* [xfstests RFC PATCH 0/4] Test the FS_IOC_READ_VERITY_METADATA ioctl
@ 2021-01-15 18:28 Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 1/4] generic: factor out helpers for fs-verity built-in signatures Eric Biggers
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Eric Biggers @ 2021-01-15 18:28 UTC (permalink / raw)
To: fstests
Cc: linux-fscrypt, linux-ext4, linux-f2fs-devel, Theodore Ts'o,
Jaegeuk Kim, Victor Hsieh
From: Eric Biggers <ebiggers@google.com>
This RFC patchset adds tests for the FS_IOC_READ_VERITY_METADATA ioctl
which I've proposed at
https://lkml.kernel.org/linux-fscrypt/20210115181819.34732-1-ebiggers@kernel.org/T/#u.
It relies on a new 'dump_metadata' subcommand for the 'fsverity' program
from fsverity-utils, which I've proposed at
https://lkml.kernel.org/linux-fscrypt/20210115182402.35691-1-ebiggers@kernel.org/T/#u.
The tests run on ext4 and f2fs (the filesystems that support fs-verity).
Eric Biggers (4):
generic: factor out helpers for fs-verity built-in signatures
generic: add helpers for dumping fs-verity metadata
generic: test retrieving verity Merkle tree and descriptor
generic: test retrieving verity signature
common/verity | 73 ++++++++++++++++++++++++++++++++++++++-
tests/generic/577 | 15 ++------
tests/generic/901 | 79 +++++++++++++++++++++++++++++++++++++++++++
tests/generic/901.out | 16 +++++++++
tests/generic/902 | 66 ++++++++++++++++++++++++++++++++++++
tests/generic/902.out | 7 ++++
tests/generic/group | 2 ++
7 files changed, 245 insertions(+), 13 deletions(-)
create mode 100755 tests/generic/901
create mode 100644 tests/generic/901.out
create mode 100644 tests/generic/902
create mode 100644 tests/generic/902.out
--
2.30.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [xfstests RFC PATCH 1/4] generic: factor out helpers for fs-verity built-in signatures
2021-01-15 18:28 [xfstests RFC PATCH 0/4] Test the FS_IOC_READ_VERITY_METADATA ioctl Eric Biggers
@ 2021-01-15 18:28 ` Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 2/4] generic: add helpers for dumping fs-verity metadata Eric Biggers
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Eric Biggers @ 2021-01-15 18:28 UTC (permalink / raw)
To: fstests
Cc: linux-fscrypt, linux-ext4, linux-f2fs-devel, Theodore Ts'o,
Jaegeuk Kim, Victor Hsieh
From: Eric Biggers <ebiggers@google.com>
The test for retrieving a verity file's built-in signature using
FS_IOC_READ_VERITY_METADATA will need to set up a file with a built-in
signature, which requires the same commands that generic/577 does.
Factor this out into helper functions in common/verity.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
common/verity | 37 ++++++++++++++++++++++++++++++++++++-
tests/generic/577 | 15 +++------------
2 files changed, 39 insertions(+), 13 deletions(-)
diff --git a/common/verity b/common/verity
index a8d3de06..9a182240 100644
--- a/common/verity
+++ b/common/verity
@@ -48,12 +48,47 @@ _require_scratch_verity()
FSV_BLOCK_SIZE=$(get_page_size)
}
-# Check for CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y.
+# Check for CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y, as well as the userspace
+# commands needed to generate certificates and add them to the kernel.
_require_fsverity_builtin_signatures()
{
if [ ! -e /proc/sys/fs/verity/require_signatures ]; then
_notrun "kernel doesn't support fs-verity builtin signatures"
fi
+ _require_command "$OPENSSL_PROG" openssl
+ _require_command "$KEYCTL_PROG" keyctl
+}
+
+# Use the openssl program to generate a private key and a X.509 certificate for
+# use with fs-verity built-in signature verification, and convert the
+# certificate to DER format.
+_fsv_generate_cert()
+{
+ local keyfile=$1
+ local certfile=$2
+ local certfileder=$3
+
+ if ! $OPENSSL_PROG req -newkey rsa:4096 -nodes -batch -x509 \
+ -keyout $keyfile -out $certfile &>> $seqres.full; then
+ _fail "Failed to generate certificate and private key (see $seqres.full)"
+ fi
+ $OPENSSL_PROG x509 -in $certfile -out $certfileder -outform der
+}
+
+# Clear the .fs-verity keyring.
+_fsv_clear_keyring()
+{
+ $KEYCTL_PROG clear %keyring:.fs-verity
+}
+
+# Load the given X.509 certificate in DER format into the .fs-verity keyring so
+# that the kernel can use it to verify built-in signatures.
