From 2701366c3f048179d224e1fb6790cea8b1d34cc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=8F=E6=97=8B=E9=A3=8Elc?= Date: Mon, 28 Oct 2024 13:10:28 +0800 Subject: [PATCH] =?UTF-8?q?Revert=20"!267=20C++=E7=AD=BE=E5=90=8D=E5=B7=A5?= =?UTF-8?q?=E5=85=B7=E6=B6=88=E9=99=A4=E5=BE=AA=E7=8E=AF=E4=BE=9D=E8=B5=96?= =?UTF-8?q?"=20Signed-off-by:=20=20liuchang=20=20T?= =?UTF-8?q?his=20reverts=20commit=2054aa6d6371c261600bae1c819c1f251cc98070?= =?UTF-8?q?7e,=20reversing=20changes=20made=20to=2006d20747187c07a47e807e8?= =?UTF-8?q?1d44f35d0c1067df0.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hapsigntool_cpp/BUILD.gn | 3 +- hapsigntool_cpp/api/include/cert_tools.h | 3 +- .../include/localization_adapter.h | 3 +- hapsigntool_cpp/api/src/cert_tools.cpp | 35 ++-- .../src/localization_adapter.cpp | 4 +- .../{common => cmd}/include/options.h | 0 hapsigntool_cpp/cmd/signature_tools_cmd.gni | 1 + .../{common => cmd}/src/options.cpp | 0 .../sign/src/bc_signeddata_generator.cpp | 8 +- .../codesigning/sign/src/code_signing.cpp | 10 +- .../utils/include/fs_digest_utils.h | 5 - .../codesigning/utils/src/fs_digest_utils.cpp | 8 +- .../common/include/digest_common.h | 64 ------- .../common/signature_tools_common.gni | 3 - .../common/src/byte_buffer_data_source.cpp | 5 +- hapsigntool_cpp/common/src/digest_common.cpp | 173 ------------------ .../common/src/random_access_file.cpp | 5 +- .../hap/config/src/signer_config.cpp | 14 +- .../provider/include/remote_sign_provider.h | 4 +- .../hap/provider/src/remote_sign_provider.cpp | 18 +- .../hap/sign/src/bc_pkcs7_generator.cpp | 7 +- hapsigntool_cpp/hap/sign/src/sign_hap.cpp | 3 +- hapsigntool_cpp/hap/signature_tools_hap.gni | 1 - .../utils/include/dynamic_library_handle.h | 34 ---- .../hap/utils/src/dynamic_library_handle.cpp | 29 --- .../hap/verify/include/verify_hap.h | 1 - hapsigntool_cpp/hap/verify/src/verify_hap.cpp | 28 +-- .../signer/include/signer_factory.h | 1 + hapsigntool_cpp/signer/src/signer_factory.cpp | 7 +- .../include/signature_tools_errno.h | 0 .../include/signature_tools_log.h | 0 .../utils/include/verify_hap_openssl_utils.h | 20 ++ .../utils/src/hap_signer_block_utils.cpp | 17 +- .../utils/src/verify_hap_openssl_utils.cpp | 140 ++++++++++++++ .../hapSign/hap_openssl_utils_test.cpp | 18 +- .../unittest/hapSign/hap_openssl_utils_test.h | 1 - .../unittest/hapSign/hap_sign_test.cpp | 5 +- .../unittest/hapVerify/hap_verify_test.cpp | 9 +- 38 files changed, 247 insertions(+), 440 deletions(-) rename hapsigntool_cpp/{common => api}/include/localization_adapter.h (98%) rename hapsigntool_cpp/{common => api}/src/localization_adapter.cpp (98%) rename hapsigntool_cpp/{common => cmd}/include/options.h (100%) rename hapsigntool_cpp/{common => cmd}/src/options.cpp (100%) delete mode 100644 hapsigntool_cpp/common/include/digest_common.h delete mode 100644 hapsigntool_cpp/common/src/digest_common.cpp delete mode 100644 hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h delete mode 100644 hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp rename hapsigntool_cpp/{common => utils}/include/signature_tools_errno.h (100%) rename hapsigntool_cpp/{common => utils}/include/signature_tools_log.h (100%) diff --git a/hapsigntool_cpp/BUILD.gn b/hapsigntool_cpp/BUILD.gn index a2817c76..9711a538 100644 --- a/hapsigntool_cpp/BUILD.gn +++ b/hapsigntool_cpp/BUILD.gn @@ -49,6 +49,7 @@ signature_tools_main_include = [ signature_tools_main_src = [ "main.cpp", + "${signature_tools_api}/src/localization_adapter.cpp", "${signature_tools_api}/src/sign_tool_service_impl.cpp", "${signature_tools_api}/src/cert_tools.cpp", "${signature_tools_signer}/src/signer_factory.cpp", @@ -105,7 +106,7 @@ ohos_executable("hap-sign-tool") { ] install_images = [ "system" ] - install_enable = false + install_enable = true part_name = "hapsigner" subsystem_name = "developtools" } diff --git a/hapsigntool_cpp/api/include/cert_tools.h b/hapsigntool_cpp/api/include/cert_tools.h index c0b05b60..bf34fded 100644 --- a/hapsigntool_cpp/api/include/cert_tools.h +++ b/hapsigntool_cpp/api/include/cert_tools.h @@ -14,7 +14,6 @@ */ #ifndef SIGNATRUETOOLS_CERT_TOOLS_H #define SIGNATRUETOOLS_CERT_TOOLS_H -#include #include "cert_dn_utils.h" #include "openssl/x509v3.h" @@ -64,7 +63,7 @@ public: static bool SetExpandedInformation(X509* cert, Options* options); static bool SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr, X509_REQ* certReq, EVP_PKEY* keyPair, Options* options); - static bool String2Bool(Options* options, const std::string& option); + static bool PrintCertChainToCmd(std::vector& certChain); CertTools() = default; ~CertTools() = default; }; diff --git a/hapsigntool_cpp/common/include/localization_adapter.h b/hapsigntool_cpp/api/include/localization_adapter.h similarity index 98% rename from hapsigntool_cpp/common/include/localization_adapter.h rename to hapsigntool_cpp/api/include/localization_adapter.h index 141c2ead..d878e7ff 100644 --- a/hapsigntool_cpp/common/include/localization_adapter.h +++ b/hapsigntool_cpp/api/include/localization_adapter.h @@ -26,8 +26,7 @@ #include "key_store_helper.h" #include "cert_dn_utils.h" #include "signature_tools_log.h" -#include "digest_common.h" - +#include "verify_hap_openssl_utils.h" namespace OHOS { namespace SignatureTools { class LocalizationAdapter { diff --git a/hapsigntool_cpp/api/src/cert_tools.cpp b/hapsigntool_cpp/api/src/cert_tools.cpp index 0bac5dd7..cbb0719c 100644 --- a/hapsigntool_cpp/api/src/cert_tools.cpp +++ b/hapsigntool_cpp/api/src/cert_tools.cpp @@ -25,6 +25,7 @@ #include "openssl/asn1.h" #include "signature_tools_log.h" #include "constant.h" +#include "cmd_util.h" namespace OHOS { namespace SignatureTools { @@ -75,7 +76,7 @@ bool CertTools::SaveCertTofile(const std::string& filename, X509* cert) static bool UpdateConstraint(Options* options) { if (options->count(Options::BASIC_CONSTRAINTS)) { - if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS)) { + if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS)) { return false; } } else { @@ -83,7 +84,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CRITICAL)) { - if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { + if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { return false; } } else { @@ -91,7 +92,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CA)) { - if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { + if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { return false; } } else { @@ -852,18 +853,28 @@ err: return nullptr; } -bool CertTools::String2Bool(Options* options, const std::string& option) +bool CertTools::PrintCertChainToCmd(std::vector& certChain) { - std::string val = options->GetString(option); - if (val == "1" || val == "true" || val == "TRUE") { - (*options)[option] = true; - } else if (val == "0" || val == "false" || val == "FALSE") { - (*options)[option] = false; - } else { - PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, - val + "is not valid value for " + "-" + option); + BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); + if (!outFd) { + PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); return false; } + uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 + uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; + int num = 0; + for (auto& cert : certChain) { + PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + + "+++++++++++++++++++++++++++++++++++++"); + if (!X509_print_ex(outFd, cert, format, content)) { + VerifyHapOpensslUtils::GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); + BIO_free(outFd); + return false; + } + ++num; + } + BIO_free(outFd); return true; } } // namespace SignatureTools diff --git a/hapsigntool_cpp/common/src/localization_adapter.cpp b/hapsigntool_cpp/api/src/localization_adapter.cpp similarity index 98% rename from hapsigntool_cpp/common/src/localization_adapter.cpp rename to hapsigntool_cpp/api/src/localization_adapter.cpp index c936c370..ebe1a6f6 100644 --- a/hapsigntool_cpp/common/src/localization_adapter.cpp +++ b/hapsigntool_cpp/api/src/localization_adapter.cpp @@ -262,7 +262,7 @@ std::vector LocalizationAdapter::GetCertsFromFile(std::string& certPath, BIO* bio = BIO_new_file(certPath.c_str(), "rb"); if (!bio) { PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "open file:" + certPath + "failed"); - DigestCommon::GetOpensslErrorMessage(); + VerifyHapOpensslUtils::GetOpensslErrorMessage(); BIO_free(bio); return certs; } @@ -282,7 +282,7 @@ const std::string LocalizationAdapter::GetInFile() bool LocalizationAdapter::IsRemoteSigner() { std::string mode = options->GetString(Options::MODE, LOCAL_SIGN); - return mode == REMOTE_SIGN; + return StringUtils::CaseCompare(mode, REMOTE_SIGN); } Options* LocalizationAdapter::GetOptions() diff --git a/hapsigntool_cpp/common/include/options.h b/hapsigntool_cpp/cmd/include/options.h similarity index 100% rename from hapsigntool_cpp/common/include/options.h rename to hapsigntool_cpp/cmd/include/options.h diff --git a/hapsigntool_cpp/cmd/signature_tools_cmd.gni b/hapsigntool_cpp/cmd/signature_tools_cmd.gni index 12cc9099..16fdb14a 100644 --- a/hapsigntool_cpp/cmd/signature_tools_cmd.gni +++ b/hapsigntool_cpp/cmd/signature_tools_cmd.gni @@ -17,6 +17,7 @@ signature_tools_cmd_include = [ "${signature_tools_cmd}/include" ] signature_tools_cmd_src = [ "${signature_tools_cmd}/src/cmd_util.cpp", "${signature_tools_cmd}/src/params_run_tool.cpp", + "${signature_tools_cmd}/src/options.cpp", "${signature_tools_cmd}/src/params_trust_list.cpp", "${signature_tools_cmd}/src/params.cpp", ] diff --git a/hapsigntool_cpp/common/src/options.cpp b/hapsigntool_cpp/cmd/src/options.cpp similarity index 100% rename from hapsigntool_cpp/common/src/options.cpp rename to hapsigntool_cpp/cmd/src/options.cpp diff --git a/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp b/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp index f5a4a2bb..961b96de 100644 --- a/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/bc_signeddata_generator.cpp @@ -18,8 +18,6 @@ #include "pkcs7_data.h" #include "local_signer.h" #include "signer_config.h" -#include "signer_factory.h" -#include "localization_adapter.h" #include "signature_tools_log.h" #include "signature_algorithm_helper.h" #include "signature_tools_errno.h" @@ -43,11 +41,7 @@ int BCSignedDataGenerator::GenerateSignedData(const std::string& content, "signerConfig is NULL"); return INVALIDPARAM_ERROR; } - Options* options = signerConfig->GetOptions(); - SignerFactory factory; - LocalizationAdapter adapter(options); - std::shared_ptr signer(factory.GetSigner(adapter)); -// std::shared_ptr signer = signerConfig->GetSigner(); + std::shared_ptr signer = signerConfig->GetSigner(); if (signer == NULL) { PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, "signer is NULL"); diff --git a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp index 27544cae..467aacf2 100644 --- a/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp +++ b/hapsigntool_cpp/codesigning/sign/src/code_signing.cpp @@ -20,8 +20,6 @@ #include "fs_verity_descriptor_with_sign.h" #include "verify_code_signature.h" #include "code_signing.h" -#include "signer_factory.h" -#include "localization_adapter.h" namespace OHOS { namespace SignatureTools { @@ -509,13 +507,9 @@ bool CodeSigning::IsNativeFile(const std::string& input) bool CodeSigning::GenerateSignature(const std::vector& signedData, const std::string& ownerID, std::vector& ret) { - Options* options = m_signConfig->GetOptions(); - SignerFactory factory; - LocalizationAdapter adapter(options); - std::shared_ptr signer(factory.GetSigner(adapter)); - if (signer != nullptr) { + if (m_signConfig->GetSigner() != nullptr) { STACK_OF(X509)* certs = NULL; - certs = signer->GetCertificates(); + certs = m_signConfig->GetSigner()->GetCertificates(); if (certs == nullptr) { PrintErrorNumberMsg("SIGN_ERROR", SIGN_ERROR, "No certificates configured for sign."); diff --git a/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h b/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h index 0116a2aa..bdb21d5d 100644 --- a/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h +++ b/hapsigntool_cpp/codesigning/utils/include/fs_digest_utils.h @@ -30,9 +30,6 @@ #include "signature_tools_log.h" -namespace OHOS { -namespace SignatureTools { - using hashFunc = const EVP_MD* (*)(void); enum HashType { @@ -55,6 +52,4 @@ private: EVP_MD_CTX* m_ctx = NULL; HashType m_type; }; -} // namespace SignatureTools -} // namespace OHOS #endif // SIGNATURETOOLS_FS_DIGEST_UTILS_H diff --git a/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp b/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp index 65d54c77..73631cba 100644 --- a/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp +++ b/hapsigntool_cpp/codesigning/utils/src/fs_digest_utils.cpp @@ -15,9 +15,6 @@ #include "fs_digest_utils.h" #include "securec.h" -namespace OHOS { -namespace SignatureTools { - void DigestUtils::AddData(const std::string &data) { AddData(data.data(), (int)data.size()); @@ -84,7 +81,4 @@ DigestUtils::~DigestUtils() if (m_ctx != nullptr) { EVP_MD_CTX_free(m_ctx); } -} - -} // namespace SignatureTools -} // namespace OHOS \ No newline at end of file +} \ No newline at end of file diff --git a/hapsigntool_cpp/common/include/digest_common.h b/hapsigntool_cpp/common/include/digest_common.h deleted file mode 100644 index f0d6b1f7..00000000 --- a/hapsigntool_cpp/common/include/digest_common.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef SIGNATRUETOOLS_DIGEST_UTILS_H -#define SIGNATRUETOOLS_DIGEST_UTILS_H -#include -#include - -#include "byte_buffer.h" -#include "openssl/evp.h" -#include "openssl/ossl_typ.h" -#include "digest_parameter.h" -#include "pkcs7_context.h" -#include "signature_info.h" -#include "export_define.h" -#include "openssl/pkcs7.h" -#include "openssl/safestack.h" - -namespace OHOS { -namespace SignatureTools { - -enum SignatureAlgorithm { - ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, - ALGORITHM_SHA384_WITH_ECDSA, - ALGORITHM_SHA512_WITH_ECDSA, - ALGORITHM_SHA256_WITH_DSA = 0x00000301, - ALGORITHM_SHA384_WITH_DSA, - ALGORITHM_SHA512_WITH_DSA, -}; - -class DigestCommon { -public: - DigestCommon() = delete; - - static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, - const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static bool DigestInit(const DigestParameter& digestParameter); - static bool DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len); - static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); - DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); - static std::string GetDigestAlgorithmString(int32_t signAlgorithm); - static void GetOpensslErrorMessage(); - -private: - static bool CheckDigestParameter(const DigestParameter& digestParameter); - - static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; -}; -} // namespace SignatureTools -} // namespace OHOS -#endif // SIGNATRUETOOLS_VERIFY_OPENSSL_UTILS_H diff --git a/hapsigntool_cpp/common/signature_tools_common.gni b/hapsigntool_cpp/common/signature_tools_common.gni index 9c97041f..ceeec2a6 100644 --- a/hapsigntool_cpp/common/signature_tools_common.gni +++ b/hapsigntool_cpp/common/signature_tools_common.gni @@ -20,7 +20,4 @@ signature_tools_common_src = [ "${signature_tools_common}/src/file_data_source.cpp", "${signature_tools_common}/src/random_access_file.cpp", "${signature_tools_common}/src/digest_parameter.cpp", - "${signature_tools_common}/src/digest_common.cpp", - "${signature_tools_common}/src/localization_adapter.cpp", - "${signature_tools_common}/src/options.cpp", ] diff --git a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp index c9c415c5..fb9a49c4 100644 --- a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp +++ b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp @@ -13,8 +13,7 @@ * limitations under the License. */ #include "byte_buffer_data_source.h" -#include "digest_common.h" -//#include "verify_hap_openssl_utils.h" +#include "verify_hap_openssl_utils.h" namespace OHOS { namespace SignatureTools { @@ -47,7 +46,7 @@ bool ByteBufferDataSource::ReadDataAndDigestUpdate(const DigestParameter& digest { const unsigned char* chunk = reinterpret_cast(bytebuffer.GetBufferPtr() + bytebuffer.GetPosition()); - bool res = DigestCommon::DigestUpdate(digestParam, chunk, chunkSize); + bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, chunk, chunkSize); if (res) { bytebuffer.SetPosition(bytebuffer.GetPosition() + chunkSize); } diff --git a/hapsigntool_cpp/common/src/digest_common.cpp b/hapsigntool_cpp/common/src/digest_common.cpp