• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "openssl_util.h"
17 #include <fstream>
18 #include <openssl/pem.h>
19 #include <openssl/sha.h>
20 #include <openssl/x509.h>
21 #include "dump.h"
22 
23 namespace Hpackage {
24 namespace {
25 constexpr uint32_t HASH_SOURCE_BLOCK_LEN = 4096;
26 
GetTextContentFromX509Name(X509_NAME * name,int nId,std::string & textContent)27 void GetTextContentFromX509Name(X509_NAME *name, int nId, std::string &textContent)
28 {
29     int contentLen = X509_NAME_get_text_by_NID(name, nId, nullptr, 0);
30     if (contentLen <= 0) {
31         return;
32     }
33 
34     std::unique_ptr<char[]> textBuffer = std::make_unique<char[]>(contentLen + 1);
35     if (textBuffer == nullptr) {
36         return;
37     }
38 
39     if (X509_NAME_get_text_by_NID(name, nId, textBuffer.get(), contentLen + 1) != contentLen) {
40         return;
41     }
42     textContent = std::string(textBuffer.get());
43     textBuffer.reset(nullptr);
44 
45     return;
46 }
47 }
48 
GetASN1OctetStringData(const ASN1_OCTET_STRING * octString,std::vector<uint8_t> & asn1Data)49 int32_t GetASN1OctetStringData(const ASN1_OCTET_STRING *octString, std::vector<uint8_t> &asn1Data)
50 {
51     if (octString == nullptr) {
52         return -1;
53     }
54     const uint8_t *octChar = ASN1_STRING_get0_data(octString);
55     if (octChar == nullptr) {
56         PKG_LOGE("get asn1 obj string failed!");
57         return -1;
58     }
59 
60     int32_t octLen = ASN1_STRING_length(octString);
61     if (octLen <= 0) {
62         PKG_LOGE("invalid asn1 obj string len %d!", octLen);
63         return -1;
64     }
65     asn1Data.assign(octChar, octChar + octLen);
66 
67     return 0;
68 }
69 
GetX509AlgorithmNid(const X509_ALGOR * x509Algo,int32_t & algoNid)70 int32_t GetX509AlgorithmNid(const X509_ALGOR *x509Algo, int32_t &algoNid)
71 {
72     if (x509Algo == nullptr) {
73         return -1;
74     }
75 
76     const ASN1_OBJECT *algObj = nullptr;
77     X509_ALGOR_get0(&algObj, nullptr, nullptr, x509Algo);
78     if (algObj == nullptr) {
79         PKG_LOGE("x509 algor get0 fail!");
80         return -1;
81     }
82     algoNid = OBJ_obj2nid(algObj);
83     if (algoNid <= 0) {
84         PKG_LOGE("invalid algo nid %d!", algoNid);
85         return -1;
86     }
87 
88     return 0;
89 }
90 
GetX509CertFromPemString(const std::string & pemString)91 X509 *GetX509CertFromPemString(const std::string &pemString)
92 {
93     BIO *pemBio = BIO_new(BIO_s_mem());
94     if (pemBio == nullptr) {
95         return nullptr;
96     }
97     int strLen = static_cast<int>(pemString.size());
98     if (BIO_write(pemBio, pemString.c_str(), strLen) != strLen) {
99         BIO_free_all(pemBio);
100         return nullptr;
101     }
102 
103     X509 *cert = PEM_read_bio_X509(pemBio, nullptr, nullptr, nullptr);
104     if (cert == nullptr) {
105         PKG_LOGE("pem read x509 fail");
106     }
107     BIO_free_all(pemBio);
108 
109     return cert;
110 }
111 
GetX509CertFromPemFile(const std::string & filePath)112 X509 *GetX509CertFromPemFile(const std::string &filePath)
113 {
114     std::ifstream ifs(filePath);
115     if (!ifs.is_open()) {
116         PKG_LOGE("file %s not exist", filePath.c_str());
117         return nullptr;
118     }
119     BIO *certbio = BIO_new_file(filePath.c_str(), "r");
120     if (certbio == nullptr) {
121         PKG_LOGE("Failed to create BIO");
122         return nullptr;
123     }
124 
125     X509 *cert = PEM_read_bio_X509(certbio, nullptr, nullptr, nullptr);
126     if (cert == nullptr) {
127         PKG_LOGE("Failed to read x509 certificate");
128         BIO_free_all(certbio);
129         return nullptr;
130     }
131     BIO_free_all(certbio);
132 
133     return cert;
134 }
135 
VerifyX509CertByIssuerCert(X509 * cert,X509 * issuerCert)136 bool VerifyX509CertByIssuerCert(X509 *cert, X509 *issuerCert)
137 {
138     if (cert == nullptr || issuerCert == nullptr) {
139         return false;
140     }
141 
142     EVP_PKEY *pubKey = X509_get_pubkey(issuerCert);
143     if (pubKey == nullptr) {
144         PKG_LOGE("get pubkey fial.");
145         return false;
146     }
147 
148     bool ret = (X509_verify(cert, pubKey) == 1);
149     EVP_PKEY_free(pubKey);
150     return ret;
151 }
152 
VerifyDigestByPubKey(EVP_PKEY * pubKey,const int nid,const std::vector<uint8_t> & digestData,const std::vector<uint8_t> & signature)153 int32_t VerifyDigestByPubKey(EVP_PKEY *pubKey, const int nid, const std::vector<uint8_t> &digestData,
154     const std::vector<uint8_t> &signature)
