diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/storage.go | 8 | ||||
| -rw-r--r-- | core/verification.go | 108 |
2 files changed, 114 insertions, 2 deletions
diff --git a/core/storage.go b/core/storage.go index f6f1ffd..8346c12 100644 --- a/core/storage.go +++ b/core/storage.go @@ -99,7 +99,7 @@ func ReadHeader(partition string) (Header, error) { return Header{}, err } - header.Signature = fmt.Sprintf("untrusted comment: signature from minisign secret key\r\n%s\r\ntrusted comment: timestamp:0\tfile:fsverify\thashed\r\n%s\r\n", UntrustedHash, TrustedHash) + header.Signature = fmt.Sprintf("untrusted comment: fsverify\r\n%s\r\ntrusted comment: fsverify\r\n%s\r\n", UntrustedHash, TrustedHash) header.FilesystemSize = int(binary.BigEndian.Uint16(FilesystemSize)) header.TableSize = int(binary.BigEndian.Uint32(TableSize)) header.FilesystemUnit = parseUnitSpec(FilesystemUnit) @@ -135,10 +135,14 @@ func ReadDB(partition string) (string, error) { } db := make([]byte, header.TableSize*header.TableUnit) - _, err = io.ReadFull(reader, db) + n, err := io.ReadFull(reader, db) if err != nil { return "", err } + if n != header.TableSize*header.TableUnit { + return "", fmt.Errorf("Error: Database is not expected size. Got: %d, expected %d", n, header.TableSize*header.TableUnit) + } + fmt.Printf("db: %d\n", n) temp, err := os.MkdirTemp("", "*-fsverify") if err != nil { diff --git a/core/verification.go b/core/verification.go index 5023d06..b48c0b7 100644 --- a/core/verification.go +++ b/core/verification.go @@ -3,9 +3,93 @@ package core import ( "bufio" "fmt" + "os" "strings" + + "github.com/axtloss/fsverify/config" + "github.com/jedisct1/go-minisign" + "github.com/tarm/serial" ) +func fileReadKey() (string, error) { + if _, err := os.Stat(config.KeyLocation); os.IsNotExist(err) { + return "", fmt.Errorf("Key location %s does not exist", config.KeyLocation) + } + file, err := os.Open(config.KeyLocation) + if err != nil { + return "", err + } + defer file.Close() + key := make([]byte, 56) + reader := bufio.NewReader(file) + n, err := reader.Read(key) + if n != 56 { + return "", fmt.Errorf("Error: Key does not match expected key size. expected 56, got %d", n) + } + if err != nil { + return "", err + } + return string(key), nil +} + +func serialReadKey() (string, error) { + if _, err := os.Stat(config.KeyLocation); !os.IsNotExist(err) { + fmt.Println("Reconnect arduino now") + for true { + if _, err := os.Stat(config.KeyLocation); os.IsNotExist(err) { + break + } + } + } else { + fmt.Println("Connect arduino now") + } + for true { + if _, err := os.Stat(config.KeyLocation); !os.IsNotExist(err) { + break + } + } + fmt.Println("Arduino connected") + c := &serial.Config{Name: config.KeyLocation, Baud: 9600} + s, err := serial.OpenPort(c) + if err != nil { + return "", err + } + + key := "" + for true { + buf := make([]byte, 128) + n, err := s.Read(buf) + if err != nil { + return "", err + } + defer s.Close() + key = key + fmt.Sprintf("%q", buf[:n]) + if strings.Count(key, "\\t") == 2 { + break + } + } + key = strings.ReplaceAll(key, "\\t", "") + key = strings.ReplaceAll(key, "\"", "") + if len(key) != 56 { + return "", fmt.Errorf("Error: Key does not match expected key size. expected 56, got %d", len(key)) + } + return key, nil +} + +func ReadKey() (string, error) { + switch config.KeyStore { + case 0: + return fileReadKey() + case 1: + return fileReadKey() + case 2: + return "", nil + case 3: + return serialReadKey() + } + return "", nil +} + func ReadBlock(node Node, part *bufio.Reader) ([]byte, error) { block := make([]byte, node.BlockEnd-node.BlockStart) blockSize := node.BlockEnd - node.BlockStart @@ -17,6 +101,30 @@ func ReadBlock(node Node, part *bufio.Reader) ([]byte, error) { return block, err } +func VerifySignature(key string, signature string, database string) error { + pk, err := minisign.NewPublicKey(key) + if err != nil { + return err + } + + sig, err := minisign.DecodeSignature(signature) + if err != nil { + return err + } + + data, err := os.ReadFile(database) + if err != nil { + return err + } + + verified, err := pk.Verify(data, sig) + if err != nil || !verified { + return err + } + + return nil +} + func VerifyBlock(block []byte, node Node) error { calculatedBlockHash, err := CalculateBlockHash(block) if err != nil { |