11 atf_check -s exit:0 -e ignore \
12 geli init -B none -e $ealgo -l $keylen -P -K keyfile \
14 atf_check geli attach -p -k keyfile ${md}
16 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} \
19 md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
21 md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
23 md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5`
26 if [ ${md_rnd} != ${md_ddev} ]; then
27 atf_fail "Miscompare for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
29 if [ ${md_rnd} == ${md_edev} ]; then
30 atf_fail "Data was not encrypted for ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
33 atf_test_case init cleanup
36 atf_set "descr" "Basic I/O with geli"
37 atf_set "require.user" "root"
42 . $(atf_get_srcdir)/conf.sh
46 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
47 atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \
49 for_each_geli_config_nointegrity init_test
53 . $(atf_get_srcdir)/conf.sh
57 atf_test_case init_B cleanup
60 atf_set "descr" "init -B can select an alternate backup metadata file"
61 atf_set "require.user" "root"
65 . $(atf_get_srcdir)/conf.sh
69 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
71 md=$(attach_md -t malloc -s $sectors)
74 rm -f /var/backups/${md}.eli
75 atf_check -s exit:0 -o ignore geli init -B none -P -K keyfile ${md}
76 if [ -f /var/backups/${md}.eli ]; then
77 atf_fail "geli created a backup file even with -B none"
81 rm -f /var/backups/${md}.eli
82 atf_check -s exit:0 -o ignore geli init -P -K keyfile ${md}
83 if [ ! -f /var/backups/${md}.eli ]; then
84 atf_fail "geli did not create a backup file"
86 atf_check geli clear ${md}
87 atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
88 atf_check -s exit:0 -o ignore geli restore /var/backups/${md}.eli ${md}
89 atf_check -s exit:0 -o ignore geli attach -p -k keyfile ${md}
90 atf_check geli detach ${md}
91 rm -f /var/backups/${md}.eli
95 atf_check -s exit:0 -o ignore \
96 geli init -B backupfile -P -K keyfile ${md}
97 if [ ! -f backupfile ]; then
98 atf_fail "geli init -B did not create a backup file"
100 atf_check geli clear ${md}
101 atf_check -s not-exit:0 -e ignore geli attach -p -k keyfile ${md}
102 atf_check geli restore backupfile ${md}
103 atf_check geli attach -p -k keyfile ${md}
107 . $(atf_get_srcdir)/conf.sh
111 atf_test_case init_J cleanup
114 atf_set "descr" "init -J accepts a passfile"
115 atf_set "require.user" "root"
119 . $(atf_get_srcdir)/conf.sh
122 md=$(attach_md -t malloc -s `expr $sectors + 1`)
124 atf_check dd if=/dev/random of=keyfile0 bs=512 count=16 status=none
125 atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
126 dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile0
128 dd if=/dev/random bs=512 count=16 status=none | sha1 > passfile1
131 for iter in -1 0 64; do
132 atf_check -s not-exit:0 -e ignore \
133 geli init -i ${iter} -B none -J passfile0 -P ${md}
134 atf_check -s not-exit:0 -e ignore \
135 geli init -i ${iter} -B none -J passfile0 -P -K keyfile0 ${md}
136 atf_check geli init -i ${iter} -B none -J passfile0 -K keyfile0 ${md}
137 atf_check -s not-exit:0 -e ignore \
138 geli attach -k keyfile0 -p ${md}
139 atf_check -s not-exit:0 -e ignore \
140 geli attach -j passfile0 ${md}
141 atf_check -s not-exit:0 -e ignore \
142 geli attach -j keyfile0 ${md}
143 atf_check -s not-exit:0 -e ignore \
144 geli attach -k passfile0 -p ${md}
145 atf_check -s not-exit:0 -e ignore \
146 geli attach -j keyfile0 -k passfile0 ${md}
147 atf_check -s not-exit:0 -e ignore \
148 geli attach -j keyfile0 -k keyfile0 ${md}
149 atf_check -s not-exit:0 -e ignore \
