ECDSA signature verification for P-256 and P-384 (FIPS 186-4) #54

Phase 5: Pure Rust Crypto#

Implement ECDSA signature verification for the P-256 and P-384 curves in the crypto crate per FIPS 186-4.

Dependencies#

• Requires SHA-2 (for message digest)
• Requires ASN.1 DER parser (for parsing EC public keys and signatures)

Requirements#

Elliptic curve arithmetic:

• Point addition and doubling on short Weierstrass curves
• Scalar multiplication (constant-time double-and-add or similar)
• Point validation (on-curve check)
• Field arithmetic for P-256 (secp256r1) and P-384 (secp384r1) prime fields

ECDSA verification (FIPS 186-4 §4.1.4):

• Parse DER-encoded ECDSA signatures (r, s pair)
• Parse EC public keys from uncompressed point format (0x04 || x || y)
• Verify: given (message_hash, signature, public_key), return valid/invalid
• Modular inverse in the curve order field

Acceptance Criteria#

• P-256 and P-384 curve parameters and field arithmetic
• Point addition, doubling, and scalar multiplication
• ECDSA verify for P-256 with SHA-256
• ECDSA verify for P-384 with SHA-384
• Pass NIST ECDSA test vectors (from CAVP)
• Reject invalid signatures (wrong hash, tampered signature)
• Constant-time scalar multiplication
• cargo test -p we-crypto passes
• cargo clippy -p we-crypto -- -D warnings clean