lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260120145103.1176337-11-dhowells@redhat.com>
Date: Tue, 20 Jan 2026 14:50:56 +0000
From: David Howells <dhowells@...hat.com>
To: Lukas Wunner <lukas@...ner.de>,
	Ignat Korchagin <ignat@...udflare.com>
Cc: David Howells <dhowells@...hat.com>,
	Jarkko Sakkinen <jarkko@...nel.org>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Eric Biggers <ebiggers@...nel.org>,
	Luis Chamberlain <mcgrof@...nel.org>,
	Petr Pavlu <petr.pavlu@...e.com>,
	Daniel Gomez <da.gomez@...nel.org>,
	Sami Tolvanen <samitolvanen@...gle.com>,
	"Jason A . Donenfeld" <Jason@...c4.com>,
	Ard Biesheuvel <ardb@...nel.org>,
	Stephan Mueller <smueller@...onox.de>,
	linux-crypto@...r.kernel.org,
	keyrings@...r.kernel.org,
	linux-modules@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH v13 10/12] pkcs7: Add FIPS selftest for RSASSA-PSS

Add a FIPS selftest for RSASSA-PSS.

This is the 267th test vector taken from NIST's SigVerPSS_186-3.rsp in
186-3rsatestvectors.zip on line 2460, packaged into a rudimentary X.509
cert and PKCS#7 message.

Signed-off-by: David Howells <dhowells@...hat.com>
cc: Lukas Wunner <lukas@...ner.de>
cc: Ignat Korchagin <ignat@...udflare.com>
cc: Herbert Xu <herbert@...dor.apana.org.au>
cc: keyrings@...r.kernel.org
cc: linux-crypto@...r.kernel.org
---
 crypto/asymmetric_keys/selftest_rsa.c | 133 ++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)

diff --git a/crypto/asymmetric_keys/selftest_rsa.c b/crypto/asymmetric_keys/selftest_rsa.c
index 09c9815e456a..c06e32da0f7e 100644
--- a/crypto/asymmetric_keys/selftest_rsa.c
+++ b/crypto/asymmetric_keys/selftest_rsa.c
@@ -159,6 +159,131 @@ static const u8 certs_selftest_rsa_sig[] __initconst = {
 	"\x77\x55\x3c\x6f\x0c\x32\xd3\x8c\x44\x39\x71\x25\xfe\x96\xd2"
 };
 
+/*
+ * RSASSA-PSS test vector from SigVerPSS_186-3.rsp published by NIST
+ * in 186-3rsatestvectors.zip.  This is the 267th test on line 2460.
+ */
+static const u8 certs_selftest_rsassa_keys[] __initconst = {
+	"\x30\x82\x04\x4c\x30\x82\x02\x84\xa0\x03\x02\x01\x02\x02\x04\x01"
+	"\x23\x41\x0b\x30\x3d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0a"
