1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 /* BEGIN_HEADER */
17 #include <stdio.h>
18 #include <stdbool.h>
19 #include "securec.h"
20 #include "bsl_sal.h"
21 #include "bsl_list.h"
22 #include "bsl_obj.h"
23 #include "bsl_types.h"
24 #include "crypt_errno.h"
25 #include "crypt_types.h"
26 #include "crypt_params_key.h"
27 #include "crypt_eal_pkey.h"
28 #include "crypt_eal_codecs.h"
29 #include "crypt_eal_rand.h"
30 #include "crypt_util_rand.h"
31 #include "hitls_pki_cert.h"
32 #include "hitls_pki_crl.h"
33 #include "hitls_pki_csr.h"
34 #include "hitls_pki_errno.h"
35 #include "hitls_pki_types.h"
36 #include "hitls_pki_utils.h"
37 #include "hitls_x509_verify.h"
38 /* END_HEADER */
39
UnusedParam1(int param1,int param2,int param3)40 static inline void UnusedParam1(int param1, int param2, int param3)
41 {
42 (void)param1;
43 (void)param2;
44 (void)param3;
45 }
46
47
UnusedParam2(int param1,int param2,void * param3)48 static inline void UnusedParam2(int param1, int param2, void *param3)
49 {
50 (void)param1;
51 (void)param2;
52 (void)param3;
53 }
54
PkiSkipTest(int32_t algId,int32_t format)55 static bool PkiSkipTest(int32_t algId, int32_t format)
56 {
57 #ifndef HITLS_BSL_PEM
58 if (format == BSL_FORMAT_PEM) {
59 return true;
60 }
61 #else
62 (void)format;
63 #endif
64 switch (algId) {
65 #ifdef HITLS_CRYPTO_RSA
66 case CRYPT_PKEY_RSA:
67 case BSL_CID_RSASSAPSS:
68 return false;
69 #endif
70 #ifdef HITLS_CRYPTO_ECDSA
71 case CRYPT_PKEY_ECDSA:
72 return false;
73 #endif
74 #ifdef HITLS_CRYPTO_SM2
75 case CRYPT_PKEY_SM2:
76 return false;
77 #endif
78 #ifdef HITLS_CRYPTO_ED25519
79 case CRYPT_PKEY_ED25519:
80 return false;
81 #endif
82 default:
83 return true;
84 }
85 }
86
87 #ifdef HITLS_CRYPTO_KEY_ENCODE
88
89 #ifdef HITLS_CRYPTO_RSA
SetRsaPara(CRYPT_EAL_PkeyCtx * pkey)90 static int32_t SetRsaPara(CRYPT_EAL_PkeyCtx *pkey)
91 {
92 uint8_t e[] = {1, 0, 1}; // RSA public exponent
93 CRYPT_EAL_PkeyPara para = {0};
94 para.id = CRYPT_PKEY_RSA;
95 para.para.rsaPara.e = e;
96 para.para.rsaPara.eLen = 3; // public exponent length = 3
97 para.para.rsaPara.bits = 2048;
98 return CRYPT_EAL_PkeySetPara(pkey, ¶);
99 }
100
SetRsaPssPara(CRYPT_EAL_PkeyCtx * pkey)101 static int32_t SetRsaPssPara(CRYPT_EAL_PkeyCtx *pkey)
102 {
103 int32_t mdId = CRYPT_MD_SHA256;
104 int32_t saltLen = 20; // 20 bytes salt
105 BSL_Param pssParam[4] = {
106 {CRYPT_PARAM_RSA_MD_ID, BSL_PARAM_TYPE_INT32, &mdId, sizeof(mdId), 0},
107 {CRYPT_PARAM_RSA_MGF1_ID, BSL_PARAM_TYPE_INT32, &mdId, sizeof(mdId), 0},
108 {CRYPT_PARAM_RSA_SALTLEN, BSL_PARAM_TYPE_INT32, &saltLen, sizeof(saltLen), 0},
109 BSL_PARAM_END};
110 return CRYPT_EAL_PkeyCtrl(pkey, CRYPT_CTRL_SET_RSA_EMSA_PSS, pssParam, 0);
111 }
112 #endif // HITLS_CRYPT_RSA
113
GenKey(int32_t algId,int32_t curveId)114 static CRYPT_EAL_PkeyCtx *GenKey(int32_t algId, int32_t curveId)
115 {
116 CRYPT_EAL_PkeyCtx *pkey = CRYPT_EAL_PkeyNewCtx(algId == BSL_CID_RSASSAPSS ? BSL_CID_RSA : algId);
117 ASSERT_NE(pkey, NULL);
118
119 if (algId == CRYPT_PKEY_ECDSA) {
120 ASSERT_EQ(CRYPT_EAL_PkeySetParaById(pkey, curveId), CRYPT_SUCCESS);
121 }
122
123 #ifdef HITLS_CRYPTO_RSA
124 if (algId == CRYPT_PKEY_RSA) {
125 ASSERT_EQ(SetRsaPara(pkey), CRYPT_SUCCESS);
126 }
127 if (algId == BSL_CID_RSASSAPSS) {
128 ASSERT_EQ(SetRsaPara(pkey), CRYPT_SUCCESS);
129 ASSERT_EQ(SetRsaPssPara(pkey), CRYPT_SUCCESS);
130 }
131 #endif
132 ASSERT_EQ(CRYPT_EAL_PkeyGen(pkey), CRYPT_SUCCESS);
133
134 return pkey;
135 EXIT:
136 CRYPT_EAL_PkeyFreeCtx(pkey);
