Index: head/tests/sys/geom/class/eli/conf.sh =================================================================== --- head/tests/sys/geom/class/eli/conf.sh (revision 327346) +++ head/tests/sys/geom/class/eli/conf.sh (revision 327347) @@ -1,68 +1,76 @@ #!/bin/sh # $FreeBSD$ class="eli" base=`basename $0` # Execute `func` for each combination of cipher, sectorsize, and hmac algo # `func` usage should be: # func for_each_geli_config() { func=$1 for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ 3des-cbc:192 \ blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \ hmac/sha384 hmac/sha512; do for secsize in 512 1024 2048 4096 8192; do + bytes=`expr $secsize \* $sectors + 512`b + md=$(attach_md -t malloc -s $bytes) ${func} $cipher $aalgo $secsize + geli detach ${md} 2>/dev/null + mdconfig -d -u ${md} 2>/dev/null done done done } # Execute `func` for each combination of cipher, and sectorsize, with no hmac # `func` usage should be: # func for_each_geli_config_nointegrity() { func=$1 for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ 3des-cbc:192 \ blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for secsize in 512 1024 2048 4096 8192; do + bytes=`expr $secsize \* $sectors + 512`b + md=$(attach_md -t malloc -s $bytes) ${func} $cipher $aalgo $secsize + geli detach ${md} 2>/dev/null + mdconfig -d -u ${md} 2>/dev/null done done } geli_test_cleanup() { if [ -f "$TEST_MDS_FILE" ]; then while read md; do [ -c /dev/${md}.eli ] && \ geli detach $md.eli 2>/dev/null mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi rm -f "$TEST_MDS_FILE" } trap geli_test_cleanup ABRT EXIT INT TERM . `dirname $0`/../geom_subr.sh Index: head/tests/sys/geom/class/eli/init_a_test.sh =================================================================== --- head/tests/sys/geom/class/eli/init_a_test.sh (revision 327346) +++ head/tests/sys/geom/class/eli/init_a_test.sh (revision 327347) @@ -1,50 +1,46 @@ #!/bin/sh # $FreeBSD$ . $(dirname $0)/conf.sh base=`basename $0` sectors=100 keyfile=`mktemp $base.XXXXXX` || exit 1 rnd=`mktemp $base.XXXXXX` || exit 1 do_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b) geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null geli attach -p -k $keyfile ${md} secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` if [ ${md_rnd} = ${md_ddev} ]; then echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) - - geli detach ${md} - mdconfig -d -u ${md} } echo "1..600" i=1 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 dd if=/dev/random of=${rnd} bs=8192 count=${sectors} >/dev/null 2>&1 for_each_geli_config do_test rm -f $rnd rm -f $keyfile Index: head/tests/sys/geom/class/eli/init_test.sh =================================================================== --- head/tests/sys/geom/class/eli/init_test.sh (revision 327346) +++ head/tests/sys/geom/class/eli/init_test.sh (revision 327347) @@ -1,55 +1,50 @@ #!/bin/sh # $FreeBSD$ . $(dirname $0)/conf.sh base=`basename $0` sectors=32 keyfile=`mktemp $base.XXXXXX` || exit 1 rnd=`mktemp $base.XXXXXX` || exit 1 echo "1..200" do_test() { cipher=$1 secsize=$2 ealgo=${cipher%%:*} keylen=${cipher##*:} - md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b) - geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null geli attach -p -k $keyfile ${md} secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5` if [ ${md_rnd} = ${md_ddev} ]; then echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) if [ ${md_rnd} != ${md_edev} ]; then echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) - - geli detach ${md} - mdconfig -d -u ${md} } i=1 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 for_each_geli_config_nointegrity do_test rm -f $rnd rm -f $keyfile Index: head/tests/sys/geom/class/eli/integrity_copy_test.sh =================================================================== --- head/tests/sys/geom/class/eli/integrity_copy_test.sh (revision 327346) +++ head/tests/sys/geom/class/eli/integrity_copy_test.sh (revision 327347) @@ -1,88 +1,83 @@ #!/bin/sh # $FreeBSD$ . $(dirname $0)/conf.sh base=`basename $0` +sectors=2 keyfile=`mktemp $base.XXXXXX` || exit 1 sector=`mktemp $base.XXXXXX` || exit 1 echo "1..2400" do_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b) geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null geli attach -p -k $keyfile ${md} dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1 dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1 if [ $? -eq 0 ]; then echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) geli detach ${md} # Copy first small sector to the second small sector. # This should be detected as corruption. dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1 dd if=${sector} of=/dev/${md} bs=512 count=1 seek=1 >/dev/null 2>&1 geli attach -p -k $keyfile ${md} dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` # Fix