Index: ObsoleteFiles.inc =================================================================== --- ObsoleteFiles.inc +++ ObsoleteFiles.inc @@ -38,6 +38,20 @@ # xargs -n1 | sort | uniq -d; # done +# 20171231: Convert most geli(8) tests to ATF +OLD_FILES+=tests/sys/geom/class/eli/attach_d_test.sh +OLD_FILES+=tests/sys/geom/class/eli/configure_b_B_test.sh +OLD_FILES+=tests/sys/geom/class/eli/detach_l_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_B_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_J_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_a_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_alias_test.sh +OLD_FILES+=tests/sys/geom/class/eli/init_i_P_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_copy_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_data_test.sh +OLD_FILES+=tests/sys/geom/class/eli/integrity_hmac_test.sh +OLD_FILES+=tests/sys/geom/class/eli/onetime_a_test.sh +OLD_FILES+=tests/sys/geom/class/eli/onetime_d_test.sh # 20171230: Remove /etc/skel from mtree OLD_DIRS+=/etc/skel # 20171208: Remove basename_r(3) Index: tests/sys/geom/class/eli/Makefile =================================================================== --- tests/sys/geom/class/eli/Makefile +++ tests/sys/geom/class/eli/Makefile @@ -7,36 +7,20 @@ TESTSDIR= ${TESTSBASE}/sys/geom/class/${.CURDIR:T} ATF_TESTS_C= pbkdf2_test +ATF_TESTS_SH+= attach_test +ATF_TESTS_SH+= configure_test +ATF_TESTS_SH+= delkey_test +ATF_TESTS_SH+= detach_test +ATF_TESTS_SH+= init_test +ATF_TESTS_SH+= integrity_test +ATF_TESTS_SH+= kill_test +ATF_TESTS_SH+= onetime_test +ATF_TESTS_SH+= resize_test +ATF_TESTS_SH+= setkey_test -TAP_TESTS_SH+= attach_d_test -TAP_TESTS_SH+= configure_b_B_test -TAP_TESTS_SH+= delkey_test -TAP_TESTS_SH+= detach_l_test -TAP_TESTS_SH+= init_B_test -TAP_TESTS_SH+= init_J_test -TAP_TESTS_SH+= init_a_test -TAP_TESTS_SH+= init_alias_test -TAP_TESTS_SH+= init_i_P_test -TAP_TESTS_SH+= init_test -TAP_TESTS_SH+= integrity_copy_test -TAP_TESTS_SH+= integrity_data_test -TAP_TESTS_SH+= integrity_hmac_test -TAP_TESTS_SH+= kill_test TAP_TESTS_SH+= nokey_test -TAP_TESTS_SH+= onetime_a_test -TAP_TESTS_SH+= onetime_d_test -TAP_TESTS_SH+= onetime_test TAP_TESTS_SH+= readonly_test -TAP_TESTS_SH+= resize_test -TAP_TESTS_SH+= setkey_test -TEST_METADATA.init_a_test+= timeout="3600" -TEST_METADATA.init_test+= timeout="600" -TEST_METADATA.integrity_copy_test+= timeout="3600" -TEST_METADATA.integrity_data_test+= timeout="1800" -TEST_METADATA.integrity_hmac_test+= timeout="1800" -TEST_METADATA.onetime_a_test+= timeout="1800" -TEST_METADATA.onetime_test+= timeout="1800" ${PACKAGE}FILES+= conf.sh Index: tests/sys/geom/class/eli/attach_d_test.sh =================================================================== --- tests/sys/geom/class/eli/attach_d_test.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) - -echo "1..3" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile ${md} -geli attach -d -p -k $keyfile ${md} -if [ -c /dev/${md}.eli ]; then - echo "ok 1" -else - echo "not ok 1" -fi -# Be sure it doesn't detach on read. -dd if=/dev/${md}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ -c /dev/${md}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi -true > /dev/${md}.eli -sleep 1 -if [ ! -c /dev/${md}.eli ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -rm -f $keyfile Index: tests/sys/geom/class/eli/attach_test.sh =================================================================== --- /dev/null +++ tests/sys/geom/class/eli/attach_test.sh @@ -0,0 +1,45 @@ +# $FreeBSD$ + +atf_test_case attach_d cleanup +attach_d_head() +{ + atf_set "descr" "geli attach -d will cause the provider to detach on last close" + atf_set "require.user" "root" +} +attach_d_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + dd if=/dev/random of=keyfile bs=512 count=16 >/dev/null 2>&1 + + atf_check -s exit:0 geli init -B none -P -K keyfile ${md} + atf_check -s exit:0 geli attach -d -p -k keyfile ${md} + + # Be sure it doesn't detach on read. + dd if=/dev/${md}.eli of=/dev/null 2>/dev/null + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Detached on last close of a reader" + fi + + # It should detach on last close of a writer + true > /dev/${md}.eli + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Did not detach on last close of a writer" + fi + +} +attach_d_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case attach_d +} Index: tests/sys/geom/class/eli/conf.sh =================================================================== --- tests/sys/geom/class/eli/conf.sh +++ tests/sys/geom/class/eli/conf.sh @@ -2,8 +2,20 @@ # $FreeBSD$ class="eli" -base=`basename $0` +base=$(atf_get ident) +[ -z "$base" ] && base=`basename $0` # for TAP compatibility +TEST_MDS_FILE=md.devs +attach_md() +{ + local test_md + + test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)" + echo TEST_MDS_FILE is $TEST_MDS_FILE > /dev/stderr + echo $test_md >> $TEST_MDS_FILE || exit + echo $test_md +} + # Execute `func` for each combination of cipher, sectorsize, and hmac algo # `func` usage should be: # func @@ -69,8 +81,9 @@ mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi - rm -f "$TEST_MDS_FILE" + true } +# TODO: remove the trap statement once all TAP tests are converted trap geli_test_cleanup ABRT EXIT INT TERM . `dirname $0`/../geom_subr.sh Index: tests/sys/geom/class/eli/configure_b_B_test.sh =================================================================== --- tests/sys/geom/class/eli/configure_b_B_test.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -md=$(attach_md -t malloc -s `expr $sectors + 1`) - -echo "1..17" - -geli init -B none -P -K /dev/null ${md} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi - -geli dump ${md} | egrep 'flags: 0x0$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -geli init -B none -b -P -K /dev/null ${md} -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -geli dump ${md} | egrep 'flags: 0x2$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -geli configure -B ${md} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi - -geli dump ${md} | egrep 'flags: 0x0$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi - -geli configure -b ${md} -if [ $? -eq 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi - -geli dump ${md} | egrep 'flags: 0x2$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi - -geli attach -p -k /dev/null ${md} -if [ $? -eq 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi - -geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi - -geli configure -B ${md} -if [ $? -eq 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi - -geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null -if [ $? -ne 0 ]; then - echo "ok 12" -else - echo "not ok 12" -fi - -geli dump ${md} | egrep 'flags: 0x0$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 13" -else - echo "not ok 13" -fi - -geli configure -b ${md} -if [ $? -eq 0 ]; then - echo "ok 14" -else - echo "not ok 14" -fi - -geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 15" -else - echo "not ok 15" -fi - -geli dump ${md} | egrep 'flags: 0x2$' >/dev/null -if [ $? -eq 0 ]; then - echo "ok 16" -else - echo "not ok 16" -fi - -geli detach ${md} -if [ $? -eq 0 ]; then - echo "ok 17" -else - echo "not ok 17" -fi Index: tests/sys/geom/class/eli/configure_test.sh =================================================================== --- /dev/null +++ tests/sys/geom/class/eli/configure_test.sh @@ -0,0 +1,59 @@ +# $FreeBSD$ + +atf_test_case configure_b_B cleanup +configure_b_B_head() +{ + atf_set "descr" "geli configure -b will set the BOOT flag" + atf_set "require.user" "root" +} +configure_b_B_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + atf_check -s exit:0 geli init -B none -P -K /dev/null ${md} + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check -s exit:0 geli init -B none -b -P -K /dev/null ${md} + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check -s exit:0 geli configure -B ${md} + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check -s exit:0 geli configure -b ${md} + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check -s exit:0 geli attach -p -k /dev/null ${md} + + atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check -s exit:0 geli configure -B ${md} + + atf_check -o not-match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check -s exit:0 -o match:'flags: 0x0$' geli dump ${md} + + atf_check -s exit:0 geli configure -b ${md} + + atf_check -s exit:0 -o match:'^Flags: .