From: Saulo Alessandre <saulo.alessan...@tse.jus.br>
* crypto/ecc_curve_defs.h
- nist_p384_(x,y,p,n,z,b) and nist_p384 added curve params added;
- nist_p521_(x,y,p,n,z,b) and nist_p521 added curve params added;
* include/crypto/ecdh.h
- ECC_CURVE_NIST_P384, ECC_CURVE_NIST_P521 - added new curves
* lib/oid_registry.c
- lookup_oid_sign_info - added to return sign algo name;
- lookup_oid_digest_info - added to return hash algo name, len and
generic OID
* include/linux/oid_registry.h
- OID_undef - added to reflect a zeroed structure as undefined
- OID_id_secp(192r1,256r1), OID_id_ecdsa_with_sha(256,384,512),
OID_id_secp(384r1,521r1) - added oid types for ecdsa algo;
- lookup_oid_sign_info, lookup_oid_digest_info - added to get hash,
sig info;
---
crypto/ecc_curve_defs.h | 82 ++++++++++++++++++++++++++++
include/crypto/ecdh.h | 2 +
include/linux/oid_registry.h | 12 +++++
lib/oid_registry.c | 100 +++++++++++++++++++++++++++++++++++
4 files changed, 196 insertions(+)
diff --git a/crypto/ecc_curve_defs.h b/crypto/ecc_curve_defs.h
index 69be6c7d228f..3d97761021b7 100644
--- a/crypto/ecc_curve_defs.h
+++ b/crypto/ecc_curve_defs.h
@@ -54,4 +54,86 @@ static struct ecc_curve nist_p256 = {
.b = nist_p256_b
};
+/* NIST P-384 */
+static u64 nist_p384_g_x[] = { 0x3A545E3872760AB7ull, 0x5502F25DBF55296Cull,
+ 0x59F741E082542A38ull, 0x6E1D3B628BA79B98ull,
+ 0x8Eb1C71EF320AD74ull, 0xAA87CA22BE8B0537ull };
+static u64 nist_p384_g_y[] = { 0x7A431D7C90EA0E5Full, 0x0A60B1CE1D7E819Dull,
+ 0xE9DA3113B5F0B8C0ull, 0xF8F41DBD289A147Cull,
+ 0x5D9E98BF9292DC29ull, 0x3617DE4A96262C6Full };
+static u64 nist_p384_p[] = { 0x00000000FFFFFFFFull, 0xFFFFFFFF00000000ull,
+ 0xFFFFFFFFFFFFFFFEull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
+static u64 nist_p384_n[] = { 0xECEC196ACCC52973ull, 0x581A0DB248B0A77Aull,
+ 0xC7634D81F4372DDFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
+static u64 nist_p384_a[] = { 0x00000000FFFFFFFCull, 0xFFFFFFFF00000000ull,
+ 0xFFFFFFFFFFFFFFFEull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
+static u64 nist_p384_b[] = { 0x2a85c8edd3ec2aefull, 0xc656398d8a2ed19dull,
+ 0x0314088f5013875aull, 0x181d9c6efe814112ull,
+ 0x988e056be3f82d19ull, 0xb3312fa7e23ee7e4ull };
+static struct ecc_curve nist_p384 = {
+ .name = "nist_384",
+ .g = {
+ .x = nist_p384_g_x,
+ .y = nist_p384_g_y,
+ .ndigits = 6,
+ },
+ .p = nist_p384_p,
+ .n = nist_p384_n,
+ .a = nist_p384_a,
+ .b = nist_p384_b
+};
+
+/* NIST P-521 */
+static u64 nist_p521_g_x[] = { 0xF97E7E31C2E5BD66ull, 0x3348B3C1856A429Bull,
+ 0xFE1DC127A2FFA8DEull, 0xA14B5E77EFE75928ull,
+ 0xF828AF606B4D3DBAull, 0x9C648139053FB521ull,
+ 0x9E3ECB662395B442ull, 0x858E06B70404E9CDull,
+ 0x00000000000000C6ull };
+static u64 nist_p521_g_y[] = { 0x88BE94769FD16650ull, 0x353C7086A272C240ull,