deleted file mode 100644 index 9889591c..00000000 --- a/hapsigntool_cpp/common/src/digest_common.cpp +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "digest_common.h" -#include "signature_tools_log.h" -#include "openssl/err.h" - -namespace OHOS { -namespace SignatureTools { -const int32_t DigestCommon::OPENSSL_ERR_MESSAGE_MAX_LEN = 1024; - -int32_t DigestCommon::GetDigestAlgorithmOutputSizeBytes(int32_t nId) -{ - return EVP_MD_size(EVP_get_digestbynid(nId)); -} - -bool DigestCommon::CheckDigestParameter(const DigestParameter& digestParameter) -{ - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullptr"); - return false; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ctxPtr is nullptr"); - return false; - } - return true; -} - -bool DigestCommon::DigestInit(const DigestParameter& digestParameter) -{ - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return false; - } - return true; -} - -/* the caller must ensure that EVP_DigestInit was called before calling this function */ -bool DigestCommon::DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len) -{ - if (content == nullptr) { - SIGNATURE_TOOLS_LOGE("content is nullptr"); - return false; - } - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate failed"); - return false; - } - return true; -} - -int32_t DigestCommon::GetDigest(const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - uint32_t outLen = 0; - if (!CheckDigestParameter(digestParameter)) { - return outLen; - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} - -int32_t DigestCommon::GetDigest(const ByteBuffer& chunk, - const std::vector& optionalBlocks, - const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - int32_t chunkLen = chunk.Remaining(); - uint32_t outLen = 0; - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullprt"); - return outLen; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ctxPtr is nullprt"); - return outLen; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return outLen; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); - return outLen; - } - for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { - chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); - if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), - chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); - return outLen; - } - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} - -void DigestCommon::GetOpensslErrorMessage() -{ - unsigned long retOpenssl; - char errOpenssl[OPENSSL_ERR_MESSAGE_MAX_LEN]; - while ((retOpenssl = ERR_get_error()) != 0) { - ERR_error_string(retOpenssl, errOpenssl); - SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); - } -} - -int32_t DigestCommon::GetDigestAlgorithmId(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - case ALGORITHM_SHA256_WITH_DSA: - return NID_sha256; - case ALGORITHM_SHA384_WITH_ECDSA: - case ALGORITHM_SHA384_WITH_DSA: - return NID_sha384; - case ALGORITHM_SHA512_WITH_ECDSA: - case ALGORITHM_SHA512_WITH_DSA: - return NID_sha512; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return NID_undef; - } -} - -std::string DigestCommon::GetDigestAlgorithmString(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - return "SHA-256"; - case ALGORITHM_SHA384_WITH_ECDSA: - return "SHA-384"; - case ALGORITHM_SHA512_WITH_ECDSA: - return "SHA-512"; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return ""; - } -} -} // namespace SignatureTools -} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/common/src/random_access_file.cpp b/hapsigntool_cpp/common/src/random_access_file.cpp index 1a4f569a..9054ae1e 100644 --- a/hapsigntool_cpp/common/src/random_access_file.cpp +++ b/hapsigntool_cpp/common/src/random_access_file.cpp @@ -18,8 +18,7 @@ #include "securec.h" #include "signature_info.h" #include "signature_tools_log.h" -#include "digest_common.h" -//#include "verify_hap_openssl_utils.h" +#include "verify_hap_openssl_utils.h" #include "random_access_file.h" namespace OHOS { @@ -197,7 +196,7 @@ bool RandomAccessFile::ReadFileFromOffsetAndDigestUpdate(const DigestParameter& return false; } unsigned char* content = reinterpret_cast(mmapInfo.mapAddr + mmapInfo.readMoreLen); - bool res = DigestCommon::DigestUpdate(digestParam, content, chunkSize); + bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, content, chunkSize); munmap(mmapInfo.mapAddr, mmapInfo.mmapSize); return res; } diff --git a/hapsigntool_cpp/hap/config/src/signer_config.cpp b/hapsigntool_cpp/hap/config/src/signer_config.cpp index 80facd06..b96f41fe 100644 --- a/hapsigntool_cpp/hap/config/src/signer_config.cpp +++ b/hapsigntool_cpp/hap/config/src/signer_config.cpp @@ -15,8 +15,8 @@ #include #include -// #include "signer_factory.h" -// #include "localization_adapter.h" +#include "signer_factory.h" +#include "localization_adapter.h" #include "signer_config.h" namespace OHOS { @@ -100,11 +100,11 @@ void SignerConfig::FillParameters(const std::map& para std::shared_ptr SignerConfig::GetSigner() { -// if (signer == nullptr) { -// SignerFactory factory; -// LocalizationAdapter adapter(options); -// signer = factory.GetSigner(adapter); -// } + if (signer == nullptr) { + SignerFactory factory; + LocalizationAdapter adapter(options); + signer = factory.GetSigner(adapter); + } return signer; } diff --git a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h index 636077b0..ae3ff6e2 100644 --- a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h +++ b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h @@ -24,10 +24,10 @@ namespace OHOS { namespace