Add Windows FIPS build utilities.
This commit is contained in:
Dr. Stephen Henson
parent
65847ca378
commit
544c84b720
65
ms/segrenam.pl
Normal file
65
ms/segrenam.pl
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
#!/usr/bin/env perl
|
||||||
|
|
||||||
|
my $quiet = 1;
|
||||||
|
|
||||||
|
unpack("L",pack("N",1))!=1 || die "only little-endian hosts are supported";
|
||||||
|
|
||||||
|
# first argument can specify custom suffix...
|
||||||
|
$suffix=(@ARGV[0]=~/^\$/) ? shift(@ARGV) : "\$m";
|
||||||
|
#################################################################
|
||||||
|
# rename segments in COFF modules according to %map table below #
|
||||||
|
%map=( ".text" => "fipstx$suffix", #
|
||||||
|
".text\$"=> "fipstx$suffix", #
|
||||||
|
".rdata"=> "fipsrd$suffix", #
|
||||||
|
".data" => "fipsda$suffix" ); #
|
||||||
|
#################################################################
|
||||||
|
|
||||||
|
# collect file list
|
||||||
|
foreach (@ARGV) {
|
||||||
|
if (/\*/) { push(@files,glob($_)); }
|
||||||
|
else { push(@files,$_); }
|
||||||
|
}
|
||||||
|
|
||||||
|
use Fcntl;
|
||||||
|
use Fcntl ":seek";
|
||||||
|
|
||||||
|
foreach (@files) {
|
||||||
|
$file=$_;
|
||||||
|
print "processing $file\n" unless $quiet;
|
||||||
|
|
||||||
|
sysopen(FD,$file,O_RDWR|O_BINARY) || die "sysopen($file): $!";
|
||||||
|
|
||||||
|
# read IMAGE_DOS_HEADER
|
||||||
|
sysread(FD,$mz,64)==64 || die "$file is too short";
|
||||||
|
@dos_header=unpack("a2C58I",$mz);
|
||||||
|
if (@dos_header[0] eq "MZ") {
|
||||||
|
$e_lfanew=pop(@dos_header);
|
||||||
|
sysseek(FD,$e_lfanew,SEEK_SET) || die "$file is too short";
|
||||||
|
sysread(FD,$Magic,4)==4 || die "$file is too short";
|
||||||
|
unpack("I",$Magic)==0x4550 || die "$file is not COFF image";
|
||||||
|
} elsif ($file =~ /\.obj$/i) {
|
||||||
|
# .obj files have no IMAGE_DOS_HEADER
|
||||||
|
sysseek(FD,0,SEEK_SET) || die "unable to rewind $file";
|
||||||
|
} else { next; }
|
||||||
|
|
||||||
|
# read IMAGE_FILE_HEADER
|
||||||
|
sysread(FD,$coff,20)==20 || die "$file is too short";
|
||||||
|
($Machine,$NumberOfSections,$TimeDateStamp,
|
||||||
|
$PointerToSymbolTable,$NumberOfSysmbols,
|
||||||
|
$SizeOfOptionalHeader,$Characteristics)=unpack("SSIIISS",$coff);
|
||||||
|
|
||||||
|
# skip over IMAGE_OPTIONAL_HEADER
|
||||||
|
sysseek(FD,$SizeOfOptionalHeader,SEEK_CUR) || die "$file is too short";
|
||||||
|
|
||||||
|
# traverse IMAGE_SECTION_HEADER table
|
||||||
|
for($i=0;$i<$NumberOfSections;$i++) {
|
||||||
|
sysread(FD,$SectionHeader,40)==40 || die "$file is too short";
|
||||||
|
($Name,@opaque)=unpack("Z8C*",$SectionHeader);
|
||||||
|
if ($map{$Name}) {
|
||||||
|
sysseek(FD,-40,SEEK_CUR) || die "unable to rewind $file";
|
||||||
|
syswrite(FD,pack("a8C*",$map{$Name},@opaque))==40 || die "syswrite failed: $!";
|
||||||
|
printf " %-8s -> %.8s\n",$Name,$map{$Name} unless $quiet;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close(FD);
|
||||||
|
}
|
||||||
83
util/fipslink.pl
Normal file
83
util/fipslink.pl
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
|
||||||
|
sub check_env
|
||||||
|
{
|
||||||
|
my @ret;
|
||||||
|
foreach (@_)
|
||||||
|
{
|
||||||
|
die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
|
||||||
|
push @ret, $ENV{$_};
|
||||||
|
}
|
||||||
|
return @ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
|
||||||
|
= check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
|
||||||
|
"FIPSLIB_D", "FIPS_SHA1_EXE");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
if (exists $ENV{"PREMAIN_DSO_EXE"})
|
||||||
|
{
|
||||||
|
$fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$fips_premain_dso = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
check_hash($sha1_exe, "fips_premain.c");
|
||||||
|
check_hash($sha1_exe, "fipscanister.lib");
|
||||||
|
|
||||||
|
|
||||||
|
print "Integrity check OK\n";
|
||||||
|
|
||||||
|
print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
|
||||||
|
system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
|
||||||
|
die "First stage Compile failure" if $? != 0;
|
||||||
|
|
||||||
|
print "$fips_link @ARGV\n";
|
||||||
|
system "$fips_link @ARGV";
|
||||||
|
die "First stage Link failure" if $? != 0;
|
||||||
|
|
||||||
|
|
||||||
|
print "$fips_premain_dso $fips_target\n";
|
||||||
|
system("$fips_premain_dso $fips_target >$fips_target.sha1");
|
||||||
|
die "Get hash failure" if $? != 0;
|
||||||
|
open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
|
||||||
|
$fips_hash=<$sha1_res>;
|
||||||
|
close $sha1_res;
|
||||||
|
unlink $fips_target.".sha1";
|
||||||
|
chomp $fips_hash;
|
||||||
|
die "Get hash failure" if $? != 0;
|
||||||
|
|
||||||
|
|
||||||
|
print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
|
||||||
|
system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
|
||||||
|
die "Second stage Compile failure" if $? != 0;
|
||||||
|
|
||||||
|
|
||||||
|
print "$fips_link @ARGV\n";
|
||||||
|
system "$fips_link @ARGV";
|
||||||
|
die "Second stage Link failure" if $? != 0;
|
||||||
|
|
||||||
|
sub check_hash
|
||||||
|
{
|
||||||
|
my ($sha1_exe, $filename) = @_;
|
||||||
|
my ($hashfile, $hashval);
|
||||||
|
|
||||||
|
open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
|
||||||
|
$hashfile = <IN>;
|
||||||
|
close IN;
|
||||||
|
$hashval = `$sha1_exe ${fips_libdir}/$filename`;
|
||||||
|
chomp $hashfile;
|
||||||
|
chomp $hashval;
|
||||||
|
$hashfile =~ s/^.*=\s+//;
|
||||||
|
$hashval =~ s/^.*=\s+//;
|
||||||
|
die "Invalid hash syntax in file" if (length($hashfile) != 40);
|
||||||
|
die "Invalid hash received for file" if (length($hashval) != 40);
|
||||||
|
die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user