fix:fix bugs and clean sensitive data

Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1486

Signed-off-by: Dongjianwei001 <dongjianwei1@huawei.com>
This commit is contained in:
Tom
2026-05-20 17:01:31 +08:00
committed by Dongjianwei001
parent 278a755f38
commit ad5911f70c
13 changed files with 186 additions and 21 deletions
+7 -7
View File
@@ -299,6 +299,7 @@ static int32_t EncodeKeyParamAsn1BuffInner(CRYPT_EAL_PkeyCtx *pctx, int32_t opt,
static int32_t SetDsaDhKeyPair(CRYPT_EAL_PkeyCtx *pkey, CRYPT_PKEY_AlgId algId, bool isPriv,
uint8_t *buff, uint32_t buffLen)
{
int32_t ret;
int32_t pubKeyTag;
int32_t prvKeyTag;
if (algId == CRYPT_PKEY_DSA) {
@@ -312,20 +313,19 @@ static int32_t SetDsaDhKeyPair(CRYPT_EAL_PkeyCtx *pkey, CRYPT_PKEY_AlgId algId,
{pubKeyTag, BSL_PARAM_TYPE_OCTETS, buff, buffLen, 0},
BSL_PARAM_END
};
int32_t ret = CRYPT_EAL_PkeySetPubEx(pkey, rawKey);
if (ret != CRYPT_SUCCESS) {
BSL_ERR_PUSH_ERROR(ret);
return ret;
}
if (isPriv != 0) {
rawKey[0].key = prvKeyTag;
ret = CRYPT_EAL_PkeySetPrvEx(pkey, rawKey);
if (ret != CRYPT_SUCCESS) {
BSL_ERR_PUSH_ERROR(ret);
return ret;
}
return ret;
}
return CRYPT_SUCCESS;
ret = CRYPT_EAL_PkeySetPubEx(pkey, rawKey);
if (ret != CRYPT_SUCCESS) {
BSL_ERR_PUSH_ERROR(ret);
}
return ret;
}
#endif
+4
View File
@@ -1599,6 +1599,10 @@ int32_t CryptDsaFips1864GenParams(CRYPT_DSA_Ctx *ctx, void *val)
// Set flag == 1, enable generate private key SP800-56Ar3 5_6_1_1_4.
static int32_t CRYPT_SetFipsFlag(CRYPT_DSA_Ctx *ctx, void *val, uint32_t len)
{
if (val == NULL) {
BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
return CRYPT_NULL_INPUT;
}
if (len != sizeof(uint32_t)) {
BSL_ERR_PUSH_ERROR(CRYPT_DSA_PARA_ERROR);
return CRYPT_DSA_PARA_ERROR;
+1 -1
View File
@@ -754,7 +754,7 @@ int32_t PkeyProviderSetPub(CRYPT_EAL_PkeyCtx *pkey, const CRYPT_EAL_PkeyPub *key
BSL_Param paParam[5] = {
{CRYPT_PARAM_ELGAMAL_P, BSL_PARAM_TYPE_OCTETS, key->key.elgamalPub.p, key->key.elgamalPub.pLen, 0},
{CRYPT_PARAM_ELGAMAL_G, BSL_PARAM_TYPE_OCTETS, key->key.elgamalPub.g, key->key.elgamalPub.gLen, 0},
{CRYPT_PARAM_ELGAMAL_Y, BSL_PARAM_TYPE_OCTETS, key->key.elgamalPub.y, key->key.elgamalPub.pLen, 0},
{CRYPT_PARAM_ELGAMAL_Y, BSL_PARAM_TYPE_OCTETS, key->key.elgamalPub.y, key->key.elgamalPub.yLen, 0},
{CRYPT_PARAM_ELGAMAL_Q, BSL_PARAM_TYPE_OCTETS, key->key.elgamalPub.q, key->key.elgamalPub.qLen, 0},
BSL_PARAM_END};
return pkey->method.setPub(pkey->key, &paParam);
+1 -1
View File
@@ -142,7 +142,7 @@ static int32_t BerlekampMassey(const GFElement *syndrome, GFPolynomial *sigma, c
BmInitState(polyC, polyB, &lenLFSR, &b);
for (int32_t lenN = 0; lenN < 2 * params->t; lenN++) {
