10d7a7864SVitaly Chikunov /* SPDX-License-Identifier: GPL-2.0+ */ 20d7a7864SVitaly Chikunov /* 30d7a7864SVitaly Chikunov * Definitions of EC-RDSA Curve Parameters 40d7a7864SVitaly Chikunov * 50d7a7864SVitaly Chikunov * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org> 60d7a7864SVitaly Chikunov * 70d7a7864SVitaly Chikunov * This program is free software; you can redistribute it and/or modify it 80d7a7864SVitaly Chikunov * under the terms of the GNU General Public License as published by the Free 90d7a7864SVitaly Chikunov * Software Foundation; either version 2 of the License, or (at your option) 100d7a7864SVitaly Chikunov * any later version. 110d7a7864SVitaly Chikunov */ 120d7a7864SVitaly Chikunov 130d7a7864SVitaly Chikunov #ifndef _CRYTO_ECRDSA_DEFS_H 140d7a7864SVitaly Chikunov #define _CRYTO_ECRDSA_DEFS_H 150d7a7864SVitaly Chikunov 16*a745d3acSDaniele Alessandrelli #include <crypto/internal/ecc.h> 170d7a7864SVitaly Chikunov 180d7a7864SVitaly Chikunov #define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8) 190d7a7864SVitaly Chikunov #define ECRDSA_MAX_DIGITS (512 / 64) 200d7a7864SVitaly Chikunov 210d7a7864SVitaly Chikunov /* 220d7a7864SVitaly Chikunov * EC-RDSA uses its own set of curves. 230d7a7864SVitaly Chikunov * 240d7a7864SVitaly Chikunov * cp256{a,b,c} curves first defined for GOST R 34.10-2001 in RFC 4357 (as 250d7a7864SVitaly Chikunov * 256-bit {A,B,C}-ParamSet), but inherited for GOST R 34.10-2012 and 260d7a7864SVitaly Chikunov * proposed for use in R 50.1.114-2016 and RFC 7836 as the 256-bit curves. 270d7a7864SVitaly Chikunov */ 280d7a7864SVitaly Chikunov /* OID_gostCPSignA 1.2.643.2.2.35.1 */ 290d7a7864SVitaly Chikunov static u64 cp256a_g_x[] = { 300d7a7864SVitaly Chikunov 0x0000000000000001ull, 0x0000000000000000ull, 310d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, }; 320d7a7864SVitaly Chikunov static u64 cp256a_g_y[] = { 330d7a7864SVitaly Chikunov 0x22ACC99C9E9F1E14ull, 0x35294F2DDF23E3B1ull, 340d7a7864SVitaly Chikunov 0x27DF505A453F2B76ull, 0x8D91E471E0989CDAull, }; 350d7a7864SVitaly Chikunov static u64 cp256a_p[] = { /* p = 2^256 - 617 */ 360d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFD97ull, 0xFFFFFFFFFFFFFFFFull, 370d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 380d7a7864SVitaly Chikunov static u64 cp256a_n[] = { 390d7a7864SVitaly Chikunov 0x45841B09B761B893ull, 0x6C611070995AD100ull, 400d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 410d7a7864SVitaly Chikunov static u64 cp256a_a[] = { /* a = p - 3 */ 420d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFD94ull, 0xFFFFFFFFFFFFFFFFull, 430d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 440d7a7864SVitaly Chikunov static u64 cp256a_b[] = { 450d7a7864SVitaly Chikunov 0x00000000000000a6ull, 0x0000000000000000ull, 460d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull }; 470d7a7864SVitaly Chikunov 480d7a7864SVitaly Chikunov static struct ecc_curve gost_cp256a = { 490d7a7864SVitaly Chikunov .name = "cp256a", 500d7a7864SVitaly Chikunov .g = { 510d7a7864SVitaly Chikunov .x = cp256a_g_x, 520d7a7864SVitaly Chikunov .y = cp256a_g_y, 530d7a7864SVitaly Chikunov .ndigits = 256 / 64, 540d7a7864SVitaly Chikunov }, 550d7a7864SVitaly Chikunov .p = cp256a_p, 560d7a7864SVitaly Chikunov .n = cp256a_n, 570d7a7864SVitaly Chikunov .a = cp256a_a, 580d7a7864SVitaly Chikunov .b = cp256a_b 590d7a7864SVitaly Chikunov }; 600d7a7864SVitaly Chikunov 610d7a7864SVitaly Chikunov /* OID_gostCPSignB 1.2.643.2.2.35.2 */ 620d7a7864SVitaly Chikunov static u64 cp256b_g_x[] = { 630d7a7864SVitaly Chikunov 0x0000000000000001ull, 0x0000000000000000ull, 640d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, }; 650d7a7864SVitaly Chikunov static u64 cp256b_g_y[] = { 660d7a7864SVitaly Chikunov 0x744BF8D717717EFCull, 0xC545C9858D03ECFBull, 670d7a7864SVitaly Chikunov 0xB83D1C3EB2C070E5ull, 0x3FA8124359F96680ull, }; 680d7a7864SVitaly Chikunov static u64 cp256b_p[] = { /* p = 2^255 + 3225 */ 690d7a7864SVitaly Chikunov 0x0000000000000C99ull, 0x0000000000000000ull, 700d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x8000000000000000ull, }; 710d7a7864SVitaly Chikunov static u64 cp256b_n[] = { 720d7a7864SVitaly Chikunov 0xE497161BCC8A198Full, 0x5F700CFFF1A624E5ull, 730d7a7864SVitaly Chikunov 0x0000000000000001ull, 0x8000000000000000ull, }; 740d7a7864SVitaly Chikunov static u64 cp256b_a[] = { /* a = p - 3 */ 750d7a7864SVitaly Chikunov 0x0000000000000C96ull, 0x0000000000000000ull, 760d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x8000000000000000ull, }; 770d7a7864SVitaly Chikunov static u64 cp256b_b[] = { 780d7a7864SVitaly Chikunov 0x2F49D4CE7E1BBC8Bull, 0xE979259373FF2B18ull, 790d7a7864SVitaly Chikunov 0x66A7D3C25C3DF80Aull, 0x3E1AF419A269A5F8ull, }; 800d7a7864SVitaly Chikunov 810d7a7864SVitaly Chikunov static struct ecc_curve gost_cp256b = { 820d7a7864SVitaly Chikunov .name = "cp256b", 830d7a7864SVitaly Chikunov .g = { 840d7a7864SVitaly Chikunov .x = cp256b_g_x, 850d7a7864SVitaly Chikunov .y = cp256b_g_y, 860d7a7864SVitaly Chikunov .ndigits = 256 / 64, 870d7a7864SVitaly Chikunov }, 880d7a7864SVitaly Chikunov .p = cp256b_p, 890d7a7864SVitaly Chikunov .n = cp256b_n, 900d7a7864SVitaly Chikunov .a = cp256b_a, 910d7a7864SVitaly Chikunov .b = cp256b_b 920d7a7864SVitaly Chikunov }; 930d7a7864SVitaly Chikunov 940d7a7864SVitaly Chikunov /* OID_gostCPSignC 1.2.643.2.2.35.3 */ 950d7a7864SVitaly Chikunov static u64 cp256c_g_x[] = { 960d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 970d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, }; 980d7a7864SVitaly Chikunov static u64 cp256c_g_y[] = { 990d7a7864SVitaly Chikunov 0x366E550DFDB3BB67ull, 0x4D4DC440D4641A8Full, 1000d7a7864SVitaly Chikunov 0x3CBF3783CD08C0EEull, 0x41ECE55743711A8Cull, }; 1010d7a7864SVitaly Chikunov static u64 cp256c_p[] = { 1020d7a7864SVitaly Chikunov 0x7998F7B9022D759Bull, 0xCF846E86789051D3ull, 1030d7a7864SVitaly Chikunov 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, 1040d7a7864SVitaly Chikunov /* pre-computed value for Barrett's reduction */ 1050d7a7864SVitaly Chikunov 0xedc283cdd217b5a2ull, 0xbac48fc06398ae59ull, 1060d7a7864SVitaly Chikunov 0x405384d55f9f3b73ull, 0xa51f176161f1d734ull, 1070d7a7864SVitaly Chikunov 0x0000000000000001ull, }; 1080d7a7864SVitaly Chikunov static u64 cp256c_n[] = { 1090d7a7864SVitaly Chikunov 0xF02F3A6598980BB9ull, 0x582CA3511EDDFB74ull, 1100d7a7864SVitaly Chikunov 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; 1110d7a7864SVitaly Chikunov static u64 cp256c_a[] = { /* a = p - 3 */ 1120d7a7864SVitaly Chikunov 0x7998F7B9022D7598ull, 0xCF846E86789051D3ull, 1130d7a7864SVitaly