_a_test
-TAP_TESTS_SH+= onetime_d_test
-TAP_TESTS_SH+= onetime_test
TAP_TESTS_SH+= readonly_test
-TAP_TESTS_SH+= resize_test
-TAP_TESTS_SH+= setkey_test
-TEST_METADATA.init_a_test+= timeout="3600"
-TEST_METADATA.init_test+= timeout="600"
-TEST_METADATA.integrity_copy_test+= timeout="3600"
-TEST_METADATA.integrity_data_test+= timeout="1800"
-TEST_METADATA.integrity_hmac_test+= timeout="1800"
-TEST_METADATA.onetime_a_test+= timeout="1800"
-TEST_METADATA.onetime_test+= timeout="1800"
${PACKAGE}FILES+= conf.sh
Added: head/tests/sys/geom/class/eli/attach_test.sh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/geom/class/eli/attach_test.sh Sun Jan 7 00:44:22 2018 (r327662)
@@ -0,0 +1,45 @@
+# $FreeBSD$
+
+atf_test_case attach_d cleanup
+attach_d_head()
+{
+ atf_set "descr" "geli attach -d will cause the provider to detach on last close"
+ atf_set "require.user" "root"
+}
+attach_d_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=100
+ md=$(attach_md -t malloc -s `expr $sectors + 1`)
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
+
+ atf_check geli init -B none -P -K keyfile ${md}
+ atf_check geli attach -d -p -k keyfile ${md}
+
+ # Be sure it doesn't detach on read.
+ atf_check dd if=/dev/${md}.eli of=/dev/null status=none
+ sleep 1
+ if [ ! -c /dev/${md}.eli ]; then
+ atf_fail "Detached on last close of a reader"
+ fi
+
+ # It should detach on last close of a writer
+ true > /dev/${md}.eli
+ sleep 1
+ if [ -c /dev/${md}.eli ]; then
+ atf_fail "Did not detach on last close of a writer"
+ fi
+
+}
+attach_d_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case attach_d
+}
Modified: head/tests/sys/geom/class/eli/conf.sh
==============================================================================
--- head/tests/sys/geom/class/eli/conf.sh Sun Jan 7 00:38:34 2018 (r327661)
+++ head/tests/sys/geom/class/eli/conf.sh Sun Jan 7 00:44:22 2018 (r327662)
@@ -2,8 +2,19 @@
# $FreeBSD$
class="eli"
-base=`basename $0`
+base=$(atf_get ident)
+[ -z "$base" ] && base=`basename $0` # for TAP compatibility
+TEST_MDS_FILE=md.devs
+attach_md()
+{
+ local test_md
+
+ test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)"
+ echo $test_md >> $TEST_MDS_FILE || exit
+ echo $test_md
+}
+
# Execute `func` for each combination of cipher, sectorsize, and hmac algo
# `func` usage should be:
# func <cipher> <aalgo> <secsize>
@@ -23,7 +34,11 @@ for_each_geli_config() {
for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \
hmac/sha384 hmac/sha512; do
for secsize in 512 1024 2048 4096 8192; do
- bytes=`expr $secsize \* $sectors + 512`b
+ # Double the requested sector size to allow
+ # for the HMACs' storage space.
+ osecsize=$(( $secsize * 2 ))
+ # geli needs 512B for the label.
+ bytes=`expr $osecsize \* $sectors + 512`b
md=$(attach_md -t malloc -s $bytes)
${func} $cipher $aalgo $secsize
geli detach ${md} 2>/dev/null
@@ -50,6 +65,7 @@ for_each_geli_config_nointegrity() {
ealgo=${cipher%%:*}
keylen=${cipher##*:}
for secsize in 512 1024 2048 4096 8192; do
+ # geli needs 512B for the label.
