fix: resolve audit findings for group security and parser checks

- align curve security checks with OpenSSL semantics
- switch TLS 1.2 ServerKeyExchange named group validation to CURVE_CHECK
- extend peer EC sign scheme verification for ServerKeyExchange and CertificateVerify
- add CURVE_CHECK for ECDSA certificate curve validation
- tighten TLS 1.3 server key_share candidate filtering
- add frame-based regression coverage for curve security checks

Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1380

Signed-off-by: Dongjianwei001 <dongjianwei1@huawei.com>
This commit is contained in:
pi_ixeL
2026-05-14 22:34:17 +08:00
committed by Dongjianwei001
parent ee9c094ad4
commit 3ac94d7f4e
19 changed files with 717 additions and 30 deletions
@@ -42,6 +42,7 @@
#include "uio_base.h"
#include "hs.h"
#include "stub_crypt.h"
#include "hitls_security.h"
/* END_HEADER */
/* ============================================================================
@@ -49,6 +50,20 @@
* ============================================================================ */
STUB_DEFINE_RET1(int32_t, HS_DoHandshake, TLS_Ctx *);
static int32_t TestSecurityCbRejectP256CurveCheckTls12(const HITLS_Ctx *ctx, const HITLS_Config *config, int32_t option,
int32_t bits, int32_t id, void *other, void *exData)
{
(void)ctx;
(void)config;
(void)bits;
(void)exData;
(void)id;
if (option == HITLS_SECURITY_SECOP_CURVE_CHECK && other != NULL &&
*(uint16_t *)other == HITLS_EC_GROUP_SECP256R1) {
return 0;
}
return 1;
}
/* @
* @test UT_TLS_TLS12_RFC5246_CONSISTENCY_RECV_ZEROLENGTH_MSG_TC001
@@ -3542,6 +3557,217 @@ EXIT:
}
/* END_CASE */
/* @
* @test UT_TLS_TLS12_SERVER_KEY_EXCHANGE_GROUP_FILTER_FUNC_TC001
* @title TLS 1.2 client rejects a configured but low-security ECDHE group with illegal_parameter
* @precon nan
* @brief 1. Configure both peers with secp256r1 and secp384r1 and stop the client at TRY_RECV_SERVER_KEY_EXCHANGE.
* 2. Replace the received namedcurve with secp256r1 and raise the client security level to 4.
* 3. Continue the client handshake.
* @expect 1. HITLS_Connect returns HITLS_MSG_HANDLE_UNSUPPORT_NAMED_CURVE.
* 2. The client sends ALERT_ILLEGAL_PARAMETER.
@ */
/* BEGIN_CASE */
void UT_TLS_TLS12_SERVER_KEY_EXCHANGE_GROUP_FILTER_FUNC_TC001(void)
{
HITLS_Config *clientConfig = NULL;
HITLS_Config *serverConfig = NULL;
FRAME_LinkObj *client = NULL;
FRAME_LinkObj *server = NULL;
FRAME_Msg frameMsg = {0};
FRAME_Type frameType = {0};
FRAME_CertInfo certInfo = {
"ecdsa/ca-nist521.der:ecdsa/inter-nist521.der",
"ecdsa/inter-nist521.der",
"ecdsa/end384-sha384.der",
0,
"ecdsa/end384-sha384.key.der",
0,
};
FRAME_Init();
clientConfig = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(clientConfig != NULL);
serverConfig = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(serverConfig != NULL);
uint16_t cipherSuite[] = {HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
uint16_t groups[] = {HITLS_EC_GROUP_SECP256R1, HITLS_EC_GROUP_SECP384R1};
uint16_t signAlgs[] = {CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384};
ASSERT_EQ(HITLS_CFG_SetCipherSuites(clientConfig, cipherSuite, sizeof(cipherSuite) / sizeof(uint16_t)),
HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetCipherSuites(serverConfig, cipherSuite, sizeof(cipherSuite) / sizeof(uint16_t)),
HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetGroups(clientConfig, groups, sizeof(groups) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetGroups(serverConfig, groups, sizeof(groups) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetSignature(clientConfig, signAlgs, sizeof(signAlgs) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetSignature(serverConfig, signAlgs, sizeof(signAlgs) / sizeof(uint16_t)), HITLS_SUCCESS);
client = FRAME_CreateLinkWithCert(clientConfig, BSL_UIO_TCP, &certInfo);
ASSERT_TRUE(client != NULL);
server = FRAME_CreateLinkWithCert(serverConfig, BSL_UIO_TCP, &certInfo);
ASSERT_TRUE(server != NULL);
ASSERT_TRUE(FRAME_CreateConnection(client, server, true, TRY_RECV_SERVER_KEY_EXCHANGE) == HITLS_SUCCESS);
ASSERT_EQ(client->ssl->hsCtx->state, TRY_RECV_SERVER_KEY_EXCHANGE);
FrameUioUserData *ioUserData = BSL_UIO_GetUserData(client->io);
uint8_t *recvBuf = ioUserData->recMsg.msg;
uint32_t recvLen = ioUserData->recMsg.len;
ASSERT_TRUE(recvLen != 0);
uint32_t parseLen = 0;
frameType.versionType = HITLS_VERSION_TLS12;
frameType.recordType = REC_TYPE_HANDSHAKE;
frameType.handshakeType = SERVER_KEY_EXCHANGE;
frameType.keyExType = HITLS_KEY_EXCH_ECDHE;
ASSERT_TRUE(FRAME_ParseMsg(&frameType, recvBuf, recvLen, &frameMsg, &parseLen) == HITLS_SUCCESS);
FRAME_ServerKeyExchangeMsg *serverMsg = &frameMsg.body.hsMsg.body.serverKeyExchange;
serverMsg->keyEx.ecdh.namedcurve.state = ASSIGNED_FIELD;
serverMsg->keyEx.ecdh.namedcurve.data = HITLS_EC_GROUP_SECP256R1;
uint32_t sendLen = MAX_RECORD_LENTH;
uint8_t sendBuf[MAX_RECORD_LENTH] = {0};
ASSERT_TRUE(FRAME_PackMsg(&frameType, &frameMsg, sendBuf, sendLen, &sendLen) == HITLS_SUCCESS);
ioUserData->recMsg.len = 0;
ASSERT_TRUE(FRAME_TransportRecMsg(client->io, sendBuf, sendLen) == HITLS_SUCCESS);
ASSERT_EQ(HITLS_SetSecurityLevel(client->ssl, HITLS_SECURITY_LEVEL_FOUR), HITLS_SUCCESS);
ASSERT_EQ(HITLS_Connect(client->ssl), HITLS_MSG_HANDLE_UNSUPPORT_NAMED_CURVE);
ALERT_Info alertInfo = {0};
ALERT_GetInfo(client->ssl, &alertInfo);
ASSERT_EQ(alertInfo.flag, ALERT_FLAG_SEND);
ASSERT_EQ(alertInfo.level, ALERT_LEVEL_FATAL);
ASSERT_EQ(alertInfo.description, ALERT_ILLEGAL_PARAMETER);
EXIT:
FRAME_CleanMsg(&frameType, &frameMsg);
HITLS_CFG_FreeConfig(clientConfig);
HITLS_CFG_FreeConfig(serverConfig);
FRAME_FreeLink(client);
FRAME_FreeLink(server);
}
/* END_CASE */
/* @
* @test UT_TLS_TLS12_CURVECHECK_SHARED_GROUP_SELECTION_FUNC_TC001
* @title TLS 1.2 server-side CURVE_CHECK callback does not affect shared-group selection
* @precon nan
* @brief 1. Configure both peers with secp256r1 and an ECDHE_ECDSA cipher suite signed by a P-384 certificate.