+	"\x30\x30\xa0\x0d\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02"
+	"\x03\xa1\x1a\x30\x18\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x08"
+	"\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\xa2\x03\x02"
+	"\x01\x00\x30\x0f\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x0c\x04\x46"
+	"\x72\x65\x64\x30\x20\x17\x0d\x32\x36\x30\x31\x30\x31\x30\x30\x30"
+	"\x30\x30\x30\x5a\x18\x0f\x32\x31\x39\x39\x30\x31\x30\x31\x30\x30"
+	"\x30\x30\x30\x30\x5a\x30\x1c\x31\x1a\x30\x18\x06\x03\x55\x04\x03"
+	"\x0c\x11\x6e\x69\x73\x74\x5f\x72\x73\x61\x70\x73\x73\x5f\x32\x36"
+	"\x37\x5f\x50\x30\x82\x01\xa1\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7"
+	"\x0d\x01\x01\x0a\x03\x82\x01\x90\x00\x30\x82\x01\x8b\x02\x82\x01"
+	"\x81\x00\xa3\xf2\x23\x5a\xd2\x05\x3b\x4c\x83\xfa\x38\xf8\x28\x4e"
+	"\xd8\x05\x42\x16\x21\xfe\x98\x84\x5f\xb0\x1b\x68\x9f\x5b\x82\xb3"
+	"\x25\x11\xb6\xd1\x61\x73\xe7\xb4\x0a\x66\xa3\xa9\x99\xc1\x89\xbe"
+	"\xb9\xe0\x68\x22\x15\x0a\xc8\xbe\x67\x71\x86\x37\x0c\x82\x3b\x52"
+	"\x77\xd9\x09\xde\x07\x56\x4e\x28\x1c\xca\x2f\x13\x87\x3d\x9d\x07"
+	"\xb7\xbd\x85\xa2\xb9\xac\x66\xf4\xce\x4f\x5e\x38\xb8\xe9\xee\xbe"
+	"\xc0\x4c\x8c\xaf\x31\x1e\x37\x5d\x69\xe8\x08\x51\xd5\x59\xb8\xe9"
+	"\x0e\x85\xba\x6b\x96\x47\x67\x90\xf7\x27\xc2\x5a\xa8\x16\x30\x62"
+	"\xec\x85\x43\xfc\xc7\x75\x9b\xe6\x2c\x77\x68\xec\xc3\x7f\x34\x0b"
+	"\xb0\x61\x02\x76\x2b\xf0\x44\x1c\xa1\xaa\x2c\x7a\x81\xbf\x37\xdc"
+	"\x8b\x27\x43\x9d\x3a\xbb\xa9\x38\x12\xc9\xbb\x44\xfe\x4d\x6a\x94"
+	"\xba\xae\x70\x93\x79\xf5\xce\x5d\x0c\x8f\x81\xd0\x00\x86\xb9\xca"
+	"\xa3\x02\x68\x19\x58\x8f\x49\x1b\x52\x58\x07\x89\x9c\xda\xb3\x3d"
+	"\x8e\x99\x21\x50\xd2\xb1\x05\xd3\xaa\xb6\x15\x21\x7c\x6a\x3d\x74"
+	"\x08\x31\xc7\xdc\x76\xfa\xab\xd9\xc9\xb9\x81\x7e\xad\x0b\x49\x45"
+	"\x66\xde\x14\x33\xff\xf5\xba\x46\x04\xc6\xb8\x44\x6f\x6f\xc3\x5e"
+	"\x74\x6a\xff\x84\xff\x8b\xd7\x50\x04\x10\xd1\x0e\x82\xbf\x4c\x90"
+	"\x36\x48\x9d\xe4\x7d\xee\x9a\x32\x7a\x5c\x45\x10\xd8\x56\x13\x21"
+	"\xb9\x1d\x55\x55\x9a\x4c\xba\x85\xe0\xc3\x61\x76\x70\x84\xb2\x52"
