Fix fsverify signature verification

author: axtloss <axtlos@getcryst.al> 2024-02-17 22:00:50 +0100
committer: axtloss <axtlos@getcryst.al> 2024-02-17 22:00:50 +0100
commit: 61cc5e9a02a38cd086d382e521509e85fecd6d07 (patch)
tree: 6f18b142f0237397d51976788eadf81e9c3e4ef2
parent: 296a1f89fb3bbc2751f55a9eab9ec492bee3adba (diff)
download: fsverify-61cc5e9a02a38cd086d382e521509e85fecd6d07.tar.gz
fsverify-61cc5e9a02a38cd086d382e521509e85fecd6d07.tar.bz2
7 files changed, 109 insertions, 39 deletions
diff --git a/cmd/verify.go b/cmd/verify.go
index b4066b6..401787f 100644
--- a/cmd/verify.go
+++ b/cmd/verify.go
@@ -32,7 +32,6 @@ func validateThread(blockStart int, blockEnd int, bundleSize int, diskBytes []by
 	blockCount := math.Floor(float64(bundleSize / 2000))
 	totalReadBlocks := 0
 
-	fmt.Println("DBFILE: ", dbfile)
 	db, err := core.OpenDB(dbfile, true)
 	if err != nil {
 		errChan <- err
@@ -49,16 +48,13 @@ func validateThread(blockStart int, blockEnd int, bundleSize int, diskBytes []by
 
 	err = core.VerifyBlock(block, node)
 	if err != nil {
-		fmt.Println("fail")
 		errChan <- err
 	}
 
-	var nodeSum string
 	for int64(totalReadBlocks) < int64(blockCount) {
 		if validateFailed {
 			return
 		}
-		prevNodeSum := nodeSum
 		nodeSum, err := node.GetHash()
 		if err != nil {
 			fmt.Println("Using node ", nodeSum)
@@ -78,11 +74,9 @@ func validateThread(blockStart int, blockEnd int, bundleSize int, diskBytes []by
 		}
 		err = core.VerifyBlock(part, node)
 		if err != nil {
-			fmt.Println("fail")
 			errChan <- err
 			validateFailed = true
 			return
-			//fmt.Printf("Block '%s' ranging from %d to %d matches!\n", node.PrevNodeSum, node.BlockStart, node.BlockEnd)
 		}
 
 	}
@@ -90,23 +84,23 @@ func validateThread(blockStart int, blockEnd int, bundleSize int, diskBytes []by
 }
 
 func ValidateCommand(_ *cobra.Command, args []string) error {
-	header, err := core.ReadHeader("./part.fsverify")
-	fmt.Printf("Magic Number: %d\n", header.MagicNumber)
-	fmt.Printf("Signature: %s", header.Signature)
-	fmt.Printf("FsSize: %d\n", header.FilesystemSize)
-	fmt.Printf("FsUnit: %d\n", header.FilesystemUnit)
-	fmt.Printf("Table Size: %d\n", header.TableSize)
-	fmt.Printf("Table Size Unit: %d\n", header.TableUnit)
+	if len(args) != 1 {
+		return fmt.Errorf("Usage: fsverify verify [disk]")
+	}
+	header, err := core.ReadHeader(config.FsVerifyPart)
+
+	if header.MagicNumber != 0xACAB {
+		return fmt.Errorf("sanity bit does not match. Expected %d, got %d", 0xACAB, header.MagicNumber)
+	}
+
 	if err != nil {
 		return err
 	}
 	fmt.Println("Reading DB")
-	//dbfile, err := core.ReadDB("/dev/sda")
-	dbfile, err := core.ReadDB("./part.fsverify")
+	dbfile, err := core.ReadDB(config.FsVerifyPart)
 	if err != nil {
 		return err
 	}
-	fmt.Println("DBFILE: ", dbfile)
 	key, err := core.ReadKey()
 	if err != nil {
 		return err
@@ -117,7 +111,6 @@ func ValidateCommand(_ *cobra.Command, args []string) error {
 		return err
 	} else if !verified {
 		return fmt.Errorf("Signature verification failed\n")
-		//fmt.Println("Signature verification failedw")
 	} else {
 		fmt.Println("Signature verification success!")
 	}
@@ -134,6 +127,10 @@ func ValidateCommand(_ *cobra.Command, args []string) error {
 	}
 	diskSize := diskInfo.Size()
 
