mirror of
https://github.com/openharmony/third_party_openhitls.git
synced 2026-07-01 10:05:26 -04:00
fix:clean sensitive information and fix some functions
Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1402 Signed-off-by: Dongjianwei001 <dongjianwei1@huawei.com>
This commit is contained in:
@@ -704,7 +704,6 @@ class CMakeGenerator:
|
||||
cmake += self._gen_cmd_cmake('set_target_properties', '{} PROPERTIES'.format(tgt_name), properties)
|
||||
cmake += 'install(TARGETS %s DESTINATION ${CMAKE_INSTALL_PREFIX}/lib)\n' % tgt_name
|
||||
if (self._approved_provider):
|
||||
# Use the openssl command to generate an HMAC file.
|
||||
cmake += 'install(CODE "execute_process(COMMAND openssl dgst -hmac \\\"%s\\\" -%s -out lib%s.so.hmac lib%s.so)")\n' % (self._args.hkey, self._hmac, lib_name, lib_name)
|
||||
# Install the hmac file to the output directory.
|
||||
cmake += 'install(CODE "execute_process(COMMAND cp lib%s.so.hmac ${CMAKE_INSTALL_PREFIX}/lib/lib%s.so.hmac)")\n' % (lib_name, lib_name)
|
||||
|
||||
@@ -471,7 +471,6 @@ int32_t CRYPT_EAL_ParseRsaPssAlgParam(BSL_ASN1_Buffer *param, CRYPT_RSA_PssPara
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_DECODE_ERR_RSSPSS);
|
||||
return CRYPT_DECODE_ERR_RSSPSS;
|
||||
}
|
||||
|
||||
if (asns[CRYPT_RSAPSS_HASH_IDX].tag != 0) {
|
||||
para->mdId = (CRYPT_MD_AlgId)BSL_OBJ_GetCidFromOidBuff(asns[CRYPT_RSAPSS_HASH_IDX].buff,
|
||||
asns[CRYPT_RSAPSS_HASH_IDX].len);
|
||||
@@ -480,6 +479,14 @@ int32_t CRYPT_EAL_ParseRsaPssAlgParam(BSL_ASN1_Buffer *param, CRYPT_RSA_PssPara
|
||||
return CRYPT_DECODE_ERR_RSSPSS_MD;
|
||||
}
|
||||
}
|
||||
if (asns[CRYPT_RSAPSS_MGF1_IDX].tag != 0) {
|
||||
int32_t mgfCid = (CRYPT_MD_AlgId)BSL_OBJ_GetCidFromOidBuff(asns[CRYPT_RSAPSS_MGF1_IDX].buff,
|
||||
asns[CRYPT_RSAPSS_MGF1_IDX].len);
|
||||
if (mgfCid != BSL_CID_MGF1) {
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_DECODE_ERR_RSSPSS);
|
||||
return CRYPT_DECODE_ERR_RSSPSS;
|
||||
}
|
||||
}
|
||||
if (asns[CRYPT_RSAPSS_MGF1PARAM_IDX].tag != 0) {
|
||||
para->mgfId = (CRYPT_MD_AlgId)BSL_OBJ_GetCidFromOidBuff(asns[CRYPT_RSAPSS_MGF1PARAM_IDX].buff,
|
||||
asns[CRYPT_RSAPSS_MGF1PARAM_IDX].len);
|
||||
|
||||
@@ -1048,6 +1048,20 @@ EXIT:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int32_t VerifyCheckSign(const BN_BigNum *q, BN_BigNum *r, BN_BigNum *s)
|
||||
{
|
||||
if ((BN_Cmp(r, q) >= 0) || (BN_Cmp(s, q) >= 0)) {
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_DSA_VERIFY_FAIL);
|
||||
return CRYPT_DSA_VERIFY_FAIL;
|
||||
}
|
||||
if (BN_IsZero(r) || BN_IsZero(s)) {
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_DSA_VERIFY_FAIL);
|
||||
return CRYPT_DSA_VERIFY_FAIL;
|
||||
}
|
||||
|
||||
return CRYPT_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CRYPT_DSA_VerifyData(const CRYPT_DSA_Ctx *ctx, const uint8_t *data, uint32_t dataLen,
