6b995f5a54
Instead of having a special case in the core kernel's module loader that treats a module called 'fips140.ko' in a special way, use a host tool to tweak the ELF metadata of this module so that the RELA data is preserved and accessible to the module init code. This is done in the following way: - each RELA section that we care about (the ones for .text and .rodata at the moment) is copied into a new section called .init.rela.<name> with the SHF_ALLOC attribute, so that the module loader will copy it into __init memory at load time; - for each such section, an offset/count tuple is added as a global variable to the module; - the count field of those tuples is populated directly by the host tool based on the actual size of the RELA section in question; - the offset field is decorated with a place-relative relocation against the start of the copied RELA section via a weak symbol reference, which causes an entry to be emitted into the ELF symbol table; - these ELF symbol table entries are updated by the host tool and turned into STT_SECTION type symbols with STB_GLOBAL linkage, carrying the correct section index. With these changes in place, the unmodified module loader will load all required information into memory in a way that permits the module init code to locate the relocations, and apply them in reverse. Bug: 153614920 Bug: 188620248 Change-Id: I07d9704febdf913834502dd09c19aa4a04d983b1 Signed-off-by: Ard Biesheuvel <ardb@google.com> (cherry picked from commit 502af6e3490d3ed51cf2131306303445b0d56579)
195 lines
4.6 KiB
C
195 lines
4.6 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Copyright (C) 2021 - Google LLC
|
|
* Author: Ard Biesheuvel <ardb@google.com>
|
|
*
|
|
* This is a host tool that is intended to be used to take the HMAC digest of
|
|
* the .text and .rodata sections of the fips140.ko module, and store it inside
|
|
* the module. The module will perform an integrity selfcheck at module_init()
|
|
* time, by recalculating the digest and comparing it with the value calculated
|
|
* here.
|
|
*
|
|
* Note that the peculiar way an HMAC is being used as a digest with a public
|
|
* key rather than as a symmetric key signature is mandated by FIPS 140-2.
|
|
*/
|
|
|
|
#include <elf.h>
|
|
#include <fcntl.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/mman.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
|
|
#include <openssl/hmac.h>
|
|
|
|
static Elf64_Ehdr *ehdr;
|
|
static Elf64_Shdr *shdr;
|
|
static int num_shdr;
|
|
static const char *strtab, *shstrtab;
|
|
static Elf64_Sym *syms;
|
|
static int num_syms;
|
|
|
|
static Elf64_Shdr *find_symtab_section(void)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < num_shdr; i++)
|
|
if (shdr[i].sh_type == SHT_SYMTAB)
|
|
return &shdr[i];
|
|
return NULL;
|
|
}
|
|
|
|
static int get_section_idx(const char *name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < num_shdr; i++)
|
|
if (!strcmp(shstrtab + shdr[i].sh_name, name))
|
|
return i;
|
|
return -1;
|
|
}
|
|
|
|
static int get_sym_idx(const char *sym_name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < num_syms; i++)
|
|
if (!strcmp(strtab + syms[i].st_name, sym_name))
|
|
return i;
|
|
return -1;
|
|
}
|
|
|
|
static void *get_sym_addr(const char *sym_name)
|
|
{
|
|
int i = get_sym_idx(sym_name);
|
|
|
|
if (i >= 0)
|
|
return (void *)ehdr + shdr[syms[i].st_shndx].sh_offset +
|
|
syms[i].st_value;
|
|
return NULL;
|
|
}
|
|
|
|
static int update_rela_ref(const char *name)
|
|
{
|
|
/*
|
|
* We need to do a couple of things to ensure that the copied RELA data
|
|
* is accessible to the module itself at module init time:
|
|
* - the associated entry in the symbol table needs to refer to the
|
|
* correct section index, and have SECTION type and GLOBAL linkage.
|
|
* - the 'count' global variable in the module need to be set to the
|
|
* right value based on the size of the RELA section.
