#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (c) 2016 Google, Inc.  All Rights Reserved.
#
# FS QA Test generic/396
#
# Test that FS_IOC_SET_ENCRYPTION_POLICY correctly validates the fscrypt_policy
# structure that userspace passes to it.
#
. ./common/preamble
_begin_fstest auto quick encrypt

# Import common functions.
. ./common/filter
. ./common/encrypt

# real QA test starts here
_supported_fs generic
_require_scratch_encryption

_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
dir=$SCRATCH_MNT/dir
mkdir $dir

echo -e "\n*** Invalid contents encryption mode ***"
_set_encpolicy $dir -c 0xFF |& _filter_scratch

echo -e "\n*** Invalid filenames encryption mode ***"
_set_encpolicy $dir -n 0xFF |& _filter_scratch

echo -e "\n*** Invalid flags ***"
_set_encpolicy $dir -f 0xFF |& _filter_scratch

echo -e "\n*** Invalid policy version ***"
_set_encpolicy $dir -v 0xFF |& _filter_scratch

# Currently, the only supported combination of modes is AES-256-XTS for contents
# and AES-256-CTS for filenames.  Nothing else should be accepted.
echo -e "\n*** Invalid combinations of modes ***"
_set_encpolicy $dir -c AES-256-CTS -n AES-256-CTS |& _filter_scratch
_set_encpolicy $dir -c AES-256-CTS -n AES-256-XTS |& _filter_scratch
_set_encpolicy $dir -c AES-256-XTS -n AES-256-XTS |& _filter_scratch

# success, all done
status=0
exit