GFElement d = BmComputeDiscrepancy(syndrome, polyC, lenN, params->t);
uint16_t dMask = ((d - 1) >> 15 ) - 1;
uint16_t dMask = ((uint16_t)(d - 1) >> 15 ) - 1;
uint16_t nMask = ((uint16_t)(lenN - (lenLFSR << 1)) >> 15) - 1;
nMask &= dMask;
for (int32_t i = 0; i <= params->t; i++) {
+2 -2
View File
@@ -347,7 +347,7 @@ int32_t SeededKeyGenInternal(const uint8_t *delta, CMPublicKey *pk, CMPrivateKey
int32_t ret = McEliecePrg(sk->delta, rndE, prgOutputByteLen);
if (ret != CRYPT_SUCCESS) {
BSL_ERR_PUSH_ERROR(ret);
BSL_SAL_FREE(rndE);
BSL_SAL_ClearFree(rndE, prgOutputByteLen);
return ret;
}
(void)memcpy_s(deltaPrime, deltaPrimeByteLen, rndE + prgOutputByteLen - deltaPrimeByteLen, deltaPrimeByteLen);
@@ -363,7 +363,7 @@ int32_t SeededKeyGenInternal(const uint8_t *delta, CMPublicKey *pk, CMPrivateKey
}
(void)memcpy_s(sk->delta, MCELIECE_L_BYTES, deltaPrime, MCELIECE_L_BYTES);
}
BSL_SAL_FREE(rndE);
BSL_SAL_ClearFree(rndE, prgOutputByteLen);
return CRYPT_MCELIECE_KEYGEN_FAIL;
}
#endif
+1 -1
View File
@@ -391,7 +391,7 @@ int32_t CRYPT_ML_KEM_SetDecapsKey(CRYPT_ML_KEM_Ctx *ctx, const CRYPT_KemDecapsKe
uint8_t *ekData = BSL_SAL_Dump(dk->data + MLKEM_CIPHER_LEN * ctx->info->k, ctx->info->encapsKeyLen);
if (dkData == NULL || ekData == NULL) {
MLKEM_KeyReset(ctx);
BSL_SAL_FREE(dkData);
BSL_SAL_ClearFree(dkData, dk->len);
BSL_SAL_FREE(ekData);
BSL_ERR_PUSH_ERROR(CRYPT_MEM_ALLOC_FAIL);
return CRYPT_MEM_ALLOC_FAIL;
+4 -1
View File
@@ -790,7 +790,10 @@ static int32_t RsaGetSignVerifyData(CRYPT_RSA_Ctx *ctx, const uint8_t *hash, uin
uint32_t emLen = BN_BITS_TO_BYTES(bits);
uint32_t hLen = (uint32_t)ctx->pad.para.iso9796_2.mdMeth.mdSize;
if (hLen != hashLen) {
BSL_ERR_PUSH_ERROR(CRYPT_RSA_ERR_INPUT_VALUE);
return CRYPT_RSA_ERR_INPUT_VALUE;
}
// Verify whether the signature algorithm and hash algorithm match reasonably.
if (emLen < hLen + 2) {
BSL_ERR_PUSH_ERROR(CRYPT_RSA_ERR_INPUT_VALUE);
+4
View File
@@ -1307,6 +1307,10 @@ static bool IsExistRsaParam(const BSL_Param *params)
int32_t CRYPT_RSA_Import(CRYPT_RSA_Ctx *ctx, const BSL_Param *params)
{
int32_t ret = CRYPT_SUCCESS;
if (ctx == NULL || params == NULL) {
BSL_ERR_PUSH_ERROR(CRYPT_NULL_INPUT);
return CRYPT_NULL_INPUT;
}
if (IsExistRsaParam(params)) {
ret = CRYPT_RSA_SetParaEx(ctx, params);
if (ret != CRYPT_SUCCESS) {
+20
View File
@@ -1751,6 +1751,21 @@ static int32_t InitMdCtxForAlgs(CMS_SignedData *signedData, const BSL_Param *par
return HITLS_PKI_SUCCESS;
}
static int32_t CheckSignAlgMatchesPubKey(const HITLS_X509_Asn1AlgId *alg, const CRYPT_EAL_PkeyCtx *pubKey)
{
CRYPT_PKEY_AlgId keyAlg = CRYPT_EAL_PkeyGetId(pubKey);
// Currently, we only check this consistency for mldsa
if (keyAlg == CRYPT_PKEY_ML_DSA) {
