• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: MIT
2 /*
3  * fs-verity userspace tool
4  *
5  * Copyright 2018 Google LLC
6  *
7  * Use of this source code is governed by an MIT-style
8  * license that can be found in the LICENSE file or at
9  * https://opensource.org/licenses/MIT.
10  */
11 
12 #include "fsverity.h"
13 
14 #include <limits.h>
15 
16 static const struct fsverity_command {
17 	const char *name;
18 	int (*func)(const struct fsverity_command *cmd, int argc, char *argv[]);
19 	const char *short_desc;
20 	const char *usage_str;
21 } fsverity_commands[] = {
22 	{
23 		.name = "digest",
24 		.func = fsverity_cmd_digest,
25 		.short_desc =
26 "Compute the fs-verity digest of the given file(s), for offline signing",
27 		.usage_str =
28 "    fsverity digest FILE...\n"
29 "               [--hash-alg=HASH_ALG] [--block-size=BLOCK_SIZE] [--salt=SALT]\n"
30 "               [--compact] [--for-builtin-sig]\n"
31 #ifndef _WIN32
32 	}, {
33 		.name = "enable",
34 		.func = fsverity_cmd_enable,
35 		.short_desc = "Enable fs-verity on a file",
36 		.usage_str =
37 "    fsverity enable FILE\n"
38 "               [--hash-alg=HASH_ALG] [--block-size=BLOCK_SIZE] [--salt=SALT]\n"
39 "               [--signature=SIGFILE]\n"
40 	}, {
41 		.name = "measure",
42 		.func = fsverity_cmd_measure,
43 		.short_desc =
44 "Display the fs-verity digest of the given verity file(s)",
45 		.usage_str =
46 "    fsverity measure FILE...\n"
47 #endif /* !_WIN32 */
48 	}, {
49 		.name = "sign",
50 		.func = fsverity_cmd_sign,
51 		.short_desc = "Sign a file for fs-verity",
52 		.usage_str =
53 "    fsverity sign FILE OUT_SIGFILE --key=KEYFILE\n"
54 "               [--hash-alg=HASH_ALG] [--block-size=BLOCK_SIZE] [--salt=SALT]\n"
55 "               [--cert=CERTFILE]\n"
56 	}
57 };
58 
show_all_hash_algs(FILE * fp)59 static void show_all_hash_algs(FILE *fp)
60 {
61 	u32 alg_num = 1;
62 	const char *name;
63 
64 	fprintf(fp, "Available hash algorithms:");
65 	while ((name = libfsverity_get_hash_name(alg_num++)) != NULL)
66 		fprintf(fp, " %s", name);
67 	putc('\n', fp);
68 }
69 
usage_all(FILE * fp)70 static void usage_all(FILE *fp)
71 {
72 	int i;
73 
74 	fputs("Usage:\n", fp);
75 	for (i = 0; i < ARRAY_SIZE(fsverity_commands); i++)
76 		fprintf(fp, "  %s:\n%s\n", fsverity_commands[i].short_desc,
77 			fsverity_commands[i].usage_str);
78 	fputs(
79 "  Standard options:\n"
80 "    fsverity --help\n"
81 "    fsverity --version\n"
82 "\n", fp);
83 	show_all_hash_algs(fp);
84 }
85 
usage_cmd(const struct fsverity_command * cmd,FILE * fp)86 static void usage_cmd(const struct fsverity_command *cmd, FILE *fp)
87 {
88 	fprintf(fp, "Usage:\n%s", cmd->usage_str);
89 }
90 
usage(const struct fsverity_command * cmd,FILE * fp)91 void usage(const struct fsverity_command *cmd, FILE *fp)
92 {
93 	if (cmd)
94 		usage_cmd(cmd, fp);
95 	else
96 		usage_all(fp);
97 }
98 
show_version(void)99 static void show_version(void)
100 {
101 	printf("fsverity v%d.%d\n", FSVERITY_UTILS_MAJOR_VERSION,
102 	       FSVERITY_UTILS_MINOR_VERSION);
103 }
104 
handle_common_options(int argc,char * argv[],const struct fsverity_command * cmd)105 static void handle_common_options(int argc, char *argv[],
106 				  const struct fsverity_command *cmd)
107 {
108 	int i;
109 
110 	for (i = 1; i < argc; i++) {
111 		const char *arg = argv[i];
112 
113 		if (*arg++ != '-')
114 			continue;
115 		if (*arg++ != '-')
116 			continue;
117 		if (!strcmp(arg, "help")) {
118 			usage(cmd, stdout);
119 			exit(0);
120 		} else if (!strcmp(arg, "version")) {
