libgo/go/cmd/internal/buildid/rewrite.go - gofrontend - Git at Google

 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package buildid

 import (
 	"bytes"
 	"cmd/internal/codesign"
 	"crypto/sha256"
 	"debug/macho"
 	"fmt"
 	"io"
 )

 // FindAndHash reads all of r and returns the offsets of occurrences of id.
 // While reading, findAndHash also computes and returns
 // a hash of the content of r, but with occurrences of id replaced by zeros.
 // FindAndHash reads bufSize bytes from r at a time.
 // If bufSize == 0, FindAndHash uses a reasonable default.
 func FindAndHash(r io.Reader, id string, bufSize int) (matches []int64, hash [32]byte, err error) {
 	if bufSize == 0 {
 		bufSize = 31 * 1024 // bufSize+little will likely fit in 32 kB
 	}
 	if len(id) > bufSize {
 		return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: buffer too small")
 	}
 	zeros := make([]byte, len(id))
 	idBytes := []byte(id)

 	// For Mach-O files, we want to exclude the code signature.
 	// The code signature contains hashes of the whole file (except the signature
 	// itself), including the buildid. So the buildid cannot contain the signature.
 	r = excludeMachoCodeSignature(r)

 	// The strategy is to read the file through buf, looking for id,
 	// but we need to worry about what happens if id is broken up
 	// and returned in parts by two different reads.
 	// We allocate a tiny buffer (at least len(id)) and a big buffer (bufSize bytes)
 	// next to each other in memory and then copy the tail of
 	// one read into the tiny buffer before reading new data into the big buffer.
 	// The search for id is over the entire tiny+big buffer.
 	tiny := (len(id) + 127) &^ 127 // round up to 128-aligned
 	buf := make([]byte, tiny+bufSize)
 	h := sha256.New()
 	start := tiny
 	for offset := int64(0); ; {
 		// The file offset maintained by the loop corresponds to &buf[tiny].
 		// buf[start:tiny] is left over from previous iteration.
 		// After reading n bytes into buf[tiny:], we process buf[start:tiny+n].
 		n, err := io.ReadFull(r, buf[tiny:])
 		if err != io.ErrUnexpectedEOF && err != io.EOF && err != nil {
 			return nil, [32]byte{}, err
 		}

 		// Process any matches.
 		for {
 			i := bytes.Index(buf[start:tiny+n], idBytes)
 			if i < 0 {
 				break
 			}
 			matches = append(matches, offset+int64(start+i-tiny))
 			h.Write(buf[start : start+i])
 			h.Write(zeros)
 			start += i + len(id)
 		}
 		if n < bufSize {
 			// Did not fill buffer, must be at end of file.
 			h.Write(buf[start : tiny+n])
 			break
 		}

 		// Process all but final tiny bytes of buf (bufSize = len(buf)-tiny).
 		// Note that start > len(buf)-tiny is possible, if the search above
 		// found an id ending in the final tiny fringe. That's OK.
 		if start < len(buf)-tiny {
 			h.Write(buf[start : len(buf)-tiny])
 			start = len(buf) - tiny
 		}

 		// Slide ending tiny-sized fringe to beginning of buffer.
 		copy(buf[0:], buf[bufSize:])
 		start -= bufSize
 		offset += int64(bufSize)
 	}
 	h.Sum(hash[:0])
 	return matches, hash, nil
 }

 func Rewrite(w io.WriterAt, pos []int64, id string) error {
 	b := []byte(id)
 	for _, p := range pos {
 		if _, err := w.WriteAt(b, p); err != nil {
 			return err
 		}
 	}

