Files
third_party_fsverity-utils/programs/fsverity.c
T
Eric Biggers 5cd90ca608 Introduce libfsverity
From the 'fsverity' program, split out a library 'libfsverity'.
Currently it supports computing file measurements ("digests"), and
signing those file measurements for use with the fs-verity builtin
signature verification feature.

Rewritten from patches by Jes Sorensen <jsorensen@fb.com>.
I made a lot of improvements, e.g.:

- Separated library and program source into different directories.
- Drastically improved the Makefile.
- Added 'make check' target and rules to build test programs.
- In the shared lib, only export the functions intended to be public.
- Prefixed global functions with "libfsverity_" so that they don't cause
  conflicts when the library is built as a static library.
- Made library error messages be sent to a user-specified callback
  rather than always be printed to stderr.
- Keep showing OpenSSL error messages.
- Stopped abort()ing in library code, when possible.
- Made libfsverity_digest use native endianness.
- Moved file_size into the merkle_tree_params.
- Made libfsverity_get_hash_name() just return the static strings.
- Made some variables in the API uint32_t instead of uint16_t.
- Shared parse_hash_alg_option() between cmd_enable and cmd_sign.
- Lots of other fixes.

(Folded in a couple Makefile fixes from Jes.)

Reviewed-by: Jes Sorensen <jsorensen@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-05-25 13:45:31 -07:00

233 lines
5.1 KiB
C

// SPDX-License-Identifier: GPL-2.0-or-later
/*
* fs-verity userspace tool
*
* Copyright 2018 Google LLC
*/
#include "fsverity.h"
#include <limits.h>
#include <unistd.h>
static const struct fsverity_command {
const char *name;
int (*func)(const struct fsverity_command *cmd, int argc, char *argv[]);
const char *short_desc;
const char *usage_str;
} fsverity_commands[] = {
{
.name = "enable",
.func = fsverity_cmd_enable,
.short_desc = "Enable fs-verity on a file",
.usage_str =
" fsverity enable FILE\n"
" [--hash-alg=HASH_ALG] [--block-size=BLOCK_SIZE] [--salt=SALT]\n"
" [--signature=SIGFILE]\n"
}, {
.name = "measure",
.func = fsverity_cmd_measure,
.short_desc =
"Display the measurement of the given verity file(s)",
.usage_str =
" fsverity measure FILE...\n"
}, {
.name = "sign",
.func = fsverity_cmd_sign,
.short_desc = "Sign a file for fs-verity",
.usage_str =
" fsverity sign FILE OUT_SIGFILE --key=KEYFILE\n"
" [--hash-alg=HASH_ALG] [--block-size=BLOCK_SIZE] [--salt=SALT]\n"
" [--cert=CERTFILE]\n"
}
};
static void show_all_hash_algs(FILE *fp)
{
u32 alg_num = 1;
const char *name;
fprintf(fp, "Available hash algorithms:");
while ((name = libfsverity_get_hash_name(alg_num++)) != NULL)
fprintf(fp, " %s", name);
putc('\n', fp);
}
static void usage_all(FILE *fp)
{
int i;
fputs("Usage:\n", fp);
for (i = 0; i < ARRAY_SIZE(fsverity_commands); i++)
fprintf(fp, " %s:\n%s\n", fsverity_commands[i].short_desc,
fsverity_commands[i].usage_str);
fputs(
" Standard options:\n"
" fsverity --help\n"
" fsverity --version\n"
"\n", fp);
show_all_hash_algs(fp);
}
static void usage_cmd(const struct fsverity_command *cmd, FILE *fp)
{
fprintf(fp, "Usage:\n%s", cmd->usage_str);
}
void usage(const struct fsverity_command *cmd, FILE *fp)
{
if (cmd)
usage_cmd(cmd, fp);
else
usage_all(fp);
}
#define PACKAGE_VERSION "v1.0"
#define PACKAGE_BUGREPORT "linux-fscrypt@vger.kernel.org"
static void show_version(void)
{
static const char * const str =
"fsverity " PACKAGE_VERSION "\n"
"Copyright 2018 Google LLC\n"
"License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>.\n"
"This is free software: you are free to change and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n"
"\n"
"Report bugs to " PACKAGE_BUGREPORT ".\n";
fputs(str, stdout);
}
static void handle_common_options(int argc, char *argv[],
const struct fsverity_command *cmd)
{
int i;
for (i = 1; i < argc; i++) {
const char *arg = argv[i];
if (*arg++ != '-')
continue;
if (*arg++ != '-')
continue;
if (!strcmp(arg, "help")) {
usage(cmd, stdout);
exit(0);
} else if (!strcmp(arg, "version")) {
show_version();
exit(0);
} else if (!*arg) /* reached "--", no more options */
return;
}
}
static const struct fsverity_command *find_command(const char *name)
{
int i;
for (i = 0; i < ARRAY_SIZE(fsverity_commands); i++)
if (!strcmp(name, fsverity_commands[i].name))
return &fsverity_commands[i];
return NULL;
}
bool parse_hash_alg_option(const char *arg, u32 *alg_ptr)
{
char *end;
unsigned long n = strtoul(arg, &end, 10);
if (*alg_ptr != 0) {
error_msg("--hash-alg can only be specified once");
return false;
}
/* Specified by number? */
if (n > 0 && n < INT32_MAX && *end == '\0') {
*alg_ptr = n;
return true;
}
/* Specified by name? */
*alg_ptr = libfsverity_find_hash_alg_by_name(arg);
if (*alg_ptr)
return true;
error_msg("unknown hash algorithm: '%s'", arg);
show_all_hash_algs(stderr);
return false;
}
bool parse_block_size_option(const char *arg, u32 *size_ptr)
{
char *end;
unsigned long n = strtoul(arg, &end, 10);
if (*size_ptr != 0) {
error_msg("--block-size can only be specified once");
return false;
}
if (n <= 0 || n >= INT_MAX || !is_power_of_2(n) || *end != '\0') {
error_msg("Invalid block size: %s. Must be power of 2", arg);
return false;
}
*size_ptr = n;
return true;
}
bool parse_salt_option(const char *arg, u8 **salt_ptr, u32 *salt_size_ptr)
{
if (*salt_ptr != NULL) {
error_msg("--salt can only be specified once");
return false;
}
*salt_size_ptr = strlen(arg) / 2;
*salt_ptr = xmalloc(*salt_size_ptr);
if (!hex2bin(arg, *salt_ptr, *salt_size_ptr)) {
error_msg("salt is not a valid hex string");
return false;
}
return true;
}
u32 get_default_block_size(void)
{
long n = sysconf(_SC_PAGESIZE);
if (n <= 0 || n >= INT_MAX || !is_power_of_2(n)) {
fprintf(stderr,
"Warning: invalid _SC_PAGESIZE (%ld). Assuming 4K blocks.\n",
n);
return 4096;
}
return n;
}
static void print_libfsverity_error(const char *msg)
{
error_msg("%s", msg);
}
int main(int argc, char *argv[])
{
const struct fsverity_command *cmd;
libfsverity_set_error_callback(print_libfsverity_error);
if (argc < 2) {
error_msg("no command specified");
usage_all(stderr);
return 2;
}
cmd = find_command(argv[1]);
handle_common_options(argc, argv, cmd);
if (!cmd) {
error_msg("unrecognized command: '%s'", argv[1]);
usage_all(stderr);
return 2;
}
return cmd->func(cmd, argc - 1, argv + 1);
}