diff options
| -rw-r--r-- | cli-tests/t_encrypt_raw_key.out | 25 | ||||
| -rwxr-xr-x | cli-tests/t_encrypt_raw_key.sh | 38 |
2 files changed, 63 insertions, 0 deletions
diff --git a/cli-tests/t_encrypt_raw_key.out b/cli-tests/t_encrypt_raw_key.out new file mode 100644 index 0000000..c7c46eb --- /dev/null +++ b/cli-tests/t_encrypt_raw_key.out @@ -0,0 +1,25 @@ + +# Encrypt with raw_key protector +ext4 filesystem "MNT" has 1 protector and 1 policy + +PROTECTOR LINKED DESCRIPTION +desc1 No raw key protector "prot" + +POLICY UNLOCKED PROTECTORS +desc2 Yes desc1 +"MNT/dir" is encrypted with fscrypt. + +Policy: desc2 +Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 +Unlocked: Yes + +Protected with 1 protector: +PROTECTOR LINKED DESCRIPTION +desc1 No raw key protector "prot" + +# Try to encrypt with raw_key protector, using wrong key length +[ERROR] fscrypt encrypt: TMPDIR/raw_key: key file must be 32 bytes +ext4 filesystem "MNT" has 0 protectors and 0 policies + +[ERROR] fscrypt status: get encryption policy MNT/dir: file + or directory not encrypted diff --git a/cli-tests/t_encrypt_raw_key.sh b/cli-tests/t_encrypt_raw_key.sh new file mode 100755 index 0000000..260b094 --- /dev/null +++ b/cli-tests/t_encrypt_raw_key.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +# Test encrypting a directory using a raw_key protector. + +cd "$(dirname "$0")" +. common.sh + +dir="$MNT/dir" +raw_key_file="$TMPDIR/raw_key" + +begin() +{ + _reset_filesystems + mkdir "$dir" + _print_header "$1" +} + +show_status() +{ + local encrypted=$1 + + fscrypt status "$MNT" + if $encrypted; then + fscrypt status "$dir" + else + _expect_failure "fscrypt status '$dir'" + fi +} + +begin "Encrypt with raw_key protector" +head -c 32 /dev/urandom > "$raw_key_file" +fscrypt encrypt --quiet --name=prot --source=raw_key --key="$raw_key_file" "$dir" +show_status true + +begin "Try to encrypt with raw_key protector, using wrong key length" +head -c 16 /dev/urandom > "$raw_key_file" +_expect_failure "fscrypt encrypt --quiet --name=prot --source=raw_key --key='$raw_key_file' '$dir'" +show_status false |