git: 34e146632e62 - stable/14 - geli tests: Add a regression test for geli setkey -J

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Mon, 04 Sep 2023 14:11:45 UTC
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=34e146632e623b5f208b745a99e2fdbed22bd942

commit 34e146632e623b5f208b745a99e2fdbed22bd942
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-08-28 14:58:43 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-09-04 14:11:04 +0000

    geli tests: Add a regression test for geli setkey -J
    
    Make sure that it can be used to change the passphrase of both attached
    and detached providers.
    
    Approved by:    re (kib)
    PR:             254966
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit 2b7b09ac9675023869fddbae4911c9b674b1155a)
---
 tests/sys/geom/class/eli/setkey_test.sh | 59 +++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/tests/sys/geom/class/eli/setkey_test.sh b/tests/sys/geom/class/eli/setkey_test.sh
index c981b6fc266b..ce3833f5fe0c 100644
--- a/tests/sys/geom/class/eli/setkey_test.sh
+++ b/tests/sys/geom/class/eli/setkey_test.sh
@@ -92,6 +92,64 @@ setkey_cleanup()
 	geli_test_cleanup
 }
 
+atf_test_case setkey_passphrase cleanup
+setkey_passphrase_head()
+{
+	atf_set "descr" "geli setkey can change the passphrase for a provider"
+	atf_set "require.user" "root"
+}
+setkey_passphrase_body()
+{
+	geli_test_setup
+
+	sectors=100
+	md=$(attach_md -t malloc -s `expr $sectors + 1`)
+
+	atf_check dd if=/dev/random of=rnd bs=512 count=${sectors} status=none
+	hash1=`dd if=rnd bs=512 count=${sectors} status=none | md5`
+	atf_check_equal 0 $?
+	atf_check dd if=/dev/random of=pass1 bs=512 count=32 status=none
+	atf_check dd if=/dev/random of=pass2 bs=512 count=32 status=none
+	atf_check dd if=/dev/random of=pass3 bs=512 count=32 status=none
+
+	atf_check geli init -B none -J pass1 ${md}
+	atf_check geli attach -j pass1 ${md}
+
+	atf_check \
+		dd if=rnd of=/dev/${md}.eli bs=512 count=${sectors} status=none
+	hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+	atf_check_equal 0 $?
+
+	atf_check geli detach ${md}
+
+	# Change from passphrase 1 to passphrase 2 for the detached provider.
+	atf_check -s exit:0 -o ignore geli setkey -j pass1 -J pass2 ${md}
+
+	# Make sure that we can attach with passphrase 2 but not with
+	# passphrase 1.
+	atf_check -s not-exit:0 -e match:"Wrong key" \
+		geli attach -j pass1 ${md}
+	atf_check -s exit:0 geli attach -j pass2 ${md}
+	hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+
+	# Change from passphrase 2 to passphrase 3 for the attached provider.
+	atf_check -s exit:0 -o ignore geli setkey -j pass2 -J pass3 ${md}
+	hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+	atf_check geli detach ${md}
+
+        # Make sure that we cannot attach with passphrase 2 anymore.
+	atf_check -s not-exit:0 -e match:"Wrong key" \
+		geli attach -j pass2 ${md}
+
+	atf_check_equal ${hash1} ${hash2}
+	atf_check_equal ${hash1} ${hash3}
+	atf_check_equal ${hash1} ${hash4}
+}
+setkey_passphrase_cleanup()
+{
+	geli_test_cleanup
+}
+
 atf_test_case setkey_readonly cleanup
 setkey_readonly_head()
 {
@@ -157,6 +215,7 @@ nokey_cleanup()
 atf_init_test_cases()
 {
 	atf_add_test_case setkey
+	atf_add_test_case setkey_passphrase
 	atf_add_test_case setkey_readonly
 	atf_add_test_case nokey
 }