Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allow to specify custom signatureKey in the config.ini #1024

Merged
merged 15 commits into from
Mar 27, 2025
Merged

fix: allow to specify custom signatureKey in the config.ini #1024

merged 15 commits into from
Mar 27, 2025
+172 −123

Conversation

dido18
Copy link
Contributor

@dido18 dido18 commented Mar 25, 2025
edited
Loading

Please check if the PR fulfills these requirements

  • The PR has no duplicates (please search among the Pull Requests
    before creating one)
  • Tests for the changes have been added (for bug fixes / features)
  • What kind of change does this PR introduce?
    Bug fix. Verify the signatures using a custom public key is not working anymore.
  • What is the current behavior?
    The create-agent ignores the signatureKey in the config.ini and always uses the Arduino public key, so the signature verification fails.
  1. Generate pub/keys pairs like this
### Create a private key
openssl genrsa -out private_24MAR25_B.pem 2048

### Extract the public key from the private key
openssl rsa -pubout -in private_24MAR25_B.pem -out public_24MAR25_B.pem

### Format the public key for the config.ini file -> paste in Arduino Create config.ini file and add a comment for file name
awk 'NR>0 {printf "%s\\n", $0}' public_24MAR25_B.pem
  1. Add the signatureKey into the /home/<user>/.config/ArduinoCreateAgent/config.ini
signatureKey='-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHP52M8dCYDGaC4UaOvU\ncfLqhteGX75EnbXMr6iOg7r7Of+doFV+Ee233Ly/di15CXaju3EpgUka5QSu6z2m\n4sne32aGw6T/eggY636CKcRHFPFjLmXX0CHq+Evg3E4g8W7Yslo2qu1SP3ySZCqe\nVpZHSeehlxFPpQKWXa1YiNF0gWh3cNQ0wneOsJ+ndShSuQ5C2YnSEoeoiEGVFOS0\nevX4GEdadudGBjHQUKjhj+k3Ydaz014aIIC7CUVkQog9B7vpB+znHJH/gCl9DqYO\n4mjPfHG4c5ppNu455hEe75R5q9bPc7TjBA3jpZsdrBY05lX2Q2nAQgSYIHpf78xl\n7wIDAQAB\n-----END PUBLIC KEY-----\n'
  1. Sign the command hello with the private key generated in the step before with the go code below
import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/hex"
	"encoding/pem"
	"errors"
	"fmt"
)

func main() {
	key := `-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0c/nYzx0JgMZo
<YOUR-REST-OF-PRIVATE-KEY>
-----END PRIVATE KEY-----
`
	res, err := sign([]byte("hello"), []byte(key))
	if err != nil {
		panic(err)
	}
	fmt.Println(string(res))
}

func sign(message []byte, key []byte) (string, error) {
	block, _ := pem.Decode(key)
	if block == nil {
		return "", errors.New("While decoding key " + string(key))
	}
	rng := rand.Reader
	private, err := x509.ParsePKCS8PrivateKey(block.Bytes)
	if err != nil {
		return "", errors.New("While parsing key " + err.Error())
	}

	hashed := sha256.Sum256(message)
	signature, err := rsa.SignPKCS1v15(rng, private.(*rsa.PrivateKey), crypto.SHA256, hashed[:])
	if err != nil {
		return "", errors.New("While signing message ")
	}

	return hex.EncodeToString(signature), nil
}
  1. Launch the agent and create the test.sh script:
response=$(curl -s -w " status code: %{http_code}" -X POST -H "Content-Type: application/json" -d '{
   "commandline":"hello",
   "port":"/dev/ttyACM1",
   "board":"arduino:avr:leonardo",
   "signature":"ae4f40d5a4f5d57df432ee41e3d2250fe611ce22c9aa6033dd5d764bff6dd8525342bd7ead24e6d6b3fe72a70a2b94e3073148776010fafff52d37d0afaba69f9390efe19ea8231d2e8f29c68bc6fc5b59cc5a48af237fec921799c9b5f98e5c18fb9efde3d6f19f2df2f7626bd6c42c167a60bb8452c08c4e0aa8e49092c27df709a3eed9b4bc2cf1b22c252d8055fce9c0ce13003e6bde41bbf669f85c409b80e4339af4d08706b1a67c1726393b0528ce4585567d4821b6e981c95805618ff6237171b2ff87ae3b9a0130b32730d3571d18eb8ac4113f70aebca6e2dd0562364cde90fbe4e121b5a84917ad30e8a18e0b6d0ca0152d3a995098eb9c0a761f",
   "filename":"test"
}' http://127.0.0.1:8991/upload)

echo "Response: $response"
  1. Launch the shell script:
$ ./test.sh                                                                                                                                                  
Response: signature is invalid status code: 400
  • What is the new behavior?

