2 * Copyright (c) 2018, Juniper Networks, Inc.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
14 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
15 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
16 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
17 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
18 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
19 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 #include <sys/cdefs.h>
26 __FBSDID("$FreeBSD$");
29 /* Avoid unwanted userlandish components */
31 #include <sys/errno.h>
35 #include "libsecureboot-priv.h"
39 * @brief api to verify file while reading
41 * This API allows the hash of a file to be computed as it is read.
42 * Key to this is seeking by reading.
44 * On close an indication of the verification result is returned.
48 br_hash_compat_context vec_ctx; /* hash ctx */
49 const br_hash_class *vec_md; /* hash method */
50 const char *vec_path; /* path we are verifying */
51 const char *vec_want; /* hash value we want */
52 off_t vec_off; /* current offset */
53 size_t vec_size; /* size of path */
54 size_t vec_hashsz; /* size of hash */
55 int vec_fd; /* file descriptor */
56 int vec_status; /* verification status */
61 * verify an open file as we read it
63 * If the file has no fingerprint to match, we will still return a
64 * verification context containing little more than the file
65 * descriptor, and an error code in @c error.
77 * pointer to struct stat
81 * @li ENOMEM out of memory
82 * @li VE_FINGERPRINT_NONE no entry found
83 * @li VE_FINGERPRINT_UNKNOWN no fingerprint in entry
85 * @return ctx or NULL on error.
86 * NULL is only returned for non-files or out-of-memory.
89 vectx_open(int fd, const char *path, off_t off, struct stat *stp, int *error)
97 if (fstat(fd, &st) == 0)
101 /* we *should* only get called for files */
102 if (stp && !S_ISREG(stp->st_mode)) {
107 ctx = malloc(sizeof(struct vectx));
111 ctx->vec_path = path;
112 ctx->vec_size = stp->st_size;
114 ctx->vec_want = NULL;
118 cp = fingerprint_info_lookup(fd, path);
120 ctx->vec_status = VE_FINGERPRINT_NONE;
121 ve_error_set("%s: no entry", path);
123 if (strncmp(cp, "no_hash", 7) == 0) {
124 ctx->vec_status = VE_FINGERPRINT_IGNORE;
126 } else if (strncmp(cp, "sha256=", 7) == 0) {
127 ctx->vec_md = &br_sha256_vtable;
128 hashsz = br_sha256_SIZE;
130 #ifdef VE_SHA1_SUPPORT
131 } else if (strncmp(cp, "sha1=", 5) == 0) {
132 ctx->vec_md = &br_sha1_vtable;
133 hashsz = br_sha1_SIZE;
136 #ifdef VE_SHA384_SUPPORT
137 } else if (strncmp(cp, "sha384=", 7) == 0) {
138 ctx->vec_md = &br_sha384_vtable;
139 hashsz = br_sha384_SIZE;
142 #ifdef VE_SHA512_SUPPORT
143 } else if (strncmp(cp, "sha512=", 7) == 0) {
144 ctx->vec_md = &br_sha512_vtable;
145 hashsz = br_sha512_SIZE;
149 ctx->vec_status = VE_FINGERPRINT_UNKNOWN;
150 ve_error_set("%s: no supported fingerprint", path);
153 *error = ctx->vec_status;
154 ctx->vec_hashsz = hashsz;
157 ctx->vec_md->init(&ctx->vec_ctx.vtable);
160 lseek(fd, 0, SEEK_SET);
161 vectx_lseek(ctx, off, SEEK_SET);
166 enomem: /* unlikely */
174 * read bytes from file and update hash
176 * It is critical that all file I/O comes through here.
177 * We keep track of current offset.
186 * @return bytes read or error.
189 vectx_read(struct vectx *ctx, void *buf, size_t nbytes)
191 unsigned char *bp = buf;
195 if (ctx->vec_hashsz == 0) /* nothing to do */
196 return (read(ctx->vec_fd, buf, nbytes));
200 n = read(ctx->vec_fd, &bp[off], nbytes - off);
204 ctx->vec_md->update(&ctx->vec_ctx.vtable, &bp[off], n);
208 } while (n > 0 && off < nbytes);
214 * vectx equivalent of lseek
216 * We do not actually, seek, but call vectx_read
217 * to reach the desired offset.
219 * We do not support seeking backwards.
229 * @return offset or error.
232 vectx_lseek(struct vectx *ctx, off_t off, int whence)
234 unsigned char buf[PAGE_SIZE];
238 if (ctx->vec_hashsz == 0) /* nothing to do */
239 return (lseek(ctx->vec_fd, off, whence));
242 * Try to convert whence to SEEK_SET
243 * but we cannot support seeking backwards!
244 * Nor beyond end of file.
246 if (whence == SEEK_END && off <= 0) {
248 off += ctx->vec_size;
249 } else if (whence == SEEK_CUR && off >= 0) {
253 if (whence != SEEK_SET || off < ctx->vec_off ||
254 (size_t)off > ctx->vec_size) {
255 printf("ERROR: %s: unsupported operation\n", __func__);
260 delta = off - ctx->vec_off;
262 delta = MIN(PAGE_SIZE, delta);
263 n = vectx_read(ctx, buf, delta);
267 } while (ctx->vec_off < off && n > 0);
268 return (ctx->vec_off);
273 * check that hashes match and cleanup
275 * We have finished reading file, compare the hash with what
281 * @return 0 or an error.
284 vectx_close(struct vectx *ctx)
288 if (ctx->vec_hashsz == 0) {
289 rc = ctx->vec_status;
291 rc = ve_check_hash(&ctx->vec_ctx, ctx->vec_md,
292 ctx->vec_path, ctx->vec_want, ctx->vec_hashsz);
295 return ((rc < 0) ? rc : 0);