blob: e58395dfca40a9dbc6ec4293470cb8a3164c2fea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
#!/bin/bash
#
# This is the script that was used to create the image.gz in this directory.
#
# This requires a patched version of debugfs that understands the "fscrypt."
# xattr name prefix, so that the encryption xattrs can be manipulated.
set -e -u
umask 0022
do_debugfs() {
umount mnt
debugfs -w "$@" image
mount image mnt
}
create_encrypted_file() {
local file=$1
local ino
echo foo > "$file"
# not needed, but makes image more compressible
ino=$(stat -c %i "$file")
do_debugfs -R "zap_block -f <$ino> 0"
}
set_encryption_xattr() {
local file=$1
local value=$2
local ino
ino=$(stat -c %i "$file")
do_debugfs -R "ea_set <$ino> fscrypt.c $value"
}
rm_encryption_xattr() {
local file=$1
local ino
ino=$(stat -c %i "$file")
do_debugfs -R "ea_rm <$ino> fscrypt.c"
}
clear_encrypt_flag() {
local file=$1
local ino
ino=$(stat -c %i "$file")
do_debugfs -R "set_inode_field <$ino> flags 0"
}
clear_encryption() {
local file=$1
local ino
local is_symlink=false
if [ -L "$file" ]; then
is_symlink=true
fi
ino=$(stat -c %i "$file")
do_debugfs -R "ea_rm <$ino> fscrypt.c"
do_debugfs -R "set_inode_field <$ino> flags 0"
if $is_symlink; then
do_debugfs -R "set_inode_field <$ino> block[0] 0xAAAAAAAA"
do_debugfs -R "set_inode_field <$ino> block[1] 0"
do_debugfs -R "set_inode_field <$ino> size 4"
fi
}
mkdir -p mnt
umount mnt &> /dev/null || true
dd if=/dev/zero of=image bs=4096 count=128
mke2fs -O encrypt -b 4096 -N 128 image
mount image mnt
# Create an encrypted directory (ino 12)
dir=mnt/edir
mkdir $dir
echo password | e4crypt add_key $dir
# Control cases: valid encrypted regular file, dir, and symlink (ino 13-15)
create_encrypted_file $dir/encrypted_file
mkdir $dir/encrypted_dir
ln -s target $dir/encrypted_symlink
# Control case: file type that is never encrypted (ino 16)
mkfifo $dir/fifo
# Inodes with missing encryption xattr (ino 17-18).
# e2fsck should offer to clear the encrypt flag on these inodes.
create_encrypted_file $dir/missing_xattr_file
rm_encryption_xattr $dir/missing_xattr_file
mkdir $dir/missing_xattr_dir
rm_encryption_xattr $dir/missing_xattr_dir
# Inodes with corrupt encryption xattr (ino 19-22).
# e2fsck should offer to clear these inodes.
create_encrypted_file $dir/corrupt_xattr_1
set_encryption_xattr $dir/corrupt_xattr_1 '\0'
create_encrypted_file $dir/corrupt_xattr_2
set_encryption_xattr $dir/corrupt_xattr_2 \
'\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
create_encrypted_file $dir/corrupt_xattr_3
set_encryption_xattr $dir/corrupt_xattr_3 '\1'
create_encrypted_file $dir/corrupt_xattr_4
set_encryption_xattr $dir/corrupt_xattr_4 '\2'
# Unencrypted inodes in encrypted directory (ino 23-25).
# e2fsck should offer to clear these directory entries.
create_encrypted_file $dir/unencrypted_file
clear_encryption $dir/unencrypted_file
mkdir $dir/unencrypted_dir
clear_encryption $dir/unencrypted_dir
ln -s target $dir/unencrypted_symlink
clear_encryption $dir/unencrypted_symlink
# Inodes with different encryption policy in encrypted directory (ino 26-29).
# e2fsck should offer to clear these directory entries.
xattr='\1\1\4\0AAAAAAAABBBBBBBBBBBBBBBB'
create_encrypted_file $dir/inconsistent_file_1
set_encryption_xattr $dir/inconsistent_file_1 $xattr
mkdir $dir/inconsistent_dir
set_encryption_xattr $dir/inconsistent_dir $xattr
ln -s target $dir/inconsistent_symlink
set_encryption_xattr $dir/inconsistent_symlink $xattr
xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB'
create_encrypted_file $dir/inconsistent_file_2
set_encryption_xattr $dir/inconsistent_file_2 $xattr
# Encrypted file and directory with valid v2 encryption policy (ino 30-31).
# e2fsck shouldn't change these.
dir2=mnt/edir2
mkdir $dir2
echo password | e4crypt add_key $dir2
xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB'
create_encrypted_file $dir2/file
set_encryption_xattr $dir2/file $xattr
set_encryption_xattr $dir2 $xattr
# Encrypted file and directory with unrecognized encryption policy version
# (ino 32-33). e2fsck shouldn't change these.
dir3=mnt/edir3
mkdir $dir3
echo password | e4crypt add_key $dir3
xattr='\3'
create_encrypted_file $dir3/file
set_encryption_xattr $dir3/file $xattr
set_encryption_xattr $dir3 $xattr
umount mnt
rmdir mnt
gzip -9 -f image
|