[v2,06/14] crypto: ecc - Add NIST P521 curve parameters

Message ID	20240215231414.3857320-7-stefanb@linux.ibm.com (mailing list archive)
State	Superseded
Delegated to:	Herbert Xu
Headers	show Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2260145FF1; Thu, 15 Feb 2024 23:14:34 +0000 (UTC) From: Stefan Berger <stefanb@linux.ibm.com> To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-kernel@vger.kernel.org, saulo.alessandre@tse.jus.br, Stefan Berger <stefanb@linux.ibm.com> Subject: [PATCH v2 06/14] crypto: ecc - Add NIST P521 curve parameters Date: Thu, 15 Feb 2024 18:14:05 -0500 Message-ID: <20240215231414.3857320-7-stefanb@linux.ibm.com> In-Reply-To: <20240215231414.3857320-1-stefanb@linux.ibm.com> References: <20240215231414.3857320-1-stefanb@linux.ibm.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Add support for NIST P521 to ecdsa and ecdh \| expand [v2,00/14] Add support for NIST P521 to ecdsa and ecdh [v2,01/14] crypto: ecdsa - Convert byte arrays with key coordinates to digits [v2,02/14] crypto: ecdsa - Adjust tests on length of key parameters [v2,03/14] crypto: ecdsa - Extend res.x mod n calculation for NIST P521 [v2,04/14] crypto: ecc - Implement vli_mmod_fast_521 for NIST p521 [v2,05/14] crypto: ecc - For NIST P521 use vli_num_bits to get number of bits [v2,06/14] crypto: ecc - Add NIST P521 curve parameters [v2,07/14] crypto: ecdsa - Register NIST P521 and extend test suite [v2,08/14] x509: Add OID for NIST P521 and extend parser for it [v2,09/14] crypto: ecdh - Use properly formatted digits to check for valid key [v2,10/14] crypto: ecc - Implement ecc_digits_to_bytes to convert digits to byte array [v2,11/14] crypto: Add nbits field to ecc_curve structure [v2,12/14] crypto: ecc - Implement and use ecc_curve_get_nbytes to get curve's nbytes [v2,13/14] crypto: ecdh - Use functions to copy digits from and to byte array [v2,14/14] crypto: ecdh - Add support for NIST P521 and add test case

Message ID

20240215231414.3857320-7-stefanb@linux.ibm.com (mailing list archive)

State

Superseded

Delegated to:

Herbert Xu

Headers

From: Stefan Berger <stefanb@linux.ibm.com>
To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
        herbert@gondor.apana.org.au, davem@davemloft.net
Cc: linux-kernel@vger.kernel.org, saulo.alessandre@tse.jus.br,
        Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v2 06/14] crypto: ecc - Add NIST P521 curve parameters
Date: Thu, 15 Feb 2024 18:14:05 -0500
Message-ID: <20240215231414.3857320-7-stefanb@linux.ibm.com>
In-Reply-To: <20240215231414.3857320-1-stefanb@linux.ibm.com>
References: <20240215231414.3857320-1-stefanb@linux.ibm.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Add support for NIST P521 to ecdsa and ecdh | expand

Commit Message

Stefan Berger Feb. 15, 2024, 11:14 p.m. UTC

Add the parameters for the NIST P521 curve and define a new curve ID
for it. Make the curve available in ecc_get_curve.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 crypto/ecc.c            |  2 ++
 crypto/ecc_curve_defs.h | 44 +++++++++++++++++++++++++++++++++++++++++
 include/crypto/ecdh.h   |  1 +
 3 files changed, 47 insertions(+)

Comments

Elliott, Robert (Servers) Feb. 16, 2024, 6:48 p.m. UTC | #1

> -----Original Message-----
> From: Stefan Berger <stefanb@linux.ibm.com>
> Sent: Thursday, February 15, 2024 5:14 PM
> Subject: [PATCH v2 06/14] crypto: ecc - Add NIST P521 curve parameters
> 
> Add the parameters for the NIST P521 curve and define a new curve ID
> for it. Make the curve available in ecc_get_curve.
> 
...
> diff --git a/crypto/ecc_curve_defs.h b/crypto/ecc_curve_defs.h
...
> +static struct ecc_curve nist_p521 = {
> +	.name = "nist_521",

Are the name fields in the ecc_curve structures used anywhere or
exposed to userspace?

It'd be nice if the strings for the nist_p192, nist_p256, and nist_p384 
structures and this new nist_p521 structure included "p" before
the number, better matching all the code and the NIST FIPS 186-4 names:
    .name = "nist_p192"
    .name = "nist_p256"
    .name = "nist_p384"
    .name = "nist_p521"

Stefan Berger Feb. 16, 2024, 7:03 p.m. UTC | #2

On 2/16/24 13:48, Elliott, Robert (Servers) wrote:
>> -----Original Message-----
>> From: Stefan Berger <stefanb@linux.ibm.com>
>> Sent: Thursday, February 15, 2024 5:14 PM
>> Subject: [PATCH v2 06/14] crypto: ecc - Add NIST P521 curve parameters
>>
>> Add the parameters for the NIST P521 curve and define a new curve ID
>> for it. Make the curve available in ecc_get_curve.
>>
> ...
>> diff --git a/crypto/ecc_curve_defs.h b/crypto/ecc_curve_defs.h
> ...
>> +static struct ecc_curve nist_p521 = {
>> +	.name = "nist_521",
> 
> Are the name fields in the ecc_curve structures used anywhere or
> exposed to userspace?
> 
> It'd be nice if the strings for the nist_p192, nist_p256, and nist_p384
> structures and this new nist_p521 structure included "p" before
> the number, better matching all the code and the NIST FIPS 186-4 names:
>      .name = "nist_p192"
>      .name = "nist_p256"
>      .name = "nist_p384"
>      .name = "nist_p521"
> 
> 

