From patchwork Thu Dec 29 23:32:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083870 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22693C5479D for ; Thu, 29 Dec 2022 23:35:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234279AbiL2XfN (ORCPT ); Thu, 29 Dec 2022 18:35:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234260AbiL2XfI (ORCPT ); Thu, 29 Dec 2022 18:35:08 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0069517580; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 90C6EB8006F; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 26E53C433D2; Thu, 29 Dec 2022 23:35:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356903; bh=7MoZCornP4TM+VPnG1vjtjOlcTrYmehqJnjkxEtTp/8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K6UHmOj+PdytV3gc3z3s5vD6G4x2+ECAFPJe7ffbN2U8IeT5oOUlg5ywWVF0hyfPF aeceurjRk81Qvf1aFOh1fbUwBseskzunnUDw7sLUkboRQ4QN651AMdcUox+vtjrR2r krotn6c/y+z5KgT3BLcKYq61S9lDYfDWPYwLODBsttJP50s258XnUgsymdaKfz6N8j /8/FDhmBpHbiXtypM9OV58q5y+F5Op9ywNPjJ3hAc4x4t64T7zwKTRi6bUCQEIEbhQ eSFcxcsK3W7y+KDLqehfFkc8mSMfXSpycp9pBPWMIJmHI9EMS9Tzlg0T3ZBI4rELgZ OQH/4yNcmuPJg== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 01/10] common/verity: add and use _fsv_can_enable() Date: Thu, 29 Dec 2022 15:32:13 -0800 Message-Id: <20221229233222.119630-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Replace _fsv_have_hash_algorithm() with a more general function _fsv_can_enable() which checks whether 'fsverity enable' with the given parameters works. For now it is just used with --hash-alg or with no parameters, but soon it will be used with --block-size too. Signed-off-by: Eric Biggers --- common/verity | 17 ++++++----------- tests/generic/575 | 2 +- tests/generic/577 | 2 +- 3 files changed, 8 insertions(+), 13 deletions(-) diff --git a/common/verity b/common/verity index f98dcb07..1a53a7ea 100644 --- a/common/verity +++ b/common/verity @@ -42,13 +42,7 @@ _require_scratch_verity() # The filesystem may have fs-verity enabled but not actually usable by # default. E.g., ext4 only supports verity on extent-based files, so it # doesn't work on ext3-style filesystems. So, try actually using it. - echo foo > $SCRATCH_MNT/tmpfile - _disable_fsverity_signatures - _fsv_enable $SCRATCH_MNT/tmpfile - local status=$? - _restore_prev_fsverity_signatures - rm -f $SCRATCH_MNT/tmpfile - if (( $status != 0 )); then + if ! _fsv_can_enable $SCRATCH_MNT/tmpfile; then _notrun "$FSTYP verity isn't usable by default with these mkfs options" fi @@ -256,15 +250,16 @@ _fsv_create_enable_file() _fsv_enable "$file" "$@" } -_fsv_have_hash_algorithm() +_fsv_can_enable() { - local hash_alg=$1 - local test_file=$2 + local test_file=$1 + shift + local params=("$@") _disable_fsverity_signatures rm -f $test_file head -c 4096 /dev/zero > $test_file - _fsv_enable --hash-alg=$hash_alg $test_file &>> $seqres.full + _fsv_enable $test_file "${params[@]}" &>> $seqres.full local status=$? _restore_prev_fsverity_signatures rm -f $test_file diff --git a/tests/generic/575 b/tests/generic/575 index ffa6b61d..0ece8826 100755 --- a/tests/generic/575 +++ b/tests/generic/575 @@ -71,7 +71,7 @@ test_alg() _fsv_scratch_begin_subtest "Check for expected measurement values ($alg)" - if ! _fsv_have_hash_algorithm $alg $fsv_file; then + if ! _fsv_can_enable $fsv_file --hash-alg=$alg; then if [ "$alg" = sha256 ]; then _fail "Something is wrong - sha256 hash should always be available" fi diff --git a/tests/generic/577 b/tests/generic/577 index 5f7e0573..85d680df 100755 --- a/tests/generic/577 +++ b/tests/generic/577 @@ -112,7 +112,7 @@ _fsv_enable $fsv_file --signature=$sigfile.salted --salt=abcd cmp $fsv_file $fsv_orig_file echo -e "\n# Testing non-default hash algorithm" -if _fsv_have_hash_algorithm sha512 $fsv_file; then +if _fsv_can_enable $fsv_file --hash-alg=sha512; then reset_fsv_file _fsv_sign $fsv_orig_file $sigfile.sha512 --key=$keyfile \ --cert=$certfile --hash-alg=sha512 > /dev/null From patchwork Thu Dec 29 23:32:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083867 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB832C63705 for ; Thu, 29 Dec 2022 23:35:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234246AbiL2XfM (ORCPT ); Thu, 29 Dec 2022 18:35:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234258AbiL2XfI (ORCPT ); Thu, 29 Dec 2022 18:35:08 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 005561743F; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id AE7A3B81A85; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E5F9C433F1; Thu, 29 Dec 2022 23:35:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356903; bh=YheWhcCU8dIXhlpvl1glei4zdDIYxNFGEKchutZMSe8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=n9e7fpqtPblqTzWeP6JWAsybyAlqhk8wfZ+7W3c4X7cLHxGxXmDvpjQgWFmd9EoDV I3mU9O1fEJjP9jd9ABMxrdIP9wbzy2gUhyqfQP8JHmAgvyWzvH8ud3ygLQuaxUkkxC OU4HlcG74/v1OLrGMZQ/VbU8gFJR1hnlRpqEwasNZcuN/7U+Imd2K7t970XE2uen92 gAUHIoHcrqIm3bSVzIXdgSM1E1lJ8qVMS7q3ncqJvBNj9XrlZs1FNywxxlcBDVJMfV MMZGfzmDL07eIbXT7gTHr4LC+e6mQ0qc8Mb85Ni6tDBdyOOYBJLzOd0HbcZCeqVvKm U9en13H6tjmfQ== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 02/10] common/verity: set FSV_BLOCK_SIZE to an appropriate value Date: Thu, 29 Dec 2022 15:32:14 -0800 Message-Id: <20221229233222.119630-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers In order to maximize the chance that the verity tests can actually be run, FSV_BLOCK_SIZE (the default Merkle tree size for the verity tests) needs to be min(fs_block_size, page_size), not simply page_size. The only reason that page_size was okay before was because the kernel only supported merkle_tree_block_size == fs_block_size == page_size anyway. But that is changing. Signed-off-by: Eric Biggers --- common/verity | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/common/verity b/common/verity index 1a53a7ea..a94ebf8e 100644 --- a/common/verity +++ b/common/verity @@ -13,6 +13,11 @@ if [ "$FSTYP" == "btrfs" ]; then fi fi +# Require fs-verity support on the scratch filesystem. +# +# FSV_BLOCK_SIZE will be set to a Merkle tree block size that is supported by +# the filesystem. Other sizes may be supported too, but FSV_BLOCK_SIZE is the +# only size that is guaranteed to work without any additional checks. _require_scratch_verity() { _require_scratch @@ -27,7 +32,7 @@ _require_scratch_verity() # Try to mount the filesystem. If this fails then either the kernel # isn't aware of fs-verity, or the mkfs options were not compatible with - # verity (e.g. ext4 with block size != PAGE_SIZE). + # verity (e.g. ext4 with block size != PAGE_SIZE on old kernels). if ! _try_scratch_mount &>>$seqres.full; then _notrun "kernel is unaware of $FSTYP verity feature," \ "or mkfs options are not compatible with verity" @@ -39,6 +44,27 @@ _require_scratch_verity() _notrun "kernel $FSTYP isn't configured with verity support" fi + # Select a default Merkle tree block size for when tests don't + # explicitly specify one. + # + # For consistency reasons, all 'fsverity' subcommands, including + # 'fsverity enable', default to 4K Merkle tree blocks. That's generally + # not ideal for tests, since it's possible that the filesystem doesn't + # support 4K blocks but does support another size. Specifically, the + # kernel originally supported only merkle_tree_block_size == + # fs_block_size == page_size, and later it was updated to support + # merkle_tree_block_size <= min(fs_block_size, page_size). + # + # Therefore, we default to merkle_tree_block_size == min(fs_block_size, + # page_size). That maximizes the chance of verity actually working. + local fs_block_size=$(_get_block_size $SCRATCH_MNT) + local page_size=$(get_page_size) + if (( fs_block_size <= page_size )); then + FSV_BLOCK_SIZE=$fs_block_size + else + FSV_BLOCK_SIZE=$page_size + fi + # The filesystem may have fs-verity enabled but not actually usable by # default. E.g., ext4 only supports verity on extent-based files, so it # doesn't work on ext3-style filesystems. So, try actually using it. @@ -47,10 +73,6 @@ _require_scratch_verity() fi _scratch_unmount - - # Merkle tree block size. Currently all filesystems only support - # PAGE_SIZE for this. This is also the default for 'fsverity enable'. - FSV_BLOCK_SIZE=$(get_page_size) } # Check for CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y, as well as the userspace From patchwork Thu Dec 29 23:32:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083868 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E140C63707 for ; Thu, 29 Dec 2022 23:35:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234286AbiL2XfO (ORCPT ); Thu, 29 Dec 2022 18:35:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234261AbiL2XfI (ORCPT ); Thu, 29 Dec 2022 18:35:08 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D7C817400; Thu, 29 Dec 2022 15:35:06 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id F0A4FB81A7C; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 95E06C433F0; Thu, 29 Dec 2022 23:35:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356903; bh=jmoj6R6gY8smk3dnMjMohxTWwjv+iMLa1saGMKzmISc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UG61ZeayE/Ym8bci4ImtSwOpSWNdSXqsCdPdelAJgSDloitkwFbbMhQqEzX4PtkCH GLwzRAt1rcqvk8VZef7gyRkh5A+UFIWIOSzaOr4dKag8quLNPNNixGtBmvDUHWYzPv zIAGn+Pj/pMMTC7oGUoKQWJtAPmliBSxAE3L/t63YzRnCyaHYL5z9iIfvcZJfe07ga CUfbGGZoW5OHyuqVsOsJTMBFy4gSk/gCfNyKZ2w5VxNXdHVfdVEPPkvUkjq4PBJbA1 VxZDL/1IdZkDbZW1BB80ZfyVyDn6o8dMbcX8L7IEnVu9tpTy8vioNsHhbCjAhrMsJP aLTgIpuADp8Iw== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 03/10] common/verity: use FSV_BLOCK_SIZE by default Date: Thu, 29 Dec 2022 15:32:15 -0800 Message-Id: <20221229233222.119630-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Make _fsv_enable() and _fsv_sign() default to FSV_BLOCK_SIZE if no block size is explicitly specified, so that the individual tests don't have to do this themselves. This overrides the fsverity-utils default of 4096 bytes, or the page size in older versions of fsverity-utils, both of which may differ from FSV_BLOCK_SIZE. Signed-off-by: Eric Biggers --- common/verity | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/common/verity b/common/verity index a94ebf8e..1c706b80 100644 --- a/common/verity +++ b/common/verity @@ -249,7 +249,13 @@ _fsv_dump_signature() _fsv_enable() { - $FSVERITY_PROG enable "$@" + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG enable "${args[@]}" } _fsv_measure() @@ -259,7 +265,13 @@ _fsv_measure() _fsv_sign() { - $FSVERITY_PROG sign "$@" + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG sign "${args[@]}" } # Generate a file, then enable verity on it. From patchwork Thu Dec 29 23:32:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083864 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7E42C3DA7D for ; Thu, 29 Dec 2022 23:35:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234253AbiL2XfK (ORCPT ); Thu, 29 Dec 2022 18:35:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44232 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234247AbiL2XfH (ORCPT ); Thu, 29 Dec 2022 18:35:07 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9448217586; Thu, 29 Dec 2022 15:35:06 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3E0F8B81A8C; Thu, 29 Dec 2022 23:35:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CD36EC433F2; Thu, 29 Dec 2022 23:35:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356903; bh=+DKfl9iH28Z2EnjFnI28ZOJlv9OShzFbDQIQpAjLgXQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OqcPbArPzicCviBgJERkF9DCfXa8M0TEJc7+znb8/iJUD44TgWiIgbHMydJ+FbTwy KzHhy2OakPr17Tv3G3IjGn4NY2osrJUZYg2ZHU0Bn88M5MpjhRM7NsOvvIi+qxor8t nv1Hl5606UFQvX9lH616Tzv3odgEQk8sqyJSPy69e3x/l9vgFZa0nOeFJxbi0A7Llr WVAPP6sm4Kw8sq8cfs4LjrQsUyBLg8fcVpbbuWE0vzlYc83UstGX/OazdxCYbUqHeZ D75vAmGwo9obICur8OGYceXE/kuXxBoQPXPh70jOjG/jPV2vcjJLwW9ov7gEBr3X6X UGoLPv/DoP5Kw== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 04/10] common/verity: add _filter_fsverity_digest() Date: Thu, 29 Dec 2022 15:32:16 -0800 Message-Id: <20221229233222.119630-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Add a filter that replaces fs-verity digests with a fixed string. This is needed because the fs-verity digests that some tests print are going to start depending on the default Merkle tree block size. Signed-off-by: Eric Biggers --- common/verity | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/common/verity b/common/verity index 1c706b80..b88e839b 100644 --- a/common/verity +++ b/common/verity @@ -406,3 +406,11 @@ _require_fsverity_max_file_size_limit() ;; esac } + +# Replace fs-verity digests, as formatted by the 'fsverity' tool, with . +# This function can be used by tests where fs-verity digests depend on the +# default Merkle tree block size (FSV_BLOCK_SIZE). +_filter_fsverity_digest() +{ + sed -E 's/\b(sha(256|512)):[a-f0-9]{64,}\b/\1:/' +} From patchwork Thu Dec 29 23:32:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083862 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFFD5C3DA7A for ; Thu, 29 Dec 2022 23:35:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234266AbiL2XfJ (ORCPT ); Thu, 29 Dec 2022 18:35:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229650AbiL2XfG (ORCPT ); Thu, 29 Dec 2022 18:35:06 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27ACE17402; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B6BE56199D; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 10A8FC43392; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356904; bh=t4YxnTq55XKnzA6QkU3drS25kE9/QRlSDE3NErRiWn0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uYPCFyp+boAasoOzgydoZbUP/9fMffDFUAFc1hgvDujeZttzCCf4Z+58orKsOrdEg ZryK3UG1dPqhACf+Ebi/PofTxk/9k6x+fHS7IaFGfPmquxUPTOozuRO9T65ikUqMoQ wfhfivkZIv/IxrAaAjdl+e6pKl0edbNkCJPTWVsxAvDOV0sCNI03i9eumLP6CAOkIS Za5gI0t6Z6ls4utrPVmekcKxdLRexBuBu7jdOG1FmZZhqEFzJxlGfpXL3i+CN5alKP NsqD8efkNt17/wnjJOLoKq1tYG9gzBL9Wv09bTOaaQFcGVRryxNxOF6BhACNUZWTrW lRbrGw6LGI7Lg== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 05/10] generic/572: support non-4K Merkle tree block size Date: Thu, 29 Dec 2022 15:32:17 -0800 Message-Id: <20221229233222.119630-6-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/572 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Also remove an unused function. Signed-off-by: Eric Biggers --- tests/generic/572 | 21 ++++++--------------- tests/generic/572.out | 10 +++------- 2 files changed, 9 insertions(+), 22 deletions(-) diff --git a/tests/generic/572 b/tests/generic/572 index cded9ac6..d8071a34 100755 --- a/tests/generic/572 +++ b/tests/generic/572 @@ -9,7 +9,7 @@ # - conditions for enabling verity # - verity files have correct contents and size # - can't change contents of verity files, but can change metadata -# - can retrieve a verity file's measurement via FS_IOC_MEASURE_VERITY +# - can retrieve a verity file's digest via FS_IOC_MEASURE_VERITY # . ./common/preamble _begin_fstest auto quick verity @@ -48,15 +48,6 @@ verify_data_readable() md5sum $file > /dev/null } -verify_data_unreadable() -{ - local file=$1 - - # try both reading just the first data block, and reading until EOF - head -c $FSV_BLOCK_SIZE $file 2>&1 >/dev/null | filter_output - md5sum $file |& filter_output -} - _fsv_scratch_begin_subtest "Enabling verity on file with verity already enabled fails with EEXIST" _fsv_create_enable_file $fsv_file echo "(trying again)" @@ -94,7 +85,7 @@ verify_data_readable $fsv_file _fsv_scratch_begin_subtest "Enabling verity can be interrupted" dd if=/dev/zero of=$fsv_file bs=1 count=0 seek=$((1 << 34)) status=none start_time=$(date +%s) -$FSVERITY_PROG enable $fsv_file & +$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file & sleep 0.5 kill %1 wait @@ -106,7 +97,7 @@ fi _fsv_scratch_begin_subtest "Enabling verity on file with verity already being enabled fails with EBUSY" dd if=/dev/zero of=$fsv_file bs=1 count=0 seek=$((1 << 34)) status=none start_time=$(date +%s) -$FSVERITY_PROG enable $fsv_file & +$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file & sleep 0.5 _fsv_enable $fsv_file |& filter_output kill %1 @@ -129,7 +120,7 @@ verify_data_readable $fsv_file _fsv_scratch_begin_subtest "verity file can be measured" _fsv_create_enable_file $fsv_file >> $seqres.full -_fsv_measure $fsv_file +_fsv_measure $fsv_file | _filter_fsverity_digest _fsv_scratch_begin_subtest "verity file can be renamed" _fsv_create_enable_file $fsv_file @@ -170,8 +161,8 @@ verify_data_readable $fsv_file # Test files <= 1 block in size. These are a bit of a special case since there # are no hash blocks; the root hash is calculated directly over the data block. +_fsv_scratch_begin_subtest "verity on small files" for size in 1 $((FSV_BLOCK_SIZE - 1)) $FSV_BLOCK_SIZE; do - _fsv_scratch_begin_subtest "verity on $size-byte file" head -c $size /dev/urandom > $fsv_orig_file cp $fsv_orig_file $fsv_file _fsv_enable $fsv_file @@ -179,7 +170,7 @@ for size in 1 $((FSV_BLOCK_SIZE - 1)) $FSV_BLOCK_SIZE; do rm -f $fsv_file done -_fsv_scratch_begin_subtest "verity on 100M file (multiple levels in hash tree)" +_fsv_scratch_begin_subtest "verity on 100MB file (multiple levels in hash tree)" head -c 100000000 /dev/urandom > $fsv_orig_file cp $fsv_orig_file $fsv_file _fsv_enable $fsv_file diff --git a/tests/generic/572.out b/tests/generic/572.out index ad381629..d703835b 100644 --- a/tests/generic/572.out +++ b/tests/generic/572.out @@ -39,7 +39,7 @@ bash: SCRATCH_MNT/file.fsv: Operation not permitted # verity file can be read # verity file can be measured -sha256:be54121da3877f8852c65136d731784f134c4dd9d95071502e80d7be9f99b263 +sha256: # verity file can be renamed @@ -58,16 +58,12 @@ sha256:be54121da3877f8852c65136d731784f134c4dd9d95071502e80d7be9f99b263 # Trying to measure non-verity file fails with ENODATA ERROR: FS_IOC_MEASURE_VERITY failed on 'SCRATCH_MNT/file.fsv': No data available -# verity on 1-byte file +# verity on small files Files matched - -# verity on 4095-byte file Files matched - -# verity on 4096-byte file Files matched -# verity on 100M file (multiple levels in hash tree) +# verity on 100MB file (multiple levels in hash tree) Files matched # verity on sparse file From patchwork Thu Dec 29 23:32:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083861 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45D8EC3DA79 for ; Thu, 29 Dec 2022 23:35:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234256AbiL2XfH (ORCPT ); Thu, 29 Dec 2022 18:35:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234211AbiL2XfG (ORCPT ); Thu, 29 Dec 2022 18:35:06 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5853017408; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E7A39619A0; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4847BC433EF; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356904; bh=xKsP/0Vh5sWLaXmpf4gkpUu9ysvAPC2FvhutYJM8cqk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Dg5K8oALAEZJ0TFxHOXCT6QjdILMmdfaLanS6nThOaPCJyme1FWXZrKZ5mpdJVfxd vfN9sX2rG79ihmRqTpEJfdnQ5dzKV+TGXrXGbgThTOPnyq0GF3WKY43YzCre5hBXIF KjrT7/gy8oDLWaf6+rV/IfGLjAYo6wP4V4EngjiJg4BsEgGsktm/oe5EELx8phE6dw yJp1G2yOrfIphMTScZaZyUUsQeOEN+ejMwP+9Dht9W9C0Kd4hPW/v/JxNuRN785YeD CkDEPzUi4Z8hiQKSG5vHS0rSxEE7/5QdfdfMNyCkSt7CVxlrWUyV7zHsB7GBJSrCqv ZVYZi9XJP+Z9g== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 06/10] generic/573: support non-4K Merkle tree block size Date: Thu, 29 Dec 2022 15:32:18 -0800 Message-Id: <20221229233222.119630-7-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/573 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Signed-off-by: Eric Biggers --- tests/generic/573 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/generic/573 b/tests/generic/573 index 63c0aef5..ca0f27f9 100755 --- a/tests/generic/573 +++ b/tests/generic/573 @@ -36,23 +36,23 @@ fsv_file=$SCRATCH_MNT/file.fsv _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY doesn't require root" echo foo > $fsv_file chmod 666 $fsv_file -_user_do "$FSVERITY_PROG enable $fsv_file" +_user_do "$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file" _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires write access" echo foo > $fsv_file >> $seqres.full chmod 444 $fsv_file -_user_do "$FSVERITY_PROG enable $fsv_file" |& _filter_scratch +_user_do "$FSVERITY_PROG enable --block-size=$FSV_BLOCK_SIZE $fsv_file" |& _filter_scratch _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !append-only" echo foo > $fsv_file >> $seqres.full $CHATTR_PROG +a $fsv_file -$FSVERITY_PROG enable $fsv_file |& _filter_scratch +_fsv_enable $fsv_file |& _filter_scratch $CHATTR_PROG -a $fsv_file _fsv_scratch_begin_subtest "FS_IOC_ENABLE_VERITY requires !immutable" echo foo > $fsv_file >> $seqres.full $CHATTR_PROG +i $fsv_file -$FSVERITY_PROG enable $fsv_file |& _filter_scratch +_fsv_enable $fsv_file |& _filter_scratch $CHATTR_PROG -i $fsv_file _fsv_scratch_begin_subtest "FS_IOC_MEASURE_VERITY doesn't require root" From patchwork Thu Dec 29 23:32:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083863 