From c5576c85c92c464ff3aa53f680ce18d8b51f60ab Mon Sep 17 00:00:00 2001 From: Aqua-sama Date: Fri, 19 Apr 2019 17:27:39 +0300 Subject: Add plugin signature verification policies --- lib/plugin/Kconfig | 29 ------------ lib/pluginloader/Kconfig | 26 +++++++++++ lib/pluginloader/meson.build | 13 ++++++ lib/pluginloader/pluginloader.cpp | 93 +++++++++++++++++++++++++++++++++++++++ lib/pluginloader/pluginloader.h | 55 +++++++++++++++++++++++ 5 files changed, 187 insertions(+), 29 deletions(-) delete mode 100644 lib/plugin/Kconfig create mode 100644 lib/pluginloader/Kconfig create mode 100644 lib/pluginloader/meson.build create mode 100644 lib/pluginloader/pluginloader.cpp create mode 100644 lib/pluginloader/pluginloader.h (limited to 'lib') diff --git a/lib/plugin/Kconfig b/lib/plugin/Kconfig deleted file mode 100644 index 1de9403..0000000 --- a/lib/plugin/Kconfig +++ /dev/null @@ -1,29 +0,0 @@ -config USEPLUGINS - bool "Enable plugins" - default y - -menu "Plugin Settings" - depends on USEPLUGINS - - choice PLUGIN_SIGNATURE_CHECK - bool "Plugin Signature enforcement" - default PLUGIN_SIGNATURE_CHECKED - - config PLUGIN_SIGNATURE_IGNORED - bool "Don't check plugin signatures" - - config PLUGIN_SIGNATURE_NONFATAL - bool "Check signature validity, but always load plugins" - - config PLUGIN_SIGNATURE_CHECKED - bool "Don't load plugins with invalid signatures" - - config PLUGIN_SIGNATURE_ENFORCED - bool "Only load plugins with valid signatures" - - endchoice - - config PLUGIN_SIGNATURE_HASH - string "Hashing algorithm used by the signature" - default "SHA256" -endmenu diff --git a/lib/pluginloader/Kconfig b/lib/pluginloader/Kconfig new file mode 100644 index 0000000..28a3b73 --- /dev/null +++ b/lib/pluginloader/Kconfig @@ -0,0 +1,26 @@ +config USEPLUGINS + bool "Enable plugins" + default y + +menu "Plugin Settings" + depends on USEPLUGINS + + choice PLUGIN_SIGNATURE_CHECK + bool "Plugin Signature enforcement" + default PLUGIN_SIGNATURE_CHECKED + + config PLUGIN_SIGNATURE_IGNORED + bool "Don't check plugin signatures" + + config PLUGIN_SIGNATURE_CHECKED + bool "Don't load plugins with invalid signatures" + + config PLUGIN_SIGNATURE_ENFORCED + bool "Only load plugins with valid signatures" + + endchoice + + config PLUGIN_SIGNATURE_HASH + string "Hashing algorithm used by the signature" + default "SHA256" +endmenu diff --git a/lib/pluginloader/meson.build b/lib/pluginloader/meson.build new file mode 100644 index 0000000..4786156 --- /dev/null +++ b/lib/pluginloader/meson.build @@ -0,0 +1,13 @@ +dep_openssl = dependency('openssl') + +pluginloader_moc = mod_qt5.preprocess( + moc_headers: ['pluginloader.h'], + dependencies: dep_qt5 +) + +dep_pluginloader = declare_dependency( + include_directories: include_directories('.'), + link_with: static_library('plugin', + ['pluginloader.cpp', pluginloader_moc], + dependencies: [dep_qt5, dep_openssl, dep_genheaders]) +) diff --git a/lib/pluginloader/pluginloader.cpp b/lib/pluginloader/pluginloader.cpp new file mode 100644 index 0000000..f47c39e --- /dev/null +++ b/lib/pluginloader/pluginloader.cpp @@ -0,0 +1,93 @@ +/* + * This file is part of smolbote. It's copyrighted by the contributors recorded + * in the version control history of the file, available from its original + * location: https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote + * + * SPDX-License-Identifier: GPL-3.0 + */ + +#include "pluginloader.h" +#include +#include +#include +#include "publicKey.h" + +PluginLoader::PluginLoader(const QString &fileName, const VerifyState