TKSS-1018: Native SM2Signature should not reset NativeSMSignature ins…

…tance
johnshajiang · Dec 27, 2024 · b7bd1d3 · b7bd1d3
1 parent 279ee5c
commit b7bd1d3
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 12 deletions.
diff --git a/kona-crypto/src/main/java/com/tencent/kona/crypto/provider/nativeImpl/SM2Signature.java b/kona-crypto/src/main/java/com/tencent/kona/crypto/provider/nativeImpl/SM2Signature.java
@@ -63,8 +63,6 @@ public final class SM2Signature extends SignatureSpi {
     @Override
     protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
             throws InvalidKeyException {
-        reset();
-
         if (!(privateKey instanceof ECPrivateKey)) {
             throw new InvalidKeyException("Only ECPrivateKey accepted!");
         }
@@ -89,8 +87,6 @@ protected void engineInitSign(PrivateKey privateKey)
     @Override
     protected void engineInitVerify(PublicKey publicKey)
             throws InvalidKeyException {
-        reset();
-
         if (!(publicKey instanceof ECPublicKey)) {
             throw new InvalidKeyException("Only ECPublicKey accepted!");
         }
@@ -160,7 +156,7 @@ protected byte[] engineSign() throws SignatureException {
         } catch (BadPaddingException e) {
             throw new SignatureException(e);
         } finally {
-            reset();
+            buffer.reset();
         }
     }
 
@@ -184,12 +180,7 @@ protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
         } catch (BadPaddingException e) {
             throw new SignatureException(e);
         } finally {
-            reset();
+            buffer.reset();
         }
     }
-
-    private void reset() {
-        sm2 = null;
-        buffer.reset();
-    }
 }
diff --git a/kona-crypto/src/main/jni/kona_sm2_signature.c b/kona-crypto/src/main/jni/kona_sm2_signature.c
@@ -260,6 +260,13 @@ JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_Na
 
     OPENSSL_free(sig_buf);
 
+    // Re-init with the original parameters for the next operation
+    if (!EVP_DigestSignInit(ctx->mctx, NULL, NULL, NULL, NULL)) {
+        OPENSSL_print_err();
+
+        return NULL;
+    }
+
     return sig_bytes;
 }
 
@@ -310,5 +317,12 @@ JNIEXPORT jint JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeCr
     (*env)->ReleaseByteArrayElements(env, message, msg_bytes, JNI_ABORT);
     (*env)->ReleaseByteArrayElements(env, signature, sig_bytes, JNI_ABORT);
 
+    // Re-init with the original parameters for the next operation
+    if (!EVP_DigestVerifyInit(ctx->mctx, NULL, NULL, NULL, NULL)) {
+        OPENSSL_print_err();
+
+        return OPENSSL_FAILURE;
+    }
+
     return verified;
 }
diff --git a/kona-crypto/src/main/resources/libKonaCrypto-linux-aarch64.so b/kona-crypto/src/main/resources/libKonaCrypto-linux-aarch64.so
diff --git a/kona-crypto/src/main/resources/libKonaCrypto-linux-x86_64.so b/kona-crypto/src/main/resources/libKonaCrypto-linux-x86_64.so
diff --git a/kona-crypto/src/test/java/com/tencent/kona/crypto/provider/nativeImpl/NativeSM2Test.java b/kona-crypto/src/test/java/com/tencent/kona/crypto/provider/nativeImpl/NativeSM2Test.java
@@ -383,6 +383,37 @@ public void testSM2SignatureUseClosedRef() {
         }
     }
 
+    @Test
+    public void testSM2SignatureTwice() throws Exception {
+        try (NativeSM2KeyPairGen sm2KeyPairGen = new NativeSM2KeyPairGen()) {
+            byte[] keyPair = sm2KeyPairGen.genKeyPair();
+            byte[] priKey = copy(keyPair, 0, SM2_PRIKEY_LEN);
+            byte[] pubKey = copy(keyPair, SM2_PRIKEY_LEN, SM2_PUBKEY_LEN);
+            byte[] id = toBytes("3132333435363738");
+
+            try (NativeSM2Signature sm2Signer
+                         = new NativeSM2Signature(priKey, null, id, true)) {
+                // Sign with the partial message
+                sm2Signer.sign(copy(MESSAGE, 0, MESSAGE.length / 2));
+
+                // Re-sign with the full message
+                byte[] signature = sm2Signer.sign(MESSAGE);
+
+                try (NativeSM2Signature sm2Verifier
+                             = new NativeSM2Signature(pubKey, id, false)) {
+                    // Verify with the partial message
+                    boolean verified = sm2Verifier.verify(
+                            copy(MESSAGE, 0, MESSAGE.length / 2), signature);
+                    Assertions.assertFalse(verified);
+
+                    // Re-verify with the full message
+                    verified = sm2Verifier.verify(MESSAGE, signature);
+                    Assertions.assertTrue(verified);
+                }
+            }
+        }
+    }
+
     @Test
     public void testSM2KeyAgreement() {
         try (NativeSM2KeyAgreement sm2KeyAgreement
@@ -392,7 +423,7 @@ public void testSM2KeyAgreement() {
                     PEER_PUB_KEY, PEER_E_PUB_KEY, PEER_ID,
                     true, 16);
 
-            Assertions.assertEquals(16, sharedKey.length);
+            Assertions.assertArrayEquals(SHARED_KEY, sharedKey);
         }
     }