From b8f49817d0b0a368919094e197bc71e9f3d0f950 Mon Sep 17 00:00:00 2001 From: Niko PLP Date: Tue, 1 Aug 2023 20:10:24 +0300 Subject: [PATCH] protect ngd start by verifying key correctness (signature) --- ngd/src/main.rs | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/ngd/src/main.rs b/ngd/src/main.rs index 7713009..1987550 100644 --- a/ngd/src/main.rs +++ b/ngd/src/main.rs @@ -28,6 +28,7 @@ use p2p_net::utils::{ }; use p2p_net::{WS_PORT, WS_PORT_REVERSE_PROXY}; use p2p_repo::log::*; +use p2p_repo::types::Sig; use p2p_repo::types::SymKey; use p2p_repo::utils::ed_keypair_from_priv_bytes; use p2p_repo::{ @@ -418,6 +419,43 @@ async fn main_inner() -> Result<(), ()> { None::<()> }); + let mut sign_path = path.clone(); + sign_path.push("sign"); + let sign_from_file: Option<[u8; 32]>; + let res = |sign_path| -> Result<(), &str> { + let file = std::fs::read(sign_path).map_err(|_| "")?; + let sig: Sig = serde_bare::from_slice(&file).map_err(|_| "invalid serialization")?; + let privkey: PrivKey = keys[3].into(); + let pubkey = privkey.to_pub(); + verify(&vec![110u8, 103u8, 100u8], sig, pubkey).map_err(|_| "invalid signature")?; + Ok(()) + }(&sign_path); + + if res.is_err() { + if res.unwrap_err().len() > 0 { + log_err!( + "provided key is invalid. {}. cannot start", + res.unwrap_err() + ); + return Err(()); + } else { + // time to save the signature + let privkey: PrivKey = keys[3].into(); + let pubkey = privkey.to_pub(); + let sig = sign(&privkey, &pubkey, &vec![110u8, 103u8, 100u8]); + if sig.is_err() { + log_err!("cannot save signature. cannot start"); + return Err(()); + } + let sig_ser = serde_bare::to_vec(&sig.unwrap()).unwrap(); + let res = std::fs::write(sign_path, sig_ser); + if res.is_err() { + log_err!("cannot save signature. {}. cannot start", res.unwrap_err()); + return Err(()); + } + } + } + // DEALING WITH CONFIG // reading config from file, if any