diff --git a/configure.py b/configure.py index a5ee377c..64ac7b83 100644 --- a/configure.py +++ b/configure.py @@ -704,7 +704,6 @@ class CMakeGenerator: cmake += self._gen_cmd_cmake('set_target_properties', '{} PROPERTIES'.format(tgt_name), properties) cmake += 'install(TARGETS %s DESTINATION ${CMAKE_INSTALL_PREFIX}/lib)\n' % tgt_name if (self._approved_provider): - # Use the openssl command to generate an HMAC file. cmake += 'install(CODE "execute_process(COMMAND openssl dgst -hmac \\\"%s\\\" -%s -out lib%s.so.hmac lib%s.so)")\n' % (self._args.hkey, self._hmac, lib_name, lib_name) # Install the hmac file to the output directory. cmake += 'install(CODE "execute_process(COMMAND cp lib%s.so.hmac ${CMAKE_INSTALL_PREFIX}/lib/lib%s.so.hmac)")\n' % (lib_name, lib_name) diff --git a/crypto/codecskey/src/crypt_codecskey_utils.c b/crypto/codecskey/src/crypt_codecskey_utils.c index b507d058..d765129d 100644 --- a/crypto/codecskey/src/crypt_codecskey_utils.c +++ b/crypto/codecskey/src/crypt_codecskey_utils.c @@ -471,7 +471,6 @@ int32_t CRYPT_EAL_ParseRsaPssAlgParam(BSL_ASN1_Buffer *param, CRYPT_RSA_PssPara BSL_ERR_PUSH_ERROR(CRYPT_DECODE_ERR_RSSPSS); return CRYPT_DECODE_ERR_RSSPSS; } - if (asns[CRYPT_RSAPSS_HASH_IDX].tag != 0) { para->mdId = (CRYPT_MD_AlgId)BSL_OBJ_GetCidFromOidBuff(asns[CRYPT_RSAPSS_HASH_IDX].buff, asns[CRYPT_RSAPSS_HASH_IDX].len); @@ -480,6 +479,14 @@ int32_t CRYPT_EAL_ParseRsaPssAlgParam(BSL_ASN1_Buffer *param, CRYPT_RSA_PssPara return CRYPT_DECODE_ERR_RSSPSS_MD; } } + if (asns[CRYPT_RSAPSS_MGF1_IDX].tag != 0) { + int32_t mgfCid = (CRYPT_MD_AlgId)BSL_OBJ_GetCidFromOidBuff(asns[CRYPT_RSAPSS_MGF1_IDX].buff, + asns[CRYPT_RSAPSS_MGF1_IDX].len); + if (mgfCid != BSL_CID_MGF1) { + BSL_ERR_PUSH_ERROR(CRYPT_DECODE_ERR_RSSPSS); + return CRYPT_DECODE_ERR_RSSPSS; + } + } if (asns[CRYPT_RSAPSS_MGF1PARAM_IDX].tag != 0) { para->mgfId = (CRYPT_MD_AlgId)BSL_OBJ_GetCidFromOidBuff(asns[CRYPT_RSAPSS_MGF1PARAM_IDX].buff, asns[CRYPT_RSAPSS_MGF1PARAM_IDX].len); diff --git a/crypto/dsa/src/dsa_core.c b/crypto/dsa/src/dsa_core.c index a873604a..be97573c 100644 --- a/crypto/dsa/src/dsa_core.c +++ b/crypto/dsa/src/dsa_core.c @@ -1048,6 +1048,20 @@ EXIT: return ret; } +static int32_t VerifyCheckSign(const BN_BigNum *q, BN_BigNum *r, BN_BigNum *s) +{ + if ((BN_Cmp(r, q) >= 0) || (BN_Cmp(s, q) >= 0)) { + BSL_ERR_PUSH_ERROR(CRYPT_DSA_VERIFY_FAIL); + return CRYPT_DSA_VERIFY_FAIL; + } + if (BN_IsZero(r) || BN_IsZero(s)) { + BSL_ERR_PUSH_ERROR(CRYPT_DSA_VERIFY_FAIL); + return CRYPT_DSA_VERIFY_FAIL; + } + + return CRYPT_SUCCESS; +} + int32_t CRYPT_DSA_VerifyData(const CRYPT_DSA_Ctx *ctx, const uint8_t *data, uint32_t dataLen, const uint8_t *sign, uint32_t signLen) { @@ -1072,6 +1086,10 @@ int32_t CRYPT_DSA_VerifyData(const CRYPT_DSA_Ctx *ctx, const uint8_t *data, uint if (ret != CRYPT_SUCCESS) { goto EXIT; } + ret = VerifyCheckSign(ctx->para->q, r, s); + if (ret != CRYPT_SUCCESS) { + goto