protect ngd start by verifying key correctness (signature)

Niko PLP 1 year ago
parent 6142058d51
commit 6c4391540a
  1. 38
      ngd/src/main.rs

@ -28,6 +28,7 @@ use p2p_net::utils::{
}; };
use p2p_net::{WS_PORT, WS_PORT_REVERSE_PROXY}; use p2p_net::{WS_PORT, WS_PORT_REVERSE_PROXY};
use p2p_repo::log::*; use p2p_repo::log::*;
use p2p_repo::types::Sig;
use p2p_repo::types::SymKey; use p2p_repo::types::SymKey;
use p2p_repo::utils::ed_keypair_from_priv_bytes; use p2p_repo::utils::ed_keypair_from_priv_bytes;
use p2p_repo::{ use p2p_repo::{
@ -418,6 +419,43 @@ async fn main_inner() -> Result<(), ()> {
None::<()> None::<()>
}); });
let mut sign_path = path.clone();
sign_path.push("sign");
let sign_from_file: Option<[u8; 32]>;
let res = |sign_path| -> Result<(), &str> {
let file = std::fs::read(sign_path).map_err(|_| "")?;
let sig: Sig = serde_bare::from_slice(&file).map_err(|_| "invalid serialization")?;
let privkey: PrivKey = keys[3].into();
let pubkey = privkey.to_pub();
verify(&vec![110u8, 103u8, 100u8], sig, pubkey).map_err(|_| "invalid signature")?;
Ok(())
}(&sign_path);
if res.is_err() {
if res.unwrap_err().len() > 0 {
log_err!(
"provided key is invalid. {}. cannot start",
res.unwrap_err()
);
return Err(());
} else {
// time to save the signature
let privkey: PrivKey = keys[3].into();
let pubkey = privkey.to_pub();
let sig = sign(&privkey, &pubkey, &vec![110u8, 103u8, 100u8]);
if sig.is_err() {
log_err!("cannot save signature. cannot start");
return Err(());
}
let sig_ser = serde_bare::to_vec(&sig.unwrap()).unwrap();
let res = std::fs::write(sign_path, sig_ser);
if res.is_err() {
log_err!("cannot save signature. {}. cannot start", res.unwrap_err());
return Err(());
}
}
}
// DEALING WITH CONFIG // DEALING WITH CONFIG
// reading config from file, if any // reading config from file, if any

Loading…
Cancel
Save