162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0+ */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Definitions of EC-RDSA Curve Parameters 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org> 662306a36Sopenharmony_ci * 762306a36Sopenharmony_ci * This program is free software; you can redistribute it and/or modify it 862306a36Sopenharmony_ci * under the terms of the GNU General Public License as published by the Free 962306a36Sopenharmony_ci * Software Foundation; either version 2 of the License, or (at your option) 1062306a36Sopenharmony_ci * any later version. 1162306a36Sopenharmony_ci */ 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ci#ifndef _CRYTO_ECRDSA_DEFS_H 1462306a36Sopenharmony_ci#define _CRYTO_ECRDSA_DEFS_H 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#include <crypto/internal/ecc.h> 1762306a36Sopenharmony_ci 1862306a36Sopenharmony_ci#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8) 1962306a36Sopenharmony_ci#define ECRDSA_MAX_DIGITS (512 / 64) 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_ci/* 2262306a36Sopenharmony_ci * EC-RDSA uses its own set of curves. 2362306a36Sopenharmony_ci * 2462306a36Sopenharmony_ci * cp256{a,b,c} curves first defined for GOST R 34.10-2001 in RFC 4357 (as 2562306a36Sopenharmony_ci * 256-bit {A,B,C}-ParamSet), but inherited for GOST R 34.10-2012 and 2662306a36Sopenharmony_ci * proposed for use in R 50.1.114-2016 and RFC 7836 as the 256-bit curves. 2762306a36Sopenharmony_ci */ 2862306a36Sopenharmony_ci/* OID_gostCPSignA 1.2.643.2.2.35.1 */ 2962306a36Sopenharmony_cistatic u64 cp256a_g_x[] = { 3062306a36Sopenharmony_ci 0x0000000000000001ull, 0x0000000000000000ull, 3162306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, }; 3262306a36Sopenharmony_cistatic u64 cp256a_g_y[] = { 3362306a36Sopenharmony_ci 0x22ACC99C9E9F1E14ull, 0x35294F2DDF23E3B1ull, 3462306a36Sopenharmony_ci 0x27DF505A453F2B76ull, 0x8D91E471E0989CDAull, }; 3562306a36Sopenharmony_cistatic u64 cp256a_p[] = { /* p = 2^256 - 617 */ 3662306a36Sopenharmony_ci 0xFFFFFFFFFFFFFD97ull, 0xFFFFFFFFFFFFFFFFull, 3762306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 3862306a36Sopenharmony_cistatic u64 cp256a_n[] = { 3962306a36Sopenharmony_ci 0x45841B09B761B893ull, 0x6C611070995AD100ull, 4062306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 4162306a36Sopenharmony_cistatic u64 cp256a_a[] = { /* a = p - 3 */ 4262306a36Sopenharmony_ci 0xFFFFFFFFFFFFFD94ull, 0xFFFFFFFFFFFFFFFFull, 4362306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 4462306a36Sopenharmony_cistatic u64 cp256a_b[] = { 4562306a36Sopenharmony_ci 0x00000000000000a6ull, 0x0000000000000000ull, 4662306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull }; 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_cistatic struct ecc_curve gost_cp256a = { 4962306a36Sopenharmony_ci .name = "cp256a", 5062306a36Sopenharmony_ci .g = { 5162306a36Sopenharmony_ci .x = cp256a_g_x, 5262306a36Sopenharmony_ci .y = cp256a_g_y, 5362306a36Sopenharmony_ci .ndigits = 256 / 64, 5462306a36Sopenharmony_ci }, 5562306a36Sopenharmony_ci .p = cp256a_p, 5662306a36Sopenharmony_ci .n = cp256a_n, 5762306a36Sopenharmony_ci .a = cp256a_a, 5862306a36Sopenharmony_ci .b = cp256a_b 