From 109eaa90decceb20fcbf79c34690bb386ba1f0e4 Mon Sep 17 00:00:00 2001 From: kang1024 Date: Fri, 18 Jul 2025 10:29:39 +0800 Subject: [PATCH] =?UTF-8?q?1.=20=E4=BF=AE=E5=A4=8Darray=5Fview=E9=9A=90?= =?UTF-8?q?=E5=BC=8F=E8=BD=AC=E6=8D=A2=E4=B8=BAarray=E5=AF=BC=E8=87=B4?= =?UTF-8?q?=E8=AE=BF=E9=97=AE=E6=97=A0=E6=B3=95=E5=86=85=E5=AD=98=E5=9C=B0?= =?UTF-8?q?=E5=9D=80=EF=BC=9B2.=20=E5=A2=9E=E5=8A=A0bigint=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C=EF=BC=8C=E8=B4=9F=E6=95=B0=E6=8A=9B=E5=87=BAINVALID?= =?UTF-8?q?=5FPARAMS=E5=BC=82=E5=B8=B8=EF=BC=9B3.=20=E5=A2=9E=E5=8A=A0RSA?= =?UTF-8?q?=E7=BC=96=E8=A7=A3=E7=A0=81=E5=8A=A0=E8=A7=A3=E5=AF=86=E5=8F=A3?= =?UTF-8?q?=E4=BB=A4=E9=95=BF=E5=BA=A6=E9=99=90=E5=88=B64096?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: kang1024 --- frameworks/js/ani/inc/ani_common.h | 13 +++++--- frameworks/js/ani/src/ani_common.cpp | 32 ++++++++++++++++--- frameworks/js/ani/src/ani_dh_key_util.cpp | 2 +- frameworks/js/ani/src/ani_ecc_key_util.cpp | 9 ++++-- frameworks/js/ani/src/ani_md.cpp | 2 +- frameworks/js/ani/src/ani_sm2_crypto_util.cpp | 9 ++++-- .../crypto_operation/kdf/src/hkdf_openssl.c | 2 +- .../src/rsa_asy_key_generator_openssl.c | 13 ++++++++ 8 files changed, 66 insertions(+), 16 deletions(-) diff --git a/frameworks/js/ani/inc/ani_common.h b/frameworks/js/ani/inc/ani_common.h index f9bd6fb..87abbc6 100644 --- a/frameworks/js/ani/inc/ani_common.h +++ b/frameworks/js/ani/inc/ani_common.h @@ -51,16 +51,21 @@ constexpr int SPEC_ITEM_TYPE_UINT8ARR = 4; #define ANI_LOGE_THROW(code, msg) \ do { \ - LOGE("%{public}s", msg); \ - set_business_error(ConvertResultCode(code), msg); \ + int rc = ConvertResultCode(code); \ + LOGE("%{public}s, code: %{public}d", msg, rc); \ + set_business_error(rc, msg); \ } while (0) int ConvertResultCode(HcfResult res); -void ArrayU8ToDataBlob(const array &arr, HcfBlob &blob); +template +void ArrayU8ToDataBlob(const T &arr, HcfBlob &blob); void DataBlobToArrayU8(const HcfBlob &blob, array &arr); -void ArrayU8ToBigInteger(const array &arr, HcfBigInteger &bigint); + +template +bool ArrayU8ToBigInteger(const T &arr, HcfBigInteger &bigint); void BigIntegerToArrayU8(const HcfBigInteger &bigint, array &arr); + void StringToDataBlob(const string &str, HcfBlob &blob); int GetAsyKeySpecType(HcfAsyKeySpecItem item); diff --git a/frameworks/js/ani/src/ani_common.cpp b/frameworks/js/ani/src/ani_common.cpp index 9d6a8d9..6ca979e 100644 --- a/frameworks/js/ani/src/ani_common.cpp +++ b/frameworks/js/ani/src/ani_common.cpp @@ -82,6 +82,18 @@ static const std::unordered_map SIGN_SPEC_RELATION_MAP = { } // namespace namespace ANI::CryptoFramework { +// template specialization for ArrayU8ToDataBlob +template +void ArrayU8ToDataBlob>(const array &arr, HcfBlob &blob); +template +void ArrayU8ToDataBlob>(const array_view &arr, HcfBlob &blob); + +// template specialization for ArrayU8ToBigInteger +template +bool ArrayU8ToBigInteger>(const array &arr, HcfBigInteger &bigint); +template +bool ArrayU8ToBigInteger>(const array_view &arr, HcfBigInteger &bigint); + int ConvertResultCode(HcfResult res) { if (RESULT_CODE.count(res) > 0) { @@ -90,7 +102,8 @@ int ConvertResultCode(HcfResult res) return ERR_RUNTIME_ERROR; } -void ArrayU8ToDataBlob(const array &arr, HcfBlob &blob) +template +void ArrayU8ToDataBlob(const T &arr, HcfBlob &blob) { blob.data = arr.empty() ? nullptr : arr.data(); blob.len = arr.size(); @@ -101,13 +114,22 @@ void DataBlobToArrayU8(const HcfBlob &blob, array &arr) arr = array(move_data_t{}, blob.data, blob.len); } -void ArrayU8ToBigInteger(const array &arr, HcfBigInteger &bigint) +template +bool ArrayU8ToBigInteger(const T &arr, HcfBigInteger &bigint) { - bigint.data = arr.empty() ? nullptr : arr.data(); + if (arr.empty()) { + return false; + } + uint8_t sign = arr.back() >> (sizeof(uint8_t) * 8 - 1); + if (sign != 0) { // not support negative of big integer + return false; + } + bigint.data = arr.data(); bigint.len = arr.size(); - if (bigint.len > 0 && bigint.data[bigint.len - 1] == 0) { // remove the sign bit of big integer + if (bigint.len > 1 && bigint.data[bigint.len - 1] == 0) { // remove the sign bit of big integer bigint.len--; } + return true; } void BigIntegerToArrayU8(const HcfBigInteger &bigint, array &arr) @@ -121,7 +143,7 @@ void BigIntegerToArrayU8(const HcfBigInteger &bigint, array &arr) void StringToDataBlob(const string &str, HcfBlob &blob) { blob.data = str.empty() ? nullptr : reinterpret_cast(const_cast(str.c_str())); - blob.len = str.size() + 1; + blob.len = str.empty() ? 0 : str.size() + 1; } int GetAsyKeySpecType(HcfAsyKeySpecItem item) diff --git a/frameworks/js/ani/src/ani_dh_key_util.cpp b/frameworks/js/ani/src/ani_dh_key_util.cpp index 4c7294e..740f1d9 100644 --- a/frameworks/js/ani/src/ani_dh_key_util.cpp +++ b/frameworks/js/ani/src/ani_dh_key_util.cpp @@ -29,7 +29,7 @@ DHCommonParamsSpec GenDHCommonParamsSpec(int32_t pLen, optional_view sk HcfDhCommParamsSpec *dhCommParamsSpec = nullptr; HcfResult res = HcfDhKeyUtilCreate(pLen, skLenValue, &dhCommParamsSpec); if (res != HCF_SUCCESS) { - ANI_LOGE_THROW(res, "create dhKey obj fail!"); + ANI_LOGE_THROW(HCF_INVALID_PARAMS, "create dhKey obj fail!"); // the error code is consistent with 1.1 return dh; } dh.base.algName = string(dhCommParamsSpec->base.algName); diff --git a/frameworks/js/ani/src/ani_ecc_key_util.cpp b/frameworks/js/ani/src/ani_ecc_key_util.cpp index 4de03d1..e2ab9c3 100644 --- a/frameworks/js/ani/src/ani_ecc_key_util.cpp +++ b/frameworks/js/ani/src/ani_ecc_key_util.cpp @@ -68,8 +68,13 @@ Point ConvertPoint(string_view curveName, array_view encodedPoint) array GetEncodedPoint(string_view curveName, Point const& point, string_view format) { HcfPoint hcfPoint = {}; - ArrayU8ToBigInteger(point.x, hcfPoint.x); - ArrayU8ToBigInteger(point.y, hcfPoint.y); + bool bigintValid = true; + bigintValid &= ArrayU8ToBigInteger(point.x, hcfPoint.x); + bigintValid &= ArrayU8ToBigInteger(point.y, hcfPoint.y); + if (!bigintValid) { + ANI_LOGE_THROW(HCF_INVALID_PARAMS, "params is invalid."); + return {}; + } HcfBlob outBlob = {}; HcfResult res = HcfGetEncodedPoint(curveName.c_str(), &hcfPoint, format.c_str(), &outBlob); if (res != HCF_SUCCESS) { diff --git a/frameworks/js/ani/src/ani_md.cpp b/frameworks/js/ani/src/ani_md.cpp index d2efc23..2b9f26e 100644 --- a/frameworks/js/ani/src/ani_md.cpp +++ b/frameworks/js/ani/src/ani_md.cpp @@ -50,7 +50,7 @@ DataBlob MdImpl::DigestSync() HcfBlob outBlob = {}; HcfResult res = this->md_->doFinal(this->md_, &outBlob); if (res != HCF_SUCCESS) { - ANI_LOGE_THROW(res, "mac