diff --git a/hapsigntool_cpp/api/src/cert_tools.cpp b/hapsigntool_cpp/api/src/cert_tools.cpp index 3dea16131553216fd76c28afb083cc9891faefb4..6d9cf164c22aba97091d2568662682bc9a797af7 100644 --- a/hapsigntool_cpp/api/src/cert_tools.cpp +++ b/hapsigntool_cpp/api/src/cert_tools.cpp @@ -27,8 +27,6 @@ #include "constant.h" #include "cmd_util.h" -#define BASIC_NUMBER_TWO 2 - namespace OHOS { namespace SignatureTools { @@ -106,13 +104,10 @@ static bool UpdateConstraint(Options* options) bool CertTools::SetBisicConstraints(Options* options, X509* cert) { - /*Check here when the parameter is not entered through the command line */ - if (!(options->count(Options::BASIC_CONSTRAINTS) - && (*options)[Options::BASIC_CONSTRAINTS].index() == BASIC_NUMBER_TWO)) { - if (!UpdateConstraint(options)) { - return false; - } + if (!UpdateConstraint(options)) { + return false; } + bool basicCon = options->GetBool(Options::BASIC_CONSTRAINTS); if (basicCon) { bool basicConstraintsCritical = options->GetBool(Options::BASIC_CONSTRAINTS_CRITICAL); diff --git a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp index a717ea098ca441dbbecd58002738639dbe1d8493..e38dff4c1916ba67a50a0dd5d1d27a2985b0c1e1 100644 --- a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp +++ b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp @@ -139,7 +139,7 @@ int SignToolServiceImpl::HandleIssuerKeyAliasEmpty(Options* options) { std::string iksFile = options->GetString(Options::ISSUER_KEY_STORE_FILE); if (!FileUtils::IsEmpty(iksFile) && !options->Equals(Options::KEY_STORE_FILE, Options::ISSUER_KEY_STORE_FILE)) { - PrintErrorNumberMsg("WRITE_FILE_ERROR", IO_ERROR, + PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, "Parameter '" + iksFile + "' and parameter '" + options->GetString(Options::KEY_STORE_FILE) + "' are inconsistent"); return RET_FAILED; @@ -160,7 +160,7 @@ int SignToolServiceImpl::HandleIssuerKeyAliasEmpty(Options* options) } return RET_OK; err: - PrintErrorNumberMsg("WRITE_FILE_ERROR", IO_ERROR, + PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, "Parameter 'keystorePwd' and parameter 'issuerKeystorePwd' are inconsistent"); return RET_FAILED; } @@ -332,7 +332,7 @@ bool SignToolServiceImpl::OutputString(std::string content, std::string file) bool SignToolServiceImpl::X509CertVerify(X509* cert, EVP_PKEY* privateKey) { if (!X509_verify(cert, privateKey)) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "private key verify cert failed!"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Verify certificate failed!"); return false; } return true; @@ -602,7 +602,6 @@ int SignToolServiceImpl::GetProvisionContent(const std::string& input, std::stri } nlohmann::json obj = nlohmann::json::parse(bytes); if (obj.is_discarded() || (!obj.is_structured())) { - SIGNATURE_TOOLS_LOGE("Parsing appProvision failed!"); PrintErrorNumberMsg("PARSE ERROR", PARSE_ERROR, "Parsing appProvision failed!"); return PARSE_ERROR; } @@ -689,7 +688,7 @@ bool SignToolServiceImpl::VerifyHapSigner(Options* option) PrintMsg("bin verify successed!"); return true; } else { - PrintErrorNumberMsg("NOT_SUPPORT_ERROR", NOT_SUPPORT_ERROR, "This requirement was not implemented !"); + PrintErrorNumberMsg("NOT_SUPPORT_ERROR", NOT_SUPPORT_ERROR, "Unsupported inForm!"); return false; } } diff --git a/hapsigntool_cpp/cmd/src/cmd_util.cpp b/hapsigntool_cpp/cmd/src/cmd_util.cpp index 627fb3a877508d18a886d8146d0352a2ba980ce2..6aaf81a8e4119b5e33c1c6b849723b89e98a8cd6 100644 --- a/hapsigntool_cpp/cmd/src/cmd_util.cpp +++ b/hapsigntool_cpp/cmd/src/cmd_util.cpp @@ -55,7 +55,7 @@ static bool UpdateParamForVariantCertInt(const ParamsSharedPtr& param) } if (!StringUtils::CheckStringToint(val, validity)) { PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, "Invalid parameter '" - + val + "', You should fill in the numbers"); + + val + "'"); return false; } validity *= ONE_DAY_TIME; @@ -129,30 +129,6 @@ static bool UpdateParamForVariantBoolKeyUsage(const ParamsSharedPtr& param) return true; } -static bool UpdateParamForVariantBoolConstraints(const ParamsSharedPtr& param) -{ - Options* options = param->GetOptions(); - - //The bool type is used only by the "generate-cert" module - if (options->count(Options::BASIC_CONSTRAINTS)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS)) { - return false; - } - } else if (param->GetMethod() == GENERATE_CERT) { - (*options)[Options::BASIC_CONSTRAINTS] = DEFAULT_BASIC_CONSTRAINTS; - } - - //The bool type is used only by the "generate-cert" module - if (options->count(Options::BASIC_CONSTRAINTS_CRITICAL)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { - return false; - } - } else if (param->GetMethod() == GENERATE_CERT) { - (*options)[Options::BASIC_CONSTRAINTS_CRITICAL] = DEFAULT_BASIC_CONSTRAINTS_CRITICAL; - } - return true; -} - static bool UpdateParamForVariantBoolProfileSigned(const ParamsSharedPtr& param) { Options* options = param->GetOptions(); @@ -173,14 +149,6 @@ static bool UpdateParamForVariantBoolProfileSigned(const ParamsSharedPtr& param) (*options)[Options::PROFILE_SIGNED] = DEFAULT_PROFILE_SIGNED_1; } - //The bool type is used only by the "generate-cert" module - if (options->count(Options::BASIC_CONSTRAINTS_CA)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { - return false; - } - } else if (param->GetMethod() == GENERATE_CERT) { - (*options)[Options::BASIC_CONSTRAINTS_CA] = DEFAULT_BASIC_CONSTRAINTS_CA; - } return