diff --git a/conn.go b/conn.go index b6e03268c..8c71c54c4 100644 --- a/conn.go +++ b/conn.go @@ -19,6 +19,7 @@ package main import ( "bytes" + "crypto/rsa" "encoding/json" "errors" "fmt" @@ -79,111 +80,114 @@ type Upload struct { var uploadStatusStr = "ProgrammerStatus" -func uploadHandler(c *gin.Context) { - data := new(Upload) - if err := c.BindJSON(data); err != nil { - c.String(http.StatusBadRequest, fmt.Sprintf("err with the payload. %v", err.Error())) - return - } - - log.Printf("%+v %+v %+v %+v %+v %+v", data.Port, data.Board, data.Rewrite, data.Commandline, data.Extra, data.Filename) - - if data.Port == "" { - c.String(http.StatusBadRequest, "port is required") - return - } - - if data.Board == "" { - c.String(http.StatusBadRequest, "board is required") - log.Error("board is required") - return - } - - if !data.Extra.Network { - if data.Signature == "" { - c.String(http.StatusBadRequest, "signature is required") +func uploadHandler(pubKey *rsa.PublicKey) func(*gin.Context) { + return func(c *gin.Context) { + data := new(Upload) + if err := c.BindJSON(data); err != nil { + c.String(http.StatusBadRequest, fmt.Sprintf("err with the payload. %v", err.Error())) return } - if data.Commandline == "" { - c.String(http.StatusBadRequest, "commandline is required for local board") + log.Printf("%+v %+v %+v %+v %+v %+v", data.Port, data.Board, data.Rewrite, data.Commandline, data.Extra, data.Filename) + + if data.Port == "" { + c.String(http.StatusBadRequest, "port is required") return } - err := utilities.VerifyInput(data.Commandline, data.Signature) - - if err != nil { - c.String(http.StatusBadRequest, "signature is invalid") + if data.Board == "" { + c.String(http.StatusBadRequest, "board is required") + log.Error("board is required") return } - } - buffer := bytes.NewBuffer(data.Hex) + if !data.Extra.Network { + if data.Signature == "" { + c.String(http.StatusBadRequest, "signature is required") + return + } - filePath, err := utilities.SaveFileonTempDir(data.Filename, buffer) - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return - } + if data.Commandline == "" { + c.String(http.StatusBadRequest, "commandline is required for local board") + return + } - tmpdir, err := os.MkdirTemp("", "extrafiles") - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return - } + err := utilities.VerifyInput(data.Commandline, data.Signature, pubKey) - for _, extraFile := range data.ExtraFiles { - path, err := utilities.SafeJoin(tmpdir, extraFile.Filename) - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return + if err != nil { + log.WithField("err", err).Error("Error verifying the command") + c.String(http.StatusBadRequest, "signature is invalid") + return + } } - log.Printf("Saving %s on %s", extraFile.Filename, path) - err = os.MkdirAll(filepath.Dir(path), 0744) - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return - } + buffer := bytes.NewBuffer(data.Hex) - err = os.WriteFile(path, extraFile.Hex, 0644) + filePath, err := utilities.SaveFileonTempDir(data.Filename, buffer) if err != nil { c.String(http.StatusBadRequest, err.Error()) return } - } - if data.Rewrite != "" { - data.Board = data.Rewrite - } - - go func() { - // Resolve commandline - commandline, err := upload.PartiallyResolve(data.Board, filePath, tmpdir, data.Commandline, data.Extra, Tools) + tmpdir, err := os.MkdirTemp("", "extrafiles") if err != nil { - send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) + c.String(http.StatusBadRequest, err.Error()) return } - l := PLogger{Verbose: true} - - // Upload - if data.Extra.Network { - err = errors.New("network upload is not supported anymore, pease use OTA instead") - } else { - send(map[string]string{uploadStatusStr: "Starting", "Cmd": "Serial"}) - err = upload.Serial(data.Port, commandline, data.Extra, l) + for _, extraFile := range data.ExtraFiles { + path, err := utilities.SafeJoin(tmpdir, extraFile.Filename) + if err != nil { + c.String(http.StatusBadRequest, err.Error()) + return + } + log.Printf("Saving %s on %s", extraFile.Filename, path) + + err = os.MkdirAll(filepath.Dir(path), 0744) + if err != nil { + c.String(http.StatusBadRequest, err.Error()) + return + } + + err = os.WriteFile(path, extraFile.Hex, 0644) + if err != nil { + c.String(http.StatusBadRequest, err.Error()) + return + } } - // Handle result - if err != nil { - send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) - return + if data.Rewrite != "" { + data.Board = data.Rewrite } - send(map[string]string{uploadStatusStr: "Done", "Flash": "Ok"}) - }() - c.String(http.StatusAccepted, "") + go func() { + // Resolve commandline + commandline, err := upload.PartiallyResolve(data.Board, filePath, tmpdir, data.Commandline, data.Extra, Tools) + if err != nil { + send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) + return + } + + l := PLogger{Verbose: true} + + // Upload + if data.Extra.Network { + err = errors.New("network upload is not supported anymore, pease use OTA instead") + } else { + send(map[string]string{uploadStatusStr: "Starting", "Cmd": "Serial"}) + err = upload.Serial(data.Port, commandline, data.Extra, l) + } + + // Handle result + if err != nil { + send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) + return + } + send(map[string]string{uploadStatusStr: "Done", "Flash": "Ok"}) + }() + + c.String(http.StatusAccepted, "") + } } // PLogger sends the info from the upload to the websocket diff --git a/globals/globals.go b/globals/globals.go index d7cb09a17..ac4c14666 100644 --- a/globals/globals.go +++ b/globals/globals.go @@ -15,8 +15,15 @@ package globals -// DefaultIndexURL is the default index url var ( - // SignatureKey is the public key used to verify commands and url sent by the builder - SignatureKey = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc0yZr1yUSen7qmE3cxF\nIE12rCksDnqR+Hp7o0nGi9123eCSFcJ7CkIRC8F+8JMhgI3zNqn4cUEn47I3RKD1\nZChPUCMiJCvbLbloxfdJrUi7gcSgUXrlKQStOKF5Iz7xv1M4XOP3JtjXLGo3EnJ1\npFgdWTOyoSrA8/w1rck4c/ISXZSinVAggPxmLwVEAAln6Itj6giIZHKvA2fL2o8z\nCeK057Lu8X6u2CG8tRWSQzVoKIQw/PKK6CNXCAy8vo4EkXudRutnEYHEJlPkVgPn\n2qP06GI+I+9zKE37iqj0k1/wFaCVXHXIvn06YrmjQw6I0dDj/60Wvi500FuRVpn9\ntwIDAQAB\n-----END PUBLIC KEY-----" + // ArduinoSignaturePubKey is the public key used to verify commands and url sent by the builder + ArduinoSignaturePubKey = `-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc0yZr1yUSen7qmE3cxF +IE12rCksDnqR+Hp7o0nGi9123eCSFcJ7CkIRC8F+8JMhgI3zNqn4cUEn47I3RKD1 +ZChPUCMiJCvbLbloxfdJrUi7gcSgUXrlKQStOKF5Iz7xv1M4XOP3JtjXLGo3EnJ1 +pFgdWTOyoSrA8/w1rck4c/ISXZSinVAggPxmLwVEAAln6Itj6giIZHKvA2fL2o8z +CeK057Lu8X6u2CG8tRWSQzVoKIQw/PKK6CNXCAy8vo4EkXudRutnEYHEJlPkVgPn +2qP06GI+I+9zKE37iqj0k1/wFaCVXHXIvn06YrmjQw6I0dDj/60Wvi500FuRVpn9 +twIDAQAB +-----END PUBLIC KEY-----` ) diff --git a/main.go b/main.go index 1ca857b02..41f824b1b 100755 --- a/main.go +++ b/main.go @@ -81,7 +81,7 @@ var ( logDump = iniConf.String("log", "off", "off = (default)") origins = iniConf.String("origins", "", "Allowed origin list for CORS") portsFilterRegexp = iniConf.String("regex", "usb|acm|com", "Regular expression to filter serial port list") - signatureKey = iniConf.String("signatureKey", globals.SignatureKey, "Pem-encoded public key to verify signed commandlines") + signatureKey = iniConf.String("signatureKey", globals.ArduinoSignaturePubKey, "Pem-encoded public key to verify signed commandlines") updateURL = iniConf.String("updateUrl", "", "") verbose = iniConf.Bool("v", true, "show debug logging") crashreport = iniConf.Bool("crashreport", false, "enable crashreport logging") @@ -278,9 +278,17 @@ func loop() { } } + if signatureKey == nil || len(*signatureKey) == 0 { + log.Panicf("signature public key should