Check for signature of commandline

Read the commandline.pub key and throw error if the signature of commandline is invalid.

Need to update the webide to generate the signature

Author: matteosuppo

conn.go

@@ -3,6 +3,12 @@
 package main
 
 import (
+	"crypto"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/pem"
+	"io/ioutil"
 	"net/http"
 	"strconv"
 
@@ -61,6 +67,22 @@ func uploadHandler(c *gin.Context) {
 	if commandline == "undefined" {
 		commandline = ""
 	}
+
+	signature := c.PostForm("signature")
+	if signature == "" {
+		c.String(http.StatusBadRequest, "signature is required")
+		log.Error("signature is required")
+		return
+	}
+
+	err := verifyCommandLine(commandline, signature)
+
+	if err != nil {
+		c.String(http.StatusBadRequest, "signature is invalid")
+		log.Error("signature is invalid")
+		return
+	}
+
 	extraInfo.use_1200bps_touch, _ = strconv.ParseBool(c.PostForm("use_1200bps_touch"))
 	extraInfo.wait_for_upload_port, _ = strconv.ParseBool(c.PostForm("wait_for_upload_port"))
 	extraInfo.networkPort, _ = strconv.ParseBool(c.PostForm("network"))
@@ -90,6 +112,24 @@ func uploadHandler(c *gin.Context) {
 	}
 }
 
+func verifyCommandLine(input string, signature string) error {
+	publicKey, err := ioutil.ReadFile("commandline.pub")
+	if err != nil {
+		return err
+	}
+
+	block, _ := pem.Decode(publicKey)
+	key, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		return err
+	}
+	rsaKey := key.(*rsa.PublicKey)
+	h := sha256.New()
+	h.Write([]byte(input))
+	d := h.Sum(nil)
+	return rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, d, []byte(signature))
+}
+
 func wsHandler() *WsServer {
 	server, err := socketio.NewServer(nil)
 	if err != nil {