From patchwork Sun Dec 11 07:06:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070516 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33D98C4332F for ; Sun, 11 Dec 2022 07:08:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230133AbiLKHIA (ORCPT ); Sun, 11 Dec 2022 02:08:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230138AbiLKHHy (ORCPT ); Sun, 11 Dec 2022 02:07:54 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F04BFB48C; Sat, 10 Dec 2022 23:07:47 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 38CBEB80945; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C3445C433D2; Sun, 11 Dec 2022 07:07:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742464; bh=RSlfrXXjhLYM9CdWMJaXYvN1wwoVOb0jnL6OewsqvWw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=P7v65V5VDfP6v1k3W80Yhb89hRy933STa450H0kl5kYytdoX82J+jACnDLBdHXXQn bF+SuI41phhoGcn0o/1wbolbYERSlX1Rz61b3z0ewOaQLxVkyxuRuoVLLY2wopLbSm FMDRNjKP4DvDDMjHlY1DoeLC992cxiZKup5rQ4of7CnXSNJmIDUSN2AfD8bw2nm1VV PSa80tk9NzuL7LPYy8D+S+ioftgTIhspCXHwiOENn80PpRN5tpYxK1jzSaHwtR17M8 CwK/pt07d/yaDs7rqLYvBUqXwxzWVqINxusy8F4wDSxw+IqM5yAwq0pZgVzL+eCzT9 SzVohrz3SvxfA== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 01/10] common/verity: add and use _fsv_can_enable() Date: Sat, 10 Dec 2022 23:06:54 -0800 Message-Id: <20221211070704.341481-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Replace _fsv_have_hash_algorithm() with a more general function _fsv_can_enable() which checks whether 'fsverity enable' with the given parameters works. For now it is just used with --hash-alg or with no parameters, but soon it will be used with --block-size too. Signed-off-by: Eric Biggers --- common/verity | 17 ++++++----------- tests/generic/575 | 2 +- tests/generic/577 | 2 +- 3 files changed, 8 insertions(+), 13 deletions(-) diff --git a/common/verity b/common/verity index f98dcb07..1a53a7ea 100644 --- a/common/verity +++ b/common/verity @@ -42,13 +42,7 @@ _require_scratch_verity() # The filesystem may have fs-verity enabled but not actually usable by # default. E.g., ext4 only supports verity on extent-based files, so it # doesn't work on ext3-style filesystems. So, try actually using it. - echo foo > $SCRATCH_MNT/tmpfile - _disable_fsverity_signatures - _fsv_enable $SCRATCH_MNT/tmpfile - local status=$? - _restore_prev_fsverity_signatures - rm -f $SCRATCH_MNT/tmpfile - if (( $status != 0 )); then + if ! _fsv_can_enable $SCRATCH_MNT/tmpfile; then _notrun "$FSTYP verity isn't usable by default with these mkfs options" fi @@ -256,15 +250,16 @@ _fsv_create_enable_file() _fsv_enable "$file" "$@" } -_fsv_have_hash_algorithm() +_fsv_can_enable() { - local hash_alg=$1 - local test_file=$2 + local test_file=$1 + shift + local params=("$@") _disable_fsverity_signatures rm -f $test_file head -c 4096 /dev/zero > $test_file - _fsv_enable --hash-alg=$hash_alg $test_file &>> $seqres.full + _fsv_enable $test_file "${params[@]}" &>> $seqres.full local status=$? _restore_prev_fsverity_signatures rm -f $test_file diff --git a/tests/generic/575 b/tests/generic/575 index ffa6b61d..0ece8826 100755 --- a/tests/generic/575 +++ b/tests/generic/575 @@ -71,7 +71,7 @@ test_alg() _fsv_scratch_begin_subtest "Check for expected measurement values ($alg)" - if ! _fsv_have_hash_algorithm $alg $fsv_file; then + if ! _fsv_can_enable $fsv_file --hash-alg=$alg; then if [ "$alg" = sha256 ]; then _fail "Something is wrong - sha256 hash should always be available" fi diff --git a/tests/generic/577 b/tests/generic/577 index 5f7e0573..85d680df 100755 --- a/tests/generic/577 +++ b/tests/generic/577 @@ -112,7 +112,7 @@ _fsv_enable $fsv_file --signature=$sigfile.salted --salt=abcd cmp $fsv_file $fsv_orig_file echo -e "\n# Testing non-default hash algorithm" -if _fsv_have_hash_algorithm sha512 $fsv_file; then +if _fsv_can_enable $fsv_file --hash-alg=sha512; then reset_fsv_file _fsv_sign $fsv_orig_file $sigfile.sha512 --key=$keyfile \ --cert=$certfile --hash-alg=sha512 > /dev/null From patchwork Sun Dec 11 07:06:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070510 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C432C4332F for ; Sun, 11 Dec 2022 07:07:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230150AbiLKHHz (ORCPT ); Sun, 11 Dec 2022 02:07:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42582 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229775AbiLKHHx (ORCPT ); Sun, 11 Dec 2022 02:07:53 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71433328; Sat, 10 Dec 2022 23:07:46 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C7EC860CF2; Sun, 11 Dec 2022 07:07:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 06B2EC433F1; Sun, 11 Dec 2022 07:07:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742465; bh=psO0ZX6nJ2FtuYgmtkGSazEI/UfM/vdZQtAlmPfn/fs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=inJU8Cb+PgiWi/tm9t6otqAd3//7B+h56IfSSBx4FswQdf4mGTVDWWzVhQl1UC/13 DvDHei/manfGaCURh+AemGutOLweE6XCgPEpI/llpAiSjXb3p09KmoCB2QLeHgBPG6 y+pur9nMRFaKScGqKlc9ZJUafTCBDtc9TYzmNA1x36IB2qsR9IMefNtrF4BXjWTJLi KzPFH8Yk6q6ZmRopNCJTZx1vqWA1guDCro3CpsbZ2J3CFov2o93/vnDQ9MKODBtNnG 62YWxIMOY/xriaEt9gdsxGZHzX4JYSY6RsqxC4N7JZmISjiVOi4KJbNvkcoRuHIsNR w7r1ZgszjtS0g== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 02/10] common/verity: set FSV_BLOCK_SIZE to an appropriate value Date: Sat, 10 Dec 2022 23:06:55 -0800 Message-Id: <20221211070704.341481-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers In order to maximize the chance that the verity tests can actually be run, FSV_BLOCK_SIZE (the default Merkle tree size for the verity tests) needs to be min(fs_block_size, page_size), not simply page_size. The only reason that page_size was okay before was because the kernel only supported merkle_tree_block_size == fs_block_size == page_size anyway. But that is changing. Signed-off-by: Eric Biggers --- common/verity | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/common/verity b/common/verity index 1a53a7ea..a94ebf8e 100644 --- a/common/verity +++ b/common/verity @@ -13,6 +13,11 @@ if [ "$FSTYP" == "btrfs" ]; then fi fi +# Require fs-verity support on the scratch filesystem. +# +# FSV_BLOCK_SIZE will be set to a Merkle tree block size that is supported by +# the filesystem. Other sizes may be supported too, but FSV_BLOCK_SIZE is the +# only size that is guaranteed to work without any additional checks. _require_scratch_verity() { _require_scratch @@ -27,7 +32,7 @@ _require_scratch_verity() # Try to mount the filesystem. If this fails then either the kernel # isn't aware of fs-verity, or the mkfs options were not compatible with - # verity (e.g. ext4 with block size != PAGE_SIZE). + # verity (e.g. ext4 with block size != PAGE_SIZE on old kernels). if ! _try_scratch_mount &>>$seqres.full; then _notrun "kernel is