if (alg->algId == BSL_CID_ML_DSA_44 || alg->algId == BSL_CID_ML_DSA_65
|| alg->algId == BSL_CID_ML_DSA_87) {
return HITLS_PKI_SUCCESS;
}
BSL_ERR_PUSH_ERROR(HITLS_CMS_ERR_INVALID_ALGO);
return HITLS_CMS_ERR_INVALID_ALGO;
}
return HITLS_PKI_SUCCESS;
}
static int32_t CheckSignature(HITLS_X509_Asn1AlgId *alg, CRYPT_EAL_PkeyCtx *pubKey, int32_t hashId, uint8_t *msg,
uint32_t msgLen, uint8_t *signature, uint32_t signatureLen, bool verifyByHash)
{
@@ -1760,6 +1775,11 @@ static int32_t CheckSignature(HITLS_X509_Asn1AlgId *alg, CRYPT_EAL_PkeyCtx *pubK
BSL_ERR_PUSH_ERROR(HITLS_X509_ERR_VFY_DUP_PUBKEY);
return HITLS_X509_ERR_VFY_DUP_PUBKEY;
}
ret = CheckSignAlgMatchesPubKey(alg, verifyPubKey);
if (ret != HITLS_PKI_SUCCESS) {
CRYPT_EAL_PkeyFreeCtx(verifyPubKey);
return ret;
}
ret = HITLS_X509_CtrlAlgInfo(verifyPubKey, hashId, alg);
if (ret != HITLS_PKI_SUCCESS) {
CRYPT_EAL_PkeyFreeCtx(verifyPubKey);
@@ -1565,6 +1565,58 @@ EXIT:
}
/* END_CASE */
#if defined(HITLS_CRYPTO_PROVIDER) && (defined(HITLS_CRYPTO_DSA) || defined(HITLS_CRYPTO_DH))
static int32_t CompareDsaDhPrvKey(CRYPT_EAL_PkeyCtx *pkey1, CRYPT_EAL_PkeyCtx *pkey2, uint32_t keyLen)
{
uint8_t *prv1 = NULL;
uint8_t *prv2 = NULL;
CRYPT_EAL_PkeyPrv prvKey1 = {0};
CRYPT_EAL_PkeyPrv prvKey2 = {0};
int32_t pkeyId;
int32_t ret = CRYPT_INVALID_KEY;
prv1 = BSL_SAL_Malloc(keyLen);
prv2 = BSL_SAL_Malloc(keyLen);
ASSERT_TRUE(prv1 != NULL);
ASSERT_TRUE(prv2 != NULL);
ASSERT_EQ(CRYPT_EAL_PkeyGetId(pkey1), CRYPT_EAL_PkeyGetId(pkey2));
pkeyId = CRYPT_EAL_PkeyGetId(pkey1);
if (pkeyId == CRYPT_PKEY_DSA) {
prvKey1.id = CRYPT_PKEY_DSA;
prvKey1.key.dsaPrv.data = prv1;
prvKey1.key.dsaPrv.len = keyLen;
prvKey2.id = CRYPT_PKEY_DSA;
prvKey2.key.dsaPrv.data = prv2;
prvKey2.key.dsaPrv.len = keyLen;
ASSERT_EQ(CRYPT_EAL_PkeyGetPrv(pkey1, &prvKey1), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_PkeyGetPrv(pkey2, &prvKey2), CRYPT_SUCCESS);
ASSERT_EQ(prvKey1.key.dsaPrv.len, prvKey2.key.dsaPrv.len);
ASSERT_COMPARE("dsa private key compare.", prvKey1.key.dsaPrv.data, prvKey1.key.dsaPrv.len,
prvKey2.key.dsaPrv.data, prvKey2.key.dsaPrv.len);
} else if (pkeyId == CRYPT_PKEY_DH) {
prvKey1.id = CRYPT_PKEY_DH;
prvKey1.key.dhPrv.data = prv1;
prvKey1.key.dhPrv.len = keyLen;
prvKey2.id = CRYPT_PKEY_DH;
prvKey2.key.dhPrv.data = prv2;
prvKey2.key.dhPrv.len = keyLen;
ASSERT_EQ(CRYPT_EAL_PkeyGetPrv(pkey1, &prvKey1), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_PkeyGetPrv(pkey2, &prvKey2), CRYPT_SUCCESS);
ASSERT_EQ(prvKey1.key.dhPrv.len, prvKey2.key.dhPrv.len);
ASSERT_COMPARE("dh private key compare.", prvKey1.key.dhPrv.data, prvKey1.key.dhPrv.len,
prvKey2.key.dhPrv.data, prvKey2.key.dhPrv.len);
} else {
