1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/*
* This file is part of smolbote. It's copyrighted by the contributors recorded
* in the version control history of the file, available from its original
* location: https://neueland.iserlohn-fortress.net/gitea/aqua/smolbote
*
* SPDX-License-Identifier: GPL-3.0
*/
#include "pluginloader.h"
#include <QFile>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include "publicKey.h"
PluginLoader::PluginLoader(const QString &fileName, const VerifyState sigLevel, QObject *parent)
: QPluginLoader(fileName, parent)
, requiredSignatureLevel(sigLevel)
{
}
PluginLoader::VerifyState PluginLoader::verify(const char *hashName) const
{
const QString sigName = this->fileName() + ".sig";
if(!QFile::exists(sigName)) {
return SignatureMissing;
}
auto *bio = BIO_new_mem_buf(publicKey_pem, publicKey_pem_len);
Q_CHECK_PTR(bio);
auto *key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
Q_CHECK_PTR(key);
auto *ctx = EVP_MD_CTX_new();
Q_CHECK_PTR(ctx);
const auto *md = EVP_get_digestbyname(hashName);
Q_CHECK_PTR(md);
int rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, key);
if(rc != 1) {
return SignatureMismatched;
}
// read plugin into DigestVerifyUpdate
QFile plugin(this->fileName());
plugin.open(QIODevice::ReadOnly);
int len = plugin.size();
int read = 0;
auto *buf = new unsigned char[1024];
while(len > 0) {
read = plugin.read((char*) buf, 1024);
len -= read;
rc = EVP_DigestVerifyUpdate(ctx, buf, read);
if(rc != 1)
return SignatureComputeFailed;
}
delete[] buf;
plugin.close();
// read signature into DigestVerifyFinal
QFile sigFile(sigName);
sigFile.open(QIODevice::ReadOnly);
const int sig_len = sigFile.size();
const auto* sig = [&sigFile, sig_len]() {
auto* buf = new unsigned char[sig_len];
sigFile.read((char*) buf, sig_len);
return buf;
}();
sigFile.close();
rc = EVP_DigestVerifyFinal(ctx, sig, sig_len);
delete sig;
if(rc == 1)
return SignatureMatched;
else {
return SignatureMismatched;
}
}
/*
bool PluginLoader::load()
{
if(signature == SignatureUnverified)
signature = this->verify();
if(signature > requiredSignatureLevel)
return QPluginLoader::load();
else
return false;
}
*/
|