diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-02-22 13:28:56 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-22 13:31:13 -0800 |
commit | fed1cc6d8c90e53bb9819b515d9d5b8bf4ec166e (patch) | |
tree | feb71fbf1f2e64bb0882a35527df1e1e412b7e77 /pkg | |
parent | c5a4e100085ccbd063df36706cccf93951439cb7 (diff) |
Internal change.
PiperOrigin-RevId: 358890980
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/merkletree/merkletree_test.go | 362 |
1 files changed, 53 insertions, 309 deletions
diff --git a/pkg/merkletree/merkletree_test.go b/pkg/merkletree/merkletree_test.go index e3a88b3a3..ed332b3f1 100644 --- a/pkg/merkletree/merkletree_test.go +++ b/pkg/merkletree/merkletree_test.go @@ -159,11 +159,12 @@ func TestLayout(t *testing.T) { } const ( - defaultName = "merkle_test" - defaultMode = 0644 - defaultUID = 0 - defaultGID = 0 - defaultSymlinkPath = "merkle_test_link" + defaultName = "merkle_test" + defaultMode = 0644 + defaultUID = 0 + defaultGID = 0 + defaultSymlinkPath = "merkle_test_link" + defaultHashAlgorithm = linux.FS_VERITY_HASH_ALG_SHA256 ) // bytesReadWriter is used to read from/write to/seek in a byte array. Unlike @@ -433,7 +434,7 @@ func TestVerifyInvalidRange(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, linux.FS_VERITY_HASH_ALG_SHA256, false /* dataAndTreeInSameFile */, false /* isSymlink */, tc.verifyStart, tc.verifySize, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, false /* dataAndTreeInSameFile */, false /* isSymlink */, tc.verifyStart, tc.verifySize, &buf) if _, err := Verify(¶ms); errors.Is(err, nil) { t.Errorf("Verification succeeded when expected to fail") } @@ -441,43 +442,32 @@ func TestVerifyInvalidRange(t *testing.T) { } } -// TODO(b/179422935): Cleanup merkletree verify tests. func TestVerifyUnmodifiedMetadata(t *testing.T) { testCases := []struct { name string - hashAlgorithm int dataAndTreeInSameFile bool isSymlink bool }{ { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, + name: "SeparateFile", dataAndTreeInSameFile: false, isSymlink: true, }, { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, - dataAndTreeInSameFile: false, - isSymlink: false, - }, - { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, + name: "SameFile", dataAndTreeInSameFile: true, isSymlink: false, }, { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SameFileSymlink", dataAndTreeInSameFile: true, - isSymlink: false, + isSymlink: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, tc.isSymlink, 0 /* verifyStart */, 0 /* verifySize */, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, tc.dataAndTreeInSameFile, tc.isSymlink, 0 /* verifyStart */, 0 /* verifySize */, &buf) if tc.isSymlink { params.SymlinkTarget = defaultSymlinkPath } @@ -491,34 +481,21 @@ func TestVerifyUnmodifiedMetadata(t *testing.T) { func TestVerifyModifiedName(t *testing.T) { testCases := []struct { name string - hashAlgorithm int dataAndTreeInSameFile bool }{ { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SeparateFile", dataAndTreeInSameFile: false, }, { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SameFile", dataAndTreeInSameFile: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) params.Name += "abc" if _, err := Verify(¶ms); errors.Is(err, nil) { t.Errorf("Verification succeeded when expected to fail") @@ -530,34 +507,21 @@ func TestVerifyModifiedName(t *testing.T) { func TestVerifyModifiedSize(t *testing.T) { testCases := []struct { name string - hashAlgorithm int dataAndTreeInSameFile bool }{ { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, + name: "SeparateFile", dataAndTreeInSameFile: false, }, { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, - dataAndTreeInSameFile: false, - }, - { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SameFile", dataAndTreeInSameFile: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) params.Size-- if _, err := Verify(¶ms); errors.Is(err, nil) { t.Errorf("Verification succeeded when expected to fail") @@ -569,34 +533,21 @@ func TestVerifyModifiedSize(t *testing.T) { func TestVerifyModifiedMode(t *testing.T) { testCases := []struct { name string - hashAlgorithm int dataAndTreeInSameFile bool }{ { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SeparateFile", dataAndTreeInSameFile: false, }, { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SameFile", dataAndTreeInSameFile: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) params.Mode++ if _, err := Verify(¶ms); errors.Is(err, nil) { t.Errorf("Verification succeeded when expected to fail") @@ -608,34 +559,21 @@ func TestVerifyModifiedMode(t *testing.T) { func TestVerifyModifiedUID(t *testing.T) { testCases := []struct { name string - hashAlgorithm int dataAndTreeInSameFile bool }{ { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SeparateFile", dataAndTreeInSameFile: false, }, { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SameFile", dataAndTreeInSameFile: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) params.UID++ if _, err := Verify(¶ms); errors.Is(err, nil) { t.Errorf("Verification succeeded when expected to fail") @@ -647,34 +585,21 @@ func TestVerifyModifiedUID(t *testing.T) { func TestVerifyModifiedGID(t *testing.T) { testCases := []struct { name