sec002.tcl   [plain text]

# See the file LICENSE for redistribution information.
#
# Copyright (c) 1999,2008 Oracle.  All rights reserved.
#
# $Id: sec002.tcl,v 12.6 2008/01/08 20:58:53 bostic Exp $
#
# TEST	sec002
# TEST	Test of security interface and catching errors in the
# TEST  face of attackers overwriting parts of existing files.
proc sec002 { } {
	global errorInfo
	global errorCode
	global has_crypto

	source ./include.tcl

	# Skip test if release does not support encryption.
	if { $has_crypto == 0 } {
		puts "Skipping test sec002 for non-crypto release."
		return
	}

	set testfile1 $testdir/sec002-1.db
	set testfile2 $testdir/sec002-2.db
	set testfile3 $testdir/sec002-3.db
	set testfile4 $testdir/sec002-4.db

	puts "Sec002: Test of basic encryption interface."
	env_cleanup $testdir

	set passwd1 "passwd1"
	set passwd2 "passwd2"
	set key "key"
	set data "data"
	set pagesize 1024

	#
	# Set up 4 databases, two encrypted, but with different passwords
	# and one unencrypt, but with checksumming turned on and one
	# unencrypted and no checksumming.  Place the exact same data
	# in each one.
	#
	puts "\tSec002.a: Setup databases"
	set db_cmd "-create -pagesize $pagesize -btree "
	set db [eval {berkdb_open} -encryptaes $passwd1 $db_cmd $testfile1]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

	set db [eval {berkdb_open} -encryptaes $passwd2 $db_cmd $testfile2]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

	set db [eval {berkdb_open} -chksum $db_cmd $testfile3]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

	set db [eval {berkdb_open} $db_cmd $testfile4]
	error_check_good db [is_valid_db $db] TRUE
	error_check_good dbput [$db put $key $data] 0
	error_check_good dbclose [$db close] 0

	#
	# If we reopen the normal file with the -chksum flag, there
	# should be no error and checksumming should be ignored.
	# If we reopen a checksummed file without the -chksum flag,
	# checksumming should still be in effect.  [#6959]
	#
	puts "\tSec002.b: Inheritance of chksum properties"
	puts "\t\tSec002.b1: Reopen ordinary file with -chksum flag"
	set db [eval {berkdb_open} -chksum $testfile4]
	error_check_good open_with_chksum [is_valid_db $db] TRUE
	set retdata [$db get $key]
	error_check_good testfile4_get [lindex [lindex $retdata 0] 1] $data
	error_check_good dbclose [$db close] 0

	puts "\t\tSec002.b2: Reopen checksummed file without -chksum flag"
	set db [eval {berkdb_open} $testfile3]
	error_check_good open_wo_chksum [is_valid_db $db] TRUE
	set retdata [$db get $key]
	error_check_good testfile3_get [lindex [lindex $retdata 0] 1] $data
	error_check_good dbclose [$db close] 0

	#
	# First just touch some bits in the file.  We know that in btree
	# meta pages, bytes 92-459 are unused.  Scribble on them in both
	# an encrypted, and both unencrypted files.  We should get
	# a checksum error for the encrypted, and checksummed files.
	# We should get no error for the normal file.
	#
	set fidlist {}
	set fid [open $testfile1 r+]
	lappend fidlist $fid
	set fid [open $testfile3 r+]
	lappend fidlist $fid
	set fid [open $testfile4 r+]
	lappend fidlist $fid

	puts "\tSec002.c: Overwrite unused space in meta-page"
	foreach f $fidlist {
		fconfigure $f -translation binary
		seek $f 100 start
		set byte [read $f 1]
		binary scan $byte c val
		set newval [expr ~$val]
		set newbyte [binary format c $newval]
		seek $f 100 start
		puts -nonewline $f $newbyte
		close $f
	}
	puts "\tSec002.d: Reopen modified databases"
	set stat [catch {berkdb_open_noerr -encryptaes $passwd1 $testfile1} ret]
	error_check_good db:$testfile1 $stat 1
	error_check_good db:$testfile1:fail \
	    [is_substr $ret "metadata page checksum error"] 1

	set stat [catch {berkdb_open_noerr -chksum $testfile3} ret]
	error_check_good db:$testfile3 $stat 1
	error_check_good db:$testfile3:fail \
	    [is_substr $ret "metadata page checksum error"] 1

	set stat [catch {berkdb_open_noerr $testfile4} db]
	error_check_good db:$testfile4 $stat 0
	error_check_good dbclose [$db close] 0

	# Skip the remainder of the test for Windows platforms.
	# Forcing the error which causes DB_RUNRECOVERY to be
	# returned ends up leaving open files that cannot be removed.
	if { $is_windows_test == 1 } {
		cleanup $testdir NULL 1
		puts "Skipping remainder of test for Windows"
		return
	}

	puts "\tSec002.e: Replace root page in encrypted w/ encrypted"
	set fid1 [open $testfile1 r+]
	fconfigure $fid1 -translation binary
	set fid2 [open $testfile2 r+]
	fconfigure $fid2 -translation binary
	seek $fid1 $pagesize start
	seek $fid2 $pagesize start
	fcopy $fid1 $fid2 -size $pagesize
	close $fid1
	close $fid2

	set db [berkdb_open_noerr -encryptaes $passwd2 $testfile2]
	error_check_good db [is_valid_db $db] TRUE
	set stat [catch {$db get $key} ret]
	error_check_good dbget $stat 1
	error_check_good db:$testfile2:fail1 \
	    [is_substr $ret "checksum error"] 1
	set stat [catch {$db close} ret]
	error_check_good dbclose $stat 1
	error_check_good db:$testfile2:fail2 [is_substr $ret "DB_RUNRECOVERY"] 1

	puts "\tSec002.f: Replace root page in encrypted w/ unencrypted"
	set fid2 [open $testfile2 r+]
	fconfigure $fid2 -translation binary
	set fid4 [open $testfile4 r+]
	fconfigure $fid4 -translation binary
	seek $fid2 $pagesize start
	seek $fid4 $pagesize start
	fcopy $fid4 $fid2 -size $pagesize
	close $fid4
	close $fid2

	set db [berkdb_open_noerr -encryptaes $passwd2 $testfile2]
	error_check_good db [is_valid_db $db] TRUE
	set stat [catch {$db get $key} ret]
	error_check_good dbget $stat 1
	error_check_good db:$testfile2:fail \
	    [is_substr $ret "checksum error"] 1
	set stat [catch {$db close} ret]
	error_check_good dbclose $stat 1
	error_check_good db:$testfile2:fail [is_substr $ret "DB_RUNRECOVERY"] 1

	cleanup $testdir NULL 1
}