From a640b5b20e2c4b6ef8938ea9c7df5217070f9316 Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Thu, 25 Jul 2024 14:16:01 +0800 Subject: [PATCH 1/8] add Signed-off-by: zhanzeyi --- hapsigntool_cpp/api/src/cert_tools.cpp | 11 +- .../api/src/sign_tool_service_impl.cpp | 5 +- hapsigntool_cpp/cmd/src/cmd_util.cpp | 42 +---- .../src/code_sign_block_header.cpp | 10 +- .../datastructure/src/elf_sign_block.cpp | 8 +- .../src/fs_verity_info_segment.cpp | 10 +- .../datastructure/src/hap_info_segment.cpp | 8 +- .../src/merkle_tree_extension.cpp | 4 +- .../src/native_lib_info_segment.cpp | 8 +- .../datastructure/src/segment_header.cpp | 8 +- .../datastructure/src/sign_info.cpp | 4 +- .../fsverity/src/fs_verity_descriptor.cpp | 4 +- .../codesigning/sign/include/code_signing.h | 11 +- .../codesigning/sign/src/code_signing.cpp | 145 ++++++++++++------ hapsigntool_cpp/common/include/byte_buffer.h | 1 - hapsigntool_cpp/common/src/byte_buffer.cpp | 9 -- .../hap/provider/src/remote_sign_provider.cpp | 8 +- hapsigntool_cpp/hap/verify/src/verify_hap.cpp | 2 - .../profile/include/profile_verify_utils.h | 36 ----- .../profile/signature_tools_profile.gni | 1 - .../profile/src/profile_verify.cpp | 10 +- .../profile/src/profile_verify_utils.cpp | 59 ------- .../utils/include/signature_tools_errno.h | 4 + 23 files changed, 157 insertions(+), 251 deletions(-) delete mode 100644 hapsigntool_cpp/profile/include/profile_verify_utils.h delete mode 100644 hapsigntool_cpp/profile/src/profile_verify_utils.cpp diff --git a/hapsigntool_cpp/api/src/cert_tools.cpp b/hapsigntool_cpp/api/src/cert_tools.cpp index 3dea1613..6d9cf164 100644 --- a/hapsigntool_cpp/api/src/cert_tools.cpp +++ b/hapsigntool_cpp/api/src/cert_tools.cpp @@ -27,8 +27,6 @@ #include "constant.h" #include "cmd_util.h" -#define BASIC_NUMBER_TWO 2 - namespace OHOS { namespace SignatureTools { @@ -106,13 +104,10 @@ static bool UpdateConstraint(Options* options) bool CertTools::SetBisicConstraints(Options* options, X509* cert) { - /*Check here when the parameter is not entered through the command line */ - if (!(options->count(Options::BASIC_CONSTRAINTS) - && (*options)[Options::BASIC_CONSTRAINTS].index() == BASIC_NUMBER_TWO)) { - if (!UpdateConstraint(options)) { - return false; - } + if (!UpdateConstraint(options)) { + return false; } + bool basicCon = options->GetBool(Options::BASIC_CONSTRAINTS); if (basicCon) { bool basicConstraintsCritical = options->GetBool(Options::BASIC_CONSTRAINTS_CRITICAL); diff --git a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp index a717ea09..a1ccbeca 100644 --- a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp +++ b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp @@ -139,7 +139,7 @@ int SignToolServiceImpl::HandleIssuerKeyAliasEmpty(Options* options) { std::string iksFile = options->GetString(Options::ISSUER_KEY_STORE_FILE); if (!FileUtils::IsEmpty(iksFile) && !options->Equals(Options::KEY_STORE_FILE, Options::ISSUER_KEY_STORE_FILE)) { - PrintErrorNumberMsg("WRITE_FILE_ERROR", IO_ERROR, + PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, "Parameter '" + iksFile + "' and parameter '" + options->GetString(Options::KEY_STORE_FILE) + "' are inconsistent"); return RET_FAILED; @@ -160,7 +160,7 @@ int SignToolServiceImpl::HandleIssuerKeyAliasEmpty(Options* options) } return RET_OK; err: - PrintErrorNumberMsg("WRITE_FILE_ERROR", IO_ERROR, + PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, "Parameter 'keystorePwd' and parameter 'issuerKeystorePwd' are inconsistent"); return RET_FAILED; } @@ -602,7 +602,6 @@ int SignToolServiceImpl::GetProvisionContent(const std::string& input, std::stri } nlohmann::json obj = nlohmann::json::parse(bytes); if (obj.is_discarded() || (!obj.is_structured())) { - SIGNATURE_TOOLS_LOGE("Parsing appProvision failed!"); PrintErrorNumberMsg("PARSE ERROR", PARSE_ERROR, "Parsing appProvision failed!"); return PARSE_ERROR; } diff --git a/hapsigntool_cpp/cmd/src/cmd_util.cpp b/hapsigntool_cpp/cmd/src/cmd_util.cpp index 627fb3a8..e6088817 100644 --- a/hapsigntool_cpp/cmd/src/cmd_util.cpp +++ b/hapsigntool_cpp/cmd/src/cmd_util.cpp @@ -55,7 +55,7 @@ static bool UpdateParamForVariantCertInt(const ParamsSharedPtr& param) } if (!StringUtils::CheckStringToint(val, validity)) { PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, "Invalid parameter '" - + val + "', You should fill in the numbers"); + + val + "'"); return false; } validity *= ONE_DAY_TIME; @@ -129,30 +129,6 @@ static bool UpdateParamForVariantBoolKeyUsage(const ParamsSharedPtr& param) return true; } -static bool UpdateParamForVariantBoolConstraints(const ParamsSharedPtr& param) -{ - Options* options = param->GetOptions(); - - //The bool type is used only by the "generate-cert" module - if (options->count(Options::BASIC_CONSTRAINTS)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS)) { - return false; - } - } else if (param->GetMethod() == GENERATE_CERT) { - (*options)[Options::BASIC_CONSTRAINTS] = DEFAULT_BASIC_CONSTRAINTS; - } - - //The bool type is used only by the "generate-cert" module - if (options->count(Options::BASIC_CONSTRAINTS_CRITICAL)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { - return false; - } - } else if (param->GetMethod() == GENERATE_CERT) { - (*options)[Options::BASIC_CONSTRAINTS_CRITICAL] = DEFAULT_BASIC_CONSTRAINTS_CRITICAL; - } - return true; -} - static bool UpdateParamForVariantBoolProfileSigned(const ParamsSharedPtr& param) { Options* options = param->GetOptions(); @@ -173,14 +149,6 @@ static bool UpdateParamForVariantBoolProfileSigned(const ParamsSharedPtr& param) (*options)[Options::PROFILE_SIGNED] = DEFAULT_PROFILE_SIGNED_1; } - //The bool type is used only by the "generate-cert" module - if (options->count(Options::BASIC_CONSTRAINTS_CA)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { - return false; - } - } else if (param->GetMethod() == GENERATE_CERT) { - (*options)[Options::BASIC_CONSTRAINTS_CA] = DEFAULT_BASIC_CONSTRAINTS_CA; - } return true; } @@ -194,8 +162,9 @@ bool CmdUtil::UpdateParamForCheckOutFile(Options* options, const std::initialize //Purpose: To prevent the user output path from passing an empty string. eg " " std::string tmpOutFilePath = outFilePath; - tmpOutFilePath.erase(std::remove_if(tmpOutFilePath.begin(), tmpOutFilePath.end(), ::isspace), - tmpOutFilePath.end()); + tmpOutFilePath.erase(std::remove_if(tmpOutFilePath.begin(), + tmpOutFilePath.end(), ::isspace), tmpOutFilePath.end()); + if (parentPath.empty() && !tmpOutFilePath.empty()) { parentPath = "./"; } @@ -338,9 +307,6 @@ static bool UpdateParam(const ParamsSharedPtr& param) if (!UpdateParamForVariantBoolKeyUsage(param)) { return false; } - if (!UpdateParamForVariantBoolConstraints(param)) { - return false; - } if (!UpdateParamForVariantBoolProfileSigned(param)) { return false; } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp index 1099a5af..9262bf87 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp @@ -78,7 +78,7 @@ void CodeSignBlockHeader::ToByteArray(std::vector& ret) CodeSignBlockHeader* CodeSignBlockHeader::FromByteArray(const std::vector& bytes) { if (bytes.size() != Size()) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package in CodeSignBlockHeader is different in size from the \ standard header size."); return nullptr; @@ -89,14 +89,14 @@ CodeSignBlockHeader* CodeSignBlockHeader::FromByteArray(const std::vector(FLAG_MERKLE_TREE_INLINED + FLAG_NATIVE_LIB_INCLUDED)) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package has the wrong flag in the CodeSignBlockHeader."); return nullptr; } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp b/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp index e9508345..a162fc54 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp @@ -83,7 +83,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi int32_t inTreeType = 0; bf->GetInt32(inTreeType); if (MERKLE_TREE_INLINED != inTreeType) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong merkle tree type in the ElfSignBlock"); return false; } @@ -94,7 +94,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi int32_t inFsdType = 0; bf->GetInt32(inFsdType); if (FsVerityDescriptor::FS_VERITY_DESCRIPTOR_TYPE != inFsdType) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong fs-verify descriptor type in the ElfSignBlock"); return false; } @@ -103,7 +103,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi bf->GetInt32(inFsdLength); if (bytes.size() != FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inTreeLength + FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inFsdLength) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong signature length in the ElfSignBlock"); return false; } @@ -111,7 +111,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi bf->GetByte(fsdArray.data(), fsdArray.size()); FsVerityDescriptor fsd = FsVerityDescriptor::FromByteArray(fsdArray); if (inFsdLength != fsd.GetSignSize() + FsVerityDescriptor::DESCRIPTOR_SIZE) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong signed size in the ElfSignBlock"); return false; } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp index 5247adea..6db15881 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp @@ -65,7 +65,7 @@ void FsVerityInfoSegment::ToByteArray(std::vector& ret) FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector& bytes) { if (bytes.size() != FS_VERITY_INFO_SEGMENT_SIZE) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong signed size in the FsVerityInfoSegment"); return FsVerityInfoSegment(); } @@ -76,7 +76,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector int inMagic; bf.GetInt32(inMagic); if (inMagic != MAGIC) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong magic number in the FsVerityInfoSegment"); return FsVerityInfoSegment(); } @@ -84,7 +84,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector int8_t inVersion; bf.GetInt8(inVersion); if (inVersion != FsVerityDescriptor::VERSION) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong version in the FsVerityInfoSegment"); return FsVerityInfoSegment(); } @@ -92,7 +92,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector int8_t inHashAlgorithm; bf.GetInt8(inHashAlgorithm); if (inHashAlgorithm != FsVerityGenerator::GetFsVerityHashAlgorithm()) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong hashAlgorithm in the FsVerityInfoSegment"); return FsVerityInfoSegment(); } @@ -100,7 +100,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector int8_t inLog2BlockSize; bf.GetInt8(inLog2BlockSize); if (inLog2BlockSize != FsVerityGenerator::GetLog2BlockSize()) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong log2BlockSize in the FsVerityInfoSegment"); return FsVerityInfoSegment(); } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp index 1c27a48e..d211026e 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp @@ -65,12 +65,12 @@ HapInfoSegment HapInfoSegment::FromByteArray(std::vector& bytes) int32_t inMagic = 0; bf->GetInt32(inMagic); if (inMagic != HapInfoSegment::MAGIC_NUM) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong magic number in the HapInfoSegment."); return HapInfoSegment(); } if (bytes.size() <= HapInfoSegment::MAGIC_NUM_BYTES) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong bytes size in the HapInfoSegment."); return HapInfoSegment(); } @@ -78,12 +78,12 @@ HapInfoSegment HapInfoSegment::FromByteArray(std::vector& bytes) bf->GetByte(hapSignInfoByteArray.data(), hapSignInfoByteArray.size()); SignInfo inHapSignInfo = SignInfo::FromByteArray(hapSignInfoByteArray); if (inHapSignInfo.GetDataSize() % HapInfoSegment::CHUNK_SIZE != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Invalid dataSize, the dataSize is not an integer multiple of 4096."); return HapInfoSegment(); } if (inHapSignInfo.GetExtensionNum() != SignInfo::MAX_EXTENSION_NUM) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong extensionNum in the HapInfoSegment."); return HapInfoSegment(); } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp index 1966eb75..381abf22 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp @@ -77,14 +77,14 @@ MerkleTreeExtension* MerkleTreeExtension::FromByteArray(std::vector& byt int64_t inMerkleTreeSize = 0; bf->GetInt64(inMerkleTreeSize); if (inMerkleTreeSize % PAGE_SIZE_4K != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package's merkletree size is not an integer multiple of 4096"); return nullptr; } int64_t inMerkleTreeOffset = 0; bf->GetInt64(inMerkleTreeOffset); if (inMerkleTreeOffset % PAGE_SIZE_4K != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package's merkletree offset is not an integer multiple of 4096"); return nullptr; } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp index 34a65e61..156b08c5 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp @@ -142,7 +142,7 @@ NativeLibInfoSegment NativeLibInfoSegment::FromByteArray(std::vector &by std::vector inSignInfoList; for (SignedFilePos &pos : inSignedFilePosList) { if (pos.GetSignInfoOffset() % ALIGNMENT_FOR_SIGNINFO != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The native lib's sign info offset is not an integer multiple of 4"); return NativeLibInfoSegment(); } @@ -160,19 +160,19 @@ bool NativeLibInfoSegment::CheckBuffer(ByteBuffer* bf, int32_t& inMagic, int32_t { bf->GetInt32(inMagic); if (inMagic != MAGIC_NUM) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong magic number in the NativeLibInfoSegment"); return false; } bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong segmentSize in the NativeLibInfoSegment"); return false; } bf->GetInt32(inSectionNum); if (inSectionNum < 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong sectionNum in the NativeLibInfoSegment"); return false; } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp index 6684bf47..09ef3f4a 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp @@ -68,7 +68,7 @@ void SegmentHeader::ToByteArray(std::vector &ret) std::unique_ptr SegmentHeader::FromByteArray(std::vector bytes) { if (bytes.size() != SEGMENT_HEADER_LENGTH) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "The signed package has the wrong flag in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package has the wrong flag in the SegmentHeader"); return std::unique_ptr(); } std::unique_ptr bf = std::make_unique(ByteBuffer(SEGMENT_HEADER_LENGTH)); @@ -78,7 +78,7 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector bf->GetInt32(inType); if ((inType != CSB_FSVERITY_INFO_SEG) && (inType != CSB_HAP_META_SEG) && (inType != CSB_NATIVE_LIB_INFO_SEG)) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "The signed package has the wrong type in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package has the wrong type in the SegmentHeader"); return std::unique_ptr(); } int32_t inSegmentOffset = 0; @@ -87,8 +87,8 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector int32_t inSegmentSize = 0; bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "The signed package has the wrong segmentsize in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The signed package has the wrong segmentsize in the SegmentHeader"); return std::unique_ptr(); } return std::make_unique(inType, inSegmentOffset, inSegmentSize); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp index 15b3a94a..4f234695 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp @@ -200,14 +200,14 @@ std::vector SignInfo::ParseMerkleTreeExtension(ByteBuffer* int32_t extensionType = 0; bf->GetInt32(extensionType); if (extensionType != MerkleTreeExtension::MERKLE_TREE_INLINED) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package has the wrong extensionType in the SignInfo"); return inExtensionList; } int32_t extensionSize = 0; bf->GetInt32(extensionSize); if (extensionSize != MerkleTreeExtension::MERKLE_TREE_EXTENSION_DATA_SIZE) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package has the wrong extensionSize in the SignInfo"); return inExtensionList; } diff --git a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp index e1240d30..b607bd82 100644 --- a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp +++ b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp @@ -30,7 +30,7 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) int8_t inFsVersion; bf->GetInt8(inFsVersion); if (FsVerityDescriptor::VERSION != inFsVersion) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong fs-verify descriptor version in the ElfSignBlock"); return builder->Build(); } @@ -58,7 +58,7 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) int64_t inTreeOffset; bf->GetInt64(inTreeOffset); if (inTreeOffset % PAGE_SIZE_4K != 0) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed data has the wrong merkle tree offset in the ElfSignBlock"); return builder->Build(); } diff --git a/hapsigntool_cpp/codesigning/sign/include/code_signing.h b/hapsigntool_cpp/codesigning/sign/include/code_signing.h index 0fdfb324..f474ff9c 100644 --- a/hapsigntool_cpp/codesigning/sign/include/code_signing.h +++ b/hapsigntool_cpp/codesigning/sign/include/code_signing.h @@ -18,8 +18,10 @@ #include #include #include +#include #include "securec.h" +#include "thread_pool.h" #include "hap_utils.h" #include "zip_signer.h" #include "file_utils.h" @@ -55,27 +57,30 @@ public: std::vector &codesignData); public: - const std::string NATIVE_LIB_AN_SUFFIX = ".an"; - const std::string NATIVE_LIB_SO_SUFFIX = ".so"; static bool IsNativeFile(const std::string& input); uint32_t ComputeDataSize(ZipSigner& zip); int64_t GetTimestamp(); bool SignNativeLibs(const std::string &input, std::string &ownerID); void UpdateCodeSignBlock(); bool GetNativeEntriesFromHap(const std::string& packageName, UnzipHandleParam& param); + bool RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index); bool GenerateSignature(const std::vector& signedData, const std::string&, std::vector&); int64_t m_timestamp = 0; std::vector m_extractedNativeLibSuffixs; SignerConfig* m_signConfig; CodeSignBlock m_codeSignBlock; + std::mutex m_mutex; private: static bool CheckUnzParam(unzFile& zFile, unz_file_info& zFileInfo, char fileName[], size_t* nameLen); static bool CheckFileName(unzFile& zFile, char fileName[], size_t* nameLen); - bool HandleZipGlobalInfo(unzFile& zFile, unz_global_info& zGlobalInfo, UnzipHandleParam& param); + bool HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, unz_global_info& zGlobalInfo, UnzipHandleParam& param); bool DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& sb, UnzipHandleParam& param, int readFileSize); + static constexpr int MAX_PROCESSORS = 32; + const int POOL_SIZE = std::min(MAX_PROCESSORS, static_cast(std::thread::hardware_concurrency())); + std::shared_ptr mPools; }; } // namespace SignatureTools } // namespace OHOS diff --git a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp index 82b0682d..a2fc2b8a 100644 --- a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp @@ -34,13 +34,14 @@ const FsVerityHashAlgorithm FS_SHA256(1, "SHA-256", 256 / 8); const FsVerityHashAlgorithm FS_SHA512(2, "SHA-512", 512 / 8); const int8_t LOG_2_OF_FSVERITY_HASH_PAGE_SIZE = 12; -CodeSigning::CodeSigning(SignerConfig* signConfig) +CodeSigning::CodeSigning(SignerConfig* signConfig) : mPools(new Uscript::ThreadPool(POOL_SIZE)) { m_signConfig = signConfig; } -CodeSigning::CodeSigning() +CodeSigning::CodeSigning() : mPools(new