EXIT; + } ret = VerifyCore(ctx, d, r, s); EXIT: BN_Destroy(r); diff --git a/crypto/elgamal/src/elgamal_keyop.c b/crypto/elgamal/src/elgamal_keyop.c index ee49de7a..fc715606 100644 --- a/crypto/elgamal/src/elgamal_keyop.c +++ b/crypto/elgamal/src/elgamal_keyop.c @@ -70,33 +70,22 @@ int32_t CRYPT_ELGAMAL_SetPrvKey(CRYPT_ELGAMAL_Ctx *ctx, const CRYPT_ElGamalPrv * return CRYPT_ELGAMAL_ERR_INPUT_VALUE; } int32_t ret = CRYPT_SUCCESS; - CRYPT_ELGAMAL_Ctx *newCtx = CRYPT_ELGAMAL_NewCtx(); - if (newCtx == NULL) { + CRYPT_ELGAMAL_PrvKey *newPrvKey = ElGamal_NewPrvKey(0); + if (newPrvKey == NULL) { + BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL); return CRYPT_MEM_ALLOC_FAIL; } - - newCtx->prvKey = ElGamal_NewPrvKey(prv->pLen * 8); // Bit length is obtained by multiplying byte length by 8. - if (newCtx->prvKey == NULL) { - ret = CRYPT_MEM_ALLOC_FAIL; - BSL_ERR_PUSH_ERROR(ret); - goto ERR; - } - - ret = SetPrvPara(newCtx->prvKey, prv); + ret = SetPrvPara(newPrvKey, prv); if (ret != CRYPT_SUCCESS) { BSL_ERR_PUSH_ERROR(ret); goto ERR; } ELGAMAL_FREE_PRV_KEY(ctx->prvKey); - ctx->prvKey = newCtx->prvKey; - - BSL_SAL_ReferencesFree(&(newCtx->references)); - BSL_SAL_FREE(newCtx); - + ctx->prvKey = newPrvKey; return ret; ERR: - CRYPT_ELGAMAL_FreeCtx(newCtx); + ELGAMAL_FREE_PRV_KEY(newPrvKey); return ret; } @@ -116,7 +105,7 @@ int32_t CRYPT_ELGAMAL_SetPubKey(CRYPT_ELGAMAL_Ctx *ctx, const CRYPT_ElGamalPub * int32_t ret = CRYPT_SUCCESS; CRYPT_ELGAMAL_PubKey *newPub = NULL; /* Bit length is obtained by multiplying byte length by 8. */ - newPub = ElGamal_NewPubKey(pub->pLen * 8); + newPub = ElGamal_NewPubKey(0); if (newPub == NULL) { return CRYPT_MEM_ALLOC_FAIL; } diff --git a/crypto/mceliece/src/mceliece_params.c b/crypto/mceliece/src/mceliece_params.c index e1440df0..ba222fdf 100644 --- a/crypto/mceliece/src/mceliece_params.c +++ b/crypto/mceliece/src/mceliece_params.c @@ -267,7 +267,7 @@ McelieceParams *McelieceGetParamsById(int32_t algId) const int32_t base = CRYPT_KEM_TYPE_MCELIECE_6688128; const int32_t max = CRYPT_KEM_TYPE_MCELIECE_8192128_PCF; - if ((algId - base) > (max - base)) { + if (algId > max || algId < base) { return NULL; } diff --git a/crypto/paillier/src/paillier_encdec.c b/crypto/paillier/src/paillier_encdec.c index d75263ea..610d63bc 100644 --- a/crypto/paillier/src/paillier_encdec.c +++ b/crypto/paillier/src/paillier_encdec.c @@ -434,6 +434,7 @@ int32_t CRYPT_PAILLIER_Add(const void *ctx, const BSL_Param *input, uint8_t *out BN_Optimizer *optimizer = BN_OptimizerCreate(); if (optimizer == NULL) { BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL); + ret = CRYPT_MEM_ALLOC_FAIL; goto EXIT; } diff --git a/crypto/paillier/src/paillier_keyop.c b/crypto/paillier/src/paillier_keyop.c index 5a8db909..0ca3c6fa 100644 --- a/crypto/paillier/src/paillier_keyop.c +++ b/crypto/paillier/src/paillier_keyop.c @@ -130,31 +130,23 @@ int32_t CRYPT_PAILLIER_SetPrvKey(CRYPT_PAILLIER_Ctx *ctx, const CRYPT_PaillierPr if (ret != CRYPT_SUCCESS) { return ret; } - CRYPT_PAILLIER_Ctx *newCtx = CRYPT_PAILLIER_NewCtx(); - if (newCtx == NULL) { + CRYPT_PAILLIER_PrvKey *newPrvKey = Paillier_NewPrvKey(0); // Bit length is obtained by multiplying byte length by 8. + if (newPrvKey == NULL) { + BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL); return CRYPT_MEM_ALLOC_FAIL; } - newCtx->prvKey = Paillier_NewPrvKey(prv->lambdaLen * 8); // Bit length is obtained by multiplying byte length by 8. - if (newCtx->prvKey == NULL) { - ret = CRYPT_MEM_ALLOC_FAIL; - BSL_ERR_PUSH_ERROR(ret); - goto ERR; - } - ret = SetPrvPara(newCtx->prvKey, prv); + ret = SetPrvPara(newPrvKey, prv); if (ret != CRYPT_SUCCESS) { BSL_ERR_PUSH_ERROR(ret); goto ERR; } PAILLIER_FREE_PRV_KEY(ctx->prvKey); - ctx->prvKey = newCtx->prvKey; - - BSL_SAL_ReferencesFree(&(newCtx->references)); - BSL_SAL_FREE(newCtx); + ctx->prvKey = newPrvKey; return ret; ERR: - CRYPT_PAILLIER_FreeCtx(newCtx); + PAILLIER_FREE_PRV_KEY(newPrvKey); return ret; } diff --git a/crypto/provider/src/cmvp/iso_prov/crypt_iso_keymgmt.c b/crypto/provider/src/cmvp/iso_prov/crypt_iso_keymgmt.c index b587b61d..3ab6d4dc 100644 --- a/crypto/provider/src/cmvp/iso_prov/crypt_iso_keymgmt.c +++ b/crypto/provider/src/cmvp/iso_prov/crypt_iso_keymgmt.c @@ -62,7 +62,7 @@ static int32_t ParaCheckAndLog(const CRYPT_Iso_Pkey_Ctx *ctx, const CRYPT_EAL_PkeyPara *para) { - CRYPT_EAL_PkeyC2Data data = {para, NULL, NULL, CRYPT_MD_MAX, CRYPT_PKEY_PARAID_MAX, CRYPT_EVENT_MAX, + CRYPT_EAL_PkeyC2Data data = {para, NULL, NULL, CRYPT_MD_MAX, (int32_t)para->id, CRYPT_EVENT_MAX, NULL, NULL, NULL}; if (!CMVP_Iso19790PkeyC2(ctx->algId, &data)) { (void)CRYPT_Iso_Log(ctx->provCtx, CRYPT_EVENT_PARAM_CHECK, CRYPT_ALGO_PKEY, ctx->algId); @@ -144,6 +144,23 @@ static int32_t CheckDhPara(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *param return ParaCheckAndLog(ctx, ¶); } +static int32_t CheckEcdsaPara(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *params) +{ + CRYPT_EAL_PkeyPara para = {0}; + uint8_t *curveId = NULL; + uint32_t len = 0; + int32_t ret = GetParamValue(params, CRYPT_PARAM_EC_CURVE_ID, &curveId, &len); + if (ret != CRYPT_SUCCESS) { + return ret; + } + if (len != sizeof(int32_t)) { + BSL_ERR_PUSH_ERROR(CRYPT_INVALID_ARG); + return CRYPT_INVALID_ARG; + } + para.id = *(int32_t *)curveId; + return ParaCheckAndLog(ctx, ¶); +} + static int32_t CheckPkeyParam(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *params) { switch (ctx->algId) { @@ -153,6 +170,8 @@ static int32_t CheckPkeyParam(const CRYPT_Iso_Pkey_Ctx *ctx, const BSL_Param *pa return CheckDsaPara(ctx, params); case CRYPT_PKEY_RSA: return CheckRsaPara(ctx, params); + case CRYPT_PKEY_ECDSA: + return CheckEcdsaPara(ctx, params); default: return CRYPT_SUCCESS; } @@ -536,7 +555,11 @@ static int32_t CRYPT_ASMCAP_PkeyCheck(int32_t algId) BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT); \ return CRYPT_NULL_INPUT; \ } \ - int32_t ret = CRYPT_Iso_Log(ctx->provCtx, CRYPT_EVENT_SETSSP, CRYPT_ALGO_PKEY, ctx->algId); \ + int32_t ret = CheckPkeyParam(ctx, params); \ + if (ret != CRYPT_SUCCESS) { \ + return ret; \ + } \ + ret = CRYPT_Iso_Log(ctx->provCtx, CRYPT_EVENT_SETSSP, CRYPT_ALGO_PKEY, ctx->algId); \ if (ret != CRYPT_SUCCESS) { \ return ret; \ } \ diff --git a/include/tls/hitls_cert.h b/include/tls/hitls_cert.h index b55a1c0c..404f0b37 100644 --- a/include/tls/hitls_cert.h +++ b/include/tls/hitls_cert.h @@ -916,7 +916,6 @@ int32_t HITLS_SetCurrentCert(HITLS_Ctx *ctx, long option); /** * @ingroup hitls_cert * @brief Process the certificate callback. - * @attention This callback function is compatible with OpenSSL and has the same logic as OpenSSL. * * @param ctx [IN] TLS link object * @param arg [IN] Related parameters arg diff --git a/testcode/sdv/testcase/crypto/dsa/test_suite_sdv_eal_dsa.c b/testcode/sdv/testcase/crypto/dsa/test_suite_sdv_eal_dsa.c index 92cd1917..93b1b6b8 100644 --- a/testcode/sdv/testcase/crypto/dsa/test_suite_sdv_eal_dsa.c +++ b/testcode/sdv/testcase/crypto/dsa/test_suite_sdv_eal_dsa.c @@ -525,6 +525,9 @@ void SDV_CRYPTO_DSA_SIGN_VERIFY_DATA_FUNC_TC001( BN_BigNum *bnS = NULL; CRYPT_EAL_PkeyCtx *pkey = NULL; Hex mdOut = {0}; + BN_BigNum *q = NULL; + uint8_t *sigAddQ = NULL; + uint32_t sigAddQLen = 0; ASSERT_EQ(memcpy_s(g_kRandBuf, sizeof(g_kRandBuf), K->x, K->len), 0); g_kRandBufLen = K->len; @@ -571,6 +574,14 @@ void SDV_CRYPTO_DSA_SIGN_VERIFY_DATA_FUNC_TC001( /* Verify the signature of the hash data. */ ASSERT_EQ(CRYPT_EAL_PkeyVerifyData(pkey, mdOut.x, mdOut.len, hitlsSign, hitlsSignOutLen), CRYPT_SUCCESS); ASSERT_TRUE(TestIsErrStackEmpty()); + q = BN_Create(Q->len * 8); + ASSERT_NE(q, NULL); + ASSERT_EQ(BN_Bin2Bn(q, Q->x, Q->len), CRYPT_SUCCESS); + ASSERT_EQ(BN_Add(bnS, q, bnS), CRYPT_SUCCESS); // s' = s + q + sigAddQLen = signLen * 2; + sigAddQ = (uint8_t *)malloc(sigAddQLen); + ASSERT_EQ(CRYPT_EAL_EncodeSign(bnR, bnS, sigAddQ, &sigAddQLen), CRYPT_SUCCESS); + ASSERT_EQ(CRYPT_EAL_PkeyVerifyData(pkey, mdOut.x, mdOut.len, sigAddQ, sigAddQLen), CRYPT_DSA_VERIFY_FAIL); EXIT: CRYPT_RandRegist(NULL); CRYPT_RandRegistEx(NULL); @@ -583,6 +594,8 @@ EXIT: BN_Destroy(bnS); BSL_ERR_RemoveErrorStack(true); CRYPT_EAL_PkeyFreeCtx(pkey); + free(sigAddQ); + BN_Destroy(q); } /* END_CASE */ diff --git a/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.c b/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.c index b57d0be2..ba3bae4c 100644 --- a/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.c +++ b/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.c @@ -1679,13 +1679,10 @@ EXIT: @test SDV_PKCS8_ENCODE_DHKEY_DSAKEY_TC001 @title DH, DSA key encoding @step -1.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in pem format, - comparing if the encoding between openssl and openHiTLS is consistent -2.