From 578b0e2a07ce9ee4230e5492eba3fe0ed5f93c55 Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Sun, 2 Oct 2016 17:52:08 -0400 Subject: [PATCH] Add information for expected and load address for FIPS DLL module (Issue 314) --- fipstest.cpp | 26 ++++++++++++++++++++++---- test.cpp | 2 +- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/fipstest.cpp b/fipstest.cpp index 48704e91..1749598a 100644 --- a/fipstest.cpp +++ b/fipstest.cpp @@ -54,6 +54,13 @@ extern PowerUpSelfTestStatus g_powerUpSelfTestStatus; SecByteBlock g_actualMac; unsigned long g_macFileLocation = 0; +// $ grep -iIR baseaddress *.*proj +// cryptdll.vcxproj: 0x42900000 +// cryptdll.vcxproj: 0x42900000 +// cryptdll.vcxproj: 0x42900000 +// cryptdll.vcxproj: 0x42900000 +const void* g_BaseAddressOfMAC = reinterpret_cast(0x42900000); + // use a random dummy string here, to be searched/replaced later with the real MAC static const byte s_moduleMac[CryptoPP::HMAC::DIGESTSIZE] = CRYPTOPP_DUMMY_DLL_MAC; CRYPTOPP_COMPILE_ASSERT(sizeof(s_moduleMac) == CryptoPP::SHA1::DIGESTSIZE); @@ -294,12 +301,13 @@ bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModule #ifdef CRYPTOPP_WIN32_AVAILABLE HMODULE h = NULL; { - char moduleFilenameBuf[MAX_PATH] = ""; + const size_t FIPS_MODULE_MAX_PATH = 2*MAX_PATH; + char moduleFilenameBuf[FIPS_MODULE_MAX_PATH] = ""; if (moduleFilename == NULL) { #if (_MSC_VER >= 1400 && !defined(_STLPORT_VERSION)) // ifstream doesn't support wide filename on other compilers - wchar_t wideModuleFilename[MAX_PATH]; - if (GetModuleFileNameW(s_hModule, wideModuleFilename, MAX_PATH) > 0) + wchar_t wideModuleFilename[FIPS_MODULE_MAX_PATH]; + if (GetModuleFileNameW(s_hModule, wideModuleFilename, FIPS_MODULE_MAX_PATH) > 0) { moduleStream.open(wideModuleFilename, std::ios::in | std::ios::binary); h = GetModuleHandleW(wideModuleFilename); @@ -307,7 +315,7 @@ bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModule else #endif { - GetModuleFileNameA(s_hModule, moduleFilenameBuf, MAX_PATH); + GetModuleFileNameA(s_hModule, moduleFilenameBuf, FIPS_MODULE_MAX_PATH); moduleFilename = moduleFilenameBuf; } } @@ -322,6 +330,16 @@ bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModule #endif } + if (h != g_BaseAddressOfMAC) + { + std::ostringstream oss; + oss << "Crypto++ DLL integrity check may fail. Expected module base address is 0x"; + oss << std::hex << g_BaseAddressOfMAC << ", but module loaded at 0x" << h; +#ifdef CRYPTOPP_WIN32_AVAILABLE + OutputDebugStringA(oss.str().c_str()); +#endif + } + if (!moduleStream) { #ifdef CRYPTOPP_WIN32_AVAILABLE diff --git a/test.cpp b/test.cpp index 0f1129a6..affaf040 100644 --- a/test.cpp +++ b/test.cpp @@ -295,7 +295,7 @@ int CRYPTOPP_API main(int argc, char *argv[]) encoder.Get(reinterpret_cast(&hexEncoded[0]), hexEncoded.size()); // Report MAC and location - std::cout << "Placing MAC " << hexEncoded << " in " << fname << "at location " << macPos; + std::cout << "Placing MAC " << hexEncoded << " in " << fname << " at file offset " << macPos; std::cout << " (0x" << std::hex << macPos << std::dec << ").\n"; // place MAC