Module Name: src
Committed By: pooka
Date: Thu Nov 11 22:38:47 UTC 2010
Modified Files:
src/tests/dev: Makefile
Added Files:
src/tests/dev/cgd: Makefile t_cgd.sh
src/tests/dev/cgd/h_img2cgd: Makefile cgd.conf img2cgd.c
Log Message:
Add rudimentary cgd tests. The tests use cgd to transform a
plaintext into into an encrypted image and back into plaintext by
doing rump I/O on /dev/cgd. There is one test to check that giving
the same password for both encryption and decryption produces the
same plaintext and another to check that giving a different passwords
does not produce the same plaintext.
This could be fairly easily extended to test all feature of cgd
(hint hint). For example, now cgd.conf is included in cvs, but
the only reason for that is that without further hacking cgdconfig
uses /dev/random quality random to generate the salt for a
pkcsetcetc_kdf2 cgconfig -g, and making an automated test block on
the entropy pool is just not good form. Details are everything.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/tests/dev/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/dev/cgd/Makefile src/tests/dev/cgd/t_cgd.sh
cvs rdiff -u -r0 -r1.1 src/tests/dev/cgd/h_img2cgd/Makefile \
src/tests/dev/cgd/h_img2cgd/cgd.conf \
src/tests/dev/cgd/h_img2cgd/img2cgd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/tests/dev/Makefile
diff -u src/tests/dev/Makefile:1.3 src/tests/dev/Makefile:1.4
--- src/tests/dev/Makefile:1.3 Tue Aug 24 11:29:45 2010
+++ src/tests/dev/Makefile Thu Nov 11 22:38:46 2010
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.3 2010/08/24 11:29:45 pooka Exp $
+# $NetBSD: Makefile,v 1.4 2010/11/11 22:38:46 pooka Exp $
#
.include <bsd.own.mk>
TESTSDIR= ${TESTSBASE}/dev
-TESTS_SUBDIRS+= audio scsipi sysmon
+TESTS_SUBDIRS+= audio cgd scsipi sysmon
.include <bsd.test.mk>
Added files:
Index: src/tests/dev/cgd/Makefile
diff -u /dev/null src/tests/dev/cgd/Makefile:1.1
--- /dev/null Thu Nov 11 22:38:47 2010
+++ src/tests/dev/cgd/Makefile Thu Nov 11 22:38:47 2010
@@ -0,0 +1,18 @@
+# $NetBSD: Makefile,v 1.1 2010/11/11 22:38:47 pooka Exp $
+#
+
+.include <bsd.own.mk>
+
+TESTSDIR= ${TESTSBASE}/dev/cgd
+
+TESTS_SH= t_cgd
+
+SUBDIR= h_img2cgd
+
+LDADD+= -lrumpdev_cgd -lrumpdev -lrumpvfs
+LDADD+= -lrump
+LDADD+= -lrumpuser -lpthread
+
+NOMAN=
+
+.include <bsd.test.mk>
Index: src/tests/dev/cgd/t_cgd.sh
diff -u /dev/null src/tests/dev/cgd/t_cgd.sh:1.1
--- /dev/null Thu Nov 11 22:38:47 2010
+++ src/tests/dev/cgd/t_cgd.sh Thu Nov 11 22:38:47 2010
@@ -0,0 +1,74 @@
+# $NetBSD: t_cgd.sh,v 1.1 2010/11/11 22:38:47 pooka Exp $
+#
+# Copyright (c) 2010 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+atf_test_case basic
+basic_head()
+{
+
+ atf_set "descr" "Tests that encrypt/decrypt works"
+}
+
+basic_body()
+{
+
+ d=$(atf_get_srcdir)
+ atf_check -s exit:0 sh -c "echo 12345 | \
+ $d/h_img2cgd/h_img2cgd $d/h_img2cgd/cgd.conf write \
+ enc.img $d/h_img2cgd/cgd.conf"
+ atf_check -s exit:0 sh -c "echo 12345 | \
+ $d/h_img2cgd/h_img2cgd $d/h_img2cgd/cgd.conf read \
+ enc.img clear.txt"
+ atf_check -s exit:0 cmp clear.txt $d/h_img2cgd/cgd.conf