Uscript::ThreadPool(POOL_SIZE)) { + } bool CodeSigning::GetCodeSignBlock(const std::string &input, int64_t offset, @@ -212,10 +213,6 @@ bool CodeSigning::GetElfCodeSignBlock(const std::string &input, int64_t offset, bool CodeSigning::SignNativeLibs(const std::string &input, std::string &ownerID) { - // 'an' libs are always signed - m_extractedNativeLibSuffixs.push_back(NATIVE_LIB_AN_SUFFIX); - // 'so' libs are always signed - m_extractedNativeLibSuffixs.push_back(NATIVE_LIB_SO_SUFFIX); // sign native files std::vector> ret; UnzipHandleParam param(ret, ownerID, true); @@ -261,65 +258,108 @@ bool CodeSigning::GetNativeEntriesFromHap(const std::string& packageName, UnzipH return false; } // search each file - bool handleFlag = HandleZipGlobalInfo(zFile, zGlobalInfo, param); + bool handleFlag = HandleZipGlobalInfo(packageName, zFile, zGlobalInfo, param); if (!handleFlag) { unzClose(zFile); return false; } - unzCloseCurrentFile(zFile); - unzGoToNextFile(zFile); + unzClose(zFile); return true; } -bool CodeSigning::HandleZipGlobalInfo(unzFile& zFile, unz_global_info& zGlobalInfo, - UnzipHandleParam& param) +bool CodeSigning::RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index) { + unzFile zFile = unzOpen(packageName.c_str()); + if (zFile == NULL) { + PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "zlib open file: " + packageName + " failed."); + return false; + } + // get zipFile all paramets + unz_global_info zGlobalInfo; + int getRet = unzGetGlobalInfo(zFile, &zGlobalInfo); + if (getRet != UNZ_OK) { + PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib get global info failed."); + unzClose(zFile); + return false; + } + + for (uLong i = 0; i < index; ++i) { + int ret = unzGoToNextFile(zFile); + if (ret != UNZ_OK) { + unzClose(zFile); + return false; + } + } + char szReadBuffer[BUFFER_SIZE] = { 0 }; unz_file_info zFileInfo; char fileName[FILE_NAME_SIZE]; - char fileNameZeroBuf[FILE_NAME_SIZE] = { 0 }; - SIGNATURE_TOOLS_LOGI("zGlobalInfo.number_entry = %lu", zGlobalInfo.number_entry); - for (uLong i = 0; i < zGlobalInfo.number_entry; ++i) { - if (memcpy_s(fileName, FILE_NAME_SIZE, fileNameZeroBuf, FILE_NAME_SIZE) != 0) - return false; - size_t nameLen = 0; - if (!CheckUnzParam(zFile, zFileInfo, fileName, &nameLen)) { - return false; - } - if (!CheckFileName(zFile, fileName, &nameLen)) { - continue; - } - long fileLength = zFileInfo.uncompressed_size; - int readFileSize = 0; - int nReadFileSize; - std::stringbuf sb; - do { - nReadFileSize = 0; - if (memset_s(szReadBuffer, BUFFER_SIZE, 0, BUFFER_SIZE) != EOK) { - SIGNATURE_TOOLS_LOGE("memset_s failed"); - } - nReadFileSize = unzReadCurrentFile(zFile, szReadBuffer, BUFFER_SIZE); - if (nReadFileSize > 0) { - sb.sputn(szReadBuffer, nReadFileSize); - } - fileLength -= nReadFileSize; - readFileSize += nReadFileSize; - } while (fileLength > 0 && nReadFileSize > 0); - if (fileLength) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib read stream from " - + std::string(fileName) + " failed."); - unzCloseCurrentFile(zFile); - unzGoToNextFile(zFile); + + if (memset_s(fileName, FILE_NAME_SIZE, 0, FILE_NAME_SIZE) != 0) { + unzClose(zFile); + return false; + } + size_t nameLen = 0; + if (!CheckUnzParam(zFile, zFileInfo, fileName, &nameLen)) { + unzClose(zFile); + return false; + } + if (!CheckFileName(zFile, fileName, &nameLen)) { + unzClose(zFile); + return true; + } + long fileLength = zFileInfo.uncompressed_size; + int readFileSize = 0; + int nReadFileSize; + std::stringbuf sb; + do { + nReadFileSize = 0; + if (memset_s(szReadBuffer, BUFFER_SIZE, 0, BUFFER_SIZE) != EOK) { + SIGNATURE_TOOLS_LOGE("memset_s failed"); + unzClose(zFile); return false; } - bool handleFlag = DoNativeLibSignOrVerify(std::string(fileName), sb, param, readFileSize); - if (!handleFlag) { - SIGNATURE_TOOLS_LOGE("%s native libs handle failed", fileName); - return false; + nReadFileSize = unzReadCurrentFile(zFile, szReadBuffer, BUFFER_SIZE); + if (nReadFileSize > 0) { + sb.sputn(szReadBuffer, nReadFileSize); } - unzCloseCurrentFile(zFile); - unzGoToNextFile(zFile); + fileLength -= nReadFileSize; + readFileSize += nReadFileSize; + } while (fileLength > 0 && nReadFileSize > 0); + if (fileLength) { + PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib read stream from " + + std::string(fileName) + " failed."); + unzClose(zFile); + return false; + } + bool handleFlag = DoNativeLibSignOrVerify(std::string(fileName), sb, param, readFileSize); + if (!handleFlag) { + SIGNATURE_TOOLS_LOGE("%s native libs handle failed", fileName); + unzClose(zFile); + return false; + } + unzCloseCurrentFile(zFile); + unzClose(zFile); + return true; +} + +bool CodeSigning::HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, unz_global_info& zGlobalInfo, + UnzipHandleParam& param) +{ + std::vector> thread_results; + SIGNATURE_TOOLS_LOGI("zGlobalInfo.number_entry = %lu", zGlobalInfo.number_entry); + for (uLong i = 0; i < zGlobalInfo.number_entry; ++i) { + thread_results.push_back(mPools->Enqueue(&CodeSigning::RunParseZipInfo, this, std::ref(packageName), std::ref(param), i)); + } + + bool result = true; + for (auto& thread_result : thread_results) { + if (!thread_result.get()) + result = false; + } + if (!result) { + return false; } return true; } @@ -336,8 +376,11 @@ bool CodeSigning::DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& if (!signFileFlag) { return false; } - std::vector>& ret = param.GetRet(); + m_mutex.lock(); + std::vector> &ret = param.GetRet(); ret.push_back(std::make_pair(fileName, pairSignInfoAndMerkleTreeBytes.first)); + m_mutex.unlock(); + } else { CodeSignBlock csb = param.GetCodeSignBlock(); std::vector& fileNames = csb.GetSoInfoSegment().GetFileNameList(); diff --git a/hapsigntool_cpp/common/include/byte_buffer.h b/hapsigntool_cpp/common/include/byte_buffer.h index c3373425..2af571db 100644 --- a/hapsigntool_cpp/common/include/byte_buffer.h +++ b/hapsigntool_cpp/common/include/byte_buffer.h @@ -91,7 +91,6 @@ public: DLL_EXPORT void PutData(int32_t offset, const char data[], int32_t len, int32_t type); DLL_EXPORT void PutByte(char value); DLL_EXPORT void Put(const ByteBuffer& byteBuffer); - DLL_EXPORT std::string GetData(int32_t len); DLL_EXPORT void GetData(char data[], uint32_t len); DLL_EXPORT void GetData(int32_t offset, int8_t data[], uint32_t len); DLL_EXPORT void GetByte(int8_t data[], int32_t len); diff --git a/hapsigntool_cpp/common/src/byte_buffer.cpp b/hapsigntool_cpp/common/src/byte_buffer.cpp index 7e663367..6525c634 100644 --- a/hapsigntool_cpp/common/src/byte_buffer.cpp +++ b/hapsigntool_cpp/common/src/byte_buffer.cpp @@ -471,15 +471,6 @@ void ByteBuffer::GetByte(int8_t data[], int32_t len) } } -std::string ByteBuffer::GetData(int32_t len) -{ - std::unique_ptr pData = std::make_unique(len); - if (0 == memcpy_s(pData.get(), len, buffer.get() + position, len)) { - position = position + len; - } - return std::string(pData.get()); -} - void ByteBuffer::GetData(char data[], uint32_t len) { if (0 == memcpy_s(data, len, buffer.get() + position, len)) { diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index db812a49..23b3a146 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -73,21 +73,21 @@ bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* c X509_NAME* subject2 = X509_get_subject_name(certInProfile); if (X509_NAME_cmp(subject1, subject2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, subject name is not compare"); + "Check Input Cert Match With Profile failed, subject name is not equal"); return false; } X509_NAME* issuer1 = X509_get_issuer_name(inputCert); X509_NAME* issuer2 = X509_get_issuer_name(certInProfile); if (X509_NAME_cmp(issuer1, issuer2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, issuer name is not compare"); + "Check Input Cert Match With Profile failed, issuer name is not equal"); return false; } ASN1_INTEGER* serial1 = X509_get_serialNumber(inputCert); ASN1_INTEGER* serial2 = X509_get_serialNumber(certInProfile); if (ASN1_INTEGER_cmp(serial1, serial2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, serial Number is not compare"); + "Check Input Cert Match With Profile failed, serial Number is not equal"); return false; } EVP_PKEY* pkey1 = X509_get_pubkey(inputCert); @@ -96,7 +96,7 @@ bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* c EVP_PKEY_free(pkey1); EVP_PKEY_free(pkey2); PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, pubkey is not compare"); + "Check Input Cert Match With Profile failed, pubkey is not equal"); return false; } if (!pkey1 || !pkey2) { diff --git a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp index ef3859f8..b7043c40 100644 --- a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp +++ b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp @@ -19,7 +19,6 @@ #include #include "securec.h" -#include "profile_verify_utils.h" #include "hap_signer_block_utils.h" #include "signature_info.h" #include "options.h" @@ -298,7 +297,6 @@ int VerifyHap::GetProfileContent(const std::string profile, std::string& ret) } PKCS7Data p7Data; if (p7Data.Parse(profile) < 0) { - PrintErrorNumberMsg("PKCS7_PARSE_ERROR", PARSE_ERROR, "Parse profile failed"); ret = profile; return -1; } diff --git a/hapsigntool_cpp/profile/include/profile_verify_utils.h b/hapsigntool_cpp/profile/include/profile_verify_utils.h deleted file mode 100644 index 1eef463e..00000000 --- a/hapsigntool_cpp/profile/include/profile_verify_utils.