* 2. Install a server-side security callback that rejects secp256r1 for CURVE_CHECK.
* 3. Drive the handshake until the client is ready to receive ServerKeyExchange.
* @expect 1. The handshake reaches TRY_RECV_SERVER_KEY_EXCHANGE.
* 2. The negotiated ECDHE group remains secp256r1.
@ */
/* BEGIN_CASE */
void UT_TLS_TLS12_CURVECHECK_SHARED_GROUP_SELECTION_FUNC_TC001(void)
{
HITLS_Config *clientConfig = NULL;
HITLS_Config *serverConfig = NULL;
FRAME_LinkObj *client = NULL;
FRAME_LinkObj *server = NULL;
FRAME_Msg frameMsg = {0};
FRAME_Type frameType = {0};
FRAME_CertInfo certInfo = {
"ecdsa/ca-nist521.der:ecdsa/inter-nist521.der",
"ecdsa/inter-nist521.der",
"ecdsa/end384-sha384.der",
0,
"ecdsa/end384-sha384.key.der",
0,
};
FRAME_Init();
clientConfig = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(clientConfig != NULL);
serverConfig = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(serverConfig != NULL);
uint16_t cipherSuite[] = {HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
uint16_t clientGroups[] = {HITLS_EC_GROUP_SECP256R1, HITLS_EC_GROUP_SECP384R1};
uint16_t serverGroups[] = {HITLS_EC_GROUP_SECP256R1};
uint16_t signAlgs[] = {CERT_SIG_SCHEME_ECDSA_SECP384R1_SHA384};
ASSERT_EQ(HITLS_CFG_SetCipherSuites(clientConfig, cipherSuite, sizeof(cipherSuite) / sizeof(uint16_t)),
HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetCipherSuites(serverConfig, cipherSuite, sizeof(cipherSuite) / sizeof(uint16_t)),
HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetGroups(clientConfig, clientGroups, sizeof(clientGroups) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetGroups(serverConfig, serverGroups, sizeof(serverGroups) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetSignature(clientConfig, signAlgs, sizeof(signAlgs) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetSignature(serverConfig, signAlgs, sizeof(signAlgs) / sizeof(uint16_t)), HITLS_SUCCESS);
client = FRAME_CreateLinkWithCert(clientConfig, BSL_UIO_TCP, &certInfo);
ASSERT_TRUE(client != NULL);
server = FRAME_CreateLinkWithCert(serverConfig, BSL_UIO_TCP, &certInfo);
ASSERT_TRUE(server != NULL);
ASSERT_EQ(HITLS_SetSecurityCb(server->ssl, TestSecurityCbRejectP256CurveCheckTls12), HITLS_SUCCESS);
ASSERT_EQ(FRAME_CreateConnection(client, server, true, TRY_RECV_SERVER_KEY_EXCHANGE), HITLS_SUCCESS);
ASSERT_EQ(client->ssl->hsCtx->state, TRY_RECV_SERVER_KEY_EXCHANGE);
ASSERT_EQ(server->ssl->negotiatedInfo.negotiatedGroup, HITLS_EC_GROUP_SECP256R1);
FrameUioUserData *ioUserData = BSL_UIO_GetUserData(client->io);
uint8_t *recvBuf = ioUserData->recMsg.msg;
uint32_t recvLen = ioUserData->recMsg.len;
uint32_t parseLen = 0;
frameType.versionType = HITLS_VERSION_TLS12;
frameType.recordType = REC_TYPE_HANDSHAKE;
frameType.handshakeType = SERVER_KEY_EXCHANGE;
frameType.keyExType = HITLS_KEY_EXCH_ECDHE;
ASSERT_TRUE(FRAME_ParseMsg(&frameType, recvBuf, recvLen, &frameMsg, &parseLen) == HITLS_SUCCESS);
ASSERT_EQ(frameMsg.body.hsMsg.body.serverKeyExchange.keyEx.ecdh.namedcurve.data, HITLS_EC_GROUP_SECP256R1);
EXIT:
FRAME_CleanMsg(&frameType, &frameMsg);
HITLS_CFG_FreeConfig(clientConfig);
HITLS_CFG_FreeConfig(serverConfig);
FRAME_FreeLink(client);
FRAME_FreeLink(server);
}
/* END_CASE */
/** @
* @test UT_TLS_TLS12_SUPPORTED_GROUPS_FILTER_FUNC_TC001
* @title TLS 1.2 client filters all supported_groups by security level and sends an alert
* @precon nan
* @brief 1. Configure a TLS 1.2 client with only secp256r1 and ECDHE_ECDSA cipher suite.
* 2. Raise the client security level to 4 before starting the handshake.
* 3. Call HITLS_Connect on the client.
* @expect 1. HITLS_Connect returns HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP.
* 2. The client sends an alert.
@ */
/* BEGIN_CASE */
void UT_TLS_TLS12_SUPPORTED_GROUPS_FILTER_FUNC_TC001(void)
{
HITLS_Config *config = NULL;
FRAME_LinkObj *client = NULL;
ALERT_Info alertInfo = {0};
FRAME_Init();
config = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(config != NULL);
uint16_t cipherSuite[] = {HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
uint16_t groups[] = {HITLS_EC_GROUP_SECP256R1};
ASSERT_EQ(HITLS_CFG_SetCipherSuites(config, cipherSuite, sizeof(cipherSuite) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetGroups(config, groups, sizeof(groups) / sizeof(uint16_t)), HITLS_SUCCESS);
client = FRAME_CreateLink(config, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
ASSERT_EQ(HITLS_SetSecurityLevel(client->ssl, HITLS_SECURITY_LEVEL_FOUR), HITLS_SUCCESS);
ASSERT_EQ(HITLS_Connect(client->ssl), HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP);
ALERT_GetInfo(client->ssl, &alertInfo);
ASSERT_EQ(alertInfo.flag, ALERT_FLAG_SEND);
EXIT:
HITLS_CFG_FreeConfig(config);
FRAME_FreeLink(client);
}
/* END_CASE */
/* @
* @test UT_TLS_TLS12_RFC5246_CONSISTENCY_RECODE_VERSION_TC001
* @title server can receive any version field in the recordheader of the client hello.
