fstests: add btrfs fs-verity send/recv test

Test btrfs send/recv support for fs-verity. Includes tests for
signatures, salts, and interaction with chmod/caps. The last of those is
to ensure the various features that go in during inode_finalize interact
properly.

This depends on the kernel patch adding support for send:
btrfs: send: add support for fs-verity

And the btrfs-progs patch adding support for recv:
btrfs-progs: receive: add support for fs-verity

Signed-off-by: Boris Burkov <boris@bur.io>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Zorro Lang <zlang@kernel.org>

diff --git a/tests/btrfs/277 b/tests/btrfs/277
new file mode 100755 (executable)
index 0000000..f5684fd
--- /dev/null
+++ b/tests/btrfs/277
@@ -0,0 +1,115 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (c) 2022 Meta, Inc.  All Rights Reserved.
+#
+# FS QA Test 277
+#
+# Test sendstreams involving fs-verity enabled files.
+#
+. ./common/preamble
+_begin_fstest auto quick verity send
+
+# Override the default cleanup function.
+_cleanup()
+{
+       cd /
+       _restore_fsverity_signatures
+       rm -r -f $tmp.*
+}
+
+# Import common functions.
+. ./common/filter
+. ./common/verity
+
+# real QA test starts here
+
+# Modify as appropriate.
+_supported_fs btrfs
+_require_scratch_verity
+_require_fsverity_builtin_signatures
+_require_command "$SETCAP_PROG" setcap
+_require_command "$GETCAP_PROG" getcap
+
+subv=$SCRATCH_MNT/subv
+fsv_file=$subv/file.fsv
+keyfile=$tmp.key.pem
+certfile=$tmp.cert.pem
+certfileder=$tmp.cert.der
+sigfile=$tmp.sig
+stream=$tmp.fsv.ss
+
+_test_send_verity() {
+       local sig=$1
+       local salt=$2
+       local extra_args=""
+
+       _scratch_mkfs >> $seqres.full
+       _scratch_mount
+       echo -e "\nverity send/recv test: sig: $sig salt: $salt"
+       _disable_fsverity_signatures
+
+       echo "create subvolume"
+       $BTRFS_UTIL_PROG subvolume create $subv >> $seqres.full
+       echo "create file"
+       $XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $fsv_file
+       if $salt; then
+               extra_args+=" --salt=deadbeef"
+       fi
+       if $sig; then
+               echo "generate keys and cert"
+               _fsv_generate_cert $keyfile $certfile $certfileder
+               echo "clear keyring"
+               _fsv_clear_keyring
+               echo "load cert into keyring"
+               _fsv_load_cert $certfileder
+               echo "require signatures"
+               _enable_fsverity_signatures
+               echo "sign file digest"
+               _fsv_sign $fsv_file $sigfile --key=$keyfile --cert=$certfile \
+                       $extra_args | _filter_scratch >> $seqres.full
+               extra_args+=" --signature=$sigfile"
+       fi
+       echo "enable verity"
+       _fsv_enable $fsv_file $extra_args
+       cat $fsv_file > $tmp.file-before
+       _fsv_measure $fsv_file > $tmp.digest-before
+
+       # ensure send plays nice with other properties that are set when
+       # finishing the file during send, like chmod and capabilities.
+       echo "modify other properties"
+       chmod a+x $fsv_file
+       $SETCAP_PROG "cap_sys_ptrace+ep cap_sys_nice+ep" $fsv_file
+       $GETCAP_PROG $fsv_file > $tmp.cap-before
+
+       echo "set subvolume read only"
+       $BTRFS_UTIL_PROG property set $subv ro true
+       echo "send subvolume"
+       $BTRFS_UTIL_PROG send $subv -f $stream -q >> $seqres.full
+
+       echo "blow away fs"
+       _scratch_unmount
+       _scratch_mkfs >> $seqres.full
+       _scratch_mount
+
+       echo "receive sendstream"
+       $BTRFS_UTIL_PROG receive $SCRATCH_MNT -f $stream -q >> $seqres.full
+
+       echo "check received subvolume..."
+       _scratch_cycle_mount
+       _fsv_measure $fsv_file > $tmp.digest-after
+       $GETCAP_PROG $fsv_file > $tmp.cap-after
+       diff $tmp.file-before $fsv_file
+       diff $tmp.digest-before $tmp.digest-after
+       diff $tmp.cap-before $tmp.cap-after
+       _scratch_unmount
+       echo OK
+}
+
+_test_send_verity false false # no sig; no salt
+_test_send_verity false true # no sig; salt
+_test_send_verity true false # sig; no salt
+_test_send_verity true true # sig; salt
+
+# success, all done
+status=0
+exit

diff --git a/tests/btrfs/277.out b/tests/btrfs/277.out
new file mode 100644 (file)
index 0000000..5f778cf
--- /dev/null
+++ b/tests/btrfs/277.out
@@ -0,0 +1,59 @@
+QA output created by 277
+
+verity send/recv test: sig: false salt: false
+create subvolume
+create file
+enable verity
+modify other properties
+set subvolume read only
+send subvolume
+blow away fs
+receive sendstream
+check received subvolume...
+OK
+
+verity send/recv test: sig: false salt: true
+create subvolume
+create file
+enable verity
+modify other properties
+set subvolume read only
+send subvolume
+blow away fs
+receive sendstream
+check received subvolume...
+OK
+
+verity send/recv test: sig: true salt: false
+create subvolume
+create file
+generate keys and cert
+clear keyring
+load cert into keyring
+require signatures
+sign file digest
+enable verity
+modify other properties
+set subvolume read only
+send subvolume
+blow away fs
+receive sendstream
+check received subvolume...
+OK
+
+verity send/recv test: sig: true salt: true
+create subvolume
+create file
+generate keys and cert
+clear keyring
+load cert into keyring
+require signatures
+sign file digest
+enable verity
+modify other properties
+set subvolume read only
+send subvolume
+blow away fs
+receive sendstream
+check received subvolume...
+OK