true; } @@ -194,8 +162,9 @@ bool CmdUtil::UpdateParamForCheckOutFile(Options* options, const std::initialize //Purpose: To prevent the user output path from passing an empty string. eg " " std::string tmpOutFilePath = outFilePath; - tmpOutFilePath.erase(std::remove_if(tmpOutFilePath.begin(), tmpOutFilePath.end(), ::isspace), - tmpOutFilePath.end()); + tmpOutFilePath.erase(std::remove_if(tmpOutFilePath.begin(), + tmpOutFilePath.end(), ::isspace), tmpOutFilePath.end()); + if (parentPath.empty() && !tmpOutFilePath.empty()) { parentPath = "./"; } @@ -338,9 +307,6 @@ static bool UpdateParam(const ParamsSharedPtr& param) if (!UpdateParamForVariantBoolKeyUsage(param)) { return false; } - if (!UpdateParamForVariantBoolConstraints(param)) { - return false; - } if (!UpdateParamForVariantBoolProfileSigned(param)) { return false; } @@ -409,7 +375,7 @@ bool CmdUtil::Convert2Params(char** args, const size_t size, const ParamsSharedP } if (!readKey) { PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, - "The last command-line parameters, value, cannot be omitted"); + "The last value of parameter cannot be omitted"); return false; } if (!UpdateParam(param)) { diff --git a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp index 1099a5af295ae099931c04cd1faa8f05ac72b597..949fa8f15b2cbe7f60e1efe6a9c846772400ea00 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp @@ -78,9 +78,8 @@ void CodeSignBlockHeader::ToByteArray(std::vector& ret) CodeSignBlockHeader* CodeSignBlockHeader::FromByteArray(const std::vector& bytes) { if (bytes.size() != Size()) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package in CodeSignBlockHeader is different in size from the \ - standard header size."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The size of code signature block is incorrect."); return nullptr; } ByteBuffer bf(bytes.size()); @@ -89,15 +88,15 @@ CodeSignBlockHeader* CodeSignBlockHeader::FromByteArray(const std::vector(FLAG_MERKLE_TREE_INLINED + FLAG_NATIVE_LIB_INCLUDED)) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package has the wrong flag in the CodeSignBlockHeader."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The flag in the code signature block header is incorrect."); return nullptr; } std::vector inReserved(RESERVED_BYTE_ARRAY_LENGTH); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp b/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp index e9508345ae05292e113812e84f2ea6914da53c31..17f2308cf15e108791a5f48f4f0418abedeca2e2 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp @@ -83,8 +83,8 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi int32_t inTreeType = 0; bf->GetInt32(inTreeType); if (MERKLE_TREE_INLINED != inTreeType) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong merkle tree type in the ElfSignBlock"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The merkle tree type of elf signature block is incorrect"); return false; } int32_t inTreeLength = 0; @@ -94,8 +94,8 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi int32_t inFsdType = 0; bf->GetInt32(inFsdType); if (FsVerityDescriptor::FS_VERITY_DESCRIPTOR_TYPE != inFsdType) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong fs-verify descriptor type in the ElfSignBlock"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The FS descriptor type of elf signature block is incorrect"); return false; } int32_t inFsdLength = 0; @@ -103,16 +103,16 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi bf->GetInt32(inFsdLength); if (bytes.size() != FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inTreeLength + FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inFsdLength) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong signature length in the ElfSignBlock"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The signature length of the elf signature block is incorrect"); return false; } std::vector fsdArray(FsVerityDescriptor::DESCRIPTOR_SIZE); bf->GetByte(fsdArray.data(), fsdArray.size()); FsVerityDescriptor fsd = FsVerityDescriptor::FromByteArray(fsdArray); if (inFsdLength != fsd.GetSignSize() + FsVerityDescriptor::DESCRIPTOR_SIZE) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong signed size in the ElfSignBlock"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The signed size of the elf signature block is incorrect"); return false; } std::vector inSignature(inFsdLength - FsVerityDescriptor::DESCRIPTOR_SIZE); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp index 5247adea9290adb9488fee48190d4b45339715f7..cb29cc692afa0c160eff09033f1dbd998a0b85c8 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp @@ -65,8 +65,8 @@ void FsVerityInfoSegment::ToByteArray(std::vector& ret) FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector& bytes) { if (bytes.size() != FS_VERITY_INFO_SEGMENT_SIZE) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong signed size in the FsVerityInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The signed size of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } @@ -76,32 +76,32 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector int inMagic; bf.GetInt32(inMagic); if (inMagic != MAGIC) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong magic number in the FsVerityInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The magic number