From patchwork Thu Nov 17 19:47:05 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9435255 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 626AF60471 for ; Thu, 17 Nov 2016 19:48:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4C59F296B1 for ; Thu, 17 Nov 2016 19:48:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3EFEA296B7; Thu, 17 Nov 2016 19:48:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 84764296B1 for ; Thu, 17 Nov 2016 19:48:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753626AbcKQTse (ORCPT ); Thu, 17 Nov 2016 14:48:34 -0500 Received: from mail-pg0-f49.google.com ([74.125.83.49]:34556 "EHLO mail-pg0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750794AbcKQTsb (ORCPT ); Thu, 17 Nov 2016 14:48:31 -0500 Received: by mail-pg0-f49.google.com with SMTP id x23so91675664pgx.1 for ; Thu, 17 Nov 2016 11:48:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VWopRvGzooxadGOMx6erB43d3/A8QVtVyaBlrkXaNHk=; b=Gcv4cPaJyrNtifQ/TuCVg8p2NcWcDz/AtPrX3MHxKlh0RLvgwxbz57pO2YbW6AKVYK Ood93XuUBznGaru/UbyLhYq+vyeVPkET32mi7JAa1JX2cv5fqSnNXgTrhyWoZ23s/6+P EjxOR1zaJztt01Z0PWDwrxzeZnGRxsp80F+dVYxZ/PPlrQoo8q6rcpQjaA3+2L6KQ1Dr JX2OglSaYEfIMP3Nrr6ueUf0oBMvH3XAmbu+xER5AS8VazbOKDVudq48sFAEjTjnfnT4 CTJEzu9AGymUUVn/5DiCCyLZ+rpXwHqgFS3M71fl8xzIZ2oqjfdEgKGiZImwYtyFxGxp 9EJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VWopRvGzooxadGOMx6erB43d3/A8QVtVyaBlrkXaNHk=; b=SWCvuO+7GNyPfWP6bcesy789ev58GI1YxwYo8pWiGh+kfMFZxJGWh+BsCzw25GZg3M fZwXOfxXRysucBfw5RtpheRSF+80v9Mw/bQGI9cP3O5rY6VKoaOHmHc4/zNsW5FH4Z19 Q85aUin8dM32FMAzOiAax7iMGYneBxSfXzpWQUMfxylX1Nnxhj997ZYWrumD93lacgJm G976IB+PSAdjJsGgOh3AVW4yKIilGsDpQQNU0aejxwt5goEZQ1ulYsE9tRVCqMsY5KQs q772OTCulOebEOnXt/PdQxRzUOtX5/uaEh6FZ67nO0ryaF7Kp+KBM9zGO1QAmWrLaOh2 IBfA== X-Gm-Message-State: ABUngvcaqpQgk4t77mNabQEiaLnkE7Ue+Q471FQWGdHpvwkgTg9k+tXnCyG1Jfc4cL5sTfz0 X-Received: by 10.99.149.90 with SMTP id t26mr10737347pgn.29.1479412110701; Thu, 17 Nov 2016 11:48:30 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.154]) by smtp.gmail.com with ESMTPSA id l7sm10163665pfg.35.2016.11.17.11.48.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 17 Nov 2016 11:48:29 -0800 (PST) From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs@vger.kernel.org, "Theodore Y . Ts'o" , Jaegeuk Kim , Richard Weinberger , David Gstir , Eric Biggers Subject: [PATCH 2/4] generic: test setting and getting encryption policies Date: Thu, 17 Nov 2016 11:47:05 -0800 Message-Id: <1479412027-34416-3-git-send-email-ebiggers@google.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1479412027-34416-1-git-send-email-ebiggers@google.com> References: <1479412027-34416-1-git-send-email-ebiggers@google.com> Sender: fstests-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: fstests@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Several kernel bugs were recently fixed regarding the constraints for setting encryption policies. Add tests for these cases and a few more. Signed-off-by: Eric Biggers --- src/fscrypt_util.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++ tests/generic/400 | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++ tests/generic/400.out | 24 ++++++++++++++ tests/generic/group | 1 + 4 files changed, 195 insertions(+) create mode 100755 tests/generic/400 create mode 100644 tests/generic/400.out diff --git a/src/fscrypt_util.c b/src/fscrypt_util.c index de63667..9428cb4 100644 --- a/src/fscrypt_util.c +++ b/src/fscrypt_util.c @@ -96,6 +96,7 @@ usage(void) " fscrypt_util gen_key\n" " fscrypt_util rm_key KEYDESC\n" " fscrypt_util set_policy KEYDESC