121 			show_version();
122 			exit(0);
123 		} else if (!*arg) /* reached "--", no more options */
124 			return;
125 	}
126 }
127 
find_command(const char * name)128 static const struct fsverity_command *find_command(const char *name)
129 {
130 	int i;
131 
132 	for (i = 0; i < ARRAY_SIZE(fsverity_commands); i++)
133 		if (!strcmp(name, fsverity_commands[i].name))
134 			return &fsverity_commands[i];
135 	return NULL;
136 }
137 
parse_hash_alg_option(const char * arg,u32 * alg_ptr)138 static bool parse_hash_alg_option(const char *arg, u32 *alg_ptr)
139 {
140 	char *end;
141 	unsigned long n = strtoul(arg, &end, 10);
142 
143 	if (*alg_ptr != 0) {
144 		error_msg("--hash-alg can only be specified once");
145 		return false;
146 	}
147 
148 	/* Specified by number? */
149 	if (n > 0 && n < INT32_MAX && *end == '\0') {
150 		*alg_ptr = n;
151 		return true;
152 	}
153 
154 	/* Specified by name? */
155 	*alg_ptr = libfsverity_find_hash_alg_by_name(arg);
156 	if (*alg_ptr)
157 		return true;
158 	error_msg("unknown hash algorithm: '%s'", arg);
159 	show_all_hash_algs(stderr);
160 	return false;
161 }
162 
parse_block_size_option(const char * arg,u32 * size_ptr)163 static bool parse_block_size_option(const char *arg, u32 *size_ptr)
164 {
165 	char *end;
166 	unsigned long n = strtoul(arg, &end, 10);
167 
168 	if (*size_ptr != 0) {
169 		error_msg("--block-size can only be specified once");
170 		return false;
171 	}
172 
173 	if (n <= 0 || n >= INT_MAX || !is_power_of_2(n) || *end != '\0') {
174 		error_msg("Invalid block size: %s.  Must be power of 2", arg);
175 		return false;
176 	}
177 	*size_ptr = n;
178 	return true;
179 }
180 
parse_salt_option(const char * arg,u8 ** salt_ptr,u32 * salt_size_ptr)181 static bool parse_salt_option(const char *arg, u8 **salt_ptr,
182 			      u32 *salt_size_ptr)
183 {
184 	if (*salt_ptr != NULL) {
185 		error_msg("--salt can only be specified once");
186 		return false;
187 	}
188 	*salt_size_ptr = strlen(arg) / 2;
189 	*salt_ptr = xmalloc(*salt_size_ptr);
190 	if (!hex2bin(arg, *salt_ptr, *salt_size_ptr)) {
191 		error_msg("salt is not a valid hex string");
192 		return false;
193 	}
194 	return true;
195 }
196 
parse_tree_param(int opt_char,const char * arg,struct libfsverity_merkle_tree_params * params)197 bool parse_tree_param(int opt_char, const char *arg,
198 		      struct libfsverity_merkle_tree_params *params)
199 {
200 	switch (opt_char) {
201 	case OPT_HASH_ALG:
202 		return parse_hash_alg_option(arg, &params->hash_algorithm);
203 	case OPT_BLOCK_SIZE:
204 		return parse_block_size_option(arg, &params->block_size);
205 	case OPT_SALT:
206 		return parse_salt_option(arg, (u8 **)&params->salt,
207 					 &params->salt_size);
208 	default:
209 		ASSERT(0);
210 	}
211 }
212 
destroy_tree_params(struct libfsverity_merkle_tree_params * params)213 void destroy_tree_params(struct libfsverity_merkle_tree_params *params)
214 {
215 	free((u8 *)params->salt);
216 	memset(params, 0, sizeof(*params));
217 }
218 
main(int argc,char * argv[])219 int main(int argc, char *argv[])
220 {
221 	const struct fsverity_command *cmd;
222 
223 	install_libfsverity_error_handler();
224 
225 	if (argc < 2) {
226 		error_msg("no command specified");
227 		usage_all(stderr);
228 		return 2;
229 	}
230 
231 	cmd = find_command(argv[1]);
232 
233 	handle_common_options(argc, argv, cmd);
234 
235 	if (!cmd) {
236 		error_msg("unrecognized command: '%s'", argv[1]);
237 		usage_all(stderr);
238 		return 2;
239 	}
240 	return cmd->func(cmd, argc - 1, argv + 1);
241 }
242