1 /* 2 * Copyright (C) 2021-2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef HAP_SIGNING_BLOCK_UTILS_H 16 #define HAP_SIGNING_BLOCK_UTILS_H 17 18 #include <vector> 19 20 #include "common/data_source.h" 21 #include "common/export_define.h" 22 #include "common/hap_byte_buffer.h" 23 #include "common/random_access_file.h" 24 #include "interfaces/hap_verify_result.h" 25 #include "util/digest_parameter.h" 26 #include "util/pkcs7_context.h" 27 #include "util/signature_info.h" 28 #include "util/signature_info.h" 29 30 namespace OHOS { 31 namespace Security { 32 namespace Verify { 33 constexpr int32_t ZIP_CHUNK_DIGEST_PRIFIX_LEN = 5; 34 35 enum HapBlobType { 36 HAP_SIGN_BLOB = 0x20000000, 37 PROOF_ROTATION_BLOB = 0x20000001, 38 PROFILE_BLOB = 0x20000002, 39 PROPERTY_BLOB = 0x20000003, 40 }; 41 42 struct HapSignBlockHead { 43 int32_t version = 0; 44 int32_t blockCount = 0; 45 long long hapSignBlockSize; 46 long long hapSignBlockMagicLo; 47 long long hapSignBlockMagicHi; 48 }; 49 50 struct HapSubSignBlockHead { 51 uint32_t type = 0; 52 uint32_t length = 0; 53 uint32_t offset = 0; 54 }; 55 56 class HapSigningBlockUtils { 57 public: 58 DLL_EXPORT static bool FindHapSignature(RandomAccessFile& hapFile, SignatureInfo& signInfo); 59 DLL_EXPORT static bool GetOptionalBlockIndex(std::vector<OptionalBlock>& optionBlocks, int32_t type, int& index); 60 DLL_EXPORT static bool VerifyHapIntegrity(Pkcs7Context& digestInfo, RandomAccessFile& hapFile, 61 SignatureInfo& signInfo); 62 63 private: 64 DLL_EXPORT static const long long HAP_SIG_BLOCK_MAGIC_HIGH_OLD; 65 DLL_EXPORT static const long long HAP_SIG_BLOCK_MAGIC_LOW_OLD; 66 DLL_EXPORT static const long long HAP_SIG_BLOCK_MAGIC_HIGH; 67 DLL_EXPORT static const long long HAP_SIG_BLOCK_MAGIC_LOW; 68 DLL_EXPORT static const int32_t ZIP_HEAD_OF_SIGNING_BLOCK_LENGTH; 69 DLL_EXPORT static const int32_t ZIP_EOCD_SEGMENT_FLAG; 70 static const long long CHUNK_SIZE; 71 static const int32_t HAP_SIG_BLOCK_MIN_SIZE; 72 static const int32_t ZIP_EOCD_SEG_MIN_SIZE; 73 static const int32_t ZIP_EOCD_COMMENT_LENGTH_OFFSET; 74 static const int32_t ZIP_CD_OFFSET_IN_EOCD; 75 static const int32_t ZIP_CD_SIZE_OFFSET_IN_EOCD; 76 static const int32_t ZIP_BLOCKS_NUM_NEED_DIGEST; 77 static const char ZIP_FIRST_LEVEL_CHUNK_PREFIX; 78 static const char ZIP_SECOND_LEVEL_CHUNK_PREFIX; 79 static const int32_t ZIP_UPDATE_DIGEST_THREADS_NUM; 80 static const long long SMALL_FILE_SIZE; 81 /* the specifications of hap sign block */ 82 static constexpr long long MAX_HAP_SIGN_BLOCK_SIZE = 1024 * 1024 * 1024LL; // 1024MB 83 static constexpr int32_t MAX_BLOCK_COUNT = 10; 84 static constexpr int32_t VERSION_FOR_NEW_MAGIC_NUM = 3; 85 86 private: 87 DLL_EXPORT static bool FindEocdInHap(RandomAccessFile& hapFile, std::pair<HapByteBuffer, long long>& eocd); 88 DLL_EXPORT static bool FindEocdInHap(RandomAccessFile& hapFile, unsigned short maxCommentSize, 89 std::pair<HapByteBuffer, long long>& eocd); 90 DLL_EXPORT static bool FindEocdInSearchBuffer(HapByteBuffer& zipContents, int& offset); 91 DLL_EXPORT static bool GetCentralDirectoryOffset(HapByteBuffer& eocd, long long eocdOffset, 92 long long& centralDirectoryOffset); 93 static bool FindHapSigningBlock(RandomAccessFile& hapFile, long long centralDirOffset, 94 SignatureInfo& signInfo); 95 static bool FindHapSubSigningBlock(RandomAccessFile& hapFile, int32_t blockCount, 96 long long blockArrayLen, long long hapSignBlockOffset, SignatureInfo& signInfo); 97 DLL_EXPORT static bool ClassifyHapSubSigningBlock(SignatureInfo& signInfo, 98 const HapByteBuffer& subBlock, uint32_t type); 99 DLL_EXPORT static bool SetUnsignedInt32(HapByteBuffer& buffer, int32_t offset, long long value); 100 DLL_EXPORT static bool ComputeDigestsWithOptionalBlock(const DigestParameter& digestParam, 101 const std::vector<OptionalBlock>& optionalBlocks, const HapByteBuffer& chunkDigest, 102 HapByteBuffer& finalDigest); 103 static bool ComputeDigestsForDataSourceArray(const DigestParameter& digestParam, DataSource* contents[], 104 int32_t len, HapByteBuffer& result, const int32_t offset); 105 static bool ComputeDigestsForDataSource(const DigestParameter& digestParam, DataSource* content, 106 HapByteBuffer& result, int32_t& offset); 107 static bool ComputeDigestsForContentsZip(int32_t nId, RandomAccessFile& hapFile, 108 int32_t chunkNum, long long fileSize, HapByteBuffer& digestsBuffer); 109 static bool VerifyDigest(const DigestParameter& digestParam, const int32_t nId, 110 const std::vector<OptionalBlock>& optionalBlocks, const HapByteBuffer& chunkDigest, Pkcs7Context& digestInfo); 111 static int32_t GetChunkCount(long long inputSize, long long chunkSize); 112 static bool InitDigestPrefix(const DigestParameter& digestParam, 113 unsigned char (&chunkContentPrefix)[ZIP_CHUNK_DIGEST_PRIFIX_LEN], int32_t chunkLen); 114 DLL_EXPORT static DigestParameter GetDigestParameter(int32_t nId); 115 DLL_EXPORT static bool GetSumOfChunkDigestLen(DataSource* contents[], int32_t len, int32_t chunkDigestLen, 116 int& chunkCount, int& sumOfChunkDigestLen); 117 static bool ParseSignBlockHead(HapSignBlockHead& hapSignBlockHead, HapByteBuffer& hapBlockHead); 118 static bool ParseSubSignBlockHead(HapSubSignBlockHead& subSignBlockHead, HapByteBuffer& hapBlockHead); 119 static bool CheckSignBlockHead(const HapSignBlockHead& hapSignBlockHead); 120 static bool HapVerifyParallelizationSupported(); 121 }; 122 } // namespace Verify 123 } // namespace Security 124 } // namespace OHOS 125 #endif // HAP_SIGNING_BLOCK_UTILS_H 126