/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
*/
#define ELF_TARGET_ALL /* get definitions of all section flags */
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <strings.h>
#include <stddef.h>
#include <stdlib.h>
#include <libintl.h>
#include <dirent.h>
#include <errno.h>
#include <libelf.h>
#include <gelf.h>
#include <cryptoutil.h>
#include <sha1.h>
#include <sys/crypto/elfsign.h>
#include <libelfsign.h>
#ifndef SHA1_DIGEST_LENGTH
#define SHA1_DIGEST_LENGTH 20
#endif /* SHA1_DIGEST_LENGTH */
const char SUNW_ELF_SIGNATURE_ID[] = ELF_SIGNATURE_SECTION;
const char OID_sha1WithRSAEncryption[] = "1.2.840.113549.1.1.5";
static ELFsign_status_t elfsign_adjustoffsets(ELFsign_t ess,
Elf_Scn *scn, uint64_t new_size);
static uint32_t elfsign_switch_uint32(uint32_t i);
static ELFsign_status_t elfsign_switch(ELFsign_t ess,
struct filesignatures *fssp, enum ES_ACTION action);
struct filesig_extraction {
filesig_vers_t fsx_version;
char *fsx_format;
char fsx_signer_DN[ELFCERT_MAX_DN_LEN];
size_t fsx_signer_DN_len;
uchar_t fsx_signature[SIG_MAX_LENGTH];
size_t fsx_sig_len;
char fsx_sig_oid[100];
size_t fsx_sig_oid_len;
time_t fsx_time;
};
static char *
version_to_str(filesig_vers_t v)
{
char *ret;
switch (v) {
case FILESIG_VERSION1:
ret = "VERSION1";
break;
case FILESIG_VERSION2:
ret = "VERSION2";
break;
case FILESIG_VERSION3:
ret = "VERSION3";
break;
case FILESIG_VERSION4:
ret = "VERSION4";
break;
default:
ret = "UNKNOWN";
break;
}
return (ret);
}
/*
* Update filesignatures to include the v1/v2 filesig,
* composed of signer DN, signature, and OID.
*/
static struct filesignatures *
filesig_insert_dso(struct filesignatures *fssp,
filesig_vers_t version,
const char *dn,
int dn_len,
const uchar_t *sig,
int sig_len,
const char *oid,
int oid_len)
{
struct filesig *fsgp;
char *fsdatap;
if (oid == NULL) {
/*
* This OID is used for the rsa_md5_sha1 format signature also.
* This use is historical, and is hence continued,
* despite its lack of technical accuracy.
*/
oid = OID_sha1WithRSAEncryption;
oid_len = strlen(oid);
}
/*
* for now, always insert a single-signature signature block
*/
if (fssp != NULL)
free(fssp);
fssp = (struct filesignatures *)
malloc(filesig_ALIGN(sizeof (struct filesignatures) +
dn_len + sig_len + oid_len));
if (fssp == NULL)
return (fssp);
fssp->filesig_cnt = 1;
fssp->filesig_pad = 0; /* reserve for future use */
fsgp = &fssp->filesig_sig;
fsgp->filesig_size = sizeof (struct filesig) +
dn_len + sig_len + oid_len;
fsgp->filesig_version = version;
switch (version) {
case FILESIG_VERSION1:
case FILESIG_VERSION2:
fsgp->filesig_size -= sizeof (struct filesig) -
offsetof(struct filesig, filesig_v1_data[0]);
fsgp->filesig_v1_dnsize = dn_len;
fsgp->filesig_v1_sigsize = sig_len;
fsgp->filesig_v1_oidsize = oid_len;
fsdatap = &fsgp->filesig_v1_data[0];
break;
case FILESIG_VERSION3:
case FILESIG_VERSION4:
fsgp->filesig_size -= sizeof (struct filesig) -
offsetof(struct filesig, filesig_v3_data[0]);
fsgp->filesig_v3_time = time(NULL);
fsgp->filesig_v3_dnsize = dn_len;
fsgp->filesig_v3_sigsize = sig_len;
fsgp->filesig_v3_oidsize = oid_len;
fsdatap = &fsgp->filesig_v3_data[0];
break;
default:
cryptodebug("filesig_insert_dso: unknown version: %d",
version);
free(fssp);
return (NULL);
}
(void) memcpy(fsdatap, dn, dn_len);
fsdatap += dn_len;
(void) memcpy(fsdatap, (char *)sig, sig_len);
fsdatap += sig_len;
(void) memcpy(fsdatap, oid, oid_len);
fsdatap += oid_len;
fsgp = filesig_next(fsgp);
(void) memset(fsdatap, 0, (char *)(fsgp) - fsdatap);
return (fssp);
}
/*
* filesig_extract - extract filesig structure to internal form
*/
static filesig_vers_t
filesig_extract(struct filesig *fsgp, struct filesig_extraction *fsxp)
{
char *fsdp;
#define filesig_extract_common(cp, field, data_var, len_var, len_limit) { \
len_var = len_limit; \
if (len_var > fsgp->field) \
len_var = fsgp->field; \
(void) memcpy(data_var, cp, len_var); \
cp += fsgp->field; }
#define filesig_extract_str(cp, field, data_var, len_var) \
filesig_extract_common(cp, field, data_var, len_var, \
sizeof (data_var) - 1); \
