aboutsummaryrefslogtreecommitdiff
path: root/lib/pluginloader/pluginloader.cpp
blob: e5c4b8956b29a52e75655c9cd5c33c54c24947c6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

/*
 * This file is part of smolbote. It's copyrighted by the contributors recorded
 * in the version control history of the file, available from its original
 * location: https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote
 *
 * SPDX-License-Identifier: GPL-3.0
 */

#include "pluginloader.h"
#include <QFile>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include "publicKey.h"

PluginLoader::PluginLoader(const QString &fileName, PluginLoader::SignatureState state, QObject *parent)
    : QPluginLoader(fileName, parent)
    , m_state(state)
{
}

bool PluginLoader::verify(const char *hashName)
{
    const QString sigName = this->fileName() + ".sig";
    if(!QFile::exists(sigName)) {
        if(m_state.ignored || m_state.checked)
            return true;

        m_sigError = tr("A signature is required, but none was found.");
        return false;
    }

    auto *bio = BIO_new_mem_buf(publicKey_pem, publicKey_pem_len);
    Q_CHECK_PTR(bio);

    auto *key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
    Q_CHECK_PTR(key);

    auto *ctx = EVP_MD_CTX_new();
    Q_CHECK_PTR(ctx);

    const auto *md = EVP_get_digestbyname(hashName);
    Q_CHECK_PTR(md);

    int rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, key);
    if(rc != 1) {
        m_sigError = tr("Failed to compute signature (stage=init)");
        return false;
    }

    // read plugin into DigestVerifyUpdate
    QFile plugin(this->fileName());
    plugin.open(QIODevice::ReadOnly);
    int len = plugin.size();
    int read = 0;
    auto *buf = new unsigned char[1024];
    while(len > 0) {
        read = plugin.read(reinterpret_cast<char*>(buf), 1024);
        len -= read;

        rc = EVP_DigestVerifyUpdate(ctx, buf, read);
        if(rc != 1) {
            m_sigError = tr("Failed to compute signature (staga=update)");
            return false;
        }
    }
    delete[] buf;
    plugin.close();

    // read signature into DigestVerifyFinal
    QFile sigFile(sigName);
    sigFile.open(QIODevice::ReadOnly);
    const int sig_len = sigFile.size();
    const auto* sig = [&sigFile, sig_len]() {
        auto* buf = new unsigned char[sig_len];
        sigFile.read(reinterpret_cast<char*>(buf), sig_len);
        return buf;
    }();
    sigFile.close();

    rc = EVP_DigestVerifyFinal(ctx, sig, sig_len);
    delete sig;

    if(rc == 1)
        return true;
    else {
        if(m_state.ignored)
            return true;

        m_sigError = tr("Signature does not match");
        return false;
    }
}
generated by cgit v1.2.1 (git 2.18.0) at 2024-11-10 22:23:58 +0000