blob: 50071bf5dc7ff2fa17e6d82707a7580dde8e5de7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#! /bin/sh
#
# gen-note-integrity.sh - Build tool to generate hmac hash section
#
# Copyright (C) 2022 g10 Code GmbH
#
# This file is part of libgcrypt.
#
# libgcrypt is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public License
# as published by the Free Software Foundation; either version 2.1 of
# the License, or (at your option) any later version.
#
# libgcrypt is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, see <https://www.gnu.org/licenses/>.
#
set -e
#
# Following variables should be defined to invoke this script
#
# READELF
# AWK
# ECHO_N
#
######## Emit ElfN_Nhdr for note.fdo.integrity ########
NOTE_NAME="FDO"
# n_namesz = 4 including NUL
printf '%b' '\004'
printf '%b' '\000'
printf '%b' '\000'
printf '%b' '\000'
# n_descsz = 32
printf '%b' '\040'
printf '%b' '\000'
printf '%b' '\000'
printf '%b' '\000'
# n_type: NT_FDO_INTEGRITY=0xCAFE2A8E
printf '%b' '\312'
printf '%b' '\376'
printf '%b' '\052'
printf '%b' '\216'
# the name
echo $ECHO_N $NOTE_NAME
printf '%b' '\000'
# Here comes the alignment. As the size of name is 4, it's none.
# NO PADDING HERE.
######## Rest is to generate hmac hash ########
AWK_VERSION_OUTPUT=$($AWK 'BEGIN { print PROCINFO["version"] }')
if test -n "$AWK_VERSION_OUTPUT"; then
# It's GNU awk, which supports PROCINFO.
AWK_OPTION=--non-decimal-data
fi
FILE=.libs/libgcrypt.so
#
# Fixup the ELF header to clean up section information
#
BYTE002=$(printf '%b' '\002')
CLASS_BYTE=$(dd ibs=1 skip=4 count=1 if=$FILE status=none)
if test "$CLASS_BYTE" = "$BYTE002"; then
CLASS=64
HEADER_SIZE=64
else
CLASS=32
HEADER_SIZE=52
fi
if test $CLASS -eq 64; then
dd ibs=1 count=40 if=$FILE status=none
dd ibs=1 count=8 if=/dev/zero status=none
dd ibs=1 skip=48 count=10 if=$FILE status=none
dd ibs=1 count=6 if=/dev/zero status=none
else
dd ibs=1 count=32 if=$FILE status=none
dd ibs=1 count=4 if=/dev/zero status=none
dd ibs=1 skip=36 count=10 if=$FILE status=none
dd ibs=1 count=6 if=/dev/zero status=none
fi > header-fixed.bin
#
# Compute the end of segments, and emit the COUNT to read
# (For each segment in program headers, calculate the offset
# and select the maximum)
#
# This require computation in hexadecimal, and GNU awk needs
# --non-decimal-data option
#
COUNT=$($READELF --wide --program-headers $FILE | \
$AWK $AWK_OPTION \
"BEGIN { max_offset=0 }
/^\$/ { if (program_headers_start) program_headers_end=1 }
(program_headers_start && !program_headers_end) { offset = \$2 + \$5 }
(max_offset < offset) { max_offset = offset }
/^ Type/ { program_headers_start=1 }
END { print max_offset- $HEADER_SIZE }")
#
# Feed the header fixed and all segments to HMAC256
# to generate hmac hash of the FILE
#
(cat header-fixed.bin; \
dd ibs=1 skip=$HEADER_SIZE count=$COUNT if=$FILE status=none) \
| ./hmac256 --stdkey --binary
rm -f header-fixed.bin
|
