* [PATCH 0/2] fstests: add btrfs encryption support
@ 2022-09-06 0:31 Sweet Tea Dorminy
2022-09-06 0:31 ` [PATCH 1/2] fstests: fscrypt: enable btrfs testing Sweet Tea Dorminy
2022-09-06 0:31 ` [PATCH 2/2] fstests: fscrypt: update tests of encryption contents for btrfs Sweet Tea Dorminy
0 siblings, 2 replies; 5+ messages in thread
From: Sweet Tea Dorminy @ 2022-09-06 0:31 UTC (permalink / raw)
To: fstests, linux-fscrypt, linux-btrfs, kernel-team; +Cc: Sweet Tea Dorminy
btrfs has several differences from other filesystems currently
integrated with fscrypt. It uses a newly proposed extent context object;
only works with direct key policies; and allows partially encrypted
directories. The design document can be found at [1].
As such, this splits a couple of tests and filters encryption policy
printing to account for different filesystems' different default
policies.
Tests for subvolume encryption, a key feature for btrfs, are not yet complete.
Necessary btrfs-progs changes are available at [2]; kernel changes
are available at [3].
[1]
https://lore.kernel.org/linux-btrfs/YXGyq+buM79A1S0L@relinquished.localdomain/
[2] https://lore.kernel.org/linux-btrfs/cover.1662420176.git.sweettea-kernel@dorminy.me
[3] https://lore.kernel.org/linux-btrfs/cover.1662417859.git.sweettea-kernel@dorminy.me
Changelog:
v2:
- Mostly rewrote and simplified the changes, as btrfs no longer requires
a separate new encryption policy.
- Added a filter function to account for different default encryption
policies.
- Split Adiantum tests, as only the direct-key variant works with
btrfs.
- https://lore.kernel.org/linux-btrfs/cover.1662417905.git.sweettea-kernel@dorminy.me
v1:
- https://lore.kernel.org/linux-btrfs/cover.1660729861.git.sweettea-kernel@dorminy.me
Sweet Tea Dorminy (2):
fstests: fscrypt: enable btrfs testing.
fstests: fscrypt: update tests of encryption contents for btrfs
common/encrypt | 141 +++++++++++++++++++++++++++++++++++++--
common/verity | 2 +-
src/fscrypt-crypt-util.c | 18 ++++-
tests/btrfs/298 | 85 +++++++++++++++++++++++
tests/btrfs/298.out | 47 +++++++++++++
tests/generic/395 | 10 ++-
tests/generic/395.out | 18 ++---
tests/generic/435 | 10 ++-
tests/generic/550 | 2 -
tests/generic/550.out | 5 --
tests/generic/576 | 3 +-
tests/generic/576.out | 6 +-
tests/generic/580 | 5 +-
tests/generic/580.out | 18 ++---
tests/generic/581 | 4 +-
tests/generic/581.out | 12 ++--
tests/generic/584 | 2 -
tests/generic/584.out | 5 --
tests/generic/720 | 26 ++++++++
tests/generic/720.out | 6 ++
tests/generic/721 | 26 ++++++++
tests/generic/721.out | 6 ++
22 files changed, 398 insertions(+), 59 deletions(-)
create mode 100755 tests/btrfs/298
create mode 100644 tests/btrfs/298.out
create mode 100755 tests/generic/720
create mode 100644 tests/generic/720.out
create mode 100755 tests/generic/721
create mode 100644 tests/generic/721.out
--
2.35.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] fstests: fscrypt: enable btrfs testing.
2022-09-06 0:31 [PATCH 0/2] fstests: add btrfs encryption support Sweet Tea Dorminy
@ 2022-09-06 0:31 ` Sweet Tea Dorminy
2022-09-07 9:02 ` Zorro Lang
2022-09-06 0:31 ` [PATCH 2/2] fstests: fscrypt: update tests of encryption contents for btrfs Sweet Tea Dorminy
1 sibling, 1 reply; 5+ messages in thread
From: Sweet Tea Dorminy @ 2022-09-06 0:31 UTC (permalink / raw)
To: fstests, linux-fscrypt, linux-btrfs, kernel-team; +Cc: Sweet Tea Dorminy
btrfs' fscrypt integration has more stringent requirements than other
filesystems using fscrypt: the default policy is not permitted.
To make many pass, this adds several common pieces:
- _set_encpolicy tries to automatically use a direct-key Adiantum policy
for btrfs, if none is set.
- for many tests using a default policy, a filter is applied to make
default policy for most FS's, or Adiantum for btrfs, work.
- _scratch_mkfs_sized_encrypted can deal with btrfs
These pieces are used in tests to make most generic tests work with
btrfs, and a new test is added resembling generic/395 to account for
btrfs' directory policy.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
common/encrypt | 72 +++++++++++++++++++++++++++++++++++-
common/verity | 2 +-
tests/btrfs/298 | 85 +++++++++++++++++++++++++++++++++++++++++++
tests/btrfs/298.out | 47 ++++++++++++++++++++++++
tests/generic/395 | 10 +++--
tests/generic/395.out | 18 ++++-----
tests/generic/435 | 10 ++++-
tests/generic/576 | 3 +-
tests/generic/576.out | 6 +--
tests/generic/580 | 5 ++-
tests/generic/580.out | 18 ++++-----
tests/generic/581 | 4 +-
tests/generic/581.out | 12 +++---
13 files changed, 252 insertions(+), 40 deletions(-)
create mode 100755 tests/btrfs/298
create mode 100644 tests/btrfs/298.out
diff --git a/common/encrypt b/common/encrypt
index 8f3c46f6..c2e3e6f6 100644
--- a/common/encrypt
+++ b/common/encrypt
@@ -102,7 +102,7 @@ _require_encryption_policy_support()
_scratch_unmount
_scratch_mkfs_stable_inodes_encrypted &>> $seqres.full
_scratch_mount
- fi
+ fi;
mkdir $dir
if (( policy_version > 1 )); then
@@ -146,7 +146,7 @@ _require_encryption_policy_support()
_scratch_mkfs_encrypted()
{
case $FSTYP in
- ext4|f2fs)
+ btrfs|ext4|f2fs)
_scratch_mkfs -O encrypt
;;
ubifs)
@@ -165,6 +165,9 @@ _scratch_mkfs_sized_encrypted()
ext4|f2fs)
MKFS_OPTIONS="$MKFS_OPTIONS -O encrypt" _scratch_mkfs_sized $*
;;
+ btrfs)
+ _scratch_mkfs_sized $*
+ ;;
*)
_notrun "Filesystem $FSTYP not supported in _scratch_mkfs_sized_encrypted"
;;
@@ -356,6 +359,18 @@ _set_encpolicy()
{
local dir=$1
shift
+ if [ "$FSTYP" = "btrfs" ]; then
+ # Append DIRECT_KEY flag, and set mode to Adiantum, if not set.
+ if ! [[ "$*" =~ -f ]]; then
+ set -- "$* -f ${FSCRYPT_POLICY_FLAG_DIRECT_KEY}"
+ fi
+ if ! [[ "$*" =~ -c ]]; then
+ set -- "$* -c ${FSCRYPT_MODE_ADIANTUM}"
+ fi
+ if ! [[ "$*" =~ -n ]]; then
+ set -- "$* -n ${FSCRYPT_MODE_ADIANTUM}"
+ fi
+ fi
$XFS_IO_PROG -c "set_encpolicy $*" "$dir"
}
@@ -364,6 +379,18 @@ _user_do_set_encpolicy()
{
local dir=$1
shift
+ if [ "$FSTYP" = "btrfs" ]; then
+ # Append DIRECT_KEY flag, and set mode to Adiantum, if not set.
+ if ! [[ "$*" =~ -f ]]; then
+ set -- "$* -f ${FSCRYPT_POLICY_FLAG_DIRECT_KEY}"
+ fi
+ if ! [[ "$*" =~ -c ]]; then
+ set -- "$* -c ${FSCRYPT_MODE_ADIANTUM}"
+ fi
+ if ! [[ "$*" =~ -n ]]; then
+ set -- "$* -n ${FSCRYPT_MODE_ADIANTUM}"
+ fi
+ fi
_user_do "$XFS_IO_PROG -c \"set_encpolicy $*\" \"$dir\""
}
@@ -491,6 +518,18 @@ _get_encryption_nonce()
local inode=$2
case $FSTYP in
+ btrfs)
+ # btrfs prints the fscrypt_context like:
+ #
+ # item 18 key (258 FSCRYPT_CTXT_ITEM 0) itemoff 15218 itemsize 40
+ # value: 0201042000000000000000000000000000000000000000007907c9718128b82caebfa42e881b0163
+ #
+ $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+ grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \
+ awk '/value: [[:xdigit:]]+$/ {
+ print substr($0, length($0) - 31, 32);
+ }'
+ ;;
ext4)
# Use debugfs to dump the special xattr named "c", which is the
# file's fscrypt_context. This produces a line like:
@@ -539,6 +578,9 @@ _require_get_encryption_nonce_support()
{
echo "Checking for _get_encryption_nonce() support for $FSTYP" >> $seqres.full
case $FSTYP in
+ btrfs)
+ _require_command "$BTRFS_UTIL_PROG" btrfs
+ ;;
ext4)
_require_command "$DEBUGFS_PROG" debugfs
;;
@@ -888,6 +930,11 @@ _verify_ciphertext_for_encryption_policy()
if (( policy_version > 1 )); then
set_encpolicy_args+=" -v 2"
crypt_util_args+=" --kdf=HKDF-SHA512"
+ if [ "$FSTYP" = "btrfs" ]; then
+ if (( policy_flags == 0 )); then
+ _notrun "Btrfs does not accept default policies"
+ fi
+ fi
if (( policy_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY )); then
crypt_util_args+=" --direct-key"
elif (( policy_flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 )); then
@@ -1001,3 +1048,24 @@ _filter_nokey_filenames()
# of characters that have ever been used in such names.
sed "s|${dir}${dir:+/}[A-Za-z0-9+,_-]\+|${dir}${dir:+/}NOKEY_NAME|g"
}
+
+# Replace the default encryption mode for a filesystem with "DEFAULT".
+_filter_default_encryption_mode()
+{
+ CONTENTS_PREFIX="Contents encryption mode:"
+ DEFAULT_CONTENTS_MODE="1 (AES-256-XTS)"
+ FILENAME_PREFIX="Filenames encryption mode:"
+ DEFAULT_FILENAME_MODE="4 (AES-256-CTS)"
+ DEFAULT_FLAGS="Flags: 0x02"
+
+ if [ "$FSTYP" = "btrfs" ]; then
+ DEFAULT_CONTENTS_MODE="9 (Adiantum)"
+ DEFAULT_FILENAME_MODE="9 (Adiantum)"
+ DEFAULT_FLAGS="Flags: 0x04"
+ fi
+
+ sed "s/$CONTENTS_PREFIX $DEFAULT_CONTENTS_MODE/$CONTENTS_PREFIX DEFAULT/" | \
+ sed "s/$FILENAME_PREFIX $DEFAULT_FILENAME_MODE/$FILENAME_PREFIX DEFAULT/" | \
+ sed "s/$DEFAULT_FLAGS/Flags: DEFAULT/"
+}
+
diff --git a/common/verity b/common/verity
index cb7fa333..82a4ff90 100644
--- a/common/verity
+++ b/common/verity
@@ -178,7 +178,7 @@ _scratch_mkfs_verity()
_scratch_mkfs_encrypted_verity()
{
case $FSTYP in
- ext4)
+ ext4|btrfs)
_scratch_mkfs -O encrypt,verity
;;
f2fs)
diff --git a/tests/btrfs/298 b/tests/btrfs/298
new file mode 100755
index 00000000..ff97fd87
--- /dev/null
+++ b/tests/btrfs/298
@@ -0,0 +1,85 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# FS QA Test No. 298
+#
+# Test setting and getting encryption policies. Like generic/395, but allows
+# setting encryption policy on a nonempty directory.