of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } int8_t inVersion; bf.GetInt8(inVersion); if (inVersion != FsVerityDescriptor::VERSION) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong version in the FsVerityInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The version of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } int8_t inHashAlgorithm; bf.GetInt8(inHashAlgorithm); if (inHashAlgorithm != FsVerityGenerator::GetFsVerityHashAlgorithm()) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong hashAlgorithm in the FsVerityInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The hash algorithm of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } int8_t inLog2BlockSize; bf.GetInt8(inLog2BlockSize); if (inLog2BlockSize != FsVerityGenerator::GetLog2BlockSize()) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong log2BlockSize in the FsVerityInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The log block size of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp index 1c27a48eb417929d9b08b8e8d35acfb566d0b432..9618e0f9383d480862b2bbd04fae49e22983c5bf 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp @@ -65,26 +65,26 @@ HapInfoSegment HapInfoSegment::FromByteArray(std::vector& bytes) int32_t inMagic = 0; bf->GetInt32(inMagic); if (inMagic != HapInfoSegment::MAGIC_NUM) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong magic number in the HapInfoSegment."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The magic number of HapInfoSegment is incorrect."); return HapInfoSegment(); } if (bytes.size() <= HapInfoSegment::MAGIC_NUM_BYTES) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong bytes size in the HapInfoSegment."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The bytes size of HapInfoSegment is incorrect."); return HapInfoSegment(); } std::vector hapSignInfoByteArray(bytes.size() - HapInfoSegment::MAGIC_NUM_BYTES); bf->GetByte(hapSignInfoByteArray.data(), hapSignInfoByteArray.size()); SignInfo inHapSignInfo = SignInfo::FromByteArray(hapSignInfoByteArray); if (inHapSignInfo.GetDataSize() % HapInfoSegment::CHUNK_SIZE != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "Invalid dataSize, the dataSize is not an integer multiple of 4096."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "Invalid dataSize, the dataSize must be an integer multiple of 4096."); return HapInfoSegment(); } if (inHapSignInfo.GetExtensionNum() != SignInfo::MAX_EXTENSION_NUM) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong extensionNum in the HapInfoSegment."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The extension number of HapInfoSegment is incorrect."); return HapInfoSegment(); } return HapInfoSegment(inMagic, inHapSignInfo); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp index 1966eb7558c762033c7d062b53f3d7b891aab784..e383af05d6b778b9c8e08281099eb237c13e1f68 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp @@ -77,15 +77,15 @@ MerkleTreeExtension* MerkleTreeExtension::FromByteArray(std::vector& byt int64_t inMerkleTreeSize = 0; bf->GetInt64(inMerkleTreeSize); if (inMerkleTreeSize % PAGE_SIZE_4K != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package's merkletree size is not an integer multiple of 4096"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The merkletree size must be an integer multiple of 4096"); return nullptr; } int64_t inMerkleTreeOffset = 0; bf->GetInt64(inMerkleTreeOffset); if (inMerkleTreeOffset % PAGE_SIZE_4K != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package's merkletree offset is not an integer multiple of 4096"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The merkletree offset must be an integer multiple of 4096"); return nullptr; } std::vector inRootHash(ROOT_HASH_SIZE); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp index 34a65e61ab129f8bde807e8d7c08ffe80f799f3d..79ba1d9549c1930ec8fadcc84161b1b47d0663b0 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp @@ -142,8 +142,8 @@ NativeLibInfoSegment NativeLibInfoSegment::FromByteArray(std::vector &by std::vector inSignInfoList; for (SignedFilePos &pos : inSignedFilePosList) { if (pos.GetSignInfoOffset() % ALIGNMENT_FOR_SIGNINFO != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The native lib's sign info offset is not an integer multiple of 4"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The offset of signature information must be an integer multiple of 4"); return NativeLibInfoSegment(); } std::vector signInfoBuffer(pos.GetSignInfoSize()); @@ -160,20 +160,20 @@ bool NativeLibInfoSegment::CheckBuffer(ByteBuffer* bf, int32_t& inMagic, int32_t { bf->GetInt32(inMagic); if (inMagic != MAGIC_NUM) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong magic number in the NativeLibInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The magic number of NativeLibInfoSegment is incorrect."); return false; } bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong segmentSize in the NativeLibInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The segment size of NativeLibInfoSegment is incorrect."); return false; } bf->GetInt32(inSectionNum); if (inSectionNum < 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong sectionNum in the NativeLibInfoSegment"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The section number of NativeLibInfoSegment is incorrect."); return false; } return true; diff --git a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp index 6684bf471011b5af64b5344a6dc456a0d39e0a7e..9bb0e855c04f8d91503eb453d6f171998f5ddd38 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp @@ -68,7 +68,7 @@ void SegmentHeader::ToByteArray(std::vector &ret) std::unique_ptr SegmentHeader::FromByteArray(std::vector bytes) { if (bytes.size() != SEGMENT_HEADER_LENGTH) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "The signed package has the wrong flag in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The flag of SegmentHeader is incorrect."); return std::unique_ptr(); } std::unique_ptr bf = std::make_unique(ByteBuffer(SEGMENT_HEADER_LENGTH)); @@ -78,7 +78,7 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector bf->GetInt32(inType); if ((inType != CSB_FSVERITY_INFO_SEG) && (inType != CSB_HAP_META_SEG) && (inType != CSB_NATIVE_LIB_INFO_SEG)) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "The signed package has the wrong type in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The type of SegmentHeader is incorrect."); return std::unique_ptr(); } int32_t inSegmentOffset = 0; @@ -87,8 +87,8 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector int32_t inSegmentSize = 0; bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package has the wrong segmentsize in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The segment size of SegmentHeader is incorrect."); return std::unique_ptr(); } return std::make_unique(inType, inSegmentOffset, inSegmentSize); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp index 15b3a94a2c262fc77a338ff38fa310c5ca1dadcc..d99b04bde6b71cc496c8b420c412dd53b8a125d4 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp @@ -200,15 +200,15 @@ std::vector SignInfo::ParseMerkleTreeExtension(ByteBuffer* int32_t extensionType = 0; bf->GetInt32(extensionType); if (extensionType != MerkleTreeExtension::MERKLE_TREE_INLINED) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package has the wrong extensionType in the SignInfo"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The extension type of SignInfo is incorrect."); return inExtensionList; } int32_t extensionSize = 0; bf->GetInt32(extensionSize); if (extensionSize != MerkleTreeExtension::MERKLE_TREE_EXTENSION_DATA_SIZE) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package has the wrong extensionSize in the SignInfo"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The extension size of SignInfo is incorrect."); return inExtensionList; } std::vector merkleTreeExtension(MerkleTreeExtension::MERKLE_TREE_EXTENSION_DATA_SIZE, 0); diff --git a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp index e1240d300cef4ba2d3cc16d7c30b4b46a1caa239..bb963fa70bc22fae9fb1607a6465721fbf5bbe7e 100644 --- a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp +++ b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp @@ -30,8 +30,8 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) int8_t inFsVersion; bf->GetInt8(inFsVersion); if (FsVerityDescriptor::VERSION != inFsVersion) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong fs-verify descriptor version in the ElfSignBlock"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The FS descriptor version of FsVerityDescriptor is incorrect"); return builder->Build(); } int8_t inFsHashAlgorithm; @@ -58,8 +58,8 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) int64_t inTreeOffset; bf->GetInt64(inTreeOffset); if (inTreeOffset % PAGE_SIZE_4K != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed data has the wrong merkle tree offset in the ElfSignBlock"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The offset of merkle tree of FsVerityDescriptor is incorrect"); return builder->Build(); } int8_t reserve[FsVerityDescriptor::RESERVED_SIZE_AFTER_TREE_OFFSET]; diff --git a/hapsigntool_cpp/codesigning/sign/include/code_signing.h b/hapsigntool_cpp/codesigning/sign/include/code_signing.h index 0fdfb324e477417046a9d2dcd9c960eed9c454aa..9cf04dd8042741f7132a87a944f415bcb2f88dc7 100644 --- a/hapsigntool_cpp/codesigning/sign/include/code_signing.h +++ b/hapsigntool_cpp/codesigning/sign/include/code_signing.h @@ -18,8 +18,10 @@ #include #include #include +#include #include "securec.h" +#include "thread_pool.h" #include "hap_utils.h" #include "zip_signer.h" #include "file_utils.h" @@ -55,27 +57,36 @@ public: std::vector &codesignData); public: - const std::string NATIVE_LIB_AN_SUFFIX = ".an"; - const std::string NATIVE_LIB_SO_SUFFIX = ".so"; static bool IsNativeFile(const std::string& input); uint32_t ComputeDataSize(ZipSigner& zip); int64_t GetTimestamp(); bool SignNativeLibs(const std::string &input, std::string &ownerID); void UpdateCodeSignBlock(); bool GetNativeEntriesFromHap(const std::string& packageName, UnzipHandleParam& param); + bool GetSingleFileStreamFromZip(unzFile& zFile, char fileName[], + unz_file_info& zFileInfo, + int& readFileSize, std::stringbuf& sb); + bool RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index); bool GenerateSignature(const std::vector& signedData, const std::string&, std::vector&); int64_t m_timestamp = 0; std::vector m_extractedNativeLibSuffixs; SignerConfig* m_signConfig; CodeSignBlock m_codeSignBlock; + std::mutex m_mutex; private: static bool CheckUnzParam(unzFile& zFile, unz_file_info& zFileInfo, char fileName[], size_t* nameLen); static bool CheckFileName(unzFile& zFile, char