+	"\x17\xe8\xa6\x3c\x4e\x15\x1a\x1e\x88\x68\x9f\xee\xcf\xfd\x16\xfa"
+	"\x0a\x65\xae\x41\xd2\xba\xbc\xa9\x9c\xf1\xb9\x59\xc3\xc0\x76\xc0"
+	"\xf7\x59\x74\x14\x6f\x2c\xc4\x94\x12\x6f\xbe\xca\xd4\x21\x7b\x9a"
+	"\xaa\x00\xf1\x69\xfa\x51\x25\x27\xff\x5a\x0b\x50\xda\x46\xd6\xbe"
+	"\x87\x0e\xce\xf2\xaf\x7a\x1e\x6c\x45\x56\xf6\xf7\xa0\xa0\x0b\x9f"
+	"\x47\xcb\x02\x04\x00\xb3\xf5\x7f\xa3\x42\x30\x40\x30\x0c\x06\x03"
+	"\x55\x1d\x13\x01\x01\xff\x04\x02\x30\x00\x30\x0e\x06\x03\x55\x1d"
+	"\x0f\x01\x01\x00\x04\x04\x03\x02\x07\x80\x30\x20\x06\x03\x55\x1d"
+	"\x0e\x01\x01\x00\x04\x16\x04\x14\x2b\x73\x93\x2c\xf0\x6c\x34\x1a"
+	"\xa7\x2c\xce\xa4\xe0\xac\x35\xa9\x6c\xcc\x01\x0b\x30\x3d\x06\x09"
+	"\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0a\x30\x30\xa0\x0d\x30\x0b\x06"
+	"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\xa1\x1a\x30\x18\x06\x09"
+	"\x2a\x86\x48\x86\xf7\x0d\x01\x01\x08\x30\x0b\x06\x09\x60\x86\x48"
+	"\x01\x65\x03\x04\x02\x03\xa2\x03\x02\x01\x00\x03\x82\x01\x81\x00"
+	"\x78\x7c\xdd\x6e\x1d\x4f\xdf\x9a\x0d\x9f\x96\x5e\xb8\x57\x25\x23"
+	"\x2a\x9e\xfc\xc1\x2a\xbf\xa1\xef\x25\xa8\x1e\x09\x83\x11\x1d\x90"
+	"\x00\xd4\x94\xfc\x7d\x32\x01\xeb\x3b\xba\x32\x73\x02\x72\x7f\x70"
+	"\x86\x14\x7a\x75\x5b\x48\x27\x03\x0c\x72\x76\x53\x6f\x42\x55\x93"
+	"\xab\x2e\x91\x27\xa1\x49\xe7\x54\xde\x7a\xd7\x7f\x8c\x20\x43\x26"
+	"\x7d\xb4\x9f\x8a\x35\x03\x1d\x83\xf1\x3d\x14\x0d\x5d\xf4\xd4\x24"
+	"\xb4\x74\x54\x04\x1a\x23\xb9\x2f\xf6\x81\x8e\x74\x9d\x65\xd0\x1f"
+	"\xc5\x0b\xeb\xf6\x91\x52\xf3\xf5\xfc\xb4\x87\x3b\x10\x36\x21\x9e"
+	"\x22\xb1\xe7\x4f\x83\x68\xc8\xc5\x01\xce\x65\xf2\xc9\x29\xd9\x0a"
+	"\x8e\xc8\x99\x63\x0e\x80\x25\x47\xa7\xca\x6e\xf1\x8a\xb3\xcb\x3e"
+	"\xb4\xa6\x91\xee\x68\xae\xbe\xaf\x1b\x9c\x05\x5a\xd1\x22\x18\x03"
+	"\x9c\xf4\x80\xcd\x8d\x29\x43\x32\xc5\xe1\x6e\xbb\xe6\xaf\x11\xf8"
+	"\xf4\xbf\x49\xf9\xb4\xed\x2f\x51\x11\x26\xae\x78\x0a\x3b\x78\x4b"
+	"\xe8\xf4\x42\x6a\xbd\x17\xf8\x60\x00\x74\x48\x3f\x2a\xf3\xb7\x1a"
+	"\x89\x64\xc6\xe0\xfa\x00\x04\x9a\x1d\x94\x0d\x34\xcc\x08\x83\x9e"
+	"\x0c\x59\x25\x3d\x99\xe9\x0d\x17\x87\x1d\x48\x96\x74\x69\x56\x63"
