From 521702fa539a9139592a6e0d0d31c16aebd03fec Mon Sep 17 00:00:00 2001 From: postmannen Date: Fri, 4 Feb 2022 06:24:34 +0100 Subject: [PATCH] initial signature verification --- errorkernel.go | 55 +++++++++++++++++++++++++------------------------- process.go | 18 ++++++++++++----- processes.go | 16 +++++++++++++++ server.go | 45 +++++++++++++++++++++-------------------- 4 files changed, 80 insertions(+), 54 deletions(-) diff --git a/errorkernel.go b/errorkernel.go index 110d549..0c5e49d 100644 --- a/errorkernel.go +++ b/errorkernel.go @@ -183,34 +183,34 @@ func (e *errorKernel) infoSend(proc process, msg Message, err error) { e.errorCh <- ev } -// errWithAction +// // TODO: Needs more work. +// // +// // errWithAction +// // +// // Will prepare an errorEvent to send to the errorKernel that +// // contains a channel of type errorAction. +// // The errorActionCh are returned from the function and are used +// // to create a channel between where this function is called and +// // the go routine started in the errorKernel. From where the +// // function was called we can read the channel for a response +// // given from the errorKernel, and then decide what to do based +// // on the errorAction value. +// func (e *errorKernel) errWithAction(proc process, msg Message, err error) chan errorAction { +// // Create the channel where to receive what action to do. +// errActionCh := make(chan errorAction) // -// TODO: Needs more work. +// ev := errorEvent{ +// err: err, +// errorType: errTypeWithAction, +// process: proc, +// message: msg, +// errorActionCh: errActionCh, +// } // -// Will prepare an errorEvent to send to the errorKernel that -// contains a channel of type errorAction. -// The errorActionCh are returned from the function and are used -// to create a channel between where this function is called and -// the go routine started in the errorKernel. From where the -// function was called we can read the channel for a response -// given from the errorKernel, and then decide what to do based -// on the errorAction value. -func (e *errorKernel) errWithAction(proc process, msg Message, err error) chan errorAction { - // Create the channel where to receive what action to do. - errActionCh := make(chan errorAction) - - ev := errorEvent{ - err: err, - errorType: errTypeWithAction, - process: proc, - message: msg, - errorActionCh: errActionCh, - } - - e.errorCh <- ev - - return errActionCh -} +// e.errorCh <- ev +// +// return errActionCh +// } // errorAction is used to tell the process who sent the error // what it shall do. The process who sends the error will @@ -221,9 +221,10 @@ const ( // errActionContinue is ment to be used when the a process // can just continue without takig any special care. errActionContinue errorAction = iota + // TODO: // errActionKill should log the error, // stop the current worker process, and spawn a new. - errActionKill errorAction = iota + // errActionKill errorAction = iota ) // errorType diff --git a/process.go b/process.go index 530668c..aa72490 100644 --- a/process.go +++ b/process.go @@ -556,9 +556,18 @@ func (p process) verifySignature(m Message) bool { return true } - fmt.Printf(" * verifySignature, fromNode: %v, method: %v, signature: %v\n", m.FromNode, m.Method, m.ArgSignature) + // Verify if the signature matches. + argsStringified := argsToString(m.MethodArgs) + ok := ed25519.Verify(p.processes.SignPublicKey, []byte(argsStringified), m.ArgSignature) - return true + fmt.Printf(" * verifySignature, result: %v, fromNode: %v, method: %v, signature: %s\n", ok, m.FromNode, m.Method, m.ArgSignature) + + return ok +} + +// argsToString takes args in the format of []string and returns a string. +func argsToString(args []string) string { + return strings.Join(args, " ") } // SubscribeMessage will register the Nats callback function for the specified @@ -615,8 +624,7 @@ func (p