From bc18b07dcddf4643a8f80996e8ab2431e8d7fc5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=8F=E6=97=8B=E9=A3=8Elc?= Date: Thu, 31 Oct 2024 21:08:19 +0800 Subject: [PATCH] =?UTF-8?q?C++=E7=AD=BE=E5=90=8D=E5=B7=A5=E5=85=B7?= =?UTF-8?q?=E6=B6=88=E9=99=A4=E5=BE=AA=E7=8E=AF=E4=BE=9D=E8=B5=96=20Signed?= =?UTF-8?q?-off-by:=20liuchang=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hapsigntool_cpp/BUILD.gn | 3 +- hapsigntool_cpp/api/include/cert_tools.h | 3 +- hapsigntool_cpp/api/src/cert_tools.cpp | 46 ++--- hapsigntool_cpp/cmd/signature_tools_cmd.gni | 1 - .../common/include/digest_common.h | 64 +++++++ .../include/localization_adapter.h | 2 +- .../{cmd => common}/include/options.h | 0 .../include/signature_tools_errno.h | 0 .../include/signature_tools_log.h | 0 .../common/signature_tools_common.gni | 3 + .../common/src/byte_buffer_data_source.cpp | 4 +- hapsigntool_cpp/common/src/digest_common.cpp | 173 ++++++++++++++++++ .../src/localization_adapter.cpp | 4 +- .../{cmd => common}/src/options.cpp | 0 .../common/src/random_access_file.cpp | 4 +- .../provider/include/remote_sign_provider.h | 4 +- .../hap/provider/src/remote_sign_provider.cpp | 10 - hapsigntool_cpp/hap/sign/src/sign_hap.cpp | 3 +- hapsigntool_cpp/hap/signature_tools_hap.gni | 1 + .../hap/utils/include/dynamic_lib_handle.h | 34 ++++ .../hap/utils/src/dynamic_lib_handle.cpp | 29 +++ .../hap/verify/include/verify_hap.h | 1 + hapsigntool_cpp/hap/verify/src/verify_hap.cpp | 28 ++- .../signer/include/signer_factory.h | 1 - hapsigntool_cpp/signer/src/signer_factory.cpp | 7 +- .../utils/include/verify_hap_openssl_utils.h | 20 -- .../utils/src/hap_signer_block_utils.cpp | 16 +- .../utils/src/verify_hap_openssl_utils.cpp | 140 -------------- hapsigntool_cpp_test/BUILD.gn | 1 - .../hapSign/hap_openssl_utils_test.cpp | 18 +- .../unittest/hapSign/hap_openssl_utils_test.h | 1 + .../unittest/hapSign/hap_sign_test.cpp | 5 +- .../unittest/hapVerify/hap_verify_test.cpp | 9 +- 33 files changed, 392 insertions(+), 243 deletions(-) create mode 100644 hapsigntool_cpp/common/include/digest_common.h rename hapsigntool_cpp/{api => common}/include/localization_adapter.h (98%) rename hapsigntool_cpp/{cmd => common}/include/options.h (100%) rename hapsigntool_cpp/{utils => common}/include/signature_tools_errno.h (100%) rename hapsigntool_cpp/{utils => common}/include/signature_tools_log.h (100%) create mode 100644 hapsigntool_cpp/common/src/digest_common.cpp rename hapsigntool_cpp/{api => common}/src/localization_adapter.cpp (98%) rename hapsigntool_cpp/{cmd => common}/src/options.cpp (100%) create mode 100644 hapsigntool_cpp/hap/utils/include/dynamic_lib_handle.h create mode 100644 hapsigntool_cpp/hap/utils/src/dynamic_lib_handle.cpp diff --git a/hapsigntool_cpp/BUILD.gn b/hapsigntool_cpp/BUILD.gn index 9711a538..a2817c76 100644 --- a/hapsigntool_cpp/BUILD.gn +++ b/hapsigntool_cpp/BUILD.gn @@ -49,7 +49,6 @@ signature_tools_main_include = [ signature_tools_main_src = [ "main.cpp", - "${signature_tools_api}/src/localization_adapter.cpp", "${signature_tools_api}/src/sign_tool_service_impl.cpp", "${signature_tools_api}/src/cert_tools.cpp", "${signature_tools_signer}/src/signer_factory.cpp", @@ -106,7 +105,7 @@ ohos_executable("hap-sign-tool") { ] install_images = [ "system" ] - install_enable = true + install_enable = false part_name = "hapsigner" subsystem_name = "developtools" } diff --git a/hapsigntool_cpp/api/include/cert_tools.h b/hapsigntool_cpp/api/include/cert_tools.h index bf34fded..c0b05b60 100644 --- a/hapsigntool_cpp/api/include/cert_tools.h +++ b/hapsigntool_cpp/api/include/cert_tools.h @@ -14,6 +14,7 @@ */ #ifndef SIGNATRUETOOLS_CERT_TOOLS_H #define SIGNATRUETOOLS_CERT_TOOLS_H +#include #include "cert_dn_utils.h" #include "openssl/x509v3.h" @@ -63,7 +64,7 @@ public: static bool SetExpandedInformation(X509* cert, Options* options); static bool SetPubkeyAndSignCert(X509* cert, X509_REQ* issuercsr, X509_REQ* certReq, EVP_PKEY* keyPair, Options* options); - static bool PrintCertChainToCmd(std::vector& certChain); + static bool String2Bool(Options* options, const std::string& option); CertTools() = default; ~CertTools() = default; }; diff --git a/hapsigntool_cpp/api/src/cert_tools.cpp b/hapsigntool_cpp/api/src/cert_tools.cpp index cbb0719c..4a003f89 100644 --- a/hapsigntool_cpp/api/src/cert_tools.cpp +++ b/hapsigntool_cpp/api/src/cert_tools.cpp @@ -25,7 +25,6 @@ #include "openssl/asn1.h" #include "signature_tools_log.h" #include "constant.h" -#include "cmd_util.h" namespace OHOS { namespace SignatureTools { @@ -76,7 +75,7 @@ bool CertTools::SaveCertTofile(const std::string& filename, X509* cert) static bool UpdateConstraint(Options* options) { if (options->count(Options::BASIC_CONSTRAINTS)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS)) { return false; } } else { @@ -84,7 +83,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CRITICAL)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CRITICAL)) { return false; } } else { @@ -92,7 +91,7 @@ static bool UpdateConstraint(Options* options) } if (options->count(Options::BASIC_CONSTRAINTS_CA)) { - if (!CmdUtil::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { + if (!CertTools::String2Bool(options, Options::BASIC_CONSTRAINTS_CA)) { return false; } } else { @@ -101,6 +100,21 @@ static bool UpdateConstraint(Options* options) return true; } +bool CertTools::String2Bool(Options* options, const std::string& option) +{ + std::string val = options->GetString(option); + if (val == "1" || val == "true" || val == "TRUE") { + (*options)[option] = true; + } else if (val == "0" || val == "false" || val == "FALSE") { + (*options)[option] = false; + } else { + PrintErrorNumberMsg("COMMAND_PARAM_ERROR", COMMAND_PARAM_ERROR, + val + "is not valid value for " + "-" + option); + return false; + } + return true; +} + bool CertTools::SetBisicConstraints(Options* options, X509* cert) { if (!UpdateConstraint(options)) { @@ -853,30 +867,6 @@ err: return nullptr; } -bool CertTools::PrintCertChainToCmd(std::vector& certChain) -{ - BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); - if (!outFd) { - PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); - return false; - } - uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 - uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; - int num = 0; - for (auto& cert : certChain) { - PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + - "+++++++++++++++++++++++++++++++++++++"); - if (!X509_print_ex(outFd, cert, format, content)) { - VerifyHapOpensslUtils::GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); - BIO_free(outFd); - return false; - } - ++num; - } - BIO_free(outFd); - return true; -} } // namespace SignatureTools } // namespace OHOS diff --git a/hapsigntool_cpp/cmd/signature_tools_cmd.gni b/hapsigntool_cpp/cmd/signature_tools_cmd.gni index 16fdb14a..12cc9099 100644 --- a/hapsigntool_cpp/cmd/signature_tools_cmd.gni +++ b/hapsigntool_cpp/cmd/signature_tools_cmd.gni @@ -17,7 +17,6 @@ signature_tools_cmd_include = [ "${signature_tools_cmd}/include" ] signature_tools_cmd_src = [ "${signature_tools_cmd}/src/cmd_util.cpp", "${signature_tools_cmd}/src/params_run_tool.cpp", - "${signature_tools_cmd}/src/options.cpp", "${signature_tools_cmd}/src/params_trust_list.cpp", "${signature_tools_cmd}/src/params.cpp", ] diff --git a/hapsigntool_cpp/common/include/digest_common.h b/hapsigntool_cpp/common/include/digest_common.h new file mode 100644 index 00000000..f0d6b1f7 --- /dev/null +++ b/hapsigntool_cpp/common/include/digest_common.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef SIGNATRUETOOLS_DIGEST_UTILS_H +#define SIGNATRUETOOLS_DIGEST_UTILS_H +#include +#include + +#include "byte_buffer.h" +#include "openssl/evp.h" +#include "openssl/ossl_typ.h" +#include "digest_parameter.h" +#include "pkcs7_context.h" +#include "signature_info.h" +#include "export_define.h" +#include "openssl/pkcs7.h" +#include "openssl/safestack.h" + +namespace OHOS { +namespace SignatureTools { + +enum SignatureAlgorithm { + ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, + ALGORITHM_SHA384_WITH_ECDSA, + ALGORITHM_SHA512_WITH_ECDSA, + ALGORITHM_SHA256_WITH_DSA = 0x00000301, + ALGORITHM_SHA384_WITH_DSA, + ALGORITHM_SHA512_WITH_DSA, +}; + +class DigestCommon { +public: + DigestCommon() = delete; + + static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, + const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static bool DigestInit(const DigestParameter& digestParameter); + static bool DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len); + static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); + static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); + DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); + static std::string GetDigestAlgorithmString(int32_t signAlgorithm); + static void GetOpensslErrorMessage(); + +private: + static bool CheckDigestParameter(const DigestParameter& digestParameter); + + static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; +}; +} // namespace SignatureTools +} // namespace OHOS +#endif // SIGNATRUETOOLS_VERIFY_OPENSSL_UTILS_H diff --git a/hapsigntool_cpp/api/include/localization_adapter.h b/hapsigntool_cpp/common/include/localization_adapter.h similarity index 98% rename from hapsigntool_cpp/api/include/localization_adapter.h rename to hapsigntool_cpp/common/include/localization_adapter.h index d878e7ff..b2fa373e 100644 --- a/hapsigntool_cpp/api/include/localization_adapter.h +++ b/hapsigntool_cpp/common/include/localization_adapter.h @@ -26,7 +26,7 @@ #include "key_store_helper.h" #include "cert_dn_utils.h" #include "signature_tools_log.