1148459Spjd#!/bin/sh
2148459Spjd# $FreeBSD: stable/11/tests/sys/geom/class/eli/delkey_test.sh 345394 2019-03-21 22:23:52Z asomers $
3148459Spjd
4345394Sasomers. $(atf_get_srcdir)/conf.sh
5345394Sasomers
6328811Sasomersatf_test_case delkey cleanup
7328811Sasomersdelkey_head()
8328811Sasomers{
9328811Sasomers	atf_set "descr" "geli delkey can destroy the master key"
10328811Sasomers	atf_set "require.user" "root"
11328811Sasomers}
12328811Sasomersdelkey_body()
13328811Sasomers{
14345394Sasomers	geli_test_setup
15293436Sngie
16328811Sasomers	sectors=100
17328811Sasomers	md=$(attach_md -t malloc -s `expr $sectors + 1`)
18148459Spjd
19328811Sasomers	atf_check dd if=/dev/random of=keyfile1 bs=512 count=16 status=none
20328811Sasomers	atf_check dd if=/dev/random of=keyfile2 bs=512 count=16 status=none
21328811Sasomers	atf_check dd if=/dev/random of=keyfile3 bs=512 count=16 status=none
22328811Sasomers	atf_check dd if=/dev/random of=keyfile4 bs=512 count=16 status=none
23148459Spjd
24328811Sasomers	atf_check geli init -B none -P -K keyfile1 ${md}
25328811Sasomers	atf_check geli attach -p -k keyfile1 ${md}
26328811Sasomers	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile2 ${md}
27148459Spjd
28328811Sasomers	# Remove key 0 for attached provider.
29328811Sasomers	atf_check geli delkey -n 0 ${md}
30328811Sasomers	atf_check geli detach ${md}
31148459Spjd
32328811Sasomers	# We cannot use keyfile1 anymore.
33328811Sasomers	atf_check -s not-exit:0 -e match:"Wrong key" \
34328811Sasomers		geli attach -p -k keyfile1 ${md}
35148459Spjd
36328811Sasomers	# Attach with key 1.
37328811Sasomers	atf_check geli attach -p -k keyfile2 ${md}
38148459Spjd
39328811Sasomers	# We cannot remove last key without -f option (for attached provider).
40328811Sasomers	atf_check -s not-exit:0 -e match:"This is the last Master Key" \
41328811Sasomers		geli delkey -n 1 ${md}
42148459Spjd
43328811Sasomers	# Remove last key for attached provider.
44328811Sasomers	atf_check geli delkey -f -n 1 ${md}
45148459Spjd
46328811Sasomers	# If there are no valid keys, but provider is attached, we can save situation.
47328811Sasomers	atf_check -s exit:0 -o ignore geli setkey -n 0 -P -K keyfile3 ${md}
48328811Sasomers	atf_check geli detach ${md}
49148459Spjd
50328811Sasomers	# We cannot use keyfile2 anymore.
51328811Sasomers	atf_check -s not-exit:0 -e match:"Wrong key" \
52328811Sasomers		geli attach -p -k keyfile2 ${md}
53148459Spjd
54328811Sasomers	# Attach with key 0.
55328811Sasomers	atf_check geli attach -p -k keyfile3 ${md}
56148459Spjd
57328811Sasomers	# Setup key 1.
58328811Sasomers	atf_check -s exit:0 -o ignore geli setkey -n 1 -P -K keyfile4 ${md}
59328811Sasomers	atf_check geli detach ${md}
60148459Spjd
61328811Sasomers	# Remove key 1 for detached provider.
62328811Sasomers	atf_check geli delkey -n 1 ${md}
63148459Spjd
64328811Sasomers	# We cannot use keyfile4 anymore.
65328811Sasomers	atf_check -s not-exit:0 -e match:"Wrong key" \
66328811Sasomers		geli attach -p -k keyfile4 ${md}
67148459Spjd
68328811Sasomers	# We cannot remove last key without -f option (for detached provider).
69328811Sasomers	atf_check -s not-exit:0 -e match:"This is the last Master Key" \
70328811Sasomers		geli delkey -n 0 ${md}
71148459Spjd
72328811Sasomers	# Remove last key for detached provider.
73328811Sasomers	atf_check geli delkey -f -n 0 ${md}
74148459Spjd
75328811Sasomers	# We cannot use keyfile3 anymore.
76328811Sasomers	atf_check -s not-exit:0 -e match:"No valid keys" \
77328811Sasomers		geli attach -p -k keyfile3 ${md}
78328811Sasomers}
79328811Sasomersdelkey_cleanup()
80328811Sasomers{
81328811Sasomers	geli_test_cleanup
82328811Sasomers}
83148459Spjd
84328811Sasomersatf_test_case delkey_readonly cleanup
85328811Sasomersdelkey_readonly_head()
86328811Sasomers{
87328811Sasomers	atf_set "descr" "geli delkey cannot work on a read-only provider"
88328811Sasomers	atf_set "require.user" "root"
89328811Sasomers}
90328811Sasomersdelkey_readonly_body()
91328811Sasomers{
92345394Sasomers	geli_test_setup
93148459Spjd
94328811Sasomers	sectors=100
95328811Sasomers	md=$(attach_md -t malloc -s `expr $sectors + 1`)
96328811Sasomers	atf_check dd if=/dev/random of=keyfile bs=512 count=16 status=none
97328811Sasomers
98328811Sasomers	atf_check geli init -B none -P -K keyfile ${md}
99328811Sasomers	atf_check geli attach -r -p -k keyfile ${md}
100328811Sasomers
101328811Sasomers	atf_check -s not-exit:0 -e match:"read-only" geli delkey -n 0 ${md}
102328811Sasomers	# Even with -f (force) it should still fail
103328811Sasomers	atf_check -s not-exit:0 -e match:"read-only" geli delkey -f -n 0 ${md}
104328811Sasomers}
105328811Sasomersdelkey_readonly_cleanup()
106328811Sasomers{
107328811Sasomers	geli_test_cleanup
108328811Sasomers}
109328811Sasomers
110328811Sasomersatf_init_test_cases()
111328811Sasomers{
112328811Sasomers	atf_add_test_case delkey
113328811Sasomers	atf_add_test_case delkey_readonly
114328811Sasomers}
115