1: /*
2: * Copyright (C) 2009 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #define _GNU_SOURCE
17: #include <stdlib.h>
18: #include <stdio.h>
19: #include <dlfcn.h>
20:
21: #include <library.h>
22: #include <daemon.h>
23: #include <collections/enumerator.h>
24:
25: /**
26: * Integrity checker
27: */
28: integrity_checker_t *integrity;
29:
30: /**
31: * Create the checksum of a binary, using name and a symbol name
32: */
33: static void build_checksum(char *path, char *name, char *sname)
34: {
35: void *handle, *symbol;
36: uint32_t fsum, ssum;
37: size_t fsize = 0;
38: size_t ssize = 0;
39:
40: fsum = integrity->build_file(integrity, path, &fsize);
41: ssum = 0;
42: if (sname)
43: {
44: handle = dlopen(path, RTLD_LAZY);
45: if (handle)
46: {
47: symbol = dlsym(handle, sname);
48: if (symbol)
49: {
50: ssum = integrity->build_segment(integrity, symbol, &ssize);
51: }
52: else
53: {
54: fprintf(stderr, "symbol lookup failed: %s\n", dlerror());
55: }
56: dlclose(handle);
57: }
58: else
59: {
60: fprintf(stderr, "dlopen failed: %s\n", dlerror());
61: }
62: }
63: printf("\t{\"%-25s%7u, 0x%08x, %6u, 0x%08x},\n",
64: name, fsize, fsum, ssize, ssum);
65: fprintf(stderr, "\"%-25s%7u / 0x%08x %6u / 0x%08x\n",
66: name, fsize, fsum, ssize, ssum);
67: }
68:
69: /**
70: * Build checksums for a set of plugins
71: */
72: static void build_plugin_checksums(char *plugins)
73: {
74: enumerator_t *enumerator;
75: char *plugin, path[256], under[128], sname[128], name[128];
76:
77: enumerator = enumerator_create_token(plugins, " ", " ");
78: while (enumerator->enumerate(enumerator, &plugin))
79: {
80: snprintf(under, sizeof(under), "%s", plugin);
81: translate(under, "-", "_");
82: snprintf(path, sizeof(path), "%s/libstrongswan-%s.so",
83: PLUGINDIR, plugin);
84: snprintf(sname, sizeof(sname), "%s_plugin_create", under);
85: snprintf(name, sizeof(name), "%s\",", plugin);
86: build_checksum(path, name, sname);
87: }
88: enumerator->destroy(enumerator);
89: }
90:
91: /**
92: * Build checksums for a binary/library found at path
93: */
94: static void build_binary_checksum(char *path)
95: {
96: char *binary, *pos, name[128], sname[128];
97:
98: binary = strrchr(path, '/');
99: if (binary)
100: {
101: binary++;
102: pos = strrchr(binary, '.');
103: if (pos && streq(pos, ".so"))
104: {
105: snprintf(name, sizeof(name), "%.*s\",", (int)(pos - binary),
106: binary);
107: if (streq(name, "libstrongswan\","))
108: {
109: snprintf(sname, sizeof(sname), "%s", "library_init");
110: }
111: else
112: {
113: snprintf(sname, sizeof(sname), "%.*s_init", (int)(pos - binary),
114: binary);
115: }
116: build_checksum(path, name, sname);
117: }
118: else
119: {
120: snprintf(name, sizeof(name), "%s\",", binary);
121: build_checksum(path, name, NULL);
122: }
123: }
124: }
125:
126: int main(int argc, char* argv[])
127: {
128: int i;
129:
130: /* forces link against libcharon, imports symbols needed to
131: * dlopen plugins */
132: charon = NULL;
133:
134: /* avoid confusing leak reports in build process */
135: setenv("LEAK_DETECTIVE_DISABLE", "1", 0);
136: /* don't use a strongswan.conf, forces integrity check to disabled */
137: library_init("", "checksum_builder");
138: atexit(library_deinit);
139:
140: integrity = integrity_checker_create(NULL);
141:
142: printf("/**\n");
143: printf(" * checksums of files and loaded code segments.\n");
144: printf(" * created by %s\n", argv[0]);
145: printf(" */\n");
146: printf("\n");
147: printf("#include <library.h>\n");
148: printf("\n");
149: printf("integrity_checksum_t checksums[] = {\n");
150: fprintf(stderr, "integrity test data:\n");
151: fprintf(stderr, "module name, file size / checksum "
152: "segment size / checksum\n");
153: for (i = 1; i < argc; i++)
154: {
155: build_binary_checksum(argv[i]);
156: }
157: #ifdef S_PLUGINS
158: build_plugin_checksums(S_PLUGINS);
159: #endif
160: #ifdef P_PLUGINS
161: build_plugin_checksums(P_PLUGINS);
162: #endif
163: #ifdef T_PLUGINS
164: build_plugin_checksums(T_PLUGINS);
165: #endif
166: #ifdef C_PLUGINS
167: build_plugin_checksums(C_PLUGINS);
168: #endif
169:
170: printf("};\n");
171: printf("\n");
172: printf("int checksum_count = countof(checksums);\n");
173: printf("\n");
174: integrity->destroy(integrity);
175:
176: exit(0);
177: }
178:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>