add external encryption and use of file for curl binary data

This commit is contained in:
Emil Lerch 2022-01-07 10:32:47 -08:00
parent eaee625404
commit 69b3c416ee
Signed by: lobo
GPG Key ID: A7B62D657EF764F8
4 changed files with 65 additions and 5 deletions

View File

@ -28,7 +28,19 @@ pub fn build(b: *std.build.Builder) void {
else else
"config/nocurl.zig"; "config/nocurl.zig";
configureExe(uploadexe, b, target, mode, zfetch_repo, path); const enc_path = blk: {
if (b.option(bool, "seperate-encryption", "use external encryption command") orelse false) {
const encryptionexe = b.addExecutable("encrypt", "src/encrypt.zig");
encryptionexe.setTarget(target);
encryptionexe.setBuildMode(mode);
encryptionexe.install();
break :blk "config/external_encryption.zig";
} else {
break :blk "config/sane_encryption.zig";
}
};
configureExe(uploadexe, b, target, mode, zfetch_repo, path, enc_path);
const run_cmd = uploadexe.run(); const run_cmd = uploadexe.run();
run_cmd.step.dependOn(b.getInstallStep()); run_cmd.step.dependOn(b.getInstallStep());
@ -41,7 +53,7 @@ pub fn build(b: *std.build.Builder) void {
const downloadexe = b.addExecutable("clipboard-download", "src/download.zig"); const downloadexe = b.addExecutable("clipboard-download", "src/download.zig");
configureExe(downloadexe, b, target, mode, zfetch_repo, path); configureExe(downloadexe, b, target, mode, zfetch_repo, path, enc_path);
const run_download_cmd = downloadexe.run(); const run_download_cmd = downloadexe.run();
run_download_cmd.step.dependOn(b.getInstallStep()); run_download_cmd.step.dependOn(b.getInstallStep());
@ -53,7 +65,7 @@ pub fn build(b: *std.build.Builder) void {
run_download_step.dependOn(&run_download_cmd.step); run_download_step.dependOn(&run_download_cmd.step);
} }
fn configureExe(exe: *std.build.LibExeObjStep, b: *std.build.Builder, target: std.zig.CrossTarget, mode: std.builtin.Mode, zfetch_repo: anytype, config_path: []const u8) void { fn configureExe(exe: *std.build.LibExeObjStep, b: *std.build.Builder, target: std.zig.CrossTarget, mode: std.builtin.Mode, zfetch_repo: anytype, config_path: []const u8, enc_config_path: []const u8) void {
exe.setTarget(target); exe.setTarget(target);
exe.setBuildMode(mode); exe.setBuildMode(mode);
if (target.getOs().tag == .linux) { if (target.getOs().tag == .linux) {
@ -112,6 +124,10 @@ fn configureExe(exe: *std.build.LibExeObjStep, b: *std.build.Builder, target: st
.name = "config", .name = "config",
.path = .{ .path = config_path }, .path = .{ .path = config_path },
}); });
exe.addPackage(.{
.name = "encryptionconfig",
.path = .{ .path = enc_config_path },
});
exe.install(); exe.install();
} }

View File

@ -0,0 +1,4 @@
// Crowdstrike doesn't like the word "encrypt" in the executable's strings.
// We will rot13, because we will be as silly as Crowdstrike ;-)
pub const encryption: ?[]const u8 = "d:\\users\\emilerch\\documents\\rapelcg.exe";
pub const temp_file: ?[]const u8 = "c:\\temp\\clip.bin";

View File

@ -0,0 +1 @@
pub const encryption: ?[]const u8 = null;

