diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 09:25:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 09:25:10 +0000 |
commit | 5dced3d1b3deca80e01415a2e35dc7972dcbfae7 (patch) | |
tree | 6a403684e0978f0287d7f0ec0e5aab1fd31a59e1 /tests/f_bad_encryption/mkimage.sh | |
parent | Initial commit. (diff) | |
download | e2fsprogs-5dced3d1b3deca80e01415a2e35dc7972dcbfae7.tar.xz e2fsprogs-5dced3d1b3deca80e01415a2e35dc7972dcbfae7.zip |
Adding upstream version 1.47.0.upstream/1.47.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/f_bad_encryption/mkimage.sh')
-rwxr-xr-x | tests/f_bad_encryption/mkimage.sh | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/tests/f_bad_encryption/mkimage.sh b/tests/f_bad_encryption/mkimage.sh new file mode 100755 index 0000000..e58395d --- /dev/null +++ b/tests/f_bad_encryption/mkimage.sh @@ -0,0 +1,169 @@ +#!/bin/bash +# +# This is the script that was used to create the image.gz in this directory. +# +# This requires a patched version of debugfs that understands the "fscrypt." +# xattr name prefix, so that the encryption xattrs can be manipulated. + +set -e -u +umask 0022 + +do_debugfs() { + umount mnt + debugfs -w "$@" image + mount image mnt +} + +create_encrypted_file() { + local file=$1 + local ino + + echo foo > "$file" + + # not needed, but makes image more compressible + ino=$(stat -c %i "$file") + do_debugfs -R "zap_block -f <$ino> 0" +} + +set_encryption_xattr() { + local file=$1 + local value=$2 + local ino + + ino=$(stat -c %i "$file") + do_debugfs -R "ea_set <$ino> fscrypt.c $value" +} + +rm_encryption_xattr() { + local file=$1 + local ino + + ino=$(stat -c %i "$file") + do_debugfs -R "ea_rm <$ino> fscrypt.c" +} + +clear_encrypt_flag() { + local file=$1 + local ino + + ino=$(stat -c %i "$file") + do_debugfs -R "set_inode_field <$ino> flags 0" +} + +clear_encryption() { + local file=$1 + local ino + local is_symlink=false + + if [ -L "$file" ]; then + is_symlink=true + fi + ino=$(stat -c %i "$file") + + do_debugfs -R "ea_rm <$ino> fscrypt.c" + do_debugfs -R "set_inode_field <$ino> flags 0" + if $is_symlink; then + do_debugfs -R "set_inode_field <$ino> block[0] 0xAAAAAAAA" + do_debugfs -R "set_inode_field <$ino> block[1] 0" + do_debugfs -R "set_inode_field <$ino> size 4" + fi +} + +mkdir -p mnt +umount mnt &> /dev/null || true + +dd if=/dev/zero of=image bs=4096 count=128 +mke2fs -O encrypt -b 4096 -N 128 image +mount image mnt + +# Create an encrypted directory (ino 12) +dir=mnt/edir +mkdir $dir +echo password | e4crypt add_key $dir + +# Control cases: valid encrypted regular file, dir, and symlink (ino 13-15) +create_encrypted_file $dir/encrypted_file +mkdir $dir/encrypted_dir +ln -s target $dir/encrypted_symlink + +# Control case: file type that is never encrypted (ino 16) +mkfifo $dir/fifo + +# Inodes with missing encryption xattr (ino 17-18). +# e2fsck should offer to clear the encrypt flag on these inodes. + +create_encrypted_file $dir/missing_xattr_file +rm_encryption_xattr $dir/missing_xattr_file + +mkdir $dir/missing_xattr_dir +rm_encryption_xattr $dir/missing_xattr_dir + +# Inodes with corrupt encryption xattr (ino 19-22). +# e2fsck should offer to clear these inodes. + +create_encrypted_file $dir/corrupt_xattr_1 +set_encryption_xattr $dir/corrupt_xattr_1 '\0' + +create_encrypted_file $dir/corrupt_xattr_2 +set_encryption_xattr $dir/corrupt_xattr_2 \ + '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' + +create_encrypted_file $dir/corrupt_xattr_3 +set_encryption_xattr $dir/corrupt_xattr_3 '\1' + +create_encrypted_file $dir/corrupt_xattr_4 +set_encryption_xattr $dir/corrupt_xattr_4 '\2' + +# Unencrypted inodes in encrypted directory (ino 23-25). +# e2fsck should offer to clear these directory entries. + +create_encrypted_file $dir/unencrypted_file +clear_encryption $dir/unencrypted_file + +mkdir $dir/unencrypted_dir +clear_encryption $dir/unencrypted_dir + +ln -s target $dir/unencrypted_symlink +clear_encryption $dir/unencrypted_symlink + +# Inodes with different encryption policy in encrypted directory (ino 26-29). +# e2fsck should offer to clear these directory entries. + +xattr='\1\1\4\0AAAAAAAABBBBBBBBBBBBBBBB' + +create_encrypted_file $dir/inconsistent_file_1 +set_encryption_xattr $dir/inconsistent_file_1 $xattr + +mkdir $dir/inconsistent_dir +set_encryption_xattr $dir/inconsistent_dir $xattr + +ln -s target $dir/inconsistent_symlink +set_encryption_xattr $dir/inconsistent_symlink $xattr + +xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB' +create_encrypted_file $dir/inconsistent_file_2 +set_encryption_xattr $dir/inconsistent_file_2 $xattr + +# Encrypted file and directory with valid v2 encryption policy (ino 30-31). +# e2fsck shouldn't change these. +dir2=mnt/edir2 +mkdir $dir2 +echo password | e4crypt add_key $dir2 +xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB' +create_encrypted_file $dir2/file +set_encryption_xattr $dir2/file $xattr +set_encryption_xattr $dir2 $xattr + +# Encrypted file and directory with unrecognized encryption policy version +# (ino 32-33). e2fsck shouldn't change these. +dir3=mnt/edir3 +mkdir $dir3 +echo password | e4crypt add_key $dir3 +xattr='\3' +create_encrypted_file $dir3/file +set_encryption_xattr $dir3/file $xattr +set_encryption_xattr $dir3 $xattr + +umount mnt +rmdir mnt +gzip -9 -f image |