be set") + } + signaturePubKey, err := utilities.ParseRsaPublicKey([]byte(*signatureKey)) + if err != nil { + log.Panicf("cannot parse signature key '%s'. %s", *signatureKey, err) + } + // Instantiate Index and Tools Index = index.Init(*indexURL, config.GetDataDir()) - Tools = tools.New(config.GetDataDir(), Index, logger) + Tools = tools.New(config.GetDataDir(), Index, logger, signaturePubKey) // see if we are supposed to wait 5 seconds if *isLaunchSelf { @@ -454,7 +462,7 @@ func loop() { r.LoadHTMLFiles("templates/nofirefox.html") r.GET("/", homeHandler) - r.POST("/upload", uploadHandler) + r.POST("/upload", uploadHandler(signaturePubKey)) r.GET("/socket.io/", socketHandler) r.POST("/socket.io/", socketHandler) r.Handle("WS", "/socket.io/", socketHandler) @@ -464,7 +472,7 @@ func loop() { r.POST("/update", updateHandler) // Mount goa handlers - goa := v2.Server(config.GetDataDir().String(), Index) + goa := v2.Server(config.GetDataDir().String(), Index, signaturePubKey) r.Any("/v2/*path", gin.WrapH(goa)) go func() { diff --git a/main_test.go b/main_test.go index d6f23fcec..1387fd221 100644 --- a/main_test.go +++ b/main_test.go @@ -30,8 +30,10 @@ import ( "github.com/arduino/arduino-create-agent/config" "github.com/arduino/arduino-create-agent/gen/tools" + "github.com/arduino/arduino-create-agent/globals" "github.com/arduino/arduino-create-agent/index" "github.com/arduino/arduino-create-agent/upload" + "github.com/arduino/arduino-create-agent/utilities" v2 "github.com/arduino/arduino-create-agent/v2" "github.com/gin-gonic/gin" "github.com/stretchr/testify/require" @@ -54,7 +56,7 @@ func TestValidSignatureKey(t *testing.T) { func TestUploadHandlerAgainstEvilFileNames(t *testing.T) { r := gin.New() - r.POST("/", uploadHandler) + r.POST("/", uploadHandler(utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))) ts := httptest.NewServer(r) uploadEvilFileName := Upload{ @@ -90,7 +92,7 @@ func TestUploadHandlerAgainstEvilFileNames(t *testing.T) { func TestUploadHandlerAgainstBase64WithoutPaddingMustFail(t *testing.T) { r := gin.New() - r.POST("/", uploadHandler) + r.POST("/", uploadHandler(utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))) ts := httptest.NewServer(r) defer ts.Close() @@ -119,7 +121,7 @@ func TestInstallToolV2(t *testing.T) { Index := index.Init(indexURL, config.GetDataDir()) r := gin.New() - goa := v2.Server(config.GetDataDir().String(), Index) + goa := v2.Server(config.GetDataDir().String(), Index, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) r.Any("/v2/*path", gin.WrapH(goa)) ts := httptest.NewServer(r) @@ -213,7 +215,7 @@ func TestInstalledHead(t *testing.T) { Index := index.Init(indexURL, config.GetDataDir()) r := gin.New() - goa := v2.Server(config.GetDataDir().String(), Index) + goa := v2.Server(config.GetDataDir().String(), Index, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) r.Any("/v2/*path", gin.WrapH(goa)) ts := httptest.NewServer(r) diff --git a/tools/download_test.go b/tools/download_test.go index 7cf2fab0d..96a105fd7 100644 --- a/tools/download_test.go +++ b/tools/download_test.go @@ -21,7 +21,9 @@ import ( "testing" "time" + "github.com/arduino/arduino-create-agent/globals" "github.com/arduino/arduino-create-agent/index" + "github.com/arduino/arduino-create-agent/utilities" "github.com/arduino/arduino-create-agent/v2/pkgs" "github.com/arduino/go-paths-helper" "github.com/stretchr/testify/require" @@ -128,7 +130,7 @@ func TestDownload(t *testing.T) { IndexFile: *paths.New("testdata", "test_tool_index.json"), LastRefresh: time.Now(), } - testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }) + testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) for _, tc := range testCases { t.Run(tc.name+"-"+tc.version, func(t *testing.T) { @@ -175,7 +177,7 @@ func TestCorruptedInstalled(t *testing.T) { defer