diff --git a/README_zh.md b/README_zh.md index ef98166f84a0e65c9ce3a771da61a73e98f72429..191cfd874e5ebefeb854f443d0eeb22568aa98c8 100644 --- a/README_zh.md +++ b/README_zh.md @@ -14,6 +14,7 @@ - 代码签名使能:在用户态提供代码签名校验的相关接口和逻辑,供应用安装的时候调用,为应用和代码文件使能代码签名。 - 本地代码签名:在设备侧运行签名服务给本地代码提供签名接口,为AOT生成的机器码文件生成代码签名。 - 代码属性设置:支持代码所有者标记及校验,提供配置XPM验签地址区接口。 +- JIT(Just In Time)代码签名:使用代码签名技术来保护编译出的JIT代码的完整性,防止恶意代码被注入到JIT代码中。 ## 目录 @@ -24,7 +25,8 @@ │ ├── code_sign_attr_utils # 属性设置接口 │ ├── code_sign_utils # 使能接口 │ ├── common # 公共基础能力 -│ └── local_code_sign # 本地签名接口 +│ ├── jit_code_sign # JIT代码签名 +│ └── local_code_sign # 本地签名 ├── services # 服务层 │ ├── key_enable # 证书初始化 │ └── local_code_sign # 本地签名服务 @@ -51,6 +53,16 @@ | int32_t SignLocalCode(const std::string &ownerID, const std::string &filePath, ByteBuffer &signature); | 带OwnerId的本地代码签名 | | int InitXpmRegion(void); | 初始化XPM地址 | | int SetXpmOwnerId(uint32_t idType, const char *ownerId); | 设置OwnerId | +| int32_t RegisterTmpBuffer(JitCodeSignerBase *signer, void *tmpBuffer); | 注册临时Buffer起始地址 | +| int32_t AppendInstruction(JitCodeSignerBase *signer, Instr instr); | 对添加到临时Buffer的指令签名 | +| int32_t AppendData(JitCodeSignerBase *signer, const void *const data, uint32_t size); | 对添加到临时Buffer的数据签名 | +| int32_t WillFixUp(JitCodeSignerBase *signer, uint32_t n = 1); | 声明下n条指令待更新 | +| int32_t PatchInstruction(JitCodeSignerBase *signer, int offset, Instr instr); | 更新缓冲区的偏移处指令签名 | +| int32_t PatchInstruction(JitCodeSignerBase *signer, void *address, Instr insn); | 更新对应地址指令签名 | +| int32_t PatchData(JitCodeSignerBase *signer, int offset, const void *const data, uint32_t size); | 更新缓冲区偏移处数据签名 | +| int32_t PatchData(JitCodeSignerBase *signer, void *address, const void *const data, uint32_t size); | 更新对应地址数据签名 | +| int32_t ResetJitCode(void *jitMemory, int size); | 重置JIT内存 | +| int32_t CopyToJitCode(JitCodeSignerBase *signer, void *jitMemory, void *tmpBuffer, int size); | 将JIT代码复制到JIT内存 | ### 签名工具使用指南 diff --git a/figures/codesign.png b/figures/codesign.png index 8a494cb95ef899f5680a596a9ca8249a924357c6..65cd5f970b6669f8d5e4687bf08b84580d7a70ad 100644 Binary files a/figures/codesign.png and b/figures/codesign.png differ diff --git a/interfaces/innerkits/jit_code_sign/include/pac_sign_ctx.h b/interfaces/innerkits/jit_code_sign/include/pac_sign_ctx.h index 57be18d87fee3956391f9f8cb9dc2820bcd9609f..914dc3429481f9296b2ab6eb1673c639ce6bc47e 100644 --- a/interfaces/innerkits/jit_code_sign/include/pac_sign_ctx.h +++ b/interfaces/innerkits/jit_code_sign/include/pac_sign_ctx.h @@ -40,7 +40,6 @@ public: void Init(int index); void InitSalt(); uint32_t Update(uint32_t value); - void Finalize(); uint32_t SignSingle(uint32_t value, uint32_t index); void SetIndex(uint32_t index); uint32_t GetSalt(); diff --git a/interfaces/innerkits/jit_code_sign/src/pac_sign_ctx.cpp b/interfaces/innerkits/jit_code_sign/src/pac_sign_ctx.cpp index 863a03a2ca391e3fbf93f9789e7364fe5c7b12e2..ef86c14aa21f929dad10a0d0d1d103209edc985c 100644 --- a/interfaces/innerkits/jit_code_sign/src/pac_sign_ctx.cpp +++ b/interfaces/innerkits/jit_code_sign/src/pac_sign_ctx.cpp @@ -151,13 +151,6 @@ uint32_t PACSignCtx::Update(uint32_t value) return signature; } -void PACSignCtx::Finalize() -{ - if (purpose_ == CTXPurpose::SIGN) { - (void) GetRealContext(); - } -} - uint32_t PACSignCtx::SignSingle(uint32_t value, uint32_t index) { uint64_t paddingContext = PaddingContext(SIGN_WITHOUT_CONTEXT, index); diff --git a/test/unittest/jit_code_sign_test.cpp b/test/unittest/jit_code_sign_test.cpp index 2b60e475449d4f33b72492424d212e9736492b89..69d25aa59eb689fca845837a9498501fd195c7c6 100644 --- a/test/unittest/jit_code_sign_test.cpp +++ b/test/unittest/jit_code_sign_test.cpp @@ -24,6 +24,7 @@ #include #include "errcode.h" +#include "jit_code_signer_factory.h" #include "jit_buffer_integrity.h" #include "pac_sign_ctx.h" @@ -121,6 +122,7 @@ public: static void SetUpTestCase() { + EXPECT_EQ(JitCodeSignerFactory::IsSupportJitCodeSigner(), true); JitFortPrepare(); AllocJitMemory(); };