|
||||
const uint8_t *sign, uint32_t signLen)
|
||||
{
|
||||
@@ -1072,6 +1086,10 @@ int32_t CRYPT_DSA_VerifyData(const CRYPT_DSA_Ctx *ctx, const uint8_t *data, uint
|
||||
if (ret != CRYPT_SUCCESS) {
|
||||
goto EXIT;
|
||||
}
|
||||
ret = VerifyCheckSign(ctx->para->q, r, s);
|
||||
if (ret != CRYPT_SUCCESS) {
|
||||
goto EXIT;
|
||||
}
|
||||
ret = VerifyCore(ctx, d, r, s);
|
||||
EXIT:
|
||||
BN_Destroy(r);
|
||||
|
||||
@@ -70,33 +70,22 @@ int32_t CRYPT_ELGAMAL_SetPrvKey(CRYPT_ELGAMAL_Ctx *ctx, const CRYPT_ElGamalPrv *
|
||||
return CRYPT_ELGAMAL_ERR_INPUT_VALUE;
|
||||
}
|
||||
int32_t ret = CRYPT_SUCCESS;
|
||||
CRYPT_ELGAMAL_Ctx *newCtx = CRYPT_ELGAMAL_NewCtx();
|
||||
if (newCtx == NULL) {
|
||||
CRYPT_ELGAMAL_PrvKey *newPrvKey = ElGamal_NewPrvKey(0);
|
||||
if (newPrvKey == NULL) {
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
|
||||
return CRYPT_MEM_ALLOC_FAIL;
|
||||
}
|
||||
|
||||
newCtx->prvKey = ElGamal_NewPrvKey(prv->pLen * 8); // Bit length is obtained by multiplying byte length by 8.
|
||||
if (newCtx->prvKey == NULL) {
|
||||
ret = CRYPT_MEM_ALLOC_FAIL;
|
||||
BSL_ERR_PUSH_ERROR(ret);
|
||||
goto ERR;
|
||||
}
|
||||
|
||||
ret = SetPrvPara(newCtx->prvKey, prv);
|
||||
ret = SetPrvPara(newPrvKey, prv);
|
||||
if (ret != CRYPT_SUCCESS) {
|
||||
BSL_ERR_PUSH_ERROR(ret);
|
||||
goto ERR;
|
||||
}
|
||||
|
||||
ELGAMAL_FREE_PRV_KEY(ctx->prvKey);
|
||||
ctx->prvKey = newCtx->prvKey;
|
||||
|
||||
BSL_SAL_ReferencesFree(&(newCtx->references));
|
||||
BSL_SAL_FREE(newCtx);
|
||||
|
||||
ctx->prvKey = newPrvKey;
|
||||
return ret;
|
||||
ERR:
|
||||
CRYPT_ELGAMAL_FreeCtx(newCtx);
|
||||
ELGAMAL_FREE_PRV_KEY(newPrvKey);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -116,7 +105,7 @@ int32_t CRYPT_ELGAMAL_SetPubKey(CRYPT_ELGAMAL_Ctx *ctx, const CRYPT_ElGamalPub *
|
||||
int32_t ret = CRYPT_SUCCESS;
|
||||
CRYPT_ELGAMAL_PubKey *newPub = NULL;
|
||||
/* Bit length is obtained by multiplying byte length by 8. */
|
||||
newPub = ElGamal_NewPubKey(pub->pLen * 8);
|
||||
newPub = ElGamal_NewPubKey(0);
|
||||
if (newPub == NULL) {
|
||||
return CRYPT_MEM_ALLOC_FAIL;
|
||||
}
|
||||
|
||||
@@ -267,7 +267,7 @@ McelieceParams *McelieceGetParamsById(int32_t algId)
|
||||
const int32_t base = CRYPT_KEM_TYPE_MCELIECE_6688128;
|
||||
const int32_t max = CRYPT_KEM_TYPE_MCELIECE_8192128_PCF;
|
||||
|
||||
if ((algId - base) > (max - base)) {
|
||||
if (algId > max || algId < base) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -434,6 +434,7 @@ int32_t CRYPT_PAILLIER_Add(const void *ctx, const BSL_Param *input, uint8_t *out
|
||||
BN_Optimizer *optimizer = BN_OptimizerCreate();
|
||||
if (optimizer == NULL) {
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
|
||||
ret = CRYPT_MEM_ALLOC_FAIL;
|
||||
goto EXIT;
|
||||
}
|
||||
|
||||
|
||||