fileJSON.Close() _, err = fileJSON.Write([]byte("Hello")) require.NoError(t, err) - testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }) + testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) // Download the tool err = testTools.Download("arduino-test", "avrdude", "6.3.0-arduino17", "keep") require.NoError(t, err) diff --git a/tools/tools.go b/tools/tools.go index 5cecc5089..f371126b5 100644 --- a/tools/tools.go +++ b/tools/tools.go @@ -16,6 +16,7 @@ package tools import ( + "crypto/rsa" "encoding/json" "path/filepath" "strings" @@ -55,14 +56,14 @@ type Tools struct { // The New functions accept the directory to use to host the tools, // an index (used to download the tools), // and a logger to log the operations -func New(directory *paths.Path, index *index.Resource, logger func(msg string)) *Tools { +func New(directory *paths.Path, index *index.Resource, logger func(msg string), signPubKey *rsa.PublicKey) *Tools { t := &Tools{ directory: directory, index: index, logger: logger, installed: map[string]string{}, mutex: sync.RWMutex{}, - tools: pkgs.New(index, directory.String(), "replace"), + tools: pkgs.New(index, directory.String(), "replace", signPubKey), } _ = t.readMap() return t diff --git a/utilities/utilities.go b/utilities/utilities.go index 5979732d4..662672da7 100644 --- a/utilities/utilities.go +++ b/utilities/utilities.go @@ -30,8 +30,6 @@ import ( "os/exec" "path/filepath" "strings" - - "github.com/arduino/arduino-create-agent/globals" ) // SaveFileonTempDir creates a temp directory and saves the file data as the @@ -131,23 +129,44 @@ func SafeJoin(parent, subdir string) (string, error) { return res, nil } -// VerifyInput will verify an input against a signature +// VerifyInput will verify an input against a signature using the public key. // A valid signature is indicated by returning a nil error. -func VerifyInput(input string, signature string) error { +func VerifyInput(input string, signature string, pubKey *rsa.PublicKey) error { sign, _ := hex.DecodeString(signature) - block, _ := pem.Decode([]byte(globals.SignatureKey)) + h := sha256.New() + h.Write([]byte(input)) + d := h.Sum(nil) + return rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, d, sign) +} + +// ParseRsaPublicKey parses a public key in PEM format and returns the rsa.PublicKey object. +// Returns an error if the key is invalid. +func ParseRsaPublicKey(key []byte) (*rsa.PublicKey, error) { + block, _ := pem.Decode(key) if block == nil { - return errors.New("invalid key") + return nil, errors.New("invalid key") } - key, err := x509.ParsePKIXPublicKey(block.Bytes) + + parsedKey, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { - return err + return nil, err } - rsaKey := key.(*rsa.PublicKey) - h := sha256.New() - h.Write([]byte(input)) - d := h.Sum(nil) - return rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, d, sign) + + publicKey, ok := parsedKey.(*rsa.PublicKey) + if !ok { + return nil, fmt.Errorf("not an rsa key") + } + return publicKey, nil +} + +// MustParseRsaPublicKey parses a public key in PEM format and returns the rsa.PublicKey object. +// Panics if the key is invalid. +func MustParseRsaPublicKey(key []byte) *rsa.PublicKey { + parsedKey, err := ParseRsaPublicKey(key) + if err != nil { + panic(err) + } + return parsedKey } // UserPrompt executes an osascript and returns the pressed button diff --git a/v2/http.go b/v2/http.go index 390ec3989..2b47b93a8 100644 --- a/v2/http.go +++ b/v2/http.go @@ -17,6 +17,7 @@ package v2 import ( "context" + "crypto/rsa" "encoding/json" "net/http" @@ -31,7 +32,7 @@ import ( ) // Server is the actual server -func Server(directory string, index *index.Resource) http.Handler { +func Server(directory string, index *index.Resource, pubKey *rsa.PublicKey) http.Handler { mux := goahttp.NewMuxer() // Instantiate logger @@ -40,7 +41,7 @@ func Server(directory string, index *index.Resource) http.Handler { logAdapter := LogAdapter{Logger: logger} // Mount tools - toolsSvc := pkgs.New(index, directory, "replace") + toolsSvc := pkgs.New(index, directory, "replace", pubKey) toolsEndpoints := toolssvc.NewEndpoints(toolsSvc) toolsServer := toolssvr.New(toolsEndpoints, mux, CustomRequestDecoder, goahttp.ResponseEncoder, errorHandler(logger), nil) toolssvr.Mount(mux, toolsServer) diff --git a/v2/pkgs/tools.go b/v2/pkgs/tools.go index f09dc3f0a..7f34e3d08 100644 --- a/v2/pkgs/tools.go +++ b/v2/pkgs/tools.go @@ -18,6 +18,7 @@ package pkgs import ( "bytes" "context" + "crypto/rsa" "crypto/sha256" "encoding/hex" "encoding/json" @@ -58,23 +59,25 @@ var ( // // It requires an Index Resource to search for tools type Tools struct { - index *index.Resource - folder string - behaviour string - installed map[string]string - mutex sync.RWMutex + index *index.Resource + folder string + behaviour string + installed map[string]string + mutex sync.RWMutex + verifySignaturePubKey *rsa.PublicKey // public key used to verify the signature of a command sent to the boards } // New will return a Tool object, allowing the caller to execute operations on it. // The New function will accept an index as parameter (used to download the indexes) // and a folder used to download the indexes -func New(index *index.Resource, folder, behaviour string) *Tools { +func New(index *index.Resource, folder, behaviour string, verifySignaturePubKey *rsa.PublicKey) *Tools { t := &Tools{ - index: index, - folder: folder, - behaviour: behaviour, - installed: map[string]string{}, - mutex: sync.RWMutex{}, + index: index, + folder: folder, + behaviour: behaviour, + installed: map[string]string{}, + mutex: sync.RWMutex{}, + verifySignaturePubKey: verifySignaturePubKey, } t.readInstalled() return t @@ -166,7 +169,7 @@ func (t *Tools) Install(ctx context.Context, payload *tools.ToolPayload) (*tools //if URL is defined and is signed we verify the signature and override the name, payload, version parameters if payload.URL != nil && payload.Signature != nil && payload.Checksum != nil { - err := utilities.VerifyInput(*payload.URL, *payload.Signature) + err := utilities.VerifyInput(*payload.URL, *payload.Signature, t.verifySignaturePubKey) if err != nil { return nil, err } diff --git a/v2/pkgs/tools_test.go b/v2/pkgs/tools_test.go index edd575fc8..7bf0ff0e3 100644 --- a/v2/pkgs/tools_test.go +++ b/v2/pkgs/tools_test.go @@ -25,7 +25,9 @@ import ( "github.com/arduino/arduino-create-agent/config" "github.com/arduino/arduino-create-agent/gen/tools" + "github.com/arduino/arduino-create-agent/globals" "github.com/arduino/arduino-create-agent/index" + "github.com/arduino/arduino-create-agent/utilities" "github.com/arduino/arduino-create-agent/v2/pkgs" "github.com/arduino/go-paths-helper" "github.com/stretchr/testify/require" @@ -45,7 +47,7 @@ func TestTools(t *testing.T) { // Instantiate Index Index := index.Init(indexURL, config.GetDataDir()) - service := pkgs.New(Index, tmp, "replace") + service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background() @@ -126,7 +128,7 @@ func TestEvilFilename(t *testing.T) { // Instantiate Index Index := index.Init(indexURL, config.GetDataDir()) - service := pkgs.New(Index, tmp, "replace") + service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background() @@ -195,7 +197,7 @@ func TestInstalledHead(t *testing.T) { // Instantiate Index Index := index.Init(indexURL, config.GetDataDir()) - service := pkgs.New(Index, tmp, "replace") + service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background() @@ -216,7 +218,7 @@ func TestInstall(t *testing.T) { LastRefresh: time.Now(), } - tool := pkgs.New(testIndex, tmp, "replace") + tool := pkgs.New(testIndex, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background()