1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# This file and its contents are supplied under the terms of the 6# Common Development and Distribution License ("CDDL"), version 1.0. 7# You may only use this file in accordance with the terms of version 8# 1.0 of the CDDL. 9# 10# A full copy of the text of the CDDL should have accompanied this 11# source. A copy of the CDDL is also available via the Internet at 12# http://www.illumos.org/license/CDDL. 13# 14# CDDL HEADER END 15# 16 17# 18# Copyright (c) 2017 Datto, Inc. All rights reserved. 19# Copyright 2020 Joyent, Inc. 20# 21 22. $STF_SUITE/include/libtest.shlib 23 24# 25# DESCRIPTION: 26# ZFS should receive an unencrypted stream from an encrypted dataset 27# 28# STRATEGY: 29# 1. Create an unencrypted dataset 30# 2. Create an encrypted dataset 31# 3. Create and checksum a file on the encrypted dataset 32# 4. Snapshot the encrypted dataset 33# 5. Attempt to receive the snapshot into an unencrypted child 34# 6. Verify encryption is not enabled 35# 7. Verify the cheksum of the file is the same as the original 36# 8. Attempt to receive the snapshot into an encrypted child 37# 9. Verify the cheksum of the file is the same as the original 38# 39 40verify_runnable "both" 41 42function cleanup 43{ 44 datasetexists $TESTPOOL/$TESTFS1 && \ 45 log_must zfs destroy -r $TESTPOOL/$TESTFS1 46 47 datasetexists $TESTPOOL/$TESTFS2 && \ 48 log_must zfs destroy -r $TESTPOOL/$TESTFS2 49} 50 51log_onexit cleanup 52 53log_assert "ZFS should receive an unencrypted stream from an encrypted dataset" 54 55typeset passphrase="password" 56typeset snap="$TESTPOOL/$TESTFS2@snap" 57 58log_must zfs create $TESTPOOL/$TESTFS1 59log_must eval "echo $passphrase | zfs create -o encryption=on" \ 60 "-o keyformat=passphrase $TESTPOOL/$TESTFS2" 61 62log_must mkfile 1M /$TESTPOOL/$TESTFS2/$TESTFILE0 63typeset checksum=$(digest -a md5 /$TESTPOOL/$TESTFS2/$TESTFILE0) 64 65log_must zfs snapshot $snap 66 67log_note "Verify ZFS can receive into an unencrypted child" 68log_must eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS1/c1" 69 70crypt=$(get_prop encryption $TESTPOOL/$TESTFS1/c1) 71[[ "$crypt" == "off" ]] || log_fail "Received unencrypted stream as encrypted" 72 73typeset cksum1=$(digest -a md5 /$TESTPOOL/$TESTFS1/c1/$TESTFILE0) 74[[ "$cksum1" == "$checksum" ]] || \ 75 log_fail "Checksums differ ($cksum1 != $checksum)" 76 77log_note "Verify ZFS can receive into an encrypted child" 78log_must eval "zfs send $snap | zfs receive $TESTPOOL/$TESTFS2/c1" 79 80typeset cksum2=$(digest -a md5 /$TESTPOOL/$TESTFS2/c1/$TESTFILE0) 81[[ "$cksum2" == "$checksum" ]] || \ 82 log_fail "Checksums differ ($cksum2 != $checksum)" 83 84log_pass "ZFS can receive an unencrypted stream from an encrypted dataset" 85