data hasing

master
Avril 5 years ago
parent 770146bb69
commit 7641b1b086
Signed by: flanchan
GPG Key ID: 284488987C31F630

@ -1,4 +1,4 @@
VERSION:= v0.2.0 VERSION:= v1.0.0
FEATURES:= --features hash FEATURES:= --features hash
all: clean deps sign trust all: clean deps sign trust
@ -14,11 +14,19 @@ trust:
fi fi
ln -sf generator-$(VERSION) generator ln -sf generator-$(VERSION) generator
generator-no-hash:
cd generator-native && cargo build --release
ln -sf generator-native/target/release/generator-native generator
cp -f `readlink generator` ./generator-$(VERSION)
generator: generator:
cd generator-native && cargo build --release $(FEATURES) cd generator-native && cargo build --release $(FEATURES)
ln -sf generator-native/target/release/generator-native generator ln -sf generator-native/target/release/generator-native generator
cp -f `readlink generator` ./generator-$(VERSION) cp -f `readlink generator` ./generator-$(VERSION)
sign: generator sign: generator
sha256sum ./generator-$(VERSION) | cut -d\ -f1 > generator-$(VERSION).sha256 sha256sum ./generator-$(VERSION) | cut -d\ -f1 > generator-$(VERSION).sha256
gpg --sign ./generator-$(VERSION) gpg --sign ./generator-$(VERSION)