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85275C5479D for ; Thu, 29 Dec 2022 23:35:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234269AbiL2XfJ (ORCPT ); Thu, 29 Dec 2022 18:35:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234216AbiL2XfG (ORCPT ); Thu, 29 Dec 2022 18:35:06 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56F98167CE; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E4D7B61968; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7FDB0C43398; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356904; bh=+7Jd5psu96Ge3avB3nbjvEb1i/yqFLwXtTavAaVo0jE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PvSrOscolVUCWWuUSNRzErhdQDzKaixyoObU4WEhTj0jgNk/Fp4gDiPdoz0bxYtme au7XWs1H2k9ahnacigQgTLys4ed+cyTcROx6nLT6mCHit5k1skKLtarWVBL2nDtA3P Q3f51ppac26mEAe+WhfpVrv3xj3HmhTExp41i1eiqc/JJFY48c/D5aKIcmlVO4AymZ kx0xscZrEqR7WsP/60c90UUcpqhMxg7xvMiHyMrhBLkAWWNBt3Xxta134BbPfzE/TB 2ZvKaA73zRk5EewSKRjbyw8mBmUZMm5gDMD85eWBoSOWXfrEshtjYdTx6ulT8CrC5e Ozl5dhBU+l5+w== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 07/10] generic/577: support non-4K Merkle tree block size Date: Thu, 29 Dec 2022 15:32:19 -0800 Message-Id: <20221229233222.119630-8-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Update generic/577 to not implicitly assume that the Merkle tree block size being used is 4096 bytes. Signed-off-by: Eric Biggers --- tests/generic/577 | 22 ++++++++++++---------- tests/generic/577.out | 10 +++++----- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/tests/generic/577 b/tests/generic/577 index 85d680df..bbbfdb0a 100755 --- a/tests/generic/577 +++ b/tests/generic/577 @@ -38,6 +38,11 @@ sigfile=$tmp.sig otherfile=$SCRATCH_MNT/otherfile othersigfile=$tmp.othersig +sign() +{ + _fsv_sign "$@" | _filter_scratch | _filter_fsverity_digest +} + # Setup echo -e "\n# Generating certificates and private keys" @@ -57,14 +62,13 @@ _enable_fsverity_signatures echo -e "\n# Generating file and signing it for fs-verity" head -c 100000 /dev/zero > $fsv_orig_file for suffix in '' '.2'; do - _fsv_sign $fsv_orig_file $sigfile$suffix --key=$keyfile$suffix \ - --cert=$certfile$suffix | _filter_scratch + sign $fsv_orig_file $sigfile$suffix --key=$keyfile$suffix \ + --cert=$certfile$suffix done echo -e "\n# Signing a different file for fs-verity" head -c 100000 /dev/zero | tr '\0' 'X' > $otherfile -_fsv_sign $otherfile $othersigfile --key=$keyfile --cert=$certfile \ - | _filter_scratch +sign $otherfile $othersigfile --key=$keyfile --cert=$certfile # Actual tests @@ -106,16 +110,15 @@ _fsv_enable $fsv_file --signature=$tmp.malformed_sig |& _filter_scratch echo -e "\n# Testing salt" reset_fsv_file -_fsv_sign $fsv_orig_file $sigfile.salted --key=$keyfile --cert=$certfile \ - --salt=abcd | _filter_scratch +sign $fsv_orig_file $sigfile.salted --key=$keyfile --cert=$certfile --salt=abcd _fsv_enable $fsv_file --signature=$sigfile.salted --salt=abcd cmp $fsv_file $fsv_orig_file echo -e "\n# Testing non-default hash algorithm" if _fsv_can_enable $fsv_file --hash-alg=sha512; then reset_fsv_file - _fsv_sign $fsv_orig_file $sigfile.sha512 --key=$keyfile \ - --cert=$certfile --hash-alg=sha512 > /dev/null + sign $fsv_orig_file $sigfile.sha512 --key=$keyfile --cert=$certfile \ + --hash-alg=sha512 > /dev/null _fsv_enable $fsv_file --signature=$sigfile.sha512 --hash-alg=sha512 cmp $fsv_file $fsv_orig_file fi @@ -123,8 +126,7 @@ fi echo -e "\n# Testing empty file" rm -f $fsv_file echo -n > $fsv_file -_fsv_sign $fsv_file $sigfile.emptyfile --key=$keyfile --cert=$certfile | \ - _filter_scratch +sign $fsv_file $sigfile.emptyfile --key=$keyfile --cert=$certfile _fsv_enable $fsv_file --signature=$sigfile.emptyfile # success, all done diff --git a/tests/generic/577.out b/tests/generic/577.out index 0ca417c4..4f360d57 100644 --- a/tests/generic/577.out +++ b/tests/generic/577.out @@ -9,11 +9,11 @@ QA output created by 577 # Enabling fs.verity.require_signatures # Generating file and signing it for fs-verity -Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac) -Signed file 'SCRATCH_MNT/file' (sha256:ecabbfca4efd69a721be824965da10d27900b109549f96687b35a4d91d810dac) +Signed file 'SCRATCH_MNT/file' (sha256:) +Signed file 'SCRATCH_MNT/file' (sha256:) # Signing a different file for fs-verity -Signed file 'SCRATCH_MNT/otherfile' (sha256:b2a419c5a8c767a78c6275d6729794bf51e52ddf8713e31d12a93d61d961f49f) +Signed file 'SCRATCH_MNT/otherfile' (sha256:) # Enabling verity with valid signature (should succeed) @@ -33,9 +33,9 @@ ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Key was rejected b ERROR: FS_IOC_ENABLE_VERITY failed on 'SCRATCH_MNT/file.fsv': Bad message # Testing salt -Signed file 'SCRATCH_MNT/file' (sha256:1cb173bcd199133eb80e9ea4f0f741001b9e73227aa8812685156f2bc8ff45f5) +Signed file 'SCRATCH_MNT/file' (sha256:) # Testing non-default hash algorithm # Testing empty file -Signed file 'SCRATCH_MNT/file.fsv' (sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95) +Signed file 'SCRATCH_MNT/file.fsv' (sha256:) From patchwork Thu Dec 29 23:32:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083869 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8615C3DA7A for ; Thu, 29 Dec 2022 23:35:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234258AbiL2XfM (ORCPT ); Thu, 29 Dec 2022 18:35:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234257AbiL2XfI (ORCPT ); Thu, 29 Dec 2022 18:35:08 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0050F1743A; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6994B6199F; Thu, 29 Dec 2022 23:35:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7A0EC4339B; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356904; bh=gKzCrHy+xzu6Nmwb6CFTwBoc7U+Riz8cqbTqN4FSbyI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Dq0DABxPUyiT1xxLcC8eUjc08rMDSKi/ZOtDfm+C9yVJH8OS1CdXxOPE8Z7/jk1nx 5FiRdK7IaufB2BwLzP86JzlRAC//jnBF9zFgpwBTie2GC0+yK5VWFeAFzThca4VgYg WKkbTki9if8nXghtAzi5RBy/FakcKM6kzYG7FP2XQSmUGkclbEx8kW94EN7wwVwagU YD+vc3Q7Yo24z4RWtZVYkEmSbeGJFm035xB91mYeMXZ2DEyCoKsqHwxKVVeTVHKPGT 1vSXRshTEeeDUyMhGirpzxlcBXHh+5nCDs33r9BPnMXF2Z4lQucxzE5Dg6F1JlMwel lA+UDS5fRj9ew== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 08/10] generic/574: test multiple Merkle tree block sizes Date: Thu, 29 Dec 2022 15:32:20 -0800 Message-Id: <20221229233222.119630-9-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Instead of only testing 4K Merkle tree blocks, test FSV_BLOCK_SIZE, and also other sizes if they happen to be supported. This allows this test to run in cases where it couldn't before and improves test coverage in cases where it did run before. Given that the list of Merkle tree block sizes that will actually work is not fixed, this required reworking the test to not rely on the .out file so heavily. Signed-off-by: Eric Biggers --- tests/generic/574 | 219 +++++++++++++++++++++++++----------------- tests/generic/574.out | 83 +--------------- 2 files changed, 136 insertions(+), 166 deletions(-) diff --git a/tests/generic/574 b/tests/generic/574 index fd4488c9..5d121510 100755 --- a/tests/generic/574 +++ b/tests/generic/574 @@ -37,23 +37,19 @@ fsv_file=$SCRATCH_MNT/file.fsv setup_zeroed_file() { - local len=$1 - local sparse=$2 + local block_size=$1 + local file_len=$2 + local sparse=$3 if $sparse; then - dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$len \ + dd if=/dev/zero of=$fsv_orig_file bs=1 count=0 seek=$file_len \ status=none else - head -c $len /dev/zero > $fsv_orig_file + head -c $file_len /dev/zero > $fsv_orig_file fi cp $fsv_orig_file $fsv_file - _fsv_enable $fsv_file - md5sum $fsv_file |& _filter_scratch -} - -filter_sigbus() -{ - sed -e 's/.