doFinal failed!"); + ANI_LOGE_THROW(res, "md doFinal failed!"); return {}; } array data = {}; diff --git a/frameworks/js/ani/src/ani_sm2_crypto_util.cpp b/frameworks/js/ani/src/ani_sm2_crypto_util.cpp index 4a69d99..3fbfef5 100644 --- a/frameworks/js/ani/src/ani_sm2_crypto_util.cpp +++ b/frameworks/js/ani/src/ani_sm2_crypto_util.cpp @@ -21,8 +21,13 @@ namespace ANI::CryptoFramework { DataBlob GenCipherTextBySpec(SM2CipherTextSpec const& spec, optional_view mode) { Sm2CipherTextSpec hcfSpec = {}; - ArrayU8ToBigInteger(spec.xCoordinate, hcfSpec.xCoordinate); - ArrayU8ToBigInteger(spec.yCoordinate, hcfSpec.yCoordinate); + bool bigintValid = true; + bigintValid &= ArrayU8ToBigInteger(spec.xCoordinate, hcfSpec.xCoordinate); + bigintValid &= ArrayU8ToBigInteger(spec.yCoordinate, hcfSpec.yCoordinate); + if (!bigintValid) { + ANI_LOGE_THROW(HCF_INVALID_PARAMS, "params is invalid."); + return {}; + } ArrayU8ToDataBlob(spec.cipherTextData, hcfSpec.cipherTextData); ArrayU8ToDataBlob(spec.hashData, hcfSpec.hashData); string dataMode = mode.has_value() ? mode.value() : ""; diff --git a/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c b/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c index beeb95a..23e7fcb 100644 --- a/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c +++ b/plugin/openssl_plugin/crypto_operation/kdf/src/hkdf_openssl.c @@ -105,7 +105,7 @@ static bool CheckHkdfParams(HcfHkdfParamsSpec *params) LOGE("beyond the length"); return false; } - if (params->key.data == NULL && params->key.len == 0) { + if (params->key.data == NULL || params->key.len == 0) { LOGE("check params failed, key is NULL"); return false; } diff --git a/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c b/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c index 8cf15ae..025cc7f 100644 --- a/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c +++ b/plugin/openssl_plugin/key/asy_key_generator/src/rsa_asy_key_generator_openssl.c @@ -36,6 +36,7 @@ #define OPENSSL_BITS_PER_BYTE 8 #define OPENSSL_RSA_KEYPAIR_CNT 3 #define OPENSSL_RSA_KEYGEN_DEFAULT_PRIMES 2 +#define PASSWORD_MAX_LENGTH 4096 #define MAX_KEY_SIZE 8192 #define MIN_KEY_SIZE 512 #define PRIMES_2 2 @@ -731,6 +732,11 @@ static HcfResult GetPriKeyEncodedPem(const HcfPriKey *self, HcfParamsSpec *param OpensslEvpPkeyFree(pkey); return HCF_ERR_PARAMETER_CHECK_FAILED; } + if (strlen(passWord) == 0 || strlen(passWord) > PASSWORD_MAX_LENGTH) { + LOGE("passWord is invalid."); + OpensslEvpPkeyFree(pkey); + return HCF_INVALID_PARAMS; + } cipher = EVP_CIPHER_fetch(NULL, cipherStr, NULL); result = GetPriKeyPem(format, pkey, cipher, passWord, returnString); EVP_CIPHER_free((EVP_CIPHER *)cipher); @@ -1223,6 +1229,13 @@ static HcfResult EngineConvertPemKey(HcfAsyKeyGeneratorSpi *self, HcfParamsSpec LOGE("ConvertPemKeyParams is invalid."); return HCF_INVALID_PARAMS; } + if (params != NULL) { + HcfKeyDecodingParamsSpec *spec = (HcfKeyDecodingParamsSpec *)params; + if (spec->password == NULL || strlen(spec->password) == 0 || strlen(spec->password) > PASSWORD_MAX_LENGTH) { + LOGE("password is invalid."); + return HCF_INVALID_PARAMS; + } + } if (!HcfIsClassMatch((HcfObjectBase *)self, OPENSSL_RSA_GENERATOR_CLASS)) { LOGE("Class not match."); return HCF_INVALID_PARAMS; -- Gitee