verifier-cli: the `verify` command ignores errors

This is probably a larger error handling problembut this is a good place to start. If a `humility hiffy` call fails the `verify` command will just carry on and then probably fail at some later step that depended on the earlier one. An example w/ verbose output looks like:

```shell
$ cat verify-sprot.log 
[INFO  verifier_cli] getting Nonce from platform RNG
[INFO  verifier_cli] writing nonce to: /tmp/.tmp2au1H6/nonce.bin
[INFO  verifier_cli] getting attestation
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.attest_len"
[DEBUG verifier_cli] output: 0x41
[DEBUG verifier_cli] prefix stripped: "41"
[DEBUG verifier_cli] output u32: 65
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.attest" "--num=65" "--output=/tmp/.tmp2fAje8" "--input=/tmp/.tmpoVBPZU"
[DEBUG verifier_cli] output: SpRot.attest() => Err(<Complex error: AttestOrSprotError>)
    Wrote 65 bytes to '/tmp/.tmp2fAje8'
    
[INFO  verifier_cli] writing attestation to: /tmp/.tmp2au1H6/attest.bin
[INFO  verifier_cli] getting measurement log
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.log_len"
[DEBUG verifier_cli] output: 0x214
[DEBUG verifier_cli] prefix stripped: "214"
[DEBUG verifier_cli] output u32: 532
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.log" "--num=256" "--output=/tmp/.tmpKZQAZs" "--arguments" "offset=0"
[DEBUG verifier_cli] output: SpRot.log() => ()
    Wrote 256 bytes to '/tmp/.tmpKZQAZs'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.log" "--num=256" "--output=/tmp/.tmpuFiKCL" "--arguments" "offset=256"
[DEBUG verifier_cli] output: SpRot.log() => ()
    Wrote 256 bytes to '/tmp/.tmpuFiKCL'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.log" "--num=20" "--output=/tmp/.tmpT94Mur" "--arguments" "offset=512"
[DEBUG verifier_cli] output: SpRot.log() => ()
    Wrote 20 bytes to '/tmp/.tmpT94Mur'
    
[INFO  verifier_cli] writing measurement log to: /tmp/.tmp2au1H6/log.bin
[INFO  verifier_cli] getting cert chain
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.cert_chain_len"
[DEBUG verifier_cli] output: 0x4
[DEBUG verifier_cli] prefix stripped: "4"
[DEBUG verifier_cli] output u32: 4
[INFO  verifier_cli] getting cert[0] encoded as pem
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.cert_len" "--arguments=index=0"
[DEBUG verifier_cli] output: 0x1b0
[DEBUG verifier_cli] prefix stripped: "1b0"
[DEBUG verifier_cli] output u32: 432
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=256" "--output=/tmp/.tmp5W9cbf" "--arguments" "index=0,offset=0"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 256 bytes to '/tmp/.tmp5W9cbf'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=176" "--output=/tmp/.tmpDW0XlJ" "--arguments" "index=0,offset=256"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 176 bytes to '/tmp/.tmpDW0XlJ'
    
[INFO  verifier_cli] writing alias cert to: /tmp/.tmp2au1H6/alias.pem
[INFO  verifier_cli] writing cert[0] to: /tmp/.tmp2au1H6/cert-chain.pem
[INFO  verifier_cli] getting cert[1] encoded as pem
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.cert_len" "--arguments=index=1"
[DEBUG verifier_cli] output: 0x197
[DEBUG verifier_cli] prefix stripped: "197"
[DEBUG verifier_cli] output u32: 407
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=256" "--output=/tmp/.tmpJxkVOP" "--arguments" "index=1,offset=0"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 256 bytes to '/tmp/.tmpJxkVOP'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=151" "--output=/tmp/.tmp4FIo4V" "--arguments" "index=1,offset=256"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 151 bytes to '/tmp/.tmp4FIo4V'
    
[INFO  verifier_cli] writing cert[1] to: /tmp/.tmp2au1H6/cert-chain.pem
[INFO  verifier_cli] getting cert[2] encoded as pem
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.cert_len" "--arguments=index=2"
[DEBUG verifier_cli] output: 0x252
[DEBUG verifier_cli] prefix stripped: "252"
[DEBUG verifier_cli] output u32: 594
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=256" "--output=/tmp/.tmprT1fu9" "--arguments" "index=2,offset=0"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 256 bytes to '/tmp/.tmprT1fu9'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=256" "--output=/tmp/.tmpk3wtgQ" "--arguments" "index=2,offset=256"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 256 bytes to '/tmp/.tmpk3wtgQ'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=82" "--output=/tmp/.tmpF2EXEa" "--arguments" "index=2,offset=512"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 82 bytes to '/tmp/.tmpF2EXEa'
    
[INFO  verifier_cli] writing cert[2] to: /tmp/.tmp2au1H6/cert-chain.pem
[INFO  verifier_cli] getting cert[3] encoded as pem
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.cert_len" "--arguments=index=3"
[DEBUG verifier_cli] output: 0x285
[DEBUG verifier_cli] prefix stripped: "285"
[DEBUG verifier_cli] output u32: 645
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=256" "--output=/tmp/.tmpqR69G3" "--arguments" "index=3,offset=0"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 256 bytes to '/tmp/.tmpqR69G3'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=256" "--output=/tmp/.tmppBys5V" "--arguments" "index=3,offset=256"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 256 bytes to '/tmp/.tmppBys5V'
    
[DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=SpRot.cert" "--num=133" "--output=/tmp/.tmpNeHZrr" "--arguments" "index=3,offset=512"
[DEBUG verifier_cli] output: SpRot.cert() => ()
    Wrote 133 bytes to '/tmp/.tmpNeHZrr'
    
[INFO  verifier_cli] writing cert[3] to: /tmp/.tmp2au1H6/cert-chain.pem
[INFO  verifier_cli] verifying attestation
[DEBUG verifier_cli] decoded pem w/ label: "CERTIFICATE"
Error: signature error: Verification equation was not satisfied

Caused by:
    Verification equation was not satisfied
```

The first thing `verify` does is get an attestation through sprot and that failed. So `humility` writes an empty buffer as the output. This isn't used again till we attempt to verify the signature over the attestation and it fails. The initial failure should be reported and a non-zero exit code returned.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

verifier-cli: the `verify` command ignores errors #214

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

verifier-cli: the verify command ignores errors #214

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

verifier-cli: the `verify` command ignores errors #214