*Bus error.*/Bus error/' + _fsv_enable $fsv_file --block-size=$block_size + cmp $fsv_orig_file $fsv_file } round_up_to_page_boundary() @@ -64,65 +60,100 @@ round_up_to_page_boundary() echo $(( (n + page_size - 1) & ~(page_size - 1) )) } +mread() +{ + local file=$1 + local offset=$2 + local length=$3 + local map_len=$(round_up_to_page_boundary $(_get_filesize $file)) + + # Some callers expect xfs_io to crash with SIGBUS due to the mread, + # causing the shell to print "Bus error" to stderr. To allow this + # message to be redirected, execute xfs_io in a new shell instance. + # However, for this to work reliably, we also need to prevent the new + # shell instance from optimizing out the fork and directly exec'ing + # xfs_io. The easiest way to do that is to append 'true' to the + # commands, so that xfs_io is no longer the last command the shell sees. + bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $file \ + -c 'mmap -r 0 $map_len' \ + -c 'mread -v $offset $length'; true" +} + corruption_test() { - local file_len=$1 - local zap_offset=$2 - local zap_len=$3 - local is_merkle_tree=${4:-false} # if true, zap tree instead of data - local use_sparse_file=${5:-false} - local page_aligned_eof=$(round_up_to_page_boundary $file_len) - local measurement + local block_size=$1 + local file_len=$2 + local zap_offset=$3 + local zap_len=$4 + local is_merkle_tree=${5:-false} # if true, zap tree instead of data + local use_sparse_file=${6:-false} + + local paramstr="block_size=$block_size" + paramstr+=", file_len=$file_len" + paramstr+=", zap_offset=$zap_offset" + paramstr+=", zap_len=$zap_len" + paramstr+=", is_merkle_tree=$is_merkle_tree" + paramstr+=", use_sparse_file=$use_sparse_file" if $is_merkle_tree; then local corrupt_func=_fsv_scratch_corrupt_merkle_tree else local corrupt_func=_fsv_scratch_corrupt_bytes fi + local fs_block_size=$(_get_block_size $SCRATCH_MNT) - local msg="Corruption test:" - msg+=" file_len=$file_len" - if $use_sparse_file; then - msg+=" (sparse)" - fi - msg+=" zap_offset=$zap_offset" - if $is_merkle_tree; then - msg+=" (in Merkle tree)" - fi - msg+=" zap_len=$zap_len" + rm -rf "${SCRATCH_MNT:?}"/* + setup_zeroed_file $block_size $file_len $use_sparse_file - _fsv_scratch_begin_subtest "$msg" - setup_zeroed_file $file_len $use_sparse_file - cmp $fsv_file $fsv_orig_file - echo "Corrupting bytes..." + # Corrupt part of the file (data or Merkle tree). head -c $zap_len /dev/zero | tr '\0' X \ | $corrupt_func $fsv_file $zap_offset - echo "Validating corruption (reading full file)..." + # Reading the full file with buffered I/O should fail. _scratch_cycle_mount - md5sum $fsv_file |& _filter_scratch + if cat $fsv_file >/dev/null 2>$tmp.err; then + echo "Unexpectedly was able to read full file ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.err; then + echo "Wrong error reading full file ($paramstr):" + cat $tmp.err + fi - echo "Validating corruption (direct I/O)..." + # Reading the full file with direct I/O should fail. _scratch_cycle_mount - dd if=$fsv_file bs=$FSV_BLOCK_SIZE iflag=direct status=none \ - of=/dev/null |& _filter_scratch + if dd if=$fsv_file bs=$fs_block_size iflag=direct status=none \ + of=/dev/null 2>$tmp.err + then + echo "Unexpectedly was able to read full file with DIO ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.err; then + echo "Wrong error reading full file with DIO ($paramstr):" + cat $tmp.err + fi - if (( zap_offset < file_len )) && ! $is_merkle_tree; then - echo "Validating corruption (reading just corrupted part)..." - dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \ - of=/dev/null status=none |& _filter_scratch + # Reading just the corrupted part of the file should fail. + if ! $is_merkle_tree; then + if dd if=$fsv_file bs=1 skip=$zap_offset count=$zap_len \ + of=/dev/null status=none 2>$tmp.err; then + echo "Unexpectedly was able to read corrupted part ($paramstr)" + elif ! grep -q 'Input/output error' $tmp.err; then + echo "Wrong error reading corrupted part ($paramstr):" + cat $tmp.err + fi fi - echo "Validating corruption (reading full file via mmap)..." - bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ - -c 'mmap -r 0 $page_aligned_eof' \ - -c 'mread 0 $file_len'" |& filter_sigbus + # Reading the full file via mmap should fail. + mread $fsv_file 0 $file_len >/dev/null 2>$tmp.err + if ! grep -q 'Bus error' $tmp.err; then + echo "Didn't see SIGBUS when reading file via mmap" + cat $tmp.err + fi + # Reading just the corrupted part via mmap should fail. if ! $is_merkle_tree; then - echo "Validating corruption (reading just corrupted part via mmap)..." - bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ - -c 'mmap -r 0 $page_aligned_eof' \ - -c 'mread $zap_offset $zap_len'" |& filter_sigbus + mread $fsv_file $zap_offset $zap_len >/dev/null 2>$tmp.err + if ! grep -q 'Bus error' $tmp.err; then + echo "Didn't see SIGBUS when reading corrupted part via mmap" + cat $tmp.err + fi fi } @@ -131,52 +162,64 @@ corruption_test() # return zeros in the last block past EOF, regardless of the contents on # disk. In the former, corruption should be detected and result in SIGBUS, # while in the latter we would expect zeros past EOF, but no error. -corrupt_eof_block_test() { - local file_len=$1 - local zap_len=$2 - local page_aligned_eof=$(round_up_to_page_boundary $file_len) - _fsv_scratch_begin_subtest "Corruption test: EOF block" - setup_zeroed_file $file_len false - cmp $fsv_file $fsv_orig_file - echo "Corrupting bytes..." +corrupt_eof_block_test() +{ + local block_size=$1 + local file_len=$2 + local zap_len=$3 + + rm -rf "${SCRATCH_MNT:?