150 geli attach -j passfile0 -k passfile0 ${md}
151 atf_check -s exit:0 -e ignore \
152 geli attach -j passfile0 -k keyfile0 ${md}
153 atf_check -s exit:0 -e ignore geli detach ${md}
154 atf_check -s exit:0 -e ignore -x \
155 "cat keyfile0 | geli attach -j passfile0 -k - ${md}"
156 atf_check -s exit:0 -e ignore geli detach ${md}
157 atf_check -s exit:0 -e ignore -x \
158 "cat passfile0 | geli attach -j - -k keyfile0 ${md}"
159 atf_check -s exit:0 -e ignore geli detach ${md}
161 atf_check -s not-exit:0 -e ignore \
162 geli init -i ${iter} -B none -J passfile0 -J passfile1 -P ${md}
163 atf_check -s not-exit:0 -e ignore \
164 geli init -i ${iter} -B none -J passfile0 -J passfile1 -P -K keyfile0 -K keyfile1 ${md}
165 atf_check -s exit:0 -e ignore \
166 geli init -i ${iter} -B none -J passfile0 -J passfile1 -K keyfile0 -K keyfile1 ${md}
167 atf_check -s not-exit:0 -e ignore \
168 geli attach -k keyfile0 -p ${md}
169 atf_check -s not-exit:0 -e ignore \
170 geli attach -k keyfile1 -p ${md}
171 atf_check -s not-exit:0 -e ignore \
172 geli attach -j passfile0 ${md}
173 atf_check -s not-exit:0 -e ignore \
174 geli attach -j passfile1 ${md}
175 atf_check -s not-exit:0 -e ignore \
176 geli attach -k keyfile0 -k keyfile1 -p ${md}
177 atf_check -s not-exit:0 -e ignore \
178 geli attach -j passfile0 -j passfile1 ${md}
179 atf_check -s not-exit:0 -e ignore \
180 geli attach -k keyfile0 -j passfile0 ${md}
181 atf_check -s not-exit:0 -e ignore \
182 geli attach -k keyfile0 -j passfile1 ${md}
183 atf_check -s not-exit:0 -e ignore \
184 geli attach -k keyfile1 -j passfile0 ${md}
185 atf_check -s not-exit:0 -e ignore \
186 geli attach -k keyfile1 -j passfile1 ${md}
187 atf_check -s not-exit:0 -e ignore \
188 geli attach -k keyfile0 -j passfile0 -j passfile1 ${md}
189 atf_check -s not-exit:0 -e ignore \
190 geli attach -k keyfile1 -j passfile0 -j passfile1 ${md}
191 atf_check -s not-exit:0 -e ignore \
192 geli attach -k keyfile0 -k keyfile1 -j passfile0 ${md}
193 atf_check -s not-exit:0 -e ignore \
194 geli attach -k keyfile0 -k keyfile1 -j passfile1 ${md}
195 atf_check -s not-exit:0 -e ignore \
196 geli attach -k keyfile1 -k keyfile0 -j passfile0 -j passfile1 ${md}
197 atf_check -s not-exit:0 -e ignore \
198 geli attach -k keyfile0 -k keyfile1 -j passfile1 -j passfile0 ${md}
199 atf_check -s not-exit:0 -e ignore \
200 geli attach -k keyfile1 -k keyfile0 -j passfile1 -j passfile0 ${md}
201 atf_check -s exit:0 -e ignore \
202 geli attach -j passfile0 -j passfile1 -k keyfile0 -k keyfile1 ${md}
203 atf_check -s exit:0 -e ignore geli detach ${md}
204 atf_check -s exit:0 -e ignore -x \
205 "cat passfile0 | geli attach -j - -j passfile1 -k keyfile0 -k keyfile1 ${md}"
206 atf_check -s exit:0 -e ignore geli detach ${md}
207 atf_check -s exit:0 -e ignore -x \
208 "cat passfile1 | geli attach -j passfile0 -j - -k keyfile0 -k keyfile1 ${md}"
209 atf_check -s exit:0 -e ignore geli detach ${md}
210 atf_check -s exit:0 -e ignore -x \
211 "cat keyfile0 | geli attach -j passfile0 -j passfile1 -k - -k keyfile1 ${md}"
212 atf_check -s exit:0 -e ignore geli detach ${md}
213 atf_check -s exit:0 -e ignore -x \
214 "cat keyfile1 | geli attach -j passfile0 -j passfile1 -k keyfile0 -k - ${md}"
215 atf_check -s exit:0 -e ignore geli detach ${md}
216 atf_check -s exit:0 -e ignore -x \
217 "cat keyfile0 keyfile1 | geli attach -j passfile0 -j passfile1 -k - ${md}"
218 atf_check -s exit:0 -e ignore geli detach ${md}
219 atf_check -s exit:0 -e ignore -x \
220 "cat passfile0 passfile1 | awk '{printf \"%s\", \$0}' | geli attach -j - -k keyfile0 -k keyfile1 ${md}"
