From patchwork Fri Dec 23 01:05:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080532 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBB32C3DA7D for ; Fri, 23 Dec 2022 01:11:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236050AbiLWBLM (ORCPT ); Thu, 22 Dec 2022 20:11:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236029AbiLWBKc (ORCPT ); Thu, 22 Dec 2022 20:10:32 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D0D420993; Thu, 22 Dec 2022 17:07:03 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 128DD61DE6; Fri, 23 Dec 2022 01:07:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5B33AC433D2; Fri, 23 Dec 2022 01:07:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757622; bh=7MoZCornP4TM+VPnG1vjtjOlcTrYmehqJnjkxEtTp/8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VMdP7RLfkIE1VjwuVaZC4jKRNQYG+euof1u71m6LsPpN+hCk2QatfSYAnkS2kG8ze qYi/e4lrN79N/ogcgVGEYIZBo+IBZ+9bsJ3BtT/RfR/aJdJpBlgZ8Mzuu/gX8sp0MR OYf2PJpaHe29rvP7+oUJJGDoqObquct6TEBoGtCNcm0U0Srdxwrx0KaBXDcG9Nz3r9 IksvhGdXXljmWZ4d+aRkIllmLxb3McHG7U1i78DOmu1eHrT+BewbddjKqLy+79Xf9y IhqDWwhT8pJj1hYUg5HN4VU7NsIF/id2qvIws0SVljob/HrDYau4Y6pH+GbZYtE9u7 Z9a+DRSojRLRQ== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 01/10] common/verity: add and use _fsv_can_enable() Date: Thu, 22 Dec 2022 17:05:45 -0800 Message-Id: <20221223010554.281679-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Replace _fsv_have_hash_algorithm() with a more general function _fsv_can_enable() which checks whether 'fsverity enable' with the given parameters works. For now it is just used with --hash-alg or with no parameters, but soon it will be used with --block-size too. Signed-off-by: Eric Biggers --- common/verity | 17 ++++++----------- tests/generic/575 | 2 +- tests/generic/577 | 2 +- 3 files changed, 8 insertions(+), 13 deletions(-) diff --git a/common/verity b/common/verity index f98dcb07..1a53a7ea 100644 --- a/common/verity +++ b/common/verity @@ -42,13 +42,7 @@ _require_scratch_verity() # The filesystem may have fs-verity enabled but not actually usable by # default. E.g., ext4 only supports verity on extent-based files, so it # doesn't work on ext3-style filesystems. So, try actually using it. - echo foo > $SCRATCH_MNT/tmpfile - _disable_fsverity_signatures - _fsv_enable $SCRATCH_MNT/tmpfile - local status=$? - _restore_prev_fsverity_signatures - rm -f $SCRATCH_MNT/tmpfile - if (( $status != 0 )); then + if ! _fsv_can_enable $SCRATCH_MNT/tmpfile; then _notrun "$FSTYP verity isn't usable by default with these mkfs options" fi @@ -256,15 +250,16 @@ _fsv_create_enable_file() _fsv_enable "$file" "$@" } -_fsv_have_hash_algorithm() +_fsv_can_enable() { - local hash_alg=$1 - local test_file=$2 + local test_file=$1 + shift + local params=("$@") _disable_fsverity_signatures rm -f $test_file head -c 4096 /dev/zero > $test_file - _fsv_enable --hash-alg=$hash_alg $test_file &>> $seqres.full + _fsv_enable $test_file "${params[@]}" &>> $seqres.full local status=$? _restore_prev_fsverity_signatures rm -f $test_file diff --git a/tests/generic/575 b/tests/generic/575 index ffa6b61d..0ece8826 100755 --- a/tests/generic/575 +++ b/tests/generic/575 @@ -71,7 +71,7 @@ test_alg() _fsv_scratch_begin_subtest "Check for expected measurement values ($alg)" - if ! _fsv_have_hash_algorithm $alg $fsv_file; then + if ! _fsv_can_enable $fsv_file --hash-alg=$alg; then if [ "$alg" = sha256 ]; then _fail "Something is wrong - sha256 hash should always be available" fi diff --git a/tests/generic/577 b/tests/generic/577 index 5f7e0573..85d680df 100755 --- a/tests/generic/577 +++ b/tests/generic/577 @@ -112,7 +112,7 @@ _fsv_enable $fsv_file --signature=$sigfile.salted --salt=abcd cmp $fsv_file $fsv_orig_file echo -e "\n# Testing non-default hash algorithm" -if _fsv_have_hash_algorithm sha512 $fsv_file; then +if _fsv_can_enable $fsv_file --hash-alg=sha512; then reset_fsv_file _fsv_sign $fsv_orig_file $sigfile.sha512 --key=$keyfile \ --cert=$certfile --hash-alg=sha512 > /dev/null From patchwork Fri Dec 23 01:05:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23B67C46467 for ; Fri, 23 Dec 2022 01:11:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235835AbiLWBLN (ORCPT ); Thu, 22 Dec 2022 20:11:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235916AbiLWBKd (ORCPT ); Thu, 22 Dec 2022 20:10:33 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B02C420BC1; Thu, 22 Dec 2022 17:07:03 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 48D9C61DE8; Fri, 23 Dec 2022 01:07:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 94D95C433F0; Fri, 23 Dec 2022 01:07:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757622; bh=YheWhcCU8dIXhlpvl1glei4zdDIYxNFGEKchutZMSe8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gXSiui92nPz8G0STSq/uwvmK06VhAz2BszPUv2usFXPlIqvQLSFrfNGalT5/KcL0b kQyBstdVR8CFcCL2YMT+Z9DMngRz4NtXyjLWKpyXTFCzMF2H9V3dHVJxAM5VPua7wQ wGFVjryFPxX9L8r7mITbHLk7N0i6kGwEya0WJSHjRhAHf6Eo0GLHACUxNY2/Xgjsf6 SItI6BvGx7Qw7VWW1Hs7iSdhCWcDVmqG7zeTcVEjUGUgRqFjgVL1Aywlw2AoEbGPw1 2RPQy/gsRnnyr9cfKwOTbmWw2/PzTJSUNTp1J0znVk3e9ThdN65M5RBs75HE5W9UzC H1INn520IH67g== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 02/10] common/verity: set FSV_BLOCK_SIZE to an appropriate value Date: Thu, 22 Dec 2022 17:05:46 -0800 Message-Id: <20221223010554.281679-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers In order to maximize the chance that the verity tests can actually be run, FSV_BLOCK_SIZE (the default Merkle tree size for the verity tests) needs to be min(fs_block_size, page_size), not simply page_size. The only reason that page_size was okay before was because the kernel only supported merkle_tree_block_size == fs_block_size == page_size anyway. But that is changing. Signed-off-by: Eric Biggers --- common/verity | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/common/verity b/common/verity index 1a53a7ea..a94ebf8e 100644 --- a/common/verity +++ b/common/verity @@ -13,6 +13,11 @@ if [ "$FSTYP" == "btrfs" ]; then fi fi +# Require fs-verity support on the scratch filesystem. +# +# FSV_BLOCK_SIZE will be set to a Merkle tree block size that is supported by +# the filesystem. Other sizes may be supported too, but FSV_BLOCK_SIZE is the +# only size that is guaranteed to work without any additional checks. _require_scratch_verity() { _require_scratch @@ -27,7 +32,7 @@ _require_scratch_verity() # Try to mount the filesystem. If this fails then either the kernel # isn't aware of fs-verity, or the mkfs options were not compatible with - # verity (e.g. ext4 with block size != PAGE_SIZE). + # verity (e.g. ext4 with block size != PAGE_SIZE on old kernels). if ! _try_scratch_mount &>>$seqres.full; then _notrun "kernel is unaware of $FSTYP verity feature," \ "or