From 11d53cebe5cc0a0c05f91c81a82e83efd8464ceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=8F=E6=97=8B=E9=A3=8Elc?= Date: Wed, 23 Oct 2024 15:21:46 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=B6=88=E9=99=A4=E5=BE=AA=E7=8E=AF?= =?UTF-8?q?=E4=BE=9D=E8=B5=96=20Signed-off-by:=20liuchang=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Iadfc3a70fe041195243deac7aa6b166b3dcc9a85 --- hapsigntool_cpp/BUILD.gn | 4 +- hapsigntool_cpp/api/include/cert_tools.h | 4 +- hapsigntool_cpp/api/src/cert_tools.cpp | 59 ++-- hapsigntool_cpp/cmd/signature_tools_cmd.gni | 2 +- .../sign/src/bc_signeddata_generator.cpp | 8 +- .../codesigning/sign/src/code_signing.cpp | 10 +- .../utils/include/fs_digest_utils.h | 5 + .../codesigning/utils/src/fs_digest_utils.cpp | 8 +- .../common/include/digest_common.h | 64 +++++ .../include/localization_adapter.h | 3 +- .../{cmd => common}/include/options.h | 0 .../include/signature_tools_errno.h | 0 .../include/signature_tools_log.h | 0 .../common/signature_tools_common.gni | 3 + .../common/src/byte_buffer_data_source.cpp | 5 +- hapsigntool_cpp/common/src/digest_common.cpp | 173 ++++++++++++ .../src/localization_adapter.cpp | 4 +- .../{cmd => common}/src/options.cpp | 0 .../common/src/random_access_file.cpp | 5 +- .../hap/config/src/signer_config.cpp | 14 +- .../provider/include/remote_sign_provider.h | 4 +- .../hap/provider/src/remote_sign_provider.cpp | 18 +- .../hap/sign/src/bc_pkcs7_generator.cpp | 7 +- hapsigntool_cpp/hap/sign/src/sign_hap.cpp | 3 +- hapsigntool_cpp/hap/signature_tools_hap.gni | 1 + .../utils/include/dynamic_library_handle.h | 34 +++ .../hap/utils/src/dynamic_library_handle.cpp | 29 ++ .../hap/verify/include/verify_hap.h | 1 + hapsigntool_cpp/hap/verify/src/verify_hap.cpp | 28 +- .../signer/include/signer_factory.h | 1 - hapsigntool_cpp/signer/src/signer_factory.cpp | 7 +- .../utils/include/verify_hap_openssl_utils.h | 36 +-- .../utils/src/hap_signer_block_utils.cpp | 17 +- .../utils/src/verify_hap_openssl_utils.cpp | 264 +++++++++--------- 34 files changed, 599 insertions(+), 222 deletions(-) create mode 100644 hapsigntool_cpp/common/include/digest_common.h rename hapsigntool_cpp/{api => common}/include/localization_adapter.h (98%) rename hapsigntool_cpp/{cmd => common}/include/options.h (100%) rename hapsigntool_cpp/{utils => common}/include/signature_tools_errno.h (100%) rename hapsigntool_cpp/{utils => common}/include/signature_tools_log.h (100%) create mode 100644 hapsigntool_cpp/common/src/digest_common.cpp rename hapsigntool_cpp/{api => common}/src/localization_adapter.cpp (98%) rename hapsigntool_cpp/{cmd => common}/src/options.cpp (100%) create mode 100644 hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h create mode 100644 hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp diff --git a/hapsigntool_cpp/BUILD.gn b/hapsigntool_cpp/BUILD.gn index 9711a538..3aee7059 100644 --- a/hapsigntool_cpp/BUILD.gn +++ b/hapsigntool_cpp/BUILD.gn @@ -49,7 +49,7 @@ signature_tools_main_include = [ signature_tools_main_src = [ "main.cpp", - "${signature_tools_api}/src/localization_adapter.cpp", + #"${signature_tools_common}/src/localization_adapter.cpp", "${signature_tools_api}/src/sign_tool_service_impl.cpp", "${signature_tools_api}/src/cert_tools.cpp", "${signature_tools_signer}/src/signer_factory.cpp", @@ -106,7 +106,7 @@ ohos_executable("hap-sign-tool") { ] install_images = [ "system" ] - install_enable = true + install_enable = false part_name = "hapsigner" subsystem_name = "developtools" } diff --git a/hapsigntool_cpp/api/include/cert_tools.h b/hapsigntool_cpp/api/include/cert_tools.h index bf34fded..fa18f09d 100644 --- a/hapsigntool_cpp/api/include/cert_tools.h +++ b/hapsigntool_cpp/api/include/cert_tools.h @@ -14,6 +14,7 @@ */ #ifndef SIGNATRUETOOLS_CERT_TOOLS_H #define SIGNATRUETOOLS_CERT_TOOLS_H +#include #include "cert_dn_utils.h" #include "openssl/x509v3.h" @@ -63,7 +64,8 @@ public: static bool SetExpandedInformation(X509* cert, Options* options); static bool SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr, X509_REQ* certReq, EVP_PKEY* keyPair, Options* options); - static bool PrintCertChainToCmd(std::vector& certChain); + static bool String2Bool(Options* options, const std::string& option); + //static bool PrintCertChainToCmd(std::vector& certChain); CertTools() = default; ~CertTools() = default; }; diff --git a/hapsigntool_cpp/api/src/cert_tools.cpp b/hapsigntool_cpp/api/src/cert_tools.cpp index cbb0719c..91930f14 100644 --- a/hapsigntool_cpp/api/src/cert_tools.cpp +++ b/hapsigntool_cpp/api/src/cert_tools.cpp @@ -25,7 +25,6 @@ #include "openssl/asn1.h" #include "signature_tools_log.h" #include "constant.h" -#include "cmd_util.h" namespace OHOS { namespace SignatureTools { @@ -76,7 +75,7 @@ bool CertTools::SaveCertTofile(const std::string& filename, X509* cert) static bool UpdateConstraint(Options* options) { if (options->count(Options::BASIC_CONSTRAINTS)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS)) { return false; } } else { @@ -84,7 +83,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CRITICAL)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { return false; } } else { @@ -92,7 +91,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CA)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { return false; } } else { @@ -853,30 +852,44 @@ err: return nullptr; } -bool CertTools::PrintCertChainToCmd(std::vector& certChain) +bool CertTools::String2Bool(Options* options, const std::string& option) { - BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); - if (!outFd) { - PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); + std::string val = options->GetString(option); + if (val == "1" || val == "true" || val == "TRUE") { + (*options)[option] = true; + } else if (val == "0" || val == "false" || val == "FALSE") { + (*options)[option] = false; + } else { + PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, + val + "is not valid value for " + "-" + option); return false; } - uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 - uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; - int num = 0; - for (auto& cert : certChain) { - PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + - "+++++++++++++++++++++++++++++++++++++"); - if (!X509_print_ex(outFd, cert, format, content)) { - VerifyHapOpensslUtils::GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); - BIO_free(outFd); - return false; - } - ++num; - } - BIO_free(outFd); return true; } +// bool CertTools::PrintCertChainToCmd(std::vector& certChain) +// { +// BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); +// if (!outFd) { +// PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); +// return false; +// } +// uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 +// uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; +// int num = 0; +// for (auto& cert : certChain) { +// PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + +// "+++++++++++++++++++++++++++++++++++++"); +// if (!X509_print_ex(outFd, cert, format, content)) { +// VerifyHapOpensslUtils::GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); +// BIO_free(outFd); +// return false; +// } +// ++num; +// } +// BIO_free(outFd); +// return true; +// } } // namespace SignatureTools } // namespace OHOS diff --git a/hapsigntool_cpp/cmd/signature_tools_cmd.gni b/hapsigntool_cpp/cmd/signature_tools_cmd.gni index 16fdb14a..35dd0c01 100644 --- a/hapsigntool_cpp/cmd/signature_tools_cmd.gni +++ b/hapsigntool_cpp/cmd/signature_tools_cmd.gni @@ -17,7 +17,7 @@ signature_tools_cmd_include = [ "${signature_tools_cmd}/include" ] signature_tools_cmd_src = [ "${signature_tools_cmd}/src/cmd_util.cpp", "${signature_tools_cmd}/src/params_run_tool.cpp", - "${signature_tools_cmd}/src/options.cpp", +# "${signature_tools_cmd}/src/options.cpp", "${signature_tools_cmd}/src/params_trust_list.cpp", "${signature_tools_cmd}/src/params.cpp", ] diff --git a/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp b/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp index 961b96de..f5a4a2bb 100644 --- a/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp @@ -18,6 +18,8 @@ #include "pkcs7_data.h" #include "local_signer.h" #include "signer_config.h" +#include "signer_factory.h" +#include "localization_adapter.h" #include "signature_tools_log.h" #include "signature_algorithm_helper.h" #include "signature_tools_errno.h" @@ -41,7 +43,11 @@ int BCSignedDataGenerator::GenerateSignedData(const std::string& content, "signerConfig is NULL"); return INVALIDPARAM_ERROR; } - std::shared_ptr signer = signerConfig->GetSigner(); + Options* options = signerConfig->GetOptions(); + SignerFactory factory; + LocalizationAdapter adapter(options); + std::shared_ptr signer(factory.GetSigner(adapter)); +// std::shared_ptr signer = signerConfig->GetSigner(); if (signer == NULL) { PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, "signer is NULL"); diff --git a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp index 467aacf2..27544cae 100644 --- a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp @@ -20,6 +20,8 @@ #include "fs_verity_descriptor_with_sign.h" #include "verify_code_signature.h" #include "code_signing.h" +#include "signer_factory.h" +#include "localization_adapter.h" namespace OHOS { namespace SignatureTools { @@ -507,9 +509,13 @@ bool CodeSigning::IsNativeFile(const std::string& input) bool CodeSigning::GenerateSignature(const std::vector& signedData, const std::string& ownerID, std::vector& ret) { - if (m_signConfig->GetSigner() != nullptr) { + Options* options = m_signConfig->GetOptions(); + SignerFactory factory; + LocalizationAdapter adapter(options); + std::shared_ptr signer(factory.GetSigner(adapter)); + if (signer != nullptr) { STACK_OF(X509)* certs = NULL; - certs = m_signConfig->GetSigner()->GetCertificates(); + certs = signer->GetCertificates(); if (certs == nullptr) { PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "No certificates configured for sign."); diff --git a/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h b/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h index bdb21d5d..0116a2aa 100644 --- a/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h +++ b/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h @@ -30,6 +30,9 @@ #include "signature_tools_log.h" +namespace OHOS { +namespace SignatureTools { + using hashFunc = const EVP_MD* (*)(void); enum HashType { @@ -52,4 +55,6 @@ private: EVP_MD_CTX* m_ctx = NULL; HashType m_type; }; +} // namespace SignatureTools +} // namespace OHOS #endif // SIGNATURETOOLS_FS_DIGEST_UTILS_H diff --git a/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp b/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp index 73631cba..65d54c77 100644 --- a/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp +++ b/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp @@ -15,6 +15,9 @@ #include "fs_digest_utils.h" #include "securec.h" +namespace OHOS { +namespace SignatureTools { + void DigestUtils::AddData(const std::string &data) { AddData(data.data(), (int)data.size()); @@ -81,4 +84,7 @@ DigestUtils::~DigestUtils() if (m_ctx != nullptr) { EVP_MD_CTX_free(m_ctx); } -} \ No newline at end of file +} + +} // namespace SignatureTools +} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/common/include/digest_common.h b/hapsigntool_cpp/common/include/digest_common.h new file mode 100644 index 00000000..f0d6b1f7 --- /dev/null +++ b/hapsigntool_cpp/common/include/digest_common.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef SIGNATRUETOOLS_DIGEST_UTILS_H +#define SIGNATRUETOOLS_DIGEST_UTILS_H +#include +#include + +#include "byte_buffer.h" +#include "openssl/evp.h" +#include "openssl/ossl_typ.h" +#include "digest_parameter.h" +#include "pkcs7_context.h" +#include "signature_info.h" +#include "export_define.h" +#include "openssl/pkcs7.h" +#include "openssl/safestack.h" + +namespace OHOS { +namespace SignatureTools { + +enum SignatureAlgorithm { + ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, + ALGORITHM_SHA384_WITH_ECDSA, + ALGORITHM_SHA512_WITH_ECDSA, + ALGORITHM_SHA256_WITH_DSA = 0x00000301, + ALGORITHM_SHA384_WITH_DSA, + ALGORITHM_SHA512_WITH_DSA, +}; + +class DigestCommon { +public: + DigestCommon() = delete; + + static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, + const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static bool DigestInit(const DigestParameter& digestParameter); + static bool DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len); + static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); + DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); + static std::string GetDigestAlgorithmString(int32_t signAlgorithm); + static void GetOpensslErrorMessage(); + +private: + static bool CheckDigestParameter(const DigestParameter& digestParameter); + + static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; +}; +} // namespace SignatureTools +} // namespace OHOS +#endif // SIGNATRUETOOLS_VERIFY_OPENSSL_UTILS_H diff --git a/hapsigntool_cpp/api/include/localization_adapter.h b/hapsigntool_cpp/common/include/localization_adapter.h similarity index 98% rename from hapsigntool_cpp/api/include/localization_adapter.h rename to hapsigntool_cpp/common/include/localization_adapter.h index d878e7ff..141c2ead 100644 --- a/hapsigntool_cpp/api/include/localization_adapter.h +++ b/hapsigntool_cpp/common/include/localization_adapter.h @@ -26,7 +26,8 @@ #include "key_store_helper.h" #include "cert_dn_utils.h" #include "signature_tools_log.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" + namespace OHOS { namespace SignatureTools { class LocalizationAdapter { diff --git a/hapsigntool_cpp/cmd/include/options.h b/hapsigntool_cpp/common/include/options.h similarity index 100% rename from hapsigntool_cpp/cmd/include/options.h rename to hapsigntool_cpp/common/include/options.h diff --git a/hapsigntool_cpp/utils/include/signature_tools_errno.h b/hapsigntool_cpp/common/include/signature_tools_errno.h similarity index 100% rename from hapsigntool_cpp/utils/include/signature_tools_errno.h rename to hapsigntool_cpp/common/include/signature_tools_errno.h diff --git a/hapsigntool_cpp/utils/include/signature_tools_log.h b/hapsigntool_cpp/common/include/signature_tools_log.h similarity index 100% rename from hapsigntool_cpp/utils/include/signature_tools_log.h rename to hapsigntool_cpp/common/include/signature_tools_log.h diff --git a/hapsigntool_cpp/common/signature_tools_common.gni b/hapsigntool_cpp/common/signature_tools_common.gni index ceeec2a6..9c97041f 100644 --- a/hapsigntool_cpp/common/signature_tools_common.gni +++ b/hapsigntool_cpp/common/signature_tools_common.gni @@ -20,4 +20,7 @@ signature_tools_common_src = [ "${signature_tools_common}/src/file_data_source.cpp", "${signature_tools_common}/src/random_access_file.cpp", "${signature_tools_common}/src/digest_parameter.cpp", + "${signature_tools_common}/src/digest_common.cpp", + "${signature_tools_common}/src/localization_adapter.cpp", + "${signature_tools_common}/src/options.cpp", ] diff --git a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp index fb9a49c4..c9c415c5 100644 --- a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp +++ b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp @@ -13,7 +13,8 @@ * limitations under the License. */ #include "byte_buffer_data_source.