linux/crypto/ecrdsa_defs.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0+ */
   2/*
   3 * Definitions of EC-RDSA Curve Parameters
   4 *
   5 * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
   6 *
   7 * This program is free software; you can redistribute it and/or modify it
   8 * under the terms of the GNU General Public License as published by the Free
   9 * Software Foundation; either version 2 of the License, or (at your option)
  10 * any later version.
  11 */
  12
  13#ifndef _CRYTO_ECRDSA_DEFS_H
  14#define _CRYTO_ECRDSA_DEFS_H
  15
  16#include "ecc.h"
  17
  18#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8)
  19#define ECRDSA_MAX_DIGITS (512 / 64)
  20
  21/*
  22 * EC-RDSA uses its own set of curves.
  23 *
  24 * cp256{a,b,c} curves first defined for GOST R 34.10-2001 in RFC 4357 (as
  25 * 256-bit {A,B,C}-ParamSet), but inherited for GOST R 34.10-2012 and
  26 * proposed for use in R 50.1.114-2016 and RFC 7836 as the 256-bit curves.
  27 */
  28/* OID_gostCPSignA 1.2.643.2.2.35.1 */
  29static u64 cp256a_g_x[] = {
  30        0x0000000000000001ull, 0x0000000000000000ull,
  31        0x0000000000000000ull, 0x0000000000000000ull, };
  32static u64 cp256a_g_y[] = {
  33        0x22ACC99C9E9F1E14ull, 0x35294F2DDF23E3B1ull,
  34        0x27DF505A453F2B76ull, 0x8D91E471E0989CDAull, };
  35static u64 cp256a_p[] = { /* p = 2^256 - 617 */
  36        0xFFFFFFFFFFFFFD97ull, 0xFFFFFFFFFFFFFFFFull,
  37        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
  38static u64 cp256a_n[] = {
  39        0x45841B09B761B893ull, 0x6C611070995AD100ull,
  40        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
  41static u64 cp256a_a[] = { /* a = p - 3 */
  42        0xFFFFFFFFFFFFFD94ull, 0xFFFFFFFFFFFFFFFFull,
  43        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
  44static u64 cp256a_b[] = {
  45        0x00000000000000a6ull, 0x0000000000000000ull,
  46        0x0000000000000000ull, 0x0000000000000000ull };
  47
  48static struct ecc_curve gost_cp256a = {
  49        .name = "cp256a",
  50        .g = {
  51                .x = cp256a_g_x,
  52                .y = cp256a_g_y,
  53                .ndigits = 256 / 64,
  54        },
  55        .p = cp256a_p,
  56        .n = cp256a_n,
  57        .a = cp256a_a,
  58        .b = cp256a_b
  59};
  60
  61/* OID_gostCPSignB 1.2.643.2.2.35.2 */
  62static u64 cp256b_g_x[] = {
  63        0x0000000000000001ull, 0x0000000000000000ull,
  64        0x0000000000000000ull, 0x0000000000000000ull, };
  65static u64 cp256b_g_y[] = {
  66        0x744BF8D717717EFCull, 0xC545C9858D03ECFBull,
  67        0xB83D1C3EB2C070E5ull, 0x3FA8124359F96680ull, };
  68static u64 cp256b_p[] = { /* p = 2^255 + 3225 */
  69        0x0000000000000C99ull, 0x0000000000000000ull,
  70        0x0000000000000000ull, 0x8000000000000000ull, };
  71static u64 cp256b_n[] = {
  72        0xE497161BCC8A198Full, 0x5F700CFFF1A624E5ull,
  73        0x0000000000000001ull, 0x8000000000000000ull, };
  74static u64 cp256b_a[] = { /* a = p - 3 */
  75        0x0000000000000C96ull, 0x0000000000000000ull,
  76        0x0000000000000000ull, 0x8000000000000000ull, };
  77static u64 cp256b_b[] = {
