CN109800579B - Software integrity checking method and device and electronic equipment - Google Patents
Software integrity checking method and device and electronic equipment Download PDFInfo
- Publication number
- CN109800579B CN109800579B CN201811591449.4A CN201811591449A CN109800579B CN 109800579 B CN109800579 B CN 109800579B CN 201811591449 A CN201811591449 A CN 201811591449A CN 109800579 B CN109800579 B CN 109800579B
- Authority
- CN
- China
- Prior art keywords
- file
- current
- ciphertext
- software
- encryption algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a software integrity verification method, a device and electronic equipment, wherein the software integrity verification method comprises the following steps: verifying the correctness of an encryption algorithm stored on a terminal where the software is located; when the encryption algorithm is correct, calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group; the terminal stores a preset ciphertext group obtained by calculating each initial file in the software directory by using an encryption algorithm; verifying the integrity of the software by judging whether the current ciphertext group is the same as the preset ciphertext group; and when the current ciphertext group is the same as the preset ciphertext group, determining that the software is complete. The correctness of the encryption algorithm is verified before the integrity of the software is verified by using the encryption algorithm, so that the problem that a verification result obtained by verifying the integrity of the software based on the encryption algorithm does not have credibility when the correctness of the encryption algorithm is not verified is solved.
Description
Technical Field
The present invention relates to the field of software security technologies, and in particular, to a software integrity verification method, a software integrity verification apparatus, an electronic device, and a computer-readable storage medium.
Background
At present, when a user needs a terminal to have a certain function, most of the functions are realized by installing corresponding software on the terminal, and therefore, correct installation of the software and continuous and correct operation after installation are very important for meeting the user needs. However, during the use of software, the following problems often occur: after the terminal is upgraded or other unexpected errors are used, part of libraries, configuration and scripts are lacked or damaged, so that files in a software directory are lacked or damaged, and the use of software is influenced; part of the file is accidentally tampered, and the used result is inconsistent with the expectation although the file can still be used; the unexpected effect on the normal use of the software is caused by the fact that the irregular use causes an extra part of the unexpected files. Therefore, integrity check on whether files in the software directory are missing, damaged and redundant is required, so that normal and safe operation of software is ensured.
In the prior art, a method for verifying the security of a terminal system is disclosed, which checks the security of a system file by judging whether the system files are all stored in a system directory and comparing the current ciphertext of the system file obtained by calculation with the corresponding original ciphertext stored in the terminal. However, since the current ciphertext of the system file is obtained by calculating the system file by calling the encryption algorithm stored in the system, the check result of the security verification method does not have reliability when the file storing the encryption algorithm is damaged or accidentally tampered.
Disclosure of Invention
In view of this, embodiments of the present invention provide a software integrity verification method, an apparatus, and an electronic device, so as to solve the problems that the existing verification method does not verify whether a file storing an encryption algorithm for performing verification calculation is tampered or damaged, and a verification result obtained based on the encryption algorithm does not have reliability.
According to a first aspect, an embodiment of the present invention provides a software integrity checking method, including the following steps: verifying the correctness of an encryption algorithm stored on a terminal where the software is located; when the encryption algorithm is correct, calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group; the terminal stores a preset ciphertext group obtained by calculating each initial file in the software directory by using an encryption algorithm; verifying the integrity of the software by judging whether the current ciphertext group is the same as the preset ciphertext group; and when the current ciphertext group is the same as the preset ciphertext group, determining that the software is complete.
The correctness of the encryption algorithm is verified before the integrity of the software is verified by using the encryption algorithm stored on the terminal, so that the problem that the difference between the current ciphertext group (obtained by calculating each current file under the software directory by using the encryption algorithm) and the preset ciphertext group (obtained by calculating each initial file under the software directory by using the encryption algorithm) cannot be judged when the correctness of the encryption algorithm is not verified, and the problem is caused by the error of each current file under the software directory or the error of the encryption algorithm is solved, and the reliability of the verification result obtained by using the integrity verification method of the software in the embodiment of the invention is improved.
With reference to the first aspect, in a first implementation manner of the first aspect, a step of storing at least two prefabricated texts on a terminal, using a reference encryption algorithm to encrypt and calculate a reference ciphertext obtained by encrypting the prefabricated texts, and checking correctness of an encryption algorithm stored on the terminal where software is located includes the following steps: calculating the prefabricated text by using an encryption algorithm to obtain a calculation ciphertext; comparing the calculated ciphertext with a reference ciphertext corresponding to the prefabricated text, and checking the correctness of an encryption algorithm; and when the calculated ciphertext is the same as the reference ciphertext corresponding to the prefabricated text, determining that the encryption algorithm is correct.
