Check-in [93d7e1f87e]
Overview
Comment:Added obsfucated CVFS support
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:93d7e1f87e2517370b6d4bb7a138a9c791a8b9e9
User & Date: rkeene on 2014-11-23 02:31:57
Other Links: manifest | tags
Context
2014-11-23
02:55
Documented obsfucated CVFS support check-in: ae6b7036ca user: rkeene tags: trunk
02:31
Added obsfucated CVFS support check-in: 93d7e1f87e user: rkeene tags: trunk
2014-11-19
20:56
Updated URL to a mirror of mk4tcl for now check-in: b1003b10ac user: rkeene tags: trunk
Changes

Modified kitsh/buildsrc/kitsh-0.0/Makefile.common.in from [60b5e343af] to [93d968f811].

    11     11   STRIPLIBS = @STRIPLIBS@ @EXTRA_OBJS@
    12     12   EXTRA_OBJS = @EXTRA_OBJS@
    13     13   LDRUNPATH = @LDRUNPATH@
    14     14   EXTRA_KIT_DEPS = @EXTRA_KIT_DEPS@
    15     15   EXTRA_VFS_OBJS = @EXTRA_VFS_OBJS@
    16     16   TCLSH_NATIVE = tclsh
    17     17   LDFLAGS_ADD = @LDFLAGS_ADD@
           18  +DIR2C_FLAGS = @DIR2C_FLAGS@
    18     19   
    19     20   # Build targets
    20     21   ## VFS Build
    21     22   cvfs_data_tcl.o: cvfs_data_tcl.c
    22     23   cvfs_data_tcl.c: dir2c.tcl starpack.vfs cvfs_data.c
    23         -	"$(TCLSH_NATIVE)" dir2c.tcl tcl starpack.vfs > cvfs_data_tcl.c
           24  +	"$(TCLSH_NATIVE)" dir2c.tcl tcl starpack.vfs $(DIR2C_FLAGS) > cvfs_data_tcl.c
    24     25   
    25     26   ## Tcl scripts that need to be converted to C headers
    26     27   cvfs.tcl.h: cvfs.tcl
    27     28   	"$(TCLSH_NATIVE)" ./stringify.tcl cvfs.tcl > cvfs.tcl.h
    28     29   
    29     30   boot.tcl.h: boot.tcl
    30     31   	"$(TCLSH_NATIVE)" ./stringify.tcl boot.tcl > boot.tcl.h

Modified kitsh/buildsrc/kitsh-0.0/aclocal.m4 from [4e978303f9] to [b344f06840].

   556    556   		])
   557    557   	done
   558    558   
   559    559   	LDFLAGS="${OLD_LDFLAGS}"
   560    560   
   561    561   	AC_SUBST(LDRUNPATH)
   562    562   ])
          563  +
          564  +AC_DEFUN(DC_SET_DIR2C_FLAGS, [
          565  +	AC_MSG_CHECKING([if we should obsufcate the CVFS])
          566  +
          567  +	AC_ARG_WITH(obsfucated-cvfs, AC_HELP_STRING([--with-obsfucated-cvfs], [Obsfucate CVFS filesystem (requires --enable-kit-storage=cvfs)]), [
          568  +		obsfucate_cvfs=$withval
          569  +	], [
          570  +		obsfucate_cvfs='no'
          571  +	])
          572  +
          573  +	case "$obsfucate_cvfs" in
          574  +		yes)
          575  +			AC_MSG_RESULT([yes])
          576  +			DIR2C_FLAGS='--obsfucate'
          577  +			;;
          578  +		*)
          579  +			AC_MSG_RESULT([no])
          580  +			DIR2C_FLAGS=''
          581  +			;;
          582  +	esac
          583  +
          584  +	AC_SUBST(DIR2C_FLAGS)
          585  +])

Modified kitsh/buildsrc/kitsh-0.0/configure.ac from [68bb20ca2d] to [42d57f3f66].

