Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2023-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_crypt_lib.h"
8 : #include "internal/libspdm_common_lib.h"
9 : #include "internal/libspdm_fips_lib.h"
10 :
11 : #if LIBSPDM_FIPS_MODE
12 :
13 : /**
14 : * EDDSA self_test
15 : **/
16 1 : bool libspdm_fips_selftest_eddsa(void *fips_selftest_context)
17 : {
18 1 : bool result = true;
19 :
20 : #if LIBSPDM_EDDSA_SUPPORT
21 : libspdm_fips_selftest_context_t *context = fips_selftest_context;
22 : LIBSPDM_ASSERT(fips_selftest_context != NULL);
23 :
24 : /* any test fail cause the FIPS fail*/
25 : if (context->tested_algo != context->self_test_result) {
26 : return false;
27 : }
28 :
29 : /* check if run before.*/
30 : if ((context->tested_algo & LIBSPDM_FIPS_SELF_TEST_EDDSA) != 0) {
31 : return true;
32 : }
33 :
34 : #if LIBSPDM_EDDSA_ED25519_SUPPORT
35 :
36 : void *ecd_25519;
37 : uint8_t signature_25519[32 * 2];
38 : size_t sig25519_size;
39 : uint8_t get_pub_key_25519[32];
40 : size_t get_pub_key_25519_size = sizeof(get_pub_key_25519);
41 :
42 : /*test vectors from https://www.rfc-editor.org/rfc/rfc8032 */
43 : uint8_t message_25519[] = {
44 : 0x72
45 : };
46 :
47 : const uint8_t public_key_25519[] = {
48 : 0x3d, 0x40, 0x17, 0xc3, 0xe8, 0x43, 0x89, 0x5a, 0x92, 0xb7, 0x0a, 0xa7, 0x4d, 0x1b, 0x7e,
49 : 0xbc, 0x9c, 0x98, 0x2c, 0xcf, 0x2e, 0xc4, 0x96, 0x8c, 0xc0, 0xcd, 0x55, 0xf1, 0x2a, 0xf4,
50 : 0x66, 0x0c
51 : };
52 :
53 : const uint8_t private_key_25519[] = {
54 : 0x4c, 0xcd, 0x08, 0x9b, 0x28, 0xff, 0x96, 0xda, 0x9d, 0xb6, 0xc3, 0x46, 0xec, 0x11, 0x4e,
55 : 0x0f, 0x5b, 0x8a, 0x31, 0x9f, 0x35, 0xab, 0xa6, 0x24, 0xda, 0x8c, 0xf6, 0xed, 0x4f, 0xb8,
56 : 0xa6, 0xfb
57 : };
58 :
59 : /* Expected signature*/
60 : const uint8_t expected_signature_25519[] = {
61 : 0x92, 0xa0, 0x09, 0xa9, 0xf0, 0xd4, 0xca, 0xb8, 0x72, 0x0e, 0x82, 0x0b, 0x5f, 0x64, 0x25,
62 : 0x40, 0xa2, 0xb2, 0x7b, 0x54, 0x16, 0x50, 0x3f, 0x8f, 0xb3, 0x76, 0x22, 0x23, 0xeb, 0xdb,
63 : 0x69, 0xda, 0x08, 0x5a, 0xc1, 0xe4, 0x3e, 0x15, 0x99, 0x6e, 0x45, 0x8f, 0x36, 0x13, 0xd0,
64 : 0xf1, 0x1d, 0x8c, 0x38, 0x7b, 0x2e, 0xae, 0xb4, 0x30, 0x2a, 0xee, 0xb0, 0x0d, 0x29, 0x16,
65 : 0x12, 0xbb, 0x0c, 0x00
66 : };
67 :
68 : ecd_25519 = libspdm_ecd_new_by_nid(LIBSPDM_CRYPTO_NID_EDDSA_ED25519);
69 : if (ecd_25519 == NULL) {
70 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 gen failed \n"));
71 : result = false;
72 : goto update;
73 : }
74 :
75 : result = libspdm_ecd_set_pub_key(ecd_25519, public_key_25519, sizeof(public_key_25519));
76 : if (!result) {
77 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 set public key failed \n"));
78 : libspdm_ecd_free(ecd_25519);
79 : result = false;
80 : goto update;
81 : }
82 :
83 : result = libspdm_ecd_get_pub_key(ecd_25519, get_pub_key_25519, &get_pub_key_25519_size);
84 : if (!result) {
85 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 get pub key failed \n"));
86 : libspdm_ecd_free(ecd_25519);
87 : result = false;
88 : goto update;
89 : }
90 :
91 : if (get_pub_key_25519_size != sizeof(public_key_25519)) {
92 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 get key size compare failed \n"));
93 : libspdm_ecd_free(ecd_25519);
94 : result = false;
95 : goto update;
96 : }
97 :
98 : if (!libspdm_consttime_is_mem_equal(get_pub_key_25519, public_key_25519,
99 : sizeof(public_key_25519))) {