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" +//#include "verify_hap_openssl_utils.h" namespace OHOS { namespace SignatureTools { @@ -46,7 +47,7 @@ bool ByteBufferDataSource::ReadDataAndDigestUpdate(const DigestParameter& digest { const unsigned char* chunk = reinterpret_cast(bytebuffer.GetBufferPtr() + bytebuffer.GetPosition()); - bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, chunk, chunkSize); + bool res = DigestCommon::DigestUpdate(digestParam, chunk, chunkSize); if (res) { bytebuffer.SetPosition(bytebuffer.GetPosition() + chunkSize); } diff --git a/hapsigntool_cpp/common/src/digest_common.cpp b/hapsigntool_cpp/common/src/digest_common.cpp new file mode 100644 index 00000000..1080ff9b --- /dev/null +++ b/hapsigntool_cpp/common/src/digest_common.cpp @@ -0,0 +1,173 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "digest_common.h" +#include "signature_tools_log.h" +#include "openssl/err.h" + +namespace OHOS { +namespace SignatureTools { +const int32_t DigestCommon::OPENSSL_ERR_MESSAGE_MAX_LEN = 1024; + +int32_t DigestCommon::GetDigestAlgorithmOutputSizeBytes(int32_t nId) +{ + return EVP_MD_size(EVP_get_digestbynid(nId)); +} + +bool DigestCommon::CheckDigestParameter(const DigestParameter& digestParameter) +{ + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullptr"); + return false; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); + return false; + } + return true; +} + +bool DigestCommon::DigestInit(const DigestParameter& digestParameter) +{ + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return false; + } + return true; +} + +/* the caller must ensure that EVP_DigestInit was called before calling this function */ +bool DigestCommon::DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len) +{ + if (content == nullptr) { + SIGNATURE_TOOLS_LOGE("content is nullptr"); + return false; + } + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); + return false; + } + return true; +} + +int32_t DigestCommon::GetDigest(const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + uint32_t outLen = 0; + if (!CheckDigestParameter(digestParameter)) { + return outLen; + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + +int32_t DigestCommon::GetDigest(const ByteBuffer& chunk, + const std::vector& optionalBlocks, + const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + int32_t chunkLen = chunk.Remaining(); + uint32_t outLen = 0; + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullprt"); + return outLen; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); + return outLen; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return outLen; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); + return outLen; + } + for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { + chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); + if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), + chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); + return outLen; + } + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + +void DigestCommon::GetOpensslErrorMessage() +{ + unsigned long retOpenssl; + char errOpenssl[OPENSSL_ERR_MESSAGE_MAX_LEN]; + while ((retOpenssl = ERR_get_error()) != 0) { + ERR_error_string(retOpenssl, errOpenssl); + SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); + } +} + +int32_t DigestCommon::GetDigestAlgorithmId(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + case ALGORITHM_SHA256_WITH_DSA: + return NID_sha256; + case ALGORITHM_SHA384_WITH_ECDSA: + case ALGORITHM_SHA384_WITH_DSA: + return NID_sha384; + case ALGORITHM_SHA512_WITH_ECDSA: + case ALGORITHM_SHA512_WITH_DSA: + return NID_sha512; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return NID_undef; + } +} + +std::string DigestCommon::GetDigestAlgorithmString(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + return "SHA-256"; + case ALGORITHM_SHA384_WITH_ECDSA: + return "SHA-384"; + case ALGORITHM_SHA512_WITH_ECDSA: + return "SHA-512"; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return ""; + } +} +} // namespace SignatureTools +} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/api/src/localization_adapter.cpp b/hapsigntool_cpp/common/src/localization_adapter.cpp similarity index 98% rename from hapsigntool_cpp/api/src/localization_adapter.cpp rename to hapsigntool_cpp/common/src/localization_adapter.cpp index ebe1a6f6..c936c370 100644 --- a/hapsigntool_cpp/api/src/localization_adapter.cpp +++ b/hapsigntool_cpp/common/src/localization_adapter.cpp @@ -262,7 +262,7 @@ std::vector LocalizationAdapter::GetCertsFromFile(std::string& certPath, BIO* bio = BIO_new_file(certPath.c_str(), "rb"); if (!bio) { PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "open file:" + certPath + "failed"); - VerifyHapOpensslUtils::GetOpensslErrorMessage(); + DigestCommon::GetOpensslErrorMessage(); BIO_free(bio); return certs; } @@ -282,7 +282,7 @@ const std::string LocalizationAdapter::GetInFile() bool LocalizationAdapter::IsRemoteSigner() { std::string mode = options->GetString(Options::MODE, LOCAL_SIGN); - return StringUtils::CaseCompare(mode, REMOTE_SIGN); + return mode == REMOTE_SIGN; } Options* LocalizationAdapter::GetOptions() diff --git a/hapsigntool_cpp/cmd/src/options.cpp b/hapsigntool_cpp/common/src/options.cpp similarity index 100% rename from hapsigntool_cpp/cmd/src/options.cpp rename to hapsigntool_cpp/common/src/options.cpp diff --git a/hapsigntool_cpp/common/src/random_access_file.cpp b/hapsigntool_cpp/common/src/random_access_file.cpp index 9054ae1e..1a4f569a 100644 --- a/hapsigntool_cpp/common/src/random_access_file.cpp +++ b/hapsigntool_cpp/common/src/random_access_file.cpp @@ -18,7 +18,8 @@ #include "securec.h" #include "signature_info.h" #include "signature_tools_log.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" +//#include "verify_hap_openssl_utils.h" #include "random_access_file.h" namespace OHOS { @@ -196,7 +197,7 @@ bool RandomAccessFile::ReadFileFromOffsetAndDigestUpdate(const DigestParameter& return false; } unsigned char* content = reinterpret_cast(mmapInfo.mapAddr + mmapInfo.readMoreLen); - bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, content, chunkSize); + bool res = DigestCommon::DigestUpdate(digestParam, content, chunkSize); munmap(mmapInfo.mapAddr, mmapInfo.mmapSize); return res; } diff --git a/hapsigntool_cpp/hap/config/src/signer_config.cpp b/hapsigntool_cpp/hap/config/src/signer_config.cpp index b96f41fe..80facd06 100644 --- a/hapsigntool_cpp/hap/config/src/signer_config.cpp +++ b/hapsigntool_cpp/hap/config/src/signer_config.cpp @@ -15,8 +15,8 @@ #include #include -#include "signer_factory.h" -#include "localization_adapter.h" +// #include "signer_factory.h" +// #include "localization_adapter.h" #include "signer_config.h" namespace OHOS { @@ -100,11 +100,11 @@ void SignerConfig::FillParameters(const std::map& para std::shared_ptr SignerConfig::GetSigner() { - if (signer == nullptr) { - SignerFactory factory; - LocalizationAdapter adapter(options); - signer = factory.GetSigner(adapter); - } +// if (signer == nullptr) { +// SignerFactory factory; +// LocalizationAdapter