unaware of $FSTYP verity feature," \ "or mkfs options are not compatible with verity" @@ -39,6 +44,27 @@ _require_scratch_verity() _notrun "kernel $FSTYP isn't configured with verity support" fi + # Select a default Merkle tree block size for when tests don't + # explicitly specify one. + # + # For consistency reasons, all 'fsverity' subcommands, including + # 'fsverity enable', default to 4K Merkle tree blocks. That's generally + # not ideal for tests, since it's possible that the filesystem doesn't + # support 4K blocks but does support another size. Specifically, the + # kernel originally supported only merkle_tree_block_size == + # fs_block_size == page_size, and later it was updated to support + # merkle_tree_block_size <= min(fs_block_size, page_size). + # + # Therefore, we default to merkle_tree_block_size == min(fs_block_size, + # page_size). That maximizes the chance of verity actually working. + local fs_block_size=$(_get_block_size $SCRATCH_MNT) + local page_size=$(get_page_size) + if (( fs_block_size <= page_size )); then + FSV_BLOCK_SIZE=$fs_block_size + else + FSV_BLOCK_SIZE=$page_size + fi + # The filesystem may have fs-verity enabled but not actually usable by # default. E.g., ext4 only supports verity on extent-based files, so it # doesn't work on ext3-style filesystems. So, try actually using it. @@ -47,10 +73,6 @@ _require_scratch_verity() fi _scratch_unmount - - # Merkle tree block size. Currently all filesystems only support - # PAGE_SIZE for this. This is also the default for 'fsverity enable'. - FSV_BLOCK_SIZE=$(get_page_size) } # Check for CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y, as well as the userspace From patchwork Sun Dec 11 07:06:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070518 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 576C9C3DA7B for ; Sun, 11 Dec 2022 07:08:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230186AbiLKHIC (ORCPT ); Sun, 11 Dec 2022 02:08:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230141AbiLKHHz (ORCPT ); Sun, 11 Dec 2022 02:07:55 -0500 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19BB9A463; Sat, 10 Dec 2022 23:07:48 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 2F61DCE0B01; Sun, 11 Dec 2022 07:07:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3E587C433F0; Sun, 11 Dec 2022 07:07:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742465; bh=R6jZ7zdfQigG689HseHD2EJYafMft1gQlkIU9/mxEmw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GhYG6RScuprveOH/r+Pnc5TVXeNHc3fXHnxsWAPB+jKf27+jz17ijj3su572aAkx8 mLpJt624KnJeOee7i/OqFRK5w3nVlB7V+NgXhw4HseRpacWCBnaZJwPQGBxfHqWJlm 4hUyt5HpVA+BM6W0C0emUxkuhCGLJUwBjQz3w6IG077lqCSNsFfUeANPKn2sblQ8Kv WeSQafpcmY2tFc7L5ffajGgz9OjObo4DecJPjCDOrJDgZZ1Z35WYEqq6JRzaLn2jai QVvBJnMFML7k78v5Z2kwPEyHY34ofBy136LTB/flwMABvzoPHv2myLBFWcjgaGddwG E5W1wca3Dc7qA== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 03/10] common/verity: use FSV_BLOCK_SIZE by default Date: Sat, 10 Dec 2022 23:06:56 -0800 Message-Id: <20221211070704.341481-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Make _fsv_enable() and _fsv_sign() default to FSV_BLOCK_SIZE if no block size is explicitly specified, so that the individual tests don't have to do this themselves. This overrides the fsverity-utils default of 4096 bytes, or the page size in older versions of fsverity-utils, both of which may differ from FSV_BLOCK_SIZE. Signed-off-by: Eric Biggers --- common/verity | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/common/verity b/common/verity index a94ebf8e..1c706b80 100644 --- a/common/verity +++ b/common/verity @@ -249,7 +249,13 @@ _fsv_dump_signature() _fsv_enable() { - $FSVERITY_PROG enable "$@" + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG enable "${args[@]}" } _fsv_measure() @@ -259,7 +265,13 @@ _fsv_measure() _fsv_sign() { - $FSVERITY_PROG sign "$@" + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG sign "${args[@]}" } # Generate a file, then enable verity on it. From patchwork Sun Dec 11 07:06:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070517 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C7DDC001B2 for ; Sun, 11 Dec 2022 07:08:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230174AbiLKHIB (ORCPT ); Sun, 11 Dec 2022 02:08:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230139AbiLKHHy (ORCPT ); Sun, 11 Dec 2022 02:07:54 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 603C0BE3A; Sat, 10 Dec 2022 23:07:48 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D9249B808C8; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75D03C433F2; Sun, 11 Dec 2022 07:07:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742465; bh=gahW09+3l+fw+3uIQS4lcxLRkJ6BbxZYWnSjC+cmIws=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AKT/gC7rOkzWf7slo3ggRc/4BooZ3kn+hc8OdW6DYOrUz7uegHmAos8ZUhXmppUUc mKNaTsdoaqPP2nUNG9hmVSIxJtoPqRwZ47QpwCqCWx3QlPqmFiIr4cgA6FoGHvSmav 40eGARbix0mLBEc0Ntf+XiXNOEZPml+9eeeqw5pmtkjGHxuiq6URb+OEAy3SGG6nus 3Sbf2X5sWWcxr2F7pSH0SKCpJLm6CRxnh3bAGjER3rVr53JpnDFjK3qYiISouYGAyB 9IAdVHUUUER/HChUb6wd5DtnKROZnDL5cu7kv2PwFtv0AD87/tXRE3bDrSKHdfi4Qt UajUm59h0qA+w== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 04/10] common/verity: add _filter_fsverity_digest() Date: Sat, 10 Dec 2022 23:06:57 -0800 Message-Id: <20221211070704.341481-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Add a filter that replaces fs-verity digests with a fixed string. This is needed because the fs-verity digests that some tests print are going to start depending on the default Merkle tree block size. Signed-off-by: Eric Biggers --- common/verity | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/common/verity b/common/verity index 1c706b80..b88e839b 100644 --- a/common/verity +++ b/common/verity @@ -406,3 +406,11 @@ _require_fsverity_max_file_size_limit() ;; esac } + +# Replace fs-verity digests, as formatted by the 'fsverity' tool, with . +# This function can be used by tests where fs-verity digests depend on the +# default Merkle tree block size (FSV_BLOCK_SIZE). +_filter_fsverity_digest() +{ + sed -E 's/\b(sha(256|512)):[a-f0-9]{64,}\b/\1:/' +} From patchwork Sun Dec 11 07:06:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12EACC4708D for ; Sun, 11 Dec 2022 07:08:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230175AbiLKHIB (ORCPT ); Sun, 11 Dec 2022 02:08:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230140AbiLKHHy (ORCPT ); Sun, 11 Dec 2022 02:07:54 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65FE5BF5B; Sat, 10 Dec 2022 23:07:48 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1E87EB80956; Sun, 11 Dec 2022 07:07:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ADF20C43396; Sun, 11 Dec 2022 