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef SIGNATRUETOOLS_PROFILE_VERIFY_UTILS_H -#define SIGNATRUETOOLS_PROFILE_VERIFY_UTILS_H - -#include - -#include "export_define.h" -#include "byte_buffer.h" -#include "pkcs7_context.h" - -namespace OHOS { -namespace SignatureTools { -class ProfileVerifyUtils { -public: - DLL_EXPORT static bool ParseProfile(Pkcs7Context& profilePkcs7Context, - const Pkcs7Context& pkcs7Context, - const ByteBuffer& pkcs7ProfileBlock, - std::string& profile); - DLL_EXPORT static bool VerifyProfile(Pkcs7Context& pkcs7Context); -}; -} // namespace SignatureTools -} // namespace OHOS -#endif // SIGNATRUETOOLS_PROFILE_VERIFY_UTILS_H diff --git a/hapsigntool_cpp/profile/signature_tools_profile.gni b/hapsigntool_cpp/profile/signature_tools_profile.gni index 63fa9583..c1ae4f80 100644 --- a/hapsigntool_cpp/profile/signature_tools_profile.gni +++ b/hapsigntool_cpp/profile/signature_tools_profile.gni @@ -19,5 +19,4 @@ signature_tools_profile_src = [ "${signature_tools_profile}/src/profile_verify.cpp", "${signature_tools_profile}/src/pkcs7_data.cpp", "${signature_tools_profile}/src/profile_sign_tool.cpp", - "${signature_tools_profile}/src/profile_verify_utils.cpp", ] diff --git a/hapsigntool_cpp/profile/src/profile_verify.cpp b/hapsigntool_cpp/profile/src/profile_verify.cpp index 4abe9bd6..4540918f 100644 --- a/hapsigntool_cpp/profile/src/profile_verify.cpp +++ b/hapsigntool_cpp/profile/src/profile_verify.cpp @@ -17,6 +17,7 @@ #include "nlohmann/json.hpp" #include "signature_tools_log.h" +#include "signature_tools_errno.h" #include "profile_verify.h" using namespace std; @@ -216,7 +217,7 @@ void from_json(const json& obj, ProfileInfo& out) AppProvisionVerifyResult ReturnIfStringIsEmpty(const std::string& str, const std::string& errMsg) { if (str.empty()) { - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, errMsg); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, errMsg); return PROVISION_INVALID; } return PROVISION_OK; @@ -225,7 +226,7 @@ AppProvisionVerifyResult ReturnIfStringIsEmpty(const std::string& str, const std AppProvisionVerifyResult ReturnIfIntIsNonPositive(int num, const std::string& errMsg) { if (num <= 0) { - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, errMsg); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, errMsg); return PROVISION_INVALID; } return PROVISION_OK; @@ -248,7 +249,8 @@ static AppProvisionVerifyResult CheckProfileValidType(ProfileInfo& info) return PROVISION_INVALID; } } else { - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, "Require build type must be debug or release"); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, + "Require build type must be debug or release"); return PROVISION_INVALID; } return PROVISION_OK; @@ -281,7 +283,7 @@ AppProvisionVerifyResult ParseProfile(const std::string& appProvision, ProfileIn json obj = json::parse(appProvision, nullptr, false); if (obj.is_discarded() || (!obj.is_structured())) { std::string errStr = "invalid json object, parse provision failed, json: " + appProvision; - PrintErrorNumberMsg("PROVISION_INVALID", PROVISION_INVALID, errStr.c_str()); + PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, errStr.c_str()); return PROVISION_INVALID; } obj.get_to(info); diff --git a/hapsigntool_cpp/profile/src/profile_verify_utils.cpp b/hapsigntool_cpp/profile/src/profile_verify_utils.cpp deleted file mode 100644 index 7baea995..00000000 --- a/hapsigntool_cpp/profile/src/profile_verify_utils.cpp +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "profile_verify_utils.h" -#include "signature_tools_log.h" -#include "matching_result.h" -#include "verify_cert_openssl_utils.h" -#include "hap_signer_block_utils.h" -#include "verify_hap_openssl_utils.h" - -namespace OHOS { -namespace SignatureTools { - -bool ProfileVerifyUtils::ParseProfile(Pkcs7Context& profilePkcs7Context, - const Pkcs7Context& hapPkcs7Context, - const ByteBuffer& pkcs7ProfileBlock, std::string& profile) -{ - if (hapPkcs7Context.matchResult.matchState == MATCH_WITH_SIGN && - hapPkcs7Context.matchResult.source == APP_GALLARY) { - profile = std::string(pkcs7ProfileBlock.GetBufferPtr(), pkcs7ProfileBlock.GetCapacity()); - SIGNATURE_TOOLS_LOGD("hap include unsigned provision"); - return true; - } - const unsigned char* pkcs7Block = reinterpret_cast( - pkcs7ProfileBlock.GetBufferPtr()); - uint32_t pkcs7Len = static_cast(pkcs7ProfileBlock.GetCapacity()); - if (!VerifyHapOpensslUtils::ParsePkcs7Package(pkcs7Block, pkcs7Len, profilePkcs7Context)) { - SIGNATURE_TOOLS_LOGE("parse pkcs7 failed"); - return false; - } - profile = std::string(profilePkcs7Context.content.GetBufferPtr(), - profilePkcs7Context.content.GetCapacity()); - return true; -} -bool ProfileVerifyUtils::VerifyProfile(Pkcs7Context& pkcs7Context) -{ - if (!VerifyHapOpensslUtils::GetCertChains(pkcs7Context.p7, pkcs7Context)) { - SIGNATURE_TOOLS_LOGE("GetCertChains from pkcs7 failed"); - return false; - } - if (!VerifyHapOpensslUtils::VerifyPkcs7(pkcs7Context)) { - SIGNATURE_TOOLS_LOGE("verify profile signature failed"); - return false; - } - return true; -} -} // namespace SignatureTools -} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/utils/include/signature_tools_errno.h b/hapsigntool_cpp/utils/include/signature_tools_errno.h index f933ca06..9ed2259d 100644 --- a/hapsigntool_cpp/utils/include/signature_tools_errno.h +++ b/hapsigntool_cpp/utils/include/signature_tools_errno.h @@ -82,6 +82,10 @@ const int KEYSTORE_PASSWORD_ERROR = -115; * Enum constant KEYSTORE_STRUCTURE_ERROR. */ const int KEYSTORE_STRUCTURE_ERROR = -116; +/** + * Enum constant PROVISION_INVALID_ERROR. + */ +const int PROVISION_INVALID_ERROR = -117; } // namespace SignatureTools } // namespace OHOS -- Gitee From c8bf0b7b6b64e16e5fcc75fa009eba053ecf1a79 Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Thu, 25 Jul 2024 17:24:50 +0800 Subject: [PATCH 2/8] add Signed-off-by: zhanzeyi --- .../codesigning/sign/include/code_signing.h | 8 +- .../codesigning/sign/src/code_signing.cpp | 160 ++++++++++-------- hapsigntool_cpp/profile/include/pkcs7_data.h | 8 + .../profile/src/profile_verify.cpp | 2 +- 4 files changed, 107 insertions(+), 71 deletions(-) diff --git a/hapsigntool_cpp/codesigning/sign/include/code_signing.h b/hapsigntool_cpp/codesigning/sign/include/code_signing.h index f474ff9c..9cf04dd8 100644 --- a/hapsigntool_cpp/codesigning/sign/include/code_signing.h +++ b/hapsigntool_cpp/codesigning/sign/include/code_signing.h @@ -63,6 +63,9 @@ public: bool SignNativeLibs(const std::string &input, std::string &ownerID); void UpdateCodeSignBlock(); bool GetNativeEntriesFromHap(const std::string& packageName, UnzipHandleParam& param); + bool GetSingleFileStreamFromZip(unzFile& zFile, char fileName[], + unz_file_info& zFileInfo, + int& readFileSize, std::stringbuf& sb); bool RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index); bool GenerateSignature(const std::vector& signedData, const std::string&, std::vector&); @@ -75,7 +78,10 @@ public: private: static bool CheckUnzParam(unzFile& zFile, unz_file_info& zFileInfo, char fileName[], size_t* nameLen); static bool CheckFileName(unzFile& zFile, char fileName[], size_t* nameLen); - bool HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, unz_global_info& zGlobalInfo, UnzipHandleParam& param); + bool HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, + unz_global_info& zGlobalInfo, UnzipHandleParam& param); + bool DoNativeLibVerify(std::string fileName, std::stringbuf& sb, + UnzipHandleParam& param, int readFileSize); bool DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& sb, UnzipHandleParam& param, int readFileSize); static constexpr int MAX_PROCESSORS = 32; diff --git a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp index a2fc2b8a..7760fa89 100644 --- a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp @@ -41,7 +41,6 @@ CodeSigning::CodeSigning(SignerConfig* signConfig) : mPools(new Uscript::ThreadP CodeSigning::CodeSigning() : mPools(new Uscript::ThreadPool(POOL_SIZE)) { - } bool CodeSigning::GetCodeSignBlock(const std::string &input, int64_t offset, @@ -268,34 +267,11 @@ bool CodeSigning::GetNativeEntriesFromHap(const std::string& packageName, UnzipH return true; } -bool CodeSigning::RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index) +bool CodeSigning::GetSingleFileStreamFromZip(unzFile &zFile, char fileName[], + unz_file_info &zFileInfo, + int &readFileSize, std::stringbuf &sb) { - unzFile zFile = unzOpen(packageName.c_str()); - if (zFile == NULL) { - PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "zlib open file: " + packageName + " failed."); - return false; - } - // get zipFile all paramets - unz_global_info zGlobalInfo; - int getRet = unzGetGlobalInfo(zFile, &zGlobalInfo); - if (getRet != UNZ_OK) { - PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib get global info failed."); - unzClose(zFile); - return false; - } - - for (uLong i = 0; i < index; ++i) { - int ret = unzGoToNextFile(zFile); - if (ret != UNZ_OK) { - unzClose(zFile); - return false; - } - } - char szReadBuffer[BUFFER_SIZE] = { 0 }; - unz_file_info zFileInfo; - char fileName[FILE_NAME_SIZE]; - if (memset_s(fileName, FILE_NAME_SIZE, 0, FILE_NAME_SIZE) != 0) { unzClose(zFile); return false; @@ -307,12 +283,10 @@ bool CodeSigning::RunParseZipInfo(const std::string& packageName, UnzipHandlePar } if (!CheckFileName(zFile, fileName, &nameLen)) { unzClose(zFile); - return true; + return false; } long fileLength = zFileInfo.uncompressed_size; - int readFileSize = 0; int nReadFileSize; - std::stringbuf sb; do { nReadFileSize = 0; if (memset_s(szReadBuffer, BUFFER_SIZE, 0, BUFFER_SIZE) != EOK) { @@ -333,24 +307,62 @@ bool CodeSigning::RunParseZipInfo(const std::string& packageName, UnzipHandlePar unzClose(zFile); return false; } + + unzCloseCurrentFile(zFile); + unzClose(zFile); + return