data_var[len_var] = '\0';
#define filesig_extract_opaque(cp, field, data_var, len_var) \
filesig_extract_common(cp, field, data_var, len_var, sizeof (data_var))
fsxp->fsx_version = fsgp->filesig_version;
cryptodebug("filesig_extract: version=%s",
version_to_str(fsxp->fsx_version));
switch (fsxp->fsx_version) {
case FILESIG_VERSION1:
case FILESIG_VERSION2:
/*
* extract VERSION1 DN, signature, and OID
*/
fsdp = fsgp->filesig_v1_data;
fsxp->fsx_format = ES_FMT_RSA_MD5_SHA1;
fsxp->fsx_time = 0;
filesig_extract_str(fsdp, filesig_v1_dnsize,
fsxp->fsx_signer_DN, fsxp->fsx_signer_DN_len);
filesig_extract_opaque(fsdp, filesig_v1_sigsize,
fsxp->fsx_signature, fsxp->fsx_sig_len);
filesig_extract_str(fsdp, filesig_v1_oidsize,
fsxp->fsx_sig_oid, fsxp->fsx_sig_oid_len);
break;
case FILESIG_VERSION3:
case FILESIG_VERSION4:
fsdp = fsgp->filesig_v3_data;
fsxp->fsx_format = ES_FMT_RSA_SHA1;
fsxp->fsx_time = fsgp->filesig_v3_time;
filesig_extract_str(fsdp, filesig_v3_dnsize,
fsxp->fsx_signer_DN, fsxp->fsx_signer_DN_len);
filesig_extract_opaque(fsdp, filesig_v3_sigsize,
fsxp->fsx_signature, fsxp->fsx_sig_len);
filesig_extract_str(fsdp, filesig_v3_oidsize,
fsxp->fsx_sig_oid, fsxp->fsx_sig_oid_len);
break;
default:
break;
}
return (fsxp->fsx_version);
}
ELFsign_status_t
elfsign_begin(const char *filename, enum ES_ACTION action, ELFsign_t *essp)
{
Elf_Cmd elfcmd;
int oflags = 0;
short l_type;
ELFsign_t ess;
struct stat stb;
union {
char c[2];
short s;
} uorder;
GElf_Ehdr elfehdr;
char *ident;
switch (action) {
case ES_GET:
case ES_GET_CRYPTO:
cryptodebug("elfsign_begin for get");
elfcmd = ELF_C_READ;
oflags = O_RDONLY | O_NOCTTY | O_NDELAY;
l_type = F_RDLCK;
break;
case ES_UPDATE_RSA_MD5_SHA1:
case ES_UPDATE_RSA_SHA1:
cryptodebug("elfsign_begin for update");
elfcmd = ELF_C_RDWR;
oflags = O_RDWR | O_NOCTTY | O_NDELAY;
l_type = F_WRLCK;
break;
default:
return (ELFSIGN_UNKNOWN);
}
if ((ess = malloc(sizeof (struct ELFsign_s))) == NULL) {
return (ELFSIGN_UNKNOWN);
}
(void) memset((void *)ess, 0, sizeof (struct ELFsign_s));
if (!elfcertlib_init(ess)) {
cryptodebug("elfsign_begin: failed initialization");
return (ELFSIGN_UNKNOWN);
}
ess->es_elf = NULL;
ess->es_action = action;
ess->es_version = FILESIG_UNKNOWN;
ess->es_pathname = NULL;
ess->es_certpath = NULL;
if (filename == NULL) {
*essp = ess;
return (ELFSIGN_SUCCESS);
}
if ((ess->es_fd = open(filename, oflags)) == -1) {
elfsign_end(ess);
return (ELFSIGN_INVALID_ELFOBJ);
}
if ((fstat(ess->es_fd, &stb) == -1) || !S_ISREG(stb.st_mode)) {
elfsign_end(ess);
return (ELFSIGN_INVALID_ELFOBJ);
}
if ((ess->es_pathname = strdup(filename)) == NULL) {
elfsign_end(ess);
return (ELFSIGN_UNKNOWN);
}
/*
* The following lock is released in elfsign_end() when we close(2)
* the es_fd. This ensures that we aren't trying verify a file
* we are currently updating.
*/
ess->es_flock.l_type = l_type;
ess->es_flock.l_whence = SEEK_CUR;
ess->es_flock.l_start = 0;
ess->es_flock.l_len = 0;
if (fcntl(ess->es_fd, F_SETLK, &ess->es_flock) == -1) {
cryptodebug("fcntl(F_SETLK) of %s failed with: %s",
ess->es_pathname, strerror(errno));
elfsign_end(ess);
return (ELFSIGN_UNKNOWN);
}
if (elf_version(EV_CURRENT) == EV_NONE) {
elfsign_end(ess);
return (ELFSIGN_UNKNOWN);
}
if ((ess->es_elf = elf_begin(ess->es_fd, elfcmd,
(Elf *)NULL)) == NULL) {
cryptodebug("elf_begin() failed: %s", elf_errmsg(-1));
elfsign_end(ess);
return (ELFSIGN_INVALID_ELFOBJ);
}
if (gelf_getehdr(ess->es_elf, &elfehdr) == NULL) {
cryptodebug("elf_getehdr() failed: %s", elf_errmsg(-1));
elfsign_end(ess);
return (ELFSIGN_INVALID_ELFOBJ);
}
ess->es_has_phdr = (elfehdr.e_phnum != 0);
uorder.s = ELFDATA2MSB << 8 | ELFDATA2LSB;
ident = elf_getident(ess->es_elf, NULL);
if (ident == NULL) {
cryptodebug("elf_getident() failed: %s", elf_errmsg(-1));
elfsign_end(ess);
return (ELFSIGN_INVALID_ELFOBJ);
}
ess->es_same_endian = (ident[EI_DATA] == uorder.c[0]);
ess->es_ei_class = ident[EI_CLASS];
/*
* Call elf_getshstrndx to be sure we have a real ELF object
* this is required because elf_begin doesn't check that.
