geist_supervisor 0.1.28

Generic OTA supervisor for field devices
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

use anyhow::{Context, Result};
use ed25519_dalek::{Signature, Verifier, VerifyingKey};
use sha2::{Digest, Sha256};
use std::path::Path;

const OTA_PUBLIC_KEY: &[u8; 32] = include_bytes!("../../keys/ota_signing_key.pub.raw");

/// Whether to hard-fail on missing signatures.
/// Set to false during transition (old unsigned releases still exist).
/// Flip to true once all releases are signed.
pub const REQUIRE_SIGNATURE: bool = false;

/// Verify a bundle's Ed25519 signature using the embedded public key.
pub fn verify_bundle(bundle_path: &Path, sig_path: &Path) -> Result<()> {
    verify_bundle_with_key(bundle_path, sig_path, OTA_PUBLIC_KEY)
}

/// Verify a bundle's Ed25519 signature using a provided public key.
/// The signature is over the SHA-256 digest of the bundle file.
pub fn verify_bundle_with_key(
    bundle_path: &Path,
    sig_path: &Path,
    public_key_bytes: &[u8; 32],
) -> Result<()> {
    tracing::info!("Verifying bundle signature: {}", bundle_path.display());

    let verifying_key =
        VerifyingKey::from_bytes(public_key_bytes).context("Invalid embedded public key")?;

    // SHA-256 of the bundle (matches what release.sh signs)
    let bundle_bytes = std::fs::read(bundle_path).context("Failed to read bundle")?;
    let digest = Sha256::digest(&bundle_bytes);

    // Load 64-byte Ed25519 signature
    let sig_bytes = std::fs::read(sig_path).context("Failed to read signature")?;
    let signature = Signature::from_slice(&sig_bytes)
        .context("Invalid signature format (expected 64 bytes)")?;

    verifying_key
        .verify(digest.as_slice(), &signature)
        .map_err(|e| anyhow::anyhow!("Signature verification FAILED: {}", e))?;

    tracing::info!("Signature verified OK");
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;
    use ed25519_dalek::SigningKey;
    use sha2::{Digest, Sha256};
    use std::fs;
    use tempfile::tempdir;

    fn test_keypair() -> (SigningKey, VerifyingKey) {
        let signing_key = SigningKey::from_bytes(&[1u8; 32]);
        let verifying_key = signing_key.verifying_key();
        (signing_key, verifying_key)
    }

    fn sign_file(signing_key: &SigningKey, file_path: &Path) -> Vec<u8> {
        use ed25519_dalek::Signer;
        let content = fs::read(file_path).unwrap();
        let digest = Sha256::digest(&content);
        let sig = signing_key.sign(digest.as_slice());
        sig.to_bytes().to_vec()
    }

    #[test]
    fn test_valid_signature() {
        let dir = tempdir().unwrap();
        let bundle_path = dir.path().join("bundle.tar.gz");
        let sig_path = dir.path().join("bundle.tar.gz.sig");

        fs::write(&bundle_path, b"test bundle content").unwrap();

        let (signing_key, verifying_key) = test_keypair();
        let sig = sign_file(&signing_key, &bundle_path);
        fs::write(&sig_path, &sig).unwrap();

        let pubkey_bytes: &[u8; 32] = verifying_key.as_bytes();
        let result = verify_bundle_with_key(&bundle_path, &sig_path, pubkey_bytes);
        assert!(
            result.is_ok(),
            "Valid signature should verify: {:?}",
            result
        );
    }

    #[test]
    fn test_corrupted_signature_fails() {
        let dir = tempdir().unwrap();
        let bundle_path = dir.path().join("bundle.tar.gz");
        let sig_path = dir.path().join("bundle.tar.gz.sig");

        fs::write(&bundle_path, b"test bundle content").unwrap();

        let (signing_key, verifying_key) = test_keypair();
        let mut sig = sign_file(&signing_key, &bundle_path);
        sig[0] ^= 0xff; // corrupt one byte
        fs::write(&sig_path, &sig).unwrap();

        let pubkey_bytes: &[u8; 32] = verifying_key.as_bytes();
        let result = verify_bundle_with_key(&bundle_path, &sig_path, pubkey_bytes);
        assert!(result.is_err(), "Corrupted signature should fail");
    }