ASSERT_TRUE(false);
}
ret = CRYPT_SUCCESS;
EXIT:
BSL_SAL_FREE(prv1);
BSL_SAL_FREE(prv2);
return ret;
}
#endif
/* BEGIN_CASE */
void SDV_BSL_ASN1_DECODE_DSAKEY_BUFF_CMP(char *path, int fileType, Hex *asn1)
{
@@ -1577,7 +1629,11 @@ void SDV_BSL_ASN1_DECODE_DSAKEY_BUFF_CMP(char *path, int fileType, Hex *asn1)
BSL_Buffer encodeAsn1 = {asn1->x, asn1->len};
ASSERT_EQ(CRYPT_EAL_DecodeFileKey(BSL_FORMAT_UNKNOWN, fileType, path, NULL, 0, &pkeyCtx), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_DecodeBuffKey(BSL_FORMAT_ASN1, fileType, &encodeAsn1, NULL, 0, &pkeyAsn1Ctx), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyCtx, pkeyAsn1Ctx), CRYPT_SUCCESS);
if (fileType != CRYPT_PRIKEY_PKCS8_UNENCRYPT) {
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyCtx, pkeyAsn1Ctx), CRYPT_SUCCESS);
} else {
ASSERT_EQ(CompareDsaDhPrvKey(pkeyCtx, pkeyAsn1Ctx, asn1->len), CRYPT_SUCCESS);
}
EXIT:
CRYPT_EAL_PkeyFreeCtx(pkeyCtx);
CRYPT_EAL_PkeyFreeCtx(pkeyAsn1Ctx);
@@ -1602,7 +1658,11 @@ void SDV_BSL_ASN1_DECODE_DHKEY_BUFF_CMP(char *path, int fileType, Hex *asn1)
BSL_Buffer encodeAsn1 = {asn1->x, asn1->len};
ASSERT_EQ(CRYPT_EAL_DecodeFileKey(BSL_FORMAT_UNKNOWN, fileType, path, NULL, 0, &pkeyCtx), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_DecodeBuffKey(BSL_FORMAT_ASN1, fileType, &encodeAsn1, NULL, 0, &pkeyAsn1Ctx), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyCtx, pkeyAsn1Ctx), CRYPT_SUCCESS);
if (fileType != CRYPT_PRIKEY_PKCS8_UNENCRYPT) {
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyCtx, pkeyAsn1Ctx), CRYPT_SUCCESS);
} else {
ASSERT_EQ(CompareDsaDhPrvKey(pkeyCtx, pkeyAsn1Ctx, asn1->len), CRYPT_SUCCESS);
}
EXIT:
CRYPT_EAL_PkeyFreeCtx(pkeyCtx);
CRYPT_EAL_PkeyFreeCtx(pkeyAsn1Ctx);
@@ -1742,8 +1802,12 @@ void SDV_PKCS8_DECODE_DHKEY_DSAKEY_TC001(char *path, int fileType, Hex *asn1)
memcpy_s(decodeAsn1.data, asn1->len, asn1->x, asn1->len);
ASSERT_EQ(CRYPT_EAL_DecodeFileKey(BSL_FORMAT_UNKNOWN, fileType, path, NULL, 0, &pkeyBypem), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_DecodeBuffKey(BSL_FORMAT_ASN1, fileType, &decodeAsn1, NULL, 0, &pkeyByAsn1), CRYPT_SUCCESS);
if (fileType != CRYPT_PRIKEY_PKCS8_UNENCRYPT) {
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyBypem, pkeyByAsn1), 0);
} else {
ASSERT_EQ(CompareDsaDhPrvKey(pkeyBypem, pkeyByAsn1, asn1->len), CRYPT_SUCCESS);
}
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyBypem, pkeyByAsn1), 0);
EXIT:
BSL_SAL_FREE(decodeAsn1.data);
CRYPT_EAL_PkeyFreeCtx(pkeyBypem);
@@ -1796,7 +1860,11 @@ void SDV_PKCS8_ENCDEC_DHKEY_DSAKEY_TC001(char *path, int fileType, Hex *asn1)