+	"\x62\x61\x66\xd3\x6f\xf9\x1d\x8c\x22\x99\xa2\xf0\x51\xea\xe2\xd6"
+	"\x0e\x8e\xd0\xbc\x3f\xac\x1e\x49\x0b\x47\x0c\x12\xf3\xd6\x97\xf6"
+	"\xfb\xfd\x88\x0d\xe2\xe9\x0e\x9f\xcb\xd4\x85\xfa\x33\x93\x19\x83"
+	"\x72\xfb\x01\xe4\xce\xc5\xc1\x59\x17\xec\xdd\x42\xe5\x7c\x43\xec"
+	"\xf5\x5a\x8c\x0e\xcb\xdc\xef\x1b\xce\x4e\x36\xd9\x6d\x46\xb1\x12"
+	"\x57\x0b\x53\xf8\x2f\x3d\x20\x64\xb0\x8a\xc7\x86\x13\x67\x0a\x28"
+	"\xea\x69\xd7\x9c\x71\x7e\xb1\xc2\x94\x09\x0d\xbd\x56\x1f\xa6\xe5"
+	"\x04\xd0\x9d\x26\x57\x24\xe3\x7a\x2d\xc6\xf4\x45\xf6\xf5\x28\xc9"
+};
+
+static const u8 certs_selftest_rsassa_data[] __initconst = {
+	"\xbe\x2f\x3e\x1d\xc8\xa3\x71\x15\x70\x40\x1b\xd5\x35\x18\x54\x26"
+	"\x94\x4d\x09\x4e\x84\x81\xa1\x2a\x43\x8d\xe0\x7d\x54\x76\x0c\x88"
+	"\xc9\x9d\x4f\xdb\xbe\x35\x5d\x6a\x26\xfa\x56\xe3\xca\x20\xee\x3f"
+	"\x8e\x8a\xcb\x98\xf6\x3d\x2f\x3a\xea\x14\xd6\xfc\xb6\xb5\x22\xd1"
+	"\x55\xc3\x75\x9a\xef\x56\xde\x3e\xa0\xa8\xf9\xfd\x7b\x11\x10\x01"
+	"\xcf\x35\x86\x36\xa8\x7c\x76\x5c\x99\xc2\x97\x5b\xb9\x50\x63\xd6"
+	"\xec\x0b\x78\x02\x64\xec\x3e\xb9\x67\xb0\xca\xca\x52\xd1\x02\x94"
+	"\xde\xb4\x02\xd3\xa2\x24\xbf\xb9\xd9\xff\xea\x41\x66\x2f\x18\xc0"
+};
+
+static const u8 certs_selftest_rsassa_sig[] __initconst = {
+	"\x30\x82\x02\x26\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02\xa0"
+	"\x82\x02\x17\x30\x82\x02\x13\x02\x01\x01\x31\x0d\x30\x0b\x06\x09"
+	"\x60\x86\x48\x01\x65\x03\x04\x02\x03\x30\x0b\x06\x09\x2a\x86\x48"
+	"\x86\xf7\x0d\x01\x07\x01\x31\x82\x01\xf0\x30\x82\x01\xec\x02\x01"
+	"\x01\x30\x17\x30\x0f\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x0c\x04"
+	"\x46\x72\x65\x64\x02\x04\x01\x23\x41\x0b\x30\x0b\x06\x09\x60\x86"
+	"\x48\x01\x65\x03\x04\x02\x03\x30\x3d\x06\x09\x2a\x86\x48\x86\xf7"
+	"\x0d\x01\x01\x0a\x30\x30\xa0\x0d\x30\x0b\x06\x09\x60\x86\x48\x01"
+	"\x65\x03\x04\x02\x03\xa1\x1a\x30\x18\x06\x09\x2a\x86\x48\x86\xf7"
+	"\x0d\x01\x01\x08\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02"
+	"\x03\xa2\x03\x02\x01\x00\x04\x82\x01\x80\x78\x7c\xdd\x6e\x1d\x4f"
+	"\xdf\x9a\x0d\x9f\x96\x5e\xb8\x57\x25\x23\x2a\x9e\xfc\xc1\x2a\xbf"
+	"\xa1\xef\x25\xa8\x1e\x09\x83\x11\x1d\x90\x00\xd4\x94\xfc\x7d\x32"