5962306a36Sopenharmony_ci}; 6062306a36Sopenharmony_ci 6162306a36Sopenharmony_ci/* OID_gostCPSignB 1.2.643.2.2.35.2 */ 6262306a36Sopenharmony_cistatic u64 cp256b_g_x[] = { 6362306a36Sopenharmony_ci 0x0000000000000001ull, 0x0000000000000000ull, 6462306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, }; 6562306a36Sopenharmony_cistatic u64 cp256b_g_y[] = { 6662306a36Sopenharmony_ci 0x744BF8D717717EFCull, 0xC545C9858D03ECFBull, 6762306a36Sopenharmony_ci 0xB83D1C3EB2C070E5ull, 0x3FA8124359F96680ull, }; 6862306a36Sopenharmony_cistatic u64 cp256b_p[] = { /* p = 2^255 + 3225 */ 6962306a36Sopenharmony_ci 0x0000000000000C99ull, 0x0000000000000000ull, 7062306a36Sopenharmony_ci 0x0000000000000000ull, 0x8000000000000000ull, }; 7162306a36Sopenharmony_cistatic u64 cp256b_n[] = { 7262306a36Sopenharmony_ci 0xE497161BCC8A198Full, 0x5F700CFFF1A624E5ull, 7362306a36Sopenharmony_ci 0x0000000000000001ull, 0x8000000000000000ull, }; 7462306a36Sopenharmony_cistatic u64 cp256b_a[] = { /* a = p - 3 */ 7562306a36Sopenharmony_ci 0x0000000000000C96ull, 0x0000000000000000ull, 7662306a36Sopenharmony_ci 0x0000000000000000ull, 0x8000000000000000ull, }; 7762306a36Sopenharmony_cistatic u64 cp256b_b[] = { 7862306a36Sopenharmony_ci 0x2F49D4CE7E1BBC8Bull, 0xE979259373FF2B18ull, 7962306a36Sopenharmony_ci 0x66A7D3C25C3DF80Aull, 0x3E1AF419A269A5F8ull, }; 8062306a36Sopenharmony_ci 8162306a36Sopenharmony_cistatic struct ecc_curve gost_cp256b = { 8262306a36Sopenharmony_ci .name = "cp256b", 8362306a36Sopenharmony_ci .g = { 8462306a36Sopenharmony_ci .x = cp256b_g_x, 8562306a36Sopenharmony_ci .y = cp256b_g_y, 8662306a36Sopenharmony_ci .ndigits = 256 / 64, 8762306a36Sopenharmony_ci }, 8862306a36Sopenharmony_ci .p = cp256b_p, 8962306a36Sopenharmony_ci .n = cp256b_n, 9062306a36Sopenharmony_ci .a = cp256b_a, 9162306a36Sopenharmony_ci .b = cp256b_b 9262306a36Sopenharmony_ci}; 9362306a36Sopenharmony_ci 9462306a36Sopenharmony_ci/* OID_gostCPSignC 1.2.643.2.2.35.3 */ 9562306a36Sopenharmony_cistatic u64 cp256c_g_x[] = { 9662306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 9762306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, }; 9862306a36Sopenharmony_cistatic u64 cp256c_g_y[] = { 9962306a36Sopenharmony_ci 0x366E550DFDB3BB67ull, 0x4D4DC440D4641A8Full, 10062306a36Sopenharmony_ci 0x3CBF3783CD08C0EEull, 0x41ECE55743711A8Cull, }; 10162306a36Sopenharmony_cistatic u64 cp256c_p[] = { 10262306a36Sopenharmony_ci 0x7998F7B9022D759Bull, 0xCF846E86789051D3ull, 10362306a36Sopenharmony_ci 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, 10462306a36Sopenharmony_ci /* pre-computed value for Barrett's reduction */ 10562306a36Sopenharmony_ci 0xedc283cdd217b5a2ull, 0xbac48fc06398ae59ull, 10662306a36Sopenharmony_ci 0x405384d55f9f3b73ull, 0xa51f176161f1d734ull, 10762306a36Sopenharmony_ci 0x0000000000000001ull, }; 10862306a36Sopenharmony_cistatic u64 cp256c_n[] = { 10962306a36Sopenharmony_ci 0xF02F3A6598980BB9ull, 0x582CA3511EDDFB74ull, 11062306a36Sopenharmony_ci 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; 11162306a36Sopenharmony_cistatic u64 cp256c_a[] = { /* a = p - 3 */ 11262306a36Sopenharmony_ci 0x7998F7B9022D7598ull, 0xCF846E86789051D3ull, 11362306a36Sopenharmony_ci 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; 