Verify the ciphertext for v2 encryption policies that use the
IV_INO_LBLK_32 flag and that use AES-256-XTS to encrypt file contents
and AES-256-CTS-CBC to encrypt file names.
The IV_INO_LBLK_32 encryption policy flag modifies the IV generation and
key derivation to be optimized for use with inline encryption hardware
that only accepts 32-bit IVs. It is similar to IV_INO_LBLK_64 (which is
tested by generic/592), but it uses a trick to get the IV down to 32
bits. For more information, see kernel commit e3b1078bedd3 ("fscrypt:
add support for IV_INO_LBLK_32 policies").
This test required adding SipHash support to fscrypt-crypt-util.
Running this test requires a kernel containing the above commit, e.g.
the latest mainline (which will become v5.8 and later). For ext4, it
also needs an e2fsprogs version that supports the stable_inodes feature,
e.g. the latest git master branch (which will become v1.46 and later).
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add a test which tests adding a key to a filesystem's fscrypt keyring
via an "fscrypt-provisioning" keyring key. This is an alternative to
the normal method where the raw key is given directly.
For more details, see kernel commit 93edd392cad7 ("fscrypt: support
passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY").
This test depends on an xfs_io patch which adds the '-k' option to the
'add_enckey' command, e.g.:
xfs_io -c "add_enckey -k KEY_ID" MOUNTPOINT
This test is skipped if the needed kernel or xfs_io support is absent.
This has been tested on ext4, f2fs, and ubifs.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
For some encryption tests it's helpful to always use the same key so
that the test's output is always the same.
generic/580 already defines such a key, so move it into common/encrypt
so that other tests can use it too.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Update _verify_ciphertext_for_encryption_policy() to support encryption
policies with the IV_INO_LBLK_64 flag set.
This flag modifies the encryption to include the inode number in the IVs
and to use a key derived from the tuple [master_key, fs_uuid, mode_num].
Since the file nonce is *not* included in this key derivation, multiple
files can use the same key.
This flag is supported by v2 encryption policies only -- not by v1.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Update _verify_ciphertext_for_encryption_policy() to support v2
encryption policies.
This also required adding HKDF-SHA512 support to fscrypt-crypt-util.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Allow passing '-v 2' to _require_scratch_encryption() to check for
v2 encryption policy support on the scratch device, and for xfs_io
support for setting and getting v2 encryption policies.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Wrap the new xfs_io commands 'add_enckey', 'rm_enckey', and
'enckey_status' with helper functions.
Also add _user_do_get_encpolicy(), so that all encryption xfs_io
commands have a _user_do() version.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Rename the helper functions that add/remove keys from the session
keyring, in order to distinguish them from the helper functions I'll
be adding to add/remove keys from the new filesystem-level keyring.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Calling src/<file> without path '$here' may cause the problem that
the file cannot be found.
For example, Running generic/192 with overlayfs(Let ubifs as base
fs) yields the following output:
generic/192 - output mismatch
QA output created by 192
sleep for 5 seconds
test
+./common/rc: line 316: src/t_dir_type: No such file or directory
delta1 is in range
delta2 is in range
...
When the use case fails, the call stack in generic/192 is:
local unknowns=$(src/t_dir_type $dir u | wc -l) common/rc
_supports_filetype common/rc
_overlay_mount common/overlay
_overlay_test_mount common/overlay
_test_mount common/rc
_test_cycle_mount generic/192
Before _test_cycle_mount() being invoked, generic/192 executed 'cd
/' to change work dir from 'xfstests-dev' to '/', so src/t_dir_type
was not found.
[Eryu: some tests run src/<file> as regular user, don't add $here
prefix in such case, as a regular user may have no search permission
on $here]
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
In _require_encryption_policy_support(), when checking whether the
encryption policy is usable, try creating a nonempty file rather
than an empty one. This ensures that both the contents and
filenames encryption modes are available, rather than just the
filenames mode.
On f2fs this makes generic/549 be correctly skipped, rather than
failed, when run on a kernel built from the latest fscrypt.git tree
with CONFIG_CRYPTO_SHA256=n.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Introduce a function _verify_ciphertext_for_encryption_policy() which
verifies the correctness of encryption with the specified settings.
Basically, it does the following:
1. If missing any prerequisites, skip the test.
2. Create files in encrypted directories on the scratch device.
3. Unmount the scratch device and compare the actual ciphertext stored
on-disk to the ciphertext computed by the fscrypt-crypt-util program.
Both file contents and names are verified, and non-default encryption
modes are supported. Previously, non-default encryption modes were
untested by xfstests. Also, while there's an existing test generic/399
that checks that encrypted contents seem random, it doesn't actually
test for correctness, nor does it test filenames encryption.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Update _require_scratch_encryption() to support checking for kernel
support for contents and filenames encryption modes besides the default.
