1/*
2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "verify_bin.h"
17#include "verify_hap.h"
18#include "constant.h"
19
20namespace OHOS {
21namespace SignatureTools {
22
23bool VerifyBin::Verify(Options* options)
24{
25    // check param
26    if (options == nullptr) {
27        PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Param options is null.");
28        return false;
29    }
30    if (!VerifyElf::CheckParams(options)) {
31        SIGNATURE_TOOLS_LOGE("verify bin check params failed!");
32        return false;
33    }
34    std::string filePath = options->GetString(Options::IN_FILE);
35    bool checkSignFileFlag = VerifyElf::CheckSignFile(filePath);
36    if (!checkSignFileFlag) {
37        SIGNATURE_TOOLS_LOGE("check input bin file %s failed!", filePath.c_str());
38        return false;
39    }
40    // verify bin
41    std::vector<int8_t> profileVec;
42    Pkcs7Context pkcs7Context;
43    bool verifyBinFileFLag = VerifyBinFile(filePath, profileVec, options, pkcs7Context);
44    if (!verifyBinFileFLag) {
45        SIGNATURE_TOOLS_LOGE("verify bin file %s failed!", filePath.c_str());
46        return false;
47    }
48    // write certificate and p7b file
49    VerifyHap hapVerify(false);
50    int32_t writeFlag = hapVerify.WriteVerifyOutput(pkcs7Context, profileVec, options);
51    if (writeFlag != RET_OK) {
52        SIGNATURE_TOOLS_LOGE("write elf output failed on verify bin!");
53        return false;
54    }
55    return true;
56}
57
58bool VerifyBin::VerifyBinFile(const std::string& binFile, std::vector<int8_t>& profileVec,
59                              Options* options, Pkcs7Context& pkcs7Context)
60{
61    SignBlockInfo signBlockInfo(true);
62    bool getSignBlockInfoFlag = VerifyElf::GetSignBlockInfo(binFile, signBlockInfo, BIN);
63    if (!getSignBlockInfoFlag) {
64        SIGNATURE_TOOLS_LOGE("get signBlockInfo failed on verify bin %s", binFile.c_str());
65        return false;
66    }
67    // verify profile
68    std::string profileJson;
69    bool verifyP7bFlag = VerifyElf::VerifyP7b(signBlockInfo.GetSignBlockMap(), options, pkcs7Context,
70        profileVec, profileJson);
71    if (!verifyP7bFlag) {
72        SIGNATURE_TOOLS_LOGE("verify profile failed on verify bin %s", binFile.c_str());
73        return false;
74    }
75    // verify signed data
76    bool verifyBinDigestFlag = VerifyBinDigest(signBlockInfo);
77    if (!verifyBinDigestFlag) {
78        SIGNATURE_TOOLS_LOGE("verify digest failed on verify bin %s", binFile.c_str());
79        return false;
80    }
81    return true;
82}
83
84bool VerifyBin::VerifyBinDigest(SignBlockInfo& signBlockInfo)
85{
86    std::vector<int8_t>& rawDigest = signBlockInfo.GetRawDigest();
87    std::vector<int8_t>& generatedDig = signBlockInfo.GetFileDigest();
88    bool isEqual = rawDigest.empty() || generatedDig.empty() ||
89        !std::equal(rawDigest.begin(), rawDigest.end(), generatedDig.begin());
90    if (isEqual) {
91        PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "compare bin file raw digest and generated digest failed!");
92        return false;
93    }
94    return true;
95}
96
97} // namespace SignatureTools
98} // namespace OHOS