137 return NULL;
138 }
139
140 /**
141 * Generate DER/PEM public/private key: rsa, ecc, sm2, ed25519
142 */
TestEncodeKey(int32_t algId,int32_t type,int32_t curveId,char * path)143 static int32_t TestEncodeKey(int32_t algId, int32_t type, int32_t curveId, char *path)
144 {
145 BSL_Buffer encode = {0};
146 int32_t ret = CRYPT_MEM_ALLOC_FAIL;
147
148 CRYPT_EAL_PkeyCtx *pkey = GenKey(algId, curveId);
149 ASSERT_NE(pkey, NULL);
150
151 #ifdef HITLS_BSL_SAL_FILE
152 if (path != NULL) {
153 ASSERT_EQ(CRYPT_EAL_EncodeFileKey(pkey, NULL, BSL_FORMAT_ASN1, type, path), CRYPT_SUCCESS);
154 }
155 #ifdef HITLS_BSL_PEM
156 if (path != NULL) {
157 ASSERT_EQ(CRYPT_EAL_EncodeFileKey(pkey, NULL, BSL_FORMAT_PEM, type, path), CRYPT_SUCCESS);
158 }
159 #endif
160 #else
161 (void)path;
162 #endif
163 ASSERT_EQ(CRYPT_EAL_EncodeBuffKey(pkey, NULL, BSL_FORMAT_ASN1, type, &encode), CRYPT_SUCCESS);
164 BSL_SAL_FREE(encode.data);
165 #ifdef HITLS_BSL_PEM
166 ASSERT_EQ(CRYPT_EAL_EncodeBuffKey(pkey, NULL, BSL_FORMAT_PEM, type, &encode), CRYPT_SUCCESS);
167 BSL_SAL_FREE(encode.data);
168 #endif
169
170 ret = CRYPT_SUCCESS;
171 EXIT:
172 CRYPT_EAL_PkeyFreeCtx(pkey);
173 return ret;
174 }
175 #endif // HITLS_CRYPTO_KEY_ENCODE
176
177 #if defined(HITLS_PKI_X509_CRL_GEN) || defined(HITLS_PKI_X509_CSR_GEN) || defined(HITLS_PKI_X509_CRT_GEN)
178 static char g_sm2DefaultUserid[] = "1234567812345678";
179
SetSignParam(int32_t algId,int32_t mdId,HITLS_X509_SignAlgParam * algParam,CRYPT_RSA_PssPara * pssParam)180 static void SetSignParam(int32_t algId, int32_t mdId, HITLS_X509_SignAlgParam *algParam, CRYPT_RSA_PssPara *pssParam)
181 {
182 if (algId == BSL_CID_RSASSAPSS) {
183 algParam->algId = BSL_CID_RSASSAPSS;
184 pssParam->mdId = mdId;
185 pssParam->mgfId = mdId;
186 pssParam->saltLen = 20; // 20 bytes salt
187 algParam->rsaPss = *pssParam;
188 }
189 if (algId == BSL_CID_SM2DSA) {
190 algParam->algId = BSL_CID_SM2DSAWITHSM3;
191 algParam->sm2UserId.data = (uint8_t *)g_sm2DefaultUserid;
192 algParam->sm2UserId.dataLen = (uint32_t)strlen(g_sm2DefaultUserid);
193 }
194
195 }
196 #endif
197
198 #if defined(HITLS_PKI_X509_CRL_GEN) || defined(HITLS_PKI_X509_CRT_GEN)
GenDNList(void)199 static BslList* GenDNList(void)
200 {
201 HITLS_X509_DN dnName1[1] = {{BSL_CID_AT_COMMONNAME, (uint8_t *)"OH", 2}};
202 HITLS_X509_DN dnName2[1] = {{BSL_CID_AT_COUNTRYNAME, (uint8_t *)"CN", 2}};
203
204 BslList *dirNames = HITLS_X509_DnListNew();
205 ASSERT_NE(dirNames, NULL);
206
207 ASSERT_EQ(HITLS_X509_AddDnName(dirNames, dnName1, 1), HITLS_PKI_SUCCESS);
208 ASSERT_EQ(HITLS_X509_AddDnName(dirNames, dnName2, 1), HITLS_PKI_SUCCESS);
209 return dirNames;
210
211 EXIT:
212 HITLS_X509_DnListFree(dirNames);
213 return NULL;
214 }
215 #endif
216
GenGeneralNameList(void)217 static BslList* GenGeneralNameList(void)
218 {
219 char *str = "test";
220 HITLS_X509_GeneralName *email = NULL;
221 HITLS_X509_GeneralName *dns = NULL;
222 HITLS_X509_GeneralName *dname = NULL;
223 HITLS_X509_GeneralName *uri = NULL;
224 HITLS_X509_GeneralName *ip = NULL;
225
226 BslList *names = BSL_LIST_New(sizeof(HITLS_X509_GeneralName));
227 ASSERT_NE(names, NULL);
228
229 email = BSL_SAL_Malloc(sizeof(HITLS_X509_GeneralName));
230 dns = BSL_SAL_Malloc(sizeof(HITLS_X509_GeneralName));
231 dname = BSL_SAL_Malloc(sizeof(HITLS_X509_GeneralName));
232 uri = BSL_SAL_Malloc(sizeof(HITLS_X509_GeneralName));
233 ip = BSL_SAL_Malloc(sizeof(HITLS_X509_GeneralName));
234 ASSERT_TRUE(email != NULL && dns != NULL && dname != NULL && uri != NULL && ip != NULL);