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" namespace OHOS { namespace SignatureTools { class LocalizationAdapter { diff --git a/hapsigntool_cpp/cmd/include/options.h b/hapsigntool_cpp/common/include/options.h similarity index 100% rename from hapsigntool_cpp/cmd/include/options.h rename to hapsigntool_cpp/common/include/options.h diff --git a/hapsigntool_cpp/utils/include/signature_tools_errno.h b/hapsigntool_cpp/common/include/signature_tools_errno.h similarity index 100% rename from hapsigntool_cpp/utils/include/signature_tools_errno.h rename to hapsigntool_cpp/common/include/signature_tools_errno.h diff --git a/hapsigntool_cpp/utils/include/signature_tools_log.h b/hapsigntool_cpp/common/include/signature_tools_log.h similarity index 100% rename from hapsigntool_cpp/utils/include/signature_tools_log.h rename to hapsigntool_cpp/common/include/signature_tools_log.h diff --git a/hapsigntool_cpp/common/signature_tools_common.gni b/hapsigntool_cpp/common/signature_tools_common.gni index ceeec2a6..9c97041f 100644 --- a/hapsigntool_cpp/common/signature_tools_common.gni +++ b/hapsigntool_cpp/common/signature_tools_common.gni @@ -20,4 +20,7 @@ signature_tools_common_src = [ "${signature_tools_common}/src/file_data_source.cpp", "${signature_tools_common}/src/random_access_file.cpp", "${signature_tools_common}/src/digest_parameter.cpp", + "${signature_tools_common}/src/digest_common.cpp", + "${signature_tools_common}/src/localization_adapter.cpp", + "${signature_tools_common}/src/options.cpp", ] diff --git a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp index fb9a49c4..16808ccd 100644 --- a/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp +++ b/hapsigntool_cpp/common/src/byte_buffer_data_source.cpp @@ -13,7 +13,7 @@ * limitations under the License. */ #include "byte_buffer_data_source.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" namespace OHOS { namespace SignatureTools { @@ -46,7 +46,7 @@ bool ByteBufferDataSource::ReadDataAndDigestUpdate(const DigestParameter& digest { const unsigned char* chunk = reinterpret_cast(bytebuffer.GetBufferPtr() + bytebuffer.GetPosition()); - bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, chunk, chunkSize); + bool res = DigestCommon::DigestUpdate(digestParam, chunk, chunkSize); if (res) { bytebuffer.SetPosition(bytebuffer.GetPosition() + chunkSize); } diff --git a/hapsigntool_cpp/common/src/digest_common.cpp b/hapsigntool_cpp/common/src/digest_common.cpp new file mode 100644 index 00000000..b67653fa --- /dev/null +++ b/hapsigntool_cpp/common/src/digest_common.cpp @@ -0,0 +1,173 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "digest_common.h" +#include "signature_tools_log.h" +#include "openssl/err.h" + +namespace OHOS { +namespace SignatureTools { +const int32_t DigestCommon::OPENSSL_ERR_MESSAGE_MAX_LEN = 1024; + +int32_t DigestCommon::GetDigestAlgorithmOutputSizeBytes(int32_t nId) +{ + return EVP_MD_size(EVP_get_digestbynid(nId)); +} + +bool DigestCommon::CheckDigestParameter(const DigestParameter& digestParameter) +{ + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullptr"); + return false; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ctxPtr is nullptr"); + return false; + } + return true; +} + +bool DigestCommon::DigestInit(const DigestParameter& digestParameter) +{ + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return false; + } + return true; +} + +/* the caller must ensure that EVP_DigestInit was called before calling this function */ +bool DigestCommon::DigestUpdate(const DigestParameter& digestParameter, + const unsigned char content[], int32_t len) +{ + if (content == nullptr) { + SIGNATURE_TOOLS_LOGE("content is nullptr"); + return false; + } + if (!CheckDigestParameter(digestParameter)) { + return false; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate failed"); + return false; + } + return true; +} + +int32_t DigestCommon::GetDigest(const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + uint32_t outLen = 0; + if (!CheckDigestParameter(digestParameter)) { + return outLen; + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + +int32_t DigestCommon::GetDigest(const ByteBuffer& chunk, + const std::vector& optionalBlocks, + const DigestParameter& digestParameter, + unsigned char(&out)[EVP_MAX_MD_SIZE]) +{ + int32_t chunkLen = chunk.Remaining(); + uint32_t outLen = 0; + if (digestParameter.md == nullptr) { + SIGNATURE_TOOLS_LOGE("md is nullprt"); + return outLen; + } + if (digestParameter.ctxPtr == nullptr) { + SIGNATURE_TOOLS_LOGE("ctxPtr is nullprt"); + return outLen; + } + if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); + return outLen; + } + if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); + return outLen; + } + for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { + chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); + if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), + chunkLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); + return outLen; + } + } + if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { + GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); + outLen = 0; + } + return outLen; +} + +void DigestCommon::GetOpensslErrorMessage() +{ + unsigned long retOpenssl; + char errOpenssl[OPENSSL_ERR_MESSAGE_MAX_LEN]; + while ((retOpenssl = ERR_get_error()) != 0) { + ERR_error_string(retOpenssl, errOpenssl); + SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); + } +} + +int32_t DigestCommon::GetDigestAlgorithmId(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + case ALGORITHM_SHA256_WITH_DSA: + return NID_sha256; + case ALGORITHM_SHA384_WITH_ECDSA: + case ALGORITHM_SHA384_WITH_DSA: + return NID_sha384; + case ALGORITHM_SHA512_WITH_ECDSA: + case