@ -30,6 +30,7 @@ It comes with 2 scripts, `sfexec-create` and `sfexec-create-compress`. Both take
|---------------|-----------------------------------------------------| |---------------|-----------------------------------------------------|
| `-s` | Silent mode. Do not output anything when extracting | | `-s` | Silent mode. Do not output anything when extracting |
| `-e <string>` | Post-extraction hook. See below for details. | | `-e <string>` | Post-extraction hook. See below for details. |
| `-u` | Do not check data integrity (skip hashing) |
| `-` | Stop reading argument flags | | `-` | Stop reading argument flags |
`sfexec-create-compress` compresses the binary with `gzip`, and decompresses when executed. `sfexec-create-compress` compresses the binary with `gzip`, and decompresses when executed.
@ -45,15 +46,15 @@ The post extraction hook is passed to `/bin/sh`, with some input changes:
| `%arg[n]` | The `n`th argument passed to `sfexec`, if `n` is outside the range of arguments, nothing is replaced. | | `%arg[n]` | The `n`th argument passed to `sfexec`, if `n` is outside the range of arguments, nothing is replaced. |
## Building ## Building
To build the `sfexec` binary, g++ is used, along with [sha256_literal] for verifying the post-extraction hook. To build the `sfexec` binary, `g++` is used, along with [sha256_literal] for verifying the data (unless `-u` is specified) and post-extraction hook.
To clone `sha256_literal` run: To clone `sha256_literal` run:
``` shell ``` shell
$ make deps $ make deps
``` ```
Included in the repo is a pre-built generator binary, signed with [my GPG key] at `generator-v<version>.gpg` with a checksum in `generator-v<version>.sha256`. Alternatively you can build it yourself like so: Included in the repo is a pre-built generator binary, signed with [my PGP key] at `generator-v<version>.gpg` with a checksum in `generator-v<version>.sha256`. Alternatively you can build it yourself like so:
[sha256_literal]: https://github.com/aguinet/sha256_literal [sha256_literal]: https://github.com/aguinet/sha256_literal
[my gpg key]: https://flanchan.moe/flanchan.asc [my pgp key]: https://flanchan.moe/flanchan.asc
### Building the generator ### Building the generator
To build the generator yourself, Rust and Cargo are needed. To build the generator yourself, Rust and Cargo are needed.
@ -61,6 +62,10 @@ To build the generator yourself, Rust and Cargo are needed.
$ make clean && make generator $ make clean && make generator
``` ```
Will remove the pre-built generator binaries, build the generator, and symlink accordingly. Will remove the pre-built generator binaries, build the generator, and symlink accordingly.
You can also compile without `sha2` crate dependancy (for data hash integrity checks), this will in effect force the `-u` option always.
``` shell
$ make clean && make generator-no-hash
```
## License ## License
GPL'd with love <3 GPL'd with love <3

@ -1 +1 @@
generator-v0.2.0 generator-v1.0.0

@ -50,7 +50,7 @@ checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed"
[[package]] [[package]]
name = "generator-native" name = "generator-native"
version = "0.2.0" version = "1.0.0"
dependencies = [ dependencies = [
"sha2", "sha2",
] ]

@ -1,6 +1,6 @@
[package] [package]
name = "generator-native" name = "generator-native"
version = "0.2.0" version = "1.0.0"
authors = ["Avril <flanchan@cumallover.me>"] authors = ["Avril <flanchan@cumallover.me>"]
license = "GPL 3.0" license = "GPL 3.0"
edition = "2018" edition = "2018"
@ -11,4 +11,4 @@ edition = "2018"
hash = ["sha2"] hash = ["sha2"]
[dependencies] [dependencies]
sha2 = { version = "^0.8", optional = true } sha2 = { version = "^0.8", optional = true }

@ -28,7 +28,7 @@ mod hash;
macro_rules! flush { macro_rules! flush {
() => { () => {
std::io::stdout().flush().ok().expect("fatal: could not flush stdout") std::io::stdout().flush().unwrap_or_else(|_| println!())
} }
} }

Binary file not shown.

Binary file not shown.

@ -1 +0,0 @@
eda8606ee47824d0d887f2a946412549416a1e0cc65005e06a25cb8177a11a88

Binary file not shown.

Binary file not shown.

@ -0,0 +1 @@
55eee81a7bb115c187e4a6b6c50ad461472558692e293ddd1b8b94955d655a4b

@ -41,12 +41,33 @@ string get_uuid() {
// DATA_EXEC_AFTER_HASH // DATA_EXEC_AFTER_HASH
#include "file.h" #include "file.h"
#define SHA256_SIZE 32
bool verify_hash() bool verify_hash()
{ {
return (!DATA_EXEC_AFTER || sha256::compute((const uint8_t*)DATA_EXEC_AFTER, strlen(DATA_EXEC_AFTER)) == DATA_EXEC_AFTER_HASH); return (!DATA_EXEC_AFTER || sha256::compute((const uint8_t*)DATA_EXEC_AFTER, strlen(DATA_EXEC_AFTER)) == DATA_EXEC_AFTER_HASH);
} }
array<unsigned char, SHA256_SIZE> data_hash_i(int index)
{
array<unsigned char, SHA256_SIZE> output;
auto pointer = DATA_HASHES + (index*SHA256_SIZE);
static_assert(output.size() == SHA256_SIZE);
memcpy(output.data(), pointer, SHA256_SIZE);
return output;
}
bool verify_hash(int hash_i, const unsigned char* data, size_t len)
{
#ifdef DATA_HASHED
return sha256::compute((const uint8_t*)data, len) == data_hash_i(hash_i);
#else
return true;
#endif
}
string arg_vec_int(int i) string arg_vec_int(int i)
{ {
stringstream ss; stringstream ss;
@ -132,10 +153,22 @@ int main(int argc,char** argv)
fs::create_directory(path); fs::create_directory(path);
for(int i=0;i<DATA_COUNT;i++) for(int i=0;i<DATA_COUNT;i++)
{ {
auto data = get_data(i);
#ifndef SILENT
cout << " <- " << DATA_NAMES[i] << " (" << DATA_LENGTHS[i] << ")";
#endif
if(!verify_hash(i, data, DATA_LENGTHS[i])) {
#ifndef SILENT
cout << " FAILED: Invalid hash\n";
cerr << "Aborting.\n";
#endif
goto end;
} else {
#ifndef SILENT #ifndef SILENT
cout << " <- " << DATA_NAMES[i] << " (" << DATA_LENGTHS[i] << ")\n"; cout << " OK\n";
#endif #endif
write_to_file(path / DATA_NAMES[i], get_data(i), DATA_LENGTHS[i]); }
write_to_file(path / DATA_NAMES[i], data, DATA_LENGTHS[i]);
} }
if(DATA_EXEC_AFTER) { if(DATA_EXEC_AFTER) {
@ -145,6 +178,7 @@ int main(int argc,char** argv)
#endif #endif
system(execstr.c_str()); system(execstr.c_str());
} }
end:
fs::remove_all(path); fs::remove_all(path);
return 0; return 0;
} }

@ -11,7 +11,7 @@ $SCRIPTPATH/generator -o "$SCRIPTPATH/file.h" "$@" || exit 1
echo "Compiling binary..." echo "Compiling binary..."
g++ -I$SCRIPTPATH/include/ -w --std=c++17 "$SCRIPTPATH/main.cpp" "$SCRIPTPATH/sha256_literal/sha256.cpp" -o sfexec g++ -I$SCRIPTPATH/include/ -w --std=c++20 "$SCRIPTPATH/main.cpp" "$SCRIPTPATH/sha256_literal/sha256.cpp" -o sfexec
rm "$SCRIPTPATH/file.h" rm "$SCRIPTPATH/file.h"

Loading…
Cancel
Save