diff options
| author | Aqua-sama <aqua@iserlohn-fortress.net> | 2019-03-11 19:39:06 +0200 |
|---|---|---|
| committer | Aqua-sama <aqua@iserlohn-fortress.net> | 2019-03-11 19:39:06 +0200 |
| commit | 95d92e52ed6d71c21433b382f8a178a04b04954b (patch) | |
| tree | f7fba616df7a94de37003be7180976bbcc5b87f2 /src/plugin | |
| parent | repl: import python module (diff) | |
| download | smolbote-95d92e52ed6d71c21433b382f8a178a04b04954b.tar.xz | |
Add PluginLoader class
- PluginLoader::verify can be used to check if the plugin has a valid
(SHA512/RSA 4096) signature.
- Uses nn OpenSSL public key that is embedded during the compile.
Diffstat (limited to 'src/plugin')
| -rw-r--r-- | src/plugin/pluginloader.cpp | 77 | ||||
| -rw-r--r-- | src/plugin/pluginloader.h | 13 |
2 files changed, 90 insertions, 0 deletions
diff --git a/src/plugin/pluginloader.cpp b/src/plugin/pluginloader.cpp new file mode 100644 index 0000000..d1626f2 --- /dev/null +++ b/src/plugin/pluginloader.cpp @@ -0,0 +1,77 @@ +#include "pluginloader.h" +#include <QFile> +#include <openssl/evp.h> +#include <openssl/pem.h> +#include "publicKey.h" +#include <spdlog/spdlog.h> + +PluginLoader::PluginLoader(const QString &fileName, QObject *parent) + : QPluginLoader(fileName, parent) +{ +} + +bool PluginLoader::verify(const char *hashName) const +{ + const QString sigName = this->fileName() + ".sig"; + if(!QFile::exists(sigName)) { + spdlog::error("Signature does not exist: {}", qUtf8Printable(sigName)); + return false; + } + + auto *bio = BIO_new_mem_buf(publicKey_pem, publicKey_pem_len); + Q_CHECK_PTR(bio); + + auto *key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + Q_CHECK_PTR(key); + + auto *ctx = EVP_MD_CTX_new(); + Q_CHECK_PTR(ctx); + + const auto *md = EVP_get_digestbyname(hashName); + Q_CHECK_PTR(md); + + int rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, key); + if(rc != 1) { + spdlog::error("DigestVerifyInit failed: %i", rc); + return false; + } + + // read plugin into DigestVerifyUpdate + QFile plugin(this->fileName()); + plugin.open(QIODevice::ReadOnly); + int len = plugin.size(); + int read = 0; + auto *buf = new unsigned char[1024]; + while(len > 0) { + read = plugin.read((char*) buf, 1024); + len -= read; + + rc = EVP_DigestVerifyUpdate(ctx, buf, read); + if(rc != 1) + spdlog::error("DigestVerifyUpdate failed: %i", rc); + } + delete buf; + plugin.close(); + + // read signature into DigestVerifyFinal + QFile sigFile(sigName); + sigFile.open(QIODevice::ReadOnly); + const int sig_len = sigFile.size(); + const auto* sig = [&sigFile, sig_len]() { + auto* buf = new unsigned char[sig_len]; + sigFile.read((char*) buf, sig_len); + return buf; + }(); + sigFile.close(); + + rc = EVP_DigestVerifyFinal(ctx, sig, sig_len); + delete sig; + + if(rc == 1) + return true; + else { + spdlog::error("DigestVerifyFinal failed: %i", rc); + return false; + } +} + diff --git a/src/plugin/pluginloader.h b/src/plugin/pluginloader.h new file mode 100644 index 0000000..8d186aa --- /dev/null +++ b/src/plugin/pluginloader.h @@ -0,0 +1,13 @@ +#include <QPluginLoader> + +class PluginLoader : public QPluginLoader +{ + Q_OBJECT + +public: + PluginLoader(const QString &fileName, QObject *parent = nullptr); + ~PluginLoader() = default; + + bool verify(const char *hashName = "SHA256") const; +}; + |