11462306a36Sopenharmony_cistatic u64 cp256c_b[] = { 11562306a36Sopenharmony_ci 0x000000000000805aull, 0x0000000000000000ull, 11662306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, }; 11762306a36Sopenharmony_ci 11862306a36Sopenharmony_cistatic struct ecc_curve gost_cp256c = { 11962306a36Sopenharmony_ci .name = "cp256c", 12062306a36Sopenharmony_ci .g = { 12162306a36Sopenharmony_ci .x = cp256c_g_x, 12262306a36Sopenharmony_ci .y = cp256c_g_y, 12362306a36Sopenharmony_ci .ndigits = 256 / 64, 12462306a36Sopenharmony_ci }, 12562306a36Sopenharmony_ci .p = cp256c_p, 12662306a36Sopenharmony_ci .n = cp256c_n, 12762306a36Sopenharmony_ci .a = cp256c_a, 12862306a36Sopenharmony_ci .b = cp256c_b 12962306a36Sopenharmony_ci}; 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_ci/* tc512{a,b} curves first recommended in 2013 and then standardized in 13262306a36Sopenharmony_ci * R 50.1.114-2016 and RFC 7836 for use with GOST R 34.10-2012 (as TC26 13362306a36Sopenharmony_ci * 512-bit ParamSet{A,B}). 13462306a36Sopenharmony_ci */ 13562306a36Sopenharmony_ci/* OID_gostTC26Sign512A 1.2.643.7.1.2.1.2.1 */ 13662306a36Sopenharmony_cistatic u64 tc512a_g_x[] = { 13762306a36Sopenharmony_ci 0x0000000000000003ull, 0x0000000000000000ull, 13862306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 13962306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 14062306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, }; 14162306a36Sopenharmony_cistatic u64 tc512a_g_y[] = { 14262306a36Sopenharmony_ci 0x89A589CB5215F2A4ull, 0x8028FE5FC235F5B8ull, 14362306a36Sopenharmony_ci 0x3D75E6A50E3A41E9ull, 0xDF1626BE4FD036E9ull, 14462306a36Sopenharmony_ci 0x778064FDCBEFA921ull, 0xCE5E1C93ACF1ABC1ull, 14562306a36Sopenharmony_ci 0xA61B8816E25450E6ull, 0x7503CFE87A836AE3ull, }; 14662306a36Sopenharmony_cistatic u64 tc512a_p[] = { /* p = 2^512 - 569 */ 14762306a36Sopenharmony_ci 0xFFFFFFFFFFFFFDC7ull, 0xFFFFFFFFFFFFFFFFull, 14862306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 14962306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 15062306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 15162306a36Sopenharmony_cistatic u64 tc512a_n[] = { 15262306a36Sopenharmony_ci 0xCACDB1411F10B275ull, 0x9B4B38ABFAD2B85Dull, 15362306a36Sopenharmony_ci 0x6FF22B8D4E056060ull, 0x27E69532F48D8911ull, 15462306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 15562306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 15662306a36Sopenharmony_cistatic u64 tc512a_a[] = { /* a = p - 3 */ 15762306a36Sopenharmony_ci 0xFFFFFFFFFFFFFDC4ull, 0xFFFFFFFFFFFFFFFFull, 15862306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 15962306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 16062306a36Sopenharmony_ci 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 16162306a36Sopenharmony_cistatic u64 tc512a_b[] = { 16262306a36Sopenharmony_ci 0x503190785A71C760ull, 0x862EF9D4EBEE4761ull, 16362306a36Sopenharmony_ci 0x4CB4574010DA90DDull, 0xEE3CB090F30D2761ull, 16462306a36Sopenharmony_ci 0x79BD081CFD0B6265ull, 0x34B82574761CB0E8ull, 16562306a36Sopenharmony_ci 0xC1BD0B2B6667F1DAull, 0xE8C2505DEDFC86DDull, }; 16662306a36Sopenharmony_ci 16762306a36Sopenharmony_cistatic struct ecc_curve