235
236 email->type = HITLS_X509_GN_EMAIL;
237 dns->type = HITLS_X509_GN_DNS;
238 uri->type = HITLS_X509_GN_URI;
239 dname->type = HITLS_X509_GN_DNNAME;
240 ip->type = HITLS_X509_GN_IP;
241 email->value.dataLen = strlen(str);
242 dns->value.dataLen = strlen(str);
243 uri->value.dataLen = strlen(str);
244 dname->value.dataLen = sizeof(BslList *);
245 ip->value.dataLen = strlen(str);
246 email->value.data = BSL_SAL_Dump(str, strlen(str));
247 dns->value.data = BSL_SAL_Dump(str, strlen(str));
248 uri->value.data = BSL_SAL_Dump(str, strlen(str));
249 dname->value.data = (uint8_t *)GenDNList();
250 ip->value.data = BSL_SAL_Dump(str, strlen(str));
251 ASSERT_TRUE(email->value.data != NULL && dns->value.data != NULL && uri->value.data != NULL && dname->value.data != NULL && ip->value.data != NULL);
252
253 ASSERT_EQ(BSL_LIST_AddElement(names, email, BSL_LIST_POS_END), 0);
254 ASSERT_EQ(BSL_LIST_AddElement(names, dns, BSL_LIST_POS_END), 0);
255 ASSERT_EQ(BSL_LIST_AddElement(names, uri, BSL_LIST_POS_END), 0);
256 ASSERT_EQ(BSL_LIST_AddElement(names, dname, BSL_LIST_POS_END), 0);
257 ASSERT_EQ(BSL_LIST_AddElement(names, ip, BSL_LIST_POS_END), 0);
258
259 return names;
260 EXIT:
261 HITLS_X509_FreeGeneralName(email);
262 HITLS_X509_FreeGeneralName(dns);
263 HITLS_X509_FreeGeneralName(dname);
264 HITLS_X509_FreeGeneralName(uri);
265 HITLS_X509_FreeGeneralName(ip);
266 BSL_LIST_FREE(names, (BSL_LIST_PFUNC_FREE)HITLS_X509_FreeGeneralName);
267 return NULL;
268 }
269
270 #ifdef HITLS_PKI_X509_CRL_GEN
SetCrlEntry(HITLS_X509_Crl * crl)271 static int32_t SetCrlEntry(HITLS_X509_Crl *crl)
272 {
273 int32_t ret = 1;
274 BSL_TIME revokeTime = {2030, 1, 1, 0, 0, 0, 0, 0};
275 uint8_t serialNum[4] = {0x11, 0x22, 0x33, 0x44};
276 HITLS_X509_RevokeExtReason reason = {0, 1}; // keyCompromise
277 BSL_TIME invalidTime = revokeTime;
278 HITLS_X509_RevokeExtTime invalidTimeExt = {false, invalidTime};
279
280 HITLS_X509_CrlEntry *entry = HITLS_X509_CrlEntryNew();
281 ASSERT_NE(entry, NULL);
282 ASSERT_EQ(HITLS_X509_CrlEntryCtrl(entry, HITLS_X509_CRL_SET_REVOKED_SERIALNUM, serialNum, sizeof(serialNum)),0);
283 ASSERT_EQ(HITLS_X509_CrlEntryCtrl(entry, HITLS_X509_CRL_SET_REVOKED_REVOKE_TIME, &revokeTime, sizeof(BSL_TIME)),0);
284 ASSERT_EQ(HITLS_X509_CrlEntryCtrl(entry, HITLS_X509_CRL_SET_REVOKED_REASON, &reason,
285 sizeof(HITLS_X509_RevokeExtReason)), 0);
286 ASSERT_EQ(HITLS_X509_CrlEntryCtrl(entry, HITLS_X509_CRL_SET_REVOKED_INVALID_TIME, &invalidTimeExt,
287 sizeof(HITLS_X509_RevokeExtTime)), 0);
288 HITLS_X509_RevokeExtCertIssuer certIssuer = {true, NULL};
289 certIssuer.issuerName = GenGeneralNameList();
290 ASSERT_EQ(HITLS_X509_CrlEntryCtrl(entry, HITLS_X509_CRL_SET_REVOKED_CERTISSUER,
291 &certIssuer, sizeof(HITLS_X509_ExtSan)), 0);
292
293 ASSERT_EQ(HITLS_X509_CrlCtrl(crl, HITLS_X509_CRL_ADD_REVOKED_CERT, entry, 0), 0);
294
295 ret = 0;
296 EXIT:
297 HITLS_X509_CrlEntryFree(entry);
298 BSL_LIST_FREE(certIssuer.issuerName, (BSL_LIST_PFUNC_FREE)HITLS_X509_FreeGeneralName);
299 return ret;
300 }
301 #endif // HITLS_PKI_X509_CRL_GEN
302
303 #ifdef HITLS_PKI_X509_CSR_GEN
FillExt(HITLS_X509_Ext * ext)304 static int32_t FillExt(HITLS_X509_Ext *ext)
305 {
306 HITLS_X509_ExtBCons bCons = {true, false, 1};
307 HITLS_X509_ExtKeyUsage ku = {true, HITLS_X509_EXT_KU_DIGITAL_SIGN | HITLS_X509_EXT_KU_NON_REPUDIATION};
308 ASSERT_EQ(HITLS_X509_ExtCtrl(ext, HITLS_X509_EXT_SET_KUSAGE, &ku, sizeof(HITLS_X509_ExtKeyUsage)), 0);
