initial signature verification

2024-12-14 12:37:31 +00:00 · 2022-02-04 06:24:34 +01:00 · 2022-02-04 06:24:34 +01:00 · 521702fa53
commit 521702fa53
parent f19f164773
4 changed files with 80 additions and 54 deletions
--- a/errorkernel.go
+++ b/errorkernel.go
@ -183,34 +183,34 @@ func (e *errorKernel) infoSend(proc process, msg Message, err error) {
 	e.errorCh <- ev
 }

-// errWithAction
+// // TODO: Needs more work.
+// //
+// // errWithAction
+// //
+// // Will prepare an errorEvent to send to the errorKernel that
+// // contains a channel of type errorAction.
+// // The errorActionCh are returned from the function and are used
+// // to create a channel between where this function is called and
+// // the go routine started in the errorKernel. From where the
+// // function was called we can read the channel for a response
+// // given from the errorKernel, and then decide what to do based
+// // on the errorAction value.
+// func (e *errorKernel) errWithAction(proc process, msg Message, err error) chan errorAction {
+// 	// Create the channel where to receive what action to do.
+// 	errActionCh := make(chan errorAction)
 //
-// TODO: Needs more work.
+// 	ev := errorEvent{
+// 		err:           err,
+// 		errorType:     errTypeWithAction,
+// 		process:       proc,
+// 		message:       msg,
+// 		errorActionCh: errActionCh,
+// 	}
 //
-// Will prepare an errorEvent to send to the errorKernel that
-// contains a channel of type errorAction.
-// The errorActionCh are returned from the function and are used
-// to create a channel between where this function is called and
-// the go routine started in the errorKernel. From where the
-// function was called we can read the channel for a response
-// given from the errorKernel, and then decide what to do based
-// on the errorAction value.
-func (e *errorKernel) errWithAction(proc process, msg Message, err error) chan errorAction {
-	// Create the channel where to receive what action to do.
-	errActionCh := make(chan errorAction)
-
-	ev := errorEvent{
-		err:           err,
-		errorType:     errTypeWithAction,
-		process:       proc,
-		message:       msg,
-		errorActionCh: errActionCh,
-	}
-
-	e.errorCh <- ev
-
-	return errActionCh
-}
+// 	e.errorCh <- ev
+//
+// 	return errActionCh
+// }

 // errorAction is used to tell the process who sent the error
 // what it shall do. The process who sends the error will
@ -221,9 +221,10 @@ const (
 	// errActionContinue is ment to be used when the a process
 	// can just continue without takig any special care.
 	errActionContinue errorAction = iota
+	// TODO:
 	// errActionKill should log the error,
 	// stop the current worker process, and spawn a new.
-	errActionKill errorAction = iota
+	// errActionKill errorAction = iota
 )

 // errorType
--- a/process.go
+++ b/process.go
@ -556,9 +556,18 @@ func (p process) verifySignature(m Message) bool {
 		return true
 	}

-	fmt.Printf(" * verifySignature, fromNode: %v, method: %v, signature: %v\n", m.FromNode, m.Method, m.ArgSignature)
+	// Verify if the signature matches.
+	argsStringified := argsToString(m.MethodArgs)
+	ok := ed25519.Verify(p.processes.SignPublicKey, []byte(argsStringified), m.ArgSignature)

-	return true
+	fmt.Printf(" * verifySignature, result: %v, fromNode: %v, method: %v, signature: %s\n", ok, m.FromNode, m.Method, m.ArgSignature)
+
+	return ok
+}
+
+// argsToString takes args in the format of []string and returns a string.
+func argsToString(args []string) string {
+	return strings.Join(args, " ")
 }

