svn commit: r363402 - in head: sys/geom/eli tests/sys/geom/class/eli
Alan Somers
asomers at FreeBSD.org
Tue Jul 21 19:18:31 UTC 2020
Author: asomers
Date: Tue Jul 21 19:18:29 2020
New Revision: 363402
URL: https://svnweb.freebsd.org/changeset/base/363402
Log:
Fix geli's null cipher, and add a test case
PR: 247954
Submitted by: jhb (sys), asomers (tests)
Reviewed by: jhb (tests), asomers (sys)
MFC after: 2 weeks
Sponsored by: Axcient
Modified:
head/sys/geom/eli/g_eli_integrity.c
head/sys/geom/eli/g_eli_privacy.c
head/tests/sys/geom/class/eli/onetime_test.sh
Modified: head/sys/geom/eli/g_eli_integrity.c
==============================================================================
--- head/sys/geom/eli/g_eli_integrity.c Tue Jul 21 17:34:05 2020 (r363401)
+++ head/sys/geom/eli/g_eli_integrity.c Tue Jul 21 19:18:29 2020 (r363402)
@@ -536,13 +536,15 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp
crp->crp_digest_start = 0;
crp->crp_payload_start = sc->sc_alen;
crp->crp_payload_length = data_secsize;
- crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) == 0) {
crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
encr_secsize);
}
- g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
- sizeof(crp->crp_iv));
+ if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+ crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+ g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+ sizeof(crp->crp_iv));
+ }
g_eli_auth_keygen(sc, dstoff, authkey);
crp->crp_auth_key = authkey;
Modified: head/sys/geom/eli/g_eli_privacy.c
==============================================================================
--- head/sys/geom/eli/g_eli_privacy.c Tue Jul 21 17:34:05 2020 (r363401)
+++ head/sys/geom/eli/g_eli_privacy.c Tue Jul 21 19:18:29 2020 (r363402)
@@ -281,13 +281,15 @@ g_eli_crypto_run(struct g_eli_worker *wr, struct bio *
crp->crp_payload_start = 0;
crp->crp_payload_length = secsize;
- crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0) {
crp->crp_cipher_key = g_eli_key_hold(sc, dstoff,
secsize);
}
- g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
- sizeof(crp->crp_iv));
+ if (g_eli_ivlen(sc->sc_ealgo) != 0) {
+ crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
+ g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv,
+ sizeof(crp->crp_iv));
+ }
error = crypto_dispatch(crp);
KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",
Modified: head/tests/sys/geom/class/eli/onetime_test.sh
==============================================================================
--- head/tests/sys/geom/class/eli/onetime_test.sh Tue Jul 21 17:34:05 2020 (r363401)
+++ head/tests/sys/geom/class/eli/onetime_test.sh Tue Jul 21 19:18:29 2020 (r363402)
@@ -130,9 +130,54 @@ onetime_d_cleanup()
geli_test_cleanup
}
+atf_test_case onetime cleanup
+onetime_null_head()
+{
+ atf_set "descr" "geli onetime can use the null cipher"
+ atf_set "require.user" "root"
+}
+onetime_null_body()
+{
+ geli_test_setup
+
+ sectors=100
+
+ dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none
+
+ secsize=512
+ ealgo=${cipher%%:*}
+ keylen=${cipher##*:}
+
+ md=$(attach_md -t malloc -s 100k)
+
+ atf_check -s exit:0 -o ignore -e ignore \
+ geli onetime -e null -s ${secsize} ${md}
+
+ atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
+
+ md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
+ atf_check_equal 0 $?
+ md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
+ atf_check_equal 0 $?
+ md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
+ atf_check_equal 0 $?
+
+ if [ ${md_rnd} != ${md_ddev} ]; then
+ atf_fail "geli did not return the original data"
+ fi
+ if [ ${md_rnd} != ${md_edev} ]; then
+ atf_fail "geli encrypted the data even with the null cipher"
+ fi
+}
+onetime_null_cleanup()
+{
+ geli_test_cleanup
+}
+
atf_init_test_cases()
{
atf_add_test_case onetime
atf_add_test_case onetime_a
atf_add_test_case onetime_d
+ atf_add_test_case onetime_null
}
More information about the svn-src-all
mailing list