SignatureTools { class RemoteSignProvider : public SignProvider { public: - //static void* handle; + static void* handle; RemoteSignProvider() = default; - ~RemoteSignProvider() = default; + ~RemoteSignProvider(); bool CheckParams(Options* options) override; bool CheckInputCertMatchWithProfile(X509* inputCert, X509* certInProfile)const override; }; diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index 7823724d..55b70ecc 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -16,15 +16,15 @@ namespace OHOS { namespace SignatureTools { -//void* RemoteSignProvider::handle = nullptr; -// RemoteSignProvider::~RemoteSignProvider() -// { -// if (handle) { -// if (dlclose(handle) != 0) { -// SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); -// } -// } -// } +void* RemoteSignProvider::handle = nullptr; +RemoteSignProvider::~RemoteSignProvider() +{ + if (handle) { + if (dlclose(handle) != 0) { + SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); + } + } +} bool RemoteSignProvider::CheckParams(Options* options) { diff --git a/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp b/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp index cdb6dff0..b03a24f1 100644 --- a/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp +++ b/hapsigntool_cpp/hap/sign/src/bc_pkcs7_generator.cpp @@ -19,8 +19,6 @@ #include "signature_algorithm_helper.h" #include "bc_signeddata_generator.h" #include "signer_config.h" -#include "signer_factory.h" -#include "localization_adapter.h" #include "signature_tools_errno.h" #include "bc_pkcs7_generator.h" @@ -43,10 +41,7 @@ int BCPkcs7Generator::GenerateSignedData(const std::string& content, PrintErrorNumberMsg("INVALIDPARAM_ERROR", INVALIDPARAM_ERROR, "signerConfig is NULL"); return INVALIDPARAM_ERROR; } - Options* options = signerConfig->GetOptions(); - SignerFactory factory; - LocalizationAdapter adapter(options); - std::shared_ptr signer(factory.GetSigner(adapter)); + std::shared_ptr signer(signerConfig->GetSigner()); if (signer == NULL) { SIGNATURE_TOOLS_LOGE("signer is NULL"); return INVALIDPARAM_ERROR; diff --git a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp index a9e6a68b..bef94866 100644 --- a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp +++ b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp @@ -15,7 +15,6 @@ #include "signature_tools_log.h" #include "signature_algorithm_helper.h" #include "bc_pkcs7_generator.h" -#include "digest_common.h" #include "sign_hap.h" namespace OHOS { @@ -35,7 +34,7 @@ bool SignHap::Sign(DataSource* contents[], int32_t len, SignerConfig& config, } SignatureAlgorithm algo = static_cast(algoClass[0].m_id); SIGNATURE_TOOLS_LOGI("[SignHap] Signature Algorithm is %d", algo); - int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); + int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); ByteBuffer digContext; std::vector> nidAndcontentDigestsVec; diff --git a/hapsigntool_cpp/hap/signature_tools_hap.gni b/hapsigntool_cpp/hap/signature_tools_hap.gni index a87aa41c..22639a77 100644 --- a/hapsigntool_cpp/hap/signature_tools_hap.gni +++ b/hapsigntool_cpp/hap/signature_tools_hap.gni @@ -44,6 +44,5 @@ signature_tools_hap_src = [ "${signature_tools_hap}/sign/src/sign_bin.cpp", "${signature_tools_hap}/sign/src/sign_elf.cpp", "${signature_tools_hap}/utils/src/hap_utils.cpp", - "${signature_tools_hap}/utils/src/dynamic_library_handle.cpp", "${signature_tools_hap}/sign/src/bc_pkcs7_generator.cpp", ] diff --git a/hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h b/hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h deleted file mode 100644 index cdd4dc42..00000000 --- a/hapsigntool_cpp/hap/utils/include/dynamic_library_handle.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SIGNATRUETOOLS_DYNAMIC_LIBRARY_HANDLE_H -#define SIGNATRUETOOLS_DYNAMIC_LIBRARY_HANDLE_H - -#include - -#include "signature_tools_log.h" -#include "params.h" - -namespace OHOS { -namespace SignatureTools { -class DynamicLibraryHandle { -public: - static void* handle; - DynamicLibraryHandle() = default; - ~DynamicLibraryHandle(); -}; -} // namespace SignatureTools -} // namespace OHOS -#endif \ No newline at end of file diff --git a/hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp b/hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp deleted file mode 100644 index 89b6cc25..00000000 --- a/hapsigntool_cpp/hap/utils/src/dynamic_library_handle.cpp +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2024-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - #include "dynamic_library_handle.h" - -namespace OHOS { -namespace SignatureTools { -void* DynamicLibraryHandle::handle = nullptr; -DynamicLibraryHandle::~DynamicLibraryHandle() -{ - if (handle) { - if (dlclose(handle) != 0) { - SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); - } - } -} -} // namespace SignatureTools -} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/hap/verify/include/verify_hap.h b/hapsigntool_cpp/hap/verify/include/verify_hap.h index 86d32a92..aafb3008 100644 --- a/hapsigntool_cpp/hap/verify/include/verify_hap.h +++ b/hapsigntool_cpp/hap/verify/include/verify_hap.h @@ -67,7 +67,6 @@ public: bool VerifyAppPkcs7(Pkcs7Context& pkcs7Context, const ByteBuffer& hapSignatureBlock); DLL_EXPORT bool GetDigestAndAlgorithm(Pkcs7Context& digest); - static bool PrintCertChainToCmd(std::vector& certChain); private: bool isPrintCert; diff --git a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp index da0ee106..8e2c0707 100644 --- a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp +++ b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp @@ -31,6 +31,7 @@ #include "param_constants.h" #include "file_utils.h" #include "nlohmann/json.hpp" +#include "cert_tools.h" #include "verify_hap.h" using namespace nlohmann; @@ -116,7 +117,7 @@ bool VerifyHap::writeOptionalBytesToFile(const OptionalBlock& optionalBlock, con bool VerifyHap::HapOutPutCertChain(std::vector& certs, const std::string& outPutPath) { if (isPrintCert) { - if (!PrintCertChainToCmd(certs)) { + if (!CertTools::PrintCertChainToCmd(certs)) { SIGNATURE_TOOLS_LOGE("print cert chain to cmd failed\n"); return false; } @@ -406,30 +407,5 @@ int32_t VerifyHap::WriteVerifyOutput(Pkcs7Context& pkcs7Context, std::vector& certChain) -{ - BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); - if (!outFd) { - PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); - return false; - } - uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 - uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; - int num = 0; - for (auto& cert : certChain) { - PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + - "+++++++++++++++++++++++++++++++++++++"); - if (!X509_print_ex(outFd, cert, format, content)) { - VerifyHapOpensslUtils::GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); - BIO_free(outFd); - return false; - } - ++num; - } - BIO_free(outFd); - return true; -} } // namespace SignatureTools } // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/signer/include/signer_factory.h b/hapsigntool_cpp/signer/include/signer_factory.h index f6ec29ac..01604bb8 100644 --- a/hapsigntool_cpp/signer/include/signer_factory.h +++ b/hapsigntool_cpp/signer/include/signer_factory.h @@ -20,6 +20,7 @@ #include "local_signer.h" #include "localization_adapter.h" #include "param_constants.h" +#include "remote_sign_provider.h" namespace OHOS { namespace SignatureTools { diff --git a/hapsigntool_cpp/signer/src/signer_factory.cpp b/hapsigntool_cpp/signer/src/signer_factory.cpp index 07f0d84d..eeedb350 100644 --- a/hapsigntool_cpp/signer/src/signer_factory.cpp +++ b/hapsigntool_cpp/signer/src/signer_factory.cpp @@ -13,7 +13,6 @@ * limitations under the License. */ #include "signer_factory.h" -#include "dynamic_library_handle.h" namespace OHOS { namespace SignatureTools { @@ -52,8 +51,8 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada char* userPwd = adapter.GetOptions()->GetChars(ParamConstants::PARAM_REMOTE_USERPWD); // open so - DynamicLibraryHandle::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); - if (!DynamicLibraryHandle::handle) { + RemoteSignProvider::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); + if (!RemoteSignProvider::handle) { PrintErrorNumberMsg("LoadRemoteSigner", RET_FAILED, dlerror()); return nullptr; } @@ -62,7 +61,7 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada dlerror(); // get "Create" function - RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(DynamicLibraryHandle::handle, "Create"); + RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(RemoteSignProvider::handle, "Create"); char* error = nullptr; if ((error = dlerror()) != NULL) { SIGNATURE_TOOLS_LOGE("%s", error); diff --git a/hapsigntool_cpp/common/include/signature_tools_errno.h b/hapsigntool_cpp/utils/include/signature_tools_errno.h similarity index 100% rename from hapsigntool_cpp/common/include/signature_tools_errno.h rename to hapsigntool_cpp/utils/include/signature_tools_errno.h diff --git a/hapsigntool_cpp/common/include/signature_tools_log.h b/hapsigntool_cpp/utils/include/signature_tools_log.h similarity index 100% rename from hapsigntool_cpp/common/include/signature_tools_log.h rename to hapsigntool_cpp/utils/include/signature_tools_log.h diff --git a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h index bbe552dd..43ecccda 100644 --- a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h +++ b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h @@ -31,6 +31,15 @@ namespace OHOS { namespace SignatureTools { +enum SignatureAlgorithm { + ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, + ALGORITHM_SHA384_WITH_ECDSA, + ALGORITHM_SHA512_WITH_ECDSA, + ALGORITHM_SHA256_WITH_DSA = 0x00000301, + ALGORITHM_SHA384_WITH_DSA, + ALGORITHM_SHA512_WITH_DSA, +}; + class VerifyHapOpensslUtils { public: VerifyHapOpensslUtils() = delete; @@ -41,6 +50,15 @@ public: DLL_EXPORT static bool GetCrlStack(PKCS7* p7, STACK_OF(X509_CRL)* x509Crl); DLL_EXPORT static bool VerifyPkcs7(Pkcs7Context& pkcs7Context); + static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, + const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static bool DigestInit(const DigestParameter& digestParameter); + static bool DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len); + static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); + DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); + static std::string GetDigestAlgorithmString(int32_t signAlgorithm); static void GetOpensslErrorMessage(); private: @@ -52,6 +70,8 @@ private: static bool GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffer& content); static bool CheckPkcs7SignedDataIsValid(const PKCS7* p7); + static bool CheckDigestParameter(const DigestParameter& digestParameter); + static const int32_t OPENSSL_PKCS7_VERIFY_SUCCESS; static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; static const int32_t OPENSSL_READ_DATA_MAX_TIME; diff --git a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp index 81f3c0b3..c150e4fe 100644 --- a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp +++ b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp @@ -24,8 +24,7 @@ #include "securec.h" #include "byte_buffer_data_source.h" #include "file_data_source.h" -#include "digest_common.h" -//#include "verify_hap_openssl_utils.h" +#include "verify_hap_openssl_utils.h" #include "signature_tools_log.h" #include "signature_tools_errno.h" @@ -454,7 +453,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( FileDataSource centralDir(hapFile, signInfo.hapCentralDirOffset, centralDirSize, 0); ByteBufferDataSource eocd(signInfo.hapEocd); DataSource* content[ZIP_BLOCKS_NUM_NEED_DIGEST] = {&contentsZip, ¢ralDir, &eocd}; - int32_t nId = DigestCommon::GetDigestAlgorithmId(digestInfo.digestAlgorithm); + int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(digestInfo.digestAlgorithm); DigestParameter digestParam = GetDigestParameter(nId); ByteBuffer chunkDigest; if (!ComputeDigestsForEachChunk(digestParam, content, ZIP_BLOCKS_NUM_NEED_DIGEST, chunkDigest)) { @@ -473,7 +472,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( return false; } PrintMsg(std::string("Digest verify result: ") + "success" + ", DigestAlgorithm: " - + DigestCommon::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); + + VerifyHapOpensslUtils::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); return true; } @@ -484,7 +483,7 @@ bool HapSignerBlockUtils::ComputeDigestsWithOptionalBlock(const DigestParameter& ByteBuffer& finalDigest) { unsigned char out[EVP_MAX_MD_SIZE]; - int32_t digestLen = DigestCommon::GetDigest(chunkDigest, optionalBlocks, digestParam, out); + int32_t digestLen = VerifyHapOpensslUtils::GetDigest(chunkDigest, optionalBlocks, digestParam, out); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed, outLen is not right, %u, %d", digestLen, digestParam.digestOutputSizeBytes); @@ -559,7 +558,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige return false; } - int32_t digestLen = DigestCommon::GetDigest(digestParam, outBlock); + int32_t digestLen = VerifyHapOpensslUtils::GetDigest(digestParam, outBlock); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed len: %d digestSizeBytes: %d", digestLen, digestParam.digestOutputSizeBytes); @@ -576,7 +575,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige DigestParameter HapSignerBlockUtils::GetDigestParameter(int32_t nId) { DigestParameter digestParam; - digestParam.digestOutputSizeBytes = DigestCommon::GetDigestAlgorithmOutputSizeBytes(nId); + digestParam.digestOutputSizeBytes = VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(nId); digestParam.md = EVP_get_digestbynid(nId); digestParam.ctxPtr = EVP_MD_CTX_create(); EVP_MD_CTX_init(digestParam.ctxPtr); @@ -607,12 +606,12 @@ bool HapSignerBlockUtils::InitDigestPrefix(const DigestParameter& digestParam, return false; } - if (!DigestCommon::DigestInit(digestParam)) { + if (!VerifyHapOpensslUtils::DigestInit(digestParam)) { SIGNATURE_TOOLS_LOGE("DigestInit failed"); return false; } - if (!DigestCommon::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { + if (!VerifyHapOpensslUtils::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { SIGNATURE_TOOLS_LOGE("DigestUpdate failed"); return false; } diff --git a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp index 4580a9d9..3c99e2a1 100644 --- a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp +++ b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp @@ -243,6 +243,113 @@ bool VerifyHapOpensslUtils::GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffe return true; } +int32_t VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(int32_t nId) +{ + return EVP_MD_size(EVP_get_digestbynid(nId)); +} + +bool VerifyHapOpensslUtils::CheckDigestParameter(const DigestParameter& digestParameter) +{ + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullptr"); + return false; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); + return false; + } + return true; +} + +bool VerifyHapOpensslUtils::DigestInit(const DigestParameter& digestParameter) +{ + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return false; + } + return true; +} + +/* the caller must ensure that EVP_DigestInit was called before calling this function */ +bool VerifyHapOpensslUtils::DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len) +{ + if (content == nullptr) { + SIGNATURE_TOOLS_LOGE("content is nullptr"); + return false; + } + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); + return false; + } + return true; +} + +int32_t VerifyHapOpensslUtils::GetDigest(const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + uint32_t outLen = 0; + if (!CheckDigestParameter(digestParameter)) { + return outLen; + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + +int32_t VerifyHapOpensslUtils::GetDigest(const ByteBuffer& chunk, + const std::vector& optionalBlocks, + const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + int32_t chunkLen = chunk.Remaining(); + uint32_t outLen = 0; + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullprt"); + return outLen; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); + return outLen; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return outLen; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); + return outLen; + } + for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { + chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); + if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), + chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); + return