package onerng
import (
"bytes"
"context"
"fmt"
"io"
"os"
//nolint:staticcheck
"golang.org/x/crypto/openpgp"
)
// Verify reads a signed firmware image, extracts the signature, and verifies
// it against the given public key.
//
// Details are printed to Stderr on success, otherwise an error is returned.
//
// The general logic is ported from the official onerng_verify.py script
// distributed alongside the OneRNG package.
func Verify(_ context.Context, image io.Reader, pubkey string) error {
if err := readMagic(image); err != nil {
return fmt.Errorf("failed to find magic number: %w", err)
}
length, version, err := readHeader(image)
if err != nil {
return fmt.Errorf("failed to read header: %w", err)
}
return readAndVerify(image, version, length, pubkey)
}
func read(r io.Reader, p []byte) error {
n, err := r.Read(p)
if err != nil {
return fmt.Errorf("read failed: %w", err)
}
if n == 0 {
return fmt.Errorf("short read")
}
return nil
}
// readHeader reads the header and returns the length and the version
//
//nolint:gomnd
func readHeader(r io.Reader) (length, version int, err error) {
// read the length
l := make([]byte, 3)
if err := read(r, l); err != nil {
return 0, 0, fmt.Errorf("failed reading length: %w", err)
}
length = int(l[0])
length |= int(l[1]) << 8
length |= int(l[2]) << 16
// read the version
l = make([]byte, 2)
if err := read(r, l); err != nil {
return 0, 0, fmt.Errorf("failed reading version: %w", err)
}
version = int(l[0])
version |= int(l[1]) << 8
// read the actual code size - we don't use it yet
if err := read(r, make([]byte, 2)); err != nil {
return 0, 0, fmt.Errorf("failed reading actual code size: %w", err)
}
return length, version, nil
}
// readMagic reads the input until the magic sequence 0xfeedbeef2014 is found
func readMagic(r io.Reader) error {
for i := int8(0); i < 6; i++ {
c := make([]byte, 1)
if err := read(r, c); err != nil {
return fmt.Errorf("couldn't read header: %w", err)
}
x := c[0]
switch {
case i == 0 && x == 0xfe,
i == 1 && x == 0xed,
i == 2 && x == 0xbe,
i == 3 && x == 0xef,
i == 4 && x == 0x20,
i == 5 && x == 0x14:
// as long as this looks like the magic number, keep going!
continue
default:
i = 0
}
}
return nil
}
func readAndVerify(image io.Reader, version, length int, pubkey string) error {
signed, signature, err := parseImage(image, version, length)
if err != nil {
return err
}
signer, err := verifyImage(signed, signature, pubkey)
if err != nil {
return err
}
fmt.Fprintf(os.Stderr, "firmware verification passed OK - version=%d\n", version)
for _, id := range signer.Identities {
fmt.Fprintf(os.Stderr, "signed by: %#v\n", id.Name)
fmt.Fprintf(os.Stderr, "\tcreated: %q\n", id.SelfSignature.CreationTime)
fmt.Fprintf(os.Stderr, "\tfingerprint: %X\n", signer.PrimaryKey.Fingerprint)
}
return nil
}
func verifyImage(signed, sig []byte, pubkey string) (signer *openpgp.Entity, err error) {
// read public key
keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(pubkey))
if err != nil {
return nil, err
}
// verify
signer, err = openpgp.CheckDetachedSignature(
keyring,
bytes.NewBuffer(signed),
bytes.NewBuffer(sig),
)
if err != nil {
return nil, fmt.Errorf("failed to verify firmware signature: %w", err)
}
return signer, nil
}
//nolint:gomnd
func parseImage(image io.Reader, version, length int) (signed, sig []byte, err error) {
c := make([]byte, length)
n, err := io.ReadAtLeast(image, c, length)
if err != nil {
return nil, nil, err
}
if n != length {
return nil, nil, fmt.Errorf("bad image: wrong length: was %d, expected %d", n, length)
}
// determine end offset
endOff := 0
if version >= 3 {
endOff = 680
} else {
endOff = 600
}
// signature length - 2 bytes between image and signature
slen := int(c[length-endOff])
slen |= int(c[length-endOff+1]) << 8
// split last part into image (signed part) & signature
signed = c[0 : length-endOff]
sig = c[length-endOff+2 : length-endOff+2+slen]
return signed, sig, nil
}