Judging whether the encryption algorithm is correct by storing the prefabricated text on the terminal and comparing whether a calculation ciphertext (obtained by calculating the prefabricated text by using the encryption algorithm) is the same as a reference ciphertext (obtained by performing encryption calculation on the prefabricated text by using the reference encryption algorithm); in addition, at least two prefabricated texts are stored on the terminal, and the error of the verification result of the encryption algorithm caused by the error of the encryption calculation of the prefabricated file can be prevented when only one prefabricated text exists, so that the verification result of the encryption algorithm is more accurate.
With reference to the first aspect or the first implementation manner of the first aspect, in a second implementation manner of the first aspect, the storage path of each start file in the software directory and the corresponding predetermined ciphertext are both stored in a check file.
With reference to the second implementation manner of the first aspect, in the third implementation manner of the first aspect, the step of storing a predetermined check ciphertext of the initial check file on the terminal, and when the encryption algorithm is correct, calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group includes the following steps: acquiring a current verification file; calculating the current check file by using an encryption algorithm to obtain a current check ciphertext; comparing the current check ciphertext with a preset check ciphertext to check the integrity of the current check file; and when the current check file is complete, calculating each current file in the software directory by using an encryption algorithm to obtain a current ciphertext group.
By verifying the integrity of the check file storing the storage path of each initial file and the corresponding predetermined ciphertext of the initial file under the software directory, the problem that the integrity check result of wrong software is obtained due to the fact that the wrong storage path of each initial file and the corresponding predetermined ciphertext are obtained can be prevented, and the reliability of the check result obtained by using the integrity check method of the software in the embodiment of the invention is further improved.
With reference to the third embodiment of the first aspect, in the fourth embodiment of the first aspect, when the current check file is complete, the step of calculating each current file in the software directory by using an encryption algorithm to obtain the current ciphertext group includes the following steps: acquiring all current files in a software directory; judging whether the file name of each current file corresponds to the file name of each initial file stored in the current check file one by one; when the file name of each current file corresponds to the file name of each initial file stored in the current verification file, judging whether the storage path of each current file is the same as the storage path of the corresponding initial file; and when the storage path of each current file is the same as that of the corresponding initial file, calculating the current ciphertext of each current file by using an encryption algorithm.
Before the current ciphertext of each current file is calculated and compared with the preset ciphertext to verify the correctness of the contents of all the current files in the software directory, the correctness of the storage paths of all the current files in the software directory is verified, the latitude of the integrity of the verification software is increased, and the reliability of the verification result obtained by using the software integrity verification method in the embodiment of the invention is further improved.
According to a second aspect, an embodiment of the present invention provides an integrity checking apparatus for software, including: the algorithm checking module is used for checking the correctness of the encryption algorithm stored on the terminal where the software is located; the ciphertext calculation module is used for calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group when the encryption algorithm is correct; the terminal stores a preset ciphertext group obtained by calculating each initial file in the software directory by using an encryption algorithm; the software checking module is used for checking the integrity of the software by judging whether the current ciphertext group is the same as the preset ciphertext group; and the result determining module is used for determining that the software is complete when the current ciphertext group is the same as the preset ciphertext group.
With reference to the second aspect, in the first embodiment of the second aspect, at least two prefabricated texts and a reference ciphertext obtained by performing encryption calculation on the prefabricated texts by using a reference encryption algorithm are stored on the terminal; the algorithm checking module comprises: the first calculation unit is used for calculating the prefabricated text by using an encryption algorithm to obtain a calculation ciphertext; the first checking unit is used for comparing the calculated ciphertext with a reference ciphertext corresponding to the prefabricated text and checking the correctness of an encryption algorithm; and the first result determining unit is used for determining that the encryption algorithm is correct when the calculated ciphertext is the same as the reference ciphertext corresponding to the prefabricated text.