309 ASSERT_EQ(HITLS_X509_ExtCtrl(ext, HITLS_X509_EXT_SET_BCONS, &bCons, sizeof(HITLS_X509_ExtBCons)), 0);
310 return 0;
311 EXIT:
312 return 1;
313 }
314 #endif // HITLS_PKI_X509_CSR_GEN
315
316 #ifdef HITLS_PKI_X509_CRT_GEN
FreeListData(void * data)317 static void FreeListData(void *data)
318 {
319 (void)data;
320 return;
321 }
322
SetCertExt(HITLS_X509_Cert * cert)323 static int32_t SetCertExt(HITLS_X509_Cert *cert)
324 {
325 int32_t ret = 1;
326 uint8_t kid[] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};
327 HITLS_X509_ExtBCons bCons = {true, true, 1};
328 HITLS_X509_ExtKeyUsage ku = {true, HITLS_X509_EXT_KU_DIGITAL_SIGN | HITLS_X509_EXT_KU_NON_REPUDIATION};
329 HITLS_X509_ExtAki aki = {true, {kid, sizeof(kid)}, NULL, {0}};
330 HITLS_X509_ExtSki ski = {true, {kid, sizeof(kid)}};
331 HITLS_X509_ExtExKeyUsage exku = {true, NULL};
332 HITLS_X509_ExtSan san = {true, NULL};
333 BSL_Buffer oidBuff = {0};
334 BslOidString *oid = NULL;
335
336 BslList *oidList = BSL_LIST_New(sizeof(BSL_Buffer));
337 ASSERT_TRUE(oidList != NULL);
338 oid = BSL_OBJ_GetOID(BSL_CID_KP_SERVERAUTH);
339 ASSERT_NE(oid, NULL);
340 oidBuff.data = (uint8_t *)oid->octs;
341 oidBuff.dataLen = oid->octetLen;
342 ASSERT_EQ(BSL_LIST_AddElement(oidList, &oidBuff, BSL_LIST_POS_END), 0);
343
344 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_EXT_SET_BCONS, &bCons, sizeof(HITLS_X509_ExtBCons)), 0);
345 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_EXT_SET_KUSAGE, &ku, sizeof(HITLS_X509_ExtKeyUsage)), 0);
346 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_EXT_SET_SKI, &ski, sizeof(HITLS_X509_ExtSki)), 0);
347 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_EXT_SET_AKI, &aki, sizeof(HITLS_X509_ExtAki)), 0);
348
349 exku.oidList = oidList;
350 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_EXT_SET_EXKUSAGE, &exku, sizeof(HITLS_X509_ExtExKeyUsage)), 0);
351
352 san.names = GenGeneralNameList();
353 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_EXT_SET_SAN, &san, sizeof(HITLS_X509_ExtSan)), 0);
354
355 ret = 0;
356 EXIT:
357 BSL_LIST_FREE(oidList, (BSL_LIST_PFUNC_FREE)FreeListData);
358 BSL_LIST_FREE(san.names, (BSL_LIST_PFUNC_FREE)HITLS_X509_FreeGeneralName);
359 return ret;
360 }
361 #endif // HITLS_PKI_X509_CRT_GEN
362
363 /* BEGIN_CASE */
SDV_PKI_GEN_KEY_TC001(int algId,int type,int curveId)364 void SDV_PKI_GEN_KEY_TC001(int algId, int type, int curveId)
365 {
366 #ifdef HITLS_CRYPTO_KEY_ENCODE
367 if (PkiSkipTest(algId, BSL_FORMAT_ASN1)) {
368 SKIP_TEST();
369 }
370
371 char *path = "tmp.key";
372 TestMemInit();
373 ASSERT_EQ(TestRandInit(), CRYPT_SUCCESS);
374 ASSERT_EQ(TestEncodeKey(algId, type, curveId, path), CRYPT_SUCCESS);
375
376 EXIT:
377 TestRandDeInit();
378 remove(path);
379 #else
380 UnusedParam1(algId, type, curveId);
381 SKIP_TEST();
382 #endif
383 }
384 /* END_CASE */
385
386 /* BEGIN_CASE */
SDV_PKI_GEN_ENCKEY_TC001(int algId,int curveId,int symId,Hex * pwd)387 void SDV_PKI_GEN_ENCKEY_TC001(int algId, int curveId, int symId, Hex *pwd)
388 {
389 #if defined(HITLS_CRYPTO_KEY_ENCODE) && defined(HITLS_CRYPTO_KEY_EPKI)
390 if (PkiSkipTest(algId, BSL_FORMAT_ASN1)) {
391 SKIP_TEST();
392 }
393
394 CRYPT_Pbkdf2Param param = {
395 .pbesId = BSL_CID_PBES2,
396 .pbkdfId = BSL_CID_PBKDF2,
397 .hmacId = CRYPT_MAC_HMAC_SHA256,
398 .symId = symId,
399 .pwd = pwd->x,
400 .pwdLen = pwd->len,
401 .saltLen = 16,
402 .itCnt = 2000,
403 };
404 CRYPT_EncodeParam paramEx = {CRYPT_DERIVE_PBKDF2, ¶m};
405 CRYPT_EAL_PkeyCtx *pkey = NULL;
406 BSL_Buffer encode = {0};
407
