1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef PKCS7_SIGNED_DATA_H 17 #define PKCS7_SIGNED_DATA_H 18 19 #include <vector> 20 #include <openssl/pkcs7.h> 21 #include <openssl/x509.h> 22 #include "pkg_manager.h" 23 24 namespace Hpackage { 25 using DataBuffer = struct { 26 const unsigned char *buffer; 27 size_t length; 28 }; 29 30 using HwSigningSigntureInfo = struct { 31 DataBuffer overall; 32 DataBuffer hashResult; 33 int nid; 34 }; 35 36 struct Pkcs7SignerInfo { 37 X509_NAME *issuerName = nullptr; 38 ASN1_INTEGER *serialNumber = nullptr; 39 int32_t digestNid {}; 40 int32_t digestEncryptNid {}; 41 std::vector<uint8_t> digestEncryptData; 42 const unsigned char *buffer; 43 size_t length; 44 }; 45 46 class VerifyHelper { 47 public: 48 virtual int32_t GetDigestFromSubBlocks(std::vector<uint8_t> &digestBlock, 49 HwSigningSigntureInfo &signatureInfo, std::vector<uint8_t> &digest) = 0; 50 ~VerifyHelper()51 virtual ~VerifyHelper() {} 52 }; 53 54 class Pkcs7SignedData { 55 public: Pkcs7SignedData()56 Pkcs7SignedData() : pkcs7_(nullptr), digest_(), signerInfos_(), signatureInfo() {} 57 58 ~Pkcs7SignedData(); 59 60 int32_t GetHashFromSignBlock(const uint8_t *srcData, const size_t dataLen, 61 std::vector<uint8_t> &hash); 62 63 int32_t ParsePkcs7Data(const uint8_t *srcData, const size_t dataLen); 64 65 int32_t Verify() const; 66 67 int32_t Verify(const std::vector<uint8_t> &hash, const std::vector<uint8_t> &sig, bool sigInSignerInfo) const; 68 69 void RegisterVerifyHelper(std::unique_ptr<VerifyHelper> ptr); 70 71 static Pkcs7SignedData &GetInstance(); 72 73 int32_t GetDigest(std::vector<uint8_t> &digestBlock, 74 HwSigningSigntureInfo &signatureInfo, std::vector<uint8_t> &digest); 75 private: 76 int32_t Init(const uint8_t *sourceData, const uint32_t sourceDataLen); 77 int32_t DoParse(); 78 int32_t ParseContentInfo(std::vector<uint8_t> &digestBlock) const; 79 int32_t GetDigestFromContentInfo(std::vector<uint8_t> &digestBlock); 80 int32_t DoUpdateVerify(std::vector<uint8_t> &digestBlock); 81 int32_t SignerInfosParse(); 82 int32_t SignerInfoParse(PKCS7_SIGNER_INFO *p7SignerInfo, Pkcs7SignerInfo &signerInfo); 83 int32_t Pkcs7SignleSignerVerify(const Pkcs7SignerInfo &signerInfo, const std::vector<uint8_t> &hash, 84 const std::vector<uint8_t> &sig) const; 85 int32_t VerifyDigest(X509 *cert, const Pkcs7SignerInfo &signer, const std::vector<uint8_t> &hash, 86 const std::vector<uint8_t> &sig) const; 87 private: 88 PKCS7 *pkcs7_; 89 std::vector<uint8_t> digest_; 90 std::vector<Pkcs7SignerInfo> signerInfos_; 91 HwSigningSigntureInfo signatureInfo; 92 std::unique_ptr<VerifyHelper> helper_ {}; 93 }; 94 95 class Pkcs7VerifyHelper : public VerifyHelper { 96 public: 97 Pkcs7VerifyHelper() = default; 98 99 ~Pkcs7VerifyHelper() override; 100 101 int32_t GetDigestFromSubBlocks(std::vector<uint8_t> &digestBlock, 102 HwSigningSigntureInfo &signatureInfo, std::vector<uint8_t> &digest) override; 103 }; 104 } // namespace Hpackage 105 #endif 106