data hasing

4 years ago · 7641b1b086
parent 770146bb69
commit 7641b1b086
14 changed files with 61 additions and 14 deletions
--- a/10
+++ b/10
@ -1,4 +1,4 @@
-VERSION:= v0.2.0
+VERSION:= v1.0.0
 FEATURES:= --features hash

 all: clean deps sign trust
@ -14,11 +14,19 @@ trust:
 	fi
 	ln -sf generator-$(VERSION) generator

+
+generator-no-hash:
+	cd generator-native && cargo build --release
+	ln -sf generator-native/target/release/generator-native generator
+	cp -f `readlink generator` ./generator-$(VERSION)
+
+
 generator:
 	cd generator-native && cargo build --release $(FEATURES)
 	ln -sf generator-native/target/release/generator-native generator
 	cp -f `readlink generator` ./generator-$(VERSION)

+
 sign: generator
 	sha256sum ./generator-$(VERSION) | cut -d\  -f1 > generator-$(VERSION).sha256
 	gpg --sign ./generator-$(VERSION)
--- a/README.md
+++ b/README.md
@ -30,6 +30,7 @@ It comes with 2 scripts, `sfexec-create` and `sfexec-create-compress`. Both take
 |---------------|-----------------------------------------------------|
 | `-s`          | Silent mode. Do not output anything when extracting |
 | `-e <string>` | Post-extraction hook. See below for details.        |
+| `-u`          | Do not check data integrity (skip hashing)          |
 | `-`           | Stop reading argument flags                         |

 `sfexec-create-compress` compresses the binary with `gzip`, and decompresses when executed.
@ -45,15 +46,15 @@ The post extraction hook is passed to `/bin/sh`, with some input changes:
 | `%arg[n]`   | The `n`th argument passed to `sfexec`, if `n` is outside the range of arguments, nothing is replaced. |

 ## Building
-To build the `sfexec` binary, g++ is used, along with [sha256_literal] for verifying the post-extraction hook.
+To build the `sfexec` binary, `g++` is used, along with [sha256_literal] for verifying the data (unless `-u` is specified) and post-extraction hook.
 To clone `sha256_literal` run:
 ``` shell
 $ make deps
 ```
-Included in the repo is a pre-built generator binary, signed with [my GPG key] at `generator-v<version>.gpg` with a checksum in `generator-v<version>.sha256`. Alternatively you can build it yourself like so:
+Included in the repo is a pre-built generator binary, signed with [my PGP key] at `generator-v<version>.gpg` with a checksum in `generator-v<version>.sha256`. Alternatively you can build it yourself like so:

 [sha256_literal]: https://github.com/aguinet/sha256_literal
-[my gpg key]: https://flanchan.moe/flanchan.asc
+[my pgp key]: https://flanchan.moe/flanchan.asc

