arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add information for expected and load address for FIPS DLL module (Issue 314)

pull/326/head
Jeffrey Walton 2016-10-02 17:52:08 -04:00
parent 55bbc55a7e
commit 578b0e2a07
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
fipstest.cpp
View File

@ -54,6 +54,13 @@ extern PowerUpSelfTestStatus g_powerUpSelfTestStatus;
SecByteBlock g_actualMac; SecByteBlock g_actualMac;
unsigned long g_macFileLocation = 0; unsigned long g_macFileLocation = 0;
// $ grep -iIR baseaddress *.*proj
// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
// cryptdll.vcxproj: <BaseAddress>0x42900000</BaseAddress>
const void* g_BaseAddressOfMAC = reinterpret_cast<void*>(0x42900000);
// use a random dummy string here, to be searched/replaced later with the real MAC // use a random dummy string here, to be searched/replaced later with the real MAC
static const byte s_moduleMac[CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE] = CRYPTOPP_DUMMY_DLL_MAC; static const byte s_moduleMac[CryptoPP::HMAC<CryptoPP::SHA1>::DIGESTSIZE] = CRYPTOPP_DUMMY_DLL_MAC;
CRYPTOPP_COMPILE_ASSERT(sizeof(s_moduleMac) == CryptoPP::SHA1::DIGESTSIZE); CRYPTOPP_COMPILE_ASSERT(sizeof(s_moduleMac) == CryptoPP::SHA1::DIGESTSIZE);
@ -294,12 +301,13 @@ bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModule
#ifdef CRYPTOPP_WIN32_AVAILABLE #ifdef CRYPTOPP_WIN32_AVAILABLE
HMODULE h = NULL; HMODULE h = NULL;
{ {
char moduleFilenameBuf[MAX_PATH] = ""; const size_t FIPS_MODULE_MAX_PATH = 2*MAX_PATH;
char moduleFilenameBuf[FIPS_MODULE_MAX_PATH] = "";
if (moduleFilename == NULL) if (moduleFilename == NULL)
{ {
#if (_MSC_VER >= 1400 && !defined(_STLPORT_VERSION)) // ifstream doesn't support wide filename on other compilers #if (_MSC_VER >= 1400 && !defined(_STLPORT_VERSION)) // ifstream doesn't support wide filename on other compilers
wchar_t wideModuleFilename[MAX_PATH]; wchar_t wideModuleFilename[FIPS_MODULE_MAX_PATH];
if (GetModuleFileNameW(s_hModule, wideModuleFilename, MAX_PATH) > 0) if (GetModuleFileNameW(s_hModule, wideModuleFilename, FIPS_MODULE_MAX_PATH) > 0)
{ {
moduleStream.open(wideModuleFilename, std::ios::in | std::ios::binary); moduleStream.open(wideModuleFilename, std::ios::in | std::ios::binary);
h = GetModuleHandleW(wideModuleFilename); h = GetModuleHandleW(wideModuleFilename);
@ -307,7 +315,7 @@ bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModule
else else
#endif #endif
{ {
GetModuleFileNameA(s_hModule, moduleFilenameBuf, MAX_PATH); GetModuleFileNameA(s_hModule, moduleFilenameBuf, FIPS_MODULE_MAX_PATH);
moduleFilename = moduleFilenameBuf; moduleFilename = moduleFilenameBuf;
} }
} }
@ -322,6 +330,16 @@ bool IntegrityCheckModule(const char *moduleFilename, const byte *expectedModule
#endif #endif
} }
if (h != g_BaseAddressOfMAC)
{
std::ostringstream oss;
oss << "Crypto++ DLL integrity check may fail. Expected module base address is 0x";
oss << std::hex << g_BaseAddressOfMAC << ", but module loaded at 0x" << h;
#ifdef CRYPTOPP_WIN32_AVAILABLE
OutputDebugStringA(oss.str().c_str());
#endif
}
if (!moduleStream) if (!moduleStream)
{ {
#ifdef CRYPTOPP_WIN32_AVAILABLE #ifdef CRYPTOPP_WIN32_AVAILABLE

2
test.cpp
View File

@ -295,7 +295,7 @@ int CRYPTOPP_API main(int argc, char *argv[])
encoder.Get(reinterpret_cast<byte*>(&hexEncoded[0]), hexEncoded.size()); encoder.Get(reinterpret_cast<byte*>(&hexEncoded[0]), hexEncoded.size());
// Report MAC and location // Report MAC and location
std::cout << "Placing MAC " << hexEncoded << " in " << fname << "at location " << macPos; std::cout << "Placing MAC " << hexEncoded << " in " << fname << " at file offset " << macPos;
std::cout << " (0x" << std::hex << macPos << std::dec << ").\n"; std::cout << " (0x" << std::hex << macPos << std::dec << ").\n";
// place MAC // place MAC