data hasing

master
Avril 5 years ago
parent 770146bb69
commit 7641b1b086
Signed by: flanchan
GPG Key ID: 284488987C31F630

@ -1,4 +1,4 @@
VERSION:= v0.2.0
VERSION:= v1.0.0
FEATURES:= --features hash
all: clean deps sign trust
@ -14,11 +14,19 @@ trust:
fi
ln -sf generator-$(VERSION) generator
generator-no-hash:
cd generator-native && cargo build --release
ln -sf generator-native/target/release/generator-native generator
cp -f `readlink generator` ./generator-$(VERSION)
generator:
cd generator-native && cargo build --release $(FEATURES)
ln -sf generator-native/target/release/generator-native generator
cp -f `readlink generator` ./generator-$(VERSION)
sign: generator
sha256sum ./generator-$(VERSION) | cut -d\ -f1 > generator-$(VERSION).sha256
gpg --sign ./generator-$(VERSION)

@ -30,6 +30,7 @@ It comes with 2 scripts, `sfexec-create` and `sfexec-create-compress`. Both take
|---------------|-----------------------------------------------------|
| `-s` | Silent mode. Do not output anything when extracting |
| `-e <string>` | Post-extraction hook. See below for details. |
| `-u` | Do not check data integrity (skip hashing) |
| `-` | Stop reading argument flags |
`sfexec-create-compress` compresses the binary with `gzip`, and decompresses when executed.
@ -45,15 +46,15 @@ The post extraction hook is passed to `/bin/sh`, with some input changes:
| `%arg[n]` | The `n`th argument passed to `sfexec`, if `n` is outside the range of arguments, nothing is replaced. |
## Building
To build the `sfexec` binary, g++ is used, along with [sha256_literal] for verifying the post-extraction hook.
To build the `sfexec` binary, `g++` is used, along with [sha256_literal] for verifying the data (unless `-u` is specified) and post-extraction hook.
To clone `sha256_literal` run:
``` shell
$ make deps
```
Included in the repo is a pre-built generator binary, signed with [my GPG key] at `generator-v<version>.gpg` with a checksum in `generator-v<version>.sha256`. Alternatively you can build it yourself like so:
Included in the repo is a pre-built generator binary, signed with [my PGP key] at `generator-v<version>.gpg` with a checksum in `generator-v<version>.sha256`. Alternatively you can build it yourself like so:
[sha256_literal]: https://github.com/aguinet/sha256_literal
[my gpg key]: https://flanchan.moe/flanchan.asc
[my pgp key]: https://flanchan.moe/flanchan.asc
### Building the generator
To build the generator yourself, Rust and Cargo are needed.
@ -61,6 +62,10 @@ To build the generator yourself, Rust and Cargo are needed.
$ make clean && make generator
```
Will remove the pre-built generator binaries, build the generator, and symlink accordingly.
You can also compile without `sha2` crate dependancy (for data hash integrity checks), this will in effect force the `-u` option always.
``` shell
$ make clean && make generator-no-hash
```
## License
GPL'd with love <3

@ -1 +1 @@
generator-v0.2.0
generator-v1.0.0

@ -50,7 +50,7 @@ checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed"
[[package]]
name = "generator-native"
version = "0.2.0"
version = "1.0.0"
dependencies = [
"sha2",
]

@ -1,6 +1,6 @@
[package]
name = "generator-native"
version = "0.2.0"
version = "1.0.0"
authors = ["Avril <flanchan@cumallover.me>"]
license = "GPL 3.0"
edition = "2018"

@ -28,7 +28,7 @@ mod hash;
macro_rules! flush {
() => {
std::io::stdout().flush().ok().expect("fatal: could not flush stdout")
std::io::stdout().flush().unwrap_or_else(|_| println!())
}
}

Binary file not shown.

Binary file not shown.

@ -1 +0,0 @@
eda8606ee47824d0d887f2a946412549416a1e0cc65005e06a25cb8177a11a88

Binary file not shown.

Binary file not shown.

@ -0,0 +1 @@
55eee81a7bb115c187e4a6b6c50ad461472558692e293ddd1b8b94955d655a4b

@ -41,12 +41,33 @@ string get_uuid() {
// DATA_EXEC_AFTER_HASH
#include "file.h"
#define SHA256_SIZE 32
bool verify_hash()
{
return (!DATA_EXEC_AFTER || sha256::compute((const uint8_t*)DATA_EXEC_AFTER, strlen(DATA_EXEC_AFTER)) == DATA_EXEC_AFTER_HASH);
}
array<unsigned char, SHA256_SIZE> data_hash_i(int index)
{
array<unsigned char, SHA256_SIZE> output;
auto pointer = DATA_HASHES + (index*SHA256_SIZE);
static_assert(output.size() == SHA256_SIZE);
memcpy(output.data(), pointer, SHA256_SIZE);
return output;
}
bool verify_hash(int hash_i, const unsigned char* data, size_t len)
{
#ifdef DATA_HASHED
return sha256::compute((const uint8_t*)data, len) == data_hash_i(hash_i);
#else
return true;
#endif
}
string arg_vec_int(int i)
{
stringstream ss;
@ -132,10 +153,22 @@ int main(int argc,char** argv)
fs::create_directory(path);
for(int i=0;i<DATA_COUNT;i++)
{
auto data = get_data(i);
#ifndef SILENT
cout << " <- " << DATA_NAMES[i] << " (" << DATA_LENGTHS[i] << ")";
#endif
if(!verify_hash(i, data, DATA_LENGTHS[i])) {
#ifndef SILENT
cout << " FAILED: Invalid hash\n";
cerr << "Aborting.\n";
#endif
goto end;
} else {
#ifndef SILENT
cout << " <- " << DATA_NAMES[i] << " (" << DATA_LENGTHS[i] << ")\n";
cout << " OK\n";
#endif
write_to_file(path / DATA_NAMES[i], get_data(i), DATA_LENGTHS[i]);
}
write_to_file(path / DATA_NAMES[i], data, DATA_LENGTHS[i]);
}
if(DATA_EXEC_AFTER) {
@ -145,6 +178,7 @@ int main(int argc,char** argv)
#endif
system(execstr.c_str());
}
end:
fs::remove_all(path);
return 0;
}

@ -11,7 +11,7 @@ $SCRIPTPATH/generator -o "$SCRIPTPATH/file.h" "$@" || exit 1
echo "Compiling binary..."
g++ -I$SCRIPTPATH/include/ -w --std=c++17 "$SCRIPTPATH/main.cpp" "$SCRIPTPATH/sha256_literal/sha256.cpp" -o sfexec
g++ -I$SCRIPTPATH/include/ -w --std=c++20 "$SCRIPTPATH/main.cpp" "$SCRIPTPATH/sha256_literal/sha256.cpp" -o sfexec
rm "$SCRIPTPATH/file.h"

Loading…
Cancel
Save