bytes=`expr $secsize \* $sectors + 512`b
md=$(attach_md -t malloc -s $bytes)
${func} $cipher $secsize
@@ -69,8 +85,9 @@ geli_test_cleanup()
mdconfig -d -u $md 2>/dev/null
done < $TEST_MDS_FILE
fi
- rm -f "$TEST_MDS_FILE"
+ true
}
+# TODO: remove the trap statement once all TAP tests are converted
trap geli_test_cleanup ABRT EXIT INT TERM
. `dirname $0`/../geom_subr.sh
Added: head/tests/sys/geom/class/eli/configure_test.sh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/geom/class/eli/configure_test.sh Sun Jan 7 00:44:22 2018 (r327662)
@@ -0,0 +1,59 @@
+# $FreeBSD$
+
+atf_test_case configure_b_B cleanup
+configure_b_B_head()
+{
+ atf_set "descr" "geli configure -b will set the BOOT flag"
+ atf_set "require.user" "root"
+}
+configure_b_B_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=100
+ md=$(attach_md -t malloc -s `expr $sectors + 1`)
+
+ atf_check geli init -B none -P -K /dev/null ${md}
+
+ atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+
+ atf_check geli init -B none -b -P -K /dev/null ${md}
+
+ atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+
+ atf_check geli configure -B ${md}
+
+ atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+
+ atf_check geli configure -b ${md}
+
+ atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+
+ atf_check geli attach -p -k /dev/null ${md}
+
+ atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli
+
+ atf_check geli configure -B ${md}
+
+ atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli
+
+ atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md}
+
+ atf_check geli configure -b ${md}
+
+ atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli
+
+ atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md}
+
+ atf_check geli detach ${md}
+}
+configure_b_B_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case configure_b_B
+}
Modified: head/tests/sys/geom/class/eli/delkey_test.sh
==============================================================================
--- head/tests/sys/geom/class/eli/delkey_test.sh Sun Jan 7 00:38:34 2018 (r327661)
+++ head/tests/sys/geom/class/eli/delkey_test.sh Sun Jan 7 00:44:22 2018 (r327662)
@@ -1,140 +1,86 @@
#!/bin/sh
# $FreeBSD$
-. $(dirname $0)/conf.sh
+atf_test_case delkey cleanup
+delkey_head()
+{
+ atf_set "descr" "geli delkey can destroy the master key"
+ atf_set "require.user" "root"
+}
+delkey_body()
+{
+ . $(atf_get_srcdir)/conf.sh
-base=`basename $0`
-sectors=100
-keyfile1=`mktemp $base.XXXXXX` || exit 1
-keyfile2=`mktemp $base.XXXXXX` || exit 1
-keyfile3=`mktemp $base.XXXXXX` || exit 1
-keyfile4=`mktemp $base.XXXXXX` || exit 1
-md=$(attach_md -t malloc -s `expr $sectors + 1`)
+ sectors=100
+ md=$(attach_md -t malloc -s `expr $sectors + 1`)
-echo "1..14"
+ atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
+ atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
+ atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
+ atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
-dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
-dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
-dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
-dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
+ atf_check geli init -B none -P -K keyfile1 ${md}
+ atf_check geli attach -p -k keyfile1 ${md}
+ atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md}
-geli init -B none -P -K $keyfile1 ${md}
-geli attach -p -k $keyfile1 ${md}
-geli setkey -n 1 -P -K $keyfile2 ${md}
+ # Remove key 0 for attached provider.
+ atf_check geli delkey -n 0 ${md}
+ atf_check geli detach ${md}
-# Remove key 0 for attached provider.
-geli delkey -n 0 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 1"
-else
- echo "not ok 1"
-fi
-geli detach ${md}
+ # We cannot use keyfile1 anymore.
+ atf_check -s not-exit:0 -e match:"Wrong key" \
+ geli attach -p -k keyfile1 ${md}
-# We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 ${md} 2>/dev/null
-if [ $? -ne 0 ]; then
- echo "ok 2"
-else
- echo "not ok 2"
-fi
+ # Attach with key 1.
+ atf_check geli attach -p -k keyfile2 ${md}
-# Attach with key 1.
-geli attach -p -k $keyfile2 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 3"
-else
- echo "not ok 3"
-fi
+ # We cannot remove last key without -f option (for attached provider).