+#
+. ./common/preamble
+_begin_fstest auto quick encrypt
+
+# Import common functions.
+. ./common/filter
+. ./common/encrypt
+
+# real QA test starts here
+_supported_fs generic
+_require_scratch_encryption
+_require_xfs_io_command "get_encpolicy"
+_require_user
+
+_scratch_mkfs_encrypted &>> $seqres.full
+_scratch_mount
+
+# Should be able to set an encryption policy on an empty directory
+empty_dir=$SCRATCH_MNT/empty_dir
+echo -e "\n*** Setting encryption policy on empty directory ***"
+mkdir $empty_dir
+_get_encpolicy $empty_dir |& _filter_scratch
+_set_encpolicy $empty_dir 0000111122223333
+_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
+
+# Should be able to set the same policy again, but not a different one.
+echo -e "\n*** Setting encryption policy again ***"
+_set_encpolicy $empty_dir 0000111122223333
+_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
+_set_encpolicy $empty_dir 4444555566667777 |& _filter_scratch
+_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
+
+# Should be able to set an encryption policy on a nonempty directory
+nonempty_dir=$SCRATCH_MNT/nonempty_dir
+echo -e "\n*** Setting encryption policy on nonempty directory ***"
+mkdir $nonempty_dir
+touch $nonempty_dir/file
+_set_encpolicy $nonempty_dir | _filter_scratch
+_get_encpolicy $nonempty_dir | _filter_scratch
+
+# Should *not* be able to set an encryption policy on a nondirectory file, even
+# an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting
+# encryption policy on directories".
+nondirectory=$SCRATCH_MNT/nondirectory
+echo -e "\n*** Setting encryption policy on nondirectory ***"
+touch $nondirectory
+_set_encpolicy $nondirectory |& _filter_scratch
+_get_encpolicy $nondirectory |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on another user's directory.
+# Regression test for 163ae1c6ad62: "fscrypto: add authorization check for
+# setting encryption policy".
+unauthorized_dir=$SCRATCH_MNT/unauthorized_dir
+echo -e "\n*** Setting encryption policy on another user's directory ***"
+mkdir $unauthorized_dir
+_user_do_set_encpolicy $unauthorized_dir |& _filter_scratch
+_get_encpolicy $unauthorized_dir |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on a directory on a
+# filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto:
+# require write access to mount to set encryption policy". Test both a regular
+# readonly filesystem and a readonly bind mount of a read-write filesystem.
+echo -e "\n*** Setting encryption policy on readonly filesystem ***"
+mkdir $SCRATCH_MNT/ro_dir $SCRATCH_MNT/ro_bind_mnt
+_scratch_remount ro
+_set_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
+_get_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
+_scratch_remount rw
+mount --bind $SCRATCH_MNT $SCRATCH_MNT/ro_bind_mnt
+mount -o remount,ro,bind $SCRATCH_MNT/ro_bind_mnt
+_set_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
+_get_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
+umount $SCRATCH_MNT/ro_bind_mnt
+
+# success, all done
+status=0
+exit
diff --git a/tests/btrfs/298.out b/tests/btrfs/298.out
new file mode 100644
index 00000000..5e311d3c
--- /dev/null
+++ b/tests/btrfs/298.out
@@ -0,0 +1,47 @@
+QA output created by 298
+
+*** Setting encryption policy on empty directory ***
+SCRATCH_MNT/empty_dir: failed to get encryption policy: No data available
+Encryption policy for SCRATCH_MNT/empty_dir:
+ Policy version: 0
+ Master key descriptor: 0000111122223333
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
+
+*** Setting encryption policy again ***
+Encryption policy for SCRATCH_MNT/empty_dir:
+ Policy version: 0
+ Master key descriptor: 0000111122223333
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
+SCRATCH_MNT/empty_dir: failed to set encryption policy: File exists
+Encryption policy for SCRATCH_MNT/empty_dir:
+ Policy version: 0
+ Master key descriptor: 0000111122223333
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
+
+*** Setting encryption policy on nonempty directory ***
+Encryption policy for SCRATCH_MNT/nonempty_dir:
+ Policy version: 0
+ Master key descriptor: 0000000000000000
+ Contents encryption mode: 9 (Adiantum)
+ Filenames encryption mode: 9 (Adiantum)
+ Flags: 0x04
+
+*** Setting encryption policy on nondirectory ***
+SCRATCH_MNT/nondirectory: failed to set encryption policy: Not a directory
+SCRATCH_MNT/nondirectory: failed to get encryption policy: No data available
+
+*** Setting encryption policy on another user's directory ***
+Permission denied
+SCRATCH_MNT/unauthorized_dir: failed to get encryption policy: No data available
+
+*** Setting encryption policy on readonly filesystem ***
+SCRATCH_MNT/ro_dir: failed to set encryption policy: Read-only file system
+SCRATCH_MNT/ro_dir: failed to get encryption policy: No data available
+SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to set encryption policy: Read-only file system
+SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to get encryption policy: No data available
diff --git a/tests/generic/395 b/tests/generic/395
index ab2ad612..d08544dc 100755
--- a/tests/generic/395
+++ b/tests/generic/395
@@ -22,20 +22,24 @@ _require_user
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
+if [ "$FSTYP" = "btrfs" ]; then
+ _notrun "Btrfs has a different non-empty directory policy"
+fi
+
# Should be able to set an encryption policy on an empty directory
empty_dir=$SCRATCH_MNT/empty_dir
echo -e "\n*** Setting encryption policy on empty directory ***"
mkdir $empty_dir
_get_encpolicy $empty_dir |& _filter_scratch
_set_encpolicy $empty_dir 0000111122223333
-_get_encpolicy $empty_dir | _filter_scratch
+_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
# Should be able to set the same policy again, but not a different one.
echo -e "\n*** Setting encryption policy again ***"
_set_encpolicy $empty_dir 0000111122223333
-_get_encpolicy $empty_dir | _filter_scratch
+_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
_set_encpolicy $empty_dir 4444555566667777 |& _filter_scratch
-_get_encpolicy $empty_dir | _filter_scratch
+_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
# Should *not* be able to set an encryption policy on a nonempty directory
nonempty_dir=$SCRATCH_MNT/nonempty_dir
diff --git a/tests/generic/395.out b/tests/generic/395.out
index 2c55d7a9..541cab50 100644
--- a/tests/generic/395.out
+++ b/tests/generic/395.out
@@ -5,24 +5,24 @@ SCRATCH_MNT/empty_dir: failed to get encryption policy: No data available
Encryption policy for SCRATCH_MNT/empty_dir:
Policy version: 0
Master key descriptor: 0000111122223333
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
*** Setting encryption policy again ***
Encryption policy for SCRATCH_MNT/empty_dir:
Policy version: 0
Master key descriptor: 0000111122223333
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
SCRATCH_MNT/empty_dir: failed to set encryption policy: File exists
Encryption policy for SCRATCH_MNT/empty_dir:
Policy version: 0
Master key descriptor: 0000111122223333
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
*** Setting encryption policy on nonempty directory ***
SCRATCH_MNT/nonempty_dir: failed to set encryption policy: Directory not empty
diff --git a/tests/generic/435 b/tests/generic/435
index bb1cbb62..374e2a29 100755
--- a/tests/generic/435
+++ b/tests/generic/435
@@ -27,6 +27,13 @@ _supported_fs generic
_require_scratch_encryption
_require_command "$KEYCTL_PROG" keyctl
+# -f 0x2: zero-pad to 16-byte boundary (i.e. encryption block boundary)
+FLAGS_NEEDED=0x2
+if [ "$FSTYP" = "btrfs" ]; then
+ # btrfs must use a direct key policy
+ FLAGS_NEEDED=0x6
+fi
+
# set up an encrypted directory
_init_session_keyring
@@ -34,8 +41,7 @@ _scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
mkdir $SCRATCH_MNT/edir
keydesc=$(_generate_session_encryption_key)
-# -f 0x2: zero-pad to 16-byte boundary (i.e. encryption block boundary)
-_set_encpolicy $SCRATCH_MNT/edir $keydesc -f 0x2
+_set_encpolicy $SCRATCH_MNT/edir $keydesc -f $FLAGS_NEEDED
# Create files with long names (> 32 bytes, long enough to trigger the use of
# "digested" names) in the encrypted directory.
diff --git a/tests/generic/576 b/tests/generic/576
index c8862de2..fbd72f8c 100755
--- a/tests/generic/576
+++ b/tests/generic/576
@@ -51,7 +51,8 @@ cp $fsv_orig_file $fsv_file
_fsv_enable $fsv_file
echo
$XFS_IO_PROG -r -c "get_encpolicy" $fsv_file | _filter_scratch \
- | sed 's/Master key descriptor:.*/Master key descriptor: 0000000000000000/'
+ | sed 's/Master key descriptor:.*/Master key descriptor: 0000000000000000/' \
+ | _filter_default_encryption_mode
echo
# Verify that the file contents are as expected. This should be going through
diff --git a/tests/generic/576.out b/tests/generic/576.out
index cd8527b9..3d875b62 100644
--- a/tests/generic/576.out
+++ b/tests/generic/576.out
@@ -3,9 +3,9 @@ QA output created by 576
Encryption policy for SCRATCH_MNT/edir/file.fsv:
Policy version: 0
Master key descriptor: 0000000000000000
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
Files matched
Files matched
diff --git a/tests/generic/580 b/tests/generic/580
index 73f32ff9..8faa0dc2 100755
--- a/tests/generic/580
+++ b/tests/generic/580
@@ -39,10 +39,11 @@ test_with_policy_version()
echo "# Setting v$vers encryption policy"
_set_encpolicy $dir $keyspec
echo "# Getting v$vers encryption policy"
- _get_encpolicy $dir | _filter_scratch
+ _get_encpolicy $dir | _filter_scratch | _filter_default_encryption_mode
if (( vers == 1 )); then
echo "# Getting v1 encryption policy using old ioctl"
- _get_encpolicy $dir -1 | _filter_scratch
+ _get_encpolicy $dir -1 | _filter_scratch | \
+ _filter_default_encryption_mode
fi
echo "# Trying to create file without key added yet"
$XFS_IO_PROG -f $dir/file |& _filter_scratch
diff --git a/tests/generic/580.out b/tests/generic/580.out
index 989d4514..0c930827 100644
--- a/tests/generic/580.out
+++ b/tests/generic/580.out
@@ -5,16 +5,16 @@ QA output created by 580
Encryption policy for SCRATCH_MNT/dir:
Policy version: 0
Master key descriptor: 0000111122223333
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
# Getting v1 encryption policy using old ioctl
Encryption policy for SCRATCH_MNT/dir:
Policy version: 0
Master key descriptor: 0000111122223333
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
# Trying to create file without key added yet
SCRATCH_MNT/dir/file: Required key not available
# Getting encryption key status
@@ -52,9 +52,9 @@ cat: SCRATCH_MNT/dir/file: No such file or directory
Encryption policy for SCRATCH_MNT/dir:
Policy version: 2
Master key identifier: 69b2f6edeee720cce0577937eb8a6751
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
# Trying to create file without key added yet
SCRATCH_MNT/dir/file: Required key not available
# Getting encryption key status
diff --git a/tests/generic/581 b/tests/generic/581
index cabc7e1c..b2659b66 100755
--- a/tests/generic/581
+++ b/tests/generic/581
@@ -52,7 +52,7 @@ echo "# Setting v1 policy as regular user (should succeed)"
_user_do_set_encpolicy $dir $keydesc
echo "# Getting v1 policy as regular user (should succeed)"
-_user_do_get_encpolicy $dir | _filter_scratch
+_user_do_get_encpolicy $dir | _filter_scratch | _filter_default_encryption_mode
echo "# Adding v1 policy key as regular user (should fail with EACCES)"
_user_do_add_enckey $SCRATCH_MNT "$raw_key" -d $keydesc
@@ -71,7 +71,7 @@ echo "# Setting v2 policy as regular user with key added (should succeed)"
_user_do_set_encpolicy $dir $keyid
echo "# Getting v2 policy as regular user (should succeed)"
-_user_do_get_encpolicy $dir | _filter_scratch
+_user_do_get_encpolicy $dir | _filter_scratch | _filter_default_encryption_mode
echo "# Creating encrypted file as regular user (should succeed)"
_user_do "echo contents > $dir/file"
diff --git a/tests/generic/581.out b/tests/generic/581.out
index b3f7d889..544f7579 100644
--- a/tests/generic/581.out
+++ b/tests/generic/581.out
@@ -5,9 +5,9 @@ QA output created by 581
Encryption policy for SCRATCH_MNT/dir:
Policy version: 0
Master key descriptor: 0000111122223333
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
# Adding v1 policy key as regular user (should fail with EACCES)
Permission denied
@@ -20,9 +20,9 @@ Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751
Encryption policy for SCRATCH_MNT/dir:
Policy version: 2
Master key identifier: 69b2f6edeee720cce0577937eb8a6751
- Contents encryption mode: 1 (AES-256-XTS)
- Filenames encryption mode: 4 (AES-256-CTS)
- Flags: 0x02
+ Contents encryption mode: DEFAULT
+ Filenames encryption mode: DEFAULT
+ Flags: DEFAULT
# Creating encrypted file as regular user (should succeed)
# Removing v2 policy key as regular user (should succeed)
Removed encryption key with identifier 69b2f6edeee720cce0577937eb8a6751
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] fstests: fscrypt: update tests of encryption contents for btrfs
2022-09-06 0:31 [PATCH 0/2] fstests: add btrfs encryption support Sweet Tea Dorminy
2022-09-06 0:31 ` [PATCH 1/2] fstests: fscrypt: enable btrfs testing Sweet Tea Dorminy
@ 2022-09-06 0:31 ` Sweet Tea Dorminy
1 sibling, 0 replies; 5+ messages in thread
From: Sweet Tea Dorminy @ 2022-09-06 0:31 UTC (permalink / raw)
To: fstests, linux-fscrypt, linux-btrfs, kernel-team; +Cc: Sweet Tea Dorminy
As btrfs uses extent-based encryption, tests and tools for verifying
content encryption need updates. This change updates the tool with an
option to explicitly specify IV; updates the test functions to extract
per-extent IVs, assuming there is only one extent per inode; and updates
the test functions to use btrfs's dump-tree as necessary to extract
information. It also splits apart the two Adiantum tests to test direct
and non-direct key policies separately, as btrfs is incompatible with
non-direct key policies.
