xref: /freebsd/lib/libsecureboot/tests/tvo.c (revision 980bde58344a6b226ed1618e3dcc22271e10cfa3) 
15fff9558SSimon J. Gerraty /*
25fff9558SSimon J. Gerraty  * Copyright (c) 2017-2018, Juniper Networks, Inc.
35fff9558SSimon J. Gerraty  *
45fff9558SSimon J. Gerraty  * Redistribution and use in source and binary forms, with or without
55fff9558SSimon J. Gerraty  * modification, are permitted provided that the following conditions
65fff9558SSimon J. Gerraty  * are met:
75fff9558SSimon J. Gerraty  * 1. Redistributions of source code must retain the above copyright
85fff9558SSimon J. Gerraty  *    notice, this list of conditions and the following disclaimer.
95fff9558SSimon J. Gerraty  * 2. Redistributions in binary form must reproduce the above copyright
105fff9558SSimon J. Gerraty  *    notice, this list of conditions and the following disclaimer in the
115fff9558SSimon J. Gerraty  *    documentation and/or other materials provided with the distribution.
125fff9558SSimon J. Gerraty  *
135fff9558SSimon J. Gerraty  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
145fff9558SSimon J. Gerraty  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
155fff9558SSimon J. Gerraty  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
165fff9558SSimon J. Gerraty  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
175fff9558SSimon J. Gerraty  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
185fff9558SSimon J. Gerraty  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
195fff9558SSimon J. Gerraty  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
205fff9558SSimon J. Gerraty  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
215fff9558SSimon J. Gerraty  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
225fff9558SSimon J. Gerraty  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
235fff9558SSimon J. Gerraty  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
245fff9558SSimon J. Gerraty  */
255fff9558SSimon J. Gerraty #include <sys/cdefs.h>
265fff9558SSimon J. Gerraty __FBSDID("$FreeBSD$");
275fff9558SSimon J. Gerraty 
285fff9558SSimon J. Gerraty #include "../libsecureboot-priv.h"
295fff9558SSimon J. Gerraty 
305fff9558SSimon J. Gerraty #include <unistd.h>
315fff9558SSimon J. Gerraty #include <err.h>
325fff9558SSimon J. Gerraty #include <verify_file.h>
335fff9558SSimon J. Gerraty 
345fff9558SSimon J. Gerraty char *Skip;
355fff9558SSimon J. Gerraty 
365fff9558SSimon J. Gerraty int
375fff9558SSimon J. Gerraty main(int argc, char *argv[])
385fff9558SSimon J. Gerraty {
395fff9558SSimon J. Gerraty 	int n;
405fff9558SSimon J. Gerraty 	int fd;
415fff9558SSimon J. Gerraty 	int c;
425fff9558SSimon J. Gerraty 	int Vflag;
435fff9558SSimon J. Gerraty 	char *cp;
445fff9558SSimon J. Gerraty 	char *prefix;
455fff9558SSimon J. Gerraty 
465fff9558SSimon J. Gerraty 	prefix = NULL;
475fff9558SSimon J. Gerraty 	Skip = NULL;
485fff9558SSimon J. Gerraty 
495fff9558SSimon J. Gerraty 	n = ve_trust_init();
505fff9558SSimon J. Gerraty 	printf("Trust %d\n", n);
515fff9558SSimon J. Gerraty 	Vflag = 0;
525fff9558SSimon J. Gerraty 
535fff9558SSimon J. Gerraty 	while ((c = getopt(argc, argv, "dp:s:T:V")) != -1) {
545fff9558SSimon J. Gerraty 		switch (c) {
555fff9558SSimon J. Gerraty 		case 'd':
565fff9558SSimon J. Gerraty 			DebugVe++;
575fff9558SSimon J. Gerraty 			break;
585fff9558SSimon J. Gerraty 		case 'p':
595fff9558SSimon J. Gerraty 			prefix = optarg;
605fff9558SSimon J. Gerraty 			break;
615fff9558SSimon J. Gerraty 		case 's':
625fff9558SSimon J. Gerraty 			Skip = optarg;
635fff9558SSimon J. Gerraty 			break;
645fff9558SSimon J. Gerraty 		case 'T':
655fff9558SSimon J. Gerraty 			n = ve_trust_add(optarg);
665fff9558SSimon J. Gerraty 			printf("Local trust %s: %d\n", optarg, n);
675fff9558SSimon J. Gerraty 			break;
685fff9558SSimon J. Gerraty 		case 'V':
695fff9558SSimon J. Gerraty 			Vflag = 1;
705fff9558SSimon J. Gerraty 			break;
715fff9558SSimon J. Gerraty 		default:
725fff9558SSimon J. Gerraty 			errx(1, "unknown option: -%c", c);
735fff9558SSimon J. Gerraty 			break;
745fff9558SSimon J. Gerraty 		}
755fff9558SSimon J. Gerraty 	}
765fff9558SSimon J. Gerraty 
77*980bde58SSimon J. Gerraty #ifdef VE_PCR_SUPPORT
78*980bde58SSimon J. Gerraty 	ve_pcr_updating_set(1);
79*980bde58SSimon J. Gerraty #endif
805fff9558SSimon J. Gerraty 	ve_self_tests();
815fff9558SSimon J. Gerraty 
825fff9558SSimon J. Gerraty 	for ( ; optind < argc; optind++) {
835fff9558SSimon J. Gerraty 		if (Vflag) {
845fff9558SSimon J. Gerraty 			/*
855fff9558SSimon J. Gerraty 			 * Simulate what loader does.
