garble/internal/literals/obfuscators.go

// Copyright (c) 2020, The Garble Authors.
// See LICENSE for licensing information.

package literals

import (
	"fmt"
	"go/ast"
	"go/token"
	mathrand "math/rand"
)

// obfuscator takes a byte slice and converts it to a ast.BlockStmt
type obfuscator interface {
	obfuscate(obfRand *mathrand.Rand, data []byte) *ast.BlockStmt
}

var (
	simpleObfuscator = simple{}

	// Obfuscators contains all types which implement the obfuscator Interface
	Obfuscators = []obfuscator{
		simpleObfuscator,
		swap{},
		split{},
		shuffle{},
		seed{},
	}

	// LinearTimeObfuscators contains all types which implement the obfuscator Interface and can safely be used on large literals
	LinearTimeObfuscators = []obfuscator{
		simpleObfuscator,
	}

	TestObfuscator         string
	testPkgToObfuscatorMap map[string]obfuscator
)

func genRandIntSlice(obfRand *mathrand.Rand, max, count int) []int {
	indexes := make([]int, count)
	for i := range count {
		indexes[i] = obfRand.Intn(max)
	}
	return indexes
}

func randOperator(obfRand *mathrand.Rand) token.Token {
	operatorTokens := [...]token.Token{token.XOR, token.ADD, token.SUB}
	return operatorTokens[obfRand.Intn(len(operatorTokens))]
}

func evalOperator(t token.Token, x, y byte) byte {
	switch t {
	case token.XOR:
		return x ^ y
	case token.ADD:
		return x + y
	case token.SUB:
		return x - y
	default:
		panic(fmt.Sprintf("unknown operator: %s", t))
	}
}

func operatorToReversedBinaryExpr(t token.Token, x, y ast.Expr) *ast.BinaryExpr {
	expr := &ast.BinaryExpr{X: x, Y: y}

	switch t {
	case token.XOR:
		expr.Op = token.XOR
	case token.ADD:
		expr.Op = token.SUB
	case token.SUB:
		expr.Op = token.ADD
	default:
		panic(fmt.Sprintf("unknown operator: %s", t))
	}

	return expr
}

type obfRand struct {
	*mathrand.Rand
	testObfuscator obfuscator
}

func (r *obfRand) nextObfuscator() obfuscator {
	if r.testObfuscator != nil {
		return r.testObfuscator
	}
	return Obfuscators[r.Intn(len(Obfuscators))]
}

func (r *obfRand) nextLinearTimeObfuscator() obfuscator {
	if r.testObfuscator != nil {
		return r.testObfuscator
	}
	return Obfuscators[r.Intn(len(LinearTimeObfuscators))]
}

func newObfRand(rand *mathrand.Rand, file *ast.File) *obfRand {
	testObf := testPkgToObfuscatorMap[file.Name.Name]
	return &obfRand{rand, testObf}
}
set up an AUTHORS file to attribute copyright Many files were missing copyright, so also add a short script to add the missing lines with the current year, and run it. The AUTHORS file is also self-explanatory. Contributors can add themselves there, or we can simply update it from time to time via git-shortlog. Since we have two scripts now, set up a directory for them. 5 years ago			`// Copyright (c) 2020, The Garble Authors.`
			`// See LICENSE for licensing information.`

Use XOR instead of AES for literal obfuscation. Implement a literal obfuscator interface, to allow the easy addition of new encodings. Add literal obfuscation for byte literals. Choose a random obfuscator on literal obfuscation, useful when multiple obfuscators are implemented. Fixes #62 5 years ago			`package literals`

			`import (`
			`"fmt"`
			`"go/ast"`
Randomize operator (xor, add, subtract) on all obfuscators (#90) Co-authored-by: lu4p <lu4p@pm.me> 5 years ago			`"go/token"`
Use XOR instead of AES for literal obfuscation. Implement a literal obfuscator interface, to allow the easy addition of new encodings. Add literal obfuscation for byte literals. Choose a random obfuscator on literal obfuscation, useful when multiple obfuscators are implemented. Fixes #62 5 years ago			`mathrand "math/rand"`
			`)`