@@ -130,31 +130,23 @@ int32_t CRYPT_PAILLIER_SetPrvKey(CRYPT_PAILLIER_Ctx *ctx, const CRYPT_PaillierPr
|
||||
if (ret != CRYPT_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
CRYPT_PAILLIER_Ctx *newCtx = CRYPT_PAILLIER_NewCtx();
|
||||
if (newCtx == NULL) {
|
||||
CRYPT_PAILLIER_PrvKey *newPrvKey = Paillier_NewPrvKey(0); // Bit length is obtained by multiplying byte length by 8.
|
||||
if (newPrvKey == NULL) {
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
|
||||
return CRYPT_MEM_ALLOC_FAIL;
|
||||
}
|
||||
newCtx->prvKey = Paillier_NewPrvKey(prv->lambdaLen * 8); // Bit length is obtained by multiplying byte length by 8.
|
||||
if (newCtx->prvKey == NULL) {
|
||||
ret = CRYPT_MEM_ALLOC_FAIL;
|
||||
BSL_ERR_PUSH_ERROR(ret);
|
||||
goto ERR;
|
||||
}
|
||||
|
||||
ret = SetPrvPara(newCtx->prvKey, prv);
|
||||
ret = SetPrvPara(newPrvKey, prv);
|
||||
if (ret != CRYPT_SUCCESS) {
|
||||
BSL_ERR_PUSH_ERROR(ret);
|
||||
goto ERR;
|
||||
}
|
||||
|
||||
PAILLIER_FREE_PRV_KEY(ctx->prvKey);
|
||||
ctx->prvKey = newCtx->prvKey;
|
||||
|
||||
BSL_SAL_ReferencesFree(&(newCtx->references));
|
||||
BSL_SAL_FREE(newCtx);
|
||||
ctx->prvKey = newPrvKey;
|
||||
return ret;
|
||||
ERR:
|
||||
CRYPT_PAILLIER_FreeCtx(newCtx);
|
||||
PAILLIER_FREE_PRV_KEY(newPrvKey);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@
|
||||
|
||||
static int32_t ParaCheckAndLog(const CRYPT_Iso_Pkey_Ctx *ctx, const CRYPT_EAL_PkeyPara *para)
|
||||
{
|
||||
CRYPT_EAL_PkeyC2Data data = {para, NULL, NULL, CRYPT_MD_MAX, CRYPT_PKEY_PARAID_MAX, CRYPT_EVENT_MAX,
|
||||
CRYPT_EAL_PkeyC2Data data = {para, NULL, NULL, CRYPT_MD_MAX, (int32_t)para->id, CRYPT_EVENT_MAX,
|
||||
NULL, NULL, NULL};
|
||||
if (!CMVP_Iso19790PkeyC2(ctx->algId, &data)) {
|
||||
(void)CRYPT_Iso_Log(ctx->provCtx, CRYPT_EVENT_PARAM_CHECK, CRYPT_ALGO_PKEY, ctx->algId);
|
||||
@@ -144,6 +144,23 @@ static int32_t CheckDhPara(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *param
|
||||
return ParaCheckAndLog(ctx, ¶);
|
||||
}
|
||||
|
||||
static int32_t CheckEcdsaPara(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *params)
|
||||
{
|
||||
CRYPT_EAL_PkeyPara para = {0};
|
||||
uint8_t *curveId = NULL;
|
||||
uint32_t len = 0;
|
||||
int32_t ret = GetParamValue(params, CRYPT_PARAM_EC_CURVE_ID, &curveId, &len);
|
||||
if (ret != CRYPT_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
if (len != sizeof(int32_t)) {
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_INVALID_ARG);
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
para.id = *(int32_t *)curveId;
|
||||
return ParaCheckAndLog(ctx, ¶);
|
||||
}
|
||||
|
||||
static int32_t CheckPkeyParam(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *params)
|
||||
{
|
||||
switch (ctx->algId) {
|
||||
@@ -153,6 +170,8 @@ static int32_t CheckPkeyParam(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *pa