It is somewhat fragile to assume that the contents always fit within one
extent, but no test yet uses large enough files for this to be an issue.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
common/encrypt | 80 +++++++++++++++++++++++++++++++++++-----
src/fscrypt-crypt-util.c | 18 ++++++++-
tests/generic/550 | 2 -
tests/generic/550.out | 5 ---
tests/generic/584 | 2 -
tests/generic/584.out | 5 ---
tests/generic/720 | 26 +++++++++++++
tests/generic/720.out | 6 +++
tests/generic/721 | 26 +++++++++++++
tests/generic/721.out | 6 +++
10 files changed, 152 insertions(+), 24 deletions(-)
create mode 100755 tests/generic/720
create mode 100644 tests/generic/720.out
create mode 100755 tests/generic/721
create mode 100644 tests/generic/721.out
diff --git a/common/encrypt b/common/encrypt
index c2e3e6f6..46b24fd8 100644
--- a/common/encrypt
+++ b/common/encrypt
@@ -573,6 +573,41 @@ _get_encryption_nonce()
esac
}
+# Retrieve the encryption IV of the first file extent in an inode as a hex
+# string. The IV was randomly generated by the filesystem, in the case of
+# btrfs, and isn't exposed directly to userspace. But it can be read using
+# the filesystem's debugging tools.
+_get_extent_iv()
+{
+ local device=$1
+ local inode=$2
+
+ case $FSTYP in
+ btrfs)
+ # btrfs prints the file extents (for simple unshared
+ # inodes) like:
+ # item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69
+ # generation 7 type 1 (regular)
+ # extent data disk byte 5304320 nr 1048576
+ # extent data offset 0 nr 1048576 ram 1048576
+ # extent compression 0 (none)
+ # extent encryption 133 (1, 33: context 0177d05501da7c23920f9ca00872f0bbc3)
+ # The first character of the context is the version; the rest
+ # are the IV.
+
+ #
+ $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+ grep -A 5 "key ($inode EXTENT_DATA 0)" | \
+ awk '/ context [[:xdigit:]]+)/ {
+ match($0, /context ([[:xdigit:]]+)\)/,a);
+ print substr(a[1], 3, length(a[1]) - 1);
+ }'
+ ;;
+ *)
+ _fail "_get_extent_iv() isn't implemented on $FSTYP" ;;
+ esac
+}
+
# Require support for _get_encryption_nonce()
_require_get_encryption_nonce_support()
{
@@ -607,6 +642,19 @@ _get_ciphertext_filename()
local dir_inode=$3
case $FSTYP in
+ btrfs)
+ # Extract the filename from the inode_ref object, similar to:
+ # item 24 key (259 INODE_REF 257) itemoff 14826 itemsize 26
+ # index 3 namelen 16 name: J\xf7\x15tD\x8eL\xae/\x98\x9f\x09\xc1\xb6\x09>
+ #
+ $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+ grep -A 1 "key ($inode INODE_REF " | tail -n 1 | \
+ perl -ne '
+ s/.*?name: //;
+ chomp;
+ s/\\x([[:xdigit:]]{2})/chr hex $1/eg;
+ print;'
+ ;;
ext4)
# Extract the filename from the debugfs output line like:
#
@@ -661,6 +709,10 @@ _require_get_ciphertext_filename_support()
{
echo "Checking for _get_ciphertext_filename() support for $FSTYP" >> $seqres.full
case $FSTYP in
+ btrfs)
+ # Verify that we have BTRFS_UTIL_PROG
+ _require_btrfs_command inspect-internal dump-tree
+ ;;
ext4)
# Verify that the "ls -l -r" debugfs command is supported and
# that it hex-encodes non-ASCII characters, rather than using an
@@ -744,7 +796,7 @@ _do_verify_ciphertext_for_encryption_policy()
local raw_key_hex=$6
local crypt_contents_cmd="$here/src/fscrypt-crypt-util $7"
local crypt_filename_cmd="$here/src/fscrypt-crypt-util $8"
-
+ local use_iv=$9
local blocksize=$(_get_block_size $SCRATCH_MNT)
local test_contents_files=()
local test_filenames_files=()
@@ -798,18 +850,24 @@ _do_verify_ciphertext_for_encryption_policy()
echo "Verifying encrypted file contents" >> $seqres.full
for f in "${test_contents_files[@]}"; do
+ local iv_arg=""
read -r src inode blocklist <<< "$f"
nonce=$(_get_encryption_nonce $SCRATCH_DEV $inode)
_dump_ciphertext_blocks $SCRATCH_DEV $blocklist > $tmp.actual_contents
+ if [ -n "$use_iv" ]; then
+ local iv_hex=$(_get_extent_iv $SCRATCH_DEV $inode)
+ iv_arg=" --iv=$iv_hex"
+ fi
+
$crypt_contents_cmd $contents_encryption_mode $raw_key_hex \
--file-nonce=$nonce --block-size=$blocksize \
- --inode-number=$inode < $src > $tmp.expected_contents
+ --inode-number=$inode $iv_arg < $src > $tmp.expected_contents
if ! cmp $tmp.expected_contents $tmp.actual_contents; then
_fail "Expected encrypted contents != actual encrypted contents. File: $f"
fi
$crypt_contents_cmd $contents_encryption_mode $raw_key_hex \
--decrypt --file-nonce=$nonce --block-size=$blocksize \
- --inode-number=$inode \
+ --inode-number=$inode $iv_arg \
< $tmp.actual_contents > $tmp.decrypted_contents
if ! cmp $src $tmp.decrypted_contents; then
_fail "Contents decryption sanity check failed. File: $f"
@@ -894,6 +952,7 @@ _verify_ciphertext_for_encryption_policy()
local crypt_util_contents_args=""
local crypt_util_filename_args=""
local expected_identifier
+ local use_iv=""
shift 2
for opt; do
@@ -927,14 +986,16 @@ _verify_ciphertext_for_encryption_policy()
crypt_util_contents_args+=" --mode-num=$contents_mode_num"
crypt_util_filename_args+=" --mode-num=$filenames_mode_num"
+ if [ "$FSTYP" == "btrfs" ]; then
+ if (( policy_flags == 0 )); then
+ _notrun "Btrfs does not accept default policies"
+ fi
+ use_iv=1
+ fi
+
if (( policy_version > 1 )); then
set_encpolicy_args+=" -v 2"
crypt_util_args+=" --kdf=HKDF-SHA512"
- if [ "$FSTYP" = "btrfs" ]; then
- if (( policy_flags == 0 )); then
- _notrun "Btrfs does not accept default policies"
- fi
- fi
if (( policy_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY )); then
crypt_util_args+=" --direct-key"
elif (( policy_flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 )); then
@@ -1026,7 +1087,8 @@ EOF
"$keyspec" \
"$raw_key_hex" \
"$crypt_util_contents_args" \
- "$crypt_util_filename_args"
+ "$crypt_util_filename_args" \
+ "$use_iv"
}
# Replace no-key filenames in the given directory with "NOKEY_NAME".
diff --git a/src/fscrypt-crypt-util.c b/src/fscrypt-crypt-util.c
index ffb9534d..93b8a36f 100644
--- a/src/fscrypt-crypt-util.c
+++ b/src/fscrypt-crypt-util.c
@@ -76,6 +76,8 @@ static void usage(FILE *fp)
" --inode-number=INUM The file's inode number. Required for\n"
" --iv-ino-lblk-32 and --iv-ino-lblk-64;\n"
" otherwise is unused.\n"
+" --iv=IV For extent-based encryption filesystems, the\n"
+" starting IV for the file\n"
" --iv-ino-lblk-32 Similar to --iv-ino-lblk-64, but selects the\n"
" 32-bit variant.\n"
" --iv-ino-lblk-64 Use the format where the IVs include the inode\n"
@@ -1794,6 +1796,8 @@ struct key_and_iv_params {
u8 file_nonce[FILE_NONCE_SIZE];
bool file_nonce_specified;
bool direct_key;
+ u8 iv[MAX_IV_SIZE];
+ bool iv_set;
bool iv_ino_lblk_64;
bool iv_ino_lblk_32;
u64 block_number;
@@ -1901,7 +1905,9 @@ static void generate_iv(const struct key_and_iv_params *params,
union fscrypt_iv *iv)
{
memset(iv, 0, sizeof(*iv));
- if (params->direct_key) {
+ if (params->iv_set) {
+ memcpy(iv->bytes, params->iv, MAX_IV_SIZE);
+ } else if (params->direct_key) {
if (!params->file_nonce_specified)
die("--direct-key requires --file-nonce");
iv->block_number = cpu_to_le64(params->block_number);
@@ -1987,6 +1993,7 @@ enum {
OPT_FS_UUID,
OPT_HELP,
OPT_INODE_NUMBER,
+ OPT_IV,
OPT_IV_INO_LBLK_32,
OPT_IV_INO_LBLK_64,
OPT_KDF,
@@ -2004,6 +2011,7 @@ static const struct option longopts[] = {
{ "fs-uuid", required_argument, NULL, OPT_FS_UUID },
{ "help", no_argument, NULL, OPT_HELP },
{ "inode-number", required_argument, NULL, OPT_INODE_NUMBER },
+ { "iv", required_argument, NULL, OPT_IV },
{ "iv-ino-lblk-32", no_argument, NULL, OPT_IV_INO_LBLK_32 },
{ "iv-ino-lblk-64", no_argument, NULL, OPT_IV_INO_LBLK_64 },
{ "kdf", required_argument, NULL, OPT_KDF },
@@ -2082,6 +2090,14 @@ int main(int argc, char *argv[])
if (params.inode_number <= 0 || *tmp || errno)
die("Invalid inode number: %s", optarg);
break;
+ case OPT_IV:
+ int iv_len = hex2bin(optarg, params.iv, MAX_IV_SIZE);
+ if ((iv_len != AES_BLOCK_SIZE) &&
+ (iv_len != ADIANTUM_IV_SIZE))
+ die("Invalid iv length: %d (must be %u or %u)",
+ iv_len, AES_BLOCK_SIZE, ADIANTUM_IV_SIZE);
+ params.iv_set = true;
+ break;
case OPT_IV_INO_LBLK_32:
params.iv_ino_lblk_32 = true;
break;
diff --git a/tests/generic/550 b/tests/generic/550
index aa792089..1c350090 100755
--- a/tests/generic/550
+++ b/tests/generic/550
@@ -17,9 +17,7 @@ _begin_fstest auto quick encrypt
# real QA test starts here
_supported_fs generic
-# Test both with and without the DIRECT_KEY flag.
