-
Notifications
You must be signed in to change notification settings - Fork 4.5k
/
embeddedhash.go
50 lines (43 loc) · 1.51 KB
/
embeddedhash.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
package securedload
import (
"bytes"
"crypto/sha256"
"encoding/hex"
"path/filepath"
"strings"
"github.com/v2fly/VSign/insmgr"
"github.com/v2fly/VSign/signerVerify"
"github.com/v2fly/v2ray-core/v5/common/platform"
"github.com/v2fly/v2ray-core/v5/common/platform/filesystem"
)
type EmbeddedHashProtectedLoader struct {
checkedFile map[string]string
}
func (e EmbeddedHashProtectedLoader) VerifyAndLoad(filename string) ([]byte, error) {
platformFileName := filepath.FromSlash(filename)
fileContent, err := filesystem.ReadFile(platform.GetAssetLocation(platformFileName))
if err != nil {
return nil, newError("Cannot find file", filename).Base(err)
}
fileHash := sha256.Sum256(fileContent)
fileHashAsString := hex.EncodeToString(fileHash[:])
if fileNameVerified, ok := e.checkedFile[fileHashAsString]; ok {
for _, filenameVerifiedIndividual := range strings.Split(fileNameVerified, ";") {
if strings.HasSuffix(filenameVerifiedIndividual, filename) {
return fileContent, nil
}
}
}
return nil, newError("Unrecognized file at ", filename, " can not be loaded for execution")
}
func NewEmbeddedHashProtectedLoader() *EmbeddedHashProtectedLoader {
instructions := insmgr.ReadAllIns(bytes.NewReader([]byte(allowedHashes)))
checkedFile, _, ok := signerVerify.CheckAsClient(instructions, "v2fly", true)
if !ok {
panic("Embedded Hash data is invalid")
}
return &EmbeddedHashProtectedLoader{checkedFile: checkedFile}
}
func init() {
RegisterProtectedLoader("embedded", NewEmbeddedHashProtectedLoader())
}