Chikunov 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; 1140d7a7864SVitaly Chikunov static u64 cp256c_b[] = { 1150d7a7864SVitaly Chikunov 0x000000000000805aull, 0x0000000000000000ull, 1160d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, }; 1170d7a7864SVitaly Chikunov 1180d7a7864SVitaly Chikunov static struct ecc_curve gost_cp256c = { 1190d7a7864SVitaly Chikunov .name = "cp256c", 1200d7a7864SVitaly Chikunov .g = { 1210d7a7864SVitaly Chikunov .x = cp256c_g_x, 1220d7a7864SVitaly Chikunov .y = cp256c_g_y, 1230d7a7864SVitaly Chikunov .ndigits = 256 / 64, 1240d7a7864SVitaly Chikunov }, 1250d7a7864SVitaly Chikunov .p = cp256c_p, 1260d7a7864SVitaly Chikunov .n = cp256c_n, 1270d7a7864SVitaly Chikunov .a = cp256c_a, 1280d7a7864SVitaly Chikunov .b = cp256c_b 1290d7a7864SVitaly Chikunov }; 1300d7a7864SVitaly Chikunov 1310d7a7864SVitaly Chikunov /* tc512{a,b} curves first recommended in 2013 and then standardized in 1320d7a7864SVitaly Chikunov * R 50.1.114-2016 and RFC 7836 for use with GOST R 34.10-2012 (as TC26 1330d7a7864SVitaly Chikunov * 512-bit ParamSet{A,B}). 1340d7a7864SVitaly Chikunov */ 1350d7a7864SVitaly Chikunov /* OID_gostTC26Sign512A 1.2.643.7.1.2.1.2.1 */ 1360d7a7864SVitaly Chikunov static u64 tc512a_g_x[] = { 1370d7a7864SVitaly Chikunov 0x0000000000000003ull, 0x0000000000000000ull, 1380d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 1390d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 1400d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, }; 1410d7a7864SVitaly Chikunov static u64 tc512a_g_y[] = { 1420d7a7864SVitaly Chikunov 0x89A589CB5215F2A4ull, 0x8028FE5FC235F5B8ull, 1430d7a7864SVitaly Chikunov 0x3D75E6A50E3A41E9ull, 0xDF1626BE4FD036E9ull, 1440d7a7864SVitaly Chikunov 0x778064FDCBEFA921ull, 0xCE5E1C93ACF1ABC1ull, 1450d7a7864SVitaly Chikunov 0xA61B8816E25450E6ull, 0x7503CFE87A836AE3ull, }; 1460d7a7864SVitaly Chikunov static u64 tc512a_p[] = { /* p = 2^512 - 569 */ 1470d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFDC7ull, 0xFFFFFFFFFFFFFFFFull, 1480d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 1490d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 1500d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 1510d7a7864SVitaly Chikunov static u64 tc512a_n[] = { 1520d7a7864SVitaly Chikunov 0xCACDB1411F10B275ull, 0x9B4B38ABFAD2B85Dull, 1530d7a7864SVitaly Chikunov 0x6FF22B8D4E056060ull, 0x27E69532F48D8911ull, 1540d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 1550d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 1560d7a7864SVitaly Chikunov static u64 tc512a_a[] = { /* a = p - 3 */ 1570d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFDC4ull, 0xFFFFFFFFFFFFFFFFull, 1580d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 1590d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 1600d7a7864SVitaly Chikunov 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 1610d7a7864SVitaly Chikunov static u64 tc512a_b[] = { 1620d7a7864SVitaly Chikunov 0x503190785A71C760ull, 0x862EF9D4EBEE4761ull, 1630d7a7864SVitaly Chikunov 0x4CB4574010DA90DDull, 0xEE3CB090F30D2761ull, 1640d7a7864SVitaly Chikunov 0x79BD081CFD0B6265ull, 0x34B82574761CB0E8ull, 1650d7a7864SVitaly Chikunov 0xC1BD0B2B6667F1DAull, 0xE8C2505DEDFC86DDull, }; 1660d7a7864SVitaly Chikunov 1670d7a7864SVitaly Chikunov