adapter(options); +// signer = factory.GetSigner(adapter); +// } return signer; } diff --git a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h index ae3ff6e2..636077b0 100644 --- a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h +++ b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h @@ -24,10 +24,10 @@ namespace OHOS { namespace SignatureTools { class RemoteSignProvider : public SignProvider { public: - static void* handle; + //static void* handle; RemoteSignProvider() = default; - ~RemoteSignProvider(); + ~RemoteSignProvider() = default; bool CheckParams(Options* options) override; bool CheckInputCertMatchWithProfile(X509* inputCert, X509* certInProfile)const override; }; diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index 55b70ecc..7823724d 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -16,15 +16,15 @@ namespace OHOS { namespace SignatureTools { -void* RemoteSignProvider::handle = nullptr; -RemoteSignProvider::~RemoteSignProvider() -{ - if (handle) { - if (dlclose(handle) != 0) { - SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); - } - } -} +//void* RemoteSignProvider::handle = nullptr; +// RemoteSignProvider::~RemoteSignProvider() +// { +// if (handle) { +// if (dlclose(handle) != 0) { +// SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); +// } +// } +// } bool RemoteSignProvider::CheckParams(Options* options) { diff --git a/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp b/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp index b03a24f1..cdb6dff0 100644 --- a/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp +++ b/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp @@ -19,6 +19,8 @@ #include "signature_algorithm_helper.h" #include "bc_signeddata_generator.h" #include "signer_config.h" +#include "signer_factory.h" +#include "localization_adapter.h" #include "signature_tools_errno.h" #include "bc_pkcs7_generator.h" @@ -41,7 +43,10 @@ int BCPkcs7Generator::GenerateSignedData(const std::string& content, PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, "signerConfig is NULL"); return INVALIDPARAM_ERROR; } - std::shared_ptr signer(signerConfig->GetSigner()); + Options* options = signerConfig->GetOptions(); + SignerFactory factory; + LocalizationAdapter adapter(options); + std::shared_ptr signer(factory.GetSigner(adapter)); if (signer == NULL) { SIGNATURE_TOOLS_LOGE("signer is NULL"); return INVALIDPARAM_ERROR; diff --git a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp index bef94866..a9e6a68b 100644 --- a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp +++ b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp @@ -15,6 +15,7 @@ #include "signature_tools_log.h" #include "signature_algorithm_helper.h" #include "bc_pkcs7_generator.h" +#include "digest_common.h" #include "sign_hap.h" namespace OHOS { @@ -34,7 +35,7 @@ bool SignHap::Sign(DataSource* contents[], int32_t len, SignerConfig& config, } SignatureAlgorithm algo = static_cast(algoClass[0].m_id); SIGNATURE_TOOLS_LOGI("[SignHap] Signature Algorithm is %d", algo); - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); ByteBuffer digContext; std::vector> nidAndcontentDigestsVec; diff --git a/hapsigntool_cpp/hap/signature_tools_hap.gni b/hapsigntool_cpp/hap/signature_tools_hap.gni index 22639a77..a87aa41c 100644 --- a/hapsigntool_cpp/hap/signature_tools_hap.gni +++ b/hapsigntool_cpp/hap/signature_tools_hap.gni @@ -44,5 +44,6 @@ signature_tools_hap_src = [ "${signature_tools_hap}/sign/src/sign_bin.cpp", "${signature_tools_hap}/sign/src/sign_elf.cpp", "${signature_tools_hap}/utils/src/hap_utils.cpp", + "${signature_tools_hap}/utils/src/dynamic_library_handle.cpp", "${signature_tools_hap}/sign/src/bc_pkcs7_generator.cpp", ] diff --git a/hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h b/hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h new file mode 100644 index 00000000..cdd4dc42 --- /dev/null +++ b/hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SIGNATRUETOOLS_DYNAMIC_LIBRARY_HANDLE_H +#define SIGNATRUETOOLS_DYNAMIC_LIBRARY_HANDLE_H + +#include + +#include "signature_tools_log.h" +#include "params.h" + +namespace OHOS { +namespace SignatureTools { +class DynamicLibraryHandle { +public: + static void* handle; + DynamicLibraryHandle() = default; + ~DynamicLibraryHandle(); +}; +} // namespace SignatureTools +} // namespace OHOS +#endif \ No newline at end of file diff --git a/hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp b/hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp new file mode 100644 index 00000000..89b6cc25 --- /dev/null +++ b/hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + #include "dynamic_library_handle.h" + +namespace OHOS { +namespace SignatureTools { +void* DynamicLibraryHandle::handle = nullptr; +DynamicLibraryHandle::~DynamicLibraryHandle() +{ + if (handle) { + if (dlclose(handle) != 0) { + SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); + } + } +} +} // namespace SignatureTools +} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/hap/verify/include/verify_hap.h b/hapsigntool_cpp/hap/verify/include/verify_hap.h index aafb3008..86d32a92 100644 --- a/hapsigntool_cpp/hap/verify/include/verify_hap.h +++ b/hapsigntool_cpp/hap/verify/include/verify_hap.h @@ -67,6 +67,7 @@ public: bool VerifyAppPkcs7(Pkcs7Context& pkcs7Context, const ByteBuffer& hapSignatureBlock); DLL_EXPORT bool GetDigestAndAlgorithm(Pkcs7Context& digest); + static bool PrintCertChainToCmd(std::vector& certChain); private: bool isPrintCert; diff --git a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp index 8e2c0707..da0ee106 100644 --- a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp +++ b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp @@ -31,7 +31,6 @@ #include "param_constants.h" #include "file_utils.h" #include "nlohmann/json.hpp" -#include "cert_tools.h" #include "verify_hap.h" using namespace nlohmann; @@ -117,7 +116,7 @@ bool VerifyHap::writeOptionalBytesToFile(const OptionalBlock& optionalBlock, con bool VerifyHap::HapOutPutCertChain(std::vector& certs, const std::string& outPutPath) { if (isPrintCert) { - if (!CertTools::PrintCertChainToCmd(certs)) { + if (!PrintCertChainToCmd(certs)) { SIGNATURE_TOOLS_LOGE("print cert chain to cmd failed\n"); return false; } @@ -407,5 +406,30 @@ int32_t VerifyHap::WriteVerifyOutput(Pkcs7Context& pkcs7Context, std::vector& certChain) +{ + BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); + if (!outFd) { + PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); + return false; + } + uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 + uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; + int num = 0; + for (auto& cert : certChain) { + PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + + "+++++++++++++++++++++++++++++++++++++"); + if (!X509_print_ex(outFd, cert, format, content)) { + VerifyHapOpensslUtils::GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); + BIO_free(outFd); + return false; + } + ++num; + } + BIO_free(outFd); + return true; +} } // namespace SignatureTools } // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/signer/include/signer_factory.h b/hapsigntool_cpp/signer/include/signer_factory.h index 01604bb8..f6ec29ac 100644 --- a/hapsigntool_cpp/signer/include/signer_factory.h +++ b/hapsigntool_cpp/signer/include/signer_factory.h @@ -20,7 +20,6 @@ #include "local_signer.h" #include "localization_adapter.h" #include "param_constants.h" -#include "remote_sign_provider.h" namespace OHOS { namespace SignatureTools { diff --git a/hapsigntool_cpp/signer/src/signer_factory.cpp b/hapsigntool_cpp/signer/src/signer_factory.cpp index eeedb350..07f0d84d 100644 --- a/hapsigntool_cpp/signer/src/signer_factory.cpp +++ b/hapsigntool_cpp/signer/src/signer_factory.