X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Ftest-journal-verify.c;h=b6677215c053195872be73365d30d8efc1a75538;hp=9a99bcba4b5ef35a787403fa4364d74f0b014cef;hb=feb12d3ed2c7f9132c64773c7c41b9e3a608a814;hpb=3223f44f2312d01113a9c51f898528041cc7bd8d

diff --git a/src/journal/test-journal-verify.c b/src/journal/test-journal-verify.c
index 9a99bcba4..b6677215c 100644
--- a/src/journal/test-journal-verify.c
+++ b/src/journal/test-journal-verify.c
@@ -27,15 +27,55 @@
 #include "log.h"
 #include "journal-file.h"
 #include "journal-verify.h"
+#include "journal-authenticate.h"
 
 #define N_ENTRIES 6000
 #define RANDOM_RANGE 77
 
+static void bit_toggle(const char *fn, uint64_t p) {
+        uint8_t b;
+        ssize_t r;
+        int fd;
+
+        fd = open(fn, O_RDWR|O_CLOEXEC);
+        assert(fd >= 0);
+
+        r = pread(fd, &b, 1, p/8);
+        assert(r == 1);
+
+        b ^= 1 << (p % 8);
+
+        r = pwrite(fd, &b, 1, p/8);
+        assert(r == 1);
+
+        close_nointr_nofail(fd);
+}
+
+static int raw_verify(const char *fn, const char *verification_key) {
+        JournalFile *f;
+        int r;
+
+        r = journal_file_open(fn, O_RDONLY, 0666, true, !!verification_key, NULL, NULL, NULL, &f);
+        if (r < 0)
+                return r;
+
+        r = journal_file_verify(f, verification_key, NULL, NULL, NULL, false);
+        journal_file_close(f);
+
+        return r;
+}
+
 int main(int argc, char *argv[]) {
         char t[] = "/tmp/journal-XXXXXX";
         unsigned n;
         JournalFile *f;
         const char *verification_key = argv[1];
+        usec_t from = 0, to = 0, total = 0;
+        char a[FORMAT_TIMESTAMP_MAX];
+        char b[FORMAT_TIMESTAMP_MAX];
+        char c[FORMAT_TIMESPAN_MAX];
+        struct stat st;
+        uint64_t p;
 
         log_set_max_level(LOG_DEBUG);
 
@@ -67,13 +107,38 @@ int main(int argc, char *argv[]) {
 
         log_info("Verifying...");
 
-        assert_se(journal_file_open("test.journal", O_RDONLY, 0666, false, false, NULL, NULL, NULL, &f) == 0);
+        assert_se(journal_file_open("test.journal", O_RDONLY, 0666, true, !!verification_key, NULL, NULL, NULL, &f) == 0);
+        /* journal_file_print_header(f); */
+        journal_file_dump(f);
+
+        assert_se(journal_file_verify(f, verification_key, &from, &to, &total, true) >= 0);
 
-        journal_file_print_header(f);
+        if (verification_key && JOURNAL_HEADER_SEALED(f->header)) {
+                log_info("=> Validated from %s to %s, %s missing",
+                         format_timestamp(a, sizeof(a), from),
+                         format_timestamp(b, sizeof(b), to),
+                         format_timespan(c, sizeof(c), total > to ? total - to : 0));
+        }
 
-        assert_se(journal_file_verify(f, verification_key) >= 0);
         journal_file_close(f);
 
+        if (verification_key) {
+                log_info("Toggling bits...");
+
+                assert_se(stat("test.journal", &st) >= 0);
+
+                for (p = 38448*8+0; p < ((uint64_t) st.st_size * 8); p ++) {
+                        bit_toggle("test.journal", p);
+
+                        log_info("[ %llu+%llu]", (unsigned long long) p / 8, (unsigned long long) p % 8);
+
+                        if (raw_verify("test.journal", verification_key) >= 0)
+                                log_notice(ANSI_HIGHLIGHT_RED_ON ">>>> %llu (bit %llu) can be toggled without detection." ANSI_HIGHLIGHT_OFF, (unsigned long long) p / 8, (unsigned long long) p % 8);
+
+                        bit_toggle("test.journal", p);
+                }
+        }
+
         log_info("Exiting...");
 
         assert_se(rm_rf_dangerous(t, false, true, false) >= 0);