diff options
| author | axtloss <axtlos@getcryst.al> | 2024-02-18 01:19:58 +0100 |
|---|---|---|
| committer | axtloss <axtlos@getcryst.al> | 2024-02-18 01:19:58 +0100 |
| commit | e6c12b02674a04ca34e27b46f6ca3261fca3c677 (patch) | |
| tree | 0d5d785428436bf3fcc751eb8e2be4ca0b3bfe04 /core/verification.go | |
| parent | 6a3db4c72485aba6187466005473e287f539e3ce (diff) | |
| download | fsverify-e6c12b02674a04ca34e27b46f6ca3261fca3c677.tar.gz fsverify-e6c12b02674a04ca34e27b46f6ca3261fca3c677.tar.bz2 | |
Add comments and function descriptions
Diffstat (limited to 'core/verification.go')
| -rw-r--r-- | core/verification.go | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/core/verification.go b/core/verification.go index f1e1f0b..289ce1e 100644 --- a/core/verification.go +++ b/core/verification.go @@ -12,8 +12,7 @@ import ( "github.com/tarm/serial" ) -//var TotalReadBlocks int = 0 - +// fileReadKey reads the public minisign key from a file specified in config.KeyLocation. func fileReadKey() (string, error) { if _, err := os.Stat(config.KeyLocation); os.IsNotExist(err) { return "", fmt.Errorf("Key location %s does not exist", config.KeyLocation) @@ -23,6 +22,7 @@ func fileReadKey() (string, error) { return "", err } defer file.Close() + // A public key is never longer than 56 bytes key := make([]byte, 56) reader := bufio.NewReader(file) n, err := reader.Read(key) @@ -35,7 +35,11 @@ func fileReadKey() (string, error) { return string(key), nil } +// serialReadKey reads the public minisign key from a usb tty specified in config.KeyLocation. func serialReadKey() (string, error) { + // Since the usb serial is tested with an arduino + // it is assumed that the tty device does not always exist + // and can be manually plugged in by the user if _, err := os.Stat(config.KeyLocation); !os.IsNotExist(err) { fmt.Println("Reconnect arduino now") for true { @@ -67,6 +71,9 @@ func serialReadKey() (string, error) { } defer s.Close() key = key + fmt.Sprintf("%q", buf[:n]) + // ensure that two tab sequences are read + // meaning that the entire key has been captured + // since the key is surrounded by a tab sequence if strings.Count(key, "\\t") == 2 { break } @@ -79,6 +86,7 @@ func serialReadKey() (string, error) { return key, nil } +// ReadKey is a wrapper function to call the proper readKey function according to config.KeyStore. func ReadKey() (string, error) { switch config.KeyStore { case 0: @@ -86,14 +94,21 @@ func ReadKey() (string, error) { case 1: return fileReadKey() case 2: - return "", nil + return "", nil // TPM case 3: return serialReadKey() } return "", nil } +// ReadBlock reads a data area of a bytes.Reader specified in the given node. +// It additionally verifies that the amount of bytes read equal the wanted amount and returns an error if this is not the case. func ReadBlock(node Node, part *bytes.Reader, totalReadBlocks int) ([]byte, int, error) { + if node.BlockEnd-node.BlockStart < 0 { + return []byte{}, -1, fmt.Errorf("tried creating byte slice with negative length. %d to %d total %d\n", node.BlockStart, node.BlockEnd, node.BlockEnd-node.BlockStart) + } else if node.BlockEnd-node.BlockStart > 2000 { + return []byte{}, -1, fmt.Errorf("tried creating byte slice with length over 2000. %d to %d total %d\n", node.BlockStart, node.BlockEnd, node.BlockEnd-node.BlockStart) + } block := make([]byte, node.BlockEnd-node.BlockStart) blockSize := node.BlockEnd - node.BlockStart _, err := part.Seek(int64(node.BlockStart), 0) @@ -109,6 +124,7 @@ func ReadBlock(node Node, part *bytes.Reader, totalReadBlocks int) ([]byte, int, return block, totalReadBlocks + 1, err } +// VerifySignature verifies the database using a given signature and public key. func VerifySignature(key string, signature string, database string) (bool, error) { var pk minisign.PublicKey if err := pk.UnmarshalText([]byte(key)); err != nil { @@ -123,6 +139,7 @@ func VerifySignature(key string, signature string, database string) (bool, error return minisign.Verify(pk, data, []byte(signature)), nil } +// VerifyBlock verifies a byte slice with the hash in a given Node. func VerifyBlock(block []byte, node Node) error { calculatedBlockHash, err := CalculateBlockHash(block) if err != nil { @@ -135,6 +152,7 @@ func VerifyBlock(block []byte, node Node) error { return fmt.Errorf("Node %s ranging from %d to %d does not match block. Expected %s, got %s.", node.PrevNodeSum, node.BlockStart, node.BlockEnd, wantedBlockHash, calculatedBlockHash) } +// VerifyNode verifies that the current Node is valid by matching the checksum of it with the PrevNodeSum field of the next node. func VerifyNode(node Node, nextNode Node) error { nodeHash, err := calculateStringHash(fmt.Sprintf("%d%d%s%s", node.BlockStart, node.BlockEnd, node.BlockSum, node.PrevNodeSum)) if err != nil { |