408 TestMemInit();
409 ASSERT_EQ(TestRandInit(), CRYPT_SUCCESS);
410 pkey = GenKey(algId, curveId);
411 ASSERT_NE(pkey, NULL);
412
413 ASSERT_EQ(CRYPT_EAL_EncodeBuffKey(pkey, ¶mEx, BSL_FORMAT_ASN1, CRYPT_PRIKEY_PKCS8_ENCRYPT, &encode), 0);
414
415 EXIT:
416 TestRandDeInit();
417 CRYPT_EAL_PkeyFreeCtx(pkey);
418 BSL_SAL_FREE(encode.data);
419 #else
420 (void)algId;
421 (void)curveId;
422 (void)symId;
423 (void)pwd;
424 SKIP_TEST();
425 #endif
426 }
427 /* END_CASE */
428
429 /* BEGIN_CASE */
SDV_PKI_PARSE_KEY_FILE_TC001(int algId,int format,int type,char * path)430 void SDV_PKI_PARSE_KEY_FILE_TC001(int algId, int format, int type, char *path)
431 {
432 #if defined(HITLS_BSL_SAL_FILE) && defined(HITLS_CRYPTO_KEY_DECODE)
433 if (PkiSkipTest(algId, format)) {
434 SKIP_TEST();
435 }
436
437 CRYPT_EAL_PkeyCtx *pkey = NULL;
438
439 TestMemInit();
440 ASSERT_EQ(CRYPT_EAL_DecodeFileKey(format, type, path, NULL, 0, &pkey), CRYPT_SUCCESS);
441 ASSERT_NE(pkey, NULL);
442
443 EXIT:
444 CRYPT_EAL_PkeyFreeCtx(pkey);
445 #else
446 (void)algId;
447 (void)format;
448 (void)type;
449 (void)path;
450 SKIP_TEST();
451 #endif
452 }
453 /* END_CASE */
454
455 /* BEGIN_CASE */
SDV_PKI_PARSE_ENCKEY_FILE_TC001(int algId,int format,int type,char * path,Hex * pass)456 void SDV_PKI_PARSE_ENCKEY_FILE_TC001(int algId, int format, int type, char *path, Hex *pass)
457 {
458 #if defined(HITLS_BSL_SAL_FILE) && defined(HITLS_CRYPTO_KEY_DECODE) && defined(HITLS_CRYPTO_KEY_EPKI)
459 if (PkiSkipTest(algId, format)) {
460 SKIP_TEST();
461 }
462
463 CRYPT_EAL_PkeyCtx *pkey = NULL;
464
465 TestMemInit();
466 ASSERT_EQ(CRYPT_EAL_DecodeFileKey(format, type, path, pass->x, pass->len, &pkey), CRYPT_SUCCESS);
467 ASSERT_NE(pkey, NULL);
468
469 EXIT:
470 CRYPT_EAL_PkeyFreeCtx(pkey);
471 #else
472 (void)algId;
473 (void)format;
474 (void)type;
475 (void)path;
476 (void)pass;
477 SKIP_TEST();
478 #endif
479 }
480 /* END_CASE */
481
482 /* BEGIN_CASE */
SDV_PKI_PARSE_KEY_BUFF_TC001(int algId,int format,int type,Hex * encode)483 void SDV_PKI_PARSE_KEY_BUFF_TC001(int algId, int format, int type, Hex *encode)
484 {
485 #ifdef HITLS_CRYPTO_KEY_DECODE
486 if (PkiSkipTest(algId, format)) {
487 SKIP_TEST();
488 }
489
490 CRYPT_EAL_PkeyCtx *pkey = NULL;
491
492 TestMemInit();
493 ASSERT_EQ(CRYPT_EAL_DecodeBuffKey(format, type, (BSL_Buffer *)encode, NULL, 0, &pkey), CRYPT_SUCCESS);
494 ASSERT_NE(pkey, NULL);
495
496 EXIT:
497 CRYPT_EAL_PkeyFreeCtx(pkey);
498 #else
499 (void)algId;
500 (void)format;
501 (void)type;
502 (void)encode;
503 SKIP_TEST();
504 #endif
505 }
506 /* END_CASE */
507
508 /* BEGIN_CASE */
SDV_PKI_GEN_CRL_TC001(int algId,int hashId,int curveId)509 void SDV_PKI_GEN_CRL_TC001(int algId, int hashId, int curveId)
510 {
511 #ifdef HITLS_PKI_X509_CRL_GEN
512 if (PkiSkipTest(algId, BSL_FORMAT_ASN1)) {
513 SKIP_TEST();
514 }
515
516 char *path = "tmp.crl";
517 HITLS_X509_Crl *crl = NULL;
518 uint32_t version = 1;
519 BslList *issuer = NULL;
520 BSL_TIME beforeTime = {2025, 1, 1, 0, 0, 0, 0, 0};
521 BSL_TIME afterTime = {2035, 1, 1, 0, 0, 0, 0, 0};
522 uint8_t crlNumber[1] = {0x11};
523 HITLS_X509_SignAlgParam algParam = {0};
524 CRYPT_RSA_PssPara pssParam = {0};
525 BSL_Buffer encode = {0};
526 HITLS_X509_ExtCrlNumber crlNumberExt = {false, {crlNumber, 1}};
527
528 ASSERT_EQ(TestRandInit(), CRYPT_SUCCESS);
529 CRYPT_EAL_PkeyCtx *prvKey = GenKey(algId, curveId);
530 ASSERT_NE(prvKey, NULL);
531 crl = HITLS_X509_CrlNew();
532 ASSERT_NE(crl, NULL);
533
534 issuer = GenDNList();
535 ASSERT_NE(issuer, NULL);