+_fsv_load_cert()
+{
+ local certfileder=$1
+
+ $KEYCTL_PROG padd asymmetric '' %keyring:.fs-verity \
+ < $certfileder >> $seqres.full
}
# Disable mandatory signatures for fs-verity files, if they are supported.
diff --git a/tests/generic/577 b/tests/generic/577
index 0e945942..114463be 100755
--- a/tests/generic/577
+++ b/tests/generic/577
@@ -34,8 +34,6 @@ rm -f $seqres.full
_supported_fs generic
_require_scratch_verity
_require_fsverity_builtin_signatures
-_require_command "$OPENSSL_PROG" openssl
-_require_command "$KEYCTL_PROG" keyctl
_scratch_mkfs_verity &>> $seqres.full
_scratch_mount
@@ -53,21 +51,14 @@ othersigfile=$tmp.othersig
echo -e "\n# Generating certificates and private keys"
for suffix in '' '.2'; do
- if ! $OPENSSL_PROG req -newkey rsa:4096 -nodes -batch -x509 \
- -keyout $keyfile$suffix -out $certfile$suffix \
- &>> $seqres.full; then
- _fail "Failed to generate certificate and private key (see $seqres.full)"
- fi
- $OPENSSL_PROG x509 -in $certfile$suffix -out $certfileder$suffix \
- -outform der
+ _fsv_generate_cert $keyfile$suffix $certfile$suffix $certfileder$suffix
done
echo -e "\n# Clearing fs-verity keyring"
-$KEYCTL_PROG clear %keyring:.fs-verity
+_fsv_clear_keyring
echo -e "\n# Loading first certificate into fs-verity keyring"
-$KEYCTL_PROG padd asymmetric '' %keyring:.fs-verity \
- < $certfileder >> $seqres.full
+_fsv_load_cert $certfileder
echo -e "\n# Enabling fs.verity.require_signatures"
_enable_fsverity_signatures
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [xfstests RFC PATCH 2/4] generic: add helpers for dumping fs-verity metadata
2021-01-15 18:28 [xfstests RFC PATCH 0/4] Test the FS_IOC_READ_VERITY_METADATA ioctl Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 1/4] generic: factor out helpers for fs-verity built-in signatures Eric Biggers
@ 2021-01-15 18:28 ` Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 3/4] generic: test retrieving verity Merkle tree and descriptor Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 4/4] generic: test retrieving verity signature Eric Biggers
3 siblings, 0 replies; 5+ messages in thread
From: Eric Biggers @ 2021-01-15 18:28 UTC (permalink / raw)
To: fstests
Cc: linux-fscrypt, linux-ext4, linux-f2fs-devel, Theodore Ts'o,
Jaegeuk Kim, Victor Hsieh
From: Eric Biggers <ebiggers@google.com>
In common/verity, add helper functions for dumping a file's fs-verity
metadata using the new FS_IOC_READ_VERITY_METADATA ioctl.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
common/verity | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/common/verity b/common/verity
index 9a182240..38eea157 100644
--- a/common/verity
+++ b/common/verity
@@ -120,6 +120,27 @@ _restore_fsverity_signatures()
fi
}
+# Require userspace and kernel support for 'fsverity dump_metadata'.
+# $1 must be a file with fs-verity enabled.
+_require_fsverity_dump_metadata()
+{
+ local verity_file=$1
+ local tmpfile=$tmp.require_fsverity_dump_metadata
+
+ if _fsv_dump_merkle_tree "$verity_file" 2>"$tmpfile" >/dev/null; then
+ return
+ fi
+ if grep -q "^ERROR: unrecognized command: 'dump_metadata'$" "$tmpfile"
+ then
+ _notrun "Missing 'fsverity dump_metadata' command"
+ fi
+ if grep -q "^ERROR: FS_IOC_READ_VERITY_METADATA failed on '.*': Inappropriate ioctl for device$" "$tmpfile"
+ then
+ _notrun "Kernel doesn't support FS_IOC_READ_VERITY_METADATA"
+ fi
+ _fail "Unexpected output from 'fsverity dump_metadata': $(<"$tmpfile")"
+}
+
_scratch_mkfs_verity()
{
case $FSTYP in
@@ -157,6 +178,21 @@ _fsv_scratch_begin_subtest()
echo -e "\n# $msg"
}
+_fsv_dump_merkle_tree()
+{
+ $FSVERITY_PROG dump_metadata merkle_tree "$@"
+}
+
+_fsv_dump_descriptor()
+{
+ $FSVERITY_PROG dump_metadata descriptor "$@"
+}
+
+_fsv_dump_signature()
+{
+ $FSVERITY_PROG dump_metadata signature "$@"
+}
+
_fsv_enable()
{
$FSVERITY_PROG enable "$@"
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [xfstests RFC PATCH 3/4] generic: test retrieving verity Merkle tree and descriptor
2021-01-15 18:28 [xfstests RFC PATCH 0/4] Test the FS_IOC_READ_VERITY_METADATA ioctl Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 1/4] generic: factor out helpers for fs-verity built-in signatures Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 2/4] generic: add helpers for dumping fs-verity metadata Eric Biggers
