kb descriptor is now checked against its signature before loading. Anti

tamper controls in place. XXX: Please note that an attacker with phisical access can tamper either the YAML rather than the signature
thesp0nge · Oct 5, 2016 · 48eb2f7 · 48eb2f7
1 parent c8066f3
commit 48eb2f7
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 3 deletions.
diff --git a/Rakefile b/Rakefile
@@ -428,7 +428,7 @@ def __kb_pack
 
 
   open(File.join(YAML_KB, "kb.yaml"), 'w') do |f|
-    f.puts(Dawn::KnowledgeBaseExperimental.instance.kb_descriptor)
+    f.puts(Dawn::KnowledgeBaseExperimental.kb_descriptor)
   end
   puts "kb.yaml created"
   system "shasum -a 256 #{YAML_KB}/kb.yaml > #{YAML_KB}/kb.yaml.sig"

diff --git a/lib/dawn/knowledge_base_experimental.rb b/lib/dawn/knowledge_base_experimental.rb
@@ -5,6 +5,7 @@
 require 'uri'
 
 require 'yaml'
+require 'digest'
 
 module Dawn
   # This is the YAML powered experimental knowledge base
@@ -54,19 +55,42 @@ def initialize(db_path=nil)
         $logger.helo "knowledge-base-experimental", Dawn::VERSION
       end
 
+
       lines = ""
 
       path = File.join(Dir.pwd, "db")
       path = db_path unless db_path.nil?
 
+      unless File.exists?(File.join(path, "kb.yaml"))
+        $logger.error  "Missing kb.yaml in #{path}. Giving up"
+        raise "Missing kb.yaml in #{path}. Giving up"
+      end
+
+      unless File.exists?(File.join(path, "kb.yaml.sig"))
+        $logger.error  "Missing kb.yaml signature in #{path}. Giving up"
+        raise "Missing kb.yaml signature in #{path}. Giving up" 
+      end
+
       lines = File.read(File.join(path, "kb.yaml"))
-      @descriptor = YAML.load(lines)
+      hash_file = Digest::SHA256.hexdigest lines
+      hash_orig = File.read(File.join(path, "kb.yaml.sig"))
+
+      v = __verify_hash(hash_orig, hash_file)
+      if v
+        $logger.info("good kb.yaml file found. Reading knowledge base descriptor")
+        @descriptor = YAML.load(lines)
+      else
+        $logger.error("kb.yaml signature mismatch. Found #{hash_file} while expecting #{hash_orig}. Giving up")
+        raise "kb.yaml signature mismatch. Found #{hash_file} while expecting #{hash_orig}. Giving up"
+      end
+
+
     end
 
     def find(name)
     end
 
-    def kb_descriptor
+    def self.kb_descriptor
       {:kb=>{:version=>"0.0.1", :revision=>Time.now.strftime("%Y%m%d"), :api=>Dawn::VERSION}}.to_yaml
     end
 
@@ -133,6 +157,11 @@ def dump(verbose=false)
 
     end
 
+    def __verify_hash(original, computed)
+      t=original.split(' ')
+      return false if t.length != 2
+      return (t[0] == computed)
+    end
 
   end
 end