+}
+
+atf_test_case wrongpass
+wrongpass_head()
+{
+
+ atf_set "descr" "Tests that wrong password does not give original " \
+ "plaintext"
+}
+
+wrongpass_body()
+{
+
+ d=$(atf_get_srcdir)
+ atf_check -s exit:0 sh -c "echo 12345 | \
+ $d/h_img2cgd/h_img2cgd $d/h_img2cgd/cgd.conf write \
+ enc.img $d/h_img2cgd/cgd.conf"
+ atf_check -s exit:0 sh -c "echo 54321 | \
+ $d/h_img2cgd/h_img2cgd $d/h_img2cgd/cgd.conf read \
+ enc.img clear.txt"
+ atf_check -s not-exit:0 cmp -s clear.txt $d/h_img2cgd/cgd.conf
+}
+
+atf_init_test_cases()
+{
+
+ atf_add_test_case basic
+ atf_add_test_case wrongpass
+}
Index: src/tests/dev/cgd/h_img2cgd/Makefile
diff -u /dev/null src/tests/dev/cgd/h_img2cgd/Makefile:1.1
--- /dev/null Thu Nov 11 22:38:47 2010
+++ src/tests/dev/cgd/h_img2cgd/Makefile Thu Nov 11 22:38:47 2010
@@ -0,0 +1,17 @@
+# $NetBSD: Makefile,v 1.1 2010/11/11 22:38:47 pooka Exp $
+#
+
+PROG= h_img2cgd
+SRCS= img2cgd.c
+NOMAN=
+
+.include <bsd.own.mk>
+
+RUMP_ACTION= #defined
+CPPFLAGS+= -DCGDCONFIG_AS_LIB
+.include "${NETBSDSRCDIR}/sbin/cgdconfig/Makefile.cgdconfig"
+
+DBG= -g -O0
+WARNS= 3
+
+.include <bsd.prog.mk>
Index: src/tests/dev/cgd/h_img2cgd/cgd.conf
diff -u /dev/null src/tests/dev/cgd/h_img2cgd/cgd.conf:1.1
--- /dev/null Thu Nov 11 22:38:47 2010
+++ src/tests/dev/cgd/h_img2cgd/cgd.conf Thu Nov 11 22:38:47 2010
@@ -0,0 +1,8 @@
+algorithm aes-cbc;
+iv-method encblkno1;
+keylength 128;
+verify_method none;
+keygen pkcs5_pbkdf2/sha1 {
+ iterations 42;
+ salt AAAAgKajcCnHR7sR1k1RKQ9Q0uY=;
+};
Index: src/tests/dev/cgd/h_img2cgd/img2cgd.c
diff -u /dev/null src/tests/dev/cgd/h_img2cgd/img2cgd.c:1.1
--- /dev/null Thu Nov 11 22:38:47 2010
+++ src/tests/dev/cgd/h_img2cgd/img2cgd.c Thu Nov 11 22:38:47 2010
@@ -0,0 +1,223 @@
+/* $NetBSD: img2cgd.c,v 1.1 2010/11/11 22:38:47 pooka Exp $ */
+
+/*
+ * Copyright (c) 2009 Antti Kantee. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <assert.h>
+#include <err.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <rump/rump.h>
+#include <rump/rump_syscalls.h>
+
+#include "cgdconfig.h"
+
+/*
+ * We really should use disklabel. However, for the time being,
+ * use a endian independent magic number at offset == 0 and a
+ * 64bit size at offset == 8.
+ */
+#define MYMAGIC 0x11000a00000a0011LL
+#define MAGOFF 0
+#define SIZEOFF 8
+
+#define SKIPLABEL 8192
+#define IMG_MINSIZE (120*1024) /* label/mbr/etc search looks here and there */
+
+static void
+usage(void)
+{
+
+ fprintf(stderr, "usage: %s read|write cgd_image file\n", getprogname());
+ exit(1);
+}
+
+typedef ssize_t (*readfn)(int, void *, size_t);
+typedef ssize_t (*writefn)(int, const void *, size_t);
+
+#define BLOCKSIZE 512
+#define BLKROUND(a) (((a)+(BLOCKSIZE-1)) & ~(BLOCKSIZE-1))
+
+static void
+doxfer(int fd_from, int fd_to, off_t nbytes, readfn rfn, writefn wfn,
+ int roundwrite)
+{
+ char buf[8192];
+ ssize_t n;
+
+ assert(sizeof(buf) % BLOCKSIZE == 0);
+ if (roundwrite)
+ nbytes = BLKROUND(nbytes);
+
+ memset(buf, 0, sizeof(buf));
+ while (nbytes) {
+ n = rfn(fd_from, buf, sizeof(buf));
+ if (n == -1)
+ err(1, "read");
