summaryrefslogtreecommitdiffstats
path: root/tests/f_bad_encryption/mkimage.sh
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 09:25:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 09:25:10 +0000
commit5dced3d1b3deca80e01415a2e35dc7972dcbfae7 (patch)
tree6a403684e0978f0287d7f0ec0e5aab1fd31a59e1 /tests/f_bad_encryption/mkimage.sh
parentInitial commit. (diff)
downloade2fsprogs-5dced3d1b3deca80e01415a2e35dc7972dcbfae7.tar.xz
e2fsprogs-5dced3d1b3deca80e01415a2e35dc7972dcbfae7.zip
Adding upstream version 1.47.0.upstream/1.47.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/f_bad_encryption/mkimage.sh')
-rwxr-xr-xtests/f_bad_encryption/mkimage.sh169
1 files changed, 169 insertions, 0 deletions
diff --git a/tests/f_bad_encryption/mkimage.sh b/tests/f_bad_encryption/mkimage.sh
new file mode 100755
index 0000000..e58395d
--- /dev/null
+++ b/tests/f_bad_encryption/mkimage.sh
@@ -0,0 +1,169 @@
+#!/bin/bash
+#
+# This is the script that was used to create the image.gz in this directory.
+#
+# This requires a patched version of debugfs that understands the "fscrypt."
+# xattr name prefix, so that the encryption xattrs can be manipulated.
+
+set -e -u
+umask 0022
+
+do_debugfs() {
+ umount mnt
+ debugfs -w "$@" image
+ mount image mnt
+}
+
+create_encrypted_file() {
+ local file=$1
+ local ino
+
+ echo foo > "$file"
+
+ # not needed, but makes image more compressible
+ ino=$(stat -c %i "$file")
+ do_debugfs -R "zap_block -f <$ino> 0"
+}
+
+set_encryption_xattr() {
+ local file=$1
+ local value=$2
+ local ino
+
+ ino=$(stat -c %i "$file")
+ do_debugfs -R "ea_set <$ino> fscrypt.c $value"
+}
+
+rm_encryption_xattr() {
+ local file=$1
+ local ino
+
+ ino=$(stat -c %i "$file")
+ do_debugfs -R "ea_rm <$ino> fscrypt.c"
+}
+
+clear_encrypt_flag() {
+ local file=$1
+ local ino
+
+ ino=$(stat -c %i "$file")
+ do_debugfs -R "set_inode_field <$ino> flags 0"
+}
+
+clear_encryption() {
+ local file=$1
+ local ino
+ local is_symlink=false
+
+ if [ -L "$file" ]; then
+ is_symlink=true
+ fi
+ ino=$(stat -c %i "$file")
+
+ do_debugfs -R "ea_rm <$ino> fscrypt.c"
+ do_debugfs -R "set_inode_field <$ino> flags 0"
+ if $is_symlink; then
+ do_debugfs -R "set_inode_field <$ino> block[0] 0xAAAAAAAA"
+ do_debugfs -R "set_inode_field <$ino> block[1] 0"
+ do_debugfs -R "set_inode_field <$ino> size 4"
+ fi
+}
+
+mkdir -p mnt
+umount mnt &> /dev/null || true
+
+dd if=/dev/zero of=image bs=4096 count=128
+mke2fs -O encrypt -b 4096 -N 128 image
+mount image mnt
+
+# Create an encrypted directory (ino 12)
+dir=mnt/edir
+mkdir $dir
+echo password | e4crypt add_key $dir
+
+# Control cases: valid encrypted regular file, dir, and symlink (ino 13-15)
+create_encrypted_file $dir/encrypted_file
+mkdir $dir/encrypted_dir
+ln -s target $dir/encrypted_symlink
+
+# Control case: file type that is never encrypted (ino 16)
+mkfifo $dir/fifo
+
+# Inodes with missing encryption xattr (ino 17-18).
+# e2fsck should offer to clear the encrypt flag on these inodes.
+
+create_encrypted_file $dir/missing_xattr_file
+rm_encryption_xattr $dir/missing_xattr_file
+
+mkdir $dir/missing_xattr_dir
+rm_encryption_xattr $dir/missing_xattr_dir
+
+# Inodes with corrupt encryption xattr (ino 19-22).
+# e2fsck should offer to clear these inodes.
+
+create_encrypted_file $dir/corrupt_xattr_1
+set_encryption_xattr $dir/corrupt_xattr_1 '\0'
+
+create_encrypted_file $dir/corrupt_xattr_2
+set_encryption_xattr $dir/corrupt_xattr_2 \
+ '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
+
+create_encrypted_file $dir/corrupt_xattr_3
+set_encryption_xattr $dir/corrupt_xattr_3 '\1'
+
+create_encrypted_file $dir/corrupt_xattr_4
+set_encryption_xattr $dir/corrupt_xattr_4 '\2'
+
+# Unencrypted inodes in encrypted directory (ino 23-25).
+# e2fsck should offer to clear these directory entries.
+
+create_encrypted_file $dir/unencrypted_file
+clear_encryption $dir/unencrypted_file
+
+mkdir $dir/unencrypted_dir
+clear_encryption $dir/unencrypted_dir
+
+ln -s target $dir/unencrypted_symlink
+clear_encryption $dir/unencrypted_symlink
+
+# Inodes with different encryption policy in encrypted directory (ino 26-29).
+# e2fsck should offer to clear these directory entries.
+
+xattr='\1\1\4\0AAAAAAAABBBBBBBBBBBBBBBB'
+
+create_encrypted_file $dir/inconsistent_file_1
+set_encryption_xattr $dir/inconsistent_file_1 $xattr
+
+mkdir $dir/inconsistent_dir
+set_encryption_xattr $dir/inconsistent_dir $xattr
+
+ln -s target $dir/inconsistent_symlink
+set_encryption_xattr $dir/inconsistent_symlink $xattr
+
+xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB'
+create_encrypted_file $dir/inconsistent_file_2
+set_encryption_xattr $dir/inconsistent_file_2 $xattr
+
+# Encrypted file and directory with valid v2 encryption policy (ino 30-31).
+# e2fsck shouldn't change these.
+dir2=mnt/edir2
+mkdir $dir2
+echo password | e4crypt add_key $dir2
+xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB'
+create_encrypted_file $dir2/file
+set_encryption_xattr $dir2/file $xattr
+set_encryption_xattr $dir2 $xattr
+
+# Encrypted file and directory with unrecognized encryption policy version
+# (ino 32-33). e2fsck shouldn't change these.
+dir3=mnt/edir3
+mkdir $dir3
+echo password | e4crypt add_key $dir3
+xattr='\3'
+create_encrypted_file $dir3/file
+set_encryption_xattr $dir3/file $xattr
+set_encryption_xattr $dir3 $xattr
+
+umount mnt
+rmdir mnt
+gzip -9 -f image