|
||||
return CheckDsaPara(ctx, params);
|
||||
case CRYPT_PKEY_RSA:
|
||||
return CheckRsaPara(ctx, params);
|
||||
case CRYPT_PKEY_ECDSA:
|
||||
return CheckEcdsaPara(ctx, params);
|
||||
default:
|
||||
return CRYPT_SUCCESS;
|
||||
}
|
||||
@@ -536,7 +555,11 @@ static int32_t CRYPT_ASMCAP_PkeyCheck(int32_t algId)
|
||||
BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT); \
|
||||
return CRYPT_NULL_INPUT; \
|
||||
} \
|
||||
int32_t ret = CRYPT_Iso_Log(ctx->provCtx, CRYPT_EVENT_SETSSP, CRYPT_ALGO_PKEY, ctx->algId); \
|
||||
int32_t ret = CheckPkeyParam(ctx, params); \
|
||||
if (ret != CRYPT_SUCCESS) { \
|
||||
return ret; \
|
||||
} \
|
||||
ret = CRYPT_Iso_Log(ctx->provCtx, CRYPT_EVENT_SETSSP, CRYPT_ALGO_PKEY, ctx->algId); \
|
||||
if (ret != CRYPT_SUCCESS) { \
|
||||
return ret; \
|
||||
} \
|
||||
|
||||
@@ -916,7 +916,6 @@ int32_t HITLS_SetCurrentCert(HITLS_Ctx *ctx, long option);
|
||||
/**
|
||||
* @ingroup hitls_cert
|
||||
* @brief Process the certificate callback.
|
||||
* @attention This callback function is compatible with OpenSSL and has the same logic as OpenSSL.
|
||||
*
|
||||
* @param ctx [IN] TLS link object
|
||||
* @param arg [IN] Related parameters arg
|
||||
|
||||
@@ -525,6 +525,9 @@ void SDV_CRYPTO_DSA_SIGN_VERIFY_DATA_FUNC_TC001(
|
||||
BN_BigNum *bnS = NULL;
|
||||
CRYPT_EAL_PkeyCtx *pkey = NULL;
|
||||
Hex mdOut = {0};
|
||||
BN_BigNum *q = NULL;
|
||||
uint8_t *sigAddQ = NULL;
|
||||
uint32_t sigAddQLen = 0;
|
||||
|
||||
ASSERT_EQ(memcpy_s(g_kRandBuf, sizeof(g_kRandBuf), K->x, K->len), 0);
|
||||
g_kRandBufLen = K->len;
|
||||
@@ -571,6 +574,14 @@ void SDV_CRYPTO_DSA_SIGN_VERIFY_DATA_FUNC_TC001(
|
||||
/* Verify the signature of the hash data. */
|
||||
ASSERT_EQ(CRYPT_EAL_PkeyVerifyData(pkey, mdOut.x, mdOut.len, hitlsSign, hitlsSignOutLen), CRYPT_SUCCESS);
|
||||
ASSERT_TRUE(TestIsErrStackEmpty());
|
||||
q = BN_Create(Q->len * 8);
|
||||
ASSERT_NE(q, NULL);
|
||||
ASSERT_EQ(BN_Bin2Bn(q, Q->x, Q->len), CRYPT_SUCCESS);
|
||||
ASSERT_EQ(BN_Add(bnS, q, bnS), CRYPT_SUCCESS); // s' = s + q
|
||||
sigAddQLen = signLen * 2;
|
||||
sigAddQ = (uint8_t *)malloc(sigAddQLen);
|
||||
ASSERT_EQ(CRYPT_EAL_EncodeSign(bnR, bnS, sigAddQ, &sigAddQLen), CRYPT_SUCCESS);
|
||||
ASSERT_EQ(CRYPT_EAL_PkeyVerifyData(pkey, mdOut.x, mdOut.len, sigAddQ, sigAddQLen), CRYPT_DSA_VERIFY_FAIL);
|
||||
EXIT:
|
||||
CRYPT_RandRegist(NULL);
|
||||
CRYPT_RandRegistEx(NULL);
|
||||
@@ -583,6 +594,8 @@ EXIT:
|
||||
BN_Destroy(bnS);
|
||||
BSL_ERR_RemoveErrorStack(true);
|
||||
CRYPT_EAL_PkeyFreeCtx(pkey);
|
||||
free(sigAddQ);
|
||||
BN_Destroy(q);
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
||||
@@ -1679,13 +1679,10 @@ EXIT:
|
||||
@test SDV_PKCS8_ENCODE_DHKEY_DSAKEY_TC001
|
||||
@title DH, DSA key encoding
|
||||
@step
|
||||
1.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in pem format,
