diff options
Diffstat (limited to 'cli-tests')
| -rw-r--r-- | cli-tests/t_not_enabled.out | 39 | ||||
| -rwxr-xr-x | cli-tests/t_not_enabled.sh | 34 |
2 files changed, 73 insertions, 0 deletions
diff --git a/cli-tests/t_not_enabled.out b/cli-tests/t_not_enabled.out new file mode 100644 index 0000000..7d74bcf --- /dev/null +++ b/cli-tests/t_not_enabled.out @@ -0,0 +1,39 @@ + +# Disable encryption on DEV + +# Try to encrypt a directory when encryption is disabled +[ERROR] fscrypt encrypt: get encryption policy MNT/dir: + encryption not enabled + +Encryption is either disabled in the kernel config, or needs to be enabled for +this filesystem. See the documentation on how to enable encryption on ext4 +systems (and the risks of doing so). + +# Try to unlock a directory when encryption is disabled +[ERROR] fscrypt unlock: get encryption policy MNT/dir: + encryption not enabled + +Encryption is either disabled in the kernel config, or needs to be enabled for +this filesystem. See the documentation on how to enable encryption on ext4 +systems (and the risks of doing so). + +# Try to lock a directory when encryption is disabled +[ERROR] fscrypt lock: get encryption policy MNT/dir: + encryption not enabled + +Encryption is either disabled in the kernel config, or needs to be enabled for +this filesystem. See the documentation on how to enable encryption on ext4 +systems (and the risks of doing so). + +# Enable encryption on DEV + +# Encrypt a directory when encryption was just enabled +"MNT/dir" is encrypted with fscrypt. + +Policy: desc1 +Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 +Unlocked: Yes + +Protected with 1 protector: +PROTECTOR LINKED DESCRIPTION +desc2 No custom protector "prot" diff --git a/cli-tests/t_not_enabled.sh b/cli-tests/t_not_enabled.sh new file mode 100755 index 0000000..3c7d22c --- /dev/null +++ b/cli-tests/t_not_enabled.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# Test that fscrypt fails when the filesystem doesn't have the encrypt feature +# enabled. Then test enabling it. + +cd "$(dirname "$0")" +. common.sh + +dir="$MNT/dir" +mkdir "$dir" + +_print_header "Disable encryption on $DEV" +count_before=$(_get_enabled_fs_count) +umount "$MNT" +_run_noisy_command "debugfs -w -R 'feature -encrypt' '$DEV'" +mount "$DEV" "$MNT" +count_after=$(_get_enabled_fs_count) +(( count_after == count_before - 1 )) || _fail "wrong enabled count" + +_print_header "Try to encrypt a directory when encryption is disabled" +_expect_failure "fscrypt encrypt '$dir'" + +_print_header "Try to unlock a directory when encryption is disabled" +_expect_failure "fscrypt unlock '$dir'" + +_print_header "Try to lock a directory when encryption is disabled" +_expect_failure "fscrypt lock '$dir'" + +_print_header "Enable encryption on $DEV" +_run_noisy_command "tune2fs -O encrypt '$DEV'" + +_print_header "Encrypt a directory when encryption was just enabled" +echo hunter2 | fscrypt encrypt --quiet --source=custom_passphrase --name=prot "$dir" +fscrypt status "$dir" |