gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持表文件加密。

Browse Source
This commit is contained in:
zhengchao
2017-06-09 20:46:28 +08:00
parent e0cc61d7a7
commit 37a94ea838
10 changed files with 183 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
inc/Maat_rule.h
View File

@@ -145,7 +145,8 @@ enum MAAT_INIT_OPT
MAAT_OPT_STAT_FILE_PATH, //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1.DEFAULT: no default.
MAAT_OPT_SCAN_DETAIL, //VALUE is interger,SIZE=sizeof(int). 0: not return any detail;1: return hit pos, not include regex grouping;
// 2 return hit pos and regex grouping pos;DEFAULT:0
MAAT_OPT_INSTANCE_NAME //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1,no more than 11 bytes.DEFAULT: MAAT_$tableinfo_path$.
MAAT_OPT_INSTANCE_NAME, //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1,no more than 11 bytes.DEFAULT: MAAT_$tableinfo_path$.
MAAT_OPT_DECRYPT_KEY //VALUE is a const char*,MUST end with '\0',SIZE= strlen(string+'\0')+1. No DEFAULT.
};
//return -1 if failed, return 0 on success;
int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT type,const void* value,int size);

5
src/entry/Maat_api.cpp
View File

@@ -545,6 +545,10 @@ int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT type,const vo
,"%s",
(const char*)value);
break;
case MAAT_OPT_DECRYPT_KEY:
_feather->decrypt_key=(unsigned char*)malloc(size*sizeof(unsigned char));
memcpy(_feather->decrypt_key,value,size);
break;
default:
return -1;
}
@@ -566,6 +570,7 @@ int Maat_initiate_feather(Maat_feather_t feather)
maat_update_cb,
maat_finish_cb,
_feather,
_feather->decrypt_key,
_feather->logger);
if(_feather->update_tmp_scanner==NULL)
{

3
src/entry/Maat_rule.cpp
View File

@@ -28,7 +28,7 @@
#include "mesa_fuzzy.h"
#include "great_index_engine.h"
int MAAT_FRAME_VERSION_1_8_20170524=1;
int MAAT_FRAME_VERSION_1_9_20170609=1;
const char *maat_module="MAAT Frame";
const char* CHARSET_STRING[]={"NONE","gbk","big5","unicode","utf8","bin",
@@ -3006,6 +3006,7 @@ void *thread_rule_monitor(void *arg)
maat_update_cb,
maat_finish_cb,
feather,
feather->decrypt_key,
feather->logger);
pthread_mutex_unlock(&(feather->plugin_table_reg_mutex));
if(feather->update_tmp_scanner!=NULL)

1
src/entry/Maat_rule_internal.h
View File

@@ -372,6 +372,7 @@ struct _Maat_feather_t
char instance_name[MAX_TABLE_NAME_LEN];
char table_info_fn[MAX_TABLE_NAME_LEN];
pthread_mutex_t plugin_table_reg_mutex;
unsigned char* decrypt_key;
//for stat>>>>
screen_stat_handle_t stat_handle;
int total_stat_id;

2
src/entry/Makefile
View File

@@ -8,7 +8,7 @@ GCOV_FLAGS = -fprofile-arcs -ftest-coverage
CFLAGS += $(OPTFLAGS)
#CFLAGS += $(GCOV_FLAGS)
LDDICTATOR = -Wl,-wrap,malloc -Wl,-wrap,calloc -Wl,-wrap,free -Wl,-wrap,realloc
LDFLAGS = -lMESA_handle_logger -lMESA_htable -lpthread -lrt -lm -lrulescan -lpcre -lMESA_field_stat2 -lgcov
LDFLAGS = -lMESA_handle_logger -lMESA_htable -lpthread -lrt -lm -lrulescan -lpcre -lMESA_field_stat2 -lcrypto
#LDFLAGS += $(LDDICTATOR)
LDFLAGS += $(GCOV_FLAGS)
MAILLIB = ../lib

