From ae67ea6a67c25fef305964ee34d4bf96b9da8519 Mon Sep 17 00:00:00 2001 From: axtloss Date: Mon, 5 Feb 2024 21:15:37 +0100 Subject: add db signing to setup and switch to aead.dev/minisign --- cmd/verify.go | 7 ++++--- core/verification.go | 24 +++++++----------------- go.mod | 1 + go.sum | 2 ++ verifysetup/cmd/setup.go | 11 ++++++++++- verifysetup/core/crypt.go | 23 +++++++++++++++++++++++ verifysetup/go.mod | 4 +++- verifysetup/go.sum | 6 ++++++ 8 files changed, 56 insertions(+), 22 deletions(-) diff --git a/cmd/verify.go b/cmd/verify.go index 17014db..1d18e41 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -82,12 +82,13 @@ func ValidateCommand(_ *cobra.Command, args []string) error { return err } fmt.Println("Key: " + key) - - err = core.VerifySignature(key, header.Signature, dbfile) + verified, err := core.VerifySignature(key, header.Signature, dbfile) if err != nil { return err + } else if !verified { + return fmt.Errorf("Signature verification failed\n") } else { - fmt.Println("Signtaure success") + fmt.Println("Signature verification success!") } fmt.Println("----") diff --git a/core/verification.go b/core/verification.go index 7c427c0..b0ce367 100644 --- a/core/verification.go +++ b/core/verification.go @@ -6,8 +6,8 @@ import ( "os" "strings" + "aead.dev/minisign" "github.com/axtloss/fsverify/config" - "github.com/jedisct1/go-minisign" "github.com/tarm/serial" ) @@ -104,28 +104,18 @@ func ReadBlock(node Node, part *bufio.Reader) ([]byte, error) { return block, err } -func VerifySignature(key string, signature string, database string) error { - pk, err := minisign.NewPublicKey(key) - if err != nil { - return err - } - - sig, err := minisign.DecodeSignature(signature) - if err != nil { - return err +func VerifySignature(key string, signature string, database string) (bool, error) { + var pk minisign.PublicKey + if err := pk.UnmarshalText([]byte(key)); err != nil { + return false, err } data, err := os.ReadFile(database) if err != nil { - return err + return false, err } - verified, err := pk.Verify(data, sig) - if err != nil || !verified { - return err - } - - return nil + return minisign.Verify(pk, data, []byte(signature)), nil } func VerifyBlock(block []byte, node Node) error { diff --git a/go.mod b/go.mod index 618e3e0..1d863fa 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( ) require ( + aead.dev/minisign v0.2.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect golang.org/x/crypto v0.17.0 // indirect diff --git a/go.sum b/go.sum index 2fdd6f5..a83ed25 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +aead.dev/minisign v0.2.1 h1:Z+7HA9dsY/eGycYj6kpWHpcJpHtjAwGiJFvbiuO9o+M= +aead.dev/minisign v0.2.1/go.mod h1:oCOjeA8VQNEbuSCFaaUXKekOusa/mll6WtMoO5JY4M4= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/verifysetup/cmd/setup.go b/verifysetup/cmd/setup.go index c2676fc..674557e 100644 --- a/verifysetup/cmd/setup.go +++ b/verifysetup/cmd/setup.go @@ -73,5 +73,14 @@ func SetupCommand(_ *cobra.Command, args []string) error { } fmt.Println(finalNode) err = core.AddNode(finalNode, nil, "./fsverify.db") - return err + if err != nil { + return err + } + + signature, err := core.SignDatabase("./fsverify.db", "./minisign/") + if err != nil { + return err + } + fmt.Println(string(signature)) + return nil } diff --git a/verifysetup/core/crypt.go b/verifysetup/core/crypt.go index 81130a3..77df221 100644 --- a/verifysetup/core/crypt.go +++ b/verifysetup/core/crypt.go @@ -1,10 +1,13 @@ package core import ( + "aead.dev/minisign" "bytes" "crypto/sha256" "fmt" + "golang.org/x/term" "io" + "os" "strings" ) @@ -16,3 +19,23 @@ func CalculateBlockHash(block []byte) (string, error) { hashInBytes := hash.Sum(nil)[:32] return strings.TrimSpace(fmt.Sprintf("%x", hashInBytes)), nil } + +func SignDatabase(database string, minisignKeys string) ([]byte, error) { + fmt.Print("Enter your password (will not echo): ") + p, err := term.ReadPassword(int(os.Stdin.Fd())) + if err != nil { + panic(err) + } + fmt.Println("\nSigning database") + privateKey, err := minisign.PrivateKeyFromFile(string(p), minisignKeys+"/minisign.key") + if err != nil { + return nil, err + } + + data, err := os.ReadFile(database) + if err != nil { + return nil, err + } + signature := minisign.SignWithComments(privateKey, data, "fsverify", "fsverify") + return signature, err +} diff --git a/verifysetup/go.mod b/verifysetup/go.mod index 7acfa12..72fe2a5 100644 --- a/verifysetup/go.mod +++ b/verifysetup/go.mod @@ -3,6 +3,7 @@ module github.com/axtloss/fsverify/verifysetup go 1.21.6 require ( + aead.dev/minisign v0.2.1 // indirect github.com/axtloss/fsverify v0.0.0-20240204141913-a215d3358f35 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect @@ -11,5 +12,6 @@ require ( github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07 // indirect go.etcd.io/bbolt v1.3.8 // indirect golang.org/x/crypto v0.17.0 // indirect - golang.org/x/sys v0.15.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect ) diff --git a/verifysetup/go.sum b/verifysetup/go.sum index 9ad7abe..debe9f9 100644 --- a/verifysetup/go.sum +++ b/verifysetup/go.sum @@ -1,3 +1,5 @@ +aead.dev/minisign v0.2.1 h1:Z+7HA9dsY/eGycYj6kpWHpcJpHtjAwGiJFvbiuO9o+M= +aead.dev/minisign v0.2.1/go.mod h1:oCOjeA8VQNEbuSCFaaUXKekOusa/mll6WtMoO5JY4M4= github.com/axtloss/fsverify v0.0.0-20240204141913-a215d3358f35 h1:GnvD9HxKht9mD1NLjDaffqNfTJcxbOgXfkexYDGAJ5E= github.com/axtloss/fsverify v0.0.0-20240204141913-a215d3358f35/go.mod h1:Tve3hFV8BxkGp5iY/k+sKSF/Qv1SGLDoHFYQI3xjdHQ= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -18,5 +20,9 @@ golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -- cgit v1.2.3