536 ASSERT_EQ(HITLS_X509_CrlCtrl(crl, HITLS_X509_SET_ISSUER_DN, issuer, sizeof(BslList)), HITLS_PKI_SUCCESS);
537 ASSERT_EQ(HITLS_X509_CrlCtrl(crl, HITLS_X509_SET_VERSION, &version, sizeof(version)), HITLS_PKI_SUCCESS);
538 ASSERT_EQ(HITLS_X509_CrlCtrl(crl, HITLS_X509_SET_BEFORE_TIME, &beforeTime, sizeof(BSL_TIME)), HITLS_PKI_SUCCESS);
539 ASSERT_EQ(HITLS_X509_CrlCtrl(crl, HITLS_X509_SET_AFTER_TIME, &afterTime, sizeof(BSL_TIME)), HITLS_PKI_SUCCESS);
540 ASSERT_EQ(SetCrlEntry(crl), 0);
541 ASSERT_EQ(HITLS_X509_CrlCtrl(crl, HITLS_X509_EXT_SET_CRLNUMBER, &crlNumberExt, sizeof(HITLS_X509_ExtCrlNumber)), 0);
542
543 SetSignParam(algId, hashId, &algParam, &pssParam);
544 if (algId == CRYPT_PKEY_RSA) {
545 ASSERT_EQ(HITLS_X509_CrlSign(hashId, prvKey, NULL, crl), HITLS_PKI_SUCCESS);
546 } else {
547 ASSERT_EQ(HITLS_X509_CrlSign(hashId, prvKey, &algParam, crl), HITLS_PKI_SUCCESS);
548 }
549
550 #ifdef HITLS_BSL_SAL_FILE
551 ASSERT_EQ(HITLS_X509_CrlGenFile(BSL_FORMAT_ASN1, crl, path), HITLS_PKI_SUCCESS);
552 #ifdef HITLS_BSL_PEM
553 ASSERT_EQ(HITLS_X509_CrlGenFile(BSL_FORMAT_PEM, crl, path), HITLS_PKI_SUCCESS);
554 #endif
555 #endif
556 ASSERT_EQ(HITLS_X509_CrlGenBuff(BSL_FORMAT_ASN1, crl, &encode), 0);
557 BSL_SAL_FREE(encode.data);
558 #ifdef HITLS_BSL_PEM
559 ASSERT_EQ(HITLS_X509_CrlGenBuff(BSL_FORMAT_PEM, crl, &encode), 0);
560 BSL_SAL_FREE(encode.data);
561 #endif
562
563 EXIT:
564 TestRandDeInit();
565 CRYPT_EAL_PkeyFreeCtx(prvKey);
566 HITLS_X509_CrlFree(crl);
567 HITLS_X509_DnListFree(issuer);
568 remove(path);
569 #else
570 UnusedParam1(algId, hashId, curveId);
571 SKIP_TEST();
572 #endif
573 }
574 /* END_CASE */
575
576 /* BEGIN_CASE */
SDV_PKI_PARSE_CRL_FILE_TC001(int algId,int format,char * path)577 void SDV_PKI_PARSE_CRL_FILE_TC001(int algId, int format, char *path)
578 {
579 #if defined(HITLS_PKI_X509_CRL_PARSE) && defined(HITLS_BSL_SAL_FILE)
580 if (PkiSkipTest(algId, format)) {
581 SKIP_TEST();
582 }
583
584 HITLS_X509_Crl *crl = NULL;
585
586 TestMemInit();
587 ASSERT_EQ(HITLS_X509_CrlParseFile(format, path, &crl), HITLS_PKI_SUCCESS);
588
589 EXIT:
590 HITLS_X509_CrlFree(crl);
591 #else
592 UnusedParam2(algId, format, path);
593 SKIP_TEST();
594 #endif
595 }
596 /* END_CASE */
597
598 /* BEGIN_CASE */
SDV_PKI_PARSE_CRL_BUFF_TC001(int algId,int format,Hex * encode)599 void SDV_PKI_PARSE_CRL_BUFF_TC001(int algId, int format, Hex *encode)
600 {
601 #ifdef HITLS_PKI_X509_CRL_PARSE
602 if (PkiSkipTest(algId, format)) {
603 SKIP_TEST();
604 }
605
606 HITLS_X509_Crl *crl = NULL;
607
608 TestMemInit();
609 ASSERT_EQ(HITLS_X509_CrlParseBuff(format, (BSL_Buffer *)encode, &crl), HITLS_PKI_SUCCESS);
610
611 EXIT:
612 HITLS_X509_CrlFree(crl);
613 #else
614 UnusedParam2(algId, format, encode);
615 SKIP_TEST();
616 #endif
617 }
618 /* END_CASE */
619
620 /* BEGIN_CASE */
SDV_PKI_GEN_CSR_TC001(int algId,int hashId,int curveId)621 void SDV_PKI_GEN_CSR_TC001(int algId, int hashId, int curveId)
622 {
623 #ifdef HITLS_PKI_X509_CSR_GEN
624 if (PkiSkipTest(algId, BSL_FORMAT_ASN1)) {
625 SKIP_TEST();
626 }
627
628 char *path = "tmp.csr";
629 HITLS_X509_Csr *csr = NULL;
630 BSL_Buffer encode = {0};
631 HITLS_X509_DN dnName1[1] = {{BSL_CID_AT_COMMONNAME, (uint8_t *)"OH", 2}};
632 HITLS_X509_DN dnName2[1] = {{BSL_CID_AT_COUNTRYNAME, (uint8_t *)"CN", 2}};
633 HITLS_X509_Attrs *attrs = NULL;
634 HITLS_X509_Ext *ext = NULL;
635 HITLS_X509_SignAlgParam algParam = {0};
636 CRYPT_RSA_PssPara pssParam = {0};
637
638 TestMemInit();