@@ -231,3 +231,12 @@ UT_TLS_TLS1_2_RFC5246_CLIENT_PSK_FUNC_TC001:
UT_TLS_TLS1_2_RFC5246_CLIENT_PSK_FUNC_TC002
UT_TLS_TLS1_2_RFC5246_CLIENT_PSK_FUNC_TC002:
UT_TLS_TLS12_SERVER_KEY_EXCHANGE_GROUP_FILTER_FUNC_TC001
UT_TLS_TLS12_SERVER_KEY_EXCHANGE_GROUP_FILTER_FUNC_TC001:
UT_TLS_TLS12_CURVECHECK_SHARED_GROUP_SELECTION_FUNC_TC001
UT_TLS_TLS12_CURVECHECK_SHARED_GROUP_SELECTION_FUNC_TC001:
UT_TLS_TLS12_SUPPORTED_GROUPS_FILTER_FUNC_TC001
UT_TLS_TLS12_SUPPORTED_GROUPS_FILTER_FUNC_TC001:
@@ -47,12 +47,29 @@
#include "hs_kx.h"
#include "bsl_log.h"
#include "cert_callback.h"
#include "hitls_security.h"
/* END_HEADER */
/* ============================================================================
* Stub Definitions
* ============================================================================ */
STUB_DEFINE_RET5(int32_t, CompareBinder, TLS_Ctx *, const PreSharedKey *, uint8_t *, uint32_t, uint32_t);
STUB_DEFINE_RET5(int32_t, SECURITY_SslCheck, const HITLS_Ctx *, int32_t, int32_t, int32_t, void *);
static int32_t TestSecurityCbRejectP384CurveSupported(const HITLS_Ctx *ctx, const HITLS_Config *config, int32_t option,
int32_t bits, int32_t id, void *other, void *exData)
{
(void)ctx;
(void)config;
(void)bits;
(void)exData;
(void)id;
if (option == HITLS_SECURITY_SECOP_CURVE_SUPPORTED && other != NULL &&
*(uint16_t *)other == HITLS_EC_GROUP_SECP384R1) {
return 0;
}
return 1;
}
#define PORT 23456
@@ -601,7 +618,6 @@ void UT_TLS_TLS13_CONSISTENCY_RFC8446_REQUEST_CLIENT_HELLO_FUNC_TC001()
ASSERT_TRUE(client != NULL);
server = FRAME_CreateLink(serverconfig, BSL_UIO_TCP);
ASSERT_TRUE(server != NULL);
ASSERT_TRUE(HITLS_Connect(client->ssl) == HITLS_REC_NORMAL_RECV_BUF_EMPTY);
ASSERT_TRUE(FRAME_TrasferMsgBetweenLink(client, server) == HITLS_SUCCESS);
ASSERT_TRUE(HITLS_Accept(server->ssl) == HITLS_REC_NORMAL_IO_BUSY);
@@ -632,8 +648,6 @@ void UT_TLS_TLS13_CONSISTENCY_RFC8446_REQUEST_CLIENT_HELLO_FUNC_TC001()
// Continue to establish the connection.
ASSERT_EQ(FRAME_CreateConnection(client, server, true, HS_STATE_BUTT), HITLS_SUCCESS);
ASSERT_TRUE(TestIsErrStackEmpty());
EXIT:
FRAME_CleanMsg(&frameType, &frameMsg);
HITLS_CFG_FreeConfig(clientconfig);
@@ -916,6 +930,166 @@ EXIT:
}
/* END_CASE */
/** @
* @test UT_TLS_TLS13_HRR_SELECTED_GROUP_FILTER_FUNC_TC001
* @title TLS 1.3 client rejects an HRR selected_group that fails CURVE_SUPPORTED
* @precon nan
* @brief 1. Configure client groups as secp256r1 and secp384r1, and server group as secp384r1.
* 2. Let the server send HelloRetryRequest for secp384r1 and install a client callback rejecting that group.
* 3. Continue the client handshake.
* @expect 1. HITLS_Connect returns HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP.
* 2. The client sends ALERT_ILLEGAL_PARAMETER.
@ */
/* BEGIN_CASE */
void UT_TLS_TLS13_HRR_SELECTED_GROUP_FILTER_FUNC_TC001()
{
FRAME_Init();
FRAME_LinkObj *client = NULL;
FRAME_LinkObj *server = NULL;
HITLS_Config *clientconfig = NULL;
HITLS_Config *serverconfig = NULL;
clientconfig = HITLS_CFG_NewTLS13Config();
ASSERT_TRUE(clientconfig != NULL);
serverconfig = HITLS_CFG_NewTLS13Config();
ASSERT_TRUE(serverconfig != NULL);
uint16_t clientgroups[] = {HITLS_EC_GROUP_SECP256R1, HITLS_EC_GROUP_SECP384R1};
uint16_t servergroups[] = {HITLS_EC_GROUP_SECP384R1};
ASSERT_EQ(HITLS_CFG_SetGroups(clientconfig, clientgroups, sizeof(clientgroups) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetGroups(serverconfig, servergroups, sizeof(servergroups) / sizeof(uint16_t)), HITLS_SUCCESS);
client = FRAME_CreateLink(clientconfig, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
server = FRAME_CreateLink(serverconfig, BSL_UIO_TCP);
ASSERT_TRUE(server != NULL);
ASSERT_TRUE(HITLS_Connect(client->ssl) == HITLS_REC_NORMAL_RECV_BUF_EMPTY);
ASSERT_TRUE(FRAME_TrasferMsgBetweenLink(client, server) == HITLS_SUCCESS);
ASSERT_TRUE(HITLS_Accept(server->ssl) == HITLS_REC_NORMAL_IO_BUSY);
ASSERT_TRUE(FRAME_TrasferMsgBetweenLink(server, client) == HITLS_SUCCESS);
ASSERT_EQ(HITLS_SetSecurityCb(client->ssl, TestSecurityCbRejectP384CurveSupported), HITLS_SUCCESS);
ASSERT_EQ(HITLS_Connect(client->ssl), HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP);
ALERT_Info alertInfo = {0};
ALERT_GetInfo(client->ssl, &alertInfo);
ASSERT_EQ(alertInfo.flag, ALERT_FLAG_SEND);
ASSERT_EQ(alertInfo.level, ALERT_LEVEL_FATAL);
ASSERT_EQ(alertInfo.description, ALERT_ILLEGAL_PARAMETER);
EXIT:
HITLS_CFG_FreeConfig(clientconfig);
HITLS_CFG_FreeConfig(serverconfig);
FRAME_FreeLink(client);
FRAME_FreeLink(server);
}
/* END_CASE */
/** @
* @test UT_TLS_TLS13_KEYSHARE_ALL_GROUPS_FILTER_FUNC_TC001
* @title TLS 1.3 client filters the initial key_share group by security level and sends an alert
* @precon nan
* @brief 1. Configure a TLS 1.3 client with only secp256r1.
