From: Eric Biggers <ebiggers@kernel.org>
To: fstests@vger.kernel.org
Cc: linux-fscrypt@vger.kernel.org
Subject: [PATCH v3 0/9] xfstests: add tests for fscrypt key management improvements
Date: Tue, 15 Oct 2019 11:16:34 -0700 [thread overview]
Message-ID: <20191015181643.6519-1-ebiggers@kernel.org> (raw)
Hello,
This patchset adds xfstests for the new fscrypt functionality that was
merged for 5.4 (https://git.kernel.org/torvalds/c/734d1ed83e1f9b7b),
namely the new ioctls for managing filesystem encryption keys and the
new/updated ioctls for v2 encryption policy support. It also includes
ciphertext verification tests for v2 encryption policies.
These tests require new xfs_io commands, which are present in the
for-next branch of xfsprogs. They also need a kernel v5.4-rc1 or later.
As is usual for xfstests, the tests will skip themselves if their
prerequisites aren't met.
Note: currently only ext4, f2fs, and ubifs support encryption. But I
was told previously that since the fscrypt API is generic and may be
supported by XFS in the future, the command-line wrappers for the
fscrypt ioctls should be in xfs_io rather than in xfstests directly
(https://marc.info/?l=fstests&m=147976255831951&w=2).
This patchset can also be retrieved from tag
"fscrypt-key-mgmt-improvements_2019-10-15" of
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git
Changes since v2:
- Updated "common/encrypt: disambiguate session encryption keys" to
rename the new instance of _generate_encryption_key() in generic/576.
Changes since v1:
- Addressed comments from Eryu Guan regarding
_require_encryption_policy_support().
- In generic/801, handle the fsgqa user having part of their key quota
already consumed before beginning the test, in order to avoid a false
test failure on some systems.
Eric Biggers (9):
common/encrypt: disambiguate session encryption keys
common/encrypt: add helper functions that wrap new xfs_io commands
common/encrypt: support checking for v2 encryption policy support
common/encrypt: support verifying ciphertext of v2 encryption policies
generic: add basic test for fscrypt API additions
generic: add test for non-root use of fscrypt API additions
generic: verify ciphertext of v2 encryption policies with AES-256
generic: verify ciphertext of v2 encryption policies with AES-128
generic: verify ciphertext of v2 encryption policies with Adiantum
common/encrypt | 181 +++++++++++++++++++----
src/fscrypt-crypt-util.c | 304 ++++++++++++++++++++++++++++++++++-----
tests/ext4/024 | 2 +-
tests/generic/397 | 4 +-
tests/generic/398 | 8 +-
tests/generic/399 | 4 +-
tests/generic/419 | 4 +-
tests/generic/421 | 4 +-
tests/generic/429 | 8 +-
tests/generic/435 | 4 +-
tests/generic/440 | 8 +-
tests/generic/576 | 2 +-
tests/generic/800 | 127 ++++++++++++++++
tests/generic/800.out | 91 ++++++++++++
tests/generic/801 | 144 +++++++++++++++++++
tests/generic/801.out | 62 ++++++++
tests/generic/802 | 43 ++++++
tests/generic/802.out | 6 +
tests/generic/803 | 43 ++++++
tests/generic/803.out | 6 +
tests/generic/804 | 45 ++++++
tests/generic/804.out | 11 ++
tests/generic/group | 5 +
23 files changed, 1029 insertions(+), 87 deletions(-)
create mode 100755 tests/generic/800
create mode 100644 tests/generic/800.out
create mode 100755 tests/generic/801
create mode 100644 tests/generic/801.out
create mode 100755 tests/generic/802
create mode 100644 tests/generic/802.out
create mode 100755 tests/generic/803
create mode 100644 tests/generic/803.out
create mode 100755 tests/generic/804
create mode 100644 tests/generic/804.out
--
2.23.0.700.g56cf767bdb-goog
next reply other threads:[~2019-10-15 18:25 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-15 18:16 Eric Biggers [this message]
2019-10-15 18:16 ` [PATCH v3 1/9] common/encrypt: disambiguate session encryption keys Eric Biggers
2019-10-15 18:16 ` [PATCH v3 2/9] common/encrypt: add helper functions that wrap new xfs_io commands Eric Biggers
2019-10-15 18:16 ` [PATCH v3 3/9] common/encrypt: support checking for v2 encryption policy support Eric Biggers
2019-10-15 18:16 ` [PATCH v3 4/9] common/encrypt: support verifying ciphertext of v2 encryption policies Eric Biggers
2019-10-15 18:16 ` [PATCH v3 5/9] generic: add basic test for fscrypt API additions Eric Biggers
2019-10-15 18:16 ` [PATCH v3 6/9] generic: add test for non-root use of " Eric Biggers
2020-01-19 5:45 ` Murphy Zhou
2020-01-19 18:25 ` Eric Biggers
2020-01-20 2:20 ` Murphy Zhou
2020-01-29 0:45 ` Eric Biggers
2019-10-15 18:16 ` [PATCH v3 7/9] generic: verify ciphertext of v2 encryption policies with AES-256 Eric Biggers
2019-10-15 18:16 ` [PATCH v3 8/9] generic: verify ciphertext of v2 encryption policies with AES-128 Eric Biggers
2019-10-15 18:16 ` [PATCH v3 9/9] generic: verify ciphertext of v2 encryption policies with Adiantum Eric Biggers
2019-10-23 18:00 ` [PATCH v3 0/9] xfstests: add tests for fscrypt key management improvements Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191015181643.6519-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).