@ 2021-01-15 18:28 ` Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 4/4] generic: test retrieving verity signature Eric Biggers
3 siblings, 0 replies; 5+ messages in thread
From: Eric Biggers @ 2021-01-15 18:28 UTC (permalink / raw)
To: fstests
Cc: linux-fscrypt, linux-ext4, linux-f2fs-devel, Theodore Ts'o,
Jaegeuk Kim, Victor Hsieh
From: Eric Biggers <ebiggers@google.com>
Add a test which tests retrieving the Merkle tree and fs-verity
descriptor of a verity file using the new FS_IOC_READ_VERITY_METADATA
ioctl.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
tests/generic/901 | 79 +++++++++++++++++++++++++++++++++++++++++++
tests/generic/901.out | 16 +++++++++
tests/generic/group | 1 +
3 files changed, 96 insertions(+)
create mode 100755 tests/generic/901
create mode 100644 tests/generic/901.out
diff --git a/tests/generic/901 b/tests/generic/901
new file mode 100755
index 00000000..24889d63
--- /dev/null
+++ b/tests/generic/901
@@ -0,0 +1,79 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0-only
+# Copyright 2021 Google LLC
+#
+# FS QA Test No. 901
+#
+# Test retrieving the Merkle tree and fs-verity descriptor of a verity file
+# using FS_IOC_READ_VERITY_METADATA.
+#
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+. ./common/rc
+. ./common/filter
+. ./common/verity
+
+rm -f $seqres.full
+
+_supported_fs generic
+_require_scratch_verity
+_disable_fsverity_signatures
+# For the output of this test to always be the same, it has to use a specific
+# Merkle tree block size.
+if [ $FSV_BLOCK_SIZE != 4096 ]; then
+ _notrun "4096-byte verity block size not supported on this platform"
+fi
+
+_scratch_mkfs_verity &>> $seqres.full
+_scratch_mount
+
+echo -e "\n# Creating a verity file"
+fsv_file=$SCRATCH_MNT/file
+# Always use the same file contents, so that the output of the test is always
+# the same. Also use a file that is large enough to have multiple Merkle tree
+# levels, so that the test verifies that the blocks are returned in the expected
+# order. A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will
+# have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1.
+head -c 1000000 /dev/zero > $fsv_file
+merkle_tree_size=$((3 * FSV_BLOCK_SIZE))
+fsverity_descriptor_size=256
+_fsv_enable $fsv_file --salt=abcd
+_require_fsverity_dump_metadata $fsv_file
+_fsv_measure $fsv_file
+
+echo -e "\n# Dumping Merkle tree"
+_fsv_dump_merkle_tree $fsv_file | sha256sum
+
+echo -e "\n# Dumping Merkle tree (in chunks)"
+# The above test may get the whole tree in one read, so also try reading it in
+# chunks.
+for (( i = 0; i < merkle_tree_size; i += 997 )); do
+ _fsv_dump_merkle_tree $fsv_file --offset=$i --length=997
+done | sha256sum
+
+echo -e "\n# Dumping descriptor"
+# Note that the hash that is printed here should be the same hash that was
+# printed by _fsv_measure above.
+_fsv_dump_descriptor $fsv_file | sha256sum
+
+echo -e "\n# Dumping descriptor (in chunks)"
+for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do
+ _fsv_dump_descriptor $fsv_file --offset=$i --length=13
+done | sha256sum
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/901.out b/tests/generic/901.out
new file mode 100644
index 00000000..ab018052
--- /dev/null
+++ b/tests/generic/901.out
@@ -0,0 +1,16 @@
+QA output created by 901
+
+# Creating a verity file
+sha256:11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73
+
+# Dumping Merkle tree
+db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 -
+
+# Dumping Merkle tree (in chunks)
+db88cdad554734cd648a1bfbb5be7f86646c54397847aab0b3f42a28829fed17 -
+
+# Dumping descriptor
+11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 -
+
+# Dumping descriptor (in chunks)
+11e4f886bf2d70a6ef3a8b6ce8e8c62c9e5d3263208b9f120ae46791f124be73 -
diff --git a/tests/generic/group b/tests/generic/group
index 30a73605..3f2edfc0 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -624,3 +624,4 @@
619 auto rw enospc
620 auto mount quick
621 auto quick encrypt
+901 auto quick verity
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [xfstests RFC PATCH 4/4] generic: test retrieving verity signature
2021-01-15 18:28 [xfstests RFC PATCH 0/4] Test the FS_IOC_READ_VERITY_METADATA ioctl Eric Biggers
` (2 preceding siblings ...)