* 2. Raise the client security level to 4 before starting the handshake.
* 3. Call HITLS_Connect on the client.
* @expect 1. HITLS_Connect returns HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP.
* 2. The client sends an alert.
@ */
/* BEGIN_CASE */
void UT_TLS_TLS13_KEYSHARE_ALL_GROUPS_FILTER_FUNC_TC001()
{
HITLS_Config *config = NULL;
FRAME_LinkObj *client = NULL;
ALERT_Info alertInfo = {0};
FRAME_Init();
config = HITLS_CFG_NewTLS13Config();
ASSERT_TRUE(config != NULL);
uint16_t groups[] = {HITLS_EC_GROUP_SECP256R1};
ASSERT_EQ(HITLS_CFG_SetGroups(config, groups, sizeof(groups) / sizeof(uint16_t)), HITLS_SUCCESS);
client = FRAME_CreateLink(config, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
ASSERT_EQ(HITLS_SetSecurityLevel(client->ssl, HITLS_SECURITY_LEVEL_FOUR), HITLS_SUCCESS);
ASSERT_EQ(HITLS_Connect(client->ssl), HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP);
ALERT_GetInfo(client->ssl, &alertInfo);
ASSERT_EQ(alertInfo.flag, ALERT_FLAG_SEND);
EXIT:
HITLS_CFG_FreeConfig(config);
FRAME_FreeLink(client);
}
/* END_CASE */
/** @
* @test UT_TLS_TLS13_KEYSHARE_PARTIAL_FILTER_FUNC_TC001
* @title TLS 1.3 client sends only the remaining supported groups and keyshares after CURVE_SUPPORTED filtering
* @precon nan
* @brief 1. Configure the client keyshare list as secp256r1 and secp384r1, and the server group as secp384r1.
* 2. Raise the client security level to 4 before sending ClientHello.
* 3. Stop the server after receiving ClientHello and inspect the filtered extensions.
* @expect 1. ClientHello contains only secp384r1 in key_share and supported_groups.
@ */
/* BEGIN_CASE */
void UT_TLS_TLS13_KEYSHARE_PARTIAL_FILTER_FUNC_TC001()
{
FRAME_Init();
FRAME_LinkObj *client = NULL;
FRAME_LinkObj *server = NULL;
HITLS_Config *clientconfig = NULL;
HITLS_Config *serverconfig = NULL;
FRAME_Msg frameMsg = {0};
FRAME_Type frameType = {0};
clientconfig = HITLS_CFG_NewTLS13Config();
ASSERT_TRUE(clientconfig != NULL);
serverconfig = HITLS_CFG_NewTLS13Config();
ASSERT_TRUE(serverconfig != NULL);
uint16_t clientgroups[] = {HITLS_EC_GROUP_SECP256R1, HITLS_EC_GROUP_SECP384R1};
uint16_t servergroups[] = {HITLS_EC_GROUP_SECP384R1};
ASSERT_EQ(HITLS_CFG_SetGroups(clientconfig, clientgroups, sizeof(clientgroups) / sizeof(uint16_t)), HITLS_SUCCESS);
ASSERT_EQ(HITLS_CFG_SetGroups(serverconfig, servergroups, sizeof(servergroups) / sizeof(uint16_t)), HITLS_SUCCESS);
client = FRAME_CreateLink(clientconfig, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
server = FRAME_CreateLink(serverconfig, BSL_UIO_TCP);
ASSERT_TRUE(server != NULL);
ASSERT_EQ(HITLS_SetSecurityLevel(client->ssl, HITLS_SECURITY_LEVEL_FOUR), HITLS_SUCCESS);
ASSERT_EQ(FRAME_CreateConnection(client, server, false, TRY_RECV_CLIENT_HELLO), HITLS_SUCCESS);
FrameUioUserData *ioUserData = BSL_UIO_GetUserData(server->io);
uint8_t *recvBuf = ioUserData->recMsg.msg;
uint32_t recvLen = ioUserData->recMsg.len;
ASSERT_TRUE(recvLen != 0);
uint32_t parseLen = 0;
frameType.versionType = HITLS_VERSION_TLS13;
frameType.recordType = REC_TYPE_HANDSHAKE;
frameType.handshakeType = CLIENT_HELLO;
frameType.keyExType = HITLS_KEY_EXCH_ECDHE;
ASSERT_TRUE(FRAME_ParseMsg(&frameType, recvBuf, recvLen, &frameMsg, &parseLen) == HITLS_SUCCESS);
FRAME_ClientHelloMsg *clientMsg = &frameMsg.body.hsMsg.body.clientHello;
ASSERT_EQ(clientMsg->keyshares.exKeyShares.size, 1u);
ASSERT_EQ(clientMsg->keyshares.exKeyShares.data[0].group.data, HITLS_EC_GROUP_SECP384R1);
ASSERT_EQ(clientMsg->supportedGroups.exData.size, 1u);
ASSERT_EQ(clientMsg->supportedGroups.exData.data[0], HITLS_EC_GROUP_SECP384R1);
EXIT:
FRAME_CleanMsg(&frameType, &frameMsg);
HITLS_CFG_FreeConfig(clientconfig);
HITLS_CFG_FreeConfig(serverconfig);
FRAME_FreeLink(client);
FRAME_FreeLink(server);
}
/* END_CASE */
/* @
* @test UT_TLS_TLS13_CONSISTENCY_RFC8446_REQUEST_CLIENT_HELLO_FUNC_TC005
* @brief 2.1. Incorrect DHE Share
@@ -3629,4 +3803,4 @@ EXIT:
FRAME_FreeLink(client);
FRAME_FreeLink(server);
}
/* END_CASE */
/* END_CASE */
@@ -155,4 +155,13 @@ UT_TLS_SDV_TLS1_3_RFC8446_CONSISTENCY_MIDDLE_BOX_COMPAT_TC001 isMiddleBoxCompat
UT_TLS_SDV_TLS1_3_RFC8446_CONSISTENCY_MIDDLE_BOX_COMPAT_TC001:1
UT_TLS_SDV_TLS1_3_RFC8446_CONSISTENCY_UNSUPPORT_VERSION_TC001
UT_TLS_SDV_TLS1_3_RFC8446_CONSISTENCY_UNSUPPORT_VERSION_TC001:
UT_TLS_SDV_TLS1_3_RFC8446_CONSISTENCY_UNSUPPORT_VERSION_TC001:
UT_TLS_TLS13_HRR_SELECTED_GROUP_FILTER_FUNC_TC001
UT_TLS_TLS13_HRR_SELECTED_GROUP_FILTER_FUNC_TC001:
UT_TLS_TLS13_KEYSHARE_ALL_GROUPS_FILTER_FUNC_TC001
UT_TLS_TLS13_KEYSHARE_ALL_GROUPS_FILTER_FUNC_TC001:
UT_TLS_TLS13_KEYSHARE_PARTIAL_FILTER_FUNC_TC001
UT_TLS_TLS13_KEYSHARE_PARTIAL_FILTER_FUNC_TC001:
@@ -33,6 +33,8 @@
#include "rec_wrapper.h"
#include "cert.h"
#include "securec.h"
#include "hitls_security.h"
#include <string.h>
#include "process.h"
#include "conn_init.h"
#include "hitls_crypt_init.h"
@@ -41,6 +43,7 @@
#include "alert.h"
#include "bsl_sal.h"
#include "hs_extensions.h"
#include "hs_common.h"
/* END_HEADER */
#define MAX_BUF 16384
@@ -1367,3 +1370,34 @@ EXIT:
FRAME_FreeLink(server);
}
/* END_CASE */
/**
* @test UT_TLS_TLS13_GROUP_TUPLE_KEYSHARE_SELECT_TC007
* @spec GroupConformToVersion
* @title Test security-level filtering in GroupConformToVersion
* @precon nan
* @brief Scenario: A TLS 1.3 context enables security level 4 with secp256r1 and secp384r1 configured.