DIR\n" +" fscrypt_util test_ioctl_validation DIR\n" ); exit(2); } @@ -276,6 +277,86 @@ static int set_policy(int argc, char **argv) return 0; } +/* + * Test that the kernel does basic validation of the arguments to + * FS_IOC_SET_ENCRYPTION_POLICY and FS_IOC_GET_ENCRYPTION_POLICY. + */ +static int test_ioctl_validation(int argc, char **argv) +{ + const char *dir; + int fd; + struct fscrypt_policy policy; + + if (argc != 1) + usage(); + dir = argv[0]; + + fd = open(dir, O_RDONLY); + if (fd < 0) + die_errno("%s: Unable to open", dir); + + /* trying to get encryption policy for unencrypted file */ + if (ioctl(fd, FS_IOC_GET_ENCRYPTION_POLICY, NULL) != -1 || + (errno != ENODATA && errno != ENOENT)) { + die("expected FS_IOC_GET_ENCRYPTION_POLICY to fail with " + "ENODATA or ENOENT when unencrypted file specified"); + } + + /* invalid pointer */ + if (ioctl(fd, FS_IOC_SET_ENCRYPTION_POLICY, NULL) != -1 || + errno != EFAULT) { + die("expected FS_IOC_SET_ENCRYPTION_POLICY to fail with " + "EFAULT when invalid pointer specified"); + } + + /* invalid flags */ + init_policy_default(&policy); + policy.flags = 0xFF; + if (ioctl(fd, FS_IOC_SET_ENCRYPTION_POLICY, &policy) != -1 || + errno != EINVAL) { + die("expected FS_IOC_SET_ENCRYPTION_POLICY to fail with " + "EINVAL when invalid flags specified"); + } + + /* invalid encryption modes */ + init_policy_default(&policy); + policy.contents_encryption_mode = 0xFF; + policy.filenames_encryption_mode = 0xFF; + if (ioctl(fd, FS_IOC_SET_ENCRYPTION_POLICY, &policy) != -1 || + errno != EINVAL) { + die("expected FS_IOC_SET_ENCRYPTION_POLICY to fail with " + "EINVAL when invalid encryption modes specified"); + } + + /* invalid policy version */ + init_policy_default(&policy); + policy.version = 0xFF; + if (ioctl(fd, FS_IOC_SET_ENCRYPTION_POLICY, &policy) != -1 || + errno != EINVAL) { + die("expected FS_IOC_SET_ENCRYPTION_POLICY to fail with " + "EINVAL when invalid policy version specified"); + } + + /* success case */ + init_policy_default(&policy); + if (ioctl(fd, FS_IOC_SET_ENCRYPTION_POLICY, &policy) != 0) + die_errno("expected FS_IOC_SET_ENCRYPTION_POLICY to succeed"); + + verify_policy(dir, fd, &policy); + + /* invalid pointer (get) */ + if (ioctl(fd, FS_IOC_GET_ENCRYPTION_POLICY, NULL) != -1 || + errno != EFAULT) { + die("expected FS_IOC_GET_ENCRYPTION_POLICY to fail with " + "EFAULT when invalid pointer specified"); + } + + close(fd); + + printf("%s: test_ioctl_validation passed\n", dir); + return 0; +} + static const struct command { const char *name; int (*func)(int, char **); @@ -283,6 +364,7 @@ static const struct command { {"gen_key", gen_key}, {"rm_key", rm_key}, {"set_policy", set_policy}, + {"test_ioctl_validation", test_ioctl_validation}, {NULL, NULL} }; diff --git a/tests/generic/400 b/tests/generic/400 new file mode 100755 index 0000000..b077612 --- /dev/null +++ b/tests/generic/400 @@ -0,0 +1,88 @@ +#!/bin/bash +# FS QA Test generic/400 +# +# Test setting and getting encryption policies. +# +# This test only exercises the ioctls; it does not set up encryption keys. +# +#----------------------------------------------------------------------- +# Copyright (C) 2016 Google, Inc. +# +# Author: Eric Biggers +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +#----------------------------------------------------------------------- + +seq=`basename $0` +seqres=$RESULT_DIR/$seq +here=`pwd` +echo "QA output created by $seq" + +. ./common/encrypt + +_require_user +_begin_encryption_test + +cd $SCRATCH_MNT + +# Should be able to set an encryption policy on an empty directory +echo -e "\n*** Setting encryption policy on empty directory ***" +mkdir empty_dir +$FSCRYPT_UTIL set_policy 0000111122223333 empty_dir + +# Should be able to set the same policy again, but not a different one +echo -e "\n*** Setting same encryption policy again ***" +$FSCRYPT_UTIL set_policy 0000111122223333 empty_dir +$FSCRYPT_UTIL set_policy 4444555566667777 empty_dir + +# Should *not* be able to set an encryption policy on a nonempty directory +echo -e "\n*** Setting encryption policy on nonempty directory ***" +mkdir nonempty_dir +touch nonempty_dir/file +$FSCRYPT_UTIL set_policy 0000111122223333 nonempty_dir + +# Should *not* be able to set an encryption policy on a nondirectory file, even +# an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting +# encryption policy on directories". +echo -e "\n*** Setting encryption policy on nondirectory ***" +touch nondirectory +$FSCRYPT_UTIL set_policy 0000111122223333 nondirectory + +# Should *not* be able to set an encryption policy on another user's directory. +# Regression test for 163ae1c6ad62: "fscrypto: add authorization check for +# setting encryption policy". +echo -e "\n*** Setting encryption policy on another user's directory ***" +mkdir unauthorized_dir +su $qa_user -c "$FSCRYPT_UTIL set_policy 0000111122223333 unauthorized_dir" + +# Should *not* be able to set an encryption policy on a directory on a +# filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto: +# require write access to mount to set encryption policy". Test both a regular +# readonly filesystem and a read-write filesystem remounted with "ro,bind", +# which creates a readonly mount for a read-write filesystem. +echo -e "\n*** Setting encryption policy on readonly filesystem ***" +mkdir readonly_mnt_dir +_scratch_mount -o ro,remount +$FSCRYPT_UTIL set_policy 0000111122223333 readonly_mnt_dir +_scratch_mount -o rw,remount +_scratch_mount -o remount,ro,bind +$FSCRYPT_UTIL set_policy 0000111122223333 readonly_mnt_dir +_scratch_mount -o rw,remount + +# Test basic validation of set_policy / get_policy ioctl arguments +echo -e "\n*** ioctl validation ***" +mkdir validation_dir +$FSCRYPT_UTIL test_ioctl_validation validation_dir + +exit 0 diff --git a/tests/generic/400.out b/tests/generic/400.out new file mode 100644 index 0000000..dbae79d --- /dev/null +++ b/tests/generic/400.out @@ -0,0 +1,24 @@ +QA output created by 400 + +*** Setting encryption policy on empty directory *** +empty_dir: Successfully assigned encryption key 0000111122223333 + +*** Setting same encryption policy again *** +empty_dir: Successfully assigned encryption key 0000111122223333 +empty_dir: Unable to set encryption policy: Invalid argument + +*** Setting encryption policy on nonempty directory *** +nonempty_dir: Unable to set encryption policy: Directory not empty + +*** Setting encryption policy on nondirectory *** +nondirectory: Unable to set encryption policy: Invalid argument + +*** Setting encryption policy on another user's directory *** +unauthorized_dir: Unable to set encryption policy: Permission denied + +*** Setting encryption policy on readonly filesystem *** +readonly_mnt_dir: Unable to set encryption policy: Read-only file system +readonly_mnt_dir: Unable to set encryption policy: Read-only file system + +*** ioctl validation *** +validation_dir: test_ioctl_validation passed diff --git a/tests/generic/group b/tests/generic/group index 08007d7..cf89f06 100644 --- a/tests/generic/group +++ b/tests/generic/group @@ -392,3 +392,4 @@ 387 auto clone 388 auto log metadata 389 auto quick acl +400 auto quick encrypt