mkfs options are not compatible with verity" @@ -39,6 +44,27 @@ _require_scratch_verity() _notrun "kernel $FSTYP isn't configured with verity support" fi + # Select a default Merkle tree block size for when tests don't + # explicitly specify one. + # + # For consistency reasons, all 'fsverity' subcommands, including + # 'fsverity enable', default to 4K Merkle tree blocks. That's generally + # not ideal for tests, since it's possible that the filesystem doesn't + # support 4K blocks but does support another size. Specifically, the + # kernel originally supported only merkle_tree_block_size == + # fs_block_size == page_size, and later it was updated to support + # merkle_tree_block_size <= min(fs_block_size, page_size). + # + # Therefore, we default to merkle_tree_block_size == min(fs_block_size, + # page_size). That maximizes the chance of verity actually working. + local fs_block_size=$(_get_block_size $SCRATCH_MNT) + local page_size=$(get_page_size) + if (( fs_block_size <= page_size )); then + FSV_BLOCK_SIZE=$fs_block_size + else + FSV_BLOCK_SIZE=$page_size + fi + # The filesystem may have fs-verity enabled but not actually usable by # default. E.g., ext4 only supports verity on extent-based files, so it # doesn't work on ext3-style filesystems. So, try actually using it. @@ -47,10 +73,6 @@ _require_scratch_verity() fi _scratch_unmount - - # Merkle tree block size. Currently all filesystems only support - # PAGE_SIZE for this. This is also the default for 'fsverity enable'. - FSV_BLOCK_SIZE=$(get_page_size) } # Check for CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y, as well as the userspace From patchwork Fri Dec 23 01:05:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080536 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3F32C3DA7D for ; Fri, 23 Dec 2022 01:11:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236058AbiLWBLQ (ORCPT ); Thu, 22 Dec 2022 20:11:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235824AbiLWBKe (ORCPT ); Thu, 22 Dec 2022 20:10:34 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 789BC21894; Thu, 22 Dec 2022 17:07:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 2BAD6B81DA4; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CEB84C433F2; Fri, 23 Dec 2022 01:07:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757622; bh=jmoj6R6gY8smk3dnMjMohxTWwjv+iMLa1saGMKzmISc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oFj72Map8tGgVqFJRPnggdZ2JW27jl6lXD74MGW1171aC5QNxwYBPxNsy32lfQY+Q ocEOG+9dpTQrtOqZyz8nxO1f0irDtDhYHO0GJeQQ0sOZMFYgsmW4ZopND78Twt9jkI OBcX7V7AQOg08KqiD2xjjf2dwbCr5Z7Wo4rMB+FPUR7raxB+8yanCxqjrFpJYkQ76+ oamdJAnUWrde/eLSXsiXt/k0bvyvTtcSa6qr+x1D0pKEKOAvUiScYsAg9FS3gkpM4y D+v/17kq4ndK7gkTvPL31qW7tnFAv3f+AvbCazFmhp46F5wXnZoWTO5ojtoKy9io5A Ci+F973m813sw== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 03/10] common/verity: use FSV_BLOCK_SIZE by default Date: Thu, 22 Dec 2022 17:05:47 -0800 Message-Id: <20221223010554.281679-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Make _fsv_enable() and _fsv_sign() default to FSV_BLOCK_SIZE if no block size is explicitly specified, so that the individual tests don't have to do this themselves. This overrides the fsverity-utils default of 4096 bytes, or the page size in older versions of fsverity-utils, both of which may differ from FSV_BLOCK_SIZE. Signed-off-by: Eric Biggers --- common/verity | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/common/verity b/common/verity index a94ebf8e..1c706b80 100644 --- a/common/verity +++ b/common/verity @@ -249,7 +249,13 @@ _fsv_dump_signature() _fsv_enable() { - $FSVERITY_PROG enable "$@" + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG enable "${args[@]}" } _fsv_measure() @@ -259,7 +265,13 @@ _fsv_measure() _fsv_sign() { - $FSVERITY_PROG sign "$@" + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG sign "${args[@]}" } # Generate a file, then enable verity on it. From patchwork Fri Dec 23 01:05:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080537 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15E2BC46467 for ; Fri, 23 Dec 2022 01:11:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235915AbiLWBLQ (ORCPT ); Thu, 22 Dec 2022 20:11:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235833AbiLWBKf (ORCPT ); Thu, 22 Dec 2022 20:10:35 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC87021899; Thu, 22 Dec 2022 17:07:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5F309B81FEE; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 14711C433F1; Fri, 23 Dec 2022 01:07:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757623; bh=+DKfl9iH28Z2EnjFnI28ZOJlv9OShzFbDQIQpAjLgXQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G+tl3zFOhpCnlkYP0iiwq/0GiddGSAkvYYHpB+jP7lOT0NDZGZeP+8bv6s5omEV+3 4SMaVlLMPdaphk4VSQVz5aghxTgc8xi6Kzd1cEmsrgrnjEGXJ6CvzNfpvB9diFYcMM eZgwEe4snkLuJUhL2pw4k0bTAlSZSY7v8HQ8w0OEcGKuu0+N1w/Hn2U6uJI5/vDuJw nClqQ/US2onR61kMsaVfYB384hCte/GMOCMn3BMlVnUTuE6WNAbOA4M7OSc8+sIq8A u2AmFeOSdtLKp0YVBmEzrFnUKXse/cCaV8HVfAY/69iFp+BXn9hDR3l0mMHUT1yq8b nYuWb9VNvYpZw== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 04/10] common/verity: add _filter_fsverity_digest() Date: Thu, 22 Dec 2022 17:05:48 -0800 Message-Id: <20221223010554.281679-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Add a filter that replaces fs-verity digests with a fixed string. This is needed because the fs-verity digests that some tests print are going to start depending on the default Merkle tree block size. Signed-off-by: Eric Biggers --- common/verity | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/common/verity b/common/verity index 1c706b80..b88e839b 100644 --- a/common/verity +++ b/common/verity @@ -406,3 +406,11 @@ _require_fsverity_max_file_size_limit() ;; esac } + +# Replace fs-verity digests, as formatted by the 'fsverity' tool, with . +# This function can be used by tests where fs-verity digests depend on the +# default Merkle tree block size (FSV_BLOCK_SIZE). +_filter_fsverity_digest() +{ + sed -E 's/\b(sha(256|512)):[a-f0-9]{64,}\b/\1:/' +} From patchwork Fri Dec 23 01:05:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080539 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6630BC4708E for ; Fri, 23 Dec 2022 01:11:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235914AbiLWBLS (ORCPT ); Thu, 22 Dec 2022 20:11:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235834AbiLWBKg (ORCPT ); Thu, 22 Dec 2022 20:10:36 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E217E2189D; Thu, 22 Dec 2022 17:07:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A9FCEB81FBC; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4D6CBC433EF; Fri, 23 Dec 2022 