*BOOT' geli list ${md}.eli + + atf_check -s exit:0 -o match:'flags: 0x2$' geli dump ${md} + + atf_check -s exit:0 geli detach ${md} +} +configure_b_B_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case configure_b_B +} Index: tests/sys/geom/class/eli/delkey_test.sh =================================================================== --- tests/sys/geom/class/eli/delkey_test.sh +++ tests/sys/geom/class/eli/delkey_test.sh @@ -1,140 +1,86 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +atf_test_case delkey cleanup +delkey_head() +{ + atf_set "descr" "geli delkey can destroy the master key" + atf_set "require.user" "root" +} +delkey_body() +{ + . $(atf_get_srcdir)/conf.sh -base=`basename $0` -sectors=100 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -keyfile2=`mktemp $base.XXXXXX` || exit 1 -keyfile3=`mktemp $base.XXXXXX` || exit 1 -keyfile4=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) -echo "1..14" + dd if=/dev/random of=keyfile1 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile2 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile3 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile4 bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1 + atf_check -s exit:0 geli init -B none -P -K keyfile1 ${md} + atf_check -s exit:0 geli attach -p -k keyfile1 ${md} + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md} -geli init -B none -P -K $keyfile1 ${md} -geli attach -p -k $keyfile1 ${md} -geli setkey -n 1 -P -K $keyfile2 ${md} + # Remove key 0 for attached provider. + atf_check -s exit:0 geli delkey -n 0 ${md} + atf_check -s exit:0 geli detach ${md} -# Remove key 0 for attached provider. -geli delkey -n 0 ${md} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi -geli detach ${md} + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile1 ${md} -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi + # Attach with key 1. + atf_check -s exit:0 geli attach -p -k keyfile2 ${md} -# Attach with key 1. -geli attach -p -k $keyfile2 ${md} -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi + # We cannot remove last key without -f option (for attached provider). + atf_check -s not-exit:0 -e match:"This is the last Master Key" \ + geli delkey -n 1 ${md} -# We cannot remove last key without -f option (for attached provider). -geli delkey -n 1 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi + # Remove last key for attached provider. + atf_check -s exit:0 geli delkey -f -n 1 ${md} -# Remove last key for attached provider. -geli delkey -f -n 1 ${md} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi + # If there are no valid keys, but provider is attached, we can save situation. + atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md} + atf_check -s exit:0 geli detach ${md} -# If there are no valid keys, but provider is attached, we can save situation. -geli setkey -n 0 -P -K $keyfile3 ${md} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi -geli detach ${md} + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile2 ${md} -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi + # Attach with key 0. + atf_check -s exit:0 geli attach -p -k keyfile3 ${md} -# Attach with key 0. -geli attach -p -k $keyfile3 ${md} -if [ $? -eq 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi + # Setup key 1. + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md} + atf_check -s exit:0 geli detach ${md} -# Setup key 1. -geli setkey -n 1 -P -K $keyfile4 ${md} -if [ $? -eq 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi -geli detach ${md} + # Remove key 1 for detached provider. + atf_check -s exit:0 geli delkey -n 1 ${md} -# Remove key 1 for detached provider. -geli delkey -n 1 ${md} -if [ $? -eq 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi + # We cannot use keyfile4 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile4 ${md} -# We cannot use keyfile4 anymore. -geli attach -p -k $keyfile4 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi + # We cannot remove last key without -f option (for detached provider). + atf_check -s not-exit:0 -e match:"This is the last Master Key" \ + geli delkey -n 0 ${md} -# We cannot remove last key without -f option (for detached provider). -geli delkey -n 0 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 12" -else - echo "not ok 12" -fi + # Remove last key for detached provider. + atf_check -s exit:0 geli delkey -f -n 0 ${md} -# Remove last key for detached provider. -geli delkey -f -n 0 ${md} -if [ $? -eq 0 ]; then - echo "ok 13" -else - echo "not ok 13" -fi + # We cannot use keyfile3 anymore. + atf_check -s not-exit:0 -e match:"No valid keys" \ + geli attach -p -k keyfile3 ${md} +} +delkey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} -# We cannot use keyfile3 anymore. -geli attach -p -k $keyfile3 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 14" -else - echo "not ok 14" -fi - -rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4 +atf_init_test_cases() +{ + atf_add_test_case delkey +} Index: tests/sys/geom/class/eli/detach_l_test.sh =================================================================== --- tests/sys/geom/class/eli/detach_l_test.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) - -echo "1..4" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -P -K $keyfile ${md} -geli attach -p -k $keyfile ${md} -if [ -c /dev/${md}.eli ]; then - echo "ok 1" -else - echo "not ok 1" -fi -# Be sure it doesn't detach before 'detach -l'. -dd if=/dev/${md}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ -c /dev/${md}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi -geli detach -l ${md} -if [ -c /dev/${md}.eli ]; then - echo "ok 3" -else - echo "not ok 3" -fi -dd if=/dev/${md}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ ! -c /dev/${md}.eli ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -rm -f $keyfile Index: tests/sys/geom/class/eli/detach_test.sh =================================================================== --- /dev/null +++ tests/sys/geom/class/eli/detach_test.sh @@ -0,0 +1,46 @@ +# $FreeBSD$ + +atf_test_case detach_l cleanup +detach_l_head() +{ + atf_set "descr" "geli detach -l will cause a provider to detach on last close" + atf_set "require.user" "root" +} +detach_l_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + dd if=/dev/random of=keyfile bs=512 count=16 >/dev/null 2>&1 + + atf_check -s exit:0 geli init -B none -P -K keyfile ${md} + atf_check -s exit:0 geli attach -p -k keyfile ${md} + + # Be sure it doesn't detach before 'detach -l'. + dd if=/dev/${md}.eli of=/dev/null 2>/dev/null + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "provider detached on last close without detach -l" + fi + atf_check -s exit:0 geli detach -l ${md} + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Provider detached before last close" + fi + dd if=/dev/${md}.eli of=/dev/null 2>/dev/null + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Provider did not detach on last close" + fi +} +detach_l_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case detach_l +} Index: tests/sys/geom/class/eli/init_B_test.sh =================================================================== --- tests/sys/geom/class/eli/init_B_test.