From a35a8a764e750c484dd649a463262f7c6fe692ba Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Sat, 9 May 2020 14:04:47 -0700
Subject: cli-tests: add t_encrypt_raw_key

Test encrypting a directory using a raw_key protector.
---
 cli-tests/t_encrypt_raw_key.out | 25 +++++++++++++++++++++++++
 cli-tests/t_encrypt_raw_key.sh  | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 cli-tests/t_encrypt_raw_key.out
 create mode 100755 cli-tests/t_encrypt_raw_key.sh

diff --git a/cli-tests/t_encrypt_raw_key.out b/cli-tests/t_encrypt_raw_key.out
new file mode 100644
index 0000000..c7c46eb
--- /dev/null
+++ b/cli-tests/t_encrypt_raw_key.out
@@ -0,0 +1,25 @@
+
+# Encrypt with raw_key protector
+ext4 filesystem "MNT" has 1 protector and 1 policy
+
+PROTECTOR         LINKED  DESCRIPTION
+desc1  No      raw key protector "prot"
+
+POLICY                            UNLOCKED  PROTECTORS
+desc2  Yes       desc1
+"MNT/dir" is encrypted with fscrypt.
+
+Policy:   desc2
+Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
+Unlocked: Yes
+
+Protected with 1 protector:
+PROTECTOR         LINKED  DESCRIPTION
+desc1  No      raw key protector "prot"
+
+# Try to encrypt with raw_key protector, using wrong key length
+[ERROR] fscrypt encrypt: TMPDIR/raw_key: key file must be 32 bytes
+ext4 filesystem "MNT" has 0 protectors and 0 policies
+
+[ERROR] fscrypt status: get encryption policy MNT/dir: file
+                        or directory not encrypted
diff --git a/cli-tests/t_encrypt_raw_key.sh b/cli-tests/t_encrypt_raw_key.sh
new file mode 100755
index 0000000..260b094
--- /dev/null
+++ b/cli-tests/t_encrypt_raw_key.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Test encrypting a directory using a raw_key protector.
+
+cd "$(dirname "$0")"
+. common.sh
+
+dir="$MNT/dir"
+raw_key_file="$TMPDIR/raw_key"
+
+begin()
+{
+	_reset_filesystems
+	mkdir "$dir"
+	_print_header "$1"
+}
+
+show_status()
+{
+	local encrypted=$1
+
+	fscrypt status "$MNT"
+	if $encrypted; then
+		fscrypt status "$dir"
+	else
+		_expect_failure "fscrypt status '$dir'"
+	fi
+}
+
+begin "Encrypt with raw_key protector"
+head -c 32 /dev/urandom > "$raw_key_file"
+fscrypt encrypt --quiet --name=prot --source=raw_key --key="$raw_key_file" "$dir"
+show_status true
+
+begin "Try to encrypt with raw_key protector, using wrong key length"
+head -c 16 /dev/urandom > "$raw_key_file"
+_expect_failure "fscrypt encrypt --quiet --name=prot --source=raw_key --key='$raw_key_file' '$dir'"
+show_status false
-- 
cgit v1.2.3