2 # FS QA Test generic/397
4 # Test accessing encrypted files and directories, both with and without the
5 # encryption key. Access with the encryption key is more of a sanity check and
6 # is not intended to fully test all the encrypted I/O paths; to do that you'd
7 # need to run all the xfstests with encryption enabled. Access without the
8 # encryption key, on the other hand, should result in some particular behaviors.
10 #-----------------------------------------------------------------------
11 # Copyright (c) 2016 Google, Inc. All Rights Reserved.
13 # Author: Eric Biggers <ebiggers@google.com>
15 # This program is free software; you can redistribute it and/or
16 # modify it under the terms of the GNU General Public License as
17 # published by the Free Software Foundation.
19 # This program is distributed in the hope that it would be useful,
20 # but WITHOUT ANY WARRANTY; without even the implied warranty of
21 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 # GNU General Public License for more details.
24 # You should have received a copy of the GNU General Public License
25 # along with this program; if not, write the Free Software Foundation,
26 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27 #-----------------------------------------------------------------------
31 seqres=$RESULT_DIR/$seq
32 echo "QA output created by $seq"
36 status=1 # failure is the default!
37 trap "_cleanup; exit \$status" 0 1 2 3 15
45 # get standard environment, filters and checks
50 # remove previous $seqres.full before test
53 # real QA test starts here
56 _require_scratch_encryption
57 _require_xfs_io_command "set_encpolicy"
58 _require_command "$KEYCTL_PROG" keyctl
62 _scratch_mkfs_encrypted &>> $seqres.full
65 mkdir $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
66 keydesc=$(_generate_encryption_key)
67 $XFS_IO_PROG -c "set_encpolicy $keydesc" $SCRATCH_MNT/edir
68 for dir in $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir; do
69 touch $dir/empty > /dev/null
70 $XFS_IO_PROG -t -f -c "pwrite 0 4k" $dir/a > /dev/null
71 $XFS_IO_PROG -t -f -c "pwrite 0 33k" $dir/abcdefghijklmnopqrstuvwxyz > /dev/null
72 maxname=$(yes | head -255 | tr -d '\n') # 255 character filename
73 $XFS_IO_PROG -t -f -c "pwrite 0 1k" $dir/$maxname > /dev/null
75 ln -s abcdefghijklmnopqrstuvwxyz $dir/symlink2
76 ln -s $maxname $dir/symlink3
78 mkdir $dir/subdir/subsubdir
80 # Diff encrypted directory with unencrypted reference directory
81 diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
82 # Cycle mount and diff again
84 diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
87 # Now try accessing the files without the encryption key. It should still be
88 # possible to list the directory and remove files. But filenames should be
89 # encrypted, and it should not be possible to read regular files or to create
90 # new files or subdirectories.
92 # Note that we cannot simply use ls -R to verify the files because the encrypted
93 # filenames are unpredictable. By design, the key used to encrypt a directory's
94 # filenames is derived from the master key (the key in the keyring) and a nonce
95 # generated by the kernel. Hence, the encrypted filenames will be different
96 # every time this test is run, even if we were to put a fixed key into the
97 # keyring instead of a random one. The same applies to symlink targets.
99 # TODO: there are some inconsistencies in which error codes are returned on
100 # different kernel versions and filesystems when trying to create a file or
101 # subdirectory without access to the parent directory's encryption key. It's
102 # planned to consistently use ENOKEY, but for now make this test accept multiple
106 filter_create_errors()
108 sed -e 's/No such file or directory/Required key not available/' \
109 -e 's/Permission denied/Required key not available/' \
110 -e 's/Operation not permitted/Required key not available/'
113 _unlink_encryption_key $keydesc
116 # Check that unencrypted names aren't there
117 stat $SCRATCH_MNT/edir/empty |& _filter_scratch
118 stat $SCRATCH_MNT/edir/symlink |& _filter_scratch
120 # Check that the correct numbers of files and subdirectories are there
121 ls $SCRATCH_MNT/edir | wc -l
122 find $SCRATCH_MNT/edir -mindepth 2 -maxdepth 2 -type d | wc -l
124 # Try to read a nondirectory file (should fail with ENOKEY)
125 md5sum $(find $SCRATCH_MNT/edir -maxdepth 1 -type f | head -1) |& \
128 # Try to create new files, directories, and symlinks in the encrypted directory,
129 # both with and without using correctly base-64 encoded filenames. These should
130 # all fail with ENOKEY.
131 $XFS_IO_PROG -f $SCRATCH_MNT/edir/newfile |& filter_create_errors | _filter_scratch
132 $XFS_IO_PROG -f $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch
133 mkdir $SCRATCH_MNT/edir/newdir |& filter_create_errors | _filter_scratch
134 mkdir $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch
135 ln -s foo $SCRATCH_MNT/edir/newlink |& filter_create_errors | _filter_scratch
136 ln -s foo $SCRATCH_MNT/edir/0123456789abcdef |& filter_create_errors | _filter_scratch
138 # Delete the encrypted directory (should succeed)
139 rm -r $SCRATCH_MNT/edir
140 stat $SCRATCH_MNT/edir |& _filter_scratch