4 . $(atf_get_srcdir)/conf.sh
13 atf_check -s exit:0 -e ignore \
14 geli init -B none -e $ealgo -l $keylen -P -K keyfile \
16 atf_check geli attach -p -k keyfile ${md}
18 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} \
21 md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
23 md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
25 md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
28 if [ ${md_rnd} != ${md_ddev} ]; then
29 atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
31 if [ ${md_rnd} == ${md_edev} ]; then
32 atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
35 atf_test_case init cleanup
38 atf_set "descr" "Basic I/O with geli"
39 atf_set "require.user" "root"
48 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
49 atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \
51 for_each_geli_config_nointegrity init_test
58 atf_test_case init_B cleanup
61 atf_set "descr" "init -B can select an alternate backup metadata file"
62 atf_set "require.user" "root"
70 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
72 md=$(attach_md -t malloc -s $sectors)
75 rm -f /var/backups/${md}.eli
76 atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md}
77 if [ -f /var/backups/${md}.eli ]; then
78 atf_fail "geli created a backup file even with -B none"
82 rm -f /var/backups/${md}.eli
83 atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md}
84 if [ ! -f /var/backups/${md}.eli ]; then
85 atf_fail "geli did not create a backup file"
87 atf_check geli clear ${md}
88 atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
89 atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md}
90 atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md}
91 atf_check geli detach ${md}
92 rm -f /var/backups/${md}.eli
96 atf_check -s exit:0 -o ignore \
97 geli init -B backupfile -P -K keyfile ${md}
98 if [ ! -f backupfile ]; then
99 atf_fail "geli init -B did not create a backup file"
101 atf_check geli clear ${md}
102 atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
103 atf_check geli restore backupfile ${md}
104 atf_check geli attach -p -k keyfile ${md}
111 atf_test_case init_J cleanup
114 atf_set "descr" "init -J accepts a passfile"
115 atf_set "require.user" "root"
122 md=$(attach_md -t malloc -s `expr $sectors + 1`)
124 atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none
125 atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
126 dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0
128 dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1
131 for iter in -1 0 64; do
132 atf_check -s not-exit:0 -e ignore \
133 geli init -i ${iter} -B none -J passfile0 -P ${md}
134 atf_check -s not-exit:0 -e ignore \
135 geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md}
136 atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md}
137 atf_check -s not-exit:0 -e ignore \
138 geli attach -k keyfile0 -p ${md}
139 atf_check -s not-exit:0 -e ignore \
140 geli attach -j passfile0 ${md}
141 atf_check -s not-exit:0 -e ignore \
142 geli attach -j keyfile0 ${md}
143 atf_check -s not-exit:0 -e ignore \
144 geli attach -k passfile0 -p ${md}
145 atf_check -s not-exit:0 -e ignore \
146 geli attach -j keyfile0 -k passfile0 ${md}
147 atf_check -s not-exit:0 -e ignore \
148 geli attach -j keyfile0 -k keyfile0 ${md}
149 atf_check -s not-exit:0 -e ignore \
150 geli attach -j passfile0 -k passfile0 ${md}
151 atf_check -s exit:0 -e ignore \
152 geli attach -j passfile0 -k keyfile0 ${md}
153 atf_check -s exit:0 -e ignore geli detach ${md}
154 atf_check -s exit:0 -e ignore -x \
155 "cat keyfile0 | geli attach -j passfile0 -k - ${md}"
156 atf_check -s exit:0 -e ignore geli detach ${md}
157 atf_check -s exit:0 -e ignore -x \
158 "cat passfile0 | geli attach -j - -k keyfile0 ${md}"
159 atf_check -s exit:0 -e ignore geli detach ${md}
161 atf_check -s not-exit:0 -e ignore \
162 geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md}
163 atf_check -s not-exit:0 -e ignore \
164 geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md}
165 atf_check -s exit:0 -e ignore \
166 geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md}
167 atf_check -s not-exit:0 -e ignore \
168 geli attach -k keyfile0 -p ${md}
169 atf_check -s not-exit:0 -e ignore \
170 geli attach -k keyfile1 -p ${md}
171 atf_check -s not-exit:0 -e ignore \
172 geli attach -j passfile0 ${md}
173 atf_check -s not-exit:0 -e ignore \
174 geli attach -j passfile1 ${md}
175 atf_check -s not-exit:0 -e ignore \
176 geli attach -k keyfile0 -k keyfile1 -p ${md}
177 atf_check -s not-exit:0 -e ignore \
178 geli attach -j passfile0 -j passfile1 ${md}
179 atf_check -s not-exit:0 -e ignore \
180 geli attach -k keyfile0 -j passfile0 ${md}
181 atf_check -s not-exit:0 -e ignore \
