CN-121997384-A - Integrity protection method, device, equipment and medium for software file

Abstract

The application discloses an integrity protection method, device, equipment and medium for a software file, and relates to the technical field of software integrity protection. The method comprises the steps of carrying out abstract processing on a file associated with the change to obtain a corresponding abstract value when software is subjected to incremental change every time, merging the abstract value into an abstract baseline of the change, signing the abstract value by using a private key and publishing the abstract baseline along with the update package of the change, respectively carrying out signature verification on the abstract baseline based on signature data generated by the incremental change every time when the integrity of the file in the software is required to be verified, determining the current abstract value of the file, traversing the abstract baseline which passes the verification according to any sequence, searching for a target abstract baseline containing an abstract record of the file, comparing the recorded abstract value with the current abstract value, and judging whether the integrity verification is successful or not according to a comparison result. By the technical scheme, the problems of insufficient signature safety, overlarge total signature engineering quantity and the like in the production environment are solved.

Inventors

• CHEN WEIPING
• ZHENG CHENGKUN
• Jiao Henglian
• ZHANG SHULI

Assignees

• 中电科网络安全科技股份有限公司

Dates

Publication Date

20260508

Application Date

20260227

Claims (10)

1. 1. A method for protecting the integrity of a software file, comprising: When software is incrementally changed each time, carrying out abstract processing on the file associated with the change to obtain at least one corresponding abstract value, and merging the abstract value into an abstract baseline of the change; Signing the abstract baseline by using a private key to obtain signature data, and releasing the abstract baseline and the corresponding signature data along with an upgrade package of the current change; when the integrity of a target file in software is required to be verified, respectively carrying out signature verification on the abstract base line based on the signature data generated by the increment change in the past, and determining the current abstract value of the target file; Traversing the verified abstract baselines in any order to find a target abstract baseline containing the abstract records of the target file; and acquiring a record digest value of the target file from the target digest baseline, and comparing the record digest value with the current digest value so as to judge whether the integrity check of the target file is successful or not according to a comparison result.
2. 2. The method for protecting the integrity of a software file according to claim 1, wherein the summarizing the file associated with the current change to obtain at least one summary value includes: Calculating a corresponding first abstract value for each file newly added and/or modified in the current change; and setting the corresponding abstract value as a predefined second abstract value for each file deleted in the current change.
3. 3. The method of claim 1, wherein traversing the verified summary baselines in any order to find a target summary baseline containing a summary record of the target file comprises: Traversing the verified abstract baselines according to any sequence, and judging whether the current abstract baselines contain abstract records of the target files or not; if yes, stopping traversing and determining the current abstract baseline as the target abstract baseline; if not, continuing to traverse the rest abstract baselines until the target abstract baselines containing the abstract records of the target files are found.
4. 4. A method of protecting the integrity of a software file according to claim 3, further comprising: And when all the verified abstract baselines are traversed and the abstract records of the target file are not found, judging that the integrity check of the target file fails.
5. 5. The method according to claim 1, wherein comparing the recorded digest value with the current digest value to determine whether the integrity check of the target file is successful according to the comparison result comprises: comparing the recorded digest value with the current digest value; if the recorded abstract value is equal to the current abstract value, judging that the integrity check of the target file is successful; And if the recorded abstract value is not equal to the current abstract value, judging that the integrity check of the target file fails.
6. 6. The method of integrity protection of a software file according to any one of claims 1 to 5, further comprising: when the number of the related files exceeds a preset threshold value during the current change of the software, triggering an upgrade mode of full coverage installation.
7. 7. The method for protecting the integrity of a software file according to claim 6, wherein the triggering of the upgrade mode of the full-coverage installation comprises: And generating and signing corresponding full digest baselines for the full software files, and deleting all stored historical digest baselines and corresponding signature data when the software is updated and installed.
8. 8. An integrity protection device for a software file, comprising: The change file abstract processing module is used for carrying out abstract processing on the file associated with the change when the software is changed in increment each time so as to obtain at least one corresponding abstract value, and merging the abstract values into an abstract baseline of the change; the signature issuing module is used for signing the abstract baseline by using a private key to obtain signature data, and issuing the abstract baseline and the corresponding signature data along with the upgrade package of the current change; The signature verification module is used for respectively carrying out signature verification on the abstract base line based on the signature data generated by the increment change in the past when the integrity verification of the target file in the software is required; the digest value calculation module is used for determining the current digest value of the target file; the traversal searching module is used for traversing the verified abstract baselines in any order to search a target abstract baseline containing the abstract records of the target file; and the digest value comparison module is used for acquiring the recorded digest value of the target file from the target digest baseline, and comparing the recorded digest value with the current digest value so as to judge whether the integrity check of the target file is successful or not according to a comparison result.
9. 9. An electronic device comprising a processor and a memory, wherein the memory is configured to store a computer program that is loaded and executed by the processor to implement the method of integrity protection of a software file as claimed in any one of claims 1 to 7.
10. 10. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements a method of integrity protection of a software file as claimed in any one of claims 1 to 7.