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in asn1 format, - comparing if the encoding between openssl and openHiTLS is consistent +1.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in pem format +2.openHiTLS calls CRYPT_EAL_EncodeBuffKey interface to encode the key in asn1 format @expect -1.Encoding succeeds, consistent with openssl -2.Encoding succeeds, consistent with openssl +Both success */ /* BEGIN_CASE */ void SDV_PKCS8_ENCODE_DHKEY_DSAKEY_TC001(char *path, int fileType, Hex *asn1) @@ -1728,8 +1725,7 @@ EXIT: 2.openHiTLS calls CRYPT_EAL_DecodeBuffKey interface to decode the key in asn1 format, comparing if the decrypted key is consistent with the original key @expect -1.Encoding succeeds, consistent with openssl -2.Encoding succeeds, consistent with openssl +Both success */ /* BEGIN_CASE */ void SDV_PKCS8_DECODE_DHKEY_DSAKEY_TC001(char *path, int fileType, Hex *asn1) @@ -2044,3 +2040,61 @@ EXIT: #endif } /* END_CASE */ + +/* +@test SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001 +@title Test CRYPT_EAL_ParseRsaPssAlgParam rejects non-MGF1 mask generation algorithm +@precon None +@step +1. Call CRYPT_EAL_ParseRsaPssAlgParam with valid RSA-PSS params (MGF1 OID), expect success +2. Call CRYPT_EAL_ParseRsaPssAlgParam with invalid RSA-PSS params (non-MGF1 OID), expect CRYPT_DECODE_ERR_RSSPSS +@expect +1. Valid params parse successfully with correct mdId, mgfId, and saltLen +2. Invalid params return CRYPT_DECODE_ERR_RSSPSS +*/ +/* BEGIN_CASE */ +void SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001(void) +{ +#if defined(HITLS_CRYPTO_RSA) && defined(HITLS_CRYPTO_KEY_DECODE) + /* RSA-PSS params: SHA-256 hash, MGF1(SHA-256), salt length 32 + * Content of the SEQUENCE (without outer SEQUENCE TLV): + * [0] { SEQUENCE { OID sha256 } } + * [1] { SEQUENCE { OID mgf1, SEQUENCE { OID sha256 } } } + * [2] { INTEGER 32 } + */ + uint8_t validPssParams[] = { + 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0xa1, 0x1a, 0x30, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, + 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0xa2, 0x03, 0x02, 0x01, 0x20 + }; + + /* Invalid: replace MGF1 OID (2a864886f70d010108) with RSASSA-PSS OID (2a864886f70d01010a) */ + uint8_t invalidPssParams[] = { + 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0xa1, 0x1a, 0x30, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0a, + 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0xa2, 0x03, 0x02, 0x01, 0x20 + }; + + BSL_ASN1_Buffer validParam = {BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SEQUENCE, + sizeof(validPssParams), validPssParams}; + BSL_ASN1_Buffer invalidParam = {BSL_ASN1_TAG_CONSTRUCTED | BSL_ASN1_TAG_SEQUENCE, + sizeof(invalidPssParams), invalidPssParams}; + CRYPT_RSA_PssPara para = {0}; + + ASSERT_EQ(CRYPT_EAL_ParseRsaPssAlgParam(&validParam, ¶), CRYPT_SUCCESS); + ASSERT_EQ(para.mdId, CRYPT_MD_SHA256); + ASSERT_EQ(para.mgfId, CRYPT_MD_SHA256); + ASSERT_EQ(para.saltLen, 