tests/generic/624 - external/git.kernel.org/fs/xfs/xfstests-dev - Git at Google

 #! /bin/bash
 # SPDX-License-Identifier: GPL-2.0-only
 # Copyright 2021 Google LLC
 #
 # FS QA Test No. 624
 #
 # Test retrieving the Merkle tree and fs-verity descriptor of a verity file
 # using FS_IOC_READ_VERITY_METADATA.
 #
 . ./common/preamble
 _begin_fstest auto quick verity

 . ./common/filter
 . ./common/verity

 _supported_fs generic
 _require_scratch_verity
 _disable_fsverity_signatures
 # For the output of this test to always be the same, it has to use a specific
 # Merkle tree block size.
 if [ $FSV_BLOCK_SIZE != 4096 ]; then
 	_notrun "4096-byte verity block size not supported on this platform"
 fi

 _scratch_mkfs_verity &>> $seqres.full
 _scratch_mount

 echo -e "\n# Creating a verity file"
 fsv_file=$SCRATCH_MNT/file
 # Always use the same file contents, so that the output of the test is always
 # the same.  Also use a file that is large enough to have multiple Merkle tree
 # levels, so that the test verifies that the blocks are returned in the expected
 # order.  A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will
 # have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1.
 head -c 1000000 /dev/zero > $fsv_file
 merkle_tree_size=$((3 * FSV_BLOCK_SIZE))
 fsverity_descriptor_size=256
 _fsv_enable $fsv_file --salt=abcd
 _require_fsverity_dump_metadata $fsv_file
 _fsv_measure $fsv_file

 echo -e "\n# Dumping Merkle tree"
 _fsv_dump_merkle_tree $fsv_file | sha256sum

 echo -e "\n# Dumping Merkle tree (in chunks)"
 # The above test may get the whole tree in one read, so also try reading it in
 # chunks.
 for (( i = 0; i < merkle_tree_size; i += 997 )); do
 	_fsv_dump_merkle_tree $fsv_file --offset=$i --length=997
 done | sha256sum

 echo -e "\n# Dumping descriptor"
 # Note that the hash that is printed here should be the same hash that was
 # printed by _fsv_measure above.
 _fsv_dump_descriptor $fsv_file | sha256sum

 echo -e "\n# Dumping descriptor (in chunks)"
 for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do
 	_fsv_dump_descriptor $fsv_file --offset=$i --length=13
 done | sha256sum

 # success, all done
 status=0
 exit
	#! /bin/bash
	# SPDX-License-Identifier: GPL-2.0-only
	# Copyright 2021 Google LLC
	#
	# FS QA Test No. 624
	#
	# Test retrieving the Merkle tree and fs-verity descriptor of a verity file
	# using FS_IOC_READ_VERITY_METADATA.
	#
	. ./common/preamble
	_begin_fstest auto quick verity

	. ./common/filter
	. ./common/verity

	_supported_fs generic
	_require_scratch_verity
	_disable_fsverity_signatures
	# For the output of this test to always be the same, it has to use a specific
	# Merkle tree block size.
	if [ $FSV_BLOCK_SIZE != 4096 ]; then
	_notrun "4096-byte verity block size not supported on this platform"
	fi

	_scratch_mkfs_verity &>> $seqres.full
	_scratch_mount

	echo -e "\n# Creating a verity file"
	fsv_file=$SCRATCH_MNT/file
	# Always use the same file contents, so that the output of the test is always
	# the same. Also use a file that is large enough to have multiple Merkle tree
	# levels, so that the test verifies that the blocks are returned in the expected
	# order. A 1 MB file with SHA-256 and a Merkle tree block size of 4096 will
	# have 3 Merkle tree blocks (3*4096 bytes): two at level 0 and one at level 1.
	head -c 1000000 /dev/zero > $fsv_file
	merkle_tree_size=$((3 * FSV_BLOCK_SIZE))
	fsverity_descriptor_size=256
	_fsv_enable $fsv_file --salt=abcd
	_require_fsverity_dump_metadata $fsv_file
	_fsv_measure $fsv_file

	echo -e "\n# Dumping Merkle tree"
	_fsv_dump_merkle_tree $fsv_file \| sha256sum

	echo -e "\n# Dumping Merkle tree (in chunks)"
	# The above test may get the whole tree in one read, so also try reading it in
	# chunks.
	for (( i = 0; i < merkle_tree_size; i += 997 )); do
	_fsv_dump_merkle_tree $fsv_file --offset=$i --length=997
	done \| sha256sum

	echo -e "\n# Dumping descriptor"
	# Note that the hash that is printed here should be the same hash that was
	# printed by _fsv_measure above.
	_fsv_dump_descriptor $fsv_file \| sha256sum

	echo -e "\n# Dumping descriptor (in chunks)"
	for (( i = 0; i < fsverity_descriptor_size; i += 13 )); do
	_fsv_dump_descriptor $fsv_file --offset=$i --length=13
	done \| sha256sum

	# success, all done
	status=0
	exit