* Expected: GroupConformToVersion rejects secp256r1 but keeps secp384r1.
* @expect GroupConformToVersion returns false for secp256r1 and true for secp384r1
*/
/* BEGIN_CASE */
void UT_TLS_TLS13_GROUP_TUPLE_KEYSHARE_SELECT_TC007(void)
{
FRAME_Init();
HITLS_Config *cfg = HITLS_CFG_NewTLS13Config();
ASSERT_TRUE(cfg != NULL);
uint16_t groups[] = {HITLS_EC_GROUP_SECP256R1, HITLS_EC_GROUP_SECP384R1};
ASSERT_EQ(HITLS_CFG_SetGroups(cfg, groups, sizeof(groups) / sizeof(uint16_t)), HITLS_SUCCESS);
FRAME_LinkObj *link = FRAME_CreateLink(cfg, BSL_UIO_TCP);
ASSERT_TRUE(link != NULL);
ASSERT_EQ(HITLS_SetSecurityLevel(link->ssl, HITLS_SECURITY_LEVEL_FOUR), HITLS_SUCCESS);
ASSERT_EQ(GroupConformToVersion(link->ssl, HITLS_VERSION_TLS13, HITLS_EC_GROUP_SECP256R1), false);
ASSERT_EQ(GroupConformToVersion(link->ssl, HITLS_VERSION_TLS13, HITLS_EC_GROUP_SECP384R1), true);
EXIT:
FRAME_FreeLink(link);
HITLS_CFG_FreeConfig(cfg);
}
/* END_CASE */
@@ -126,4 +126,7 @@ UT_TLS_TLS13_RFC8446_CONSISTENCY_RECVERSION_FUNC_TC002
UT_TLS_TLS13_RFC8446_CONSISTENCY_RECVERSION_FUNC_TC002:false:TRY_SEND_FINISH
UT_TLS_TLS13_PARSE_CA_LIST_TC001
UT_TLS_TLS13_PARSE_CA_LIST_TC001:
UT_TLS_TLS13_PARSE_CA_LIST_TC001:
UT_TLS_TLS13_GROUP_TUPLE_KEYSHARE_SELECT_TC007
UT_TLS_TLS13_GROUP_TUPLE_KEYSHARE_SELECT_TC007:
@@ -1610,20 +1610,30 @@ EXIT:
/* Global variables for session management testing */
static bool g_sessionMgmtRemoveCbCalled = false;
static HITLS_Session *g_sessionMgmtLastRemovedSession = NULL;
static bool g_sessionMgmtRemoveCbCanQueryCache = false;
static bool g_sessionMgmtRemoveCbHasValidSession = false;
/* Helper function to clear session management test state */
static void ClearSessionMgmtState(void)
{
g_sessionMgmtRemoveCbCalled = false;
g_sessionMgmtLastRemovedSession = NULL;
g_sessionMgmtRemoveCbCanQueryCache = false;
g_sessionMgmtRemoveCbHasValidSession = false;
}
/* Session remove callback for management testing */
static void TestSessionMgmtRemoveCb(HITLS_Config *config, HITLS_Session *sess)
{
(void)config;
uint32_t cacheSize = 0;
uint8_t sessionId[HITLS_SESSION_ID_MAX_SIZE] = {0};
uint32_t sessionIdSize = sizeof(sessionId);
g_sessionMgmtRemoveCbCalled = true;
g_sessionMgmtLastRemovedSession = sess;
g_sessionMgmtRemoveCbCanQueryCache = (HITLS_CFG_GetSessionCacheSize(config, &cacheSize) == HITLS_SUCCESS);
g_sessionMgmtRemoveCbHasValidSession =
(sess != NULL && HITLS_SESS_GetSessionId(sess, sessionId, &sessionIdSize) == HITLS_SUCCESS && sessionIdSize > 0);
}
/** @
@@ -1805,6 +1815,8 @@ void UT_SESSION_MGMT_CLEAR_EXTERNAL_CALLBACK_TC005()
/* Verify remove callback was called */
ASSERT_TRUE(g_sessionMgmtRemoveCbCalled);
ASSERT_TRUE(g_sessionMgmtRemoveCbCanQueryCache);
ASSERT_TRUE(g_sessionMgmtRemoveCbHasValidSession);
ASSERT_TRUE(TestIsErrStackEmpty());
@@ -2002,6 +2014,8 @@ void UT_SESSION_MGMT_REMOVE_CALLBACK_TC010()
/* Remove session and verify callback */
ASSERT_EQ(HITLS_CFG_RemoveSession(config, session), HITLS_SUCCESS);
ASSERT_TRUE(g_sessionMgmtRemoveCbCalled);
ASSERT_TRUE(g_sessionMgmtRemoveCbCanQueryCache);
ASSERT_TRUE(g_sessionMgmtRemoveCbHasValidSession);
ASSERT_TRUE(TestIsErrStackEmpty());
@@ -78,6 +78,7 @@
#include "app.h"
#include "record.h"
#include "rec_conn.h"
#include "parse_extensions.h"
#include "session.h"
#include "frame_msg.h"
#include "pack_frame_msg.h"
@@ -1059,6 +1060,10 @@ EXIT:
}
/* END_CASE */
int32_t ParseServerCookie(ParsePacket *pkt, ServerHelloMsg *msg);
#ifdef HITLS_TLS_PROTO_TLS13
int32_t ParseIdentities(TLS_Ctx *ctx, PreSharedKey *preSharedKey, const uint8_t *buf, uint32_t bufLen);
void CleanPreShareKey(PreSharedKey *preSharedKey);
#endif /* HITLS_TLS_PROTO_TLS13 */
/* @
* @test test ParseServerCookie and ParseClientCookie
* @spec -
@@ -1096,6 +1101,113 @@ EXIT:
}
/* END_CASE */
/* @
* @test UT_TLS_PARSE_SELECTED_ALPN_EMPTY_TC001
* @title Reject an empty selected ALPN protocol at parse time
* @precon nan
* @brief 1. Initialize a client parse context
2. Assemble a server ALPN extension body with a zero-length protocol