639 ASSERT_EQ(TestRandInit(), CRYPT_SUCCESS);
640 CRYPT_EAL_PkeyCtx *key = GenKey(algId, curveId);
641 ASSERT_NE(key, NULL);
642 csr = HITLS_X509_CsrNew();
643 ASSERT_NE(csr, NULL);
644 ext = HITLS_X509_ExtNew(HITLS_X509_EXT_TYPE_CSR);
645 ASSERT_NE(ext, NULL);
646
647 ASSERT_EQ(HITLS_X509_CsrCtrl(csr, HITLS_X509_SET_PUBKEY, key, 0), HITLS_PKI_SUCCESS);
648 ASSERT_EQ(HITLS_X509_CsrCtrl(csr, HITLS_X509_ADD_SUBJECT_NAME, dnName1, 1), HITLS_PKI_SUCCESS);
649 ASSERT_EQ(HITLS_X509_CsrCtrl(csr, HITLS_X509_ADD_SUBJECT_NAME, dnName2, 1), HITLS_PKI_SUCCESS);
650 ASSERT_EQ(HITLS_X509_CsrCtrl(csr, HITLS_X509_CSR_GET_ATTRIBUTES, &attrs, sizeof(HITLS_X509_Attrs *)), 0);
651
652 ASSERT_EQ(FillExt(ext), 0);
653 ASSERT_EQ(HITLS_X509_AttrCtrl(attrs, HITLS_X509_ATTR_SET_REQUESTED_EXTENSIONS, ext, 0), 0);
654
655 SetSignParam(algId, hashId, &algParam, &pssParam);
656 if (algId == CRYPT_PKEY_RSA) {
657 ASSERT_EQ(HITLS_X509_CsrSign(hashId, key, NULL, csr), HITLS_PKI_SUCCESS);
658 } else {
659 ASSERT_EQ(HITLS_X509_CsrSign(hashId, key, &algParam, csr), HITLS_PKI_SUCCESS);
660 }
661
662
663 #ifdef HITLS_BSL_SAL_FILE
664 ASSERT_EQ(HITLS_X509_CsrGenFile(BSL_FORMAT_ASN1, csr, path), 0);
665 #ifdef HITLS_BSL_PEM
666 ASSERT_EQ(HITLS_X509_CsrGenFile(BSL_FORMAT_PEM, csr, path), 0);
667 #endif
668 #endif
669 ASSERT_EQ(HITLS_X509_CsrGenBuff(BSL_FORMAT_ASN1, csr, &encode), 0);
670 BSL_SAL_FREE(encode.data);
671 #ifdef HITLS_BSL_PEM
672 ASSERT_EQ(HITLS_X509_CsrGenBuff(BSL_FORMAT_PEM, csr, &encode), 0);
673 BSL_SAL_FREE(encode.data);
674 #endif
675
676 EXIT:
677 TestRandDeInit();
678 CRYPT_EAL_PkeyFreeCtx(key);
679 HITLS_X509_CsrFree(csr);
680 HITLS_X509_ExtFree(ext);
681 remove(path);
682 #else
683 UnusedParam1(algId, hashId, curveId);
684 SKIP_TEST();
685 #endif
686 }
687 /* END_CASE */
688
689 /* BEGIN_CASE */
SDV_PKI_PARSE_CSR_FILE_TC001(int algId,int format,char * path)690 void SDV_PKI_PARSE_CSR_FILE_TC001(int algId, int format, char *path)
691 {
692 #if defined(HITLS_PKI_X509_CSR_PARSE) && defined(HITLS_BSL_SAL_FILE)
693 if (PkiSkipTest(algId, format)) {
694 SKIP_TEST();
695 }
696
697 HITLS_X509_Csr *csr = NULL;
698 TestMemInit();
699 ASSERT_EQ(HITLS_X509_CsrParseFile(format, path, &csr), HITLS_PKI_SUCCESS);
700
701 EXIT:
702 HITLS_X509_CsrFree(csr);
703 #else
704 UnusedParam2(algId, format, path);
705 SKIP_TEST();
706 #endif
707 }
708 /* END_CASE */
709
710 /* BEGIN_CASE */
SDV_PKI_PARSE_CSR_BUFF_TC001(int algId,int format,Hex * encode)711 void SDV_PKI_PARSE_CSR_BUFF_TC001(int algId, int format, Hex *encode)
712 {
713 #if defined(HITLS_PKI_X509_CSR_PARSE)
714 if (PkiSkipTest(algId, format)) {
715 SKIP_TEST();
716 }
717
718 HITLS_X509_Csr *csr = NULL;
719 TestMemInit();
720 ASSERT_EQ(HITLS_X509_CsrParseBuff(format, (BSL_Buffer *)encode, &csr), HITLS_PKI_SUCCESS);
721
722 EXIT:
723 HITLS_X509_CsrFree(csr);
724 #else
725 UnusedParam2(algId, format, encode);
726 SKIP_TEST();
727 #endif
728 }
729 /* END_CASE */
730
731 /* BEGIN_CASE */
SDV_PKI_GEN_CERT_TC001(int algId,int hashId,int curveId)732 void SDV_PKI_GEN_CERT_TC001(int algId, int hashId, int curveId)
733 {
734 #ifdef HITLS_PKI_X509_CRT_GEN
735 if (PkiSkipTest(algId, BSL_FORMAT_ASN1)) {
736 SKIP_TEST();
737 }
738
739 char *path = "tmp.cert";
740 HITLS_X509_Cert *cert = NULL;
741 uint32_t version = 2; // v3 cert
742 uint8_t serialNum[4] = {0x11, 0x22, 0x33, 0x44};
743 BSL_TIME beforeTime = {2025, 1, 1, 0, 0, 0, 0, 0};
744 BSL_TIME afterTime = {2035, 1, 1, 0, 0, 0, 0, 0};
745 BslList *dnList = NULL;
746
747 HITLS_X509_SignAlgParam algParam = {0};
