1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "zip_pkg_parse.h"
17 #include <vector>
18 #include "dump.h"
19 #include "pkg_utils.h"
20
21 namespace Hpackage {
22 struct Footer {
23 uint16_t signDataStart;
24 uint16_t signDataFlag;
25 uint16_t signDataSize;
26 };
27
28 namespace {
29 constexpr uint32_t ZIP_EOCD_LEN_EXCLUDE_COMMENT = 20;
30 constexpr uint32_t ZIP_EOCD_FIXED_PART_LEN = 22;
31 constexpr uint32_t PKG_FOOTER_SIZE = 6;
32 constexpr uint32_t PKG_ZIP_EOCD_MIN_LEN = ZIP_EOCD_FIXED_PART_LEN + PKG_FOOTER_SIZE;
33 constexpr uint32_t ZIP_EOCD_SIGNATURE = 0x06054b50;
34 constexpr uint16_t PKG_ZIP_EOCD_FOOTER_FLAG = 0xFFFF;
35 const uint8_t ZIP_EOCD_SIGNATURE_BIG_ENDIAN[4] = {0x50, 0x4b, 0x05, 0x06};
36 }
37
38 /*
39 * ZIP: File Entry(1..n) + CD(1..n) + EOCD(1)
40 *
41 * EOCD: FLAG(4 bytes) + FIX PART1(16 bytes) + comment length(2 bytes) + comment('comment length' bytes)
42 *
43 * EOCD comment: RESERVED(18 bytes) + SIGNATYRE(variable size) + FOOTER (6 bytes)
44 *
45 * FOOTER 6 bytes (little endian)
46 * append signed result length 2 bytes (SIGNATYRE's length + FOOTER's length) = SIGNATYRE reversed offset
47 * 0xFFFF 2 bytes
48 * = .ZIP file comment length 2 bytes
49 */
ParseZipPkg(PkgStreamPtr pkgStream,size_t & signatureStart,size_t & signatureSize) const50 int32_t ZipPkgParse::ParseZipPkg(PkgStreamPtr pkgStream, size_t &signatureStart, size_t &signatureSize) const
51 {
52 if (pkgStream == nullptr) {
53 UPDATER_LAST_WORD(PKG_INVALID_PARAM);
54 return PKG_INVALID_PARAM;
55 }
56 size_t fileLen = pkgStream->GetFileLength();
57 size_t footerSize = PKG_FOOTER_SIZE;
58 PKG_CHECK(fileLen > footerSize, UPDATER_LAST_WORD(PKG_INVALID_FILE, fileLen); return PKG_INVALID_FILE,
59 "file len[%zu] < footerSize.", pkgStream->GetFileLength());
60 size_t footerStart = fileLen - footerSize;
61 size_t readLen = 0;
62 PkgBuffer footer(footerSize);
63 int32_t ret = pkgStream->Read(footer, footerStart, footerSize, readLen);
64 PKG_CHECK(ret == PKG_SUCCESS, UPDATER_LAST_WORD(ret);
65 return ret, "read FOOTER struct failed %s", pkgStream->GetFileName().c_str());
66
67 uint16_t signCommentAppendLen = 0;
68 uint16_t signCommentTotalLen = 0;
69 ret = ParsePkgFooter(footer.buffer, PKG_FOOTER_SIZE, signCommentAppendLen, signCommentTotalLen);
70 if (ret != PKG_SUCCESS) {
71 PKG_LOGE("ParsePkgFooter() error, ret[%d]", ret);
72 UPDATER_LAST_WORD(ret);
73 return ret;
74 }
75
76 size_t eocdTotalLen = ZIP_EOCD_FIXED_PART_LEN + signCommentTotalLen;
77 PKG_CHECK(fileLen > eocdTotalLen, UPDATER_LAST_WORD(PKG_INVALID_PKG_FORMAT);
78 return PKG_INVALID_PKG_FORMAT, "Invalid eocd len[%zu]", eocdTotalLen);
79
80 size_t zipEocdStart = fileLen - eocdTotalLen;
81 PkgBuffer zipEocd(eocdTotalLen);
82 ret = pkgStream->Read(zipEocd, zipEocdStart, eocdTotalLen, readLen);
83 PKG_CHECK(ret == PKG_SUCCESS, UPDATER_LAST_WORD(PKG_INVALID_PKG_FORMAT);
84 return ret, "read zip eocd failed %s", pkgStream->GetFileName().c_str());
85
86 ret = CheckZipEocd(zipEocd.buffer, eocdTotalLen, signCommentTotalLen);
87 PKG_CHECK(ret == PKG_SUCCESS, UPDATER_LAST_WORD(PKG_INVALID_PKG_FORMAT);
88 return ret, "CheckZipEocd() error, ret[%d]", ret);
89
90 PKG_CHECK(fileLen > signCommentTotalLen, UPDATER_LAST_WORD(PKG_INVALID_PKG_FORMAT, fileLen, signCommentTotalLen);
91 return PKG_INVALID_FILE, "file len[%zu] < signCommentTotalLen[%zu]", fileLen, signCommentTotalLen);
