Overview
Comment: | Added obsfucated CVFS support |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: | 93d7e1f87e2517370b6d4bb7a138a9c791a8b9e9 |
User & Date: | rkeene on 2014-11-23 02:31:57 |
Other Links: | manifest | tags |
Context
2014-11-23
| ||
02:55 | Documented obsfucated CVFS support check-in: ae6b7036ca user: rkeene tags: trunk | |
02:31 | Added obsfucated CVFS support check-in: 93d7e1f87e user: rkeene tags: trunk | |
2014-11-19
| ||
20:56 | Updated URL to a mirror of mk4tcl for now check-in: b1003b10ac user: rkeene tags: trunk | |
Changes
Modified kitsh/buildsrc/kitsh-0.0/Makefile.common.in from [60b5e343af] to [93d968f811].
11 11 STRIPLIBS = @STRIPLIBS@ @EXTRA_OBJS@ 12 12 EXTRA_OBJS = @EXTRA_OBJS@ 13 13 LDRUNPATH = @LDRUNPATH@ 14 14 EXTRA_KIT_DEPS = @EXTRA_KIT_DEPS@ 15 15 EXTRA_VFS_OBJS = @EXTRA_VFS_OBJS@ 16 16 TCLSH_NATIVE = tclsh 17 17 LDFLAGS_ADD = @LDFLAGS_ADD@ 18 +DIR2C_FLAGS = @DIR2C_FLAGS@ 18 19 19 20 # Build targets 20 21 ## VFS Build 21 22 cvfs_data_tcl.o: cvfs_data_tcl.c 22 23 cvfs_data_tcl.c: dir2c.tcl starpack.vfs cvfs_data.c 23 - "$(TCLSH_NATIVE)" dir2c.tcl tcl starpack.vfs > cvfs_data_tcl.c 24 + "$(TCLSH_NATIVE)" dir2c.tcl tcl starpack.vfs $(DIR2C_FLAGS) > cvfs_data_tcl.c 24 25 25 26 ## Tcl scripts that need to be converted to C headers 26 27 cvfs.tcl.h: cvfs.tcl 27 28 "$(TCLSH_NATIVE)" ./stringify.tcl cvfs.tcl > cvfs.tcl.h 28 29 29 30 boot.tcl.h: boot.tcl 30 31 "$(TCLSH_NATIVE)" ./stringify.tcl boot.tcl > boot.tcl.h
Modified kitsh/buildsrc/kitsh-0.0/aclocal.m4 from [4e978303f9] to [b344f06840].
556 556 ]) 557 557 done 558 558 559 559 LDFLAGS="${OLD_LDFLAGS}" 560 560 561 561 AC_SUBST(LDRUNPATH) 562 562 ]) 563 + 564 +AC_DEFUN(DC_SET_DIR2C_FLAGS, [ 565 + AC_MSG_CHECKING([if we should obsufcate the CVFS]) 566 + 567 + AC_ARG_WITH(obsfucated-cvfs, AC_HELP_STRING([--with-obsfucated-cvfs], [Obsfucate CVFS filesystem (requires --enable-kit-storage=cvfs)]), [ 568 + obsfucate_cvfs=$withval 569 + ], [ 570 + obsfucate_cvfs='no' 571 + ]) 572 + 573 + case "$obsfucate_cvfs" in 574 + yes) 575 + AC_MSG_RESULT([yes]) 576 + DIR2C_FLAGS='--obsfucate' 577 + ;; 578 + *) 579 + AC_MSG_RESULT([no]) 580 + DIR2C_FLAGS='' 581 + ;; 582 + esac 583 + 584 + AC_SUBST(DIR2C_FLAGS) 585 +])
Modified kitsh/buildsrc/kitsh-0.0/configure.ac from [68bb20ca2d] to [42d57f3f66].
186 186 187 187 dnl Define that C-VFS should be make [load]-able 188 188 AC_DEFINE([CVFS_MAKE_LOADABLE], [1], [Specify that the C-VFS should be able to be loaded]) 189 189 190 190 dnl Add appropriate dependencies 191 191 EXTRA_KIT_DEPS="cvfs.tcl.h" 192 192 EXTRA_VFS_OBJS="${EXTRA_VFS_OBJS} cvfs_data_tcl.o" 193 + 194 + dnl Set any flags as required 195 + DC_SET_DIR2C_FLAGS 193 196 ] 194 197 ) 195 198 196 199 AC_SUBST(EXTRA_KIT_DEPS) 197 200 AC_SUBST(LDFLAGS_ADD) 198 201 199 202 dnl Put correct Makefile template in place 200 203 rm -f Makefile.in 201 204 cp Makefile.${TARGET}.in Makefile.in 202 205 203 206 dnl Produce output 204 207 AC_OUTPUT(Makefile Makefile.common)
Modified kitsh/buildsrc/kitsh-0.0/cvfs_data.c from [c7558f05e3] to [981ef56829].