155 {
156     Updater::UPDATER_INIT_RECORD;
157     if (pubKey == nullptr) {
158         PKG_LOGE("pubKey is empty");
159         UPDATER_LAST_WORD(-1);
160         return -1;
161     }
162 
163     EVP_MD_CTX *mdCtx = EVP_MD_CTX_create();
164     if (mdCtx == nullptr) {
165         PKG_LOGE("EVP_MD_CTX_create failed");
166         UPDATER_LAST_WORD(-1);
167         return -1;
168     }
169     EVP_PKEY_CTX *pkeyCtx = nullptr;
170     if (EVP_DigestVerifyInit(mdCtx, &pkeyCtx, EVP_get_digestbynid(nid), nullptr, pubKey) != 1) {
171         PKG_LOGE("EVP init, error");
172         EVP_MD_CTX_destroy(mdCtx);
173         UPDATER_LAST_WORD(-1);
174         return -1;
175     }
176     if (EVP_DigestVerifyUpdate(mdCtx, digestData.data(), digestData.size()) != 1) {
177         PKG_LOGE("EVP update, error");
178         EVP_MD_CTX_destroy(mdCtx);
179         UPDATER_LAST_WORD(-1);
180         return -1;
181     }
182 
183     int ret = EVP_DigestVerifyFinal(mdCtx, signature.data(), signature.size());
184     if (ret != 1) {
185         PKG_LOGE("EVP final, error");
186         EVP_MD_CTX_destroy(mdCtx);
187         UPDATER_LAST_WORD(-1);
188         return -1;
189     }
190 
191     EVP_MD_CTX_destroy(mdCtx);
192     return 0;
193 }
194 
CalcSha256Digest(const PkgStreamPtr srcData,const size_t dataLen,std::vector<uint8_t> & result)195 int32_t CalcSha256Digest(const PkgStreamPtr srcData, const size_t dataLen, std::vector<uint8_t> &result)
196 {
197     Updater::UPDATER_INIT_RECORD;
198     if (srcData == nullptr || dataLen == 0) {
199         UPDATER_LAST_WORD(-1);
200         return -1;
201     }
202     if (result.size() != SHA256_DIGEST_LENGTH) {
203         result.resize(SHA256_DIGEST_LENGTH);
204     }
205     SHA256_CTX ctx;
206     SHA256_Init(&ctx);
207 
208     size_t offset = 0;
209     size_t remainLen = dataLen;
210     size_t blockLen = HASH_SOURCE_BLOCK_LEN;
211     PkgBuffer buffer(blockLen);
212     size_t readLen = 0;
213     int32_t ret = 0;
214     while (remainLen >= blockLen) {
215         ret = srcData->Read(buffer, offset, blockLen, readLen);
216         if (ret != 0) {
217             PKG_LOGE("Fail read data");
218             UPDATER_LAST_WORD(-1);
219             return -1;
220         }
221         SHA256_Update(&ctx, buffer.buffer, blockLen);
222         offset += readLen;
223         remainLen -= readLen;
224     }
225     if (remainLen > 0) {
226         ret = srcData->Read(buffer, offset, remainLen, readLen);
227         if (ret != 0) {
228             PKG_LOGE("Fail read data");
229             UPDATER_LAST_WORD(-1);
230             return -1;
231         }
232         SHA256_Update(&ctx, buffer.buffer, readLen);
233     }
234 
235     if (SHA256_Final(result.data(), &ctx) != 1) {
236         PKG_LOGE("SHA256_Final(), error");
237         UPDATER_LAST_WORD(-1);
238         return -1;
239     }
240 
241     return 0;
242 }
243 
GetStringFromX509Name(X509_NAME * x509Name)244 std::string GetStringFromX509Name(X509_NAME *x509Name)
245 {
246     if (x509Name == nullptr) {
247         return "";
248     }
249 
250     std::string country;
251     GetTextContentFromX509Name(x509Name, NID_countryName, country);
252 
253     std::string organization;
254     GetTextContentFromX509Name(x509Name, NID_organizationName, organization);
255 
256     std::string organizationalUnitName;
257     GetTextContentFromX509Name(x509Name, NID_organizationalUnitName, organizationalUnitName);
258 
259     std::string commonName;
260     GetTextContentFromX509Name(x509Name, NID_commonName, commonName);
261 
262     return "C=" + country + ", O=" + organization + ", OU=" + organizationalUnitName + ", CN=" + commonName;
263 }
264 
GetX509CertSubjectName(X509 * cert)265 std::string GetX509CertSubjectName(X509 *cert)
266 {
267     if (cert == nullptr) {
268         return "";
269     }
270 
271     X509_NAME *subjectName = X509_get_subject_name(cert);
272     if (subjectName == nullptr) {
273         PKG_LOGE("cert subject name is null");
274         return "";
275     }
276 
277     return GetStringFromX509Name(subjectName);
278 }
279 
GetX509CertIssuerName(X509 * cert)280 std::string GetX509CertIssuerName(X509 *cert)
281 {
282     if (cert == nullptr) {
283         return "";
284     }
285 
286     X509_NAME *issuerName = X509_get_issuer_name(cert);
287     if (issuerName == nullptr) {
288         PKG_LOGE("cert issuer name is null");
289         return "";
290     }
291 
292     return GetStringFromX509Name(issuerName);
293 }
294 }
295