static struct ecc_curve gost_tc512a = { 1680d7a7864SVitaly Chikunov .name = "tc512a", 1690d7a7864SVitaly Chikunov .g = { 1700d7a7864SVitaly Chikunov .x = tc512a_g_x, 1710d7a7864SVitaly Chikunov .y = tc512a_g_y, 1720d7a7864SVitaly Chikunov .ndigits = 512 / 64, 1730d7a7864SVitaly Chikunov }, 1740d7a7864SVitaly Chikunov .p = tc512a_p, 1750d7a7864SVitaly Chikunov .n = tc512a_n, 1760d7a7864SVitaly Chikunov .a = tc512a_a, 1770d7a7864SVitaly Chikunov .b = tc512a_b 1780d7a7864SVitaly Chikunov }; 1790d7a7864SVitaly Chikunov 1800d7a7864SVitaly Chikunov /* OID_gostTC26Sign512B 1.2.643.7.1.2.1.2.2 */ 1810d7a7864SVitaly Chikunov static u64 tc512b_g_x[] = { 1820d7a7864SVitaly Chikunov 0x0000000000000002ull, 0x0000000000000000ull, 1830d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 1840d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 1850d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, }; 1860d7a7864SVitaly Chikunov static u64 tc512b_g_y[] = { 1870d7a7864SVitaly Chikunov 0x7E21340780FE41BDull, 0x28041055F94CEEECull, 1880d7a7864SVitaly Chikunov 0x152CBCAAF8C03988ull, 0xDCB228FD1EDF4A39ull, 1890d7a7864SVitaly Chikunov 0xBE6DD9E6C8EC7335ull, 0x3C123B697578C213ull, 1900d7a7864SVitaly Chikunov 0x2C071E3647A8940Full, 0x1A8F7EDA389B094Cull, }; 1910d7a7864SVitaly Chikunov static u64 tc512b_p[] = { /* p = 2^511 + 111 */ 1920d7a7864SVitaly Chikunov 0x000000000000006Full, 0x0000000000000000ull, 1930d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 1940d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 1950d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x8000000000000000ull, }; 1960d7a7864SVitaly Chikunov static u64 tc512b_n[] = { 1970d7a7864SVitaly Chikunov 0xC6346C54374F25BDull, 0x8B996712101BEA0Eull, 1980d7a7864SVitaly Chikunov 0xACFDB77BD9D40CFAull, 0x49A1EC142565A545ull, 1990d7a7864SVitaly Chikunov 0x0000000000000001ull, 0x0000000000000000ull, 2000d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x8000000000000000ull, }; 2010d7a7864SVitaly Chikunov static u64 tc512b_a[] = { /* a = p - 3 */ 2020d7a7864SVitaly Chikunov 0x000000000000006Cull, 0x0000000000000000ull, 2030d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 2040d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x0000000000000000ull, 2050d7a7864SVitaly Chikunov 0x0000000000000000ull, 0x8000000000000000ull, }; 2060d7a7864SVitaly Chikunov static u64 tc512b_b[] = { 2070d7a7864SVitaly Chikunov 0xFB8CCBC7C5140116ull, 0x50F78BEE1FA3106Eull, 2080d7a7864SVitaly Chikunov 0x7F8B276FAD1AB69Cull, 0x3E965D2DB1416D21ull, 2090d7a7864SVitaly Chikunov 0xBF85DC806C4B289Full, 0xB97C7D614AF138BCull, 2100d7a7864SVitaly Chikunov 0x7E3E06CF6F5E2517ull, 0x687D1B459DC84145ull, }; 2110d7a7864SVitaly Chikunov 2120d7a7864SVitaly Chikunov static struct ecc_curve gost_tc512b = { 2130d7a7864SVitaly Chikunov .name = "tc512b", 2140d7a7864SVitaly Chikunov .g = { 2150d7a7864SVitaly Chikunov .x = tc512b_g_x, 2160d7a7864SVitaly Chikunov .y = tc512b_g_y, 2170d7a7864SVitaly Chikunov .ndigits = 512 / 64, 2180d7a7864SVitaly Chikunov }, 2190d7a7864SVitaly Chikunov .p = tc512b_p, 2200d7a7864SVitaly Chikunov .n = tc512b_n, 2210d7a7864SVitaly Chikunov .a = tc512b_a, 2220d7a7864SVitaly Chikunov .b = tc512b_b 2230d7a7864SVitaly Chikunov }; 2240d7a7864SVitaly Chikunov 2250d7a7864SVitaly Chikunov #endif 226