Add the signatureKey into the config.ini with this format (using backtick)

signatureKey = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHP52M8dCYDGaC4UaOvU
cfLqhteGX75EnbXMr6iOg7r7Of+doFV+Ee233Ly/di15CXaju3EpgUka5QSu6z2m
4sne32aGw6T/eggY636CKcRHFPFjLmXX0CHq+Evg3E4g8W7Yslo2qu1SP3ySZCqe
VpZHSeehlxFPpQKWXa1YiNF0gWh3cNQ0wneOsJ+ndShSuQ5C2YnSEoeoiEGVFOS0
evX4GEdadudGBjHQUKjhj+k3Ydaz014aIIC7CUVkQog9B7vpB+znHJH/gCl9DqYO
4mjPfHG4c5ppNu455hEe75R5q9bPc7TjBA3jpZsdrBY05lX2Q2nAQgSYIHpf78xl
7wIDAQAB
-----END PUBLIC KEY-----`

If the test.sh is launched, the result is

Response:  status code: 202
  • Does this PR introduce a breaking change?
    It should not.

Notable changes are the following:

  • the /upload endpoint logs an error if the signature verification fails log.WithField("err", err).Error("Error verifying the command") (while before the error was not shown anywhere)
  • the signatureKey must be specified in the confi.ini wrapped with backthick ( ` )
  • add a section to the wiki page
  • Other information:
    Other correlated issues

Forum discussion about this issue: https://forum.arduino.cc/t/signing-command-line-for-arduino-create-agent/1366082/2

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 25, 2025
View reviewed changes
@codecov-commenter
Copy link

codecov-commenter commented Mar 25, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 35.65217% with 74 lines in your changes missing coverage. Please review.

Project coverage is 20.23%. Comparing base (5fcb7c4) to head (2237ff0).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
conn.go 21.91% 54 Missing and 3 partials ⚠️
main.go 0.00% 10 Missing ⚠️
utilities/utilities.go 65.00% 5 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1024      +/-   ##
==========================================
+ Coverage   20.14%   20.23%   +0.09%     
==========================================
  Files          42       42              
  Lines        3222     3242      +20     
==========================================
+ Hits          649      656       +7     
- Misses       2488     2499      +11     
- Partials       85       87       +2
Flag Coverage Δ
unit 20.23% <35.65%> (+0.09%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dido18 dido18 changed the title Fix invalid signature with custom keys Fix invalid signature with custom public key Mar 26, 2025
@dido18 dido18 changed the title Fix invalid signature with custom public key fix: allow to specify custom signatureKey in the config.ini Mar 26, 2025
@dido18 dido18 mentioned this pull request Mar 26, 2025
Closed
@dido18 dido18 marked this pull request as ready for review March 26, 2025 11:47
@dido18 dido18 requested a review from a team March 26, 2025 13:34
alessio-perugini
alessio-perugini requested changes Mar 26, 2025
View reviewed changes
lucarin91
lucarin91 reviewed Mar 26, 2025
View reviewed changes
Copy link
Contributor

@lucarin91 lucarin91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have some concerns on the ini file parsing, it seems not so stable to do a replace all on the \\n. I would try to investigate if we can do better then that.

@dido18
Copy link
Contributor Author

dido18 commented Mar 26, 2025
edited
Loading

I have some concerns on the ini file parsing, it seems not so stable to do a replace all on the \\n. I would try to investigate if we can do better then that.

To avoid possible issue with the replaceAll, we may allow only the multiline format using the backtick operator

Supported format

Multiline using the backtick

signatureKey = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHP52M8dCYDGaC4UaOvU
cfLqhteGX75EnbXMr6iOg7r7Of+doFV+Ee233Ly/di15CXaju3EpgUka5QSu6z2m
4sne32aGw6T/eggY636CKcRHFPFjLmXX0CHq+Evg3E4g8W7Yslo2qu1SP3ySZCqe
VpZHSeehlxFPpQKWXa1YiNF0gWh3cNQ0wneOsJ+ndShSuQ5C2YnSEoeoiEGVFOS0
evX4GEdadudGBjHQUKjhj+k3Ydaz014aIIC7CUVkQog9B7vpB+znHJH/gCl9DqYO
4mjPfHG4c5ppNu455hEe75R5q9bPc7TjBA3jpZsdrBY05lX2Q2nAQgSYIHpf78xl
7wIDAQAB
-----END PUBLIC KEY-----`

