feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

linuxkm ecdsa: fix ecdsa fips define guards, and fix names.

Browse Source
This commit is contained in:
jordan
2025-04-07 17:00:13 -04:00
parent 69688c223b
commit 35f8c3b75c
2 changed files with 55 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
linuxkm/lkcapi_ecdsa_glue.c
View File

@@ -29,8 +29,24 @@
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>
#define WOLFKM_ECDSA_NAME "ecdsa" #define WOLFKM_ECDSA_DRIVER ("ecdsa-wolfcrypt")
#define WOLFKM_ECDSA_DRIVER ("ecdsa" WOLFKM_DRIVER_SUFFIX)
#define WOLFKM_ECDSA_P192_NAME ("ecdsa-nist-p192")
#define WOLFKM_ECDSA_P192_DRIVER ("ecdsa-nist-p192" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDSA_P256_NAME ("ecdsa-nist-p256")
#define WOLFKM_ECDSA_P256_DRIVER ("ecdsa-nist-p256" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDSA_P384_NAME ("ecdsa-nist-p384")
#define WOLFKM_ECDSA_P384_DRIVER ("ecdsa-nist-p384" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
#define WOLFKM_ECDSA_P521_NAME ("ecdsa-nist-p521")
#define WOLFKM_ECDSA_P521_DRIVER ("ecdsa-nist-p521" WOLFKM_DRIVER_FIPS \
"-wolfcrypt")
static int linuxkm_test_ecdsa_nist_driver(const char * driver, static int linuxkm_test_ecdsa_nist_driver(const char * driver,
const byte * pub, word32 pub_len, const byte * pub, word32 pub_len,
@@ -71,8 +87,8 @@ static int km_ecdsa_nist_p521_init(struct crypto_akcipher *tfm);
#if defined(LINUXKM_ECC192) #if defined(LINUXKM_ECC192)
static struct akcipher_alg ecdsa_nist_p192 = { static struct akcipher_alg ecdsa_nist_p192 = {
.base.cra_name = "ecdsa-nist-p192", .base.cra_name = WOLFKM_ECDSA_P192_NAME,
.base.cra_driver_name = "ecdsa-nist-p192-wolfcrypt", .base.cra_driver_name = WOLFKM_ECDSA_P192_DRIVER,
.base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
.base.cra_module = THIS_MODULE, .base.cra_module = THIS_MODULE,
.base.cra_ctxsize = sizeof(struct km_ecdsa_ctx), .base.cra_ctxsize = sizeof(struct km_ecdsa_ctx),
@@ -85,8 +101,8 @@ static struct akcipher_alg ecdsa_nist_p192 = {
#endif /* LINUXKM_ECC192 */ #endif /* LINUXKM_ECC192 */
static struct akcipher_alg ecdsa_nist_p256 = { static struct akcipher_alg ecdsa_nist_p256 = {
.base.cra_name = "ecdsa-nist-p256", .base.cra_name = WOLFKM_ECDSA_P256_NAME,
.base.cra_driver_name = "ecdsa-nist-p256-wolfcrypt", .base.cra_driver_name = WOLFKM_ECDSA_P256_DRIVER,
.base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
.base.cra_module = THIS_MODULE, .base.cra_module = THIS_MODULE,
.base.cra_ctxsize = sizeof(struct km_ecdsa_ctx), .base.cra_ctxsize = sizeof(struct km_ecdsa_ctx),
@@ -98,8 +114,8 @@ static struct akcipher_alg ecdsa_nist_p256 = {
}; };
static struct akcipher_alg ecdsa_nist_p384 = { static struct akcipher_alg ecdsa_nist_p384 = {
.base.cra_name = "ecdsa-nist-p384", .base.cra_name = WOLFKM_ECDSA_P384_NAME,
.base.cra_driver_name = "ecdsa-nist-p384-wolfcrypt", .base.cra_driver_name = WOLFKM_ECDSA_P384_DRIVER,
.base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
.base.cra_module = THIS_MODULE, .base.cra_module = THIS_MODULE,
.base.cra_ctxsize = sizeof(struct km_ecdsa_ctx), .base.cra_ctxsize = sizeof(struct km_ecdsa_ctx),
@@ -112,8 +128,8 @@ static struct akcipher_alg ecdsa_nist_p384 = {
#if defined(HAVE_ECC521) #if defined(HAVE_ECC521)
static struct akcipher_alg ecdsa_nist_p521 = { static struct akcipher_alg ecdsa_nist_p521 = {
.base.cra_name = "ecdsa-nist-p521", .base.cra_name = WOLFKM_ECDSA_P521_NAME,
.base.cra_driver_name = "ecdsa-nist-p521-wolfcrypt", .base.cra_driver_name = WOLFKM_ECDSA_P521_DRIVER,
.base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
.base.cra_module = THIS_MODULE, .base.cra_module = THIS_MODULE,
.base.cra_ctxsize = sizeof(struct km_ecdsa_ctx), .base.cra_ctxsize = sizeof(struct km_ecdsa_ctx),
@@ -436,7 +452,7 @@ static int linuxkm_test_ecdsa_nist_p192(void)
hash_len = sizeof(hash); hash_len = sizeof(hash);
sig_len = sizeof(sig); sig_len = sizeof(sig);
rc = linuxkm_test_ecdsa_nist_driver("ecdsa-nist-p192-wolfcrypt", rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P192_DRIVER,
p192_pub, pub_len, p192_pub, pub_len,
sig, sig_len, sig, sig_len,
hash, hash_len); hash, hash_len);
@@ -491,7 +507,7 @@ static int linuxkm_test_ecdsa_nist_p256(void)
hash_len = sizeof(hash); hash_len = sizeof(hash);
sig_len = sizeof(sig); sig_len = sizeof(sig);
rc = linuxkm_test_ecdsa_nist_driver("ecdsa-nist-p256-wolfcrypt", rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P256_DRIVER,
p256_pub, pub_len, p256_pub, pub_len,
sig, sig_len, sig, sig_len,
hash, hash_len); hash, hash_len);
@@ -554,7 +570,7 @@ static int linuxkm_test_ecdsa_nist_p384(void)
hash_len = sizeof(hash); hash_len = sizeof(hash);
sig_len = sizeof(sig); sig_len = sizeof(sig);
rc = linuxkm_test_ecdsa_nist_driver("ecdsa-nist-p384-wolfcrypt", rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P384_DRIVER,
p384_pub, pub_len, p384_pub, pub_len,
sig, sig_len, sig, sig_len,
hash, hash_len); hash, hash_len);
@@ -629,7 +645,7 @@ static int linuxkm_test_ecdsa_nist_p521(void)
hash_len = sizeof(hash); hash_len = sizeof(hash);
sig_len = sizeof(sig); sig_len = sizeof(sig);
rc = linuxkm_test_ecdsa_nist_driver("ecdsa-nist-p521-wolfcrypt", rc = linuxkm_test_ecdsa_nist_driver(WOLFKM_ECDSA_P521_DRIVER,
p521_pub, pub_len, p521_pub, pub_len,
sig, sig_len, sig, sig_len,
hash, hash_len); hash, hash_len);

