1eb633035STom Caputi#!/bin/ksh -p 2eb633035STom Caputi# 3eb633035STom Caputi# CDDL HEADER START 4eb633035STom Caputi# 5eb633035STom Caputi# This file and its contents are supplied under the terms of the 6eb633035STom Caputi# Common Development and Distribution License ("CDDL"), version 1.0. 7eb633035STom Caputi# You may only use this file in accordance with the terms of version 8eb633035STom Caputi# 1.0 of the CDDL. 9eb633035STom Caputi# 10eb633035STom Caputi# A full copy of the text of the CDDL should have accompanied this 11eb633035STom Caputi# source. A copy of the CDDL is also available via the Internet at 12eb633035STom Caputi# http://www.illumos.org/license/CDDL. 13eb633035STom Caputi# 14eb633035STom Caputi# CDDL HEADER END 15eb633035STom Caputi# 16eb633035STom Caputi 17eb633035STom Caputi# 18eb633035STom Caputi# Copyright (c) 2017 Datto, Inc. All rights reserved. 19eb633035STom Caputi# 20eb633035STom Caputi 21eb633035STom Caputi. $STF_SUITE/include/libtest.shlib 22eb633035STom Caputi. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib 23eb633035STom Caputi 24eb633035STom Caputi# 25eb633035STom Caputi# DESCRIPTION: 26eb633035STom Caputi# 'zfs change-key' should promote an encrypted child to an encryption root. 27eb633035STom Caputi# 28eb633035STom Caputi# STRATEGY: 29eb633035STom Caputi# 1. Create an encrypted dataset 30eb633035STom Caputi# 2. Create an encrypted child dataset 31*ad3e6d4dSTom Caputi# 3. Create an unencrypted child dataset 32*ad3e6d4dSTom Caputi# 4. Attempt to change the key without any flags 33*ad3e6d4dSTom Caputi# 5. Attempt to change the key specifying keylocation 34*ad3e6d4dSTom Caputi# 6. Attempt to change the key specifying keyformat 35*ad3e6d4dSTom Caputi# 7. Verify the new encryption root can unload and load its key 36*ad3e6d4dSTom Caputi# 8. Recreate the child dataset 37*ad3e6d4dSTom Caputi# 9. Attempt to change the key specifying both the keylocation and keyformat 38*ad3e6d4dSTom Caputi# 10. Verify the new encryption root can unload and load its key 39*ad3e6d4dSTom Caputi# 11. Verify the unencrytped child is still accessible normally 40eb633035STom Caputi# 41eb633035STom Caputi 42eb633035STom Caputiverify_runnable "both" 43eb633035STom Caputi 44eb633035STom Caputifunction cleanup 45eb633035STom Caputi{ 46eb633035STom Caputi datasetexists $TESTPOOL/$TESTFS1 && \ 47eb633035STom Caputi log_must zfs destroy -r $TESTPOOL/$TESTFS1 48eb633035STom Caputi} 49eb633035STom Caputi 50eb633035STom Caputilog_onexit cleanup 51eb633035STom Caputi 52eb633035STom Caputilog_assert "'zfs change-key' should promote an encrypted child to an" \ 53eb633035STom Caputi "encryption root" 54eb633035STom Caputi 55eb633035STom Caputilog_must eval "echo $PASSPHRASE1 | zfs create -o encryption=on" \ 56eb633035STom Caputi "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS1" 57eb633035STom Caputilog_must zfs create $TESTPOOL/$TESTFS1/child 58*ad3e6d4dSTom Caputilog_must zfs create -o encryption=off $TESTPOOL/$TESTFS1/child2 59eb633035STom Caputi 60eb633035STom Caputilog_mustnot eval "echo $PASSPHRASE2 | zfs change-key" \ 61eb633035STom Caputi "$TESTPOOL/$TESTFS1/child" 62eb633035STom Caputi 63eb633035STom Caputilog_mustnot eval "echo $PASSPHRASE2 | zfs change-key -o keylocation=prompt" \ 64eb633035STom Caputi "$TESTPOOL/$TESTFS1/child" 65eb633035STom Caputi 66eb633035STom Caputilog_must eval "echo $PASSPHRASE2 | zfs change-key -o keyformat=passphrase" \ 67eb633035STom Caputi "$TESTPOOL/$TESTFS1/child" 68eb633035STom Caputi 69eb633035STom Caputilog_must zfs unmount $TESTPOOL/$TESTFS1/child 70eb633035STom Caputilog_must zfs unload-key $TESTPOOL/$TESTFS1/child 71eb633035STom Caputilog_must key_unavailable $TESTPOOL/$TESTFS1/child 72eb633035STom Caputi 73eb633035STom Caputilog_must eval "echo $PASSPHRASE2 | zfs load-key $TESTPOOL/$TESTFS1/child" 74eb633035STom Caputilog_must key_available $TESTPOOL/$TESTFS1/child 75eb633035STom Caputi 76eb633035STom Caputilog_must zfs destroy $TESTPOOL/$TESTFS1/child 77eb633035STom Caputilog_must zfs create $TESTPOOL/$TESTFS1/child 78eb633035STom Caputi 79eb633035STom Caputilog_must eval "echo $PASSPHRASE2 | zfs change-key -o keyformat=passphrase" \ 80eb633035STom Caputi "-o keylocation=prompt $TESTPOOL/$TESTFS1/child" 81eb633035STom Caputi 82eb633035STom Caputilog_must zfs unmount $TESTPOOL/$TESTFS1/child 83eb633035STom Caputilog_must zfs unload-key $TESTPOOL/$TESTFS1/child 84eb633035STom Caputilog_must key_unavailable $TESTPOOL/$TESTFS1/child 85eb633035STom Caputi 86eb633035STom Caputilog_must eval "echo $PASSPHRASE2 | zfs load-key $TESTPOOL/$TESTFS1/child" 87eb633035STom Caputilog_must key_available $TESTPOOL/$TESTFS1/child 88*ad3e6d4dSTom Caputilog_must zfs unmount $TESTPOOL/$TESTFS1/child2 89*ad3e6d4dSTom Caputilog_must zfs mount $TESTPOOL/$TESTFS1/child2 90eb633035STom Caputi 91eb633035STom Caputilog_pass "'zfs change-key' promotes an encrypted child to an encryption root" 92