1eb633035STom Caputi#!/bin/ksh -p 2eb633035STom Caputi# 3eb633035STom Caputi# CDDL HEADER START 4eb633035STom Caputi# 5eb633035STom Caputi# This file and its contents are supplied under the terms of the 6eb633035STom Caputi# Common Development and Distribution License ("CDDL"), version 1.0. 7eb633035STom Caputi# You may only use this file in accordance with the terms of version 8eb633035STom Caputi# 1.0 of the CDDL. 9eb633035STom Caputi# 10eb633035STom Caputi# A full copy of the text of the CDDL should have accompanied this 11eb633035STom Caputi# source. A copy of the CDDL is also available via the Internet at 12eb633035STom Caputi# http://www.illumos.org/license/CDDL. 13eb633035STom Caputi# 14eb633035STom Caputi# CDDL HEADER END 15eb633035STom Caputi# 16eb633035STom Caputi 17eb633035STom Caputi# 18eb633035STom Caputi# Copyright (c) 2017, Datto, Inc. All rights reserved. 19eb633035STom Caputi# 20eb633035STom Caputi 21eb633035STom Caputi. $STF_SUITE/include/libtest.shlib 22eb633035STom Caputi. $STF_SUITE/tests/functional/cli_root/zfs_create/zfs_create_common.kshlib 23eb633035STom Caputi. $STF_SUITE/tests/functional/cli_root/zfs_create/properties.kshlib 24eb633035STom Caputi. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib 25eb633035STom Caputi 26eb633035STom Caputi# 27eb633035STom Caputi# DESCRIPTION: 28eb633035STom Caputi# ZFS should create datasets only if they have a valid combination of 29eb633035STom Caputi# encryption properties set. 30eb633035STom Caputi# 31eb633035STom Caputi# penc = parent encrypted 32eb633035STom Caputi# enc = encryption 33eb633035STom Caputi# loc = keylocation provided 34eb633035STom Caputi# fmt = keyformat provided 35eb633035STom Caputi# 36eb633035STom Caputi# penc enc fmt loc valid notes 37eb633035STom Caputi# ------------------------------------------- 38eb633035STom Caputi# no unspec 0 0 yes inherit no encryption (not tested here) 39eb633035STom Caputi# no unspec 0 1 no no crypt specified 40eb633035STom Caputi# no unspec 1 0 no no crypt specified 41eb633035STom Caputi# no unspec 1 1 no no crypt specified 42eb633035STom Caputi# no off 0 0 yes explicit no encryption 43eb633035STom Caputi# no off 0 1 no keylocation given, but crypt off 44eb633035STom Caputi# no off 1 0 no keyformat given, but crypt off 45eb633035STom Caputi# no off 1 1 no keyformat given, but crypt off 46eb633035STom Caputi# no on 0 0 no no keyformat specified for new key 47eb633035STom Caputi# no on 0 1 no no keyformat specified for new key 48eb633035STom Caputi# no on 1 0 yes new encryption root 49eb633035STom Caputi# no on 1 1 yes new encryption root 50eb633035STom Caputi# yes unspec 0 0 yes inherit encryption 51eb633035STom Caputi# yes unspec 0 1 no no keyformat specified 52eb633035STom Caputi# yes unspec 1 0 yes new encryption root, crypt inherited 53eb633035STom Caputi# yes unspec 1 1 yes new encryption root, crypt inherited 54*a60ca23dSTom Caputi# yes off 0 0 yes unencrypted child of encrypted parent 55*a60ca23dSTom Caputi# yes off 0 1 no keylocation given, but crypt off 56*a60ca23dSTom Caputi# yes off 1 0 no keyformat given, but crypt off 57*a60ca23dSTom Caputi# yes off 1 1 no keyformat given, but crypt off 58eb633035STom Caputi# yes on 0 0 yes inherited encryption, local crypt 59eb633035STom Caputi# yes on 0 1 no no keyformat specified for new key 60eb633035STom Caputi# yes on 1 0 yes new encryption root 61eb633035STom Caputi# yes on 1 1 yes new encryption root 62eb633035STom Caputi# 63eb633035STom Caputi# STRATEGY: 64eb633035STom Caputi# 1. Attempt to create a dataset using all combinations of encryption 65eb633035STom Caputi# properties 66eb633035STom Caputi# 67eb633035STom Caputi 68eb633035STom Caputiverify_runnable "both" 69eb633035STom Caputi 70eb633035STom Caputifunction cleanup 71eb633035STom Caputi{ 72eb633035STom Caputi datasetexists $TESTPOOL/$TESTFS1 && \ 73eb633035STom Caputi