On Tue, Oct 15, 2019 at 11:16:34AM -0700, Eric Biggers wrote: > Hello, > > This patchset adds xfstests for the new fscrypt functionality that was > merged for 5.4 (https://git.kernel.org/torvalds/c/734d1ed83e1f9b7b), > namely the new ioctls for managing filesystem encryption keys and the > new/updated ioctls for v2 encryption policy support. It also includes > ciphertext verification tests for v2 encryption policies. > > These tests require new xfs_io commands, which are present in the > for-next branch of xfsprogs. They also need a kernel v5.4-rc1 or later. > As is usual for xfstests, the tests will skip themselves if their > prerequisites aren't met. > > Note: currently only ext4, f2fs, and ubifs support encryption. But I > was told previously that since the fscrypt API is generic and may be > supported by XFS in the future, the command-line wrappers for the > fscrypt ioctls should be in xfs_io rather than in xfstests directly > (https://marc.info/?l=fstests&m=147976255831951&w=2). > > This patchset can also be retrieved from tag > "fscrypt-key-mgmt-improvements_2019-10-15" of > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/xfstests-dev.git > > Changes since v2: > > - Updated "common/encrypt: disambiguate session encryption keys" to > rename the new instance of _generate_encryption_key() in generic/576. > > Changes since v1: > > - Addressed comments from Eryu Guan regarding > _require_encryption_policy_support(). > > - In generic/801, handle the fsgqa user having part of their key quota > already consumed before beginning the test, in order to avoid a false > test failure on some systems. > > Eric Biggers (9): > common/encrypt: disambiguate session encryption keys > common/encrypt: add helper functions that wrap new xfs_io commands > common/encrypt: support checking for v2 encryption policy support > common/encrypt: support verifying ciphertext of v2 encryption policies > generic: add basic test for fscrypt API additions > generic: add test for non-root use of fscrypt API additions > generic: verify ciphertext of v2 encryption policies with AES-256 > generic: verify ciphertext of v2 encryption policies with AES-128 > generic: verify ciphertext of v2 encryption policies with Adiantum > Does anyone have any more comments on these tests? - Eric