true; +} + +bool CodeSigning::RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index) +{ + unzFile zFile = unzOpen(packageName.c_str()); + if (zFile == NULL) { + PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "zlib open file: " + packageName + " failed."); + return false; + } + // get zipFile all paramets + unz_global_info zGlobalInfo; + int getRet = unzGetGlobalInfo(zFile, &zGlobalInfo); + if (getRet != UNZ_OK) { + PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "zlib get global info failed."); + unzClose(zFile); + return false; + } + + for (uLong i = 0; i < index; ++i) { + int ret = unzGoToNextFile(zFile); + if (ret != UNZ_OK) { + unzClose(zFile); + return false; + } + } + + unz_file_info zFileInfo; + char fileName[FILE_NAME_SIZE]; + int readFileSize = 0; + std::stringbuf sb; + bool flag = GetSingleFileStreamFromZip(zFile, fileName, zFileInfo, readFileSize, sb); + if (!flag) { + return false; + } bool handleFlag = DoNativeLibSignOrVerify(std::string(fileName), sb, param, readFileSize); if (!handleFlag) { SIGNATURE_TOOLS_LOGE("%s native libs handle failed", fileName); unzClose(zFile); return false; } - unzCloseCurrentFile(zFile); - unzClose(zFile); + return true; } -bool CodeSigning::HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, unz_global_info& zGlobalInfo, - UnzipHandleParam& param) +bool CodeSigning::HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, + unz_global_info& zGlobalInfo, UnzipHandleParam& param) { std::vector> thread_results; SIGNATURE_TOOLS_LOGI("zGlobalInfo.number_entry = %lu", zGlobalInfo.number_entry); for (uLong i = 0; i < zGlobalInfo.number_entry; ++i) { - thread_results.push_back(mPools->Enqueue(&CodeSigning::RunParseZipInfo, this, std::ref(packageName), std::ref(param), i)); + thread_results.push_back(mPools->Enqueue(&CodeSigning::RunParseZipInfo, this, + std::ref(packageName), std::ref(param), i)); } bool result = true; @@ -364,12 +376,52 @@ bool CodeSigning::HandleZipGlobalInfo(const std::string& packageName, unzFile& z return true; } -bool CodeSigning::DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& sb, - UnzipHandleParam& param, int readFileSize) +bool CodeSigning::DoNativeLibVerify(std::string fileName, std::stringbuf& sb, + UnzipHandleParam& param, int readFileSize) { std::istream input(&sb); + CodeSignBlock csb = param.GetCodeSignBlock(); + std::vector& fileNames = csb.GetSoInfoSegment().GetFileNameList(); + bool isContainFileName = std::find(fileNames.begin(), fileNames.end(), fileName) != fileNames.end(); + if (!isContainFileName) { + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "verify signed file position failed, file: " + fileName); + return false; + } + for (int j = 0; j < csb.GetSoInfoSegment().GetSectionNum(); j++) { + SignInfo signInfo = csb.GetSoInfoSegment().GetSignInfoList()[j]; + std::string entryName = csb.GetSoInfoSegment().GetFileNameList()[j]; + std::vector entrySig = signInfo.GetSignature(); + std::string entrySigStr(entrySig.begin(), entrySig.end()); + if (fileName != entryName) { + continue; + } + if (readFileSize != signInfo.GetDataSize()) { + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Invalid dataSize of native lib"); + return false; + } + bool verifyFlag = VerifyCodeSignature::VerifySingleFile(input, readFileSize, entrySig, 0, + std::vector()); + if (!verifyFlag) { + return false; + } + std::ifstream* inputFile = (std::ifstream*)(&input); + inputFile->close(); + std::pair pairResult = param.GetPairResult(); + bool checkOwnerIDFlag = CmsUtils::CheckOwnerID(entrySigStr, pairResult.first, pairResult.second); + if (!checkOwnerIDFlag) { + return false; + } + } + return true; +} + +bool CodeSigning::DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& sb, + UnzipHandleParam& param, int readFileSize) +{ bool isSign = param.IsSign(); if (isSign) { + std::istream input(&sb); std::string ownerID = param.GetOwnerID(); std::pair> pairSignInfoAndMerkleTreeBytes; bool signFileFlag = SignFile(input, readFileSize, false, 0, ownerID, pairSignInfoAndMerkleTreeBytes); @@ -380,41 +432,11 @@ bool CodeSigning::DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& std::vector> &ret = param.GetRet(); ret.push_back(std::make_pair(fileName, pairSignInfoAndMerkleTreeBytes.first)); m_mutex.unlock(); - } else { - CodeSignBlock csb = param.GetCodeSignBlock(); - std::vector& fileNames = csb.GetSoInfoSegment().GetFileNameList(); - bool isContainFileName = std::find(fileNames.begin(), fileNames.end(), fileName) != fileNames.end(); - if (!isContainFileName) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "verify signed file position failed, file: " + fileName); + bool flag = DoNativeLibVerify(fileName, sb, param, readFileSize); + if (!flag) { return false; } - for (int j = 0; j < csb.GetSoInfoSegment().GetSectionNum(); j++) { - SignInfo signInfo = csb.GetSoInfoSegment().GetSignInfoList()[j]; - std::string entryName = csb.GetSoInfoSegment().GetFileNameList()[j]; - std::vector entrySig = signInfo.GetSignature(); - std::string entrySigStr(entrySig.begin(), entrySig.end()); - if (fileName != entryName) { - continue; - } - if (readFileSize != signInfo.GetDataSize()) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Invalid dataSize of native lib"); - return false; - } - bool verifyFlag = VerifyCodeSignature::VerifySingleFile(input, readFileSize, entrySig, 0, - std::vector()); - if (!verifyFlag) { - return false; - } - std::ifstream* inputFile = (std::ifstream*)(&input); - inputFile->close(); - std::pair pairResult = param.GetPairResult(); - bool checkOwnerIDFlag = CmsUtils::CheckOwnerID(entrySigStr, pairResult.first, pairResult.second); - if (!checkOwnerIDFlag) { - return false; - } - } } return true; } diff --git a/hapsigntool_cpp/profile/include/pkcs7_data.h b/hapsigntool_cpp/profile/include/pkcs7_data.h index 43eda51a..83c22bc8 100644 --- a/hapsigntool_cpp/profile/include/pkcs7_data.h +++ b/hapsigntool_cpp/profile/include/pkcs7_data.h @@ -46,6 +46,14 @@ struct std::equal_to { } }; +/* all cert is put into one bottle */ +template<> +struct std::hash { + size_t operator()(const X509* cert)const { + return 0; + } +}; + namespace OHOS { namespace SignatureTools { #define PKCS7_NODETACHED_FLAGS (PKCS7_BINARY | PKCS7_NOVERIFY) diff --git a/hapsigntool_cpp/profile/src/profile_verify.cpp b/hapsigntool_cpp/profile/src/profile_verify.cpp index 4540918f..22b4c3ab 100644 --- a/hapsigntool_cpp/profile/src/profile_verify.cpp +++ b/hapsigntool_cpp/profile/src/profile_verify.cpp @@ -250,7 +250,7 @@ static AppProvisionVerifyResult CheckProfileValidType(ProfileInfo& info) } } else { PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, - "Require build type must be debug or release"); + "Require build type must be debug or release"); return PROVISION_INVALID; } return PROVISION_OK; -- Gitee From 5521b62f5914f64e284318ca7494267b03c8e746 Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Thu, 25 Jul 2024 17:40:12 +0800 Subject: [PATCH 3/8] add Signed-off-by: zhanzeyi --- hapsigntool_cpp/codesigning/sign/src/code_signing.cpp | 2 +- hapsigntool_cpp/profile/include/pkcs7_data.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp index 7760fa89..72301640 100644 --- a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp @@ -362,7 +362,7 @@ bool CodeSigning::HandleZipGlobalInfo(const std::string& packageName, unzFile& z SIGNATURE_TOOLS_LOGI("zGlobalInfo.number_entry = %lu", zGlobalInfo.number_entry); for (uLong i = 0; i < zGlobalInfo.number_entry; ++i) { thread_results.push_back(mPools->Enqueue(&CodeSigning::RunParseZipInfo, this, - std::ref(packageName), std::ref(param), i)); + std::ref(packageName), std::ref(param), i)); } bool result = true; diff --git a/hapsigntool_cpp/profile/include/pkcs7_data.h b/hapsigntool_cpp/profile/include/pkcs7_data.h index 83c22bc8..f0c66bb3 100644 --- a/hapsigntool_cpp/profile/include/pkcs7_data.h +++ b/hapsigntool_cpp/profile/include/pkcs7_data.h @@ -49,7 +49,8 @@ struct std::equal_to { /* all cert is put into one bottle */ template<> struct std::hash { - size_t operator()(const X509* cert)const { + size_t operator()(const X509* cert)const + { return 0; } }; -- Gitee From c67aaf7a8abf6ba71e772014b64def779f6b6e83 Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Thu, 25 Jul 2024 20:09:32 +0800 Subject: [PATCH 4/8] update Signed-off-by: zhanzeyi --- .../hap/provider/src/remote_sign_provider.cpp | 12 ++++++------ hapsigntool_cpp/profile/src/profile_verify.cpp | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index 23b3a146..7961ec41 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -66,28 +66,28 @@ bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* c bool ret = true; if (inputCert == nullptr || certInProfile == nullptr) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, param error"); + "The cert is empty"); return false; } X509_NAME* subject1 = X509_get_subject_name(inputCert); X509_NAME* subject2 = X509_get_subject_name(certInProfile); if (X509_NAME_cmp(subject1, subject2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, subject name is not equal"); + "The subject does not match!"); return false; } X509_NAME* issuer1 = X509_get_issuer_name(inputCert); X509_NAME* issuer2 = X509_get_issuer_name(certInProfile); if (X509_NAME_cmp(issuer1, issuer2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, issuer name is not equal"); + "The issuer name does not match!"); return false; } ASN1_INTEGER* serial1 = X509_get_serialNumber(inputCert); ASN1_INTEGER* serial2 = X509_get_serialNumber(certInProfile); if (ASN1_INTEGER_cmp(serial1, serial2) != 0) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, serial Number is not equal"); + "serial number does not match!"); return false; } EVP_PKEY* pkey1 = X509_get_pubkey(inputCert); @@ -96,12 +96,12 @@ bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* c EVP_PKEY_free(pkey1); EVP_PKEY_free(pkey2); PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed, pubkey is not equal"); + "The public key does not match!"); return false; } if (!pkey1 || !pkey2) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "Check Input Cert Match With Profile failed,have key is null"); + "The public key is null!"); ret = false; } if (pkey1) EVP_PKEY_free(pkey1); diff --git a/hapsigntool_cpp/profile/src/profile_verify.cpp b/hapsigntool_cpp/profile/src/profile_verify.cpp index 22b4c3ab..241b2efa 100644 --- a/hapsigntool_cpp/profile/src/profile_verify.cpp +++ b/hapsigntool_cpp/profile/src/profile_verify.cpp @@ -250,7 +250,7 @@ static AppProvisionVerifyResult CheckProfileValidType(ProfileInfo& info) } } else { PrintErrorNumberMsg("PROVISION_INVALID_ERROR", PROVISION_INVALID_ERROR, - "Require build type must be debug or release"); + "The type field in the profile file is incorrect"); return PROVISION_INVALID; } return PROVISION_OK; -- Gitee From 930a05eea20d90f89f35d7cbf96fb9b3b0cf3dc6 Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Thu, 25 Jul 2024 20:20:36 +0800 Subject: [PATCH 5/8] update Signed-off-by: zhanzeyi --- hapsigntool_cpp/api/src/sign_tool_service_impl.cpp | 4 ++-- hapsigntool_cpp/cmd/src/cmd_util.