v2fly/common/platform/securedload/embeddedhash.go

package securedload

import (
	"bytes"
	"crypto/sha256"
	"encoding/hex"
	"path/filepath"
	"strings"

	"github.com/v2fly/VSign/insmgr"
	"github.com/v2fly/VSign/signerVerify"

	"github.com/v2fly/v2ray-core/v4/common/platform"
	"github.com/v2fly/v2ray-core/v4/common/platform/filesystem"
)

type EmbeddedHashProtectedLoader struct {
	checkedFile map[string]string
}

func (e EmbeddedHashProtectedLoader) VerifyAndLoad(filename string) ([]byte, error) {
	platformFileName := filepath.FromSlash(filename)
	fileContent, err := filesystem.ReadFile(platform.GetAssetLocation(platformFileName))
	if err != nil {
		return nil, newError("Cannot find file", filename).Base(err)
	}
	fileHash := sha256.Sum256(fileContent)
	fileHashAsString := hex.EncodeToString(fileHash[:])
	if fileNameVerified, ok := e.checkedFile[fileHashAsString]; ok {
		for _, filenameVerifiedIndividual := range strings.Split(fileNameVerified, ";") {
			if strings.HasSuffix(filenameVerifiedIndividual, filename) {
				return fileContent, nil
			}
		}
	}
	return nil, newError("Unrecognized file at ", filename, " can not be loaded for execution")
}

func NewEmbeddedHashProtectedLoader() *EmbeddedHashProtectedLoader {
	instructions := insmgr.ReadAllIns(bytes.NewReader([]byte(allowedHashes)))
	checkedFile, _, ok := signerVerify.CheckAsClient(instructions, "v2fly", true)
	if !ok {
		panic("Embedded Hash data is invalid")
	}
	return &EmbeddedHashProtectedLoader{checkedFile: checkedFile}
}

func init() {
	RegisterProtectedLoader("embedded", NewEmbeddedHashProtectedLoader())
}
added necessary infrastructure 2021-03-16 18:05:01 -04:00			`package securedload`

			`import (`
			`"bytes"`
			`"crypto/sha256"`
			`"encoding/hex"`
rework the file name checking logic 2021-04-03 05:14:23 -04:00			`"path/filepath"`
Chore: format code 2021-03-27 20:44:04 -04:00			`"strings"`

added necessary infrastructure 2021-03-16 18:05:01 -04:00			`"github.com/v2fly/VSign/insmgr"`
			`"github.com/v2fly/VSign/signerVerify"`
Chore: format code 2021-03-27 20:44:04 -04:00
added necessary infrastructure 2021-03-16 18:05:01 -04:00			`"github.com/v2fly/v2ray-core/v4/common/platform"`
			`"github.com/v2fly/v2ray-core/v4/common/platform/filesystem"`
			`)`

			`type EmbeddedHashProtectedLoader struct {`
			`checkedFile map[string]string`
			`}`

			`func (e EmbeddedHashProtectedLoader) VerifyAndLoad(filename string) ([]byte, error) {`
rework the file name checking logic 2021-04-03 05:14:23 -04:00			`platformFileName := filepath.FromSlash(filename)`
Fix: secured loading path under windows (#851) * Fix: secured loading path under windows * fix sign file foramts 2021-04-04 04:32:42 -04:00			`fileContent, err := filesystem.ReadFile(platform.GetAssetLocation(platformFileName))`
added necessary infrastructure 2021-03-16 18:05:01 -04:00			`if err != nil {`
			`return nil, newError("Cannot find file", filename).Base(err)`
			`}`
Fix: secured loading path under windows (#851) * Fix: secured loading path under windows * fix sign file foramts 2021-04-04 04:32:42 -04:00			`fileHash := sha256.Sum256(fileContent)`
added necessary infrastructure 2021-03-16 18:05:01 -04:00			`fileHashAsString := hex.EncodeToString(fileHash[:])`
Fix: secured loading path under windows (#851) * Fix: secured loading path under windows * fix sign file foramts 2021-04-04 04:32:42 -04:00			`if fileNameVerified, ok := e.checkedFile[fileHashAsString]; ok {`
			`for _, filenameVerifiedIndividual := range strings.Split(fileNameVerified, ";") {`
added necessary infrastructure 2021-03-16 18:05:01 -04:00			`if strings.HasSuffix(filenameVerifiedIndividual, filename) {`
Fix: secured loading path under windows (#851) * Fix: secured loading path under windows * fix sign file foramts 2021-04-04 04:32:42 -04:00			`return fileContent, nil`
added necessary infrastructure 2021-03-16 18:05:01 -04:00			`}`
			`}`
			`}`
			`return nil, newError("Unrecognized file at ", filename, " can not be loaded for execution")`
			`}`

			`func NewEmbeddedHashProtectedLoader() *EmbeddedHashProtectedLoader {`
			`instructions := insmgr.ReadAllIns(bytes.NewReader([]byte(allowedHashes)))`
			`checkedFile, _, ok := signerVerify.CheckAsClient(instructions, "v2fly", true)`
			`if !ok {`
			`panic("Embedded Hash data is invalid")`
			`}`
			`return &EmbeddedHashProtectedLoader{checkedFile: checkedFile}`
			`}`

			`func init() {`
			`RegisterProtectedLoader("embedded", NewEmbeddedHashProtectedLoader())`
			`}`