+ atf_check -s not-exit:0 -e match:"This is the last Master Key" \
+ geli delkey -n 1 ${md}
-# We cannot remove last key without -f option (for attached provider).
-geli delkey -n 1 ${md} 2>/dev/null
-if [ $? -ne 0 ]; then
- echo "ok 4"
-else
- echo "not ok 4"
-fi
+ # Remove last key for attached provider.
+ atf_check geli delkey -f -n 1 ${md}
-# Remove last key for attached provider.
-geli delkey -f -n 1 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 5"
-else
- echo "not ok 5"
-fi
+ # If there are no valid keys, but provider is attached, we can save situation.
+ atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md}
+ atf_check geli detach ${md}
-# If there are no valid keys, but provider is attached, we can save situation.
-geli setkey -n 0 -P -K $keyfile3 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 6"
-else
- echo "not ok 6"
-fi
-geli detach ${md}
+ # We cannot use keyfile2 anymore.
+ atf_check -s not-exit:0 -e match:"Wrong key" \
+ geli attach -p -k keyfile2 ${md}
-# We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 ${md} 2>/dev/null
-if [ $? -ne 0 ]; then
- echo "ok 7"
-else
- echo "not ok 7"
-fi
+ # Attach with key 0.
+ atf_check geli attach -p -k keyfile3 ${md}
-# Attach with key 0.
-geli attach -p -k $keyfile3 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 8"
-else
- echo "not ok 8"
-fi
+ # Setup key 1.
+ atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md}
+ atf_check geli detach ${md}
-# Setup key 1.
-geli setkey -n 1 -P -K $keyfile4 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 9"
-else
- echo "not ok 9"
-fi
-geli detach ${md}
+ # Remove key 1 for detached provider.
+ atf_check geli delkey -n 1 ${md}
-# Remove key 1 for detached provider.
-geli delkey -n 1 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 10"
-else
- echo "not ok 10"
-fi
+ # We cannot use keyfile4 anymore.
+ atf_check -s not-exit:0 -e match:"Wrong key" \
+ geli attach -p -k keyfile4 ${md}
-# We cannot use keyfile4 anymore.
-geli attach -p -k $keyfile4 ${md} 2>/dev/null
-if [ $? -ne 0 ]; then
- echo "ok 11"
-else
- echo "not ok 11"
-fi
+ # We cannot remove last key without -f option (for detached provider).
+ atf_check -s not-exit:0 -e match:"This is the last Master Key" \
+ geli delkey -n 0 ${md}
-# We cannot remove last key without -f option (for detached provider).
-geli delkey -n 0 ${md} 2>/dev/null
-if [ $? -ne 0 ]; then
- echo "ok 12"
-else
- echo "not ok 12"
-fi
+ # Remove last key for detached provider.
+ atf_check geli delkey -f -n 0 ${md}
-# Remove last key for detached provider.
-geli delkey -f -n 0 ${md}
-if [ $? -eq 0 ]; then
- echo "ok 13"
-else
- echo "not ok 13"
-fi
+ # We cannot use keyfile3 anymore.
+ atf_check -s not-exit:0 -e match:"No valid keys" \
+ geli attach -p -k keyfile3 ${md}
+}
+delkey_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
-# We cannot use keyfile3 anymore.
-geli attach -p -k $keyfile3 ${md} 2>/dev/null
-if [ $? -ne 0 ]; then
- echo "ok 14"
-else
- echo "not ok 14"
-fi
-
-rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4
+atf_init_test_cases()
+{
+ atf_add_test_case delkey
+}
Added: head/tests/sys/geom/class/eli/detach_test.sh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/geom/class/eli/detach_test.sh Sun Jan 7 00:44:22 2018 (r327662)
@@ -0,0 +1,46 @@
+# $FreeBSD$
+
+atf_test_case detach_l cleanup
+detach_l_head()
+{
+ atf_set "descr" "geli detach -l will cause a provider to detach on last close"
+ atf_set "require.user" "root"
+}
+detach_l_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=100
+ md=$(attach_md -t malloc -s `expr $sectors + 1`)
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
+
+ atf_check geli init -B none -P -K keyfile ${md}
+ atf_check geli attach -p -k keyfile ${md}
+
+ # Be sure it doesn't detach before 'detach -l'.
