From 79e55140e3d5b5d8c6ba2895c7be36ad672bc42b Mon Sep 17 00:00:00 2001
From: EnderIce2 <enderice2@protonmail.com>
Date: Fri, 21 Mar 2025 03:23:25 +0000
Subject: [PATCH] feat(kernel/driver): implement driver sha512 verification

Signed-off-by: EnderIce2 <enderice2@protonmail.com>
---
 Kernel/core/driver/driver.cpp | 43 ++++++++++++++++++++++++++++++++++-
 Kernel/include/driver.hpp     |  1 +
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/Kernel/core/driver/driver.cpp b/Kernel/core/driver/driver.cpp
index 137cb15f..85a88879 100644
--- a/Kernel/core/driver/driver.cpp
+++ b/Kernel/core/driver/driver.cpp
@@ -26,14 +26,48 @@
 #include <exec.hpp>
 #include <rand.hpp>
 #include <cwalk.h>
+#include <sha512.h>
 #include <md5.h>
 
 #include "../../kernel.h"
 
 using namespace vfs;
 
+extern const char *trusted_drivers[];
+extern const __SIZE_TYPE__ trusted_drivers_count;
+
 namespace Driver
 {
+	bool Manager::IsDriverTrusted(FileNode *File)
+	{
+		kstat st;
+		File->Stat(&st);
+		std::unique_ptr<uint8_t[]> ptr(new uint8_t[st.Size]);
+		File->Read(ptr.get(), st.Size, 0);
+		uint8_t *sha = sha512_sum(ptr.get(), st.Size);
+		char hash_str[129];
+		for (int j = 0; j < 64; j++)
+			sprintf(hash_str + j * 2, "%02x", sha[j]);
+		hash_str[128] = '\0';
+
+		for (__SIZE_TYPE__ i = 0; i < trusted_drivers_count; i++)
+		{
+			if (strcmp(hash_str, trusted_drivers[i]) == 0)
+			{
+				kfree(sha);
+				return true;
+			}
+			else
+			{
+				trace("Expected \"%s\" but got \"%s\" for driver %s",
+					  trusted_drivers[i], hash_str, File->GetName().c_str());
+			}
+		}
+
+		kfree(sha);
+		return false;
+	}
+
 	void Manager::PreloadDrivers()
 	{
 		debug("Initializing driver manager");
@@ -87,7 +121,14 @@ namespace Driver
 
 			if (Execute::GetBinaryType(drvNode->Path) != Execute::BinTypeELF)
 			{
-				error("Driver %s is not an ELF binary", drvNode->Path.c_str());
+				error("Driver %s is not an ELF binary", drvNode->GetPath().c_str());
+				continue;
+			}
+
+			if (!IsDriverTrusted(drvNode))
+			{
+				error("Driver %s is not trusted", drvNode->GetName().c_str());
+				KPrint("%s is not in the list of trusted drivers", drvNode->GetName().c_str());
 				continue;
 			}
 
diff --git a/Kernel/include/driver.hpp b/Kernel/include/driver.hpp
index 9ff36056..5bb87c8b 100644
--- a/Kernel/include/driver.hpp
+++ b/Kernel/include/driver.hpp
@@ -122,6 +122,7 @@ namespace Driver
 		FileNode *devNode = nullptr;
 		FileNode *devInputNode = nullptr;
 
+		bool IsDriverTrusted(FileNode *File);
 		int LoadDriverFile(DriverObject &Drv, FileNode *File);
 		void ReloadDriver(dev_t driverID);