_verify_ciphertext_for_encryption_policy Adiantum Adiantum
-_verify_ciphertext_for_encryption_policy Adiantum Adiantum direct
# success, all done
status=0
diff --git a/tests/generic/550.out b/tests/generic/550.out
index 4cec7570..418fa0b1 100644
--- a/tests/generic/550.out
+++ b/tests/generic/550.out
@@ -3,8 +3,3 @@ QA output created by 550
Verifying ciphertext with parameters:
contents_encryption_mode: Adiantum
filenames_encryption_mode: Adiantum
-
-Verifying ciphertext with parameters:
- contents_encryption_mode: Adiantum
- filenames_encryption_mode: Adiantum
- options: direct
diff --git a/tests/generic/584 b/tests/generic/584
index adafec6a..ec03908b 100755
--- a/tests/generic/584
+++ b/tests/generic/584
@@ -19,9 +19,7 @@ _begin_fstest auto quick encrypt
# real QA test starts here
_supported_fs generic
-# Test both with and without the DIRECT_KEY flag.
_verify_ciphertext_for_encryption_policy Adiantum Adiantum v2
-_verify_ciphertext_for_encryption_policy Adiantum Adiantum v2 direct
# success, all done
status=0
diff --git a/tests/generic/584.out b/tests/generic/584.out
index 946c5f0a..2a5fc053 100644
--- a/tests/generic/584.out
+++ b/tests/generic/584.out
@@ -4,8 +4,3 @@ Verifying ciphertext with parameters:
contents_encryption_mode: Adiantum
filenames_encryption_mode: Adiantum
options: v2
-
-Verifying ciphertext with parameters:
- contents_encryption_mode: Adiantum
- filenames_encryption_mode: Adiantum
- options: v2 direct
diff --git a/tests/generic/720 b/tests/generic/720
new file mode 100755
index 00000000..5072d3ab
--- /dev/null
+++ b/tests/generic/720
@@ -0,0 +1,26 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright 2019 Google LLC
+#
+# FS QA Test No. 720
+#
+# Verify ciphertext for v2 encryption policies that use Adiantum to encrypt file
+# contents and file names.
+#
+# This is the same as generic/584, except using direct policy
+#
+. ./common/preamble
+_begin_fstest auto quick encrypt
+
+# Import common functions.
+. ./common/filter
+. ./common/encrypt
+
+# real QA test starts here
+_supported_fs generic
+
+_verify_ciphertext_for_encryption_policy Adiantum Adiantum v2 direct
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/720.out b/tests/generic/720.out
new file mode 100644
index 00000000..0b0d82f8
--- /dev/null
+++ b/tests/generic/720.out
@@ -0,0 +1,6 @@
+QA output created by 720
+
+Verifying ciphertext with parameters:
+ contents_encryption_mode: Adiantum
+ filenames_encryption_mode: Adiantum
+ options: v2 direct
diff --git a/tests/generic/721 b/tests/generic/721
new file mode 100755
index 00000000..98f2e6f9
--- /dev/null
+++ b/tests/generic/721
@@ -0,0 +1,26 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright 2019 Google LLC
+#
+# FS QA Test No. 550
+#
+# Verify ciphertext for v1 encryption policies that use Adiantum to encrypt file
+# contents and file names.
+# This is the same as generic/550, except with direct keys.
+#
+. ./common/preamble
+_begin_fstest auto quick encrypt
+
+# Import common functions.
+. ./common/filter
+. ./common/encrypt
+
+# real QA test starts here
+_supported_fs generic
+
+_verify_ciphertext_for_encryption_policy Adiantum Adiantum direct
+
+# success, all done
+status=0
+exit
+
diff --git a/tests/generic/721.out b/tests/generic/721.out
new file mode 100644
index 00000000..018c4666
--- /dev/null
+++ b/tests/generic/721.out
@@ -0,0 +1,6 @@
+QA output created by 721
+
+Verifying ciphertext with parameters:
+ contents_encryption_mode: Adiantum
+ filenames_encryption_mode: Adiantum
+ options: direct
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] fstests: fscrypt: enable btrfs testing.
2022-09-06 0:31 ` [PATCH 1/2] fstests: fscrypt: enable btrfs testing Sweet Tea Dorminy
@ 2022-09-07 9:02 ` Zorro Lang
0 siblings, 0 replies; 5+ messages in thread
From: Zorro Lang @ 2022-09-07 9:02 UTC (permalink / raw)
To: Sweet Tea Dorminy; +Cc: fstests, linux-fscrypt, linux-btrfs, kernel-team
On Mon, Sep 05, 2022 at 08:31:37PM -0400, Sweet Tea Dorminy wrote:
> btrfs' fscrypt integration has more stringent requirements than other
> filesystems using fscrypt: the default policy is not permitted.
>
> To make many pass, this adds several common pieces:
> - _set_encpolicy tries to automatically use a direct-key Adiantum policy
> for btrfs, if none is set.
> - for many tests using a default policy, a filter is applied to make
> default policy for most FS's, or Adiantum for btrfs, work.
> - _scratch_mkfs_sized_encrypted can deal with btrfs
>
> These pieces are used in tests to make most generic tests work with
> btrfs, and a new test is added resembling generic/395 to account for
> btrfs' directory policy.
>
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> ---
> common/encrypt | 72 +++++++++++++++++++++++++++++++++++-
> common/verity | 2 +-
> tests/btrfs/298 | 85 +++++++++++++++++++++++++++++++++++++++++++
> tests/btrfs/298.out | 47 ++++++++++++++++++++++++
> tests/generic/395 | 10 +++--
> tests/generic/395.out | 18 ++++-----
> tests/generic/435 | 10 ++++-
> tests/generic/576 | 3 +-
> tests/generic/576.out | 6 +--
> tests/generic/580 | 5 ++-
> tests/generic/580.out | 18 ++++-----
> tests/generic/581 | 4 +-
> tests/generic/581.out | 12 +++---
> 13 files changed, 252 insertions(+), 40 deletions(-)
> create mode 100755 tests/btrfs/298
> create mode 100644 tests/btrfs/298.out
>
> diff --git a/common/encrypt b/common/encrypt
> index 8f3c46f6..c2e3e6f6 100644
> --- a/common/encrypt
> +++ b/common/encrypt
> @@ -102,7 +102,7 @@ _require_encryption_policy_support()
> _scratch_unmount
> _scratch_mkfs_stable_inodes_encrypted &>> $seqres.full
> _scratch_mount
> - fi
> + fi;
Is this change fix something wrong?
>
> mkdir $dir
> if (( policy_version > 1 )); then
> @@ -146,7 +146,7 @@ _require_encryption_policy_support()
> _scratch_mkfs_encrypted()
> {
> case $FSTYP in
> - ext4|f2fs)
> + btrfs|ext4|f2fs)
> _scratch_mkfs -O encrypt
> ;;
> ubifs)
> @@ -165,6 +165,9 @@ _scratch_mkfs_sized_encrypted()
> ext4|f2fs)
> MKFS_OPTIONS="$MKFS_OPTIONS -O encrypt" _scratch_mkfs_sized $*
> ;;
> + btrfs)
> + _scratch_mkfs_sized $*
Why not change like above _scratch_mkfs_encrypted, why btrfs doesn't need
"-O encrypt" this time?
> + ;;
> *)
> _notrun "Filesystem $FSTYP not supported in _scratch_mkfs_sized_encrypted"
> ;;
> @@ -356,6 +359,18 @@ _set_encpolicy()
> {
> local dir=$1
> shift
> + if [ "$FSTYP" = "btrfs" ]; then
> + # Append DIRECT_KEY flag, and set mode to Adiantum, if not set.
> + if ! [[ "$*" =~ -f ]]; then
> + set -- "$* -f ${FSCRYPT_POLICY_FLAG_DIRECT_KEY}"
I'm not familiar with this xfs_io "set_encpolicy", can this really *append* a
flag? If there's a "-f xxx" in "$*", won't your later one replace it? (same
question for below)
And could you explain why btrfs must need this specific handling in common
helper? Why not write it in cases which need that, due to you write as this
means it's always necessary for btrfs.
> + fi
> + if ! [[ "$*" =~ -c ]]; then
> + set -- "$* -c ${FSCRYPT_MODE_ADIANTUM}"
> + fi
> + if ! [[ "$*" =~ -n ]]; then
> + set -- "$* -n ${FSCRYPT_MODE_ADIANTUM}"
> + fi
> + fi
>
> $XFS_IO_PROG -c "set_encpolicy $*" "$dir"
> }
> @@ -364,6 +379,18 @@ _user_do_set_encpolicy()
> {
> local dir=$1
> shift
> + if [ "$FSTYP" = "btrfs" ]; then
Bad indent
> + # Append DIRECT_KEY flag, and set mode to Adiantum, if not set.
> + if ! [[ "$*" =~ -f ]]; then
> + set -- "$* -f ${FSCRYPT_POLICY_FLAG_DIRECT_KEY}"
> + fi
> + if ! [[ "$*" =~ -c ]]; then
> + set -- "$* -c ${FSCRYPT_MODE_ADIANTUM}"
> + fi
> + if ! [[ "$*" =~ -n ]]; then
> + set -- "$* -n ${FSCRYPT_MODE_ADIANTUM}"
> + fi
> + fi
>
> _user_do "$XFS_IO_PROG -c \"set_encpolicy $*\" \"$dir\""
> }
> @@ -491,6 +518,18 @@ _get_encryption_nonce()
> local inode=$2
>
> case $FSTYP in
> + btrfs)
> + # btrfs prints the fscrypt_context like:
> + #
> + # item 18 key (258 FSCRYPT_CTXT_ITEM 0) itemoff 15218 itemsize 40
> + # value: 0201042000000000000000000000000000000000000000007907c9718128b82caebfa42e881b0163
> + #
> + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
> + grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \
> + awk '/value: [[:xdigit:]]+$/ {
> + print substr($0, length($0) - 31, 32);
> + }'
> + ;;
> ext4)
> # Use debugfs to dump the special xattr named "c", which is the
> # file's fscrypt_context. This produces a line like:
> @@ -539,6 +578,9 @@ _require_get_encryption_nonce_support()
> {
> echo "Checking for _get_encryption_nonce() support for $FSTYP" >> $seqres.full
> case $FSTYP in
> + btrfs)
> + _require_command "$BTRFS_UTIL_PROG" btrfs
> + ;;
> ext4)
> _require_command "$DEBUGFS_PROG" debugfs
> ;;
> @@ -888,6 +930,11 @@ _verify_ciphertext_for_encryption_policy()
> if (( policy_version > 1 )); then
> set_encpolicy_args+=" -v 2"
> crypt_util_args+=" --kdf=HKDF-SHA512"
> + if [ "$FSTYP" = "btrfs" ]; then
> + if (( policy_flags == 0 )); then
> + _notrun "Btrfs does not accept default policies"
> + fi
> + fi
> if (( policy_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY )); then
> crypt_util_args+=" --direct-key"
> elif (( policy_flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 )); then
> @@ -1001,3 +1048,24 @@ _filter_nokey_filenames()
> # of characters that have ever been used in such names.