171
src/entry/config_monitor.cpp
View File

@@ -4,7 +4,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
const char* module_config_monitor="CONFIG_MONITOR";
#define CM_UPDATE_TYPE_ERR -1
@@ -13,6 +13,14 @@ const char* module_config_monitor="CONFIG_MONITOR";
#define CM_MAX_TABLE_NUM 256
#define MAX_CONFIG_FN_LEN 256
#define MAX_CONFIG_LINE 1024*4
#ifndef MAX
#define MAX(a, b) (((a) > (b)) ? (a) : (b))
#endif
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
//#define USING_DICTATOR 1
extern "C" void __real_free(void*p);
struct cm_table_info_t
@@ -20,7 +28,118 @@ struct cm_table_info_t
char table_name[MAX_CONFIG_FN_LEN];
char cfg_path[MAX_CONFIG_FN_LEN];
int cfg_num;
char encryp_algorithm[MAX_CONFIG_FN_LEN];
};
int decrypt_open(FILE* in,const unsigned char* key, const char* algorithm,unsigned char**pp_out,void *logger)
{
unsigned char inbuf[MAX_CONFIG_LINE];
int inlen, out_blk_len=0;
int out_buff_len=0,buff_offset=0;
EVP_CIPHER_CTX *ctx;
unsigned char cipher_key[EVP_MAX_KEY_LENGTH];
unsigned char cipher_iv[EVP_MAX_IV_LENGTH];
memset(cipher_key,0,sizeof(cipher_key));
memset(cipher_iv,0,sizeof(cipher_iv));
const EVP_CIPHER *cipher;
const EVP_MD *dgst=NULL;
const unsigned char *salt=NULL;
int ret=0;
OpenSSL_add_all_algorithms();
cipher=EVP_get_cipherbyname(algorithm);
if(cipher==NULL)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"Not cipher:%s not supported.");
return 0;
}
dgst=EVP_get_digestbyname("md5");
if(dgst==NULL)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"Get MD5 object failed.");
return 0;
}
ret=EVP_BytesToKey(cipher,dgst,salt,key,strlen((const char*)key),1,cipher_key,cipher_iv);
if(ret==0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"Key and IV generatioin failed.");
return 0;
}
/* Don't set key or IV right away; we want to check lengths */
ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL,0);
OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
/* Now we can set key and IV */
EVP_CipherInit_ex(ctx, NULL, NULL, cipher_key, cipher_iv, 0);
out_buff_len=16*1024;
*pp_out=(unsigned char*)malloc(out_buff_len*sizeof(unsigned char));
for (;;)
{
inlen = fread(inbuf, 1, MAX_CONFIG_LINE, in);
if (inlen <= 0)
break;
out_blk_len=out_buff_len-buff_offset;
if (!EVP_CipherUpdate(ctx, *pp_out+buff_offset, &out_blk_len, inbuf, inlen))
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"EVP_CipherUpdate failed.");
EVP_CIPHER_CTX_free(ctx);
goto error_out;
}
buff_offset+=out_blk_len;
if(buff_offset==out_buff_len)
{
out_buff_len*=2;
*pp_out=(unsigned char*)realloc(*pp_out,out_buff_len);
}
}
if (!EVP_CipherFinal_ex(ctx, *pp_out+buff_offset, &out_blk_len))
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"EVP_CipherFinal_ex failed.");
EVP_CIPHER_CTX_free(ctx);
goto error_out;
}
buff_offset+=out_blk_len;
EVP_CIPHER_CTX_free(ctx);
return buff_offset;
error_out:
free(*pp_out);
*pp_out=NULL;
return 0;
}
char* read_nxt_line_from_buff(const unsigned char* buff, int buff_size, int* offset, char*line ,int line_size)
{
int this_offset=0;
const unsigned char* p;
//search for CRLF, aka '\r', '\n' or "\r\n"
p=(const unsigned char*)memchr(buff+*offset,'\r',buff_size-*offset);
if(p==NULL)
{
p=(const unsigned char*)memchr(buff+*offset,'\n',buff_size-*offset);
}
else
{
if(p-buff<buff_size-1&&*(p+1)=='\n')
{
p++;
}
}
if(p!=NULL)//point to next character
{
p++;
}