+ 0xC550B9013FAD0761ull, 0x97EE72995EF42640ull,
+ 0x17AFBD17273E662Cull, 0x98F54449579B4468ull,
+ 0x5C8A5FB42C7D1BD9ull, 0x39296A789A3BC004ull,
+ 0x0000000000000118ull };
+static u64 nist_p521_p[] = { 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0x00000000000001FFull };
+static u64 nist_p521_n[] = { 0xBB6FB71E91386409ull, 0x3BB5C9B8899C47AEull,
+ 0x7FCC0148F709A5D0ull, 0x51868783BF2F966Bull,
+ 0xFFFFFFFFFFFFFFFAull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0x00000000000001FFull };
+static u64 nist_p521_a[] = { 0xFFFFFFFFFFFFFFFCull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0x00000000000001FFull };
+static u64 nist_p521_b[] = { 0xEF451FD46B503F00ull, 0x3573DF883D2C34F1ull,
+ 0x1652C0BD3BB1BF07ull, 0x56193951EC7E937Bull,
+ 0xB8B489918EF109E1ull, 0xA2DA725B99B315F3ull,
+ 0x929A21A0B68540EEull, 0x953EB9618E1C9A1Full,
+ 0x0000000000000051ull };
+
+static struct ecc_curve nist_p521 = {
+ .name = "nist_521",
+ .g = {
+ .x = nist_p521_g_x,
+ .y = nist_p521_g_y,
+ .ndigits = 9,
+ },
+ .p = nist_p521_p,
+ .n = nist_p521_n,
+ .a = nist_p521_a,
+ .b = nist_p521_b
+};
+
+#define NIST_UNPACKED_KEY_ID 0x04
+#define NISTP256_PACKED_KEY_SIZE 64
+#define NISTP384_PACKED_KEY_SIZE 96
+#define NISTP521_PACKED_KEY_SIZE 132
+
#endif
diff --git a/include/crypto/ecdh.h b/include/crypto/ecdh.h
index a5b805b5526d..6c7333f82b9c 100644
--- a/include/crypto/ecdh.h
+++ b/include/crypto/ecdh.h
@@ -25,6 +25,8 @@
/* Curves IDs */
#define ECC_CURVE_NIST_P192 0x0001
#define ECC_CURVE_NIST_P256 0x0002
+#define ECC_CURVE_NIST_P384 0x0003
+#define ECC_CURVE_NIST_P521 0x0004
/**
* struct ecdh - define an ECDH private key
diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd..7871c574b56a 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -17,9 +17,15 @@
* build_OID_registry.pl to generate the data for look_up_OID().
*/
enum OID {
+ OID__undef, /* 1.0 */
OID_id_dsa_with_sha1, /* 1.2.840.10030.4.3 */
OID_id_dsa, /* 1.2.840.10040.4.1 */
+ OID_id_secp192r1, /* 1.2.840.10045.3.1.1 */
+ OID_id_secp256r1, /* 1.2.840.10045.3.1.7 */
OID_id_ecdsa_with_sha1, /* 1.2.840.10045.4.1 */
+ OID_id_ecdsa_with_sha256, /* 1.2.840.10045.4.3.2 */
+ OID_id_ecdsa_with_sha384, /* 1.2.840.10045.4.3.3 */
+ OID_id_ecdsa_with_sha512, /* 1.2.840.10045.4.3.4 */
OID_id_ecPublicKey, /* 1.2.840.10045.2.1 */
/* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1)} */
@@ -58,6 +64,8 @@ enum OID {
OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */
OID_sha1, /* 1.3.14.3.2.26 */
+ OID_id_secp384r1, /* 1.3.132.0.34 */
+ OID_id_secp521r1, /* 1.3.132.0.35 */
OID_sha256, /* 2.16.840.1.101.3.4.2.1 */
OID_sha384, /* 2.16.840.1.101.3.4.2.2 */
OID_sha512, /* 2.16.840.1.101.3.4.2.3 */
@@ -119,5 +127,9 @@ enum OID {
extern enum OID look_up_OID(const void *data, size_t datasize);
extern int sprint_oid(const void *, size_t, char *, size_t);
