94 lines
2.8 KiB
Makefile
94 lines
2.8 KiB
Makefile
# DIRTYFAIL — Makefile
|
|
#
|
|
# Builds a single statically-linked binary `dirtyfail` from src/*.c.
|
|
#
|
|
# Targets:
|
|
# make build optimized binary
|
|
# make debug build with -O0 -g for gdb
|
|
# make static build a fully static binary (musl recommended for portability)
|
|
# make clean remove build artifacts
|
|
# make scan build and run --scan against localhost
|
|
#
|
|
# Build prerequisites: gcc or clang, make, libc headers including
|
|
# <linux/xfrm.h>. On Debian/Ubuntu: `apt install build-essential linux-libc-dev`.
|
|
# On RHEL/Fedora: `dnf install gcc make kernel-headers`.
|
|
|
|
CC ?= gcc
|
|
CFLAGS ?= -O2 -Wall -Wextra -Wno-unused-parameter -Wno-pointer-arith \
|
|
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
|
|
LDFLAGS ?=
|
|
|
|
SRC_DIR := src
|
|
BUILD := build
|
|
SOURCES := $(wildcard $(SRC_DIR)/*.c)
|
|
OBJECTS := $(patsubst $(SRC_DIR)/%.c,$(BUILD)/%.o,$(SOURCES))
|
|
BIN := dirtyfail
|
|
|
|
.PHONY: all debug static clean scan install test test-fcrypt test-aes-ecb
|
|
|
|
all: $(BIN)
|
|
|
|
# === Tests ===========================================================
|
|
#
|
|
# make test build + run all primitive selftests
|
|
# make test-fcrypt just fcrypt (cipher, brute force) — runs anywhere
|
|
# make test-aes-ecb AF_ALG ecb(aes) round-trip — Linux only
|
|
#
|
|
# Tests live in tests/, build standalone executables that link the
|
|
# minimum from src/. They don't pull in netlink / xfrm / rxrpc — those
|
|
# require root or AA bypass to exercise meaningfully and are tested
|
|
# end-to-end via `--exploit-* --no-shell` on a target host instead.
|
|
|
|
TEST_DIR := tests
|
|
TEST_BUILD:= $(BUILD)/tests
|
|
|
|
# fcrypt selftest needs only fcrypt + common (for log_*) — no Linux deps
|
|
$(TEST_BUILD)/test_fcrypt: $(TEST_DIR)/test_fcrypt.c $(SRC_DIR)/fcrypt.c $(SRC_DIR)/common.c | $(TEST_BUILD)
|
|
$(CC) $(CFLAGS) -I$(SRC_DIR) -o $@ $^
|
|
|
|
# AES-ECB AF_ALG round-trip — Linux only, no DIRTYFAIL src deps
|
|
$(TEST_BUILD)/test_aes_ecb: $(TEST_DIR)/test_aes_ecb.c | $(TEST_BUILD)
|
|
$(CC) $(CFLAGS) -o $@ $^
|
|
|
|
$(TEST_BUILD): | $(BUILD)
|
|
@mkdir -p $(TEST_BUILD)
|
|
|
|
test-fcrypt: $(TEST_BUILD)/test_fcrypt
|
|
@echo "=== test_fcrypt ==="
|
|
$<
|
|
@echo ""
|
|
|
|
test-aes-ecb: $(TEST_BUILD)/test_aes_ecb
|
|
@echo "=== test_aes_ecb ==="
|
|
$<
|
|
@echo ""
|
|
|
|
test: test-fcrypt test-aes-ecb
|
|
@echo "=== all primitive selftests passed ==="
|
|
|
|
$(BIN): $(OBJECTS)
|
|
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
|
|
|
|
$(BUILD)/%.o: $(SRC_DIR)/%.c $(SRC_DIR)/common.h | $(BUILD)
|
|
$(CC) $(CFLAGS) -I$(SRC_DIR) -c -o $@ $<
|
|
|
|
$(BUILD):
|
|
@mkdir -p $(BUILD)
|
|
|
|
debug: CFLAGS := -O0 -g3 -Wall -Wextra -Wno-unused-parameter -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
|
|
debug: clean $(BIN)
|
|
|
|
# `make static` works best with musl-gcc; glibc static linking pulls in
|
|
# NSS at runtime which breaks getpwnam.
|
|
static: LDFLAGS += -static
|
|
static: clean $(BIN)
|
|
|
|
clean:
|
|
rm -rf $(BUILD) $(BIN)
|
|
|
|
scan: $(BIN)
|
|
./$(BIN) --scan
|
|
|
|
install: $(BIN)
|
|
install -m 0755 $(BIN) /usr/local/bin/dirtyfail
|