01:07:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757623; bh=t4YxnTq55XKnzA6QkU3drS25kE9/QRlSDE3NErRiWn0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Wgf2wrmpPy3c5/eylxITrbdc5avdszMssHc7C5A1E96i44JaAESSGwYMjBvySembo 1odYFGlJvtTjs9YVDBKazuKiSpoYFzmLodxcnEqGl2pLs9C20GgedOAtA/RXZxvwLG rk1ZE5OdfRXwUL0MkWQ/4vcBNqjFSuvRUIniErgv72SsqPtgNU+X7hGG4sUU/KFwxJ f/8iz0nHr+venYwIyL56+R0u/V4izSQTZmqjXbYXds1jhVK3uQz7tabhdbTgaGhz8c 4OHmFxpkQMuZBs0bbIRLvD5/iN3axT/qe2uYS3tFzugejV/2vl0h8xMLVCbl3UJT3l QaZPDNAeSUfHA== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 05/10] generic/572: support non-4K Merkle tree block size Date: Thu, 22 Dec 2022 17:05:49 -0800 Message-Id: <20221223010554.281679-6-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/572 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Also remove an unused function. Signed-off-by: Eric Biggers --- tests/generic/572 | 21 ++++++--------------- tests/generic/572.out | 10 +++------- 2 files changed, 9 insertions(+), 22 deletions(-) diff --git a/tests/generic/572 b/tests/generic/572 index cded9ac6..d8071a34 100755 --- a/tests/generic/572 +++ b/tests/generic/572 @@ -9,7 +9,7 @@ # - conditions for enabling verity # - verity files have correct contents and size # - can't change contents of verity files, but can change metadata -# - can retrieve a verity file's measurement via FS_IOC_MEASURE_VERITY +# - can retrieve a verity file's digest via FS_IOC_MEASURE_VERITY # . ./common/preamble _begin_fstest auto quick verity @@ -48,15 +48,6 @@ verify_data_readable() md5sum $file > /dev/null } -verify_data_unreadable() -{ - local file=$1 - - # try both reading just the first data block, and reading until EOF - head -c $FSV_BLOCK_SIZE $file 2>&1 >/dev/null | filter_output - md5sum $file |& filter_output -} - _fsv_scratch_begin_subtest "Enabling verity on file with verity already enabled fails with EEXIST" _fsv_create_enable_file $fsv_file echo "(trying again)" @@ -94,7 +85,7 @@ verify_data_readable $fsv_file _fsv_scratch_begin_subtest "Enabling verity can be interrupted" dd if=/dev/zero of=$fsv_file bs=1 count=0 seek=$((1 << 34)) status=none start_time=$(date +%s) -$FSVERITY_PROG enable $fsv_file & +$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file & sleep 0.5 kill %1 wait @@ -106,7 +97,7 @@ fi _fsv_scratch_begin_subtest "Enabling verity on file with verity already being enabled fails with EBUSY" dd if=/dev/zero of=$fsv_file bs=1 count=0 seek=$((1 << 34)) status=none start_time=$(date +%s) -$FSVERITY_PROG enable $fsv_file & +$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file & sleep 0.5 _fsv_enable $fsv_file |& filter_output kill %1 @@ -129,7 +120,7 @@ verify_data_readable $fsv_file _fsv_scratch_begin_subtest "verity file can be measured" _fsv_create_enable_file $fsv_file >> $seqres.full -_fsv_measure $fsv_file +_fsv_measure $fsv_file | _filter_fsverity_digest _fsv_scratch_begin_subtest "verity file can be renamed" _fsv_create_enable_file $fsv_file @@ -170,8 +161,8 @@ verify_data_readable $fsv_file # Test files <= 1 block in size. These are a bit of a special case since there # are no hash blocks; the root hash is calculated directly over the data block. +_fsv_scratch_begin_subtest "verity on small files" for size in 1 $((FSV_BLOCK_SIZE - 1)) $FSV_BLOCK_SIZE; do - _fsv_scratch_begin_subtest "verity on $size-byte file" head -c $size /dev/urandom > $fsv_orig_file cp $fsv_orig_file $fsv_file _fsv_enable $fsv_file @@ -179,7 +170,7 @@ for size in 1 $((FSV_BLOCK_SIZE - 1)) $FSV_BLOCK_SIZE; do rm -f $fsv_file done -_fsv_scratch_begin_subtest "verity on 100M file (multiple levels in hash tree)" +_fsv_scratch_begin_subtest "verity on 100MB file (multiple levels in hash tree)" head -c 100000000 /dev/urandom > $fsv_orig_file cp $fsv_orig_file $fsv_file _fsv_enable $fsv_file diff --git a/tests/generic/572.out b/tests/generic/572.out index ad381629..d703835b 100644 --- a/tests/generic/572.out +++ b/tests/generic/572.out @@ -39,7 +39,7 @@ bash: SCRATCH_MNT/file.fsv: Operation not permitted # verity file can be read # verity file can be measured -sha256:be54121da3877f8852c65136d731784f134c4dd9d95071502e80d7be9f99b263 +sha256: # verity file can be renamed @@ -58,16 +58,12 @@ sha256:be54121da3877f8852c65136d731784f134c4dd9d95071502e80d7be9f99b263 # Trying to measure non-verity file fails with ENODATA ERROR: FS_IOC_MEASURE_VERITY failed on 'SCRATCH_MNT/file.fsv': No data available -# verity on 1-byte file +# verity on small files Files matched - -# verity on 4095-byte file Files matched - -# verity on 4096-byte file Files matched -# verity on 100M file (multiple levels in hash tree) +# verity on 100MB file (multiple levels in hash tree) Files matched # verity on sparse file From patchwork Fri Dec 23 01:05:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6916C4167B for ; Fri, 23 Dec 2022 01:11:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236022AbiLWBLK (ORCPT ); Thu, 22 Dec 2022 20:11:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235892AbiLWBKd (ORCPT ); Thu, 22 Dec 2022 20:10:33 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9ED2821269; Thu, 22 Dec 2022 17:07:04 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3A9C061DE4; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 871F1C433D2; Fri, 23 Dec 2022 01:07:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757623; bh=xKsP/0Vh5sWLaXmpf4gkpUu9ysvAPC2FvhutYJM8cqk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IotiWMod8dIST5lVDee8XymEB9q/xbW/ZGiCQFatb3TAMN0XsIr0TUbp5h+fr2BPD lFvsnC6TQgCX/kP86AMaxjNhm9VIFIcusRK6gtd2DnBJv9M16KPGMaZ3symytSQi5Y l2fx1d0DpeywTdJjbh0i2109iDHB6Z2ORTe8jKkpgZFk2LjgqfvUOYBWweA6V4TCxb /4ilkHJDW4wLKUS3Nrw5L66aYAjsGt/LqX489wKaYkQOAOU7BAHFrLa/zfHVoqUufI wq4vQvKLP712BBSw765cRtZ7PBigV6Ptks1IvOKc5JeG7iC9Vv9X8KGl4b93hgBee2 B7sHsQxSgCIZA== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 06/10] generic/573: support non-4K Merkle tree block size Date: Thu, 22 Dec 2022 17:05:50 -0800 Message-Id: <20221223010554.281679-7-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/573 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Signed-off-by: Eric Biggers --- tests/generic/573 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/generic/573 b/tests/generic/573 index 63c0aef5..ca0f27f9 100755 --- a/tests/generic/573 +++ b/tests/generic/573 @@ -36,23 +36,23 @@ fsv_file=$SCRATCH_MNT/file.fsv _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY doesn't require root" echo foo > $fsv_file chmod 666 $fsv_file -_user_do "$FSVERITY_PROG enable $fsv_file" +_user_do "$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file" _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires write access" echo foo > $fsv_file >> $seqres.full chmod 444 $fsv_file -_user_do "$FSVERITY_PROG enable $fsv_file" |& _filter_scratch +_user_do "$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file" |& _filter_scratch _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !append-only" echo foo > $fsv_file >> $seqres.full $CHATTR_PROG +a $fsv_file -$FSVERITY_PROG enable $fsv_file |& _filter_scratch +_fsv_enable $fsv_file |& _filter_scratch $CHATTR_PROG -a $fsv_file _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !immutable" echo foo > $fsv_file >> $seqres.full $CHATTR_PROG +i $fsv_file -$FSVERITY_PROG enable $fsv_file |& _filter_scratch +_fsv_enable $fsv_file |& _filter_scratch $CHATTR_PROG -i $fsv_file _fsv_scratch_begin_subtest "FS_IOC_MEASURE_VERITY doesn't require root" From patchwork Fri Dec 23 01:05:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3E95C4708D for ; Fri, 23 Dec 2022 01:11:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235916AbiLWBLN (ORCPT ); Thu, 22 Dec 2022 20:11:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236030AbiLWBKd (ORCPT ); Thu, 22 Dec 2022 20:10:33 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D61002180A; Thu, 22 Dec 2022 17:07:04 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 746F661DE6; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0E96C433F0; Fri, 23 Dec 2022 01:07:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757623; bh=+7Jd5psu96Ge3avB3nbjvEb1i/yqFLwXtTavAaVo0jE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DkMSGoNubGg74SLaf1Mn4IZb3F7aLXdtrPwF94MvOaSoOkpmaUiwWZekzyOK1urib ZfyVpS6FCRca8V00z4Ia+Mnsq1v5CblGGwxWyxQkLoXYLihciwbAb8r9pFzt2T00Sv qFrrzcHj3uaqU3jegVTCvUrJzl65d1cmOyGxktq9JDjuriCGieO8OSBH8sfvHHjI0D E2pwyteeqYyJEm0o7T26152752Jd1YSp4mmVPIt4J3vdnSmqP1mGzrz2uK33TsJ3FB /mUTNXNIO8lniWNqyOdSR+TWdG1XC91WCxZTG8tsXDlRZhLOpr+msDN2mmdEQC8K4l ttXrmds7FMqAw== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 07/10] generic/577: support non-4K Merkle tree block size Date: Thu, 22 Dec 2022 17:05:51 -0800 Message-Id: <20221223010554.281679-8-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/577 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Signed-off-by: Eric Biggers --- tests/generic/577 | 22 ++++++++++++---------- tests/generic/577.out | 10 +++++----- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/tests/generic/577 b/tests/generic/577 index 85d680df..bbbfdb0a 100755 --- a/tests/generic/577 +++ b/tests/generic/577 @@ -38,6 +38,11 @@ sigfile=$tmp.sig otherfile=$SCRATCH_MNT/otherfile othersigfile=$tmp.othersig +sign() +{ + _fsv_sign "$@" | _filter_scratch | _filter_fsverity_digest +} + # Setup echo -e "\n# Generating certificates and private keys" @@ -57,14 +62,13 @@ _enable_fsverity_signatures echo -e "\n# Generating file and signing it for fs-verity" head -c 100000 /dev/zero > $fsv_orig_file for suffix in '' '.2'; do - _fsv_sign $fsv_orig_file $sigfile$suffix --key=$keyfile$suffix \ - --cert=$certfile$suffix | _filter_scratch + sign $fsv_orig_file $sigfile$suffix --key=$keyfile$suffix \ + --cert=$certfile$suffix done echo -e "\n# Signing a different file for fs-verity" head -c 100000 /dev/zero | tr '\0' 'X' > $otherfile -_fsv_sign $otherfile $othersigfile --key=$keyfile --cert=$certfile \ - | _filter_scratch +sign $otherfile $othersigfile --key=$keyfile --cert=$certfile # Actual tests @@ -106,16 +110,15 @@ _fsv_enable $fsv_file --signature=$tmp.malformed_sig |& _filter_scratch echo -e "\n# Testing salt" reset_fsv_file -_fsv_sign $fsv_orig_file $sigfile.salted --key=$keyfile --cert=$certfile \ - --salt=abcd | _filter_scratch +sign $fsv_orig_file $sigfile.salted --key=$keyfile --cert=$certfile --salt=abcd _fsv_enable $fsv_file --signature=$sigfile.salted --salt=abcd cmp $fsv_file $fsv_orig_file echo -e "\n# Testing non-default hash algorithm" if _fsv_can_enable $fsv_file --hash-alg=sha512; then reset_fsv_file - _fsv_sign $fsv_orig_file $sigfile.sha512 --key=$keyfile \ - --cert=$certfile --hash-alg=sha512 > /dev/null + sign $fsv_orig_file $sigfile.sha512 --key=$keyfile --cert=$certfile \ + --hash-alg=sha512 > /dev/null _fsv_enable $fsv_file --signature=$sigfile.sha512 --hash-alg=sha512 cmp $fsv_file $fsv_orig_file fi @@ -123,8 +126,7 @@ fi echo -e "\n# Testing empty file" rm -f $fsv_file echo -n > $fsv_file -_fsv_sign $fsv_file $sigfile.emptyfile --key=$keyfile --cert=$certfile | \ - _filter_scratch +sign $fsv_file $sigfile.emptyfile --key=$keyfile --cert=$certfile _fsv_enable $fsv_file --signature=$sigfile.emptyfile # success, all done diff --git a/tests/generic/577.out b/tests/generic/577.out index 0ca417c4..4f360d57 100644 --- a/tests/generic/577.out +++ b/tests/generic/577.out @@ -9,11 +9,11 @@ QA output created by 577 # Enabling fs.verity.require_signatures # Generating file and signing it for fs-verity -Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac) -Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac) +Signed file 'SCRATCH_MNT/file' (sha256:) +Signed file 'SCRATCH_MNT/file' (sha256:) # Signing a different file for fs-verity -Signed file 'SCRATCH_MNT/otherfile' (sha256:b2a419c5a8c767a78c6275d6729794bf51e52ddf8713e31d12a93d61d961f49f) +Signed file 'SCRATCH_MNT/otherfile' (sha256:) # Enabling verity with valid signature (should succeed) @@ -33,9 +33,9 @@ ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Key was rejected b ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Bad message # Testing salt -Signed file 'SCRATCH_MNT/file' (sha256:1cb173bcd199133eb80e9ea4f0f741001b9e73227aa8812685156f2bc8ff45f5) +Signed file 'SCRATCH_MNT/file' (sha256:) # Testing non-default hash algorithm # Testing empty file -Signed file 'SCRATCH_MNT/file.fsv' (sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95) +Signed file 'SCRATCH_MNT/file.fsv' (sha256:) From patchwork Fri Dec 23 01:05:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080538 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A13A6C53210 for ; Fri, 23 Dec 2022 01:11:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235833AbiLWBLR (ORCPT ); Thu, 22 Dec 2022 20:11:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235891AbiLWBKf (ORCPT ); Thu, 22 Dec 2022 20:10:35 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EC4521813; Thu, 22 Dec 2022 17:07:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B140261DE7; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 083F6C43392; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757624; bh=x0iH/+8N/34jzQlGKFW92IkmsY0QaeFUJJY7TBodcpY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FtDZYM5mNyeEhCNFCZgFod3EVgmN9pRiWUCg4mQX2xMBDCsXrgS/5xSFEnBBJF3Wn 7etMI7DaFuU96M+3lEkVcqXq14+CX5J+7GJkl2w5NOAZvcg0Pxye1ZAnpZc/XzaheZ 8sHbzh444LJA5uV384aUphaXAk61Ae670LmuTfahyBXEh3kqgzRh384gRp0NEOA24y b9AOP9+bHKRQCYAQpa0MevzbFi87e4CpUDugq4YGWJzdElVS7smDkhi2zzTjxC8NmQ gRwqjep0cB2sGnwt4uGiANTeOk83YDL0vyyS5ii++6mR2Yw52LBCiG76YtnwrEHpb6 