Blame - util/fipstools/inject-hash.go - boringssl.googlesource.com/boringssl

blob: 688024d105a55178c084a4ccb58349edb57eaf8e [file] [log] [blame]

Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	1	// Copyright (c) 2017, Google Inc.
				2	//
				3	// Permission to use, copy, modify, and/or distribute this software for any
				4	// purpose with or without fee is hereby granted, provided that the above
				5	// copyright notice and this permission notice appear in all copies.
				6	//
				7	// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
				8	// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
				9	// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
				10	// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
				11	// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
				12	// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
				13	// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
				14
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	15	// inject-hash parses an archive containing a file object file. It finds a FIPS
				16	// module inside that object, calculates its hash and replaces the default hash
				17	// value in the object with the calculated value.
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	18	package main
				19
				20	import (
				21	"bytes"
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	22	"crypto/hmac"
Adam Langley	4c7b3bf	2017-05-08 12:42:15 -0700	[diff] [blame]	23	"crypto/sha512"
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	24	"debug/elf"
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	25	"errors"
				26	"flag"
				27	"fmt"
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	28	"io"
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	29	"io/ioutil"
				30	"os"
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	31	)
				32
Adam Langley	c86a230	2017-04-14 16:08:55 -0700	[diff] [blame]	33	func do(outPath, oInput string, arInput string) error {
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	34	var objectBytes []byte
Adam Langley	c86a230	2017-04-14 16:08:55 -0700	[diff] [blame]	35	if len(arInput) > 0 {
				36	if len(oInput) > 0 {
				37	return fmt.Errorf("-in-archive and -in-object are mutually exclusive")
				38	}
				39
				40	arFile, err := os.Open(arInput)
				41	if err != nil {
				42	return err
				43	}
				44	defer arFile.Close()
				45
				46	ar, err := ParseAR(arFile)
				47	if err != nil {
				48	return err
				49	}
				50
				51	if len(ar) != 1 {
				52	return fmt.Errorf("expected one file in archive, but found %d", len(ar))
				53	}
				54
				55	for _, contents := range ar {
				56	objectBytes = contents
				57	}
				58	} else if len(oInput) > 0 {
				59	var err error
				60	if objectBytes, err = ioutil.ReadFile(oInput); err != nil {
				61	return err
				62	}
				63	} else {
				64	return fmt.Errorf("exactly one of -in-archive or -in-object is required")
Adam Langley	323f1eb	2017-04-06 17:29:10 -0700	[diff] [blame]	65	}
				66
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	67	object, err := elf.NewFile(bytes.NewReader(objectBytes))
				68	if err != nil {
				69	return errors.New("failed to parse object: " + err.Error())
				70	}
				71
				72	// Find the .text section.
				73
				74	var textSection *elf.Section
				75	var textSectionIndex elf.SectionIndex
				76	for i, section := range object.Sections {
				77	if section.Name == ".text" {
				78	textSectionIndex = elf.SectionIndex(i)
				79	textSection = section
				80	break
				81	}
				82	}
				83
				84	if textSection == nil {
				85	return errors.New("failed to find .text section in object")
				86	}
				87
				88	// Find the starting and ending symbols for the module.
				89
				90	var startSeen, endSeen bool
				91	var start, end uint64
				92
				93	symbols, err := object.Symbols()
				94	if err != nil {
				95	return errors.New("failed to parse symbols: " + err.Error())
				96	}
				97
				98	for _, symbol := range symbols {
				99	if symbol.Section != textSectionIndex {
				100	continue
				101	}
				102
				103	switch symbol.Name {
				104	case "BORINGSSL_bcm_text_start":
				105	if startSeen {
				106	return errors.New("duplicate start symbol found")
				107	}
				108	startSeen = true
				109	start = symbol.Value
				110	case "BORINGSSL_bcm_text_end":
				111	if endSeen {
				112	return errors.New("duplicate end symbol found")
				113	}
				114	endSeen = true
				115	end = symbol.Value
				116	default:
				117	continue
				118	}
				119	}
				120
				121	if !startSeen \|\| !endSeen {
				122	return errors.New("could not find module boundaries in object")
				123	}
				124
				125	if max := textSection.Size; start > max \|\| start > end \|\| end > max {
				126	return fmt.Errorf("invalid module boundaries: start: %x, end: %x, max: %x", start, end, max)
				127	}
				128
				129	// Extract the module from the .text section and hash it.
				130
				131	text := textSection.Open()
				132	if _, err := text.Seek(int64(start), 0); err != nil {
				133	return errors.New("failed to seek to module start in .text: " + err.Error())
				134	}
				135	moduleText := make([]byte, end-start)
				136	if _, err := io.ReadFull(text, moduleText); err != nil {
				137	return errors.New("failed to read .text: " + err.Error())
				138	}
				139
Adam Langley	4c7b3bf	2017-05-08 12:42:15 -0700	[diff] [blame]	140	var zeroKey [64]byte
				141	mac := hmac.New(sha512.New, zeroKey[:])
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	142	mac.Write(moduleText)
				143	calculated := mac.Sum(nil)
				144
				145	// Replace the default hash value in the object with the calculated
				146	// value and write it out.
				147
				148	offset := bytes.Index(objectBytes, uninitHashValue[:])
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	149	if offset < 0 {
				150	return errors.New("did not find uninitialised hash value in object file")
				151	}
				152
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	153	if bytes.Index(objectBytes[offset+1:], uninitHashValue[:]) >= 0 {
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	154	return errors.New("found two occurrences of uninitialised hash value in object file")
				155	}
				156
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	157	copy(objectBytes[offset:], calculated)
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	158
Adam Langley	82bad05	2017-04-12 13:16:10 -0700	[diff] [blame]	159	return ioutil.WriteFile(outPath, objectBytes, 0644)
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	160	}
				161
				162	func main() {
Adam Langley	c86a230	2017-04-14 16:08:55 -0700	[diff] [blame]	163	arInput := flag.String("in-archive", "", "Path to a .a file")
				164	oInput := flag.String("in-object", "", "Path to a .o file")
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	165	outPath := flag.String("o", "", "Path to output object")
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	166
				167	flag.Parse()
				168
Adam Langley	c86a230	2017-04-14 16:08:55 -0700	[diff] [blame]	169	if err := do(outPath, oInput, *arInput); err != nil {
Adam Langley	fd49993	2017-04-04 14:21:43 -0700	[diff] [blame]	170	fmt.Fprintf(os.Stderr, "%s\n", err)
				171	os.Exit(1)
				172	}
				173	}