*/
if (elf_getshstrndx(ess->es_elf, &ess->es_shstrndx) == 0) {
elfsign_end(ess);
cryptodebug("elfsign_begin: elf_getshstrndx failed");
return (ELFSIGN_INVALID_ELFOBJ);
}
/*
* Make sure libelf doesn't rearrange section ordering / offsets.
*/
(void) elf_flagelf(ess->es_elf, ELF_C_SET, ELF_F_LAYOUT);
*essp = ess;
return (ELFSIGN_SUCCESS);
}
/*
* elfsign_end - cleanup the ELFsign_t
*
* IN/OUT: ess
*/
void
elfsign_end(ELFsign_t ess)
{
if (ess == NULL)
return;
if (ess->es_elf != NULL && ES_ACTISUPDATE(ess->es_action)) {
if (elf_update(ess->es_elf, ELF_C_WRITE) == -1) {
cryptodebug("elf_update() failed: %s",
elf_errmsg(-1));
return;
}
}
if (ess->es_fd != -1) {
(void) close(ess->es_fd);
ess->es_fd = -1;
}
if (ess->es_pathname != NULL) {
free(ess->es_pathname);
ess->es_pathname = NULL;
}
if (ess->es_certpath != NULL) {
free(ess->es_certpath);
ess->es_certpath = NULL;
}
if (ess->es_elf != NULL) {
(void) elf_end(ess->es_elf);
ess->es_elf = NULL;
}
elfcertlib_fini(ess);
free(ess);
}
/*
* set the certificate path
*/
ELFsign_status_t
elfsign_setcertpath(ELFsign_t ess, const char *certpath)
{
/*
* Normally use of access(2) is insecure, here we are only
* doing it to help provide early failure and better error
* checking, so there is no race condition.
*/
if (access(certpath, R_OK) != 0)
return (ELFSIGN_INVALID_CERTPATH);
if ((ess->es_certpath = strdup(certpath)) == NULL)
return (ELFSIGN_FAILED);
if (ES_ACTISUPDATE(ess->es_action)) {
ELFCert_t cert = NULL;
char *subject;
/* set the version based on the certificate */
if (elfcertlib_getcert(ess, ess->es_certpath, NULL,
&cert, ess->es_action)) {
if ((subject = elfcertlib_getdn(cert)) != NULL) {
if (strstr(subject, ELFSIGN_CRYPTO))
ess->es_version = (ess->es_action ==
ES_UPDATE_RSA_MD5_SHA1) ?
FILESIG_VERSION1 : FILESIG_VERSION3;
else
ess->es_version = (ess->es_action ==
ES_UPDATE_RSA_MD5_SHA1) ?
FILESIG_VERSION2 : FILESIG_VERSION4;
}
elfcertlib_releasecert(ess, cert);
}
if (ess->es_version == FILESIG_UNKNOWN)
return (ELFSIGN_FAILED);
}
return (ELFSIGN_SUCCESS);
}
/*
* set the callback context
*/
void
elfsign_setcallbackctx(ELFsign_t ess, void *ctx)
{
ess->es_callbackctx = ctx;
}
/*
* set the signature extraction callback
*/
void
elfsign_setsigvercallback(ELFsign_t ess,
void (*cb)(void *, void *, size_t, ELFCert_t))
{
ess->es_sigvercallback = cb;
}
/*
* elfsign_signatures
*
* IN: ess, fsspp, action
* OUT: fsspp
*/
ELFsign_status_t
elfsign_signatures(ELFsign_t ess,
struct filesignatures **fsspp,
size_t *fslen,
enum ES_ACTION action)
{
Elf_Scn *scn = NULL, *sig_scn = NULL;
GElf_Shdr shdr;
Elf_Data *data = NULL;
const char *elf_section = SUNW_ELF_SIGNATURE_ID;
int fscnt, fssize;
struct filesig *fsgp, *fsgpnext;
uint64_t sig_offset = 0;
cryptodebug("elfsign_signature");
if ((ess == NULL) || (fsspp == NULL)) {
cryptodebug("invalid arguments");
return (ELFSIGN_UNKNOWN);
}
cryptodebug("elfsign_signature %s for %s",
ES_ACTISUPDATE(action) ? "ES_UPDATE" : "ES_GET", elf_section);
(void) elf_errno();
while ((scn = elf_nextscn(ess->es_elf, scn)) != NULL) {
const char *sh_name;
/*
* Do a string compare to examine each section header
* to see if this is the section that needs to be updated.