865fff9558SSimon J. Gerraty 			 * verify_file should "just work"
875fff9558SSimon J. Gerraty 			 */
885fff9558SSimon J. Gerraty 			fd = open(argv[optind], O_RDONLY);
895fff9558SSimon J. Gerraty 			if (fd > 0) {
905fff9558SSimon J. Gerraty 				/*
915fff9558SSimon J. Gerraty 				 * See if verify_file is happy
925fff9558SSimon J. Gerraty 				 */
935fff9558SSimon J. Gerraty 				int x;
945fff9558SSimon J. Gerraty 
955fff9558SSimon J. Gerraty 				x = verify_file(fd, argv[optind], 0, VE_GUESS);
965fff9558SSimon J. Gerraty 				printf("verify_file(%s) = %d\n", argv[optind], x);
975fff9558SSimon J. Gerraty 				close(fd);
985fff9558SSimon J. Gerraty 			}
995fff9558SSimon J. Gerraty 			continue;
1005fff9558SSimon J. Gerraty 		}
1015fff9558SSimon J. Gerraty #ifdef VE_OPENPGP_SUPPORT
1025fff9558SSimon J. Gerraty 		if (strstr(argv[optind], "asc")) {
1035fff9558SSimon J. Gerraty 			cp = (char *)verify_asc(argv[optind], 1);
1045fff9558SSimon J. Gerraty 			if (cp) {
1055fff9558SSimon J. Gerraty 				printf("Verified: %s: %.28s...\n",
1065fff9558SSimon J. Gerraty 				    argv[optind], cp);
1075fff9558SSimon J. Gerraty 				fingerprint_info_add(argv[optind],
1085fff9558SSimon J. Gerraty 				    prefix, Skip, cp, NULL);
1095fff9558SSimon J. Gerraty 			} else {
1105fff9558SSimon J. Gerraty 				fprintf(stderr, "%s: %s\n",
1115fff9558SSimon J. Gerraty 				    argv[optind], ve_error_get());
1125fff9558SSimon J. Gerraty 			}
1135fff9558SSimon J. Gerraty 		} else
1145fff9558SSimon J. Gerraty #endif
1155fff9558SSimon J. Gerraty 		if (strstr(argv[optind], "sig")) {
1165fff9558SSimon J. Gerraty 			cp = (char *)verify_sig(argv[optind], 1);
1175fff9558SSimon J. Gerraty 			if (cp) {
1185fff9558SSimon J. Gerraty 				printf("Verified: %s: %.28s...\n",
1195fff9558SSimon J. Gerraty 				    argv[optind], cp);
1205fff9558SSimon J. Gerraty 				fingerprint_info_add(argv[optind],
1215fff9558SSimon J. Gerraty 				    prefix, Skip, cp, NULL);
1225fff9558SSimon J. Gerraty 			} else {
1235fff9558SSimon J. Gerraty 				fprintf(stderr, "%s: %s\n",
1245fff9558SSimon J. Gerraty 				    argv[optind], ve_error_get());
1255fff9558SSimon J. Gerraty 			}
1265fff9558SSimon J. Gerraty 		} else if (strstr(argv[optind], "manifest")) {
1275fff9558SSimon J. Gerraty 			cp = (char *)read_file(argv[optind], NULL);
1285fff9558SSimon J. Gerraty 			if (cp) {
1295fff9558SSimon J. Gerraty 				fingerprint_info_add(argv[optind],
1305fff9558SSimon J. Gerraty 				    prefix, Skip, cp, NULL);
1315fff9558SSimon J. Gerraty 			}
1325fff9558SSimon J. Gerraty 		} else {
1335fff9558SSimon J. Gerraty 			fd = verify_open(argv[optind], O_RDONLY);
1345fff9558SSimon J. Gerraty 			printf("verify_open(%s) = %d %s\n", argv[optind], fd,
1355fff9558SSimon J. Gerraty 			    (fd < 0) ? ve_error_get() : "");
1365fff9558SSimon J. Gerraty 			if (fd > 0) {
1375fff9558SSimon J. Gerraty 				/*
1385fff9558SSimon J. Gerraty 				 * Check that vectx_* can also verify the file.
