Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 8ff035535f7cf2903f02bbe94d2fa10b7ab855f1 / . / src / util / fipstools / inject-hash.go
blob: 688024d105a55178c084a4ccb58349edb57eaf8e [file] [log] [blame]
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]1// Copyright (c) 2017, Google Inc.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15// inject-hash parses an archive containing a file object file. It finds a FIPS
16// module inside that object, calculates its hash and replaces the default hash
17// value in the object with the calculated value.
18package main
19
20import (
21 "bytes"
22 "crypto/hmac"
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]23 "crypto/sha512"
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]24 "debug/elf"
25 "errors"
26 "flag"
27 "fmt"
28 "io"
29 "io/ioutil"
30 "os"
31)
32
Robert Sloan9254e682017-04-24 09:42:06 -0700[diff] [blame]33func do(outPath, oInput string, arInput string) error {
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]34 var objectBytes []byte
Robert Sloan9254e682017-04-24 09:42:06 -0700[diff] [blame]35 if len(arInput) > 0 {
36 if len(oInput) > 0 {
37 return fmt.Errorf("-in-archive and -in-object are mutually exclusive")
38 }
39
40 arFile, err := os.Open(arInput)
41 if err != nil {
42 return err
43 }
44 defer arFile.Close()
45
46 ar, err := ParseAR(arFile)
47 if err != nil {
48 return err
49 }
50
51 if len(ar) != 1 {
52 return fmt.Errorf("expected one file in archive, but found %d", len(ar))
53 }
54
55 for _, contents := range ar {
56 objectBytes = contents
57 }
58 } else if len(oInput) > 0 {
59 var err error
60 if objectBytes, err = ioutil.ReadFile(oInput); err != nil {
61 return err
62 }
63 } else {
64 return fmt.Errorf("exactly one of -in-archive or -in-object is required")
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]65 }
66
67 object, err := elf.NewFile(bytes.NewReader(objectBytes))
68 if err != nil {
69 return errors.New("failed to parse object: " + err.Error())
70 }
71
72 // Find the .text section.
73
74 var textSection *elf.Section
75 var textSectionIndex elf.SectionIndex
76 for i, section := range object.Sections {
77 if section.Name == ".text" {
78 textSectionIndex = elf.SectionIndex(i)
79 textSection = section
80 break
81 }
82 }
83
84 if textSection == nil {
85 return errors.New("failed to find .text section in object")
86 }
87
88 // Find the starting and ending symbols for the module.
89
90 var startSeen, endSeen bool
91 var start, end uint64
92
93 symbols, err := object.Symbols()
94 if err != nil {
95 return errors.New("failed to parse symbols: " + err.Error())
96 }
97
98 for _, symbol := range symbols {
99 if symbol.Section != textSectionIndex {
100 continue
101 }
102
103 switch symbol.Name {
104 case "BORINGSSL_bcm_text_start":
105 if startSeen {
106 return errors.New("duplicate start symbol found")
107 }
108 startSeen = true
109 start = symbol.Value
110 case "BORINGSSL_bcm_text_end":
111 if endSeen {
112 return errors.New("duplicate end symbol found")
113 }
114 endSeen = true
115 end = symbol.Value
116 default:
117 continue
118 }
119 }
120
121 if !startSeen || !endSeen {
122 return errors.New("could not find module boundaries in object")
123 }
124
125 if max := textSection.Size; start > max || start > end || end > max {
126 return fmt.Errorf("invalid module boundaries: start: %x, end: %x, max: %x", start, end, max)
127 }
128
129 // Extract the module from the .text section and hash it.
130
131 text := textSection.Open()
132 if _, err := text.Seek(int64(start), 0); err != nil {
133 return errors.New("failed to seek to module start in .text: " + err.Error())
134 }
135 moduleText := make([]byte, end-start)
136 if _, err := io.ReadFull(text, moduleText); err != nil {
137 return errors.New("failed to read .text: " + err.Error())
138 }
139
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]140 var zeroKey [64]byte
141 mac := hmac.New(sha512.New, zeroKey[:])
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]142 mac.Write(moduleText)
143 calculated := mac.Sum(nil)
144
145 // Replace the default hash value in the object with the calculated
146 // value and write it out.
147
148 offset := bytes.Index(objectBytes, uninitHashValue[:])
149 if offset < 0 {
150 return errors.New("did not find uninitialised hash value in object file")
151 }
152
153 if bytes.Index(objectBytes[offset+1:], uninitHashValue[:]) >= 0 {
154 return errors.New("found two occurrences of uninitialised hash value in object file")
155 }
156
157 copy(objectBytes[offset:], calculated)
158
159 return ioutil.WriteFile(outPath, objectBytes, 0644)
160}
161
162func main() {
Robert Sloan9254e682017-04-24 09:42:06 -0700[diff] [blame]163 arInput := flag.String("in-archive", "", "Path to a .a file")
164 oInput := flag.String("in-object", "", "Path to a .o file")
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]165 outPath := flag.String("o", "", "Path to output object")
166
167 flag.Parse()
168
Robert Sloan9254e682017-04-24 09:42:06 -0700[diff] [blame]169 if err := do(*outPath, *oInput, *arInput); err != nil {
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]170 fmt.Fprintf(os.Stderr, "%s\n", err)
171 os.Exit(1)
172 }
173}