2 * Copyright (c) 2017-2018, Juniper Networks, Inc.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
14 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
15 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
16 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
17 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
19 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 #include <sys/cdefs.h>
26 __FBSDID("$FreeBSD$");
28 #include "../libsecureboot-priv.h"
32 #include <verify_file.h>
37 main(int argc, char *argv[])
50 printf("Trust %d\n", n);
53 while ((c = getopt(argc, argv, "dp:s:T:V")) != -1) {
65 n = ve_trust_add(optarg);
66 printf("Local trust %s: %d\n", optarg, n);
72 errx(1, "unknown option: -%c", c);
79 for ( ; optind < argc; optind++) {
82 * Simulate what loader does.
83 * verify_file should "just work"
85 fd = open(argv[optind], O_RDONLY);
88 * See if verify_file is happy
92 x = verify_file(fd, argv[optind], 0, VE_GUESS);
93 printf("verify_file(%s) = %d\n", argv[optind], x);
98 #ifdef VE_OPENPGP_SUPPORT
99 if (strstr(argv[optind], "asc")) {
100 cp = (char *)verify_asc(argv[optind], 1);
102 printf("Verified: %s: %.28s...\n",
104 fingerprint_info_add(argv[optind],
105 prefix, Skip, cp, NULL);
107 fprintf(stderr, "%s: %s\n",
108 argv[optind], ve_error_get());
112 if (strstr(argv[optind], "sig")) {
113 cp = (char *)verify_sig(argv[optind], 1);
115 printf("Verified: %s: %.28s...\n",
117 fingerprint_info_add(argv[optind],
118 prefix, Skip, cp, NULL);
120 fprintf(stderr, "%s: %s\n",
121 argv[optind], ve_error_get());
123 } else if (strstr(argv[optind], "manifest")) {
124 cp = (char *)read_file(argv[optind], NULL);
126 fingerprint_info_add(argv[optind],
127 prefix, Skip, cp, NULL);
130 fd = verify_open(argv[optind], O_RDONLY);
131 printf("verify_open(%s) = %d %s\n", argv[optind], fd,
132 (fd < 0) ? ve_error_get() : "");
135 * Check that vectx_* can also verify the file.
144 lseek(fd, 0, SEEK_SET);
145 off = st.st_size % 512;
146 vp = vectx_open(fd, argv[optind], off,
149 printf("vectx_open(%s) failed: %d %s\n",
153 off = vectx_lseek(vp,
154 (st.st_size % 1024), SEEK_SET);
156 if (off < st.st_size) {
157 n = vectx_read(vp, buf,
162 off = vectx_lseek(vp, 0, SEEK_END);
163 /* repeating that should be harmless */
164 off = vectx_lseek(vp, 0, SEEK_END);
165 error = vectx_close(vp);
167 printf("vectx_close(%s) == %d %s\n",
171 printf("vectx_close: Verified: %s\n",