   186    186   
   187    187   		dnl Define that C-VFS should be make [load]-able
   188    188   		AC_DEFINE([CVFS_MAKE_LOADABLE], [1], [Specify that the C-VFS should be able to be loaded])
   189    189   
   190    190   		dnl Add appropriate dependencies
   191    191   		EXTRA_KIT_DEPS="cvfs.tcl.h"
   192    192   		EXTRA_VFS_OBJS="${EXTRA_VFS_OBJS} cvfs_data_tcl.o"
          193  +
          194  +		dnl Set any flags as required
          195  +		DC_SET_DIR2C_FLAGS
   193    196   	]
   194    197   )
   195    198   
   196    199   AC_SUBST(EXTRA_KIT_DEPS)
   197    200   AC_SUBST(LDFLAGS_ADD)
   198    201   
   199    202   dnl Put correct Makefile template in place
   200    203   rm -f Makefile.in
   201    204   cp Makefile.${TARGET}.in Makefile.in
   202    205   
   203    206   dnl Produce output
   204    207   AC_OUTPUT(Makefile Makefile.common)

Modified kitsh/buildsrc/kitsh-0.0/cvfs_data.c from [c7558f05e3] to [981ef56829].

     2      2   
     3      3   #ifdef HAVE_STDLIB_H
     4      4   #  include <stdlib.h>
     5      5   #endif
     6      6   
     7      7   typedef struct cvfs_data *(cmd_getData_t)(const char *, unsigned long);
     8      8   typedef unsigned long (cmd_getChildren_t)(const char *, unsigned long *, unsigned long);
            9  +typedef void (cmd_decryptFile_t)(const char *, struct cvfs_data *); 
     9     10   
    10     11   /* Your implementation must provide these */
    11     12   static cmd_getData_t *getCmdData(const char *hashkey);
    12     13   static cmd_getChildren_t *getCmdChildren(const char *hashkey);
           14  +static cmd_decryptFile_t *getCmdDecryptFile(const char *hashkey);
    13     15   
    14     16   /* Tcl Commands */
    15     17   static int getMetadata(ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
    16     18   	cmd_getData_t *cmd_getData;
    17     19   	cmd_getChildren_t *cmd_getChildren;
    18     20   	struct cvfs_data *finfo = NULL;
    19     21   	Tcl_Obj *ret_list, *ret_list_items[20];
................................................................................
   105    107   
   106    108   	return(TCL_OK);
   107    109   }
   108    110   
   109    111   static int getData(ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
   110    112   	struct cvfs_data *finfo = NULL;
   111    113   	cmd_getData_t *cmd_getData;
          114  +	cmd_decryptFile_t *cmd_decryptFile;
   112    115   	const char *hashkey;
   113    116   	const char *file;
   114    117   	const char *end_str;
   115    118   	Tcl_Obj *ret_str;
   116    119   	long start = 0;
   117    120   	long end = -1;
   118    121   	int tclGetLFO_ret;
................................................................................
   158    161   	finfo = cmd_getData(file, 0);
   159    162   
   160    163   	if (finfo == NULL) {
   161    164   		Tcl_SetResult(interp, "No such file or directory", TCL_STATIC);
   162    165   
   163    166   		return(TCL_ERROR);
   164    167   	}
          168  +
          169  +	if (finfo->type == CVFS_FILETYPE_OBSFUCATED_FILE || finfo->type == CVFS_FILETYPE_ENCRYPTED_FILE) {
          170  +		cmd_decryptFile = getCmdDecryptFile(hashkey);
          171  +
          172  +		if (cmd_decryptFile != NULL) {
          173  +			cmd_decryptFile(file, finfo);
          174  +		}
          175  +	}
   165    176   
   166    177   	if (finfo->type != CVFS_FILETYPE_FILE) {
   167    178   		Tcl_SetResult(interp, "Not a file", TCL_STATIC);
   168    179   
   169    180   		return(TCL_ERROR);
   170    181   	}
   171    182   

Modified kitsh/buildsrc/kitsh-0.0/dir2c.tcl from [903b20a63c] to [a9768c9e59].

