747ae81883
Commit c27b2d2012
("crypto: testmgr - allow ecdsa-nist-p256 and -p384
in FIPS mode") enabled support for ECDSA in crypto/testmgr.c. The
PKCS#7 signature verification API builds upon the KCAPI primitives to
perform its high-level operations. Therefore, this change in testmgr.c
also allows ECDSA to be used by the PKCS#7 signature verification API
(in FIPS mode).
However, from a FIPS perspective, the PKCS#7 signature verification API
is a distinct "service" from the KCAPI primitives. This is because the
PKCS#7 API performs a "full" signature verification, which consists of
both hashing the data to be verified, and the public key operation.
On the other hand, the KCAPI primitive does not perform this hashing
step - it accepts pre-hashed data from the caller and only performs the
public key operation.
For this reason, the ECDSA self-tests in crypto/testmgr.c are not
sufficient to cover ECDSA signature verification offered by the PKCS#7
API. This is reflected by the self-test already present in this file
for RSA PKCS#1 v1.5 signature verification.
The solution is simply to add a second self-test here for ECDSA. P-256
with SHA-256 hashing was chosen as those parameters should remain
FIPS-approved for the foreseeable future, while keeping the performance
impact to a minimum. The ECDSA certificate and PKCS#7 signed data was
generated using OpenSSL. The input data is identical to the input data
for the existing RSA self-test.
Signed-off-by: Joachim Vandersmissen <git@jvdsn.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
73 lines
1.9 KiB
C
73 lines
1.9 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/* Self-testing for signature checking.
|
|
*
|
|
* Copyright (C) 2022 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*/
|
|
|
|
#include <crypto/pkcs7.h>
|
|
#include <linux/cred.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/key.h>
|
|
#include <linux/module.h>
|
|
#include "selftest.h"
|
|
#include "x509_parser.h"
|
|
|
|
void fips_signature_selftest(const char *name,
|
|
const u8 *keys, size_t keys_len,
|
|
const u8 *data, size_t data_len,
|
|
const u8 *sig, size_t sig_len)
|
|
{
|
|
struct key *keyring;
|
|
int ret;
|
|
|
|
pr_notice("Running certificate verification %s selftest\n", name);
|
|
|
|
keyring = keyring_alloc(".certs_selftest",
|
|
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
|
|
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
|
|
KEY_USR_VIEW | KEY_USR_READ |
|
|
KEY_USR_SEARCH,
|
|
KEY_ALLOC_NOT_IN_QUOTA,
|
|
NULL, NULL);
|
|
if (IS_ERR(keyring))
|
|
panic("Can't allocate certs %s selftest keyring: %ld\n", name, PTR_ERR(keyring));
|
|
|
|
ret = x509_load_certificate_list(keys, keys_len, keyring);
|
|
if (ret < 0)
|
|
panic("Can't allocate certs %s selftest keyring: %d\n", name, ret);
|
|
|
|
struct pkcs7_message *pkcs7;
|
|
|
|
pkcs7 = pkcs7_parse_message(sig, sig_len);
|
|
if (IS_ERR(pkcs7))
|
|
panic("Certs %s selftest: pkcs7_parse_message() = %d\n", name, ret);
|
|
|
|
pkcs7_supply_detached_data(pkcs7, data, data_len);
|
|
|
|
ret = pkcs7_verify(pkcs7, VERIFYING_MODULE_SIGNATURE);
|
|
if (ret < 0)
|
|
panic("Certs %s selftest: pkcs7_verify() = %d\n", name, ret);
|
|
|
|
ret = pkcs7_validate_trust(pkcs7, keyring);
|
|
if (ret < 0)
|
|
panic("Certs %s selftest: pkcs7_validate_trust() = %d\n", name, ret);
|
|
|
|
pkcs7_free_message(pkcs7);
|
|
|
|
key_put(keyring);
|
|
}
|
|
|
|
static int __init fips_signature_selftest_init(void)
|
|
{
|
|
fips_signature_selftest_rsa();
|
|
fips_signature_selftest_ecdsa();
|
|
return 0;
|
|
}
|
|
|
|
late_initcall(fips_signature_selftest_init);
|
|
|
|
MODULE_DESCRIPTION("X.509 self tests");
|
|
MODULE_AUTHOR("Red Hat, Inc.");
|
|
MODULE_LICENSE("GPL");
|