fileName[], size_t* nameLen); - bool HandleZipGlobalInfo(unzFile& zFile, unz_global_info& zGlobalInfo, UnzipHandleParam& param); + bool HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, + unz_global_info& zGlobalInfo, UnzipHandleParam& param); + bool DoNativeLibVerify(std::string fileName, std::stringbuf& sb, + UnzipHandleParam& param, int readFileSize); bool DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& sb, UnzipHandleParam& param, int readFileSize); + static constexpr int MAX_PROCESSORS = 32; + const int POOL_SIZE = std::min(MAX_PROCESSORS, static_cast(std::thread::hardware_concurrency())); + std::shared_ptr mPools; }; } // namespace SignatureTools } // namespace OHOS diff --git a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp index 82b0682d95d24a9eb634979a1501fb0f116bdb49..646e0d0bd5fb9c51172c784afaf2088adb5903ff 100644 --- a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp @@ -34,12 +34,12 @@ const FsVerityHashAlgorithm FS_SHA256(1, "SHA-256", 256 / 8); const FsVerityHashAlgorithm FS_SHA512(2, "SHA-512", 512 / 8); const int8_t LOG_2_OF_FSVERITY_HASH_PAGE_SIZE = 12; -CodeSigning::CodeSigning(SignerConfig* signConfig) +CodeSigning::CodeSigning(SignerConfig* signConfig) : mPools(new Uscript::ThreadPool(POOL_SIZE)) { m_signConfig = signConfig; } -CodeSigning::CodeSigning() +CodeSigning::CodeSigning() : mPools(new Uscript::ThreadPool(POOL_SIZE)) { } @@ -114,7 +114,7 @@ uint32_t CodeSigning::ComputeDataSize(ZipSigner& zip) } if ((dataSize % CodeSignBlock::PAGE_SIZE_4K) != 0) { PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "Invalid dataSize, the dataSize is not an integer multiple of 4096"); + "Invalid dataSize, the dataSize must be an integer multiple of 4096"); return -1; } return dataSize; @@ -212,10 +212,6 @@ bool CodeSigning::GetElfCodeSignBlock(const std::string &input, int64_t offset, bool CodeSigning::SignNativeLibs(const std::string &input, std::string &ownerID) { - // 'an' libs are always signed - m_extractedNativeLibSuffixs.push_back(NATIVE_LIB_AN_SUFFIX); - // 'so' libs are always signed - m_extractedNativeLibSuffixs.push_back(NATIVE_LIB_SO_SUFFIX); // sign native files std::vector> ret; UnzipHandleParam param(ret, ownerID, true); @@ -261,117 +257,186 @@ bool CodeSigning::GetNativeEntriesFromHap(const std::string& packageName, UnzipH return false; } // search each file - bool handleFlag = HandleZipGlobalInfo(zFile, zGlobalInfo, param); + bool handleFlag = HandleZipGlobalInfo(packageName, zFile, zGlobalInfo, param); if (!handleFlag) { unzClose(zFile); return false; } - unzCloseCurrentFile(zFile); - unzGoToNextFile(zFile); + unzClose(zFile); return true; } -bool CodeSigning::HandleZipGlobalInfo(unzFile& zFile, unz_global_info& zGlobalInfo, - UnzipHandleParam& param) +bool CodeSigning::GetSingleFileStreamFromZip(unzFile &zFile, char fileName[], + unz_file_info &zFileInfo, + int &readFileSize, std::stringbuf &sb) { char szReadBuffer[BUFFER_SIZE] = { 0 }; + if (memset_s(fileName, FILE_NAME_SIZE, 0, FILE_NAME_SIZE) != 0) { + unzClose(zFile); + return false; + } + size_t nameLen = 0; + if (!CheckUnzParam(zFile, zFileInfo, fileName, &nameLen)) { + unzClose(zFile); + return false; + } + if (!CheckFileName(zFile, fileName, &nameLen)) { + unzClose(zFile); + return false; + } + long fileLength = zFileInfo.uncompressed_size; + int nReadFileSize; + do { + nReadFileSize = 0; + if (memset_s(szReadBuffer, BUFFER_SIZE, 0, BUFFER_SIZE) != EOK) { + SIGNATURE_TOOLS_LOGE("memset_s failed"); + unzClose(zFile); + return false; + } + nReadFileSize = unzReadCurrentFile(zFile, szReadBuffer, BUFFER_SIZE); + if (nReadFileSize > 0) { + sb.sputn(szReadBuffer, nReadFileSize); + } + fileLength -= nReadFileSize; + readFileSize += nReadFileSize; + } while (fileLength > 0 && nReadFileSize > 0); + if (fileLength) { + PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib read stream from " + + std::string(fileName) + " failed."); + unzClose(zFile); + return false; + } + + unzCloseCurrentFile(zFile); + unzClose(zFile); + return true; +} + +bool CodeSigning::RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index) +{ + unzFile zFile = unzOpen(packageName.c_str()); + if (zFile == NULL) { + PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "zlib open file: " + packageName + " failed."); + return false; + } + // get zipFile all paramets + unz_global_info zGlobalInfo; + int getRet = unzGetGlobalInfo(zFile, &zGlobalInfo); + if (getRet != UNZ_OK) { + PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib get global info failed."); + unzClose(zFile); + return false; + } + + for (uLong i = 0; i < index; ++i) { + int ret = unzGoToNextFile(zFile); + if (ret != UNZ_OK) { + unzClose(zFile); + return false; + } + } + unz_file_info zFileInfo; char fileName[FILE_NAME_SIZE]; - char fileNameZeroBuf[FILE_NAME_SIZE] = { 0 }; + int readFileSize = 0; + std::stringbuf sb; + bool flag = GetSingleFileStreamFromZip(zFile, fileName, zFileInfo, readFileSize, sb); + if (!flag) { + return false; + } + bool handleFlag = DoNativeLibSignOrVerify(std::string(fileName), sb, param, readFileSize); + if (!handleFlag) { + SIGNATURE_TOOLS_LOGE("%s native libs handle failed", fileName); + unzClose(zFile); + return false; + } + + return true; +} + +bool CodeSigning::HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, + unz_global_info& zGlobalInfo, UnzipHandleParam& param) +{ + std::vector> thread_results; SIGNATURE_TOOLS_LOGI("zGlobalInfo.number_entry = %lu", zGlobalInfo.number_entry); for (uLong i = 0; i < zGlobalInfo.number_entry; ++i) { - if (memcpy_s(fileName, FILE_NAME_SIZE, fileNameZeroBuf, FILE_NAME_SIZE) != 0) - return false; - size_t nameLen = 0; - if (!CheckUnzParam(zFile, zFileInfo, fileName, &nameLen)) { - return false; - } - if (!CheckFileName(zFile, fileName, &nameLen)) { + thread_results.push_back(mPools->Enqueue(&CodeSigning::RunParseZipInfo, this, + std::ref(packageName), std::ref(param), i)); + } + + bool result = true; + for (auto& thread_result : thread_results) { + if (!thread_result.get()) + result = false; + } + if (!result) { + return false; + } + return true; +} + +bool CodeSigning::DoNativeLibVerify(std::string fileName, std::stringbuf& sb, + UnzipHandleParam& param, int readFileSize) +{ + std::istream input(&sb); + CodeSignBlock csb = param.GetCodeSignBlock(); + std::vector& fileNames = csb.GetSoInfoSegment().GetFileNameList(); + bool isContainFileName = std::find(fileNames.begin(), fileNames.end(), fileName) != fileNames.end(); + if (!isContainFileName) { + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "verify signed file position failed, file: " + fileName); + return false; + } + for (int j = 0; j < csb.GetSoInfoSegment().GetSectionNum(); j++) { + SignInfo signInfo = csb.GetSoInfoSegment().GetSignInfoList()[j]; + std::string entryName = csb.GetSoInfoSegment().GetFileNameList()[j]; + std::vector entrySig = signInfo.GetSignature(); + std::string entrySigStr(entrySig.begin(), entrySig.end()); + if (fileName != entryName) { continue; } - long fileLength = zFileInfo.uncompressed_size; - int readFileSize = 0; - int nReadFileSize; - std::stringbuf sb; - do { - nReadFileSize = 0; - if (memset_s(szReadBuffer, BUFFER_SIZE, 0, BUFFER_SIZE) != EOK) { - SIGNATURE_TOOLS_LOGE("memset_s failed"); - } - nReadFileSize = unzReadCurrentFile(zFile, szReadBuffer, BUFFER_SIZE); - if (nReadFileSize > 0) { - sb.sputn(szReadBuffer, nReadFileSize); - } - fileLength -= nReadFileSize; - readFileSize += nReadFileSize; - } while (fileLength > 0 && nReadFileSize > 0); - if (fileLength) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib read stream from " - + std::string(fileName) + " failed."); - unzCloseCurrentFile(zFile); - unzGoToNextFile(zFile); + if (readFileSize != signInfo.GetDataSize()) { + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Invalid dataSize of native lib"); return false; } - bool handleFlag = DoNativeLibSignOrVerify(std::string(fileName), sb, param, readFileSize); - if (!handleFlag) { - SIGNATURE_TOOLS_LOGE("%s native libs handle failed", fileName); + bool verifyFlag = VerifyCodeSignature::VerifySingleFile(input, readFileSize, entrySig, 0, + std::vector()); + if (!verifyFlag) { + return false; + } + std::ifstream* inputFile = (std::ifstream*)(&input); + inputFile->close(); + std::pair pairResult = param.GetPairResult(); + bool checkOwnerIDFlag = CmsUtils::CheckOwnerID(entrySigStr, pairResult.first, pairResult.second); + if (!checkOwnerIDFlag) { return false; } - unzCloseCurrentFile(zFile); - unzGoToNextFile(zFile); } return true; } bool CodeSigning::DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& sb, - UnzipHandleParam& param, int readFileSize) + UnzipHandleParam& param, int readFileSize) { - std::istream input(&sb); bool isSign = param.IsSign(); if (isSign) { + std::istream input(&sb); std::string ownerID = param.GetOwnerID(); std::pair> pairSignInfoAndMerkleTreeBytes; bool signFileFlag = SignFile(input, readFileSize, false, 0, ownerID, pairSignInfoAndMerkleTreeBytes); if (!signFileFlag) { return false; } - std::vector>& ret = param.GetRet(); + m_mutex.lock(); + std::vector> &ret = param.GetRet(); ret.push_back(std::make_pair(fileName, pairSignInfoAndMerkleTreeBytes.first)); + m_mutex.unlock(); } else { - CodeSignBlock csb = param.GetCodeSignBlock(); - std::vector& fileNames = csb.GetSoInfoSegment().GetFileNameList(); - bool isContainFileName = std::find(fileNames.begin(), fileNames.end(), fileName) != fileNames.end(); - if (!isContainFileName) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "verify signed file position failed, file: " + fileName); + bool flag = DoNativeLibVerify(fileName, sb, param, readFileSize); + if (!flag) { return false; } - for (int j = 0; j < csb.GetSoInfoSegment().GetSectionNum(); j++) { - SignInfo signInfo = csb.GetSoInfoSegment().GetSignInfoList()[j]; - std::string entryName = csb.GetSoInfoSegment().GetFileNameList()[j]; - std::vector entrySig = signInfo.GetSignature(); - std::string entrySigStr(entrySig.begin(), entrySig.end()); - if (fileName != entryName) { - continue; - } - if (readFileSize != signInfo.GetDataSize()) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Invalid dataSize of native lib"); - return false; - } - bool verifyFlag = VerifyCodeSignature::VerifySingleFile(input, readFileSize, entrySig, 0, - std::vector()); - if (!verifyFlag) { - return false; - } - std::ifstream* inputFile = (std::ifstream*)(&input); - inputFile->close(); - std::pair pairResult = param.GetPairResult(); - bool checkOwnerIDFlag = CmsUtils::CheckOwnerID(entrySigStr, pairResult.first, pairResult.second); - if (!checkOwnerIDFlag) { - return false; - } - } } return true; } diff --git a/hapsigntool_cpp/common/include/byte_buffer.h b/hapsigntool_cpp/common/include/byte_buffer.h