 ### Building the generator
 To build the generator yourself, Rust and Cargo are needed.
@ -61,6 +62,10 @@ To build the generator yourself, Rust and Cargo are needed.
 $ make clean && make generator
 ```
 Will remove the pre-built generator binaries, build the generator, and symlink accordingly.
+You can also compile without `sha2` crate dependancy (for data hash integrity checks), this will in effect force the `-u` option always.
+``` shell
+$ make clean && make generator-no-hash
+```

 ## License
 GPL'd with love <3
--- a/2
+++ b/2
@ -1 +1 @@
-generator-v0.2.0
+generator-v1.0.0
--- a/generator-native/Cargo.lock
+++ b/generator-native/Cargo.lock
@ -50,7 +50,7 @@ checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed"

 [[package]]
 name = "generator-native"
-version = "0.2.0"
+version = "1.0.0"
 dependencies = [
 "sha2",
 ]
--- a/generator-native/Cargo.toml
+++ b/generator-native/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "generator-native"
-version = "0.2.0"
+version = "1.0.0"
 authors = ["Avril <flanchan@cumallover.me>"]
 license = "GPL 3.0"
 edition = "2018"
@ -11,4 +11,4 @@ edition = "2018"
 hash = ["sha2"]

 [dependencies]
-sha2 = { version = "^0.8", optional = true }
+sha2 = { version = "^0.8", optional = true }
--- a/generator-native/src/main.rs
+++ b/generator-native/src/main.rs
@ -28,7 +28,7 @@ mod hash;

 macro_rules! flush {
    () => {
-	std::io::stdout().flush().ok().expect("fatal: could not flush stdout")
+	std::io::stdout().flush().unwrap_or_else(|_| println!())
    }
 }

--- a/generator-v0.2.0
+++ b/generator-v0.2.0
--- a/generator-v0.2.0.gpg
+++ b/generator-v0.2.0.gpg
--- a/generator-v0.2.0.sha256
+++ b/generator-v0.2.0.sha256
@ -1 +0,0 @@
-eda8606ee47824d0d887f2a946412549416a1e0cc65005e06a25cb8177a11a88
--- a/generator-v1.0.0
+++ b/generator-v1.0.0
--- a/generator-v1.0.0.gpg
+++ b/generator-v1.0.0.gpg
--- a/generator-v1.0.0.sha256
+++ b/generator-v1.0.0.sha256
@ -0,0 +1 @@
+55eee81a7bb115c187e4a6b6c50ad461472558692e293ddd1b8b94955d655a4b
--- a/main.cpp
+++ b/main.cpp
@ -41,12 +41,33 @@ string get_uuid() {
 // DATA_EXEC_AFTER_HASH
 #include "file.h"

+#define SHA256_SIZE 32
+
 bool verify_hash()
 {
-  
  return (!DATA_EXEC_AFTER || sha256::compute((const uint8_t*)DATA_EXEC_AFTER, strlen(DATA_EXEC_AFTER)) == DATA_EXEC_AFTER_HASH);
 }

+array<unsigned char, SHA256_SIZE> data_hash_i(int index)
+{
+  array<unsigned char, SHA256_SIZE> output;
+  auto pointer = DATA_HASHES + (index*SHA256_SIZE);
+
+  static_assert(output.size() == SHA256_SIZE);
+  memcpy(output.data(), pointer, SHA256_SIZE);
+
+  return output;
+}
+
+bool verify_hash(int hash_i, const unsigned char* data, size_t len)
+{
+#ifdef DATA_HASHED
+  return sha256::compute((const uint8_t*)data, len) == data_hash_i(hash_i);
+#else
+  return true;
+#endif
+}
+
 string arg_vec_int(int i)
 {
  stringstream ss;
@ -132,10 +153,22 @@ int main(int argc,char** argv)
  fs::create_directory(path);
  for(int i=0;i<DATA_COUNT;i++)
    {
+      auto data = get_data(i);
+#ifndef SILENT
+      cout << " <- " << DATA_NAMES[i] << " (" << DATA_LENGTHS[i] << ")";
+#endif
+      if(!verify_hash(i, data, DATA_LENGTHS[i])) {
+#ifndef SILENT
+	cout << " FAILED: Invalid hash\n";
+	cerr << "Aborting.\n";
+#endif
+	goto end;
+      } else {
 #ifndef SILENT
-      cout << " <- " << DATA_NAMES[i] << " (" << DATA_LENGTHS[i] << ")\n";
+	cout << " OK\n";
 #endif
-      write_to_file(path / DATA_NAMES[i], get_data(i), DATA_LENGTHS[i]);
+      }
+      write_to_file(path / DATA_NAMES[i], data, DATA_LENGTHS[i]);
    }

  if(DATA_EXEC_AFTER) {
@ -145,6 +178,7 @@ int main(int argc,char** argv)
 #endif
    system(execstr.c_str());
  }
+ end:
  fs::remove_all(path);
  return 0;
 }
--- a/2
+++ b/2
@ -11,7 +11,7 @@ $SCRIPTPATH/generator -o "$SCRIPTPATH/file.h" "$@" || exit 1

 echo "Compiling binary..."

-g++ -I$SCRIPTPATH/include/ -w --std=c++17 "$SCRIPTPATH/main.cpp" "$SCRIPTPATH/sha256_literal/sha256.cpp" -o sfexec
+g++ -I$SCRIPTPATH/include/ -w --std=c++20 "$SCRIPTPATH/main.cpp" "$SCRIPTPATH/sha256_literal/sha256.cpp" -o sfexec

 rm "$SCRIPTPATH/file.h"
				`@ -1 +0,0 @@`
				`eda8606ee47824d0d887f2a946412549416a1e0cc65005e06a25cb8177a11a88`
				`@ -0,0 +1 @@`
				`55eee81a7bb115c187e4a6b6c50ad461472558692e293ddd1b8b94955d655a4b`