rustpatcher 0.2.2

distributed patching system for single binary applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

use crate::Version;
use ed25519_dalek::{Signature, Signer, SigningKey};
use serde::{Deserialize, Serialize};
use sha2::Digest;

#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct PatchInfo {
    pub version: Version,
    pub size: u64,
    pub hash: [u8; 32],
    pub signature: Signature,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Patch {
    info: PatchInfo,
    data: Vec<u8>,
}

impl Patch {
    pub fn info(&self) -> &PatchInfo {
        &self.info
    }

    pub fn data(&self) -> &Vec<u8> {
        &self.data
    }

    pub fn verify(&self) -> anyhow::Result<()> {
        #[cfg(target_os = "macos")]
        let data_stripped: Vec<u8> = crate::macho::exclude_code_signature(self.data.as_slice())?;
        #[cfg(target_os = "macos")]
        let data_stripped = data_stripped.as_slice();
        #[cfg(not(target_os = "macos"))]
        let data_stripped = self.data.as_slice();

        let (data_no_embed, _, _) = crate::embed::cut_embed_section(data_stripped)?;

        let mut data_hasher = sha2::Sha512::new();
        data_hasher.update(&data_no_embed);
        let data_hash: [u8; 32] = data_hasher.finalize()[..32].try_into()?;

        let mut sign_hash = sha2::Sha512::new();
        sign_hash.update(self.info.version.to_string());
        sign_hash.update(data_hash);
        sign_hash.update((data_no_embed.len() as u64).to_le_bytes());
        let sign_hash = sign_hash.finalize();

        crate::get_owner_pub_key().verify_strict(&sign_hash, &self.info.signature)?;

        if data_hash != self.info.hash {
            anyhow::bail!("data hash mismatch");
        }

        if data_no_embed.len() as u64 != self.info.size {
            anyhow::bail!("data size mismatch");
        }

        Ok(())
    }

    pub fn sign(owner_signing_key: SigningKey, data: &[u8]) -> anyhow::Result<PatchInfo> {
        #[cfg(target_os = "macos")]
        let data_stripped = crate::macho::exclude_code_signature(data)?;
        #[cfg(target_os = "macos")]
        let data_stripped = data_stripped.as_slice();
        #[cfg(not(target_os = "macos"))]
        let data_stripped = data;

        let (data_no_embed, data_embed, _) = crate::embed::cut_embed_section(data_stripped)?;
        let version = crate::embed::get_embedded_version(&data_embed)?;

        let mut data_hasher = sha2::Sha512::new();
        data_hasher.update(data_no_embed.as_slice());
        let data_hash = data_hasher.finalize()[..32].try_into()?;

        let mut sign_hash = sha2::Sha512::new();
        sign_hash.update(version.to_string());
        sign_hash.update(data_hash);
        sign_hash.update((data_no_embed.len() as u64).to_le_bytes());
        let sign_hash = sign_hash.finalize();
        let signature = owner_signing_key.sign(&sign_hash);

        Ok(PatchInfo {
            version,
            size: data_no_embed.len() as u64,
            hash: data_hash,
            signature,
        })
    }

    pub fn from_self() -> anyhow::Result<Self> {
        let data = std::fs::read(std::env::current_exe()?)?;
        let patch_info = crate::embed::get_embedded_patch_info(data.as_slice())?;

        let patch = Self {
            info: patch_info,
            data,
        };
        patch.verify()?;
        Ok(patch)
    }
}