1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0+ */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * Definitions of EC-RDSA Curve Parameters 4*4882a593Smuzhiyun * 5*4882a593Smuzhiyun * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org> 6*4882a593Smuzhiyun * 7*4882a593Smuzhiyun * This program is free software; you can redistribute it and/or modify it 8*4882a593Smuzhiyun * under the terms of the GNU General Public License as published by the Free 9*4882a593Smuzhiyun * Software Foundation; either version 2 of the License, or (at your option) 10*4882a593Smuzhiyun * any later version. 11*4882a593Smuzhiyun */ 12*4882a593Smuzhiyun 13*4882a593Smuzhiyun #ifndef _CRYTO_ECRDSA_DEFS_H 14*4882a593Smuzhiyun #define _CRYTO_ECRDSA_DEFS_H 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun #include "ecc.h" 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun #define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8) 19*4882a593Smuzhiyun #define ECRDSA_MAX_DIGITS (512 / 64) 20*4882a593Smuzhiyun 21*4882a593Smuzhiyun /* 22*4882a593Smuzhiyun * EC-RDSA uses its own set of curves. 23*4882a593Smuzhiyun * 24*4882a593Smuzhiyun * cp256{a,b,c} curves first defined for GOST R 34.10-2001 in RFC 4357 (as 25*4882a593Smuzhiyun * 256-bit {A,B,C}-ParamSet), but inherited for GOST R 34.10-2012 and 26*4882a593Smuzhiyun * proposed for use in R 50.1.114-2016 and RFC 7836 as the 256-bit curves. 27*4882a593Smuzhiyun */ 28*4882a593Smuzhiyun /* OID_gostCPSignA 1.2.643.2.2.35.1 */ 29*4882a593Smuzhiyun static u64 cp256a_g_x[] = { 30*4882a593Smuzhiyun 0x0000000000000001ull, 0x0000000000000000ull, 31*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, }; 32*4882a593Smuzhiyun static u64 cp256a_g_y[] = { 33*4882a593Smuzhiyun 0x22ACC99C9E9F1E14ull, 0x35294F2DDF23E3B1ull, 34*4882a593Smuzhiyun 0x27DF505A453F2B76ull, 0x8D91E471E0989CDAull, }; 35*4882a593Smuzhiyun static u64 cp256a_p[] = { /* p = 2^256 - 617 */ 36*4882a593Smuzhiyun 0xFFFFFFFFFFFFFD97ull, 0xFFFFFFFFFFFFFFFFull, 37*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 38*4882a593Smuzhiyun static u64 cp256a_n[] = { 39*4882a593Smuzhiyun 0x45841B09B761B893ull, 0x6C611070995AD100ull, 40*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 41*4882a593Smuzhiyun static u64 cp256a_a[] = { /* a = p - 3 */ 42*4882a593Smuzhiyun 0xFFFFFFFFFFFFFD94ull, 0xFFFFFFFFFFFFFFFFull, 43*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull }; 44*4882a593Smuzhiyun static u64 cp256a_b[] = { 45*4882a593Smuzhiyun 0x00000000000000a6ull, 0x0000000000000000ull, 46*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull }; 47*4882a593Smuzhiyun 48*4882a593Smuzhiyun static struct ecc_curve gost_cp256a = { 49*4882a593Smuzhiyun .name = "cp256a", 50*4882a593Smuzhiyun .g = { 51*4882a593Smuzhiyun .x = cp256a_g_x, 52*4882a593Smuzhiyun .y = cp256a_g_y, 53*4882a593Smuzhiyun .ndigits = 256 / 64, 54*4882a593Smuzhiyun }, 55*4882a593Smuzhiyun .p = cp256a_p, 56*4882a593Smuzhiyun .n = cp256a_n, 57*4882a593Smuzhiyun .a = cp256a_a, 58*4882a593Smuzhiyun .b = cp256a_b 59*4882a593Smuzhiyun }; 60*4882a593Smuzhiyun 61*4882a593Smuzhiyun /* OID_gostCPSignB 1.2.643.2.2.35.2 */ 62*4882a593Smuzhiyun static u64 cp256b_g_x[] = { 63*4882a593Smuzhiyun 0x0000000000000001ull, 0x0000000000000000ull, 64*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, }; 65*4882a593Smuzhiyun static u64 cp256b_g_y[] = { 66*4882a593Smuzhiyun 0x744BF8D717717EFCull, 0xC545C9858D03ECFBull, 67*4882a593Smuzhiyun 0xB83D1C3EB2C070E5ull, 0x3FA8124359F96680ull, }; 68*4882a593Smuzhiyun static u64 cp256b_p[] = { /* p = 2^255 + 3225 */ 69*4882a593Smuzhiyun 0x0000000000000C99ull, 0x0000000000000000ull, 70*4882a593Smuzhiyun 0x0000000000000000ull, 0x8000000000000000ull, }; 71*4882a593Smuzhiyun static u64 cp256b_n[] = { 72*4882a593Smuzhiyun 0xE497161BCC8A198Full, 0x5F700CFFF1A624E5ull, 73*4882a593Smuzhiyun 0x0000000000000001ull, 0x8000000000000000ull, }; 74*4882a593Smuzhiyun static u64 cp256b_a[] = { /* a = p - 3 */ 75*4882a593Smuzhiyun 0x0000000000000C96ull, 0x0000000000000000ull, 76*4882a593Smuzhiyun 0x0000000000000000ull, 0x8000000000000000ull, }; 77*4882a593Smuzhiyun static u64 cp256b_b[] = { 78*4882a593Smuzhiyun 0x2F49D4CE7E1BBC8Bull, 0xE979259373FF2B18ull, 79*4882a593Smuzhiyun 0x66A7D3C25C3DF80Aull, 0x3E1AF419A269A5F8ull, }; 80*4882a593Smuzhiyun 81*4882a593Smuzhiyun static struct ecc_curve gost_cp256b = { 82*4882a593Smuzhiyun .name = "cp256b", 83*4882a593Smuzhiyun .g = { 84*4882a593Smuzhiyun .x = cp256b_g_x, 85*4882a593Smuzhiyun .y = cp256b_g_y, 86*4882a593Smuzhiyun .ndigits = 256 / 64, 87*4882a593Smuzhiyun }, 88*4882a593Smuzhiyun .p = cp256b_p, 89*4882a593Smuzhiyun .n = cp256b_n, 90*4882a593Smuzhiyun .a = cp256b_a, 91*4882a593Smuzhiyun .b = cp256b_b 92*4882a593Smuzhiyun }; 93*4882a593Smuzhiyun 94*4882a593Smuzhiyun /* OID_gostCPSignC 1.2.643.2.2.35.3 */ 95*4882a593Smuzhiyun static u64 cp256c_g_x[] = { 96*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 97*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, }; 98*4882a593Smuzhiyun static u64 cp256c_g_y[] = { 99*4882a593Smuzhiyun 0x366E550DFDB3BB67ull, 0x4D4DC440D4641A8Full, 100*4882a593Smuzhiyun 0x3CBF3783CD08C0EEull, 0x41ECE55743711A8Cull, }; 101*4882a593Smuzhiyun static u64 cp256c_p[] = { 102*4882a593Smuzhiyun 0x7998F7B9022D759Bull, 0xCF846E86789051D3ull, 103*4882a593Smuzhiyun 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, 104*4882a593Smuzhiyun /* pre-computed value for Barrett's reduction */ 105*4882a593Smuzhiyun 0xedc283cdd217b5a2ull, 0xbac48fc06398ae59ull, 106*4882a593Smuzhiyun 0x405384d55f9f3b73ull, 0xa51f176161f1d734ull, 107*4882a593Smuzhiyun 0x0000000000000001ull, }; 108*4882a593Smuzhiyun static u64 cp256c_n[] = { 109*4882a593Smuzhiyun 0xF02F3A6598980BB9ull, 0x582CA3511EDDFB74ull, 110*4882a593Smuzhiyun 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; 111*4882a593Smuzhiyun static u64 cp256c_a[] = { /* a = p - 3 */ 112*4882a593Smuzhiyun 0x7998F7B9022D7598ull, 0xCF846E86789051D3ull, 113*4882a593Smuzhiyun 