Message ID | dd7c1bbeb443fbb6d0836fe2b5be394c991dc4d0.1691530000.git.sweettea-kernel@dorminy.me (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | fstests: add btrfs encryption testing | expand |
On 09/08/2023 01:21, Sweet Tea Dorminy wrote: > Add the modes of getting the encryption nonces, either inode or extent, > to the various get_encryption_nonce functions. For now, no encrypt test > makes a file with more than one extent, so we can just grab the first > extent's nonce for the data nonce; when we write a bigger file test, > we'll need to change that. > > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me> > --- > common/encrypt | 31 +++++++++++++++++++++++++++++++ > tests/generic/613 | 4 ++++ > 2 files changed, 35 insertions(+) > > diff --git a/common/encrypt b/common/encrypt > index 04b6e5ac..fc1c8cc7 100644 > --- a/common/encrypt > +++ b/common/encrypt > @@ -531,6 +531,17 @@ _get_encryption_file_nonce() > found = 0; > }' > ;; > + btrfs) > + # Retrieve the fscrypt context for an inode as a hex string. > + # btrfs prints these like: > + # item 14 key ($inode FSCRYPT_CTXT_ITEM 0) itemoff 15491 itemsize 40 > + # value: 02010400000000008fabf3dd745d41856e812458cd765bf0140f41d62853f4c0351837daff4dcc8f > + > + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \ > + grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \ > + grep --only-matching 'value: [[:xdigit:]]\+' | \ > + tr -d ' \n' | tail -c 32 > + ;; > *) > _fail "_get_encryption_file_nonce() isn't implemented on $FSTYP" > ;; > @@ -550,6 +561,23 @@ _get_encryption_data_nonce() > ext4|f2fs) > _get_encryption_file_nonce $device $inode > ;; > + btrfs) > + # Retrieve the encryption IV of the first file extent in an inode as a hex > + # string. btrfs prints the file extents (for simple unshared > + # inodes) like: > + # item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69 > + # generation 7 type 1 (regular) > + # extent data disk byte 5304320 nr 1048576 > + # extent data offset 0 nr 1048576 ram 1048576 > + # extent compression 0 (none) > + # extent encryption 161 ((1, 40: context 0201040200000000116a77667261d7422a4b1ed8c427e685edb7a0d370d0c9d40030333033333330)) Mixed indentation. another nit to consider fixing if sending a reroll. Thanks, Anand > + > + > + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \ > + grep -A 5 "key ($inode EXTENT_DATA 0)" | \ > + grep --only-matching 'context [[:xdigit:]]\+' | \ > + tr -d ' \n' | tail -c 32 > + ;; > *) > _fail "_get_encryption_data_nonce() isn't implemented on $FSTYP" > ;; > @@ -572,6 +600,9 @@ _require_get_encryption_nonce_support() > # Otherwise the xattr is incorrectly parsed as v1. But just let > # the test fail in that case, as it was an f2fs-tools bug... > ;; > + btrfs) > + _require_command "$BTRFS_UTIL_PROG" btrfs > + ;; > *) > _notrun "_get_encryption_*nonce() isn't implemented on $FSTYP" > ;; > diff --git a/tests/generic/613 b/tests/generic/613 > index 47c60e9c..279b1bfb 100755 > --- a/tests/generic/613 > +++ b/tests/generic/613 > @@ -69,6 +69,10 @@ echo -n > $tmp.nonces_hex > echo -n > $tmp.nonces_bin > for inode in "${inodes[@]}"; do > nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode) > + if [ "$FSTYP" == "btrfs" ] && [ "$nonce" == "" ] > + then > + nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $inode) > + fi > if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ] > then > _fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\""
diff --git a/common/encrypt b/common/encrypt index 04b6e5ac..fc1c8cc7 100644 --- a/common/encrypt +++ b/common/encrypt @@ -531,6 +531,17 @@ _get_encryption_file_nonce() found = 0; }' ;; + btrfs) + # Retrieve the fscrypt context for an inode as a hex string. + # btrfs prints these like: + # item 14 key ($inode FSCRYPT_CTXT_ITEM 0) itemoff 15491 itemsize 40 + # value: 02010400000000008fabf3dd745d41856e812458cd765bf0140f41d62853f4c0351837daff4dcc8f + + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \ + grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \ + grep --only-matching 'value: [[:xdigit:]]\+' | \ + tr -d ' \n' | tail -c 32 + ;; *) _fail "_get_encryption_file_nonce() isn't implemented on $FSTYP" ;; @@ -550,6 +561,23 @@ _get_encryption_data_nonce() ext4|f2fs) _get_encryption_file_nonce $device $inode ;; + btrfs) + # Retrieve the encryption IV of the first file extent in an inode as a hex + # string. btrfs prints the file extents (for simple unshared + # inodes) like: + # item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69 + # generation 7 type 1 (regular) + # extent data disk byte 5304320 nr 1048576 + # extent data offset 0 nr 1048576 ram 1048576 + # extent compression 0 (none) + # extent encryption 161 ((1, 40: context 0201040200000000116a77667261d7422a4b1ed8c427e685edb7a0d370d0c9d40030333033333330)) + + + $BTRFS_UTIL_PROG inspect-internal dump-tree $device | \ + grep -A 5 "key ($inode EXTENT_DATA 0)" | \ + grep --only-matching 'context [[:xdigit:]]\+' | \ + tr -d ' \n' | tail -c 32 + ;; *) _fail "_get_encryption_data_nonce() isn't implemented on $FSTYP" ;; @@ -572,6 +600,9 @@ _require_get_encryption_nonce_support() # Otherwise the xattr is incorrectly parsed as v1. But just let # the test fail in that case, as it was an f2fs-tools bug... ;; + btrfs) + _require_command "$BTRFS_UTIL_PROG" btrfs + ;; *) _notrun "_get_encryption_*nonce() isn't implemented on $FSTYP" ;; diff --git a/tests/generic/613 b/tests/generic/613 index 47c60e9c..279b1bfb 100755 --- a/tests/generic/613 +++ b/tests/generic/613 @@ -69,6 +69,10 @@ echo -n > $tmp.nonces_hex echo -n > $tmp.nonces_bin for inode in "${inodes[@]}"; do nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode) + if [ "$FSTYP" == "btrfs" ] && [ "$nonce" == "" ] + then + nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $inode) + fi if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ] then _fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\""
Add the modes of getting the encryption nonces, either inode or extent, to the various get_encryption_nonce functions. For now, no encrypt test makes a file with more than one extent, so we can just grab the first extent's nonce for the data nonce; when we write a bigger file test, we'll need to change that. Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me> --- common/encrypt | 31 +++++++++++++++++++++++++++++++ tests/generic/613 | 4 ++++ 2 files changed, 35 insertions(+)