ecrdsa_defs.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
ecrdsa_defs.h (7411B)
      1/* SPDX-License-Identifier: GPL-2.0+ */
      2/*
      3 * Definitions of EC-RDSA Curve Parameters
      4 *
      5 * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
      6 *
      7 * This program is free software; you can redistribute it and/or modify it
      8 * under the terms of the GNU General Public License as published by the Free
      9 * Software Foundation; either version 2 of the License, or (at your option)
     10 * any later version.
     11 */
     12
     13#ifndef _CRYTO_ECRDSA_DEFS_H
     14#define _CRYTO_ECRDSA_DEFS_H
     15
     16#include <crypto/internal/ecc.h>
     17
     18#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8)
     19#define ECRDSA_MAX_DIGITS (512 / 64)
     20
     21/*
     22 * EC-RDSA uses its own set of curves.
     23 *
     24 * cp256{a,b,c} curves first defined for GOST R 34.10-2001 in RFC 4357 (as
     25 * 256-bit {A,B,C}-ParamSet), but inherited for GOST R 34.10-2012 and
     26 * proposed for use in R 50.1.114-2016 and RFC 7836 as the 256-bit curves.
     27 */
     28/* OID_gostCPSignA 1.2.643.2.2.35.1 */
     29static u64 cp256a_g_x[] = {
     30	0x0000000000000001ull, 0x0000000000000000ull,
     31	0x0000000000000000ull, 0x0000000000000000ull, };
     32static u64 cp256a_g_y[] = {
     33	0x22ACC99C9E9F1E14ull, 0x35294F2DDF23E3B1ull,
     34	0x27DF505A453F2B76ull, 0x8D91E471E0989CDAull, };
     35static u64 cp256a_p[] = { /* p = 2^256 - 617 */
     36	0xFFFFFFFFFFFFFD97ull, 0xFFFFFFFFFFFFFFFFull,
     37	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
     38static u64 cp256a_n[] = {
     39	0x45841B09B761B893ull, 0x6C611070995AD100ull,
     40	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
     41static u64 cp256a_a[] = { /* a = p - 3 */
     42	0xFFFFFFFFFFFFFD94ull, 0xFFFFFFFFFFFFFFFFull,
     43	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
     44static u64 cp256a_b[] = {
     45	0x00000000000000a6ull, 0x0000000000000000ull,
     46	0x0000000000000000ull, 0x0000000000000000ull };
     47
     48static struct ecc_curve gost_cp256a = {
     49	.name = "cp256a",
     50	.g = {
     51		.x = cp256a_g_x,
     52		.y = cp256a_g_y,
     53		.ndigits = 256 / 64,
     54	},
     55	.p = cp256a_p,
     56	.n = cp256a_n,
     57	.a = cp256a_a,
     58	.b = cp256a_b
     59};
     60
     61/* OID_gostCPSignB 1.2.643.2.2.35.2 */
     62static u64 cp256b_g_x[] = {
     63	0x0000000000000001ull, 0x0000000000000000ull,
     64	0x0000000000000000ull, 0x0000000000000000ull, };
     65static u64 cp256b_g_y[] = {
     66	0x744BF8D717717EFCull, 0xC545C9858D03ECFBull,
     67	0xB83D1C3EB2C070E5ull, 0x3FA8124359F96680ull, };
     68static u64 cp256b_p[] = { /* p = 2^255 + 3225 */
     69	0x0000000000000C99ull, 0x0000000000000000ull,
     70	0x0000000000000000ull, 0x8000000000000000ull, };
     71static u64 cp256b_n[] = {
     72	0xE497161BCC8A198Full, 0x5F700CFFF1A624E5ull,
     73	0x0000000000000001ull, 0x8000000000000000ull, };
