add signature verification wrapper

Signed-off-by: John Crispin <john@phrozen.org>
2025-11-02 02:57:55 +00:00 · 2022-11-21 06:14:08 +01:00
parent ef06d00743
commit eb0c25c1f3
4 changed files with 24 additions and 14 deletions
--- a/command/cmd.uc
+++ b/command/cmd.uc
@@ -1,4 +1,5 @@
 #!/usr/bin/ucode
 push(REQUIRE_SEARCH_PATH, '/usr/share/ucentral/*.uc');
 let fs = require("fs");
 let uci = require("uci");
 let ubus = require("ubus");
--- a/command/cmd_script.uc
+++ b/command/cmd_script.uc
@@ -1,15 +1,9 @@
 function validate_signature() {
 	if (!args.signature)
 		return false;
 	return true;
 }
 let uloop = require('uloop');
 let fs = require('fs');
 let result;
 let abort;
 let decoded = b64dec(args.script);
 let signature = require('signature');
 if (!decoded) {
 	result_json({
@@ -24,7 +18,7 @@ script.write(decoded);
 script.close();
 fs.chmod("/tmp/script.cmd", 700);
-if (restrict.commands && !validate_signature()) {
+if (restrict.commands && !signature.verify("/tmp/script.cmd", args.signature)) {
 	result_json({
 		"error": 3,
 		"result": "invalid signature"
--- a/command/cmd_upgrade.uc
+++ b/command/cmd_upgrade.uc
@@ -33,13 +33,9 @@ else if (!validation_result.valid) {
 	return;
 }
 function verify_signature(file, signature) {
 	return true;
 }
 if (restrict.sysupgrade) {
-	if (!verify_signature(image_path, args.signature)) {
+	let signature = require('signature');
 	if (!signature.verify(image_path, args.signature)) {
 		result_json({
 			"error": 2,
 			"text": "Invalid signature",
--- a/renderer/signature.uc
+++ b/renderer/signature.uc
@@ -0,0 +1,19 @@
 let key_info = {
 	'dummy_static': function(file, signature) {
 		return signature == 'aaaaaaaaaa';
 	},
 };
 return {
 verify: function(file, signature) {
 	let func = key_info[restrict?.key_info?.vendor + '_' + restrict?.key_info?.algo];
 	if (!func)
 		return false;
 	return func(file, signature);
 },
 }