Vitaly Chikunov | 0d7a786 | 2019-04-11 18:51:20 +0300 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
| 2 | /* |
| 3 | * Definitions of EC-RDSA Curve Parameters |
| 4 | * |
| 5 | * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org> |
| 6 | * |
| 7 | * This program is free software; you can redistribute it and/or modify it |
| 8 | * under the terms of the GNU General Public License as published by the Free |
| 9 | * Software Foundation; either version 2 of the License, or (at your option) |
| 10 | * any later version. |
| 11 | */ |
| 12 | |
| 13 | #ifndef _CRYTO_ECRDSA_DEFS_H |
| 14 | #define _CRYTO_ECRDSA_DEFS_H |
| 15 | |
Daniele Alessandrelli | a745d3a | 2021-10-20 11:35:35 +0100 | [diff] [blame] | 16 | #include <crypto/internal/ecc.h> |
Vitaly Chikunov | 0d7a786 | 2019-04-11 18:51:20 +0300 | [diff] [blame] | 17 | |
| 18 | #define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8) |
| 19 | #define ECRDSA_MAX_DIGITS (512 / 64) |
| 20 | |
| 21 | /* |
| 22 | * EC-RDSA uses its own set of curves. |
| 23 | * |
| 24 | * cp256{a,b,c} curves first defined for GOST R 34.10-2001 in RFC 4357 (as |
| 25 | * 256-bit {A,B,C}-ParamSet), but inherited for GOST R 34.10-2012 and |
| 26 | * proposed for use in R 50.1.114-2016 and RFC 7836 as the 256-bit curves. |
| 27 | */ |
| 28 | /* OID_gostCPSignA 1.2.643.2.2.35.1 */ |
| 29 | static u64 cp256a_g_x[] = { |
| 30 | 0x0000000000000001ull, 0x0000000000000000ull, |
| 31 | 0x0000000000000000ull, 0x0000000000000000ull, }; |
| 32 | static u64 cp256a_g_y[] = { |
| 33 | 0x22ACC99C9E9F1E14ull, 0x35294F2DDF23E3B1ull, |
| 34 | 0x27DF505A453F2B76ull, 0x8D91E471E0989CDAull, }; |
| 35 | static u64 cp256a_p[] = { /* p = 2^256 - 617 */ |
| 36 | 0xFFFFFFFFFFFFFD97ull, 0xFFFFFFFFFFFFFFFFull, |
| 37 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; |
| 38 | static u64 cp256a_n[] = { |
| 39 | 0x45841B09B761B893ull, 0x6C611070995AD100ull, |
| 40 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; |
| 41 | static u64 cp256a_a[] = { /* a = p - 3 */ |
| 42 | 0xFFFFFFFFFFFFFD94ull, 0xFFFFFFFFFFFFFFFFull, |
| 43 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; |
| 44 | static u64 cp256a_b[] = { |
| 45 | 0x00000000000000a6ull, 0x0000000000000000ull, |
| 46 | 0x0000000000000000ull, 0x0000000000000000ull }; |
| 47 | |
| 48 | static struct ecc_curve gost_cp256a = { |
| 49 | .name = "cp256a", |
Stefan Berger | c0d6bd1 | 2024-04-04 10:18:48 -0400 | [diff] [blame] | 50 | .nbits = 256, |
Vitaly Chikunov | 0d7a786 | 2019-04-11 18:51:20 +0300 | [diff] [blame] | 51 | .g = { |
| 52 | .x = cp256a_g_x, |
| 53 | .y = cp256a_g_y, |
| 54 | .ndigits = 256 / 64, |
| 55 | }, |
| 56 | .p = cp256a_p, |
| 57 | .n = cp256a_n, |
| 58 | .a = cp256a_a, |
| 59 | .b = cp256a_b |
| 60 | }; |
| 61 | |
| 62 | /* OID_gostCPSignB 1.2.643.2.2.35.2 */ |
| 63 | static u64 cp256b_g_x[] = { |
| 64 | 0x0000000000000001ull, 0x0000000000000000ull, |
| 65 | 0x0000000000000000ull, 0x0000000000000000ull, }; |
| 66 | static u64 cp256b_g_y[] = { |
| 67 | 0x744BF8D717717EFCull, 0xC545C9858D03ECFBull, |
| 68 | 0xB83D1C3EB2C070E5ull, 0x3FA8124359F96680ull, }; |
| 69 | static u64 cp256b_p[] = { /* p = 2^255 + 3225 */ |
| 70 | 0x0000000000000C99ull, 0x0000000000000000ull, |
| 71 | 0x0000000000000000ull, 0x8000000000000000ull, }; |
| 72 | static u64 cp256b_n[] = { |
| 73 | 0xE497161BCC8A198Full, 0x5F700CFFF1A624E5ull, |
| 74 | 0x0000000000000001ull, 0x8000000000000000ull, }; |
| 75 | static u64 cp256b_a[] = { /* a = p - 3 */ |
| 76 | 0x0000000000000C96ull, 0x0000000000000000ull, |