     74static u64 cp256b_a[] = { /* a = p - 3 */
     75	0x0000000000000C96ull, 0x0000000000000000ull,
     76	0x0000000000000000ull, 0x8000000000000000ull, };
     77static u64 cp256b_b[] = {
     78	0x2F49D4CE7E1BBC8Bull, 0xE979259373FF2B18ull,
     79	0x66A7D3C25C3DF80Aull, 0x3E1AF419A269A5F8ull, };
     80
     81static struct ecc_curve gost_cp256b = {
     82	.name = "cp256b",
     83	.g = {
     84		.x = cp256b_g_x,
     85		.y = cp256b_g_y,
     86		.ndigits = 256 / 64,
     87	},
     88	.p = cp256b_p,
     89	.n = cp256b_n,
     90	.a = cp256b_a,
     91	.b = cp256b_b
     92};
     93
     94/* OID_gostCPSignC 1.2.643.2.2.35.3 */
     95static u64 cp256c_g_x[] = {
     96	0x0000000000000000ull, 0x0000000000000000ull,
     97	0x0000000000000000ull, 0x0000000000000000ull, };
     98static u64 cp256c_g_y[] = {
     99	0x366E550DFDB3BB67ull, 0x4D4DC440D4641A8Full,
    100	0x3CBF3783CD08C0EEull, 0x41ECE55743711A8Cull, };
    101static u64 cp256c_p[] = {
    102	0x7998F7B9022D759Bull, 0xCF846E86789051D3ull,
    103	0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull,
    104	/* pre-computed value for Barrett's reduction */
    105	0xedc283cdd217b5a2ull, 0xbac48fc06398ae59ull,
    106	0x405384d55f9f3b73ull, 0xa51f176161f1d734ull,
    107	0x0000000000000001ull, };
    108static u64 cp256c_n[] = {
    109	0xF02F3A6598980BB9ull, 0x582CA3511EDDFB74ull,
    110	0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, };
    111static u64 cp256c_a[] = { /* a = p - 3 */
    112	0x7998F7B9022D7598ull, 0xCF846E86789051D3ull,
    113	0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, };
    114static u64 cp256c_b[] = {
    115	0x000000000000805aull, 0x0000000000000000ull,
    116	0x0000000000000000ull, 0x0000000000000000ull, };
    117
    118static struct ecc_curve gost_cp256c = {
    119	.name = "cp256c",
    120	.g = {
    121		.x = cp256c_g_x,
    122		.y = cp256c_g_y,
    123		.ndigits = 256 / 64,
    124	},
    125	.p = cp256c_p,
    126	.n = cp256c_n,
    127	.a = cp256c_a,
    128	.b = cp256c_b
    129};
    130
    131/* tc512{a,b} curves first recommended in 2013 and then standardized in
    132 * R 50.1.114-2016 and RFC 7836 for use with GOST R 34.10-2012 (as TC26
    133 * 512-bit ParamSet{A,B}).
    134 */
    135/* OID_gostTC26Sign512A 1.2.643.7.1.2.1.2.1 */
    136static u64 tc512a_g_x[] = {
    137	0x0000000000000003ull, 0x0000000000000000ull,
    138	0x0000000000000000ull, 0x0000000000000000ull,
    139	0x0000000000000000ull, 0x0000000000000000ull,
    140	0x0000000000000000ull, 0x0000000000000000ull, };
    141static u64 tc512a_g_y[] = {
    142	0x89A589CB5215F2A4ull, 0x8028FE5FC235F5B8ull,
    143	0x3D75E6A50E3A41E9ull, 0xDF1626BE4FD036E9ull,
    144	0x778064FDCBEFA921ull, 0xCE5E1C93ACF1ABC1ull,
    145	0xA61B8816E25450E6ull, 0x7503CFE87A836AE3ull, };
    146static u64 tc512a_p[] = { /* p = 2^512 - 569 */
    147	0xFFFFFFFFFFFFFDC7ull, 0xFFFFFFFFFFFFFFFFull,
    148	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
    149	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