     1      1   #! /usr/bin/env tclsh
            2  +
            3  +set obsfucate 0
            4  +if {[lindex $argv end] == "--obsfucate"} {
            5  +	set obsfucate 1
            6  +
            7  +	set argv [lrange $argv 0 end-1]
            8  +}
     2      9   
     3     10   if {[llength $argv] != 2} {
     4         -	puts stderr "Usage: dir2c.tcl <hashkey> <startdir>"
           11  +	puts stderr "Usage: dir2c.tcl <hashkey> <startdir> \[--obsfucate\]"
     5     12   
     6     13   	exit 1
     7     14   }
     8     15   
     9     16   set hashkey [lindex $argv 0]
    10     17   set startdir [lindex $argv 1]
    11     18   
................................................................................
    70     77   
    71     78   	set ret [string trim $ret "\n\""]
    72     79   
    73     80   	set ret "\"$ret\""
    74     81   
    75     82   	return $ret
    76     83   }
           84  +
           85  +# Encrypt the data
           86  +proc random_byte {} {
           87  +	set value [expr {int(256 * rand())}]
           88  +
           89  +	return $value
           90  +}
           91  +
           92  +proc encrypt_key_generate {method} {
           93  +	switch -- $method {
           94  +		"rotate_subst" {
           95  +			set key(method) $method
           96  +			set key(rotate_length) [random_byte]
           97  +
           98  +			set key_data [list]
           99  +			while {[llength $key_data] != 256} {
          100  +				set value [random_byte]
          101  +				if {[lsearch -exact $key_data $value] != -1} {
          102  +					continue
          103  +				}
          104  +
          105  +				lappend key_data $value
          106  +			}
          107  +
          108  +			foreach value $key_data {
          109  +				append key(subst) [format %c $value]
          110  +			}
          111  +
          112  +			return [array get key]
          113  +		}
          114  +	}
          115  +	error "not implemented"
          116  +}
          117  +
          118  +proc encrypt_key_export {key_dict target} {
          119  +	array set key $key_dict
          120  +
          121  +	switch -- $key(method) {
          122  +		"rotate_subst" {
          123  +			switch -- $target {
          124  +				"c" {
          125  +					set retval ".type = CVFS_KEYTYPE_ROTATE_SUBST,\n"
          126  +					append retval ".typedata.rotate_subst.rotate_length = $key(rotate_length),\n"
          127  +					append retval ".typedata.rotate_subst.subst         = [stringify $key(subst)]\n"
          128  +
          129  +					return $retval
          130  +				}
          131  +			}
          132  +		}
          133  +	}
          134  +
          135  +	error "not implemented"
          136  +}
          137  +
          138  +proc encrypt {data key_dict {decrypt 0}} {
          139  +	array set key $key_dict
          140  +
          141  +	switch -- $key(method) {
          142  +		"rotate_subst" {
          143  +			set retval ""
          144  +			set datalen [string length $data]
          145  +
          146  +			for {set i 0} {$i < $datalen} {incr i $key(rotate_length)} {
          147  +				set map [list]
          148  +				for {set j 0} {$j < 256} {incr j} {
          149  +					if {$decrypt} {
          150  +						lappend map [format %c $j] [string index $key(subst) $j]
          151  +					} else {
          152  +						lappend map [string index $key(subst) $j] [format %c $j]
          153  +					}
          154  +				}
          155  +
          156  +				set end [expr {$i + $key(rotate_length) - 1}]
          157  +
          158  +				set block [string range $data $i $end]
          159  +				set block [string map $map $block]
          160  +
          161  +				append retval $block
          162  +
          163  +				set key_end [string index $key(subst) 0]
          164  +				set key(subst) [string range $key(subst) 1 end]$key_end
          165  +			}
          166  +
          167  +			return $retval
          168  +		}
          169  +		"aes" {
          170  +			package require aes
          171  +		}
          172  +	}