748 CRYPT_RSA_PssPara pssParam = {0};
749 BSL_Buffer encode = {0};
750
751 TestMemInit();
752 ASSERT_EQ(TestRandInit(), CRYPT_SUCCESS);
753 CRYPT_EAL_PkeyCtx *key = GenKey(algId, curveId);
754 ASSERT_NE(key, NULL);
755 cert = HITLS_X509_CertNew();
756 ASSERT_NE(cert, NULL);
757
758 // set cert info
759 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_SET_VERSION, &version, sizeof(version)), HITLS_PKI_SUCCESS);
760 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_SET_SERIALNUM, serialNum, sizeof(serialNum)), HITLS_PKI_SUCCESS);
761 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_SET_BEFORE_TIME, &beforeTime, sizeof(BSL_TIME)), HITLS_PKI_SUCCESS);
762 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_SET_AFTER_TIME, &afterTime, sizeof(BSL_TIME)), HITLS_PKI_SUCCESS);
763 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_SET_PUBKEY, key, 0), HITLS_PKI_SUCCESS);
764 dnList = GenDNList();
765 ASSERT_NE(dnList, NULL);
766 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_SET_ISSUER_DN, dnList, sizeof(BslList)), HITLS_PKI_SUCCESS);
767 ASSERT_EQ(HITLS_X509_CertCtrl(cert, HITLS_X509_SET_SUBJECT_DN, dnList, sizeof(BslList)), HITLS_PKI_SUCCESS);
768 ASSERT_EQ(SetCertExt(cert), 0);
769
770 // sign cert
771 SetSignParam(algId, hashId, &algParam, &pssParam);
772 if (algId == CRYPT_PKEY_RSA) {
773 ASSERT_EQ(HITLS_X509_CertSign(hashId, key, NULL, cert), HITLS_PKI_SUCCESS);
774 } else {
775 ASSERT_EQ(HITLS_X509_CertSign(hashId, key, &algParam, cert), HITLS_PKI_SUCCESS);
776 }
777
778 // generate cert file
779 #ifdef HITLS_BSL_SAL_FILE
780 ASSERT_EQ(HITLS_X509_CertGenFile(BSL_FORMAT_ASN1, cert, path), HITLS_PKI_SUCCESS);
781 #ifdef HITLS_BSL_PEM
782 ASSERT_EQ(HITLS_X509_CertGenFile(BSL_FORMAT_PEM, cert, path), HITLS_PKI_SUCCESS);
783 #endif
784 #endif
785 // generate cert buff
786 ASSERT_EQ(HITLS_X509_CertGenBuff(BSL_FORMAT_ASN1, cert, &encode), 0);
787 BSL_SAL_FREE(encode.data);
788 #ifdef HITLS_BSL_PEM
789 ASSERT_EQ(HITLS_X509_CertGenBuff(BSL_FORMAT_PEM, cert, &encode), 0);
790 BSL_SAL_FREE(encode.data);
791 #endif
792
793 EXIT:
794 TestRandDeInit();
795 CRYPT_EAL_PkeyFreeCtx(key);
796 HITLS_X509_CertFree(cert);
797 HITLS_X509_DnListFree(dnList);
798 remove(path);
799 #else
800 UnusedParam1(algId, hashId, curveId);
801 SKIP_TEST();
802 #endif
803 }
804 /* END_CASE */
805
806 /* BEGIN_CASE */
SDV_PKI_PARSE_CERT_FILE_TC001(int algId,int format,char * path)807 void SDV_PKI_PARSE_CERT_FILE_TC001(int algId, int format, char *path)
808 {
809 #if defined(HITLS_PKI_X509_CRT_PARSE) && defined(HITLS_BSL_SAL_FILE)
810 if (PkiSkipTest(algId, format)) {
811 SKIP_TEST();
812 }
813
814 HITLS_X509_Cert *cert = NULL;
815 TestMemInit();
816 ASSERT_EQ(HITLS_X509_CertParseFile(format, path, &cert), HITLS_PKI_SUCCESS);
817
818 EXIT:
819 HITLS_X509_CertFree(cert);
820 #else
821 UnusedParam2(algId, format, path);
822 SKIP_TEST();
823 #endif
824 }
825 /* END_CASE */
826
827 /* BEGIN_CASE */
SDV_PKI_PARSE_CERT_BUFF_TC001(int algId,int format,Hex * encode)828 void SDV_PKI_PARSE_CERT_BUFF_TC001(int algId, int format, Hex *encode)
829 {
830 #ifdef HITLS_PKI_X509_CRT_PARSE
831 if (PkiSkipTest(algId, format)) {
832 SKIP_TEST();
833 }
834
835 HITLS_X509_Cert *cert = NULL;
836 TestMemInit();
837 ASSERT_EQ(HITLS_X509_CertParseBuff(format, (BSL_Buffer *)encode, &cert), HITLS_PKI_SUCCESS);
838
839 EXIT:
840 HITLS_X509_CertFree(cert);
841 #else
842 UnusedParam2(algId, format, encode);
843 SKIP_TEST();
844 #endif
845 }
846 /* END_CASE */
847
848