#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright 2019 Google LLC
#
# FS QA Test generic/577
#
# Test the fs-verity built-in signature verification support.
#
. ./common/preamble
_begin_fstest auto quick verity

# Override the default cleanup function.
_cleanup()
{
	cd /
	_restore_fsverity_signatures
	rm -f $tmp.*
}

# Import common functions.
. ./common/filter
. ./common/verity

# real QA test starts here
_supported_fs generic
_require_scratch_verity
_require_fsverity_builtin_signatures

_scratch_mkfs_verity &>> $seqres.full
_scratch_mount

fsv_file=$SCRATCH_MNT/file.fsv
fsv_orig_file=$SCRATCH_MNT/file
keyfile=$tmp.key.pem
certfile=$tmp.cert.pem
certfileder=$tmp.cert.der
sigfile=$tmp.sig
otherfile=$SCRATCH_MNT/otherfile
othersigfile=$tmp.othersig

sign()
{
	_fsv_sign "$@" | _filter_scratch | _filter_fsverity_digest
}

# Setup

echo -e "\n# Generating certificates and private keys"
for suffix in '' '.2'; do
	_fsv_generate_cert $keyfile$suffix $certfile$suffix $certfileder$suffix
done

echo -e "\n# Clearing fs-verity keyring"
_fsv_clear_keyring

echo -e "\n# Loading first certificate into fs-verity keyring"
_fsv_load_cert $certfileder

echo -e "\n# Enabling fs.verity.require_signatures"
_enable_fsverity_signatures

echo -e "\n# Generating file and signing it for fs-verity"
head -c 100000 /dev/zero > $fsv_orig_file
for suffix in '' '.2'; do
	sign $fsv_orig_file $sigfile$suffix --key=$keyfile$suffix \
		--cert=$certfile$suffix
done

echo -e "\n# Signing a different file for fs-verity"
head -c 100000 /dev/zero | tr '\0' 'X' > $otherfile
sign $otherfile $othersigfile --key=$keyfile --cert=$certfile

# Actual tests

reset_fsv_file()
{
	rm -f $fsv_file
	cp $fsv_orig_file $fsv_file
}

echo -e "\n# Enabling verity with valid signature (should succeed)"
reset_fsv_file
_fsv_enable $fsv_file --signature=$sigfile
cmp $fsv_file $fsv_orig_file

echo -e "\n# Enabling verity without signature (should fail)"
reset_fsv_file
_fsv_enable $fsv_file |& _filter_scratch

echo -e "\n# Opening verity file without signature (should fail)"
reset_fsv_file
_disable_fsverity_signatures
_fsv_enable $fsv_file
_enable_fsverity_signatures
_scratch_cycle_mount
md5sum $fsv_file |& _filter_scratch

echo -e "\n# Enabling verity with untrusted signature (should fail)"
reset_fsv_file
_fsv_enable $fsv_file --signature=$sigfile.2 |& _filter_scratch

echo -e "\n# Enabling verity with wrong file's signature (should fail)"
reset_fsv_file
_fsv_enable $fsv_file --signature=$othersigfile |& _filter_scratch

echo -e "\n# Enabling verity with malformed signature (should fail)"
echo foobarbaz > $tmp.malformed_sig
reset_fsv_file
_fsv_enable $fsv_file --signature=$tmp.malformed_sig |& _filter_scratch

echo -e "\n# Testing salt"
reset_fsv_file
sign $fsv_orig_file $sigfile.salted --key=$keyfile --cert=$certfile --salt=abcd
_fsv_enable $fsv_file --signature=$sigfile.salted --salt=abcd
cmp $fsv_file $fsv_orig_file

echo -e "\n# Testing non-default hash algorithm"
if _fsv_can_enable $fsv_file --hash-alg=sha512; then
	reset_fsv_file
	sign $fsv_orig_file $sigfile.sha512 --key=$keyfile --cert=$certfile \
		--hash-alg=sha512 > /dev/null
	_fsv_enable $fsv_file --signature=$sigfile.sha512 --hash-alg=sha512
	cmp $fsv_file $fsv_orig_file
fi

echo -e "\n# Testing empty file"
rm -f $fsv_file
echo -n > $fsv_file
sign $fsv_file $sigfile.emptyfile --key=$keyfile --cert=$certfile
_fsv_enable $fsv_file --signature=$sigfile.emptyfile

# success, all done
status=0
exit