ALGORITHM_SHA512_WITH_DSA: + return NID_sha512; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return NID_undef; + } +} + +std::string DigestCommon::GetDigestAlgorithmString(int32_t signAlgorithm) +{ + switch (signAlgorithm) { + case ALGORITHM_SHA256_WITH_ECDSA: + return "SHA-256"; + case ALGORITHM_SHA384_WITH_ECDSA: + return "SHA-384"; + case ALGORITHM_SHA512_WITH_ECDSA: + return "SHA-512"; + default: + SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); + return ""; + } +} +} // namespace SignatureTools +} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/api/src/localization_adapter.cpp b/hapsigntool_cpp/common/src/localization_adapter.cpp similarity index 98% rename from hapsigntool_cpp/api/src/localization_adapter.cpp rename to hapsigntool_cpp/common/src/localization_adapter.cpp index ebe1a6f6..c936c370 100644 --- a/hapsigntool_cpp/api/src/localization_adapter.cpp +++ b/hapsigntool_cpp/common/src/localization_adapter.cpp @@ -262,7 +262,7 @@ std::vector LocalizationAdapter::GetCertsFromFile(std::string& certPath, BIO* bio = BIO_new_file(certPath.c_str(), "rb"); if (!bio) { PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "open file:" + certPath + "failed"); - VerifyHapOpensslUtils::GetOpensslErrorMessage(); + DigestCommon::GetOpensslErrorMessage(); BIO_free(bio); return certs; } @@ -282,7 +282,7 @@ const std::string LocalizationAdapter::GetInFile() bool LocalizationAdapter::IsRemoteSigner() { std::string mode = options->GetString(Options::MODE, LOCAL_SIGN); - return StringUtils::CaseCompare(mode, REMOTE_SIGN); + return mode == REMOTE_SIGN; } Options* LocalizationAdapter::GetOptions() diff --git a/hapsigntool_cpp/cmd/src/options.cpp b/hapsigntool_cpp/common/src/options.cpp similarity index 100% rename from hapsigntool_cpp/cmd/src/options.cpp rename to hapsigntool_cpp/common/src/options.cpp diff --git a/hapsigntool_cpp/common/src/random_access_file.cpp b/hapsigntool_cpp/common/src/random_access_file.cpp index 9054ae1e..1ac09a0a 100644 --- a/hapsigntool_cpp/common/src/random_access_file.cpp +++ b/hapsigntool_cpp/common/src/random_access_file.cpp @@ -18,7 +18,7 @@ #include "securec.h" #include "signature_info.h" #include "signature_tools_log.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" #include "random_access_file.h" namespace OHOS { @@ -196,7 +196,7 @@ bool RandomAccessFile::ReadFileFromOffsetAndDigestUpdate(const DigestParameter& return false; } unsigned char* content = reinterpret_cast(mmapInfo.mapAddr + mmapInfo.readMoreLen); - bool res = VerifyHapOpensslUtils::DigestUpdate(digestParam, content, chunkSize); + bool res = DigestCommon::DigestUpdate(digestParam, content, chunkSize); munmap(mmapInfo.mapAddr, mmapInfo.mmapSize); return res; } diff --git a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h index ae3ff6e2..d8dbde6a 100644 --- a/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h +++ b/hapsigntool_cpp/hap/provider/include/remote_sign_provider.h @@ -24,10 +24,8 @@ namespace OHOS { namespace SignatureTools { class RemoteSignProvider : public SignProvider { public: - static void* handle; - RemoteSignProvider() = default; - ~RemoteSignProvider(); + ~RemoteSignProvider() = default; bool CheckParams(Options* options) override; bool CheckInputCertMatchWithProfile(X509* inputCert, X509* certInProfile)const override; }; diff --git a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp index 55b70ecc..367d6945 100644 --- a/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp +++ b/hapsigntool_cpp/hap/provider/src/remote_sign_provider.cpp @@ -16,16 +16,6 @@ namespace OHOS { namespace SignatureTools { -void* RemoteSignProvider::handle = nullptr; -RemoteSignProvider::~RemoteSignProvider() -{ - if (handle) { - if (dlclose(handle) != 0) { - SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); - } - } -} - bool RemoteSignProvider::CheckParams(Options* options) { if (!SignProvider::CheckParams(options)) { diff --git a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp index bef94866..a9e6a68b 100644 --- a/hapsigntool_cpp/hap/sign/src/sign_hap.cpp +++ b/hapsigntool_cpp/hap/sign/src/sign_hap.cpp @@ -15,6 +15,7 @@ #include "signature_tools_log.h" #include "signature_algorithm_helper.h" #include "bc_pkcs7_generator.h" +#include "digest_common.h" #include "sign_hap.h" namespace OHOS { @@ -34,7 +35,7 @@ bool SignHap::Sign(DataSource* contents[], int32_t len, SignerConfig& config, } SignatureAlgorithm algo = static_cast(algoClass[0].m_id); SIGNATURE_TOOLS_LOGI("[SignHap] Signature Algorithm is %d", algo); - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); ByteBuffer digContext; std::vector> nidAndcontentDigestsVec; diff --git a/hapsigntool_cpp/hap/signature_tools_hap.gni b/hapsigntool_cpp/hap/signature_tools_hap.gni index 22639a77..8faa8efb 100644 --- a/hapsigntool_cpp/hap/signature_tools_hap.gni +++ b/hapsigntool_cpp/hap/signature_tools_hap.gni @@ -44,5 +44,6 @@ signature_tools_hap_src = [ "${signature_tools_hap}/sign/src/sign_bin.cpp", "${signature_tools_hap}/sign/src/sign_elf.cpp", "${signature_tools_hap}/utils/src/hap_utils.cpp", + "${signature_tools_hap}/utils/src/dynamic_lib_handle.cpp", "${signature_tools_hap}/sign/src/bc_pkcs7_generator.cpp", ] diff --git a/hapsigntool_cpp/hap/utils/include/dynamic_lib_handle.h b/hapsigntool_cpp/hap/utils/include/dynamic_lib_handle.h new file mode 100644 index 00000000..5400fbe0 --- /dev/null +++ b/hapsigntool_cpp/hap/utils/include/dynamic_lib_handle.