apfs/apfstests
0
0
Fork 0
mirror of https://github.com/linux-apfs/apfstests.git synced 2026-05-01 15:01:44 -07:00
Code Issues Packages Projects Releases Wiki Activity

generic: test revalidation of encrypted dentries

Browse Source 
Add a test which verifies that dentries in an encrypted directory
are invalidated when an encryption key is added --- which should
cause the plaintext filenames to be visible and accessible,
replacing the encoded ciphertext filenames and any negative dentries
for the plaintext names.  This primarily tests for a bug which was
fixed in the v4.5 kernel, plus a v4.6 fix for incorrect RCU usage in
the earlier fix.

Cc: linux-fscrypt@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
This commit is contained in:
Eric Biggers
2017-05-04 14:55:48 -07:00
committed by Eryu Guan
parent 54ac0dd308
commit 52f9ebbda9
7 changed files with 349 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
common/encrypt
+33 -9
View File
@@ -84,25 +84,34 @@ _new_session_keyring()
$KEYCTL_PROG new_session >>$seqres.full
}
#
# Generate a random encryption key, add it to the session keyring, and print out
# the resulting key descriptor (example: "8bf798e1a494e1ec"). Requires the
# keyctl program. It's assumed the caller has already set up a test-scoped
# session keyring using _new_session_keyring.
#
_generate_encryption_key()
# Generate a key descriptor (16 character hex string)
_generate_key_descriptor()
{
# Generate a key descriptor (16 character hex string)
local keydesc=""
local i
for ((i = 0; i < 8; i++)); do
keydesc="${keydesc}$(printf "%02x" $(( $RANDOM % 256 )))"
done
echo $keydesc
}
# Generate the actual encryption key (64 bytes)
# Generate a raw encryption key, but don't add it to the keyring yet.
_generate_raw_encryption_key()
{
local raw=""
local i
for ((i = 0; i < 64; i++)); do
raw="${raw}\\x$(printf "%02x" $(( $RANDOM % 256 )))"
done
echo $raw
}
# Add the specified raw encryption key to the session keyring, using the
# specified key descriptor.
_add_encryption_key()
{
local keydesc=$1
local raw=$2
#
# Add the key to the session keyring. The required structure is:
@@ -134,6 +143,21 @@ _generate_encryption_key()
fi
echo -n -e "${mode}${raw}${size}" |
$KEYCTL_PROG padd logon $FSTYP:$keydesc @s >>$seqres.full
}
#
# Generate a random encryption key, add it to the session keyring, and print out
# the resulting key descriptor (example: "8bf798e1a494e1ec"). Requires the
# keyctl program. It's assumed the caller has already set up a test-scoped
# session keyring using _new_session_keyring.
#
_generate_encryption_key()
{
local keydesc=$(_generate_key_descriptor)
local raw=$(_generate_raw_encryption_key)
_add_encryption_key $keydesc $raw
echo $keydesc
}