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, }; 114*4882a593Smuzhiyun static u64 cp256c_b[] = { 115*4882a593Smuzhiyun 0x000000000000805aull, 0x0000000000000000ull, 116*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, }; 117*4882a593Smuzhiyun 118*4882a593Smuzhiyun static struct ecc_curve gost_cp256c = { 119*4882a593Smuzhiyun .name = "cp256c", 120*4882a593Smuzhiyun .g = { 121*4882a593Smuzhiyun .x = cp256c_g_x, 122*4882a593Smuzhiyun .y = cp256c_g_y, 123*4882a593Smuzhiyun .ndigits = 256 / 64, 124*4882a593Smuzhiyun }, 125*4882a593Smuzhiyun .p = cp256c_p, 126*4882a593Smuzhiyun .n = cp256c_n, 127*4882a593Smuzhiyun .a = cp256c_a, 128*4882a593Smuzhiyun .b = cp256c_b 129*4882a593Smuzhiyun }; 130*4882a593Smuzhiyun 131*4882a593Smuzhiyun /* tc512{a,b} curves first recommended in 2013 and then standardized in 132*4882a593Smuzhiyun * R 50.1.114-2016 and RFC 7836 for use with GOST R 34.10-2012 (as TC26 133*4882a593Smuzhiyun * 512-bit ParamSet{A,B}). 134*4882a593Smuzhiyun */ 135*4882a593Smuzhiyun /* OID_gostTC26Sign512A 1.2.643.7.1.2.1.2.1 */ 136*4882a593Smuzhiyun static u64 tc512a_g_x[] = { 137*4882a593Smuzhiyun 0x0000000000000003ull, 0x0000000000000000ull, 138*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 139*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 140*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, }; 141*4882a593Smuzhiyun static u64 tc512a_g_y[] = { 142*4882a593Smuzhiyun 0x89A589CB5215F2A4ull, 0x8028FE5FC235F5B8ull, 143*4882a593Smuzhiyun 0x3D75E6A50E3A41E9ull, 0xDF1626BE4FD036E9ull, 144*4882a593Smuzhiyun 0x778064FDCBEFA921ull, 0xCE5E1C93ACF1ABC1ull, 145*4882a593Smuzhiyun 0xA61B8816E25450E6ull, 0x7503CFE87A836AE3ull, }; 146*4882a593Smuzhiyun static u64 tc512a_p[] = { /* p = 2^512 - 569 */ 147*4882a593Smuzhiyun 0xFFFFFFFFFFFFFDC7ull, 0xFFFFFFFFFFFFFFFFull, 148*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 149*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 150*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 151*4882a593Smuzhiyun static u64 tc512a_n[] = { 152*4882a593Smuzhiyun 0xCACDB1411F10B275ull, 0x9B4B38ABFAD2B85Dull, 153*4882a593Smuzhiyun 0x6FF22B8D4E056060ull, 0x27E69532F48D8911ull, 154*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 155*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 156*4882a593Smuzhiyun static u64 tc512a_a[] = { /* a = p - 3 */ 157*4882a593Smuzhiyun 0xFFFFFFFFFFFFFDC4ull, 0xFFFFFFFFFFFFFFFFull, 158*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 159*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, 160*4882a593Smuzhiyun 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, }; 161*4882a593Smuzhiyun static u64 tc512a_b[] = { 162*4882a593Smuzhiyun 0x503190785A71C760ull, 0x862EF9D4EBEE4761ull, 163*4882a593Smuzhiyun 0x4CB4574010DA90DDull, 0xEE3CB090F30D2761ull, 164*4882a593Smuzhiyun 0x79BD081CFD0B6265ull, 0x34B82574761CB0E8ull, 165*4882a593Smuzhiyun 0xC1BD0B2B6667F1DAull, 0xE8C2505DEDFC86DDull, }; 166*4882a593Smuzhiyun 