With reference to the second aspect or the first embodiment of the second aspect, in the second embodiment of the second aspect, the storage path of each start file in the software directory and the corresponding predetermined ciphertext thereof are stored in a check file, and the predetermined check ciphertext of the start check file is stored in the terminal; the ciphertext calculation module comprises: the first acquisition unit is used for acquiring a current check file; the second calculation unit is used for calculating the current check file by using an encryption algorithm to obtain a current check ciphertext; the second checking unit is used for comparing the current checking ciphertext with the preset checking ciphertext to check the integrity of the current checking file; and the ciphertext calculation unit is used for calculating each current file in the software directory by using an encryption algorithm to obtain a current ciphertext group when the current check file is complete.
With reference to the second embodiment of the second aspect, in a third embodiment of the second aspect, the ciphertext calculation unit includes: the acquisition subunit is used for acquiring all current files in the software directory; the first judging subunit is used for judging whether the file name of each current file corresponds to the file name of each initial file stored in the current verification file one by one; the second judging subunit is used for judging whether the storage path of each current file is the same as the storage path of the corresponding initial file when the file name of each current file corresponds to the file name of each initial file stored in the current verification file; and the ciphertext calculation subunit is used for calculating the current ciphertext of each current file by using an encryption algorithm when the storage path of each current file is the same as the storage path of the corresponding initial file.
According to a third aspect, an embodiment of the present invention provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores computer instructions, and the processor executes the computer instructions to perform the method for integrity check of software according to the first aspect or any one of the embodiments of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores computer instructions for causing a computer to execute the method for integrity checking of software described in the first aspect or any one of the implementation manners of the first aspect.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for verifying integrity of software according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating the detailed steps of step S100 in FIG. 1;
FIG. 3 is a flowchart illustrating the detailed steps of step S200 in FIG. 1;
FIG. 4 is a flowchart illustrating the detailed steps of step S240 in FIG. 3;
fig. 5 is a schematic structural diagram of a software integrity checking apparatus according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Example 1
The inventor finds that, because the existing software integrity is checked based on the encryption algorithm, the existing software integrity is realized by comparing whether a current ciphertext group obtained by calculating each current file in a software directory by using a practical encryption algorithm is the same as a preset ciphertext group obtained by calculating each initial file in the software directory by using the encryption algorithm, and when the file with the encryption algorithm for checking calculation is not tampered or damaged, namely the correct setting of the encryption algorithm is not checked, even if the current ciphertext group obtained by calculating is different from the preset ciphertext group, the difference cannot be determined to be caused by the error of each current file in the software directory or the error of the encryption algorithm, namely a check result with higher reliability cannot be obtained.
In view of this, an embodiment of the present invention provides a method for verifying integrity of software, as shown in fig. 1. It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
The process comprises the following steps:
and S100, verifying the correctness of the encryption algorithm stored on the terminal where the software is located. In this embodiment, the encryption algorithm may be any algorithm capable of processing a file or data that is originally in a plaintext into an unreadable segment of code (i.e., ciphertext), and for example, the encryption algorithm may be any algorithm among a symmetric encryption algorithm such as DES algorithm, 3DES algorithm, TDEA algorithm, RC5 algorithm, IDEA algorithm, or the like, or any algorithm among an asymmetric encryption algorithm such as RSA algorithm, Elgamal algorithm, or any algorithm among hash algorithms such as SM3 algorithm, MD5 algorithm, SHA1 algorithm, or the like. In this embodiment, the terminal may be any mobile terminal or fixed terminal capable of installing software, for example, a mobile phone, a computer, a tablet, or other multimedia terminal.
And S200, when the encryption algorithm is correct, calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group. In this embodiment, the terminal stores a predetermined ciphertext group obtained by calculating each start file in the software directory by using an encryption algorithm. In this embodiment, the predetermined ciphertext of each start file in the software directory is stored in a check file, and the predetermined ciphertext corresponding to each start file is obtained by reading the content of the check file.
Step S300, the integrity of the software is verified by judging whether the current ciphertext group is the same as the preset ciphertext group.
In step S400, when the current ciphertext group is the same as the predetermined ciphertext group, it is determined that the software is complete.
In this embodiment, when the software is determined to be complete, a corresponding verification result is output, and an output unit on the terminal is called to output the verification result, specifically, characters such as "software integrity self-check is successful", "software is complete", and the like, which can feed back information of the software that is determined to be complete, can be output, and of course, the specific content of the text can also be adjusted according to the actual application scenario.