process) publishMessages(natsConn *nats.Conn) { case m := <-p.subject.messageCh: // Sign the methodArgs, and add the signature to the message. m.ArgSignature = p.addMethodArgSignature(m) - fmt.Printf(" * added signature: %v\n", m.ArgSignature) - fmt.Printf(" * length of sig : %v\n", len(m.ArgSignature)) + fmt.Printf(" * DEBUG: add signature, fromNode: %v, method: %v, signature: %s\n", m.FromNode, m.Method, m.ArgSignature) p.publishAMessage(m, zEnc, once, natsConn) case <-p.ctx.Done(): @@ -629,7 +637,7 @@ func (p process) publishMessages(natsConn *nats.Conn) { } func (p process) addMethodArgSignature(m Message) []byte { - argsString := strings.Join(m.MethodArgs, " ") + argsString := argsToString(m.MethodArgs) sign := ed25519.Sign(p.processes.SignPrivateKey, []byte(argsString)) return sign diff --git a/processes.go b/processes.go index f845a74..de5e08b 100644 --- a/processes.go +++ b/processes.go @@ -45,6 +45,10 @@ type processes struct { // Full path to public signing key. SignKeyPublicKeyPath string + // allowedSignatures holds all the signatures, + // and the public keys + allowedSignatures allowedSignatures + // private key for ed25519 signing. SignPrivateKey []byte // public key for ed25519 signing. @@ -59,6 +63,9 @@ func newProcesses(ctx context.Context, metrics *metrics, tui *tui, errorKernel * tui: tui, errorKernel: errorKernel, configuration: configuration, + allowedSignatures: allowedSignatures{ + signatures: make(map[string]struct{}), + }, } // Prepare the parent context for the subscribers. @@ -84,6 +91,15 @@ func newProcesses(ctx context.Context, metrics *metrics, tui *tui, errorKernel * // ---------------------- +// allowedSignatures is the structure for reading and writing from +// the signatures map. It holds a mutex to use when interacting with +// the map. +type allowedSignatures struct { + // signatures is a map for holding all the allowed signatures. + signatures map[string]struct{} + mu sync.Mutex +} + // loadSigningKeys will try to load the ed25519 signing keys. If the // files are not found new keys will be generated and written to disk. func (p *processes) loadSigningKeys(initProc process) error { diff --git a/server.go b/server.go index 8355988..dd17368 100644 --- a/server.go +++ b/server.go @@ -327,28 +327,29 @@ func (s *server) Stop() { // metrics.promInfoMessagesSentTotal.Inc() // } -// createErrorMsgContent will prepare a subject and message with the content -// of the error -func createErrorMsgContent(conf *Configuration, FromNode Node, theError error) subjectAndMessage { - // Add time stamp - er := fmt.Sprintf("%v, node: %v, %v\n", time.Now().Format("Mon Jan _2 15:04:05 2006"), FromNode, theError.Error()) - - sam := subjectAndMessage{ - Subject: newSubject(REQErrorLog, "errorCentral"), - Message: Message{ - Directory: "errorLog", - ToNode: "errorCentral", - FromNode: FromNode, - FileName: "error.log", - Data: []byte(er), - Method: REQErrorLog, - ACKTimeout: conf.ErrorMessageTimeout, - Retries: conf.ErrorMessageRetries, - }, - } - - return sam -} +// DEPRECATED +// // createErrorMsgContent will prepare a subject and message with the content +// // of the error +// func createErrorMsgContent(conf *Configuration, FromNode Node, theError error) subjectAndMessage { +// // Add time stamp +// er := fmt.Sprintf("%v, node: %v, %v\n", time.Now().Format("Mon Jan _2 15:04:05 2006"), FromNode, theError.Error()) +// +// sam := subjectAndMessage{ +// Subject: newSubject(REQErrorLog, "errorCentral"), +// Message: Message{ +// Directory: "errorLog", +// ToNode: "errorCentral", +// FromNode: FromNode, +// FileName: "error.log", +// Data: []byte(er), +// Method: REQErrorLog, +// ACKTimeout: conf.ErrorMessageTimeout, +// Retries: conf.ErrorMessageRetries, +// }, +// } +// +// return sam +// } // Contains the sam value as it is used in the state DB, and also a // delivered function to be called when this message is picked up, so