*/
if (gelf_getshdr(scn, &shdr) == NULL) {
cryptodebug("gelf_getshdr() failed: %s",
elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
sh_name = elf_strptr(ess->es_elf, ess->es_shstrndx,
(size_t)shdr.sh_name);
if (sh_name != NULL && strcmp(sh_name, elf_section) == 0) {
cryptodebug("elfsign_signature: found %s", elf_section);
sig_scn = scn;
break;
}
if (shdr.sh_type != SHT_NOBITS &&
sig_offset < shdr.sh_offset + shdr.sh_size) {
sig_offset = shdr.sh_offset + shdr.sh_size;
}
}
if (elf_errmsg(0) != NULL) {
cryptodebug("unexpected error: %s", elf_section,
elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
if (ES_ACTISUPDATE(action) && (sig_scn == NULL)) {
size_t old_size, new_size;
char *new_d_buf;
cryptodebug("elfsign_signature: %s not found - creating",
elf_section);
/*
* insert section name in .shstrtab
*/
if ((scn = elf_getscn(ess->es_elf, ess->es_shstrndx)) == 0) {
cryptodebug("elf_getscn() failed: %s",
elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
if (gelf_getshdr(scn, &shdr) == NULL) {
cryptodebug("gelf_getshdr() failed: %s",
elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
if ((data = elf_getdata(scn, data)) == NULL) {
cryptodebug("elf_getdata() failed: %s",
elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
old_size = data->d_size;
if (old_size != shdr.sh_size) {
cryptodebug("mismatch between data size %d "
"and section size %lld", old_size, shdr.sh_size);
return (ELFSIGN_FAILED);
}
new_size = old_size + strlen(elf_section) + 1;
if ((new_d_buf = malloc(new_size)) == NULL)
return (ELFSIGN_FAILED);
(void) memcpy(new_d_buf, data->d_buf, old_size);
(void) strlcpy(new_d_buf + old_size, elf_section,
new_size - old_size);
data->d_buf = new_d_buf;
data->d_size = new_size;
data->d_align = 1;
/*
* Add the section name passed in to the end of the file.
* Initialize the fields in the Section Header that
* libelf will not fill in.
*/
if ((sig_scn = elf_newscn(ess->es_elf)) == 0) {
cryptodebug("elf_newscn() failed: %s",
elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
if (gelf_getshdr(sig_scn, &shdr) == 0) {
cryptodebug("gelf_getshdr() failed: %s",
elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
shdr.sh_name = old_size;
shdr.sh_type = SHT_SUNW_SIGNATURE;
shdr.sh_flags = SHF_EXCLUDE;
shdr.sh_addr = 0;
shdr.sh_link = 0;
shdr.sh_info = 0;
shdr.sh_size = 0;
shdr.sh_offset = sig_offset;
shdr.sh_addralign = 1;
/*
* Flush the changes to the underlying elf32 or elf64
* section header.
*/
if (gelf_update_shdr(sig_scn, &shdr) == 0) {
cryptodebug("gelf_update_shdr failed");
return (ELFSIGN_FAILED);
}
if ((data = elf_newdata(sig_scn)) == NULL) {
cryptodebug("can't add elf data area for %s: %s",
elf_section, elf_errmsg(-1));
return (ELFSIGN_FAILED);
}
if (elfsign_adjustoffsets(ess, scn,
old_size + strlen(elf_section) + 1) != ELFSIGN_SUCCESS) {
cryptodebug("can't adjust for new section name %s",
elf_section);
return (ELFSIGN_FAILED);
}
} else {
if (sig_scn == NULL) {
cryptodebug("can't find signature section");
*fsspp = NULL;
return (ELFSIGN_NOTSIGNED);
}
if ((data = elf_getdata(sig_scn, NULL)) == 0) {
cryptodebug("can't get section data for %s",
elf_section);
return (ELFSIGN_FAILED);
}
}
if (ES_ACTISUPDATE(action)) {
fssize = offsetof(struct filesignatures, _u1);
if (*fsspp != NULL) {
fsgp = &(*fsspp)->filesig_sig;
for (fscnt = 0; fscnt < (*fsspp)->filesig_cnt;
fscnt++) {
fsgpnext = filesig_next(fsgp);
fssize += (char *)(fsgpnext) - (char *)(fsgp);
fsgp = fsgpnext;
}
}
if (shdr.sh_addr != 0) {
cryptodebug("section %s is part of a loadable segment, "
"it cannot be changed.\n", elf_section);
return (ELFSIGN_FAILED);
}
if ((data->d_buf = malloc(fssize)) == NULL)
return (ELFSIGN_FAILED);
if (*fsspp != NULL) {
(void) memcpy(data->d_buf, *fsspp, fssize);
(void) elfsign_switch(ess,
(struct filesignatures *)data->d_buf, action);
}
data->d_size = fssize;
data->d_align = 1;
data->d_type = ELF_T_BYTE;
cryptodebug("elfsign_signature: data->d_size = %d",
data->d_size);
if (elfsign_adjustoffsets(ess, sig_scn, fssize) !=
ELFSIGN_SUCCESS) {