According to the software integrity verification method provided by the embodiment of the invention, the correctness of the encryption algorithm is verified before the integrity of the software is verified by using the encryption algorithm stored on the terminal, so that the problem that when the correctness of the encryption algorithm is not verified, the difference between the current ciphertext group (obtained by calculating each current file under the software directory by using the encryption algorithm) and the preset ciphertext group (obtained by calculating each initial file under the software directory by using the encryption algorithm) cannot be judged, and whether each current file under the software directory is in error or the encryption algorithm is in error is solved, and the reliability of the verification result obtained by using the software integrity verification method in the embodiment of the invention is improved.
As an alternative implementation manner of the embodiment of the present invention, as shown in fig. 2, step S100 includes the following steps:
and step S110, calculating the prefabricated text by using an encryption algorithm to obtain a calculation ciphertext. In this embodiment, since an error in the encryption calculation of the pre-formed file will result in an error in the verification result of the encryption algorithm when there is only one pre-formed text, in order to prevent the above problem, at least two pre-formed texts and a reference ciphertext obtained by performing the encryption calculation on the pre-formed text by using the reference encryption algorithm are stored in the terminal. In this embodiment, the reference encryption algorithm refers to an encryption algorithm that is correct, not tampered or not damaged, and the encryption algorithm used in the calculation of the pre-made text refers to an encryption algorithm currently stored in the terminal. In this embodiment, the encryption algorithm currently stored on the terminal is obtained by reading the content of the file in which the encryption algorithm is stored on the terminal. In this embodiment, if the encryption algorithm cannot be obtained, it is determined that the software is incomplete, and a verification result indicating that the algorithm verification fails is output.
And step S120, comparing the calculated ciphertext with a reference ciphertext corresponding to the prefabricated text, and checking the correctness of the encryption algorithm. In this embodiment, when the reference ciphertext corresponding to the pre-formed text cannot be obtained, it is determined that the software is incomplete, and a verification result indicating that the algorithm verification fails is output.
And step S130, when the calculated ciphertext is the same as the reference ciphertext corresponding to the prefabricated text, determining that the encryption algorithm is correct. In this embodiment, when the calculated ciphertext is different from the reference ciphertext corresponding to the prefabricated text, it is determined that the software is incomplete, and a verification result indicating that the algorithm verification fails is output.
In a specific embodiment, when the verification result is that the algorithm verification fails, an output unit on the terminal is called to output the verification result, specifically, a text similar to "algorithm verification fails, and possibly the software does not normally run, please contact an administrator" or the like may be output, and of course, the specific content of the text may also be adjusted according to the actual application scenario.
In this embodiment, in order to further improve the accuracy of the correctness check result of the encryption algorithm, the steps S110 to S130 may be repeatedly executed multiple times.
The integrity verification method of the software provided by the embodiment of the invention judges whether the encryption algorithm is correct or not by storing the prefabricated text on the terminal and comparing whether the calculation ciphertext (obtained by calculating the prefabricated text by using the encryption algorithm) is the same as the reference ciphertext (obtained by encrypting and calculating the prefabricated text by using the reference encryption algorithm); in addition, at least two prefabricated texts are stored on the terminal, so that the problem that the verification result of the encryption algorithm is caused by the error in the encryption calculation of the prefabricated file when only one prefabricated text is stored can be solved, and the verification result of the encryption algorithm is more accurate.
As an alternative implementation manner of this embodiment, as shown in fig. 3, step S200 includes the following steps:
step S210, obtain the current verification file. In this embodiment, the storage path of each starting file in the software directory and the corresponding predetermined ciphertext thereof are stored in a check file, and the terminal further stores the predetermined check ciphertext obtained by calculating the starting check file by using an encryption algorithm, where the starting check file is a check file that is generated during software installation and is not damaged or tampered. In this embodiment, when the current check file cannot be acquired, it is determined that the software is incomplete, and a check result indicating that the check file is abnormal is output.
Step S220, the current check file is calculated by using an encryption algorithm to obtain a current check ciphertext.
Step S230, comparing the current check ciphertext with the predetermined check ciphertext to check the integrity of the current check file. In this embodiment, when the current check ciphertext is the same as the predetermined check ciphertext, it is determined that the current check file is complete; and when the current verification ciphertext is different from the preset verification ciphertext, determining that the software is incomplete, and outputting a verification result of abnormal verification files.
And step S240, when the current check file is complete, calculating each current file in the software directory by using an encryption algorithm to obtain a current ciphertext group.
