From patchwork Mon Dec  5 20:40:43 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [RFC,v6,05/11] Added package fff-hoodsync
From: Jan Kraus <mayosemmel@googlemail.com>
X-Patchwork-Id: 251
Message-Id: <1480970449-5332-6-git-send-email-mayosemmel@gmail.com>
To: franken-dev@freifunk.net
Cc: Jan Kraus <mayosemmel@gmail.com>
Date: Mon,  5 Dec 2016 21:40:43 +0100

the package will synchronize and verify hood- and keyfiles

Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
---
 .../fff/fff-fastd/files/usr/lib/micron.d/fff-fastd |  1 +
 src/packages/fff/fff-hoodsync/Makefile             | 39 ++++++++++++++
 .../fff/fff-hoodsync/files/usr/lib/verifysigs      | 62 ++++++++++++++++++++++
 .../fff/fff-hoodsync/files/usr/sbin/syncHoods      | 25 +++++++++
 .../fff/fff-hoodsync/files/usr/sbin/verifyHoods    | 56 +++++++++++++++++++
 .../fff/fff-hoodsync/files/usr/sbin/verifyKeys     | 56 +++++++++++++++++++
 src/packages/fff/fff/Makefile                      |  3 +-
 7 files changed, 241 insertions(+), 1 deletion(-)
 create mode 100644 src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
 create mode 100644 src/packages/fff/fff-hoodsync/Makefile
 create mode 100644 src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs
 create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods
 create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods
 create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys

diff --git a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd b/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
new file mode 100644
index 0000000..9399c4f
--- /dev/null
+++ b/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
@@ -0,0 +1 @@
+*/10 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/fastdstart
diff --git a/src/packages/fff/fff-hoodsync/Makefile b/src/packages/fff/fff-hoodsync/Makefile
new file mode 100644
index 0000000..ccfc6ee
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/Makefile
@@ -0,0 +1,39 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-hoodsync
+PKG_VERSION:=0.0.1
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoodsync
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-hoodsync
+    SECTION:=base
+    CATEGORY:=Freifunk
+    TITLE:= Freifunk-Franken hoodfile synchronisation
+    URL:=http://www.freifunk-franken.de
+    DEPENDS:=+fff-hoods +libubox +ecdsautils
+endef
+
+define Package/fff-hoodsync/description
+    This package synchronises and verifys hoodfiles and keyfiles
+endef
+
+define Build/Prepare
+	echo "all: " > $(PKG_BUILD_DIR)/Makefile
+endef
+
+define Build/Configure
+	# nothing
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-hoodsync/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-hoodsync))
diff --git a/src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs b/src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs
new file mode 100644
index 0000000..26718e4
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+
+if [ -z "$TRUSTEDKEYDIR" ]; then
+    TRUSTEDKEYDIR=/etc/hoods/keys
+fi
+
+gettrustedkeys()
+{
+    local trustedkeys=""
+    for keyfile in $TRUSTEDKEYDIR/*.key
+    do
+        json_load "$(cat $keyfile)"
+        json_get_var valid valid
+        if [ "$valid" == "true" ]
+        then
+            json_get_var PubKey PubKey
+            trustedkeys="$trustedkeys,$PubKey"
+        fi
+    done
+    echo "$trustedkeys"
+}
+
+verifysigs()
+{
+    local file="$1"
+    local sigfile="$2"
+    local sigsneeded="$3"
+    local trustedkeys="$(gettrustedkeys)"
+    echo "Check if signatures for $file are valid"
+    echo "Parsing $sigfile"
+    json_load "$(cat $sigfile)"
+    json_select Sigs
+    local Sigs=""
+    local Keys=""
+    local Index="1"
+    while json_select $Index > /dev/null
+    do
+        json_get_var SigPubKey PubKey
+        if echo "$Keys"|grep "$SigPubKey" > /dev/null
+        then
+            echo "$SigPubKey is duplicate"
+        elif echo "$trustedkeys"|grep "$SigPubKey" > /dev/null
+        then
+            Keys="$Keys -p $SigPubKey"
+            json_get_var Sig Sig
+            Sigs="$Sigs -s $Sig"
+        else
+            echo "$SigPubKey is not trusted"
+        fi
+        json_select ".."
+        Index=$((Index+1))
+    done
+    if ecdsaverify -n $sigsneeded $Sigs $Keys $file;then
+        echo "Valid Signatures"
+        return 0
+    else
+        echo "Invalid Signatures"
+        return 1
+    fi
+}
diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods b/src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods
new file mode 100755
index 0000000..f32d2a1
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+UPDATELINK="http://[fdff:3::e418:c9ff:fec6:9d7d]/foo/hoods"
+HOODDIR=/tmp/syncedhoods
+KEYDIR=/tmp/syncedkeys
+
+rm -rf "$HOODDIR"
+rm -rf "$KEYDIR"
+mkdir -p "$HOODDIR"
+mkdir -p "$KEYDIR"
+rm -f /tmp/hoods.list
+rm -f /tmp/keys.list
+wget "$UPDATELINK/hoods.list" -O /tmp/hoods.list
+wget "$UPDATELINK/keys/keys.list" -O /tmp/keys.list
+
+while read filename
+do
+    wget  "$UPDATELINK/$filename" -O "$HOODDIR/$filename"
+done < /tmp/hoods.list
+
+while read filename
+do
+    wget  "$UPDATELINK/keys/$filename" -O "$KEYDIR/$filename"
+done < /tmp/keys.list
+
diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods
new file mode 100755
index 0000000..af06fcc
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+. /usr/lib/verifysigs
+
+TRUSTEDHOODDIR=/etc/hoods
+
+if [ -z "$1" ]
+then
+    echo "Setting Hood directory to $1"
+    HOODDIR="$1"
+else
+    echo "Setting Hood directory to $TRUSTEDHOODDIR"
+    HOODDIR="$TRUSTEDHOODDIR"
+fi
+
+for hoodfile in $HOODDIR/*.hood
+do
+    echo "Check if hood-files are valid"
+    echo "Parsing $(basename $hoodfile)"
+    json_load "$(cat $hoodfile)"
+    json_select hood
+    json_get_var newHoodName name
+    json_get_var newTimestamp timestamp
+    if [ -f "$TRUSTEDHOODDIR/$newHoodName.hood" ]
+    then
+        json_load "$(cat $TRUSTEDHOODDIR/$newHoodName.hood)"
+        json_select hood
+        json_get_var oldHoodName name
+        json_get_var oldTimestamp timestamp
+        if [ "$newHoodName" != "$oldHoodName" ]
+        then
+            echo "Hoodnames are not matching"
+            rm -f "$hoodfile"
+            rm -f "$hoodfile".sig
+        fi
+        if [ "$newTimestamp" -le "$oldTimestamp" ]
+        then
+            echo "the synchronized file is older than current"
+            rm -f "$hoodfile"
+            rm -f "$hoodfile".sig
+        fi
+    fi
+    if verifysigs "$hoodfile" "$hoodfile.sig" "2"
+    then
+        echo "There are enough valid Signatures, so hoodfile is now trusted."
+        cp "$hoodfile" "$TRUSTEDHOODDIR/."
+        cp "$hoodfile".sig "$TRUSTEDHOODDIR/."
+    else
+        echo "There aren't enough valid Signatures"
+        echo "$hoodfile will be removed now"
+        rm -f "$hoodfile"
+        rm -f "$hoodfile".sig
+    fi
+    echo
+done
diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys
new file mode 100755
index 0000000..36f2ad5
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+. /usr/lib/verifysigs
+
+TRUSTEDKEYDIR=/etc/hoods/keys
+
+if [ -z "$1" ]
+then
+    echo "Setting Key directory to $1"
+    KEYDIR="$1"
+else
+    echo "Setting Key directory to $TRUSTEDKEYDIR"
+    KEYDIR="$TRUSTEDKEYDIR"
+fi
+
+for keyfile in $KEYDIR/*.key
+do
+    echo "Check if key-signatures are valid"
+    echo "Parsing $(basename $keyfile)"
+    json_load "$(cat $keyfile)"
+    json_select key
+    json_get_var newTimestamp timestamp
+    if [ -f "$TRUSTEDKEYDIR/$(basename $keyfile)" ]
+    then
+        json_load "$(cat $TRUSTEDKEYDIR/$(basename $keyfile))"
+        json_select key
+        json_get_var oldTimestamp timestamp
+        if [ "$newTimestamp" -le "$oldTimestamp" ]
+        then
+            echo "the synchronized file is older than current"
+            rm -f "$keyfile"
+            rm -f "$keyfile".sig
+        fi
+    fi
+    if verifysigs "$keyfile" "$keyfile.sig" "2"
+    then
+        cp "$keyfile" "$TRUSTEDKEYDIR/."
+        cp "$keyfile".sig "$TRUSTEDKEYDIR/."
+        json_load "$(cat $TRUSTEDKEYDIR/$(basename $keyfile))"
+        json_select key
+        json_get_var valid valid
+        if [ "$valid" == "true" ]
+        then
+            echo "There are enough valid Signatures, so key is now trusted."
+        else
+            echo "There are enough valid Signatures. The key was revoked."
+        fi
+    else
+        echo "There aren't enough valid Signatures"
+        echo "$keyfile will be removed"
+        rm -f "$keyfile"
+        rm -f "$keyfile".sig
+    fi
+done
+
diff --git a/src/packages/fff/fff/Makefile b/src/packages/fff/fff/Makefile
index 41e53d7..d9253bd 100644
--- a/src/packages/fff/fff/Makefile
+++ b/src/packages/fff/fff/Makefile
@@ -26,7 +26,8 @@ define Package/fff-base
              +fff-wireless \
              +fff-timeserver \
              +fff-vpn-select \
-             +fff-hoods
+             +fff-hoods \
+             +fff-hoodsync
 endef
 
 define Package/fff-base/description