|
|
*/
|
|
unsigned int *size_var;
|
|
int sec_idx, sym_idx;
|
|
char str[32];
|
|
|
|
sprintf(str, "fips140_rela_%s", name);
|
|
size_var = get_sym_addr(str);
|
|
if (!size_var) {
|
|
printf("variable '%s' not found, disregarding .%s section\n",
|
|
str, name);
|
|
return 1;
|
|
}
|
|
|
|
sprintf(str, "__sec_rela_%s", name);
|
|
sym_idx = get_sym_idx(str);
|
|
|
|
sprintf(str, ".init.rela.%s", name);
|
|
sec_idx = get_section_idx(str);
|
|
|
|
if (sec_idx < 0 || sym_idx < 0) {
|
|
fprintf(stderr, "failed to locate metadata for .%s section in binary\n",
|
|
name);
|
|
return 0;
|
|
}
|
|
|
|
syms[sym_idx].st_shndx = sec_idx;
|
|
syms[sym_idx].st_info = (STB_GLOBAL << 4) | STT_SECTION;
|
|
|
|
size_var[1] = shdr[sec_idx].sh_size / sizeof(Elf64_Rela);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static void hmac_section(HMAC_CTX *hmac, const char *start, const char *end)
|
|
{
|
|
void *start_addr = get_sym_addr(start);
|
|
void *end_addr = get_sym_addr(end);
|
|
|
|
HMAC_Update(hmac, start_addr, end_addr - start_addr);
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
Elf64_Shdr *symtab_shdr;
|
|
const char *hmac_key;
|
|
unsigned char *dg;
|
|
unsigned int dglen;
|
|
struct stat stat;
|
|
HMAC_CTX *hmac;
|
|
int fd, ret;
|
|
|
|
if (argc < 2) {
|
|
fprintf(stderr, "file argument missing\n");
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
fd = open(argv[1], O_RDWR);
|
|
if (fd < 0) {
|
|
fprintf(stderr, "failed to open %s\n", argv[1]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
ret = fstat(fd, &stat);
|
|
if (ret < 0) {
|
|
fprintf(stderr, "failed to stat() %s\n", argv[1]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
ehdr = mmap(0, stat.st_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
|
|
if (ehdr == MAP_FAILED) {
|
|
fprintf(stderr, "failed to mmap() %s\n", argv[1]);
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
shdr = (void *)ehdr + ehdr->e_shoff;
|
|
num_shdr = ehdr->e_shnum;
|
|
|
|
symtab_shdr = find_symtab_section();
|
|
|
|
syms = (void *)ehdr + symtab_shdr->sh_offset;
|
|
num_syms = symtab_shdr->sh_size / sizeof(Elf64_Sym);
|
|
|
|
strtab = (void *)ehdr + shdr[symtab_shdr->sh_link].sh_offset;
|
|
shstrtab = (void *)ehdr + shdr[ehdr->e_shstrndx].sh_offset;
|
|
|
|
if (!update_rela_ref("text") || !update_rela_ref("rodata"))
|
|
exit(EXIT_FAILURE);
|
|
|
|
hmac_key = get_sym_addr("fips140_integ_hmac_key");
|
|
if (!hmac_key) {
|
|
fprintf(stderr, "failed to locate HMAC key in binary\n");
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
dg = get_sym_addr("fips140_integ_hmac_digest");
|
|
if (!dg) {
|
|
fprintf(stderr, "failed to locate HMAC digest in binary\n");
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
|
|
hmac = HMAC_CTX_new();
|
|
HMAC_Init_ex(hmac, hmac_key, strlen(hmac_key), EVP_sha256(), NULL);
|
|
|
|
hmac_section(hmac, "__fips140_text_start", "__fips140_text_end");
|
|
hmac_section(hmac, "__fips140_rodata_start", "__fips140_rodata_end");
|
|
|
|
HMAC_Final(hmac, dg, &dglen);
|
|
|
|
close(fd);
|
|
return 0;
|
|
}
|