92 signatureStart = fileLen - signCommentTotalLen;
93 signatureSize = signCommentTotalLen;
94
95 return PKG_SUCCESS;
96 }
97
ParsePkgFooter(const uint8_t * footer,size_t length,uint16_t & signCommentAppendLen,uint16_t & signCommentTotalLen) const98 int32_t ZipPkgParse::ParsePkgFooter(const uint8_t *footer, size_t length,
99 uint16_t &signCommentAppendLen, uint16_t &signCommentTotalLen) const
100 {
101 if (length < PKG_FOOTER_SIZE) {
102 PKG_LOGE("length[%d] < Footer Size[%d]", length, PKG_FOOTER_SIZE);
103 UPDATER_LAST_WORD(PKG_INVALID_PARAM, length);
104 return PKG_INVALID_PARAM;
105 }
106
107 Footer signFooter = {0};
108 size_t offset = 0;
109 signFooter.signDataStart = ReadLE16(footer);
110 offset += sizeof(uint16_t);
111 signFooter.signDataFlag = ReadLE16(footer + offset);
112 offset += sizeof(uint16_t);
113 signFooter.signDataSize = ReadLE16(footer + offset);
114 if (signFooter.signDataFlag != PKG_ZIP_EOCD_FOOTER_FLAG) {
115 PKG_LOGE("error FooterFlag[0x%04X]", signFooter.signDataFlag);
116 UPDATER_LAST_WORD(PKG_INVALID_PKG_FORMAT, signFooter.signDataFlag);
117 return PKG_INVALID_PKG_FORMAT;
118 }
119
120 signCommentAppendLen = signFooter.signDataStart;
121 signCommentTotalLen = signFooter.signDataSize;
122 if ((signCommentAppendLen < PKG_FOOTER_SIZE) || (signCommentTotalLen < PKG_FOOTER_SIZE) ||
123 (signCommentAppendLen > signCommentTotalLen)) {
124 PKG_LOGE("bad footer length: append[0x%04X], total[0x%04X]",
125 signCommentAppendLen, signCommentTotalLen);
126 UPDATER_LAST_WORD(PKG_INVALID_PKG_FORMAT, signCommentAppendLen, signCommentTotalLen);
127 return PKG_INVALID_PKG_FORMAT;
128 }
129
130 return PKG_SUCCESS;
131 }
132
CheckZipEocd(const uint8_t * eocd,size_t length,uint16_t signCommentTotalLen) const133 int32_t ZipPkgParse::CheckZipEocd(const uint8_t *eocd, size_t length,
134 uint16_t signCommentTotalLen) const
135 {
136 if (length < PKG_ZIP_EOCD_MIN_LEN) {
137 PKG_LOGE("bad eocd length: append[0x%04X]", length);
138 return PKG_INVALID_PKG_FORMAT;
139 }
140
141 uint32_t eocdSignature = ReadLE32(eocd);
142 if (eocdSignature != ZIP_EOCD_SIGNATURE) {
143 PKG_LOGE("bad zip eocd flag[%zu]", eocdSignature);
144 return PKG_INVALID_PKG_FORMAT;
145 }
146
147 /* the beginning 4 chars are already checked before, so begin with i = 4; (length - 3) in case for overflow */
148 for (size_t i = 4; i < length - 3; i++) {
149 /* every 4 byte check if eocd, if eocd[i] = 0x50, eocd[i + 1] = 0x4b, eocd[i + 2] = 0x05, eocd[i + 3] = 0x06 */
150 /* the zip contain another ecod, we can consider it's invalid zip */
151 if (eocd[i] == ZIP_EOCD_SIGNATURE_BIG_ENDIAN[0] &&
152 eocd[i + 1] == ZIP_EOCD_SIGNATURE_BIG_ENDIAN[1] &&
153 eocd[i + 2] == ZIP_EOCD_SIGNATURE_BIG_ENDIAN[2] && /* eocd[i + 2] = 0x05 */
154 eocd[i + 3] == ZIP_EOCD_SIGNATURE_BIG_ENDIAN[3]) { /* eocd[i + 3] = 0x06 */
155 PKG_LOGE("EOCD marker occurs after start of EOCD");
156 return PKG_INVALID_PKG_FORMAT;
157 }
158 }
159
160 const uint8_t *zipSignCommentAddr = eocd + ZIP_EOCD_LEN_EXCLUDE_COMMENT;
161 uint16_t tempLen = ReadLE16(zipSignCommentAddr);
162 if (signCommentTotalLen != tempLen) {
163 PKG_LOGE("compare sign comment length: eocd[0x%04X], footer[0x%04X] error", tempLen, signCommentTotalLen);
164 return PKG_INVALID_PKG_FORMAT;
165 }
166
167 return PKG_SUCCESS;
168 }
169 } // namespace Hpackage
170