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ #include "signer_factory.h" +#include "dynamic_library_handle.h" namespace OHOS { namespace SignatureTools { @@ -51,8 +52,8 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada char* userPwd = adapter.GetOptions()->GetChars(ParamConstants::PARAM_REMOTE_USERPWD); // open so - RemoteSignProvider::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); - if (!RemoteSignProvider::handle) { + DynamicLibraryHandle::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); + if (!DynamicLibraryHandle::handle) { PrintErrorNumberMsg("LoadRemoteSigner", RET_FAILED, dlerror()); return nullptr; } @@ -61,7 +62,7 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada dlerror(); // get "Create" function - RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(RemoteSignProvider::handle, "Create"); + RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(DynamicLibraryHandle::handle, "Create"); char* error = nullptr; if ((error = dlerror()) != NULL) { SIGNATURE_TOOLS_LOGE("%s", error); diff --git a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h index 43ecccda..ced980ff 100644 --- a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h +++ b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h @@ -31,14 +31,14 @@ namespace OHOS { namespace SignatureTools { -enum SignatureAlgorithm { - ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, - ALGORITHM_SHA384_WITH_ECDSA, - ALGORITHM_SHA512_WITH_ECDSA, - ALGORITHM_SHA256_WITH_DSA = 0x00000301, - ALGORITHM_SHA384_WITH_DSA, - ALGORITHM_SHA512_WITH_DSA, -}; +// enum SignatureAlgorithm { +// ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, +// ALGORITHM_SHA384_WITH_ECDSA, +// ALGORITHM_SHA512_WITH_ECDSA, +// ALGORITHM_SHA256_WITH_DSA = 0x00000301, +// ALGORITHM_SHA384_WITH_DSA, +// ALGORITHM_SHA512_WITH_DSA, +// }; class VerifyHapOpensslUtils { public: @@ -50,15 +50,15 @@ public: DLL_EXPORT static bool GetCrlStack(PKCS7* p7, STACK_OF(X509_CRL)* x509Crl); DLL_EXPORT static bool VerifyPkcs7(Pkcs7Context& pkcs7Context); - static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, - const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static bool DigestInit(const DigestParameter& digestParameter); - static bool DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len); - static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); - DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); - static std::string GetDigestAlgorithmString(int32_t signAlgorithm); + //static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, + // const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + //static bool DigestInit(const DigestParameter& digestParameter); + //static bool DigestUpdate(const DigestParameter& digestParameter, + // const unsigned char content[], int32_t len); + //static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + //static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); + //DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); + //static std::string GetDigestAlgorithmString(int32_t signAlgorithm); static void GetOpensslErrorMessage(); private: @@ -70,7 +70,7 @@ private: static bool GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffer& content); static bool CheckPkcs7SignedDataIsValid(const PKCS7* p7); - static bool CheckDigestParameter(const DigestParameter& digestParameter); + //static bool CheckDigestParameter(const DigestParameter& digestParameter); static const int32_t OPENSSL_PKCS7_VERIFY_SUCCESS; static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; diff --git a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp index c150e4fe..81f3c0b3 100644 --- a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp +++ b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp @@ -24,7 +24,8 @@ #include "securec.h" #include "byte_buffer_data_source.h" #include "file_data_source.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" +//#include "verify_hap_openssl_utils.h" #include "signature_tools_log.h" #include "signature_tools_errno.h" @@ -453,7 +454,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( FileDataSource centralDir(hapFile, signInfo.hapCentralDirOffset, centralDirSize, 0); ByteBufferDataSource eocd(signInfo.hapEocd); DataSource* content[ZIP_BLOCKS_NUM_NEED_DIGEST] = {&contentsZip, ¢ralDir, &eocd}; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(digestInfo.digestAlgorithm); + int32_t nId = DigestCommon::GetDigestAlgorithmId(digestInfo.digestAlgorithm); DigestParameter digestParam = GetDigestParameter(nId); ByteBuffer chunkDigest; if (!ComputeDigestsForEachChunk(digestParam, content, ZIP_BLOCKS_NUM_NEED_DIGEST, chunkDigest)) { @@ -472,7 +473,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( return false; } PrintMsg(std::string("Digest verify result: ") + "success" + ", DigestAlgorithm: " - + VerifyHapOpensslUtils::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); + + DigestCommon::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); return true; } @@ -483,7 +484,7 @@ bool HapSignerBlockUtils::ComputeDigestsWithOptionalBlock(const DigestParameter& ByteBuffer& finalDigest) { unsigned char out[EVP_MAX_MD_SIZE]; - int32_t digestLen = VerifyHapOpensslUtils::GetDigest(chunkDigest, optionalBlocks, digestParam, out); + int32_t digestLen = DigestCommon::GetDigest(chunkDigest, optionalBlocks, digestParam, out); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed, outLen is not right, %u, %d", digestLen, digestParam.digestOutputSizeBytes); @@ -558,7 +559,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige return false; } - int32_t digestLen = VerifyHapOpensslUtils::GetDigest(digestParam, outBlock); + int32_t digestLen = DigestCommon::GetDigest(digestParam, outBlock); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed len: %d digestSizeBytes: %d", digestLen, digestParam.digestOutputSizeBytes); @@ -575,7 +576,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige DigestParameter HapSignerBlockUtils::GetDigestParameter(int32_t nId) { DigestParameter digestParam; - digestParam.digestOutputSizeBytes = VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(nId); + digestParam.digestOutputSizeBytes = DigestCommon::GetDigestAlgorithmOutputSizeBytes(nId); digestParam.md = EVP_get_digestbynid(nId); digestParam.ctxPtr = EVP_MD_CTX_create(); EVP_MD_CTX_init(digestParam.ctxPtr); @@ -606,12 +607,12 @@ bool HapSignerBlockUtils::InitDigestPrefix(const DigestParameter& digestParam, return false; } - if (!VerifyHapOpensslUtils::DigestInit(digestParam)) { + if (!DigestCommon::DigestInit(digestParam)) { SIGNATURE_TOOLS_LOGE("DigestInit failed"); return false; } - if (!VerifyHapOpensslUtils::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { + if (!DigestCommon::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { SIGNATURE_TOOLS_LOGE("DigestUpdate failed"); return false; } diff --git a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp index 3c99e2a1..307a4b79 100644 --- a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp +++ b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp @@ -243,112 +243,112 @@ bool VerifyHapOpensslUtils::GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffe return true; } -int32_t VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(int32_t nId) -{ - return EVP_MD_size(EVP_get_digestbynid(nId)); -} +// int32_t VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(int32_t nId) +// { +// return EVP_MD_size(EVP_get_digestbynid(nId)); +// } -bool VerifyHapOpensslUtils::CheckDigestParameter(const DigestParameter& digestParameter) -{ - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullptr"); - return false; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); - return false; - } - return true; -} +// bool VerifyHapOpensslUtils::CheckDigestParameter(const DigestParameter& digestParameter) +// { +// if (digestParameter.md == nullptr) { +// SIGNATURE_TOOLS_LOGE("md is nullptr"); +// return false; +// } +// if (digestParameter.ctxPtr == nullptr) { +// SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); +// return false; +// } +// return true; +// } -bool VerifyHapOpensslUtils::DigestInit(const DigestParameter& digestParameter) -{ - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return false; - } - return true; -} +// bool VerifyHapOpensslUtils::DigestInit(const DigestParameter& digestParameter) +// { +// if (!CheckDigestParameter(digestParameter)) { +// return false; +// } +// if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { +// GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); +// return false; +// } +// return true; +// } -/* the caller must ensure that EVP_DigestInit was called before calling this function */ -bool VerifyHapOpensslUtils::DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len) -{ - if (content == nullptr) { - SIGNATURE_TOOLS_LOGE("content is nullptr"); - return false; - } - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); - return false; - } - return true; -} +// /* the caller must ensure that EVP_DigestInit was called before calling this function */ +// bool VerifyHapOpensslUtils::DigestUpdate(const DigestParameter& digestParameter, +// const unsigned char content[], int32_t len) +// { +// if (content == nullptr) { +// SIGNATURE_TOOLS_LOGE("content is nullptr"); +// return false; +// } +// if (!CheckDigestParameter(digestParameter)) { +// return false; +// } +// if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { +// GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); +// return false; +// } +// return true; +// } -int32_t VerifyHapOpensslUtils::GetDigest(const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - uint32_t outLen = 0; - if (!CheckDigestParameter(digestParameter)) { - return outLen; - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} +// int32_t VerifyHapOpensslUtils::GetDigest(const DigestParameter& digestParameter, +// unsigned char(&out)[EVP_MAX_MD_SIZE]) +// { +// uint32_t outLen = 0; +// if (!CheckDigestParameter(digestParameter)) { +// return outLen; +// } +// if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { +// GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); +// outLen = 0; +// } +// return outLen; +// } -int32_t VerifyHapOpensslUtils::GetDigest(const ByteBuffer& chunk, - const std::vector& optionalBlocks, - const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - int32_t chunkLen = chunk.Remaining(); - uint32_t outLen = 0; - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullprt"); - return outLen; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); - return outLen; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return outLen; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); - return outLen; - } - for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { - chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); - if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), - chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); - return outLen; - } - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} +// int32_t VerifyHapOpensslUtils::GetDigest(const ByteBuffer& chunk, +// const std::vector& optionalBlocks, +// const DigestParameter& digestParameter, +// unsigned char(&out)[EVP_MAX_MD_SIZE]) +// { +// int32_t chunkLen = chunk.Remaining(); +// uint32_t outLen = 0; +// if (digestParameter.md == nullptr) { +// SIGNATURE_TOOLS_LOGE("md is nullprt"); +// return outLen; +// } +// if (digestParameter.ctxPtr == nullptr) { +// SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); +// return outLen; +// } +// if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { +// GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); +// return outLen; +// } +// if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { +// GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); +// return outLen; +// } +// for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { +// chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); +// if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), +// chunkLen) <= 0) { +// GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); +// return outLen; +// } +// } +// if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { +// GetOpensslErrorMessage(); +// SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); +// outLen = 0; +// } +// return outLen; +// } void VerifyHapOpensslUtils::GetOpensslErrorMessage() { @@ -360,37 +360,37 @@ void VerifyHapOpensslUtils::GetOpensslErrorMessage() } } -int32_t VerifyHapOpensslUtils::GetDigestAlgorithmId(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - case ALGORITHM_SHA256_WITH_DSA: - return NID_sha256; - case ALGORITHM_SHA384_WITH_ECDSA: - case ALGORITHM_SHA384_WITH_DSA: - return NID_sha384; - case ALGORITHM_SHA512_WITH_ECDSA: - case ALGORITHM_SHA512_WITH_DSA: - return NID_sha512; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return NID_undef; - } -} +// int32_t VerifyHapOpensslUtils::GetDigestAlgorithmId(int32_t signAlgorithm) +// { +// switch (signAlgorithm) { +// case ALGORITHM_SHA256_WITH_ECDSA: +// case ALGORITHM_SHA256_WITH_DSA: +// return NID_sha256; +// case ALGORITHM_SHA384_WITH_ECDSA: +// case ALGORITHM_SHA384_WITH_DSA: +// return NID_sha384; +// case ALGORITHM_SHA512_WITH_ECDSA: +// case ALGORITHM_SHA512_WITH_DSA: +// return NID_sha512; +// default: +// SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); +// return NID_undef; +// } +// } -std::string VerifyHapOpensslUtils::GetDigestAlgorithmString(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - return "SHA-256"; - case ALGORITHM_SHA384_WITH_ECDSA: - return "SHA-384"; - case ALGORITHM_SHA512_WITH_ECDSA: - return "SHA-512"; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return ""; - } -} +// std::string VerifyHapOpensslUtils::GetDigestAlgorithmString(int32_t signAlgorithm) +// { +// switch (signAlgorithm) { +// case ALGORITHM_SHA256_WITH_ECDSA: +// return "SHA-256"; +// case ALGORITHM_SHA384_WITH_ECDSA: +// return "SHA-384"; +// case ALGORITHM_SHA512_WITH_ECDSA: +// return "SHA-512"; +// default: +// SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); +// return ""; +// } +// } } // namespace SignatureTools } // namespace OHOS \ No newline at end of file -- Gitee From b16c14b5d463747b1b50a6871be67cc00d652535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=8F=E6=97=8B=E9=A3=8Elc?= Date: Thu, 24 Oct 2024 15:53:02 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=88=A0=E9=99=A4=E5=BA=9F=E5=BC=83?= =?UTF-8?q?=E4=BB=A3=E7=A0=81=EF=BC=8C=E4=BF=AE=E6=94=B9=E6=97=A5=E5=BF=97?= =?UTF-8?q?=E8=AE=B0=E5=BD=95=E5=86=85=E5=AE=B9=20Signed-off-by:=20=20liuc?