2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2016 Google, Inc. All Rights Reserved.
5 # FS QA Test generic/397
7 # Test accessing encrypted files and directories, both with and without the
8 # encryption key. Access with the encryption key is more of a sanity check and
9 # is not intended to fully test all the encrypted I/O paths; to do that you'd
10 # need to run all the xfstests with encryption enabled. Access without the
11 # encryption key, on the other hand, should result in some particular behaviors.
14 seqres=$RESULT_DIR/$seq
15 echo "QA output created by $seq"
19 status=1 # failure is the default!
20 trap "_cleanup; exit \$status" 0 1 2 3 15
28 # get standard environment, filters and checks
33 # remove previous $seqres.full before test
36 # real QA test starts here
39 _require_scratch_encryption
40 _require_command "$KEYCTL_PROG" keyctl
44 _scratch_mkfs_encrypted &>> $seqres.full
47 mkdir $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
48 keydesc=$(_generate_session_encryption_key)
49 _set_encpolicy $SCRATCH_MNT/edir $keydesc
50 for dir in $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir; do
51 touch $dir/empty > /dev/null
52 $XFS_IO_PROG -t -f -c "pwrite 0 4k" $dir/a > /dev/null
53 $XFS_IO_PROG -t -f -c "pwrite 0 33k" $dir/abcdefghijklmnopqrstuvwxyz > /dev/null
54 maxname=$(head -c 255 /dev/zero | tr '\0' y) # 255 character filename
55 $XFS_IO_PROG -t -f -c "pwrite 0 1k" $dir/$maxname > /dev/null
57 ln -s abcdefghijklmnopqrstuvwxyz $dir/symlink2
58 ln -s $maxname $dir/symlink3
60 mkdir $dir/subdir/subsubdir
62 # Diff encrypted directory with unencrypted reference directory
63 diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
64 # Cycle mount and diff again
66 diff -r $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
69 # Now try accessing the files without the encryption key. It should still be
70 # possible to list the directory and remove files. But filenames should be
71 # encrypted, and it should not be possible to read regular files or to create
72 # new files or subdirectories.
74 # Note that we cannot simply use ls -R to verify the files because the encrypted
75 # filenames are unpredictable. By design, the key used to encrypt a directory's
76 # filenames is derived from the master key (the key in the keyring) and a nonce
77 # generated by the kernel. Hence, the encrypted filenames will be different
78 # every time this test is run, even if we were to put a fixed key into the
79 # keyring instead of a random one. The same applies to symlink targets.
82 _unlink_session_encryption_key $keydesc
85 # Check that unencrypted names aren't there
86 stat $SCRATCH_MNT/edir/empty |& _filter_stat |& _filter_scratch
87 stat $SCRATCH_MNT/edir/symlink |& _filter_stat |& _filter_scratch
89 # Check that the correct numbers of files and subdirectories are there
90 ls $SCRATCH_MNT/edir | wc -l
91 find $SCRATCH_MNT/edir -mindepth 2 -maxdepth 2 -type d | wc -l
93 # Try to read a nondirectory file (should fail with ENOKEY)
94 md5sum $(find $SCRATCH_MNT/edir -maxdepth 1 -type f | head -1) |& \
97 # Try to create new files, directories, and symlinks in the encrypted directory,
98 # both with and without using correctly base-64 encoded filenames. These should
99 # all fail with ENOKEY.
100 $XFS_IO_PROG -f $SCRATCH_MNT/edir/newfile |& _filter_scratch
101 $XFS_IO_PROG -f $SCRATCH_MNT/edir/0123456789abcdef |& _filter_scratch
102 mkdir $SCRATCH_MNT/edir/newdir |& _filter_scratch
103 mkdir $SCRATCH_MNT/edir/0123456789abcdef |& _filter_scratch
104 ln -s foo $SCRATCH_MNT/edir/newlink |& _filter_scratch
105 ln -s foo $SCRATCH_MNT/edir/0123456789abcdef |& _filter_scratch
107 # Delete the encrypted directory (should succeed)
108 rm -r $SCRATCH_MNT/edir
109 stat $SCRATCH_MNT/edir |& _filter_stat |& _filter_scratch