3. Invoke ParseServerSelectedAlpnProtocol
* @expect 1. The return value is HITLS_PARSE_INVALID_MSG_LEN
* @auto TRUE
@ */
/* BEGIN_CASE */
void UT_TLS_PARSE_SELECTED_ALPN_EMPTY_TC001()
{
FRAME_Init();
HITLS_Config *config = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(config != NULL);
FRAME_LinkObj *client = FRAME_CreateLink(config, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
CONN_Init(client->ssl);
bool haveSelectedAlpn = false;
uint8_t *selectedAlpn = NULL;
uint16_t selectedAlpnSize = 0;
uint8_t alpnExt[] = {0x00, 0x01, 0x00};
uint32_t bufOffset = 0;
ParsePacket pkt = {.ctx = client->ssl, .buf = alpnExt, .bufLen = sizeof(alpnExt), .bufOffset = &bufOffset};
ASSERT_EQ(ParseServerSelectedAlpnProtocol(&pkt, &haveSelectedAlpn, &selectedAlpn, &selectedAlpnSize),
HITLS_PARSE_INVALID_MSG_LEN);
ASSERT_TRUE(haveSelectedAlpn == false);
EXIT:
BSL_SAL_FREE(selectedAlpn);
HITLS_CFG_FreeConfig(config);
FRAME_FreeLink(client);
}
/* END_CASE */
/* @
* @test UT_TLS_PARSE_PSK_IDENTITY_EMPTY_TC001
* @title Reject a zero-length TLS 1.3 PSK identity at parse time
* @precon nan
* @brief 1. Initialize a client parse context
2. Assemble a PSK identity vector with identity_size = 0
3. Invoke ParseIdentities
* @expect 1. The return value is HITLS_PARSE_INVALID_MSG_LEN
* @auto TRUE
@ */
/* BEGIN_CASE */
void UT_TLS_PARSE_PSK_IDENTITY_EMPTY_TC001()
{
FRAME_Init();
HITLS_Config *config = HITLS_CFG_NewTLS13Config();
ASSERT_TRUE(config != NULL);
FRAME_LinkObj *client = FRAME_CreateLink(config, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
CONN_Init(client->ssl);
PreSharedKey *preSharedKey = (PreSharedKey *)BSL_SAL_Calloc(1u, sizeof(PreSharedKey));
ASSERT_TRUE(preSharedKey != NULL);
LIST_INIT(&preSharedKey->pskNode);
uint8_t identity[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
ASSERT_EQ(ParseIdentities(client->ssl, preSharedKey, identity, sizeof(identity)), HITLS_PARSE_INVALID_MSG_LEN);
EXIT:
CleanPreShareKey(preSharedKey);
HITLS_CFG_FreeConfig(config);
FRAME_FreeLink(client);
}
/* END_CASE */
/* @
* @test UT_TLS_PARSE_RECORD_SIZE_LIMIT_LENGTH_TC001
* @title Reject a ClientHello record_size_limit extension with an invalid length
* @precon nan
* @brief 1. Initialize a client parse context
2. Assemble a ClientHello record_size_limit extension with exLen = 1
3. Invoke ParseClientExtension
* @expect 1. The return value is HITLS_PARSE_INVALID_MSG_LEN
* @auto TRUE
@ */
/* BEGIN_CASE */
void UT_TLS_PARSE_RECORD_SIZE_LIMIT_LENGTH_TC001()
{
FRAME_Init();
HITLS_Config *config = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(config != NULL);
FRAME_LinkObj *client = FRAME_CreateLink(config, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
CONN_Init(client->ssl);
ClientHelloMsg cliMsg = {0};
uint8_t ext[] = {
(uint8_t)(HS_EX_TYPE_RECORD_SIZE_LIMIT >> 8), (uint8_t)(HS_EX_TYPE_RECORD_SIZE_LIMIT & 0xff),
0x00, 0x01, 0x40
};
ASSERT_EQ(ParseClientExtension(client->ssl, ext, sizeof(ext), &cliMsg), HITLS_PARSE_INVALID_MSG_LEN);
EXIT:
CleanClientHello(&cliMsg);
HITLS_CFG_FreeConfig(config);
FRAME_FreeLink(client);
}
/* END_CASE */
/* @
* @test SDV_HITLS_TLCP_PATCH_TC005_3
* @spec -
@@ -3767,6 +3879,58 @@ void SDV_TLS_PSK_LEAK_TC01(void)
EXIT:
FRAME_FreeLink(client);
HITLS_CFG_FreeConfig(config);
HITLS_CFG_FreeConfig(config);
}
/* END_CASE */
/* END_CASE */
/* @
* @test SDV_HiTLS_HsCtx_Get_PeerCertificate_TC001
* @spec -
* @title The test obtains the peer certificate chain during the handshake process, and it is expected to succeed.
* @precon nan
* @brief
* 1. Initialize the TLS12 client and server.
* 2. Establish a link. Stop the handshake state at the TRY_RECV_SERVER_KEY_EXCHANGE state, the HITLS_GetPeerCertificate
* and HITLS_GetPeerCertChain interfaces are invoked to check the peer certificate cached at both ends.
* @expect
* 1. Initialization succeeded.
* 2. The link is successfully established. The certificate cached on the client is the same as the certificate sent by the
* server.The peer certificate cached on the server is NULL.