else //Treat rest buff has no CRLF as a line.
{
p=buff+buff_size;
}
this_offset=p-(buff+*offset);
memcpy(line,buff+*offset,MIN(this_offset,line_size));
*offset+=this_offset;
return line;
}
//replacement of glibc scandir, to adapt dictator malloc wrap
#define ENLARGE_STEP 1024
int my_scandir(const char *dir, struct dirent ***namelist,
@@ -202,12 +321,15 @@ int cm_read_cfg_index_file(const char* path,struct cm_table_info_t* idx,int size
FILE* fp=NULL;
fp=fopen(path,"r");
int ret=0,i=0;
char line[MAX_CONFIG_LINE];
while(!feof(fp))
{
ret=fscanf(fp,"%s\t%d\t%s",idx[i].table_name
fgets(line,sizeof(line),fp);
ret=sscanf(line,"%s\t%d\t%s\t%s",idx[i].table_name
,&(idx[i].cfg_num)
,idx[i].cfg_path);
if(ret==3&&idx[i].cfg_num>=0)//jump over empty line
,idx[i].cfg_path
,idx[i].encryp_algorithm);
if((ret==3||ret==4)&&idx[i].cfg_num>=0)//jump over empty line
{
i++;
}
@@ -224,17 +346,40 @@ int cm_read_cfg_index_file(const char* path,struct cm_table_info_t* idx,int size
int cm_read_table_file(struct cm_table_info_t* index,
void (*update)(const char*,const char*,void*),
void* u_para,
const unsigned char* key,
void* logger)
{
int cfg_num=0,i=0;
char line[MAX_CONFIG_LINE]={0},*ret_str=NULL;
unsigned char* decrypt_buff=NULL;
int decrypt_len=0,do_decrypt=0,decrypt_offset=0;
FILE*fp=fopen(index->cfg_path,"r");
if(fp==NULL)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"update error,open %s failed.",index->cfg_path);
return -1;
}
fscanf(fp,"%d\n",&cfg_num);
if(strlen(index->encryp_algorithm)>0)
{
if(key==NULL||strlen((const char*)key)==0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"update error,no key to decrypt %s.",index->cfg_path);
return -1;
}
decrypt_len=decrypt_open(fp, key,index->encryp_algorithm, &decrypt_buff,logger);
if(decrypt_len==0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"update error,%s decrypt failed.",index->cfg_path);
return -1;
}
read_nxt_line_from_buff(decrypt_buff, decrypt_len, &decrypt_offset, line, sizeof(line));
sscanf(line,"%d\n",&cfg_num);
do_decrypt=1;
}
else
{
fscanf(fp,"%d\n",&cfg_num);
}
if(cfg_num!=index->cfg_num)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor ,"file %s config num not matched",index->cfg_path);
@@ -244,7 +389,14 @@ int cm_read_table_file(struct cm_table_info_t* index,
for(i=0;i<cfg_num;i++)
{
line[sizeof(line)-1]='\0';
ret_str=fgets(line,sizeof(line),fp);
if(do_decrypt==1)
{
ret_str=read_nxt_line_from_buff(decrypt_buff, decrypt_len, &decrypt_offset, line, sizeof(line));
}
else
{
ret_str=fgets(line,sizeof(line),fp);
}
if(ret_str==NULL)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor ,
@@ -262,6 +414,10 @@ int cm_read_table_file(struct cm_table_info_t* index,
update(index->table_name,line,u_para);
}
fclose(fp);
if(decrypt_buff!=NULL)
{
free(decrypt_buff);
}
return 0;
}
const char* path2filename(const char*path)
@@ -281,6 +437,7 @@ void config_monitor_traverse(unsigned int version,const char*idx_dir,
void (*update)(const char* ,const char*,void* ),
void (*finish)(void*),
void* u_para,
const unsigned char* dec_key,
void* logger)
{
@@ -305,7 +462,7 @@ void config_monitor_traverse(unsigned int version,const char*idx_dir,
start(new_version,update_type,u_para);
for(j=0;j<table_num;j++)
{
cm_read_table_file(table_array+j,update,u_para,logger);
cm_read_table_file(table_array+j,update,u_para,dec_key,logger);
}
finish(u_para);
}