    150	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
    151static u64 tc512a_n[] = {
    152	0xCACDB1411F10B275ull, 0x9B4B38ABFAD2B85Dull,
    153	0x6FF22B8D4E056060ull, 0x27E69532F48D8911ull,
    154	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
    155	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
    156static u64 tc512a_a[] = { /* a = p - 3 */
    157	0xFFFFFFFFFFFFFDC4ull, 0xFFFFFFFFFFFFFFFFull,
    158	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
    159	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
    160	0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
    161static u64 tc512a_b[] = {
    162	0x503190785A71C760ull, 0x862EF9D4EBEE4761ull,
    163	0x4CB4574010DA90DDull, 0xEE3CB090F30D2761ull,
    164	0x79BD081CFD0B6265ull, 0x34B82574761CB0E8ull,
    165	0xC1BD0B2B6667F1DAull, 0xE8C2505DEDFC86DDull, };
    166
    167static struct ecc_curve gost_tc512a = {
    168	.name = "tc512a",
    169	.g = {
    170		.x = tc512a_g_x,
    171		.y = tc512a_g_y,
    172		.ndigits = 512 / 64,
    173	},
    174	.p = tc512a_p,
    175	.n = tc512a_n,
    176	.a = tc512a_a,
    177	.b = tc512a_b
    178};
    179
    180/* OID_gostTC26Sign512B 1.2.643.7.1.2.1.2.2 */
    181static u64 tc512b_g_x[] = {
    182	0x0000000000000002ull, 0x0000000000000000ull,
    183	0x0000000000000000ull, 0x0000000000000000ull,
    184	0x0000000000000000ull, 0x0000000000000000ull,
    185	0x0000000000000000ull, 0x0000000000000000ull, };
    186static u64 tc512b_g_y[] = {
    187	0x7E21340780FE41BDull, 0x28041055F94CEEECull,
    188	0x152CBCAAF8C03988ull, 0xDCB228FD1EDF4A39ull,
    189	0xBE6DD9E6C8EC7335ull, 0x3C123B697578C213ull,
    190	0x2C071E3647A8940Full, 0x1A8F7EDA389B094Cull, };
    191static u64 tc512b_p[] = { /* p = 2^511 + 111 */
    192	0x000000000000006Full, 0x0000000000000000ull,
    193	0x0000000000000000ull, 0x0000000000000000ull,
    194	0x0000000000000000ull, 0x0000000000000000ull,
    195	0x0000000000000000ull, 0x8000000000000000ull, };
    196static u64 tc512b_n[] = {
    197	0xC6346C54374F25BDull, 0x8B996712101BEA0Eull,
    198	0xACFDB77BD9D40CFAull, 0x49A1EC142565A545ull,
    199	0x0000000000000001ull, 0x0000000000000000ull,
    200	0x0000000000000000ull, 0x8000000000000000ull, };
    201static u64 tc512b_a[] = { /* a = p - 3 */
    202	0x000000000000006Cull, 0x0000000000000000ull,
    203	0x0000000000000000ull, 0x0000000000000000ull,
    204	0x0000000000000000ull, 0x0000000000000000ull,
    205	0x0000000000000000ull, 0x8000000000000000ull, };
    206static u64 tc512b_b[] = {
    207	0xFB8CCBC7C5140116ull, 0x50F78BEE1FA3106Eull,
    208	0x7F8B276FAD1AB69Cull, 0x3E965D2DB1416D21ull,
    209	0xBF85DC806C4B289Full, 0xB97C7D614AF138BCull,
    210	0x7E3E06CF6F5E2517ull, 0x687D1B459DC84145ull, };
    211
    212static struct ecc_curve gost_tc512b = {
    213	.name = "tc512b",
    214	.g = {
    215		.x = tc512b_g_x,
    216		.y = tc512b_g_y,
    217		.ndigits = 512 / 64,
    218	},
    219	.p = tc512b_p,
    220	.n = tc512b_n,
    221	.a = tc512b_a,
    222	.b = tc512b_b
    223};
    224
    225#endif