167*4882a593Smuzhiyun static struct ecc_curve gost_tc512a = { 168*4882a593Smuzhiyun .name = "tc512a", 169*4882a593Smuzhiyun .g = { 170*4882a593Smuzhiyun .x = tc512a_g_x, 171*4882a593Smuzhiyun .y = tc512a_g_y, 172*4882a593Smuzhiyun .ndigits = 512 / 64, 173*4882a593Smuzhiyun }, 174*4882a593Smuzhiyun .p = tc512a_p, 175*4882a593Smuzhiyun .n = tc512a_n, 176*4882a593Smuzhiyun .a = tc512a_a, 177*4882a593Smuzhiyun .b = tc512a_b 178*4882a593Smuzhiyun }; 179*4882a593Smuzhiyun 180*4882a593Smuzhiyun /* OID_gostTC26Sign512B 1.2.643.7.1.2.1.2.2 */ 181*4882a593Smuzhiyun static u64 tc512b_g_x[] = { 182*4882a593Smuzhiyun 0x0000000000000002ull, 0x0000000000000000ull, 183*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 184*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 185*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, }; 186*4882a593Smuzhiyun static u64 tc512b_g_y[] = { 187*4882a593Smuzhiyun 0x7E21340780FE41BDull, 0x28041055F94CEEECull, 188*4882a593Smuzhiyun 0x152CBCAAF8C03988ull, 0xDCB228FD1EDF4A39ull, 189*4882a593Smuzhiyun 0xBE6DD9E6C8EC7335ull, 0x3C123B697578C213ull, 190*4882a593Smuzhiyun 0x2C071E3647A8940Full, 0x1A8F7EDA389B094Cull, }; 191*4882a593Smuzhiyun static u64 tc512b_p[] = { /* p = 2^511 + 111 */ 192*4882a593Smuzhiyun 0x000000000000006Full, 0x0000000000000000ull, 193*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 194*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 195*4882a593Smuzhiyun 0x0000000000000000ull, 0x8000000000000000ull, }; 196*4882a593Smuzhiyun static u64 tc512b_n[] = { 197*4882a593Smuzhiyun 0xC6346C54374F25BDull, 0x8B996712101BEA0Eull, 198*4882a593Smuzhiyun 0xACFDB77BD9D40CFAull, 0x49A1EC142565A545ull, 199*4882a593Smuzhiyun 0x0000000000000001ull, 0x0000000000000000ull, 200*4882a593Smuzhiyun 0x0000000000000000ull, 0x8000000000000000ull, }; 201*4882a593Smuzhiyun static u64 tc512b_a[] = { /* a = p - 3 */ 202*4882a593Smuzhiyun 0x000000000000006Cull, 0x0000000000000000ull, 203*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 204*4882a593Smuzhiyun 0x0000000000000000ull, 0x0000000000000000ull, 205*4882a593Smuzhiyun 0x0000000000000000ull, 0x8000000000000000ull, }; 206*4882a593Smuzhiyun static u64 tc512b_b[] = { 207*4882a593Smuzhiyun 0xFB8CCBC7C5140116ull, 0x50F78BEE1FA3106Eull, 208*4882a593Smuzhiyun 0x7F8B276FAD1AB69Cull, 0x3E965D2DB1416D21ull, 209*4882a593Smuzhiyun 0xBF85DC806C4B289Full, 0xB97C7D614AF138BCull, 210*4882a593Smuzhiyun 0x7E3E06CF6F5E2517ull, 0x687D1B459DC84145ull, }; 211*4882a593Smuzhiyun 212*4882a593Smuzhiyun static struct ecc_curve gost_tc512b = { 213*4882a593Smuzhiyun .name = "tc512b", 214*4882a593Smuzhiyun .g = { 215*4882a593Smuzhiyun .x = tc512b_g_x, 216*4882a593Smuzhiyun .y = tc512b_g_y, 217*4882a593Smuzhiyun .ndigits = 512 / 64, 218*4882a593Smuzhiyun }, 219*4882a593Smuzhiyun .p = tc512b_p, 220*4882a593Smuzhiyun .n = tc512b_n, 221*4882a593Smuzhiyun .a = tc512b_a, 222*4882a593Smuzhiyun .b = tc512b_b 223*4882a593Smuzhiyun }; 224*4882a593Smuzhiyun 225*4882a593Smuzhiyun #endif 226