|
||||
comparing if the encoding between openssl and openHiTLS is consistent
|
||||
2.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in asn1 format,
|
||||
comparing if the encoding between openssl and openHiTLS is consistent
|
||||
1.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in pem format
|
||||
2.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in asn1 format
|
||||
@expect
|
||||
1.Encoding succeeds, consistent with openssl
|
||||
2.Encoding succeeds, consistent with openssl
|
||||
Both success
|
||||
*/
|
||||
/* BEGIN_CASE */
|
||||
void SDV_PKCS8_ENCODE_DHKEY_DSAKEY_TC001(char *path, int fileType, Hex *asn1)
|
||||
@@ -1728,8 +1725,7 @@ EXIT:
|
||||
2.openHiTLS calls CRYPT_EAL_DecodeBuffKey interface to decode the key in asn1 format,
|
||||
comparing if the decrypted key is consistent with the original key
|
||||
@expect
|
||||
1.Encoding succeeds, consistent with openssl
|
||||
2.Encoding succeeds, consistent with openssl
|
||||
Both success
|
||||
*/
|
||||
/* BEGIN_CASE */
|
||||
void SDV_PKCS8_DECODE_DHKEY_DSAKEY_TC001(char *path, int fileType, Hex *asn1)
|
||||
@@ -2044,3 +2040,61 @@ EXIT:
|
||||
#endif
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/*
|
||||
@test SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001
|
||||
@title Test CRYPT_EAL_ParseRsaPssAlgParam rejects non-MGF1 mask generation algorithm
|
||||
@precon None
|
||||
@step
|
||||
1. Call CRYPT_EAL_ParseRsaPssAlgParam with valid RSA-PSS params (MGF1 OID), expect success
|
||||
2. Call CRYPT_EAL_ParseRsaPssAlgParam with invalid RSA-PSS params (non-MGF1 OID), expect CRYPT_DECODE_ERR_RSSPSS
|
||||
@expect
|
||||
1. Valid params parse successfully with correct mdId, mgfId, and saltLen
|
||||
2. Invalid params return CRYPT_DECODE_ERR_RSSPSS
|
||||
*/
|
||||
/* BEGIN_CASE */
|
||||
void SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001(void)
|
||||
{
|
||||
#if defined(HITLS_CRYPTO_RSA) && defined(HITLS_CRYPTO_KEY_DECODE)
|
||||
/* RSA-PSS params: SHA-256 hash, MGF1(SHA-256), salt length 32
|
||||
* Content of the SEQUENCE (without outer SEQUENCE TLV):
|
||||
* [0] { SEQUENCE { OID sha256 } }
|
||||
* [1] { SEQUENCE { OID mgf1, SEQUENCE { OID sha256 } } }
|
||||
* [2] { INTEGER 32 }
|
||||
*/
|
||||
uint8_t validPssParams[] = {
|
||||
0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
|
||||
0xa1, 0x1a, 0x30, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08,
|
||||
0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
|
||||
0xa2, 0x03, 0x02, 0x01, 0x20
|
||||
};
|
||||
|
||||
/* Invalid: replace MGF1 OID (2a864886f70d010108) with RSASSA-PSS OID (2a864886f70d01010a) */
|
||||
uint8_t invalidPssParams[] = {
|
||||
0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
|
||||
0xa1, 0x1a, 0x30, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a,
