WIP: Verify file signatures

Kijewski · Kijewski · commit 0351f45334f3 · 2023-09-07T15:28:42.000+02:00
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+*.key binary=true -diff
diff --git a/Cargo.toml b/Cargo.toml
@@ -27,6 +27,8 @@ regex = "1"
 log = "0.4"
 urlencoding = "2.1"
 self-replace = "1"
+ed25519-dalek = { version = "2", optional = true }
+memmap2 = { version = "0.7", optional = true }
 
 [features]
 default = ["reqwest/default-tls"]
@@ -36,6 +38,7 @@ compression-zip-deflate = ["zip/deflate"] #
 archive-tar = ["tar"]
 compression-flate2 = ["flate2", "either"] #
 rustls = ["reqwest/rustls-tls"]
+signatures = ["ed25519-dalek", "memmap2"]
 
 [package.metadata.docs.rs]
 # Whether to pass `--all-features` to Cargo (default: false)
diff --git a/examples/github-private.key b/examples/github-private.key
@@ -0,0 +1 @@
+S��Đ*E��ʦ](Խ��V�	���yBփ�AsWVf2�N�w���E��<�$^}��п
diff --git a/examples/github-public.key b/examples/github-public.key
@@ -0,0 +1 @@
+փ�AsWVf2�N�w���E��<�$^}��п
diff --git a/examples/github.rs b/examples/github.rs
@@ -8,15 +8,15 @@ extern crate self_update;
 
 fn run() -> Result<(), Box<dyn ::std::error::Error>> {
     let releases = self_update::backends::github::ReleaseList::configure()
-        .repo_owner("jaemk")
+        .repo_owner("Kijewski")
         .repo_name("self_update")
         .build()?
         .fetch()?;
     println!("found releases:");
     println!("{:#?}\n", releases);
 
     let status = self_update::backends::github::Update::configure()
-        .repo_owner("jaemk")
+        .repo_owner("Kijewski")
         .repo_name("self_update")
         .bin_name("github")
         .show_download_progress(true)
@@ -30,6 +30,7 @@ fn run() -> Result<(), Box<dyn ::std::error::Error>> {
         // or prompting the user for input
         //.auth_token(env!("DOWNLOAD_AUTH_TOKEN"))
         .current_version(cargo_crate_version!())
+        .verifying_keys([*include_bytes!("github-public.key")])
         .build()?
         .update()?;
     println!("Update status: `{}`!", status.version());
diff --git a/src/backends/gitea.rs b/src/backends/gitea.rs
@@ -241,6 +241,8 @@ pub struct UpdateBuilder {
     progress_template: String,
     progress_chars: String,
     auth_token: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 
 impl UpdateBuilder {
@@ -385,6 +387,15 @@ impl UpdateBuilder {
         self
     }
 
+    #[cfg(feature = "signatures")]
+    pub fn verifying_keys(
+        &mut self,
+        keys: impl Into<Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>>,
+    ) -> &mut Self {
+        self.verifying_keys = keys.into();
+        self
+    }
+
     /// Confirm config and create a ready-to-use `Update`
     ///
     /// * Errors:
@@ -440,6 +451,8 @@ impl UpdateBuilder {
             show_output: self.show_output,
             no_confirm: self.no_confirm,
             auth_token: self.auth_token.clone(),
+            #[cfg(feature = "signatures")]
+            verifying_keys: self.verifying_keys.clone(),
         }))
     }
 }
@@ -462,6 +475,8 @@ pub struct Update {
     progress_template: String,
     progress_chars: String,
     auth_token: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 impl Update {
     /// Initialize a new `Update` builder
@@ -566,6 +581,11 @@ impl ReleaseUpdate for Update {
     fn api_headers(&self, auth_token: &Option<String>) -> Result<header::HeaderMap> {
         api_headers(auth_token)
     }
+
+    #[cfg(feature = "signatures")]
+    fn verifying_keys(&self) -> &[[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]] {
+        &self.verifying_keys
+    }
 }
 
 impl Default for UpdateBuilder {
@@ -586,6 +606,8 @@ impl Default for UpdateBuilder {
             progress_template: DEFAULT_PROGRESS_TEMPLATE.to_string(),
             progress_chars: DEFAULT_PROGRESS_CHARS.to_string(),
             auth_token: None,
+            #[cfg(feature = "signatures")]
+            verifying_keys: vec![],
         }
     }
 }
diff --git a/src/backends/github.rs b/src/backends/github.rs
@@ -244,6 +244,8 @@ pub struct UpdateBuilder {
     progress_chars: String,
     auth_token: Option<String>,
     custom_url: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 
 impl UpdateBuilder {
@@ -398,6 +400,15 @@ impl UpdateBuilder {
         self
     }
 