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -backupfile=`mktemp $base.XXXXXX` || exit 1 - -echo "1..13" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -md=$(attach_md -t malloc -s `expr $sectors`) - -# -B none -rm -f /var/backups/${md}.eli -geli init -B none -P -K $keyfile ${md} 2>/dev/null -if [ ! -f /var/backups/${md}.eli ]; then - echo "ok 1 - -B none" -else - echo "not ok 1 - -B none" -fi - -# no -B -rm -f /var/backups/${md}.eli -geli init -P -K $keyfile ${md} >/dev/null 2>&1 -if [ -f /var/backups/${md}.eli ]; then - echo "ok 2 - no -B" -else - echo "not ok 2 - no -B" -fi -geli clear ${md} -geli attach -p -k $keyfile ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 3 - no -B" -else - echo "not ok 3 - no -B" -fi -if [ ! -c /dev/${md}.eli ]; then - echo "ok 4 - no -B" -else - echo "not ok 4 - no -B" -fi -geli restore /var/backups/${md}.eli ${md} -if [ $? -eq 0 ]; then - echo "ok 5 - no -B" -else - echo "not ok 5 - no -B" -fi -geli attach -p -k $keyfile ${md} 2>/dev/null -if [ $? -eq 0 ]; then - echo "ok 6 - no -B" -else - echo "not ok 6 - no -B" -fi -if [ -c /dev/${md}.eli ]; then - echo "ok 7 - no -B" -else - echo "not ok 7 - no -B" -fi -geli detach ${md} -rm -f /var/backups/${md}.eli - -# -B file -rm -f $backupfile -geli init -B $backupfile -P -K $keyfile ${md} >/dev/null 2>&1 -if [ -f $backupfile ]; then - echo "ok 8 - -B file" -else - echo "not ok 8 - -B file" -fi -geli clear ${md} -geli attach -p -k $keyfile ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 9 - -B file" -else - echo "not ok 9 - -B file" -fi -if [ ! -c /dev/${md}.eli ]; then - echo "ok 10 - -B file" -else - echo "not ok 10 - -B file" -fi -geli restore $backupfile ${md} -if [ $? -eq 0 ]; then - echo "ok 11 - -B file" -else - echo "not ok 11 - -B file" -fi -geli attach -p -k $keyfile ${md} 2>/dev/null -if [ $? -eq 0 ]; then - echo "ok 12 - -B file" -else - echo "not ok 12 - -B file" -fi -if [ -c /dev/${md}.eli ]; then - echo "ok 13 - -B file" -else - echo "not ok 13 - -B file" -fi - -rm -f $backupfile $keyfile Index: tests/sys/geom/class/eli/init_J_test.sh =================================================================== --- tests/sys/geom/class/eli/init_J_test.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile0=`mktemp $base.XXXXXX` || exit 1 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -passfile0=`mktemp $base.XXXXXX` || exit 1 -passfile1=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) - -echo "1..150" - -dd if=/dev/random of=${keyfile0} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile0} -dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile1} - -i=1 -for iter in -1 0 64; do - geli init -i ${iter} -B none -J ${passfile0} -P ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${keyfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${passfile0} -p ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${keyfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${keyfile0} -k ${keyfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -k ${keyfile0} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile0} | geli attach -j ${passfile0} -k - ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile0} | geli attach -j - -k ${keyfile0} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - - geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -j ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not " - echo "ok ${i}"; i=$((i+1)) - geli detach ${md} || echo -n "not " - echo "ok ${i}"; i=$((i+1)) -done - -rm -f ${keyfile0} ${keyfile1} ${passfile0} ${passfile1} Index: tests/sys/geom/class/eli/init_a_test.sh =================================================================== --- tests/sys/geom/class/eli/init_a_test.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -rnd=`mktemp $base.XXXXXX` || exit 1 - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null - geli attach -p -k $keyfile ${md} - - secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` - - dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null - - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` - md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) -} - -echo "1..600" - -i=1 - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${rnd} bs=8192 count=${sectors} >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $rnd -rm -f $keyfile Index: tests/sys/geom/class/eli/init_alias_test.sh =================================================================== --- tests/sys/geom/class/eli/init_alias_test.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -# Test "geli init"'s various cipher aliases -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -rnd=`mktemp $base.XXXXXX` || exit 1 - -do_test() { - ealgo=$1 - keylen=$2 - expected_ealgo=$3 - expected_keylen=$4 - - geli init -B none -e $ealgo -l $keylen -P -K $keyfile ${md} 2>/dev/null - geli attach -p -k $keyfile ${md} - real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'` - real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'` - - if [ ${real_ealgo} = ${expected_ealgo} ]; then - echo "ok $i - ${ealgo} aliased to ${real_ealgo}" - else - echo "not ok $i - expected ${expected_ealgo} but got ${real_ealgo}" - fi - i=$((i+1)) - - if [ ${real_keylen} = ${expected_keylen} ]; then - echo "ok $i - keylen=${keylen} for ealgo=${ealgo} aliases to ${real_keylen}" - else - echo "not ok $i - expected ${expected_keylen} but got ${real_keylen}" - fi - i=$((i+1)) - - geli detach ${md} -} - -echo "1..38" -i=1 -md=$(attach_md -t malloc -s 1024k) -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ - 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ - blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ - blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ - blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ - blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ - blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ - blowfish:448:Blowfish-CBC:448 \ - camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ - camellia:256:CAMELLIA-CBC:256 ; do - - ealgo=`echo $spec | cut -d : -f 1` - keylen=`echo $spec | cut -d : -f 2` - expected_ealgo=`echo $spec | cut -d : -f 3` - expected_keylen=`echo $spec | cut -d : -f 4` - - do_test $ealgo $keylen $expected_ealgo $expected_keylen -done - -rm -f $keyfile Index: tests/sys/geom/class/eli/init_i_P_test.sh =================================================================== --- tests/sys/geom/class/eli/init_i_P_test.