Commit e7fb0627 authored by Stefan Berger's avatar Stefan Berger Committed by Herbert Xu

crypto: ecc - Implement vli_mmod_fast_521 for NIST p521

Implement vli_mmod_fast_521 following the description for how to calculate
the modulus for NIST P521 in the NIST publication "Recommendations for
Discrete Logarithm-Based Cryptography: Elliptic Curve Domain Parameters"
section G.1.4.

NIST p521 requires 9 64bit digits, so increase the ECC_MAX_DIGITS so that
the vli digit array provides enough elements to fit the larger integers
required by this curve.
Tested-by: default avatarLukas Wunner <lukas@wunner.de>
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent c0d6bd1f
...@@ -902,6 +902,28 @@ static void vli_mmod_fast_384(u64 *result, const u64 *product, ...@@ -902,6 +902,28 @@ static void vli_mmod_fast_384(u64 *result, const u64 *product,
#undef AND64H #undef AND64H
#undef AND64L #undef AND64L
/*
* Computes result = product % curve_prime
* from "Recommendations for Discrete Logarithm-Based Cryptography:
* Elliptic Curve Domain Parameters" section G.1.4
*/
static void vli_mmod_fast_521(u64 *result, const u64 *product,
const u64 *curve_prime, u64 *tmp)
{
const unsigned int ndigits = ECC_CURVE_NIST_P521_DIGITS;
size_t i;
/* Initialize result with lowest 521 bits from product */
vli_set(result, product, ndigits);
result[8] &= 0x1ff;
for (i = 0; i < ndigits; i++)
tmp[i] = (product[8 + i] >> 9) | (product[9 + i] << 55);
tmp[8] &= 0x1ff;
vli_mod_add(result, result, tmp, curve_prime, ndigits);
}
/* Computes result = product % curve_prime for different curve_primes. /* Computes result = product % curve_prime for different curve_primes.
* *
* Note that curve_primes are distinguished just by heuristic check and * Note that curve_primes are distinguished just by heuristic check and
...@@ -941,6 +963,9 @@ static bool vli_mmod_fast(u64 *result, u64 *product, ...@@ -941,6 +963,9 @@ static bool vli_mmod_fast(u64 *result, u64 *product,
case ECC_CURVE_NIST_P384_DIGITS: case ECC_CURVE_NIST_P384_DIGITS:
vli_mmod_fast_384(result, product, curve_prime, tmp); vli_mmod_fast_384(result, product, curve_prime, tmp);
break; break;
case ECC_CURVE_NIST_P521_DIGITS:
vli_mmod_fast_521(result, product, curve_prime, tmp);
break;
default: default:
pr_err_ratelimited("ecc: unsupported digits size!\n"); pr_err_ratelimited("ecc: unsupported digits size!\n");
return false; return false;
......
...@@ -33,7 +33,8 @@ ...@@ -33,7 +33,8 @@
#define ECC_CURVE_NIST_P192_DIGITS 3 #define ECC_CURVE_NIST_P192_DIGITS 3
#define ECC_CURVE_NIST_P256_DIGITS 4 #define ECC_CURVE_NIST_P256_DIGITS 4
#define ECC_CURVE_NIST_P384_DIGITS 6 #define ECC_CURVE_NIST_P384_DIGITS 6
#define ECC_MAX_DIGITS (512 / 64) /* due to ecrdsa */ #define ECC_CURVE_NIST_P521_DIGITS 9
#define ECC_MAX_DIGITS DIV_ROUND_UP(521, 64) /* NIST P521 */
#define ECC_DIGITS_TO_BYTES_SHIFT 3 #define ECC_DIGITS_TO_BYTES_SHIFT 3
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment