1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# This file and its contents are supplied under the terms of the 6# Common Development and Distribution License ("CDDL"), version 1.0. 7# You may only use this file in accordance with the terms of version 8# 1.0 of the CDDL. 9# 10# A full copy of the text of the CDDL should have accompanied this 11# source. A copy of the CDDL is also available via the Internet at 12# http://www.illumos.org/license/CDDL. 13# 14# CDDL HEADER END 15# 16 17# 18# Copyright (c) 2017, Datto, Inc. All rights reserved. 19# 20 21. $STF_SUITE/include/libtest.shlib 22. $STF_SUITE/tests/functional/cli_root/zfs_create/zfs_create_common.kshlib 23. $STF_SUITE/tests/functional/cli_root/zfs_create/properties.kshlib 24. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib 25 26# 27# DESCRIPTION: 28# ZFS should create datasets only if they have a valid combination of 29# encryption properties set. 30# 31# penc = parent encrypted 32# enc = encryption 33# loc = keylocation provided 34# fmt = keyformat provided 35# 36# penc enc fmt loc valid notes 37# ------------------------------------------- 38# no unspec 0 0 yes inherit no encryption (not tested here) 39# no unspec 0 1 no no crypt specified 40# no unspec 1 0 no no crypt specified 41# no unspec 1 1 no no crypt specified 42# no off 0 0 yes explicit no encryption 43# no off 0 1 no keylocation given, but crypt off 44# no off 1 0 no keyformat given, but crypt off 45# no off 1 1 no keyformat given, but crypt off 46# no on 0 0 no no keyformat specified for new key 47# no on 0 1 no no keyformat specified for new key 48# no on 1 0 yes new encryption root 49# no on 1 1 yes new encryption root 50# yes unspec 0 0 yes inherit encryption 51# yes unspec 0 1 no no keyformat specified 52# yes unspec 1 0 yes new encryption root, crypt inherited 53# yes unspec 1 1 yes new encryption root, crypt inherited 54# yes off 0 0 yes unencrypted child of encrypted parent 55# yes off 0 1 no keylocation given, but crypt off 56# yes off 1 0 no keyformat given, but crypt off 57# yes off 1 1 no keyformat given, but crypt off 58# yes on 0 0 yes inherited encryption, local crypt 59# yes on 0 1 no no keyformat specified for new key 60# yes on 1 0 yes new encryption root 61# yes on 1 1 yes new encryption root 62# 63# STRATEGY: 64# 1. Attempt to create a dataset using all combinations of encryption 65# properties 66# 67 68verify_runnable "both" 69 70function cleanup 71{ 72 datasetexists $TESTPOOL/$TESTFS1 && \ 73 log_must zfs destroy -r $TESTPOOL/$TESTFS1 74 datasetexists $TESTPOOL/$TESTFS2 && \ 75 log_must zfs destroy -r $TESTPOOL/$TESTFS2 76} 77log_onexit cleanup 78 79log_assert "ZFS should create datasets only if they have a valid" \ 80 "combination of encryption properties set." 81 82# Unencrypted parent 83log_must zfs create $TESTPOOL/$TESTFS1 84log_mustnot zfs create -o keyformat=passphrase $TESTPOOL/$TESTFS1/c1 85log_mustnot zfs create -o keylocation=prompt $TESTPOOL/$TESTFS1/c1 86log_mustnot zfs create -o keyformat=passphrase -o keylocation=prompt \ 87 $TESTPOOL/$TESTFS1/c1 88 89log_must zfs create -o encryption=off $TESTPOOL/$TESTFS1/c1 90log_mustnot zfs create -o encryption=off -o keylocation=prompt \ 91 $TESTPOOL/$TESTFS1/c2 92log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 93 $TESTPOOL/$TESTFS1/c2 94log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 95 -o keylocation=prompt $TESTPOOL/$TESTFS1/c2 96 97log_mustnot zfs create -o encryption=on $TESTPOOL/$TESTFS1/c2 98log_mustnot zfs create -o encryption=on -o keylocation=prompt \ 99 $TESTPOOL/$TESTFS1/c2 100log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 101 "-o keyformat=passphrase $TESTPOOL/$TESTFS1/c3" 102log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 103 "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS1/c4" 104 105# Encrypted parent 106log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 107 "-o keyformat=passphrase $TESTPOOL/$TESTFS2" 108 109log_must zfs create $TESTPOOL/$TESTFS2/c1 110log_mustnot zfs create -o keylocation=prompt $TESTPOOL/$TESTFS2/c2 111log_must eval "echo $PASSPHRASE | zfs create -o keyformat=passphrase" \ 112 "$TESTPOOL/$TESTFS2/c3" 113log_must eval "echo $PASSPHRASE | zfs create -o keyformat=passphrase" \ 114 "-o keylocation=prompt $TESTPOOL/$TESTFS2/c4" 115 116log_must zfs create -o encryption=off $TESTPOOL/$TESTFS2/c5 117log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS2/c5)" == "off" 118 119log_mustnot zfs create -o encryption=off -o keylocation=prompt \ 120 $TESTPOOL/$TESTFS2/c5 121log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 122 $TESTPOOL/$TESTFS2/c5 123log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 124 -o keylocation=prompt $TESTPOOL/$TESTFS2/c5 125 126log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 127 "$TESTPOOL/$TESTFS2/c6" 128log_mustnot zfs create -o encryption=on -o keylocation=prompt \ 129 $TESTPOOL/$TESTFS2/c7 130log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 131 "-o keyformat=passphrase $TESTPOOL/$TESTFS2/c7" 132log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 133 "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS2/c8" 134 135log_pass "ZFS creates datasets only if they have a valid combination of" \ 136 "encryption properties set." 137