+	"\x01\xeb\x3b\xba\x32\x73\x02\x72\x7f\x70\x86\x14\x7a\x75\x5b\x48"
+	"\x27\x03\x0c\x72\x76\x53\x6f\x42\x55\x93\xab\x2e\x91\x27\xa1\x49"
+	"\xe7\x54\xde\x7a\xd7\x7f\x8c\x20\x43\x26\x7d\xb4\x9f\x8a\x35\x03"
+	"\x1d\x83\xf1\x3d\x14\x0d\x5d\xf4\xd4\x24\xb4\x74\x54\x04\x1a\x23"
+	"\xb9\x2f\xf6\x81\x8e\x74\x9d\x65\xd0\x1f\xc5\x0b\xeb\xf6\x91\x52"
+	"\xf3\xf5\xfc\xb4\x87\x3b\x10\x36\x21\x9e\x22\xb1\xe7\x4f\x83\x68"
+	"\xc8\xc5\x01\xce\x65\xf2\xc9\x29\xd9\x0a\x8e\xc8\x99\x63\x0e\x80"
+	"\x25\x47\xa7\xca\x6e\xf1\x8a\xb3\xcb\x3e\xb4\xa6\x91\xee\x68\xae"
+	"\xbe\xaf\x1b\x9c\x05\x5a\xd1\x22\x18\x03\x9c\xf4\x80\xcd\x8d\x29"
+	"\x43\x32\xc5\xe1\x6e\xbb\xe6\xaf\x11\xf8\xf4\xbf\x49\xf9\xb4\xed"
+	"\x2f\x51\x11\x26\xae\x78\x0a\x3b\x78\x4b\xe8\xf4\x42\x6a\xbd\x17"
+	"\xf8\x60\x00\x74\x48\x3f\x2a\xf3\xb7\x1a\x89\x64\xc6\xe0\xfa\x00"
+	"\x04\x9a\x1d\x94\x0d\x34\xcc\x08\x83\x9e\x0c\x59\x25\x3d\x99\xe9"
+	"\x0d\x17\x87\x1d\x48\x96\x74\x69\x56\x63\x62\x61\x66\xd3\x6f\xf9"
+	"\x1d\x8c\x22\x99\xa2\xf0\x51\xea\xe2\xd6\x0e\x8e\xd0\xbc\x3f\xac"
+	"\x1e\x49\x0b\x47\x0c\x12\xf3\xd6\x97\xf6\xfb\xfd\x88\x0d\xe2\xe9"
+	"\x0e\x9f\xcb\xd4\x85\xfa\x33\x93\x19\x83\x72\xfb\x01\xe4\xce\xc5"
+	"\xc1\x59\x17\xec\xdd\x42\xe5\x7c\x43\xec\xf5\x5a\x8c\x0e\xcb\xdc"
+	"\xef\x1b\xce\x4e\x36\xd9\x6d\x46\xb1\x12\x57\x0b\x53\xf8\x2f\x3d"
+	"\x20\x64\xb0\x8a\xc7\x86\x13\x67\x0a\x28\xea\x69\xd7\x9c\x71\x7e"
+	"\xb1\xc2\x94\x09\x0d\xbd\x56\x1f\xa6\xe5\x04\xd0\x9d\x26\x57\x24"
+	"\xe3\x7a\x2d\xc6\xf4\x45\xf6\xf5\x28\xc9"
+};
+
 void __init fips_signature_selftest_rsa(void)
 {
 	fips_signature_selftest("RSA",
@@ -168,4 +293,12 @@ void __init fips_signature_selftest_rsa(void)
 				sizeof(certs_selftest_rsa_data) - 1,
 				certs_selftest_rsa_sig,
 				sizeof(certs_selftest_rsa_sig) - 1);
+
+	fips_signature_selftest("RSASSA",
+				certs_selftest_rsassa_keys,
+				sizeof(certs_selftest_rsassa_keys) - 1,
+				certs_selftest_rsassa_data,
+				sizeof(certs_selftest_rsassa_data) - 1,
+				certs_selftest_rsassa_sig,
+				sizeof(certs_selftest_rsassa_sig) - 1);
 }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