1 /* 2 * Copyright (c) 2024-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef SIGNATURETOOLS_CODE_SIGNING_H 16 #define SIGNATURETOOLS_CODE_SIGNING_H 17 18 #include <vector> 19 #include <string> 20 #include <contrib/minizip/unzip.h> 21 #include <mutex> 22 23 #include "securec.h" 24 #include "thread_pool.h" 25 #include "hap_utils.h" 26 #include "zip_signer.h" 27 #include "file_utils.h" 28 #include "local_signer.h" 29 #include "signer_config.h" 30 #include "signature_tools_log.h" 31 #include "fs_verity_generator.h" 32 #include "merkle_tree_extension.h" 33 #include "bc_signeddata_generator.h" 34 #include "unzip_handle_param.h" 35 #include "code_sign_block.h" 36 37 namespace OHOS { 38 namespace SignatureTools { 39 class CodeSigning { 40 public: 41 static const std::vector<std::string> SUPPORT_FILE_FORM; 42 static const std::string HAP_SIGNATURE_ENTRY_NAME; 43 static const std::string ENABLE_SIGN_CODE_VALUE; 44 static const std::string LIBS_PATH_PREFIX; 45 CodeSigning(SignerConfig* signConfig); 46 CodeSigning(); 47 48 bool SignFile(std::istream& inputStream, 49 int64_t fileSize, bool storeTree, 50 int64_t fsvTreeOffset, const std::string &ownerID, 51 std::pair<SignInfo, std::vector<int8_t>>& ret); 52 bool GetCodeSignBlock(const std::string &input, int64_t offset, 53 const std::string &inForm, const std::string &profileContent, 54 ZipSigner& zip, std::vector<int8_t>& ret); 55 bool GetElfCodeSignBlock(const std::string &input, int64_t offset, 56 const std::string &inForm, const std::string &profileContent, 57 std::vector<int8_t> &codesignData); 58 59 public: 60 static bool IsNativeFile(const std::string& input); 61 int64_t ComputeDataSize(ZipSigner& zip); 62 int64_t GetTimestamp(); 63 bool SignNativeLibs(const std::string &input, std::string &ownerID); 64 void UpdateCodeSignBlock(); 65 bool GetNativeEntriesFromHap(const std::string& packageName, UnzipHandleParam& param); 66 bool GetSingleFileStreamFromZip(unzFile& zFile, char fileName[], 67 unz_file_info& zFileInfo, 68 int& readFileSize, std::stringbuf& sb); 69 bool RunParseZipInfo(const std::string& packageName, UnzipHandleParam& param, uLong index); 70 bool GenerateSignature(const std::vector<int8_t>& signedData, const std::string&, 71 std::vector<int8_t>&); 72 int64_t m_timestamp = 0; 73 std::vector<std::string> m_extractedNativeLibSuffixs; 74 SignerConfig* m_signConfig; 75 CodeSignBlock m_codeSignBlock; 76 std::mutex m_mutex; 77 78 private: 79 static bool CheckUnzParam(unzFile& zFile, unz_file_info& zFileInfo, char fileName[], size_t* nameLen); 80 static bool CheckFileName(char fileName[], size_t* nameLen); 81 bool HandleZipGlobalInfo(const std::string& packageName, unzFile& zFile, 82 unz_global_info& zGlobalInfo, UnzipHandleParam& param); 83 bool DoNativeLibVerify(std::string fileName, std::stringbuf& sb, 84 UnzipHandleParam& param, int readFileSize); 85 bool DoNativeLibSignOrVerify(std::string fileName, std::stringbuf& sb, 86 UnzipHandleParam& param, int readFileSize); 87 static constexpr int MAX_PROCESSORS = 32; 88 const int POOL_SIZE = std::min(MAX_PROCESSORS, static_cast<int>(std::thread::hardware_concurrency())); 89 std::shared_ptr<Uscript::ThreadPool> mPools; 90 }; 91 } // namespace SignatureTools 92 } // namespace OHOS 93 #endif // SIGNATURETOOLS_CODE_SIGNING_H