index c33734253a76e8fceae06a20edd7bc5a7a079031..2af571dba4782e78699bc447104bb8b5227c75bc 100644 --- a/hapsigntool_cpp/common/include/byte_buffer.h +++ b/hapsigntool_cpp/common/include/byte_buffer.h @@ -91,7 +91,6 @@ public: DLL_EXPORT void PutData(int32_t offset, const char data[], int32_t len, int32_t type); DLL_EXPORT void PutByte(char value); DLL_EXPORT void Put(const ByteBuffer& byteBuffer); - DLL_EXPORT std::string GetData(int32_t len); DLL_EXPORT void GetData(char data[], uint32_t len); DLL_EXPORT void GetData(int32_t offset, int8_t data[], uint32_t len); DLL_EXPORT void GetByte(int8_t data[], int32_t len); diff --git a/hapsigntool_cpp/common/src/byte_buffer.cpp b/hapsigntool_cpp/common/src/byte_buffer.cpp index 7e66336728a6c3019b303c28be5491287eeb34b9..6525c634d35647a733cb8e31ff53ce15a3b0013e 100644 --- a/hapsigntool_cpp/common/src/byte_buffer.cpp +++ b/hapsigntool_cpp/common/src/byte_buffer.cpp @@ -471,15 +471,6 @@ void ByteBuffer::GetByte(int8_t data[], int32_t len) } } -std::string ByteBuffer::GetData(int32_t len) -{ - std::unique_ptr pData = std::make_unique(len); - if (0 == memcpy_s(pData.get(), len, buffer.get() + position, len)) { - position = position + len; - } - return std::string(pData.get()); -} - void ByteBuffer::GetData(char data[], uint32_t len) { if (0 == memcpy_s(data, len, buffer.get() + position, len)) { diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index db812a4914d3c83dbed0824c05279d7ad90f73bf..55b70eccd65a5a59e87dd021058258b305334de3 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -66,28 +66,28 @@ bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* c bool ret = true; if (inputCert == nullptr || certInProfile == nullptr) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, param error"); + "The certificate is empty"); return false; } X509_NAME* subject1 = X509_get_subject_name(inputCert); X509_NAME* subject2 = X509_get_subject_name(certInProfile); if (X509_NAME_cmp(subject1, subject2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, subject name is not compare"); + "The subject does not match!"); return false; } X509_NAME* issuer1 = X509_get_issuer_name(inputCert); X509_NAME* issuer2 = X509_get_issuer_name(certInProfile); if (X509_NAME_cmp(issuer1, issuer2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, issuer name is not compare"); + "The issuer name does not match!"); return false; } ASN1_INTEGER* serial1 = X509_get_serialNumber(inputCert); ASN1_INTEGER* serial2 = X509_get_serialNumber(certInProfile); if (ASN1_INTEGER_cmp(serial1, serial2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, serial Number is not compare"); + "serial number does not match!"); return false; } EVP_PKEY* pkey1 = X509_get_pubkey(inputCert); @@ -96,12 +96,12 @@ bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* c EVP_PKEY_free(pkey1); EVP_PKEY_free(pkey2); PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, pubkey is not compare"); + "The public key does not match!"); return false; } if (!pkey1 || !pkey2) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed,have key is null"); + "The public key is null!"); ret = false; } if (pkey1) EVP_PKEY_free(pkey1); diff --git a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp index ef3859f85c1b8425ab18e06d8353aa94c9f7f715..b7043c40827a199d5a68a893a41f57fe7d33b5c8 100644 --- a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp +++ b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp @@ -19,7 +19,6 @@ #include #include "securec.h" -#include "profile_verify_utils.h" #include "hap_signer_block_utils.h" #include "signature_info.h" #include "options.h" @@ -298,7 +297,6 @@ int VerifyHap::GetProfileContent(const std::string profile, std::string& ret) } PKCS7Data p7Data; if (p7Data.Parse(profile) < 0) { - PrintErrorNumberMsg("PKCS7_PARSE_ERROR", PARSE_ERROR, "Parse profile failed"); ret = profile; return -1; } diff --git a/hapsigntool_cpp/profile/include/pkcs7_data.h b/hapsigntool_cpp/profile/include/pkcs7_data.h index 43eda51ab6c1e6788a859c530d6269e7a01b6b32..f0c66bb3eb67ab055fe6a939fca78538f2b6e46c 100644 --- a/hapsigntool_cpp/profile/include/pkcs7_data.h +++ b/hapsigntool_cpp/profile/include/pkcs7_data.h @@ -46,6 +46,15 @@ struct std::equal_to { } }; +/* all cert is put into one bottle */ +template<> +struct std::hash { + size_t operator()(const X509* cert)const + { + return 0; + } +}; + namespace OHOS { namespace SignatureTools { #define PKCS7_NODETACHED_FLAGS (PKCS7_BINARY | PKCS7_NOVERIFY) diff --git a/hapsigntool_cpp/profile/include/profile_verify_utils.h b/hapsigntool_cpp/profile/include/profile_verify_utils.h deleted file mode 100644 index 1eef463e03c2283d7f4c30f29aa14230b62e1af4..0000000000000000000000000000000000000000 --- a/hapsigntool_cpp/profile/include/profile_verify_utils.