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -keyfile=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) - -echo "1..1" - -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -geli init -B none -i 64 -P -K ${keyfile} ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi - -rm -f $keyfile Index: tests/sys/geom/class/eli/init_test.sh =================================================================== --- tests/sys/geom/class/eli/init_test.sh +++ tests/sys/geom/class/eli/init_test.sh @@ -1,50 +1,362 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +init_test() +{ + cipher=$1 + secsize=$2 + ealgo=${cipher%%:*} + keylen=${cipher##*:} -base=`basename $0` -sectors=32 -keyfile=`mktemp $base.XXXXXX` || exit 1 -rnd=`mktemp $base.XXXXXX` || exit 1 + geli init -B none -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md} 2>/dev/null + geli attach -p -k keyfile ${md} -echo "1..200" + secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` -do_test() { + dd if=/dev/random of=rnd bs=${secsize} count=${secs} >/dev/null 2>&1 + dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null + + md_rnd=`dd if=rnd bs=${secsize} count=${secs} 2>/dev/null | md5` + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` + md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5` + + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + if [ ${md_rnd} == ${md_edev} ]; then + atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi +} +atf_test_case init cleanup +init_head() +{ + atf_set "descr" "Basic I/O with geli" + atf_set "require.user" "root" + atf_set "timeout" 600 +} +init_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=32 + + dd if=/dev/random of=keyfile bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=rnd bs=8192 count=${sectors} >/dev/null 2>&1 + for_each_geli_config_nointegrity init_test +} +init_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_B cleanup +init_B_head() +{ + atf_set "descr" "init -B can select an alternate backup metadata file" + atf_set "require.user" "root" +} +init_B_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + + dd if=/dev/random of=keyfile bs=512 count=16 >/dev/null 2>&1 + + md=$(attach_md -t malloc -s $sectors) + + # -B none + rm -f /var/backups/${md}.eli + atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md} + if [ -f /var/backups/${md}.eli ]; then + atf_fail "geli created a backup file even with -B none" + fi + + # no -B + rm -f /var/backups/${md}.eli + atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md} + if [ ! -f /var/backups/${md}.eli ]; then + atf_fail "geli did not create a backup file" + fi + geli clear ${md} + atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md} + atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md} + geli detach ${md} + rm -f /var/backups/${md}.eli + + # -B file + rm -f backupfile + atf_check -s exit:0 -o ignore \ + geli init -B backupfile -P -K keyfile ${md} + if [ ! -f backupfile ]; then + atf_fail "geli init -B did not create a backup file" + fi + geli clear ${md} + atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check -s exit:0 geli restore backupfile ${md} + atf_check -s exit:0 geli attach -p -k keyfile ${md} +} +init_B_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_J cleanup +init_J_head() +{ + atf_set "descr" "init -J accepts a passfile" + atf_set "require.user" "root" +} +init_J_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + dd if=/dev/random of=keyfile0 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile1 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > passfile0 + dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > passfile1 + + for iter in -1 0 64; do + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -P ${md} + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md} + atf_check -s exit:0 \ + geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k passfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 -k passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j keyfile0 -k keyfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 -k passfile0 ${md} + atf_check -s exit:0 -e ignore \ + geli attach -j passfile0 -k keyfile0 ${md} + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 | geli attach -j passfile0 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 | geli attach -j - -k keyfile0 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md} + atf_check -s not-exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md} + atf_check -s exit:0 -e ignore \ + geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -p ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md} + atf_check -s not-exit:0 -e ignore \ + geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md} + atf_check -s exit:0 -e ignore \ + geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md} + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + atf_check -s exit:0 -e ignore -x \ + "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}" + atf_check -s exit:0 -e ignore geli detach ${md} + done +} +init_J_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +init_a_test() +{ cipher=$1 - secsize=$2 + aalgo=$2 + secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null - geli attach -p -k $keyfile ${md} + atf_check -s exit:0 -e ignore geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile -s $secsize ${md} + atf_check -s exit:0 geli attach -p -k keyfile ${md} secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` - dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 - dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null + dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` + md_rnd=`dd if=rnd bs=${secsize} count=${secs} 2>/dev/null | md5` md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5` - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi - i=$((i+1)) - if [ ${md_rnd} != ${md_edev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" +} +atf_test_case init_a cleanup +init_a_head() +{ + atf_set "descr" "I/O with geli and HMACs" + atf_set "require.user" "root" + atf_set "timeout" 3600 +} +init_a_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + + dd if=/dev/random of=keyfile bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=rnd bs=8192 count=${sectors} >/dev/null 2>&1 + for_each_geli_config init_a_test + true +} +init_a_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +init_alias_test() { + ealgo=$1 + keylen=$2 + expected_ealgo=$3 + expected_keylen=$4 + + atf_check -s exit:0 \ + geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md} + atf_check -s exit:0 geli attach -p -k keyfile ${md} + real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'` + real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'` + + if [ "${real_ealgo}" != "${expected_ealgo}" ]; then + atf_fail "expected ${expected_ealgo} but got ${real_ealgo}" fi - i=$((i+1)) + + if [ "${real_keylen}" != "${expected_keylen}" ]; then + atf_fail "expected ${expected_keylen} but got ${real_keylen}" + fi + atf_check -s exit:0 geli detach ${md} } +atf_test_case init_alias cleanup +init_alias_head() +{ + atf_set "descr" "geli init accepts cipher aliases" + atf_set "require.user" "root" +} +init_alias_body() +{ + . $(atf_get_srcdir)/conf.sh -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -for_each_geli_config_nointegrity do_test + md=$(attach_md -t malloc -s 1024k) + dd if=/dev/random of=keyfile bs=512 count=16 >/dev/null 2>&1 -rm -f $rnd -rm -f $keyfile + for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \ + 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \ + blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \ + blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \ + blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \ + blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \ + blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \ + blowfish:448:Blowfish-CBC:448 \ + camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \ + camellia:256:CAMELLIA-CBC:256 ; do + + ealgo=`echo $spec | cut -d : -f 1` + keylen=`echo $spec | cut -d : -f 2` + expected_ealgo=`echo $spec | cut -d : -f 3` + expected_keylen=`echo $spec | cut -d : -f 4` + + init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen + done +} +init_alias_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case init_i_P cleanup +init_i_P_head() +{ + atf_set "descr" "geli: Options -i and -P are mutually exclusive" + atf_set "require.user" "root" +} +init_i_P_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) + + dd if=/dev/random of=keyfile bs=512 count=16 >/dev/null 2>&1 + + atf_check -s exit:1 -e "match:Options -i and -P are mutually exclusive"\ + geli init -B none -i 64 -P -K keyfile $md +} +init_i_P_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case init + atf_add_test_case init_B + atf_add_test_case init_J + atf_add_test_case init_a + atf_add_test_case init_alias + atf_add_test_case init_i_P +} Index: tests/sys/geom/class/eli/integrity_copy_test.sh =================================================================== --- tests/sys/geom/class/eli/integrity_copy_test.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=2 -keyfile=`mktemp $base.XXXXXX` || exit 1 -sector=`mktemp $base.XXXXXX` || exit 1 - -echo "1..2400" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null - geli attach -p -k $keyfile ${md} - - dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1 - - dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach ${md} - # Copy first small sector to the second small sector. - # This should be detected as corruption. - dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1 - dd if=${sector} of=/dev/${md} bs=512 count=1 seek=1 >/dev/null 2>&1 - geli attach -p -k $keyfile ${md} - - dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` - ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` - usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` - - # Fix the corruption - dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1 - - dd if=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) - - geli detach ${md} - # Copy first big sector to the second big sector. - # This should be detected as corruption. - dd if=/dev/${md} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1 - dd if=${sector} of=/dev/${md} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1 - geli attach -p -k $keyfile ${md} 2>/dev/null - if [ $? -ne 0 ]; then - echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) -} - - -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $keyfile $sector Index: tests/sys/geom/class/eli/integrity_data_test.sh =================================================================== --- tests/sys/geom/class/eli/integrity_data_test.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=2 -keyfile=`mktemp $base.XXXXXX` || exit 1 -sector=`mktemp $base.XXXXXX` || exit 1 - -echo "1..600" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null - - # Corrupt 8 bytes of data. - dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1 - dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1 - dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1 - geli attach -p -k $keyfile ${md} - - dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) -} - -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $keyfile $sector Index: tests/sys/geom/class/eli/integrity_hmac_test.sh =================================================================== --- tests/sys/geom/class/eli/integrity_hmac_test.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=2 -keyfile=`mktemp $base.XXXXXX` || exit 1 -sector=`mktemp $base.XXXXXX` || exit 1 - -echo "1..600" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null - - # Corrupt 8 bytes of HMAC. - dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1 - dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1 - dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1 - geli attach -p -k $keyfile ${md} - - dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) -} - - -i=1 -dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $keyfile $sector Index: tests/sys/geom/class/eli/integrity_test.sh =================================================================== --- /dev/null +++ tests/sys/geom/class/eli/integrity_test.sh @@ -0,0 +1,159 @@ +# $FreeBSD$ + +copy_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P \ + -K keyfile -s $secsize ${md} + atf_check -s exit:0 geli attach -p -k keyfile ${md} + + dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 2>/dev/null + + atf_check -s exit:0 geli detach ${md} + # Copy first small sector to the second small sector. + # This should be detected as corruption. + dd if=/dev/${md} of=sector bs=512 count=1 2>/dev/null + dd if=sector of=/dev/${md} bs=512 count=1 seek=1 2>/dev/null + atf_check -s exit:0 geli attach -p -k keyfile ${md} + + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 + + # Fix the corruption + dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 2>/dev/null + atf_check -s exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 + + # Copy first big sector to the second big sector. + # This should be detected as corruption. + ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` + ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` + usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` + atf_check -s exit:0 geli detach ${md} + dd if=/dev/${md} of=sector bs=${usecsize} count=1 2>/dev/null + dd if=sector of=/dev/${md} bs=${usecsize} count=1 seek=1 2>/dev/null + atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md} +} + +atf_test_case copy cleanup +copy_head() +{ + atf_set "descr" "geli will detect misdirected writes as corruption" + atf_set "require.user" "root" + atf_set "timeout" 3600 +} +copy_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + dd if=/dev/random of=keyfile bs=512 count=16 2>/dev/null + for_each_geli_config copy_test +} +copy_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + + +data_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ + -s $secsize ${md} + + # Corrupt 8 bytes of data. + dd if=/dev/${md} of=sector bs=512 count=1 >/dev/null 2>&1 + dd if=/dev/random of=sector bs=1 count=8 seek=64 conv=notrunc 2>/dev/null + dd if=sector of=/dev/${md} bs=512 count=1 2>/dev/null + atf_check -s exit:0 geli attach -p -k keyfile ${md} + + # Try to read from the corrupt sector + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 +} + +atf_test_case data cleanup +data_head() +{ + atf_set "descr" "With HMACs, geli will detect data corruption" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +data_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + dd if=/dev/random of=keyfile bs=512 count=16 2>/dev/null + for_each_geli_config data_test +} +data_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +hmac_test() { + cipher=$1 + aalgo=$2 + secsize=$3 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + atf_check -s exit:0 -e ignore \ + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ + -s $secsize ${md} + + # Corrupt 8 bytes of HMAC. + dd if=/dev/${md} of=sector bs=512 count=1 >/dev/null 2>&1 + dd if=/dev/random of=sector bs=1 count=16 conv=notrunc 2>/dev/null + dd if=sector of=/dev/${md} bs=512 count=1 2>/dev/null + atf_check -s exit:0 geli attach -p -k keyfile ${md} + + # Try to read from the corrupt sector + atf_check -s not-exit:0 -e ignore \ + dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 +} + +atf_test_case hmac cleanup +hmac_head() +{ + atf_set "descr" "geli will detect corruption of HMACs" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +hmac_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=2 + + dd if=/dev/random of=keyfile bs=512 count=16 2>/dev/null + for_each_geli_config hmac_test +} +hmac_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_init_test_cases() +{ + atf_add_test_case copy + atf_add_test_case data + atf_add_test_case hmac +} Index: tests/sys/geom/class/eli/kill_test.sh =================================================================== --- tests/sys/geom/class/eli/kill_test.sh +++ tests/sys/geom/class/eli/kill_test.sh @@ -1,97 +1,71 @@ -#!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +atf_test_case kill cleanup +kill_head() +{ + atf_set "descr" "geli kill will wipe a provider's metadata" + atf_set "require.user" "root" +} +kill_body() +{ + . $(atf_get_srcdir)/conf.sh -base=`basename $0` -sectors=100 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -keyfile2=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) -echo "1..9" + dd if=/dev/random of=keyfile1 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile2 bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 + atf_check -s exit:0 geli init -B none -P -K keyfile1 ${md} + atf_check -s exit:0 geli attach -p -k keyfile1 ${md} + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md} -geli init -B none -P -K $keyfile1 ${md} -geli attach -p -k $keyfile1 ${md} -geli setkey -n 1 -P -K $keyfile2 ${md} + # Kill attached provider. + atf_check -s exit:0 geli kill ${md} + sleep 1 + # Provider should be automatically detached. + if [ -c /dev/${md}.eli ]; then + atf_fail "Provider did not detach when killed" + fi -# Kill attached provider. -geli kill ${md} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi -sleep 1 -# Provider should be automatically detached. -if [ ! -c /dev/${md}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile1 ${md} -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile2 ${md} -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi + atf_check -s exit:0 geli init -B none -P -K keyfile1 ${md} + atf_check -s exit:0 -o ignore \ + geli setkey -n 1 -p -k keyfile1 -P -K keyfile2 ${md} -geli init -B none -P -K $keyfile1 ${md} -geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 ${md} + # Should be possible to attach with keyfile1. + atf_check -s exit:0 geli attach -p -k keyfile1 ${md} + atf_check -s exit:0 geli detach ${md} -# Should be possible to attach with keyfile1. -geli attach -p -k $keyfile1 ${md} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi -geli detach ${md} + # Should be possible to attach with keyfile2. + atf_check -s exit:0 geli attach -p -k keyfile2 ${md} + atf_check -s exit:0 geli detach ${md} -# Should be possible to attach with keyfile2. -geli attach -p -k $keyfile2 ${md} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi -geli detach ${md} + # Kill detached provider. + atf_check -s exit:0 geli kill ${md} -# Kill detached provider. -geli kill ${md} -if [ $? -eq 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile1 ${md} -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Cannot read metadata" \ + geli attach -p -k keyfile2 ${md} +} +kill_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi - -rm -f $keyfile1 $keyfile2 +atf_init_test_cases() +{ + atf_add_test_case kill +} Index: tests/sys/geom/class/eli/onetime_a_test.sh =================================================================== --- tests/sys/geom/class/eli/onetime_a_test.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=8 -rnd=`mktemp $base.XXXXXX` || exit 1 - -echo "1..600" - -do_test() { - cipher=$1 - aalgo=$2 - secsize=$3 - ealgo=${cipher%%:*} - keylen=${cipher##*:} - - geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null - - secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` - - dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null - - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` - md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - fi - i=$((i+1)) -} - -i=1 -dd if=/dev/random of=${rnd} bs=1024 count=1024 >/dev/null 2>&1 - -for_each_geli_config do_test - -rm -f $rnd Index: tests/sys/geom/class/eli/onetime_d_test.sh =================================================================== --- tests/sys/geom/class/eli/onetime_d_test.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# $FreeBSD$ - -. $(dirname $0)/conf.sh - -base=`basename $0` -sectors=100 -md=$(attach_md -t malloc -s $sectors) - -echo "1..3" - -geli onetime -d ${md} -if [ -c /dev/${md}.eli ]; then - echo "ok 1" -else - echo "not ok 1" -fi -# Be sure it doesn't detach on read. -dd if=/dev/${md}.eli of=/dev/null 2>/dev/null -sleep 1 -if [ -c /dev/${md}.eli ]; then - echo "ok 2" -else - echo "not ok 2" -fi -true > /dev/${md}.eli -sleep 1 -if [ ! -c /dev/${md}.eli ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -mdconfig -d -u ${md} Index: tests/sys/geom/class/eli/onetime_test.sh =================================================================== --- tests/sys/geom/class/eli/onetime_test.sh +++ tests/sys/geom/class/eli/onetime_test.sh @@ -1,47 +1,135 @@ -#!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +onetime_test() +{ + cipher=$1 + secsize=$2 + ealgo=${cipher%%:*} + keylen=${cipher##*:} -base=`basename $0` -sectors=100 + atf_check -s exit:0 -o ignore -e ignore \ + geli onetime -e $ealgo -l $keylen -s $secsize ${md} -echo "1..200" + secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` -do_test() { + dd if=/dev/random of=rnd bs=${secsize} count=${secs} >/dev/null 2>&1 + dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null + + md_rnd=`dd if=rnd bs=${secsize} count=${secs} 2>/dev/null | md5` + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` + md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5` + + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "geli did not return the original data" + fi + if [ ${md_rnd} == ${md_edev} ]; then + atf_fail "geli did not encrypt the data" + fi +} +atf_test_case onetime cleanup +onetime_head() +{ + atf_set "descr" "geli onetime can create temporary providers" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +onetime_body() +{ + . $(atf_get_srcdir)/conf.sh + sectors=100 + + for_each_geli_config_nointegrity onetime_test +} +onetime_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +onetime_a_test() +{ cipher=$1 - secsize=$2 + aalgo=$2 + secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - rnd=`mktemp $base.XXXXXX` || exit 1 + atf_check -s exit:0 -o ignore -e ignore \ + geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} - geli onetime -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null - secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` - dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 - dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null + dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null - md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` + md_rnd=`dd if=rnd bs=${secsize} count=${secs} 2>/dev/null | md5` md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` - md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5` - if [ ${md_rnd} = ${md_ddev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi - i=$((i+1)) - if [ ${md_rnd} != ${md_edev} ]; then - echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" - else - echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" +} +atf_test_case onetime_a cleanup +onetime_a_head() +{ + atf_set "descr" "geli onetime with HMACs" + atf_set "require.user" "root" + atf_set "timeout" 1800 +} +onetime_a_body() +{ + . $(atf_get_srcdir)/conf.sh + sectors=8 + + dd if=/dev/random of=rnd bs=1024 count=1024 >/dev/null 2>&1 + for_each_geli_config onetime_a_test +} +onetime_a_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} + +atf_test_case onetime_d cleanup +onetime_d_head() +{ + atf_set "descr" "geli onetime -d will create providers that detach on last close" + atf_set "require.user" "root" +} +onetime_d_body() +{ + . $(atf_get_srcdir)/conf.sh + + sectors=100 + md=$(attach_md -t malloc -s $sectors) + + atf_check -s exit:0 geli onetime -d ${md} + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Provider not created, or immediately detached" fi - i=$((i+1)) - rm -f $rnd + # Be sure it doesn't detach on read. + dd if=/dev/${md}.eli of=/dev/null 2>/dev/null + sleep 1 + if [ ! -c /dev/${md}.eli ]; then + atf_fail "Provider detached when a reader closed" + fi + + # It should detach when a writer closes + true > /dev/${md}.eli + sleep 1 + if [ -c /dev/${md}.eli ]; then + atf_fail "Provider didn't detach on last close of a writer" + fi } +onetime_d_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} -i=1 -for_each_geli_config_nointegrity do_test +atf_init_test_cases() +{ + atf_add_test_case onetime + atf_add_test_case onetime_a + atf_add_test_case onetime_d +} Index: tests/sys/geom/class/eli/resize_test.sh =================================================================== --- tests/sys/geom/class/eli/resize_test.sh +++ tests/sys/geom/class/eli/resize_test.sh @@ -1,145 +1,88 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh - -echo 1..27 - -BLK=512 -BLKS_PER_MB=2048 - -md=$(attach_md -t malloc -s40m) -i=1 - -fsck_md() +atf_test_case resize cleanup +resize_head() { - local is_clean - - out=$(fsck_ffs -Ffy ${md}a.eli) - if [ $? -eq 0 -o $? -eq 7 ]; then - echo "ok $i - fsck says ${md}a.eli is clean" - else - echo "not ok $i - fsck says ${md}a.eli is dirty" - fi - i=$((i + 1)) + atf_set "descr" "geli resize will resize a geli provider" + atf_set "require.user" "root" } +resize_body() +{ + . $(atf_get_srcdir)/conf.sh + BLK=512 + BLKS_PER_MB=2048 -setsize() { - partszMB=$1 + md=$(attach_md -t malloc -s40m) - gpart resize -i 1 -s ${partszMB}m ${md} -} + # Initialise + atf_check -s exit:0 -o ignore gpart create -s BSD ${md} + atf_check -s exit:0 -o ignore gpart add -t freebsd-ufs -s 10m ${md} -# Initialise + echo secret >tmp.key + atf_check -s exit:0 geli init -Bnone -PKtmp.key ${md}a + atf_check -s exit:0 geli attach -pk tmp.key ${md}a -gpart create -s BSD ${md} -gpart add -t freebsd-ufs -s 10m ${md} -setsize 10 || echo -n "not " -echo ok $i - "Sized ${md}a to 10m" -i=$((i + 1)) + atf_check -s exit:0 -o ignore newfs -U ${md}a.eli + atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli -echo secret >tmp.key -geli init -Bnone -PKtmp.key ${md}a || echo -n "not " -echo ok $i - "Initialised geli on ${md}a" -i=$((i + 1)) -geli attach -pk tmp.key ${md}a || echo -n "not " -echo ok $i - "Attached ${md}a as ${md}a.eli" -i=$((i + 1)) + # Doing a backup, resize & restore must be forced (with -f) as geli + # verifies that the provider size in the metadata matches the consumer. -newfs -U ${md}a.eli >/dev/null || echo -n "not " -echo ok $i - "Initialised the filesystem on ${md}a.eli" -i=$((i + 1)) -fsck_md + atf_check -s exit:0 geli backup ${md}a tmp.meta + atf_check -s exit:0 geli detach ${md}a.eli + atf_check -s exit:0 -o match:resized gpart resize -i1 -s 20m ${md} + atf_check -s not-exit:0 -e ignore geli attach -pktmp.key ${md}a + atf_check -s not-exit:0 -e ignore geli restore tmp.meta ${md}a + atf_check -s exit:0 geli restore -f tmp.meta ${md}a + atf_check -s exit:0 geli attach -pktmp.key ${md}a + atf_check -s exit:0 -o ignore growfs -y ${md}a.eli + atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli -# Doing a backup, resize & restore must be forced (with -f) as geli -# verifies that the provider size in the metadata matches the consumer. + # Now do the resize properly -geli backup ${md}a tmp.meta || echo -n "not " -echo ok $i - "Backed up ${md}a metadata" -i=$((i + 1)) + atf_check -s exit:0 geli detach ${md}a.eli + atf_check -s exit:0 -o match:resized gpart resize -i1 -s 30m ${md} + atf_check -s exit:0 geli resize -s20m ${md}a + atf_check -s not-exit:0 -e match:"Inconsistent provider.*metadata" \ + geli resize -s20m ${md}a + atf_check -s exit:0 geli attach -pktmp.key ${md}a + atf_check -s exit:0 -o ignore growfs -y ${md}a.eli + atf_check -s exit:7 -o ignore fsck_ffs -Ffy ${md}a.eli -geli detach ${md}a.eli || echo -n "not " -echo ok $i - "Detached ${md}a.eli" -i=$((i + 1)) + atf_check -s exit:0 geli detach ${md}a.eli + atf_check -s exit:0 -o ignore gpart destroy -F $md -setsize 20 || echo -n "not " -echo ok $i - "Sized ${md}a to 20m" -i=$((i + 1)) -geli attach -pktmp.key ${md}a && echo -n "not " -echo ok $i - "Attaching ${md}a fails after resizing the consumer" -i=$((i + 1)) -geli restore tmp.meta ${md}a && echo -n "not " -echo ok $i - "Restoring metadata on ${md}a.eli fails without -f" -i=$((i + 1)) -geli restore -f tmp.meta ${md}a || echo -n "not " -echo ok $i - "Restoring metadata on ${md}a.eli can be forced" -i=$((i + 1)) + # Verify that the man page example works, changing ada0 to $md, + # 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none + # to geli init. -geli attach -pktmp.key ${md}a || echo -n "not " -echo ok $i - "Attaching ${md}a is now possible" -i=$((i + 1)) + atf_check -s exit:0 -o ignore gpart create -s GPT $md + atf_check -s exit:0 -o ignore gpart add -s 20m -t freebsd-ufs -i 1 $md + atf_check -s exit:0 geli init -B none -K tmp.key -P ${md}p1 + atf_check -s exit:0 -o match:resized gpart resize -s 30m -i 1 $md + atf_check -s exit:0 geli resize -s 20m ${md}p1 + atf_check -s exit:0 geli attach -k tmp.key -p ${md}p1 +} +resize_cleanup() +{ + . $(atf_get_srcdir)/conf.sh -growfs -y ${md}a.eli >/dev/null || echo -n "not " -echo ok $i - "Extended the filesystem on ${md}a.eli" -i=$((i + 1)) + if [ -f "$TEST_MDS_FILE" ]; then + while read md; do + [ -c /dev/${md}a.eli ] && \ + geli detach ${md}a.eli 2>/dev/null + [ -c /dev/${md}p1.eli ] && \ + geli detach ${md}p1.eli + [ -c /dev/${md}.eli ] && \ + geli detach ${md}.eli 2>/dev/null + mdconfig -d -u $md 2>/dev/null + done < $TEST_MDS_FILE + fi +} -fsck_md - -# Now do the resize properly - -geli detach ${md}a.eli || echo -n "not " -echo ok $i - "Detached ${md}a.eli" -i=$((i + 1)) - -setsize 30 || echo -n "not " -echo ok $i - "Sized ${md}a to 30m" -i=$((i + 1)) - -geli resize -s20m ${md}a || echo -n "not " -echo ok $i - "Resizing works ok" -i=$((i + 1)) -geli resize -s20m ${md}a && echo -n "not " -echo ok $i - "Resizing doesn't work a 2nd time (no old metadata)" -i=$((i + 1)) - -geli