sigLevel, QObject *parent) + : QPluginLoader(fileName, parent) + , requiredSignatureLevel(sigLevel) +{ +} + +PluginLoader::VerifyState PluginLoader::verify(const char *hashName) const +{ + const QString sigName = this->fileName() + ".sig"; + if(!QFile::exists(sigName)) { + return SignatureMissing; + } + + auto *bio = BIO_new_mem_buf(publicKey_pem, publicKey_pem_len); + Q_CHECK_PTR(bio); + + auto *key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + Q_CHECK_PTR(key); + + auto *ctx = EVP_MD_CTX_new(); + Q_CHECK_PTR(ctx); + + const auto *md = EVP_get_digestbyname(hashName); + Q_CHECK_PTR(md); + + int rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, key); + if(rc != 1) { + return SignatureMismatched; + } + + // read plugin into DigestVerifyUpdate + QFile plugin(this->fileName()); + plugin.open(QIODevice::ReadOnly); + int len = plugin.size(); + int read = 0; + auto *buf = new unsigned char[1024]; + while(len > 0) { + read = plugin.read((char*) buf, 1024); + len -= read; + + rc = EVP_DigestVerifyUpdate(ctx, buf, read); + if(rc != 1) + return SignatureComputeFailed; + } + delete buf; + plugin.close(); + + // read signature into DigestVerifyFinal + QFile sigFile(sigName); + sigFile.open(QIODevice::ReadOnly); + const int sig_len = sigFile.size(); + const auto* sig = [&sigFile, sig_len]() { + auto* buf = new unsigned char[sig_len]; + sigFile.read((char*) buf, sig_len); + return buf; + }(); + sigFile.close(); + + rc = EVP_DigestVerifyFinal(ctx, sig, sig_len); + delete sig; + + if(rc == 1) + return SignatureMatched; + else { + return SignatureMismatched; + } +} +/* +bool PluginLoader::load() +{ + if(signature == SignatureUnverified) + signature = this->verify(); + + if(signature > requiredSignatureLevel) + return QPluginLoader::load(); + else + return false; +} +*/ diff --git a/lib/pluginloader/pluginloader.h b/lib/pluginloader/pluginloader.h new file mode 100644 index 0000000..0c8bcd3 --- /dev/null +++ b/lib/pluginloader/pluginloader.h @@ -0,0 +1,55 @@ +/* + * This file is part of smolbote. It's copyrighted by the contributors recorded + * in the version control history of the file, available from its original + * location: https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote + * + * SPDX-License-Identifier: GPL-3.0 + */ + +#include + +class PluginLoader : public QPluginLoader +{ + Q_OBJECT + +public: + enum VerifyState { + // uninitialized state + SignatureUnverified = -1, + + // signature is optional, match is optional + SignatureCheckIfAvailable = 1, + + SignatureComputeFailed = 2, // error computing signature + SignatureMismatched = 3, // signature does not match + + // signature is optional, match is required + SignatureMatchIfAvailable = 4, + + SignatureMissing = 5, // signature is not available + + // signature required, match is required + SignatureMatchRequired = 10, + + SignatureMatched = 20 // signature is matched + }; + + PluginLoader(const QString &fileName, const VerifyState sigLevel = SignatureMissing, QObject *parent = nullptr); + ~PluginLoader() = default; + + QString errorString() const + { + if(signature < requiredSignatureLevel) + return QString("Required signature level: %2; Signature level: %3").arg(QString::number((int) requiredSignatureLevel), QString::number((int) signature)); + else + return QPluginLoader::errorString(); + } + + VerifyState verify(const char *hashName = "SHA256") const; + //bool load(); + +private: + const VerifyState requiredSignatureLevel; + VerifyState signature = SignatureUnverified; +}; + -- cgit v1.2.1