+	if header.FilesystemSize*header.FilesystemUnit != int(diskSize) {
+		return fmt.Errorf("disk size does not match disk size specified in header. Expected %d, got %d", header.FilesystemSize*header.FilesystemUnit, diskSize)
+	}
+
 	bundleSize := math.Floor(float64(diskSize / int64(config.ProcCount)))
 	diskBytes := make([]byte, diskSize)
 	_, err = disk.Read(diskBytes)
diff --git a/config/config.go b/config/config.go
index 0a71847..965243d 100644
--- a/config/config.go
+++ b/config/config.go
@@ -10,3 +10,6 @@ var KeyLocation = "/dev/ttyACM1"
 // The amount of threads the DB was created with, has to be the amount of processes
 // verifysetup was set to use
 var ProcCount = 12
+
+// Which partition/file to use as the fsverify partition
+var FsVerifyPart = "./verifysetup/part.fsverify"
diff --git a/core/storage.go b/core/storage.go
index d3dc3da..8208006 100644
--- a/core/storage.go
+++ b/core/storage.go
@@ -103,13 +103,13 @@ func ReadHeader(partition string) (Header, error) {
 		return Header{}, err
 	}
 
-	header.Signature = fmt.Sprintf("untrusted comment: fsverify\r\n%s\r\ntrusted comment: fsverify\r\n%s\r\n", UntrustedHash, TrustedHash)
+	header.Signature = fmt.Sprintf("untrusted comment: fsverify\n%s\ntrusted comment: fsverify\n%s\n", string(UntrustedHash), string(TrustedHash))
 	header.FilesystemSize = int(binary.BigEndian.Uint16(FilesystemSize))
 	header.TableSize = int(binary.BigEndian.Uint32(TableSize))
 	header.FilesystemUnit = parseUnitSpec(FilesystemUnit)
 	header.TableUnit = parseUnitSpec(TableUnit)
 	if header.FilesystemUnit == -1 || header.TableUnit == -1 {
-		return Header{}, fmt.Errorf("Error: unit size for Filesystem or Table invalid: fs: %x, table: %x", FilesystemUnit, TableUnit)
+		return Header{}, fmt.Errorf("unit size for Filesystem or Table invalid: fs: %x, table: %x", FilesystemUnit, TableUnit)
 	}
 	return header, nil
 }
@@ -146,7 +146,7 @@ func ReadDB(partition string) (string, error) {
 		return "", err
 	}
 	if n != header.TableSize*header.TableUnit {
-		return "", fmt.Errorf("Error: Database is not expected size. Got: %d, expected %d", n, header.TableSize*header.TableUnit)
+		return "", fmt.Errorf("Database is not expected size. Expected %d, got %d", header.TableSize*header.TableUnit, n)
 	}
 	fmt.Printf("db: %d\n", n)
 
@@ -204,7 +204,7 @@ func CopyByteArea(start int, end int, reader *bytes.Reader) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	} else if n != end-start {
-		return nil, fmt.Errorf("Unable to read requested size. Got %d, expected %d", n, end-start)
+		return nil, fmt.Errorf("Unable to read requested size. Expected %d, got %d", end-start, n)
 	}
 	return bytes, nil
 }
diff --git a/core/verification.go b/core/verification.go
index 1193664..f1e1f0b 100644
--- a/core/verification.go
+++ b/core/verification.go
@@ -27,7 +27,7 @@ func fileReadKey() (string, error) {
 	reader := bufio.NewReader(file)
 	n, err := reader.Read(key)
 	if n != 56 {
-		return "", fmt.Errorf("Error: Key does not match expected key size. expected 56, got %d", n)
+		return "", fmt.Errorf("Key does not match expected key size. Expected 56, got %d", n)
 	}
 	if err != nil {
 		return "", err
@@ -74,7 +74,7 @@ func serialReadKey() (string, error) {
 	key = strings.ReplaceAll(key, "\\t", "")
 	key = strings.ReplaceAll(key, "\"", "")
 	if len(key) != 56 {
-		return "", fmt.Errorf("Error: Key does not match expected key size. expected 56, got %d", len(key))
+		return "", fmt.Errorf("Key does not match expected key size. Expected 56, got %d", len(key))
 	}
 	return key, nil
 }
@@ -132,7 +132,7 @@ func VerifyBlock(block []byte, node Node) error {
 	if strings.Compare(calculatedBlockHash, strings.TrimSpace(wantedBlockHash)) == 0 {
 		return nil
 	}
-	return fmt.Errorf("Error: Node %s ranging from %d to %d does not match block. Expected %s, got %s.", node.PrevNodeSum, node.BlockStart, node.BlockEnd, wantedBlockHash, calculatedBlockHash)
+	return fmt.Errorf("Node %s ranging from %d to %d does not match block. Expected %s, got %s.", node.PrevNodeSum, node.BlockStart, node.BlockEnd, wantedBlockHash, calculatedBlockHash)
 }
 
