3 # calculate in-core fingerprint via looking at the object file rather than
4 # running a program on the target
9 OBJCOPY=${CROSS_COMPILE}objcopy
10 OBJDUMP=${CROSS_COMPILE}objdump
15 HMAC_KEY="etaonrishdlcupfm"
16 FINGERTYPE="openssl sha1 -hmac ${HMAC_KEY}"
18 # FINGERTYPE can be made via openssl or fips_standalone_sha1 (output word 2)
20 # allow for a simple -d option
21 if [ "$1" = "-d" ]; then
26 if [ "$1" != "-exe" -a "$1" != "-dso" ]; then
27 echo "usage: incore [-exe|-dso] executable" >&2
33 if [ -z "$APP" ]; then
34 echo "usage: incore [-exe|-dso] executable" >&2
38 if [ ! -f "$APP" ]; then
39 echo "incore: $APP not found" >&2
44 TARGET=`$OBJDUMP -f $APP | grep 'file format' | awk '{print $4}'`
46 if [ ! -z "$DEBUG" ]; then
47 echo "TARGET: $TARGET" >&2
50 # INCORE_ADJUST is the fixup allowance for FIPS_ref_point() handling in
51 # fips/fips_canister.c which is used rather than the actual
54 if [ -z "$INCORE_ADJUST" ]; then
58 elf64-x86-64) INCORE_ADJUST=4;;
59 #elf32-littlearm|elf32-little|elf32-bigarm) INCORE_ADJUST="-36";;
60 elf32-littlearm|elf32-little|elf32-bigarm) INCORE_ADJUST="0";;
65 #$OBJCOPY -j .rodata -v -O binary $APP $APP-rodata | grep -v '^copy from'
66 #$OBJCOPY -j .text -v -O binary $APP $APP-text | grep -v '^copy from'
67 #$OBJCOPY -j .rodata -v -F $TARGET $APP $APP-rodata | grep -v '^copy from'
68 #$OBJCOPY -j .text -v -F $TARGET $APP $APP-text | grep -v '^copy from'
71 # locate all the required symbols
73 eval `$OBJDUMP -t $APP | egrep 'FIPS_text_start|FIPS_text_end|FIPS_rodata_end|FIPS_rodata_start|FIPS_signature|FINGERPRINT_ascii_value' | awk '{printf("%s=%s\n",$6,toupper($1))}' | sed -e 's/\./_/g'`
76 # locate the offsets and length of the interesting sections
78 eval `$OBJDUMP -h $APP | egrep '.text|.rodata|.bss' | awk '{printf("%s=%s\n%s_OFF=%s\n",$2,toupper($4),$2,toupper($6))}' | sed -e 's/^\./DOT/' -e 's/\./_/g'`
81 # should now have the following variables set which can be used to
82 # extract the right parts from the -rodata and -text files
85 # FIPS_rodata_end=0000000000436160
86 # FIPS_rodata_start=0000000000430B00
87 # FIPS_signature=000000000063EBE0
88 # FIPS_text_end=00000000004304E0
89 # FIPS_text_start=0000000000401780
90 # DOTrodata=0000000000430AE0
91 # DOTrodata_OFF=00030AE0
92 # DOTtext=0000000000401690
93 # DOTtext_OFF=00001690
96 # show the values - debug
98 if [ ! -z "$DEBUG" ]; then
100 echo "FIPS_rodata_end=$FIPS_rodata_end"
101 echo "FIPS_rodata_start=$FIPS_rodata_start"
102 echo "FIPS_signature=$FIPS_signature"
103 echo "FIPS_text_end=$FIPS_text_end"
104 echo "FIPS_text_start=$FIPS_text_start"
105 echo "FINGERPRINT_ascii_value=$FINGERPRINT_ascii_value"
106 echo "DOTrodata=$DOTrodata"
107 echo "DOTrodata_OFF=$DOTrodata_OFF"
108 echo "DOTtext=$DOTtext"
109 echo "DOTtext_OFF=$DOTtext_OFF"
113 if [ -z "$FIPS_rodata_start" ]; then
114 echo "$APP: Not a FIPS executable" >&2
117 if [ -z "$FIPS_rodata_end" ]; then
118 echo "$APP: Not a FIPS executable" >&2
121 if [ -z "$FIPS_text_start" ]; then
122 echo "$APP: Not a FIPS executable" >&2
125 if [ -z "$FIPS_text_end" ]; then
126 echo "$APP: Not a FIPS executable" >&2
131 # use 'bc' to calculate offsets and lengths for RODATA
133 RSTART=`cat <<EOF | bc
136 $FIPS_rodata_start-$DOTrodata
141 $FIPS_rodata_end-$FIPS_rodata_start
148 ROFF=`expr $ROFF + $RSTART`
151 # use 'bc' to calculate offsets and lengths for TEXT
153 TSTART=`cat <<EOF | bc
156 $FIPS_text_start-$DOTtext
161 $FIPS_text_end-$FIPS_text_start
168 TOFF=`expr $TOFF + $TSTART + $INCORE_ADJUST`
171 # use 'bc' to calculate where to locate FINGERPRINT_ascii_value
173 FSTART=`cat <<EOF | bc
176 $FINGERPRINT_ascii_value-$DOTrodata
178 # 20 bytes as ASCII HEX
185 FOFF=`expr $FOFF + $FSTART`
188 # NOTE: this code does not check for FIPS_signature being inside the
189 # rodata segment and exclude it from the calculation which is what
190 # the actual runtime code does as we do not update it; the
191 # FIPS_signature should be in BSS - but in either case our calculation
192 # is correct as the signature comes from FINGERPRINT_ascii_value
193 # when FIPS_signature is actually blank (zero)
199 if [ ! -z "$DEBUG" ]; then
201 echo "TSTART $TSTART"
204 echo "INCORE_ADJUST $INCORE_ADJUST"
206 echo "RSTART $RSTART"
210 echo "FSTART $FSTART"
216 # some debug code when looking at the values
217 if [ ! -z "$INCORE_DEBUG" ]; then
218 dd if=$APP of=mac1 bs=1 skip=$TOFF count=$TLEN
219 dd if=$APP of=mac2 bs=1 skip=$ROFF count=$RLEN
225 # show the actual value of FINGERPRINT_ascii_value as placed in
226 # the program by fipsld
228 if [ ! -z "$DEBUG" ]; then
231 dd if=$APP bs=1 skip=$FOFF count=$FLEN 2>/dev/null
237 # now calculate what that value should be from the appropriate sections
240 if [ ! -z "$DEBUG" ]; then
241 echo "calculated: " >&2
243 ( dd if=$APP bs=1 skip=$TOFF count=$TLEN && \
244 dd if=$APP bs=1 skip=$ROFF count=$RLEN ) 2>/dev/null | $FINGERTYPE