38
linuxkm/lkcapi_glue.c
View File

@@ -4195,24 +4195,36 @@ static int linuxkm_test_aesecb(void) {
#undef LINUXKM_LKCAPI_REGISTER_ECDSA #undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0) && \ #if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
defined(LINUXKM_LKCAPI_REGISTER_ECDSA) #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
/** /**
* note: ecdsa only supported with linux 6.12 and earlier for now. * note: ecdsa supported with linux 6.12 and earlier for now, only.
* In linux 6.13, ecdsa changed from a struct akcipher_alg type to * In linux 6.13, ecdsa changed from a struct akcipher_alg type to
* struct sig_alg type, and the sign/verify callbacks were removed * struct sig_alg type, and the sign/verify callbacks were removed
* from akcipher_alg. * from akcipher_alg.
* */ * */
#undef LINUXKM_LKCAPI_REGISTER_ECDSA #undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif #endif /* linux >= 6.13.0 */
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && \
defined(CONFIG_CRYPTO_FIPS) && defined(CONFIG_CRYPTO_MANAGER)
/**
* note: ecdsa was not recognized as fips_allowed before linux v6.3
* in kernel crypto/testmgr.c, and will not pass the tests.
* */
#undef LINUXKM_LKCAPI_REGISTER_ECDSA
#endif /* linux < 6.3.0 && CONFIG_CRYPTO_FIPS && CONFIG_CRYPTO_MANAGER */
#if defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \ #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 192 ECC_MIN_KEY_SZ <= 192 && !defined(CONFIG_CRYPTO_FIPS)
/* only register p192 if specifically enabled, and if not fips. */
#define LINUXKM_ECC192 #define LINUXKM_ECC192
#endif #endif
#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
#include "linuxkm/lkcapi_ecdsa_glue.c" #include "linuxkm/lkcapi_ecdsa_glue.c"
#endif #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
static int linuxkm_lkcapi_register(void) static int linuxkm_lkcapi_register(void)
{ {