  78        0x2F49D4CE7E1BBC8Bull, 0xE979259373FF2B18ull,
  79        0x66A7D3C25C3DF80Aull, 0x3E1AF419A269A5F8ull, };
  80
  81static struct ecc_curve gost_cp256b = {
  82        .name = "cp256b",
  83        .g = {
  84                .x = cp256b_g_x,
  85                .y = cp256b_g_y,
  86                .ndigits = 256 / 64,
  87        },
  88        .p = cp256b_p,
  89        .n = cp256b_n,
  90        .a = cp256b_a,
  91        .b = cp256b_b
  92};
  93
  94/* OID_gostCPSignC 1.2.643.2.2.35.3 */
  95static u64 cp256c_g_x[] = {
  96        0x0000000000000000ull, 0x0000000000000000ull,
  97        0x0000000000000000ull, 0x0000000000000000ull, };
  98static u64 cp256c_g_y[] = {
  99        0x366E550DFDB3BB67ull, 0x4D4DC440D4641A8Full,
 100        0x3CBF3783CD08C0EEull, 0x41ECE55743711A8Cull, };
 101static u64 cp256c_p[] = {
 102        0x7998F7B9022D759Bull, 0xCF846E86789051D3ull,
 103        0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull,
 104        /* pre-computed value for Barrett's reduction */
 105        0xedc283cdd217b5a2ull, 0xbac48fc06398ae59ull,
 106        0x405384d55f9f3b73ull, 0xa51f176161f1d734ull,
 107        0x0000000000000001ull, };
 108static u64 cp256c_n[] = {
 109        0xF02F3A6598980BB9ull, 0x582CA3511EDDFB74ull,
 110        0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, };
 111static u64 cp256c_a[] = { /* a = p - 3 */
 112        0x7998F7B9022D7598ull, 0xCF846E86789051D3ull,
 113        0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, };
 114static u64 cp256c_b[] = {
 115        0x000000000000805aull, 0x0000000000000000ull,
 116        0x0000000000000000ull, 0x0000000000000000ull, };
 117
 118static struct ecc_curve gost_cp256c = {
 119        .name = "cp256c",
 120        .g = {
 121                .x = cp256c_g_x,
 122                .y = cp256c_g_y,
 123                .ndigits = 256 / 64,
 124        },
 125        .p = cp256c_p,
 126        .n = cp256c_n,
 127        .a = cp256c_a,
 128        .b = cp256c_b
 129};
 130
 131/* tc512{a,b} curves first recommended in 2013 and then standardized in
 132 * R 50.1.114-2016 and RFC 7836 for use with GOST R 34.10-2012 (as TC26
 133 * 512-bit ParamSet{A,B}).
 134 */
 135/* OID_gostTC26Sign512A 1.2.643.7.1.2.1.2.1 */
 136static u64 tc512a_g_x[] = {
 137        0x0000000000000003ull, 0x0000000000000000ull,
 138        0x0000000000000000ull, 0x0000000000000000ull,
 139        0x0000000000000000ull, 0x0000000000000000ull,
 140        0x0000000000000000ull, 0x0000000000000000ull, };
 141static u64 tc512a_g_y[] = {
 142        0x89A589CB5215F2A4ull, 0x8028FE5FC235F5B8ull,
 143        0x3D75E6A50E3A41E9ull, 0xDF1626BE4FD036E9ull,
 144        0x778064FDCBEFA921ull, 0xCE5E1C93ACF1ABC1ull,
 145        0xA61B8816E25450E6ull, 0x7503CFE87A836AE3ull, };
 146static u64 tc512a_p[] = { /* p = 2^512 - 569 */
 147        0xFFFFFFFFFFFFFDC7ull, 0xFFFFFFFFFFFFFFFFull,
 148        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
 149        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
 150        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
 151static u64 tc512a_n[] = {
 152        0xCACDB1411F10B275ull, 0x9B4B38ABFAD2B85Dull,