			`// obfuscator takes a byte slice and converts it to a ast.BlockStmt`
			`type obfuscator interface {`
avoid using math/rand's global funcs like Seed and Intn Go 1.20 is starting to deprecate the use of math/rand's global state, per https://go.dev/issue/56319 and https://go.dev/issue/20661. The reasoning is sound: Deprecated: Programs that call Seed and then expect a specific sequence of results from the global random source (using functions such as Int) can be broken when a dependency changes how much it consumes from the global random source. To avoid such breakages, programs that need a specific result sequence should use NewRand(NewSource(seed)) to obtain a random generator that other packages cannot access. Aside from the tests, we used math/rand only for obfuscating literals, which caused a deterministic series of calls like Intn. Our call to Seed was also deterministic, per either GarbleActionID or the -seed flag. However, our determinism was fragile. If any of our dependencies or other packages made any calls to math/rand's global funcs, then our determinism could be broken entirely, and it's hard to notice. Start using separate math/rand.Rand objects for each use case. Also make uses of crypto/rand use "cryptorand" for consistency. Note that this requires a bit of a refactor in internal/literals to start passing around Rand objects. We also do away with unnecessary short funcs, especially since math/rand's Read never errors, and we can obtain a byte via math/rand's Uint32. 2 years ago			`obfuscate(obfRand mathrand.Rand, data []byte) ast.BlockStmt`
Use XOR instead of AES for literal obfuscation. Implement a literal obfuscator interface, to allow the easy addition of new encodings. Add literal obfuscation for byte literals. Choose a random obfuscator on literal obfuscation, useful when multiple obfuscators are implemented. Fixes #62 5 years ago			`}`

internal/literals: add benchmark to measure the run-time overhead 2 years ago			`var (`
use the "simple" obfuscator for large literals Changes literal obfuscation such that literals of any size will be obfuscated, but beyond `maxSize` we only use the `simple` obfuscator. This one seems to apply AND, OR, or XOR operators byte-wise and should be safe to use, unlike some of the other obfuscators which are quadratic on the literal size or worse. The test for literals is changed a bit to verify that obfuscation is applied. The code written to the `extra_literals.go` file by the test helper now ensures that Go does not optimize the literals away when we build the binary. We also append a unique string to all literals so that we can test that an unobfuscated build contains this string while an obfuscated build does not. 2 years ago			`simpleObfuscator = simple{}`

internal/literals: add benchmark to measure the run-time overhead 2 years ago			`// Obfuscators contains all types which implement the obfuscator Interface`
			`Obfuscators = []obfuscator{`
use the "simple" obfuscator for large literals Changes literal obfuscation such that literals of any size will be obfuscated, but beyond `maxSize` we only use the `simple` obfuscator. This one seems to apply AND, OR, or XOR operators byte-wise and should be safe to use, unlike some of the other obfuscators which are quadratic on the literal size or worse. The test for literals is changed a bit to verify that obfuscation is applied. The code written to the `extra_literals.go` file by the test helper now ensures that Go does not optimize the literals away when we build the binary. We also append a unique string to all literals so that we can test that an unobfuscated build contains this string while an obfuscated build does not. 2 years ago			`simpleObfuscator,`
internal/literals: add benchmark to measure the run-time overhead 2 years ago			`swap{},`
			`split{},`
			`shuffle{},`
internal/literals: re-enable the seed obfuscator Now that we dropped Go 1.19, we can use it again, since the referenced bug was fixed in Go 1.20. This is a separate commit, as this change does alter the way we obfuscate Go builds, so it's not just a cleanup. 2 years ago			`seed{},`
internal/literals: add benchmark to measure the run-time overhead 2 years ago			`}`

use the "simple" obfuscator for large literals Changes literal obfuscation such that literals of any size will be obfuscated, but beyond `maxSize` we only use the `simple` obfuscator. This one seems to apply AND, OR, or XOR operators byte-wise and should be safe to use, unlike some of the other obfuscators which are quadratic on the literal size or worse. The test for literals is changed a bit to verify that obfuscation is applied. The code written to the `extra_literals.go` file by the test helper now ensures that Go does not optimize the literals away when we build the binary. We also append a unique string to all literals so that we can test that an unobfuscated build contains this string while an obfuscated build does not. 2 years ago			`// LinearTimeObfuscators contains all types which implement the obfuscator Interface and can safely be used on large literals`
			`LinearTimeObfuscators = []obfuscator{`
			`simpleObfuscator,`
			`}`