* @prior Level 1
* @auto TRUE
@ */
/* BEGIN_CASE */
void SDV_HiTLS_HsCtx_Get_PeerCertificate_TC001(void)
{
FRAME_Init();
FRAME_LinkObj *client = NULL;
FRAME_LinkObj *server = NULL;
HITLS_CERT_X509 *client_PeerCert = NULL;
HITLS_Config *c_config = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(c_config != NULL);
HITLS_Config *s_config = HITLS_CFG_NewTLS12Config();
ASSERT_TRUE(s_config != NULL);
client = FRAME_CreateLink(c_config, BSL_UIO_TCP);
ASSERT_TRUE(client != NULL);
server = FRAME_CreateLink(s_config, BSL_UIO_TCP);
ASSERT_TRUE(server != NULL);
ASSERT_EQ(FRAME_CreateConnection(client, server, true, TRY_RECV_SERVER_KEY_EXCHANGE), HITLS_SUCCESS);
ASSERT_TRUE(client->ssl->hsCtx->peerCert != NULL);
client_PeerCert = HITLS_GetPeerCertificate(client->ssl);
ASSERT_TRUE(client->ssl->hsCtx->peerCert->cert == client_PeerCert);
ASSERT_TRUE(client->ssl->hsCtx->peerCert->chain == HITLS_GetPeerCertChain(client->ssl));
ASSERT_TRUE(TestIsErrStackEmpty());
EXIT:
HITLS_CFG_FreeCert(c_config, client_PeerCert);
HITLS_CFG_FreeConfig(c_config);
HITLS_CFG_FreeConfig(s_config);
FRAME_FreeLink(client);
FRAME_FreeLink(server);
}
/* END_CASE */
@@ -215,4 +215,16 @@ HITLS_UT_TLS_CM_CLOSE_API_TC001
HITLS_UT_TLS_CM_CLOSE_API_TC001:
SDV_TLS_PSK_LEAK_TC01
SDV_TLS_PSK_LEAK_TC01:
SDV_TLS_PSK_LEAK_TC01:
SDV_HiTLS_HsCtx_Get_PeerCertificate_TC001
SDV_HiTLS_HsCtx_Get_PeerCertificate_TC001:
UT_TLS_PARSE_SELECTED_ALPN_EMPTY_TC001
UT_TLS_PARSE_SELECTED_ALPN_EMPTY_TC001:
UT_TLS_PARSE_PSK_IDENTITY_EMPTY_TC001
UT_TLS_PARSE_PSK_IDENTITY_EMPTY_TC001:
UT_TLS_PARSE_RECORD_SIZE_LIMIT_LENGTH_TC001
UT_TLS_PARSE_RECORD_SIZE_LIMIT_LENGTH_TC001:
+1 -1
View File
@@ -136,7 +136,7 @@ static const CipherSuiteInfo g_cipherSuiteList[] = {
#ifdef HITLS_TLS_SUITE_SM4_GCM_SM3
{.enable = true,
.name = CIPHER_NAME("HITLS_SM4_GCM_SM3"),
.stdName = CIPHER_NAME("HITLS_SM4_GCM_SM3"),
.stdName = CIPHER_NAME("TLS_SM4_GCM_SM3"),
.cipherSuite = HITLS_SM4_GCM_SM3,
.cipherAlg = HITLS_CIPHER_SM4_GCM,
.kxAlg = HITLS_KEY_EXCH_NULL,
+6 -7
View File
@@ -384,15 +384,15 @@ void SESSMGR_ClearTimeout(HITLS_Config *config, uint64_t time)
HITLS_Session *sess = (HITLS_Session *)ptr;
if (time == 0 || SESS_CheckValidity(sess, time) == false) {
SESS_Disable(sess);
#ifdef HITLS_TLS_FEATURE_SESSION_CACHE_CB
if (config->sessionRemoveCb != NULL) {
config->sessionRemoveCb(config, sess);
}
#endif /* HITLS_TLS_FEATURE_SESSION_CACHE_CB */
/* Delete the node if it is invalid */
uintptr_t tmpKey = BSL_HASH_HashIterKey(config->sessMgr->hash, it);
// Returns the next iterator of the iterator where the key resides
it = BSL_HASH_Erase(config->sessMgr->hash, tmpKey);
#ifdef HITLS_TLS_FEATURE_SESSION_CACHE_CB
if (config->sessionRemoveCb != NULL) {
config->sessionRemoveCb(config, sess);
}
#endif /* HITLS_TLS_FEATURE_SESSION_CACHE_CB */
} else {
it = BSL_HASH_IterNext(config->sessMgr->hash, it);
}
@@ -406,7 +406,6 @@ int32_t SESSMGR_RemoveSession(HITLS_Config *config, HITLS_Session *sess)
if (config == NULL || sess == NULL || config->sessMgr == NULL) {
return HITLS_NULL_INPUT;
}
BSL_SAL_ThreadWriteLock(config->sessMgr->lock);
SessionKey key = {0};
key.sessionIdSize = sizeof(key.sessionId);
@@ -419,12 +418,12 @@ int32_t SESSMGR_RemoveSession(HITLS_Config *config, HITLS_Session *sess)
return HITLS_SESS_ERR_NOT_FOUND;
}
BSL_HASH_Erase(config->sessMgr->hash, (uintptr_t)&key);
#ifdef HITLS_TLS_FEATURE_SESSION_CACHE_CB
if (config->sessionRemoveCb != NULL) {
config->sessionRemoveCb(config, sess);
}
#endif /* HITLS_TLS_FEATURE_SESSION_CACHE_CB */
BSL_HASH_Erase(config->sessMgr->hash, (uintptr_t)&key);
BSL_SAL_ThreadUnlock(config->sessMgr->lock);
return HITLS_SUCCESS;
}
+6
View File
@@ -846,6 +846,12 @@ bool GroupConformToVersion(const TLS_Ctx *ctx, uint16_t version, uint16_t group)
if (groupInfo == NULL || ((groupInfo->versionBits & versionBits) != versionBits)) {
return false;
}
#ifdef HITLS_TLS_FEATURE_SECURITY
int32_t ret = SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_CURVE_SUPPORTED, 0, (int32_t)group, NULL);
if (ret != SECURITY_SUCCESS) {
return false;
}
#endif /* HITLS_TLS_FEATURE_SECURITY */
return true;
}
+10
View File
@@ -107,6 +107,16 @@ static int32_t ProcessServerKxMsgNamedCurve(TLS_Ctx *ctx, const ServerKeyExchang
ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
return HITLS_MSG_HANDLE_UNSUPPORT_NAMED_CURVE;
}
#ifdef HITLS_TLS_FEATURE_SECURITY
int32_t ret = SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_CURVE_CHECK, 0, (int32_t)namedGroup, NULL);
if (ret != SECURITY_SUCCESS) {
BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_UNSUPPORT_NAMED_CURVE);
BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17088, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
"SslCheck fail, ret %d", ret, 0, 0, 0);
ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
return HITLS_MSG_HANDLE_UNSUPPORT_NAMED_CURVE;
}
#endif /* HITLS_TLS_FEATURE_SECURITY */
uint32_t peerPubkeyLen = serverKxMsg->keyEx.ecdh.pubKeySize;
+18 -2
View File
@@ -40,6 +40,7 @@
#include "pack_common.h"
#include "custom_extensions.h"
#include "config_type.h"
#include "security.h"
#include "pack_extensions.h"
@@ -376,6 +377,22 @@ static int32_t PackClientSignatureAlgorithms(const TLS_Ctx *ctx, PackPacket *pkt
return HITLS_SUCCESS;
}
static bool IsClientSupportedGroupAvailable(const TLS_Ctx *ctx, uint16_t group)
{