> sed "s|${dir}${dir:+/}[A-Za-z0-9+,_-]\+|${dir}${dir:+/}NOKEY_NAME|g"
> }
> +
> +# Replace the default encryption mode for a filesystem with "DEFAULT".
> +_filter_default_encryption_mode()
> +{
> + CONTENTS_PREFIX="Contents encryption mode:"
> + DEFAULT_CONTENTS_MODE="1 (AES-256-XTS)"
> + FILENAME_PREFIX="Filenames encryption mode:"
> + DEFAULT_FILENAME_MODE="4 (AES-256-CTS)"
> + DEFAULT_FLAGS="Flags: 0x02"
> +
> + if [ "$FSTYP" = "btrfs" ]; then
> + DEFAULT_CONTENTS_MODE="9 (Adiantum)"
> + DEFAULT_FILENAME_MODE="9 (Adiantum)"
> + DEFAULT_FLAGS="Flags: 0x04"
> + fi
> +
> + sed "s/$CONTENTS_PREFIX $DEFAULT_CONTENTS_MODE/$CONTENTS_PREFIX DEFAULT/" | \
> + sed "s/$FILENAME_PREFIX $DEFAULT_FILENAME_MODE/$FILENAME_PREFIX DEFAULT/" | \
> + sed "s/$DEFAULT_FLAGS/Flags: DEFAULT/"
> +}
> +
> diff --git a/common/verity b/common/verity
> index cb7fa333..82a4ff90 100644
> --- a/common/verity
> +++ b/common/verity
> @@ -178,7 +178,7 @@ _scratch_mkfs_verity()
> _scratch_mkfs_encrypted_verity()
> {
> case $FSTYP in
> - ext4)
> + ext4|btrfs)
> _scratch_mkfs -O encrypt,verity
> ;;
> f2fs)
> diff --git a/tests/btrfs/298 b/tests/btrfs/298
> new file mode 100755
> index 00000000..ff97fd87
> --- /dev/null
> +++ b/tests/btrfs/298
> @@ -0,0 +1,85 @@
> +#! /bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +# Copyright (c) 2016 Google, Inc. All Rights Reserved.
It's 2022 now
> +#
> +# FS QA Test No. 298
> +#
> +# Test setting and getting encryption policies. Like generic/395, but allows
> +# setting encryption policy on a nonempty directory.
> +#
> +. ./common/preamble
> +_begin_fstest auto quick encrypt
> +
> +# Import common functions.
> +. ./common/filter
> +. ./common/encrypt
> +
> +# real QA test starts here
> +_supported_fs generic
But you named this file as tests/btrfs/298. I'm wondering is there any reason
cause this case can't be a generic case?
I tried to compare with generic/395, looks like you write a separate case because
btrfs "Should be able to set an encryption policy on a nonempty directory", that
might cause a different .out output. If so, why not call *_link_out_file* in
generic/395, to use a different .out file for btrfs?
> +_require_scratch_encryption
> +_require_xfs_io_command "get_encpolicy"
> +_require_user
> +
> +_scratch_mkfs_encrypted &>> $seqres.full
> +_scratch_mount
> +
> +# Should be able to set an encryption policy on an empty directory
> +empty_dir=$SCRATCH_MNT/empty_dir
> +echo -e "\n*** Setting encryption policy on empty directory ***"
> +mkdir $empty_dir
> +_get_encpolicy $empty_dir |& _filter_scratch
> +_set_encpolicy $empty_dir 0000111122223333
> +_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
> +
> +# Should be able to set the same policy again, but not a different one.
> +echo -e "\n*** Setting encryption policy again ***"
> +_set_encpolicy $empty_dir 0000111122223333
> +_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
> +_set_encpolicy $empty_dir 4444555566667777 |& _filter_scratch
> +_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
> +
> +# Should be able to set an encryption policy on a nonempty directory
> +nonempty_dir=$SCRATCH_MNT/nonempty_dir
> +echo -e "\n*** Setting encryption policy on nonempty directory ***"
> +mkdir $nonempty_dir
> +touch $nonempty_dir/file
> +_set_encpolicy $nonempty_dir | _filter_scratch
> +_get_encpolicy $nonempty_dir | _filter_scratch
> +
> +# Should *not* be able to set an encryption policy on a nondirectory file, even
> +# an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting
> +# encryption policy on directories".
> +nondirectory=$SCRATCH_MNT/nondirectory
> +echo -e "\n*** Setting encryption policy on nondirectory ***"
> +touch $nondirectory
> +_set_encpolicy $nondirectory |& _filter_scratch
> +_get_encpolicy $nondirectory |& _filter_scratch
> +
> +# Should *not* be able to set an encryption policy on another user's directory.
> +# Regression test for 163ae1c6ad62: "fscrypto: add authorization check for
> +# setting encryption policy".
> +unauthorized_dir=$SCRATCH_MNT/unauthorized_dir
> +echo -e "\n*** Setting encryption policy on another user's directory ***"
> +mkdir $unauthorized_dir
> +_user_do_set_encpolicy $unauthorized_dir |& _filter_scratch
> +_get_encpolicy $unauthorized_dir |& _filter_scratch
> +
> +# Should *not* be able to set an encryption policy on a directory on a
> +# filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto:
> +# require write access to mount to set encryption policy". Test both a regular
> +# readonly filesystem and a readonly bind mount of a read-write filesystem.
> +echo -e "\n*** Setting encryption policy on readonly filesystem ***"
> +mkdir $SCRATCH_MNT/ro_dir $SCRATCH_MNT/ro_bind_mnt
> +_scratch_remount ro
> +_set_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
> +_get_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
> +_scratch_remount rw
> +mount --bind $SCRATCH_MNT $SCRATCH_MNT/ro_bind_mnt
> +mount -o remount,ro,bind $SCRATCH_MNT/ro_bind_mnt
> +_set_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
> +_get_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
> +umount $SCRATCH_MNT/ro_bind_mnt
> +
> +# success, all done
> +status=0
> +exit
> diff --git a/tests/btrfs/298.out b/tests/btrfs/298.out
> new file mode 100644
> index 00000000..5e311d3c
> --- /dev/null
> +++ b/tests/btrfs/298.out
> @@ -0,0 +1,47 @@
> +QA output created by 298
> +
> +*** Setting encryption policy on empty directory ***
> +SCRATCH_MNT/empty_dir: failed to get encryption policy: No data available
> +Encryption policy for SCRATCH_MNT/empty_dir:
> + Policy version: 0
> + Master key descriptor: 0000111122223333
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> +
> +*** Setting encryption policy again ***
> +Encryption policy for SCRATCH_MNT/empty_dir:
> + Policy version: 0
> + Master key descriptor: 0000111122223333
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> +SCRATCH_MNT/empty_dir: failed to set encryption policy: File exists
> +Encryption policy for SCRATCH_MNT/empty_dir:
> + Policy version: 0
> + Master key descriptor: 0000111122223333
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> +
> +*** Setting encryption policy on nonempty directory ***
> +Encryption policy for SCRATCH_MNT/nonempty_dir:
> + Policy version: 0
> + Master key descriptor: 0000000000000000
> + Contents encryption mode: 9 (Adiantum)
> + Filenames encryption mode: 9 (Adiantum)
> + Flags: 0x04
> +
> +*** Setting encryption policy on nondirectory ***
> +SCRATCH_MNT/nondirectory: failed to set encryption policy: Not a directory
> +SCRATCH_MNT/nondirectory: failed to get encryption policy: No data available
> +
> +*** Setting encryption policy on another user's directory ***
> +Permission denied
> +SCRATCH_MNT/unauthorized_dir: failed to get encryption policy: No data available
> +
> +*** Setting encryption policy on readonly filesystem ***
> +SCRATCH_MNT/ro_dir: failed to set encryption policy: Read-only file system
> +SCRATCH_MNT/ro_dir: failed to get encryption policy: No data available
> +SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to set encryption policy: Read-only file system
> +SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to get encryption policy: No data available
> diff --git a/tests/generic/395 b/tests/generic/395
> index ab2ad612..d08544dc 100755
> --- a/tests/generic/395
> +++ b/tests/generic/395
> @@ -22,20 +22,24 @@ _require_user
> _scratch_mkfs_encrypted &>> $seqres.full
> _scratch_mount
>
> +if [ "$FSTYP" = "btrfs" ]; then
> + _notrun "Btrfs has a different non-empty directory policy"
> +fi
> +
> # Should be able to set an encryption policy on an empty directory
> empty_dir=$SCRATCH_MNT/empty_dir
> echo -e "\n*** Setting encryption policy on empty directory ***"
> mkdir $empty_dir
> _get_encpolicy $empty_dir |& _filter_scratch
> _set_encpolicy $empty_dir 0000111122223333
> -_get_encpolicy $empty_dir | _filter_scratch
> +_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
Hmm... I think this single patch has too many different kind of changes, how
about split it to several patches, to help us to review it easily? Likes:
1) The 1st patch helps common helpers to support btrfs.
2) The 2nd patch brings in this _filter_default_encryption_mode helper.
3) The 3rd patch copy generic/395 to a new one, or use _link_out_file to help
it support btrfs.
Thanks,
Zorro
>
> # Should be able to set the same policy again, but not a different one.
> echo -e "\n*** Setting encryption policy again ***"
> _set_encpolicy $empty_dir 0000111122223333
> -_get_encpolicy $empty_dir | _filter_scratch
> +_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
> _set_encpolicy $empty_dir 4444555566667777 |& _filter_scratch
> -_get_encpolicy $empty_dir | _filter_scratch
> +_get_encpolicy $empty_dir | _filter_scratch | _filter_default_encryption_mode
>
> # Should *not* be able to set an encryption policy on a nonempty directory
> nonempty_dir=$SCRATCH_MNT/nonempty_dir
> diff --git a/tests/generic/395.out b/tests/generic/395.out
> index 2c55d7a9..541cab50 100644
> --- a/tests/generic/395.out
> +++ b/tests/generic/395.out
> @@ -5,24 +5,24 @@ SCRATCH_MNT/empty_dir: failed to get encryption policy: No data available
> Encryption policy for SCRATCH_MNT/empty_dir:
> Policy version: 0
> Master key descriptor: 0000111122223333
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
>
> *** Setting encryption policy again ***
> Encryption policy for SCRATCH_MNT/empty_dir:
> Policy version: 0
> Master key descriptor: 0000111122223333
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> SCRATCH_MNT/empty_dir: failed to set encryption policy: File exists
> Encryption policy for SCRATCH_MNT/empty_dir:
> Policy version: 0
> Master key descriptor: 0000111122223333
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
>
> *** Setting encryption policy on nonempty directory ***
> SCRATCH_MNT/nonempty_dir: failed to set encryption policy: Directory not empty
> diff --git a/tests/generic/435 b/tests/generic/435
> index bb1cbb62..374e2a29 100755
> --- a/tests/generic/435
> +++ b/tests/generic/435
> @@ -27,6 +27,13 @@ _supported_fs generic
> _require_scratch_encryption
> _require_command "$KEYCTL_PROG" keyctl
>
> +# -f 0x2: zero-pad to 16-byte boundary (i.e. encryption block boundary)
> +FLAGS_NEEDED=0x2
> +if [ "$FSTYP" = "btrfs" ]; then
> + # btrfs must use a direct key policy
> + FLAGS_NEEDED=0x6
> +fi
> +
> # set up an encrypted directory
>
> _init_session_keyring
> @@ -34,8 +41,7 @@ _scratch_mkfs_encrypted &>> $seqres.full
> _scratch_mount
> mkdir $SCRATCH_MNT/edir
> keydesc=$(_generate_session_encryption_key)
> -# -f 0x2: zero-pad to 16-byte boundary (i.e. encryption block boundary)
> -_set_encpolicy $SCRATCH_MNT/edir $keydesc -f 0x2
> +_set_encpolicy $SCRATCH_MNT/edir $keydesc -f $FLAGS_NEEDED
>
> # Create files with long names (> 32 bytes, long enough to trigger the use of
> # "digested" names) in the encrypted directory.
