diff options
Diffstat (limited to 'lib/pluginloader/pluginloader.cpp')
| -rw-r--r-- | lib/pluginloader/pluginloader.cpp | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/lib/pluginloader/pluginloader.cpp b/lib/pluginloader/pluginloader.cpp new file mode 100644 index 0000000..f47c39e --- /dev/null +++ b/lib/pluginloader/pluginloader.cpp @@ -0,0 +1,93 @@ +/* + * This file is part of smolbote. It's copyrighted by the contributors recorded + * in the version control history of the file, available from its original + * location: https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote + * + * SPDX-License-Identifier: GPL-3.0 + */ + +#include "pluginloader.h" +#include <QFile> +#include <openssl/evp.h> +#include <openssl/pem.h> +#include "publicKey.h" + +PluginLoader::PluginLoader(const QString &fileName, const VerifyState sigLevel, QObject *parent) + : QPluginLoader(fileName, parent) + , requiredSignatureLevel(sigLevel) +{ +} + +PluginLoader::VerifyState PluginLoader::verify(const char *hashName) const +{ + const QString sigName = this->fileName() + ".sig"; + if(!QFile::exists(sigName)) { + return SignatureMissing; + } + + auto *bio = BIO_new_mem_buf(publicKey_pem, publicKey_pem_len); + Q_CHECK_PTR(bio); + + auto *key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + Q_CHECK_PTR(key); + + auto *ctx = EVP_MD_CTX_new(); + Q_CHECK_PTR(ctx); + + const auto *md = EVP_get_digestbyname(hashName); + Q_CHECK_PTR(md); + + int rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, key); + if(rc != 1) { + return SignatureMismatched; + } + + // read plugin into DigestVerifyUpdate + QFile plugin(this->fileName()); + plugin.open(QIODevice::ReadOnly); + int len = plugin.size(); + int read = 0; + auto *buf = new unsigned char[1024]; + while(len > 0) { + read = plugin.read((char*) buf, 1024); + len -= read; + + rc = EVP_DigestVerifyUpdate(ctx, buf, read); + if(rc != 1) + return SignatureComputeFailed; + } + delete buf; + plugin.close(); + + // read signature into DigestVerifyFinal + QFile sigFile(sigName); + sigFile.open(QIODevice::ReadOnly); + const int sig_len = sigFile.size(); + const auto* sig = [&sigFile, sig_len]() { + auto* buf = new unsigned char[sig_len]; + sigFile.read((char*) buf, sig_len); + return buf; + }(); + sigFile.close(); + + rc = EVP_DigestVerifyFinal(ctx, sig, sig_len); + delete sig; + + if(rc == 1) + return SignatureMatched; + else { + return SignatureMismatched; + } +} +/* +bool PluginLoader::load() +{ + if(signature == SignatureUnverified) + signature = this->verify(); + + if(signature > requiredSignatureLevel) + return QPluginLoader::load(); + else + return false; +} +*/ |