tests/generic/580 - pub/scm/linux/kernel/git/jlayton/xfstests-dev - Git at Google

 #! /bin/bash
 # SPDX-License-Identifier: GPL-2.0
 # Copyright 2019 Google LLC
 #
 # FS QA Test generic/580
 #
 # Basic test of the fscrypt filesystem-level encryption keyring
 # and v2 encryption policies.
 #

 . ./common/preamble
 _begin_fstest auto quick encrypt
 echo

 # Import common functions.
 . ./common/filter
 . ./common/encrypt

 _require_scratch_encryption -v 2

 _scratch_mkfs_encrypted &>> $seqres.full
 _scratch_mount

 test_with_policy_version()
 {
 	local vers=$1

 	if (( vers == 1 )); then
 		local keyspec=$TEST_KEY_DESCRIPTOR
 		local add_enckey_args="-d $keyspec"
 	else
 		local keyspec=$TEST_KEY_IDENTIFIER
 		local add_enckey_args=""
 	fi

 	mkdir $dir
 	echo "# Setting v$vers encryption policy"
 	_set_encpolicy $dir $keyspec
 	echo "# Getting v$vers encryption policy"
 	_get_encpolicy $dir | _filter_scratch
 	if (( vers == 1 )); then
 		echo "# Getting v1 encryption policy using old ioctl"
 		_get_encpolicy $dir -1 | _filter_scratch
 	fi
 	echo "# Trying to create file without key added yet"
 	$XFS_IO_PROG -f $dir/file |& _filter_scratch
 	echo "# Getting encryption key status"
 	_enckey_status $SCRATCH_MNT $keyspec
 	echo "# Adding encryption key"
 	_add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" $add_enckey_args
 	echo "# Creating encrypted file"
 	echo contents > $dir/file
 	echo "# Getting encryption key status"
 	_enckey_status $SCRATCH_MNT $keyspec
 	echo "# Removing encryption key"
 	_rm_enckey $SCRATCH_MNT $keyspec
 	echo "# Getting encryption key status"
 	_enckey_status $SCRATCH_MNT $keyspec
 	echo "# Verifying that the encrypted directory was \"locked\""
 	cat $dir/file |& _filter_scratch
 	cat "$(find $dir -type f)" |& _filter_scratch | cut -d ' ' -f3-

 	# Test removing key with a file open.
 	echo "# Re-adding encryption key"
 	_add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" $add_enckey_args
 	echo "# Creating another encrypted file"
 	echo foo > $dir/file2
 	echo "# Removing key while an encrypted file is open"
 	exec 3< $dir/file
 	_rm_enckey $SCRATCH_MNT $keyspec
 	echo "# Non-open file should have been evicted"
 	cat $dir/file2 |& _filter_scratch
 	echo "# Open file shouldn't have been evicted"
 	cat $dir/file
 	echo "# Key should be in \"incompletely removed\" state"
 	_enckey_status $SCRATCH_MNT $keyspec
 	echo "# Closing file and removing key for real now"
 	exec 3<&-
 	_rm_enckey $SCRATCH_MNT $keyspec
 	cat $dir/file |& _filter_scratch

 	echo "# Cleaning up"
 	rm -rf $dir
 	_scratch_cycle_mount	# Clear all keys
 	echo
 }

 dir=$SCRATCH_MNT/dir

 test_with_policy_version 1

 test_with_policy_version 2

 echo "# Trying to remove absent key"
 _rm_enckey $SCRATCH_MNT abcdabcdabcdabcd

 # success, all done
 status=0
 exit
	#! /bin/bash
	# SPDX-License-Identifier: GPL-2.0
	# Copyright 2019 Google LLC
	#
	# FS QA Test generic/580
	#
	# Basic test of the fscrypt filesystem-level encryption keyring
	# and v2 encryption policies.
	#

	. ./common/preamble
	_begin_fstest auto quick encrypt
	echo

	# Import common functions.
	. ./common/filter
	. ./common/encrypt

	_require_scratch_encryption -v 2

	_scratch_mkfs_encrypted &>> $seqres.full
	_scratch_mount

	test_with_policy_version()
	{
	local vers=$1

	if (( vers == 1 )); then
	local keyspec=$TEST_KEY_DESCRIPTOR
	local add_enckey_args="-d $keyspec"
	else
	local keyspec=$TEST_KEY_IDENTIFIER
	local add_enckey_args=""
	fi

	mkdir $dir
	echo "# Setting v$vers encryption policy"
	_set_encpolicy $dir $keyspec
	echo "# Getting v$vers encryption policy"
	_get_encpolicy $dir \| _filter_scratch
	if (( vers == 1 )); then
	echo "# Getting v1 encryption policy using old ioctl"
	_get_encpolicy $dir -1 \| _filter_scratch
	fi
	echo "# Trying to create file without key added yet"
	$XFS_IO_PROG -f $dir/file \|& _filter_scratch
	echo "# Getting encryption key status"
	_enckey_status $SCRATCH_MNT $keyspec
	echo "# Adding encryption key"
	_add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" $add_enckey_args
	echo "# Creating encrypted file"
	echo contents > $dir/file
	echo "# Getting encryption key status"
	_enckey_status $SCRATCH_MNT $keyspec
	echo "# Removing encryption key"
	_rm_enckey $SCRATCH_MNT $keyspec
	echo "# Getting encryption key status"
	_enckey_status $SCRATCH_MNT $keyspec
	echo "# Verifying that the encrypted directory was \"locked\""
	cat $dir/file \|& _filter_scratch
	cat "$(find $dir -type f)" \|& _filter_scratch \| cut -d ' ' -f3-

	# Test removing key with a file open.
	echo "# Re-adding encryption key"
	_add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" $add_enckey_args
	echo "# Creating another encrypted file"
	echo foo > $dir/file2
	echo "# Removing key while an encrypted file is open"
	exec 3< $dir/file
	_rm_enckey $SCRATCH_MNT $keyspec
	echo "# Non-open file should have been evicted"
	cat $dir/file2 \|& _filter_scratch
	echo "# Open file shouldn't have been evicted"
	cat $dir/file
	echo "# Key should be in \"incompletely removed\" state"
	_enckey_status $SCRATCH_MNT $keyspec
	echo "# Closing file and removing key for real now"
	exec 3<&-
	_rm_enckey $SCRATCH_MNT $keyspec
	cat $dir/file \|& _filter_scratch

	echo "# Cleaning up"
	rm -rf $dir
	_scratch_cycle_mount # Clear all keys
	echo
	}

	dir=$SCRATCH_MNT/dir

	test_with_policy_version 1

	test_with_policy_version 2

	echo "# Trying to remove absent key"
	_rm_enckey $SCRATCH_MNT abcdabcdabcdabcd

	# success, all done
	status=0
	exit