internal/literals: add benchmark to measure the run-time overhead 2 years ago			`TestObfuscator string`
			`testPkgToObfuscatorMap map[string]obfuscator`
			`)`
Use XOR instead of AES for literal obfuscation. Implement a literal obfuscator interface, to allow the easy addition of new encodings. Add literal obfuscation for byte literals. Choose a random obfuscator on literal obfuscation, useful when multiple obfuscators are implemented. Fixes #62 5 years ago
avoid using math/rand's global funcs like Seed and Intn Go 1.20 is starting to deprecate the use of math/rand's global state, per https://go.dev/issue/56319 and https://go.dev/issue/20661. The reasoning is sound: Deprecated: Programs that call Seed and then expect a specific sequence of results from the global random source (using functions such as Int) can be broken when a dependency changes how much it consumes from the global random source. To avoid such breakages, programs that need a specific result sequence should use NewRand(NewSource(seed)) to obtain a random generator that other packages cannot access. Aside from the tests, we used math/rand only for obfuscating literals, which caused a deterministic series of calls like Intn. Our call to Seed was also deterministic, per either GarbleActionID or the -seed flag. However, our determinism was fragile. If any of our dependencies or other packages made any calls to math/rand's global funcs, then our determinism could be broken entirely, and it's hard to notice. Start using separate math/rand.Rand objects for each use case. Also make uses of crypto/rand use "cryptorand" for consistency. Note that this requires a bit of a refactor in internal/literals to start passing around Rand objects. We also do away with unnecessary short funcs, especially since math/rand's Read never errors, and we can obtain a byte via math/rand's Uint32. 2 years ago			`func genRandIntSlice(obfRand *mathrand.Rand, max, count int) []int {`
Add new obfuscators for literals - swap (#74) Implement swap obfuscator 5 years ago			`indexes := make([]int, count)`
all: run gopls's modernize -fix Except on reflect_abi_code.go, as that needs to be compatible with older versions of Go given that we inject its code. 1 month ago			`for i := range count {`
avoid using math/rand's global funcs like Seed and Intn Go 1.20 is starting to deprecate the use of math/rand's global state, per https://go.dev/issue/56319 and https://go.dev/issue/20661. The reasoning is sound: Deprecated: Programs that call Seed and then expect a specific sequence of results from the global random source (using functions such as Int) can be broken when a dependency changes how much it consumes from the global random source. To avoid such breakages, programs that need a specific result sequence should use NewRand(NewSource(seed)) to obtain a random generator that other packages cannot access. Aside from the tests, we used math/rand only for obfuscating literals, which caused a deterministic series of calls like Intn. Our call to Seed was also deterministic, per either GarbleActionID or the -seed flag. However, our determinism was fragile. If any of our dependencies or other packages made any calls to math/rand's global funcs, then our determinism could be broken entirely, and it's hard to notice. Start using separate math/rand.Rand objects for each use case. Also make uses of crypto/rand use "cryptorand" for consistency. Note that this requires a bit of a refactor in internal/literals to start passing around Rand objects. We also do away with unnecessary short funcs, especially since math/rand's Read never errors, and we can obtain a byte via math/rand's Uint32. 2 years ago			`indexes[i] = obfRand.Intn(max)`
Add new obfuscators for literals - swap (#74) Implement swap obfuscator 5 years ago			`}`
			`return indexes`
			`}`
Randomize operator (xor, add, subtract) on all obfuscators (#90) Co-authored-by: lu4p <lu4p@pm.me> 5 years ago
avoid using math/rand's global funcs like Seed and Intn Go 1.20 is starting to deprecate the use of math/rand's global state, per https://go.dev/issue/56319 and https://go.dev/issue/20661. The reasoning is sound: Deprecated: Programs that call Seed and then expect a specific sequence of results from the global random source (using functions such as Int) can be broken when a dependency changes how much it consumes from the global random source. To avoid such breakages, programs that need a specific result sequence should use NewRand(NewSource(seed)) to obtain a random generator that other packages cannot access. Aside from the tests, we used math/rand only for obfuscating literals, which caused a deterministic series of calls like Intn. Our call to Seed was also deterministic, per either GarbleActionID or the -seed flag. However, our determinism was fragile. If any of our dependencies or other packages made any calls to math/rand's global funcs, then our determinism could be broken entirely, and it's hard to notice. Start using separate math/rand.Rand objects for each use case. Also make uses of crypto/rand use "cryptorand" for consistency. Note that this requires a bit of a refactor in internal/literals to start passing around Rand objects. We also do away with unnecessary short funcs, especially since math/rand's Read never errors, and we can obtain a byte via math/rand's Uint32. 2 years ago			`func randOperator(obfRand *mathrand.Rand) token.Token {`
Randomize operator (xor, add, subtract) on all obfuscators (#90) Co-authored-by: lu4p <lu4p@pm.me> 5 years ago			`operatorTokens := [...]token.Token{token.XOR, token.ADD, token.SUB}`
avoid using math/rand's global funcs like Seed and Intn Go 1.20 is starting to deprecate the use of math/rand's global state, per https://go.dev/issue/56319 and https://go.dev/issue/20661. The reasoning is sound: Deprecated: Programs that call Seed and then expect a specific sequence of results from the global random source (using functions such as Int) can be broken when a dependency changes how much it consumes from the global random source. To avoid such breakages, programs that need a specific result sequence should use NewRand(NewSource(seed)) to obtain a random generator that other packages cannot access. Aside from the tests, we used math/rand only for obfuscating literals, which caused a deterministic series of calls like Intn. Our call to Seed was also deterministic, per either GarbleActionID or the -seed flag. However, our determinism was fragile. If any of our dependencies or other packages made any calls to math/rand's global funcs, then our determinism could be broken entirely, and it's hard to notice. Start using separate math/rand.Rand objects for each use case. Also make uses of crypto/rand use "cryptorand" for consistency. Note that this requires a bit of a refactor in internal/literals to start passing around Rand objects. We also do away with unnecessary short funcs, especially since math/rand's Read never errors, and we can obtain a byte via math/rand's Uint32. 2 years ago			`return operatorTokens[obfRand.Intn(len(operatorTokens))]`
Randomize operator (xor, add, subtract) on all obfuscators (#90) Co-authored-by: lu4p <lu4p@pm.me> 5 years ago			`}`

