• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "pkcs7_generator.h"
17 
18 #include "errcode.h"
19 #include "log.h"
20 #include "openssl/asn1.h"
21 #include "openssl/evp.h"
22 #include "openssl/pem.h"
23 #include "openssl/x509.h"
24 #include "openssl_utils.h"
25 #include "pkcs7_data.h"
26 #include "securec.h"
27 
28 namespace OHOS {
29 namespace Security {
30 namespace CodeSign {
GenerateSignature(SignKey & key,const char * hashAlg,const ByteBuffer & contentData,ByteBuffer & out)31 int32_t PKCS7Generator::GenerateSignature(SignKey &key, const char *hashAlg,
32     const ByteBuffer &contentData, ByteBuffer &out)
33 {
34     LOG_INFO(LABEL, "GenerateSignature called.");
35     int32_t ret = CS_ERR_OPENSSL_PKCS7;
36     X509 *cert = nullptr;
37     do {
38         const ByteBuffer *certBuffer = key.GetSignCert();
39         if (certBuffer == nullptr) {
40             ret = CS_ERR_HUKS_OBTAIN_CERT;
41             break;
42         }
43         cert = LoadCertFromBuffer(certBuffer->GetBuffer(), certBuffer->GetSize());
44         if (cert == nullptr) {
45             ret = CS_ERR_OPENSSL_LOAD_CERT;
46             break;
47         }
48         const EVP_MD *md = EVP_get_digestbyname(hashAlg);
49         if (md == nullptr) {
50             break;
51         }
52         PKCS7Data pkcs7(md, cert);
53         if (!pkcs7.InitPKCS7Data(key.GetCarriedCerts())) {
54             break;
55         }
56         SignerInfo signerInfo;
57         if (!signerInfo.InitSignerInfo(cert, md, contentData)) {
58             break;
59         }
60         if (!pkcs7.AddSignerInfo(signerInfo.GetSignerInfo())) {
61             break;
62         }
63         ret = SignData(key, signerInfo);
64         if (ret != CS_SUCCESS) {
65             break;
66         }
67         if (!pkcs7.GetPKCS7Data(out)) {
68             ret = CS_ERR_OPENSSL_PKCS7;
69             break;
70         }
71         ret = CS_SUCCESS;
72     } while (0);
73     X509_free(cert);
74     if (ret != CS_SUCCESS) {
75         LOG_ERROR(LABEL, "Generate signature failed, ret = %{public}d", ret);
76     }
77     return ret;
78 }
79 
SignData(SignKey & key,SignerInfo & signerInfo)80 int32_t PKCS7Generator::SignData(SignKey &key, SignerInfo &signerInfo)
81 {
82     uint32_t dataSize = 0;
83     uint8_t *data = signerInfo.GetDataToSign(dataSize);
84     if (data == nullptr) {
85         return CS_ERR_OPENSSL_PKCS7;
86     }
87     ByteBuffer unsignedData;
88     if (!unsignedData.CopyFrom(data, dataSize)) {
89         return CS_ERR_MEMORY;
90     }
91     ByteBuffer rawSignature;
92     if (!key.Sign(unsignedData, rawSignature)) {
93         return CS_ERR_HUKS_SIGN;
94     }
95     if (!signerInfo.AddSignatureInSignerInfo(rawSignature)) {
96         return CS_ERR_OPENSSL_PKCS7;
97     }
98     return CS_SUCCESS;
99 }
100 }
101 }
102 }