> diff --git a/tests/generic/576 b/tests/generic/576
> index c8862de2..fbd72f8c 100755
> --- a/tests/generic/576
> +++ b/tests/generic/576
> @@ -51,7 +51,8 @@ cp $fsv_orig_file $fsv_file
> _fsv_enable $fsv_file
> echo
> $XFS_IO_PROG -r -c "get_encpolicy" $fsv_file | _filter_scratch \
> - | sed 's/Master key descriptor:.*/Master key descriptor: 0000000000000000/'
> + | sed 's/Master key descriptor:.*/Master key descriptor: 0000000000000000/' \
> + | _filter_default_encryption_mode
> echo
>
> # Verify that the file contents are as expected. This should be going through
> diff --git a/tests/generic/576.out b/tests/generic/576.out
> index cd8527b9..3d875b62 100644
> --- a/tests/generic/576.out
> +++ b/tests/generic/576.out
> @@ -3,9 +3,9 @@ QA output created by 576
> Encryption policy for SCRATCH_MNT/edir/file.fsv:
> Policy version: 0
> Master key descriptor: 0000000000000000
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
>
> Files matched
> Files matched
> diff --git a/tests/generic/580 b/tests/generic/580
> index 73f32ff9..8faa0dc2 100755
> --- a/tests/generic/580
> +++ b/tests/generic/580
> @@ -39,10 +39,11 @@ test_with_policy_version()
> echo "# Setting v$vers encryption policy"
> _set_encpolicy $dir $keyspec
> echo "# Getting v$vers encryption policy"
> - _get_encpolicy $dir | _filter_scratch
> + _get_encpolicy $dir | _filter_scratch | _filter_default_encryption_mode
> if (( vers == 1 )); then
> echo "# Getting v1 encryption policy using old ioctl"
> - _get_encpolicy $dir -1 | _filter_scratch
> + _get_encpolicy $dir -1 | _filter_scratch | \
> + _filter_default_encryption_mode
> fi
> echo "# Trying to create file without key added yet"
> $XFS_IO_PROG -f $dir/file |& _filter_scratch
> diff --git a/tests/generic/580.out b/tests/generic/580.out
> index 989d4514..0c930827 100644
> --- a/tests/generic/580.out
> +++ b/tests/generic/580.out
> @@ -5,16 +5,16 @@ QA output created by 580
> Encryption policy for SCRATCH_MNT/dir:
> Policy version: 0
> Master key descriptor: 0000111122223333
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> # Getting v1 encryption policy using old ioctl
> Encryption policy for SCRATCH_MNT/dir:
> Policy version: 0
> Master key descriptor: 0000111122223333
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> # Trying to create file without key added yet
> SCRATCH_MNT/dir/file: Required key not available
> # Getting encryption key status
> @@ -52,9 +52,9 @@ cat: SCRATCH_MNT/dir/file: No such file or directory
> Encryption policy for SCRATCH_MNT/dir:
> Policy version: 2
> Master key identifier: 69b2f6edeee720cce0577937eb8a6751
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> # Trying to create file without key added yet
> SCRATCH_MNT/dir/file: Required key not available
> # Getting encryption key status
> diff --git a/tests/generic/581 b/tests/generic/581
> index cabc7e1c..b2659b66 100755
> --- a/tests/generic/581
> +++ b/tests/generic/581
> @@ -52,7 +52,7 @@ echo "# Setting v1 policy as regular user (should succeed)"
> _user_do_set_encpolicy $dir $keydesc
>
> echo "# Getting v1 policy as regular user (should succeed)"
> -_user_do_get_encpolicy $dir | _filter_scratch
> +_user_do_get_encpolicy $dir | _filter_scratch | _filter_default_encryption_mode
>
> echo "# Adding v1 policy key as regular user (should fail with EACCES)"
> _user_do_add_enckey $SCRATCH_MNT "$raw_key" -d $keydesc
> @@ -71,7 +71,7 @@ echo "# Setting v2 policy as regular user with key added (should succeed)"
> _user_do_set_encpolicy $dir $keyid
>
> echo "# Getting v2 policy as regular user (should succeed)"
> -_user_do_get_encpolicy $dir | _filter_scratch
> +_user_do_get_encpolicy $dir | _filter_scratch | _filter_default_encryption_mode
>
> echo "# Creating encrypted file as regular user (should succeed)"
> _user_do "echo contents > $dir/file"
> diff --git a/tests/generic/581.out b/tests/generic/581.out
> index b3f7d889..544f7579 100644
> --- a/tests/generic/581.out
> +++ b/tests/generic/581.out
> @@ -5,9 +5,9 @@ QA output created by 581
> Encryption policy for SCRATCH_MNT/dir:
> Policy version: 0
> Master key descriptor: 0000111122223333
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> # Adding v1 policy key as regular user (should fail with EACCES)
> Permission denied
>
> @@ -20,9 +20,9 @@ Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751
> Encryption policy for SCRATCH_MNT/dir:
> Policy version: 2
> Master key identifier: 69b2f6edeee720cce0577937eb8a6751
> - Contents encryption mode: 1 (AES-256-XTS)
> - Filenames encryption mode: 4 (AES-256-CTS)
> - Flags: 0x02
> + Contents encryption mode: DEFAULT
> + Filenames encryption mode: DEFAULT
> + Flags: DEFAULT
> # Creating encrypted file as regular user (should succeed)
> # Removing v2 policy key as regular user (should succeed)
> Removed encryption key with identifier 69b2f6edeee720cce0577937eb8a6751
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] fstests: fscrypt: enable btrfs testing.
2022-08-17 14:45 [PATCH 0/2] fstests: add btrfs encryption support Sweet Tea Dorminy
@ 2022-08-17 14:45 ` Sweet Tea Dorminy
0 siblings, 0 replies; 5+ messages in thread
From: Sweet Tea Dorminy @ 2022-08-17 14:45 UTC (permalink / raw)
To: fstests, linux-fscrypt, linux-btrfs, kernel-team; +Cc: Sweet Tea Dorminy
btrfs' fscrypt integration has more stringent requirements than other
filesystems using fscrypt: only v2 policies are permitted, and v2
policies must use the FSCRYPT_FLAG_IV_FROM_FS flag. This makes most
existing fscrypt tests fail, as they use v1 policies.
To make at least a few pass, this adds several common pieces:
- _set_encpolicy tries to automatically add -v 2 and -f 32 for btrfs,
if no explicit -v and -f (respectively) option is set
- _require_scratch_encryption updates default policy version for btrfs,
and checks that only the relevant flag is set
- _scratch_mkfs_sized_encrypted can deal with btrfs
These pieces are used in tests to make most generic tests work with
btrfs, although some tests of both v1 and v2 policies still need to be
split.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
common/encrypt | 117 +++++++++++++++++++++++++++++++++++++++++++-
common/verity | 2 +-
tests/btrfs/298 | 85 ++++++++++++++++++++++++++++++++
tests/btrfs/298.out | 34 +++++++++++++
tests/btrfs/299 | 68 +++++++++++++++++++++++++
tests/btrfs/299.out | 4 ++
tests/generic/395 | 2 +-
tests/generic/397 | 8 +--
tests/generic/398 | 12 +++--
tests/generic/399 | 7 +--
tests/generic/419 | 7 +--
tests/generic/421 | 7 +--
tests/generic/429 | 2 +-
tests/generic/435 | 2 +-
tests/generic/440 | 2 +-
tests/generic/576 | 7 +--
tests/generic/580 | 1 +
tests/generic/581 | 1 +
tests/generic/593 | 1 +
tests/generic/613 | 1 +
20 files changed, 344 insertions(+), 26 deletions(-)
create mode 100755 tests/btrfs/298
create mode 100644 tests/btrfs/298.out
create mode 100755 tests/btrfs/299
create mode 100644 tests/btrfs/299.out
diff --git a/common/encrypt b/common/encrypt
index 8f3c46f6..b011c3e8 100644
--- a/common/encrypt
+++ b/common/encrypt
@@ -73,6 +73,10 @@ _require_encryption_policy_support()
local policy_version=1
local c
+ if [ "$FSTYP" = "btrfs" ]; then
+ policy_version=2
+ fi
+
OPTIND=2
while getopts "c:n:f:v:" c; do
case $c in
@@ -102,6 +106,12 @@ _require_encryption_policy_support()
_scratch_unmount
_scratch_mkfs_stable_inodes_encrypted &>> $seqres.full
_scratch_mount
+ fi;
+
+ if [ "$FSTYP" = "btrfs" ]; then
+ if (( policy_flags & ~FSCRYPT_POLICY_FLAG_IV_FROM_FS )); then
+ _fail "Btrfs accepts policy flags of IV_FROM_FS only"
+ fi
fi
mkdir $dir
@@ -146,7 +156,7 @@ _require_encryption_policy_support()
_scratch_mkfs_encrypted()
{
case $FSTYP in
- ext4|f2fs)
+ btrfs|ext4|f2fs)
_scratch_mkfs -O encrypt
;;
ubifs)
@@ -165,6 +175,9 @@ _scratch_mkfs_sized_encrypted()
ext4|f2fs)
MKFS_OPTIONS="$MKFS_OPTIONS -O encrypt" _scratch_mkfs_sized $*
;;
+ btrfs)
+ _scratch_mkfs_sized $*
+ ;;
*)
_notrun "Filesystem $FSTYP not supported in _scratch_mkfs_sized_encrypted"
;;
@@ -225,6 +238,57 @@ _check_session_keyring()
fi
}
+# Set up to use default-policy keys.
+_initialize_default_policy()
+{
+ if ! [ "$FSTYP" = "btrfs" ]; then
+ _init_session_keyring
+ fi
+}
+
+# Add a key with the default-policy.
+_add_default_policy_key()
+{
+ if [ "$FSTYP" = "btrfs" ]; then
+ _add_enckey $SCRATCH_MNT "$*" | awk '{print $NF}'
+ else
+ local keydesc=$(_generate_key_descriptor)
+ _add_session_encryption_key $keydesc $*
+ echo $keydesc
+ fi
+}
+
+# Unlink a default-type key
+_unlink_default_policy_key()
+{
+ if [ "$FSTYP" = "btrfs" ]; then
+ _rm_enckey $SCRATCH_MNT $*
+ else
+ _unlink_session_encryption_key $*
+ fi
+}
+
+# Revoke a default-type key
+_revoke_default_policy_key()
+{
+ if [ "$FSTYP" = "btrfs" ]; then
+ _rm_enckey $SCRATCH_MNT $*
+ else
+ _revoke_session_encryption_key $*
+ fi
+}
+
+# Give the invoking shell a new session keyring. This makes any keys we add to
+# the session keyring scoped to the lifetime of the test script.
+_new_session_keyring()
+{
+ if [ "$FSTYP" = "btrfs" ]; then
+ _notrun "not suitable for this filesystem type: btrfs"
+ fi
+
+ $KEYCTL_PROG new_session >>$seqres.full
+}
+
# Generate a key descriptor (16 character hex string)
_generate_key_descriptor()
{
@@ -357,6 +421,19 @@ _set_encpolicy()
local dir=$1
shift
+ if [ "$FSTYP" = "btrfs" ]; then
+ # Append -v 2 and the necessary IV_FROM_FS flag if -v or -f
+ # isn't set.