          173  +	error "not implemented"
          174  +}
          175  +
          176  +proc decrypt {data key_dict} {
          177  +	return [encrypt $data $key_dict 1]
          178  +}
    77    179   
    78    180   # This function must be kept in-sync with the generated C function below
    79    181   proc cvfs_hash {path} {
    80    182   	set h 0
    81    183   	set g 0
    82    184   
    83    185   	for {set idx 0} {$idx < [string length $path]} {incr idx} {
................................................................................
    91    193   		}
    92    194   
    93    195   		set h [expr {$h & ((~$g) & 0xffffffff)}]
    94    196   	}
    95    197   
    96    198   	return $h
    97    199   }
          200  +
          201  +# If encryption is requested, generate a key
          202  +if {$obsfucate} {
          203  +	set obsfucation_key [encrypt_key_generate "rotate_subst"]
          204  +}
    98    205   
    99    206   # Generate list of files to include in output
   100    207   set files [recursive_glob $startdir]
   101    208   
   102    209   # Insert dummy entry cooresponding to C dummy entry
   103    210   set files [linsert $files 0 "__DUMMY__"]
   104    211   
................................................................................
   113    220   #  ifdef HAVE_STDC
   114    221   #    ifndef HAVE_UNISTD_H
   115    222   #      define HAVE_UNISTD_H 1
   116    223   #    endif
   117    224   #    ifndef HAVE_STRING_H
   118    225   #      define HAVE_STRING_H 1
   119    226   #    endif
          227  +#    ifndef HAVE_STDLIB_H
          228  +#      define HAVE_STDLIB_H 1
          229  +#    endif
   120    230   #  endif
   121    231   #  ifdef HAVE_UNISTD_H
   122    232   #    include <unistd.h>
   123    233   #  endif
   124    234   #  ifdef HAVE_STRING_H
   125    235   #    include <string.h>
   126    236   #  endif
          237  +#  ifdef HAVE_STDLIB_H
          238  +#    include <stdlib.h>
          239  +#  endif
   127    240   
   128    241   #  ifndef LOADED_CVFS_COMMON
   129    242   #    define LOADED_CVFS_COMMON 1
   130    243   
   131    244   typedef enum {
   132         -	CVFS_FILETYPE_FILE,
   133         -	CVFS_FILETYPE_DIR
          245  +	CVFS_FILETYPE_FILE            = 0,
          246  +	CVFS_FILETYPE_DIR             = 1,
          247  +	CVFS_FILETYPE_OBSFUCATED_FILE = 2,
          248  +	CVFS_FILETYPE_ENCRYPTED_FILE  = 3,
   134    249   } cvfs_filetype_t;
   135    250   
   136    251   struct cvfs_data {
   137    252   	const char *             name;
   138    253   	unsigned long            index;
   139    254   	unsigned long            size;
   140    255   	cvfs_filetype_t          type;
   141    256   	const unsigned char *    data;
   142    257   };
          258  +
          259  +typedef enum {
          260  +	CVFS_KEYTYPE_ROTATE_SUBST     = 0,
          261  +} cvfs_keytype_t;
          262  +
          263  +struct cvfs_key {
          264  +	cvfs_keytype_t type;
          265  +	union {
          266  +		struct {
          267  +			int rotate_length;
          268  +			unsigned char *subst;
          269  +		} rotate_subst;
          270  +	} typedata;
          271  +};
   143    272   
   144    273   static unsigned long cvfs_hash(const unsigned char *path) {
   145    274   	unsigned long i, h = 0, g = 0;
   146    275   
   147    276   	for (i = 0; path[i]; i++) {
   148    277   		h = (h << 4) + path[i];
   149    278   		g = h & 0xf0000000;
................................................................................
   151    280   			h ^= (g >> 24);
   152    281   		}
   153    282   		h &= ((~g) & 0xffffffffLU);
   154    283   	}
   155    284           
   156    285           return(h);
   157    286   }
          287  +
          288  +#include <stdio.h>
          289  +static int cvfs_decrypt(unsigned char *out, const unsigned char *in, unsigned long in_out_length, struct cvfs_key *key) {
          290  +	unsigned long i;
          291  +	unsigned char in_ch, out_ch;
          292  +	int ch_idx;
          293  +
          294  +	for (i = 0; i < in_out_length; i++) {
