justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity

make -seed=random use the same random seed for all packages

Browse Source 
Otherwise, a different random seed per package will break imported names.
pull/37/head
lu4p 5 years ago committed by GitHub
parent 0cf8d4e7a6
commit 4c64b13506
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 35 additions and 32 deletions
Show Stats Download Patch File Download Diff File

3
crypto.go
Unescape Escape View File

@ -6,6 +6,7 @@ import (
"crypto/rand" "crypto/rand"
"fmt" "fmt"
mathrand "math/rand" mathrand "math/rand"
"strings"
) )
// If math/rand.Seed() is not called, the generator behaves as if seeded by rand.Seed(1), // If math/rand.Seed() is not called, the generator behaves as if seeded by rand.Seed(1),
@ -25,7 +26,7 @@ func genNonce() []byte {
func genRandBytes(size int) []byte { func genRandBytes(size int) []byte {
buffer := make([]byte, size) buffer := make([]byte, size)
if envGarbleSeed == "random" { if strings.HasPrefix(envGarbleSeed, "random;") {
_, err := rand.Read(buffer) _, err := rand.Read(buffer)
if err != nil { if err != nil {
panic(fmt.Sprintf("couldn't generate random key: %v", err)) panic(fmt.Sprintf("couldn't generate random key: %v", err))

24
main.go
Unescape Escape View File

@ -195,6 +195,17 @@ func mainErr(args []string) error {
} }
os.Setenv("GARBLE_DIR", wd) os.Setenv("GARBLE_DIR", wd)
os.Setenv("GARBLE_LITERALS", fmt.Sprint(flagGarbleLiterals)) os.Setenv("GARBLE_LITERALS", fmt.Sprint(flagGarbleLiterals))
if flagSeed == "random" {
seed = make([]byte, 16) // random 128 bit seed
_, err = rand.Read(seed)
if err != nil {
return fmt.Errorf("Error generating random seed: %v", err)
}
flagSeed = "random;" + base64.StdEncoding.EncodeToString(seed)
}
os.Setenv("GARBLE_SEED", flagSeed) os.Setenv("GARBLE_SEED", flagSeed)
if flagDebugDir != "" { if flagDebugDir != "" {
@ -349,20 +360,15 @@ func transformCompile(args []string) ([]string, error) {
files = append(files, file) files = append(files, file)
} }
if envGarbleSeed == "random" { if envGarbleSeed != "" {
seed = make([]byte, 16) // random 128 bit seed seed, err = base64.StdEncoding.DecodeString(strings.TrimPrefix(envGarbleSeed, "random;"))
_, err = rand.Read(seed)
if err != nil {
return nil, fmt.Errorf("Error generating random seed: %v", err)
}
} else if envGarbleSeed != "" {
seed, err = base64.StdEncoding.DecodeString(envGarbleSeed)
if err != nil { if err != nil {
return nil, fmt.Errorf("Error decoding base64 encoded seed: %v", err) return nil, fmt.Errorf("Error decoding base64 encoded seed: %v", err)
} }
mathrand.Seed(int64(binary.BigEndian.Uint64(seed))) mathrand.Seed(int64(binary.BigEndian.Uint64(seed)))
} else {
mathrand.Seed(int64(binary.BigEndian.Uint64([]byte(buildInfo.buildID))))
} }
if envGarbleLiterals { if envGarbleLiterals {

14
strings.go
Unescape Escape View File

@ -240,17 +240,3 @@ func keyStmt(key []byte) *ast.GenDecl {
}}, }},
} }
} }
var cryptoAesImportSpec = &ast.GenDecl{
Tok: token.IMPORT,
Specs: []ast.Spec{
&ast.ImportSpec{Path: &ast.BasicLit{
Kind: token.STRING,
Value: `"crypto/aes"`,
}},
&ast.ImportSpec{Path: &ast.BasicLit{
Kind: token.STRING,
Value: `"crypto/cipher"`,
}},
},
}

26
testdata/scripts/seed.txt vendored
Unescape Escape View File

@ -1,43 +1,53 @@
# Check the binary with a given base64 encoded seed # Check the binary with a given base64 encoded seed
garble -literals -seed=OQg9kACEECQ= build main.go garble -literals -seed=OQg9kACEECQ= build
exec ./main$exe exec ./main$exe
cmp stderr main.stdout cmp stderr main.stdout
! binsubstr main$exe 'teststring' 'teststringVar' ! binsubstr main$exe 'teststring' 'teststringVar' 'imported var value' 'ImportedVar'
[short] stop # checking that the build is reproducible and random is slow [short] stop # checking that the build is reproducible and random is slow
# Also check that the binary is reproducible. # Also check that the binary is reproducible.
cp main$exe main_old$exe cp main$exe main_old$exe
rm main$exe rm main$exe
garble -literals -seed=OQg9kACEECQ= build main.go garble -literals -seed=OQg9kACEECQ= build
bincmp main$exe main_old$exe bincmp main$exe main_old$exe
# Also check that a different seed leads to a different binary # Also check that a different seed leads to a different binary
cp main$exe main_old$exe cp main$exe main_old$exe
rm main$exe rm main$exe
garble -literals -seed=NruiDmVz6/s= build main.go garble -literals -seed=NruiDmVz6/s= build
! bincmp main$exe main_old$exe ! bincmp main$exe main_old$exe
# Check the random binary # Check the random binary
garble -literals -seed=random build main.go garble -literals -seed=random build
exec ./main$exe exec ./main$exe
cmp stderr main.stdout cmp stderr main.stdout
! binsubstr main$exe 'teststring' 'teststringVar' ! binsubstr main$exe 'teststring' 'teststringVar' 'imported var value' 'ImportedVar'
# Also check that the random binary is not reproducible. # Also check that the random binary is not reproducible.
cp main$exe main_old$exe cp main$exe main_old$exe
rm main$exe rm main$exe
garble -literals -seed=random build main.go garble -literals -seed=random build
! bincmp main$exe main_old$exe ! bincmp main$exe main_old$exe
-- go.mod --
module test/main
-- main.go -- -- main.go --
package main package main
import "test/main/imported"
var teststringVar = "teststring" var teststringVar = "teststring"
func main() { func main() {
println(teststringVar) println(teststringVar)
println(imported.ImportedVar)
} }
-- imported/imported.go --
package imported
var ImportedVar = "imported var value"
-- main.stdout -- -- main.stdout --
teststring teststring
imported var value
Write Preview
Loading…
Cancel
Save