+ if ! [[ "$*" =~ -v ]]; then
+ set -- "$* -v 2"
+ fi
+
+ versionmatcher="-v 2"
+ if [[ "$*" =~ $versionmatcher ]] && ! [[ "$*" =~ -f ]]; then
+ set -- "$* -f 32"
+ fi
+ fi
+
$XFS_IO_PROG -c "set_encpolicy $*" "$dir"
}
@@ -364,6 +441,18 @@ _user_do_set_encpolicy()
{
local dir=$1
shift
+ if [ "$FSTYP" = "btrfs" ]; then
+ # Append -v 2 and the necessary IV_FROM_FS flag if -v or -f
+ # isn't set.
+ if ! [[ "$*" =~ -v ]]; then
+ set -- "$* -v 2"
+ fi
+
+ versionmatcher="-v 2"
+ if [[ "$*" =~ $versionmatcher ]] && ! [[ "$*" =~ -f ]]; then
+ set -- "$* -f 32"
+ fi
+ fi
_user_do "$XFS_IO_PROG -c \"set_encpolicy $*\" \"$dir\""
}
@@ -491,6 +580,18 @@ _get_encryption_nonce()
local inode=$2
case $FSTYP in
+ btrfs)
+ # btrfs prints the fscrypt_context like:
+ #
+ # item 18 key (258 FSCRYPT_CTXT_ITEM 0) itemoff 15218 itemsize 40
+ # value: 0201042000000000000000000000000000000000000000007907c9718128b82caebfa42e881b0163
+ #
+ $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+ grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \
+ awk '/value: [[:xdigit:]]+$/ {
+ print substr($0, length($0) - 31, 32);
+ }'
+ ;;
ext4)
# Use debugfs to dump the special xattr named "c", which is the
# file's fscrypt_context. This produces a line like:
@@ -539,6 +640,9 @@ _require_get_encryption_nonce_support()
{
echo "Checking for _get_encryption_nonce() support for $FSTYP" >> $seqres.full
case $FSTYP in
+ btrfs)
+ _require_command "$BTRFS_UTIL_PROG" btrfs
+ ;;
ext4)
_require_command "$DEBUGFS_PROG" debugfs
;;
@@ -810,6 +914,7 @@ FSCRYPT_MODE_ADIANTUM=9
FSCRYPT_POLICY_FLAG_DIRECT_KEY=0x04
FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64=0x08
FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32=0x10
+FSCRYPT_POLICY_FLAG_IV_FROM_FS=0x20
FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR=1
FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER=2
@@ -853,6 +958,10 @@ _verify_ciphertext_for_encryption_policy()
local crypt_util_filename_args=""
local expected_identifier
+ if [ "$FSTYP" = "btrfs" ]; then
+ policy_version = 2
+ fi
+
shift 2
for opt; do
case "$opt" in
@@ -888,6 +997,12 @@ _verify_ciphertext_for_encryption_policy()
if (( policy_version > 1 )); then
set_encpolicy_args+=" -v 2"
crypt_util_args+=" --kdf=HKDF-SHA512"
+ if [ "$FSTYP" = "btrfs" ]; then
+ if (( policy_flags & ~FSCRYPT_POLICY_FLAG_IV_FROM_FS )); then
+ _fail "Btrfs accepts policy flags of IV_FROM_FS only"
+ fi
+ policy_flags |= FSCRYPT_POLICY_FLAG_IV_FROM_FS
+ fi
if (( policy_flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY )); then
crypt_util_args+=" --direct-key"
elif (( policy_flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 )); then
diff --git a/common/verity b/common/verity
index cb7fa333..82a4ff90 100644
--- a/common/verity
+++ b/common/verity
@@ -178,7 +178,7 @@ _scratch_mkfs_verity()
_scratch_mkfs_encrypted_verity()
{
case $FSTYP in
- ext4)
+ ext4|btrfs)
_scratch_mkfs -O encrypt,verity
;;
f2fs)
diff --git a/tests/btrfs/298 b/tests/btrfs/298
new file mode 100755
index 00000000..2b03148e
--- /dev/null
+++ b/tests/btrfs/298
@@ -0,0 +1,85 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (c) 2016 Google, Inc. All Rights Reserved.
+#
+# FS QA Test No. 298
+#
+# Test setting and getting encryption policies. Like generic/395, but allows
+# setting encryption policy on a nonempty directory.
+#
+. ./common/preamble
+_begin_fstest auto quick encrypt
+
+# Import common functions.
+. ./common/filter
+. ./common/encrypt
+
+# real QA test starts here
+_supported_fs generic
+_require_scratch_encryption
+_require_xfs_io_command "get_encpolicy"
+_require_user
+
+_scratch_mkfs_encrypted &>> $seqres.full
+_scratch_mount
+
+# Should be able to set an encryption policy on an empty directory
+empty_dir=$SCRATCH_MNT/empty_dir
+echo -e "\n*** Setting encryption policy on empty directory ***"
+mkdir $empty_dir
+_get_encpolicy $empty_dir |& _filter_scratch
+_set_encpolicy $empty_dir 0000111122223333
+_get_encpolicy $empty_dir | _filter_scratch
+
+# Should be able to set the same policy again, but not a different one.
+echo -e "\n*** Setting encryption policy again ***"
+_set_encpolicy $empty_dir 0000111122223333
+_get_encpolicy $empty_dir | _filter_scratch
+_set_encpolicy $empty_dir 4444555566667777 |& _filter_scratch
+_get_encpolicy $empty_dir | _filter_scratch
+
+# Should be able to set an encryption policy on a nonempty directory
+nonempty_dir=$SCRATCH_MNT/nonempty_dir
+echo -e "\n*** Setting encryption policy on nonempty directory ***"
+mkdir $nonempty_dir
+touch $nonempty_dir/file
+_set_encpolicy $nonempty_dir |& _filter_scratch
+_get_encpolicy $nonempty_dir |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on a nondirectory file, even
+# an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting
+# encryption policy on directories".
+nondirectory=$SCRATCH_MNT/nondirectory
+echo -e "\n*** Setting encryption policy on nondirectory ***"
+touch $nondirectory
+_set_encpolicy $nondirectory |& _filter_scratch
+_get_encpolicy $nondirectory |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on another user's directory.
+# Regression test for 163ae1c6ad62: "fscrypto: add authorization check for
+# setting encryption policy".
+unauthorized_dir=$SCRATCH_MNT/unauthorized_dir
+echo -e "\n*** Setting encryption policy on another user's directory ***"
+mkdir $unauthorized_dir
+_user_do_set_encpolicy $unauthorized_dir |& _filter_scratch
+_get_encpolicy $unauthorized_dir |& _filter_scratch
+
+# Should *not* be able to set an encryption policy on a directory on a
+# filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto:
+# require write access to mount to set encryption policy". Test both a regular
+# readonly filesystem and a readonly bind mount of a read-write filesystem.
+echo -e "\n*** Setting encryption policy on readonly filesystem ***"
+mkdir $SCRATCH_MNT/ro_dir $SCRATCH_MNT/ro_bind_mnt
+_scratch_remount ro
+_set_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
+_get_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
+_scratch_remount rw
+mount --bind $SCRATCH_MNT $SCRATCH_MNT/ro_bind_mnt
+mount -o remount,ro,bind $SCRATCH_MNT/ro_bind_mnt
+_set_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
+_get_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
+umount $SCRATCH_MNT/ro_bind_mnt
+
+# success, all done
+status=0
+exit
diff --git a/tests/btrfs/298.out b/tests/btrfs/298.out
new file mode 100644
index 00000000..15069749
--- /dev/null
+++ b/tests/btrfs/298.out
@@ -0,0 +1,34 @@
+QA output created by 298
+
+*** Setting encryption policy on empty directory ***
+SCRATCH_MNT/empty_dir: failed to get encryption policy: No data available
+invalid key identifier: 0000111122223333
+/mnt/scratch/empty_dir: failed to get encryption policy: No data available
+
+*** Setting encryption policy again ***
+invalid key identifier: 0000111122223333
+/mnt/scratch/empty_dir: failed to get encryption policy: No data available
+invalid key identifier: 4444555566667777
+/mnt/scratch/empty_dir: failed to get encryption policy: No data available
+
+*** Setting encryption policy on nonempty directory ***
+Encryption policy for SCRATCH_MNT/nonempty_dir:
+ Policy version: 2
+ Master key identifier: 00000000000000000000000000000000
+ Contents encryption mode: 1 (AES-256-XTS)
+ Filenames encryption mode: 4 (AES-256-CTS)
+ Flags: 0x20
+
+*** Setting encryption policy on nondirectory ***
+SCRATCH_MNT/nondirectory: failed to set encryption policy: Not a directory
+SCRATCH_MNT/nondirectory: failed to get encryption policy: No data available
+
+*** Setting encryption policy on another user's directory ***
+Permission denied
+SCRATCH_MNT/unauthorized_dir: failed to get encryption policy: No data available
+
+*** Setting encryption policy on readonly filesystem ***
+SCRATCH_MNT/ro_dir: failed to set encryption policy: Read-only file system
+SCRATCH_MNT/ro_dir: failed to get encryption policy: No data available
+SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to set encryption policy: Read-only file system
+SCRATCH_MNT/ro_bind_mnt/ro_dir: failed to get encryption policy: No data available
diff --git a/tests/btrfs/299 b/tests/btrfs/299
new file mode 100755
index 00000000..d9fde898
--- /dev/null
+++ b/tests/btrfs/299
@@ -0,0 +1,68 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (c) 2017 Google, Inc. All Rights Reserved.
+#
+# FS QA Test No. 299
+#
+# Test that without the encryption key for a directory, long filenames are
+# presented in a way which avoids collisions, even though they are abbreviated
+# in order to support names up to NAME_MAX bytes.
+#
+# Regression test for:
+# 6332cd32c829 ("f2fs: check entire encrypted bigname when finding a dentry")
+# 6b06cdee81d6 ("fscrypt: avoid collisions when presenting long encrypted filenames")
+#
+# Even with these two fixes it's still possible to create intentional
+# collisions. For now this test covers "accidental" collisions only.
+#
+# Based on generic/435.
+#
+. ./common/preamble
+_begin_fstest auto encrypt
+
+# Import common functions.
+. ./common/filter
+. ./common/encrypt
+
+# real QA test starts here
+_supported_fs generic
+_require_scratch_encryption
+_require_command "$KEYCTL_PROG" keyctl
+
+# set up an encrypted directory
+
+_initialize_default_policy
+_scratch_mkfs_encrypted &>> $seqres.full
+_scratch_mount
+mkdir $SCRATCH_MNT/edir
+raw_key=$(_generate_raw_encryption_key)
+keydesc=$(_add_default_policy_key $raw_key)
+# -f 0x2: zero-pad to 16-byte boundary (i.e. encryption block boundary)
+# -f 0x20: necessary flag for btrfs
+_set_encpolicy $SCRATCH_MNT/edir $keydesc -f 0x22
+
+# Create files with long names (> 32 bytes, long enough to trigger the use of
+# "digested" names) in the encrypted directory.
+#
+# Use 100,000 files so that we have a good chance of detecting buggy filesystems
+# that solely use a 32-bit hash to distinguish files, which f2fs was doing.
+#
+# Furthermore, make the filenames differ only in the last 16-byte encryption
+# block. This reproduces the bug where it was not accounted for that ciphertext
+# stealing (CTS) causes the last two blocks to appear "flipped".
+seq -f "$SCRATCH_MNT/edir/abcdefghijklmnopqrstuvwxyz012345%.0f" 100000 | xargs touch
+find $SCRATCH_MNT/edir/ -type f | xargs stat -c %i | sort | uniq | wc -l
+
+_unlink_default_policy_key $keydesc &>> $seqres.full
+_scratch_cycle_mount
+
+# Verify that every file has a unique inode number and can be removed without
+# error. With the bug(s), some filenames incorrectly pointed to the same inode,
+# and ext4 reported a "Structure needs cleaning" error when removing files.