2 2 3 3 #ifdef HAVE_STDLIB_H 4 4 # include <stdlib.h> 5 5 #endif 6 6 7 7 typedef struct cvfs_data *(cmd_getData_t)(const char *, unsigned long); 8 8 typedef unsigned long (cmd_getChildren_t)(const char *, unsigned long *, unsigned long); 9 +typedef void (cmd_decryptFile_t)(const char *, struct cvfs_data *); 9 10 10 11 /* Your implementation must provide these */ 11 12 static cmd_getData_t *getCmdData(const char *hashkey); 12 13 static cmd_getChildren_t *getCmdChildren(const char *hashkey); 14 +static cmd_decryptFile_t *getCmdDecryptFile(const char *hashkey); 13 15 14 16 /* Tcl Commands */ 15 17 static int getMetadata(ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) { 16 18 cmd_getData_t *cmd_getData; 17 19 cmd_getChildren_t *cmd_getChildren; 18 20 struct cvfs_data *finfo = NULL; 19 21 Tcl_Obj *ret_list, *ret_list_items[20]; ................................................................................ 105 107 106 108 return(TCL_OK); 107 109 } 108 110 109 111 static int getData(ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) { 110 112 struct cvfs_data *finfo = NULL; 111 113 cmd_getData_t *cmd_getData; 114 + cmd_decryptFile_t *cmd_decryptFile; 112 115 const char *hashkey; 113 116 const char *file; 114 117 const char *end_str; 115 118 Tcl_Obj *ret_str; 116 119 long start = 0; 117 120 long end = -1; 118 121 int tclGetLFO_ret; ................................................................................ 158 161 finfo = cmd_getData(file, 0); 159 162 160 163 if (finfo == NULL) { 161 164 Tcl_SetResult(interp, "No such file or directory", TCL_STATIC); 162 165 163 166 return(TCL_ERROR); 164 167 } 168 + 169 + if (finfo->type == CVFS_FILETYPE_OBSFUCATED_FILE || finfo->type == CVFS_FILETYPE_ENCRYPTED_FILE) { 170 + cmd_decryptFile = getCmdDecryptFile(hashkey); 171 + 172 + if (cmd_decryptFile != NULL) { 173 + cmd_decryptFile(file, finfo); 174 + } 175 + } 165 176 166 177 if (finfo->type != CVFS_FILETYPE_FILE) { 167 178 Tcl_SetResult(interp, "Not a file", TCL_STATIC); 168 179 169 180 return(TCL_ERROR); 170 181 } 171 182
Modified kitsh/buildsrc/kitsh-0.0/dir2c.tcl from [903b20a63c] to [a9768c9e59].
1 1 #! /usr/bin/env tclsh 2 + 3 +set obsfucate 0 4 +if {[lindex $argv end] == "--obsfucate"} { 5 + set obsfucate 1 6 + 7 + set argv [lrange $argv 0 end-1] 8 +} 2 9 3 10 if {[llength $argv] != 2} { 4 - puts stderr "Usage: dir2c.tcl <hashkey> <startdir>" 11 + puts stderr "Usage: dir2c.tcl <hashkey> <startdir> \[--obsfucate\]" 5 12 6 13 exit 1 7 14 } 8 15 9 16 set hashkey [lindex $argv 0] 10 17 set startdir [lindex $argv 1] 11 18 ................................................................................ 70 77 71 78 set ret [string trim $ret "\n\""] 72 79 73 80 set ret "\"$ret\"" 74 81 75 82 return $ret 76 83 } 84 + 85 +# Encrypt the data 86 +proc random_byte {} { 87 + set value [expr {int(256 * rand())}] 88 + 89 + return $value 90 +} 91 + 92 +proc encrypt_key_generate {method} { 93 + switch -- $method { 94 + "rotate_subst" { 95 + set key(method) $method 96 + set key(rotate_length) [random_byte] 97 + 98 + set key_data [list] 99 + while {[llength $key_data] != 256} { 100 + set value [random_byte] 101 + if {[lsearch -exact $key_data $value] != -1} { 102 + continue 103 + } 104 + 105 + lappend key_data $value 106 + } 107 + 108 + foreach value $key_data { 109 + append key(subst) [format %c $value] 110 + } 111 + 112 + return [array get key] 113 + } 114 + } 115 + error "not implemented" 116 +} 117 + 118 +proc encrypt_key_export {key_dict target} { 119 + array set key $key_dict 120 + 121 + switch -- $key(method) { 122 + "rotate_subst" { 123 + switch -- $target { 124 + "c" { 125 + set retval ".type = CVFS_KEYTYPE_ROTATE_SUBST,\n" 126 + append retval ".typedata.rotate_subst.rotate_length = $key(rotate_length),\n" 127 + append retval ".typedata.rotate_subst.subst = [stringify $key(subst)]\n" 128 + 129 + return $retval 130 + } 131 + } 132 + } 133 + } 134 + 135 + error "not implemented" 136 +} 137 + 138 +proc encrypt {data key_dict {decrypt 0}} { 139 + array set key $key_dict 140 + 141 + switch -- $key(method) { 142 + "rotate_subst" { 143 + set retval "" 144 + set datalen [string length $data] 145 + 146 + for {set i 0} {$i < $datalen} {incr i $key(rotate_length)} { 147 + set map [list] 148 + for {set j 0} {$j < 256} {incr j} { 149 + if {$decrypt} { 150 + lappend map [format %c $j] [string index $key(subst) $j] 151 + } else { 152 + lappend map [string index $key(subst) $j] [format %c $j] 153 + } 154 + } 155 + 156 + set end [expr {$i + $key(rotate_length) - 1}] 157 + 158 + set block [string range $data $i $end] 159 + set block [string map $map $block] 160 + 161 + append retval $block 162 + 163 + set key_end [string index $key(subst) 0] 164 + set key(subst) [string range $key(subst) 1 end]$key_end 165 + } 166 + 167 + return $retval 168 + } 169 + "aes" { 170 + package require aes 171 + } 172 + } 173 + error "not implemented" 174 +} 175 + 176 +proc decrypt {data key_dict} { 177 + return [encrypt $data $key_dict 1] 178 +} 77 179 78 180 # This function must be kept in-sync with the generated C function below 79 181 proc cvfs_hash {path} { 80 182 set h 0 81 183 set g 0 82 184 83 185 for {set idx 0} {$idx < [string length $path]} {incr idx} { ................................................................................ 91 193 } 92 194 93 195 set h [expr {$h & ((~$g) & 0xffffffff)}] 94 196 } 95 197 96 198 return $h 97 199 } 200 + 201 +# If encryption is requested, generate a key 202 +if {$obsfucate} { 203 + set obsfucation_key [encrypt_key_generate "rotate_subst"] 204 +} 98 205 99 206 # Generate list of files to include in output 100 207 set files [recursive_glob $startdir] 101 208 102 209 # Insert dummy entry cooresponding to C dummy entry 103 210 set files [linsert $files 0 "__DUMMY__"] 104 211 ................................................................................ 113 220 # ifdef HAVE_STDC 114 221 # ifndef HAVE_UNISTD_H 115 222 # define HAVE_UNISTD_H 1 116 223 # endif 117 224 # ifndef HAVE_STRING_H 118 225 # define HAVE_STRING_H 1 119 226 # endif 227 +# ifndef HAVE_STDLIB_H 228 +# define HAVE_STDLIB_H 1 229 +# endif 120 230 # endif 121 231 # ifdef HAVE_UNISTD_H 122 232 # include <unistd.h> 123 233 # endif 124 234 # ifdef HAVE_STRING_H 125 235 # include <string.h> 126 236 # endif 237 +# ifdef HAVE_STDLIB_H 238 +# include <stdlib.h> 239 +# endif 127 240 128 241 # ifndef LOADED_CVFS_COMMON 129 242 # define LOADED_CVFS_COMMON 1 130 243 131 244 typedef enum { 132 - CVFS_FILETYPE_FILE, 133 - CVFS_FILETYPE_DIR 245 + CVFS_FILETYPE_FILE = 0, 246 + CVFS_FILETYPE_DIR = 1, 247 + CVFS_FILETYPE_OBSFUCATED_FILE = 2, 248 + CVFS_FILETYPE_ENCRYPTED_FILE = 3, 134 249 } cvfs_filetype_t; 135 250 136 251 struct cvfs_data { 137 252 const char * name; 138 253 unsigned long index; 139 254 unsigned long size; 140 255 cvfs_filetype_t type; 141 256 const unsigned char * data; 142 257 }; 258 + 259 +typedef enum { 260 + CVFS_KEYTYPE_ROTATE_SUBST = 0, 261 +} cvfs_keytype_t; 262 + 263 +struct cvfs_key { 264 + cvfs_keytype_t type; 265 + union { 266 + struct { 267 + int rotate_length; 268 + unsigned char *subst; 269 + } rotate_subst; 270 + } typedata; 271 +}; 143 272 144 273 static unsigned long cvfs_hash(const unsigned char *path) { 145 274 unsigned long i, h = 0, g = 0; 146 275 147 276 for (i = 0; path[i]; i++) { 148 277 h = (h << 4) + path[i]; 149 278 g = h & 0xf0000000; ................................................................................ 