In a specific embodiment, when the verification result of verifying the integrity of the file is that the verification file is abnormal, an output unit on the terminal is called to output the verification result, specifically, a text similar to "one verification file, possibly with software not running normally, please contact an administrator" or the like may be output, and of course, the specific content of the text may also be adjusted according to the actual application scenario.
According to the software integrity checking method provided by the embodiment of the invention, the storage paths of the initial files stored in the software directory and the integrity of the checking files of the preset ciphertexts corresponding to the initial files are checked, so that the problem that the wrong software integrity checking result is obtained due to the fact that the wrong storage paths of the initial files and the preset ciphertexts corresponding to the initial files are obtained can be prevented, and the reliability of the checking result obtained by using the software integrity checking method in the embodiment of the invention is further improved.
As an alternative implementation manner of the embodiment of the present invention, as shown in fig. 4, step S240 includes the following steps:
step S241, acquiring all current files in the software directory.
In step S242, it is determined whether the file name of each current file corresponds to the file name of each start file stored in the current verification file. In this embodiment, when the file name of each current file is not consistent with the file name of each start file stored in the current verification file, it is determined that the software is incomplete, and a verification result indicating that the software integrity self-check fails is output.
In step S243, when the file name of each current file corresponds to the file name of each start file stored in the current verification file, it is determined whether the storage path of each current file is the same as the storage path of the corresponding start file. In this embodiment, when the storage path of a certain current file is different from the storage path of the corresponding start file, it is determined that the software is incomplete, and a verification result that the software integrity self-check fails is output.
In step S244, when the storage path of each current file is the same as the storage path of the corresponding start file, the current ciphertext of each current file is calculated by using an encryption algorithm.
In a specific embodiment, when the verification result is that the software integrity self-check fails, an output unit on the terminal is called to output the verification result, specifically, a text similar to "the system integrity self-check fails, the system cannot use a video conference, please contact an administrator" or the like may be output, and of course, the specific content of the text may also be adjusted according to the actual application scenario.
According to the software integrity verification method provided by the embodiment of the invention, before the current ciphertext of each current file is calculated and compared with the preset ciphertext to verify the correctness of the contents of all current files in the software directory, the correctness of the storage paths of all current files in the software directory is verified, the latitude of the integrity of the verification software is increased, and the reliability of the verification result obtained by using the software integrity verification method in the embodiment of the invention is further improved.
As an optional implementation manner of the embodiment of the present invention, when the encryption algorithm is SM3, the calculation process of the current ciphertext, the predetermined ciphertext, the current check ciphertext, or the predetermined check ciphertext includes: a data stuffing process and an iterative compression process.
Wherein, the data filling process comprises:
step a, adding bit '1' after the message with the length of less than 2 and the power of 64 bits, and adding '0' with the length of k bits, so that the value of 'k + message length + 1' is 448+512 x. Where x may be any non-negative integer, and x is as small as possible, for example, when the message length is 24 bits, k should take the value 448-24-1 — 423.
And b, adding data with the length of 64 bits after the filled message. Since the data is the binary content of the message, the length of the message in step a must be less than the power of 64 of 2. In this embodiment, the data with a length of 64 bits is a current file, a start file, a current check file, or a start check file.
The iterative compression process includes:
and step A, dividing the data obtained after filling into N blocks of data by taking 512 bits as a unit. Where N ═ (message length + k +1+ 64)/512.
And step B, setting an initial fixed value with the length of 16 bytes, performing compression calculation on the initial fixed value and the first block of filling data to obtain a first calculation fixed value, performing compression calculation on the first calculation fixed value and the second block of filling data to obtain a second calculation fixed value, and so on until an Nth calculation fixed value is obtained, and taking the Nth calculation fixed value as a hash value. In this embodiment, when the data with the length of 64 bits is the current file, the hash value is the current ciphertext; when the data with the length of 64 bits is an initial file, the hash value is a preset ciphertext; when the data with the length of 64 bits is the current check file, the hash value is the current check ciphertext; and when the data with the length of 64 bits is the initial check file, the hash value is the preset check ciphertext.
In a specific embodiment, a process of calculating the current ciphertext, the predetermined ciphertext, the current check ciphertext or the predetermined check ciphertext by using another encryption algorithm may be obtained by analogy by those skilled in the art according to the calculation process of the SM3 algorithm and the prior art, and is not described herein again.