100 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 get key content compare failed \n"));
101 : libspdm_ecd_free(ecd_25519);
102 : result = false;
103 : goto update;
104 : }
105 :
106 : result = libspdm_ecd_set_pri_key(ecd_25519, private_key_25519, sizeof(private_key_25519));
107 : if (!result) {
108 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 set private key failed \n"));
109 : libspdm_ecd_free(ecd_25519);
110 : result = false;
111 : goto update;
112 : }
113 :
114 : /* Verify Ed-DSA*/
115 : sig25519_size = sizeof(signature_25519);
116 : result = libspdm_eddsa_sign(ecd_25519, LIBSPDM_CRYPTO_NID_NULL, NULL, 0, message_25519,
117 : sizeof(message_25519), signature_25519, &sig25519_size);
118 : if (!result) {
119 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 sign failed \n"));
120 : libspdm_ecd_free(ecd_25519);
121 : result = false;
122 : goto update;
123 : }
124 :
125 : if (!libspdm_consttime_is_mem_equal(signature_25519, expected_signature_25519,
126 : sizeof(expected_signature_25519))) {
127 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 KAT failed \n"));
128 : libspdm_ecd_free(ecd_25519);
129 : result = false;
130 : goto update;
131 : }
132 :
133 : result = libspdm_eddsa_verify(ecd_25519, LIBSPDM_CRYPTO_NID_NULL, NULL, 0, message_25519,
134 : sizeof(message_25519), signature_25519, sig25519_size);
135 : if (!result) {
136 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 25519 verify failed \n"));
137 : libspdm_ecd_free(ecd_25519);
138 : result = false;
139 : goto update;
140 : }
141 :
142 : libspdm_ecd_free(ecd_25519);
143 :
144 : #endif/*LIBSPDM_EDDSA_ED25519_SUPPORT */
145 :
146 : #if LIBSPDM_EDDSA_ED448_SUPPORT
147 : void *ecd_448;
148 : uint8_t signature_448[57 * 2];
149 : size_t sig448_size;
150 : uint8_t get_edd48_key[57];
151 : size_t get_pub_key_448_size = sizeof(get_edd48_key);
152 :
153 : /*test vectors from https://www.rfc-editor.org/rfc/rfc8032 */
154 : uint8_t message_448[] = {
155 : 0x03
156 : };
157 :
158 : const uint8_t public_key_448[] = {
159 : 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd,
160 : 0x0a, 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98,
161 : 0xc0, 0x86, 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, 0xb8, 0x43, 0x8e, 0xa4, 0xcb,
162 : 0x82, 0x16, 0x9c, 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, 0x80
163 : };
164 :
165 : const uint8_t private_key_448[] = {
166 : 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92,
167 : 0x4d, 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c,
168 : 0x46, 0x3a, 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, 0x5e, 0x3b, 0xc3, 0x97, 0xa6,
169 : 0x59, 0x94, 0x9e, 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, 0x4e
170 : };
171 :
172 : /* Expected signature*/
173 : const uint8_t expected_signature_448[] = {
174 : 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89, 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3,
175 : 0x77, 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35, 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10,
176 : 0xf4, 0x35, 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7, 0xe1, 0x8f, 0x62, 0xde, 0x8c,
177 : 0xcd, 0xf6, 0x33, 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79, 0x80, 0x5e, 0x0d, 0xbc,
178 : 0xc0, 0xaa, 0xe1, 0xcb, 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36, 0xbc, 0x04, 0xdc,
179 : 0xec, 0xbf, 0x15, 0x43, 0x36, 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29, 0x05, 0xe7,