182 geli attach -k keyfile0 -j passfile1 ${md}
183 atf_check -s not-exit:0 -e ignore \
184 geli attach -k keyfile1 -j passfile0 ${md}
185 atf_check -s not-exit:0 -e ignore \
186 geli attach -k keyfile1 -j passfile1 ${md}
187 atf_check -s not-exit:0 -e ignore \
188 geli attach -k keyfile0 -j passfile0 -j passfile1 ${md}
189 atf_check -s not-exit:0 -e ignore \
190 geli attach -k keyfile1 -j passfile0 -j passfile1 ${md}
191 atf_check -s not-exit:0 -e ignore \
192 geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md}
193 atf_check -s not-exit:0 -e ignore \
194 geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md}
195 atf_check -s not-exit:0 -e ignore \
196 geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md}
197 atf_check -s not-exit:0 -e ignore \
198 geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md}
199 atf_check -s not-exit:0 -e ignore \
200 geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md}
201 atf_check -s exit:0 -e ignore \
202 geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md}
203 atf_check -s exit:0 -e ignore geli detach ${md}
204 atf_check -s exit:0 -e ignore -x \
205 "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}"
206 atf_check -s exit:0 -e ignore geli detach ${md}
207 atf_check -s exit:0 -e ignore -x \
208 "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}"
209 atf_check -s exit:0 -e ignore geli detach ${md}
210 atf_check -s exit:0 -e ignore -x \
211 "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}"
212 atf_check -s exit:0 -e ignore geli detach ${md}
213 atf_check -s exit:0 -e ignore -x \
214 "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}"
215 atf_check -s exit:0 -e ignore geli detach ${md}
216 atf_check -s exit:0 -e ignore -x \
217 "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}"
218 atf_check -s exit:0 -e ignore geli detach ${md}
219 atf_check -s exit:0 -e ignore -x \
220 "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}"
221 atf_check -s exit:0 -e ignore geli detach ${md}
237 atf_check -s exit:0 -e ignore \
238 geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
240 atf_check geli attach -p -k keyfile ${md}
242 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
244 md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
246 md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
249 if [ ${md_rnd} != ${md_ddev} ]; then
250 atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
253 atf_test_case init_a cleanup
256 atf_set "descr" "I/O with geli and HMACs"
257 atf_set "require.user" "root"
258 atf_set "timeout" 3600
266 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
267 atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \
269 for_each_geli_config init_a_test
283 atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md}
284 atf_check geli attach -p -k keyfile ${md}
285 real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
286 real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
288 if [ "${real_ealgo}" != "${expected_ealgo}" ]; then
289 atf_fail "expected ${expected_ealgo} but got ${real_ealgo}"
292 if [ "${real_keylen}" != "${expected_keylen}" ]; then
293 atf_fail "expected ${expected_keylen} but got ${real_keylen}"
295 atf_check geli detach ${md}
297 atf_test_case init_alias cleanup
300 atf_set "descr" "geli init accepts cipher aliases"
301 atf_set "require.user" "root"
307 md=$(attach_md -t malloc -s 1024k)
308 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
310 for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
311 camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \
312 camellia:256:CAMELLIA-CBC:256 ; do
314 ealgo=`echo $spec | cut -d : -f 1`
315 keylen=`echo $spec | cut -d : -f 2`
316 expected_ealgo=`echo $spec | cut -d : -f 3`
317 expected_keylen=`echo $spec | cut -d : -f 4`
319 init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen
327 atf_test_case init_i_P cleanup
330 atf_set "descr" "geli: Options -i and -P are mutually exclusive"
331 atf_set "require.user" "root"
338 md=$(attach_md -t malloc -s `expr $sectors + 1`)
340 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
342 atf_check -s not-exit:0 -e "match:Options -i and -P are mutually exclusive"\
343 geli init -B none -i 64 -P -K keyfile $md
350 atf_test_case nokey cleanup
353 atf_set "descr" "geli init fails if called with no key component"
354 atf_set "require.user" "root"
361 md=$(attach_md -t malloc -s `expr $sectors + 1`)
363 atf_check -s not-exit:0 -e match:"No key components given" \
364 geli init -B none -P ${md}
371 atf_init_test_cases()
373 atf_add_test_case init
374 atf_add_test_case init_B
375 atf_add_test_case init_J
376 atf_add_test_case init_a
377 atf_add_test_case init_alias
378 atf_add_test_case init_i_P
379 atf_add_test_case nokey