07:07:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742465; bh=V8Ey0SwLCOJ9knxWE1VbNJnYffVGUO6Y70yYYPMrpqw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qObPhNNgn6VgTy4B9lHVKE4NsKO5Hd4eHJgFXF2r9E2LYNMrG97VoSPJ473+w5sHl qQVGanARksA88mhGI9+QS0X88LMq18pZNnQwMJWT8ekJU2fZ/Jj9ni9DvIGXiMmkBi f05wCrgsGecFd0ySfk2Zkw+4LFwLSPoDjJWwB9kVnYag5n+hgTkAW497qgD4PymVqW 5SaFYNvx4HWR/7/m2AC4bVdYSS4PRvmCXSbxGq6rEu5rXeznJbtqak8Zg1B23GOFfa HnMNmSBgT12Y++mt9MMRRTB35xQb9/VbLQr51wJmzQsn38sGU1qzopW0e5BawpgIQ7 g73tiRR6jD8Bg== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 05/10] generic/572: support non-4K Merkle tree block size Date: Sat, 10 Dec 2022 23:06:58 -0800 Message-Id: <20221211070704.341481-6-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/572 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Also remove an unused function. Signed-off-by: Eric Biggers --- tests/generic/572 | 21 ++++++--------------- tests/generic/572.out | 10 +++------- 2 files changed, 9 insertions(+), 22 deletions(-) diff --git a/tests/generic/572 b/tests/generic/572 index cded9ac6..d8071a34 100755 --- a/tests/generic/572 +++ b/tests/generic/572 @@ -9,7 +9,7 @@ # - conditions for enabling verity # - verity files have correct contents and size # - can't change contents of verity files, but can change metadata -# - can retrieve a verity file's measurement via FS_IOC_MEASURE_VERITY +# - can retrieve a verity file's digest via FS_IOC_MEASURE_VERITY # . ./common/preamble _begin_fstest auto quick verity @@ -48,15 +48,6 @@ verify_data_readable() md5sum $file > /dev/null } -verify_data_unreadable() -{ - local file=$1 - - # try both reading just the first data block, and reading until EOF - head -c $FSV_BLOCK_SIZE $file 2>&1 >/dev/null | filter_output - md5sum $file |& filter_output -} - _fsv_scratch_begin_subtest "Enabling verity on file with verity already enabled fails with EEXIST" _fsv_create_enable_file $fsv_file echo "(trying again)" @@ -94,7 +85,7 @@ verify_data_readable $fsv_file _fsv_scratch_begin_subtest "Enabling verity can be interrupted" dd if=/dev/zero of=$fsv_file bs=1 count=0 seek=$((1 << 34)) status=none start_time=$(date +%s) -$FSVERITY_PROG enable $fsv_file & +$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file & sleep 0.5 kill %1 wait @@ -106,7 +97,7 @@ fi _fsv_scratch_begin_subtest "Enabling verity on file with verity already being enabled fails with EBUSY" dd if=/dev/zero of=$fsv_file bs=1 count=0 seek=$((1 << 34)) status=none start_time=$(date +%s) -$FSVERITY_PROG enable $fsv_file & +$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file & sleep 0.5 _fsv_enable $fsv_file |& filter_output kill %1 @@ -129,7 +120,7 @@ verify_data_readable $fsv_file _fsv_scratch_begin_subtest "verity file can be measured" _fsv_create_enable_file $fsv_file >> $seqres.full -_fsv_measure $fsv_file +_fsv_measure $fsv_file | _filter_fsverity_digest _fsv_scratch_begin_subtest "verity file can be renamed" _fsv_create_enable_file $fsv_file @@ -170,8 +161,8 @@ verify_data_readable $fsv_file # Test files <= 1 block in size. These are a bit of a special case since there # are no hash blocks; the root hash is calculated directly over the data block. +_fsv_scratch_begin_subtest "verity on small files" for size in 1 $((FSV_BLOCK_SIZE - 1)) $FSV_BLOCK_SIZE; do - _fsv_scratch_begin_subtest "verity on $size-byte file" head -c $size /dev/urandom > $fsv_orig_file cp $fsv_orig_file $fsv_file _fsv_enable $fsv_file @@ -179,7 +170,7 @@ for size in 1 $((FSV_BLOCK_SIZE - 1)) $FSV_BLOCK_SIZE; do rm -f $fsv_file done -_fsv_scratch_begin_subtest "verity on 100M file (multiple levels in hash tree)" +_fsv_scratch_begin_subtest "verity on 100MB file (multiple levels in hash tree)" head -c 100000000 /dev/urandom > $fsv_orig_file cp $fsv_orig_file $fsv_file _fsv_enable $fsv_file diff --git a/tests/generic/572.out b/tests/generic/572.out index ad381629..d703835b 100644 --- a/tests/generic/572.out +++ b/tests/generic/572.out @@ -39,7 +39,7 @@ bash: SCRATCH_MNT/file.fsv: Operation not permitted # verity file can be read # verity file can be measured -sha256:be54121da3877f8852c65136d731784f134c4dd9d95071502e80d7be9f99b263 +sha256: # verity file can be renamed @@ -58,16 +58,12 @@ sha256:be54121da3877f8852c65136d731784f134c4dd9d95071502e80d7be9f99b263 # Trying to measure non-verity file fails with ENODATA ERROR: FS_IOC_MEASURE_VERITY failed on 'SCRATCH_MNT/file.fsv': No data available -# verity on 1-byte file +# verity on small files Files matched - -# verity on 4095-byte file Files matched - -# verity on 4096-byte file Files matched -# verity on 100M file (multiple levels in hash tree) +# verity on 100MB file (multiple levels in hash tree) Files matched # verity on sparse file From patchwork Sun Dec 11 07:06:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070512 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDCF3C10F1E for ; Sun, 11 Dec 2022 07:07:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230163AbiLKHH6 (ORCPT ); Sun, 11 Dec 2022 02:07:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42590 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230025AbiLKHHx (ORCPT ); Sun, 11 Dec 2022 02:07:53 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94244320; Sat, 10 Dec 2022 23:07:47 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9239B60C95; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E5AC3C433F1; Sun, 11 Dec 2022 07:07:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742466; bh=5XdxmPbQ5uD8EQjNq6Wlsk6Jo13qeKOFtp/IbedmcHU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cOdqFCDvbeOW6R31uQpU9YRltjGSunNsiKpchFE6NrxA/O3AH7viudKFUlCcjbL1k tuSaIxvNWsJXdLQdz4Cc320c4YBnIhyhSed2XesPgAjkLOqQQWz934OtvUyeFwh5op RxOxiUDoTCTFZazmrwXpQ0Nw11IhfUco/UXtpvo2siVA3Ok05VctSvXScsJqK0h/ma EyDkeLsSL5myQDZmAXJQONaQvpU5oTW5YzrsomocW266f3F6K9gQ32vGoTKbSFrJAE 0fXy+z01TXnNIEDy8rfsttJO7hmZfA+RO4VqLGM1GIaWXUnZW0s2RSxpjEPiZ8Jsyv a30d/ShnRQcDQ== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 06/10] generic/573: support non-4K Merkle tree block size Date: Sat, 10 Dec 2022 23:06:59 -0800 Message-Id: <20221211070704.341481-7-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/573 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Signed-off-by: Eric Biggers --- tests/generic/573 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/generic/573 b/tests/generic/573 index 63c0aef5..ca0f27f9 100755 --- a/tests/generic/573 +++ b/tests/generic/573 @@ -36,23 +36,23 @@ fsv_file=$SCRATCH_MNT/file.fsv _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY doesn't require root" echo foo > $fsv_file chmod 666 $fsv_file -_user_do "$FSVERITY_PROG enable $fsv_file" +_user_do "$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file" _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires write access" echo foo > $fsv_file >> $seqres.full chmod 444 $fsv_file -_user_do "$FSVERITY_PROG enable $fsv_file" |& _filter_scratch +_user_do "$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file" |& _filter_scratch _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !append-only" echo foo > $fsv_file >> $seqres.full $CHATTR_PROG +a $fsv_file -$FSVERITY_PROG enable $fsv_file |& _filter_scratch +_fsv_enable $fsv_file |& _filter_scratch $CHATTR_PROG -a $fsv_file _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !immutable" echo foo > $fsv_file >> $seqres.full $CHATTR_PROG +i $fsv_file -$FSVERITY_PROG enable $fsv_file |& _filter_scratch +_fsv_enable $fsv_file |& _filter_scratch $CHATTR_PROG -i $fsv_file _fsv_scratch_begin_subtest "FS_IOC_MEASURE_VERITY doesn't require root" From patchwork Sun Dec 11 07:07:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AB5FC2D0CB for ; Sun, 11 Dec 2022 07:08:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230036AbiLKHH7 (ORCPT ); Sun, 11 Dec 2022 02:07:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230118AbiLKHHy (ORCPT ); Sun, 11 Dec 2022 02:07:54 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F49C5F76; Sat, 10 Dec 2022 23:07:47 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EBF0E60DBE; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 292E2C43398; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742466; bh=I4KycfrJoluDh3XxkUca9i14tk/eHh0ttbMMC9iWP/s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QPACzPIivRbHhcZrLNNr3YlOXBjtFNaoVp9zzgzNrNWYRjie86XEdxH93NAkUHFEp 4EOzCGF6SAUST5LKSZ0Wah2sXzYJXKskUUeY6SaJZIEOOaeNStsDtcUnTJRc+/CNPE DmyLHm2yxOEPIwcEA73wbZJk/Ca5B8HorWG0Es62RncUZyTkJLbyE4qub3NRMqSS/H E6Ae5+/cUzFHr6eL1WAKXFti38YS4EblGOmgey4sz1eEIeaaHv6Wh4QjJ3w41cxtKi 5Gm4FDfJwwEo3K3l6AIlM/AP7+PUIGIl68/0z3SeM1DPSqvv5UcGbPiJy82cgnWItR VxTR2vHcSt7Jg== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 07/10] generic/577: support non-4K Merkle tree block size Date: Sat, 10 Dec 2022 23:07:00 -0800 Message-Id: <20221211070704.341481-8-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/577 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Signed-off-by: Eric Biggers --- tests/generic/577 | 22 ++++++++++++---------- tests/generic/577.out | 10 +++++----- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/tests/generic/577 b/tests/generic/577 index 85d680df..bbbfdb0a 100755 --- a/tests/generic/577 +++ b/tests/generic/577 @@ -38,6 +38,11 @@ sigfile=$tmp.sig otherfile=$SCRATCH_MNT/otherfile othersigfile=$tmp.othersig +sign() +{ + _fsv_sign "$@" | _filter_scratch | _filter_fsverity_digest +} + # Setup echo -e "\n# Generating certificates and private keys" @@ -57,14 +62,13 @@ _enable_fsverity_signatures echo -e "\n# Generating file and signing it for fs-verity" head -c 100000 /dev/zero > $fsv_orig_file for suffix in '' '.2'; do - _fsv_sign $fsv_orig_file $sigfile$suffix --key=$keyfile$suffix \ - --cert=$certfile$suffix | _filter_scratch + sign $fsv_orig_file $sigfile$suffix --key=$keyfile$suffix \ + --cert=$certfile$suffix done echo -e "\n# Signing a different file for fs-verity" head -c 100000 /dev/zero | tr '\0' 'X' > $otherfile -_fsv_sign $otherfile $othersigfile --key=$keyfile --cert=$certfile \ - | _filter_scratch +sign $otherfile $othersigfile --key=$keyfile --cert=$certfile # Actual tests @@ -106,16 +110,15 @@ _fsv_enable $fsv_file --signature=$tmp.malformed_sig |& _filter_scratch echo -e "\n# Testing salt" reset_fsv_file -_fsv_sign $fsv_orig_file $sigfile.salted --key=$keyfile --cert=$certfile \ - --salt=abcd | _filter_scratch +sign $fsv_orig_file $sigfile.salted --key=$keyfile --cert=$certfile --salt=abcd _fsv_enable $fsv_file --signature=$sigfile.salted --salt=abcd cmp $fsv_file $fsv_orig_file echo -e "\n# Testing non-default hash algorithm" if _fsv_can_enable $fsv_file --hash-alg=sha512; then reset_fsv_file - _fsv_sign $fsv_orig_file $sigfile.sha512 --key=$keyfile \ - --cert=$certfile --hash-alg=sha512 > /dev/null + sign $fsv_orig_file $sigfile.sha512 --key=$keyfile --cert=$certfile \ + --hash-alg=sha512 > /dev/null _fsv_enable $fsv_file --signature=$sigfile.sha512 --hash-alg=sha512 cmp $fsv_file $fsv_orig_file fi @@ -123,8 +126,7 @@ fi echo -e "\n# Testing empty file" rm -f $fsv_file echo -n > $fsv_file -_fsv_sign $fsv_file $sigfile.emptyfile --key=$keyfile --cert=$certfile | \ - _filter_scratch +sign $fsv_file $sigfile.emptyfile --key=$keyfile --cert=$certfile _fsv_enable $fsv_file --signature=$sigfile.emptyfile # success, all done diff --git a/tests/generic/577.out b/tests/generic/577.out index 0ca417c4..4f360d57 100644 --- a/tests/generic/577.out +++ b/tests/generic/577.out @@ -9,11 +9,11 @@ QA output created by 577 # Enabling fs.verity.require_signatures # Generating file and signing it for fs-verity -Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac) -Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac) +Signed file 'SCRATCH_MNT/file' (sha256:) +Signed file 'SCRATCH_MNT/file' (sha256:) # Signing a different file for fs-verity -Signed file 'SCRATCH_MNT/otherfile' (sha256:b2a419c5a8c767a78c6275d6729794bf51e52ddf8713e31d12a93d61d961f49f) +Signed file 'SCRATCH_MNT/otherfile' (sha256:) # Enabling verity with valid signature (should succeed) @@ -33,9 +33,9 @@ ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Key was rejected b ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Bad message # Testing salt -Signed file 'SCRATCH_MNT/file' (sha256:1cb173bcd199133eb80e9ea4f0f741001b9e73227aa8812685156f2bc8ff45f5) +Signed file 'SCRATCH_MNT/file' (sha256:) # Testing non-default hash algorithm # Testing empty file -Signed file 'SCRATCH_MNT/file.fsv' (sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95) +Signed file 'SCRATCH_MNT/file.fsv' (sha256:) From patchwork Sun Dec 11 07:07:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070520 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98BD7C25B04 for ; Sun, 11 Dec 2022 07:08:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230192AbiLKHID (ORCPT ); Sun, 11 Dec 2022 02:08:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42610 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230142AbiLKHHz (ORCPT ); Sun, 11 Dec 2022 02:07:55 -0500 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43FED6271; Sat, 10 Dec 2022 23:07:49 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 1636ECE010F; Sun, 11 Dec 2022 07:07:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 610EBC4339B; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742466; bh=nrkQXIoWCqYJDiO8TdnndxrMelAO8KLzT+5blm/T28c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QR3Ir1/w0Saogh8KNc/zaVM2XO9LEyTPCtjhR0ax3fw7JjNhCiTAu7BsftfBYR4q2 0wHLuHcdw1GdcZqPM9MaolqsPF/NQjRO60OIavooZd3vBkIzfv3sq9AUcQqkziuB4B K1olNuRm6UCdvjWr39HmweY0071pd8fNJm24NxFqCa2ALs5yxTon8xVf6CZAeEbTY1 0xZ+rhvsu6uU9mHu7WsgQTTSWrgdlqVC/Sqp0EL8kb83Vp7zZ5viKAxwN4h03pFKlQ bO4rDj/Xh9sWUo3kYP9cm15ez7sXY+Ss9QXit+tiVCKB6SO3ZVtw1eEDTwIINRnP6o Y4DMknY+9CmXA== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 08/10] generic/574: test multiple Merkle tree block sizes Date: Sat, 10 Dec 2022 23:07:01 -0800 Message-Id: <20221211070704.341481-9-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Instead of only testing 4K Merkle tree blocks, test FSV_BLOCK_SIZE, and also other sizes if they happen to be supported. This allows this test to run in cases where it couldn't before and improves test coverage in cases where it did run before. Given that the list of Merkle tree block sizes that will actually work is not fixed, this required reworking the test to not rely on the .out file so heavily. Signed-off-by: Eric Biggers --- tests/generic/574 | 174 ++++++++++++++++++++++++++---------------- tests/generic/574.out | 83 ++------------------ 2 files changed, 112 insertions(+), 145 deletions(-) diff --git a/tests/generic/574 b/tests/generic/574 index fd4488c9..0da3382c 100755 --- a/tests/generic/574 +++ b/tests/generic/574 @@ -37,18 +37,19 @@ fsv_file=$SCRATCH_MNT/file.fsv setup_zeroed_file() { - local len=$1 - local sparse=$2 + local block_size=$1 + local file_len=$2 + local sparse=$3 if $sparse; then - dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$len \ + dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$file_len \ status=none else - head -c $len /dev/zero > $fsv_orig_file + head -c $file_len /dev/zero > $fsv_orig_file fi cp $fsv_orig_file $fsv_file - _fsv_enable $fsv_file - md5sum $fsv_file |& _filter_scratch + _fsv_enable $fsv_file --block-size=$block_size + cmp $fsv_orig_file $fsv_file } filter_sigbus() @@ -66,63 +67,84 @@ round_up_to_page_boundary() corruption_test() { - local file_len=$1 - local zap_offset=$2 - local zap_len=$3 - local is_merkle_tree=${4:-false} # if true, zap tree instead of data - local use_sparse_file=${5:-false} + local block_size=$1 + local file_len=$2 + local zap_offset=$3 + local zap_len=$4 + local is_merkle_tree=${5:-false} # if true, zap tree instead of data + local use_sparse_file=${6:-false} local page_aligned_eof=$(round_up_to_page_boundary $file_len) - local measurement + + local paramstr="block_size=$block_size" + paramstr+=", file_len=$file_len" + paramstr+=", zap_offset=$zap_offset" + paramstr+=", zap_len=$zap_len" + paramstr+=", is_merkle_tree=$is_merkle_tree" + paramstr+=", use_sparse_file=$use_sparse_file" if $is_merkle_tree; then local corrupt_func=_fsv_scratch_corrupt_merkle_tree else local corrupt_func=_fsv_scratch_corrupt_bytes fi + local fs_block_size=$(_get_block_size $SCRATCH_MNT) - local msg="Corruption test:" - msg+=" file_len=$file_len" - if $use_sparse_file; then - msg+=" (sparse)" - fi - msg+=" zap_offset=$zap_offset" - if $is_merkle_tree; then - msg+=" (in Merkle tree)" - fi - msg+=" zap_len=$zap_len" + rm -rf "${SCRATCH_MNT:?}"/* + setup_zeroed_file $block_size $file_len $use_sparse_file - _fsv_scratch_begin_subtest "$msg" - setup_zeroed_file $file_len $use_sparse_file - cmp $fsv_file $fsv_orig_file - echo "Corrupting bytes..." + # Corrupt part of the file (data or Merkle tree). head -c $zap_len /dev/zero | tr '\0' X \ | $corrupt_func $fsv_file $zap_offset - echo "Validating corruption (reading full file)..." + # Reading the full file with buffered I/O should fail. _scratch_cycle_mount - md5sum $fsv_file |& _filter_scratch + if cat $fsv_file >/dev/null 2>$tmp.out; then + echo "Unexpectedly was able to read full file ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.out; then + echo "Wrong error reading full file ($paramstr):" + cat $tmp.out + fi - echo "Validating corruption (direct I/O)..." + # Reading the full file with direct I/O should fail. _scratch_cycle_mount - dd if=$fsv_file bs=$FSV_BLOCK_SIZE iflag=direct status=none \ - of=/dev/null |& _filter_scratch + if dd if=$fsv_file bs=$fs_block_size iflag=direct status=none \ + of=/dev/null 2>$tmp.out + then + echo "Unexpectedly was able to read full file with DIO ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.out; then + echo "Wrong error reading full file with DIO ($paramstr):" + cat $tmp.out + fi - if (( zap_offset < file_len )) && ! $is_merkle_tree; then - echo "Validating corruption (reading just corrupted part)..." - dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \ - of=/dev/null status=none |& _filter_scratch + # Reading just the corrupted part of the file should fail. + if ! $is_merkle_tree; then + if dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \ + of=/dev/null status=none 2>$tmp.out; then + echo "Unexpectedly was able to read corrupted part ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.out; then + echo "Wrong error reading corrupted part ($paramstr):" + cat $tmp.out + fi fi - echo "Validating corruption (reading full file via mmap)..." + # Reading the file via mmap should fail. bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ - -c 'mread 0 $file_len'" |& filter_sigbus + -c 'mread 0 $file_len'" >/dev/null 2>$tmp.out + if ! grep -q 'Bus error' $tmp.out; then + echo "Didn't see SIGBUS when reading file via mmap" + cat $tmp.out + fi + # Reading just the corrupted part via mmap should fail. if ! $is_merkle_tree; then - echo "Validating corruption (reading just corrupted part via mmap)..." bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ - -c 'mread $zap_offset $zap_len'" |& filter_sigbus + -c 'mread $zap_offset $zap_len'" >/dev/null 2>$tmp.out + if ! grep -q 'Bus error' $tmp.out; then + echo "Didn't see SIGBUS when reading corrupted part via mmap" + cat $tmp.out + fi fi } @@ -132,17 +154,16 @@ corruption_test() # disk. In the former, corruption should be detected and result in SIGBUS, # while in the latter we would expect zeros past EOF, but no error. corrupt_eof_block_test() { - local file_len=$1 - local zap_len=$2 + local block_size=$1 + local file_len=$2 + local zap_len=$3 local page_aligned_eof=$(round_up_to_page_boundary $file_len) - _fsv_scratch_begin_subtest "Corruption test: EOF block" - setup_zeroed_file $file_len false - cmp $fsv_file $fsv_orig_file - echo "Corrupting bytes..." + + rm -rf "${SCRATCH_MNT:?}"/* + setup_zeroed_file $block_size $file_len false head -c $zap_len /dev/zero | tr '\0' X \ | _fsv_scratch_corrupt_bytes $fsv_file $file_len - echo "Reading eof block via mmap into a temporary file..." bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ -c 'mread -v $file_len $zap_len'" \ @@ -153,30 +174,49 @@ corrupt_eof_block_test() { -c "mmap -r 0 $page_aligned_eof" \ -c "mread -v $file_len $zap_len" >$tmp.eof_zero_read - echo "Checking for SIGBUS or zeros..." - grep -q -e '^Bus error$' $tmp.eof_block_read \ - || diff $tmp.eof_block_read $tmp.eof_zero_read \ - && echo "OK" + grep -q -e '^Bus error$' $tmp.eof_block_read || \ + diff $tmp.eof_block_read $tmp.eof_zero_read } -# Note: these tests just overwrite some bytes without checking their original -# values. Therefore, make sure to overwrite at least 5 or so bytes, to make it -# nearly guaranteed that there will be a change -- even when the test file is -# encrypted due to the test_dummy_encryption mount option being specified. - -corruption_test 131072 0 5 -corruption_test 131072 4091 5 -corruption_test 131072 65536 65536 -corruption_test 131072 131067 5 - -corrupt_eof_block_test 130999 72 - -# Merkle tree corruption. -corruption_test 200000 100 10 true +test_block_size() +{ + local block_size=$1 + + # Note: these tests just overwrite some bytes without checking their + # original values. Therefore, make sure to overwrite at least 5 or so + # bytes, to make it nearly guaranteed that there will be a change -- + # even when the test file is encrypted due to the test_dummy_encryption + # mount option being specified. + corruption_test $block_size 131072 0 5 + corruption_test $block_size 131072 4091 5 + corruption_test $block_size 131072 65536 65536 + corruption_test $block_size 131072 131067 5 + + corrupt_eof_block_test $block_size 130999 72 + + # Merkle tree corruption. + corruption_test $block_size 200000 100 10 true + + # Sparse file. Corrupting the Merkle tree should still cause reads to + # fail, i.e. the filesystem must verify holes. + corruption_test $block_size 200000 100 10 true true +} -# Sparse file. Corrupting the Merkle tree should still cause reads to fail, -# i.e. the filesystem must verify holes. -corruption_test 200000 100 10 true true +# Always test FSV_BLOCK_SIZE. Also test some other block sizes if they happen +# to be supported. +_fsv_scratch_begin_subtest "Corruption test with block_size=FSV_BLOCK_SIZE" +test_block_size $FSV_BLOCK_SIZE +for block_size in 1024 4096 16384 65536; do + _fsv_scratch_begin_subtest "Corruption test with block_size=$block_size" + if (( block_size == FSV_BLOCK_SIZE )); then + continue + fi + if ! _fsv_can_enable $fsv_file --block-size=$block_size; then + echo "block_size=$block_size is unsupported" >> $seqres.full + continue + fi + test_block_size $block_size +done # success, all done status=0 diff --git a/tests/generic/574.out b/tests/generic/574.out index d40d1263..248aee78 100644 --- a/tests/generic/574.out +++ b/tests/generic/574.out @@ -1,84 +1,11 @@ QA output created by 574 -# Corruption test: file_len=131072 zap_offset=0 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Corruption test with block_size=FSV_BLOCK_SIZE -# Corruption test: file_len=131072 zap_offset=4091 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Corruption test with block_size=1024 -# Corruption test: file_len=131072 zap_offset=65536 zap_len=65536 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Corruption test with block_size=4096 -# Corruption test: file_len=131072 zap_offset=131067 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Corruption test with block_size=16384 -# Corruption test: EOF block -f5cca0d7fbb8b02bc6118a9954d5d306 SCRATCH_MNT/file.fsv -Corrupting bytes... -Reading eof block via mmap into a temporary file... -Checking for SIGBUS or zeros... -OK - -# Corruption test: file_len=200000 zap_offset=100 (in Merkle tree) zap_len=10 -4a1e4325031b13f933ac4f1db9ecb63f SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error - -# Corruption test: file_len=200000 (sparse) zap_offset=100 (in Merkle tree) zap_len=10 -4a1e4325031b13f933ac4f1db9ecb63f SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error +# Corruption test with block_size=65536 From patchwork Sun Dec 11 07:07:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070511 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FD1FC4708D for ; Sun, 11 Dec 2022 07:07:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229775AbiLKHH4 (ORCPT ); Sun, 11 Dec 2022 02:07:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229835AbiLKHHx (ORCPT ); Sun, 11 Dec 2022 02:07:53 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4988E5F59; Sat, 10 Dec 2022 23:07:47 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D824C60DBD; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9929DC433D2; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742466; bh=XqzzKgPphDqDWOKgzBO6+WQYXV1pPWbUsBCGp+2VUf4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aPn1V3oZs3wrjyyrDgwNZ+ibb/b8GpovJxrMGt0r4dPTSL+uabvW3tnWuzMGZGyKD A3EGjLrNXGTEA54VMj+T/6Hz26rjKSZmeCoQ6tm6HMObLBNsj48BfMLWHVWdrVi9n3 +nr4ziT3K8xsl21cW2F2WZfcHVvqROSrO/AGCF9YA733DPdgcgzRDBjfYQj9+KUUQV agg8FvDZa0Ax+IAQO6GfcomWIPuYYUhvSbYeYkiJ123OZFBzYWhrThTB32ovKnz0f+ xPmdbkq0LDIdjZVP3I4u+fE1O/jGVCkXtOwZQ+jasVqhQCk3vKw/uL6R/L76g2/SIT KfWlNqnslA7YQ== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 09/10] generic/624: test multiple Merkle tree block sizes Date: Sat, 10 Dec 2022 23:07:02 -0800 Message-Id: <20221211070704.341481-10-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Instead of only testing 4K Merkle tree blocks, test FSV_BLOCK_SIZE, and also other sizes if they happen to be supported. This allows this test to run in cases where it couldn't before and improves test coverage in cases where it did run before. This required reworking the test to compute the expected digests using the 'fsverity digest' command, instead of relying on .out file comparisons. (There isn't much downside to this, since comparison to known-good file digests already happens in generic/575. So if both the kernel and fsverity-utils were to be broken in the same way, generic/575 would detect it. generic/624 serves a different purpose.) Signed-off-by: Eric Biggers --- common/verity | 11 ++++ tests/generic/624 | 119 ++++++++++++++++++++++++++++++------------ tests/generic/624.out | 15 ++---- 3 files changed, 101 insertions(+), 44 deletions(-) diff --git a/common/verity b/common/verity index b88e839b..36a0f7d1 100644 --- a/common/verity +++ b/common/verity @@ -263,6 +263,17 @@ _fsv_measure() $FSVERITY_PROG measure "$@" | awk '{print $1}' } +_fsv_digest() +{ + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG digest "${args[@]}" | awk '{print $1}' +} + _fsv_sign() { local args=("$@") diff --git a/tests/generic/624 b/tests/generic/624 index 7c447289..87a1e9d2 100755 --- a/tests/generic/624 +++ b/tests/generic/624 @@ -24,48 +24,99 @@ _cleanup() _supported_fs generic _require_scratch_verity _disable_fsverity_signatures -# For the output of this test to always be the same, it has to use a specific -# Merkle tree block size. -if [ $FSV_BLOCK_SIZE != 4096 ]; then - _notrun "4096-byte verity block size not supported on this platform" -fi +fsv_orig_file=$SCRATCH_MNT/file +fsv_file=$SCRATCH_MNT/file.fsv _scratch_mkfs_verity &>> $seqres.full _scratch_mount - -echo -e "\n# Creating a verity file" -fsv_file=$SCRATCH_MNT/file -# Always use the same file contents, so that the output of the test is always -# the same. Also use a file that is large enough to have multiple Merkle tree -# levels, so that the test verifies that the blocks are returned in the expected -# order. A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will -# have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1. -head -c 1000000 /dev/zero > $fsv_file -merkle_tree_size=$((3 * FSV_BLOCK_SIZE)) -fsverity_descriptor_size=256 -_fsv_enable $fsv_file --salt=abcd +_fsv_create_enable_file $fsv_file _require_fsverity_dump_metadata $fsv_file -_fsv_measure $fsv_file -echo -e "\n# Dumping Merkle tree" -_fsv_dump_merkle_tree $fsv_file | sha256sum +# Test FS_IOC_READ_VERITY_METADATA on a file that uses the given Merkle tree +# block size. +test_block_size() +{ + local block_size=$1 + local digest_size=32 # assuming SHA-256 + local i + + # Create the file. Make the file size big enough to result in multiple + # Merkle tree levels being needed. The following expression computes a + # file size that needs 2 blocks at level 0, and thus 1 block at level 1. + local file_size=$((block_size * (2 * (block_size / digest_size)))) + head -c $file_size /dev/zero > $fsv_orig_file + local tree_params=("--salt=abcd" "--block-size=$block_size") + cp $fsv_orig_file $fsv_file + _fsv_enable $fsv_file "${tree_params[@]}" + + # Use the 'fsverity digest' command to compute the expected Merkle tree, + # descriptor, and file digest. + # + # Ideally we'd just hard-code expected values into the .out file and + # echo the actual values. That doesn't quite work here, since all these + # values depend on the Merkle tree block size, and the Merkle tree block + # sizes that are supported (and thus get tested here) vary. Therefore, + # we calculate the expected values in userspace with the help of + # 'fsverity digest', then do explicit comparisons with them. This works + # fine as long as fsverity-utils and the kernel don't get broken in the + # same way, in which case generic/575 should detect the problem anyway. + local expected_file_digest=$(_fsv_digest $fsv_orig_file \ + "${tree_params[@]}" \ + --out-merkle-tree=$tmp.merkle_tree.expected \ + --out-descriptor=$tmp.descriptor.expected) + local merkle_tree_size=$(_get_filesize $tmp.merkle_tree.expected) + local descriptor_size=$(_get_filesize $tmp.descriptor.expected) -echo -e "\n# Dumping Merkle tree (in chunks)" -# The above test may get the whole tree in one read, so also try reading it in -# chunks. -for (( i = 0; i < merkle_tree_size; i += 997 )); do - _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997 -done | sha256sum + # 'fsverity measure' should return the expected file digest. + local actual_file_digest=$(_fsv_measure $fsv_file) + if [ "$actual_file_digest" != "$expected_file_digest" ]; then + echo "Measure returned $actual_file_digest but expected $expected_file_digest" + fi -echo -e "\n# Dumping descriptor" -# Note that the hash that is printed here should be the same hash that was -# printed by _fsv_measure above. -_fsv_dump_descriptor $fsv_file | sha256sum + # Test dumping the Merkle tree. + _fsv_dump_merkle_tree $fsv_file > $tmp.merkle_tree.actual + if ! cmp $tmp.merkle_tree.expected $tmp.merkle_tree.actual; then + echo "Dumped Merkle tree didn't match" + fi + + # Test dumping the Merkle tree in chunks. + for (( i = 0; i < merkle_tree_size; i += 997 )); do + _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997 + done > $tmp.merkle_tree.actual + if ! cmp $tmp.merkle_tree.expected $tmp.merkle_tree.actual; then + echo "Dumped Merkle tree (in chunks) didn't match" + fi + + # Test dumping the descriptor. + _fsv_dump_descriptor $fsv_file > $tmp.descriptor.actual + if ! cmp $tmp.descriptor.expected $tmp.descriptor.actual; then + echo "Dumped descriptor didn't match" + fi + + # Test dumping the descriptor in chunks. + for (( i = 0; i < descriptor_size; i += 13 )); do + _fsv_dump_descriptor $fsv_file --offset=$i --length=13 + done > $tmp.descriptor.actual + if ! cmp $tmp.descriptor.expected $tmp.descriptor.actual; then + echo "Dumped descriptor (in chunks) didn't match" + fi +} -echo -e "\n# Dumping descriptor (in chunks)" -for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do - _fsv_dump_descriptor $fsv_file --offset=$i --length=13 -done | sha256sum +# Always test FSV_BLOCK_SIZE. Also test some other block sizes if they happen +# to be supported. +_fsv_scratch_begin_subtest "Testing FS_IOC_READ_VERITY_METADATA with block_size=FSV_BLOCK_SIZE" +test_block_size $FSV_BLOCK_SIZE +for block_size in 1024 4096 16384 65536; do + _fsv_scratch_begin_subtest "Testing FS_IOC_READ_VERITY_METADATA with block_size=$block_size" + if (( block_size == FSV_BLOCK_SIZE )); then + continue + fi + if ! _fsv_can_enable $fsv_file --block-size=$block_size; then + echo "block_size=$block_size is unsupported" >> $seqres.full + continue + fi + test_block_size $block_size +done # success, all done status=0 diff --git a/tests/generic/624.out b/tests/generic/624.out index 912826d3..97d5691a 100644 --- a/tests/generic/624.out +++ b/tests/generic/624.out @@ -1,16 +1,11 @@ QA output created by 624 -# Creating a verity file -sha256:11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 +# Testing FS_IOC_READ_VERITY_METADATA with block_size=FSV_BLOCK_SIZE -# Dumping Merkle tree -db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 - +# Testing FS_IOC_READ_VERITY_METADATA with block_size=1024 -# Dumping Merkle tree (in chunks) -db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 - +# Testing FS_IOC_READ_VERITY_METADATA with block_size=4096 -# Dumping descriptor -11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 - +# Testing FS_IOC_READ_VERITY_METADATA with block_size=16384 -# Dumping descriptor (in chunks) -11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 - +# Testing FS_IOC_READ_VERITY_METADATA with block_size=65536 From patchwork Sun Dec 11 07:07:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13070515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A690C2D0CD for ; Sun, 11 Dec 2022 07:07:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230025AbiLKHH6 (ORCPT ); Sun, 11 Dec 2022 02:07:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230036AbiLKHHx (ORCPT ); Sun, 11 Dec 2022 02:07:53 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99EC55F5C; Sat, 10 Dec 2022 23:07:47 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1BD5160DBC; Sun, 11 Dec 2022 07:07:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D09AEC433F1; Sun, 11 Dec 2022 07:07:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670742466; bh=b3bIyJ4TnmtvkkKCix58sU220caoIb+53Q6lkzuhMeI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tjJMCnhmkHUKiZwg7MoQcnXBZPK1T2sUc1tdHXOewNRqHK9o5Q9m0DQB+jbDHuqQz OtZfCj1Yd4o2Y7GmHfLYRIx7q/qIllgi5tp9P7DoK/n+JMNLiaU4ayb/TrtnlaXszI 5ETm9l/ygG1orYwgm06WIthlM5EsM2a8IW5Hgs98u8t32uiTjj9UYwLmyfD+zg3OVC jHpa0BYgbu7Y3svnBejxPaAdo9+VoDB0hYMG0baJgtu9iD5+MERXSSUiVnRbv29Dk7 jWozXnYwf5ap0AGuaNwoKIYhLO4Cc2udze1b1oYa0XJGJ7lzYfDfGXZIgXm197qXKJ zHGmO+3sxt4hQ== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH 10/10] generic/575: test 1K Merkle tree block size Date: Sat, 10 Dec 2022 23:07:03 -0800 Message-Id: <20221211070704.341481-11-ebiggers@kernel.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221211070704.341481-1-ebiggers@kernel.org> References: <20221211070704.341481-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers In addition to 4K, test 1K Merkle tree blocks. Also always run this test, regardless of FSV_BLOCK_SIZE, but allow skipping tests of parameters that are unsupported, unless they are the default. Signed-off-by: Eric Biggers --- tests/generic/575 | 58 ++++++++++++++++++++++++++++++------------- tests/generic/575.out | 8 ++++-- 2 files changed, 47 insertions(+), 19 deletions(-) diff --git a/tests/generic/575 b/tests/generic/575 index 0ece8826..ddc10104 100755 --- a/tests/generic/575 +++ b/tests/generic/575 @@ -4,7 +4,7 @@ # # FS QA Test generic/575 # -# Test that fs-verity is using the correct measurement values. This test +# Test that fs-verity is using the correct file digest values. This test # verifies that fs-verity is doing its Merkle tree-based hashing correctly, # i.e. that it hasn't been broken by a change. # @@ -26,9 +26,6 @@ _cleanup() # real QA test starts here _supported_fs generic _require_scratch_verity -if [ $FSV_BLOCK_SIZE != 4096 ]; then - _notrun "4096-byte verity block size not supported on this platform" -fi _disable_fsverity_signatures _scratch_mkfs_verity &>> $seqres.full @@ -36,24 +33,42 @@ _scratch_mount fsv_orig_file=$SCRATCH_MNT/file fsv_file=$SCRATCH_MNT/file.fsv +# Try multiple hash algorithms. algs=(sha256 sha512) +# Try multiple Merkle tree block sizes. +block_sizes=(1024 4096) + # Try files with 0, 1, and multiple Merkle tree levels. file_sizes=(0 4096 65536 65536 100000000) # Try both unsalted and salted, and check that empty salt is the same as no salt salts=('' '' '' '--salt=' '--salt=f3c93fa6fb828c0e1587e5714ecf6f56') -# The expected file measurements are here rather than in the expected output -# file because not all hash algorithms may be available. -sha256_vals=( +# The expected file digests are here rather than in the expected output file +# because the kernel might not support all hash algorithms and block sizes. +sha256_vals_bsize1024=( +sha256:f2cca36b9b1b7f07814e4284b10121809133e7cb9c4528c8f6846e85fc624ffa +sha256:ea08590a4fe9c3d6c9dafe0eedacd9dffff8f24e24f1865ee3af132a495ab087 +sha256:527496288d703686e31092f5cca7e1306b2467f00b247ad01056ee5ec35a4bb9 +sha256:527496288d703686e31092f5cca7e1306b2467f00b247ad01056ee5ec35a4bb9 +sha256:087818b23312acb15dff9ff6e2b4f601406d08bb36013542444cc15248f47016 +) +sha256_vals_bsize4096=( sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95 sha256:babc284ee4ffe7f449377fbf6692715b43aec7bc39c094a95878904d34bac97e sha256:011e3f2b1dc89b75d78cddcc2a1b85cd8a64b2883e5f20f277ae4c0617e0404f sha256:011e3f2b1dc89b75d78cddcc2a1b85cd8a64b2883e5f20f277ae4c0617e0404f sha256:9d33cab743468fcbe4edab91a275b30dd543c12dd5e6ce6f2f737f66a1558f06 ) -sha512_vals=( +sha512_vals_bsize1024=( +sha512:8451664f25b2ad3f24391280e0c5681cb843389c180baa719f8fdfb063f5ddfa2d1c4433e55e2b6fbb3ba6aa2df8a4f41bf56cb7e0a3b617b6919a42c80f034c +sha512:ab3c6444ab377bbe54c604c26cad241b146d85dc29727703a0d8134f70a8172fb3fa67d171355106b69cc0a9e7e9debb335f9461b3aba44093914867f7c73233 +sha512:e6a11353c24dd7b4603cb8ffa50a7041dbea7382d4698474ccbc2d8b34f3a83d8bf16df25c64ed31ee27213a8a3cbd001fb1ccde46384c23b81305c2393c1046 +sha512:e6a11353c24dd7b4603cb8ffa50a7041dbea7382d4698474ccbc2d8b34f3a83d8bf16df25c64ed31ee27213a8a3cbd001fb1ccde46384c23b81305c2393c1046 +sha512:517d573bd50d5f3787f5766c2ac60c7af854b0901b69757b4ef8dd70aa6b30fcc10d81629ce923bdd062a01c20fad0f063a081a2f3b0814ac06547b26bedc0d9 +) +sha512_vals_bsize4096=( sha512:ccf9e5aea1c2a64efa2f2354a6024b90dffde6bbc017825045dce374474e13d10adb9dadcc6ca8e17a3c075fbd31336e8f266ae6fa93a6c3bed66f9e784e5abf sha512:928922686c4caf32175f5236a7f964e9925d10a74dc6d8344a8bd08b23c228ff5792573987d7895f628f39c4f4ebe39a7367d7aeb16aaa0cd324ac1d53664e61 sha512:eab7224ce374a0a4babcb2db25e24836247f38b87806ad9be9e5ba4daac2f5b814fc0cbdfd9f1f8499b3c9a6c1b38fe08974cce49883ab4ccd04462fd2f9507f @@ -61,23 +76,29 @@ sha512:eab7224ce374a0a4babcb2db25e24836247f38b87806ad9be9e5ba4daac2f5b814fc0cbdf sha512:f7083a38644880d25539488313e9e5b41a4d431a0e383945129ad2c36e3c1d0f28928a424641bb1363c12b6e770578102566acea73baf1ce8ee15336f5ba2446 ) -test_alg() +test_alg_with_block_size() { local alg=$1 - local -n vals=${alg}_vals + local block_size=$2 + local -n vals=${alg}_vals_bsize${block_size} local i local file_size local expected actual salt_arg - _fsv_scratch_begin_subtest "Check for expected measurement values ($alg)" + _fsv_scratch_begin_subtest "Testing alg=$alg, block_size=$block_size" - if ! _fsv_can_enable $fsv_file --hash-alg=$alg; then - if [ "$alg" = sha256 ]; then - _fail "Something is wrong - sha256 hash should always be available" + if ! _fsv_can_enable $fsv_file --hash-alg=$alg --block-size=$block_size + then + # Since this is after _require_scratch_verity, sha256 with + # FSV_BLOCK_SIZE must be supported. + if [ "$alg" = "sha256" -a "$block_size" = "$FSV_BLOCK_SIZE" ] + then + _fail "Failed to enable verity with default params" fi + # This combination of parameters is unsupported; skip it. + echo "alg=$alg, block_size=$block_size is unsupported" >> $seqres.full return 0 fi - for i in ${!file_sizes[@]}; do file_size=${file_sizes[$i]} expected=${vals[$i]} @@ -85,7 +106,8 @@ test_alg() head -c $file_size /dev/zero > $fsv_orig_file cp $fsv_orig_file $fsv_file - _fsv_enable --hash-alg=$alg $salt_arg $fsv_file + _fsv_enable $fsv_file --hash-alg=$alg --block-size=$block_size \ + $salt_arg actual=$(_fsv_measure $fsv_file) if [ "$actual" != "$expected" ]; then echo "Mismatch: expected $expected, kernel calculated $actual (file_size=$file_size)" @@ -96,7 +118,9 @@ test_alg() } for alg in ${algs[@]}; do - test_alg $alg + for block_size in ${block_sizes[@]}; do + test_alg_with_block_size $alg $block_size + done done # success, all done diff --git a/tests/generic/575.out b/tests/generic/575.out index 77bec43e..cb4115c9 100644 --- a/tests/generic/575.out +++ b/tests/generic/575.out @@ -1,5 +1,9 @@ QA output created by 575 -# Check for expected measurement values (sha256) +# Testing alg=sha256, block_size=1024 -# Check for expected measurement values (sha512) +# Testing alg=sha256, block_size=4096 + +# Testing alg=sha512, block_size=1024 + +# Testing alg=sha512, block_size=4096