 func VerifyNode(node Node, nextNode Node) error {
diff --git a/verifysetup/cmd/setup.go b/verifysetup/cmd/setup.go
index 9db095e..940c4cd 100644
--- a/verifysetup/cmd/setup.go
+++ b/verifysetup/cmd/setup.go
@@ -1,17 +1,20 @@
 package cmd
 
 import (
+	"aead.dev/minisign"
 	"bytes"
+	"crypto/ed25519"
+	"encoding/base64"
+	"encoding/binary"
 	"fmt"
-	"math"
-	"os"
-	"strconv"
-	"sync"
-
 	verify "github.com/axtloss/fsverify/core"
 	"github.com/axtloss/fsverify/verifysetup/core"
 	"github.com/spf13/cobra"
 	bolt "go.etcd.io/bbolt"
+	"math"
+	"os"
+	"strconv"
+	"sync"
 )
 
 func NewSetupCommand() *cobra.Command {
@@ -42,7 +45,7 @@ func checksumBlock(blockStart int, blockEnd int, bundleSize int, diskBytes []byt
 		}
 		node, err = core.CreateNode(i*2000, (i*2000)+2000, block, &node, strconv.Itoa(n))
 		if err != nil {
-			fmt.Printf("%d:: 2 Error %s\n", blockStart, err)
+			fmt.Printf("%d:: Attempted creating node for range %d - %d. Error %s\n", blockStart, i*2000, (i*2000)+2000, err)
 			return
 		}
 		nodeChannel <- node
@@ -59,8 +62,14 @@ func checksumBlock(blockStart int, blockEnd int, bundleSize int, diskBytes []byt
 }
 
 func SetupCommand(_ *cobra.Command, args []string) error {
-	if len(args) != 2 {
-		return fmt.Errorf("Usage: verifysetup setup [partition] [procCount]")
+	if len(args) != 3 {
+		return fmt.Errorf("Usage: verifysetup setup [partition] [procCount] [fsverify partition output] <minisign directory>")
+	}
+	var minisignDir string
+	if len(args) != 4 {
+		minisignDir = "./minisign/"
+	} else {
+		minisignDir = args[3]
 	}
 	procCount, err := strconv.Atoi(args[1])
 	if err != nil {
@@ -89,6 +98,7 @@ func SetupCommand(_ *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
+
 	reader := bytes.NewReader(diskBytes)
 	var waitGroup sync.WaitGroup
 	nodeChannels := make([]chan verify.Node, procCount+1)
@@ -125,13 +135,56 @@ func SetupCommand(_ *cobra.Command, args []string) error {
 		}
 	}
 
-	signature, err := core.SignDatabase("./fsverify.db", "./minisign/")
+	signature, err := core.SignDatabase("./fsverify.db", minisignDir)
 	if err != nil {
 		return err
 	}
 	fmt.Println(string(signature))
 
-	//header, err := core.
+	sig := minisign.Signature{}
+	err = sig.UnmarshalText(signature)
+	if err != nil {
+		return err
+	}
+
+	var UntrustedSignature [2 + 8 + ed25519.SignatureSize]byte
+	binary.LittleEndian.PutUint16(UntrustedSignature[:2], sig.Algorithm)
+	binary.LittleEndian.PutUint64(UntrustedSignature[2:10], sig.KeyID)
+	copy(UntrustedSignature[10:], sig.Signature[:])
+	unsignedHash := base64.StdEncoding.EncodeToString(UntrustedSignature[:])
+	signedHash := base64.StdEncoding.EncodeToString(sig.CommentSignature[:])
 