+    #[cfg(feature = "signatures")]
+    pub fn verifying_keys(
+        &mut self,
+        keys: impl Into<Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>>,
+    ) -> &mut Self {
+        self.verifying_keys = keys.into();
+        self
+    }
+
     /// Confirm config and create a ready-to-use `Update`
     ///
     /// * Errors:
@@ -450,6 +461,8 @@ impl UpdateBuilder {
             no_confirm: self.no_confirm,
             auth_token: self.auth_token.clone(),
             custom_url: self.custom_url.clone(),
+            #[cfg(feature = "signatures")]
+            verifying_keys: self.verifying_keys.clone(),
         }))
     }
 }
@@ -473,6 +486,8 @@ pub struct Update {
     progress_chars: String,
     auth_token: Option<String>,
     custom_url: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 impl Update {
     /// Initialize a new `Update` builder
@@ -590,6 +605,11 @@ impl ReleaseUpdate for Update {
     fn api_headers(&self, auth_token: &Option<String>) -> Result<HeaderMap> {
         api_headers(auth_token)
     }
+
+    #[cfg(feature = "signatures")]
+    fn verifying_keys(&self) -> &[[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]] {
+        &self.verifying_keys
+    }
 }
 
 impl Default for UpdateBuilder {
@@ -611,6 +631,8 @@ impl Default for UpdateBuilder {
             progress_chars: DEFAULT_PROGRESS_CHARS.to_string(),
             auth_token: None,
             custom_url: None,
+            #[cfg(feature = "signatures")]
+            verifying_keys: vec![],
         }
     }
 }
diff --git a/src/backends/gitlab.rs b/src/backends/gitlab.rs
@@ -238,6 +238,8 @@ pub struct UpdateBuilder {
     progress_template: String,
     progress_chars: String,
     auth_token: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 
 impl UpdateBuilder {
@@ -382,6 +384,15 @@ impl UpdateBuilder {
         self
     }
 
+    #[cfg(feature = "signatures")]
+    pub fn verifying_keys(
+        &mut self,
+        keys: impl Into<Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>>,
+    ) -> &mut Self {
+        self.verifying_keys = keys.into();
+        self
+    }
+
     /// Confirm config and create a ready-to-use `Update`
     ///
     /// * Errors:
@@ -433,6 +444,8 @@ impl UpdateBuilder {
             show_output: self.show_output,
             no_confirm: self.no_confirm,
             auth_token: self.auth_token.clone(),
+            #[cfg(feature = "signatures")]
+            verifying_keys: self.verifying_keys.clone(),
         }))
     }
 }
@@ -455,6 +468,8 @@ pub struct Update {
     progress_template: String,
     progress_chars: String,
     auth_token: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 impl Update {
     /// Initialize a new `Update` builder
@@ -564,6 +579,11 @@ impl ReleaseUpdate for Update {
     fn api_headers(&self, auth_token: &Option<String>) -> Result<header::HeaderMap> {
         api_headers(auth_token)
     }
+
+    #[cfg(feature = "signatures")]
+    fn verifying_keys(&self) -> &[[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]] {
+        &self.verifying_keys
+    }
 }
 
 impl Default for UpdateBuilder {
@@ -584,6 +604,8 @@ impl Default for UpdateBuilder {
             progress_template: DEFAULT_PROGRESS_TEMPLATE.to_string(),
             progress_chars: DEFAULT_PROGRESS_CHARS.to_string(),
             auth_token: None,
+            #[cfg(feature = "signatures")]
+            verifying_keys: vec![],
         }
     }
 }
diff --git a/src/backends/s3.rs b/src/backends/s3.rs
@@ -153,6 +153,8 @@ pub struct UpdateBuilder {
     progress_template: String,
     progress_chars: String,
     auth_token: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 
 impl Default for UpdateBuilder {
@@ -174,6 +176,8 @@ impl Default for UpdateBuilder {
             progress_template: DEFAULT_PROGRESS_TEMPLATE.to_string(),
             progress_chars: DEFAULT_PROGRESS_CHARS.to_string(),
             auth_token: None,
+            #[cfg(feature = "signatures")]
+            verifying_keys: vec![],
         }
     }
 }
@@ -318,6 +322,15 @@ impl UpdateBuilder {
         self
     }
 
