1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# This file and its contents are supplied under the terms of the 6# Common Development and Distribution License ("CDDL"), version 1.0. 7# You may only use this file in accordance with the terms of version 8# 1.0 of the CDDL. 9# 10# A full copy of the text of the CDDL should have accompanied this 11# source. A copy of the CDDL is also available via the Internet at 12# http://www.illumos.org/license/CDDL. 13# 14# CDDL HEADER END 15# 16 17# 18# Copyright (c) 2017, Datto, Inc. All rights reserved. 19# 20 21. $STF_SUITE/include/libtest.shlib 22. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib 23 24# 25# DESCRIPTION: 26# 'zpool create' should create an encrypted dataset only if it has a valid 27# combination of encryption properties set. 28# 29# enc = encryption 30# loc = keylocation provided 31# fmt = keyformat provided 32# 33# U = unspecified 34# N = off 35# Y = on 36# 37# enc fmt loc valid notes 38# ------------------------------------------- 39# U 0 1 no no crypt specified 40# U 1 0 no no crypt specified 41# U 1 1 no no crypt specified 42# N 0 0 yes explicit no encryption 43# N 0 1 no keylocation given, but crypt off 44# N 1 0 no keyformat given, but crypt off 45# N 1 1 no keyformat given, but crypt off 46# Y 0 0 no no keyformat specified for new key 47# Y 0 1 no no keyformat specified for new key 48# Y 1 1 no unsupported combination of non-encryption props 49# Y 1 0 yes new encryption root 50# Y 1 1 yes new encryption root 51# 52# STRATEGY: 53# 1. Attempt to create a dataset using all combinations of encryption 54# properties 55# 56 57verify_runnable "global" 58 59function cleanup 60{ 61 poolexists $TESTPOOL && destroy_pool $TESTPOOL 62} 63log_onexit cleanup 64 65log_assert "'zpool create' should create an encrypted dataset only if it" \ 66 "has a valid combination of encryption properties set." 67 68log_mustnot zpool create -O keylocation=prompt $TESTPOOL $DISKS 69log_mustnot zpool create -O keyformat=passphrase $TESTPOOL $DISKS 70log_mustnot zpool create -O keyformat=passphrase -O keylocation=prompt \ 71 $TESTPOOL $DISKS 72 73log_must zpool create -O encryption=off $TESTPOOL $DISKS 74log_must zpool destroy $TESTPOOL 75 76log_mustnot zpool create -O encryption=off -O keylocation=prompt \ 77 $TESTPOOL $DISKS 78log_mustnot zpool create -O encryption=off -O keyformat=passphrase \ 79 $TESTPOOL $DISKS 80log_mustnot zpool create -O encryption=off -O keyformat=passphrase \ 81 -O keylocation=prompt $TESTPOOL $DISKS 82 83log_mustnot zpool create -O encryption=on $TESTPOOL $DISKS 84log_mustnot zpool create -O encryption=on -O keylocation=prompt \ 85 $TESTPOOL $DISKS 86 87log_mustnot eval "echo $PASSPHRASE | zpool create -O encryption=on" \ 88 "-O keyformat=passphrase -O keylocation=prompt" \ 89 "-o feature@lz4_compress=disabled -O compression=lz4 $TESTPOOL $DISKS" 90 91log_must eval "echo $PASSPHRASE | zpool create -O encryption=on" \ 92 "-O keyformat=passphrase $TESTPOOL $DISKS" 93log_must zpool destroy $TESTPOOL 94 95log_must eval "echo $PASSPHRASE | zpool create -O encryption=on" \ 96 "-O keyformat=passphrase -O keylocation=prompt $TESTPOOL $DISKS" 97log_must zpool destroy $TESTPOOL 98 99log_pass "'zpool create' creates an encrypted dataset only if it has a" \ 100 "valid combination of encryption properties set." 101