 153        0x6FF22B8D4E056060ull, 0x27E69532F48D8911ull,
 154        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
 155        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
 156static u64 tc512a_a[] = { /* a = p - 3 */
 157        0xFFFFFFFFFFFFFDC4ull, 0xFFFFFFFFFFFFFFFFull,
 158        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
 159        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
 160        0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
 161static u64 tc512a_b[] = {
 162        0x503190785A71C760ull, 0x862EF9D4EBEE4761ull,
 163        0x4CB4574010DA90DDull, 0xEE3CB090F30D2761ull,
 164        0x79BD081CFD0B6265ull, 0x34B82574761CB0E8ull,
 165        0xC1BD0B2B6667F1DAull, 0xE8C2505DEDFC86DDull, };
 166
 167static struct ecc_curve gost_tc512a = {
 168        .name = "tc512a",
 169        .g = {
 170                .x = tc512a_g_x,
 171                .y = tc512a_g_y,
 172                .ndigits = 512 / 64,
 173        },
 174        .p = tc512a_p,
 175        .n = tc512a_n,
 176        .a = tc512a_a,
 177        .b = tc512a_b
 178};
 179
 180/* OID_gostTC26Sign512B 1.2.643.7.1.2.1.2.2 */
 181static u64 tc512b_g_x[] = {
 182        0x0000000000000002ull, 0x0000000000000000ull,
 183        0x0000000000000000ull, 0x0000000000000000ull,
 184        0x0000000000000000ull, 0x0000000000000000ull,
 185        0x0000000000000000ull, 0x0000000000000000ull, };
 186static u64 tc512b_g_y[] = {
 187        0x7E21340780FE41BDull, 0x28041055F94CEEECull,
 188        0x152CBCAAF8C03988ull, 0xDCB228FD1EDF4A39ull,
 189        0xBE6DD9E6C8EC7335ull, 0x3C123B697578C213ull,
 190        0x2C071E3647A8940Full, 0x1A8F7EDA389B094Cull, };
 191static u64 tc512b_p[] = { /* p = 2^511 + 111 */
 192        0x000000000000006Full, 0x0000000000000000ull,
 193        0x0000000000000000ull, 0x0000000000000000ull,
 194        0x0000000000000000ull, 0x0000000000000000ull,
 195        0x0000000000000000ull, 0x8000000000000000ull, };
 196static u64 tc512b_n[] = {
 197        0xC6346C54374F25BDull, 0x8B996712101BEA0Eull,
 198        0xACFDB77BD9D40CFAull, 0x49A1EC142565A545ull,
 199        0x0000000000000001ull, 0x0000000000000000ull,
 200        0x0000000000000000ull, 0x8000000000000000ull, };
 201static u64 tc512b_a[] = { /* a = p - 3 */
 202        0x000000000000006Cull, 0x0000000000000000ull,
 203        0x0000000000000000ull, 0x0000000000000000ull,
 204        0x0000000000000000ull, 0x0000000000000000ull,
 205        0x0000000000000000ull, 0x8000000000000000ull, };
 206static u64 tc512b_b[] = {
 207        0xFB8CCBC7C5140116ull, 0x50F78BEE1FA3106Eull,
 208        0x7F8B276FAD1AB69Cull, 0x3E965D2DB1416D21ull,
 209        0xBF85DC806C4B289Full, 0xB97C7D614AF138BCull,
 210        0x7E3E06CF6F5E2517ull, 0x687D1B459DC84145ull, };
 211
 212static struct ecc_curve gost_tc512b = {
 213        .name = "tc512b",
 214        .g = {
 215                .x = tc512b_g_x,
 216                .y = tc512b_g_y,
 217                .ndigits = 512 / 64,
 218        },
 219        .p = tc512b_p,
 220        .n = tc512b_n,
 221        .a = tc512b_a,
 222        .b = tc512b_b
 223};
 224
 225#endif
 226
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.