attach -pktmp.key ${md}a || echo -n "not " -echo ok $i - "Attaching ${md}a works ok" -i=$((i + 1)) - -growfs -y ${md}a.eli >/dev/null || echo -n "not " -echo ok $i - "Extended the filesystem on ${md}a.eli" -i=$((i + 1)) - -fsck_md - -geli detach ${md}a.eli -gpart destroy -F $md >/dev/null - - -# Verify that the man page example works, changing ada0 to $md, -# 1g to 20m, 2g to 30m and keyfile to tmp.key, and adding -B none -# to geli init. - -gpart create -s GPT $md || echo -n "not " -echo ok $i - "Installed a GPT on ${md}" -i=$((i + 1)) -gpart add -s 20m -t freebsd-ufs -i 1 $md || echo -n "not " -echo ok $i - "Added a 20m partition in slot 1" -i=$((i + 1)) -geli init -B none -K tmp.key -P ${md}p1 || echo -n "not " -echo ok $i - "Initialised geli on ${md}p1" -i=$((i + 1)) -gpart resize -s 30m -i 1 $md || echo -n "not " -echo ok $i - "Resized partition ${md}p1 to 30m" -i=$((i + 1)) -geli resize -s 20m ${md}p1 || echo -n "not " -echo ok $i - "Resized geli on ${md}p1 to 30m" -i=$((i + 1)) -geli attach -k tmp.key -p ${md}p1 || echo -n "not " -echo ok $i - "Attached ${md}p1.eli" -i=$((i + 1)) - -geli detach ${md}p1.eli - -rm tmp.* +atf_init_test_cases() +{ + atf_add_test_case resize +} Index: tests/sys/geom/class/eli/setkey_test.sh =================================================================== --- tests/sys/geom/class/eli/setkey_test.sh +++ tests/sys/geom/class/eli/setkey_test.sh @@ -1,156 +1,91 @@ #!/bin/sh # $FreeBSD$ -. $(dirname $0)/conf.sh +atf_test_case setkey cleanup +setkey_head() +{ + atf_set "descr" "geli setkey can change the key for an existing provider" + atf_set "require.user" "root" +} +setkey_body() +{ + . $(atf_get_srcdir)/conf.sh -base=`basename $0` -sectors=100 -rnd=`mktemp $base.XXXXXX` || exit 1 -keyfile1=`mktemp $base.XXXXXX` || exit 1 -keyfile2=`mktemp $base.XXXXXX` || exit 1 -keyfile3=`mktemp $base.XXXXXX` || exit 1 -keyfile4=`mktemp $base.XXXXXX` || exit 1 -keyfile5=`mktemp $base.XXXXXX` || exit 1 -md=$(attach_md -t malloc -s `expr $sectors + 1`) + sectors=100 + md=$(attach_md -t malloc -s `expr $sectors + 1`) -echo "1..16" + dd if=/dev/random of=rnd bs=512 count=${sectors} >/dev/null 2>&1 + hash1=`dd if=rnd bs=512 count=${sectors} 2>/dev/null | md5` + dd if=/dev/random of=keyfile1 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile2 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile3 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile4 bs=512 count=16 >/dev/null 2>&1 + dd if=/dev/random of=keyfile5 bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${rnd} bs=512 count=${sectors} >/dev/null 2>&1 -hash1=`dd if=${rnd} bs=512 count=${sectors} 2>/dev/null | md5` -dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1 -dd if=/dev/random of=${keyfile5} bs=512 count=16 >/dev/null 2>&1 + atf_check -s exit:0 geli init -B none -P -K keyfile1 ${md} + atf_check -s exit:0 geli attach -p -k keyfile1 ${md} -geli init -B none -P -K $keyfile1 ${md} -geli attach -p -k $keyfile1 ${md} + dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null + hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` -dd if=${rnd} of=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null -rm -f $rnd -hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + # Change current key (0) for attached provider. + atf_check -s exit:0 -o ignore geli setkey -P -K keyfile2 ${md} + atf_check -s exit:0 geli detach ${md} -# Change current key (0) for attached provider. -geli setkey -P -K $keyfile2 ${md} -if [ $? -eq 0 ]; then - echo "ok 1" -else - echo "not ok 1" -fi -geli detach ${md} + # We cannot use keyfile1 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile1 ${md} -# We cannot use keyfile1 anymore. -geli attach -p -k $keyfile1 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi + # Attach with new key. + atf_check -s exit:0 geli attach -p -k keyfile2 ${md} + hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` -# Attach with new key. -geli attach -p -k $keyfile2 ${md} -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi -hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + # Change key 1 for attached provider. + atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile3 ${md} + atf_check -s exit:0 geli detach ${md} -# Change key 1 for attached provider. -geli setkey -n 1 -P -K $keyfile3 ${md} -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi -geli detach ${md} + # Attach with key 1. + atf_check -s exit:0 geli attach -p -k keyfile3 ${md} + hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check -s exit:0 geli detach ${md} -# Attach with key 1. -geli attach -p -k $keyfile3 ${md} -if [ $? -eq 0 ]; then - echo "ok 5" -else - echo "not ok 5" -fi -hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` -geli detach ${md} + # Change current (1) key for detached provider. + atf_check -s exit:0 -o ignore geli setkey -p -k keyfile3 -P -K keyfile4 ${md} -# Change current (1) key for detached provider. -geli setkey -p -k $keyfile3 -P -K $keyfile4 ${md} -if [ $? -eq 0 ]; then - echo "ok 6" -else - echo "not ok 6" -fi + # We cannot use keyfile3 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile3 ${md} -# We cannot use keyfile3 anymore. -geli attach -p -k $keyfile3 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 7" -else - echo "not ok 7" -fi + # Attach with key 1. + atf_check -s exit:0 geli attach -p -k keyfile4 ${md} + hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check -s exit:0 geli detach ${md} -# Attach with key 1. -geli attach -p -k $keyfile4 ${md} -if [ $? -eq 0 ]; then - echo "ok 8" -else - echo "not ok 8" -fi -hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` -geli detach ${md} + # Change key 0 for detached provider. + atf_check -s exit:0 -o ignore geli setkey -n 0 -p -k keyfile4 -P -K keyfile5 ${md} -# Change key 0 for detached provider. -geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 ${md} -if [ $? -eq 0 ]; then - echo "ok 9" -else - echo "not ok 9" -fi + # We cannot use keyfile2 anymore. + atf_check -s not-exit:0 -e match:"Wrong key" \ + geli attach -p -k keyfile2 ${md} 2>/dev/null -# We cannot use keyfile2 anymore. -geli attach -p -k $keyfile2 ${md} 2>/dev/null -if [ $? -ne 0 ]; then - echo "ok 10" -else - echo "not ok 10" -fi + # Attach with key 0. + atf_check -s exit:0 geli attach -p -k keyfile5 ${md} + hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` + atf_check -s exit:0 geli detach ${md} -# Attach with key 0. -geli attach -p -k $keyfile5 ${md} -if [ $? -eq 0 ]; then - echo "ok 11" -else - echo "not ok 11" -fi -hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5` -geli detach ${md} + atf_check -s exit:0 [ ${hash1} = ${hash2} ] + atf_check -s exit:0 [ ${hash1} = ${hash3} ] + atf_check -s exit:0 [ ${hash1} = ${hash4} ] + atf_check -s exit:0 [ ${hash1} = ${hash5} ] + atf_check -s exit:0 [ ${hash1} = ${hash6} ] +} +setkey_cleanup() +{ + . $(atf_get_srcdir)/conf.sh + geli_test_cleanup +} -if [ ${hash1} = ${hash2} ]; then - echo "ok 12" -else - echo "not ok 12" -fi -if [ ${hash1} = ${hash3} ]; then - echo "ok 13" -else - echo "not ok 13" -fi -if [ ${hash1} = ${hash4} ]; then - echo "ok 14" -else - echo "not ok 14" -fi -if [ ${hash1} = ${hash5} ]; then - echo "ok 15" -else - echo "not ok 15" -fi -if [ ${hash1} = ${hash6} ]; then - echo "ok 16" -else - echo "not ok 16" -fi - -rm -f $keyfile1 $keyfile2 $keyfile3 $keyfile4 $keyfile5 +atf_init_test_cases() +{ + atf_add_test_case setkey +}