151 280 h ^= (g >> 24); 152 281 } 153 282 h &= ((~g) & 0xffffffffLU); 154 283 } 155 284 156 285 return(h); 157 286 } 287 + 288 +#include <stdio.h> 289 +static int cvfs_decrypt(unsigned char *out, const unsigned char *in, unsigned long in_out_length, struct cvfs_key *key) { 290 + unsigned long i; 291 + unsigned char in_ch, out_ch; 292 + int ch_idx; 293 + 294 + for (i = 0; i < in_out_length; i++) { 295 + in_ch = in[i]; 296 + 297 + ch_idx = (in_ch + (i / key->typedata.rotate_subst.rotate_length)) % 256; 298 + 299 + out_ch = key->typedata.rotate_subst.subst[ch_idx]; 300 + out[i] = out_ch; 301 + } 302 + 303 + return(0); 304 +} 158 305 159 306 # endif /* !LOADED_CVFS_COMMON */} 160 307 puts "" 161 308 162 309 puts "static struct cvfs_data ${code_tag}_data\[\] = {" 163 310 puts "\t{" 164 311 puts "\t\t.name = NULL," ................................................................................ 172 319 set shortfile [shorten_file $startdir $file] 173 320 174 321 unset -nocomplain finfo type 175 322 file stat $file finfo 176 323 177 324 switch -- $finfo(type) { 178 325 "file" { 179 - set type "CVFS_FILETYPE_FILE" 180 326 set size $finfo(size) 181 327 182 328 set fd [open $file] 183 329 fconfigure $fd -translation binary 184 330 set data [read $fd] 185 331 close $fd 186 332 187 - set data "(unsigned char *) [stringify $data]" 333 + if {$obsfucate} { 334 + set type "CVFS_FILETYPE_OBSFUCATED_FILE" 335 + set data "(unsigned char *) [stringify [encrypt $data $obsfucation_key]]" 336 + } else { 337 + set type "CVFS_FILETYPE_FILE" 338 + set data "(unsigned char *) [stringify $data]" 339 + } 188 340 } 189 341 "directory" { 190 342 set type "CVFS_FILETYPE_DIR" 191 343 set data "NULL" 192 344 set size 0 193 345 } 194 346 } ................................................................................ 346 498 } 347 499 348 500 puts "\t}" 349 501 puts "" 350 502 puts "\treturn(num_children);" 351 503 puts "}" 352 504 puts "" 505 + 506 +if {$obsfucate} { 507 + puts "static void ${code_tag}_decryptFile(const char *path, struct cvfs_data *finfo) {" 508 + puts "\tstatic struct cvfs_key key = { [string map [list "\n" " "] [encrypt_key_export $obsfucation_key "c"]] };" 509 + puts "\tunsigned char *new_data;" 510 + puts "\tint decrypt_ret;" 511 + puts "" 512 + puts "\tnew_data = malloc(finfo->size);" 513 + puts "\tdecrypt_ret = cvfs_decrypt(new_data, finfo->data, finfo->size, &key);" 514 + puts "\tif (decrypt_ret != 0) {" 515 + puts "\t\tfree(new_data);" 516 + puts "" 517 + puts "\t\treturn;" 518 + puts "\t}" 519 + puts "\tfinfo->data = new_data;" 520 + puts "\tfinfo->type = CVFS_FILETYPE_FILE;" 521 + puts "\treturn;" 522 + puts "}" 523 + puts "" 524 +} 353 525 354 526 puts "# ifdef CVFS_MAKE_LOADABLE" 355 527 356 528 set fd [open "cvfs_data.c"] 357 529 puts [read $fd] 358 530 close $fd 359 - 360 531 361 532 puts "static cmd_getData_t *getCmdData(const char *hashkey) {" 362 533 puts "\treturn(${code_tag}_getData);" 363 534 puts "}" 364 535 puts "" 365 536 puts "static cmd_getChildren_t *getCmdChildren(const char *hashkey) {" 366 537 puts "\treturn(${code_tag}_getChildren);" 538 +puts "}" 539 +puts "" 540 +puts "static cmd_decryptFile_t *getCmdDecryptFile(const char *hashkey) {" 541 +if {$obsfucate} { 542 + puts "\treturn(${code_tag}_decryptFile);" 543 +} else { 544 + puts "\treturn(NULL);" 545 +} 367 546 puts "}" 368 547 puts "" 369 548 370 549 puts "int Cvfs_data_${hashkey}_Init(Tcl_Interp *interp) {" 371 550 puts "\tTcl_Command tclCreatComm_ret;" 372 551 puts "\tint tclPkgProv_ret;" 373 552 puts ""