7TxgSps+uq5wA== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 08/10] generic/574: test multiple Merkle tree block sizes Date: Thu, 22 Dec 2022 17:05:52 -0800 Message-Id: <20221223010554.281679-9-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Instead of only testing 4K Merkle tree blocks, test FSV_BLOCK_SIZE, and also other sizes if they happen to be supported. This allows this test to run in cases where it couldn't before and improves test coverage in cases where it did run before. Given that the list of Merkle tree block sizes that will actually work is not fixed, this required reworking the test to not rely on the .out file so heavily. Signed-off-by: Eric Biggers --- tests/generic/574 | 177 ++++++++++++++++++++++++++---------------- tests/generic/574.out | 83 ++------------------ 2 files changed, 114 insertions(+), 146 deletions(-) diff --git a/tests/generic/574 b/tests/generic/574 index fd4488c9..8f7923ba 100755 --- a/tests/generic/574 +++ b/tests/generic/574 @@ -37,18 +37,19 @@ fsv_file=$SCRATCH_MNT/file.fsv setup_zeroed_file() { - local len=$1 - local sparse=$2 + local block_size=$1 + local file_len=$2 + local sparse=$3 if $sparse; then - dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$len \ + dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$file_len \ status=none else - head -c $len /dev/zero > $fsv_orig_file + head -c $file_len /dev/zero > $fsv_orig_file fi cp $fsv_orig_file $fsv_file - _fsv_enable $fsv_file - md5sum $fsv_file |& _filter_scratch + _fsv_enable $fsv_file --block-size=$block_size + cmp $fsv_orig_file $fsv_file } filter_sigbus() @@ -66,63 +67,84 @@ round_up_to_page_boundary() corruption_test() { - local file_len=$1 - local zap_offset=$2 - local zap_len=$3 - local is_merkle_tree=${4:-false} # if true, zap tree instead of data - local use_sparse_file=${5:-false} + local block_size=$1 + local file_len=$2 + local zap_offset=$3 + local zap_len=$4 + local is_merkle_tree=${5:-false} # if true, zap tree instead of data + local use_sparse_file=${6:-false} local page_aligned_eof=$(round_up_to_page_boundary $file_len) - local measurement + + local paramstr="block_size=$block_size" + paramstr+=", file_len=$file_len" + paramstr+=", zap_offset=$zap_offset" + paramstr+=", zap_len=$zap_len" + paramstr+=", is_merkle_tree=$is_merkle_tree" + paramstr+=", use_sparse_file=$use_sparse_file" if $is_merkle_tree; then local corrupt_func=_fsv_scratch_corrupt_merkle_tree else local corrupt_func=_fsv_scratch_corrupt_bytes fi + local fs_block_size=$(_get_block_size $SCRATCH_MNT) - local msg="Corruption test:" - msg+=" file_len=$file_len" - if $use_sparse_file; then - msg+=" (sparse)" - fi - msg+=" zap_offset=$zap_offset" - if $is_merkle_tree; then - msg+=" (in Merkle tree)" - fi - msg+=" zap_len=$zap_len" + rm -rf "${SCRATCH_MNT:?}"/* + setup_zeroed_file $block_size $file_len $use_sparse_file - _fsv_scratch_begin_subtest "$msg" - setup_zeroed_file $file_len $use_sparse_file - cmp $fsv_file $fsv_orig_file - echo "Corrupting bytes..." + # Corrupt part of the file (data or Merkle tree). head -c $zap_len /dev/zero | tr '\0' X \ | $corrupt_func $fsv_file $zap_offset - echo "Validating corruption (reading full file)..." + # Reading the full file with buffered I/O should fail. _scratch_cycle_mount - md5sum $fsv_file |& _filter_scratch + if cat $fsv_file >/dev/null 2>$tmp.out; then + echo "Unexpectedly was able to read full file ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.out; then + echo "Wrong error reading full file ($paramstr):" + cat $tmp.out + fi - echo "Validating corruption (direct I/O)..." + # Reading the full file with direct I/O should fail. _scratch_cycle_mount - dd if=$fsv_file bs=$FSV_BLOCK_SIZE iflag=direct status=none \ - of=/dev/null |& _filter_scratch + if dd if=$fsv_file bs=$fs_block_size iflag=direct status=none \ + of=/dev/null 2>$tmp.out + then + echo "Unexpectedly was able to read full file with DIO ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.out; then + echo "Wrong error reading full file with DIO ($paramstr):" + cat $tmp.out + fi - if (( zap_offset < file_len )) && ! $is_merkle_tree; then - echo "Validating corruption (reading just corrupted part)..." - dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \ - of=/dev/null status=none |& _filter_scratch + # Reading just the corrupted part of the file should fail. + if ! $is_merkle_tree; then + if dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \ + of=/dev/null status=none 2>$tmp.out; then + echo "Unexpectedly was able to read corrupted part ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.out; then + echo "Wrong error reading corrupted part ($paramstr):" + cat $tmp.out + fi fi - echo "Validating corruption (reading full file via mmap)..." + # Reading the full file via mmap should fail. bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ - -c 'mread 0 $file_len'" |& filter_sigbus + -c 'mread 0 $file_len'" >/dev/null 2>$tmp.out + if ! grep -q 'Bus error' $tmp.out; then + echo "Didn't see SIGBUS when reading file via mmap" + cat $tmp.out + fi + # Reading just the corrupted part via mmap should fail. if ! $is_merkle_tree; then - echo "Validating corruption (reading just corrupted part via mmap)..." bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ - -c 'mread $zap_offset $zap_len'" |& filter_sigbus + -c 'mread $zap_offset $zap_len'" >/dev/null 2>$tmp.out + if ! grep -q 'Bus error' $tmp.out; then + echo "Didn't see SIGBUS when reading corrupted part via mmap" + cat $tmp.out + fi fi } @@ -131,18 +153,18 @@ corruption_test() # return zeros in the last block past EOF, regardless of the contents on # disk. In the former, corruption should be detected and result in SIGBUS, # while in the latter we would expect zeros past EOF, but no error. -corrupt_eof_block_test() { - local file_len=$1 - local zap_len=$2 +corrupt_eof_block_test() +{ + local block_size=$1 + local file_len=$2 + local zap_len=$3 local page_aligned_eof=$(round_up_to_page_boundary $file_len) - _fsv_scratch_begin_subtest "Corruption test: EOF block" - setup_zeroed_file $file_len false - cmp $fsv_file $fsv_orig_file - echo "Corrupting bytes..." + + rm -rf "${SCRATCH_MNT:?