= =?UTF-8?q?hang=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: If2bda9bca85bebb11317cdb5d6b159befaba7d8b --- hapsigntool_cpp/BUILD.gn | 1 - hapsigntool_cpp/api/include/cert_tools.h | 1 - hapsigntool_cpp/api/src/cert_tools.cpp | 24 --- hapsigntool_cpp/cmd/signature_tools_cmd.gni | 1 - hapsigntool_cpp/common/src/digest_common.cpp | 6 +- .../utils/include/verify_hap_openssl_utils.h | 20 --- .../utils/src/verify_hap_openssl_utils.cpp | 140 ------------------ .../hapSign/hap_openssl_utils_test.cpp | 18 +-- .../unittest/hapSign/hap_openssl_utils_test.h | 1 + .../unittest/hapSign/hap_sign_test.cpp | 5 +- .../unittest/hapVerify/hap_verify_test.cpp | 9 +- 11 files changed, 21 insertions(+), 205 deletions(-) diff --git a/hapsigntool_cpp/BUILD.gn b/hapsigntool_cpp/BUILD.gn index 3aee7059..a2817c76 100644 --- a/hapsigntool_cpp/BUILD.gn +++ b/hapsigntool_cpp/BUILD.gn @@ -49,7 +49,6 @@ signature_tools_main_include = [ signature_tools_main_src = [ "main.cpp", - #"${signature_tools_common}/src/localization_adapter.cpp", "${signature_tools_api}/src/sign_tool_service_impl.cpp", "${signature_tools_api}/src/cert_tools.cpp", "${signature_tools_signer}/src/signer_factory.cpp", diff --git a/hapsigntool_cpp/api/include/cert_tools.h b/hapsigntool_cpp/api/include/cert_tools.h index fa18f09d..c0b05b60 100644 --- a/hapsigntool_cpp/api/include/cert_tools.h +++ b/hapsigntool_cpp/api/include/cert_tools.h @@ -65,7 +65,6 @@ public: static bool SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr, X509_REQ* certReq, EVP_PKEY* keyPair, Options* options); static bool String2Bool(Options* options, const std::string& option); - //static bool PrintCertChainToCmd(std::vector& certChain); CertTools() = default; ~CertTools() = default; }; diff --git a/hapsigntool_cpp/api/src/cert_tools.cpp b/hapsigntool_cpp/api/src/cert_tools.cpp index 91930f14..0bac5dd7 100644 --- a/hapsigntool_cpp/api/src/cert_tools.cpp +++ b/hapsigntool_cpp/api/src/cert_tools.cpp @@ -866,30 +866,6 @@ bool CertTools::String2Bool(Options* options, const std::string& option) } return true; } -// bool CertTools::PrintCertChainToCmd(std::vector& certChain) -// { -// BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); -// if (!outFd) { -// PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); -// return false; -// } -// uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 -// uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; -// int num = 0; -// for (auto& cert : certChain) { -// PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + -// "+++++++++++++++++++++++++++++++++++++"); -// if (!X509_print_ex(outFd, cert, format, content)) { -// VerifyHapOpensslUtils::GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); -// BIO_free(outFd); -// return false; -// } -// ++num; -// } -// BIO_free(outFd); -// return true; -// } } // namespace SignatureTools } // namespace OHOS diff --git a/hapsigntool_cpp/cmd/signature_tools_cmd.gni b/hapsigntool_cpp/cmd/signature_tools_cmd.gni index 35dd0c01..12cc9099 100644 --- a/hapsigntool_cpp/cmd/signature_tools_cmd.gni +++ b/hapsigntool_cpp/cmd/signature_tools_cmd.gni @@ -17,7 +17,6 @@ signature_tools_cmd_include = [ "${signature_tools_cmd}/include" ] signature_tools_cmd_src = [ "${signature_tools_cmd}/src/cmd_util.cpp", "${signature_tools_cmd}/src/params_run_tool.cpp", -# "${signature_tools_cmd}/src/options.cpp", "${signature_tools_cmd}/src/params_trust_list.cpp", "${signature_tools_cmd}/src/params.cpp", ] diff --git a/hapsigntool_cpp/common/src/digest_common.cpp b/hapsigntool_cpp/common/src/digest_common.cpp index 1080ff9b..9889591c 100644 --- a/hapsigntool_cpp/common/src/digest_common.cpp +++ b/hapsigntool_cpp/common/src/digest_common.cpp @@ -32,7 +32,7 @@ bool DigestCommon::CheckDigestParameter(const DigestParameter& digestParameter) return false; } if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); + SIGNATURE_TOOLS_LOGE("ctxPtr is nullptr"); return false; } return true; @@ -64,7 +64,7 @@ bool DigestCommon::DigestUpdate(const DigestParameter& digestParameter, } if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate failed"); return false; } return true; @@ -97,7 +97,7 @@ int32_t DigestCommon::GetDigest(const ByteBuffer& chunk, return outLen; } if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); + SIGNATURE_TOOLS_LOGE("ctxPtr is nullprt"); return outLen; } if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { diff --git a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h index ced980ff..bbe552dd 100644 --- a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h +++ b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h @@ -31,15 +31,6 @@ namespace OHOS { namespace SignatureTools { -// enum SignatureAlgorithm { -// ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, -// ALGORITHM_SHA384_WITH_ECDSA, -// ALGORITHM_SHA512_WITH_ECDSA, -// ALGORITHM_SHA256_WITH_DSA = 0x00000301, -// ALGORITHM_SHA384_WITH_DSA, -// ALGORITHM_SHA512_WITH_DSA, -// }; - class VerifyHapOpensslUtils { public: VerifyHapOpensslUtils() = delete; @@ -50,15 +41,6 @@ public: DLL_EXPORT static bool GetCrlStack(PKCS7* p7, STACK_OF(X509_CRL)* x509Crl); DLL_EXPORT static bool VerifyPkcs7(Pkcs7Context& pkcs7Context); - //static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, - // const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - //static bool DigestInit(const DigestParameter& digestParameter); - //static bool DigestUpdate(const DigestParameter& digestParameter, - // const unsigned char content[], int32_t len); - //static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - //static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); - //DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); - //static std::string GetDigestAlgorithmString(int32_t signAlgorithm); static void GetOpensslErrorMessage(); private: @@ -70,8 +52,6 @@ private: static bool GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffer& content); static bool CheckPkcs7SignedDataIsValid(const PKCS7* p7); - //static bool CheckDigestParameter(const DigestParameter& digestParameter); - static const int32_t OPENSSL_PKCS7_VERIFY_SUCCESS; static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; static const int32_t OPENSSL_READ_DATA_MAX_TIME; diff --git a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp index 307a4b79..4580a9d9 100644 --- a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp +++ b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp @@ -243,113 +243,6 @@ bool VerifyHapOpensslUtils::GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffe return true; } -// int32_t VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(int32_t nId) -// { -// return EVP_MD_size(EVP_get_digestbynid(nId)); -// } - -// bool VerifyHapOpensslUtils::CheckDigestParameter(const DigestParameter& digestParameter) -// { -// if (digestParameter.md == nullptr) { -// SIGNATURE_TOOLS_LOGE("md is nullptr"); -// return false; -// } -// if (digestParameter.ctxPtr == nullptr) { -// SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); -// return false; -// } -// return true; -// } - -// bool VerifyHapOpensslUtils::DigestInit(const DigestParameter& digestParameter) -// { -// if (!CheckDigestParameter(digestParameter)) { -// return false; -// } -// if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { -// GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); -// return false; -// } -// return true; -// } - -// /* the caller must ensure that EVP_DigestInit was called before calling this function */ -// bool VerifyHapOpensslUtils::DigestUpdate(const