    #[test]
    fn test_wrong_key_fails() {
        let dir = tempdir().unwrap();
        let bundle_path = dir.path().join("bundle.tar.gz");
        let sig_path = dir.path().join("bundle.tar.gz.sig");

        fs::write(&bundle_path, b"test bundle content").unwrap();

        let (signing_key, _) = test_keypair();
        let sig = sign_file(&signing_key, &bundle_path);
        fs::write(&sig_path, &sig).unwrap();

        // Different key
        let wrong_key = SigningKey::from_bytes(&[2u8; 32]);
        let wrong_verifying_key = wrong_key.verifying_key();
        let wrong_pubkey: &[u8; 32] = wrong_verifying_key.as_bytes();
        let result = verify_bundle_with_key(&bundle_path, &sig_path, wrong_pubkey);
        assert!(result.is_err(), "Wrong key should fail verification");
    }

    #[test]
    fn test_tampered_bundle_fails() {
        let dir = tempdir().unwrap();
        let bundle_path = dir.path().join("bundle.tar.gz");
        let sig_path = dir.path().join("bundle.tar.gz.sig");

        fs::write(&bundle_path, b"original content").unwrap();

        let (signing_key, verifying_key) = test_keypair();
        let sig = sign_file(&signing_key, &bundle_path);
        fs::write(&sig_path, &sig).unwrap();

        // Tamper with the bundle after signing
        fs::write(&bundle_path, b"tampered content").unwrap();

        let pubkey_bytes: &[u8; 32] = verifying_key.as_bytes();
        let result = verify_bundle_with_key(&bundle_path, &sig_path, pubkey_bytes);
        assert!(result.is_err(), "Tampered bundle should fail verification");
    }

    #[test]
    fn test_missing_sig_file() {
        let dir = tempdir().unwrap();
        let bundle_path = dir.path().join("bundle.tar.gz");
        let sig_path = dir.path().join("nonexistent.sig");

        fs::write(&bundle_path, b"test content").unwrap();

        let (_, verifying_key) = test_keypair();
        let pubkey_bytes: &[u8; 32] = verifying_key.as_bytes();
        let result = verify_bundle_with_key(&bundle_path, &sig_path, pubkey_bytes);
        assert!(result.is_err(), "Missing sig file should fail");
    }

    #[test]
    fn test_truncated_signature() {
        let dir = tempdir().unwrap();
        let bundle_path = dir.path().join("bundle.tar.gz");
        let sig_path = dir.path().join("bundle.tar.gz.sig");

        fs::write(&bundle_path, b"test content").unwrap();
        fs::write(&sig_path, b"too short").unwrap();

        let (_, verifying_key) = test_keypair();
        let pubkey_bytes: &[u8; 32] = verifying_key.as_bytes();
        let result = verify_bundle_with_key(&bundle_path, &sig_path, pubkey_bytes);
        assert!(result.is_err(), "Truncated signature should fail");
    }

    #[test]
    fn test_empty_bundle() {
        let dir = tempdir().unwrap();
        let bundle_path = dir.path().join("bundle.tar.gz");
        let sig_path = dir.path().join("bundle.tar.gz.sig");

        fs::write(&bundle_path, b"").unwrap();

        let (signing_key, verifying_key) = test_keypair();
        let sig = sign_file(&signing_key, &bundle_path);
        fs::write(&sig_path, &sig).unwrap();

        let pubkey_bytes: &[u8; 32] = verifying_key.as_bytes();
        let result = verify_bundle_with_key(&bundle_path, &sig_path, pubkey_bytes);
        assert!(
            result.is_ok(),
            "Empty bundle with valid signature should verify"
        );
    }
}