On Mon, Dec 05, 2016 at 11:21:04AM -0800, Eric Biggers wrote:
> Add utility functions for testing filesystem-level encryption via the
> common API currently supported by ext4 and f2fs, in development for
> ubifs and planned for xfs. Setting and getting encryption policies will
> use new commands being added to xfs_io, while adding and removing
> encryption keys will use keyctl.
>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
> common/config | 1 +
> common/encrypt | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 138 insertions(+)
> create mode 100644 common/encrypt
>
> diff --git a/common/config b/common/config
> index f0f08d2..3727ec0 100644
> --- a/common/config
> +++ b/common/config
> @@ -202,6 +202,7 @@ export DEBUGFS_PROG="`set_prog_path debugfs`"
> export UUIDGEN_PROG="`set_prog_path uuidgen`"
> export GETRICHACL_PROG="`set_prog_path getrichacl`"
> export SETRICHACL_PROG="`set_prog_path setrichacl`"
> +export KEYCTL_PROG="`set_prog_path keyctl`"
>
> # use 'udevadm settle' or 'udevsettle' to wait for lv to be settled.
> # newer systems have udevadm command but older systems like RHEL5 don't.
> diff --git a/common/encrypt b/common/encrypt
> new file mode 100644
> index 0000000..e18068e
> --- /dev/null
> +++ b/common/encrypt
> @@ -0,0 +1,137 @@
> +#-----------------------------------------------------------------------
> +#
> +# Common functions for testing filesystem-level encryption
> +#
> +#-----------------------------------------------------------------------
> +# Copyright (c) 2016 Google, Inc. All Rights Reserved.
> +#
> +# Author: Eric Biggers <ebiggers@xxxxxxxxxx>
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU General Public License as
> +# published by the Free Software Foundation.
> +#
> +# This program is distributed in the hope that it would be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program; if not, write the Free Software Foundation,
> +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
> +#-----------------------------------------------------------------------
> +
> +_require_encryption()
I think it's better to name it as _require_scratch_encryption (like
_require_scratch_reflink), so that we know it takes use of SCRATCH_DEV
and tests against it to check if encryption is supported.
> +{
> + # The 'test_dummy_encryption' mount option interferes with trying to use
> + # encryption for real, even if we are just trying to get/set policies
> + # and never put any keys in the keyring. So skip the real encryption
> + # tests if the 'test_dummy_encryption' mount option was specified.
> + if echo "$MOUNT_OPTIONS" | grep -q "test_dummy_encryption"; then
> + _notrun "Dummy encryption is on; skipping real encryption tests"
> + fi
There's a helper _exclude_scratch_mount_option to do this.
> +
> + # Make a filesystem on the scratch device with the encryption feature
> + # enabled. If this fails then probably the userspace tools (e.g.
> + # e2fsprogs or f2fs-tools) are too old to understand encryption.
> + if ! _scratch_mkfs_encrypted &>>$seqres.full; then
> + _notrun "$FSTYP userspace tools do not support encryption"
> + fi
> +
> + # Try to mount the filesystem. If this fails then either the kernel
> + # isn't aware of encryption, or the mkfs options were not compatible
> + # with encryption (e.g. ext4 with block size != PAGE_SIZE).
> + if ! _scratch_mount &>>$seqres.full; then
> + _notrun "kernel is unaware of $FSTYP encryption feature, " \
> + "or mkfs options are not compatible with encryption"
> + fi
> +
> + # The kernel may be aware of encryption without supporting it. For
> + # example, for ext4 this is the case with kernels configured with
> + # CONFIG_EXT4_FS_ENCRYPTION=n. Detect support for encryption by trying
> + # to set an encryption policy. (For ext4 we could instead check for the
> + # presence of /sys/fs/ext4/features/encryption, but this is broken on
> + # some older kernels and is ext4-specific anyway.)
> + mkdir $SCRATCH_MNT/tmpdir
> + if $XFS_IO_PROG -c set_encpolicy $SCRATCH_MNT/tmpdir \
> + 2>&1 >>$seqres.full | \
> + egrep -q 'Inappropriate ioctl for device|Operation not supported'
> + then
> + _notrun "kernel does not support $FSTYP encryption"
> + fi
> + rmdir $SCRATCH_MNT/tmpdir
> + _scratch_unmount
> +}
> +
> +_scratch_mkfs_encrypted()
> +{
> + _scratch_mkfs -O encrypt
Do case switch based on FSTYP (like what you do in v1 patch), just don't
override MKFS_OPTIONS as Dave pointed out.
_scratch_mkfs_encrypted()
{
case $FSTYP in
ext4|f2fs)
_scratch_mkfs -O encrypt
;;
*)
_notrun "No encryption support for $FSTYP"
;;
esac
}
> +
> +# Give the invoking shell a new session keyring. This makes any keys we add to
> +# the session keyring scoped to the lifetime of the test script.
> +_new_session_keyring()
> +{
> + $KEYCTL_PROG new_session >>$seqres.full
> +}
> +
> +#
> +# Generate a random encryption key, add it to the session keyring, and print out
> +# the resulting key descriptor (example: "8bf798e1a494e1ec"). Requires the
> +# keyctl program. It's assumed the caller has already set up a test-scoped
> +# session keyring using _new_session_keyring.
> +#
> +_generate_encryption_key()
> +{
> + # Generate a key descriptor (16 character hex string)
> + local keydesc=""
> + for ((i = 0; i < 8; i++)); do
> + keydesc="${keydesc}$(printf "%02x" $(( $RANDOM % 256 )))"
> + done
> +
> + # Generate the actual encryption key (64 bytes)
> + local raw=""
> + for ((i = 0; i < 64; i++)); do
> + raw="${raw}\\x$(printf "%02x" $(( $RANDOM % 256 )))"
> + done
> +
> + #
> + # Add the key to the session keyring. The required structure is:
> + #
> + # #define FS_MAX_KEY_SIZE 64
> + # struct fscrypt_key {
> + # u32 mode;
> + # u8 raw[FS_MAX_KEY_SIZE];
> + # u32 size;
> + # } __packed;
> + #
> + # The kernel ignores 'mode' but requires that 'size' be 64.
> + #
> + # Keys are named $FSTYP:KEYDESC where KEYDESC is the 16-character key
> + # descriptor hex string. Newer kernels (ext4 4.8 and later, f2fs 4.6
> + # and later) also allow the common key prefix "fscrypt:" in addition to
> + # their filesystem-specific key prefix ("ext4:", "f2fs:"). It would be
> + # nice to use the common key prefix, but for now use the filesystem-
> + # specific prefix to make it possible to test older kernels...
> + #
> + local big_endian=$(echo -ne '\x11' | od -tx2 | head -1 | \
> + cut -f2 -d' ' | cut -c1 )
> + if (( big_endian )); then
> + local mode='\x00\x00\x00\x00'
> + local size='\x00\x00\x00\x40'
> + else
> + local mode='\x00\x00\x00\x00'
> + local size='\x40\x00\x00\x00'
> + fi
> + echo -n -e "${mode}${raw}${size}" |
> + $KEYCTL_PROG padd logon $FSTYP:$keydesc @s >>$seqres.full
> + echo $keydesc
> +}
> +
> +# Unlink an encryption key from the session keyring, given its key descriptor.
> +_unlink_encryption_key()
> +{
> + local keydesc=$1
> + local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc)
> + $KEYCTL_PROG unlink $keyid >>$seqres.full
> +}
> --
> 2.8.0.rc3.226.g39d4020
>
> --
> To unsubscribe from this list: send the line "unsubscribe fstests" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe fstests" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
