From: Eric Biggers <ebiggers@kernel.org>
To: fstests@vger.kernel.org
Cc: linux-fscrypt@vger.kernel.org
Subject: [PATCH v3 0/9] xfstests: add tests for fscrypt key management improvements
Date: Tue, 15 Oct 2019 11:16:34 -0700 [thread overview]
Message-ID: <20191015181643.6519-1-ebiggers@kernel.org> (raw)
Hello,
This patchset adds xfstests for the new fscrypt functionality that was
merged for 5.4 (https://git.kernel.org/torvalds/c/734d1ed83e1f9b7b),
namely the new ioctls for managing filesystem encryption keys and the
new/updated ioctls for v2 encryption policy support. It also includes
ciphertext verification tests for v2 encryption policies.
These tests require new xfs_io commands, which are present in the
for-next branch of xfsprogs. They also need a kernel v5.4-rc1 or later.
As is usual for xfstests, the tests will skip themselves if their
prerequisites aren't met.
Note: currently only ext4, f2fs, and ubifs support encryption. But I
was told previously that since the fscrypt API is generic and may be
supported by XFS in the future, the command-line wrappers for the
fscrypt ioctls should be in xfs_io rather than in xfstests directly
(https://marc.info/?l=fstests&m=147976255831951&w=2).
This patchset can also be retrieved from tag
"fscrypt-key-mgmt-improvements_2019-10-15" of
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git
Changes since v2:
- Updated "common/encrypt: disambiguate session encryption keys" to
rename the new instance of _generate_encryption_key() in generic/576.
Changes since v1:
- Addressed comments from Eryu Guan regarding
_require_encryption_policy_support().
- In generic/801, handle the fsgqa user having part of their key quota
already consumed before beginning the test, in order to avoid a false
test failure on some systems.
Eric Biggers (9):
common/encrypt: disambiguate session encryption keys
common/encrypt: add helper functions that wrap new xfs_io commands
common/encrypt: support checking for v2 encryption policy support
common/encrypt: support verifying ciphertext of v2 encryption policies
generic: add basic test for fscrypt API additions
generic: add test for non-root use of fscrypt API additions
generic: verify ciphertext of v2 encryption policies with AES-256
generic: verify ciphertext of v2 encryption policies with AES-128
generic: verify ciphertext of v2 encryption policies with Adiantum
common/encrypt | 181 +++++++++++++++++++----
src/fscrypt-crypt-util.c | 304 ++++++++++++++++++++++++++++++++++-----
tests/ext4/024 | 2 +-
tests/generic/397 | 4 +-
tests/generic/398 | 8 +-
tests/generic/399 | 4 +-
tests/generic/419 | 4 +-
tests/generic/421 | 4 +-
tests/generic/429 | 8 +-
tests/generic/435 | 4 +-
tests/generic/440 | 8 +-
tests/generic/576 | 2 +-
tests/generic/800 | 127 ++++++++++++++++
tests/generic/800.out | 91 ++++++++++++
tests/generic/801 | 144 +++++++++++++++++++
tests/generic/801.out | 62 ++++++++
tests/generic/802 | 43 ++++++
tests/generic/802.out | 6 +
tests/generic/803 | 43 ++++++
tests/generic/803.out | 6 +
tests/generic/804 | 45 ++++++
tests/generic/804.out | 11 ++
tests/generic/group | 5 +
23 files changed, 1029 insertions(+), 87 deletions(-)
create mode 100755 tests/generic/800
create mode 100644 tests/generic/800.out
create mode 100755 tests/generic/801
create mode 100644 tests/generic/801.out
create mode 100755 tests/generic/802
create mode 100644 tests/generic/802.out
create mode 100755 tests/generic/803
create mode 100644 tests/generic/803.out
create mode 100755 tests/generic/804
create mode 100644 tests/generic/804.out
--
2.23.0.700.g56cf767bdb-goog
next reply other threads:[~2019-10-15 18:25 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-15 18:16 Eric Biggers [this message]
2019-10-15 18:16 ` [PATCH v3 1/9] common/encrypt: disambiguate session encryption keys Eric Biggers
2019-10-15 18:16 ` [PATCH v3 2/9] common/encrypt: add helper functions that wrap new xfs_io commands Eric Biggers
2019-10-15 18:16 ` [PATCH v3 3/9] common/encrypt: support checking for v2 encryption policy support Eric Biggers
2019-10-15 18:16 ` [PATCH v3 4/9] common/encrypt: support verifying ciphertext of v2 encryption policies Eric Biggers
2019-10-15 18:16 ` [PATCH v3 5/9] generic: add basic test for fscrypt API additions Eric Biggers
2019-10-15 18:16 ` [PATCH v3 6/9] generic: add test for non-root use of " Eric Biggers
2020-01-19 5:45 ` Murphy Zhou
2020-01-19 18:25 ` Eric Biggers
2020-01-20 2:20 ` Murphy Zhou
2020-01-29 0:45 ` Eric Biggers
2019-10-15 18:16 ` [PATCH v3 7/9] generic: verify ciphertext of v2 encryption policies with AES-256 Eric Biggers
2019-10-15 18:16 ` [PATCH v3 8/9] generic: verify ciphertext of v2 encryption policies with AES-128 Eric Biggers
2019-10-15 18:16 ` [PATCH v3 9/9] generic: verify ciphertext of v2 encryption policies with Adiantum Eric Biggers
2019-10-23 18:00 ` [PATCH v3 0/9] xfstests: add tests for fscrypt key management improvements Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191015181643.6519-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.