diff --git a/CMakeLists.txt b/CMakeLists.txt index f4457e3a..03f07782 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -818,7 +818,7 @@ endif() # set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") -set(CPACK_PACKAGE_VERSION "3.2.0-dev.1071") +set(CPACK_PACKAGE_VERSION "3.2.0-dev.1072") set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_NSIS_MODIFY_PATH ON) include(CPack) diff --git a/include/gmssl/version.h b/include/gmssl/version.h index b72df3b4..24ce0517 100644 --- a/include/gmssl/version.h +++ b/include/gmssl/version.h @@ -18,7 +18,7 @@ extern "C" { #define GMSSL_VERSION_NUM 30200 -#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1071" +#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1072" int gmssl_version_num(void); const char *gmssl_version_str(void); diff --git a/src/sm9_enc.c b/src/sm9_enc.c index 2ccf1346..b2d8b858 100644 --- a/src/sm9_enc.c +++ b/src/sm9_enc.c @@ -78,6 +78,10 @@ int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const SM3_KDF_CTX kdf_ctx; // B1: check C in G1 + if (sm9_z256_point_is_on_curve(C) != 1) { + error_print(); + return -1; + } sm9_z256_point_to_uncompressed_octets(C, cbuf); // B2: w = e(C, de); @@ -111,6 +115,15 @@ int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, SM3_HMAC_CTX hmac_ctx; uint8_t K[SM9_MAX_PLAINTEXT_SIZE + 32]; + if (!mpk || !id || !idlen || !C1 || !c2 || !c3) { + error_print(); + return -1; + } + if (inlen > SM9_MAX_PLAINTEXT_SIZE) { + error_print(); + return -1; + } + if (sm9_kem_encrypt(mpk, id, idlen, sizeof(K), K, C1) != 1) { error_print(); return -1; @@ -245,6 +258,11 @@ int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, uint8_t c2[SM9_MAX_PLAINTEXT_SIZE]; uint8_t c3[SM3_HMAC_SIZE]; + // FIXME: 检查应该放在哪一层?还是全检查? + if (!mpk || !id || !idlen || !out || !outlen) { + error_print(); + return -1; + } if (inlen > SM9_MAX_PLAINTEXT_SIZE) { error_print(); return -1; @@ -270,6 +288,11 @@ int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, size_t c2len; const uint8_t *c3; + if (!key || !id || !idlen || !in || !inlen || !out || !outlen) { + error_print(); + return -1; + } + if (sm9_ciphertext_from_der(&C1, &c2, &c2len, &c3, &in, &inlen) != 1 || asn1_length_is_zero(inlen) != 1) { error_print(); diff --git a/src/sm9_exch.c b/src/sm9_exch.c index 13ac8233..ab51192e 100644 --- a/src/sm9_exch.c +++ b/src/sm9_exch.c @@ -32,8 +32,6 @@ int sm9_exch_step_1A(const SM9_EXCH_MASTER_KEY *mpk, const char *idB, size_t idB error_print(); return -1; } - // Only for testing - sm9_z256_from_hex(rA, "00005879DD1D51E175946F23B1B41E93BA31C584AE59A426EC1046A4D03B06C8"); // A3: RA = rA * Q sm9_z256_point_mul(RA, rA, RA); @@ -58,13 +56,12 @@ int sm9_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idA do { // B2: rand rB in [1, N-1] - // FIXME: check rb != 0 - if (sm9_z256_rand_range(rB, sm9_z256_order()) != 1) { - error_print(); - return -1; - } - // Only for testing - sm9_z256_from_hex(rB, "00018B98C44BEF9F8537FB7D071B2C928B3BC65BD3D69E1EEE213564905634FE"); + do { + if (sm9_z256_rand_range(rB, sm9_z256_order()) != 1) { + error_print(); + return -1; + } + } while (sm9_z256_is_zero(rB)); // B3: RB = rB * Q sm9_z256_point_mul(RB, rB, RB); diff --git a/src/sm9_sign.c b/src/sm9_sign.c index ef182348..09775068 100644 --- a/src/sm9_sign.c +++ b/src/sm9_sign.c @@ -78,6 +78,10 @@ int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen int sm9_sign_init(SM9_SIGN_CTX *ctx) { const uint8_t prefix[1] = { SM9_HASH2_PREFIX }; + if (!ctx) { + error_print(); + return -1; + } sm3_init(&ctx->sm3_ctx); sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix)); return 1; @@ -85,6 +89,13 @@ int sm9_sign_init(SM9_SIGN_CTX *ctx) int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) { + if (!ctx || (!data && datalen)) { + error_print(); + return -1; + } + if (!data || !datalen) { + return 1; + } sm3_update(&ctx->sm3_ctx, data, datalen); return 1; } @@ -93,6 +104,11 @@ int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, si { SM9_SIGNATURE signature; + if (!ctx || !key || !sig || !siglen) { + error_print(); + return -1; + } + if (sm9_do_sign(key, &ctx->sm3_ctx, &signature) != 1) { error_print(); return -1; @@ -125,9 +141,6 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE * error_print(); return -1; } - - // Only for testing - //sm9_z256_from_hex(r, "00033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE"); // A3: w = g^r sm9_z256_fp12_pow(g, g, r); @@ -162,6 +175,10 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE * int sm9_verify_init(SM9_SIGN_CTX *ctx) { const uint8_t prefix[1] = { SM9_HASH2_PREFIX }; + if (!ctx) { + error_print(); + return -1; + } sm3_init(&ctx->sm3_ctx); sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix)); return 1; @@ -169,6 +186,13 @@ int sm9_verify_init(SM9_SIGN_CTX *ctx) int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) { + if (!ctx || (!data && datalen)) { + error_print(); + return -1; + } + if (!data || !datalen) { + return 1; + } sm3_update(&ctx->sm3_ctx, data, datalen); return 1; } @@ -179,6 +203,11 @@ int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen, int ret; SM9_SIGNATURE signature; + if (!ctx || !sig | !siglen || !mpk || !id || !idlen) { + error_print(); + return -1; + } + if (sm9_signature_from_der(&signature, &sig, &siglen) != 1 || asn1_length_is_zero(siglen) != 1) { error_print(); @@ -210,8 +239,16 @@ int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, uint8_t Ha[64]; // B1: check h in [1, N-1] + if (sm9_z256_is_zero(sig->h) || sm9_z256_cmp(sig->h, sm9_z256_order()) >= 0) { + error_print(); + return -1; + } // B2: check S in G1 + if (sm9_z256_point_is_on_curve(&sig->S) != 1) { + error_print(); + return -1; + } // B3: g = e(P1, Ppubs) sm9_z256_pairing(g, &mpk->Ppubs, sm9_z256_generator()); diff --git a/src/x509_key.c b/src/x509_key.c index a0bdfd2a..2253104f 100644 --- a/src/x509_key.c +++ b/src/x509_key.c @@ -25,6 +25,14 @@ #include +/* +TODO: + x509_sign_init/update/finish + x509_verify_init/update/finish + 当使用ECDSA算法时,需要可选多个哈希函数 + 特别是很多CA证书,如icloud.com的证书链,其中CA证书使用的是ecdsa_secp256r1_sha384 + 因此需要x509_sign/verify_init接口中增加一个表示算法的参数 +*/ int x509_key_set_sm2_key(X509_KEY *x509_key, const SM2_KEY *sm2_key) {