diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:49:25 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:49:25 +0000 |
commit | 464df1d5e5ab1322e2dd0a7796939fff1aeefa9a (patch) | |
tree | 6a403684e0978f0287d7f0ec0e5aab1fd31a59e1 /tests/f_bad_encryption | |
parent | Initial commit. (diff) | |
download | e2fsprogs-upstream/1.47.0.tar.xz e2fsprogs-upstream/1.47.0.zip |
Adding upstream version 1.47.0.upstream/1.47.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/f_bad_encryption')
-rw-r--r-- | tests/f_bad_encryption/expect.1 | 125 | ||||
-rw-r--r-- | tests/f_bad_encryption/expect.2 | 7 | ||||
-rw-r--r-- | tests/f_bad_encryption/image.gz | bin | 0 -> 2265 bytes | |||
-rwxr-xr-x | tests/f_bad_encryption/mkimage.sh | 169 | ||||
-rw-r--r-- | tests/f_bad_encryption/name | 1 |
5 files changed, 302 insertions, 0 deletions
diff --git a/tests/f_bad_encryption/expect.1 b/tests/f_bad_encryption/expect.1 new file mode 100644 index 0000000..7027095 --- /dev/null +++ b/tests/f_bad_encryption/expect.1 @@ -0,0 +1,125 @@ +Pass 1: Checking inodes, blocks, and sizes +Inode 17 has encrypt flag but no encryption extended attribute. +Clear flag? yes + +Inode 18 has encrypt flag but no encryption extended attribute. +Clear flag? yes + +Encrypted inode 19 has corrupt encryption extended attribute. +Clear inode? yes + +Encrypted inode 20 has corrupt encryption extended attribute. +Clear inode? yes + +Encrypted inode 21 has corrupt encryption extended attribute. +Clear inode? yes + +Encrypted inode 22 has corrupt encryption extended attribute. +Clear inode? yes + +Pass 2: Checking directory structure +Encrypted entry 'd6M->'M-#I^VM-^KM-F~^WSJ+M-uM-zM-zXM-^' in /edir (12) references unencrypted inode 17. +Clear? yes + +Encrypted entry '\M-!M-Y%DhM-OM-VM-zM-CM-gVM-R3M-^RM-IkE^JM-^S' in /edir (12) references unencrypted inode 18. +Clear? yes + +Entry 'M-{^Qp-M-sM-U7eM-^C^L^PG^ZM-FM-,M-B' in /edir (12) has deleted/unused inode 19. Clear? yes + +Entry 'M-f0M-f3/M-NM-GM-:M-^YM-jM-XM-91DM-^_M-V' in /edir (12) has deleted/unused inode 20. Clear? yes + +Entry '^M-R"M-^K^P7M-'M-EM-C}^MM-yM-^LwM-^N^Z' in /edir (12) has deleted/unused inode 21. Clear? yes + +Entry 'M-s^J_;uIvM-^Z[M-nIM-5vM-^AcM-o' in /edir (12) has deleted/unused inode 22. Clear? yes + +Encrypted entry 'kK=,M-bM-^AM-{M-YM-^J6M-hM-y^XM-^W}M-M' in /edir (12) references unencrypted inode 23. +Clear? yes + +Encrypted entry 'M-VM-cxM-jM-zM-b^WM-o*M-jM-uM-,R^PM-hM-2' in /edir (12) references unencrypted inode 24. +Clear? yes + +Encrypted entry 'UqM-AM-#KM-^PM-_^kM-9P0M-^FM-_^@;A^J"R' in /edir (12) references unencrypted inode 25. +Clear? yes + +Encrypted entry 'M-TM-N8^[M-3M-( M-[A^FR}^ZhkM-^?=M-c^Mo' in /edir (12) references inode 26, which has a different encryption policy. +Clear? yes + +Encrypted entry 'M--aM-^?~M-^\M-u^FM-/!^YM-OZM-^LM-)M-p1' in /edir (12) references inode 27, which has a different encryption policy. +Clear? yes + +Encrypted entry '(M-8RKM-LM-eM-^W^[M-'M-SM-@uM-^VM-|M-GiM-^JbM-nM-z' in /edir (12) references inode 28, which has a different encryption policy. +Clear? yes + +Encrypted entry '\M-ggCeM-/?M-^BM-{(M-^OM-9M-^QQAM-^N=M-c^Mo' in /edir (12) references inode 29, which has a different encryption policy. +Clear? yes + +Pass 3: Checking directory connectivity +Unconnected directory inode 18 (was in /edir) +Connect to /lost+found? yes + +Unconnected directory inode 24 (was in /edir) +Connect to /lost+found? yes + +Unconnected directory inode 