gost_tc512a = { 16862306a36Sopenharmony_ci .name = "tc512a", 16962306a36Sopenharmony_ci .g = { 17062306a36Sopenharmony_ci .x = tc512a_g_x, 17162306a36Sopenharmony_ci .y = tc512a_g_y, 17262306a36Sopenharmony_ci .ndigits = 512 / 64, 17362306a36Sopenharmony_ci }, 17462306a36Sopenharmony_ci .p = tc512a_p, 17562306a36Sopenharmony_ci .n = tc512a_n, 17662306a36Sopenharmony_ci .a = tc512a_a, 17762306a36Sopenharmony_ci .b = tc512a_b 17862306a36Sopenharmony_ci}; 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_ci/* OID_gostTC26Sign512B 1.2.643.7.1.2.1.2.2 */ 18162306a36Sopenharmony_cistatic u64 tc512b_g_x[] = { 18262306a36Sopenharmony_ci 0x0000000000000002ull, 0x0000000000000000ull, 18362306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 18462306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 18562306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, }; 18662306a36Sopenharmony_cistatic u64 tc512b_g_y[] = { 18762306a36Sopenharmony_ci 0x7E21340780FE41BDull, 0x28041055F94CEEECull, 18862306a36Sopenharmony_ci 0x152CBCAAF8C03988ull, 0xDCB228FD1EDF4A39ull, 18962306a36Sopenharmony_ci 0xBE6DD9E6C8EC7335ull, 0x3C123B697578C213ull, 19062306a36Sopenharmony_ci 0x2C071E3647A8940Full, 0x1A8F7EDA389B094Cull, }; 19162306a36Sopenharmony_cistatic u64 tc512b_p[] = { /* p = 2^511 + 111 */ 19262306a36Sopenharmony_ci 0x000000000000006Full, 0x0000000000000000ull, 19362306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 19462306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 19562306a36Sopenharmony_ci 0x0000000000000000ull, 0x8000000000000000ull, }; 19662306a36Sopenharmony_cistatic u64 tc512b_n[] = { 19762306a36Sopenharmony_ci 0xC6346C54374F25BDull, 0x8B996712101BEA0Eull, 19862306a36Sopenharmony_ci 0xACFDB77BD9D40CFAull, 0x49A1EC142565A545ull, 19962306a36Sopenharmony_ci 0x0000000000000001ull, 0x0000000000000000ull, 20062306a36Sopenharmony_ci 0x0000000000000000ull, 0x8000000000000000ull, }; 20162306a36Sopenharmony_cistatic u64 tc512b_a[] = { /* a = p - 3 */ 20262306a36Sopenharmony_ci 0x000000000000006Cull, 0x0000000000000000ull, 20362306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 20462306a36Sopenharmony_ci 0x0000000000000000ull, 0x0000000000000000ull, 20562306a36Sopenharmony_ci 0x0000000000000000ull, 0x8000000000000000ull, }; 20662306a36Sopenharmony_cistatic u64 tc512b_b[] = { 20762306a36Sopenharmony_ci 0xFB8CCBC7C5140116ull, 0x50F78BEE1FA3106Eull, 20862306a36Sopenharmony_ci 0x7F8B276FAD1AB69Cull, 0x3E965D2DB1416D21ull, 20962306a36Sopenharmony_ci 0xBF85DC806C4B289Full, 0xB97C7D614AF138BCull, 21062306a36Sopenharmony_ci 0x7E3E06CF6F5E2517ull, 0x687D1B459DC84145ull, }; 21162306a36Sopenharmony_ci 21262306a36Sopenharmony_cistatic struct ecc_curve gost_tc512b = { 21362306a36Sopenharmony_ci .name = "tc512b", 21462306a36Sopenharmony_ci .g = { 21562306a36Sopenharmony_ci .x = tc512b_g_x, 21662306a36Sopenharmony_ci .y = tc512b_g_y, 21762306a36Sopenharmony_ci .ndigits = 512 / 64, 21862306a36Sopenharmony_ci }, 21962306a36Sopenharmony_ci .p = tc512b_p, 22062306a36Sopenharmony_ci .n = tc512b_n, 22162306a36Sopenharmony_ci .a = tc512b_a, 22262306a36Sopenharmony_ci .b = tc512b_b 22362306a36Sopenharmony_ci}; 22462306a36Sopenharmony_ci 22562306a36Sopenharmony_ci#endif 226