}"/* + setup_zeroed_file $block_size $file_len false head -c $zap_len /dev/zero | tr '\0' X \ | _fsv_scratch_corrupt_bytes $fsv_file $file_len - echo "Reading eof block via mmap into a temporary file..." bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ -c 'mmap -r 0 $page_aligned_eof' \ -c 'mread -v $file_len $zap_len'" \ @@ -153,30 +175,49 @@ corrupt_eof_block_test() { -c "mmap -r 0 $page_aligned_eof" \ -c "mread -v $file_len $zap_len" >$tmp.eof_zero_read - echo "Checking for SIGBUS or zeros..." - grep -q -e '^Bus error$' $tmp.eof_block_read \ - || diff $tmp.eof_block_read $tmp.eof_zero_read \ - && echo "OK" + grep -q -e '^Bus error$' $tmp.eof_block_read || \ + diff $tmp.eof_block_read $tmp.eof_zero_read } -# Note: these tests just overwrite some bytes without checking their original -# values. Therefore, make sure to overwrite at least 5 or so bytes, to make it -# nearly guaranteed that there will be a change -- even when the test file is -# encrypted due to the test_dummy_encryption mount option being specified. - -corruption_test 131072 0 5 -corruption_test 131072 4091 5 -corruption_test 131072 65536 65536 -corruption_test 131072 131067 5 - -corrupt_eof_block_test 130999 72 - -# Merkle tree corruption. -corruption_test 200000 100 10 true +test_block_size() +{ + local block_size=$1 + + # Note: these tests just overwrite some bytes without checking their + # original values. Therefore, make sure to overwrite at least 5 or so + # bytes, to make it nearly guaranteed that there will be a change -- + # even when the test file is encrypted due to the test_dummy_encryption + # mount option being specified. + corruption_test $block_size 131072 0 5 + corruption_test $block_size 131072 4091 5 + corruption_test $block_size 131072 65536 65536 + corruption_test $block_size 131072 131067 5 + + corrupt_eof_block_test $block_size 130999 72 + + # Merkle tree corruption. + corruption_test $block_size 200000 100 10 true + + # Sparse file. Corrupting the Merkle tree should still cause reads to + # fail, i.e. the filesystem must verify holes. + corruption_test $block_size 200000 100 10 true true +} -# Sparse file. Corrupting the Merkle tree should still cause reads to fail, -# i.e. the filesystem must verify holes. -corruption_test 200000 100 10 true true +# Always test FSV_BLOCK_SIZE. Also test some other block sizes if they happen +# to be supported. +_fsv_scratch_begin_subtest "Testing block_size=FSV_BLOCK_SIZE" +test_block_size $FSV_BLOCK_SIZE +for block_size in 1024 4096 16384 65536; do + _fsv_scratch_begin_subtest "Testing block_size=$block_size if supported" + if (( block_size == FSV_BLOCK_SIZE )); then + continue # Skip redundant test case. + fi + if ! _fsv_can_enable $fsv_file --block-size=$block_size; then + echo "block_size=$block_size is unsupported" >> $seqres.full + continue + fi + test_block_size $block_size +done # success, all done status=0 diff --git a/tests/generic/574.out b/tests/generic/574.out index d40d1263..3ed57f1c 100644 --- a/tests/generic/574.out +++ b/tests/generic/574.out @@ -1,84 +1,11 @@ QA output created by 574 -# Corruption test: file_len=131072 zap_offset=0 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=FSV_BLOCK_SIZE -# Corruption test: file_len=131072 zap_offset=4091 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=1024 if supported -# Corruption test: file_len=131072 zap_offset=65536 zap_len=65536 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=4096 if supported -# Corruption test: file_len=131072 zap_offset=131067 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=16384 if supported -# Corruption test: EOF block -f5cca0d7fbb8b02bc6118a9954d5d306 SCRATCH_MNT/file.fsv -Corrupting bytes... -Reading eof block via mmap into a temporary file... -Checking for SIGBUS or zeros... -OK - -# Corruption test: file_len=200000 zap_offset=100 (in Merkle tree) zap_len=10 -4a1e4325031b13f933ac4f1db9ecb63f SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error - -# Corruption test: file_len=200000 (sparse) zap_offset=100 (in Merkle tree) zap_len=10 -4a1e4325031b13f933ac4f1db9ecb63f SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error +# Testing block_size=65536 if supported From patchwork Fri Dec 23 01:05:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2559C4708E for ; Fri, 23 Dec 2022 01:11:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235895AbiLWBLO (ORCPT ); Thu, 22 Dec 2022 20:11:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235821AbiLWBKe (ORCPT ); Thu, 22 Dec 2022 20:10:34 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 001322180C; Thu, 22 Dec 2022 17:07:04 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8406361DE9; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 43AC2C43398; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757624; bh=Xsl4WRll+T0cwHktEtlV+O8N99M2H9MXi9xfwKWCoVg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=txWHB/fIbQuRfBc4oTcS5trIDNMAx7hrXVKvbxAMkHDL03vHs+3+Wz6QtiULiIwto XHIpMI4OPrrvoAiD3t5SDIqjUHvAilyszbpT8LZkTBi3/E/8md7Q0XIgRKUDXGvA0K 3Ba4scxUhqBQugT7kdR1FmmU3XWyYddZAUiB+TF92nglviD5OLSJssdX+BwBgo3fjd l1t/6mCzIzUwFe21Zt9paqwUu0C4WZx5LAL6oPsKPftXNQR6yBcVcYrEDQpMo/da/E 7SiC5Zx6xxelTF08Y1skw3SNNVqf9V20fobORPcshPf9cSID/xOVffxG8FvIL5/dQZ JjYdn6CM6sFKg== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 09/10] generic/624: test multiple Merkle tree block sizes Date: Thu, 22 Dec 2022 17:05:53 -0800 Message-Id: <20221223010554.281679-10-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Instead of only testing 4K Merkle tree blocks, test FSV_BLOCK_SIZE, and also other sizes if they happen to be supported. This allows this test to run in cases where it couldn't before and improves test coverage in cases where it did run before. This required reworking the test to compute the expected digests using the 'fsverity digest' command, instead of relying on .out file comparisons. (There isn't much downside to this, since comparison to known-good file digests already happens in generic/575. So if both the kernel and fsverity-utils were to be broken in the same way, generic/575 would detect it. generic/624 serves a different purpose.) Signed-off-by: Eric Biggers --- common/verity | 11 ++++ tests/generic/624 | 119 ++++++++++++++++++++++++++++++------------ tests/generic/624.out | 15 ++---- 3 files changed, 101 insertions(+), 44 deletions(-) diff --git a/common/verity b/common/verity index b88e839b..77c257d3 100644 --- a/common/verity +++ b/common/verity @@ -263,6 +263,17 @@ _fsv_measure() $FSVERITY_PROG measure "$@" | awk '{print $1}' } +_fsv_digest() +{ + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG digest "${args[@]}" | awk '{print $1}' +} + _fsv_sign() { local args=("$@") diff --git a/tests/generic/624 b/tests/generic/624 index 7c447289..db4b6731 100755 --- a/tests/generic/624 +++ b/tests/generic/624 @@ -24,48 +24,99 @@ _cleanup() _supported_fs generic _require_scratch_verity _disable_fsverity_signatures -# For the output of this test to always be the same, it has to use a specific -# Merkle tree block size. -if [ $FSV_BLOCK_SIZE != 4096 ]; then - _notrun "4096-byte verity block size not supported on this platform" -fi +fsv_orig_file=$SCRATCH_MNT/file +fsv_file=$SCRATCH_MNT/file.fsv _scratch_mkfs_verity &>> $seqres.full _scratch_mount - -echo -e "\n# Creating a verity file" -fsv_file=$SCRATCH_MNT/file -# Always use the same file contents, so that the output of the test is always -# the same. Also use a file that is large enough to have multiple Merkle tree -# levels, so that the test verifies that the blocks are returned in the expected -# order. A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will -# have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1. -head -c 1000000 /dev/zero > $fsv_file -merkle_tree_size=$((3 * FSV_BLOCK_SIZE)) -fsverity_descriptor_size=256 -_fsv_enable $fsv_file --salt=abcd +_fsv_create_enable_file $fsv_file _require_fsverity_dump_metadata $fsv_file -_fsv_measure $fsv_file -echo -e "\n# Dumping Merkle tree" -_fsv_dump_merkle_tree $fsv_file | sha256sum +# Test FS_IOC_READ_VERITY_METADATA on a file that uses the given Merkle tree +# block size. +test_block_size() +{ + local block_size=$1 + local digest_size=32 # assuming SHA-256 + local i + + # Create the file. Make the file size big enough to result in multiple + # Merkle tree levels being needed. The following expression computes a + # file size that needs 2 blocks at level 0, and thus 1 block at level 1. + local file_size=$((block_size * (2 * (block_size / digest_size)))) + head -c $file_size /dev/zero > $fsv_orig_file + local tree_params=("--salt=abcd" "--block-size=$block_size") + cp $fsv_orig_file $fsv_file + _fsv_enable $fsv_file "${tree_params[@]}" + + # Use the 'fsverity digest' command to compute the expected Merkle tree, + # descriptor, and file digest. + # + # Ideally we'd just hard-code expected values into the .out file and + # echo the actual values. That doesn't quite work here, since all these + # values depend on the Merkle tree block size, and the Merkle tree block + # sizes that are supported (and thus get tested here) vary. Therefore, + # we calculate the expected values in userspace with the help of + # 'fsverity digest', then do explicit comparisons with them. This works + # fine as long as fsverity-utils and the kernel don't get broken in the + # same way, in which case generic/575 should detect the problem anyway. + local expected_file_digest=$(_fsv_digest $fsv_orig_file \ + "${tree_params[@]}" \ + --out-merkle-tree=$tmp.merkle_tree.expected \ + --out-descriptor=$tmp.descriptor.expected) + local merkle_tree_size=$(_get_filesize $tmp.merkle_tree.expected) + local descriptor_size=$(_get_filesize $tmp.descriptor.expected) -echo -e "\n# Dumping Merkle tree (in chunks)" -# The above test may get the whole tree in one read, so also try reading it in -# chunks. -for (( i = 0; i < merkle_tree_size; i += 997 )); do - _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997 -done | sha256sum + # 'fsverity measure' should return the expected file digest. + local actual_file_digest=$(_fsv_measure $fsv_file) + if [ "$actual_file_digest" != "$expected_file_digest" ]; then + echo "Measure returned $actual_file_digest but expected $expected_file_digest" + fi -echo -e "\n# Dumping descriptor" -# Note that the hash that is printed here should be the same hash that was -# printed by _fsv_measure above. -_fsv_dump_descriptor $fsv_file | sha256sum + # Test dumping the Merkle tree. + _fsv_dump_merkle_tree $fsv_file > $tmp.merkle_tree.actual + if ! cmp $tmp.merkle_tree.expected $tmp.merkle_tree.actual; then + echo "Dumped Merkle tree didn't match" + fi + + # Test dumping the Merkle tree in chunks. + for (( i = 0; i < merkle_tree_size; i += 997 )); do + _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997 + done > $tmp.merkle_tree.actual + if ! cmp $tmp.merkle_tree.expected $tmp.merkle_tree.actual; then + echo "Dumped Merkle tree (in chunks) didn't match" + fi + + # Test dumping the descriptor. + _fsv_dump_descriptor $fsv_file > $tmp.descriptor.actual + if ! cmp $tmp.descriptor.expected $tmp.descriptor.actual; then + echo "Dumped descriptor didn't match" + fi + + # Test dumping the descriptor in chunks. + for (( i = 0; i < descriptor_size; i += 13 )); do + _fsv_dump_descriptor $fsv_file --offset=$i --length=13 + done > $tmp.descriptor.actual + if ! cmp $tmp.descriptor.expected $tmp.descriptor.actual; then + echo "Dumped descriptor (in chunks) didn't match" + fi +} -echo -e "\n# Dumping descriptor (in chunks)" -for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do - _fsv_dump_descriptor $fsv_file --offset=$i --length=13 -done | sha256sum +# Always test FSV_BLOCK_SIZE. Also test some other block sizes if they happen +# to be supported. +_fsv_scratch_begin_subtest "Testing block_size=FSV_BLOCK_SIZE" +test_block_size $FSV_BLOCK_SIZE +for block_size in 1024 4096 16384 65536; do + _fsv_scratch_begin_subtest "Testing block_size=$block_size if supported" + if (( block_size == FSV_BLOCK_SIZE )); then + continue # Skip redundant test case. + fi + if ! _fsv_can_enable $fsv_file --block-size=$block_size; then + echo "block_size=$block_size is unsupported" >> $seqres.full + continue + fi + test_block_size $block_size +done # success, all done status=0 diff --git a/tests/generic/624.out b/tests/generic/624.out index 912826d3..0ea19ee5 100644 --- a/tests/generic/624.out +++ b/tests/generic/624.out @@ -1,16 +1,11 @@ QA output created by 624 -# Creating a verity file -sha256:11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 +# Testing block_size=FSV_BLOCK_SIZE -# Dumping Merkle tree -db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 - +# Testing block_size=1024 if supported -# Dumping Merkle tree (in chunks) -db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 - +# Testing block_size=4096 if supported -# Dumping descriptor -11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 - +# Testing block_size=16384 if supported -# Dumping descriptor (in chunks) -11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 - +# Testing block_size=65536 if supported From patchwork Fri Dec 23 01:05:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13080535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9172C4167B for ; Fri, 23 Dec 2022 01:11:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235899AbiLWBLP (ORCPT ); Thu, 22 Dec 2022 20:11:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235814AbiLWBKe (ORCPT ); Thu, 22 Dec 2022 20:10:34 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F1AA21892; Thu, 22 Dec 2022 17:07:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C00C161DEB; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7D5BFC433D2; Fri, 23 Dec 2022 01:07:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671757624; bh=tIPvRhAmReZn3hp2NtjbmMf8RfX8t29yRSGPvkg6vzE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bJXk4BzkQ+5Gxve9xlOiZ7ptByqm4FiSEvQIb38mMWTLDpb44fMI5OmRCjSaUPRkx 