extern int sprint_OID(enum OID, char *, size_t);
+extern int lookup_oid_sign_info(enum OID oid,
+ const char **sign_algo);
+extern int lookup_oid_digest_info(enum OID oid,
+ const char **hash_algo, u32 *hash_len, enum OID *oid_algo);
#endif /* _LINUX_OID_REGISTRY_H */
diff --git a/lib/oid_registry.c b/lib/oid_registry.c
index f7ad43f28579..aea941dd93ba 100644
--- a/lib/oid_registry.c
+++ b/lib/oid_registry.c
@@ -92,6 +92,106 @@ enum OID look_up_OID(const void *data, size_t datasize)
}
EXPORT_SYMBOL_GPL(look_up_OID);
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wswitch"
+int lookup_oid_sign_info(enum OID oid, const char **sign_algo)
+{
+ int ret = -1;
+
+ if (sign_algo) {
+ switch (oid) {
+ case OID_md4WithRSAEncryption:
+ case OID_sha1WithRSAEncryption:
+ case OID_sha256WithRSAEncryption:
+ case OID_sha384WithRSAEncryption:
+ case OID_sha512WithRSAEncryption:
+ case OID_sha224WithRSAEncryption:
+ if (sign_algo)
+ *sign_algo = "rsa";
+ ret = 0;
+ break;
+ case OID_id_ecdsa_with_sha1:
+ case OID_id_ecdsa_with_sha256:
+ case OID_id_ecdsa_with_sha384:
+ case OID_id_ecdsa_with_sha512:
+ if (sign_algo)
+ *sign_algo = "ecdsa";
+ ret = 0;
+ break;
+ }
+ }
+ return ret;
+}
+EXPORT_SYMBOL_GPL(lookup_oid_sign_info);
+
+int lookup_oid_digest_info(enum OID oid,
+ const char **digest_algo, u32 *digest_len,
+ enum OID *digest_oid)
+{
+ int ret = 0;
+
+ switch (oid) {
+ case OID_md4WithRSAEncryption:
+ if (digest_algo)
+ *digest_algo = "md4";
+ if (digest_oid)
+ *digest_oid = OID_md4;
+ if (digest_len)
+ *digest_len = 16;
+ break;
+ case OID_sha1WithRSAEncryption:
+ case OID_id_ecdsa_with_sha1:
+ if (digest_algo)
+ *digest_algo = "sha1";
+ if (digest_oid)
+ *digest_oid = OID_sha1;
+ if (digest_len)
+ *digest_len = 20;
+ break;
+ case OID_sha224WithRSAEncryption:
+ if (digest_algo)
+ *digest_algo = "sha224";
+ if (digest_oid)
+ *digest_oid = OID_sha224;
+ if (digest_len)
+ *digest_len = 28;
+ break;
+ case OID_sha256WithRSAEncryption:
+ case OID_id_ecdsa_with_sha256:
+ if (digest_algo)
+ *digest_algo = "sha256";
+ if (digest_oid)
+ *digest_oid = OID_sha256;
+ if (digest_len)
+ *digest_len = 32;
+ break;
+ case OID_sha384WithRSAEncryption:
+ case OID_id_ecdsa_with_sha384:
+ if (digest_algo)
+ *digest_algo = "sha384";
+ if (digest_oid)
+ *digest_oid = OID_sha384;
+ if (digest_len)
+ *digest_len = 48;
+ break;
+ case OID_sha512WithRSAEncryption:
+ case OID_id_ecdsa_with_sha512:
+ if (digest_algo)
+ *digest_algo = "sha512";
+ if (digest_oid)
+ *digest_oid = OID_sha512;
+ if (digest_len)
+ *digest_len = 64;
+ break;
+ default:
+ ret = -1;
+ }
+ return ret;
+}
+EXPORT_SYMBOL_GPL(lookup_oid_digest_info);
+
+#pragma GCC diagnostic pop
+
/*
* sprint_OID - Print an Object Identifier into a buffer
* @data: The encoded OID to print
--
2.25.1
