int data_fd, uint64_t n_data,
int entry_fd, uint64_t n_entries,
int entry_array_fd, uint64_t n_entry_arrays,
- usec_t *last_usec) {
+ usec_t *last_usec,
+ bool show_progress) {
uint64_t i, n;
int r;
for (i = 0; i < n; i++) {
uint64_t last = 0, p;
- draw_progress(0xC000 + (0x3FFF * i / n), last_usec);
+ if (show_progress)
+ draw_progress(0xC000 + (0x3FFF * i / n), last_usec);
p = le64toh(f->data_hash_table[i].head_hash_offset);
while (p != 0) {
int data_fd, uint64_t n_data,
int entry_fd, uint64_t n_entries,
int entry_array_fd, uint64_t n_entry_arrays,
- usec_t *last_usec) {
+ usec_t *last_usec,
+ bool show_progress) {
uint64_t i = 0, a, n, last = 0;
int r;
uint64_t next, m, j;
Object *o;
- draw_progress(0x8000 + (0x3FFF * i / n), last_usec);
+ if (show_progress)
+ draw_progress(0x8000 + (0x3FFF * i / n), last_usec);
if (a == 0) {
log_error("Array chain too short at %llu of %llu",
int journal_file_verify(
JournalFile *f,
const char *key,
- usec_t *first_validated, usec_t *last_validated, usec_t *last_contained) {
+ usec_t *first_validated, usec_t *last_validated, usec_t *last_contained,
+ bool show_progress) {
int r;
Object *o;
uint64_t p = 0, last_tag = 0, last_epoch = 0, last_tag_realtime = 0;
p = le64toh(f->header->header_size);
while (p != 0) {
- draw_progress(0x7FFF * p / le64toh(f->header->tail_object_offset), &last_usec);
+ if (show_progress)
+ draw_progress(0x7FFF * p / le64toh(f->header->tail_object_offset), &last_usec);
r = journal_file_move_to_object(f, -1, p, &o);
if (r < 0) {
goto fail;
}
- log_debug("Checking tag %llu..", (unsigned long long) le64toh(o->tag.seqnum));
-
if (le64toh(o->tag.seqnum) != n_tags + 1) {
log_error("Tag sequence number out of synchronization at %llu", (unsigned long long) p);
r = -EBADMSG;
data_fd, n_data,
entry_fd, n_entries,
entry_array_fd, n_entry_arrays,
- &last_usec);
+ &last_usec,
+ show_progress);
if (r < 0)
goto fail;
data_fd, n_data,
entry_fd, n_entries,
entry_array_fd, n_entry_arrays,
- &last_usec);
+ &last_usec,
+ show_progress);
if (r < 0)
goto fail;
- flush_progress();
+ if (show_progress)
+ flush_progress();
mmap_cache_close_fd(f->mmap, data_fd);
mmap_cache_close_fd(f->mmap, entry_fd);
return 0;
fail:
- flush_progress();
+ if (show_progress)
+ flush_progress();
log_error("File corruption detected at %s:%llu (of %llu, %llu%%).",
f->path,
log_warning("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
#endif
- k = journal_file_verify(f, arg_verify_key, &from, &to, &total);
+ k = journal_file_verify(f, arg_verify_key, &from, &to, &total, true);
if (k == -EINVAL) {
/* If the key was invalid give up right-away. */
return k;
char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
log_info("PASS: %s", f->path);
- if (journal_file_fss_enabled(f))
+ if (arg_verify_key && journal_file_fss_enabled(f))
log_info("=> Validated from %s to %s, %s missing",
format_timestamp(a, sizeof(a), from),
format_timestamp(b, sizeof(b), to),
#include "log.h"
#include "journal-file.h"
#include "journal-verify.h"
+#include "journal-authenticate.h"
#define N_ENTRIES 6000
#define RANDOM_RANGE 77
+static void bit_toggle(const char *fn, uint64_t p) {
+ uint8_t b;
+ ssize_t r;
+ int fd;
+
+ fd = open(fn, O_RDWR|O_CLOEXEC);
+ assert(fd >= 0);
+
+ r = pread(fd, &b, 1, p/8);
+ assert(r == 1);
+
+ b ^= 1 << (p % 8);
+
+ r = pwrite(fd, &b, 1, p/8);
+ assert(r == 1);
+
+ close_nointr_nofail(fd);
+}
+
+static int raw_verify(const char *fn, const char *verification_key) {
+ JournalFile *f;
+ int r;
+
+ r = journal_file_open(fn, O_RDONLY, 0666, true, true, NULL, NULL, NULL, &f);
+ if (r < 0)
+ return r;
+
+ r = journal_file_verify(f, verification_key, NULL, NULL, NULL, false);
+ journal_file_close(f);
+
+ return r;
+}
+
int main(int argc, char *argv[]) {
char t[] = "/tmp/journal-XXXXXX";
unsigned n;
JournalFile *f;
const char *verification_key = argv[1];
- usec_t from, to, total;
+ usec_t from = 0, to = 0, total = 0;
char a[FORMAT_TIMESTAMP_MAX];
char b[FORMAT_TIMESTAMP_MAX];
char c[FORMAT_TIMESPAN_MAX];
+ struct stat st;
+ uint64_t p;
log_set_max_level(LOG_DEBUG);
log_info("Verifying...");
- assert_se(journal_file_open("test.journal", O_RDONLY, 0666, false, false, NULL, NULL, NULL, &f) == 0);
-
+ assert_se(journal_file_open("test.journal", O_RDONLY, 0666, true, true, NULL, NULL, NULL, &f) == 0);
journal_file_print_header(f);
- assert_se(journal_file_verify(f, verification_key, &from, &to, &total) >= 0);
-
- log_info("=> Validated from %s to %s, %s missing",
- format_timestamp(a, sizeof(a), from),
- format_timestamp(b, sizeof(b), to),
- format_timespan(c, sizeof(c), total > to ? total - to : 0));
+ assert_se(journal_file_verify(f, verification_key, &from, &to, &total, true) >= 0);
+ if (verification_key && journal_file_fss_enabled(f)) {
+ log_info("=> Validated from %s to %s, %s missing",
+ format_timestamp(a, sizeof(a), from),
+ format_timestamp(b, sizeof(b), to),
+ format_timespan(c, sizeof(c), total > to ? total - to : 0));
+ }
journal_file_close(f);
+ log_info("Toggling bits...");
+
+ assert_se(stat("test.journal", &st) >= 0);
+
+ for (p = 240*8; p < ((uint64_t) st.st_size * 8); p ++) {
+ bit_toggle("test.journal", p);
+
+ log_info("[ %llu+%llu]", (unsigned long long) p / 8, (unsigned long long) p % 8);
+
+ if (raw_verify("test.journal", verification_key) >= 0) {
+ log_notice(ANSI_HIGHLIGHT_RED_ON ">>>> %llu (bit %llu) can be toggled without detection." ANSI_HIGHLIGHT_OFF, (unsigned long long) p / 8, (unsigned long long) p % 8);
+ sleep(1);
+ }
+
+ bit_toggle("test.journal", p);
+ }
+
log_info("Exiting...");
assert_se(rm_rf_dangerous(t, false, true, false) >= 0);
projects / platform / upstream / systemd.git / commitdiff