1*b13c0e40SEric Biggers // SPDX-License-Identifier: MIT
2*b13c0e40SEric Biggers /*
3*b13c0e40SEric Biggers * The 'fsverity measure' command
4*b13c0e40SEric Biggers *
5*b13c0e40SEric Biggers * Copyright 2018 Google LLC
6*b13c0e40SEric Biggers *
7*b13c0e40SEric Biggers * Use of this source code is governed by an MIT-style
8*b13c0e40SEric Biggers * license that can be found in the LICENSE file or at
9*b13c0e40SEric Biggers * https://opensource.org/licenses/MIT.
10*b13c0e40SEric Biggers */
11*b13c0e40SEric Biggers
12*b13c0e40SEric Biggers #include "fsverity.h"
13*b13c0e40SEric Biggers
14*b13c0e40SEric Biggers #include <fcntl.h>
15*b13c0e40SEric Biggers #include <getopt.h>
16*b13c0e40SEric Biggers #include <sys/ioctl.h>
17*b13c0e40SEric Biggers
18*b13c0e40SEric Biggers static const struct option longopts[] = {
19*b13c0e40SEric Biggers {NULL, 0, NULL, 0}
20*b13c0e40SEric Biggers };
21*b13c0e40SEric Biggers
22*b13c0e40SEric Biggers /* Display the fs-verity digest of the given verity file(s). */
fsverity_cmd_measure(const struct fsverity_command * cmd,int argc,char * argv[])23*b13c0e40SEric Biggers int fsverity_cmd_measure(const struct fsverity_command *cmd,
24*b13c0e40SEric Biggers int argc, char *argv[])
25*b13c0e40SEric Biggers {
26*b13c0e40SEric Biggers struct fsverity_digest *d = NULL;
27*b13c0e40SEric Biggers struct filedes file;
28*b13c0e40SEric Biggers char digest_hex[FS_VERITY_MAX_DIGEST_SIZE * 2 + 1];
29*b13c0e40SEric Biggers char _hash_alg_name[32];
30*b13c0e40SEric Biggers const char *hash_alg_name;
31*b13c0e40SEric Biggers int status;
32*b13c0e40SEric Biggers int i;
33*b13c0e40SEric Biggers
34*b13c0e40SEric Biggers /*
35*b13c0e40SEric Biggers * No supported options, but run getopt_long() with an empty longopts
36*b13c0e40SEric Biggers * array so that any options are rejected and "--" works as expected.
37*b13c0e40SEric Biggers */
38*b13c0e40SEric Biggers if (getopt_long(argc, argv, "", longopts, NULL) != -1)
39*b13c0e40SEric Biggers goto out_usage;
40*b13c0e40SEric Biggers
41*b13c0e40SEric Biggers argv += optind;
42*b13c0e40SEric Biggers argc -= optind;
43*b13c0e40SEric Biggers
44*b13c0e40SEric Biggers if (argc < 1)
45*b13c0e40SEric Biggers goto out_usage;
46*b13c0e40SEric Biggers
47*b13c0e40SEric Biggers d = xzalloc(sizeof(*d) + FS_VERITY_MAX_DIGEST_SIZE);
48*b13c0e40SEric Biggers
49*b13c0e40SEric Biggers for (i = 0; i < argc; i++) {
50*b13c0e40SEric Biggers d->digest_size = FS_VERITY_MAX_DIGEST_SIZE;
51*b13c0e40SEric Biggers
52*b13c0e40SEric Biggers if (!open_file(&file, argv[i], O_RDONLY, 0))
53*b13c0e40SEric Biggers goto out_err;
54*b13c0e40SEric Biggers if (ioctl(file.fd, FS_IOC_MEASURE_VERITY, d) != 0) {
55*b13c0e40SEric Biggers error_msg_errno("FS_IOC_MEASURE_VERITY failed on '%s'",
56*b13c0e40SEric Biggers file.name);
57*b13c0e40SEric Biggers filedes_close(&file);
58*b13c0e40SEric Biggers goto out_err;
59*b13c0e40SEric Biggers }
60*b13c0e40SEric Biggers filedes_close(&file);
61*b13c0e40SEric Biggers
62*b13c0e40SEric Biggers ASSERT(d->digest_size <= FS_VERITY_MAX_DIGEST_SIZE);
63*b13c0e40SEric Biggers bin2hex(d->digest, d->digest_size, digest_hex);
64*b13c0e40SEric Biggers hash_alg_name = libfsverity_get_hash_name(d->digest_algorithm);
65*b13c0e40SEric Biggers if (!hash_alg_name) {
66*b13c0e40SEric Biggers sprintf(_hash_alg_name, "ALG_%u", d->digest_algorithm);
67*b13c0e40SEric Biggers hash_alg_name = _hash_alg_name;
68*b13c0e40SEric Biggers }
69*b13c0e40SEric Biggers printf("%s:%s %s\n", hash_alg_name, digest_hex, argv[i]);
70*b13c0e40SEric Biggers }
71*b13c0e40SEric Biggers status = 0;
72*b13c0e40SEric Biggers out:
73*b13c0e40SEric Biggers free(d);
74*b13c0e40SEric Biggers return status;
75*b13c0e40SEric Biggers
76*b13c0e40SEric Biggers out_err:
77*b13c0e40SEric Biggers status = 1;
78*b13c0e40SEric Biggers goto out;
79*b13c0e40SEric Biggers
80*b13c0e40SEric Biggers out_usage:
81*b13c0e40SEric Biggers usage(cmd, stderr);
82*b13c0e40SEric Biggers status = 2;
83*b13c0e40SEric Biggers goto out;
84*b13c0e40SEric Biggers }
85