32); + + memset(¶, 0, sizeof(para)); + ASSERT_EQ(CRYPT_EAL_ParseRsaPssAlgParam(&invalidParam, ¶), CRYPT_DECODE_ERR_RSSPSS); + +EXIT: + return; +#else + SKIP_TEST(); +#endif +} +/* END_CASE */ diff --git a/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.data b/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.data index ad5f849d..533ad392 100644 --- a/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.data +++ b/testcode/sdv/testcase/crypto/encode/test_suite_sdv_asn1_certkey.data @@ -798,3 +798,6 @@ SDV_PKCS8_ERROR_ENCDEC_TC002:"../testdata/cert/asn1/dh_key/err_dh_public.pem":CR SDV_PKCS8_ERROR_ENCDEC_TC003 SDV_PKCS8_ERROR_ENCDEC_TC003:"../testdata/cert/asn1/dsa_key/empty_dsa_private.pem":CRYPT_PRIKEY_PKCS8_UNENCRYPT:"" + +SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001 +SDV_CRYPT_DECODE_RSAPSS_MGF1_VALIDATE_TC001: diff --git a/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.c b/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.c index 56d17397..909c14cf 100644 --- a/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.c +++ b/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.c @@ -45,6 +45,7 @@ #include "crypt_eal_entropy.h" #include "crypt_util_rand.h" #include "crypt_params_key.h" +#include "crypt_eal_codecs.h" #include #include #include @@ -1418,3 +1419,32 @@ EXIT: #endif } /* END_CASE */ + +/* BEGIN_CASE */ +void SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001(char *path, char *format, char *type, int expectRet) +{ +#ifndef HITLS_CRYPTO_CMVP_ISO19790 + (void)path; + (void)format; + (void)type; + (void)expectRet; + SKIP_TEST(); +#else + Iso19790_ProviderLoadCtx ctx = {0}; + CRYPT_EAL_PkeyCtx *pkeyCtx = NULL; + + ASSERT_EQ(Iso19790_ProviderLoad(&ctx), CRYPT_SUCCESS); + // Register default provider to supply decoder implementations + ASSERT_EQ(CRYPT_EAL_ProviderRegister(ctx.libCtx, "default", CRYPT_EAL_DefaultProvInit, NULL, NULL), CRYPT_SUCCESS); + int32_t ret = CRYPT_EAL_ProviderDecodeFileKey(ctx.libCtx, "provider=iso", BSL_CID_UNKNOWN, + format, type, path, NULL, &pkeyCtx); + ASSERT_EQ(ret, expectRet); + if (expectRet == CRYPT_SUCCESS) { + ASSERT_TRUE(pkeyCtx != NULL); + } +EXIT: + CRYPT_EAL_PkeyFreeCtx(pkeyCtx); + Iso19790_ProviderUnload(&ctx); +#endif +} +/* END_CASE */ diff --git a/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.data b/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.data index f458b4d0..388b4c34 100644 --- a/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.data +++ b/testcode/sdv/testcase/crypto/provider/test_suite_sdv_eal_iso19790_provider.data @@ -293,3 +293,21 @@ SDV_ISO19790_PROVIDER_MD_USE_DEFAULT_LIBCTX_TEST_TC001:CRYPT_MD_SHAKE256 SDV_ISO19790_PROVIDER_MD_USE_DEFAULT_LIBCTX_TEST_TC001 CRYPT_MD_SM3 SDV_ISO19790_PROVIDER_MD_USE_DEFAULT_LIBCTX_TEST_TC001:CRYPT_MD_SM3 + +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 ECDSA P192 PKCS8 rejected +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/chain/nistp192_certs/ee_nistp192_key_pkcs8.