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp index a1ccbeca..55c92fe3 100644 --- a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp +++ b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp @@ -332,7 +332,7 @@ bool SignToolServiceImpl::OutputString(std::string content, std::string file) bool SignToolServiceImpl::X509CertVerify(X509* cert, EVP_PKEY* privateKey) { if (!X509_verify(cert, privateKey)) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "private key verify cert failed!"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "verify cert failed!"); return false; } return true; @@ -688,7 +688,7 @@ bool SignToolServiceImpl::VerifyHapSigner(Options* option) PrintMsg("bin verify successed!"); return true; } else { - PrintErrorNumberMsg("NOT_SUPPORT_ERROR", NOT_SUPPORT_ERROR, "This requirement was not implemented !"); + PrintErrorNumberMsg("NOT_SUPPORT_ERROR", NOT_SUPPORT_ERROR, "Unsupported inForm!"); return false; } } diff --git a/hapsigntool_cpp/cmd/src/cmd_util.cpp b/hapsigntool_cpp/cmd/src/cmd_util.cpp index e6088817..87441d38 100644 --- a/hapsigntool_cpp/cmd/src/cmd_util.cpp +++ b/hapsigntool_cpp/cmd/src/cmd_util.cpp @@ -375,7 +375,7 @@ bool CmdUtil::Convert2Params(char** args, const size_t size, const ParamsSharedP } if (!readKey) { PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, - "The last command-line parameters, value, cannot be omitted"); + "The last command-line parameters value cannot be omitted"); return false; } if (!UpdateParam(param)) { -- Gitee From fc798e3377aae7a5d32c5d4203779630fa093bb1 Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Fri, 26 Jul 2024 11:17:49 +0800 Subject: [PATCH 6/8] update Signed-off-by: zhanzeyi --- .../codesigning/datastructure/src/elf_sign_block.cpp | 8 ++++---- .../datastructure/src/fs_verity_info_segment.cpp | 10 +++++----- .../codesigning/datastructure/src/hap_info_segment.cpp | 6 +++--- .../datastructure/src/native_lib_info_segment.cpp | 6 +++--- .../codesigning/fsverity/src/fs_verity_descriptor.cpp | 4 ++-- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp b/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp index a162fc54..f8615247 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/elf_sign_block.cpp @@ -84,7 +84,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi bf->GetInt32(inTreeType); if (MERKLE_TREE_INLINED != inTreeType) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong merkle tree type in the ElfSignBlock"); + "Merkle tree type in elf signature block is incorrect"); return false; } int32_t inTreeLength = 0; @@ -95,7 +95,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi bf->GetInt32(inFsdType); if (FsVerityDescriptor::FS_VERITY_DESCRIPTOR_TYPE != inFsdType) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong fs-verify descriptor type in the ElfSignBlock"); + "The FS descriptor type in elf signature block is incorrect"); return false; } int32_t inFsdLength = 0; @@ -104,7 +104,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi if (bytes.size() != FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inTreeLength + FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inFsdLength) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong signature length in the ElfSignBlock"); + "The signature length in the elf signature block is incorrect"); return false; } std::vector fsdArray(FsVerityDescriptor::DESCRIPTOR_SIZE); @@ -112,7 +112,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi FsVerityDescriptor fsd = FsVerityDescriptor::FromByteArray(fsdArray); if (inFsdLength != fsd.GetSignSize() + FsVerityDescriptor::DESCRIPTOR_SIZE) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong signed size in the ElfSignBlock"); + "The signed size in the elf signature block is incorrect"); return false; } std::vector inSignature(inFsdLength - FsVerityDescriptor::DESCRIPTOR_SIZE); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp index 6db15881..12d41108 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp @@ -66,7 +66,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector { if (bytes.size() != FS_VERITY_INFO_SEGMENT_SIZE) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong signed size in the FsVerityInfoSegment"); + "The signed size in the FS info is incorrect"); return FsVerityInfoSegment(); } @@ -77,7 +77,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt32(inMagic); if (inMagic != MAGIC) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong magic number in the FsVerityInfoSegment"); + "The magic number in the FS info is incorrect"); return FsVerityInfoSegment(); } @@ -85,7 +85,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt8(inVersion); if (inVersion != FsVerityDescriptor::VERSION) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong version in the FsVerityInfoSegment"); + "The version in the FS info is incorrect"); return FsVerityInfoSegment(); } @@ -93,7 +93,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt8(inHashAlgorithm); if (inHashAlgorithm != FsVerityGenerator::GetFsVerityHashAlgorithm()) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong hashAlgorithm in the FsVerityInfoSegment"); + "The hash algorithm in the FS info is incorrect"); return FsVerityInfoSegment(); } @@ -101,7 +101,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt8(inLog2BlockSize); if (inLog2BlockSize != FsVerityGenerator::GetLog2BlockSize()) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong log2BlockSize in the FsVerityInfoSegment"); + "The log block size in the FS info is incorrect"); return FsVerityInfoSegment(); } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp index d211026e..a5f30e50 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp @@ -66,12 +66,12 @@ HapInfoSegment HapInfoSegment::FromByteArray(std::vector& bytes) bf->GetInt32(inMagic); if (inMagic != HapInfoSegment::MAGIC_NUM) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong magic number in the HapInfoSegment."); + "The magic number in the hap info is incorrect."); return HapInfoSegment(); } if (bytes.size() <= HapInfoSegment::MAGIC_NUM_BYTES) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong bytes size in the HapInfoSegment."); + "The bytes size in the hap info is incorrect."); return HapInfoSegment(); } std::vector hapSignInfoByteArray(bytes.size() - HapInfoSegment::MAGIC_NUM_BYTES); @@ -84,7 +84,7 @@ HapInfoSegment HapInfoSegment::FromByteArray(std::vector& bytes) } if (inHapSignInfo.GetExtensionNum() != SignInfo::MAX_EXTENSION_NUM) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong extensionNum in the HapInfoSegment."); + "The extension number in the hap info segment is incorrect."); return HapInfoSegment(); } return HapInfoSegment(inMagic, inHapSignInfo); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp index 156b08c5..f84cd596 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp @@ -161,19 +161,19 @@ bool NativeLibInfoSegment::CheckBuffer(ByteBuffer* bf, int32_t& inMagic, int32_t bf->GetInt32(inMagic); if (inMagic != MAGIC_NUM) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong magic number in the NativeLibInfoSegment"); + "The magic number in native lib info is incorrect."); return false; } bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong segmentSize in the NativeLibInfoSegment"); + "The segment size in native lib info is incorrect."); return false; } bf->GetInt32(inSectionNum); if (inSectionNum < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong sectionNum in the NativeLibInfoSegment"); + "The section number in native lib info is incorrect."); return false; } return true; diff --git a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp index b607bd82..bee490dd 100644 --- a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp +++ b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp @@ -31,7 +31,7 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) bf->GetInt8(inFsVersion); if (FsVerityDescriptor::VERSION != inFsVersion) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong fs-verify descriptor version in the ElfSignBlock"); + "The FS descriptor version in elf signature block is incorrect"); return builder->Build(); } int8_t inFsHashAlgorithm; @@ -59,7 +59,7 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) bf->GetInt64(inTreeOffset); if (inTreeOffset % PAGE_SIZE_4K != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed data has the wrong merkle tree offset in the ElfSignBlock"); + "The offset of merkle tree in elf signature block is incorrect"); return builder->Build(); } int8_t reserve[FsVerityDescriptor::RESERVED_SIZE_AFTER_TREE_OFFSET]; -- Gitee From 0d7f30264b9f295097c1f30c979c5cb7b96ac3dc Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Fri, 26 Jul 2024 11:34:30 +0800 Subject: [PATCH 7/8] add Signed-off-by: zhanzeyi --- .../datastructure/src/code_sign_block_header.cpp | 12 ++++++------ .../datastructure/src/merkle_tree_extension.cpp | 4 ++-- .../datastructure/src/native_lib_info_segment.cpp | 2 +- .../codesigning/datastructure/src/segment_header.cpp | 6 +++--- .../codesigning/datastructure/src/sign_info.cpp | 4 ++-- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp index 9262bf87..8333a38e 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp @@ -79,8 +79,8 @@ CodeSignBlockHeader* CodeSignBlockHeader::FromByteArray(const std::vector(FLAG_MERKLE_TREE_INLINED + FLAG_NATIVE_LIB_INCLUDED)) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed package has the wrong flag in the CodeSignBlockHeader."); + "The flag in the code signature block header is incorrect."); return nullptr; } std::vector inReserved(RESERVED_BYTE_ARRAY_LENGTH); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp index 381abf22..037f6bb0 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp @@ -78,14 +78,14 @@ MerkleTreeExtension* MerkleTreeExtension::FromByteArray(std::vector& byt bf->GetInt64(inMerkleTreeSize); if (inMerkleTreeSize % PAGE_SIZE_4K != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed package's merkletree size is not an integer multiple of 4096"); + "The merkletree size is not an integer multiple of 4096"); return nullptr; } int64_t inMerkleTreeOffset = 0; bf->GetInt64(inMerkleTreeOffset); if (inMerkleTreeOffset % PAGE_SIZE_4K != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed package's merkletree offset is not an integer multiple of 4096"); + "The merkletree offset is not an integer multiple of 4096"); return nullptr; } std::vector inRootHash(ROOT_HASH_SIZE); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp index f84cd596..ff98bf42 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp @@ -143,7 +143,7 @@ NativeLibInfoSegment NativeLibInfoSegment::FromByteArray(std::vector &by for (SignedFilePos &pos : inSignedFilePosList) { if (pos.GetSignInfoOffset() % ALIGNMENT_FOR_SIGNINFO != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The native lib's sign info offset is not an integer multiple of 4"); + "The offset in signature info is not an integer multiple of 4"); return NativeLibInfoSegment(); } std::vector signInfoBuffer(pos.GetSignInfoSize()); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp index 09ef3f4a..6551db25 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp @@ -68,7 +68,7 @@ void SegmentHeader::ToByteArray(std::vector &ret) std::unique_ptr SegmentHeader::FromByteArray(std::vector bytes) { if (bytes.size() != SEGMENT_HEADER_LENGTH) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package has the wrong flag in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The flag in the header segment is incorrect."); return std::unique_ptr(); } std::unique_ptr bf = std::make_unique(ByteBuffer(SEGMENT_HEADER_LENGTH)); @@ -78,7 +78,7 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector bf->GetInt32(inType); if ((inType != CSB_FSVERITY_INFO_SEG) && (inType != CSB_HAP_META_SEG) && (inType != CSB_NATIVE_LIB_INFO_SEG)) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The signed package has the wrong type in the SegmentHeader"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The type in the header segment is incorrect."); return std::unique_ptr(); } int32_t inSegmentOffset = 0; @@ -88,7 +88,7 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed package has the wrong segmentsize in the SegmentHeader"); + "The segment size in the header is incorrect."); return std::unique_ptr(); } return std::make_unique(inType, inSegmentOffset, inSegmentSize); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp index 4f234695..499f7856 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp @@ -201,14 +201,14 @@ std::vector SignInfo::ParseMerkleTreeExtension(ByteBuffer* bf->GetInt32(extensionType); if (extensionType != MerkleTreeExtension::MERKLE_TREE_INLINED) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed package has the wrong extensionType in the SignInfo"); + "The extension type in the signature info is incorrect."); return inExtensionList; } int32_t extensionSize = 0; bf->GetInt32(extensionSize); if (extensionSize != MerkleTreeExtension::MERKLE_TREE_EXTENSION_DATA_SIZE) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed package has the wrong extensionSize in the SignInfo"); + "The extension size in the signature info is incorrect."); return inExtensionList; } std::vector merkleTreeExtension(MerkleTreeExtension::MERKLE_TREE_EXTENSION_DATA_SIZE, 0); -- Gitee From 6acff7e998a15c7d26ea7ec5ee64ae49735bda83 Mon Sep 17 00:00:00 2001 From: zhanzeyi Date: Fri, 26 Jul 2024 12:05:25 +0800 Subject: [PATCH 8/8] add Signed-off-by: zhanzeyi --- hapsigntool_cpp/api/src/sign_tool_service_impl.cpp | 2 +- hapsigntool_cpp/cmd/src/cmd_util.cpp | 2 +- .../datastructure/src/code_sign_block_header.cpp | 3 +-- .../codesigning/datastructure/src/elf_sign_block.cpp | 8 ++++---- .../datastructure/src/fs_verity_info_segment.cpp | 10 +++++----- .../codesigning/datastructure/src/hap_info_segment.cpp | 8 ++++---- .../datastructure/src/merkle_tree_extension.cpp | 4 ++-- .../datastructure/src/native_lib_info_segment.cpp | 8 ++++---- .../codesigning/datastructure/src/segment_header.cpp | 6 +++--- .../codesigning/datastructure/src/sign_info.cpp | 4 ++-- .../codesigning/fsverity/src/fs_verity_descriptor.cpp | 4 ++-- hapsigntool_cpp/codesigning/sign/src/code_signing.cpp | 2 +- .../hap/provider/src/remote_sign_provider.cpp | 2 +- 13 files changed, 31 insertions(+), 32 deletions(-) diff --git a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp index 55c92fe3..e38dff4c 100644 --- a/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp +++ b/hapsigntool_cpp/api/src/sign_tool_service_impl.cpp @@ -332,7 +332,7 @@ bool SignToolServiceImpl::OutputString(std::string content, std::string file) bool SignToolServiceImpl::X509CertVerify(X509* cert, EVP_PKEY* privateKey) { if (!X509_verify(cert, privateKey)) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "verify cert failed!"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Verify certificate failed!"); return false; } return true; diff --git a/hapsigntool_cpp/cmd/src/cmd_util.cpp b/hapsigntool_cpp/cmd/src/cmd_util.cpp index 87441d38..6aaf81a8 100644 --- a/hapsigntool_cpp/cmd/src/cmd_util.cpp +++ b/hapsigntool_cpp/cmd/src/cmd_util.cpp @@ -375,7 +375,7 @@ bool CmdUtil::Convert2Params(char** args, const size_t size, const ParamsSharedP } if (!readKey) { PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, - "The last command-line parameters value cannot be omitted"); + "The last value of parameter cannot be omitted"); return false; } if (!UpdateParam(param)) { diff --git a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp index 8333a38e..949fa8f1 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/code_sign_block_header.cpp @@ -79,8 +79,7 @@ CodeSignBlockHeader* CodeSignBlockHeader::FromByteArray(const std::vector& bytes, ElfSignBlock& elfSi bf->GetInt32(inTreeType); if (MERKLE_TREE_INLINED != inTreeType) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "Merkle tree type in elf signature block is incorrect"); + "The merkle tree type of elf signature block is incorrect"); return false; } int32_t inTreeLength = 0; @@ -95,7 +95,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi bf->GetInt32(inFsdType); if (FsVerityDescriptor::FS_VERITY_DESCRIPTOR_TYPE != inFsdType) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The FS descriptor type in elf signature block is incorrect"); + "The FS descriptor type of elf signature block is incorrect"); return false; } int32_t inFsdLength = 0; @@ -104,7 +104,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi if (bytes.size() != FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inTreeLength + FsVerityDescriptorWithSign::INTEGER_BYTES * tmpVariable + inFsdLength) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signature length in the elf signature block is incorrect"); + "The signature length of the elf signature block is incorrect"); return false; } std::vector fsdArray(FsVerityDescriptor::DESCRIPTOR_SIZE); @@ -112,7 +112,7 @@ bool ElfSignBlock::FromByteArray(std::vector& bytes, ElfSignBlock& elfSi FsVerityDescriptor fsd = FsVerityDescriptor::FromByteArray(fsdArray); if (inFsdLength != fsd.GetSignSize() + FsVerityDescriptor::DESCRIPTOR_SIZE) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed size in the elf signature block is incorrect"); + "The signed size of the elf signature block is incorrect"); return false; } std::vector inSignature(inFsdLength - FsVerityDescriptor::DESCRIPTOR_SIZE); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp index 12d41108..cb29cc69 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/fs_verity_info_segment.cpp @@ -66,7 +66,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector { if (bytes.size() != FS_VERITY_INFO_SEGMENT_SIZE) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The signed size in the FS info is incorrect"); + "The signed size of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } @@ -77,7 +77,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt32(inMagic); if (inMagic != MAGIC) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The magic number in the FS info is incorrect"); + "The magic number of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } @@ -85,7 +85,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt8(inVersion); if (inVersion != FsVerityDescriptor::VERSION) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The version in the FS info is incorrect"); + "The version of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } @@ -93,7 +93,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt8(inHashAlgorithm); if (inHashAlgorithm != FsVerityGenerator::GetFsVerityHashAlgorithm()) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The hash algorithm in the FS info is incorrect"); + "The hash algorithm of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } @@ -101,7 +101,7 @@ FsVerityInfoSegment FsVerityInfoSegment::FromByteArray(const std::vector bf.GetInt8(inLog2BlockSize); if (inLog2BlockSize != FsVerityGenerator::GetLog2BlockSize()) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The log block size in the FS info is incorrect"); + "The log block size of FsVerityInfoSegment is incorrect"); return FsVerityInfoSegment(); } diff --git a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp index a5f30e50..9618e0f9 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/hap_info_segment.cpp @@ -66,12 +66,12 @@ HapInfoSegment HapInfoSegment::FromByteArray(std::vector& bytes) bf->GetInt32(inMagic); if (inMagic != HapInfoSegment::MAGIC_NUM) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The magic number in the hap info is incorrect."); + "The magic number of HapInfoSegment is incorrect."); return HapInfoSegment(); } if (bytes.size() <= HapInfoSegment::MAGIC_NUM_BYTES) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The bytes size in the hap info is incorrect."); + "The bytes size of HapInfoSegment is incorrect."); return HapInfoSegment(); } std::vector hapSignInfoByteArray(bytes.size() - HapInfoSegment::MAGIC_NUM_BYTES); @@ -79,12 +79,12 @@ HapInfoSegment HapInfoSegment::FromByteArray(std::vector& bytes) SignInfo inHapSignInfo = SignInfo::FromByteArray(hapSignInfoByteArray); if (inHapSignInfo.GetDataSize() % HapInfoSegment::CHUNK_SIZE != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "Invalid dataSize, the dataSize is not an integer multiple of 4096."); + "Invalid dataSize, the dataSize must be an integer multiple of 4096."); return HapInfoSegment(); } if (inHapSignInfo.GetExtensionNum() != SignInfo::MAX_EXTENSION_NUM) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The extension number in the hap info segment is incorrect."); + "The extension number of HapInfoSegment is incorrect."); return HapInfoSegment(); } return HapInfoSegment(inMagic, inHapSignInfo); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp index 037f6bb0..e383af05 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/merkle_tree_extension.cpp @@ -78,14 +78,14 @@ MerkleTreeExtension* MerkleTreeExtension::FromByteArray(std::vector& byt bf->GetInt64(inMerkleTreeSize); if (inMerkleTreeSize % PAGE_SIZE_4K != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The merkletree size is not an integer multiple of 4096"); + "The merkletree size must be an integer multiple of 4096"); return nullptr; } int64_t inMerkleTreeOffset = 0; bf->GetInt64(inMerkleTreeOffset); if (inMerkleTreeOffset % PAGE_SIZE_4K != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The merkletree offset is not an integer multiple of 4096"); + "The merkletree offset must be an integer multiple of 4096"); return nullptr; } std::vector inRootHash(ROOT_HASH_SIZE); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp index ff98bf42..79ba1d95 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/native_lib_info_segment.cpp @@ -143,7 +143,7 @@ NativeLibInfoSegment NativeLibInfoSegment::FromByteArray(std::vector &by for (SignedFilePos &pos : inSignedFilePosList) { if (pos.GetSignInfoOffset() % ALIGNMENT_FOR_SIGNINFO != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The offset in signature info is not an integer multiple of 4"); + "The offset of signature information must be an integer multiple of 4"); return NativeLibInfoSegment(); } std::vector signInfoBuffer(pos.GetSignInfoSize()); @@ -161,19 +161,19 @@ bool NativeLibInfoSegment::CheckBuffer(ByteBuffer* bf, int32_t& inMagic, int32_t bf->GetInt32(inMagic); if (inMagic != MAGIC_NUM) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The magic number in native lib info is incorrect."); + "The magic number of NativeLibInfoSegment is incorrect."); return false; } bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The segment size in native lib info is incorrect."); + "The segment size of NativeLibInfoSegment is incorrect."); return false; } bf->GetInt32(inSectionNum); if (inSectionNum < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The section number in native lib info is incorrect."); + "The section number of NativeLibInfoSegment is incorrect."); return false; } return true; diff --git a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp index 6551db25..9bb0e855 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/segment_header.cpp @@ -68,7 +68,7 @@ void SegmentHeader::ToByteArray(std::vector &ret) std::unique_ptr SegmentHeader::FromByteArray(std::vector bytes) { if (bytes.size() != SEGMENT_HEADER_LENGTH) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The flag in the header segment is incorrect."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The flag of SegmentHeader is incorrect."); return std::unique_ptr(); } std::unique_ptr bf = std::make_unique(ByteBuffer(SEGMENT_HEADER_LENGTH)); @@ -78,7 +78,7 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector bf->GetInt32(inType); if ((inType != CSB_FSVERITY_INFO_SEG) && (inType != CSB_HAP_META_SEG) && (inType != CSB_NATIVE_LIB_INFO_SEG)) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The type in the header segment is incorrect."); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The type of SegmentHeader is incorrect."); return std::unique_ptr(); } int32_t inSegmentOffset = 0; @@ -88,7 +88,7 @@ std::unique_ptr SegmentHeader::FromByteArray(std::vector bf->GetInt32(inSegmentSize); if (inSegmentSize < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The segment size in the header is incorrect."); + "The segment size of SegmentHeader is incorrect."); return std::unique_ptr(); } return std::make_unique(inType, inSegmentOffset, inSegmentSize); diff --git a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp index 499f7856..d99b04bd 100644 --- a/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp +++ b/hapsigntool_cpp/codesigning/datastructure/src/sign_info.cpp @@ -201,14 +201,14 @@ std::vector SignInfo::ParseMerkleTreeExtension(ByteBuffer* bf->GetInt32(extensionType); if (extensionType != MerkleTreeExtension::MERKLE_TREE_INLINED) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The extension type in the signature info is incorrect."); + "The extension type of SignInfo is incorrect."); return inExtensionList; } int32_t extensionSize = 0; bf->GetInt32(extensionSize); if (extensionSize != MerkleTreeExtension::MERKLE_TREE_EXTENSION_DATA_SIZE) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The extension size in the signature info is incorrect."); + "The extension size of SignInfo is incorrect."); return inExtensionList; } std::vector merkleTreeExtension(MerkleTreeExtension::MERKLE_TREE_EXTENSION_DATA_SIZE, 0); diff --git a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp index bee490dd..bb963fa7 100644 --- a/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp +++ b/hapsigntool_cpp/codesigning/fsverity/src/fs_verity_descriptor.cpp @@ -31,7 +31,7 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) bf->GetInt8(inFsVersion); if (FsVerityDescriptor::VERSION != inFsVersion) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The FS descriptor version in elf signature block is incorrect"); + "The FS descriptor version of FsVerityDescriptor is incorrect"); return builder->Build(); } int8_t inFsHashAlgorithm; @@ -59,7 +59,7 @@ FsVerityDescriptor FsVerityDescriptor::FromByteArray(std::vector& bytes) bf->GetInt64(inTreeOffset); if (inTreeOffset % PAGE_SIZE_4K != 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The offset of merkle tree in elf signature block is incorrect"); + "The offset of merkle tree of FsVerityDescriptor is incorrect"); return builder->Build(); } int8_t reserve[FsVerityDescriptor::RESERVED_SIZE_AFTER_TREE_OFFSET]; diff --git a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp index 72301640..646e0d0b 100644 --- a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp @@ -114,7 +114,7 @@ uint32_t CodeSigning::ComputeDataSize(ZipSigner& zip) } if ((dataSize % CodeSignBlock::PAGE_SIZE_4K) != 0) { PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, - "Invalid dataSize, the dataSize is not an integer multiple of 4096"); + "Invalid dataSize, the dataSize must be an integer multiple of 4096"); return -1; } return dataSize; diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index 7961ec41..55b70ecc 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -66,7 +66,7 @@ bool RemoteSignProvider::CheckInputCertMatchWithProfile(X509* inputCert, X509* c bool ret = true; if (inputCert == nullptr || certInProfile == nullptr) { PrintErrorNumberMsg("CERTIFICATE_ERROR", CERTIFICATE_ERROR, - "The cert is empty"); + "The certificate is empty"); return false; } X509_NAME* subject1 = X509_get_subject_name(inputCert); -- Gitee