DigestParameter& digestParameter, -// const unsigned char content[], int32_t len) -// { -// if (content == nullptr) { -// SIGNATURE_TOOLS_LOGE("content is nullptr"); -// return false; -// } -// if (!CheckDigestParameter(digestParameter)) { -// return false; -// } -// if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { -// GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); -// return false; -// } -// return true; -// } - -// int32_t VerifyHapOpensslUtils::GetDigest(const DigestParameter& digestParameter, -// unsigned char(&out)[EVP_MAX_MD_SIZE]) -// { -// uint32_t outLen = 0; -// if (!CheckDigestParameter(digestParameter)) { -// return outLen; -// } -// if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { -// GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); -// outLen = 0; -// } -// return outLen; -// } - -// int32_t VerifyHapOpensslUtils::GetDigest(const ByteBuffer& chunk, -// const std::vector& optionalBlocks, -// const DigestParameter& digestParameter, -// unsigned char(&out)[EVP_MAX_MD_SIZE]) -// { -// int32_t chunkLen = chunk.Remaining(); -// uint32_t outLen = 0; -// if (digestParameter.md == nullptr) { -// SIGNATURE_TOOLS_LOGE("md is nullprt"); -// return outLen; -// } -// if (digestParameter.ctxPtr == nullptr) { -// SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); -// return outLen; -// } -// if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { -// GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); -// return outLen; -// } -// if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { -// GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); -// return outLen; -// } -// for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { -// chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); -// if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), -// chunkLen) <= 0) { -// GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); -// return outLen; -// } -// } -// if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { -// GetOpensslErrorMessage(); -// SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); -// outLen = 0; -// } -// return outLen; -// } - void VerifyHapOpensslUtils::GetOpensslErrorMessage() { unsigned long retOpenssl; @@ -359,38 +252,5 @@ void VerifyHapOpensslUtils::GetOpensslErrorMessage() SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); } } - -// int32_t VerifyHapOpensslUtils::GetDigestAlgorithmId(int32_t signAlgorithm) -// { -// switch (signAlgorithm) { -// case ALGORITHM_SHA256_WITH_ECDSA: -// case ALGORITHM_SHA256_WITH_DSA: -// return NID_sha256; -// case ALGORITHM_SHA384_WITH_ECDSA: -// case ALGORITHM_SHA384_WITH_DSA: -// return NID_sha384; -// case ALGORITHM_SHA512_WITH_ECDSA: -// case ALGORITHM_SHA512_WITH_DSA: -// return NID_sha512; -// default: -// SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); -// return NID_undef; -// } -// } - -// std::string VerifyHapOpensslUtils::GetDigestAlgorithmString(int32_t signAlgorithm) -// { -// switch (signAlgorithm) { -// case ALGORITHM_SHA256_WITH_ECDSA: -// return "SHA-256"; -// case ALGORITHM_SHA384_WITH_ECDSA: -// return "SHA-384"; -// case ALGORITHM_SHA512_WITH_ECDSA: -// return "SHA-512"; -// default: -// SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); -// return ""; -// } -// } } // namespace SignatureTools } // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp index a9cc2a4f..d175f075 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp @@ -30,7 +30,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_001, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; - bool ret = VerifyHapOpensslUtils::DigestInit(parameter); + bool ret = DigestCommon::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -45,7 +45,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_002, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; parameter.md = EVP_sha256(); - bool ret = VerifyHapOpensslUtils::DigestInit(parameter); + bool ret = DigestCommon::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -61,7 +61,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_003, testing::ext::TestSize parameter.md = EVP_sha256(); const unsigned char content[] = "123"; int32_t len = 5; - bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, content, len); + bool ret = DigestCommon::DigestUpdate(parameter, content, len); EXPECT_EQ(ret, false); } @@ -76,7 +76,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_004, testing::ext::TestSize DigestParameter parameter; parameter.md = EVP_sha256(); int32_t len = 5; - bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, nullptr, len); + bool ret = DigestCommon::DigestUpdate(parameter, nullptr, len); EXPECT_EQ(ret, false); } @@ -90,7 +90,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_005, testing::ext::TestSize { DigestParameter parameter; unsigned char dig[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(parameter, dig); + int32_t ret = DigestCommon::GetDigest(parameter, dig); EXPECT_EQ(ret, 0); } @@ -107,7 +107,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_006, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -127,7 +127,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -139,9 +139,9 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize */ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_008, testing::ext::TestSize.Level1) { - int32_t digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); + int32_t digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); EXPECT_EQ(digId, NID_sha384); - digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); + digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); EXPECT_EQ(digId, NID_sha512); } diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h index 0b460b76..d533d329 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h @@ -20,6 +20,7 @@ #include "sign_tool_service_impl.h" #include "signature_tools_log.h" #include "verify_hap_openssl_utils.h" +#include "digest_common.h" #include namespace OHOS { diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp index 617251aa..d4ecb7f3 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp @@ -19,6 +19,7 @@ #include "sign_provider.h" #include "sign_tool_service_impl.h" #include "remote_sign_provider.h" +#include "digest_common.h" #include "hap_sign_test.h" #include @@ -543,7 +544,7 @@ HWTEST_F(HapSignTest, hap_sign_test_012, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); bool ret = SignHap::ComputeDigests(digestParam, contents, len, optionalBlocks, dig_context); @@ -1133,7 +1134,7 @@ HWTEST_F(HapSignTest, hap_sign_test_026, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); SignerConfig config; diff --git a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp index ee6e9b91..4a0b1494 100644 --- a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp @@ -34,6 +34,7 @@ #include "hap_utils.h" #include "cert_dn_utils.h" #include "signer_config.h" +#include "digest_common.h" using namespace testing::ext; @@ -899,15 +900,15 @@ HWTEST_F(VerifyHapTest, VerifyHapError018, TestSize.Level0) HWTEST_F(VerifyHapTest, VerifyHapError019, TestSize.Level0) { int32_t signAlgorithm = ALGORITHM_SHA256_WITH_ECDSA; - std::string ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + std::string ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA384_WITH_ECDSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_ECDSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_DSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); EXPECT_EQ(ret, ""); } -- Gitee