Merge pull request #869 from cisco/feature/fixecdsa

Remove component testing from ECDSA sigver
cisco · Oct 14, 2024 · 1244099 · 1244099
2 parents 87d5ad1 + 196f2e2
commit 1244099
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 53 deletions.
diff --git a/app/app_ecdsa.c b/app/app_ecdsa.c
@@ -345,34 +345,18 @@ int app_ecdsa_handler(ACVP_TEST_CASE *test_case) {
         }
 
         sig_len = (size_t)i2d_ECDSA_SIG(sig_obj, &sig);
+        sig_ctx = EVP_MD_CTX_new();
+        if (!sig_ctx) {
+            printf("Error initializing sign CTX for ECDSA sigver\n");
+            goto err;
+        }
 
-        if (!tc->is_component) {
-            sig_ctx = EVP_MD_CTX_new();
-            if (!sig_ctx) {
-                printf("Error initializing sign CTX for ECDSA sigver\n");
-                goto err;
-            }
-
-            if (EVP_DigestVerifyInit_ex(sig_ctx, NULL, md, NULL, NULL, pkey, NULL) != 1) {
-                printf("Error initializing signing for ECDSA sigver\n");
-                goto err;
-            }
-            if (EVP_DigestVerify(sig_ctx, sig, sig_len, tc->message, tc->msg_len) == 1) {
-                tc->ver_disposition = 1;
-            }
-        } else {
-            comp_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
-            if (!comp_ctx) {
-                printf("Error initializing sign CTX for ECDSA component sigver\n");
-                goto err;
-            }
-            if (EVP_PKEY_verify_init(comp_ctx) != 1) {
-                printf("Error initializing signing for ECDSA component sigver\n");
-                goto err;
-            }
-            if (EVP_PKEY_verify(comp_ctx, sig, sig_len, tc->message, tc->msg_len) == 1) {
-                tc->ver_disposition = 1;
-            }
+        if (EVP_DigestVerifyInit_ex(sig_ctx, NULL, md, NULL, NULL, pkey, NULL) != 1) {
+            printf("Error initializing signing for ECDSA sigver\n");
+            goto err;
+        }
+        if (EVP_DigestVerify(sig_ctx, sig, sig_len, tc->message, tc->msg_len) == 1) {
+            tc->ver_disposition = 1;
         }
         break;
     default:

diff --git a/app/app_main.c b/app/app_main.c
@@ -3269,8 +3269,6 @@ static int enable_ecdsa(ACVP_CTX *ctx) {
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_set_prereq(ctx, ACVP_ECDSA_SIGVER, ACVP_PREREQ_DRBG, value);
     CHECK_ENABLE_CAP_RV(rv);
-    rv = acvp_cap_ecdsa_set_parm(ctx, ACVP_ECDSA_SIGVER, ACVP_ECDSA_COMPONENT_TEST, ACVP_ECDSA_COMPONENT_MODE_BOTH);
-    CHECK_ENABLE_CAP_RV(rv);
 #ifndef ACVP_FIPS186_5
     rv = acvp_cap_ecdsa_set_parm(ctx, ACVP_ECDSA_SIGVER, ACVP_ECDSA_REVISION, ACVP_REVISION_1_0);
     CHECK_ENABLE_CAP_RV(rv);

diff --git a/src/acvp_build_register.c b/src/acvp_build_register.c
@@ -1533,11 +1533,7 @@ static ACVP_RESULT acvp_build_ecdsa_register_cap(ACVP_CTX *ctx, ACVP_CIPHER ciph
         if (!cap_entry->cap.ecdsa_sigver_cap) {
             return ACVP_NO_CAP;
         }
-        if (ecdsa_cap->component == ACVP_ECDSA_COMPONENT_MODE_YES) {
-            json_object_set_boolean(cap_obj, "componentTest", 1);
-        } else {
-            json_object_set_boolean(cap_obj, "componentTest", 0);
-        }
+
         current_curve = ecdsa_cap->curves;
         //add "universally" set hash algs here instead of later to be resliant to different combos of API calls
         while (current_curve) {
@@ -5188,23 +5184,7 @@ ACVP_RESULT acvp_build_registration_json(ACVP_CTX *ctx, JSON_Value **reg) {
                 }
                 break;
             case ACVP_ECDSA_SIGVER:
-                /* If component_test = BOTH, we need two registrations */
-                if (cap_entry->cap.ecdsa_sigver_cap->component == ACVP_ECDSA_COMPONENT_MODE_BOTH) {
-                    cap_entry->cap.ecdsa_sigver_cap->component = ACVP_ECDSA_COMPONENT_MODE_NO;
-                    rv = acvp_build_ecdsa_register_cap(ctx, cap_entry->cipher, cap_obj, cap_entry);
-                    if (rv != ACVP_SUCCESS) {
-                        cap_entry->cap.ecdsa_sigver_cap->component = ACVP_ECDSA_COMPONENT_MODE_BOTH;
-                        break;
-                    }
-                    json_array_append_value(caps_arr, cap_val);
-                    cap_val = json_value_init_object();
-                    cap_obj = json_value_get_object(cap_val);
-                    cap_entry->cap.ecdsa_sigver_cap->component = ACVP_ECDSA_COMPONENT_MODE_YES;
-                    rv = acvp_build_ecdsa_register_cap(ctx, cap_entry->cipher, cap_obj, cap_entry);
-                    cap_entry->cap.ecdsa_sigver_cap->component = ACVP_ECDSA_COMPONENT_MODE_BOTH;
-                } else {
-                    rv = acvp_build_ecdsa_register_cap(ctx, cap_entry->cipher, cap_obj, cap_entry);
-                }
+                rv = acvp_build_ecdsa_register_cap(ctx, cap_entry->cipher, cap_obj, cap_entry);
                 break;
             case ACVP_EDDSA_KEYGEN:
             case ACVP_EDDSA_KEYVER:

diff --git a/src/acvp_capabilities.c b/src/acvp_capabilities.c
@@ -5471,7 +5471,7 @@ ACVP_RESULT acvp_cap_ecdsa_set_parm(ACVP_CTX *ctx,
         cap->hash_algs[value] = 1;
         break;
     case ACVP_ECDSA_COMPONENT_TEST:
-        if (cipher == ACVP_ECDSA_SIGGEN || cipher == ACVP_ECDSA_SIGVER || cipher == ACVP_DET_ECDSA_SIGGEN) {
+        if (cipher == ACVP_ECDSA_SIGGEN || cipher == ACVP_DET_ECDSA_SIGGEN) {
             if (value >= ACVP_ECDSA_COMPONENT_MODE_NO && value <= ACVP_ECDSA_COMPONENT_MODE_BOTH) {
                 if (value == ACVP_ECDSA_COMPONENT_MODE_BOTH) {
                     /* This will generate two vector sets, one for and one not for component mode */
@@ -5483,7 +5483,7 @@ ACVP_RESULT acvp_cap_ecdsa_set_parm(ACVP_CTX *ctx,
                 return ACVP_INVALID_ARG;
             }
         } else {
-            ACVP_LOG_ERR("ECDSA Component Tests only apply to siggen and sigver");
+            ACVP_LOG_ERR("ECDSA Component Tests only apply to siggen");
             return ACVP_INVALID_ARG;
         }
         break;