 	// Update Mach-O code signature, if any.
 	if f, cmd, ok := findMachoCodeSignature(w); ok {
 		if codesign.Size(int64(cmd.Dataoff), "a.out") == int64(cmd.Datasize) {
 			// Update the signature if the size matches, so we don't need to
 			// fix up headers. Binaries generated by the Go linker should have
 			// the expected size. Otherwise skip.
 			text := f.Segment("__TEXT")
 			cs := make([]byte, cmd.Datasize)
 			codesign.Sign(cs, w.(io.Reader), "a.out", int64(cmd.Dataoff), int64(text.Offset), int64(text.Filesz), f.Type == macho.TypeExec)
 			if _, err := w.WriteAt(cs, int64(cmd.Dataoff)); err != nil {
 				return err
 			}
 		}
 	}

 	return nil
 }

 func excludeMachoCodeSignature(r io.Reader) io.Reader {
 	_, cmd, ok := findMachoCodeSignature(r)
 	if !ok {
 		return r
 	}
 	return &excludedReader{r, 0, int64(cmd.Dataoff), int64(cmd.Dataoff + cmd.Datasize)}
 }

 // excludedReader wraps an io.Reader. Reading from it returns the bytes from
 // the underlying reader, except that when the byte offset is within the
 // range between start and end, it returns zero bytes.
 type excludedReader struct {
 	r          io.Reader
 	off        int64 // current offset
 	start, end int64 // the range to be excluded (read as zero)
 }

 func (r *excludedReader) Read(p []byte) (int, error) {
 	n, err := r.r.Read(p)
 	if n > 0 && r.off+int64(n) > r.start && r.off < r.end {
 		cstart := r.start - r.off
 		if cstart < 0 {
 			cstart = 0
 		}
 		cend := r.end - r.off
 		if cend > int64(n) {
 			cend = int64(n)
 		}
 		zeros := make([]byte, cend-cstart)
 		copy(p[cstart:cend], zeros)
 	}
 	r.off += int64(n)
 	return n, err
 }

 func findMachoCodeSignature(r interface{}) (*macho.File, codesign.CodeSigCmd, bool) {
 	ra, ok := r.(io.ReaderAt)
 	if !ok {
 		return nil, codesign.CodeSigCmd{}, false
 	}
 	f, err := macho.NewFile(ra)
 	if err != nil {
 		return nil, codesign.CodeSigCmd{}, false
 	}
 	cmd, ok := codesign.FindCodeSigCmd(f)
 	return f, cmd, ok
 }
	// Copyright 2017 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package buildid

	import (
	"bytes"
	"cmd/internal/codesign"
	"crypto/sha256"
	"debug/macho"
	"fmt"
	"io"
	)

	// FindAndHash reads all of r and returns the offsets of occurrences of id.
	// While reading, findAndHash also computes and returns
	// a hash of the content of r, but with occurrences of id replaced by zeros.
	// FindAndHash reads bufSize bytes from r at a time.
	// If bufSize == 0, FindAndHash uses a reasonable default.
	func FindAndHash(r io.Reader, id string, bufSize int) (matches []int64, hash [32]byte, err error) {
	if bufSize == 0 {
	bufSize = 31 * 1024 // bufSize+little will likely fit in 32 kB
	}
	if len(id) > bufSize {
	return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: buffer too small")
	}
	zeros := make([]byte, len(id))
	idBytes := []byte(id)

	// For Mach-O files, we want to exclude the code signature.
	// The code signature contains hashes of the whole file (except the signature
	// itself), including the buildid. So the buildid cannot contain the signature.
	r = excludeMachoCodeSignature(r)

	// The strategy is to read the file through buf, looking for id,
	// but we need to worry about what happens if id is broken up
	// and returned in parts by two different reads.
	// We allocate a tiny buffer (at least len(id)) and a big buffer (bufSize bytes)
	// next to each other in memory and then copy the tail of
	// one read into the tiny buffer before reading new data into the big buffer.
	// The search for id is over the entire tiny+big buffer.
	tiny := (len(id) + 127) &^ 127 // round up to 128-aligned
	buf := make([]byte, tiny+bufSize)
	h := sha256.New()
	start := tiny
	for offset := int64(0); ; {
	// The file offset maintained by the loop corresponds to &buf[tiny].
	// buf[start:tiny] is left over from previous iteration.
	// After reading n bytes into buf[tiny:], we process buf[start:tiny+n].
	n, err := io.ReadFull(r, buf[tiny:])
	if err != io.ErrUnexpectedEOF && err != io.EOF && err != nil {
	return nil, [32]byte{}, err
	}