| 77 | 0x0000000000000000ull, 0x8000000000000000ull, }; |
| 78 | static u64 cp256b_b[] = { |
| 79 | 0x2F49D4CE7E1BBC8Bull, 0xE979259373FF2B18ull, |
| 80 | 0x66A7D3C25C3DF80Aull, 0x3E1AF419A269A5F8ull, }; |
| 81 | |
| 82 | static struct ecc_curve gost_cp256b = { |
| 83 | .name = "cp256b", |
Stefan Berger | c0d6bd1 | 2024-04-04 10:18:48 -0400 | [diff] [blame] | 84 | .nbits = 256, |
Vitaly Chikunov | 0d7a786 | 2019-04-11 18:51:20 +0300 | [diff] [blame] | 85 | .g = { |
| 86 | .x = cp256b_g_x, |
| 87 | .y = cp256b_g_y, |
| 88 | .ndigits = 256 / 64, |
| 89 | }, |
| 90 | .p = cp256b_p, |
| 91 | .n = cp256b_n, |
| 92 | .a = cp256b_a, |
| 93 | .b = cp256b_b |
| 94 | }; |
| 95 | |
| 96 | /* OID_gostCPSignC 1.2.643.2.2.35.3 */ |
| 97 | static u64 cp256c_g_x[] = { |
| 98 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 99 | 0x0000000000000000ull, 0x0000000000000000ull, }; |
| 100 | static u64 cp256c_g_y[] = { |
| 101 | 0x366E550DFDB3BB67ull, 0x4D4DC440D4641A8Full, |
| 102 | 0x3CBF3783CD08C0EEull, 0x41ECE55743711A8Cull, }; |
| 103 | static u64 cp256c_p[] = { |
| 104 | 0x7998F7B9022D759Bull, 0xCF846E86789051D3ull, |
| 105 | 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, |
| 106 | /* pre-computed value for Barrett's reduction */ |
| 107 | 0xedc283cdd217b5a2ull, 0xbac48fc06398ae59ull, |
| 108 | 0x405384d55f9f3b73ull, 0xa51f176161f1d734ull, |
| 109 | 0x0000000000000001ull, }; |
| 110 | static u64 cp256c_n[] = { |
| 111 | 0xF02F3A6598980BB9ull, 0x582CA3511EDDFB74ull, |
| 112 | 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; |
| 113 | static u64 cp256c_a[] = { /* a = p - 3 */ |
| 114 | 0x7998F7B9022D7598ull, 0xCF846E86789051D3ull, |
| 115 | 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; |
| 116 | static u64 cp256c_b[] = { |
| 117 | 0x000000000000805aull, 0x0000000000000000ull, |
| 118 | 0x0000000000000000ull, 0x0000000000000000ull, }; |
| 119 | |
| 120 | static struct ecc_curve gost_cp256c = { |
| 121 | .name = "cp256c", |
Stefan Berger | c0d6bd1 | 2024-04-04 10:18:48 -0400 | [diff] [blame] | 122 | .nbits = 256, |
Vitaly Chikunov | 0d7a786 | 2019-04-11 18:51:20 +0300 | [diff] [blame] | 123 | .g = { |
| 124 | .x = cp256c_g_x, |
| 125 | .y = cp256c_g_y, |
| 126 | .ndigits = 256 / 64, |
| 127 | }, |
| 128 | .p = cp256c_p, |
| 129 | .n = cp256c_n, |
| 130 | .a = cp256c_a, |
| 131 | .b = cp256c_b |
| 132 | }; |
| 133 | |
| 134 | /* tc512{a,b} curves first recommended in 2013 and then standardized in |
| 135 | * R 50.1.114-2016 and RFC 7836 for use with GOST R 34.10-2012 (as TC26 |
| 136 | * 512-bit ParamSet{A,B}). |
| 137 | */ |
| 138 | /* OID_gostTC26Sign512A 1.2.643.7.1.2.1.2.1 */ |
| 139 | static u64 tc512a_g_x[] = { |
| 140 | 0x0000000000000003ull, 0x0000000000000000ull, |
| 141 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 142 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 143 | 0x0000000000000000ull, 0x0000000000000000ull, }; |
| 144 | static u64 tc512a_g_y[] = { |
| 145 | 0x89A589CB5215F2A4ull, 0x8028FE5FC235F5B8ull, |
| 146 | 0x3D75E6A50E3A41E9ull, 0xDF1626BE4FD036E9ull, |
| 147 | 0x778064FDCBEFA921ull, 0xCE5E1C93ACF1ABC1ull, |
| 148 | 0xA61B8816E25450E6ull, 0x7503CFE87A836AE3ull, }; |
| 149 | static u64 tc512a_p[] = { /* p = 2^512 - 569 */ |
| 150 | 0xFFFFFFFFFFFFFDC7ull, 0xFFFFFFFFFFFFFFFFull, |
| 151 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, |
| 152 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, |
| 153 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; |