ASSERT_EQ(CRYPT_EAL_DecodeFileKey(BSL_FORMAT_UNKNOWN, fileType, path, NULL, 0, &pkeyBypem), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_DecodeBuffKey(BSL_FORMAT_ASN1, fileType, &decodeAsn1, NULL, 0, &pkeyByAsn1), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyBypem, pkeyByAsn1), 0);
if (fileType != CRYPT_PRIKEY_PKCS8_UNENCRYPT) {
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyBypem, pkeyByAsn1), 0);
} else {
ASSERT_EQ(CompareDsaDhPrvKey(pkeyBypem, pkeyByAsn1, asn1->len), CRYPT_SUCCESS);
}
ASSERT_EQ(CRYPT_EAL_EncodeBuffKey(pkeyBypem, NULL, BSL_FORMAT_ASN1, fileType, &encodeAsn1), CRYPT_SUCCESS);
ASSERT_COMPARE("asn1 compare.", encodeAsn1.data, encodeAsn1.dataLen, asn1->x, asn1->len);
@@ -1815,9 +1883,15 @@ void SDV_PKCS8_ENCDEC_DHKEY_DSAKEY_TC001(char *path, int fileType, Hex *asn1)
ASSERT_EQ(
CRYPT_EAL_DecodeBuffKey(BSL_FORMAT_ASN1, fileType, &decodeAsn1_2, NULL, 0, &decpkeyByAsn1), CRYPT_SUCCESS);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(decpkeyBypem, decpkeyByAsn1), 0);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(decpkeyBypem, pkeyBypem), 0);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyByAsn1, decpkeyByAsn1), 0);
if (fileType != CRYPT_PRIKEY_PKCS8_UNENCRYPT) {
ASSERT_EQ(CRYPT_EAL_PkeyCmp(decpkeyBypem, decpkeyByAsn1), 0);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(decpkeyBypem, pkeyBypem), 0);
ASSERT_EQ(CRYPT_EAL_PkeyCmp(pkeyByAsn1, decpkeyByAsn1), 0);
} else {
ASSERT_EQ(CompareDsaDhPrvKey(decpkeyBypem, decpkeyByAsn1, encodeAsn1.dataLen), CRYPT_SUCCESS);
ASSERT_EQ(CompareDsaDhPrvKey(decpkeyBypem, pkeyBypem, encodeAsn1.dataLen), CRYPT_SUCCESS);
ASSERT_EQ(CompareDsaDhPrvKey(pkeyByAsn1, decpkeyByAsn1, encodeAsn1.dataLen), CRYPT_SUCCESS);
}
EXIT:
CRYPT_EAL_PkeyFreeCtx(pkeyBypem);
CRYPT_EAL_PkeyFreeCtx(pkeyByAsn1);
@@ -544,7 +544,7 @@ void SDV_CRYPTO_MLDSA_FUNC_PROVIDER_TC001(int type, Hex *testPubKey, Hex *testPr
ret = CRYPT_EAL_PkeySign(ctx3, CRYPT_MD_SHA256, msg->x, msg->len, out, &outLen);
ASSERT_EQ(ret, CRYPT_SUCCESS);
ret = CRYPT_EAL_PkeyVerify(ctx3, CRYPT_MD_SHA256, msg->x, msg->len, out, outLen);
ret = CRYPT_EAL_PkeyVerify(ctx, CRYPT_MD_SHA256, msg->x, msg->len, out, outLen);
ASSERT_EQ(ret, CRYPT_SUCCESS);
ASSERT_TRUE(TestIsErrStackEmpty());
EXIT:
@@ -2797,6 +2797,63 @@ EXIT:
}
/* END_CASE */
/**
* @test SDV_CMS_MLDSA_SIGNALG_MISMATCH_VERIFY_TC001
* @title Test ML-DSA CMS verification with mismatched signatureAlgorithm
* @precon nan
* @brief
* 1. Parse a valid ML-DSA CMS file
* 2. Tamper SignerInfo.signatureAlgorithm to a non-PQC OID
* 3. Call HITLS_CMS_DataVerify
* @expect
* 1. Parsing should succeed
* 2. Verification should fail with HITLS_CMS_ERR_INVALID_ALGO
*/
/* BEGIN_CASE */
