|
|
|
|
// Copyright (c) 2020, The Garble Authors.
|
|
|
|
|
// See LICENSE for licensing information.
|
|
|
|
|
|
|
|
|
|
package literals
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"go/ast"
|
|
|
|
|
"go/token"
|
avoid using math/rand's global funcs like Seed and Intn
Go 1.20 is starting to deprecate the use of math/rand's global state,
per https://go.dev/issue/56319 and https://go.dev/issue/20661.
The reasoning is sound:
Deprecated: Programs that call Seed and then expect a specific sequence
of results from the global random source (using functions such as Int)
can be broken when a dependency changes how much it consumes from the
global random source. To avoid such breakages, programs that need a
specific result sequence should use NewRand(NewSource(seed)) to obtain a
random generator that other packages cannot access.
Aside from the tests, we used math/rand only for obfuscating literals,
which caused a deterministic series of calls like Intn. Our call to Seed
was also deterministic, per either GarbleActionID or the -seed flag.
However, our determinism was fragile. If any of our dependencies or
other packages made any calls to math/rand's global funcs, then our
determinism could be broken entirely, and it's hard to notice.
Start using separate math/rand.Rand objects for each use case.
Also make uses of crypto/rand use "cryptorand" for consistency.
Note that this requires a bit of a refactor in internal/literals
to start passing around Rand objects. We also do away with unnecessary
short funcs, especially since math/rand's Read never errors,
and we can obtain a byte via math/rand's Uint32.
2 years ago
|
|
|
mathrand "math/rand"
|
|
|
|
|
ah "mvdan.cc/garble/internal/asthelper"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type simple struct{}
|
|
|
|
|
|
|
|
|
|
// check that the obfuscator interface is implemented
|
|
|
|
|
var _ obfuscator = simple{}
|
|
|
|
|
|
|
|
|
|
func (simple) obfuscate(obfRand *mathrand.Rand, data []byte, extKeys []*extKey) *ast.BlockStmt {
|
|
|
|
|
key := make([]byte, len(data))
|
avoid using math/rand's global funcs like Seed and Intn
Go 1.20 is starting to deprecate the use of math/rand's global state,
per https://go.dev/issue/56319 and https://go.dev/issue/20661.
The reasoning is sound:
Deprecated: Programs that call Seed and then expect a specific sequence
of results from the global random source (using functions such as Int)
can be broken when a dependency changes how much it consumes from the
global random source. To avoid such breakages, programs that need a
specific result sequence should use NewRand(NewSource(seed)) to obtain a
random generator that other packages cannot access.
Aside from the tests, we used math/rand only for obfuscating literals,
which caused a deterministic series of calls like Intn. Our call to Seed
was also deterministic, per either GarbleActionID or the -seed flag.
However, our determinism was fragile. If any of our dependencies or
other packages made any calls to math/rand's global funcs, then our
determinism could be broken entirely, and it's hard to notice.
Start using separate math/rand.Rand objects for each use case.
Also make uses of crypto/rand use "cryptorand" for consistency.
Note that this requires a bit of a refactor in internal/literals
to start passing around Rand objects. We also do away with unnecessary
short funcs, especially since math/rand's Read never errors,
and we can obtain a byte via math/rand's Uint32.
2 years ago
|
|
|
obfRand.Read(key)
|
|
|
|
|
|
avoid using math/rand's global funcs like Seed and Intn
Go 1.20 is starting to deprecate the use of math/rand's global state,
per https://go.dev/issue/56319 and https://go.dev/issue/20661.
The reasoning is sound:
Deprecated: Programs that call Seed and then expect a specific sequence
of results from the global random source (using functions such as Int)
can be broken when a dependency changes how much it consumes from the
global random source. To avoid such breakages, programs that need a
specific result sequence should use NewRand(NewSource(seed)) to obtain a
random generator that other packages cannot access.
Aside from the tests, we used math/rand only for obfuscating literals,
which caused a deterministic series of calls like Intn. Our call to Seed
was also deterministic, per either GarbleActionID or the -seed flag.
However, our determinism was fragile. If any of our dependencies or
other packages made any calls to math/rand's global funcs, then our
determinism could be broken entirely, and it's hard to notice.
Start using separate math/rand.Rand objects for each use case.
Also make uses of crypto/rand use "cryptorand" for consistency.
Note that this requires a bit of a refactor in internal/literals
to start passing around Rand objects. We also do away with unnecessary
short funcs, especially since math/rand's Read never errors,
and we can obtain a byte via math/rand's Uint32.
2 years ago
|
|
|
op := randOperator(obfRand)
|
|
|
|
|
for i, b := range key {
|
|
|
|
|
data[i] = evalOperator(op, data[i], b)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ah.BlockStmt(
|
|
|
|
|
&ast.AssignStmt{
|
|
|
|
|
Lhs: []ast.Expr{ast.NewIdent("key")},
|
|
|
|
|
Tok: token.DEFINE,
|
|
|
|
|
Rhs: []ast.Expr{dataToByteSliceWithExtKeys(obfRand, key, extKeys)},
|
|
|
|
|
},
|
|
|
|
|
&ast.AssignStmt{
|
|
|
|
|
Lhs: []ast.Expr{ast.NewIdent("data")},
|
|
|
|
|
Tok: token.DEFINE,
|
|
|
|
|
Rhs: []ast.Expr{dataToByteSliceWithExtKeys(obfRand, data, extKeys)},
|
|
|
|
|
},
|
|
|
|
|
&ast.RangeStmt{
|
|
|
|
|
Key: ast.NewIdent("i"),
|
|
|
|
|
Value: ast.NewIdent("b"),
|
|
|
|
|
Tok: token.DEFINE,
|
|
|
|
|
X: ast.NewIdent("key"),
|
|
|
|
|
Body: &ast.BlockStmt{List: []ast.Stmt{
|
|
|
|
|
&ast.AssignStmt{
|
|
|
|
|
Lhs: []ast.Expr{ah.IndexExpr("data", ast.NewIdent("i"))},
|
|
|
|
|
Tok: token.ASSIGN,
|
|
|
|
|
Rhs: []ast.Expr{operatorToReversedBinaryExpr(op, ah.IndexExpr("data", ast.NewIdent("i")), ast.NewIdent("b"))},
|
|
|
|
|
},
|
|
|
|
|
}},
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
}
|