| 154 | static u64 tc512a_n[] = { |
| 155 | 0xCACDB1411F10B275ull, 0x9B4B38ABFAD2B85Dull, |
| 156 | 0x6FF22B8D4E056060ull, 0x27E69532F48D8911ull, |
| 157 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, |
| 158 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; |
| 159 | static u64 tc512a_a[] = { /* a = p - 3 */ |
| 160 | 0xFFFFFFFFFFFFFDC4ull, 0xFFFFFFFFFFFFFFFFull, |
| 161 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, |
| 162 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, |
| 163 | 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; |
| 164 | static u64 tc512a_b[] = { |
| 165 | 0x503190785A71C760ull, 0x862EF9D4EBEE4761ull, |
| 166 | 0x4CB4574010DA90DDull, 0xEE3CB090F30D2761ull, |
| 167 | 0x79BD081CFD0B6265ull, 0x34B82574761CB0E8ull, |
| 168 | 0xC1BD0B2B6667F1DAull, 0xE8C2505DEDFC86DDull, }; |
| 169 | |
| 170 | static struct ecc_curve gost_tc512a = { |
| 171 | .name = "tc512a", |
Stefan Berger | c0d6bd1 | 2024-04-04 10:18:48 -0400 | [diff] [blame] | 172 | .nbits = 512, |
Vitaly Chikunov | 0d7a786 | 2019-04-11 18:51:20 +0300 | [diff] [blame] | 173 | .g = { |
| 174 | .x = tc512a_g_x, |
| 175 | .y = tc512a_g_y, |
| 176 | .ndigits = 512 / 64, |
| 177 | }, |
| 178 | .p = tc512a_p, |
| 179 | .n = tc512a_n, |
| 180 | .a = tc512a_a, |
| 181 | .b = tc512a_b |
| 182 | }; |
| 183 | |
| 184 | /* OID_gostTC26Sign512B 1.2.643.7.1.2.1.2.2 */ |
| 185 | static u64 tc512b_g_x[] = { |
| 186 | 0x0000000000000002ull, 0x0000000000000000ull, |
| 187 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 188 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 189 | 0x0000000000000000ull, 0x0000000000000000ull, }; |
| 190 | static u64 tc512b_g_y[] = { |
| 191 | 0x7E21340780FE41BDull, 0x28041055F94CEEECull, |
| 192 | 0x152CBCAAF8C03988ull, 0xDCB228FD1EDF4A39ull, |
| 193 | 0xBE6DD9E6C8EC7335ull, 0x3C123B697578C213ull, |
| 194 | 0x2C071E3647A8940Full, 0x1A8F7EDA389B094Cull, }; |
| 195 | static u64 tc512b_p[] = { /* p = 2^511 + 111 */ |
| 196 | 0x000000000000006Full, 0x0000000000000000ull, |
| 197 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 198 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 199 | 0x0000000000000000ull, 0x8000000000000000ull, }; |
| 200 | static u64 tc512b_n[] = { |
| 201 | 0xC6346C54374F25BDull, 0x8B996712101BEA0Eull, |
| 202 | 0xACFDB77BD9D40CFAull, 0x49A1EC142565A545ull, |
| 203 | 0x0000000000000001ull, 0x0000000000000000ull, |
| 204 | 0x0000000000000000ull, 0x8000000000000000ull, }; |
| 205 | static u64 tc512b_a[] = { /* a = p - 3 */ |
| 206 | 0x000000000000006Cull, 0x0000000000000000ull, |
| 207 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 208 | 0x0000000000000000ull, 0x0000000000000000ull, |
| 209 | 0x0000000000000000ull, 0x8000000000000000ull, }; |
| 210 | static u64 tc512b_b[] = { |
| 211 | 0xFB8CCBC7C5140116ull, 0x50F78BEE1FA3106Eull, |
| 212 | 0x7F8B276FAD1AB69Cull, 0x3E965D2DB1416D21ull, |
| 213 | 0xBF85DC806C4B289Full, 0xB97C7D614AF138BCull, |
| 214 | 0x7E3E06CF6F5E2517ull, 0x687D1B459DC84145ull, }; |
| 215 | |
| 216 | static struct ecc_curve gost_tc512b = { |
| 217 | .name = "tc512b", |
Stefan Berger | c0d6bd1 | 2024-04-04 10:18:48 -0400 | [diff] [blame] | 218 | .nbits = 512, |
Vitaly Chikunov | 0d7a786 | 2019-04-11 18:51:20 +0300 | [diff] [blame] | 219 | .g = { |
| 220 | .x = tc512b_g_x, |
| 221 | .y = tc512b_g_y, |
| 222 | .ndigits = 512 / 64, |
| 223 | }, |
| 224 | .p = tc512b_p, |
| 225 | .n = tc512b_n, |
| 226 | .a = tc512b_a, |
| 227 | .b = tc512b_b |
| 228 | }; |
| 229 | |
| 230 | #endif |