const TLS_Config *config = &ctx->config.tlsConfig;
const TLS_GroupInfo *groupInfo = ConfigGetGroupInfo(config, group);
if (groupInfo == NULL || ((groupInfo->versionBits & config->version) == 0)) {
return false;
}
#ifdef HITLS_TLS_FEATURE_SECURITY
if (SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_CURVE_SUPPORTED, 0, (int32_t)group, NULL) != SECURITY_SUCCESS) {
return false;
}
#endif /* HITLS_TLS_FEATURE_SECURITY */
return true;
}
static int32_t PackClientSupportedGroups(const TLS_Ctx *ctx, PackPacket *pkt)
{
int32_t ret = HITLS_SUCCESS;
@@ -410,8 +427,7 @@ static int32_t PackClientSupportedGroups(const TLS_Ctx *ctx, PackPacket *pkt)
bool haveGroup = false;
for (uint32_t i = 0; i < config->groupsSize; ++i) {
const TLS_GroupInfo *groupInfo = ConfigGetGroupInfo(&ctx->config.tlsConfig, config->groups[i]);
if (groupInfo == NULL || ((groupInfo->versionBits & config->version) == 0)) {
if (!IsClientSupportedGroupAvailable(ctx, config->groups[i])) {
continue;
}
haveGroup = true;
@@ -175,7 +175,7 @@ int32_t ParseServerSelectedAlpnProtocol(
/* If the length of the packet does not match the extended length, or the length is 0, the handshake message error
* is returned */
if (((selectedAlpnListLen * sizeof(uint8_t)) != (pkt->bufLen - sizeof(uint16_t))) || (selectedAlpnListLen == 0)) {
if (((selectedAlpnListLen * sizeof(uint8_t)) != (pkt->bufLen - sizeof(uint16_t))) || (selectedAlpnLen == 0)) {
return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID15199, BINGLOG_STR("alpn"));
}
/* According to the protocol rfc7301, The alpn extension returned by s end is allowed to contain only one protocol
@@ -330,7 +330,7 @@ int32_t ParseIdentities(TLS_Ctx *ctx, PreSharedKey *preSharedKey, const uint8_t
node->identitySize = identitySize;
bufOffset += sizeof(uint16_t);
if ((bufOffset + identitySize + sizeof(uint32_t)) > bufLen) {
if ((bufOffset + identitySize + sizeof(uint32_t)) > bufLen || identitySize == 0) {
BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15146, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
"ParseIdentities error. bufLen = %d, identitySize = %d.", bufLen, identitySize, 0, 0);
ctx->method.sendAlert(ctx, ALERT_LEVEL_FATAL, ALERT_ILLEGAL_PARAMETER);
@@ -815,6 +815,10 @@ static int32_t ParseClientRecordSizeLimit(ParsePacket *pkt, ClientHelloMsg *msg)
return ParseDupExtProcess(pkt->ctx, BINLOG_ID16243, BINGLOG_STR("recordSizeLimit"));
}
if (pkt->bufLen != sizeof(uint16_t)) {
return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID16244, BINGLOG_STR("recordSizeLimit"));
}
int32_t ret = ParseBytesToUint16(pkt, &msg->extension.content.recordSizeLimit);
if (ret != HITLS_SUCCESS) {
return ParseErrorExtLengthProcess(pkt->ctx, BINLOG_ID16244, BINGLOG_STR("recordSizeLimit"));
@@ -85,14 +85,7 @@ static int32_t ServerCheckPointFormats(const ClientHelloMsg *clientHello)
static uint16_t FindSupportedCurves(const TLS_Ctx *ctx, const uint16_t *perferenceGroups, uint32_t index)
{
/* Support group security check */
#ifdef HITLS_TLS_FEATURE_SECURITY
int32_t id = (int32_t)perferenceGroups[index];
int32_t ret = SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_CURVE_SHARED, 0, id, NULL);
if (ret != SECURITY_SUCCESS || !GroupConformToVersion(ctx, ctx->negotiatedInfo.version, perferenceGroups[index])) {
#else
if (!GroupConformToVersion(ctx, ctx->negotiatedInfo.version, perferenceGroups[index])) {
#endif /* HITLS_TLS_FEATURE_SECURITY */
return 0;
}
#ifdef HITLS_TLS_FEATURE_SM_TLS13
+8 -1
View File
@@ -899,6 +899,14 @@ static int32_t ClientCheckHrrKeyShareExtension(TLS_Ctx *ctx, const ServerHelloMs
ctx->hsCtx->kxCtx->keyExchParam.share.group = selectedGroup;
ctx->hsCtx->kxCtx->keyExchParam.share.secondGroup = HITLS_NAMED_GROUP_BUTT;
}
#ifdef HITLS_TLS_FEATURE_SECURITY
if (SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_CURVE_SUPPORTED, 0, (int32_t)selectedGroup, NULL) !=
SECURITY_SUCCESS) {
BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP);
return RETURN_ALERT_PROCESS(ctx, HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP, BINLOG_ID15284,
"selected group failed security check", ALERT_ILLEGAL_PARAMETER);
}
#endif /* HITLS_TLS_FEATURE_SECURITY */
// Save the selected group
ctx->negotiatedInfo.negotiatedGroup = selectedGroup;
return HITLS_SUCCESS;
@@ -1053,7 +1061,6 @@ static int32_t ClientProcessKeyShare(TLS_Ctx *ctx, const ServerHelloMsg *serverH
return RETURN_ALERT_PROCESS(ctx, HITLS_MSG_HANDLE_ILLEGAL_SELECTED_GROUP, BINLOG_ID15289,
"the keyshare parameter is illegal", ALERT_ILLEGAL_PARAMETER);
}
const KeyShare *keyShare = &serverHello->keyShare;
if (keyShare->group == ctx->hsCtx->kxCtx->keyExchParam.share.secondGroup) {
SAL_CRYPT_FreeEcdhKey(ctx->hsCtx->kxCtx->key);
@@ -35,6 +35,7 @@
#include "session_mgr.h"
#include "bsl_bytes.h"
#include "config_type.h"
#include "security.h"
#if defined(HITLS_TLS_PROTO_TLS_BASIC) || defined(HITLS_TLS_PROTO_DTLS12)
@@ -182,6 +183,12 @@ static bool Tls13SelectGroup(TLS_Ctx *ctx, uint16_t *firstGroup, uint16_t *secon
if (groupInfo == NULL) {
continue;
}
#ifdef HITLS_TLS_FEATURE_SECURITY
if (SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_CURVE_SUPPORTED, 0, tlsConfig->groups[i], NULL) !=
SECURITY_SUCCESS) {
continue;
}
#endif /* HITLS_TLS_FEATURE_SECURITY */
if (GroupConformToVersion(ctx, version, tlsConfig->groups[i])) {
if (group1 == HITLS_NAMED_GROUP_BUTT) {
group1 = tlsConfig->groups[i];