linux-imx

// SPDX-License-Identifier: GPL-2.0+

/*

 * Elliptic Curve (Russian) Digital Signature Algorithm for Cryptographic API

 *

 * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>

 *

 * References:

 * GOST 34.10-2018, GOST R 34.10-2012, RFC 7091, ISO/IEC 14888-3:2018.

 *

 * Historical references:

 * GOST R 34.10-2001, RFC 4357, ISO/IEC 14888-3:2006/Amd 1:2010.

 *

 * This program is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License as published by the Free

 * Software Foundation; either version 2 of the License, or (at your option)

 * any later version.

 */

​

#include <linux/module.h>

#include <linux/crypto.h>

#include <crypto/streebog.h>

#include <crypto/internal/akcipher.h>

#include <crypto/akcipher.h>

#include <linux/oid_registry.h>

#include "ecrdsa_params.asn1.h"

#include "ecrdsa_pub_key.asn1.h"

#include "ecc.h"

#include "ecrdsa_defs.h"

​

#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8)

#define ECRDSA_MAX_DIGITS (512 / 64)

​

struct ecrdsa_ctx {

    enum OID algo_oid; /* overall public key oid */

    enum OID curve_oid; /* parameter */

    enum OID digest_oid; /* parameter */

    const struct ecc_curve *curve; /* curve from oid */

    unsigned int digest_len; /* parameter (bytes) */

    const char *digest; /* digest name from oid */

    unsigned int key_len; /* @key length (bytes) */

    const char *key; /* raw public key */

    struct ecc_point pub_key;

    u64 _pubp[2][ECRDSA_MAX_DIGITS]; /* point storage for @pub_key */

};

​

static const struct ecc_curve *get_curve_by_oid(enum OID oid)

{

    switch (oid) {

    case OID_gostCPSignA:

    case OID_gostTC26Sign256B:

        return &gost_cp256a;

    case OID_gostCPSignB:

    case OID_gostTC26Sign256C:

        return &gost_cp256b;

    case OID_gostCPSignC:

    case OID_gostTC26Sign256D:

        return &gost_cp256c;

    case OID_gostTC26Sign512A:

        return &gost_tc512a;

    case OID_gostTC26Sign512B:

        return &gost_tc512b;

    /* The following two aren't implemented: */

    case OID_gostTC26Sign256A:

    case OID_gostTC26Sign512C:

    default:

        return NULL;

    }

}

​

static int ecrdsa_verify(struct akcipher_request *req)

{

    struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);

    struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);

    unsigned char sig[ECRDSA_MAX_SIG_SIZE];

    unsigned char digest[STREEBOG512_DIGEST_SIZE];

    unsigned int ndigits = req->dst_len / sizeof(u64);

    u64 r[ECRDSA_MAX_DIGITS]; /* witness (r) */

    u64 _r[ECRDSA_MAX_DIGITS]; /* -r */

    u64 s[ECRDSA_MAX_DIGITS]; /* second part of sig (s) */

    u64 e[ECRDSA_MAX_DIGITS]; /* h \mod q */

    u64 *v = e;       /* e^{-1} \mod q */

    u64 z1[ECRDSA_MAX_DIGITS];

    u64 *z2 = _r;

    struct ecc_point cc = ECC_POINT_INIT(s, e, ndigits); /* reuse s, e */

​

    /*

     * Digest value, digest algorithm, and curve (modulus) should have the

     * same length (256 or 512 bits), public key and signature should be

     * twice bigger.

     */

    if (!ctx->curve ||

        !ctx->digest ||