|
||||
0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
|
||||
0xa2, 0x03, 0x02, 0x01, 0x20
|
||||
};
|
||||
|
||||
BSL_ASN1_Buffer validParam = {BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SEQUENCE,
|
||||
sizeof(validPssParams), validPssParams};
|
||||
BSL_ASN1_Buffer invalidParam = {BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SEQUENCE,
|
||||
sizeof(invalidPssParams), invalidPssParams};
|
||||
CRYPT_RSA_PssPara para = {0};
|
||||
|
||||
ASSERT_EQ(CRYPT_EAL_ParseRsaPssAlgParam(&validParam, ¶), CRYPT_SUCCESS);
|
||||
ASSERT_EQ(para.mdId, CRYPT_MD_SHA256);
|
||||
ASSERT_EQ(para.mgfId, CRYPT_MD_SHA256);
|
||||
ASSERT_EQ(para.saltLen, 32);
|
||||
|
||||
memset(¶, 0, sizeof(para));
|
||||
ASSERT_EQ(CRYPT_EAL_ParseRsaPssAlgParam(&invalidParam, ¶), CRYPT_DECODE_ERR_RSSPSS);
|
||||
|
||||
EXIT:
|
||||
return;
|
||||
#else
|
||||
SKIP_TEST();
|
||||
#endif
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
@@ -798,3 +798,6 @@ SDV_PKCS8_ERROR_ENCDEC_TC002:"../testdata/cert/asn1/dh_key/err_dh_public.pem":CR
|
||||
|
||||
SDV_PKCS8_ERROR_ENCDEC_TC003
|
||||
SDV_PKCS8_ERROR_ENCDEC_TC003:"../testdata/cert/asn1/dsa_key/empty_dsa_private.pem":CRYPT_PRIKEY_PKCS8_UNENCRYPT:""
|
||||
|
||||
SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001
|
||||
SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001:
|
||||
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "crypt_eal_entropy.h"
|
||||
#include "crypt_util_rand.h"
|
||||
#include "crypt_params_key.h"
|
||||
#include "crypt_eal_codecs.h"
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include <string.h>
|
||||
@@ -1418,3 +1419,32 @@ EXIT:
|
||||
#endif
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001(char *path, char *format, char *type, int expectRet)
|
||||
{
|
||||
#ifndef HITLS_CRYPTO_CMVP_ISO19790
|
||||
(void)path;
|
||||
(void)format;
|
||||
(void)type;
|
||||
(void)expectRet;
|
||||
SKIP_TEST();
|
||||
#else
|
||||
Iso19790_ProviderLoadCtx ctx = {0};
|
||||
CRYPT_EAL_PkeyCtx *pkeyCtx = NULL;
|
||||
|
||||
ASSERT_EQ(Iso19790_ProviderLoad(&ctx), CRYPT_SUCCESS);
|
||||
// Register default provider to supply decoder implementations
|
||||
ASSERT_EQ(CRYPT_EAL_ProviderRegister(ctx.libCtx, "default", CRYPT_EAL_DefaultProvInit, NULL, NULL), CRYPT_SUCCESS);
|
||||
int32_t ret = CRYPT_EAL_ProviderDecodeFileKey(ctx.libCtx, "provider=iso", BSL_CID_UNKNOWN,
|
||||
format, type, path, NULL, &pkeyCtx);
|
||||
ASSERT_EQ(ret, expectRet);
|
||||
if (expectRet == CRYPT_SUCCESS) {
|
||||
ASSERT_TRUE(pkeyCtx != NULL);
|
||||
}
|
||||
EXIT:
|
||||
CRYPT_EAL_PkeyFreeCtx(pkeyCtx);
|
||||
Iso19790_ProviderUnload(&ctx);
|
||||
#endif
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
@@ -293,3 +293,21 @@ SDV_ISO19790_PROVIDER_MD_USE_DEFAULT_LIBCTX_TEST_TC001:CRYPT_MD_SHAKE256
|
||||
|
||||