+ atf_check dd if=/dev/${md}.eli of=/dev/null status=none
+ sleep 1
+ if [ ! -c /dev/${md}.eli ]; then
+ atf_fail "provider detached on last close without detach -l"
+ fi
+ atf_check geli detach -l ${md}
+ if [ ! -c /dev/${md}.eli ]; then
+ atf_fail "Provider detached before last close"
+ fi
+ atf_check dd if=/dev/${md}.eli of=/dev/null status=none
+ sleep 1
+ if [ -c /dev/${md}.eli ]; then
+ atf_fail "Provider did not detach on last close"
+ fi
+}
+detach_l_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case detach_l
+}
Modified: head/tests/sys/geom/class/eli/init_test.sh
==============================================================================
--- head/tests/sys/geom/class/eli/init_test.sh Sun Jan 7 00:38:34 2018 (r327661)
+++ head/tests/sys/geom/class/eli/init_test.sh Sun Jan 7 00:44:22 2018 (r327662)
@@ -1,50 +1,368 @@
#!/bin/sh
# $FreeBSD$
-. $(dirname $0)/conf.sh
+init_test()
+{
+ cipher=$1
+ secsize=$2
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
-base=`basename $0`
-sectors=32
-keyfile=`mktemp $base.XXXXXX` || exit 1
-rnd=`mktemp $base.XXXXXX` || exit 1
+ atf_check -s exit:0 -e ignore \
+ geli init -B none -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md}
+ atf_check geli attach -p -k keyfile ${md}
-echo "1..200"
+ secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
-do_test() {
+ atf_check dd if=/dev/random of=rnd bs=${secsize} count=${secs} status=none
+ atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none
+
+ md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5`
+ atf_check_equal 0 $?
+ md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+ atf_check_equal 0 $?
+ md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} status=none | md5`
+ atf_check_equal 0 $?
+
+ if [ ${md_rnd} != ${md_ddev} ]; then
+ atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+ if [ ${md_rnd} == ${md_edev} ]; then
+ atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ fi
+}
+atf_test_case init cleanup
+init_head()
+{
+ atf_set "descr" "Basic I/O with geli"
+ atf_set "require.user" "root"
+ atf_set "timeout" 600
+}
+init_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=32
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
+ atf_check dd if=/dev/random of=rnd bs=8192 count=${sectors} status=none
+ for_each_geli_config_nointegrity init_test
+}
+init_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+atf_test_case init_B cleanup
+init_B_head()
+{
+ atf_set "descr" "init -B can select an alternate backup metadata file"
+ atf_set "require.user" "root"
+}
+init_B_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=100
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
+
+ md=$(attach_md -t malloc -s $sectors)
+
+ # -B none
+ rm -f /var/backups/${md}.eli
+ atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md}
+ if [ -f /var/backups/${md}.eli ]; then
+ atf_fail "geli created a backup file even with -B none"
+ fi
+
+ # no -B
+ rm -f /var/backups/${md}.eli
+ atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md}
+ if [ ! -f /var/backups/${md}.eli ]; then
+ atf_fail "geli did not create a backup file"
+ fi
+ atf_check geli clear ${md}
+ atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
+ atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md}
+ atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md}
+ atf_check geli detach ${md}
+ rm -f /var/backups/${md}.eli
+
+ # -B file
+ rm -f backupfile
+ atf_check -s exit:0 -o ignore \
+ geli init -B backupfile -P -K keyfile ${md}
+ if [ ! -f backupfile ]; then
+ atf_fail "geli init -B did not create a backup file"
+ fi
+ atf_check geli clear ${md}
+ atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
+ atf_check geli restore backupfile ${md}
+ atf_check geli attach -p -k keyfile ${md}
+}
+init_B_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+atf_test_case init_J cleanup
+init_J_head()
+{
+ atf_set "descr" "init -J accepts a passfile"
+ atf_set "require.user" "root"
+}
+init_J_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=100
+ md=$(attach_md -t malloc -s `expr $sectors + 1`)
+
+ atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none
+ atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
+ dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0
+ atf_check_equal 0 $?
+ dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1
+ atf_check_equal 0 $?
+
+ for iter in -1 0 64; do
+ atf_check -s not-exit:0 -e ignore \
+ geli init -i ${iter} -B none -J passfile0 -P ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md}
+ atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -p ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j passfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j keyfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k passfile0 -p ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j keyfile0 -k passfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j keyfile0 -k keyfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j passfile0 -k passfile0 ${md}
+ atf_check -s exit:0 -e ignore \
+ geli attach -j passfile0 -k keyfile0 ${md}
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat keyfile0 | geli attach -j passfile0 -k - ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat passfile0 | geli attach -j - -k keyfile0 ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+
+ atf_check -s not-exit:0 -e ignore \
+ geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md}
+ atf_check -s exit:0 -e ignore \
+ geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -p ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile1 -p ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j passfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -k keyfile1 -p ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -j passfile0 -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -j passfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile1 -j passfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile1 -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -j passfile0 -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile1 -j passfile0 -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md}
+ atf_check -s not-exit:0 -e ignore \
+ geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md}
+ atf_check -s exit:0 -e ignore \
+ geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md}
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ atf_check -s exit:0 -e ignore -x \
+ "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}"
+ atf_check -s exit:0 -e ignore geli detach ${md}
+ done
+}
+init_J_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+init_a_test()
+{
cipher=$1
- secsize=$2
+ aalgo=$2
+ secsize=$3
ealgo=${cipher%%:*}
keylen=${cipher##*:}
- geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
- geli attach -p -k $keyfile ${md}
+ atf_check -s exit:0 -e ignore geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md}
+ atf_check geli attach -p -k keyfile ${md}
secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
- dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
- dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
+ atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} status=none
- md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
- md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
- md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5`
+ md_rnd=`dd if=rnd bs=${secsize} count=${secs} status=none | md5`
+ atf_check_equal 0 $?
+ md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} status=none | md5`
+ atf_check_equal 0 $?
- if [ ${md_rnd} = ${md_ddev} ]; then
- echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
- else
- echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+ if [ ${md_rnd} != ${md_ddev} ]; then
+ atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
fi
- i=$((i+1))
- if [ ${md_rnd} != ${md_edev} ]; then
- echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
- else
- echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
+}
+atf_test_case init_a cleanup
+init_a_head()
+{
+ atf_set "descr" "I/O with geli and HMACs"
+ atf_set "require.user" "root"
+ atf_set "timeout" 3600
+}
+init_a_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=100
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
+ atf_check dd if=/dev/random of=rnd bs=8192 count=${sectors} status=none
+ for_each_geli_config init_a_test
+ true
+}
+init_a_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+init_alias_test() {
+ ealgo=$1
+ keylen=$2
+ expected_ealgo=$3
+ expected_keylen=$4
+
+ atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md}
+ atf_check geli attach -p -k keyfile ${md}
+ real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
+ real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
+
+ if [ "${real_ealgo}" != "${expected_ealgo}" ]; then
+ atf_fail "expected ${expected_ealgo} but got ${real_ealgo}"
fi
- i=$((i+1))
+
+ if [ "${real_keylen}" != "${expected_keylen}" ]; then
+ atf_fail "expected ${expected_keylen} but got ${real_keylen}"
+ fi
+ atf_check geli detach ${md}
}
+atf_test_case init_alias cleanup
+init_alias_head()
+{
+ atf_set "descr" "geli init accepts cipher aliases"
+ atf_set "require.user" "root"