          295  +		in_ch = in[i];
          296  +
          297  +		ch_idx = (in_ch + (i / key->typedata.rotate_subst.rotate_length)) % 256;
          298  +
          299  +		out_ch = key->typedata.rotate_subst.subst[ch_idx];
          300  +		out[i] = out_ch;
          301  +	}
          302  +
          303  +	return(0);
          304  +}
   158    305   
   159    306   #  endif /* !LOADED_CVFS_COMMON */}
   160    307   puts ""
   161    308   
   162    309   puts "static struct cvfs_data ${code_tag}_data\[\] = {"
   163    310   puts "\t{"
   164    311   puts "\t\t.name  = NULL,"
................................................................................
   172    319   	set shortfile [shorten_file $startdir $file]
   173    320   
   174    321   	unset -nocomplain finfo type
   175    322   	file stat $file finfo
   176    323   
   177    324   	switch -- $finfo(type) {
   178    325   		"file" {
   179         -			set type "CVFS_FILETYPE_FILE"
   180    326   			set size $finfo(size)
   181    327   
   182    328   			set fd [open $file]
   183    329   			fconfigure $fd -translation binary
   184    330   			set data [read $fd]
   185    331   			close $fd
   186    332   
   187         -			set data "(unsigned char *) [stringify $data]"
          333  +			if {$obsfucate} {
          334  +				set type "CVFS_FILETYPE_OBSFUCATED_FILE"
          335  +				set data "(unsigned char *) [stringify [encrypt $data $obsfucation_key]]"
          336  +			} else {
          337  +				set type "CVFS_FILETYPE_FILE"
          338  +				set data "(unsigned char *) [stringify $data]"
          339  +			}
   188    340   		}
   189    341   		"directory" {
   190    342   			set type "CVFS_FILETYPE_DIR"
   191    343   			set data "NULL"
   192    344   			set size 0
   193    345   		}
   194    346   	}
................................................................................
   346    498   }
   347    499   
   348    500   puts "\t}"
   349    501   puts ""
   350    502   puts "\treturn(num_children);"
   351    503   puts "}"
   352    504   puts ""
          505  +
          506  +if {$obsfucate} {
          507  +	puts "static void ${code_tag}_decryptFile(const char *path, struct cvfs_data *finfo) {"
          508  +	puts "\tstatic struct cvfs_key key = { [string map [list "\n" " "] [encrypt_key_export $obsfucation_key "c"]] };"
          509  +	puts "\tunsigned char *new_data;"
          510  +	puts "\tint decrypt_ret;"
          511  +	puts ""
          512  +	puts "\tnew_data = malloc(finfo->size);"
          513  +	puts "\tdecrypt_ret = cvfs_decrypt(new_data, finfo->data, finfo->size, &key);"
          514  +	puts "\tif (decrypt_ret != 0) {"
          515  +	puts "\t\tfree(new_data);"
          516  +	puts ""
          517  +	puts "\t\treturn;"
          518  +	puts "\t}"
          519  +	puts "\tfinfo->data = new_data;"
          520  +	puts "\tfinfo->type = CVFS_FILETYPE_FILE;"
          521  +	puts "\treturn;"
          522  +	puts "}"
          523  +	puts ""
          524  +}
   353    525   
   354    526   puts "#  ifdef CVFS_MAKE_LOADABLE"
   355    527   
   356    528   set fd [open "cvfs_data.c"]
   357    529   puts [read $fd]
   358    530   close $fd
   359         -
   360    531   
   361    532   puts "static cmd_getData_t *getCmdData(const char *hashkey) {"
   362    533   puts "\treturn(${code_tag}_getData);"
   363    534   puts "}"
   364    535   puts ""
   365    536   puts "static cmd_getChildren_t *getCmdChildren(const char *hashkey) {"
   366    537   puts "\treturn(${code_tag}_getChildren);"
          538  +puts "}"
          539  +puts ""
          540  +puts "static cmd_decryptFile_t *getCmdDecryptFile(const char *hashkey) {"
          541  +if {$obsfucate} {
          542  +	puts "\treturn(${code_tag}_decryptFile);"
          543  +} else {
          544  +	puts "\treturn(NULL);"
          545  +}
   367    546   puts "}"
   368    547   puts ""
   369    548   
   370    549   puts "int Cvfs_data_${hashkey}_Init(Tcl_Interp *interp) {"
   371    550   puts "\tTcl_Command tclCreatComm_ret;"
   372    551   puts "\tint tclPkgProv_ret;"
   373    552   puts ""