aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAqua-sama <aqua@iserlohn-fortress.net>2019-04-19 17:27:39 +0300
committerAqua-sama <aqua@iserlohn-fortress.net>2019-04-19 17:27:39 +0300
commitc5576c85c92c464ff3aa53f680ce18d8b51f60ab (patch)
tree042c50df8fc1b9bb9a08656ca7200fa3af5b1086 /lib
parentUse scdoc to generate manpages (diff)
downloadsmolbote-c5576c85c92c464ff3aa53f680ce18d8b51f60ab.tar.xz
Add plugin signature verification policies
Diffstat (limited to 'lib')
-rw-r--r--lib/pluginloader/Kconfig (renamed from lib/plugin/Kconfig)3
-rw-r--r--lib/pluginloader/meson.build13
-rw-r--r--lib/pluginloader/pluginloader.cpp93
-rw-r--r--lib/pluginloader/pluginloader.h55
4 files changed, 161 insertions, 3 deletions
diff --git a/lib/plugin/Kconfig b/lib/pluginloader/Kconfig
index 1de9403..28a3b73 100644
--- a/lib/plugin/Kconfig
+++ b/lib/pluginloader/Kconfig
@@ -12,9 +12,6 @@ menu "Plugin Settings"
config PLUGIN_SIGNATURE_IGNORED
bool "Don't check plugin signatures"
- config PLUGIN_SIGNATURE_NONFATAL
- bool "Check signature validity, but always load plugins"
-
config PLUGIN_SIGNATURE_CHECKED
bool "Don't load plugins with invalid signatures"
diff --git a/lib/pluginloader/meson.build b/lib/pluginloader/meson.build
new file mode 100644
index 0000000..4786156
--- /dev/null
+++ b/lib/pluginloader/meson.build
@@ -0,0 +1,13 @@
+dep_openssl = dependency('openssl')
+
+pluginloader_moc = mod_qt5.preprocess(
+ moc_headers: ['pluginloader.h'],
+ dependencies: dep_qt5
+)
+
+dep_pluginloader = declare_dependency(
+ include_directories: include_directories('.'),
+ link_with: static_library('plugin',
+ ['pluginloader.cpp', pluginloader_moc],
+ dependencies: [dep_qt5, dep_openssl, dep_genheaders])
+)
diff --git a/lib/pluginloader/pluginloader.cpp b/lib/pluginloader/pluginloader.cpp
new file mode 100644
index 0000000..f47c39e
--- /dev/null
+++ b/lib/pluginloader/pluginloader.cpp
@@ -0,0 +1,93 @@
+/*
+ * This file is part of smolbote. It's copyrighted by the contributors recorded
+ * in the version control history of the file, available from its original
+ * location: https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote
+ *
+ * SPDX-License-Identifier: GPL-3.0
+ */
+
+#include "pluginloader.h"
+#include <QFile>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include "publicKey.h"
+
+PluginLoader::PluginLoader(const QString &fileName, const VerifyState sigLevel, QObject *parent)
+ : QPluginLoader(fileName, parent)
+ , requiredSignatureLevel(sigLevel)
+{
+}
+
+PluginLoader::VerifyState PluginLoader::verify(const char *hashName) const
+{
+ const QString sigName = this->fileName() + ".sig";
+ if(!QFile::exists(sigName)) {
+ return SignatureMissing;
+ }
+
+ auto *bio = BIO_new_mem_buf(publicKey_pem, publicKey_pem_len);
+ Q_CHECK_PTR(bio);
+
+ auto *key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+ Q_CHECK_PTR(key);
+
+ auto *ctx = EVP_MD_CTX_new();
+ Q_CHECK_PTR(ctx);
+
+ const auto *md = EVP_get_digestbyname(hashName);
+ Q_CHECK_PTR(md);
+
+ int rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, key);
+ if(rc != 1) {
+ return SignatureMismatched;
+ }
+
+ // read plugin into DigestVerifyUpdate
+ QFile plugin(this->fileName());
+ plugin.open(QIODevice::ReadOnly);
+ int len = plugin.size();
+ int read = 0;
+ auto *buf = new unsigned char[1024];
+ while(len > 0) {
+ read = plugin.read((char*) buf, 1024);
+ len -= read;
+
+ rc = EVP_DigestVerifyUpdate(ctx, buf, read);
+ if(rc != 1)
+ return SignatureComputeFailed;
+ }
+ delete buf;
+ plugin.close();
+
+ // read signature into DigestVerifyFinal
+ QFile sigFile(sigName);
+ sigFile.open(QIODevice::ReadOnly);
+ const int sig_len = sigFile.size();
+ const auto* sig = [&sigFile, sig_len]() {
+ auto* buf = new unsigned char[sig_len];
+ sigFile.read((char*) buf, sig_len);
+ return buf;
+ }();
+ sigFile.close();
+
+ rc = EVP_DigestVerifyFinal(ctx, sig, sig_len);
+ delete sig;
+
+ if(rc == 1)
+ return SignatureMatched;
+ else {
+ return SignatureMismatched;
+ }
+}
+/*
+bool PluginLoader::load()
+{
+ if(signature == SignatureUnverified)
+ signature = this->verify();
+
+ if(signature > requiredSignatureLevel)
+ return QPluginLoader::load();
+ else
+ return false;
+}
+*/
diff --git a/lib/pluginloader/pluginloader.h b/lib/pluginloader/pluginloader.h
new file mode 100644
index 0000000..0c8bcd3
--- /dev/null
+++ b/lib/pluginloader/pluginloader.h
@@ -0,0 +1,55 @@
+/*
+ * This file is part of smolbote. It's copyrighted by the contributors recorded
+ * in the version control history of the file, available from its original
+ * location: https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote
+ *
+ * SPDX-License-Identifier: GPL-3.0
+ */
+
+#include <QPluginLoader>
+
+class PluginLoader : public QPluginLoader
+{
+ Q_OBJECT
+
+public:
+ enum VerifyState {
+ // uninitialized state
+ SignatureUnverified = -1,
+
+ // signature is optional, match is optional
+ SignatureCheckIfAvailable = 1,
+
+ SignatureComputeFailed = 2, // error computing signature
+ SignatureMismatched = 3, // signature does not match
+
+ // signature is optional, match is required
+ SignatureMatchIfAvailable = 4,
+
+ SignatureMissing = 5, // signature is not available
+
+ // signature required, match is required
+ SignatureMatchRequired = 10,
+
+ SignatureMatched = 20 // signature is matched
+ };
+
+ PluginLoader(const QString &fileName, const VerifyState sigLevel = SignatureMissing, QObject *parent = nullptr);
+ ~PluginLoader() = default;
+
+ QString errorString() const
+ {
+ if(signature < requiredSignatureLevel)
+ return QString("Required signature level: %2; Signature level: %3").arg(QString::number((int) requiredSignatureLevel), QString::number((int) signature));
+ else
+ return QPluginLoader::errorString();
+ }
+
+ VerifyState verify(const char *hashName = "SHA256") const;
+ //bool load();
+
+private:
+ const VerifyState requiredSignatureLevel;
+ VerifyState signature = SignatureUnverified;
+};
+