 // SubscribeMessage will register the Nats callback function for the specified
@ -615,8 +624,7 @@ func (p process) publishMessages(natsConn *nats.Conn) {
 		case m := <-p.subject.messageCh:
 			// Sign the methodArgs, and add the signature to the message.
 			m.ArgSignature = p.addMethodArgSignature(m)
-			fmt.Printf(" * added signature: %v\n", m.ArgSignature)
-			fmt.Printf(" * length of sig : %v\n", len(m.ArgSignature))
+			fmt.Printf(" * DEBUG: add signature, fromNode: %v, method: %v, signature: %s\n", m.FromNode, m.Method, m.ArgSignature)

 			p.publishAMessage(m, zEnc, once, natsConn)
 		case <-p.ctx.Done():
@ -629,7 +637,7 @@ func (p process) publishMessages(natsConn *nats.Conn) {
 }

 func (p process) addMethodArgSignature(m Message) []byte {
-	argsString := strings.Join(m.MethodArgs, " ")
+	argsString := argsToString(m.MethodArgs)
 	sign := ed25519.Sign(p.processes.SignPrivateKey, []byte(argsString))

 	return sign
--- a/processes.go
+++ b/processes.go
@ -45,6 +45,10 @@ type processes struct {
 	// Full path to public signing key.
 	SignKeyPublicKeyPath string

+	// allowedSignatures  holds all the signatures,
+	// and the public keys
+	allowedSignatures allowedSignatures
+
 	// private key for ed25519 signing.
 	SignPrivateKey []byte
 	// public key for ed25519 signing.
@ -59,6 +63,9 @@ func newProcesses(ctx context.Context, metrics *metrics, tui *tui, errorKernel *
 		tui:           tui,
 		errorKernel:   errorKernel,
 		configuration: configuration,
+		allowedSignatures: allowedSignatures{
+			signatures: make(map[string]struct{}),
+		},
 	}

 	// Prepare the parent context for the subscribers.
@ -84,6 +91,15 @@ func newProcesses(ctx context.Context, metrics *metrics, tui *tui, errorKernel *

 // ----------------------

+// allowedSignatures is the structure for reading and writing from
+// the signatures map. It holds a mutex to use when interacting with
+// the map.
+type allowedSignatures struct {
+	// signatures is a map for holding all the allowed signatures.
+	signatures map[string]struct{}
+	mu         sync.Mutex
+}
+
 // loadSigningKeys will try to load the ed25519 signing keys. If the
 // files are not found new keys will be generated and written to disk.
 func (p *processes) loadSigningKeys(initProc process) error {
--- a/server.go
+++ b/server.go
@ -327,28 +327,29 @@ func (s *server) Stop() {
 // 	metrics.promInfoMessagesSentTotal.Inc()
 // }

-// createErrorMsgContent will prepare a subject and message with the content
-// of the error
-func createErrorMsgContent(conf *Configuration, FromNode Node, theError error) subjectAndMessage {
-	// Add time stamp
-	er := fmt.Sprintf("%v, node: %v, %v\n", time.Now().Format("Mon Jan _2 15:04:05 2006"), FromNode, theError.Error())
-
-	sam := subjectAndMessage{
-		Subject: newSubject(REQErrorLog, "errorCentral"),
-		Message: Message{
-			Directory:  "errorLog",
-			ToNode:     "errorCentral",
-			FromNode:   FromNode,
-			FileName:   "error.log",
-			Data:       []byte(er),
-			Method:     REQErrorLog,
-			ACKTimeout: conf.ErrorMessageTimeout,
-			Retries:    conf.ErrorMessageRetries,
-		},
-	}
-
-	return sam
-}
+// DEPRECATED
+// // createErrorMsgContent will prepare a subject and message with the content
+// // of the error
+// func createErrorMsgContent(conf *Configuration, FromNode Node, theError error) subjectAndMessage {
+// 	// Add time stamp
+// 	er := fmt.Sprintf("%v, node: %v, %v\n", time.Now().Format("Mon Jan _2 15:04:05 2006"), FromNode, theError.Error())
+//
+// 	sam := subjectAndMessage{
+// 		Subject: newSubject(REQErrorLog, "errorCentral"),
+// 		Message: Message{
+// 			Directory:  "errorLog",
+// 			ToNode:     "errorCentral",
+// 			FromNode:   FromNode,
+// 			FileName:   "error.log",
+// 			Data:       []byte(er),
+// 			Method:     REQErrorLog,
+// 			ACKTimeout: conf.ErrorMessageTimeout,
+// 			Retries:    conf.ErrorMessageRetries,
+// 		},
+// 	}
+//
+// 	return sam
+// }

 // Contains the sam value as it is used in the state DB, and also a
 // delivered function to be called when this message is picked up, so