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SIGNATRUETOOLS_DYNAMIC_LIB_HANDLE_H +#define SIGNATRUETOOLS_DYNAMIC_LIB_HANDLE_H + +#include + +#include "signature_tools_log.h" +#include "params.h" + +namespace OHOS { +namespace SignatureTools { +class DynamicLibHandle { +public: + static void* handle; + DynamicLibHandle() = default; + ~DynamicLibHandle(); +}; +} // namespace SignatureTools +} // namespace OHOS +#endif \ No newline at end of file diff --git a/hapsigntool_cpp/hap/utils/src/dynamic_lib_handle.cpp b/hapsigntool_cpp/hap/utils/src/dynamic_lib_handle.cpp new file mode 100644 index 00000000..cd90992b --- /dev/null +++ b/hapsigntool_cpp/hap/utils/src/dynamic_lib_handle.cpp @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2024-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + #include "dynamic_lib_handle.h" + +namespace OHOS { +namespace SignatureTools { +void* DynamicLibHandle::handle = nullptr; +DynamicLibHandle::~DynamicLibHandle() +{ + if (handle) { + if (dlclose(handle) != 0) { + SIGNATURE_TOOLS_LOGE("dlclose() %s", dlerror()); + } + } +} +} // namespace SignatureTools +} // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp/hap/verify/include/verify_hap.h b/hapsigntool_cpp/hap/verify/include/verify_hap.h index aafb3008..86d32a92 100644 --- a/hapsigntool_cpp/hap/verify/include/verify_hap.h +++ b/hapsigntool_cpp/hap/verify/include/verify_hap.h @@ -67,6 +67,7 @@ public: bool VerifyAppPkcs7(Pkcs7Context& pkcs7Context, const ByteBuffer& hapSignatureBlock); DLL_EXPORT bool GetDigestAndAlgorithm(Pkcs7Context& digest); + static bool PrintCertChainToCmd(std::vector& certChain); private: bool isPrintCert; diff --git a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp index 8e2c0707..27ed782c 100644 --- a/hapsigntool_cpp/hap/verify/src/verify_hap.cpp +++ b/hapsigntool_cpp/hap/verify/src/verify_hap.cpp @@ -31,7 +31,6 @@ #include "param_constants.h" #include "file_utils.h" #include "nlohmann/json.hpp" -#include "cert_tools.h" #include "verify_hap.h" using namespace nlohmann; @@ -117,7 +116,7 @@ bool VerifyHap::writeOptionalBytesToFile(const OptionalBlock& optionalBlock, con bool VerifyHap::HapOutPutCertChain(std::vector& certs, const std::string& outPutPath) { if (isPrintCert) { - if (!CertTools::PrintCertChainToCmd(certs)) { + if (!PrintCertChainToCmd(certs)) { SIGNATURE_TOOLS_LOGE("print cert chain to cmd failed\n"); return false; } @@ -140,6 +139,31 @@ bool VerifyHap::HapOutPutCertChain(std::vector& certs, const std::string& return true; } +bool VerifyHap::PrintCertChainToCmd(std::vector& certChain) +{ + BIO* outFd = BIO_new_fp(stdout, BIO_NOCLOSE); + if (!outFd) { + PrintErrorNumberMsg("IO_ERROR", IO_ERROR, "The stdout stream may have errors"); + return false; + } + uint64_t format = XN_FLAG_SEP_COMMA_PLUS; // Print according to RFC2253 + uint64_t content = X509_FLAG_NO_EXTENSIONS | X509_FLAG_NO_ATTRIBUTES | X509_FLAG_NO_HEADER | X509_FLAG_NO_SIGDUMP; + int num = 0; + for (auto& cert : certChain) { + PrintMsg("+++++++++++++++++++++++++++++++++certificate #" + std::to_string(num) + + "+++++++++++++++++++++++++++++++++++++"); + if (!X509_print_ex(outFd, cert, format, content)) { + VerifyHapOpensslUtils::GetOpensslErrorMessage(); + SIGNATURE_TOOLS_LOGE("print x509 cert to cmd failed"); + BIO_free(outFd); + return false; + } + ++num; + } + BIO_free(outFd); + return true; +} + int32_t VerifyHap::Verify(const std::string& filePath, Options* options) { SIGNATURE_TOOLS_LOGD("Start Verify"); diff --git a/hapsigntool_cpp/signer/include/signer_factory.h b/hapsigntool_cpp/signer/include/signer_factory.h index 01604bb8..f6ec29ac 100644 --- a/hapsigntool_cpp/signer/include/signer_factory.h +++ b/hapsigntool_cpp/signer/include/signer_factory.h @@ -20,7 +20,6 @@ #include "local_signer.h" #include "localization_adapter.h" #include "param_constants.h" -#include "remote_sign_provider.h" namespace OHOS { namespace SignatureTools { diff --git a/hapsigntool_cpp/signer/src/signer_factory.cpp b/hapsigntool_cpp/signer/src/signer_factory.cpp index eeedb350..e953bf8c 100644 --- a/hapsigntool_cpp/signer/src/signer_factory.cpp +++ b/hapsigntool_cpp/signer/src/signer_factory.