aboutsummaryrefslogtreecommitdiff
path: root/src/plugin
diff options
context:
space:
mode:
authorAqua-sama <aqua@iserlohn-fortress.net>2019-03-11 19:39:06 +0200
committerAqua-sama <aqua@iserlohn-fortress.net>2019-03-11 19:39:06 +0200
commit95d92e52ed6d71c21433b382f8a178a04b04954b (patch)
treef7fba616df7a94de37003be7180976bbcc5b87f2 /src/plugin
parentrepl: import python module (diff)
downloadsmolbote-95d92e52ed6d71c21433b382f8a178a04b04954b.tar.xz
Add PluginLoader class
- PluginLoader::verify can be used to check if the plugin has a valid (SHA512/RSA 4096) signature. - Uses nn OpenSSL public key that is embedded during the compile.
Diffstat (limited to 'src/plugin')
-rw-r--r--src/plugin/pluginloader.cpp77
-rw-r--r--src/plugin/pluginloader.h13
2 files changed, 90 insertions, 0 deletions
diff --git a/src/plugin/pluginloader.cpp b/src/plugin/pluginloader.cpp
new file mode 100644
index 0000000..d1626f2
--- /dev/null
+++ b/src/plugin/pluginloader.cpp
@@ -0,0 +1,77 @@
+#include "pluginloader.h"
+#include <QFile>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include "publicKey.h"
+#include <spdlog/spdlog.h>
+
+PluginLoader::PluginLoader(const QString &fileName, QObject *parent)
+ : QPluginLoader(fileName, parent)
+{
+}
+
+bool PluginLoader::verify(const char *hashName) const
+{
+ const QString sigName = this->fileName() + ".sig";
+ if(!QFile::exists(sigName)) {
+ spdlog::error("Signature does not exist: {}", qUtf8Printable(sigName));
+ return false;
+ }
+
+ auto *bio = BIO_new_mem_buf(publicKey_pem, publicKey_pem_len);
+ Q_CHECK_PTR(bio);
+
+ auto *key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+ Q_CHECK_PTR(key);
+
+ auto *ctx = EVP_MD_CTX_new();
+ Q_CHECK_PTR(ctx);
+
+ const auto *md = EVP_get_digestbyname(hashName);
+ Q_CHECK_PTR(md);
+
+ int rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, key);
+ if(rc != 1) {
+ spdlog::error("DigestVerifyInit failed: %i", rc);
+ return false;
+ }
+
+ // read plugin into DigestVerifyUpdate
+ QFile plugin(this->fileName());
+ plugin.open(QIODevice::ReadOnly);
+ int len = plugin.size();
+ int read = 0;
+ auto *buf = new unsigned char[1024];
+ while(len > 0) {
+ read = plugin.read((char*) buf, 1024);
+ len -= read;
+
+ rc = EVP_DigestVerifyUpdate(ctx, buf, read);
+ if(rc != 1)
+ spdlog::error("DigestVerifyUpdate failed: %i", rc);
+ }
+ delete buf;
+ plugin.close();
+
+ // read signature into DigestVerifyFinal
+ QFile sigFile(sigName);
+ sigFile.open(QIODevice::ReadOnly);
+ const int sig_len = sigFile.size();
+ const auto* sig = [&sigFile, sig_len]() {
+ auto* buf = new unsigned char[sig_len];
+ sigFile.read((char*) buf, sig_len);
+ return buf;
+ }();
+ sigFile.close();
+
+ rc = EVP_DigestVerifyFinal(ctx, sig, sig_len);
+ delete sig;
+
+ if(rc == 1)
+ return true;
+ else {
+ spdlog::error("DigestVerifyFinal failed: %i", rc);
+ return false;
+ }
+}
+
diff --git a/src/plugin/pluginloader.h b/src/plugin/pluginloader.h
new file mode 100644
index 0000000..8d186aa
--- /dev/null
+++ b/src/plugin/pluginloader.h
@@ -0,0 +1,13 @@
+#include <QPluginLoader>
+
+class PluginLoader : public QPluginLoader
+{
+ Q_OBJECT
+
+public:
+ PluginLoader(const QString &fileName, QObject *parent = nullptr);
+ ~PluginLoader() = default;
+
+ bool verify(const char *hashName = "SHA256") const;
+};
+