cryptodebug("can't adjust for revised signature "
"section contents");
return (ELFSIGN_FAILED);
}
} else {
*fsspp = malloc(data->d_size);
if (*fsspp == NULL)
return (ELFSIGN_FAILED);
(void) memcpy(*fsspp, data->d_buf, data->d_size);
if (elfsign_switch(ess, *fsspp, ES_GET) != ELFSIGN_SUCCESS) {
free(*fsspp);
*fsspp = NULL;
return (ELFSIGN_FAILED);
}
*fslen = data->d_size;
}
return (ELFSIGN_SUCCESS);
}
static ELFsign_status_t
elfsign_adjustoffsets(ELFsign_t ess, Elf_Scn *scn, uint64_t new_size)
{
GElf_Ehdr elfehdr;
GElf_Shdr shdr;
uint64_t prev_end, scn_offset;
char *name;
Elf_Scn *scnp;
Elf_Data *data;
ELFsign_status_t retval = ELFSIGN_FAILED;
struct scninfo {
struct scninfo *scni_next;
Elf_Scn *scni_scn;
uint64_t scni_offset;
} *scnip = NULL, *tmpscnip, **scnipp;
/* get the size of the current section */
if (gelf_getshdr(scn, &shdr) == NULL)
return (ELFSIGN_FAILED);
if (shdr.sh_size == new_size)
return (ELFSIGN_SUCCESS);
scn_offset = shdr.sh_offset;
name = elf_strptr(ess->es_elf, ess->es_shstrndx,
(size_t)shdr.sh_name);
if (shdr.sh_flags & SHF_ALLOC && ess->es_has_phdr) {
cryptodebug("elfsign_adjustoffsets: "
"can't move allocated section %s", name ? name : "NULL");
return (ELFSIGN_FAILED);
}
/* resize the desired section */
cryptodebug("elfsign_adjustoffsets: "
"resizing %s at 0x%llx from 0x%llx to 0x%llx",
name ? name : "NULL", shdr.sh_offset, shdr.sh_size, new_size);
shdr.sh_size = new_size;
if (gelf_update_shdr(scn, &shdr) == 0) {
cryptodebug("gelf_update_shdr failed");
goto bad;
}
prev_end = shdr.sh_offset + shdr.sh_size;
/*
* find sections whose data follows the changed section
* must scan all sections since section data may not
* be in same order as section headers
*/
scnp = elf_getscn(ess->es_elf, 0); /* "seek" to start */
while ((scnp = elf_nextscn(ess->es_elf, scnp)) != NULL) {
if (gelf_getshdr(scnp, &shdr) == NULL)
goto bad;
if (shdr.sh_offset <= scn_offset)
continue;
name = elf_strptr(ess->es_elf, ess->es_shstrndx,
(size_t)shdr.sh_name);
if (shdr.sh_flags & SHF_ALLOC && ess->es_has_phdr) {
if (shdr.sh_type == SHT_NOBITS) {
/* .bss can occasionally overlap .shrtab */
continue;
}
cryptodebug("elfsign_adjustoffsets: "
"can't move allocated section %s",
name ? name : "NULL");
goto bad;
}
/*
* force reading of data to memory image
*/
data = NULL;
while ((data = elf_rawdata(scnp, data)) != NULL)
;
/*
* capture section information
* insert into list in order of sh_offset
*/
cryptodebug("elfsign_adjustoffsets: "
"may have to adjust section %s, offset 0x%llx",
name ? name : "NULL", shdr.sh_offset);
tmpscnip = (struct scninfo *)malloc(sizeof (struct scninfo));
if (tmpscnip == NULL) {
cryptodebug("elfsign_adjustoffsets: "
"memory allocation failure");
goto bad;
}
tmpscnip->scni_scn = scnp;
tmpscnip->scni_offset = shdr.sh_offset;
for (scnipp = &scnip; *scnipp != NULL;
scnipp = &(*scnipp)->scni_next) {
if ((*scnipp)->scni_offset > tmpscnip->scni_offset)
break;
}
tmpscnip->scni_next = *scnipp;
*scnipp = tmpscnip;
}
/* move following sections as necessary */
for (tmpscnip = scnip; tmpscnip != NULL;
tmpscnip = tmpscnip->scni_next) {
scnp = tmpscnip->scni_scn;
if (gelf_getshdr(scnp, &shdr) == NULL) {
cryptodebug("elfsign_adjustoffsets: "
"elf_getshdr for section %d failed",
elf_ndxscn(scnp));
goto bad;
}
if (shdr.sh_offset >= prev_end)
break;
prev_end = (prev_end + shdr.sh_addralign - 1) &
(-shdr.sh_addralign);
name = elf_strptr(ess->es_elf, ess->es_shstrndx,
(size_t)shdr.sh_name);
cryptodebug("elfsign_adjustoffsets: "
"moving %s size 0x%llx from 0x%llx to 0x%llx",
name ? name : "NULL", shdr.sh_size,
shdr.sh_offset, prev_end);
shdr.sh_offset = prev_end;
if (gelf_update_shdr(scnp, &shdr) == 0) {
cryptodebug("gelf_update_shdr failed");
goto bad;
}
prev_end = shdr.sh_offset + shdr.sh_size;
}
/*
* adjust section header offset in elf header
*/
if (gelf_getehdr(ess->es_elf, &elfehdr) == NULL) {
cryptodebug("elf_getehdr() failed: %s", elf_errmsg(-1));
goto bad;
}
if (elfehdr.e_shoff < prev_end) {
if (ess->es_ei_class == ELFCLASS32)