+find $SCRATCH_MNT/edir/ -type f | xargs stat -c %i | sort | uniq | wc -l
+rm -rf $SCRATCH_MNT/edir |& head -n 10
+stat $SCRATCH_MNT/edir |& _filter_stat |& _filter_scratch
+
+# success, all done
+status=0
+exit
diff --git a/tests/btrfs/299.out b/tests/btrfs/299.out
new file mode 100644
index 00000000..41d3d94a
--- /dev/null
+++ b/tests/btrfs/299.out
@@ -0,0 +1,4 @@
+QA output created by 299
+100000
+100000
+stat: cannot statx 'SCRATCH_MNT/edir': No such file or directory
diff --git a/tests/generic/395 b/tests/generic/395
index ab2ad612..f111329b 100755
--- a/tests/generic/395
+++ b/tests/generic/395
@@ -15,7 +15,7 @@ _begin_fstest auto quick encrypt
# real QA test starts here
_supported_fs generic
-_require_scratch_encryption
+_require_scratch_encryption -v 1
_require_xfs_io_command "get_encpolicy"
_require_user
diff --git a/tests/generic/397 b/tests/generic/397
index 6c03f274..e3c5e401 100755
--- a/tests/generic/397
+++ b/tests/generic/397
@@ -23,13 +23,14 @@ _require_symlinks
_require_scratch_encryption
_require_command "$KEYCTL_PROG" keyctl
-_init_session_keyring
+_initialize_default_policy
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
mkdir $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
-keydesc=$(_generate_session_encryption_key)
+raw_key=$(_generate_raw_encryption_key)
+keydesc=$(_add_default_policy_key $raw_key)
_set_encpolicy $SCRATCH_MNT/edir $keydesc
for dir in $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir; do
touch $dir/empty > /dev/null
@@ -47,6 +48,7 @@ done
diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
# Cycle mount and diff again
_scratch_cycle_mount
+_add_default_policy_key $raw_key &>> $seqres.full
diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
#
@@ -63,7 +65,7 @@ diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
# instead of a random one. The same applies to symlink targets.
#
-_unlink_session_encryption_key $keydesc
+_unlink_default_policy_key $keydesc &>> $seqres.full
_scratch_cycle_mount
# Check that unencrypted names aren't there
diff --git a/tests/generic/398 b/tests/generic/398
index e2cbad54..b3108b15 100755
--- a/tests/generic/398
+++ b/tests/generic/398
@@ -24,7 +24,7 @@ _supported_fs generic
_require_scratch_encryption
_require_renameat2 exchange
-_init_session_keyring
+_initialize_default_policy
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
@@ -34,8 +34,10 @@ edir1=$SCRATCH_MNT/edir1
edir2=$SCRATCH_MNT/edir2
udir=$SCRATCH_MNT/udir
mkdir $edir1 $edir2 $udir
-keydesc1=$(_generate_session_encryption_key)
-keydesc2=$(_generate_session_encryption_key)
+raw_key1=$(_generate_raw_encryption_key)
+raw_key2=$(_generate_raw_encryption_key)
+keydesc1=$(_add_default_policy_key $raw_key1)
+keydesc2=$(_add_default_policy_key $raw_key2)
_set_encpolicy $edir1 $keydesc1
_set_encpolicy $edir2 $keydesc2
touch $edir1/efile1
@@ -101,8 +103,8 @@ rm $edir1/fifo $edir2/fifo $udir/fifo
# Now test that *without* access to the encrypted key, we cannot use an exchange
# (cross rename) operation to move a forbidden file into an encrypted directory.
-_unlink_session_encryption_key $keydesc1
-_unlink_session_encryption_key $keydesc2
+_unlink_default_policy_key $keydesc1 &>> $seqres.full
+_unlink_default_policy_key $keydesc2 &>> $seqres.full
_scratch_cycle_mount
efile1=$(find $edir1 -type f)
efile2=$(find $edir2 -type f)
diff --git a/tests/generic/399 b/tests/generic/399
index a5aa7107..e3c77872 100755
--- a/tests/generic/399
+++ b/tests/generic/399
@@ -30,7 +30,7 @@ _require_symlinks
_require_command "$XZ_PROG" xz
_require_command "$KEYCTL_PROG" keyctl
-_init_session_keyring
+_initialize_default_policy
#
# Set up a small filesystem containing an encrypted directory. 64 MB is enough
@@ -45,7 +45,8 @@ dd if=/dev/zero of=$SCRATCH_DEV bs=$((1024 * 1024)) \
_scratch_mkfs_sized_encrypted $fs_size &>> $seqres.full
_scratch_mount
-keydesc=$(_generate_session_encryption_key)
+raw_key=$(_generate_raw_encryption_key)
+keydesc=$(_add_default_policy_key $raw_key)
mkdir $SCRATCH_MNT/encrypted_dir
_set_encpolicy $SCRATCH_MNT/encrypted_dir $keydesc
@@ -111,7 +112,7 @@ done
# memory than the '-9' preset. The memory needed with our settings will be
# 64 * 6.5 = 416 MB; see xz(1).
#
-_unlink_session_encryption_key $keydesc
+_unlink_default_policy_key $keydesc &>> $seqres.full
_scratch_unmount
fs_compressed_size=$(head -c $fs_size $SCRATCH_DEV | \
xz --lzma2=dict=64M,mf=hc4,mode=fast,nice=16 | \
diff --git a/tests/generic/419 b/tests/generic/419
index 5d56d64f..f5fd9ea9 100755
--- a/tests/generic/419
+++ b/tests/generic/419
@@ -24,17 +24,18 @@ _require_scratch_encryption
_require_command "$KEYCTL_PROG" keyctl
_require_renameat2 exchange
-_init_session_keyring
+_initialize_default_policy
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
mkdir $SCRATCH_MNT/edir
-keydesc=$(_generate_session_encryption_key)
+raw_key=$(_generate_raw_encryption_key)
+keydesc=$(_add_default_policy_key $raw_key)
_set_encpolicy $SCRATCH_MNT/edir $keydesc
echo a > $SCRATCH_MNT/edir/a
echo b > $SCRATCH_MNT/edir/b
-_unlink_session_encryption_key $keydesc
+_unlink_default_policy_key $keydesc &>> $seqres.full
_scratch_cycle_mount
# Note that because no-key filenames are unpredictable, this needs to be written
diff --git a/tests/generic/421 b/tests/generic/421
index 0c4fa8e3..de8594fa 100755
--- a/tests/generic/421
+++ b/tests/generic/421
@@ -20,7 +20,7 @@ _supported_fs generic
_require_scratch_encryption
_require_command "$KEYCTL_PROG" keyctl
-_init_session_keyring
+_initialize_default_policy
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
@@ -34,7 +34,8 @@ slice=2
# Create an encrypted file and sync its data to disk.
rm -rf $dir
mkdir $dir
-keydesc=$(_generate_session_encryption_key)
+raw_key=$(_generate_raw_encryption_key)
+keydesc=$(_add_default_policy_key $raw_key)
_set_encpolicy $dir $keydesc
$XFS_IO_PROG -f $file -c "pwrite 0 $((nproc*slice))M" -c "fsync" > /dev/null
@@ -54,7 +55,7 @@ done
sleep 1
# Revoke the encryption key.
-keyid=$(_revoke_session_encryption_key $keydesc)
+keyid=$(_revoke_default_policy_key $keydesc)
# Now try to open the file again. In buggy kernels this caused concurrent
# readers to crash with a NULL pointer dereference during decryption.
diff --git a/tests/generic/429 b/tests/generic/429
index 2cf12316..776eee71 100755
--- a/tests/generic/429
+++ b/tests/generic/429
@@ -28,7 +28,7 @@ _begin_fstest auto encrypt
# real QA test starts here
_supported_fs generic
-_require_scratch_encryption
+_require_scratch_encryption -v 1
_require_command "$KEYCTL_PROG" keyctl
_require_test_program "t_encrypted_d_revalidate"
diff --git a/tests/generic/435 b/tests/generic/435
index bb1cbb62..b0b9cd83 100755
--- a/tests/generic/435
+++ b/tests/generic/435
@@ -24,7 +24,7 @@ _begin_fstest auto encrypt
# real QA test starts here
_supported_fs generic
-_require_scratch_encryption
+_require_scratch_encryption -v 1
_require_command "$KEYCTL_PROG" keyctl
# set up an encrypted directory
diff --git a/tests/generic/440 b/tests/generic/440
index 5850a8fe..ca7c55b1 100755
--- a/tests/generic/440
+++ b/tests/generic/440
@@ -20,7 +20,7 @@ _begin_fstest auto quick encrypt
# real QA test starts here
_supported_fs generic
-_require_scratch_encryption
+_require_scratch_encryption -v 1
_require_symlinks
_require_command "$KEYCTL_PROG" keyctl
diff --git a/tests/generic/576 b/tests/generic/576
index c8862de2..7a368a8d 100755
--- a/tests/generic/576
+++ b/tests/generic/576
@@ -26,7 +26,7 @@ _cleanup()
# real QA test starts here
_supported_fs generic
_require_scratch_verity
-_require_scratch_encryption
+_require_scratch_encryption -v 1
_require_command "$KEYCTL_PROG" keyctl
_require_fsverity_corruption
_disable_fsverity_signatures
@@ -39,8 +39,9 @@ edir=$SCRATCH_MNT/edir
fsv_file=$edir/file.fsv
# Set up an encrypted directory.
-_init_session_keyring
-keydesc=$(_generate_session_encryption_key)
+_initialize_default_policy
+raw_key=$(_generate_raw_encryption_key)
+keydesc=$(_add_default_policy_key $raw_key)
mkdir $edir
_set_encpolicy $edir $keydesc
diff --git a/tests/generic/580 b/tests/generic/580
index 73f32ff9..f9928d33 100755
--- a/tests/generic/580
+++ b/tests/generic/580
@@ -18,6 +18,7 @@ echo
# real QA test starts here
_supported_fs generic
+_require_scratch_encryption -v 1
_require_scratch_encryption -v 2
_scratch_mkfs_encrypted &>> $seqres.full
diff --git a/tests/generic/581 b/tests/generic/581
index cabc7e1c..78cc0fa8 100755
--- a/tests/generic/581
+++ b/tests/generic/581
@@ -31,6 +31,7 @@ _cleanup()
# real QA test starts here
_supported_fs generic
_require_user
+_require_scratch_encryption -v 1
_require_scratch_encryption -v 2
_scratch_mkfs_encrypted &>> $seqres.full
diff --git a/tests/generic/593 b/tests/generic/593
index 2dda5d76..7907236c 100755
--- a/tests/generic/593
+++ b/tests/generic/593
@@ -17,6 +17,7 @@ _begin_fstest auto quick encrypt
# real QA test starts here
_supported_fs generic
+_require_scratch_encryption -v 1
_require_scratch_encryption -v 2
_require_command "$KEYCTL_PROG" keyctl
diff --git a/tests/generic/613 b/tests/generic/613
index 4cf5ccc6..ffd5f8a9 100755
--- a/tests/generic/613
+++ b/tests/generic/613
@@ -22,6 +22,7 @@ _begin_fstest auto quick encrypt
# real QA test starts here
_supported_fs generic
+_require_scratch_encryption -v 1
_require_scratch_encryption -v 2
_require_get_encryption_nonce_support
_require_command "$XZ_PROG" xz
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-09-07 9:02 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-06 0:31 [PATCH 0/2] fstests: add btrfs encryption support Sweet Tea Dorminy
2022-09-06 0:31 ` [PATCH 1/2] fstests: fscrypt: enable btrfs testing Sweet Tea Dorminy
2022-09-07 9:02 ` Zorro Lang
2022-09-06 0:31 ` [PATCH 2/2] fstests: fscrypt: update tests of encryption contents for btrfs Sweet Tea Dorminy
-- strict thread matches above, loose matches on Subject: below --
2022-08-17 14:45 [PATCH 0/2] fstests: add btrfs encryption support Sweet Tea Dorminy
2022-08-17 14:45 ` [PATCH 1/2] fstests: fscrypt: enable btrfs testing Sweet Tea Dorminy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.