Description

Integrity protection method, device, equipment and medium for software file Technical Field The present invention relates to the field of software integrity protection technologies, and in particular, to a method, an apparatus, a device, and a medium for protecting the integrity of a software file. Background In order to ensure that software is not tampered after being installed, an integrity protection mode of centralizing summaries of a plurality of files to be protected to form a summary baseline and integrally signing is generally adopted, and the mode can improve operation efficiency and expansibility. However, when the software increment is upgraded, the corresponding file abstract in the abstract baseline needs to be changed, the signature value of the abstract baseline needs to be synchronously updated, and otherwise, the integrity verification cannot be passed. The existing scheme for solving the problem mainly comprises the steps of re-signing (local or remote signature) based on the abstract of the full-volume file after upgrading, newly adding an abstract baseline and signing the change file when the upgrade package is manufactured, and re-generating the abstract baseline and signing the full-volume file when the upgrade package is manufactured, and covering and replacing the original baseline. However, the schemes have the defects that a local signature is easy to cause private key leakage of a production environment, a remote signature faces the problems of transmission information leakage, tampering risks and network dependence, when a file abstract base line is newly added and changed, information such as changing details and sequences lacks integrity protection, safety and usability risks exist, and the whole quantity of re-signatures replace different original versions of software to be adapted, so that engineering quantity and management difficulty are increased. Therefore, how to provide a solution to the above technical problem is a problem that a person skilled in the art needs to solve at present. Disclosure of Invention Accordingly, the present invention is directed to a method, apparatus, device and medium for protecting the integrity of a software file, which can protect the integrity of a part of a changed file without exposing a private signature key and introducing additional management complexity (such as a change order and a timestamp). The specific scheme is as follows: in a first aspect, the application discloses a method for protecting the integrity of a software file, which comprises the following steps: When software is incrementally changed each time, carrying out abstract processing on the file associated with the change to obtain at least one corresponding abstract value, and merging the abstract value into an abstract baseline of the change; Signing the abstract baseline by using a private key to obtain signature data, and releasing the abstract baseline and the corresponding signature data along with an upgrade package of the current change; when the integrity of a target file in software is required to be verified, respectively carrying out signature verification on the abstract base line based on the signature data generated by the increment change in the past, and determining the current abstract value of the target file; Traversing the verified abstract baselines in any order to find a target abstract baseline containing the abstract records of the target file; and acquiring a record digest value of the target file from the target digest baseline, and comparing the record digest value with the current digest value so as to judge whether the integrity check of the target file is successful or not according to a comparison result. Optionally, the summarizing the file associated with the current change to obtain at least one corresponding summary value includes: Calculating a corresponding first abstract value for each file newly added and/or modified in the current change; and setting the corresponding abstract value as a predefined second abstract value for each file deleted in the current change. Optionally, traversing the verified summary baselines in any order to find a target summary baseline containing a summary record of the target file, including: Traversing the verified abstract baselines according to any sequence, and judging whether the current abstract baselines contain abstract records of the target files or not; if yes, stopping traversing and determining the current abstract baseline as the target abstract baseline; if not, continuing to traverse the rest abstract baselines until the target abstract baselines containing the abstract records of the target files are found. Optionally, the method for protecting the integrity of the software file further comprises: And when all the verified abstract baselines are traversed and the abstract records of the target file are not found, judging that the integrity check of the target file fails. Optionally, the