+ if (n == 0)
+ break;
+ n = MIN(n, nbytes);
+ if (roundwrite)
+ n = BLKROUND(n);
+ nbytes -= n;
+ if (wfn(fd_to, buf, n) == -1)
+ err(1, "write");
+ }
+}
+
+#define RFLAGS (O_RDONLY)
+#define WFLAGS (O_WRONLY | O_CREAT | O_TRUNC)
+int
+main(int argc, char *argv[])
+{
+ char *the_argv[10];
+ const char *cgd_file, *img_file;
+ char *config_file;
+ struct stat sb_cgd, sb_file;
+ off_t nbytes;
+ int error;
+ int fd, fd_r;
+ int readmode;
+
+ setprogname(argv[0]);
+
+ if (argc != 5)
+ usage();
+
+ readmode = 0; /* XXXgcc */
+ if (strcmp(argv[2], "read") == 0)
+ readmode = 1;
+ else if (strcmp(argv[2], "write") == 0)
+ readmode = 0;
+ else
+ usage();
+
+ config_file = argv[1];
+ cgd_file = argv[3];
+ img_file = argv[4];
+
+ if (stat(img_file, &sb_file) == -1) {
+ if (!readmode)
+ err(1, "cannot open file image %s", img_file);
+ } else {
+ if (!S_ISREG(sb_file.st_mode))
+ errx(1, "%s is not a regular file", img_file);
+ }
+
+ if (stat(cgd_file, &sb_cgd) == -1) {
+ if (readmode)
+ err(1, "cannot open cgd image %s", cgd_file);
+ } else {
+ if (!S_ISREG(sb_cgd.st_mode))
+ errx(1, "%s is not a regular file", cgd_file);
+ }
+
+ /*
+ * Create a file big enough to hold the file we are encrypting.
+ * This is because cgd works on a device internally and does
+ * not know how to enlarge a device (surprisingly ...).
+ */
+ if (!readmode) {
+ uint64_t tmpval;
+
+ fd = open(cgd_file, WFLAGS, 0755);
+ if (fd == -1)
+ err(1, "fd");
+ ftruncate(fd,
+ MAX(IMG_MINSIZE, BLKROUND(sb_file.st_size)) + SKIPLABEL);
+
+ /* write magic info */
+ tmpval = MYMAGIC;
+ if (pwrite(fd, &tmpval, 8, MAGOFF) != 8)
+ err(1, "magic write failed");
+ tmpval = htole64(sb_file.st_size);
+ if (pwrite(fd, &tmpval, 8, SIZEOFF) != 8)
+ err(1, "size write failed");
+
+ close(fd);
+
+ nbytes = sb_file.st_size;
+ } else {
+ uint64_t tmpval;
+
+ fd = open(cgd_file, RFLAGS);
+ if (fd == -1)
+ err(1, "image open failed");
+
+ if (pread(fd, &tmpval, 8, MAGOFF) != 8)
+ err(1, "magic read failed");
+ if (tmpval != MYMAGIC)
+ errx(1, "%s is not a valid image", cgd_file);
+ if (pread(fd, &tmpval, 8, SIZEOFF) != 8)
+ errx(1, "size read failed");
+ close(fd);
+
+ nbytes = le64toh(tmpval);
+ }
+
+ rump_init();
+ if ((error = rump_pub_etfs_register("/cryptfile", cgd_file,
+ RUMP_ETFS_BLK)) != 0) {
+ printf("etfs: %d\n", error);
+ exit(1);
+ }
+
+ the_argv[0] = strdup("cgdconfig");
+ the_argv[1] = strdup("-p");
+ the_argv[2] = strdup("cgd0");
+ the_argv[3] = strdup("/cryptfile");
+ the_argv[4] = config_file;
+ the_argv[5] = NULL;
+ error = cgdconfig(5, the_argv);
+ if (error) {
+ fprintf(stderr, "cgdconfig failed: %d (%s)\n",
+ error, strerror(error));
+ exit(1);
+ }
+
+ fd = open(img_file, readmode ? WFLAGS : RFLAGS, 0755);
+ if (fd == -1)
+ err(1, "fd");
+ fd_r = rump_sys_open("/dev/rcgd0d", O_RDWR, 0755);
+ if (fd_r == -1)
+ err(1, "fd_r");
+ if (rump_sys_lseek(fd_r, SKIPLABEL, SEEK_SET) == -1)
+ err(1, "rump lseek");
+
+ if (readmode) {
+ doxfer(fd_r, fd, nbytes, rump_sys_read, write, 0);
+ } else {
+ doxfer(fd, fd_r, sb_file.st_size, read, rump_sys_write, 1);
+ }
+
+ return 0;
+}
