#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (c) 2022 Meta, Inc.  All Rights Reserved.
#
# FS QA Test 277
#
# Test sendstreams involving fs-verity enabled files.
#
. ./common/preamble
_begin_fstest auto quick verity send

# Override the default cleanup function.
_cleanup()
{
	cd /
	_restore_fsverity_signatures
	rm -r -f $tmp.*
}

. ./common/filter
. ./common/verity

_supported_fs btrfs
_require_scratch_verity
_require_fsverity_builtin_signatures
_require_command "$SETCAP_PROG" setcap
_require_command "$GETCAP_PROG" getcap
_require_btrfs_send_version 3

subv=$SCRATCH_MNT/subv
fsv_file=$subv/file.fsv
keyfile=$tmp.key.pem
certfile=$tmp.cert.pem
certfileder=$tmp.cert.der
sigfile=$tmp.sig
stream=$tmp.fsv.ss

_test_send_verity() {
	local sig=$1
	local salt=$2
	local extra_args=""

	_scratch_mkfs >> $seqres.full
	_scratch_mount
	echo -e "\nverity send/recv test: sig: $sig salt: $salt"
	_disable_fsverity_signatures

	echo "create subvolume"
	$BTRFS_UTIL_PROG subvolume create $subv >> $seqres.full
	echo "create file"
	$XFS_IO_PROG -fc "pwrite -q -S 0x58 0 12288" $fsv_file
	if $salt; then
		extra_args+=" --salt=deadbeef"
	fi
	if $sig; then
		echo "generate keys and cert"
		_fsv_generate_cert $keyfile $certfile $certfileder
		echo "clear keyring"
		_fsv_clear_keyring
		echo "load cert into keyring"
		_fsv_load_cert $certfileder
		echo "require signatures"
		_enable_fsverity_signatures
		echo "sign file digest"
		_fsv_sign $fsv_file $sigfile --key=$keyfile --cert=$certfile \
			$extra_args | _filter_scratch >> $seqres.full
		extra_args+=" --signature=$sigfile"
	fi
	echo "enable verity"
	_fsv_enable $fsv_file $extra_args
	cat $fsv_file > $tmp.file-before
	_fsv_measure $fsv_file > $tmp.digest-before

	# ensure send plays nice with other properties that are set when
	# finishing the file during send, like chmod and capabilities.
	echo "modify other properties"
	chmod a+x $fsv_file
	$SETCAP_PROG "cap_sys_ptrace+ep cap_sys_nice+ep" $fsv_file
	$GETCAP_PROG $fsv_file > $tmp.cap-before

	echo "set subvolume read only"
	$BTRFS_UTIL_PROG property set $subv ro true
	echo "send subvolume"
	$BTRFS_UTIL_PROG send $subv -f $stream -q --proto=3 >> $seqres.full

	echo "blow away fs"
	_scratch_unmount
	_scratch_mkfs >> $seqres.full
	_scratch_mount

	echo "receive sendstream"
	$BTRFS_UTIL_PROG receive $SCRATCH_MNT -f $stream -q >> $seqres.full

	echo "check received subvolume..."
	_scratch_cycle_mount
	_fsv_measure $fsv_file > $tmp.digest-after
	$GETCAP_PROG $fsv_file > $tmp.cap-after
	diff $tmp.file-before $fsv_file
	diff $tmp.digest-before $tmp.digest-after
	diff $tmp.cap-before $tmp.cap-after
	_scratch_unmount
	echo OK
}

_test_send_verity false false # no sig; no salt
_test_send_verity false true # no sig; salt
_test_send_verity true false # sig; no salt
_test_send_verity true true # sig; salt

# success, all done
status=0
exit