| #! /bin/bash |
| # SPDX-License-Identifier: GPL-2.0 |
| # Copyright 2019 Google LLC |
| # |
| # FS QA Test generic/580 |
| # |
| # Basic test of the fscrypt filesystem-level encryption keyring |
| # and v2 encryption policies. |
| # |
| |
| . ./common/preamble |
| _begin_fstest auto quick encrypt |
| echo |
| |
| # Import common functions. |
| . ./common/filter |
| . ./common/encrypt |
| |
| _require_scratch_encryption -v 2 |
| |
| _scratch_mkfs_encrypted &>> $seqres.full |
| _scratch_mount |
| |
| test_with_policy_version() |
| { |
| local vers=$1 |
| |
| if (( vers == 1 )); then |
| local keyspec=$TEST_KEY_DESCRIPTOR |
| local add_enckey_args="-d $keyspec" |
| else |
| local keyspec=$TEST_KEY_IDENTIFIER |
| local add_enckey_args="" |
| fi |
| |
| mkdir $dir |
| echo "# Setting v$vers encryption policy" |
| _set_encpolicy $dir $keyspec |
| echo "# Getting v$vers encryption policy" |
| _get_encpolicy $dir | _filter_scratch |
| if (( vers == 1 )); then |
| echo "# Getting v1 encryption policy using old ioctl" |
| _get_encpolicy $dir -1 | _filter_scratch |
| fi |
| echo "# Trying to create file without key added yet" |
| $XFS_IO_PROG -f $dir/file |& _filter_scratch |
| echo "# Getting encryption key status" |
| _enckey_status $SCRATCH_MNT $keyspec |
| echo "# Adding encryption key" |
| _add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" $add_enckey_args |
| echo "# Creating encrypted file" |
| echo contents > $dir/file |
| echo "# Getting encryption key status" |
| _enckey_status $SCRATCH_MNT $keyspec |
| echo "# Removing encryption key" |
| _rm_enckey $SCRATCH_MNT $keyspec |
| echo "# Getting encryption key status" |
| _enckey_status $SCRATCH_MNT $keyspec |
| echo "# Verifying that the encrypted directory was \"locked\"" |
| cat $dir/file |& _filter_scratch |
| cat "$(find $dir -type f)" |& _filter_scratch | cut -d ' ' -f3- |
| |
| # Test removing key with a file open. |
| echo "# Re-adding encryption key" |
| _add_enckey $SCRATCH_MNT "$TEST_RAW_KEY" $add_enckey_args |
| echo "# Creating another encrypted file" |
| echo foo > $dir/file2 |
| echo "# Removing key while an encrypted file is open" |
| exec 3< $dir/file |
| _rm_enckey $SCRATCH_MNT $keyspec |
| echo "# Non-open file should have been evicted" |
| cat $dir/file2 |& _filter_scratch |
| echo "# Open file shouldn't have been evicted" |
| cat $dir/file |
| echo "# Key should be in \"incompletely removed\" state" |
| _enckey_status $SCRATCH_MNT $keyspec |
| echo "# Closing file and removing key for real now" |
| exec 3<&- |
| _rm_enckey $SCRATCH_MNT $keyspec |
| cat $dir/file |& _filter_scratch |
| |
| echo "# Cleaning up" |
| rm -rf $dir |
| _scratch_cycle_mount # Clear all keys |
| echo |
| } |
| |
| dir=$SCRATCH_MNT/dir |
| |
| test_with_policy_version 1 |
| |
| test_with_policy_version 2 |
| |
| echo "# Trying to remove absent key" |
| _rm_enckey $SCRATCH_MNT abcdabcdabcdabcd |
| |
| # success, all done |
| status=0 |
| exit |