log_must zfs destroy -r $TESTPOOL/$TESTFS1 74eb633035STom Caputi datasetexists $TESTPOOL/$TESTFS2 && \ 75eb633035STom Caputi log_must zfs destroy -r $TESTPOOL/$TESTFS2 76eb633035STom Caputi} 77eb633035STom Caputilog_onexit cleanup 78eb633035STom Caputi 79eb633035STom Caputilog_assert "ZFS should create datasets only if they have a valid" \ 80eb633035STom Caputi "combination of encryption properties set." 81eb633035STom Caputi 82eb633035STom Caputi# Unencrypted parent 83eb633035STom Caputilog_must zfs create $TESTPOOL/$TESTFS1 84eb633035STom Caputilog_mustnot zfs create -o keyformat=passphrase $TESTPOOL/$TESTFS1/c1 85eb633035STom Caputilog_mustnot zfs create -o keylocation=prompt $TESTPOOL/$TESTFS1/c1 86eb633035STom Caputilog_mustnot zfs create -o keyformat=passphrase -o keylocation=prompt \ 87eb633035STom Caputi $TESTPOOL/$TESTFS1/c1 88eb633035STom Caputi 89eb633035STom Caputilog_must zfs create -o encryption=off $TESTPOOL/$TESTFS1/c1 90eb633035STom Caputilog_mustnot zfs create -o encryption=off -o keylocation=prompt \ 91eb633035STom Caputi $TESTPOOL/$TESTFS1/c2 92eb633035STom Caputilog_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 93eb633035STom Caputi $TESTPOOL/$TESTFS1/c2 94eb633035STom Caputilog_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 95eb633035STom Caputi -o keylocation=prompt $TESTPOOL/$TESTFS1/c2 96eb633035STom Caputi 97eb633035STom Caputilog_mustnot zfs create -o encryption=on $TESTPOOL/$TESTFS1/c2 98eb633035STom Caputilog_mustnot zfs create -o encryption=on -o keylocation=prompt \ 99eb633035STom Caputi $TESTPOOL/$TESTFS1/c2 100eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 101eb633035STom Caputi "-o keyformat=passphrase $TESTPOOL/$TESTFS1/c3" 102eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 103eb633035STom Caputi "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS1/c4" 104eb633035STom Caputi 105eb633035STom Caputi# Encrypted parent 106eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 107eb633035STom Caputi "-o keyformat=passphrase $TESTPOOL/$TESTFS2" 108eb633035STom Caputi 109eb633035STom Caputilog_must zfs create $TESTPOOL/$TESTFS2/c1 110eb633035STom Caputilog_mustnot zfs create -o keylocation=prompt $TESTPOOL/$TESTFS2/c2 111eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o keyformat=passphrase" \ 112eb633035STom Caputi "$TESTPOOL/$TESTFS2/c3" 113eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o keyformat=passphrase" \ 114eb633035STom Caputi "-o keylocation=prompt $TESTPOOL/$TESTFS2/c4" 115eb633035STom Caputi 116*a60ca23dSTom Caputilog_must zfs create -o encryption=off $TESTPOOL/$TESTFS2/c5 117*a60ca23dSTom Caputilog_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS2/c5)" == "off" 118*a60ca23dSTom Caputi 119eb633035STom Caputilog_mustnot zfs create -o encryption=off -o keylocation=prompt \ 120eb633035STom Caputi $TESTPOOL/$TESTFS2/c5 121eb633035STom Caputilog_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 122eb633035STom Caputi $TESTPOOL/$TESTFS2/c5 123eb633035STom Caputilog_mustnot zfs create -o encryption=off -o keyformat=passphrase \ 124eb633035STom Caputi -o keylocation=prompt $TESTPOOL/$TESTFS2/c5 125eb633035STom Caputi 126eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 127*a60ca23dSTom Caputi "$TESTPOOL/$TESTFS2/c6" 128eb633035STom Caputilog_mustnot zfs create -o encryption=on -o keylocation=prompt \ 129*a60ca23dSTom Caputi $TESTPOOL/$TESTFS2/c7 130eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 131*a60ca23dSTom Caputi "-o keyformat=passphrase $TESTPOOL/$TESTFS2/c7" 132eb633035STom Caputilog_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ 133*a60ca23dSTom Caputi "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS2/c8" 134eb633035STom Caputi 135eb633035STom Caputilog_pass "ZFS creates datasets only if they have a valid combination of" \ 136eb633035STom Caputi "encryption properties set." 137