sec002.tcl 5.85 KB
Newer Older
unknown's avatar
unknown committed
1 2
# See the file LICENSE for redistribution information.
#
unknown's avatar
unknown committed
3
# Copyright (c) 1999-2004
unknown's avatar
unknown committed
4 5
#	Sleepycat Software.  All rights reserved.
#
unknown's avatar
unknown committed
6
# $Id: sec002.tcl,v 11.13 2004/11/02 16:12:04 carol Exp $
unknown's avatar
unknown committed
7 8 9 10 11 12 13
#
# TEST	sec002
# TEST	Test of security interface and catching errors in the
# TEST  face of attackers overwriting parts of existing files.
proc sec002 { } {
	global errorInfo
	global errorCode
unknown's avatar
unknown committed
14
	global has_crypto
unknown's avatar
unknown committed
15 16 17

	source ./include.tcl

unknown's avatar
unknown committed
18 19 20 21 22 23
	# Skip test if release does not support encryption.
	if { $has_crypto == 0 } {
		puts "Skipping test sec002 for non-crypto release."
		return
	}

unknown's avatar
unknown committed
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
	set testfile1 $testdir/sec002-1.db
	set testfile2 $testdir/sec002-2.db
	set testfile3 $testdir/sec002-3.db
	set testfile4 $testdir/sec002-4.db

	puts "Sec002: Test of basic encryption interface."
	env_cleanup $testdir

	set passwd1 "passwd1"
	set passwd2 "passwd2"
	set key "key"
	set data "data"
	set pagesize 1024

	#
	# Set up 4 databases, two encrypted, but with different passwords
	# and one unencrypt, but with checksumming turned on and one
	# unencrypted and no checksumming.  Place the exact same data
	# in each one.
	#
	puts "\tSec002.a: Setup databases"
	set db_cmd "-create -pagesize $pagesize -btree "
	set db [eval {berkdb_open} -encryptaes $passwd1 $db_cmd $testfile1]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

	set db [eval {berkdb_open} -encryptaes $passwd2 $db_cmd $testfile2]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

	set db [eval {berkdb_open} -chksum $db_cmd $testfile3]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

	set db [eval {berkdb_open} $db_cmd $testfile4]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

unknown's avatar
unknown committed
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
	#
	# If we reopen the normal file with the -chksum flag, there
	# should be no error and checksumming should be ignored.
	# If we reopen a checksummed file without the -chksum flag,
	# checksumming should still be in effect.  [#6959]
	#
	puts "\tSec002.b: Inheritance of chksum properties"
	puts "\t\tSec002.b1: Reopen ordinary file with -chksum flag"
	set db [eval {berkdb_open} -chksum $testfile4]
	error_check_good open_with_chksum [is_valid_db $db] TRUE
	set retdata [$db get $key]
	error_check_good testfile4_get [lindex [lindex $retdata 0] 1] $data
	error_check_good dbclose [$db close] 0

	puts "\t\tSec002.b2: Reopen checksummed file without -chksum flag"
	set db [eval {berkdb_open} $testfile3]
	error_check_good open_wo_chksum [is_valid_db $db] TRUE
	set retdata [$db get $key]
	error_check_good testfile3_get [lindex [lindex $retdata 0] 1] $data
	error_check_good dbclose [$db close] 0

unknown's avatar
unknown committed
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
	#
	# First just touch some bits in the file.  We know that in btree
	# meta pages, bytes 92-459 are unused.  Scribble on them in both
	# an encrypted, and both unencrypted files.  We should get
	# a checksum error for the encrypted, and checksummed files.
	# We should get no error for the normal file.
	#
	set fidlist {}
	set fid [open $testfile1 r+]
	lappend fidlist $fid
	set fid [open $testfile3 r+]
	lappend fidlist $fid
	set fid [open $testfile4 r+]
	lappend fidlist $fid