prev_end = (prev_end + ELF32_FSZ_OFF - 1) &
(-ELF32_FSZ_OFF);
else if (ess->es_ei_class == ELFCLASS64)
prev_end = (prev_end + ELF64_FSZ_OFF - 1) &
(-ELF64_FSZ_OFF);
cryptodebug("elfsign_adjustoffsets: "
"move sh_off from 0x%llx to 0x%llx",
elfehdr.e_shoff, prev_end);
elfehdr.e_shoff = prev_end;
if (gelf_update_ehdr(ess->es_elf, &elfehdr) == 0) {
cryptodebug("elf_update_ehdr() failed: %s",
elf_errmsg(-1));
goto bad;
}
}
retval = ELFSIGN_SUCCESS;
bad:
while (scnip != NULL) {
tmpscnip = scnip->scni_next;
free(scnip);
scnip = tmpscnip;
}
return (retval);
}
struct filesignatures *
elfsign_insert_dso(ELFsign_t ess,
struct filesignatures *fssp,
const char *dn,
int dn_len,
const uchar_t *sig,
int sig_len,
const char *oid,
int oid_len)
{
return (filesig_insert_dso(fssp, ess->es_version, dn, dn_len,
sig, sig_len, oid, oid_len));
}
/*ARGSUSED*/
filesig_vers_t
elfsign_extract_sig(ELFsign_t ess,
struct filesignatures *fssp,
uchar_t *sig,
size_t *sig_len)
{
struct filesig_extraction fsx;
filesig_vers_t version;
if (fssp == NULL)
return (FILESIG_UNKNOWN);
if (fssp->filesig_cnt != 1)
return (FILESIG_UNKNOWN);
version = filesig_extract(&fssp->filesig_sig, &fsx);
switch (version) {
case FILESIG_VERSION1:
case FILESIG_VERSION2:
case FILESIG_VERSION3:
case FILESIG_VERSION4:
if (*sig_len >= fsx.fsx_sig_len) {
(void) memcpy((char *)sig, (char *)fsx.fsx_signature,
*sig_len);
*sig_len = fsx.fsx_sig_len;
} else
version = FILESIG_UNKNOWN;
break;
default:
version = FILESIG_UNKNOWN;
break;
}
if (ess->es_version == FILESIG_UNKNOWN) {
ess->es_version = version;
}
return (version);
}
static ELFsign_status_t
elfsign_hash_common(ELFsign_t ess, uchar_t *hash, size_t *hash_len,
boolean_t hash_mem_resident)
{
Elf_Scn *scn = NULL;
ELFsign_status_t elfstat;
GElf_Shdr shdr;
SHA1_CTX ctx;
/* The buffer must be large enough to hold the hash */
if (*hash_len < SHA1_DIGEST_LENGTH)
return (ELFSIGN_FAILED);
bzero(hash, *hash_len);
/* Initialize the digest session */
SHA1Init(&ctx);
scn = elf_getscn(ess->es_elf, 0); /* "seek" to start */
(void) elf_errno();
while ((scn = elf_nextscn(ess->es_elf, scn)) != 0) {
char *name = NULL;
Elf_Data *data = NULL;
if (gelf_getshdr(scn, &shdr) == NULL) {
elfstat = ELFSIGN_FAILED;
goto done;
}
name = elf_strptr(ess->es_elf, ess->es_shstrndx,
(size_t)shdr.sh_name);
if (name == NULL)
name = "NULL";
if (!hash_mem_resident &&
(ess->es_version == FILESIG_VERSION1 ||
ess->es_version == FILESIG_VERSION3)) {
/*
* skip the signature section only
*/
if (shdr.sh_type == SHT_SUNW_SIGNATURE) {
cryptodebug("elfsign_hash: skipping %s", name);
continue;
}
} else if (!(shdr.sh_flags & SHF_ALLOC)) {
/*
* select only memory resident sections
*/
cryptodebug("elfsign_hash: skipping %s", name);
continue;
}
/*
* throw this section into the hash
* use elf_rawdata for endian-independence
* use elf_getdata to get update of .shstrtab
*/
while ((data = (shdr.sh_type == SHT_STRTAB ?
elf_getdata(scn, data) : elf_rawdata(scn, data))) != NULL) {
if (data->d_buf == NULL) {
cryptodebug("elfsign_hash: %s has NULL data",
name);
continue;
}
cryptodebug("elfsign_hash: updating hash "
"with %s data size=%d", name, data->d_size);
SHA1Update(&ctx, data->d_buf, data->d_size);
}
}
if (elf_errmsg(0) != NULL) {
cryptodebug("elfsign_hash: %s", elf_errmsg(-1));
elfstat = ELFSIGN_FAILED;
goto done;
}
SHA1Final(hash, &ctx);
*hash_len = SHA1_DIGEST_LENGTH;
{ /* DEBUG START */
const int hashstr_len = (*hash_len) * 2 + 1;
char *hashstr = malloc(hashstr_len);
if (hashstr != NULL) {
tohexstr(hash, *hash_len, hashstr, hashstr_len);
cryptodebug("hash value is: %s", hashstr);
free(hashstr);
}
} /* DEBUG END */
elfstat = ELFSIGN_SUCCESS;
done:
return (elfstat);
}
/*
* elfsign_hash - return the hash of the ELF sections affecting execution.
*
* IN: ess, hash_len
* OUT: hash, hash_len
*/
ELFsign_status_t
elfsign_hash(ELFsign_t ess, uchar_t *hash, size_t *hash_len)
{
return (elfsign_hash_common(ess, hash, hash_len, B_FALSE));
}
/*
* elfsign_hash_mem_resident - return the hash of the ELF sections
* with only memory resident sections.
