apfstests/tests/generic/593.out

QA output created by 593

# ==========================
# Test with policy version 1
# ==========================

# Adding key to filesystem
Added encryption key with descriptor 0000111122223333

# Creating encrypted file

# Removing key from filesystem
Removed encryption key with descriptor 0000111122223333
cat: SCRATCH_MNT/dir/file: No such file or directory

# Adding fscrypt-provisioning key

# Adding key to filesystem via fscrypt-provisioning key
Added encryption key with descriptor 0000111122223333

# Reading encrypted file
contents

# Cleaning up

# ==========================
# Test with policy version 2
# ==========================

# Adding key to filesystem
Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751

# Creating encrypted file

# Removing key from filesystem
Removed encryption key with identifier 69b2f6edeee720cce0577937eb8a6751
cat: SCRATCH_MNT/dir/file: No such file or directory

# Adding fscrypt-provisioning key

# Adding key to filesystem via fscrypt-provisioning key
Added encryption key with identifier 69b2f6edeee720cce0577937eb8a6751

# Reading encrypted file
contents

# Cleaning up

# ================
# Validation tests
# ================

# Adding an invalid fscrypt-provisioning key fails
# ... bad type
add_key: Invalid argument
# ... bad type
add_key: Invalid argument
# ... raw key too small
add_key: Invalid argument
# ... raw key too large
add_key: Invalid argument

# keyctl_read() doesn't work on fscrypt-provisioning keys
keyctl_read_alloc: Operation not supported

# Only keys with the correct fscrypt_provisioning_key_payload::type field can be added
# ... keyring key is v1, filesystem wants v2 key
Error adding encryption key: Key was rejected by service
# ... keyring key is v2, filesystem wants v1 key
Error adding encryption key: Key was rejected by service

# Only keys of type fscrypt-provisioning can be added
Error adding encryption key: Key was rejected by service