1395fff9558SSimon J. Gerraty 				 */
1405fff9558SSimon J. Gerraty 				void *vp;
1415fff9558SSimon J. Gerraty 				char buf[BUFSIZ];
1425fff9558SSimon J. Gerraty 				struct stat st;
1435fff9558SSimon J. Gerraty 				int error;
1445fff9558SSimon J. Gerraty 				size_t off, n;
1455fff9558SSimon J. Gerraty 
1465fff9558SSimon J. Gerraty 				fstat(fd, &st);
1475fff9558SSimon J. Gerraty 				lseek(fd, 0, SEEK_SET);
1485fff9558SSimon J. Gerraty 				off = st.st_size % 512;
1495fff9558SSimon J. Gerraty 				vp = vectx_open(fd, argv[optind], off,
1505fff9558SSimon J. Gerraty 				    &st, &error);
1515fff9558SSimon J. Gerraty 				if (!vp) {
1525fff9558SSimon J. Gerraty 					printf("vectx_open(%s) failed: %d %s\n",
1535fff9558SSimon J. Gerraty 					    argv[optind], error,
1545fff9558SSimon J. Gerraty 					    ve_error_get());
1555fff9558SSimon J. Gerraty 				} else {
1565fff9558SSimon J. Gerraty 					off = vectx_lseek(vp,
1575fff9558SSimon J. Gerraty 					    (st.st_size % 1024), SEEK_SET);
1585fff9558SSimon J. Gerraty 
1595fff9558SSimon J. Gerraty 					if (off < st.st_size) {
1605fff9558SSimon J. Gerraty 						n = vectx_read(vp, buf,
1615fff9558SSimon J. Gerraty 						    sizeof(buf));
1625fff9558SSimon J. Gerraty 						if (n > 0)
1635fff9558SSimon J. Gerraty 							off += n;
1645fff9558SSimon J. Gerraty 					}
1655fff9558SSimon J. Gerraty 					off = vectx_lseek(vp, 0, SEEK_END);
1665fff9558SSimon J. Gerraty 					/* repeating that should be harmless */
1675fff9558SSimon J. Gerraty 					off = vectx_lseek(vp, 0, SEEK_END);
1685fff9558SSimon J. Gerraty 					error = vectx_close(vp);
1695fff9558SSimon J. Gerraty 					if (error) {
1705fff9558SSimon J. Gerraty 						printf("vectx_close(%s) == %d %s\n",
1715fff9558SSimon J. Gerraty 						    argv[optind], error,
1725fff9558SSimon J. Gerraty 						    ve_error_get());
1735fff9558SSimon J. Gerraty 					} else {
1745fff9558SSimon J. Gerraty 						printf("vectx_close: Verified: %s\n",
1755fff9558SSimon J. Gerraty 						    argv[optind]);
1765fff9558SSimon J. Gerraty 					}
1775fff9558SSimon J. Gerraty 				}
1785fff9558SSimon J. Gerraty 				close(fd);
1795fff9558SSimon J. Gerraty 			}
1805fff9558SSimon J. Gerraty 		}
1815fff9558SSimon J. Gerraty 	}
182*980bde58SSimon J. Gerraty #ifdef VE_PCR_SUPPORT
183*980bde58SSimon J. Gerraty 	verify_pcr_export();
184*980bde58SSimon J. Gerraty 	printf("pcr=%s\n", getenv("loader.ve.pcr"));
185*980bde58SSimon J. Gerraty #endif
1865fff9558SSimon J. Gerraty 	return (0);
1875fff9558SSimon J. Gerraty }
1885fff9558SSimon J. Gerraty 
189