+}
+init_alias_body()
+{
+ . $(atf_get_srcdir)/conf.sh
-i=1
-dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
-for_each_geli_config_nointegrity do_test
+ md=$(attach_md -t malloc -s 1024k)
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
-rm -f $rnd
-rm -f $keyfile
+ for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
+ 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \
+ blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \
+ blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \
+ blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \
+ blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \
+ blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \
+ blowfish:448:Blowfish-CBC:448 \
+ camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \
+ camellia:256:CAMELLIA-CBC:256 ; do
+
+ ealgo=`echo $spec | cut -d : -f 1`
+ keylen=`echo $spec | cut -d : -f 2`
+ expected_ealgo=`echo $spec | cut -d : -f 3`
+ expected_keylen=`echo $spec | cut -d : -f 4`
+
+ init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen
+ done
+}
+init_alias_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+atf_test_case init_i_P cleanup
+init_i_P_head()
+{
+ atf_set "descr" "geli: Options -i and -P are mutually exclusive"
+ atf_set "require.user" "root"
+}
+init_i_P_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=100
+ md=$(attach_md -t malloc -s `expr $sectors + 1`)
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
+
+ atf_check -s exit:1 -e "match:Options -i and -P are mutually exclusive"\
+ geli init -B none -i 64 -P -K keyfile $md
+}
+init_i_P_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case init
+ atf_add_test_case init_B
+ atf_add_test_case init_J
+ atf_add_test_case init_a
+ atf_add_test_case init_alias
+ atf_add_test_case init_i_P
+}
Added: head/tests/sys/geom/class/eli/integrity_test.sh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/tests/sys/geom/class/eli/integrity_test.sh Sun Jan 7 00:44:22 2018 (r327662)
@@ -0,0 +1,160 @@
+# $FreeBSD$
+
+copy_test() {
+ cipher=$1
+ aalgo=$2
+ secsize=$3
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+
+ atf_check -s exit:0 -e ignore \
+ geli init -B none -a $aalgo -e $ealgo -l $keylen -P \
+ -K keyfile -s $secsize ${md}
+ atf_check geli attach -p -k keyfile ${md}
+
+ atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 status=none
+
+ atf_check geli detach ${md}
+ # Copy first small sector to the second small sector.
+ # This should be detected as corruption.
+ atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
+ atf_check dd if=sector of=/dev/${md} bs=512 count=1 seek=1 status=none
+ atf_check geli attach -p -k keyfile ${md}
+
+ atf_check -s not-exit:0 -e ignore \
+ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
+
+ # Fix the corruption
+ atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 status=none
+ atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 status=none
+
+ # Copy first big sector to the second big sector.
+ # This should be detected as corruption.
+ ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`
+ ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`
+ usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
+ atf_check geli detach ${md}
+ atf_check dd if=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 512 )) of=sector status=none
+ atf_check dd of=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 256 )) if=sector status=none
+ atf_check -s exit:0 -e ignore geli attach -p -k keyfile ${md}
+ atf_check -s not-exit:0 -e ignore \
+ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns
+}
+
+atf_test_case copy cleanup
+copy_head()
+{
+ atf_set "descr" "geli will detect misdirected writes as corruption"
+ atf_set "require.user" "root"
+ atf_set "timeout" 3600
+}
+copy_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=2
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
+ for_each_geli_config copy_test
+}
+copy_cleanup()
+{
+ . $(atf_get_srcdir)/conf.sh
+ geli_test_cleanup
+}
+
+
+data_test() {
+ cipher=$1
+ aalgo=$2
+ secsize=$3
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+
+ atf_check -s exit:0 -e ignore \
+ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
+ -s $secsize ${md}
+
+ # Corrupt 8 bytes of data.
+ atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none
+ atf_check dd if=/dev/random of=sector bs=1 count=8 seek=64 conv=notrunc status=none
+ atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none
+ atf_check geli attach -p -k keyfile ${md}
+
+ # Try to read from the corrupt sector
+ atf_check -s not-exit:0 -e ignore \
+ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1
+}
+
+atf_test_case data cleanup
+data_head()
+{
+ atf_set "descr" "With HMACs, geli will detect data corruption"
+ atf_set "require.user" "root"
+ atf_set "timeout" 1800
+}
+data_body()
+{
+ . $(atf_get_srcdir)/conf.sh
+
+ sectors=2
+
+ atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list