180 : 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f, 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf, 0xd1,
181 : 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0, 0x3a
182 : };
183 :
184 : ecd_448 = libspdm_ecd_new_by_nid(LIBSPDM_CRYPTO_NID_EDDSA_ED448);
185 : if (ecd_448 == NULL) {
186 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 gen failed \n"));
187 : result = false;
188 : goto update;
189 : }
190 :
191 : result = libspdm_ecd_set_pub_key(ecd_448, public_key_448, sizeof(public_key_448));
192 : if (!result) {
193 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 set public key failed \n"));
194 : libspdm_ecd_free(ecd_448);
195 : result = false;
196 : goto update;
197 : }
198 :
199 : result = libspdm_ecd_get_pub_key(ecd_448, get_edd48_key, &get_pub_key_448_size);
200 : if (!result) {
201 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 get pub key failed \n"));
202 : libspdm_ecd_free(ecd_448);
203 : result = false;
204 : goto update;
205 : }
206 :
207 : if (get_pub_key_448_size != sizeof(public_key_448)) {
208 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 get key compare failed \n"));
209 : libspdm_ecd_free(ecd_448);
210 : result = false;
211 : goto update;
212 : }
213 :
214 : if (!libspdm_consttime_is_mem_equal(get_edd48_key, public_key_448,
215 : sizeof(public_key_448))) {
216 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 get key compare failed \n"));
217 : libspdm_ecd_free(ecd_448);
218 : result = false;
219 : goto update;
220 : }
221 :
222 : result = libspdm_ecd_set_pri_key(ecd_448, private_key_448, sizeof(private_key_448));
223 : if (!result) {
224 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 set private key failed \n"));
225 : libspdm_ecd_free(ecd_448);
226 : result = false;
227 : goto update;
228 : }
229 :
230 : /* Verify Ed-DSA*/
231 : sig448_size = sizeof(signature_448);
232 : result = libspdm_eddsa_sign(ecd_448, LIBSPDM_CRYPTO_NID_NULL, NULL, 0, message_448,
233 : sizeof(message_448), signature_448, &sig448_size);
234 : if (!result) {
235 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 sign failed \n"));
236 : libspdm_ecd_free(ecd_448);
237 : result = false;
238 : goto update;
239 : }
240 :
241 : if (!libspdm_consttime_is_mem_equal(signature_448, expected_signature_448,
242 : sizeof(expected_signature_448))) {
243 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 KAT failed \n"));
244 : libspdm_ecd_free(ecd_448);
245 : result = false;
246 : goto update;
247 : }
248 :
249 : result = libspdm_eddsa_verify(ecd_448, LIBSPDM_CRYPTO_NID_NULL, NULL, 0, message_448,
250 : sizeof(message_448), signature_448, sig448_size);
251 : if (!result) {
252 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "EDDSA 448 verify failed \n"));
253 : libspdm_ecd_free(ecd_448);
254 : result = false;
255 : goto update;
256 : }
257 :
258 : libspdm_ecd_free(ecd_448);
259 : #endif/*LIBSPDM_EDDSA_ED448_SUPPORT*/
260 :
261 : update:
262 : /* mark it as tested*/
263 : context->tested_algo |= LIBSPDM_FIPS_SELF_TEST_EDDSA;
264 :
265 : /* record test result*/
266 : if (result) {
267 : context->self_test_result |= LIBSPDM_FIPS_SELF_TEST_EDDSA;
268 : } else {
269 : context->self_test_result &= ~LIBSPDM_FIPS_SELF_TEST_EDDSA;
270 : }
271 :
272 : #endif /* LIBSPDM_EDDSA_SUPPORT */
273 1 : return result;
274 : }
275 :
276 : #endif/*LIBSPDM_FIPS_MODE*/
|