Example 2
The embodiment of the invention provides a software integrity checking device, which is used for realizing the software integrity checking method in the method embodiment, and the description is omitted for the sake of description. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
As shown in fig. 5, the integrity verification apparatus for software according to the embodiment of the present invention includes: an algorithm checking module 100, a ciphertext calculation module 200, a software checking module 300 and a result determination module 400.
The algorithm checking module is used for checking the correctness of an encryption algorithm stored on the terminal where the software is located; the ciphertext calculation module is used for calculating each current file in the software directory by using the encryption algorithm when the encryption algorithm is correct to obtain a current ciphertext group; the terminal stores a preset ciphertext group obtained by calculating each initial file in the software directory by using an encryption algorithm; the software checking module is used for checking the integrity of the software by judging whether the current ciphertext group is the same as the preset ciphertext group; and the result determining module is used for determining that the software is complete when the current ciphertext group is the same as the preset ciphertext group.
As an optional implementation manner of the embodiment of the present invention, the terminal stores at least two prefabricated texts and a reference ciphertext obtained by performing encryption calculation on the prefabricated texts by using a reference encryption algorithm; the algorithm checking module 100 includes: the device comprises a first calculation unit, a first verification unit and a first result determination unit.
The first computing unit is used for computing the prefabricated text by using an encryption algorithm to obtain a computing ciphertext; the first checking unit is used for comparing the calculated ciphertext with a reference ciphertext corresponding to the prefabricated text and checking the correctness of an encryption algorithm; the first result determining unit is used for determining that the encryption algorithm is correct when the calculated ciphertext is the same as the reference ciphertext corresponding to the pre-formed text.
As an optional implementation manner of the embodiment of the present invention, the storage path of each start file in the software directory and the corresponding predetermined ciphertext thereof are stored in a check file, and the predetermined check ciphertext of the start check file is stored in the terminal; the ciphertext calculation module 200 includes: the device comprises a first obtaining unit, a second calculating unit, a second checking unit and a ciphertext calculating unit.
The first acquisition unit is used for acquiring a current check file; the second calculation unit is used for calculating the current check file by using an encryption algorithm to obtain a current check ciphertext; the second check unit is used for comparing the current check ciphertext with the preset check ciphertext to check the integrity of the current check file; and the ciphertext calculation unit is used for calculating each current file in the software directory by using an encryption algorithm when the current check file is complete to obtain a current ciphertext group.
As an optional implementation manner of the embodiment of the present invention, the ciphertext calculation unit includes: the device comprises an acquisition subunit, a first judgment subunit, a second judgment subunit, a calculation subunit, a third judgment subunit and a result determination subunit.
The acquiring subunit is used for acquiring all current files in the software directory; the first judging subunit is used for judging whether the file name of each current file corresponds to the file name of each initial file stored in the current verification file one by one; the second judging subunit is used for judging whether the storage path of each current file is the same as the storage path of the corresponding initial file when the file name of each current file corresponds to the file name of each initial file stored in the current verification file; and the ciphertext calculation subunit is used for calculating the current ciphertext of each current file by using an encryption algorithm when the storage path of each current file is the same as the storage path of the corresponding initial file.
An embodiment of the present invention further provides an electronic device, as shown in fig. 6, the electronic device may include a processor 61 and a memory 62, where the processor 61 and the memory 62 may be connected by a bus or in another manner, and fig. 6 illustrates the connection by the bus as an example.
The processor 61 may be a Central Processing Unit (CPU). The Processor 61 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 62, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to integrity checks of software in embodiments of the present invention (e.g., the algorithm checking module 100, the software checking module 200, and the result determination module 300 shown in fig. 5). The processor 61 executes various functional applications and data processing of the processor by executing the non-transitory software programs, instructions and modules stored in the memory 62, that is, implements the integrity check method of the software in the above method embodiment.
The memory 62 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 61, and the like. Further, the memory 62 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 62 may optionally include memory located remotely from the processor 61, and these remote memories may be connected to the processor 61 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 62 and when executed by the processor 61 perform a method of integrity checking of software as in the embodiment of fig. 1-4.