94Af+sNw9VNAESyIlT/ccy2iDmfHco+1Q4/CQbuI28y5f48KGMjoMAIHq52Ch/oh80 9hygYHZNPOeIOBHAqr2RjBOUpHYBByrKyCknrQ9d9djyh3zu5bD9uaN5vVhSU+JHjn MVC3gA7YYJ1FsrRQjqgj4MW2JzbFuCbdh8QI3O1+6Vn6bXGn8Y3xLH6eCFeW4mhsHW 4BNWtSZCSEFhNSxPiRaELwBRLHdG0CtBKPHB1l+lRFhHaGU2B6oGwzBSUUmmx/UbdP wKr+vUjKiJxYg== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 10/10] generic/575: test 1K Merkle tree block size Date: Thu, 22 Dec 2022 17:05:54 -0800 Message-Id: <20221223010554.281679-11-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221223010554.281679-1-ebiggers@kernel.org> References: <20221223010554.281679-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers In addition to 4K, test 1K Merkle tree blocks. Also always run this test, regardless of FSV_BLOCK_SIZE, but allow skipping tests of parameters that are unsupported, unless they are the default. Signed-off-by: Eric Biggers --- tests/generic/575 | 57 +++++++++++++++++++++++++++++++------------ tests/generic/575.out | 8 ++++-- 2 files changed, 47 insertions(+), 18 deletions(-) diff --git a/tests/generic/575 b/tests/generic/575 index 0ece8826..344fd2b9 100755 --- a/tests/generic/575 +++ b/tests/generic/575 @@ -4,7 +4,7 @@ # # FS QA Test generic/575 # -# Test that fs-verity is using the correct measurement values. This test +# Test that fs-verity is using the correct file digest values. This test # verifies that fs-verity is doing its Merkle tree-based hashing correctly, # i.e. that it hasn't been broken by a change. # @@ -26,9 +26,6 @@ _cleanup() # real QA test starts here _supported_fs generic _require_scratch_verity -if [ $FSV_BLOCK_SIZE != 4096 ]; then - _notrun "4096-byte verity block size not supported on this platform" -fi _disable_fsverity_signatures _scratch_mkfs_verity &>> $seqres.full @@ -36,24 +33,42 @@ _scratch_mount fsv_orig_file=$SCRATCH_MNT/file fsv_file=$SCRATCH_MNT/file.fsv +# Try multiple hash algorithms. algs=(sha256 sha512) +# Try multiple Merkle tree block sizes. +block_sizes=(1024 4096) + # Try files with 0, 1, and multiple Merkle tree levels. file_sizes=(0 4096 65536 65536 100000000) # Try both unsalted and salted, and check that empty salt is the same as no salt salts=('' '' '' '--salt=' '--salt=f3c93fa6fb828c0e1587e5714ecf6f56') -# The expected file measurements are here rather than in the expected output -# file because not all hash algorithms may be available. -sha256_vals=( +# The expected file digests are here rather than in the expected output file +# because the kernel might not support all hash algorithms and block sizes. +sha256_vals_bsize1024=( +sha256:f2cca36b9b1b7f07814e4284b10121809133e7cb9c4528c8f6846e85fc624ffa +sha256:ea08590a4fe9c3d6c9dafe0eedacd9dffff8f24e24f1865ee3af132a495ab087 +sha256:527496288d703686e31092f5cca7e1306b2467f00b247ad01056ee5ec35a4bb9 +sha256:527496288d703686e31092f5cca7e1306b2467f00b247ad01056ee5ec35a4bb9 +sha256:087818b23312acb15dff9ff6e2b4f601406d08bb36013542444cc15248f47016 +) +sha256_vals_bsize4096=( sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95 sha256:babc284ee4ffe7f449377fbf6692715b43aec7bc39c094a95878904d34bac97e sha256:011e3f2b1dc89b75d78cddcc2a1b85cd8a64b2883e5f20f277ae4c0617e0404f sha256:011e3f2b1dc89b75d78cddcc2a1b85cd8a64b2883e5f20f277ae4c0617e0404f sha256:9d33cab743468fcbe4edab91a275b30dd543c12dd5e6ce6f2f737f66a1558f06 ) -sha512_vals=( +sha512_vals_bsize1024=( +sha512:8451664f25b2ad3f24391280e0c5681cb843389c180baa719f8fdfb063f5ddfa2d1c4433e55e2b6fbb3ba6aa2df8a4f41bf56cb7e0a3b617b6919a42c80f034c +sha512:ab3c6444ab377bbe54c604c26cad241b146d85dc29727703a0d8134f70a8172fb3fa67d171355106b69cc0a9e7e9debb335f9461b3aba44093914867f7c73233 +sha512:e6a11353c24dd7b4603cb8ffa50a7041dbea7382d4698474ccbc2d8b34f3a83d8bf16df25c64ed31ee27213a8a3cbd001fb1ccde46384c23b81305c2393c1046 +sha512:e6a11353c24dd7b4603cb8ffa50a7041dbea7382d4698474ccbc2d8b34f3a83d8bf16df25c64ed31ee27213a8a3cbd001fb1ccde46384c23b81305c2393c1046 +sha512:517d573bd50d5f3787f5766c2ac60c7af854b0901b69757b4ef8dd70aa6b30fcc10d81629ce923bdd062a01c20fad0f063a081a2f3b0814ac06547b26bedc0d9 +) +sha512_vals_bsize4096=( sha512:ccf9e5aea1c2a64efa2f2354a6024b90dffde6bbc017825045dce374474e13d10adb9dadcc6ca8e17a3c075fbd31336e8f266ae6fa93a6c3bed66f9e784e5abf sha512:928922686c4caf32175f5236a7f964e9925d10a74dc6d8344a8bd08b23c228ff5792573987d7895f628f39c4f4ebe39a7367d7aeb16aaa0cd324ac1d53664e61 sha512:eab7224ce374a0a4babcb2db25e24836247f38b87806ad9be9e5ba4daac2f5b814fc0cbdfd9f1f8499b3c9a6c1b38fe08974cce49883ab4ccd04462fd2f9507f @@ -61,20 +76,27 @@ sha512:eab7224ce374a0a4babcb2db25e24836247f38b87806ad9be9e5ba4daac2f5b814fc0cbdf sha512:f7083a38644880d25539488313e9e5b41a4d431a0e383945129ad2c36e3c1d0f28928a424641bb1363c12b6e770578102566acea73baf1ce8ee15336f5ba2446 ) -test_alg() +test_alg_with_block_size() { local alg=$1 - local -n vals=${alg}_vals + local block_size=$2 + local -n vals=${alg}_vals_bsize${block_size} local i local file_size local expected actual salt_arg - _fsv_scratch_begin_subtest "Check for expected measurement values ($alg)" + _fsv_scratch_begin_subtest "Testing alg=$alg, block_size=$block_size if supported" - if ! _fsv_can_enable $fsv_file --hash-alg=$alg; then - if [ "$alg" = sha256 ]; then - _fail "Something is wrong - sha256 hash should always be available" + if ! _fsv_can_enable $fsv_file --hash-alg=$alg --block-size=$block_size + then + # Since this is after _require_scratch_verity, sha256 with + # FSV_BLOCK_SIZE must be supported. + if [ "$alg" = "sha256" -a "$block_size" = "$FSV_BLOCK_SIZE" ] + then + _fail "Failed to enable verity with default params" fi + # This combination of parameters is unsupported; skip it. + echo "alg=$alg, block_size=$block_size is unsupported" >> $seqres.full return 0 fi @@ -85,7 +107,8 @@ test_alg() head -c $file_size /dev/zero > $fsv_orig_file cp $fsv_orig_file $fsv_file - _fsv_enable --hash-alg=$alg $salt_arg $fsv_file + _fsv_enable $fsv_file --hash-alg=$alg --block-size=$block_size \ + $salt_arg actual=$(_fsv_measure $fsv_file) if [ "$actual" != "$expected" ]; then echo "Mismatch: expected $expected, kernel calculated $actual (file_size=$file_size)" @@ -96,7 +119,9 @@ test_alg() } for alg in ${algs[@]}; do - test_alg $alg + for block_size in ${block_sizes[@]}; do + test_alg_with_block_size $alg $block_size + done done # success, all done diff --git a/tests/generic/575.out b/tests/generic/575.out index 77bec43e..5ad70773 100644 --- a/tests/generic/575.out +++ b/tests/generic/575.out @@ -1,5 +1,9 @@ QA output created by 575 -# Check for expected measurement values (sha256) +# Testing alg=sha256, block_size=1024 if supported -# Check for expected measurement values (sha512) +# Testing alg=sha256, block_size=4096 if supported + +# Testing alg=sha512, block_size=1024 if supported + +# Testing alg=sha512, block_size=4096 if supported