27 (was in /edir) +Connect to /lost+found? yes + +Pass 4: Checking reference counts +Unattached inode 17 +Connect to /lost+found? yes + +Inode 17 ref count is 2, should be 1. Fix? yes + +Inode 18 ref count is 3, should be 2. Fix? yes + +Unattached inode 23 +Connect to /lost+found? yes + +Inode 23 ref count is 2, should be 1. Fix? yes + +Inode 24 ref count is 3, should be 2. Fix? yes + +Unattached inode 25 +Connect to /lost+found? yes + +Inode 25 ref count is 2, should be 1. Fix? yes + +Unattached inode 26 +Connect to /lost+found? yes + +Inode 26 ref count is 2, should be 1. Fix? yes + +Inode 27 ref count is 3, should be 2. Fix? yes + +Unattached inode 28 +Connect to /lost+found? yes + +Inode 28 ref count is 2, should be 1. Fix? yes + +Unattached inode 29 +Connect to /lost+found? yes + +Inode 29 ref count is 2, should be 1. Fix? yes + +Pass 5: Checking group summary information +Block bitmap differences: -(25--32) +Fix? yes + +Free blocks count wrong for group #0 (75, counted=83). +Fix? yes + +Free blocks count wrong (75, counted=83). +Fix? yes + +Inode bitmap differences: -(19--22) +Fix? yes + +Free inodes count wrong for group #0 (95, counted=99). +Fix? yes + +Free inodes count wrong (95, counted=99). +Fix? yes + + +test_filesys: ***** FILE SYSTEM WAS MODIFIED ***** +test_filesys: 29/128 files (0.0% non-contiguous), 45/128 blocks +Exit status is 1 diff --git a/tests/f_bad_encryption/expect.2 b/tests/f_bad_encryption/expect.2 new file mode 100644 index 0000000..fcfabdb --- /dev/null +++ b/tests/f_bad_encryption/expect.2 @@ -0,0 +1,7 @@ +Pass 1: Checking inodes, blocks, and sizes +Pass 2: Checking directory structure +Pass 3: Checking directory connectivity +Pass 4: Checking reference counts +Pass 5: Checking group summary information +test_filesys: 29/128 files (0.0% non-contiguous), 45/128 blocks +Exit status is 0 diff --git a/tests/f_bad_encryption/image.gz b/tests/f_bad_encryption/image.gz Binary files differnew file mode 100644 index 0000000..64b59b7 --- /dev/null +++ b/tests/f_bad_encryption/image.gz diff --git a/tests/f_bad_encryption/mkimage.sh b/tests/f_bad_encryption/mkimage.sh new file mode 100755 index 0000000..e58395d --- /dev/null +++ b/tests/f_bad_encryption/mkimage.sh @@ -0,0 +1,169 @@ +#!/bin/bash +# +# This is the script that was used to create the image.gz in this directory. +# +# This requires a patched version of debugfs that understands the "fscrypt." +# xattr name prefix, so that the encryption xattrs can be manipulated. + +set -e -u +umask 0022 + +do_debugfs() { + umount mnt + debugfs -w "$@" image + mount image mnt +} + +create_encrypted_file() { + local file=$1 + local ino + + echo foo > "$file" + + # not needed, but makes image more compressible + ino=$(stat -c %i "$file") + do_debugfs -R "zap_block -f <$ino> 0" +} + +set_encryption_xattr() { + local file=$1 + local value=$2 + local ino + + ino=$(stat -c %i "$file") + do_debugfs -R "ea_set <$ino> fscrypt.c $value" +} + +rm_encryption_xattr() { + local file=$1 + local ino + + ino=$(stat -c %i "$file") + do_debugfs -R "ea_rm <$ino> fscrypt.c" +} + +clear_encrypt_flag() { + local file=$1 + local ino + + ino=$(stat -c %i "$file") + do_debugfs -R "set_inode_field <$ino> flags 0" +} + +clear_encryption() { + local file=$1 + local ino + local is_symlink=false + + if [ -L "$file" ]; then + is_symlink=true + fi + ino=$(stat -c %i "$file") + + do_debugfs -R "ea_rm <$ino> fscrypt.c" + do_debugfs -R "set_inode_field <$ino> flags 0" + if $is_symlink; then + do_debugfs -R "set_inode_field <$ino> block[0] 0xAAAAAAAA" + do_debugfs -R "set_inode_field <$ino> block[1] 0" + do_debugfs -R "set_inode_field <$ino> size 4" + fi +} + +mkdir -p mnt +umount mnt &> /dev/null || true + +dd if=/dev/zero of=image bs=4096 count=128 +mke2fs -O encrypt -b 4096 -N 128 image +mount image mnt + +# Create an encrypted directory (ino 12) +dir=mnt/edir +mkdir $dir +echo password | e4crypt add_key $dir + +# Control cases: valid encrypted regular file, dir, and symlink (ino 13-15) +create_encrypted_file $dir/encrypted_file +mkdir $dir/encrypted_dir +ln -s target $dir/encrypted_symlink + +# Control case: file type that is never encrypted (ino 16) +mkfifo $dir/fifo + +# Inodes with missing encryption xattr (ino 17-18). +# e2fsck should offer to clear the encrypt flag on these inodes. + +create_encrypted_file $dir/missing_xattr_file +rm_encryption_xattr $dir/missing_xattr_file + +mkdir $dir/missing_xattr_dir +rm_encryption_xattr $dir/missing_xattr_dir + +# Inodes with corrupt encryption xattr (ino 19-22). +# e2fsck should offer to clear these inodes. + +create_encrypted_file $dir/corrupt_xattr_1 +set_encryption_xattr $dir/corrupt_xattr_1 '\0' + +create_encrypted_file $dir/corrupt_xattr_2 +set_encryption_xattr $dir/corrupt_xattr_2 \ + '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' + +create_encrypted_file $dir/corrupt_xattr_3 +set_encryption_xattr $dir/corrupt_xattr_3 '\1' + +create_encrypted_file $dir/corrupt_xattr_4 +set_encryption_xattr $dir/corrupt_xattr_4 '\2' + +# Unencrypted inodes in encrypted directory (ino 23-25). +# e2fsck should offer to clear these directory entries. + +create_encrypted_file $dir/unencrypted_file +clear_encryption $dir/unencrypted_file + +mkdir $dir/unencrypted_dir +clear_encryption $dir/unencrypted_dir + +ln -s target $dir/unencrypted_symlink +clear_encryption $dir/unencrypted_symlink + +# Inodes with different encryption policy in encrypted directory (ino 26-29). +# e2fsck should offer to clear these directory entries. + +xattr='\1\1\4\0AAAAAAAABBBBBBBBBBBBBBBB' + +create_encrypted_file $dir/inconsistent_file_1 +set_encryption_xattr $dir/inconsistent_file_1 $xattr + +mkdir $dir/inconsistent_dir +set_encryption_xattr $dir/inconsistent_dir $xattr + +ln -s target $dir/inconsistent_symlink +set_encryption_xattr $dir/inconsistent_symlink $xattr + +xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB' +create_encrypted_file $dir/inconsistent_file_2 +set_encryption_xattr $dir/inconsistent_file_2 $xattr + +# Encrypted file and directory with valid v2 encryption policy (ino 30-31). +# e2fsck shouldn't change these. +dir2=mnt/edir2 +mkdir $dir2 +echo password | e4crypt add_key $dir2 +xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB' +create_encrypted_file $dir2/file +set_encryption_xattr $dir2/file $xattr +set_encryption_xattr $dir2 $xattr + +# Encrypted file and directory with unrecognized encryption policy version +# (ino 32-33). e2fsck shouldn't change these. +dir3=mnt/edir3 +mkdir $dir3 +echo password | e4crypt add_key $dir3 +xattr='\3' +create_encrypted_file $dir3/file +set_encryption_xattr $dir3/file $xattr +set_encryption_xattr $dir3 $xattr + +umount mnt +rmdir mnt +gzip -9 -f image diff --git a/tests/f_bad_encryption/name b/tests/f_bad_encryption/name new file mode 100644 index 0000000..85b19ed --- /dev/null +++ b/tests/f_bad_encryption/name @@ -0,0 +1 @@ +missing, corrupt, and inconsistent encryption policies |