2021-01-15 18:28 ` [xfstests RFC PATCH 3/4] generic: test retrieving verity Merkle tree and descriptor Eric Biggers
@ 2021-01-15 18:28 ` Eric Biggers
3 siblings, 0 replies; 5+ messages in thread
From: Eric Biggers @ 2021-01-15 18:28 UTC (permalink / raw)
To: fstests
Cc: linux-fscrypt, linux-ext4, linux-f2fs-devel, Theodore Ts'o,
Jaegeuk Kim, Victor Hsieh
From: Eric Biggers <ebiggers@google.com>
Add a test which tests dumping the built-in signature of a verity file
using the new FS_IOC_READ_VERITY_METADATA ioctl.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
tests/generic/902 | 66 +++++++++++++++++++++++++++++++++++++++++++
tests/generic/902.out | 7 +++++
tests/generic/group | 1 +
3 files changed, 74 insertions(+)
create mode 100644 tests/generic/902
create mode 100644 tests/generic/902.out
diff --git a/tests/generic/902 b/tests/generic/902
new file mode 100644
index 00000000..ee1096df
--- /dev/null
+++ b/tests/generic/902
@@ -0,0 +1,66 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0-only
+# Copyright 2021 Google LLC
+#
+# FS QA Test No. 902
+#
+# Test retrieving the built-in signature of a verity file using
+# FS_IOC_READ_VERITY_METADATA.
+#
+# This is separate from the other tests for FS_IOC_READ_VERITY_METADATA because
+# the fs-verity built-in signature support is optional.
+#
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+ cd /
+ rm -f $tmp.*
+}
+
+. ./common/rc
+. ./common/filter
+. ./common/verity
+
+rm -f $seqres.full
+
+_supported_fs generic
+_require_scratch_verity
+_require_fsverity_builtin_signatures
+
+_scratch_mkfs_verity &>> $seqres.full
+_scratch_mount
+
+echo -e "\n# Setting up signed verity file"
+_fsv_generate_cert $tmp.key $tmp.cert $tmp.cert.der
+_fsv_clear_keyring
+_fsv_load_cert $tmp.cert.der
+fsv_file=$SCRATCH_MNT/file
+echo foo > $fsv_file
+_fsv_sign $fsv_file $tmp.sig --key=$tmp.key --cert=$tmp.cert >> $seqres.full
+_fsv_enable $fsv_file --signature=$tmp.sig
+_require_fsverity_dump_metadata $fsv_file
+
+echo -e "\n# Dumping and comparing signature"
+_fsv_dump_signature $fsv_file > $tmp.sig2
+# The signature returned by FS_IOC_READ_VERITY_METADATA should exactly match the
+# one we passed to FS_IOC_ENABLE_VERITY earlier.
+cmp $tmp.sig $tmp.sig2
+
+echo -e "\n# Dumping and comparing signature (in chunks)"
+sig_size=$(stat -c %s $tmp.sig)
+for (( i = 0; i < sig_size; i += 13 )); do
+ _fsv_dump_signature $fsv_file --offset=$i --length=13
+done > $tmp.sig2
+cmp $tmp.sig $tmp.sig2
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/902.out b/tests/generic/902.out
new file mode 100644
index 00000000..4b8d9f6e
--- /dev/null
+++ b/tests/generic/902.out
@@ -0,0 +1,7 @@
+QA output created by 902
+
+# Setting up signed verity file
+
+# Dumping and comparing signature
+
+# Dumping and comparing signature (in chunks)
diff --git a/tests/generic/group b/tests/generic/group
index 3f2edfc0..84fec240 100644
--- a/tests/generic/group
+++ b/tests/generic/group
@@ -625,3 +625,4 @@
620 auto mount quick
621 auto quick encrypt
901 auto quick verity
+902 auto quick verity
--
2.30.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-01-15 18:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-15 18:28 [xfstests RFC PATCH 0/4] Test the FS_IOC_READ_VERITY_METADATA ioctl Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 1/4] generic: factor out helpers for fs-verity built-in signatures Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 2/4] generic: add helpers for dumping fs-verity metadata Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 3/4] generic: test retrieving verity Merkle tree and descriptor Eric Biggers
2021-01-15 18:28 ` [xfstests RFC PATCH 4/4] generic: test retrieving verity signature Eric Biggers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).