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ #include "signer_factory.h" +#include "dynamic_lib_handle.h" namespace OHOS { namespace SignatureTools { @@ -51,8 +52,8 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada char* userPwd = adapter.GetOptions()->GetChars(ParamConstants::PARAM_REMOTE_USERPWD); // open so - RemoteSignProvider::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); - if (!RemoteSignProvider::handle) { + DynamicLibHandle::handle = dlopen(signerPlugin.c_str(), RTLD_NOW | RTLD_GLOBAL); + if (!DynamicLibHandle::handle) { PrintErrorNumberMsg("LoadRemoteSigner", RET_FAILED, dlerror()); return nullptr; } @@ -61,7 +62,7 @@ std::shared_ptr SignerFactory::LoadRemoteSigner(LocalizationAdapter& ada dlerror(); // get "Create" function - RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(RemoteSignProvider::handle, "Create"); + RemoteSignerCreator remoteSignerCreator = (RemoteSignerCreator)dlsym(DynamicLibHandle::handle, "Create"); char* error = nullptr; if ((error = dlerror()) != NULL) { SIGNATURE_TOOLS_LOGE("%s", error); diff --git a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h index 43ecccda..bbe552dd 100644 --- a/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h +++ b/hapsigntool_cpp/utils/include/verify_hap_openssl_utils.h @@ -31,15 +31,6 @@ namespace OHOS { namespace SignatureTools { -enum SignatureAlgorithm { - ALGORITHM_SHA256_WITH_ECDSA = 0x00000201, - ALGORITHM_SHA384_WITH_ECDSA, - ALGORITHM_SHA512_WITH_ECDSA, - ALGORITHM_SHA256_WITH_DSA = 0x00000301, - ALGORITHM_SHA384_WITH_DSA, - ALGORITHM_SHA512_WITH_DSA, -}; - class VerifyHapOpensslUtils { public: VerifyHapOpensslUtils() = delete; @@ -50,15 +41,6 @@ public: DLL_EXPORT static bool GetCrlStack(PKCS7* p7, STACK_OF(X509_CRL)* x509Crl); DLL_EXPORT static bool VerifyPkcs7(Pkcs7Context& pkcs7Context); - static int32_t GetDigest(const ByteBuffer& chunk, const std::vector& optionalBlocks, - const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static bool DigestInit(const DigestParameter& digestParameter); - static bool DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len); - static int32_t GetDigest(const DigestParameter& digestParameter, unsigned char(&out)[EVP_MAX_MD_SIZE]); - static int32_t GetDigestAlgorithmOutputSizeBytes(int32_t nId); - DLL_EXPORT static int32_t GetDigestAlgorithmId(int32_t signAlgorithm); - static std::string GetDigestAlgorithmString(int32_t signAlgorithm); static void GetOpensslErrorMessage(); private: @@ -70,8 +52,6 @@ private: static bool GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffer& content); static bool CheckPkcs7SignedDataIsValid(const PKCS7* p7); - static bool CheckDigestParameter(const DigestParameter& digestParameter); - static const int32_t OPENSSL_PKCS7_VERIFY_SUCCESS; static const int32_t OPENSSL_ERR_MESSAGE_MAX_LEN; static const int32_t OPENSSL_READ_DATA_MAX_TIME; diff --git a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp index c150e4fe..51bfad3f 100644 --- a/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp +++ b/hapsigntool_cpp/utils/src/hap_signer_block_utils.cpp @@ -24,7 +24,7 @@ #include "securec.h" #include "byte_buffer_data_source.h" #include "file_data_source.h" -#include "verify_hap_openssl_utils.h" +#include "digest_common.h" #include "signature_tools_log.h" #include "signature_tools_errno.h" @@ -453,7 +453,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( FileDataSource centralDir(hapFile, signInfo.hapCentralDirOffset, centralDirSize, 0); ByteBufferDataSource eocd(signInfo.hapEocd); DataSource* content[ZIP_BLOCKS_NUM_NEED_DIGEST] = {&contentsZip, ¢ralDir, &eocd}; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(digestInfo.digestAlgorithm); + int32_t nId = DigestCommon::GetDigestAlgorithmId(digestInfo.digestAlgorithm); DigestParameter digestParam = GetDigestParameter(nId); ByteBuffer chunkDigest; if (!ComputeDigestsForEachChunk(digestParam, content, ZIP_BLOCKS_NUM_NEED_DIGEST, chunkDigest)) { @@ -472,7 +472,7 @@ bool HapSignerBlockUtils::VerifyHapIntegrity( return false; } PrintMsg(std::string("Digest verify result: ") + "success" + ", DigestAlgorithm: " - + VerifyHapOpensslUtils::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); + + DigestCommon::GetDigestAlgorithmString(digestInfo.digestAlgorithm)); return true; } @@ -483,7 +483,7 @@ bool HapSignerBlockUtils::ComputeDigestsWithOptionalBlock(const DigestParameter& ByteBuffer& finalDigest) { unsigned char out[EVP_MAX_MD_SIZE]; - int32_t digestLen = VerifyHapOpensslUtils::GetDigest(chunkDigest, optionalBlocks, digestParam, out); + int32_t digestLen = DigestCommon::GetDigest(chunkDigest, optionalBlocks, digestParam, out); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed, outLen is not right, %u, %d", digestLen, digestParam.digestOutputSizeBytes); @@ -558,7 +558,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige return false; } - int32_t digestLen = VerifyHapOpensslUtils::GetDigest(digestParam, outBlock); + int32_t digestLen = DigestCommon::GetDigest(digestParam, outBlock); if (digestLen != digestParam.digestOutputSizeBytes) { SIGNATURE_TOOLS_LOGE("GetDigest failed len: %d digestSizeBytes: %d", digestLen, digestParam.digestOutputSizeBytes); @@ -575,7 +575,7 @@ bool HapSignerBlockUtils::ComputeDigestsForEachChunk(const DigestParameter& dige DigestParameter HapSignerBlockUtils::GetDigestParameter(int32_t nId) { DigestParameter digestParam; - digestParam.digestOutputSizeBytes = VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(nId); + digestParam.digestOutputSizeBytes = DigestCommon::GetDigestAlgorithmOutputSizeBytes(nId); digestParam.md = EVP_get_digestbynid(nId); digestParam.ctxPtr = EVP_MD_CTX_create(); EVP_MD_CTX_init(digestParam.ctxPtr); @@ -606,12 +606,12 @@ bool HapSignerBlockUtils::InitDigestPrefix(const