add minisign signature verification

author: axtloss <axtlos@getcryst.al> 2024-02-04 13:35:03 +0100
committer: axtloss <axtlos@getcryst.al> 2024-02-04 13:35:03 +0100
commit: 71cc54810fdb51e428b83a37ff89d54a6cc3d8c8 (patch)
tree: 04d13d72b6afedaaa06478d9d86fb74a62534f88 /core
parent: 09f7f5fe7b55a6ab2e2326aa7ff27cf7f7bc05ba (diff)
download: fsverify-71cc54810fdb51e428b83a37ff89d54a6cc3d8c8.tar.gz
fsverify-71cc54810fdb51e428b83a37ff89d54a6cc3d8c8.tar.bz2
2 files changed, 114 insertions, 2 deletions
diff --git a/core/storage.go b/core/storage.go
index f6f1ffd..8346c12 100644
--- a/core/storage.go
+++ b/core/storage.go
@@ -99,7 +99,7 @@ func ReadHeader(partition string) (Header, error) {
 		return Header{}, err
 	}
 
-	header.Signature = fmt.Sprintf("untrusted comment: signature from minisign secret key\r\n%s\r\ntrusted comment: timestamp:0\tfile:fsverify\thashed\r\n%s\r\n", UntrustedHash, TrustedHash)
+	header.Signature = fmt.Sprintf("untrusted comment: fsverify\r\n%s\r\ntrusted comment: fsverify\r\n%s\r\n", UntrustedHash, TrustedHash)
 	header.FilesystemSize = int(binary.BigEndian.Uint16(FilesystemSize))
 	header.TableSize = int(binary.BigEndian.Uint32(TableSize))
 	header.FilesystemUnit = parseUnitSpec(FilesystemUnit)
@@ -135,10 +135,14 @@ func ReadDB(partition string) (string, error) {
 	}
 
 	db := make([]byte, header.TableSize*header.TableUnit)
-	_, err = io.ReadFull(reader, db)
+	n, err := io.ReadFull(reader, db)
 	if err != nil {
 		return "", err
 	}
+	if n != header.TableSize*header.TableUnit {
+		return "", fmt.Errorf("Error: Database is not expected size. Got: %d, expected %d", n, header.TableSize*header.TableUnit)
+	}
+	fmt.Printf("db: %d\n", n)
 
 	temp, err := os.MkdirTemp("", "*-fsverify")
 	if err != nil {
diff --git a/core/verification.go b/core/verification.go
index 5023d06..b48c0b7 100644
--- a/core/verification.go
+++ b/core/verification.go
@@ -3,9 +3,93 @@ package core
 import (
 	"bufio"
 	"fmt"
+	"os"
 	"strings"
+
+	"github.com/axtloss/fsverify/config"
+	"github.com/jedisct1/go-minisign"
+	"github.com/tarm/serial"
 )
 
+func fileReadKey() (string, error) {
+	if _, err := os.Stat(config.KeyLocation); os.IsNotExist(err) {
+		return "", fmt.Errorf("Key location %s does not exist", config.KeyLocation)
+	}
+	file, err := os.Open(config.KeyLocation)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+	key := make([]byte, 56)
+	reader := bufio.NewReader(file)
+	n, err := reader.Read(key)
+	if n != 56 {
+		return "", fmt.Errorf("Error: Key does not match expected key size. expected 56, got %d", n)
+	}
+	if err != nil {
+		return "", err
+	}
+	return string(key), nil
+}
+
+func serialReadKey() (string, error) {
+	if _, err := os.Stat(config.KeyLocation); !os.IsNotExist(err) {
+		fmt.Println("Reconnect arduino now")
+		for true {
+			if _, err := os.Stat(config.KeyLocation); os.IsNotExist(err) {
+				break
+			}
+		}
+	} else {
+		fmt.Println("Connect arduino now")
+	}
+	for true {
+		if _, err := os.Stat(config.KeyLocation); !os.IsNotExist(err) {
+			break
+		}
+	}
+	fmt.Println("Arduino connected")
+	c := &serial.Config{Name: config.KeyLocation, Baud: 9600}
+	s, err := serial.OpenPort(c)
+	if err != nil {
+		return "", err
+	}
+
+	key := ""
+	for true {
+		buf := make([]byte, 128)
+		n, err := s.Read(buf)
+		if err != nil {
+			return "", err
+		}
+		defer s.Close()
+		key = key + fmt.Sprintf("%q", buf[:n])
+		if strings.Count(key, "\\t") == 2 {
+			break
+		}
+	}
+	key = strings.ReplaceAll(key, "\\t", "")
+	key = strings.ReplaceAll(key, "\"", "")
+	if len(key) != 56 {
+		return "", fmt.Errorf("Error: Key does not match expected key size. expected 56, got %d", len(key))
+	}
+	return key, nil
+}
+
+func ReadKey() (string, error) {
+	switch config.KeyStore {
+	case 0:
+		return fileReadKey()
+	case 1:
+		return fileReadKey()
+	case 2:
+		return "", nil
+	case 3:
+		return serialReadKey()
+	}
+	return "", nil
+}
+
 func ReadBlock(node Node, part *bufio.Reader) ([]byte, error) {
 	block := make([]byte, node.BlockEnd-node.BlockStart)
 	blockSize := node.BlockEnd - node.BlockStart
@@ -17,6 +101,30 @@ func ReadBlock(node Node, part *bufio.Reader) ([]byte, error) {
 	return block, err
 }
 
+func VerifySignature(key string, signature string, database string) error {
+	pk, err := minisign.NewPublicKey(key)
+	if err != nil {
+		return err
+	}
+
+	sig, err := minisign.DecodeSignature(signature)
+	if err != nil {
+		return err
+	}
+
+	data, err := os.ReadFile(database)
+	if err != nil {
+		return err
+	}
+
+	verified, err := pk.Verify(data, sig)
+	if err != nil || !verified {
+		return err
+	}
+
+	return nil
+}
+
 func VerifyBlock(block []byte, node Node) error {
 	calculatedBlockHash, err := CalculateBlockHash(block)
 	if err != nil {
author	axtloss <axtlos@getcryst.al>	2024-02-04 13:35:03 +0100
committer	axtloss <axtlos@getcryst.al>	2024-02-04 13:35:03 +0100
commit	71cc54810fdb51e428b83a37ff89d54a6cc3d8c8 (patch)
tree	04d13d72b6afedaaa06478d9d86fb74a62534f88 /core
parent	09f7f5fe7b55a6ab2e2326aa7ff27cf7f7bc05ba (diff)
download	fsverify-71cc54810fdb51e428b83a37ff89d54a6cc3d8c8.tar.gz fsverify-71cc54810fdb51e428b83a37ff89d54a6cc3d8c8.tar.bz2