generic: test retrieving verity signature
authorEric Biggers <ebiggers@google.com>
Wed, 24 Feb 2021 22:35:37 +0000 (14:35 -0800)
committerEryu Guan <guaneryu@gmail.com>
Sun, 7 Mar 2021 16:51:34 +0000 (00:51 +0800)
Add a test which tests dumping the built-in signature of a verity file
using the new FS_IOC_READ_VERITY_METADATA ioctl.

Signed-off-by: Eric Biggers <ebiggers@google.com>
tests/generic/625 [new file with mode: 0755]
tests/generic/625.out [new file with mode: 0644]
tests/generic/group

diff --git a/tests/generic/625 b/tests/generic/625
new file mode 100755 (executable)
index 0000000..84bbbce
--- /dev/null
@@ -0,0 +1,66 @@
+#! /bin/bash
+# SPDX-License-Identifier: GPL-2.0-only
+# Copyright 2021 Google LLC
+#
+# FS QA Test No. 625
+#
+# Test retrieving the built-in signature of a verity file using
+# FS_IOC_READ_VERITY_METADATA.
+#
+# This is separate from the other tests for FS_IOC_READ_VERITY_METADATA because
+# the fs-verity built-in signature support is optional.
+#
+seq=`basename $0`
+seqres=$RESULT_DIR/$seq
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1       # failure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_cleanup()
+{
+       cd /
+       rm -f $tmp.*
+}
+
+. ./common/rc
+. ./common/filter
+. ./common/verity
+
+rm -f $seqres.full
+
+_supported_fs generic
+_require_scratch_verity
+_require_fsverity_builtin_signatures
+
+_scratch_mkfs_verity &>> $seqres.full
+_scratch_mount
+
+echo -e "\n# Setting up signed verity file"
+_fsv_generate_cert $tmp.key $tmp.cert $tmp.cert.der
+_fsv_clear_keyring
+_fsv_load_cert $tmp.cert.der
+fsv_file=$SCRATCH_MNT/file
+echo foo > $fsv_file
+_fsv_sign $fsv_file $tmp.sig --key=$tmp.key --cert=$tmp.cert >> $seqres.full
+_fsv_enable $fsv_file --signature=$tmp.sig
+_require_fsverity_dump_metadata $fsv_file
+
+echo -e "\n# Dumping and comparing signature"
+_fsv_dump_signature $fsv_file > $tmp.sig2
+# The signature returned by FS_IOC_READ_VERITY_METADATA should exactly match the
+# one we passed to FS_IOC_ENABLE_VERITY earlier.
+cmp $tmp.sig $tmp.sig2
+
+echo -e "\n# Dumping and comparing signature (in chunks)"
+sig_size=$(stat -c %s $tmp.sig)
+for (( i = 0; i < sig_size; i += 13 )); do
+       _fsv_dump_signature $fsv_file --offset=$i --length=13
+done > $tmp.sig2
+cmp $tmp.sig $tmp.sig2
+
+# success, all done
+status=0
+exit
diff --git a/tests/generic/625.out b/tests/generic/625.out
new file mode 100644 (file)
index 0000000..3523719
--- /dev/null
@@ -0,0 +1,7 @@
+QA output created by 625
+
+# Setting up signed verity file
+
+# Dumping and comparing signature
+
+# Dumping and comparing signature (in chunks)
index 8651319..84db378 100644 (file)
 622 auto shutdown metadata atime
 623 auto quick shutdown
 624 auto quick verity
 622 auto shutdown metadata atime
 623 auto quick shutdown
 624 auto quick verity
+625 auto quick verity