2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright 2019 Google LLC
5 # FS QA Test No. generic/581
7 # Test non-root use of the fscrypt filesystem-level encryption keyring
8 # and v2 encryption policies.
12 seqres=$RESULT_DIR/$seq
13 echo "QA output created by $seq"
18 status=1 # failure is the default!
19 trap "_cleanup; exit \$status" 0 1 2 3 15
26 if [ -n "$orig_maxkeys" ]; then
27 echo "$orig_maxkeys" > /proc/sys/kernel/keys/maxkeys
31 # get standard environment, filters and checks
36 # remove previous $seqres.full before test
39 # real QA test starts here
43 _require_scratch_encryption -v 2
45 _scratch_mkfs_encrypted &>> $seqres.full
48 # Set the fsgqa user's key quota to their current number of keys plus 5.
49 orig_keys=$(_user_do "awk '/^[[:space:]]*$(id -u fsgqa):/{print \$4}' /proc/key-users | cut -d/ -f1")
51 echo "orig_keys=$orig_keys" >> $seqres.full
52 orig_maxkeys=$(</proc/sys/kernel/keys/maxkeys)
54 echo $((orig_keys + keys_to_add)) > /proc/sys/kernel/keys/maxkeys
60 raw_key+="\\x$(printf "%02x" $i)"
62 keydesc="0000111122223333"
63 keyid="69b2f6edeee720cce0577937eb8a6751"
64 chmod 777 $SCRATCH_MNT
68 echo "# Setting v1 policy as regular user (should succeed)"
69 _user_do_set_encpolicy $dir $keydesc
71 echo "# Getting v1 policy as regular user (should succeed)"
72 _user_do_get_encpolicy $dir | _filter_scratch
74 echo "# Adding v1 policy key as regular user (should fail with EACCES)"
75 _user_do_add_enckey $SCRATCH_MNT "$raw_key" -d $keydesc
81 echo "# Setting v2 policy as regular user without key already added (should fail with ENOKEY)"
82 _user_do_set_encpolicy $dir $keyid |& _filter_scratch
84 echo "# Adding v2 policy key as regular user (should succeed)"
85 _user_do_add_enckey $SCRATCH_MNT "$raw_key"
87 echo "# Setting v2 policy as regular user with key added (should succeed)"
88 _user_do_set_encpolicy $dir $keyid
90 echo "# Getting v2 policy as regular user (should succeed)"
91 _user_do_get_encpolicy $dir | _filter_scratch
93 echo "# Creating encrypted file as regular user (should succeed)"
94 _user_do "echo contents > $dir/file"
96 echo "# Removing v2 policy key as regular user (should succeed)"
97 _user_do_rm_enckey $SCRATCH_MNT $keyid
99 _scratch_cycle_mount # Clear all keys
102 echo "# Testing user key quota"
103 for i in `seq $((keys_to_add + 1))`; do
104 rand_raw_key=$(_generate_raw_encryption_key)
105 _user_do_add_enckey $SCRATCH_MNT "$rand_raw_key" \
106 | sed 's/ with identifier .*$//'
111 _user_do "mkdir $dir"
112 _scratch_cycle_mount # Clear all keys
114 # Test multiple users adding the same key.
115 echo "# Adding key as root"
116 _add_enckey $SCRATCH_MNT "$raw_key"
117 echo "# Getting key status as regular user"
118 _user_do_enckey_status $SCRATCH_MNT $keyid
119 echo "# Removing key only added by another user (should fail with ENOKEY)"
120 _user_do_rm_enckey $SCRATCH_MNT $keyid
121 echo "# Setting v2 encryption policy with key only added by another user (should fail with ENOKEY)"
122 _user_do_set_encpolicy $dir $keyid |& _filter_scratch
123 echo "# Adding second user of key"
124 _user_do_add_enckey $SCRATCH_MNT "$raw_key"
125 echo "# Getting key status as regular user"
126 _user_do_enckey_status $SCRATCH_MNT $keyid
127 echo "# Setting v2 encryption policy as regular user"
128 _user_do_set_encpolicy $dir $keyid
129 echo "# Removing this user's claim to the key"
130 _user_do_rm_enckey $SCRATCH_MNT $keyid
131 echo "# Getting key status as regular user"
132 _user_do_enckey_status $SCRATCH_MNT $keyid
133 echo "# Adding back second user of key"
134 _user_do_add_enckey $SCRATCH_MNT "$raw_key"
135 echo "# Remove key for \"all users\", as regular user (should fail with EACCES)"
136 _user_do_rm_enckey $SCRATCH_MNT $keyid -a |& _filter_scratch
137 _enckey_status $SCRATCH_MNT $keyid
138 echo "# Remove key for \"all users\", as root"
139 _rm_enckey $SCRATCH_MNT $keyid -a
140 _enckey_status $SCRATCH_MNT $keyid
projects / xfstests-dev.git / blob