1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2025-01-17 23:06:30 -05:00

added necessary infrastructure

This commit is contained in:
Shelikhoo 2021-03-16 22:05:01 +00:00
parent 57b4214284
commit 2d778239a3
No known key found for this signature in database
GPG Key ID: C4D5E79D22B25316
7 changed files with 112 additions and 0 deletions

View File

@ -170,6 +170,12 @@ jobs:
with:
path: build_artifacts
- name: Create extra package
run: |
pushd ./release/extra/
zip -9vr ../../build_artifacts/v2ray-extra.zip .
popd
- name: Generate shasum
run: |
go get -v github.com/v2fly/V2BuildAssist/v2buildutil
@ -205,6 +211,11 @@ jobs:
name: Release.unsigned.dgst
path: build_artifacts/Release.unsigned.dgst
- uses: actions/upload-artifact@v2
with:
name: v2ray-extra.zip
path: build_artifacts/v2ray-extra.zip
- name: Upload Release.unsigned related files
uses: svenstaro/upload-release-action@v2
if: github.event_name == 'release'
@ -213,3 +224,12 @@ jobs:
file_glob: true
file: build_artifacts/Release.unsigned*
tag: ${{ github.ref }}
- name: Upload extra package
uses: svenstaro/upload-release-action@v2
if: github.event_name == 'release'
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file_glob: true
file: build_artifacts/v2ray-extra.zip
tag: ${{ github.ref }}

View File

@ -0,0 +1,6 @@
package securedload
const allowedHashes = `SHA256 (!#project==v2fly) = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
SHA256 (!#version==embedded) = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
SHA256 (subscriptions/subscriptionsDefinition.v2flyTemplate) = 3f165dba7de0d7c506fbdff3275ea64b76f307df435316a3ea0914ee957793ab
`

View File

@ -0,0 +1,47 @@
package securedload
import (
"bytes"
"crypto/sha256"
"encoding/hex"
"github.com/v2fly/VSign/insmgr"
"github.com/v2fly/VSign/signerVerify"
"github.com/v2fly/v2ray-core/v4/common/platform"
"github.com/v2fly/v2ray-core/v4/common/platform/filesystem"
"strings"
)
type EmbeddedHashProtectedLoader struct {
checkedFile map[string]string
}
func (e EmbeddedHashProtectedLoader) VerifyAndLoad(filename string) ([]byte, error) {
filecontent, err := filesystem.ReadFile(platform.GetAssetLocation(filename))
if err != nil {
return nil, newError("Cannot find file", filename).Base(err)
}
fileHash := sha256.Sum256(filecontent)
fileHashAsString := hex.EncodeToString(fileHash[:])
if filenameverified, ok := e.checkedFile[fileHashAsString]; ok {
for _, filenameVerifiedIndividual := range strings.Split(filenameverified, ";") {
if strings.HasSuffix(filenameVerifiedIndividual, filename) {
return filecontent, nil
}
}
}
return nil, newError("Unrecognized file at ", filename, " can not be loaded for execution")
}
func NewEmbeddedHashProtectedLoader() *EmbeddedHashProtectedLoader {
instructions := insmgr.ReadAllIns(bytes.NewReader([]byte(allowedHashes)))
checkedFile, _, ok := signerVerify.CheckAsClient(instructions, "v2fly", true)
if !ok {
panic("Embedded Hash data is invalid")
}
return &EmbeddedHashProtectedLoader{checkedFile: checkedFile}
}
func init() {
RegisterProtectedLoader("embedded", NewEmbeddedHashProtectedLoader())
}

View File

@ -0,0 +1,9 @@
package securedload
import "github.com/v2fly/v2ray-core/v4/common/errors"
type errPathObjHolder struct{}
func newError(values ...interface{}) *errors.Error {
return errors.New(values...).WithPathObj(errPathObjHolder{})
}

View File

@ -0,0 +1,13 @@
package securedload
func GetAssetSecured(name string) ([]byte, error) {
var err error
for k, v := range knownProtectedLoader {
if loadedData, errLoad := v.VerifyAndLoad(name); errLoad == nil {
return loadedData, nil
} else {
err = newError(k, " is not loading executable file").Base(errLoad)
}
}
return nil, err
}

View File

@ -0,0 +1,3 @@
package securedload
//go:generate go run github.com/v2fly/v2ray-core/v4/common/errors/errorgen

View File

@ -0,0 +1,14 @@
package securedload
type ProtectedLoader interface {
VerifyAndLoad(filename string) ([]byte, error)
}
var knownProtectedLoader map[string]ProtectedLoader
func RegisterProtectedLoader(name string, sv ProtectedLoader) {
if knownProtectedLoader == nil {
knownProtectedLoader = map[string]ProtectedLoader{}
}
knownProtectedLoader[name] = sv
}