the corruption dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1 dd if=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1 if [ $? -eq 0 ]; then echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) geli detach ${md} # Copy first big sector to the second big sector. # This should be detected as corruption. dd if=/dev/${md} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1 dd if=${sector} of=/dev/${md} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1 - geli attach -p -k $keyfile ${md} - - dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1 + geli attach -p -k $keyfile ${md} 2>/dev/null if [ $? -ne 0 ]; then echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) - - geli detach ${md} - mdconfig -d -u ${md} } i=1 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 for_each_geli_config do_test rm -f $keyfile $sector Index: head/tests/sys/geom/class/eli/integrity_data_test.sh =================================================================== --- head/tests/sys/geom/class/eli/integrity_data_test.sh (revision 327346) +++ head/tests/sys/geom/class/eli/integrity_data_test.sh (revision 327347) @@ -1,45 +1,42 @@ #!/bin/sh # $FreeBSD$ . $(dirname $0)/conf.sh base=`basename $0` +sectors=2 keyfile=`mktemp $base.XXXXXX` || exit 1 sector=`mktemp $base.XXXXXX` || exit 1 echo "1..600" do_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b) geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null # Corrupt 8 bytes of data. dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1 dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1 dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1 geli attach -p -k $keyfile ${md} dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) - - geli detach ${md} - mdconfig -d -u ${md} } i=1 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 for_each_geli_config do_test rm -f $keyfile $sector Index: head/tests/sys/geom/class/eli/integrity_hmac_test.sh =================================================================== --- head/tests/sys/geom/class/eli/integrity_hmac_test.sh (revision 327346) +++ head/tests/sys/geom/class/eli/integrity_hmac_test.sh (revision 327347) @@ -1,46 +1,43 @@ #!/bin/sh # $FreeBSD$ . $(dirname $0)/conf.sh base=`basename $0` +sectors=2 keyfile=`mktemp $base.XXXXXX` || exit 1 sector=`mktemp $base.XXXXXX` || exit 1 echo "1..600" do_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b) geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null # Corrupt 8 bytes of HMAC. dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1 dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1 dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1 geli attach -p -k $keyfile ${md} dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) - - geli detach ${md} - mdconfig -d -u ${md} } i=1 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 for_each_geli_config do_test rm -f $keyfile $sector Index: head/tests/sys/geom/class/eli/onetime_a_test.sh =================================================================== --- head/tests/sys/geom/class/eli/onetime_a_test.sh (revision 327346) +++ head/tests/sys/geom/class/eli/onetime_a_test.sh (revision 327347) @@ -1,45 +1,41 @@ #!/bin/sh # $FreeBSD$ . $(dirname $0)/conf.sh base=`basename $0` sectors=8 rnd=`mktemp $base.XXXXXX` || exit 1 echo "1..600" do_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} - md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b) geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` if [ ${md_rnd} = ${md_ddev} ]; then echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) - - geli detach ${md} - mdconfig -d -u ${md} } i=1 dd if=/dev/random of=${rnd} bs=1024 count=1024 >/dev/null 2>&1 for_each_geli_config do_test rm -f $rnd Index: head/tests/sys/geom/class/eli/onetime_test.sh =================================================================== --- head/tests/sys/geom/class/eli/onetime_test.sh (revision 327346) +++ head/tests/sys/geom/class/eli/onetime_test.sh (revision 327347) @@ -1,50 +1,47 @@ #!/bin/sh # $FreeBSD$ . $(dirname $0)/conf.sh base=`basename $0` sectors=100 echo "1..200" do_test() { cipher=$1 secsize=$2 ealgo=${cipher%%:*} keylen=${cipher##*:} rnd=`mktemp $base.XXXXXX` || exit 1 - md=$(attach_md -t malloc -s `expr $secsize \* $sectors`b) geli onetime -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null secs=`diskinfo /dev/${md}.eli | awk '{print $4}'` dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5` if [ ${md_rnd} = ${md_ddev} ]; then echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) if [ ${md_rnd} != ${md_edev} ]; then echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" else echo "not ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi i=$((i+1)) - geli detach ${md} rm -f $rnd - mdconfig -d -u ${md} } i=1 for_each_geli_config_nointegrity do_test