			`func evalOperator(t token.Token, x, y byte) byte {`
			`switch t {`
			`case token.XOR:`
			`return x ^ y`
			`case token.ADD:`
			`return x + y`
			`case token.SUB:`
			`return x - y`
			`default:`
			`panic(fmt.Sprintf("unknown operator: %s", t))`
			`}`
			`}`

			`func operatorToReversedBinaryExpr(t token.Token, x, y ast.Expr) *ast.BinaryExpr {`
			`expr := &ast.BinaryExpr{X: x, Y: y}`

			`switch t {`
			`case token.XOR:`
			`expr.Op = token.XOR`
			`case token.ADD:`
			`expr.Op = token.SUB`
			`case token.SUB:`
			`expr.Op = token.ADD`
			`default:`
			`panic(fmt.Sprintf("unknown operator: %s", t))`
			`}`

			`return expr`
			`}`
internal/literals: add benchmark to measure the run-time overhead 2 years ago
			`type obfRand struct {`
			`*mathrand.Rand`
			`testObfuscator obfuscator`
			`}`

			`func (r *obfRand) nextObfuscator() obfuscator {`
			`if r.testObfuscator != nil {`
			`return r.testObfuscator`
			`}`
			`return Obfuscators[r.Intn(len(Obfuscators))]`
			`}`

use the "simple" obfuscator for large literals Changes literal obfuscation such that literals of any size will be obfuscated, but beyond `maxSize` we only use the `simple` obfuscator. This one seems to apply AND, OR, or XOR operators byte-wise and should be safe to use, unlike some of the other obfuscators which are quadratic on the literal size or worse. The test for literals is changed a bit to verify that obfuscation is applied. The code written to the `extra_literals.go` file by the test helper now ensures that Go does not optimize the literals away when we build the binary. We also append a unique string to all literals so that we can test that an unobfuscated build contains this string while an obfuscated build does not. 2 years ago			`func (r *obfRand) nextLinearTimeObfuscator() obfuscator {`
			`if r.testObfuscator != nil {`
			`return r.testObfuscator`
			`}`
			`return Obfuscators[r.Intn(len(LinearTimeObfuscators))]`
			`}`

internal/literals: add benchmark to measure the run-time overhead 2 years ago			`func newObfRand(rand mathrand.Rand, file ast.File) *obfRand {`
			`testObf := testPkgToObfuscatorMap[file.Name.Name]`
			`return &obfRand{rand, testObf}`
			`}`