SDV_ISO19790_PROVIDER_MD_USE_DEFAULT_LIBCTX_TEST_TC001 CRYPT_MD_SM3
|
||||
SDV_ISO19790_PROVIDER_MD_USE_DEFAULT_LIBCTX_TEST_TC001:CRYPT_MD_SM3
|
||||
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 ECDSA P192 PKCS8 rejected
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/chain/nistp192_certs/ee_nistp192_key_pkcs8.#der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_DECODE_ERR_NO_USABLE_DECODER
|
||||
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 RSA 1024 SPKI pubkey rejected
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/spki/rsa1024_spki.der":"ASN1":"PUBKEY_SUBKEY":CRYPT_DECODE_ERR_NO_USABLE_DECODER
|
||||
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 ECDSA P192 pubkey rejected
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/chain/nistp192_certs/ee_nistp192_pubkey.der":"ASN1":"PUBKEY_SUBKEY":CRYPT_DECODE_ERR_NO_USABLE_DECODER
|
||||
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 RSA 2048 PKCS8 success
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/rsa2048key_pkcs8.der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_SUCCESS
|
||||
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 RSA 1024 PKCS8 rejected
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/pkcs8_unencrypted/rsa1024_p8_unencrypted.#der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_DECODE_ERR_NO_USABLE_DECODER
|
||||
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 ECDSA P256 PKCS8 success
|
||||
#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/prime256v1_pkcs8.der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_SUCCESS
|
||||
@@ -21,11 +21,6 @@ Strategy: construct v1/v2 certificates with extensions by manually building DER:
|
||||
3. Re-sign the patched TBS with the issuer's private key
|
||||
4. Assemble the final Certificate SEQUENCE: [patched TBS, signatureAlgorithm, signatureValue]
|
||||
|
||||
This produces v1/v2 certificates with extensions AND valid signatures, so both OpenSSL
|
||||
and openHiTLS can parse them. OpenSSL should reject them with
|
||||
X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3; openHiTLS should reject them with
|
||||
HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3.
|
||||
|
||||
Output files:
|
||||
a_v3_root.der - v3 root CA (trust anchor for TC1-TC4)
|
||||
a_v1_ext_leaf.der - TC1: v1 leaf with extensions, valid signature from root
|
||||
|
||||
@@ -338,7 +338,6 @@ static int32_t RecConnCbcDecryptByEncryptThenMac(TLS_Ctx *ctx, const RecConnStat
|
||||
* Encrypt-then-MAC mode: Verify MAC first, then decrypt.
|
||||
* The MAC is computed over the ciphertext (including explicit IV),
|
||||
* so timing does not leak plaintext information.
|
||||
* Reference: OpenSSL tls_common.c:787-811
|
||||
*/
|
||||
|
||||
/* Step 1: Check MAC (over ciphertext) */
|
||||
|
||||
Reference in New Issue
Block a user