1 /*
2  * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "verify_bin.h"
17 #include "verify_hap.h"
18 #include "constant.h"
19 
20 namespace OHOS {
21 namespace SignatureTools {
22 
Verify(Options* options)23 bool VerifyBin::Verify(Options* options)
24 {
25     // check param
26     if (options == nullptr) {
27         PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Param options is null.");
28         return false;
29     }
30     if (!VerifyElf::CheckParams(options)) {
31         SIGNATURE_TOOLS_LOGE("verify bin check params failed!");
32         return false;
33     }
34     std::string filePath = options->GetString(Options::IN_FILE);
35     bool checkSignFileFlag = VerifyElf::CheckSignFile(filePath);
36     if (!checkSignFileFlag) {
37         SIGNATURE_TOOLS_LOGE("check input bin file %s failed!", filePath.c_str());
38         return false;
39     }
40     // verify bin
41     std::vector<int8_t> profileVec;
42     Pkcs7Context pkcs7Context;
43     bool verifyBinFileFLag = VerifyBinFile(filePath, profileVec, options, pkcs7Context);
44     if (!verifyBinFileFLag) {
45         SIGNATURE_TOOLS_LOGE("verify bin file %s failed!", filePath.c_str());
46         return false;
47     }
48     // write certificate and p7b file
49     VerifyHap hapVerify(false);
50     int32_t writeFlag = hapVerify.WriteVerifyOutput(pkcs7Context, profileVec, options);
51     if (writeFlag != RET_OK) {
52         SIGNATURE_TOOLS_LOGE("write elf output failed on verify bin!");
53         return false;
54     }
55     return true;
56 }
57 
VerifyBinFile(const std::string& binFile, std::vector<int8_t>& profileVec, Options* options, Pkcs7Context& pkcs7Context)58 bool VerifyBin::VerifyBinFile(const std::string& binFile, std::vector<int8_t>& profileVec,
59                               Options* options, Pkcs7Context& pkcs7Context)
60 {
61     SignBlockInfo signBlockInfo(true);
62     bool getSignBlockInfoFlag = VerifyElf::GetSignBlockInfo(binFile, signBlockInfo, BIN);
63     if (!getSignBlockInfoFlag) {
64         SIGNATURE_TOOLS_LOGE("get signBlockInfo failed on verify bin %s", binFile.c_str());
65         return false;
66     }
67     // verify profile
68     std::string profileJson;
69     bool verifyP7bFlag = VerifyElf::VerifyP7b(signBlockInfo.GetSignBlockMap(), options, pkcs7Context,
70         profileVec, profileJson);
71     if (!verifyP7bFlag) {
72         SIGNATURE_TOOLS_LOGE("verify profile failed on verify bin %s", binFile.c_str());
73         return false;
74     }
75     // verify signed data
76     bool verifyBinDigestFlag = VerifyBinDigest(signBlockInfo);
77     if (!verifyBinDigestFlag) {
78         SIGNATURE_TOOLS_LOGE("verify digest failed on verify bin %s", binFile.c_str());
79         return false;
80     }
81     return true;
82 }
83 
VerifyBinDigest(SignBlockInfo& signBlockInfo)84 bool VerifyBin::VerifyBinDigest(SignBlockInfo& signBlockInfo)
85 {
86     std::vector<int8_t>& rawDigest = signBlockInfo.GetRawDigest();
87     std::vector<int8_t>& generatedDig = signBlockInfo.GetFileDigest();
88     bool isEqual = rawDigest.empty() || generatedDig.empty() ||
89         !std::equal(rawDigest.begin(), rawDigest.end(), generatedDig.begin());
90     if (isEqual) {
91         PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "compare bin file raw digest and generated digest failed!");
92         return false;
93     }
94     return true;
95 }
96 
97 } // namespace SignatureTools
98 } // namespace OHOS