*
* IN: ess, hash_len
* OUT: hash, hash_len
*/
ELFsign_status_t
elfsign_hash_mem_resident(ELFsign_t ess, uchar_t *hash, size_t *hash_len)
{
return (elfsign_hash_common(ess, hash, hash_len, B_TRUE));
}
/*
* elfsign_verify_signature - Verify the signature of the ELF object.
*
* IN: ess
* OUT: esipp
* RETURNS:
* ELFsign_status_t
*/
ELFsign_status_t
elfsign_verify_signature(ELFsign_t ess, struct ELFsign_sig_info **esipp)
{
ELFsign_status_t ret = ELFSIGN_FAILED;
struct filesignatures *fssp;
struct filesig *fsgp;
size_t fslen;
struct filesig_extraction fsx;
uchar_t hash[SIG_MAX_LENGTH];
size_t hash_len;
ELFCert_t cert = NULL;
int sigcnt;
int nocert = 0;
struct ELFsign_sig_info *esip = NULL;
if (esipp != NULL) {
esip = (struct ELFsign_sig_info *)
calloc(1, sizeof (struct ELFsign_sig_info));
*esipp = esip;
}
/*
* Find out which cert we need, based on who signed the ELF object
*/
if (elfsign_signatures(ess, &fssp, &fslen, ES_GET) != ELFSIGN_SUCCESS) {
return (ELFSIGN_NOTSIGNED);
}
if (fssp->filesig_cnt < 1) {
ret = ELFSIGN_FAILED;
goto cleanup;
}
fsgp = &fssp->filesig_sig;
/*
* Scan the signature block, looking for a verifiable signature
*/
for (sigcnt = 0; sigcnt < fssp->filesig_cnt;
sigcnt++, fsgp = filesig_next(fsgp)) {
ess->es_version = filesig_extract(fsgp, &fsx);
cryptodebug("elfsign_verify_signature: version=%s",
version_to_str(ess->es_version));
switch (ess->es_version) {
case FILESIG_VERSION1:
case FILESIG_VERSION2:
case FILESIG_VERSION3:
case FILESIG_VERSION4:
break;
default:
ret = ELFSIGN_FAILED;
goto cleanup;
}
cryptodebug("elfsign_verify_signature: signer_DN=\"%s\"",
fsx.fsx_signer_DN);
cryptodebug("elfsign_verify_signature: algorithmOID=\"%s\"",
fsx.fsx_sig_oid);
/* return signer DN if requested */
if (esipp != NULL) {
esip->esi_format = fsx.fsx_format;
if (esip->esi_signer != NULL)
free(esip->esi_signer);
esip->esi_signer = strdup(fsx.fsx_signer_DN);
esip->esi_time = fsx.fsx_time;
}
/*
* look for certificate
*/
if (cert != NULL)
elfcertlib_releasecert(ess, cert);
/*
* skip unfound certificates
*/
if (!elfcertlib_getcert(ess, ess->es_certpath,
fsx.fsx_signer_DN, &cert, ess->es_action)) {
cryptodebug("unable to find certificate "
"with DN=\"%s\" for %s",
fsx.fsx_signer_DN, ess->es_pathname);
nocert++;
continue;
}
/*
* skip unverified certificates
* force verification of crypto certs
*/
if ((ess->es_action == ES_GET_CRYPTO ||
strstr(fsx.fsx_signer_DN, ELFSIGN_CRYPTO)) &&
!elfcertlib_verifycert(ess, cert)) {
cryptodebug("elfsign_verify_signature: invalid cert");
nocert++;
if (ess->es_certpath == NULL)
continue;
}
/*
* At this time the only sha1WithRSAEncryption is supported,
* so check that is what we have and skip with anything else.
*/
if (strcmp(fsx.fsx_sig_oid, OID_sha1WithRSAEncryption) != 0) {
continue;
}
nocert = 0;
/*
* compute file hash
*/
hash_len = sizeof (hash);
if (elfsign_hash(ess, hash, &hash_len) != ELFSIGN_SUCCESS) {
cryptodebug("elfsign_verify_signature:"
" elfsign_hash failed");
ret = ELFSIGN_FAILED;
break;
}
{ /* DEBUG START */
const int sigstr_len = fsx.fsx_sig_len * 2 + 1;
char *sigstr = malloc(sigstr_len);
if (sigstr != NULL) {
tohexstr(fsx.fsx_signature, fsx.fsx_sig_len,
sigstr, sigstr_len);
cryptodebug("signature value is: %s", sigstr);
free(sigstr);
}
} /* DEBUG END */
if (elfcertlib_verifysig(ess, cert,
fsx.fsx_signature, fsx.fsx_sig_len, hash, hash_len)) {
if (ess->es_sigvercallback)
(ess->es_sigvercallback)
(ess->es_callbackctx, fssp, fslen, cert);
/*
* The signature is verified!