}"/* + setup_zeroed_file $block_size $file_len false head -c $zap_len /dev/zero | tr '\0' X \ | _fsv_scratch_corrupt_bytes $fsv_file $file_len - echo "Reading eof block via mmap into a temporary file..." - bash -c "trap '' SIGBUS; $XFS_IO_PROG -r $fsv_file \ - -c 'mmap -r 0 $page_aligned_eof' \ - -c 'mread -v $file_len $zap_len'" \ - |& filter_sigbus >$tmp.eof_block_read 2>&1 - - head -c $file_len /dev/zero > $tmp.zero_cmp_file - $XFS_IO_PROG -r $tmp.zero_cmp_file \ - -c "mmap -r 0 $page_aligned_eof" \ - -c "mread -v $file_len $zap_len" >$tmp.eof_zero_read - - echo "Checking for SIGBUS or zeros..." - grep -q -e '^Bus error$' $tmp.eof_block_read \ - || diff $tmp.eof_block_read $tmp.eof_zero_read \ - && echo "OK" -} - -# Note: these tests just overwrite some bytes without checking their original -# values. Therefore, make sure to overwrite at least 5 or so bytes, to make it -# nearly guaranteed that there will be a change -- even when the test file is -# encrypted due to the test_dummy_encryption mount option being specified. + mread $fsv_file $file_len $zap_len >$tmp.out 2>$tmp.err -corruption_test 131072 0 5 -corruption_test 131072 4091 5 -corruption_test 131072 65536 65536 -corruption_test 131072 131067 5 + head -c $file_len /dev/zero >$tmp.zeroes + mread $tmp.zeroes $file_len $zap_len >$tmp.zeroes_out -corrupt_eof_block_test 130999 72 + grep -q 'Bus error' $tmp.err || diff $tmp.out $tmp.zeroes_out +} -# Merkle tree corruption. -corruption_test 200000 100 10 true +test_block_size() +{ + local block_size=$1 + + # Note: these tests just overwrite some bytes without checking their + # original values. Therefore, make sure to overwrite at least 5 or so + # bytes, to make it nearly guaranteed that there will be a change -- + # even when the test file is encrypted due to the test_dummy_encryption + # mount option being specified. + corruption_test $block_size 131072 0 5 + corruption_test $block_size 131072 4091 5 + corruption_test $block_size 131072 65536 65536 + corruption_test $block_size 131072 131067 5 + + corrupt_eof_block_test $block_size 130999 72 + + # Merkle tree corruption. + corruption_test $block_size 200000 100 10 true + + # Sparse file. Corrupting the Merkle tree should still cause reads to + # fail, i.e. the filesystem must verify holes. + corruption_test $block_size 200000 100 10 true true +} -# Sparse file. Corrupting the Merkle tree should still cause reads to fail, -# i.e. the filesystem must verify holes. -corruption_test 200000 100 10 true true +# Always test FSV_BLOCK_SIZE. Also test some other block sizes if they happen +# to be supported. +_fsv_scratch_begin_subtest "Testing block_size=FSV_BLOCK_SIZE" +test_block_size $FSV_BLOCK_SIZE +for block_size in 1024 4096 16384 65536; do + _fsv_scratch_begin_subtest "Testing block_size=$block_size if supported" + if (( block_size == FSV_BLOCK_SIZE )); then + continue # Skip redundant test case. + fi + if ! _fsv_can_enable $fsv_file --block-size=$block_size; then + echo "block_size=$block_size is unsupported" >> $seqres.full + continue + fi + test_block_size $block_size +done # success, all done status=0 diff --git a/tests/generic/574.out b/tests/generic/574.out index d40d1263..3ed57f1c 100644 --- a/tests/generic/574.out +++ b/tests/generic/574.out @@ -1,84 +1,11 @@ QA output created by 574 -# Corruption test: file_len=131072 zap_offset=0 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=FSV_BLOCK_SIZE -# Corruption test: file_len=131072 zap_offset=4091 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=1024 if supported -# Corruption test: file_len=131072 zap_offset=65536 zap_len=65536 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=4096 if supported -# Corruption test: file_len=131072 zap_offset=131067 zap_len=5 -0dfbe8aa4c20b52e1b8bf3cb6cbdf193 SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading just corrupted part)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error -Validating corruption (reading just corrupted part via mmap)... -Bus error +# Testing block_size=16384 if supported -# Corruption test: EOF block -f5cca0d7fbb8b02bc6118a9954d5d306 SCRATCH_MNT/file.fsv -Corrupting bytes... -Reading eof block via mmap into a temporary file... -Checking for SIGBUS or zeros... -OK - -# Corruption test: file_len=200000 zap_offset=100 (in Merkle tree) zap_len=10 -4a1e4325031b13f933ac4f1db9ecb63f SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error - -# Corruption test: file_len=200000 (sparse) zap_offset=100 (in Merkle tree) zap_len=10 -4a1e4325031b13f933ac4f1db9ecb63f SCRATCH_MNT/file.fsv -Corrupting bytes... -Validating corruption (reading full file)... -md5sum: SCRATCH_MNT/file.fsv: Input/output error -Validating corruption (direct I/O)... -dd: error reading 'SCRATCH_MNT/file.fsv': Input/output error -Validating corruption (reading full file via mmap)... -Bus error +# Testing block_size=65536 if supported From patchwork Thu Dec 29 23:32:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083865 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3B62C54EBD for ; Thu, 29 Dec 2022 23:35:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234272AbiL2XfK (ORCPT ); Thu, 29 Dec 2022 18:35:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234244AbiL2XfG (ORCPT ); Thu, 29 Dec 2022 18:35:06 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B0101740A; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3B40C6198E; Thu, 29 Dec 2022 23:35:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF885C433D2; Thu, 29 Dec 2022 23:35:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356905; bh=Xsl4WRll+T0cwHktEtlV+O8N99M2H9MXi9xfwKWCoVg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uA/qLvM7nacAm/4vBPW2w7yx5jP7YKveZt+NiU+MUrEapSK/0paLjh5bMT4L3bEbx ZjMKnU9S6j9n0wAiwpCDutkxDAF3aTtIcogWjOUm8iwOKe1snxFsax8DBTVHk98K8f W+ek/avXt/uH287CJVGCzmfQ1PnfvY+EweUs5pMFqlsuErwfhQUjzrhmDLD66N6017 X7UF0uHy3/ZhRWTCzRuEtEApshq/6gBnSrMwaXvom+xWUnnfhj3Wea9xH/6fuZeQKk ShVmwm3WNlc0FdUjPrj94JOv38m9wprgLMVJd9qSlX90bSJFlo8z4zedVkQ3NaI5/7 yuPEuL2NMb6yA== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 09/10] generic/624: test multiple Merkle tree block sizes Date: Thu, 29 Dec 2022 15:32:21 -0800 Message-Id: <20221229233222.119630-10-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Instead of only testing 4K Merkle tree blocks, test FSV_BLOCK_SIZE, and also other sizes if they happen to be supported. This allows this test to run in cases where it couldn't before and improves test coverage in cases where it did run before. This required reworking the test to compute the expected digests using the 'fsverity digest' command, instead of relying on .out file comparisons. (There isn't much downside to this, since comparison to known-good file digests already happens in generic/575. So if both the kernel and fsverity-utils were to be broken in the same way, generic/575 would detect it. generic/624 serves a different purpose.) Signed-off-by: Eric Biggers --- common/verity | 11 ++++ tests/generic/624 | 119 ++++++++++++++++++++++++++++++------------ tests/generic/624.out | 15 ++---- 3 files changed, 101 insertions(+), 44 deletions(-) diff --git a/common/verity b/common/verity index b88e839b..77c257d3 100644 --- a/common/verity +++ b/common/verity @@ -263,6 +263,17 @@ _fsv_measure() $FSVERITY_PROG measure "$@" | awk '{print $1}' } +_fsv_digest() +{ + local args=("$@") + # If the caller didn't explicitly specify a Merkle tree block size, then + # use FSV_BLOCK_SIZE. + if ! [[ " $*" =~ " --block-size" ]]; then + args+=("--block-size=$FSV_BLOCK_SIZE") + fi + $FSVERITY_PROG digest "${args[@]}" | awk '{print $1}' +} + _fsv_sign() { local args=("$@") diff --git a/tests/generic/624 b/tests/generic/624 index 7c447289..db4b6731 100755 --- a/tests/generic/624 +++ b/tests/generic/624 @@ -24,48 +24,99 @@ _cleanup() _supported_fs generic _require_scratch_verity _disable_fsverity_signatures -# For the output of this test to always be the same, it has to use a specific -# Merkle tree block size. -if [ $FSV_BLOCK_SIZE != 4096 ]; then - _notrun "4096-byte verity block size not supported on this platform" -fi +fsv_orig_file=$SCRATCH_MNT/file +fsv_file=$SCRATCH_MNT/file.fsv _scratch_mkfs_verity &>> $seqres.full _scratch_mount - -echo -e "\n# Creating a verity file" -fsv_file=$SCRATCH_MNT/file -# Always use the same file contents, so that the output of the test is always -# the same. Also use a file that is large enough to have multiple Merkle tree -# levels, so that the test verifies that the blocks are returned in the expected -# order. A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will -# have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1. -head -c 1000000 /dev/zero > $fsv_file -merkle_tree_size=$((3 * FSV_BLOCK_SIZE)) -fsverity_descriptor_size=256 -_fsv_enable $fsv_file --salt=abcd +_fsv_create_enable_file $fsv_file _require_fsverity_dump_metadata $fsv_file -_fsv_measure $fsv_file -echo -e "\n# Dumping Merkle tree" -_fsv_dump_merkle_tree $fsv_file | sha256sum +# Test FS_IOC_READ_VERITY_METADATA on a file that uses the given Merkle tree +# block size. +test_block_size() +{ + local block_size=$1 + local digest_size=32 # assuming SHA-256 + local i + + # Create the file. Make the file size big enough to result in multiple + # Merkle tree levels being needed. The following expression computes a + # file size that needs 2 blocks at level 0, and thus 1 block at level 1. + local file_size=$((block_size * (2 * (block_size / digest_size)))) + head -c $file_size /dev/zero > $fsv_orig_file + local tree_params=("--salt=abcd" "--block-size=$block_size") + cp $fsv_orig_file $fsv_file + _fsv_enable $fsv_file "${tree_params[@]}" + + # Use the 'fsverity digest' command to compute the expected Merkle tree, + # descriptor, and file digest. + # + # Ideally we'd just hard-code expected values into the .out file and + # echo the actual values. That doesn't quite work here, since all these + # values depend on the Merkle tree block size, and the Merkle tree block + # sizes that are supported (and thus get tested here) vary. Therefore, + # we calculate the expected values in userspace with the help of + # 'fsverity digest', then do explicit comparisons with them. This works + # fine as long as fsverity-utils and the kernel don't get broken in the + # same way, in which case generic/575 should detect the problem anyway. + local expected_file_digest=$(_fsv_digest $fsv_orig_file \ + "${tree_params[@]}" \ + --out-merkle-tree=$tmp.merkle_tree.expected \ + --out-descriptor=$tmp.descriptor.expected) + local merkle_tree_size=$(_get_filesize $tmp.merkle_tree.expected) + local descriptor_size=$(_get_filesize $tmp.descriptor.expected) -echo -e "\n# Dumping Merkle tree (in chunks)" -# The above test may get the whole tree in one read, so also try reading it in -# chunks. -for (( i = 0; i < merkle_tree_size; i += 997 )); do - _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997 -done | sha256sum + # 'fsverity measure' should return the expected file digest. + local actual_file_digest=$(_fsv_measure $fsv_file) + if [ "$actual_file_digest" != "$expected_file_digest" ]; then + echo "Measure returned $actual_file_digest but expected $expected_file_digest" + fi -echo -e "\n# Dumping descriptor" -# Note that the hash that is printed here should be the same hash that was -# printed by _fsv_measure above. -_fsv_dump_descriptor $fsv_file | sha256sum + # Test dumping the Merkle tree. + _fsv_dump_merkle_tree $fsv_file > $tmp.merkle_tree.actual + if ! cmp $tmp.merkle_tree.expected $tmp.merkle_tree.actual; then + echo "Dumped Merkle tree didn't match" + fi + + # Test dumping the Merkle tree in chunks. + for (( i = 0; i < merkle_tree_size; i += 997 )); do + _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997 + done > $tmp.merkle_tree.actual + if ! cmp $tmp.merkle_tree.expected $tmp.merkle_tree.actual; then + echo "Dumped Merkle tree (in chunks) didn't match" + fi + + # Test dumping the descriptor. + _fsv_dump_descriptor $fsv_file > $tmp.descriptor.actual + if ! cmp $tmp.descriptor.expected $tmp.descriptor.actual; then + echo "Dumped descriptor didn't match" + fi + + # Test dumping the descriptor in chunks. + for (( i = 0; i < descriptor_size; i += 13 )); do + _fsv_dump_descriptor $fsv_file --offset=$i --length=13 + done > $tmp.descriptor.actual + if ! cmp $tmp.descriptor.expected $tmp.descriptor.actual; then + echo "Dumped descriptor (in chunks) didn't match" + fi +} -echo -e "\n# Dumping descriptor (in chunks)" -for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do - _fsv_dump_descriptor $fsv_file --offset=$i --length=13 -done | sha256sum +# Always test FSV_BLOCK_SIZE. Also test some other block sizes if they happen +# to be supported. +_fsv_scratch_begin_subtest "Testing block_size=FSV_BLOCK_SIZE" +test_block_size $FSV_BLOCK_SIZE +for block_size in 1024 4096 16384 65536; do + _fsv_scratch_begin_subtest "Testing block_size=$block_size if supported" + if (( block_size == FSV_BLOCK_SIZE )); then + continue # Skip redundant test case. + fi + if ! _fsv_can_enable $fsv_file --block-size=$block_size; then + echo "block_size=$block_size is unsupported" >> $seqres.full + continue + fi + test_block_size $block_size +done # success, all done status=0 diff --git a/tests/generic/624.out b/tests/generic/624.out index 912826d3..0ea19ee5 100644 --- a/tests/generic/624.out +++ b/tests/generic/624.out @@ -1,16 +1,11 @@ QA output created by 624 -# Creating a verity file -sha256:11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 +# Testing block_size=FSV_BLOCK_SIZE -# Dumping Merkle tree -db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 - +# Testing block_size=1024 if supported -# Dumping Merkle tree (in chunks) -db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 - +# Testing block_size=4096 if supported -# Dumping descriptor -11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 - +# Testing block_size=16384 if supported -# Dumping descriptor (in chunks) -11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 - +# Testing block_size=65536 if supported From patchwork Thu Dec 29 23:32:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13083866 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70DB9C54EBE for ; Thu, 29 Dec 2022 23:35:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234265AbiL2XfL (ORCPT ); Thu, 29 Dec 2022 18:35:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234251AbiL2XfH (ORCPT ); Thu, 29 Dec 2022 18:35:07 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7BC717430; Thu, 29 Dec 2022 15:35:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 72C8F619A2; Thu, 29 Dec 2022 23:35:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3356DC433F1; Thu, 29 Dec 2022 23:35:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1672356905; bh=tIPvRhAmReZn3hp2NtjbmMf8RfX8t29yRSGPvkg6vzE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DJ5vnpPXkzAoB9FCxG4fyOyNLVcZzGAFOhH0I+BYwKzcIoob27xZGF113uHpiC8cv 05wa0rpE6i6SaRxnoO7tZCSpXCJec0TEBKeP+vDcqU8EhAt2h8G0cel1j16tCTiP7t nl2MLkqxKSm5a9j/DDvUDjXVhhOQVJ+7BQ2Ptj90S8sERQWEavv1HmmKfJX9uKET9j ppOjDEXogcI8Zh5TQDU30nYCb4t3PWDS0cRCPBEJXwHwHf5/8LalMDDWj+MFdkW2BI cx4Bec3YLSTJQJgB9ujWO+NHQ+JhuYGNUTvltTka7WHjA/zzy8+b93Mmp2zPKBhqPS YmSVdfcDl1q8w== From: Eric Biggers To: fstests@vger.kernel.org Cc: linux-fscrypt@vger.kernel.org Subject: [PATCH v3 10/10] generic/575: test 1K Merkle tree block size Date: Thu, 29 Dec 2022 15:32:22 -0800 Message-Id: <20221229233222.119630-11-ebiggers@kernel.