221 atf_check -s exit:0 -e ignore geli detach ${md}
226 . $(atf_get_srcdir)/conf.sh
238 atf_check -s exit:0 -e ignore \
239 geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K keyfile \
241 atf_check geli attach -p -k keyfile ${md}
243 atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none
245 md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5`
247 md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5`
250 if [ ${md_rnd} != ${md_ddev} ]; then
251 atf_fail "Miscompare for aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
254 atf_test_case init_a cleanup
257 atf_set "descr" "I/O with geli and HMACs"
258 atf_set "require.user" "root"
259 atf_set "timeout" 3600
263 . $(atf_get_srcdir)/conf.sh
267 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
268 atf_check dd if=/dev/random of=rnd bs=$MAX_SECSIZE count=${sectors} \
270 for_each_geli_config init_a_test
275 . $(atf_get_srcdir)/conf.sh
285 atf_check geli init -B none -e $ealgo -l $keylen -P -K keyfile ${md}
286 atf_check geli attach -p -k keyfile ${md}
287 real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
288 real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
290 if [ "${real_ealgo}" != "${expected_ealgo}" ]; then
291 atf_fail "expected ${expected_ealgo} but got ${real_ealgo}"
294 if [ "${real_keylen}" != "${expected_keylen}" ]; then
295 atf_fail "expected ${expected_keylen} but got ${real_keylen}"
297 atf_check geli detach ${md}
299 atf_test_case init_alias cleanup
302 atf_set "descr" "geli init accepts cipher aliases"
303 atf_set "require.user" "root"
307 . $(atf_get_srcdir)/conf.sh
309 md=$(attach_md -t malloc -s 1024k)
310 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
312 for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
313 3des:0:3DES-CBC:192 3des:192:3DES-CBC:192 \
314 blowfish:0:Blowfish-CBC:128 blowfish:128:Blowfish-CBC:128 \
315 blowfish:160:Blowfish-CBC:160 blowfish:192:Blowfish-CBC:192 \
316 blowfish:224:Blowfish-CBC:224 blowfish:256:Blowfish-CBC:256 \
317 blowfish:288:Blowfish-CBC:288 blowfish:352:Blowfish-CBC:352 \
318 blowfish:384:Blowfish-CBC:384 blowfish:416:Blowfish-CBC:416 \
319 blowfish:448:Blowfish-CBC:448 \
320 camellia:0:CAMELLIA-CBC:128 camellia:128:CAMELLIA-CBC:128 \
321 camellia:256:CAMELLIA-CBC:256 ; do
323 ealgo=`echo $spec | cut -d : -f 1`
324 keylen=`echo $spec | cut -d : -f 2`
325 expected_ealgo=`echo $spec | cut -d : -f 3`
326 expected_keylen=`echo $spec | cut -d : -f 4`
328 init_alias_test $ealgo $keylen $expected_ealgo $expected_keylen
333 . $(atf_get_srcdir)/conf.sh
337 atf_test_case init_i_P cleanup
340 atf_set "descr" "geli: Options -i and -P are mutually exclusive"
341 atf_set "require.user" "root"
345 . $(atf_get_srcdir)/conf.sh
348 md=$(attach_md -t malloc -s `expr $sectors + 1`)
350 atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
352 atf_check -s not-exit:0 -e "match:Options -i and -P are mutually exclusive"\
353 geli init -B none -i 64 -P -K keyfile $md
357 . $(atf_get_srcdir)/conf.sh
361 atf_test_case nokey cleanup
364 atf_set "descr" "geli init fails if called with no key component"
365 atf_set "require.user" "root"
369 . $(atf_get_srcdir)/conf.sh
372 md=$(attach_md -t malloc -s `expr $sectors + 1`)
374 atf_check -s not-exit:0 -e match:"No key components given" \
375 geli init -B none -P ${md}
379 . $(atf_get_srcdir)/conf.sh
383 atf_init_test_cases()
385 atf_add_test_case init
386 atf_add_test_case init_B
387 atf_add_test_case init_J
388 atf_add_test_case init_a
389 atf_add_test_case init_alias
390 atf_add_test_case init_i_P
391 atf_add_test_case nokey