diff mbox series

[RFC,v3,2/9] common/encrypt: add btrfs to get_encryption_*nonce

Message ID dd7c1bbeb443fbb6d0836fe2b5be394c991dc4d0.1691530000.git.sweettea-kernel@dorminy.me (mailing list archive)
State New, archived
Headers show
Series fstests: add btrfs encryption testing | expand

Commit Message

Sweet Tea Dorminy Aug. 8, 2023, 5:21 p.m. UTC
Add the modes of getting the encryption nonces, either inode or extent,
to the various get_encryption_nonce functions. For now, no encrypt test
makes a file with more than one extent, so we can just grab the first
extent's nonce for the data nonce; when we write a bigger file test,
we'll need to change that.

Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
 common/encrypt    | 31 +++++++++++++++++++++++++++++++
 tests/generic/613 |  4 ++++
 2 files changed, 35 insertions(+)

Comments

Anand Jain Oct. 2, 2023, 11:22 a.m. UTC | #1
On 09/08/2023 01:21, Sweet Tea Dorminy wrote:
> Add the modes of getting the encryption nonces, either inode or extent,
> to the various get_encryption_nonce functions. For now, no encrypt test
> makes a file with more than one extent, so we can just grab the first
> extent's nonce for the data nonce; when we write a bigger file test,
> we'll need to change that.
> 
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> ---
>   common/encrypt    | 31 +++++++++++++++++++++++++++++++
>   tests/generic/613 |  4 ++++
>   2 files changed, 35 insertions(+)
> 
> diff --git a/common/encrypt b/common/encrypt
> index 04b6e5ac..fc1c8cc7 100644
> --- a/common/encrypt
> +++ b/common/encrypt
> @@ -531,6 +531,17 @@ _get_encryption_file_nonce()
>   				found = 0;
>   			}'
>   		;;
> +	btrfs)
> +		# Retrieve the fscrypt context for an inode as a hex string.
> +		# btrfs prints these like:
> +		#        item 14 key ($inode FSCRYPT_CTXT_ITEM 0) itemoff 15491 itemsize 40
> +		#                value: 02010400000000008fabf3dd745d41856e812458cd765bf0140f41d62853f4c0351837daff4dcc8f
> +
> +		$BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
> +			grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \
> +			grep --only-matching 'value: [[:xdigit:]]\+' | \
> +			tr -d ' \n' | tail -c 32
> +		;;
>   	*)
>   		_fail "_get_encryption_file_nonce() isn't implemented on $FSTYP"
>   		;;
> @@ -550,6 +561,23 @@ _get_encryption_data_nonce()
>   	ext4|f2fs)
>   		_get_encryption_file_nonce $device $inode
>   		;;
> +	btrfs)
> +		# Retrieve the encryption IV of the first file extent in an inode as a hex
> +		# string. btrfs prints the file extents (for simple unshared
> +		# inodes) like:
> +		#         item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69
> +		#                generation 7 type 1 (regular)
> +                #		 extent data disk byte 5304320 nr 1048576
> +                #		 extent data offset 0 nr 1048576 ram 1048576
> +                #		 extent compression 0 (none)
> +                #		 extent encryption 161 ((1, 40: context 0201040200000000116a77667261d7422a4b1ed8c427e685edb7a0d370d0c9d40030333033333330))

   Mixed indentation.

  another nit to consider fixing if sending a reroll.

Thanks, Anand

> +
> +
> +		$BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
> +			grep -A 5 "key ($inode EXTENT_DATA 0)" | \
> +			grep --only-matching 'context [[:xdigit:]]\+' | \
> +			tr -d ' \n' | tail -c 32
> +		;;
>   	*)
>   		_fail "_get_encryption_data_nonce() isn't implemented on $FSTYP"
>   		;;
> @@ -572,6 +600,9 @@ _require_get_encryption_nonce_support()
>   		# Otherwise the xattr is incorrectly parsed as v1.  But just let
>   		# the test fail in that case, as it was an f2fs-tools bug...
>   		;;
> +	btrfs)
> +		_require_command "$BTRFS_UTIL_PROG" btrfs
> +		;;
>   	*)
>   		_notrun "_get_encryption_*nonce() isn't implemented on $FSTYP"
>   		;;
> diff --git a/tests/generic/613 b/tests/generic/613
> index 47c60e9c..279b1bfb 100755
> --- a/tests/generic/613
> +++ b/tests/generic/613
> @@ -69,6 +69,10 @@ echo -n > $tmp.nonces_hex
>   echo -n > $tmp.nonces_bin
>   for inode in "${inodes[@]}"; do
>   	nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode)
> +	if [ "$FSTYP" == "btrfs" ] && [ "$nonce" == "" ]
> +	then
> +		nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $inode)
> +	fi
>   	if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ]
>   	then
>   		_fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\""
diff mbox series

Patch

diff --git a/common/encrypt b/common/encrypt
index 04b6e5ac..fc1c8cc7 100644
--- a/common/encrypt
+++ b/common/encrypt
@@ -531,6 +531,17 @@  _get_encryption_file_nonce()
 				found = 0;
 			}'
 		;;
+	btrfs)
+		# Retrieve the fscrypt context for an inode as a hex string.
+		# btrfs prints these like:
+		#        item 14 key ($inode FSCRYPT_CTXT_ITEM 0) itemoff 15491 itemsize 40
+		#                value: 02010400000000008fabf3dd745d41856e812458cd765bf0140f41d62853f4c0351837daff4dcc8f
+
+		$BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+			grep -A 1 "key ($inode FSCRYPT_CTXT_ITEM 0)" | \
+			grep --only-matching 'value: [[:xdigit:]]\+' | \
+			tr -d ' \n' | tail -c 32
+		;;
 	*)
 		_fail "_get_encryption_file_nonce() isn't implemented on $FSTYP"
 		;;
@@ -550,6 +561,23 @@  _get_encryption_data_nonce()
 	ext4|f2fs)
 		_get_encryption_file_nonce $device $inode
 		;;
+	btrfs)
+		# Retrieve the encryption IV of the first file extent in an inode as a hex
+		# string. btrfs prints the file extents (for simple unshared
+		# inodes) like:
+		#         item 21 key ($inode EXTENT_DATA 0) itemoff 2534 itemsize 69
+		#                generation 7 type 1 (regular)
+                #		 extent data disk byte 5304320 nr 1048576
+                #		 extent data offset 0 nr 1048576 ram 1048576
+                #		 extent compression 0 (none)
+                #		 extent encryption 161 ((1, 40: context 0201040200000000116a77667261d7422a4b1ed8c427e685edb7a0d370d0c9d40030333033333330))
+
+
+		$BTRFS_UTIL_PROG inspect-internal dump-tree $device | \
+			grep -A 5 "key ($inode EXTENT_DATA 0)" | \
+			grep --only-matching 'context [[:xdigit:]]\+' | \
+			tr -d ' \n' | tail -c 32
+		;;
 	*)
 		_fail "_get_encryption_data_nonce() isn't implemented on $FSTYP"
 		;;
@@ -572,6 +600,9 @@  _require_get_encryption_nonce_support()
 		# Otherwise the xattr is incorrectly parsed as v1.  But just let
 		# the test fail in that case, as it was an f2fs-tools bug...
 		;;
+	btrfs)
+		_require_command "$BTRFS_UTIL_PROG" btrfs
+		;;
 	*)
 		_notrun "_get_encryption_*nonce() isn't implemented on $FSTYP"
 		;;
diff --git a/tests/generic/613 b/tests/generic/613
index 47c60e9c..279b1bfb 100755
--- a/tests/generic/613
+++ b/tests/generic/613
@@ -69,6 +69,10 @@  echo -n > $tmp.nonces_hex
 echo -n > $tmp.nonces_bin
 for inode in "${inodes[@]}"; do
 	nonce=$(_get_encryption_data_nonce $SCRATCH_DEV $inode)
+	if [ "$FSTYP" == "btrfs" ] && [ "$nonce" == "" ]
+	then
+		nonce=$(_get_encryption_file_nonce $SCRATCH_DEV $inode)
+	fi
 	if (( ${#nonce} != 32 )) || [ -n "$(echo "$nonce" | tr -d 0-9a-fA-F)" ]
 	then
 		_fail "Expected nonce for inode $inode to be 16 bytes (32 hex characters), but got \"$nonce\""