This is what is exposed:

$ cat /proc/crypto | grep nist
name         : ecdh-nist-p384
driver       : ecdh-nist-p384-generic
name         : ecdh-nist-p256
driver       : ecdh-nist-p256-generic
name         : ecdh-nist-p192
driver       : ecdh-nist-p192-generic
name         : ecdsa-nist-p384
driver       : ecdsa-nist-p384-generic
name         : ecdsa-nist-p256
driver       : ecdsa-nist-p256-generic
name         : ecdsa-nist-p192
driver       : ecdsa-nist-p192-generic

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 0734cea284a4..73fbbfc8d69c 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -60,6 +60,8 @@  const struct ecc_curve *ecc_get_curve(unsigned int curve_id)
 		return &nist_p256;
 	case ECC_CURVE_NIST_P384:
 		return &nist_p384;
+	case ECC_CURVE_NIST_P521:
+		return &nist_p521;
 	default:
 		return NULL;
 	}
diff --git a/crypto/ecc_curve_defs.h b/crypto/ecc_curve_defs.h
index 9719934c9428..93a47a5d460a 100644
--- a/crypto/ecc_curve_defs.h
+++ b/crypto/ecc_curve_defs.h
@@ -86,6 +86,50 @@  static struct ecc_curve nist_p384 = {
 	.b = nist_p384_b
 };
 
+/* NIST P-521 */
+static u64 nist_p521_g_x[] = { 0xf97e7e31c2e5bd66ull, 0x3348b3c1856a429bull,
+				0xfe1dc127a2ffa8deull, 0xa14b5e77efe75928ull,
+				0xf828af606b4d3dbaull, 0x9c648139053fb521ull,
+				0x9e3ecb662395b442ull, 0x858e06b70404e9cdull,
+				0xc6ull };
+static u64 nist_p521_g_y[] = { 0x88be94769fd16650ull, 0x353c7086a272c240ull,
+				0xc550b9013fad0761ull, 0x97ee72995ef42640ull,
+				0x17afbd17273e662cull, 0x98f54449579b4468ull,
+				0x5c8a5fb42c7d1bd9ull, 0x39296a789a3bc004ull,
+				0x118ull };
+static u64 nist_p521_p[] = { 0xffffffffffffffffull, 0xffffffffffffffffull,
+				0xffffffffffffffffull, 0xffffffffffffffffull,
+				0xffffffffffffffffull, 0xffffffffffffffffull,
+				0xffffffffffffffffull, 0xffffffffffffffffull,
+				0x1ffull };
+static u64 nist_p521_n[] = { 0xbb6fb71e91386409ull, 0x3bb5c9b8899c47aeull,
+				0x7fcc0148f709a5d0ull, 0x51868783bf2f966bull,
+				0xfffffffffffffffaull, 0xffffffffffffffffull,
+				0xffffffffffffffffull, 0xffffffffffffffffull,
+				0x1ffull };
+static u64 nist_p521_a[] = { 0xfffffffffffffffcull, 0xffffffffffffffffull,
+				0xffffffffffffffffull, 0xffffffffffffffffull,
+				0xffffffffffffffffull, 0xffffffffffffffffull,
+				0xffffffffffffffffull, 0xffffffffffffffffull,
+				0x1ffull };
+static u64 nist_p521_b[] = { 0xef451fd46b503f00ull, 0x3573df883d2c34f1ull,
+				0x1652c0bd3bb1bf07ull, 0x56193951ec7e937bull,
+				0xb8b489918ef109e1ull, 0xa2da725b99b315f3ull,
+				0x929a21a0b68540eeull, 0x953eb9618e1c9a1full,
+				0x051ull };
+static struct ecc_curve nist_p521 = {
+	.name = "nist_521",
+	.g = {
+		.x = nist_p521_g_x,
+		.y = nist_p521_g_y,
+		.ndigits = 9,
+	},
+	.p = nist_p521_p,
+	.n = nist_p521_n,
+	.a = nist_p521_a,
+	.b = nist_p521_b
+};
+
 /* curve25519 */
 static u64 curve25519_g_x[] = { 0x0000000000000009, 0x0000000000000000,
 				0x0000000000000000, 0x0000000000000000 };
diff --git a/include/crypto/ecdh.h b/include/crypto/ecdh.h
index a9f98078d29c..9784ecdd2fb4 100644
--- a/include/crypto/ecdh.h
+++ b/include/crypto/ecdh.h
@@ -26,6 +26,7 @@ 
 #define ECC_CURVE_NIST_P192	0x0001
 #define ECC_CURVE_NIST_P256	0x0002
 #define ECC_CURVE_NIST_P384	0x0003
+#define ECC_CURVE_NIST_P521	0x0004
 
 /**
  * struct ecdh - define an ECDH private key

[v2,06/14] crypto: ecc - Add NIST P521 curve parameters

Commit Message

Comments

Patch