Use SHA384

ObsidianMC · Mar 5, 2024 · 47cad05 · 47cad05
1 parent 9c85b1f
commit 47cad05
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 38 deletions.
diff --git a/Obsidian.ConsoleApp/accepted_keys/obsidian.pub.xml b/Obsidian.ConsoleApp/accepted_keys/obsidian.pub.xml
@@ -0,0 +1,4 @@
+<RSAKeyValue>
+	<Modulus>AMYF4iNy8WYQbwlNFxKiEwkjx4TobuMjIgIXgQ4FOBKYVKC77DKOlQ8DKaGn3jOufOZ+Q/+Wgvs28WQjwCOFA9hZJwlYpAGKjnaVGAIcCIU1aCNS6whfP3y/oBB94c+qbLtXXaUdo9qszGTXuYFnyb+GnGCxkdK0N3K6NiTs57xii1VqunwQUlod8+ULo6JbJFRmmlnqzBdYuQNDMpFoLnCq3NZvRJxNe4PP89M3bS2UjS5H1ZM86nTVg9oO4yKMLX4MORlVLWEvP2lvbg1Mrg4fveuPLhMkGZDnvmWaatXxlMoUDv8wQ4+PGrcrhtXS4OqkPl7qFQe9eS4K859kv+NyLDYrb1dtfV7wBZHF5oPnbwyUWgDfT3SWxixY1FqGNEDSRtpo9mUzJvRnvG3V/hNt2YtThpZrxRpZYPoLqiVrKT87vARbFWNjX2QO14XAk/fSqwtzCvF5p/EQl6VuoQ9ylC+2KmAk3U5exydaMw6jksGvVkR7c6lj9J6AZ4nWvw==</Modulus>
+	<Exponent>AQAB</Exponent>
+</RSAKeyValue>
diff --git a/Obsidian/Plugins/PluginManager.cs b/Obsidian/Plugins/PluginManager.cs
@@ -8,9 +8,6 @@
 using Obsidian.Plugins.ServiceProviders;
 using Obsidian.Registries;
 using Obsidian.Services;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Utilities;
-using Org.BouncyCastle.Security;
 using System.Collections.Immutable;
 using System.Diagnostics;
 using System.IO;
@@ -85,42 +82,24 @@ public PluginManager(IServiceProvider serverProvider, IServer server,
         DirectoryWatcher.FileRenamed += OnPluginSourceRenamed;
         DirectoryWatcher.FileDeleted += OnPluginSourceDeleted;
     }
-    
+
     public async Task LoadPluginsAsync()
     {
         //TODO talk about what format we should support
-        await using var acceptedKeysFileStream = new FileStream("accepted_keys", FileMode.OpenOrCreate);
+        var acceptedKeyFiles = Directory.GetFiles("accepted_keys");
 
-        if(acceptedKeysFileStream.Length > 0)
+        using var rsa = RSA.Create();
+        foreach (var certFile in acceptedKeyFiles)
         {
-            using var sr = new StreamReader(acceptedKeysFileStream);
-            var line = "";
-            while((line = await sr.ReadLineAsync()) != null)
-            {
-                //ssh-rsa AAAAB3....
-                //Try to get the base 64 encoded section. Only RSA keys are supported.
-                var key = line.Split()[1];
-                var keyParams = OpenSshPublicKeyUtilities.ParsePublicKey(Convert.FromBase64String(key));
-
-                try
-                {
-                    var rsaKeyParams = DotNetUtilities.ToRSAParameters((RsaKeyParameters)keyParams);
-
-                    acceptedKeys.Add(rsaKeyParams);
-                }
-                catch(Exception ex)
-                {
-                    this.logger.LogWarning(ex, "Failed to parse public key.");
-                }
-
-
-                this.logger.LogDebug("Added key {key}", line);
-            }
+            var xml = await File.ReadAllTextAsync(certFile);
+            rsa.FromXmlString(xml);
+
+            this.acceptedKeys.Add(rsa.ExportParameters(false));
         }
 
         var files = Directory.GetFiles("plugins", "*.obby", SearchOption.AllDirectories);
 
-        var waitingForDepend = new List<PluginContainer>();  
+        var waitingForDepend = new List<PluginContainer>();
         foreach (var file in files)
         {
             var pluginContainer = await this.LoadPluginAsync(file);
@@ -135,7 +114,7 @@ public async Task LoadPluginsAsync()
 
                 waitingForDepend.Remove(canLoad);
             }
-            
+
 
             if (pluginContainer.Plugin is null)
                 waitingForDepend.Add(pluginContainer);

diff --git a/Obsidian/Plugins/PluginProviders/PackedPluginProvider.cs b/Obsidian/Plugins/PluginProviders/PackedPluginProvider.cs
@@ -19,8 +19,6 @@ public sealed class PackedPluginProvider(PluginManager pluginManager, ILogger lo
     private readonly PluginManager pluginManager = pluginManager;
     private readonly ILogger logger = logger;
 
-
-
     public async Task<PluginContainer?> GetPluginAsync(string path)
     {
         await using var fs = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read);
@@ -123,9 +121,9 @@ internal PluginContainer HandlePlugin(PluginContainer pluginContainer, Assembly
     /// <returns></returns>
     private async Task<bool> TryValidatePluginAsync(FileStream fs, byte[] hash, byte[] signature, string path)
     {
-        using (var sha1 = SHA1.Create())
+        using (var sha384 = SHA384.Create())
         {
-            var verifyHash = await sha1.ComputeHashAsync(fs);
+            var verifyHash = await sha384.ComputeHashAsync(fs);
 
             if (!verifyHash.SequenceEqual(hash))
             {
@@ -135,18 +133,21 @@ private async Task<bool> TryValidatePluginAsync(FileStream fs, byte[] hash, byte
         }
 
         var deformatter = new RSAPKCS1SignatureDeformatter();
-        deformatter.SetHashAlgorithm("SHA1");
+        deformatter.SetHashAlgorithm("SHA384");
 
         var isSigValid = true;
         if (!this.pluginManager.server.Configuration.AllowUntrustedPlugins)
         {
             using var rsa = RSA.Create();
-            foreach (var key in this.pluginManager.AcceptedKeys)
+            foreach (var rsaParameter in this.pluginManager.AcceptedKeys)
             {
-                rsa.ImportParameters(key);
+                rsa.ImportParameters(rsaParameter);
                 deformatter.SetKey(rsa);
 
                 isSigValid = deformatter.VerifySignature(hash, signature);
+
+                if (isSigValid)
+                    break;
             }
         }