Skip to content

Commit

Permalink
Signature for addon manifests (#3751)
Browse files Browse the repository at this point in the history
* Signature for addon manifests

* Set the addon URL for production
  • Loading branch information
bakulf authored Jun 22, 2022
1 parent 4511a39 commit a98ebfb
Show file tree
Hide file tree
Showing 32 changed files with 600 additions and 105 deletions.
9 changes: 9 additions & 0 deletions .github/workflows/wasm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,15 @@ jobs:
export PATH=/opt/$QTVERSION/gcc_64/bin:$PATH
python3 scripts/addon/generate_all.py
- name: Sign manifest
shell: bash
env:
ADDON_PRIVATE_KEY: ${{ secrets.ADDON_PRIVATE_KEY }}
run: |
echo -n "$ADDON_PRIVATE_KEY" > addon_private_key.pem
openssl dgst -sha256 -sign addon_private_key.pem -out addons/generated/addons/manifest.json.sign addons/generated/addons/manifest.json
rm addon_private_key.pem
- name: Uploading
uses: actions/upload-artifact@v1
with:
Expand Down
6 changes: 5 additions & 1 deletion scripts/linux/script.sh
Original file line number Diff line number Diff line change
Expand Up @@ -170,10 +170,14 @@ printn Y "Downloading Go dependencies..."
(cd $WORKDIR/linux/netfilter && go mod vendor)
print G "done."

printn Y "Downloading Rust dependencies..."
printn Y "Downloading Rust dependencies (extension)..."
(cd $WORKDIR/extension/bridge && mkdir -p .cargo && cargo vendor > .cargo/config.toml)
print G "done."

printn Y "Downloading Rust dependencies (signature)..."
(cd $WORKDIR/signature && mkdir -p .cargo && cargo vendor > .cargo/config.toml)
print G "done."

printn Y "Removing the packaging templates... "
rm -f $WORKDIR/linux/mozillavpn.spec || die "Failed"
rm -rf $WORKDIR/linux/debian || die "Failed"
Expand Down
212 changes: 212 additions & 0 deletions signature/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions signature/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[package]
name = "signature"
version = "0.1.0"
edition = "2021"

[dependencies]
ring = "0.16.20"

[lib]
name = "signature"
path = "src/lib.rs"
crate-type = ["staticlib"]
32 changes: 32 additions & 0 deletions signature/src/lib.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

use ring::signature;
use std::os::raw::c_uchar;

#[no_mangle]
pub extern "C" fn verify_rsa(
public_key_ptr: *const c_uchar,
public_key_length: usize,
message_ptr: *const c_uchar,
message_length: usize,
message_signature_ptr: *const c_uchar,
message_signature_length: usize,
) -> bool {
let public_key_str = unsafe { std::slice::from_raw_parts(public_key_ptr, public_key_length) };
let public_key =
signature::UnparsedPublicKey::new(&signature::RSA_PKCS1_2048_8192_SHA256, &public_key_str);

let message_str = unsafe { std::slice::from_raw_parts(message_ptr, message_length) };
let message_signature_str =
unsafe { std::slice::from_raw_parts(message_signature_ptr, message_signature_length) };

match public_key.verify(message_str, message_signature_str) {
Err(e) => {
eprintln!("{}", e);
false
}
Ok(_) => true,
}
}
Loading

0 comments on commit a98ebfb

Please sign in to comment.