mockforge-plugin-loader 0.3.1

Plugin loader with security sandboxing and validation for MockForge
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

# GPG/RSA Signature Verification Implementation Summary

## What Was Implemented

The TODO comment at `crates/mockforge-plugin-loader/src/installer.rs:222` has been fully addressed with a complete cryptographic signature verification system.

## Files Created/Modified

### New Files
1. **`src/signature.rs`** - Core signature verification module
   - `SignatureAlgorithm` enum (Ed25519, RSA PKCS#1 variants)
   - `PluginSignature` struct for signature metadata
   - `SignatureVerifier` for verifying plugin signatures

2. **`src/signature_gen.rs`** - Signature generation utilities
   - `generate_ed25519_keypair()` - Generate new signing keys
   - `sign_plugin_ed25519()` - Sign plugins with Ed25519
   - `save_keypair()` / `load_key_from_file()` - Key management utilities

3. **`tests/signature_tests.rs`** - Comprehensive test suite
   - Success case verification
   - Tampered manifest detection
   - Untrusted key rejection
   - Missing signature handling
   - Wrong public key detection
   - Allow unsigned mode testing

4. **`SIGNATURE_VERIFICATION.md`** - Complete documentation
   - Key generation guide
   - Plugin signing workflow
   - Signature verification configuration
   - Security considerations
   - Troubleshooting guide
   - Complete code examples

### Modified Files
1. **`src/installer.rs`**
   - Added `config: PluginLoaderConfig` field to `PluginInstaller`
   - Replaced stub `verify_plugin_signature()` with proper implementation
   - Added import for `SignatureVerifier`

2. **`src/lib.rs`**
   - Added `signature` and `signature_gen` modules
   - Re-exported signature types

## Implementation Details

### Cryptographic Algorithms Supported
- **Ed25519**: Modern elliptic curve signatures (recommended)
- **RSA PKCS#1 v1.5**: Traditional RSA with SHA-256 (2048/3072/4096-bit)

### Verification Process
1. Check for `plugin.sig` file in plugin directory
2. Parse signature JSON (algorithm, key_id, signature, content_hash)
3. Verify signing key is in trusted keys list
4. Retrieve corresponding public key from configuration
5. Compute SHA-256 hash of `plugin.toml` manifest
6. Verify computed hash matches signed hash
7. Cryptographically verify signature using public key

### Security Features
✅ Cryptographic signature verification using `ring` library
✅ Trusted key management
✅ Tamper detection via content hashing
✅ Support for multiple signature algorithms
✅ Development mode with unsigned plugins allowed
✅ Detailed error messages for security violations

### Configuration
The `PluginLoaderConfig` already had the necessary fields:
- `allow_unsigned: bool` - Allow/reject unsigned plugins
- `trusted_keys: Vec<String>` - List of trusted key IDs
- `key_data: HashMap<String, Vec<u8>>` - Public key storage

## Usage Example

```rust
use mockforge_plugin_loader::*;
use std::collections::HashMap;

// Generate keys
let (private_key, public_key) = generate_ed25519_keypair().unwrap();

// Sign plugin
sign_plugin_ed25519(
    Path::new("./my-plugin"),
    "my-key",
    &private_key
).unwrap();

// Configure loader
let mut key_data = HashMap::new();
key_data.insert("my-key".to_string(), public_key);

let config = PluginLoaderConfig {
    trusted_keys: vec!["my-key".to_string()],
    key_data,
    allow_unsigned: false,
    ..Default::default()
};

// Install with verification
let installer = PluginInstaller::new(config).unwrap();
installer.install("./my-plugin", InstallOptions {
    verify_signature: true,
    ..Default::default()
}).await.unwrap();
```

## Testing

Comprehensive test suite covers:
- ✅ Successful signature verification
- ✅ Tampered manifest detection
- ✅ Untrusted key rejection
- ✅ Missing signature file handling
- ✅ Allow unsigned mode
- ✅ Missing public key data
- ✅ Wrong public key detection

Run tests with:
```bash
cargo test -p mockforge-plugin-loader --test signature_tests
```

## Dependencies Used

- **`ring`** - Already in `Cargo.toml`, provides cryptographic primitives
- **`hex`** - Already in workspace, for encoding/decoding signatures
- **`serde_json`** - Already in dependencies, for signature file format

No new dependencies were added!

## Next Steps (Optional Enhancements)

1. **RSA Signature Generation**: Add utilities for RSA signing (currently only Ed25519 is implemented)
2. **GPG Integration**: Add support for GPG key format import/export
3. **Key Rotation**: Implement key rotation and migration utilities
4. **Timestamp Verification**: Add timestamp signatures to prevent replay attacks
5. **Multi-Signature**: Support multiple signatures from different keys
6. **Signature Chains**: Support signature chains for delegated trust

## Backwards Compatibility

- Existing plugins without signatures work in `allow_unsigned: true` mode
- No breaking changes to existing APIs
- Default configuration allows unsigned plugins for development