#der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_DECODE_ERR_NO_USABLE_DECODER + +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 RSA 1024 SPKI pubkey rejected +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/spki/rsa1024_spki.der":"ASN1":"PUBKEY_SUBKEY":CRYPT_DECODE_ERR_NO_USABLE_DECODER + +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 ECDSA P192 pubkey rejected +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/chain/nistp192_certs/ee_nistp192_pubkey.der":"ASN1":"PUBKEY_SUBKEY":CRYPT_DECODE_ERR_NO_USABLE_DECODER + +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 RSA 2048 PKCS8 success +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/rsa2048key_pkcs8.der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_SUCCESS + +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 RSA 1024 PKCS8 rejected +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/pkcs8_unencrypted/rsa1024_p8_unencrypted.#der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_DECODE_ERR_NO_USABLE_DECODER + +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001 ECDSA P256 PKCS8 success +#SDV_ISO19790_PROVIDER_DECODE_KEY_PARAM_CHECK_TC001:"../testdata/cert/asn1/prime256v1_pkcs8.der":"ASN1":"PRIKEY_PKCS8_UNENCRYPT":CRYPT_SUCCESS \ No newline at end of file diff --git a/testcode/testdata/cert/chain/v3_exts/gen_certs.py b/testcode/testdata/cert/chain/v3_exts/gen_certs.py index 25a371e3..a79e3f36 100644 --- a/testcode/testdata/cert/chain/v3_exts/gen_certs.py +++ b/testcode/testdata/cert/chain/v3_exts/gen_certs.py @@ -21,11 +21,6 @@ Strategy: construct v1/v2 certificates with extensions by manually building DER: 3. Re-sign the patched TBS with the issuer's private key 4. Assemble the final Certificate SEQUENCE: [patched TBS, signatureAlgorithm, signatureValue] -This produces v1/v2 certificates with extensions AND valid signatures, so both OpenSSL -and openHiTLS can parse them. OpenSSL should reject them with -X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3; openHiTLS should reject them with -HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3. - Output files: a_v3_root.der - v3 root CA (trust anchor for TC1-TC4) a_v1_ext_leaf.der - TC1: v1 leaf with extensions, valid signature from root diff --git a/tls/record/src/rec_crypto_cbc.c b/tls/record/src/rec_crypto_cbc.c index 8f43b876..ea0a843a 100644 --- a/tls/record/src/rec_crypto_cbc.c +++ b/tls/record/src/rec_crypto_cbc.c @@ -338,7 +338,6 @@ static int32_t RecConnCbcDecryptByEncryptThenMac(TLS_Ctx *ctx, const RecConnStat * Encrypt-then-MAC mode: Verify MAC first, then decrypt. * The MAC is computed over the ciphertext (including explicit IV), * so timing does not leak plaintext information. - * Reference: OpenSSL tls_common.c:787-811 */ /* Step 1: Check MAC (over ciphertext) */