util/fipslink.pl

   1 #!/usr/bin/perl
   2
   3 sub check_env
   4         {
   5         my @ret;
   6         foreach (@_)
   7                 {
   8                 die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
   9                 push @ret, $ENV{$_};
  10                 }
  11         return @ret;
  12         }
  13
  14
  15 my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
  16          = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
  17                 "FIPSLIB_D", "FIPS_SHA1_EXE");
  18
  19
  20
  21 if (exists $ENV{"PREMAIN_DSO_EXE"})
  22         {
  23         $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
  24         }
  25         else
  26         {
  27         $fips_premain_dso = "";
  28         }
  29
  30 check_hash($sha1_exe, "fips_premain.c");
  31 check_hash($sha1_exe, "fipscanister.lib");
  32
  33
  34 print "Integrity check OK\n";
  35
  36 if (is_premain_linked(@ARGV)) {
  37         print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
  38         system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
  39         die "First stage Compile failure" if $? != 0;
  40 } elsif (!defined($ENV{FIPS_SIG})) {
  41         die "no fips_premain.obj linked";
  42 }
  43
  44 print "$fips_link @ARGV\n";
  45 system "$fips_link @ARGV";
  46 die "First stage Link failure" if $? != 0;
  47
  48 if (defined($ENV{FIPS_SIG})) {
  49         print "$ENV{FIPS_SIG} $fips_target\n";
  50         system "$ENV{FIPS_SIG} $fips_target";
  51         die "$ENV{FIPS_SIG} $fips_target failed" if $? != 0;
  52         exit;
  53 }
  54
  55 print "$fips_premain_dso $fips_target\n";
  56 system("$fips_premain_dso $fips_target >$fips_target.sha1");
  57 die "Get hash failure" if $? != 0;
  58 open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash failure";
  59 $fips_hash=<$sha1_res>;
  60 close $sha1_res;
  61 unlink $fips_target.".sha1";
  62 chomp $fips_hash;
  63 die "Get hash failure" if $? != 0;
  64
  65
  66 print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
  67 system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
  68 die "Second stage Compile failure" if $? != 0;
  69
  70
  71 print "$fips_link @ARGV\n";
  72 system "$fips_link @ARGV";
  73 die "Second stage Link failure" if $? != 0;
  74
  75 sub is_premain_linked
  76         {
  77         return 1 if (grep /fips_premain\.obj/,@_);
  78         foreach (@_)
  79                 {
  80                 if (/^@(.*)/ && -f $1)
  81                         {
  82                         open FD,$1 or die "can't open $1";
  83                         my $ret = (grep /fips_premain\.obj/,<FD>)?1:0;
  84                         close FD;
  85                         return $ret;
  86                         }
  87                 }
  88         return 0;
  89         }
  90
  91 sub check_hash
  92         {
  93         my ($sha1_exe, $filename) = @_;
  94         my ($hashfile, $hashval);
  95
  96         open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
  97         $hashfile = <IN>;
  98         close IN;
  99         $hashval = `$sha1_exe ${fips_libdir}/$filename`;
 100         chomp $hashfile;
 101         chomp $hashval;
 102         $hashfile =~ s/^.*=\s+//;
 103         $hashval =~ s/^.*=\s+//;
 104         die "Invalid hash syntax in file" if (length($hashfile) != 40);
 105         die "Invalid hash received for file" if (length($hashval) != 40);
 106         die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile);
 107         }
 108
 109