1
src/entry/config_monitor.h
View File

@@ -9,6 +9,7 @@ void config_monitor_traverse(unsigned int version,const char*idx_dir,
void (*update)(const char* ,const char*,void* ),//table name ,line ,u_para
void (*finish)(void*),//u_para
void* u_para,
const unsigned char* dec_key,
void* logger);
#endif

6
test/maat_test.cpp
View File

@@ -462,10 +462,11 @@ int main(int argc,char* argv[])
int g_iThreadNum=4;
const char* table_info_path="./table_info.conf";
const char* json_path="./maat_json.json";
const char* ful_cfg_dir="./rule/full/index";
const char* inc_cfg_dir="./rule/inc/index";
const char* ful_cfg_dir="./rule/full/index/";
const char* inc_cfg_dir="./rule/inc/index/";
const char* log_file="./test.log";
const char* stat_file="./scan_staus.log";
const char* decrypt_key="mesa2017wy";
int scan_detail=0;
scan_status_t mid=NULL;
int wait_second=4;
@@ -473,6 +474,7 @@ int main(int argc,char* argv[])
feather=Maat_feather(g_iThreadNum, table_info_path, logger);
Maat_set_feather_opt(feather,MAAT_OPT_INSTANCE_NAME,"demo", strlen("demo")+1);
Maat_set_feather_opt(feather,MAAT_OPT_DECRYPT_KEY,decrypt_key, strlen(decrypt_key)+1);
if(argc>1&&0==strcmp(argv[1],"update"))
{

2
test/rule/full/HTTP_URL.local.encrypt Normal file
View File

@@ -0,0 +1,2 @@
<EFBFBD><EFBFBD>{<7B><><EFBFBD>1<EFBFBD>T <58><D2B7><EFBFBD>F<EFBFBD> <20>\y<Z<><06><><EFBFBD>=j<>žZ<C29E>譟R:,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><05><><EFBFBD>?s<>~<7E><>7I<37>+M<><4D>B<1D>N<18>U<EFBFBD><55><EFBFBD><EFBFBD><EFBFBD>l<EFBFBD><6C><EFBFBD>mI<>+<2B>X<EFBFBD>,<2C><>oX
<EFBFBD>/<2F>H<EFBFBD>r<><72><EFBFBD>$9<>

2
test/rule/full/index/full_config_index.0000000001
View File

@@ -4,7 +4,7 @@ TEST_PLUGIN_TABLE 3 ./rule/full/TEST_PLUGIN_TABLE.local
HTTP_REGION 1 ./rule/full/HTTP_REGION.local
IP_CONFIG 2 ./rule/full/IP_CONFIG.local
CONTENT_SIZE 2 ./rule/full/CONTENT_SIZE.local
HTTP_URL 5 ./rule/full/HTTP_URL.local
HTTP_URL 5 ./rule/full/HTTP_URL.local.encrypt aes-128-cbc
HTTP_HOST 1 ./rule/full/HTTP_HOST.local
QD_ENTRY_INFO 3 ./rule/full/QD_ENTRY_INFO.local
FILE_DIGEST 1 ./rule/full/FILE_DIGEST.local