-	return nil
+	fsverifydb, err := os.Open("./fsverify.db")
+	if err != nil {
+		return err
+	}
+	defer db.Close()
+	fmt.Println("Reading from disk")
+	dbInfo, err := fsverifydb.Stat()
+	if err != nil {
+		return err
+	}
+	dbSize := dbInfo.Size()
+
+	verifyPart := make([]byte, 200+dbSize)
+	header, err := core.CreateHeader(unsignedHash, signedHash, int(diskSize), int(dbSize))
+
+	fmt.Printf("%x\n", header)
+
+	database := make([]byte, dbSize)
+	_, err = fsverifydb.Read(database)
+	if err != nil {
+		return err
+	}
+
+	copy(verifyPart, header)
+	copy(verifyPart[200:], database)
+
+	verifyfs, err := os.Create(args[2])
+	if err != nil {
+		return err
+	}
+	defer verifyfs.Close()
+	_, err = verifyfs.Write(verifyPart)
+	return err
 }
diff --git a/verifysetup/core/crypt.go b/verifysetup/core/crypt.go
index 4658641..4b448c5 100644
--- a/verifysetup/core/crypt.go
+++ b/verifysetup/core/crypt.go
@@ -37,5 +37,6 @@ func SignDatabase(database string, minisignKeys string) ([]byte, error) {
 		return nil, err
 	}
 	signature := minisign.SignWithComments(privateKey, data, "fsverify", "fsverify")
+	fmt.Printf("SIGNATURE: %x\n", signature)
 	return signature, err
 }
diff --git a/verifysetup/core/storage.go b/verifysetup/core/storage.go
index ddc70b3..e7ded32 100644
--- a/verifysetup/core/storage.go
+++ b/verifysetup/core/storage.go
@@ -2,8 +2,10 @@ package core
 
 import (
 	"bytes"
+	"encoding/binary"
 	"encoding/json"
 	"fmt"
+
 	verify "github.com/axtloss/fsverify/core"
 	bolt "go.etcd.io/bbolt"
 )
@@ -12,9 +14,9 @@ var TotalReadBlocks = 0
 
 func ReadBlock(start int, end int, device *bytes.Reader) ([]byte, error) {
 	if end-start < 0 {
-		return []byte{}, fmt.Errorf("ERROR: tried creating byte slice with negative length. %d to %d total %d\n", start, end, end-start)
+		return []byte{}, fmt.Errorf("tried creating byte slice with negative length. %d to %d total %d\n", start, end, end-start)
 	} else if end-start > 2000 {
-		return []byte{}, fmt.Errorf("ERROR: tried creating byte slice with length over 2000. %d to %d total %d\n", start, end, end-start)
+		return []byte{}, fmt.Errorf("tried creating byte slice with length over 2000. %d to %d total %d\n", start, end, end-start)
 	}
 	block := make([]byte, end-start)
 	_, err := device.Seek(int64(start), 0)
@@ -63,8 +65,22 @@ func AddNode(node verify.Node, tx *bolt.Tx) error {
 	}
 	return nil
 }
-/*
+
 func CreateHeader(unsignedHash string, signedHash string, diskSize int, tableSize int) ([]byte, error) {
 	header := make([]byte, 200)
+	header[0] = 0xAC
+	header[1] = 0xAB
+	copy(header[2:], []byte(unsignedHash))
+	copy(header[102:], []byte(signedHash))
+
+	disk := make([]byte, 4)
+	binary.BigEndian.PutUint32(disk, uint32(diskSize))
+	copy(header[190:], disk)
 
-}*/
+	fmt.Println(tableSize)
+	db := make([]byte, 4)
+	binary.BigEndian.PutUint32(db, uint32(tableSize))
+	copy(header[195:], db)
+
+	return header, nil
+}
author	axtloss <axtlos@getcryst.al>	2024-02-17 22:00:50 +0100
committer	axtloss <axtlos@getcryst.al>	2024-02-17 22:00:50 +0100
commit	61cc5e9a02a38cd086d382e521509e85fecd6d07 (patch)
tree	6f18b142f0237397d51976788eadf81e9c3e4ef2
parent	296a1f89fb3bbc2751f55a9eab9ec492bee3adba (diff)
download	fsverify-61cc5e9a02a38cd086d382e521509e85fecd6d07.tar.gz fsverify-61cc5e9a02a38cd086d382e521509e85fecd6d07.tar.bz2