+    #[cfg(feature = "signatures")]
+    pub fn verifying_keys(
+        &mut self,
+        keys: impl Into<Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>>,
+    ) -> &mut Self {
+        self.verifying_keys = keys.into();
+        self
+    }
+
     /// Confirm config and create a ready-to-use `Update`
     ///
     /// * Errors:
@@ -366,6 +379,8 @@ impl UpdateBuilder {
             show_output: self.show_output,
             no_confirm: self.no_confirm,
             auth_token: self.auth_token.clone(),
+            #[cfg(feature = "signatures")]
+            verifying_keys: self.verifying_keys.clone(),
         }))
     }
 }
@@ -389,6 +404,8 @@ pub struct Update {
     progress_template: String,
     progress_chars: String,
     auth_token: Option<String>,
+    #[cfg(feature = "signatures")]
+    verifying_keys: Vec<[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]>,
 }
 
 impl Update {
@@ -493,6 +510,11 @@ impl ReleaseUpdate for Update {
     fn auth_token(&self) -> Option<String> {
         self.auth_token.clone()
     }
+
+    #[cfg(feature = "signatures")]
+    fn verifying_keys(&self) -> &[[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]] {
+        &self.verifying_keys
+    }
 }
 
 /// Obtain list of releases from AWS S3 API, from bucket and region specified,
diff --git a/src/errors.rs b/src/errors.rs
@@ -20,6 +20,7 @@ pub enum Error {
     Reqwest(reqwest::Error),
     SemVer(semver::Error),
     ArchiveNotEnabled(String),
+    NoValidSignature,
 }
 
 impl std::fmt::Display for Error {
@@ -37,6 +38,7 @@ impl std::fmt::Display for Error {
             #[cfg(feature = "archive-zip")]
             Zip(ref e) => write!(f, "ZipError: {}", e),
             ArchiveNotEnabled(ref s) => write!(f, "ArchiveNotEnabled: Archive extension '{}' not supported, please enable 'archive-{}' feature!", s, s),
+            NoValidSignature => write!(f, "No valid signature found"),
         }
     }
 }
diff --git a/src/update.rs b/src/update.rs
@@ -121,6 +121,9 @@ pub trait ReleaseUpdate {
     /// Authorisation token for communicating with backend
     fn auth_token(&self) -> Option<String>;
 
+    #[cfg(feature = "signatures")]
+    fn verifying_keys(&self) -> &[[u8; ed25519_dalek::PUBLIC_KEY_LENGTH]];
+
     /// Construct a header with an authorisation entry if an auth token is provided
     fn api_headers(&self, auth_token: &Option<String>) -> Result<header::HeaderMap> {
         let mut headers = header::HeaderMap::new();
@@ -235,6 +238,38 @@ pub trait ReleaseUpdate {
         Extract::from_source(&tmp_archive_path)
             .extract_file(tmp_archive_dir.path(), &bin_path_in_archive)?;
         let new_exe = tmp_archive_dir.path().join(&bin_path_in_archive);
+
+        #[cfg(feature = "signatures")]
+        {
+            use std::io::Read;
+
+            let verifying_keys = self.verifying_keys();
+            if !verifying_keys.is_empty() {
+                // TODO: FIXME: this only works for signed .zip files, not .tar
+                let mut signature = [0; ed25519_dalek::SIGNATURE_LENGTH];
+                fs::File::open(&tmp_archive_path)?.read_exact(&mut signature)?;
+                let signature = ed25519_dalek::Signature::from_bytes(&signature);
+
+                let exe = fs::File::open(&new_exe)?;
+                let exe = unsafe { memmap2::Mmap::map(&exe)? };
+
+                let mut valid_signature = false;
+                for (idx, bytes) in verifying_keys.into_iter().enumerate() {
+                    let key = match ed25519_dalek::VerifyingKey::from_bytes(&bytes) {
+                        Ok(key) => key,
+                        Err(_) => panic!("Key #{} is invalid", idx),
+                    };
+                    if key.verify_strict(&exe, &signature).is_ok() {
+                        valid_signature = true;
+                        break;
+                    }
+                }
+                if !valid_signature {
+                    return Err(Error::NoValidSignature);
+                }
+            }
+        }
+
         println(show_output, "Done");
 
         print_flush(show_output, "Replacing binary file... ")?;

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+S��Đ*E��ʦ](Խ��V� ��yBփ�AsWVf2�N�w��E��<�$^}��п`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+փ�AsWVf2�N�w��E��<�$^}��п`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ pub enum Error {`
`20`	`20`	`Reqwest(reqwest::Error),`
`21`	`21`	`SemVer(semver::Error),`
`22`	`22`	`ArchiveNotEnabled(String),`
	`23`	`+ NoValidSignature,`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`impl std::fmt::Display for Error {`
`@@ -37,6 +38,7 @@ impl std::fmt::Display for Error {`
`37`	`38`	`#[cfg(feature = "archive-zip")]`
`38`	`39`	`Zip(ref e) => write!(f, "ZipError: {}", e),`
`39`	`40`	`ArchiveNotEnabled(ref s) => write!(f, "ArchiveNotEnabled: Archive extension '{}' not supported, please enable 'archive-{}' feature!", s, s),`
	`41`	`+ NoValidSignature => write!(f, "No valid signature found"),`
`40`	`42`	`}`
`41`	`43`	`}`
`42`	`44`	`}`