diff options
| author | cvs2svn <cvs2svn@FreeBSD.org> | 2006-06-12 22:58:51 +0000 |
|---|---|---|
| committer | cvs2svn <cvs2svn@FreeBSD.org> | 2006-06-12 22:58:51 +0000 |
| commit | 3e30df3f35dc03c25ad4f8b374e416748e991cd4 (patch) | |
| tree | 4ba9dd1925e631148282dcc8142dc985cdec2ef5 /tools | |
| parent | 49073ca7736f5d73b88ab93bf8cc74fe749c2f7b (diff) | |
Notes
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/regression/geom_eli/init-a.t | 51 | ||||
| -rw-r--r-- | tools/regression/geom_eli/integrity-copy.t | 90 | ||||
| -rw-r--r-- | tools/regression/geom_eli/integrity-data.t | 60 | ||||
| -rw-r--r-- | tools/regression/geom_eli/integrity-hmac.t | 60 | ||||
| -rw-r--r-- | tools/regression/geom_eli/onetime-a.t | 45 | ||||
| -rw-r--r-- | tools/regression/ipsec/ipsec.t | 89 |
6 files changed, 395 insertions, 0 deletions
diff --git a/tools/regression/geom_eli/init-a.t b/tools/regression/geom_eli/init-a.t new file mode 100644 index 000000000000..fb0a1c40def2 --- /dev/null +++ b/tools/regression/geom_eli/init-a.t @@ -0,0 +1,51 @@ +#!/bin/sh +# $FreeBSD$ + +base=`basename $0` +no=45 +sectors=100 +keyfile=`mktemp /tmp/$base.XXXXXX` || exit 1 + +echo "1..540" + +i=1 +for cipher in aes:0 aes:128 aes:192 aes:256 \ + 3des:0 3des:192 \ + blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \ + blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \ + blowfish:416 blowfish:448; do + ealgo=${cipher%%:*} + keylen=${cipher##*:} + for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do + for secsize in 512 1024 2048 4096 8192; do + rnd=`mktemp /tmp/$base.XXXXXX` || exit 1 + mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1 + + dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 + + geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} + geli attach -p -k $keyfile md${no} + + secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` + + dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 + dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null + + md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` + md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` + + if [ ${md_rnd} = ${md_ddev} ]; then + echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + rm -f $rnd + mdconfig -d -u $no + done + done +done + +rm -f $keyfile diff --git a/tools/regression/geom_eli/integrity-copy.t b/tools/regression/geom_eli/integrity-copy.t new file mode 100644 index 000000000000..eb4ce6c0eefc --- /dev/null +++ b/tools/regression/geom_eli/integrity-copy.t @@ -0,0 +1,90 @@ +#!/bin/sh +# $FreeBSD$ + +base=`basename $0` +no=45 +sectors=100 +keyfile=`mktemp /tmp/$base.XXXXXX` || exit 1 +sector=`mktemp /tmp/$base.XXXXXX` || exit 1 + +echo "1..2160" + +i=1 +for cipher in aes:0 aes:128 aes:192 aes:256 \ + 3des:0 3des:192 \ + blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \ + blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \ + blowfish:416 blowfish:448; do + ealgo=${cipher%%:*} + keylen=${cipher##*:} + for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do + for secsize in 512 1024 2048 4096 8192; do + #mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1 + mdconfig -a -t malloc -s $sectors -u $no || exit 1 + + dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 + + geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} + geli attach -p -k $keyfile md${no} + + dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 + + dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + # Copy first small sector to the second small sector. + # This should be detected as corruption. + dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1 + dd if=${sector} of=/dev/md${no} bs=512 count=1 seek=1 >/dev/null 2>&1 + geli attach -p -k $keyfile md${no} + + dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + ms=`diskinfo /dev/md${no} | awk '{print $3 - 512}'` + ns=`diskinfo /dev/md${no}.eli | awk '{print $4}'` + usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc` + + dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1 + + dd if=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + # Copy first big sector to the second big sector. + # This should be detected as corruption. + dd if=/dev/md${no} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1 + dd if=${sector} of=/dev/md${no} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1 + geli attach -p -k $keyfile md${no} + + dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + mdconfig -d -u $no + done + done +done + +rm -f $keyfile $sector diff --git a/tools/regression/geom_eli/integrity-data.t b/tools/regression/geom_eli/integrity-data.t new file mode 100644 index 000000000000..3b11084ee868 --- /dev/null +++ b/tools/regression/geom_eli/integrity-data.t @@ -0,0 +1,60 @@ +#!/bin/sh +# $FreeBSD$ + +base=`basename $0` +no=45 +sectors=100 +keyfile=`mktemp /tmp/$base.XXXXXX` || exit 1 +sector=`mktemp /tmp/$base.XXXXXX` || exit 1 + +echo "1..1080" + +i=1 +for cipher in aes:0 aes:128 aes:192 aes:256 \ + 3des:0 3des:192 \ + blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \ + blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \ + blowfish:416 blowfish:448; do + ealgo=${cipher%%:*} + keylen=${cipher##*:} + for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do + for secsize in 512 1024 2048 4096 8192; do + mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1 + + dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 + + geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} + geli attach -p -k $keyfile md${no} + + dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 + + dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + # Corrupt 8 bytes of data. + dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1 + dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1 + dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1 + geli attach -p -k $keyfile md${no} + + dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + mdconfig -d -u $no + done + done +done + +rm -f $keyfile $sector diff --git a/tools/regression/geom_eli/integrity-hmac.t b/tools/regression/geom_eli/integrity-hmac.t new file mode 100644 index 000000000000..50dcb8a75ad4 --- /dev/null +++ b/tools/regression/geom_eli/integrity-hmac.t @@ -0,0 +1,60 @@ +#!