journal: verify hashes only during actual verification, not all the time

diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index ff439f24743ea134c6aee802839ed56d3ae51a0a..efa0910780d0fddf878067cb7d1c50e016521525 100644 (file)
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -319,23 +319,6 @@ static int journal_file_move_to(JournalFile *f, int context, uint64_t offset, ui
         return mmap_cache_get(f->mmap, f->fd, f->prot, context, offset, size, ret);
 }
 
-static bool verify_hash(Object *o) {
-        uint64_t h1, h2;
-
-        assert(o);
-
-        if (o->object.type == OBJECT_DATA && !(o->object.flags & OBJECT_COMPRESSED)) {
-                h1 = le64toh(o->data.hash);
-                h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload));
-        } else if (o->object.type == OBJECT_FIELD) {
-                h1 = le64toh(o->field.hash);
-                h2 = hash64(o->field.payload, le64toh(o->object.size) - offsetof(Object, field.payload));
-        } else
-                return true;
-
-        return h1 == h2;
-}
-
 static uint64_t minimum_header_size(Object *o) {
 
         static uint64_t table[] = {
@@ -394,9 +377,6 @@ int journal_file_move_to_object(JournalFile *f, int type, uint64_t offset, Objec
                 o = (Object*) t;
         }
 
-        if (!verify_hash(o))
-                return -EBADMSG;
-
         *ret = o;
         return 0;
 }

diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
index f3182e876ea1bfef14bd732626cce9d2b25966e8..9318f3df8b82fd586e5cf2c435d1efa0c57cc19a 100644 (file)
--- a/src/journal/journal-verify.c
+++ b/src/journal/journal-verify.c
@@ -29,6 +29,16 @@
 #include "journal-file.h"
 #include "journal-authenticate.h"
 #include "journal-verify.h"
+#include "lookup3.h"
+
+/* FIXME:
+ *
+ * - verify hashes of compressed objects
+ * - follow all chains
+ * - check for unreferenced objects
+ * - verify FSPRG
+ *
+ * */
 
 static int journal_file_object_verify(JournalFile *f, Object *o) {
         assert(f);
@@ -38,7 +48,12 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
          * possible field values. It does not follow any references to
          * other objects. */
 
+        if ((o->object.flags & OBJECT_COMPRESSED) &&
+            o->object.type != OBJECT_DATA)
+                return -EBADMSG;
+
         switch (o->object.type) {
+
         case OBJECT_DATA:
                 if (le64toh(o->data.entry_offset) <= 0 ||
                     le64toh(o->data.n_entries) <= 0)
@@ -46,6 +61,17 @@ static int journal_file_object_verify(JournalFile *f, Object *o) {
 
                 if (le64toh(o->object.size) - offsetof(DataObject, payload) <= 0)
                         return -EBADMSG;
+
+                if (!(o->object.flags & OBJECT_COMPRESSED)) {
+                        uint64_t h1, h2;
+
+                        h1 = le64toh(o->data.hash);
+                        h2 = hash64(o->data.payload, le64toh(o->object.size) - offsetof(Object, data.payload));
+
+                        if (h1 != h2)
+                                return -EBADMSG;
+                }
+
                 break;
 
         case OBJECT_FIELD:
@@ -251,12 +277,6 @@ int journal_file_verify(JournalFile *f, const char *key) {
                         goto fail;
                 }
 
-                r = journal_file_hmac_put_object(f, -1, p);
-                if (r < 0) {
-                        log_error("Failed to calculate HMAC at %llu", (unsigned long long) p);
-                        goto fail;
-                }
-
                 if (o->object.flags & OBJECT_COMPRESSED &&
                     !(le32toh(f->header->incompatible_flags) & HEADER_INCOMPATIBLE_COMPRESSED)) {
                         log_error("Compressed object without compression at %llu", (unsigned long long) p);
@@ -264,10 +284,9 @@ int journal_file_verify(JournalFile *f, const char *key) {
                         goto fail;
                 }
 
-                if (o->object.flags & OBJECT_COMPRESSED &&
-                    o->object.type != OBJECT_DATA) {
-                        log_error("Compressed non-data object at %llu", (unsigned long long) p);
-                        r = -EBADMSG;
+                r = journal_file_hmac_put_object(f, -1, p);
+                if (r < 0) {
+                        log_error("Failed to calculate HMAC at %llu", (unsigned long long) p);
                         goto fail;
                 }