fscrypt/cli-tests/t_unlock.out at 76638aedc45c031dae6d8ada25a05404dc9ff6a0 · google/fscrypt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

# Encrypt directory with --skip-unlock

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
touch: cannot touch 'MNT/dir/file': Required key not available

# => Get policy status via mount:
desc1  No        desc2

# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# => Get policy status via mount:
desc1  Yes       desc2

# Lock by cycling mount

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
mkdir: cannot create directory 'MNT/dir/subdir': Required key not available

# => Get policy status via mount:
desc1  No        desc2

# Try to unlock with wrong passphrase
[ERROR] fscrypt unlock: incorrect key provided
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# Try to unlock with no stdin
[ERROR] fscrypt unlock: incorrect key provided
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# Try to unlock with only a newline
[ERROR] fscrypt unlock: incorrect key provided
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# Try infinitely many wrong passwords
Enter custom passphrase for protector "prot": [ERROR] fscrypt unlock: incorrect key provided
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
contents

# => Get policy status via mount:
desc1  Yes       desc2

# Try to unlock with corrupt policy metadata
[ERROR] fscrypt unlock: fscrypt metadata file at
                        "MNT/.fscrypt/policies/desc1"
                        is corrupt: proto: cannot parse invalid wire-format data

# Try to unlock with missing policy metadata
[ERROR] fscrypt unlock: filesystem "MNT" does not contain
                        the policy metadata for "MNT/dir".
                        This directory has either been encrypted with another
                        tool (such as e4crypt), or the file
                        "MNT/.fscrypt/policies/desc26"
                        has been deleted.

# Try to unlock with missing protector metadata
[ERROR] fscrypt unlock: could not load any protectors

You may need to mount a linked filesystem. Run with --verbose for more
information.

# Try to unlock with wrong policy metadata
[ERROR] fscrypt unlock: inconsistent metadata between encrypted directory
                        "MNT/dir1" and its corresponding
                        metadata file
                        "MNT/.fscrypt/policies/desc27".

                        Directory has
                        descriptor:desc27 padding:32
                        contents:AES_256_XTS filenames:AES_256_CTS
                        policy_version:2

                        Metadata file has
                        descriptor:desc29 padding:32
                        contents:AES_256_XTS filenames:AES_256_CTS
                        policy_version:2