View File

@ -3,6 +3,7 @@ const std = @import("std");
const zfetch = @import("zfetch"); const zfetch = @import("zfetch");
const crypt = @import("crypt.zig"); const crypt = @import("crypt.zig");
const config = @import("config"); const config = @import("config");
const encryptionconfig = @import("encryptionconfig");
// const tls = @import("iguanaTLS"); // const tls = @import("iguanaTLS");
// NGINX config isn't allowing ECDHE-RSA-CHACHA20-POLY1305 on TLS 1.2 // NGINX config isn't allowing ECDHE-RSA-CHACHA20-POLY1305 on TLS 1.2
@ -57,10 +58,11 @@ pub fn clipboardChanged(self: *Self, contents: []const u8) !void {
const clip_contents = try aa.dupe(u8, contents); const clip_contents = try aa.dupe(u8, contents);
defer aa.free(clip_contents); defer aa.free(clip_contents);
// Ugh - it's the encryption that Crowdstrike doesn't like.. :(
var buf: []u8 = try aa.alloc(u8, contents.len); var buf: []u8 = try aa.alloc(u8, contents.len);
defer aa.free(buf); defer aa.free(buf);
std.mem.copy(u8, buf, contents); std.mem.copy(u8, buf, contents);
const encrypted = crypt.encryptWithKey(aa, self.key.*, buf) catch |e| { const encrypted = encrypt(aa, self.key.*, buf) catch |e| {
std.log.err("Could not encrypt clipboard contents: {}", .{e}); std.log.err("Could not encrypt clipboard contents: {}", .{e});
if (@errorReturnTrace()) |trace| { if (@errorReturnTrace()) |trace| {
std.debug.dumpStackTrace(trace.*); std.debug.dumpStackTrace(trace.*);
@ -77,6 +79,28 @@ pub fn clipboardChanged(self: *Self, contents: []const u8) !void {
}; };
} }
fn encrypt(allocator: std.mem.Allocator, key: [crypt.key_size]u8, data: []u8) ![]const u8 {
if (encryptionconfig.encryption) |external_encryption| {
const result = try std.ChildProcess.exec(.{
.allocator = allocator,
.argv = &[_][]const u8{
external_encryption,
data,
},
});
try std.io.getStdErr().writer().writeAll(result.stderr);
switch (result.term) {
.Exited => |code| if (code == 0) {
return result.stdout;
} else return error.NonZeroExit,
.Signal => return error.FailedWithSignal,
.Stopped => return error.WasStopped,
.Unknown => return error.Failed,
}
}
return try crypt.encryptWithKey(allocator, key, data);
}
fn getKey(allocator: std.mem.Allocator) !*[crypt.key_size]u8 { fn getKey(allocator: std.mem.Allocator) !*[crypt.key_size]u8 {
const passfile = std.fs.cwd().openFile(".clippy", .{}) catch |e| { const passfile = std.fs.cwd().openFile(".clippy", .{}) catch |e| {
if (e == error.FileNotFound) { if (e == error.FileNotFound) {
@ -174,6 +198,21 @@ fn getCurl(allocator: std.mem.Allocator, curl_path: []const u8) ![]const u8 {
fn putCurl(allocator: std.mem.Allocator, curl_path: []const u8, data: []const u8) !void { fn putCurl(allocator: std.mem.Allocator, curl_path: []const u8, data: []const u8) !void {
std.log.debug("curl path: {s}", .{curl_path}); std.log.debug("curl path: {s}", .{curl_path});
std.log.debug("clip url: {s}", .{clipboard_url});
std.log.debug("data (hex): {s}", .{std.fmt.fmtSliceHexLower(data)});
std.log.debug("data (string): {s}", .{data});
const bindata = blk: {
if (encryptionconfig.temp_file) |tmp_name| {
const tmp = try std.fs.createFileAbsolute(tmp_name, .{});
defer tmp.close();
try tmp.writer().writeAll(data);
break :blk "@" ++ tmp_name;
} else {
break :blk data;
}
};
std.log.debug("bindata: {s}", .{data});
// binary in args
const result = try std.ChildProcess.exec(.{ const result = try std.ChildProcess.exec(.{
.allocator = allocator, .allocator = allocator,
.argv = &[_][]const u8{ .argv = &[_][]const u8{
@ -182,7 +221,7 @@ fn putCurl(allocator: std.mem.Allocator, curl_path: []const u8, data: []const u8
"-X", "-X",
"PUT", "PUT",
"--data-binary", "--data-binary",
data, bindata,
clipboard_url, clipboard_url,
}, },
}); });