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20221229233222.119630-1-ebiggers@kernel.org> References: <20221229233222.119630-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers In addition to 4K, test 1K Merkle tree blocks. Also always run this test, regardless of FSV_BLOCK_SIZE, but allow skipping tests of parameters that are unsupported, unless they are the default. Signed-off-by: Eric Biggers --- tests/generic/575 | 57 +++++++++++++++++++++++++++++++------------ tests/generic/575.out | 8 ++++-- 2 files changed, 47 insertions(+), 18 deletions(-) diff --git a/tests/generic/575 b/tests/generic/575 index 0ece8826..344fd2b9 100755 --- a/tests/generic/575 +++ b/tests/generic/575 @@ -4,7 +4,7 @@ # # FS QA Test generic/575 # -# Test that fs-verity is using the correct measurement values. This test +# Test that fs-verity is using the correct file digest values. This test # verifies that fs-verity is doing its Merkle tree-based hashing correctly, # i.e. that it hasn't been broken by a change. # @@ -26,9 +26,6 @@ _cleanup() # real QA test starts here _supported_fs generic _require_scratch_verity -if [ $FSV_BLOCK_SIZE != 4096 ]; then - _notrun "4096-byte verity block size not supported on this platform" -fi _disable_fsverity_signatures _scratch_mkfs_verity &>> $seqres.full @@ -36,24 +33,42 @@ _scratch_mount fsv_orig_file=$SCRATCH_MNT/file fsv_file=$SCRATCH_MNT/file.fsv +# Try multiple hash algorithms. algs=(sha256 sha512) +# Try multiple Merkle tree block sizes. +block_sizes=(1024 4096) + # Try files with 0, 1, and multiple Merkle tree levels. file_sizes=(0 4096 65536 65536 100000000) # Try both unsalted and salted, and check that empty salt is the same as no salt salts=('' '' '' '--salt=' '--salt=f3c93fa6fb828c0e1587e5714ecf6f56') -# The expected file measurements are here rather than in the expected output -# file because not all hash algorithms may be available. -sha256_vals=( +# The expected file digests are here rather than in the expected output file +# because the kernel might not support all hash algorithms and block sizes. +sha256_vals_bsize1024=( +sha256:f2cca36b9b1b7f07814e4284b10121809133e7cb9c4528c8f6846e85fc624ffa +sha256:ea08590a4fe9c3d6c9dafe0eedacd9dffff8f24e24f1865ee3af132a495ab087 +sha256:527496288d703686e31092f5cca7e1306b2467f00b247ad01056ee5ec35a4bb9 +sha256:527496288d703686e31092f5cca7e1306b2467f00b247ad01056ee5ec35a4bb9 +sha256:087818b23312acb15dff9ff6e2b4f601406d08bb36013542444cc15248f47016 +) +sha256_vals_bsize4096=( sha256:3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95 sha256:babc284ee4ffe7f449377fbf6692715b43aec7bc39c094a95878904d34bac97e sha256:011e3f2b1dc89b75d78cddcc2a1b85cd8a64b2883e5f20f277ae4c0617e0404f sha256:011e3f2b1dc89b75d78cddcc2a1b85cd8a64b2883e5f20f277ae4c0617e0404f sha256:9d33cab743468fcbe4edab91a275b30dd543c12dd5e6ce6f2f737f66a1558f06 ) -sha512_vals=( +sha512_vals_bsize1024=( +sha512:8451664f25b2ad3f24391280e0c5681cb843389c180baa719f8fdfb063f5ddfa2d1c4433e55e2b6fbb3ba6aa2df8a4f41bf56cb7e0a3b617b6919a42c80f034c +sha512:ab3c6444ab377bbe54c604c26cad241b146d85dc29727703a0d8134f70a8172fb3fa67d171355106b69cc0a9e7e9debb335f9461b3aba44093914867f7c73233 +sha512:e6a11353c24dd7b4603cb8ffa50a7041dbea7382d4698474ccbc2d8b34f3a83d8bf16df25c64ed31ee27213a8a3cbd001fb1ccde46384c23b81305c2393c1046 +sha512:e6a11353c24dd7b4603cb8ffa50a7041dbea7382d4698474ccbc2d8b34f3a83d8bf16df25c64ed31ee27213a8a3cbd001fb1ccde46384c23b81305c2393c1046 +sha512:517d573bd50d5f3787f5766c2ac60c7af854b0901b69757b4ef8dd70aa6b30fcc10d81629ce923bdd062a01c20fad0f063a081a2f3b0814ac06547b26bedc0d9 +) +sha512_vals_bsize4096=( sha512:ccf9e5aea1c2a64efa2f2354a6024b90dffde6bbc017825045dce374474e13d10adb9dadcc6ca8e17a3c075fbd31336e8f266ae6fa93a6c3bed66f9e784e5abf sha512:928922686c4caf32175f5236a7f964e9925d10a74dc6d8344a8bd08b23c228ff5792573987d7895f628f39c4f4ebe39a7367d7aeb16aaa0cd324ac1d53664e61 sha512:eab7224ce374a0a4babcb2db25e24836247f38b87806ad9be9e5ba4daac2f5b814fc0cbdfd9f1f8499b3c9a6c1b38fe08974cce49883ab4ccd04462fd2f9507f @@ -61,20 +76,27 @@ sha512:eab7224ce374a0a4babcb2db25e24836247f38b87806ad9be9e5ba4daac2f5b814fc0cbdf sha512:f7083a38644880d25539488313e9e5b41a4d431a0e383945129ad2c36e3c1d0f28928a424641bb1363c12b6e770578102566acea73baf1ce8ee15336f5ba2446 ) -test_alg() +test_alg_with_block_size() { local alg=$1 - local -n vals=${alg}_vals + local block_size=$2 + local -n vals=${alg}_vals_bsize${block_size} local i local file_size local expected actual salt_arg - _fsv_scratch_begin_subtest "Check for expected measurement values ($alg)" + _fsv_scratch_begin_subtest "Testing alg=$alg, block_size=$block_size if supported" - if ! _fsv_can_enable $fsv_file --hash-alg=$alg; then - if [ "$alg" = sha256 ]; then - _fail "Something is wrong - sha256 hash should always be available" + if ! _fsv_can_enable $fsv_file --hash-alg=$alg --block-size=$block_size + then + # Since this is after _require_scratch_verity, sha256 with + # FSV_BLOCK_SIZE must be supported. + if [ "$alg" = "sha256" -a "$block_size" = "$FSV_BLOCK_SIZE" ] + then + _fail "Failed to enable verity with default params" fi + # This combination of parameters is unsupported; skip it. + echo "alg=$alg, block_size=$block_size is unsupported" >> $seqres.full return 0 fi @@ -85,7 +107,8 @@ test_alg() head -c $file_size /dev/zero > $fsv_orig_file cp $fsv_orig_file $fsv_file - _fsv_enable --hash-alg=$alg $salt_arg $fsv_file + _fsv_enable $fsv_file --hash-alg=$alg --block-size=$block_size \ + $salt_arg actual=$(_fsv_measure $fsv_file) if [ "$actual" != "$expected" ]; then echo "Mismatch: expected $expected, kernel calculated $actual (file_size=$file_size)" @@ -96,7 +119,9 @@ test_alg() } for alg in ${algs[@]}; do - test_alg $alg + for block_size in ${block_sizes[@]}; do + test_alg_with_block_size $alg $block_size + done done # success, all done diff --git a/tests/generic/575.out b/tests/generic/575.out index 77bec43e..5ad70773 100644 --- a/tests/generic/575.out +++ b/tests/generic/575.out @@ -1,5 +1,9 @@ QA output created by 575 -# Check for expected measurement values (sha256) +# Testing alg=sha256, block_size=1024 if supported -# Check for expected measurement values (sha512) +# Testing alg=sha256, block_size=4096 if supported + +# Testing alg=sha512, block_size=1024 if supported + +# Testing alg=sha512, block_size=4096 if supported