void SDV_CMS_MLDSA_SIGNALG_MISMATCH_VERIFY_TC001(char *p7path, char *msgpath, char *caPath)
{
#if !defined(HITLS_PKI_CMS_SIGNEDDATA)
(void)p7path;
(void)msgpath;
(void)caPath;
SKIP_TEST();
#else
HITLS_CMS *cms = NULL;
BSL_Buffer msgBuff = {NULL, 0};
HITLS_X509_Cert *caCert = NULL;
HITLS_X509_List *caCertList = NULL;
ASSERT_EQ(HITLS_CMS_ProviderParseFile(NULL, NULL, NULL, p7path, &cms), HITLS_PKI_SUCCESS);
ASSERT_EQ(BSL_SAL_ReadFile(msgpath, &msgBuff.data, &msgBuff.dataLen), BSL_SUCCESS);
ASSERT_EQ(HITLS_X509_CertParseFile(BSL_FORMAT_PEM, caPath, &caCert), HITLS_PKI_SUCCESS);
ASSERT_NE(caCert, NULL);
caCertList = BSL_LIST_New(sizeof(HITLS_X509_Cert *));
ASSERT_NE(caCertList, NULL);
ASSERT_EQ(BSL_LIST_AddElement(caCertList, caCert, BSL_LIST_POS_END), BSL_SUCCESS);
BSL_Param params[2] = {
{HITLS_CMS_PARAM_CA_CERT_LISTS, BSL_PARAM_TYPE_CTX_PTR, caCertList, 0, 0},
BSL_PARAM_END
};
CMS_SignedData *signedData = cms->ctx.signedData;
ASSERT_NE(signedData, NULL);
CMS_SignerInfo *si = (CMS_SignerInfo *)BSL_LIST_GET_FIRST(signedData->signerInfos);
ASSERT_NE(si, NULL);
// tamper the algId of signerInfo
si->sigAlg.algId = BSL_CID_ECDSAWITHSHA256;
ASSERT_EQ(HITLS_CMS_DataVerify(cms, &msgBuff, params, NULL), HITLS_CMS_ERR_INVALID_ALGO);
EXIT:
BSL_LIST_FREE(caCertList, (BSL_LIST_PFUNC_FREE)HITLS_X509_CertFree);
BSL_SAL_FREE(msgBuff.data);
HITLS_CMS_Free(cms);
return;
#endif
}
/* END_CASE */
/**
* @test SDV_CMS_GEN_SIGNEDDATA_INVALID_HASH_TC001
* @title Generate detached CMS SignedData with multiple signers
@@ -295,6 +295,9 @@ SDV_CMS_MLDSA_INVALID_HASH_VERIFY_TC001:"../testdata/cert/asn1/cms/signeddata/ml
SDV_CMS_MLDSA_INVALID_HASH_VERIFY_TC001 Test MLDSA87 with SHA-256 (invalid - should use SHA-512)
SDV_CMS_MLDSA_INVALID_HASH_VERIFY_TC001:"../testdata/cert/asn1/cms/signeddata/mldsa/invalid_hash/mldsa87/mldsa87_sha256_attached.cms":"../testdata/cert/asn1/cms/signeddata/msg.txt":"../testdata/cert/asn1/cms/signeddata/mldsa/invalid_hash/mldsa87/ca_cert.pem"
SDV_CMS_MLDSA_SIGNALG_MISMATCH_VERIFY_TC001 Test MLDSA65 with non-PQC signatureAlgorithm
SDV_CMS_MLDSA_SIGNALG_MISMATCH_VERIFY_TC001:"../testdata/cert/asn1/cms/signeddata/mldsa/mldsa65/mldsa65_attached.cms":"../testdata/cert/asn1/cms/signeddata/msg.txt":"../testdata/cert/asn1/cms/signeddata/mldsa/mldsa65/ca_cert.pem"
SDV_CMS_GEN_SIGNEDDATA_INVALID_HASH_TC001 mldsa44 - sha1 has signedAttrs
SDV_CMS_GEN_SIGNEDDATA_INVALID_HASH_TC001:"../testdata/cert/asn1/cms/signeddata/mldsa/mldsa44/ca_cert.pem":"../testdata/cert/asn1/cms/signeddata/mldsa/mldsa44/entity_cert.pem":"../testdata/cert/asn1/cms/signeddata/mldsa/mldsa44/entity_key.pem":"../testdata/cert/asn1/cms/signeddata/msg.txt":1:1:BSL_CID_SHA1:HITLS_CMS_ERR_MLDSA_INVALID_DIGEST