outLen; + } + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + void VerifyHapOpensslUtils::GetOpensslErrorMessage() { unsigned long retOpenssl; @@ -252,5 +359,38 @@ void VerifyHapOpensslUtils::GetOpensslErrorMessage() SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); } } + +int32_t VerifyHapOpensslUtils::GetDigestAlgorithmId(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + case ALGORITHM_SHA256_WITH_DSA: + return NID_sha256; + case ALGORITHM_SHA384_WITH_ECDSA: + case ALGORITHM_SHA384_WITH_DSA: + return NID_sha384; + case ALGORITHM_SHA512_WITH_ECDSA: + case ALGORITHM_SHA512_WITH_DSA: + return NID_sha512; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return NID_undef; + } +} + +std::string VerifyHapOpensslUtils::GetDigestAlgorithmString(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + return "SHA-256"; + case ALGORITHM_SHA384_WITH_ECDSA: + return "SHA-384"; + case ALGORITHM_SHA512_WITH_ECDSA: + return "SHA-512"; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return ""; + } +} } // namespace SignatureTools } // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp index d175f075..a9cc2a4f 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp @@ -30,7 +30,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_001, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; - bool ret = DigestCommon::DigestInit(parameter); + bool ret = VerifyHapOpensslUtils::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -45,7 +45,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_002, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; parameter.md = EVP_sha256(); - bool ret = DigestCommon::DigestInit(parameter); + bool ret = VerifyHapOpensslUtils::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -61,7 +61,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_003, testing::ext::TestSize parameter.md = EVP_sha256(); const unsigned char content[] = "123"; int32_t len = 5; - bool ret = DigestCommon::DigestUpdate(parameter, content, len); + bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, content, len); EXPECT_EQ(ret, false); } @@ -76,7 +76,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_004, testing::ext::TestSize DigestParameter parameter; parameter.md = EVP_sha256(); int32_t len = 5; - bool ret = DigestCommon::DigestUpdate(parameter, nullptr, len); + bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, nullptr, len); EXPECT_EQ(ret, false); } @@ -90,7 +90,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_005, testing::ext::TestSize { DigestParameter parameter; unsigned char dig[EVP_MAX_MD_SIZE]; - int32_t ret = DigestCommon::GetDigest(parameter, dig); + int32_t ret = VerifyHapOpensslUtils::GetDigest(parameter, dig); EXPECT_EQ(ret, 0); } @@ -107,7 +107,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_006, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -127,7 +127,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -139,9 +139,9 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize */ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_008, testing::ext::TestSize.Level1) { - int32_t digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); + int32_t digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); EXPECT_EQ(digId, NID_sha384); - digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); + digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); EXPECT_EQ(digId, NID_sha512); } diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h index d533d329..0b460b76 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h @@ -20,7 +20,6 @@ #include "sign_tool_service_impl.h" #include "signature_tools_log.h" #include "verify_hap_openssl_utils.h" -#include "digest_common.h" #include namespace OHOS { diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp index d4ecb7f3..617251aa 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp @@ -19,7 +19,6 @@ #include "sign_provider.h" #include "sign_tool_service_impl.h" #include "remote_sign_provider.h" -#include "digest_common.h" #include "hap_sign_test.h" #include @@ -544,7 +543,7 @@ HWTEST_F(HapSignTest, hap_sign_test_012, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); + int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); bool ret = SignHap::ComputeDigests(digestParam, contents, len, optionalBlocks, dig_context); @@ -1134,7 +1133,7 @@ HWTEST_F(HapSignTest, hap_sign_test_026, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); + int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); SignerConfig config; diff --git a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp index 4a0b1494..ee6e9b91 100644 --- a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp @@ -34,7 +34,6 @@ #include "hap_utils.h" #include "cert_dn_utils.h" #include "signer_config.h" -#include "digest_common.h" using namespace testing::ext; @@ -900,15 +899,15 @@ HWTEST_F(VerifyHapTest, VerifyHapError018, TestSize.Level0) HWTEST_F(VerifyHapTest, VerifyHapError019, TestSize.Level0) { int32_t signAlgorithm = ALGORITHM_SHA256_WITH_ECDSA; - std::string ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); + std::string ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA384_WITH_ECDSA; - ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); + ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_ECDSA; - ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); + ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_DSA; - ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); + ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); EXPECT_EQ(ret, ""); } -- Gitee