1b0416386SLukas Wunner // SPDX-License-Identifier: GPL-2.0 2b0416386SLukas Wunner /* 3b0416386SLukas Wunner * ECDSA P1363 signature encoding 4b0416386SLukas Wunner * 5b0416386SLukas Wunner * Copyright (c) 2024 Intel Corporation 6b0416386SLukas Wunner */ 7b0416386SLukas Wunner 8b0416386SLukas Wunner #include <linux/err.h> 9b0416386SLukas Wunner #include <linux/module.h> 10b0416386SLukas Wunner #include <crypto/algapi.h> 11b0416386SLukas Wunner #include <crypto/sig.h> 12b0416386SLukas Wunner #include <crypto/internal/ecc.h> 13b0416386SLukas Wunner #include <crypto/internal/sig.h> 14b0416386SLukas Wunner 15b0416386SLukas Wunner struct ecdsa_p1363_ctx { 16b0416386SLukas Wunner struct crypto_sig *child; 17b0416386SLukas Wunner }; 18b0416386SLukas Wunner 19b0416386SLukas Wunner static int ecdsa_p1363_verify(struct crypto_sig *tfm, 20b0416386SLukas Wunner const void *src, unsigned int slen, 21b0416386SLukas Wunner const void *digest, unsigned int dlen) 22b0416386SLukas Wunner { 23b0416386SLukas Wunner struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); 24b0416386SLukas Wunner unsigned int keylen = crypto_sig_keysize(ctx->child); 25*b16510a5SLukas Wunner unsigned int ndigits = DIV_ROUND_UP_POW2(keylen, sizeof(u64)); 26b0416386SLukas Wunner struct ecdsa_raw_sig sig; 27b0416386SLukas Wunner 28b0416386SLukas Wunner if (slen != 2 * keylen) 29b0416386SLukas Wunner return -EINVAL; 30b0416386SLukas Wunner 31b0416386SLukas Wunner ecc_digits_from_bytes(src, keylen, sig.r, ndigits); 32b0416386SLukas Wunner ecc_digits_from_bytes(src + keylen, keylen, sig.s, ndigits); 33b0416386SLukas Wunner 34b0416386SLukas Wunner return crypto_sig_verify(ctx->child, &sig, sizeof(sig), digest, dlen); 35b0416386SLukas Wunner } 36b0416386SLukas Wunner 37b0416386SLukas Wunner static unsigned int ecdsa_p1363_key_size(struct crypto_sig *tfm) 38b0416386SLukas Wunner { 39b0416386SLukas Wunner struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); 40b0416386SLukas Wunner 41b0416386SLukas Wunner return crypto_sig_keysize(ctx->child); 42b0416386SLukas Wunner } 43b0416386SLukas Wunner 44b0416386SLukas Wunner static unsigned int ecdsa_p1363_max_size(struct crypto_sig *tfm) 45b0416386SLukas Wunner { 46b0416386SLukas Wunner struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); 47b0416386SLukas Wunner 48b0416386SLukas Wunner return 2 * crypto_sig_keysize(ctx->child); 49b0416386SLukas Wunner } 50b0416386SLukas Wunner 51b0416386SLukas Wunner static unsigned int ecdsa_p1363_digest_size(struct crypto_sig *tfm) 52b0416386SLukas Wunner { 53b0416386SLukas Wunner struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); 54b0416386SLukas Wunner 55b0416386SLukas Wunner return crypto_sig_digestsize(ctx->child); 56b0416386SLukas Wunner } 57b0416386SLukas Wunner 58b0416386SLukas Wunner static int ecdsa_p1363_set_pub_key(struct crypto_sig *tfm, 59b0416386SLukas Wunner const void *key, unsigned int keylen) 60b0416386SLukas Wunner { 61b0416386SLukas Wunner struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); 62b0416386SLukas Wunner 63b0416386SLukas Wunner return crypto_sig_set_pubkey(ctx->child, key, keylen); 64b0416386SLukas Wunner } 65b0416386SLukas Wunner 66b0416386SLukas Wunner static int ecdsa_p1363_init_tfm(struct crypto_sig *tfm) 67b0416386SLukas Wunner { 68b0416386SLukas Wunner struct sig_instance *inst = sig_alg_instance(tfm); 69b0416386SLukas Wunner struct crypto_sig_spawn *spawn = sig_instance_ctx(inst); 70b0416386SLukas Wunner struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); 71b0416386SLukas Wunner struct crypto_sig *child_tfm; 72b0416386SLukas Wunner 73b0416386SLukas Wunner child_tfm = crypto_spawn_sig(spawn); 74b0416386SLukas Wunner if (IS_ERR(child_tfm)) 75b0416386SLukas Wunner return PTR_ERR(child_tfm); 76b0416386SLukas Wunner 77b0416386SLukas Wunner ctx->child = child_tfm; 78b0416386SLukas Wunner 79b0416386SLukas Wunner return 0; 80b0416386SLukas Wunner } 81b0416386SLukas Wunner 82b0416386SLukas Wunner static void ecdsa_p1363_exit_tfm(struct crypto_sig *tfm) 83b0416386SLukas Wunner { 84b0416386SLukas Wunner struct ecdsa_p1363_ctx *ctx = crypto_sig_ctx(tfm); 85b0416386SLukas Wunner 86b0416386SLukas Wunner crypto_free_sig(ctx->child); 87b0416386SLukas Wunner } 88b0416386SLukas Wunner 89b0416386SLukas Wunner static void ecdsa_p1363_free(struct sig_instance *inst) 90b0416386SLukas Wunner { 91b0416386SLukas Wunner struct crypto_sig_spawn *spawn = sig_instance_ctx(inst); 92b0416386SLukas Wunner 93b0416386SLukas Wunner crypto_drop_sig(spawn); 94b0416386SLukas Wunner kfree(inst); 95b0416386SLukas Wunner } 96b0416386SLukas Wunner 97b0416386SLukas Wunner static int ecdsa_p1363_create(struct crypto_template *tmpl, struct rtattr **tb) 98b0416386SLukas Wunner { 99b0416386SLukas Wunner struct crypto_sig_spawn *spawn; 100b0416386SLukas Wunner struct sig_instance *inst; 101b0416386SLukas Wunner struct sig_alg *ecdsa_alg; 102b0416386SLukas Wunner u32 mask; 103b0416386SLukas Wunner int err; 104b0416386SLukas Wunner 105b0416386SLukas Wunner err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SIG, &mask); 106b0416386SLukas Wunner if (err) 107b0416386SLukas Wunner return err; 108b0416386SLukas Wunner 109b0416386SLukas Wunner inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 110b0416386SLukas Wunner if (!inst) 111b0416386SLukas Wunner return -ENOMEM; 112b0416386SLukas Wunner 113b0416386SLukas Wunner spawn = sig_instance_ctx(inst); 114b0416386SLukas Wunner 115b0416386SLukas Wunner err = crypto_grab_sig(spawn, sig_crypto_instance(inst), 116b0416386SLukas Wunner crypto_attr_alg_name(tb[1]), 0, mask); 117b0416386SLukas Wunner if (err) 118b0416386SLukas Wunner goto err_free_inst; 119b0416386SLukas Wunner 120b0416386SLukas Wunner ecdsa_alg = crypto_spawn_sig_alg(spawn); 121b0416386SLukas Wunner 122b0416386SLukas Wunner err = -EINVAL; 123b0416386SLukas Wunner if (strncmp(ecdsa_alg->base.cra_name, "ecdsa", 5) != 0) 124b0416386SLukas Wunner goto err_free_inst; 125b0416386SLukas Wunner 126b0416386SLukas Wunner err = crypto_inst_setname(sig_crypto_instance(inst), tmpl->name, 127b0416386SLukas Wunner &ecdsa_alg->base); 128b0416386SLukas Wunner if (err) 129b0416386SLukas Wunner goto err_free_inst; 130b0416386SLukas Wunner 131b0416386SLukas Wunner inst->alg.base.cra_priority = ecdsa_alg->base.cra_priority; 132b0416386SLukas Wunner inst->alg.base.cra_ctxsize = sizeof(struct ecdsa_p1363_ctx); 133b0416386SLukas Wunner 134b0416386SLukas Wunner inst->alg.init = ecdsa_p1363_init_tfm; 135b0416386SLukas Wunner inst->alg.exit = ecdsa_p1363_exit_tfm; 136b0416386SLukas Wunner 137b0416386SLukas Wunner inst->alg.verify = ecdsa_p1363_verify; 138b0416386SLukas Wunner inst->alg.key_size = ecdsa_p1363_key_size; 139b0416386SLukas Wunner inst->alg.max_size = ecdsa_p1363_max_size; 140b0416386SLukas Wunner inst->alg.digest_size = ecdsa_p1363_digest_size; 141b0416386SLukas Wunner inst->alg.set_pub_key = ecdsa_p1363_set_pub_key; 142b0416386SLukas Wunner 143b0416386SLukas Wunner inst->free = ecdsa_p1363_free; 144b0416386SLukas Wunner 145b0416386SLukas Wunner err = sig_register_instance(tmpl, inst); 146b0416386SLukas Wunner if (err) { 147b0416386SLukas Wunner err_free_inst: 148b0416386SLukas Wunner ecdsa_p1363_free(inst); 149b0416386SLukas Wunner } 150b0416386SLukas Wunner return err; 151b0416386SLukas Wunner } 152b0416386SLukas Wunner 153b0416386SLukas Wunner struct crypto_template ecdsa_p1363_tmpl = { 154b0416386SLukas Wunner .name = "p1363", 155b0416386SLukas Wunner .create = ecdsa_p1363_create, 156b0416386SLukas Wunner .module = THIS_MODULE, 157b0416386SLukas Wunner }; 158b0416386SLukas Wunner 159b0416386SLukas Wunner MODULE_ALIAS_CRYPTO("p1363"); 160