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef SIGNATRUETOOLS_PROFILE_VERIFY_UTILS_H -#define SIGNATRUETOOLS_PROFILE_VERIFY_UTILS_H - -#include - -#include "export_define.h" -#include "byte_buffer.h" -#include "pkcs7_context.h" - -namespace OHOS { -namespace SignatureTools { -class ProfileVerifyUtils { -public: - DLL_EXPORT static bool ParseProfile(Pkcs7Context& profilePkcs7Context, - const Pkcs7Context& pkcs7Context, - const ByteBuffer& pkcs7ProfileBlock, - std::string& profile); - DLL_EXPORT static bool VerifyProfile(Pkcs7Context& pkcs7Context); -}; -} // namespace SignatureTools -} // namespace OHOS -#endif // SIGNATRUETOOLS_PROFILE_VERIFY_UTILS_H diff --git a/hapsigntool_cpp/profile/signature_tools_profile.gni b/hapsigntool_cpp/profile/signature_tools_profile.gni index 63fa958314a543efd2d432eb961d2f5821eac9e0..c1ae4f8006250a92a3f2870de431d2fb2ee2ceec 100644 --- a/hapsigntool_cpp/profile/signature_tools_profile.gni +++ b/hapsigntool_cpp/profile/signature_tools_profile.gni @@ -19,5 +19,4 @@ signature_tools_profile_src = [ "${signature_tools_profile}/src/profile_verify.cpp", "${signature_tools_profile}/src/pkcs7_data.cpp", "${signature_tools_profile}/src/profile_sign_tool.cpp", - "${signature_tools_profile}/src/profile_verify_utils.cpp", ] diff --git a/hapsigntool_cpp/profile/src/profile_verify.cpp b/hapsigntool_cpp/profile/src/profile_verify.cpp index 4abe9bd634c6f65d0c7f971d48d739ffa64a633d..241b2efa65384619fde84f85ab66b4fc2bd3a9c3 100644 --- a/hapsigntool_cpp/profile/src/profile_verify.cpp +++ b/hapsigntool_cpp/profile/src/profile_verify.cpp @@ -17,6 +17,7 @@ #include "nlohmann/json.hpp" #include "signature_tools_log.h" +#include "signature_tools_errno.h" #include "profile_verify.h" using namespace std; @@ -216,7 +217,7 @@ void from_json(const json& obj, ProfileInfo& out) AppProvisionVerifyResult ReturnIfStringIsEmpty(const std::string& str, const std::string& errMsg) { if (str.empty()) { - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, errMsg); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, errMsg); return PROVISION_INVALID; } return PROVISION_OK; @@ -225,7 +226,7 @@ AppProvisionVerifyResult ReturnIfStringIsEmpty(const std::string& str, const std AppProvisionVerifyResult ReturnIfIntIsNonPositive(int num, const std::string& errMsg) { if (num <= 0) { - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, errMsg); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, errMsg); return PROVISION_INVALID; } return PROVISION_OK; @@ -248,7 +249,8 @@ static AppProvisionVerifyResult CheckProfileValidType(ProfileInfo& info) return PROVISION_INVALID; } } else { - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, "Require build type must be debug or release"); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, + "The type field in the profile file is incorrect"); return PROVISION_INVALID; } return PROVISION_OK; @@ -281,7 +283,7 @@ AppProvisionVerifyResult ParseProfile(const std::string& appProvision, ProfileIn json obj = json::parse(appProvision, nullptr, false); if (obj.is_discarded() || (!obj.is_structured())) { std::string errStr = "invalid json object, parse provision failed, json: " + appProvision; - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, errStr.c_str()); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, errStr.c_str()); return PROVISION_INVALID; } obj.get_to(info); diff --git a/hapsigntool_cpp/profile/src/profile_verify_utils.cpp b/hapsigntool_cpp/profile/src/profile_verify_utils.cpp deleted file mode 100644 index 7baea995a8348216ae2dad01a2e54ccfce6295bb..0000000000000000000000000000000000000000 --- a/hapsigntool_cpp/profile/src/profile_verify_utils.cpp +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "profile_verify_utils.h" -#include "signature_tools_log.h" -#include "matching_result.h" -#include "verify_cert_openssl_utils.h" -#include "hap_signer_block_utils.h" -#include "verify_hap_openssl_utils.h" - -namespace OHOS { -namespace SignatureTools { - -bool ProfileVerifyUtils::ParseProfile(Pkcs7Context& profilePkcs7Context, - const Pkcs7Context& hapPkcs7Context, - const ByteBuffer& pkcs7ProfileBlock, std::string& profile) -{ - if (hapPkcs7Context.matchResult.matchState == MATCH_WITH_SIGN && - hapPkcs7Context.matchResult.source == APP_GALLARY) { - profile = std::string(pkcs7ProfileBlock.GetBufferPtr(), pkcs7ProfileBlock.GetCapacity()); - SIGNATURE_TOOLS_LOGD("hap include unsigned provision"); - return true; - } - const unsigned char* pkcs7Block = reinterpret_cast( - pkcs7ProfileBlock.GetBufferPtr()); - uint32_t pkcs7Len = static_cast(pkcs7ProfileBlock.GetCapacity()); - if (!VerifyHapOpensslUtils::ParsePkcs7Package(pkcs7Block, pkcs7Len, profilePkcs7Context)) { - SIGNATURE_TOOLS_LOGE("parse pkcs7 failed"); - return false; - } - profile = std::string(profilePkcs7Context.content.GetBufferPtr(), - profilePkcs7Context.content.GetCapacity()); - return true; -} -bool ProfileVerifyUtils::VerifyProfile(Pkcs7Context& pkcs7Context) -{ - if (!VerifyHapOpensslUtils::GetCertChains(pkcs7Context.p7, pkcs7Context)) { - SIGNATURE_TOOLS_LOGE("GetCertChains from pkcs7 failed"); - return false; - } - if (!VerifyHapOpensslUtils::VerifyPkcs7(pkcs7Context)) { - SIGNATURE_TOOLS_LOGE("verify profile signature failed"); - return false; - } - return true; -} -} // namespace SignatureTools -} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/utils/include/signature_tools_errno.h b/hapsigntool_cpp/utils/include/signature_tools_errno.h index f933ca064f7a76f7eabad7c1625f96b14abd0389..9ed2259da240bd0d6d5336da34e8c840a56bb880 100644 --- a/hapsigntool_cpp/utils/include/signature_tools_errno.h +++ b/hapsigntool_cpp/utils/include/signature_tools_errno.h @@ -82,6 +82,10 @@ const int KEYSTORE_PASSWORD_ERROR = -115; * Enum constant KEYSTORE_STRUCTURE_ERROR. */ const int KEYSTORE_STRUCTURE_ERROR = -116; +/** + * Enum constant PROVISION_INVALID_ERROR. + */ +const int PROVISION_INVALID_ERROR = -117; } // namespace SignatureTools } // namespace OHOS