Rejected format

  1. Inline format with \n are converted into \\n by the go-ini lib)
signatureKey = '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHP52M8dCYDGaC4UaOvU\ncfLqhteGX75EnbXMr6iOg7r7Of+doFV+Ee233Ly/di15CXaju3EpgUka5QSu6z2m\n4sne32aGw6T/eggY636CKcRHFPFjLmXX0CHq+Evg3E4g8W7Yslo2qu1SP3ySZCqe\nVpZHSeehlxFPpQKWXa1YiNF0gWh3cNQ0wneOsJ+ndShSuQ5C2YnSEoeoiEGVFOS0\nevX4GEdadudGBjHQUKjhj+k3Ydaz014aIIC7CUVkQog9B7vpB+znHJH/gCl9DqYO\n4mjPfHG4c5ppNu455hEe75R5q9bPc7TjBA3jpZsdrBY05lX2Q2nAQgSYIHpf78xl\n7wIDAQAB\n-----END PUBLIC KEY-----\n'

Rejected with the error

msg="cannot parse signature key '-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHP52M8dCYDGaC4UaOvU\\ncfLqhteGX75EnbXMr6iOg7r7Of+doFV+Ee233Ly/di15CXaju3EpgUka5QSu6z2m\\n4sne32aGw6T/eggY636CKcRHFPFjLmXX0CHq+Evg3E4g8W7Yslo2qu1SP3ySZCqe\\nVpZHSeehlxFPpQKWXa1YiNF0gWh3cNQ0wneOsJ+ndShSuQ5C2YnSEoeoiEGVFOS0\\nevX4GEdadudGBjHQUKjhj+k3Ydaz014aIIC7CUVkQog9B7vpB+znHJH/gCl9DqYO\\n4mjPfHG4c5ppNu455hEe75R5q9bPc7TjBA3jpZsdrBY05lX2Q2nAQgSYIHpf78xl\\n7wIDAQAB\\n-----END PUBLIC KEY-----\\n'
  1. Multiline using the single or double quotes:
signatureKey = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHP52M8dCYDGaC4UaOvU
cfLqhteGX75EnbXMr6iOg7r7Of+doFV+Ee233Ly/di15CXaju3EpgUka5QSu6z2m
4sne32aGw6T/eggY636CKcRHFPFjLmXX0CHq+Evg3E4g8W7Yslo2qu1SP3ySZCqe
VpZHSeehlxFPpQKWXa1YiNF0gWh3cNQ0wneOsJ+ndShSuQ5C2YnSEoeoiEGVFOS0
evX4GEdadudGBjHQUKjhj+k3Ydaz014aIIC7CUVkQog9B7vpB+znHJH/gCl9DqYO
4mjPfHG4c5ppNu455hEe75R5q9bPc7TjBA3jpZsdrBY05lX2Q2nAQgSYIHpf78xl
7wIDAQAB
-----END PUBLIC KEY-----"

Error:

level=panic msg="config.ini cannot be parsed: key-value delimiter not found

@lucarin91
Copy link
Contributor

@dido18 Can you please add some documentation about this new key format in the ini file?

@dido18
Copy link
Contributor Author

dido18 commented Mar 26, 2025
edited
Loading

@dido18 Can you please add some documentation about this new key format in the ini file?

I update the wiki page with a new section

lucarin91
lucarin91 reviewed Mar 26, 2025
View reviewed changes
cmaglie
cmaglie approved these changes Mar 26, 2025
View reviewed changes
Copy link
Member

@cmaglie cmaglie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally, it's working for me 👍🏼

@dido18 dido18 merged commit 901728d into main Mar 27, 2025
42 checks passed
@dido18 dido18 deleted the fix-invalid-signature-with-custom-keys branch March 27, 2025 08:54
@Xayton Xayton added this to the 1.7.0 milestone Mar 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmaglie cmaglie cmaglie approved these changes

@lucarin91 lucarin91 lucarin91 approved these changes

@alessio-perugini alessio-perugini alessio-perugini approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.7.0
Development

Successfully merging this pull request may close these issues.
6 participants
@dido18 @codecov-commenter @lucarin91 @cmaglie @alessio-perugini @Xayton