*/
ret = ELFSIGN_SUCCESS;
break;
} else {
cryptodebug("elfsign_verify_signature:"
" invalid signature");
}
}
cleanup:
if (cert != NULL)
elfcertlib_releasecert(ess, cert);
free(fssp);
if (ret == ELFSIGN_FAILED && nocert)
ret = ELFSIGN_INVALID_CERTPATH;
return (ret);
}
static uint32_t
elfsign_switch_uint32(uint32_t i)
{
return (((i & 0xff) << 24) | ((i & 0xff00) << 8) |
((i >> 8) & 0xff00) | ((i >> 24) & 0xff));
}
static uint64_t
elfsign_switch_uint64(uint64_t i)
{
return (((uint64_t)elfsign_switch_uint32(i) << 32) |
(elfsign_switch_uint32(i >> 32)));
}
/*
* If appropriate, switch the endianness of the filesignatures structure
* Examine the structure only when it is in native endianness
*/
static ELFsign_status_t
elfsign_switch(ELFsign_t ess, struct filesignatures *fssp,
enum ES_ACTION action)
{
int fscnt;
filesig_vers_t version;
struct filesig *fsgp, *fsgpnext;
if (ess->es_same_endian)
return (ELFSIGN_SUCCESS);
if (ES_ACTISUPDATE(action))
fscnt = fssp->filesig_cnt;
fssp->filesig_cnt = elfsign_switch_uint32(fssp->filesig_cnt);
if (!ES_ACTISUPDATE(action))
fscnt = fssp->filesig_cnt;
fsgp = &(fssp)->filesig_sig;
for (; fscnt > 0; fscnt--, fsgp = fsgpnext) {
if (ES_ACTISUPDATE(action)) {
version = fsgp->filesig_version;
fsgpnext = filesig_next(fsgp);
}
fsgp->filesig_size =
elfsign_switch_uint32(fsgp->filesig_size);
fsgp->filesig_version =
elfsign_switch_uint32(fsgp->filesig_version);
if (!ES_ACTISUPDATE(action)) {
version = fsgp->filesig_version;
fsgpnext = filesig_next(fsgp);
}
switch (version) {
case FILESIG_VERSION1:
case FILESIG_VERSION2:
fsgp->filesig_v1_dnsize =
elfsign_switch_uint32(fsgp->filesig_v1_dnsize);
fsgp->filesig_v1_sigsize =
elfsign_switch_uint32(fsgp->filesig_v1_sigsize);
fsgp->filesig_v1_oidsize =
elfsign_switch_uint32(fsgp->filesig_v1_oidsize);
break;
case FILESIG_VERSION3:
case FILESIG_VERSION4:
fsgp->filesig_v3_time =
elfsign_switch_uint64(fsgp->filesig_v3_time);
fsgp->filesig_v3_dnsize =
elfsign_switch_uint32(fsgp->filesig_v3_dnsize);
fsgp->filesig_v3_sigsize =
elfsign_switch_uint32(fsgp->filesig_v3_sigsize);
fsgp->filesig_v3_oidsize =
elfsign_switch_uint32(fsgp->filesig_v3_oidsize);
break;
default:
cryptodebug("elfsign_switch: failed");
return (ELFSIGN_FAILED);
}
}
return (ELFSIGN_SUCCESS);
}
/*
* get/put an integer value from/to a buffer, possibly of opposite endianness
*/
void
elfsign_buffer_len(ELFsign_t ess, size_t *ip, uchar_t *cp,
enum ES_ACTION action)
{
uint32_t tmp;
if (!ES_ACTISUPDATE(action)) {
/* fetch integer from buffer */
(void) memcpy(&tmp, cp, sizeof (tmp));
if (!ess->es_same_endian) {
tmp = elfsign_switch_uint32(tmp);
}
*ip = tmp;
} else {
/* put integer into buffer */
tmp = *ip;
if (!ess->es_same_endian) {
tmp = elfsign_switch_uint32(tmp);
}
(void) memcpy(cp, &tmp, sizeof (tmp));
}
}
char const *
elfsign_strerror(ELFsign_status_t elferror)
{
char const *msg = NULL;
switch (elferror) {
case ELFSIGN_SUCCESS:
msg = gettext("sign or verify of ELF object succeeded");
break;
case ELFSIGN_FAILED:
msg = gettext("sign or verify of ELF object failed");
break;
case ELFSIGN_NOTSIGNED:
msg = gettext("ELF object not signed");
break;
case ELFSIGN_INVALID_CERTPATH:
msg = gettext("cannot access certificate");
break;
case ELFSIGN_INVALID_ELFOBJ:
msg = gettext("unable to open as an ELF object");
break;
case ELFSIGN_UNKNOWN:
default:
msg = gettext("Unknown error");
break;
}
return (msg);
}
boolean_t
elfsign_sig_info(struct filesignatures *fssp, struct ELFsign_sig_info **esipp)
{
struct filesig_extraction fsx;
struct ELFsign_sig_info *esip;
esip = (struct ELFsign_sig_info *)
calloc(1, sizeof (struct ELFsign_sig_info));
*esipp = esip;
if (esip == NULL)
return (B_FALSE);
switch (filesig_extract(&fssp->filesig_sig, &fsx)) {
case FILESIG_VERSION1:
case FILESIG_VERSION2:
case FILESIG_VERSION3:
case FILESIG_VERSION4:
esip->esi_format = fsx.fsx_format;
esip->esi_signer = strdup(fsx.fsx_signer_DN);
esip->esi_time = fsx.fsx_time;
break;
default:
free(esip);
*esipp = NULL;
}
return (*esipp != NULL);
}
void
elfsign_sig_info_free(struct ELFsign_sig_info *esip)
{
if (esip != NULL) {
free(esip->esi_signer);
free(esip);
}
}