DigestParameter& digestParam, return false; } - if (!VerifyHapOpensslUtils::DigestInit(digestParam)) { + if (!DigestCommon::DigestInit(digestParam)) { SIGNATURE_TOOLS_LOGE("DigestInit failed"); return false; } - if (!VerifyHapOpensslUtils::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { + if (!DigestCommon::DigestUpdate(digestParam, chunkContentPrefix, ZIP_CHUNK_DIGEST_PRIFIX_LEN)) { SIGNATURE_TOOLS_LOGE("DigestUpdate failed"); return false; } diff --git a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp index 3c99e2a1..4580a9d9 100644 --- a/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp +++ b/hapsigntool_cpp/utils/src/verify_hap_openssl_utils.cpp @@ -243,113 +243,6 @@ bool VerifyHapOpensslUtils::GetContentInfo(const PKCS7* p7ContentInfo, ByteBuffe return true; } -int32_t VerifyHapOpensslUtils::GetDigestAlgorithmOutputSizeBytes(int32_t nId) -{ - return EVP_MD_size(EVP_get_digestbynid(nId)); -} - -bool VerifyHapOpensslUtils::CheckDigestParameter(const DigestParameter& digestParameter) -{ - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullptr"); - return false; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullptr"); - return false; - } - return true; -} - -bool VerifyHapOpensslUtils::DigestInit(const DigestParameter& digestParameter) -{ - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return false; - } - return true; -} - -/* the caller must ensure that EVP_DigestInit was called before calling this function */ -bool VerifyHapOpensslUtils::DigestUpdate(const DigestParameter& digestParameter, - const unsigned char content[], int32_t len) -{ - if (content == nullptr) { - SIGNATURE_TOOLS_LOGE("content is nullptr"); - return false; - } - if (!CheckDigestParameter(digestParameter)) { - return false; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, content, len) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); - return false; - } - return true; -} - -int32_t VerifyHapOpensslUtils::GetDigest(const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - uint32_t outLen = 0; - if (!CheckDigestParameter(digestParameter)) { - return outLen; - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} - -int32_t VerifyHapOpensslUtils::GetDigest(const ByteBuffer& chunk, - const std::vector& optionalBlocks, - const DigestParameter& digestParameter, - unsigned char(&out)[EVP_MAX_MD_SIZE]) -{ - int32_t chunkLen = chunk.Remaining(); - uint32_t outLen = 0; - if (digestParameter.md == nullptr) { - SIGNATURE_TOOLS_LOGE("md is nullprt"); - return outLen; - } - if (digestParameter.ctxPtr == nullptr) { - SIGNATURE_TOOLS_LOGE("ptrCtx is nullprt"); - return outLen; - } - if (EVP_DigestInit(digestParameter.ctxPtr, digestParameter.md) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestInit failed"); - return outLen; - } - if (EVP_DigestUpdate(digestParameter.ctxPtr, chunk.GetBufferPtr(), chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate chunk failed"); - return outLen; - } - for (int32_t i = 0; i < static_cast(optionalBlocks.size()); i++) { - chunkLen = optionalBlocks[i].optionalBlockValue.GetCapacity(); - if (EVP_DigestUpdate(digestParameter.ctxPtr, optionalBlocks[i].optionalBlockValue.GetBufferPtr(), - chunkLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestUpdate %dst optional block failed", i); - return outLen; - } - } - if (EVP_DigestFinal(digestParameter.ctxPtr, out, &outLen) <= 0) { - GetOpensslErrorMessage(); - SIGNATURE_TOOLS_LOGE("EVP_DigestFinal failed"); - outLen = 0; - } - return outLen; -} - void VerifyHapOpensslUtils::GetOpensslErrorMessage() { unsigned long retOpenssl; @@ -359,38 +252,5 @@ void VerifyHapOpensslUtils::GetOpensslErrorMessage() SIGNATURE_TOOLS_LOGE("openssl err: %lu, message: %s", retOpenssl, errOpenssl); } } - -int32_t VerifyHapOpensslUtils::GetDigestAlgorithmId(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - case ALGORITHM_SHA256_WITH_DSA: - return NID_sha256; - case ALGORITHM_SHA384_WITH_ECDSA: - case ALGORITHM_SHA384_WITH_DSA: - return NID_sha384; - case ALGORITHM_SHA512_WITH_ECDSA: - case ALGORITHM_SHA512_WITH_DSA: - return NID_sha512; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return NID_undef; - } -} - -std::string VerifyHapOpensslUtils::GetDigestAlgorithmString(int32_t signAlgorithm) -{ - switch (signAlgorithm) { - case ALGORITHM_SHA256_WITH_ECDSA: - return "SHA-256"; - case ALGORITHM_SHA384_WITH_ECDSA: - return "SHA-384"; - case ALGORITHM_SHA512_WITH_ECDSA: - return "SHA-512"; - default: - SIGNATURE_TOOLS_LOGE("signAlgorithm: %d error", signAlgorithm); - return ""; - } -} } // namespace SignatureTools } // namespace OHOS \ No newline at end of file diff --git a/hapsigntool_cpp_test/BUILD.gn b/hapsigntool_cpp_test/BUILD.gn index 534957e5..ec4a9537 100644 --- a/hapsigntool_cpp_test/BUILD.gn +++ b/hapsigntool_cpp_test/BUILD.gn @@ -63,7 +63,6 @@ config("service_include") { ohos_source_set("service_target") { sources_obj = [ "${signature_tools_api}/src/sign_tool_service_impl.cpp", - "${signature_tools_api}/src/localization_adapter.cpp", "${signature_tools_api}/src/cert_tools.cpp", "${signature_tools_signer}/src/signer_factory.cpp", "${signature_tools_signer}/src/local_signer.cpp", diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp index a9cc2a4f..d175f075 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.cpp @@ -30,7 +30,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_001, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; - bool ret = VerifyHapOpensslUtils::DigestInit(parameter); + bool ret = DigestCommon::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -45,7 +45,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_002, testing::ext::TestSize SIGNATURE_TOOLS_LOGI("hello world !!!"); DigestParameter parameter; parameter.md = EVP_sha256(); - bool ret = VerifyHapOpensslUtils::DigestInit(parameter); + bool ret = DigestCommon::DigestInit(parameter); EXPECT_EQ(ret, false); } @@ -61,7 +61,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_003, testing::ext::TestSize parameter.md = EVP_sha256(); const unsigned char content[] = "123"; int32_t len = 5; - bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, content, len); + bool ret = DigestCommon::DigestUpdate(parameter, content, len); EXPECT_EQ(ret, false); } @@ -76,7 +76,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_004, testing::ext::TestSize DigestParameter parameter; parameter.md = EVP_sha256(); int32_t len = 5; - bool ret = VerifyHapOpensslUtils::DigestUpdate(parameter, nullptr, len); + bool ret = DigestCommon::DigestUpdate(parameter, nullptr, len); EXPECT_EQ(ret, false); } @@ -90,7 +90,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_005, testing::ext::TestSize { DigestParameter parameter; unsigned char dig[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(parameter, dig); + int32_t ret = DigestCommon::GetDigest(parameter, dig); EXPECT_EQ(ret, 0); } @@ -107,7 +107,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_006, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -127,7 +127,7 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize ByteBuffer chunk; std::vector optionalBlocks; unsigned char out[EVP_MAX_MD_SIZE]; - int32_t ret = VerifyHapOpensslUtils::GetDigest(chunk, optionalBlocks, parameter, out); + int32_t ret = DigestCommon::GetDigest(chunk, optionalBlocks, parameter, out); EXPECT_EQ(ret, 0); } @@ -139,9 +139,9 @@ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_007, testing::ext::TestSize */ HWTEST_F(HapOpensslUtilsTest, hap_openssl_utils_test_008, testing::ext::TestSize.Level1) { - int32_t digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); + int32_t digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA384_WITH_ECDSA); EXPECT_EQ(digId, NID_sha384); - digId = VerifyHapOpensslUtils::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); + digId = DigestCommon::GetDigestAlgorithmId(ALGORITHM_SHA512_WITH_ECDSA); EXPECT_EQ(digId, NID_sha512); } diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h index 0b460b76..d533d329 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_openssl_utils_test.h @@ -20,6 +20,7 @@ #include "sign_tool_service_impl.h" #include "signature_tools_log.h" #include "verify_hap_openssl_utils.h" +#include "digest_common.h" #include namespace OHOS { diff --git a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp index 617251aa..4ce7d54b 100644 --- a/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapSign/hap_sign_test.cpp @@ -20,6 +20,7 @@ #include "sign_tool_service_impl.h" #include "remote_sign_provider.h" #include "hap_sign_test.h" +#include "digest_common.h" #include namespace OHOS { @@ -543,7 +544,7 @@ HWTEST_F(HapSignTest, hap_sign_test_012, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); bool ret = SignHap::ComputeDigests(digestParam, contents, len, optionalBlocks, dig_context); @@ -1133,7 +1134,7 @@ HWTEST_F(HapSignTest, hap_sign_test_026, testing::ext::TestSize.Level1) ByteBuffer dig_context; SignatureAlgorithm algo = SignatureAlgorithm::ALGORITHM_SHA256_WITH_ECDSA; - int32_t nId = VerifyHapOpensslUtils::GetDigestAlgorithmId(algo); + int32_t nId = DigestCommon::GetDigestAlgorithmId(algo); DigestParameter digestParam = HapSignerBlockUtils::GetDigestParameter(nId); SignerConfig config; diff --git a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp index ee6e9b91..4a0b1494 100644 --- a/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp +++ b/hapsigntool_cpp_test/unittest/hapVerify/hap_verify_test.cpp @@ -34,6 +34,7 @@ #include "hap_utils.h" #include "cert_dn_utils.h" #include "signer_config.h" +#include "digest_common.h" using namespace testing::ext; @@ -899,15 +900,15 @@ HWTEST_F(VerifyHapTest, VerifyHapError018, TestSize.Level0) HWTEST_F(VerifyHapTest, VerifyHapError019, TestSize.Level0) { int32_t signAlgorithm = ALGORITHM_SHA256_WITH_ECDSA; - std::string ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + std::string ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA384_WITH_ECDSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_ECDSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); signAlgorithm = ALGORITHM_SHA512_WITH_DSA; - ret = VerifyHapOpensslUtils::GetDigestAlgorithmString(signAlgorithm); + ret = DigestCommon::GetDigestAlgorithmString(signAlgorithm); EXPECT_EQ(ret, ""); } -- Gitee