This will be used by some of the ciphertext verification tests.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
For conciseness in tests, add helper functions that wrap the xfs_io
commands 'set_encpolicy' and 'get_encpolicy'. Then update all
encryption tests to use them.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
These have been scripted conversions then cleaned up by hand as
there was no consistency to the formatting of the license headers in
the common/ directory. Author information was also removed (it's in
the git history) and so now the header format is consistently:
##/bin/bash
# SPDX-License-Identifier: GPL-2.0(+)
# Copyright (c) <date> <owner>. All Rights Reserved.
#
# <file description>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Previously _scratch_mount didn't check the mount status and most
tests continue to run even if the mount failed (unless test checks
for the mount status explicitly). This would result in running tests
on the underlying filesystem (usually rootfs) and implicit test
failures, and such failures can be annoying and are usually hard to
debug.
Now _fail test by default if _scratch_mount failed and introduce
_try_scratch_mount for tests that need to check mount results
themselves.
Suggested-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Test case generic/399 hardcodes "-O encrypt" in MKFS_OPTIONS when
calling _scratch_mkfs_sized, which only works with the mkfs of
certain filesystems. Create a new helper,
_scratch_mkfs_sized_encrypted, for handling the differences between
the mkfs tools of different filesystems. It also allows those
filesystems whose mkfs doesn't accept "-O encrypt" to skip the test
gracefully until proper support is added for them in the helper.
ubifs is not supported in the new helper despite supporting
encryption, as _scratch_mkfs_sized has no ubifs support and adding
that should be done in a separate patch.
Signed-off-by: Ari Sundholm <ari@tuxera.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
UBIFS is a filesystem for unmanaged flash memory devices. It works
on top of UBI (Unsorted Block Images) which is a wear leveling and
volume management layer on top of flash memory devices, which are
handled by the MTD subsystem (memory technology device).
Since the semantics of flash devices are drastically different from
regular block devices (blocks or "pages" must be erased before
writing, only larger groups of pages or "erase blocks" can be erased
at once, page write must be in order within an erase block, etc...)
it was decided to expose MTD devices as character devices with
ioctls for operations like erase.
Since erasing a flash erase block causes physical wear on the
device, eventually causing the erase blocks to go bad, the UBI layer
provides mainly transparent wear leveling on top of MTD devices. UBI
does not attempt to emulate a regular block device, but rather
something like a flash memory with idealized characteristics that
can be partitioned into multiple UBI volumes in a fashion somewhat
similar to LVM. UBI volumes are also exposed to user space as
character devices.
This patch mainly deals with some quirks of UBIFS like working on
top of character devices instead of block devices. Also UBIFS
automatically formats UBI devices when trying to mount an empty
device. The mkfs.ubifs program is mainly used for creating images.
This patch changes _scratch_mkfs and _scratch_mkfs_encrypted to
truncate the UBI volume instead, relying on the kernel to reformat
it on the next mount.
For _scratch_mkfs_encrypted this is actually required to get the
encryption tests to run, because mkfs.ubifs, at the time of writing
this, the kernel support for UBIFS encryption is fairly recent and
mkfs.ubifs does not have proper support yet.
The necessity of an additional -ubifs switch was discussed but auto
detection of UBIFS formated UBI devices could not be reproduced on
my end and is unlikely to work with empty UBI volumes anyway.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Add a test which verifies that dentries in an encrypted directory
are invalidated when an encryption key is added --- which should
cause the plaintext filenames to be visible and accessible,
replacing the encoded ciphertext filenames and any negative dentries
for the plaintext names. This primarily tests for a bug which was
fixed in the v4.5 kernel, plus a v4.6 fix for incorrect RCU usage in
the earlier fix.
Cc: linux-fscrypt@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Add a test which revokes a keyring key while other processes are
performing I/O on an encrypted file that was "unlocked" using that key.
The crashes unpatched kernels with filesystem encryption enabled.
This bug was present in kernels v4.2 and later. It has been fixed in
v4.11-rc4, v4.10.7, v4.9.20, and v4.4.59.
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Richard Weinberger <richard@nod.at>
Cc: Michael Halcrow <mhalcrow@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Add utility functions for testing filesystem-level encryption via
the common API currently supported by ext4 and f2fs, in development
for ubifs and planned for xfs. Setting and getting encryption
policies will use new commands being added to xfs_io, while adding
and removing encryption keys will use keyctl.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
Eric Biggers
Zhihao Cheng
Dave Chinner
Eryu Guan
Ari Sundholm
David Oberhollenzer