/bin/sh +# $FreeBSD$ + +base=`basename $0` +no=45 +sectors=100 +keyfile=`mktemp /tmp/$base.XXXXXX` || exit 1 +sector=`mktemp /tmp/$base.XXXXXX` || exit 1 + +echo "1..1080" + +i=1 +for cipher in aes:0 aes:128 aes:192 aes:256 \ + 3des:0 3des:192 \ + blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \ + blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \ + blowfish:416 blowfish:448; do + ealgo=${cipher%%:*} + keylen=${cipher##*:} + for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do + for secsize in 512 1024 2048 4096 8192; do + mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1 + + dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 + + geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} + geli attach -p -k $keyfile md${no} + + dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 + + dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + # Corrupt 8 bytes of HMAC. + dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1 + dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1 + dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1 + geli attach -p -k $keyfile md${no} + + dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + mdconfig -d -u $no + done + done +done + +rm -f $keyfile $sector diff --git a/tools/regression/geom_eli/onetime-a.t b/tools/regression/geom_eli/onetime-a.t new file mode 100644 index 000000000000..13681cf37ffd --- /dev/null +++ b/tools/regression/geom_eli/onetime-a.t @@ -0,0 +1,45 @@ +#!/bin/sh +# $FreeBSD$ + +base=`basename $0` +no=45 +sectors=100 + +echo "1..540" + +i=1 +for cipher in aes:0 aes:128 aes:192 aes:256 \ + 3des:0 3des:192 \ + blowfish:0 blowfish:128 blowfish:160 blowfish:192 blowfish:224 \ + blowfish:256 blowfish:288 blowfish:320 blowfish:352 blowfish:384 \ + blowfish:416 blowfish:448; do + ealgo=${cipher%%:*} + keylen=${cipher##*:} + for aalgo in hmac/md5 hmac/sha1 hmac/ripemd160 hmac/sha256 hmac/sha384 hmac/sha512; do + for secsize in 512 1024 2048 4096 8192; do + rnd=`mktemp /tmp/$base.XXXXXX` || exit 1 + mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1 + + geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize md${no} + + secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` + + dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1 + dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null + + md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5` + md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5` + + if [ ${md_rnd} = ${md_ddev} ]; then + echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + else + echo "not ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}" + fi + i=$((i+1)) + + geli detach md${no} + rm -f $rnd + mdconfig -d -u $no + done + done +done diff --git a/tools/regression/ipsec/ipsec.t b/tools/regression/ipsec/ipsec.t new file mode 100644 index 000000000000..fd33bfc0b1f6 --- /dev/null +++ b/tools/regression/ipsec/ipsec.t @@ -0,0 +1,89 @@ +#!/bin/sh +# $FreeBSD$ + +ipbase="127.255" +netif="lo0" +spi="10000" + +echo "1..306" + +#sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1 + +ifconfig $netif alias ${ipbase}.0.1/24 +ifconfig $netif alias ${ipbase}.1.1/24 + +i=1 + +for ecipher in \ + des-cbc:12345678 \ + 3des-cbc:012345678901234567890123 \ + blowfish-cbc:0123456789012345 \ + blowfish-cbc:01234567890123456789 \ + blowfish-cbc:012345678901234567890123 \ + blowfish-cbc:0123456789012345678901234567 \ + blowfish-cbc:01234567890123456789012345678901 \ + blowfish-cbc:012345678901234567890123456789012345 \ + blowfish-cbc:0123456789012345678901234567890123456789 \ + blowfish-cbc:01234567890123456789012345678901234567890123 \ + blowfish-cbc:012345678901234567890123456789012345678901234567 \ + blowfish-cbc:0123456789012345678901234567890123456789012345678901 \ + blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \ + cast128-cbc:0123456789012345 \ + rijndael-cbc:0123456789012345 \ + rijndael-cbc:012345678901234567890123 \ + rijndael-cbc:01234567890123456789012345678901; do + + ealgo=${ecipher%%:*} + ekey=${ecipher##*:} + + for acipher in \ + hmac-md5:0123456789012345 \ + hmac-sha1:01234567890123456789 \ + hmac-ripemd160:01234567890123456789 \ + hmac-sha2-256:01234567890123456789012345678901 \ + hmac-sha2-384:012345678901234567890123456789012345678901234567 \ + hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do + + aalgo=${acipher%%:*} + akey=${acipher##*:} + + setkey -F + setkey -FP + + (echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" + echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;" + + echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;" + echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;" + echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;" + echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;" + ) | setkey -c >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + + ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null + if [ $? -eq 0 ]; then + echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null + if [ $? -eq 0 ]; then + echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" + else + echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}" + fi + i=$((i+1)) + done +done + +setkey -F +setkey -FP + +ifconfig $netif -alias ${ipbase}.0.1 +ifconfig $netif -alias ${ipbase}.1.1 |