The details of the electronic device may be understood by referring to the corresponding descriptions and effects in the embodiments shown in fig. 1 to fig. 4, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (11)
1. A software integrity checking method is characterized by comprising the following steps:
verifying the correctness of an encryption algorithm stored on the terminal where the software is located;
when the encryption algorithm is correct, calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group; the terminal stores a preset ciphertext group obtained by calculating each initial file in the software directory by using the encryption algorithm;
verifying the integrity of the software by judging whether the current ciphertext group is the same as the predetermined ciphertext group;
and when the current ciphertext group is the same as the preset ciphertext group, determining that the software is complete.
2. The software integrity verification method according to claim 1, wherein the terminal stores at least two pre-made texts and a reference ciphertext obtained by using a reference encryption algorithm to perform encryption calculation on the pre-made texts, and the step of verifying the correctness of the encryption algorithm stored on the terminal where the software is located comprises the following steps:
calculating the prefabricated text by using the encryption algorithm to obtain a calculation ciphertext;
comparing the calculated ciphertext with a reference ciphertext corresponding to the prefabricated text, and checking the correctness of the encryption algorithm;
and when the calculated ciphertext is the same as the reference ciphertext corresponding to the prefabricated text, determining that the encryption algorithm is correct.
3. The method for verifying the integrity of software according to claim 1 or 2, wherein the storage path of each start file in the software directory and the corresponding predetermined ciphertext are stored in a verification file.
4. The software integrity verification method according to claim 3, wherein a predetermined verification ciphertext of a start verification file is stored on the terminal, and when the encryption algorithm is correct, the step of calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group includes the following steps:
acquiring a current verification file;
calculating the current check file by using the encryption algorithm to obtain a current check ciphertext;
comparing the current check ciphertext with the preset check ciphertext to check the integrity of the current check file;
and when the current check file is complete, calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group.
5. The software integrity checking method according to claim 4, wherein the step of calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group when the current check file is complete includes the steps of:
acquiring all current files in the software directory;
judging whether the file name of each current file corresponds to the file name of each initial file stored in the current check file one by one;
when the file name of each current file corresponds to the file name of each initial file stored in the current verification file, judging whether the storage path of each current file is the same as the storage path of the corresponding initial file;
and when the storage path of each current file is the same as the storage path of the corresponding initial file, calculating the current ciphertext of each current file by using the encryption algorithm.
6. An integrity check device for software, comprising:
the algorithm checking module is used for checking the correctness of the encryption algorithm stored on the terminal where the software is located;
the ciphertext calculation module is used for calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group when the encryption algorithm is correct; the terminal stores a preset ciphertext group obtained by calculating each initial file in the software directory by using the encryption algorithm;
the software checking module is used for checking the integrity of the software by judging whether the current ciphertext group is the same as the preset ciphertext group;
and the result determining module is used for determining that the software is complete when the current ciphertext group is the same as the preset ciphertext group.
7. The software integrity checking device according to claim 6, wherein the terminal stores at least two pre-made texts and a reference ciphertext obtained by performing encryption calculation on the pre-made texts by using a reference encryption algorithm;
the algorithm checking module comprises:
the first calculation unit is used for calculating the prefabricated text by using the encryption algorithm to obtain a calculation ciphertext;
the first checking unit is used for comparing the calculated ciphertext with a reference ciphertext corresponding to the prefabricated text and checking the correctness of the encryption algorithm;
and the first result determining unit is used for determining that the encryption algorithm is correct when the calculated ciphertext is the same as the reference ciphertext corresponding to the prefabricated text.
8. The device for verifying the integrity of software according to claim 6 or 7, wherein the storage path of each starting file in the software directory and the corresponding predetermined ciphertext thereof are stored in a verification file, and the predetermined verification ciphertext of the starting verification file is stored in the terminal;
the ciphertext calculation module comprises:
the first acquisition unit is used for acquiring a current check file;
the second calculation unit is used for calculating the current check file by using the encryption algorithm to obtain a current check ciphertext;
the second checking unit is used for comparing the current checking ciphertext with the preset checking ciphertext to check the integrity of the current checking file;
and the ciphertext calculation unit is used for calculating each current file in the software directory by using the encryption algorithm to obtain a current ciphertext group when the current check file is complete.
9. The software integrity checking apparatus according to claim 8, wherein the ciphertext calculation unit includes:
the acquisition subunit is used for acquiring all current files in the software directory;
a first judging subunit, configured to judge whether a file name of each current file corresponds to a file name of each start file stored in the current check file one to one;
a second judging subunit, configured to, when a file name of each of the current files corresponds to a file name of each of the start files stored in the current verification file, judge whether a storage path of each of the current files is the same as a storage path of the corresponding start file;
and the ciphertext calculation subunit is used for calculating the current ciphertext of each current file by using the encryption algorithm when the storage path of each current file is the same as the storage path of the corresponding starting file.
