xref: /kernel/linux/linux-5.10/crypto/ecc.c

900 			  const struct ecc_curve *curve)
903 	const u64 *curve_prime = curve->p;
904 	const unsigned int ndigits = curve->g.ndigits;
907 	if (strncmp(curve->name, "nist_", 5) != 0) {
942  * Assumes that mod is big enough curve order.
956 			      const struct ecc_curve *curve)
960 	vli_mult(product, left, right, curve->g.ndigits);
961 	vli_mmod_fast(result, product, curve);
966 				const struct ecc_curve *curve)
970 	vli_square(product, left, curve->g.ndigits);
971 	vli_mmod_fast(result, product, curve);
1069 					const struct ecc_curve *curve)
1074 	const u64 *curve_prime = curve->p;
1075 	const unsigned int ndigits = curve->g.ndigits;
1081 	vli_mod_square_fast(t4, y1, curve);
1083 	vli_mod_mult_fast(t5, x1, t4, curve);
1085 	vli_mod_square_fast(t4, t4, curve);
1087 	vli_mod_mult_fast(y1, y1, z1, curve);
1089 	vli_mod_square_fast(z1, z1, curve);
1098 	vli_mod_mult_fast(x1, x1, z1, curve);
1115 	vli_mod_square_fast(z1, x1, curve);
1123 	vli_mod_mult_fast(x1, x1, t5, curve);
1133 static void apply_z(u64 *x1, u64 *y1, u64 *z, const struct ecc_curve *curve)
1137 	vli_mod_square_fast(t1, z, curve);		/* z^2 */
1138 	vli_mod_mult_fast(x1, x1, t1, curve);	/* x1 * z^2 */
1139 	vli_mod_mult_fast(t1, t1, z, curve);	/* z^3 */
1140 	vli_mod_mult_fast(y1, y1, t1, curve);	/* y1 * z^3 */
1145 				u64 *p_initial_z, const struct ecc_curve *curve)
1148 	const unsigned int ndigits = curve->g.ndigits;
1159 	apply_z(x1, y1, z, curve);
1161 	ecc_point_double_jacobian(x1, y1, z, curve);
1163 	apply_z(x2, y2, z, curve);
1171 			const struct ecc_curve *curve)
1175 	const u64 *curve_prime = curve->p;
1176 	const unsigned int ndigits = curve->g.ndigits;
1181 	vli_mod_square_fast(t5, t5, curve);
1183 	vli_mod_mult_fast(x1, x1, t5, curve);
1185 	vli_mod_mult_fast(x2, x2, t5, curve);
1189 	vli_mod_square_fast(t5, y2, curve);
1198 	vli_mod_mult_fast(y1, y1, x2, curve);
1202 	vli_mod_mult_fast(y2, y2, x2, curve);
1214 			const struct ecc_curve *curve)
1220 	const u64 *curve_prime = curve->p;
1221 	const unsigned int ndigits = curve->g.ndigits;
1226 	vli_mod_square_fast(t5, t5, curve);
1228 	vli_mod_mult_fast(x1, x1, t5, curve);
1230 	vli_mod_mult_fast(x2, x2, t5, curve);
1239 	vli_mod_mult_fast(y1, y1, t6, curve);
1243 	vli_mod_square_fast(x2, y2, curve);
1250 	vli_mod_mult_fast(y2, y2, t7, curve);
1255 	vli_mod_square_fast(t7, t5, curve);
1261 	vli_mod_mult_fast(t6, t6, t5, curve);
1270 			   u64 *initial_z, const struct ecc_curve *curve,
1278 	u64 *curve_prime = curve->p;
1283 	carry = vli_add(sk[0], scalar, curve->n, ndigits);
1284 	vli_add(sk[1], sk[0], curve->n, ndigits);
1291 	xycz_initial_double(rx[1], ry[1], rx[0], ry[0], initial_z, curve);
1295 		xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve);
1296 		xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve);
1300 	xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve);
1306 	vli_mod_mult_fast(z, z, ry[1 - nb], curve);
1308 	vli_mod_mult_fast(z, z, point->x, curve);
1314 	vli_mod_mult_fast(z, z, point->y, curve);
1316 	vli_mod_mult_fast(z, z, rx[1 - nb], curve);
1319 	xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve);
1321 	apply_z(rx[0], ry[0], z, curve);
1330 		   const struct ecc_curve *curve)
1335 	unsigned int ndigits = curve->g.ndigits;
1339 	vli_mod_sub(z, result->x, p->x, curve->p, ndigits);
1342 	xycz_add(px, py, result->x, result->y, curve);
1343 	vli_mod_inv(z, z, curve->p, ndigits);
1344 	apply_z(result->x, result->y, z, curve);
1353 			   const struct ecc_curve *curve)
1359 	unsigned int ndigits = curve->g.ndigits;
1367 	ecc_point_add(&sum, p, q, curve);
1384 		ecc_point_double_jacobian(rx, ry, z, curve);
1394 			apply_z(tx, ty, z, curve);
1395 			vli_mod_sub(tz, rx, tx, curve->p, ndigits);
1396 			xycz_add(tx, ty, rx, ry, curve);
1397 			vli_mod_mult_fast(z, z, tz, curve);
1400 	vli_mod_inv(z, z, curve->p, ndigits);
1401 	apply_z(rx, ry, z, curve);
1405 static int __ecc_is_key_valid(const struct ecc_curve *curve,
1414 	if (curve->g.ndigits != ndigits)
1420 	vli_sub(res, curve->n, one, ndigits);
1432 	const struct ecc_curve *curve = ecc_get_curve(curve_id);
1439 	return __ecc_is_key_valid(curve, private_key, ndigits);
1457 	const struct ecc_curve *curve = ecc_get_curve(curve_id);
1460 	unsigned int nbits = vli_num_bits(curve->n, ndigits);
1487 	if (__ecc_is_key_valid(curve, priv, ndigits))
1502 	const struct ecc_curve *curve = ecc_get_curve(curve_id);
1504 	if (!private_key || !curve || ndigits > ARRAY_SIZE(priv)) {
1517 	ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
1520 	if (ecc_is_pubkey_valid_full(curve, pk)) {
1536 int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
1541 	if (WARN_ON(pk->ndigits != curve->g.ndigits))
1549 	if (vli_cmp(curve->p, pk->x, pk->ndigits) != 1)
1551 	if (vli_cmp(curve->p, pk->y, pk->ndigits) != 1)
1555 	vli_mod_square_fast(yy, pk->y, curve); /* y^2 */
1556 	vli_mod_square_fast(xxx, pk->x, curve); /* x^2 */
1557 	vli_mod_mult_fast(xxx, xxx, pk->x, curve); /* x^3 */
1558 	vli_mod_mult_fast(w, curve->a, pk->x, curve); /* a·x */
1559 	vli_mod_add(w, w, curve->b, curve->p, pk->ndigits); /* a·x + b */
1560 	vli_mod_add(w, w, xxx, curve->p, pk->ndigits); /* x^3 + a·x + b */
1569 int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
1575 	int ret = ecc_is_pubkey_valid_partial(curve, pk);
1585 	ecc_point_mult(nQ, pk, curve->n, NULL, curve, pk->ndigits);
1604 	const struct ecc_curve *curve = ecc_get_curve(curve_id);
1606 	if (!private_key || !public_key || !curve ||
1624 	ret = ecc_is_pubkey_valid_partial(curve, pk);
1636 	ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);

Indexes created Thu Nov 07 10:32:03 CST 2024