@@ -89,7 +89,7 @@ _require_encryption_policy_support()
mkdir $dir
_require_command "$KEYCTL_PROG" keyctl
_new_session_keyring
- local keydesc=$(_generate_encryption_key)
+ local keydesc=$(_generate_session_encryption_key)
if _set_encpolicy $dir $keydesc $set_encpolicy_args \
2>&1 >>$seqres.full | egrep -q 'Invalid argument'; then
_notrun "kernel does not support encryption policy: '$set_encpolicy_args'"
@@ -153,7 +153,7 @@ _generate_key_descriptor()
echo $keydesc
}
-# Generate a raw encryption key, but don't add it to the keyring yet.
+# Generate a raw encryption key, but don't add it to any keyring yet.
_generate_raw_encryption_key()
{
local raw=""
@@ -166,7 +166,7 @@ _generate_raw_encryption_key()
# Add the specified raw encryption key to the session keyring, using the
# specified key descriptor.
-_add_encryption_key()
+_add_session_encryption_key()
{
local keydesc=$1
local raw=$2
@@ -209,26 +209,26 @@ _add_encryption_key()
# keyctl program. It's assumed the caller has already set up a test-scoped
# session keyring using _new_session_keyring.
#
-_generate_encryption_key()
+_generate_session_encryption_key()
{
local keydesc=$(_generate_key_descriptor)
local raw=$(_generate_raw_encryption_key)
- _add_encryption_key $keydesc $raw
+ _add_session_encryption_key $keydesc $raw
echo $keydesc
}
# Unlink an encryption key from the session keyring, given its key descriptor.
-_unlink_encryption_key()
+_unlink_session_encryption_key()
{
local keydesc=$1
local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc)
$KEYCTL_PROG unlink $keyid >>$seqres.full
}
-# Revoke an encryption key from the keyring, given its key descriptor.
-_revoke_encryption_key()
+# Revoke an encryption key from the session keyring, given its key descriptor.
+_revoke_session_encryption_key()
{
local keydesc=$1
local keyid=$($KEYCTL_PROG search @s logon $FSTYP:$keydesc)
@@ -412,7 +412,7 @@ _require_get_ciphertext_filename_support()
_scratch_mount
_new_session_keyring
- local keydesc=$(_generate_encryption_key)
+ local keydesc=$(_generate_session_encryption_key)
local dir=$SCRATCH_MNT/test.${FUNCNAME[0]}
local file=$dir/$(perl -e 'print "A" x 255')
mkdir $dir
@@ -634,7 +634,7 @@ _verify_ciphertext_for_encryption_policy()
local raw_key=$(_generate_raw_encryption_key)
local keydesc=$(_generate_key_descriptor)
_new_session_keyring
- _add_encryption_key $keydesc $raw_key
+ _add_session_encryption_key $keydesc $raw_key
local raw_key_hex=$(echo "$raw_key" | tr -d '\\x')
echo
@@ -53,7 +53,7 @@ _new_session_keyring
_scratch_mkfs_encrypted &>>$seqres.full
_scratch_mount
mkdir $SCRATCH_MNT/edir
-keydesc=$(_generate_encryption_key)
+keydesc=$(_generate_session_encryption_key)
_set_encpolicy $SCRATCH_MNT/edir $keydesc
echo foo > $SCRATCH_MNT/edir/file
inum=$(stat -c '%i' $SCRATCH_MNT/edir/file)
@@ -45,7 +45,7 @@ _scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
mkdir $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir
-keydesc=$(_generate_encryption_key)
+keydesc=$(_generate_session_encryption_key)
_set_encpolicy $SCRATCH_MNT/edir $keydesc
for dir in $SCRATCH_MNT/edir $SCRATCH_MNT/ref_dir; do
touch $dir/empty > /dev/null
@@ -92,7 +92,7 @@ filter_create_errors()
-e 's/Operation not permitted/Required key not available/'
}
-_unlink_encryption_key $keydesc
+_unlink_session_encryption_key $keydesc
_scratch_cycle_mount
# Check that unencrypted names aren't there
@@ -68,8 +68,8 @@ edir1=$SCRATCH_MNT/edir1
edir2=$SCRATCH_MNT/edir2
udir=$SCRATCH_MNT/udir
mkdir $edir1 $edir2 $udir
-keydesc1=$(_generate_encryption_key)
-keydesc2=$(_generate_encryption_key)
+keydesc1=$(_generate_session_encryption_key)
+keydesc2=$(_generate_session_encryption_key)
_set_encpolicy $edir1 $keydesc1
_set_encpolicy $edir2 $keydesc2
touch $edir1/efile1
@@ -141,8 +141,8 @@ rm $edir1/fifo $edir2/fifo $udir/fifo
# Now test that *without* access to the encrypted key, we cannot use an exchange
# (cross rename) operation to move a forbidden file into an encrypted directory.
-_unlink_encryption_key $keydesc1
-_unlink_encryption_key $keydesc2
+_unlink_session_encryption_key $keydesc1
+_unlink_session_encryption_key $keydesc2
_scratch_cycle_mount
efile1=$(find $edir1 -type f)
efile2=$(find $edir2 -type f)
@@ -61,7 +61,7 @@ dd if=/dev/zero of=$SCRATCH_DEV bs=$((1024 * 1024)) \
_scratch_mkfs_sized_encrypted $fs_size &>> $seqres.full
_scratch_mount
-keydesc=$(_generate_encryption_key)
+keydesc=$(_generate_session_encryption_key)
mkdir $SCRATCH_MNT/encrypted_dir
_set_encpolicy $SCRATCH_MNT/encrypted_dir $keydesc
@@ -127,7 +127,7 @@ done
# memory than the '-9' preset. The memory needed with our settings will be
# 64 * 6.5 = 416 MB; see xz(1).
#
-_unlink_encryption_key $keydesc
+_unlink_session_encryption_key $keydesc
_scratch_unmount
fs_compressed_size=$(head -c $fs_size $SCRATCH_DEV | \
xz --lzma2=dict=64M,mf=hc4,mode=fast,nice=16 | \
@@ -47,11 +47,11 @@ _scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
mkdir $SCRATCH_MNT/edir
-keydesc=$(_generate_encryption_key)
+keydesc=$(_generate_session_encryption_key)
_set_encpolicy $SCRATCH_MNT/edir $keydesc
echo a > $SCRATCH_MNT/edir/a
echo b > $SCRATCH_MNT/edir/b
-_unlink_encryption_key $keydesc
+_unlink_session_encryption_key $keydesc
_scratch_cycle_mount
# Note that because encrypted filenames are unpredictable, this needs to be
@@ -51,7 +51,7 @@ slice=2
# Create an encrypted file and sync its data to disk.
rm -rf $dir
mkdir $dir
-keydesc=$(_generate_encryption_key)
+keydesc=$(_generate_session_encryption_key)
_set_encpolicy $dir $keydesc
$XFS_IO_PROG -f $file -c "pwrite 0 $((nproc*slice))M" -c "fsync" > /dev/null
@@ -71,7 +71,7 @@ done
sleep 1
# Revoke the encryption key.
-keyid=$(_revoke_encryption_key $keydesc)
+keyid=$(_revoke_session_encryption_key $keydesc)
# Now try to open the file again. In buggy kernels this caused concurrent
# readers to crash with a NULL pointer dereference during decryption.
@@ -56,7 +56,7 @@ _new_session_keyring
keydesc=$(_generate_key_descriptor)
raw_key=$(_generate_raw_encryption_key)
mkdir $SCRATCH_MNT/edir
-_add_encryption_key $keydesc $raw_key
+_add_session_encryption_key $keydesc $raw_key
_set_encpolicy $SCRATCH_MNT/edir $keydesc
# Create two files in the directory: one whose name is valid in the base64
@@ -96,7 +96,7 @@ show_directory_with_key()
# the correct number of them are listed by readdir, and save them for later.
echo
echo "***** Without encryption key *****"
-_unlink_encryption_key $keydesc
+_unlink_session_encryption_key $keydesc
_scratch_cycle_mount
echo "--- Directory listing:"
ciphertext_names=( $(find $SCRATCH_MNT/edir -mindepth 1 | sort) )
@@ -109,7 +109,7 @@ show_file_contents
# stale dentries.
echo
echo "***** With encryption key *****"
-_add_encryption_key $keydesc $raw_key
+_add_session_encryption_key $keydesc $raw_key
show_directory_with_key
# Test for ->d_revalidate() race conditions.
@@ -127,7 +127,7 @@ echo "***** After key revocation *****"
exec 3<$SCRATCH_MNT/edir
exec 4<$SCRATCH_MNT/edir/@@@
exec 5<$SCRATCH_MNT/edir/abcd
- _revoke_encryption_key $keydesc
+ _revoke_session_encryption_key $keydesc
show_directory_with_key
)
@@ -50,7 +50,7 @@ _new_session_keyring
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
mkdir $SCRATCH_MNT/edir
-keydesc=$(_generate_encryption_key)
+keydesc=$(_generate_session_encryption_key)
# -f 0x2: zero-pad to 16-byte boundary (i.e. encryption block boundary)
_set_encpolicy $SCRATCH_MNT/edir $keydesc -f 0x2
@@ -66,7 +66,7 @@ _set_encpolicy $SCRATCH_MNT/edir $keydesc -f 0x2
seq -f "$SCRATCH_MNT/edir/abcdefghijklmnopqrstuvwxyz012345%.0f" 100000 | xargs touch
find $SCRATCH_MNT/edir/ -type f | xargs stat -c %i | sort | uniq | wc -l
-_unlink_encryption_key $keydesc
+_unlink_session_encryption_key $keydesc
_scratch_cycle_mount
# Verify that every file has a unique inode number and can be removed without
@@ -46,7 +46,7 @@ _scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
keydesc=$(_generate_key_descriptor)
raw_key=$(_generate_raw_encryption_key)
-_add_encryption_key $keydesc $raw_key
+_add_session_encryption_key $keydesc $raw_key
# Set up an encrypted directory containing a regular file, a subdirectory, and a
# symlink.
@@ -65,7 +65,7 @@ echo
echo "***** Parent has key, but child doesn't *****"
exec 3< $SCRATCH_MNT/edir # pin inode with cached key in memory
ls $SCRATCH_MNT/edir | sort
-_unlink_encryption_key $keydesc
+_unlink_session_encryption_key $keydesc
cat $SCRATCH_MNT/edir/file |& _filter_scratch
ls $SCRATCH_MNT/edir/subdir
cat $SCRATCH_MNT/edir/symlink |& _filter_scratch
@@ -79,14 +79,14 @@ exec 3>&-
# plaintext contents, even though its filename is shown in ciphertext!
echo
echo "***** Child has key, but parent doesn't *****"
-_add_encryption_key $keydesc $raw_key
+_add_session_encryption_key $keydesc $raw_key
mkdir $SCRATCH_MNT/edir2
_set_encpolicy $SCRATCH_MNT/edir2 $keydesc
ln $SCRATCH_MNT/edir/file $SCRATCH_MNT/edir2/link
_scratch_cycle_mount
cat $SCRATCH_MNT/edir2/link
exec 3< $SCRATCH_MNT/edir2/link # pin inode with cached key in memory
-_unlink_encryption_key $keydesc
+_unlink_session_encryption_key $keydesc
stat $SCRATCH_MNT/edir/file |& _filter_scratch
cat "$(find $SCRATCH_MNT/edir/ -type f)"
exec 3>&-
@@ -47,7 +47,7 @@ fsv_file=$edir/file.fsv
# Set up an encrypted directory.
_new_session_keyring
-keydesc=$(_generate_encryption_key)
+keydesc=$(_generate_session_encryption_key)
mkdir $edir
_set_encpolicy $edir $keydesc