10. An electronic device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of any one of claims 1-5.
11. A computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, perform the steps of the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811591449.4A CN109800579B (en) | 2018-12-25 | 2018-12-25 | Software integrity checking method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811591449.4A CN109800579B (en) | 2018-12-25 | 2018-12-25 | Software integrity checking method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109800579A CN109800579A (en) | 2019-05-24 |
| CN109800579B true CN109800579B (en) | 2020-12-25 |
Family
ID=66557489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811591449.4A Active CN109800579B (en) | 2018-12-25 | 2018-12-25 | Software integrity checking method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109800579B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110311773B (en) * | 2019-06-28 | 2022-05-17 | 兆讯恒达科技股份有限公司 | Method for preventing injection type attack of advanced encryption standard coprocessor |
| CN113566869A (en) * | 2021-06-29 | 2021-10-29 | 东风电驱动系统有限公司 | Automatic calibration method and system for outgoing signal of vehicle-mounted instrument |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227312A (en) * | 2014-07-04 | 2016-01-06 | 上海交通大学深圳研究院 | Intelligent code key password authentification extracting method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2430793A4 (en) * | 2009-05-15 | 2015-07-29 | Eric Myron Smith | System for encrypting and decrypting a plaintext message with authentication |
| CN102624744B (en) * | 2012-04-06 | 2014-09-10 | 北京星网锐捷网络技术有限公司 | Authentication method, device and system of network device and network device |
| CN106778099A (en) * | 2016-11-29 | 2017-05-31 | 北京奇虎科技有限公司 | The generation method and device of anti-tamper APK, install and operation method and device |
| CN108199827B (en) * | 2018-01-09 | 2021-09-07 | 武汉斗鱼网络科技有限公司 | Client code integrity checking method, storage medium, electronic device and system |
-
2018
- 2018-12-25 CN CN201811591449.4A patent/CN109800579B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227312A (en) * | 2014-07-04 | 2016-01-06 | 上海交通大学深圳研究院 | Intelligent code key password authentification extracting method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109800579A (en) | 2019-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110716895B (en) | Target data archiving method, device, computer equipment and medium | |
| US8108536B1 (en) | Systems and methods for determining the trustworthiness of a server in a streaming environment | |
| CN109831487B (en) | Fragmented file verification method and terminal equipment | |
| US8799662B2 (en) | Method and apparatus for validating the integrity of installer files prior to installation | |
| WO2017041606A1 (en) | Program file check method and apparatus, server, and terminal | |
| WO2017198079A1 (en) | File download method and apparatus, user terminal and machine-readable storage medium | |
| CN109800579B (en) | Software integrity checking method and device and electronic equipment | |
| WO2019201040A1 (en) | File update management method and system and terminal apparatus | |
| CN112035472B (en) | Data processing method, device, computer equipment and storage medium | |
| CN110247897B (en) | System login method, device, gateway and computer readable storage medium | |
| CN111614548A (en) | Message pushing method and device, computer equipment and storage medium | |
| WO2019057023A1 (en) | Data recovery method, sending/receiving apparatus, and computer-readable storage medium | |
| CN112087530A (en) | Method, device, equipment and medium for uploading data to block chain system | |
| CN112131041A (en) | Method, apparatus and computer program product for managing data placement | |
| WO2020233044A1 (en) | Plug-in verification method and device, and server and computer-readable storage medium | |
| CN110674511A (en) | Offline data protection method and system based on elliptic curve encryption algorithm | |
| CN115277678B (en) | File downloading method, device, computer equipment and storage medium | |
| CN116827551A (en) | Method and device for preventing global override | |
| CN110069415B (en) | Software integrity checking and software testing method used in software testing process | |
| CN112866195B (en) | Agile data transmission method and device, computer equipment and storage medium | |
| CN111107143B (en) | Network file transmission detection method, device and system | |
| CN113360914A (en) | BIOS updating method, system, equipment and medium | |
| CN112688905A (en) | Data transmission method, device, client, server and storage medium | |
| CN111526122B (en) | Method, device, equipment and medium for data monitoring | |
| CN111343217B (en) | Resource data downloading method and device, terminal equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |