tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: ecc - Implement vli_mmod_fast_521 for NIST p521

Implement vli_mmod_fast_521 following the description for how to calculate
the modulus for NIST P521 in the NIST publication "Recommendations for
Discrete Logarithm-Based Cryptography: Elliptic Curve Domain Parameters"
section G.1.4.

NIST p521 requires 9 64bit digits, so increase the ECC_MAX_DIGITS so that
the vli digit array provides enough elements to fit the larger integers
required by this curve.

Tested-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Stefan Berger and committed by
Herbert Xu e7fb0627 c0d6bd1f

+27 -1
+25
crypto/ecc.c
··· 902 902 #undef AND64H 903 903 #undef AND64L 904 904 905 + /* 906 + * Computes result = product % curve_prime 907 + * from "Recommendations for Discrete Logarithm-Based Cryptography: 908 + * Elliptic Curve Domain Parameters" section G.1.4 909 + */ 910 + static void vli_mmod_fast_521(u64 *result, const u64 *product, 911 + const u64 *curve_prime, u64 *tmp) 912 + { 913 + const unsigned int ndigits = ECC_CURVE_NIST_P521_DIGITS; 914 + size_t i; 915 + 916 + /* Initialize result with lowest 521 bits from product */ 917 + vli_set(result, product, ndigits); 918 + result[8] &= 0x1ff; 919 + 920 + for (i = 0; i < ndigits; i++) 921 + tmp[i] = (product[8 + i] >> 9) | (product[9 + i] << 55); 922 + tmp[8] &= 0x1ff; 923 + 924 + vli_mod_add(result, result, tmp, curve_prime, ndigits); 925 + } 926 + 905 927 /* Computes result = product % curve_prime for different curve_primes. 906 928 * 907 929 * Note that curve_primes are distinguished just by heuristic check and ··· 962 940 break; 963 941 case ECC_CURVE_NIST_P384_DIGITS: 964 942 vli_mmod_fast_384(result, product, curve_prime, tmp); 943 + break; 944 + case ECC_CURVE_NIST_P521_DIGITS: 945 + vli_mmod_fast_521(result, product, curve_prime, tmp); 965 946 break; 966 947 default: 967 948 pr_err_ratelimited("ecc: unsupported digits size!\n");
+2 -1
include/crypto/internal/ecc.h
··· 33 33 #define ECC_CURVE_NIST_P192_DIGITS 3 34 34 #define ECC_CURVE_NIST_P256_DIGITS 4 35 35 #define ECC_CURVE_NIST_P384_DIGITS 6 36 - #define ECC_MAX_DIGITS (512 / 64) /* due to ecrdsa */ 36 + #define ECC_CURVE_NIST_P521_DIGITS 9 37 + #define ECC_MAX_DIGITS DIV_ROUND_UP(521, 64) /* NIST P521 */ 37 38 38 39 #define ECC_DIGITS_TO_BYTES_SHIFT 3 39 40