Index: head/tests/sys/geom/class/eli/conf.sh =================================================================== --- head/tests/sys/geom/class/eli/conf.sh (revision 327684) +++ head/tests/sys/geom/class/eli/conf.sh (revision 327685) @@ -1,88 +1,98 @@ #!/bin/sh # $FreeBSD$ class="eli" base=$(atf_get ident) MAX_SECSIZE=8192 TEST_MDS_FILE=md.devs attach_md() { local test_md test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)" echo $test_md >> $TEST_MDS_FILE || exit echo $test_md } # Execute `func` for each combination of cipher, sectorsize, and hmac algo # `func` usage should be: # func for_each_geli_config() { func=$1 + backing_filename=$2 # Double the sector size to allow for the HMACs' storage space. osecsize=$(( $MAX_SECSIZE * 2 )) # geli needs 512B for the label. bytes=`expr $osecsize \* $sectors + 512`b - md=$(attach_md -t malloc -s $bytes) + + if [ -n "$backing_filename" ]; then + # Use a file-backed md(4) device, so we can deliberatly corrupt + # it without detaching the geli device first. + truncate -s $bytes backing_file + md=$(attach_md -t vnode -f backing_file) + else + md=$(attach_md -t malloc -s $bytes) + fi + for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ 3des-cbc:192 \ blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 \ hmac/sha384 hmac/sha512; do for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $aalgo $secsize geli detach ${md} 2>/dev/null done done done } # Execute `func` for each combination of cipher, and sectorsize, with no hmac # `func` usage should be: # func for_each_geli_config_nointegrity() { func=$1 # geli needs 512B for the label. bytes=`expr $MAX_SECSIZE \* $sectors + 512`b md=$(attach_md -t malloc -s $bytes) for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ 3des-cbc:192 \ blowfish-cbc:128 blowfish-cbc:160 blowfish-cbc:192 \ blowfish-cbc:224 blowfish-cbc:256 blowfish-cbc:288 \ blowfish-cbc:320 blowfish-cbc:352 blowfish-cbc:384 \ blowfish-cbc:416 blowfish-cbc:448 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $secsize geli detach ${md} 2>/dev/null done done } geli_test_cleanup() { if [ -f "$TEST_MDS_FILE" ]; then while read md; do [ -c /dev/${md}.eli ] && \ geli detach $md.eli 2>/dev/null mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi true } . `dirname $0`/../geom_subr.sh Index: head/tests/sys/geom/class/eli/integrity_test.sh =================================================================== --- head/tests/sys/geom/class/eli/integrity_test.sh (revision 327684) +++ head/tests/sys/geom/class/eli/integrity_test.sh (revision 327685) @@ -1,160 +1,165 @@ # $FreeBSD$ copy_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P \ -K keyfile -s $secsize ${md} atf_check geli attach -p -k keyfile ${md} - atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 status=none + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=1 status=none - atf_check geli detach ${md} # Copy first small sector to the second small sector. # This should be detected as corruption. - atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none - atf_check dd if=sector of=/dev/${md} bs=512 count=1 seek=1 status=none - atf_check geli attach -p -k keyfile ${md} + atf_check dd if=backing_file of=sector bs=512 count=1 \ + conv=notrunc status=none + atf_check dd if=sector of=backing_file bs=512 count=1 seek=1 \ + conv=notrunc status=none atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 # Fix the corruption - atf_check dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 status=none - atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 status=none + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=2 status=none + atf_check dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 \ + status=none # Copy first big sector to the second big sector. # This should be detected as corruption. ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'` ns=`diskinfo /dev/${md}.eli | awk '{print $4}'` usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` - atf_check geli detach ${md} - atf_check dd if=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 512 )) of=sector status=none - atf_check dd of=/dev/${md} bs=512 count=$(( ${usecsize} / 512 )) seek=$(( $secsize / 256 )) if=sector status=none - atf_check -s exit:0 -e ignore geli attach -p -k keyfile ${md} + atf_check dd if=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ + seek=$(( $secsize / 512 )) of=sector conv=notrunc status=none + atf_check dd of=backing_file bs=512 count=$(( ${usecsize} / 512 )) \ + seek=$(( $secsize / 256 )) if=sector conv=notrunc status=none atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=$ns } atf_test_case copy cleanup copy_head() { atf_set "descr" "geli will detect misdirected writes as corruption" atf_set "require.user" "root" atf_set "timeout" 3600 } copy_body() { . $(atf_get_srcdir)/conf.sh sectors=2 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none - for_each_geli_config copy_test + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none + + for_each_geli_config copy_test backing_file } copy_cleanup() { . $(atf_get_srcdir)/conf.sh geli_test_cleanup } data_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md} # Corrupt 8 bytes of data. atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none - atf_check dd if=/dev/random of=sector bs=1 count=8 seek=64 conv=notrunc status=none + atf_check dd if=rnd of=sector bs=1 count=8 seek=64 conv=notrunc status=none atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none atf_check geli attach -p -k keyfile ${md} # Try to read from the corrupt sector atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 } atf_test_case data cleanup data_head() { atf_set "descr" "With HMACs, geli will detect data corruption" atf_set "require.user" "root" atf_set "timeout" 1800 } data_body() { . $(atf_get_srcdir)/conf.sh sectors=2 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none for_each_geli_config data_test } data_cleanup() { . $(atf_get_srcdir)/conf.sh geli_test_cleanup } hmac_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -e ignore \ geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \ -s $secsize ${md} # Corrupt 8 bytes of HMAC. atf_check dd if=/dev/${md} of=sector bs=512 count=1 status=none - atf_check dd if=/dev/random of=sector bs=1 count=16 conv=notrunc status=none + atf_check dd if=rnd of=sector bs=1 count=16 conv=notrunc status=none atf_check dd if=sector of=/dev/${md} bs=512 count=1 status=none atf_check geli attach -p -k keyfile ${md} # Try to read from the corrupt sector atf_check -s not-exit:0 -e ignore \ dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 } atf_test_case hmac cleanup hmac_head() { atf_set "descr" "geli will detect corruption of HMACs" atf_set "require.user" "root" atf_set "timeout" 1800 } hmac_body() { . $(atf_get_srcdir)/conf.sh sectors=2 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none for_each_geli_config hmac_test } hmac_cleanup() { . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case copy atf_add_test_case data atf_add_test_case hmac } Index: head/tests/sys/geom/class/eli/onetime_test.sh =================================================================== --- head/tests/sys/geom/class/eli/onetime_test.sh (revision 327684) +++ head/tests/sys/geom/class/eli/onetime_test.sh (revision 327685) @@ -1,137 +1,137 @@ # $FreeBSD$ onetime_test() { cipher=$1 secsize=$2 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -o ignore -e ignore \ geli onetime -e $ealgo -l $keylen -s $secsize ${md} - atf_check dd if=/dev/random of=rnd bs=${secsize} count=${sectors} status=none atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? if [ ${md_rnd} != ${md_ddev} ]; then atf_fail "geli did not return the original data" fi if [ ${md_rnd} == ${md_edev} ]; then atf_fail "geli did not encrypt the data" fi } atf_test_case onetime cleanup onetime_head() { atf_set "descr" "geli onetime can create temporary providers" atf_set "require.user" "root" atf_set "timeout" 1800 } onetime_body() { . $(atf_get_srcdir)/conf.sh sectors=100 dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none for_each_geli_config_nointegrity onetime_test } onetime_cleanup() { . $(atf_get_srcdir)/conf.sh geli_test_cleanup } onetime_a_test() { cipher=$1 aalgo=$2 secsize=$3 ealgo=${cipher%%:*} keylen=${cipher##*:} atf_check -s exit:0 -o ignore -e ignore \ geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` atf_check_equal 0 $? if [ ${md_rnd} != ${md_ddev} ]; then atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" fi } atf_test_case onetime_a cleanup onetime_a_head() { atf_set "descr" "geli onetime with HMACs" atf_set "require.user" "root" atf_set "timeout" 1800 } onetime_a_body() { . $(atf_get_srcdir)/conf.sh sectors=8 - atf_check dd if=/dev/random of=rnd bs=1024 count=1024 status=none + atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=$sectors \ + status=none for_each_geli_config onetime_a_test } onetime_a_cleanup() { . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_test_case onetime_d cleanup onetime_d_head() { atf_set "descr" "geli onetime -d will create providers that detach on last close" atf_set "require.user" "root" } onetime_d_body() { . $(atf_get_srcdir)/conf.sh sectors=100 md=$(attach_md -t malloc -s $sectors) atf_check geli onetime -d ${md} if [ ! -c /dev/${md}.eli ]; then atf_fail "Provider not created, or immediately detached" fi # Be sure it doesn't detach on read. atf_check dd if=/dev/${md}.eli of=/dev/null status=none sleep 1 if [ ! -c /dev/${md}.eli ]; then atf_fail "Provider detached when a reader closed" fi # It should detach when a writer closes true > /dev/${md}.eli sleep 1 if [ -c /dev/${md}.eli ]; then atf_fail "Provider didn't detach on last close of a writer" fi } onetime_d_cleanup() { . $(atf_get_srcdir)/conf.sh geli_test_cleanup } atf_init_test_cases() { atf_add_test_case onetime atf_add_test_case onetime_a atf_add_test_case onetime_d }