	// Process any matches.
	for {
	i := bytes.Index(buf[start:tiny+n], idBytes)
	if i < 0 {
	break
	}
	matches = append(matches, offset+int64(start+i-tiny))
	h.Write(buf[start : start+i])
	h.Write(zeros)
	start += i + len(id)
	}
	if n < bufSize {
	// Did not fill buffer, must be at end of file.
	h.Write(buf[start : tiny+n])
	break
	}

	// Process all but final tiny bytes of buf (bufSize = len(buf)-tiny).
	// Note that start > len(buf)-tiny is possible, if the search above
	// found an id ending in the final tiny fringe. That's OK.
	if start < len(buf)-tiny {
	h.Write(buf[start : len(buf)-tiny])
	start = len(buf) - tiny
	}

	// Slide ending tiny-sized fringe to beginning of buffer.
	copy(buf[0:], buf[bufSize:])
	start -= bufSize
	offset += int64(bufSize)
	}
	h.Sum(hash[:0])
	return matches, hash, nil
	}

	func Rewrite(w io.WriterAt, pos []int64, id string) error {
	b := []byte(id)
	for _, p := range pos {
	if _, err := w.WriteAt(b, p); err != nil {
	return err
	}
	}

	// Update Mach-O code signature, if any.
	if f, cmd, ok := findMachoCodeSignature(w); ok {
	if codesign.Size(int64(cmd.Dataoff), "a.out") == int64(cmd.Datasize) {
	// Update the signature if the size matches, so we don't need to
	// fix up headers. Binaries generated by the Go linker should have
	// the expected size. Otherwise skip.
	text := f.Segment("__TEXT")
	cs := make([]byte, cmd.Datasize)
	codesign.Sign(cs, w.(io.Reader), "a.out", int64(cmd.Dataoff), int64(text.Offset), int64(text.Filesz), f.Type == macho.TypeExec)
	if _, err := w.WriteAt(cs, int64(cmd.Dataoff)); err != nil {
	return err
	}
	}
	}

	return nil
	}

	func excludeMachoCodeSignature(r io.Reader) io.Reader {
	_, cmd, ok := findMachoCodeSignature(r)
	if !ok {
	return r
	}
	return &excludedReader{r, 0, int64(cmd.Dataoff), int64(cmd.Dataoff + cmd.Datasize)}
	}

	// excludedReader wraps an io.Reader. Reading from it returns the bytes from
	// the underlying reader, except that when the byte offset is within the
	// range between start and end, it returns zero bytes.
	type excludedReader struct {
	r io.Reader
	off int64 // current offset
	start, end int64 // the range to be excluded (read as zero)
	}

	func (r *excludedReader) Read(p []byte) (int, error) {
	n, err := r.r.Read(p)
	if n > 0 && r.off+int64(n) > r.start && r.off < r.end {
	cstart := r.start - r.off
	if cstart < 0 {
	cstart = 0
	}
	cend := r.end - r.off
	if cend > int64(n) {
	cend = int64(n)
	}
	zeros := make([]byte, cend-cstart)
	copy(p[cstart:cend], zeros)
	}
	r.off += int64(n)
	return n, err
	}

	func findMachoCodeSignature(r interface{}) (*macho.File, codesign.CodeSigCmd, bool) {
	ra, ok := r.(io.ReaderAt)
	if !ok {
	return nil, codesign.CodeSigCmd{}, false
	}
	f, err := macho.NewFile(ra)
	if err != nil {
	return nil, codesign.CodeSigCmd{}, false
	}
	cmd, ok := codesign.FindCodeSigCmd(f)
	return f, cmd, ok
	}