From: Eric Biggers <ebiggers@xxxxxxxxxx> Add a test that verifies the on-disk format of encrypted files that use a crypto data unit size that differs from the filesystem block size. This tests the functionality that was introduced by the kernel patch "fscrypt: support crypto data unit size less than filesystem block size" (https://lore.kernel.org/linux-fscrypt/20230925055451.59499-6-ebiggers@xxxxxxxxxx). This depends on an xfsprogs patch that adds the '-s' option to the set_encpolicy command of xfs_io, allowing the new log2_data_unit_size field to be set via a shell script. As usual, the test skips itself when any prerequisite isn't met. Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> --- tests/generic/900 | 27 +++++++++++++++++++++++++++ tests/generic/900.out | 11 +++++++++++ 2 files changed, 38 insertions(+) create mode 100755 tests/generic/900 create mode 100644 tests/generic/900.out diff --git a/tests/generic/900 b/tests/generic/900 new file mode 100755 index 00000000..b18d9f6a --- /dev/null +++ b/tests/generic/900 @@ -0,0 +1,27 @@ +#! /bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright 2023 Google LLC +# +# FS QA Test No. generic/900 +# +# Verify the on-disk format of encrypted files that use a crypto data unit size +# that differs from the filesystem block size. +# +. ./common/preamble +_begin_fstest auto quick encrypt + +. ./common/filter +. ./common/encrypt + +_supported_fs generic + +# For now, just test 512-byte and 1024-byte data units. Filesystems accept +# power-of-2 sizes between 512 and the filesystem block size, inclusively. +# Testing 512 and 1024 ensures this test will run for any FS block size >= 1024 +# (provided that the filesystem supports sub-block data units at all). +_verify_ciphertext_for_encryption_policy AES-256-XTS AES-256-CTS-CBC v2 log2_dusize=9 +_verify_ciphertext_for_encryption_policy AES-256-XTS AES-256-CTS-CBC v2 log2_dusize=10 + +# success, all done +status=0 +exit diff --git a/tests/generic/900.out b/tests/generic/900.out new file mode 100644 index 00000000..3259f08c --- /dev/null +++ b/tests/generic/900.out @@ -0,0 +1,11 @@ +QA output created by 900 + +Verifying ciphertext with parameters: + contents_encryption_mode: AES-256-XTS + filenames_encryption_mode: AES-256-CTS-CBC + options: v2 log2_dusize=9 + +Verifying ciphertext with parameters: + contents_encryption_mode: AES-256-XTS + filenames_encryption_mode: AES-256-CTS-CBC + options: v2 log2_dusize=10 -- 2.42.0