string - hashAlgorithm int dataAndTreeInSameFile bool }{ { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, + name: "SeparateFile", dataAndTreeInSameFile: false, }, { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, - dataAndTreeInSameFile: false, - }, - { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SameFile", dataAndTreeInSameFile: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) params.GID++ if _, err := Verify(¶ms); errors.Is(err, nil) { t.Errorf("Verification succeeded when expected to fail") @@ -686,34 +611,21 @@ func TestVerifyModifiedGID(t *testing.T) { func TestVerifyModifiedChildren(t *testing.T) { testCases := []struct { name string - hashAlgorithm int dataAndTreeInSameFile bool }{ { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SeparateFile", dataAndTreeInSameFile: false, }, { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, + name: "SameFile", dataAndTreeInSameFile: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) params.Children["abc"] = struct{}{} if _, err := Verify(¶ms); errors.Is(err, nil) { t.Errorf("Verification succeeded when expected to fail") @@ -723,41 +635,11 @@ func TestVerifyModifiedChildren(t *testing.T) { } func TestVerifyModifiedSymlink(t *testing.T) { - testCases := []struct { - name string - hashAlgorithm int - dataAndTreeInSameFile bool - }{ - { - name: "SHA256SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "SHA512SeparateFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, - dataAndTreeInSameFile: false, - }, - { - name: "SHA256SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "SHA512SameFile", - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, - dataAndTreeInSameFile: true, - }, - } - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - var buf bytes.Buffer - _, params := prepareVerify(t, usermem.PageSize /* dataSize */, tc.hashAlgorithm, tc.dataAndTreeInSameFile, true /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) - params.SymlinkTarget = "merkle_modified_test_link" - if _, err := Verify(¶ms); err == nil { - t.Errorf("Verification succeeded when expected to fail") - } - }) + var buf bytes.Buffer + _, params := prepareVerify(t, usermem.PageSize /* dataSize */, defaultHashAlgorithm, false /* dataAndTreeInSameFile */, true /* isSymlink */, 0 /* verifyStart */, 0 /* verifySize */, &buf) + params.SymlinkTarget = "merkle_modified_test_link" + if _, err := Verify(¶ms); err == nil { + t.Errorf("Verification succeeded when expected to fail") } } @@ -766,55 +648,26 @@ func TestModifyOutsideVerifyRange(t *testing.T) { name string // The byte with index modifyByte is modified. modifyByte int64 - hashAlgorithm int dataAndTreeInSameFile bool }{ { - name: "BeforeRangeSHA256SeparateFile", + name: "BeforeRangeSeparateFile", modifyByte: 4*usermem.PageSize - 1, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, dataAndTreeInSameFile: false, }, { - name: "BeforeRangeSHA512SeparateFile", + name: "BeforeRangeSameFile", modifyByte: 4*usermem.PageSize - 1, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, - dataAndTreeInSameFile: false, - }, - { - name: "BeforeRangeSHA256SameFile", - modifyByte: 4*usermem.PageSize - 1, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, dataAndTreeInSameFile: true, }, { - name: "BeforeRangeSHA512SameFile", - modifyByte: 4*usermem.PageSize - 1, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, - dataAndTreeInSameFile: true, - }, - { - name: "AfterRangeSHA256SeparateFile", - modifyByte: 5 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "AfterRangeSHA512SeparateFile", + name: "AfterRangeSeparateFile", modifyByte: 5 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: false, }, { - name: "AfterRangeSHA256SameFile", - modifyByte: 5 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "AfterRangeSHA256SameFile", + name: "AfterRangeSameFile", modifyByte: 5 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: true, }, } @@ -825,7 +678,7 @@ func TestModifyOutsideVerifyRange(t *testing.T) { verifySize := int64(usermem.PageSize) var buf bytes.Buffer // Modified byte is outside verify range. Verify should succeed. - data, params := prepareVerify(t, dataSize, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, verifyStart, verifySize, &buf) + data, params := prepareVerify(t, dataSize, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, verifyStart, verifySize, &buf) // Flip a bit in data and checks Verify results. data[tc.modifyByte] ^= 1 n, err := Verify(¶ms) @@ -852,215 +705,106 @@ func TestModifyInsideVerifyRange(t *testing.T) { verifySize int64 // The byte with index modifyByte is modified. modifyByte int64 - hashAlgorithm int dataAndTreeInSameFile bool }{ // Test a block-aligned verify range. // Modifying a byte in the verified range should cause verify // to fail. { - name: "BlockAlignedRangeSHA256SeparateFile", + name: "BlockAlignedRangeSeparateFile", verifyStart: 4 * usermem.PageSize, verifySize: usermem.PageSize, modifyByte: 4 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "BlockAlignedRangeSHA512SeparateFile", - verifyStart: 4 * usermem.PageSize, - verifySize: usermem.PageSize, - modifyByte: 4 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: false, }, { - name: "BlockAlignedRangeSHA256SameFile", + name: "BlockAlignedRangeSameFile", verifyStart: 4 * usermem.PageSize, verifySize: usermem.PageSize, modifyByte: 4 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "BlockAlignedRangeSHA512SameFile", - verifyStart: 4 * usermem.PageSize, - verifySize: usermem.PageSize, - modifyByte: 4 * usermem.PageSize, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: true, }, // The tests below use a non-block-aligned verify range. // Modifying a byte at strat of verify range should cause // verify to fail. { - name: "ModifyStartSHA256SeparateFile", + name: "ModifyStartSeparateFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 4*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "ModifyStartSHA512SeparateFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 4*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: false, }, { - name: "ModifyStartSHA256SameFile", + name: "ModifyStartSameFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 4*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "ModifyStartSHA512SameFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 4*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: true, }, // Modifying a byte at the end of verify range should cause // verify to fail. { - name: "ModifyEndSHA256SeparateFile", + name: "ModifyEndSeparateFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 6*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "ModifyEndSHA512SeparateFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 6*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: false, }, { - name: "ModifyEndSHA256SameFile", + name: "ModifyEndSameFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 6*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "ModifyEndSHA512SameFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 6*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: true, }, // Modifying a byte in the middle verified block should cause // verify to fail. { - name: "ModifyMiddleSHA256SeparateFile", + name: "ModifyMiddleSeparateFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 5*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "ModifyMiddleSHA512SeparateFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 5*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: false, }, { - name: "ModifyMiddleSHA256SameFile", + name: "ModifyMiddleSameFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 5*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "ModifyMiddleSHA512SameFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 5*usermem.PageSize + 123, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: true, }, // Modifying a byte in the first block in the verified range // should cause verify to fail, even the modified bit itself is // out of verify range. { - name: "ModifyFirstBlockSHA256SeparateFile", + name: "ModifyFirstBlockSeparateFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 4*usermem.PageSize + 122, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "ModifyFirstBlockSHA512SeparateFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 4*usermem.PageSize + 122, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: false, }, { - name: "ModifyFirstBlockSHA256SameFile", + name: "ModifyFirstBlockSameFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 4*usermem.PageSize + 122, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "ModifyFirstBlockSHA512SameFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 4*usermem.PageSize + 122, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: true, }, // Modifying a byte in the last block in the verified range // should cause verify to fail, even the modified bit itself is // out of verify range. { - name: "ModifyLastBlockSHA256SeparateFile", + name: "ModifyLastBlockSeparateFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 6*usermem.PageSize + 124, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: false, - }, - { - name: "ModifyLastBlockSHA512SeparateFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 6*usermem.PageSize + 124, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: false, }, { - name: "ModifyLastBlockSHA256SameFile", + name: "ModifyLastBlockSameFile", verifyStart: 4*usermem.PageSize + 123, verifySize: 2 * usermem.PageSize, modifyByte: 6*usermem.PageSize + 124, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA256, - dataAndTreeInSameFile: true, - }, - { - name: "ModifyLastBlockSHA512SameFile", - verifyStart: 4*usermem.PageSize + 123, - verifySize: 2 * usermem.PageSize, - modifyByte: 6*usermem.PageSize + 124, - hashAlgorithm: linux.FS_VERITY_HASH_ALG_SHA512, dataAndTreeInSameFile: true, }, } @@ -1068,7 +812,7 @@ func TestModifyInsideVerifyRange(t *testing.T) { t.Run(tc.name, func(t *testing.T) { dataSize := int64(8 * usermem.PageSize) var buf bytes.Buffer - data, params := prepareVerify(t, dataSize, tc.hashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, tc.verifyStart, tc.verifySize, &buf) + data, params := prepareVerify(t, dataSize, defaultHashAlgorithm, tc.dataAndTreeInSameFile, false /* isSymlink */, tc.verifyStart, tc.verifySize, &buf) // Flip a bit in data and checks Verify results. data[tc.modifyByte] ^= 1 if _, err := Verify(¶ms); errors.Is(err, nil) { |