unknown's avatar
unknown committed
102
	puts "\tSec002.c: Overwrite unused space in meta-page"
unknown's avatar
unknown committed
103 104 105 106 107 108 109 110 111 112 113
	foreach f $fidlist {
		fconfigure $f -translation binary
		seek $f 100 start
		set byte [read $f 1]
		binary scan $byte c val
		set newval [expr ~$val]
		set newbyte [binary format c $newval]
		seek $f 100 start
		puts -nonewline $f $newbyte
		close $f
	}
unknown's avatar
unknown committed
114
	puts "\tSec002.d: Reopen modified databases"
unknown's avatar
unknown committed
115 116 117 118 119 120 121 122 123 124 125 126 127 128
	set stat [catch {berkdb_open_noerr -encryptaes $passwd1 $testfile1} ret]
	error_check_good db:$testfile1 $stat 1
	error_check_good db:$testfile1:fail \
	    [is_substr $ret "metadata page checksum error"] 1

	set stat [catch {berkdb_open_noerr -chksum $testfile3} ret]
	error_check_good db:$testfile3 $stat 1
	error_check_good db:$testfile3:fail \
	    [is_substr $ret "metadata page checksum error"] 1

	set stat [catch {berkdb_open_noerr $testfile4} db]
	error_check_good db:$testfile4 $stat 0
	error_check_good dbclose [$db close] 0

unknown's avatar
unknown committed
129 130 131 132 133 134 135 136 137 138
	# Skip the remainder of the test for Windows platforms.
	# Forcing the error which causes DB_RUNRECOVERY to be
	# returned ends up leaving open files that cannot be removed.
	if { $is_windows_test == 1 } {
		cleanup $testdir NULL 1
		puts "Skipping remainder of test for Windows"
		return
	}

	puts "\tSec002.e: Replace root page in encrypted w/ encrypted"
unknown's avatar
unknown committed
139
	set fid1 [open $testfile1 r+]
unknown's avatar
unknown committed
140
	fconfigure $fid1 -translation binary
unknown's avatar
unknown committed
141
	set fid2 [open $testfile2 r+]
unknown's avatar
unknown committed
142
	fconfigure $fid2 -translation binary
unknown's avatar
unknown committed
143 144
	seek $fid1 $pagesize start
	seek $fid2 $pagesize start
unknown's avatar
unknown committed
145
	fcopy $fid1 $fid2 -size $pagesize
unknown's avatar
unknown committed
146 147 148 149 150 151 152
	close $fid1
	close $fid2

	set db [berkdb_open_noerr -encryptaes $passwd2 $testfile2]
	error_check_good db [is_valid_db $db] TRUE
	set stat [catch {$db get $key} ret]
	error_check_good dbget $stat 1
unknown's avatar
unknown committed
153 154
	error_check_good db:$testfile2:fail1 \
	    [is_substr $ret "checksum error"] 1
unknown's avatar
unknown committed
155 156
	set stat [catch {$db close} ret]
	error_check_good dbclose $stat 1
unknown's avatar
unknown committed
157
	error_check_good db:$testfile2:fail2 [is_substr $ret "DB_RUNRECOVERY"] 1
unknown's avatar
unknown committed
158

unknown's avatar
unknown committed
159
	puts "\tSec002.f: Replace root page in encrypted w/ unencrypted"
unknown's avatar
unknown committed
160
	set fid2 [open $testfile2 r+]
unknown's avatar
unknown committed
161
	fconfigure $fid2 -translation binary
unknown's avatar
unknown committed
162
	set fid4 [open $testfile4 r+]
unknown's avatar
unknown committed
163
	fconfigure $fid4 -translation binary
unknown's avatar
unknown committed
164 165
	seek $fid2 $pagesize start
	seek $fid4 $pagesize start
unknown's avatar
unknown committed
166
	fcopy $fid4 $fid2 -size $pagesize
unknown's avatar
unknown committed
167 168 169 170 171 172 173 174
	close $fid4
	close $fid2

	set db [berkdb_open_noerr -encryptaes $passwd2 $testfile2]
	error_check_good db [is_valid_db $db] TRUE
	set stat [catch {$db get $key} ret]
	error_check_good dbget $stat 1
	error_check_good db:$testfile2:fail \
unknown's avatar
unknown committed
175
	    [is_substr $ret "checksum error"] 1
unknown's avatar
unknown committed
176 177 178 179 180 181
	set stat [catch {$db close} ret]
	error_check_good dbclose $stat 1
	error_check_good db:$testfile2:fail [is_substr $ret "DB_RUNRECOVERY"] 1

	cleanup $testdir NULL 1
}