• Joachim Vandersmissen's avatar
    certs: Add ECDSA signature verification self-test · 747ae818
    Joachim Vandersmissen authored
    Commit c27b2d20 ("crypto: testmgr - allow ecdsa-nist-p256 and -p384
    in FIPS mode") enabled support for ECDSA in crypto/testmgr.c. The
    PKCS#7 signature verification API builds upon the KCAPI primitives to
    perform its high-level operations. Therefore, this change in testmgr.c
    also allows ECDSA to be used by the PKCS#7 signature verification API
    (in FIPS mode).
    
    However, from a FIPS perspective, the PKCS#7 signature verification API
    is a distinct "service" from the KCAPI primitives. This is because the
    PKCS#7 API performs a "full" signature verification, which consists of
    both hashing the data to be verified, and the public key operation.
    On the other hand, the KCAPI primitive does not perform this hashing
    step - it accepts pre-hashed data from the caller and only performs the
    public key operation.
    
    For this reason, the ECDSA self-tests in crypto/testmgr.c are not
    sufficient to cover ECDSA signature verification offered by the PKCS#7
    API. This is reflected by the self-test already present in this file
    for RSA PKCS#1 v1.5 signature verification.
    
    The solution is simply to add a second self-test here for ECDSA. P-256
    with SHA-256 hashing was chosen as those parameters should remain
    FIPS-approved for the foreseeable future, while keeping the performance
    impact to a minimum. The ECDSA certificate and PKCS#7 signed data was
    generated using OpenSSL. The input data is identical to the input data
    for the existing RSA self-test.
    Signed-off-by: default avatarJoachim Vandersmissen <git@jvdsn.com>
    Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    747ae818
selftest_ecdsa.c 4.29 KB