1 // SPDX-License-Identifier: GPL-2.0-or-later
3  * SM2 asymmetric public-key algorithm
4  * as specified by OSCCA GM/T 0003.1-2012 -- 0003.5-2012 SM2 and
5  * described at https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02
20 /* The default user id as specified in GM/T 0009-2012 */
29 	unsigned int fips:1; /* True if this is a FIPS140-2 approved curve */
44 				     * Curves (a,b) has ((A-2)/4,B^-1).
73 	MPI x, y;  in sm2_ec_ctx_init()  local
74 	int rc = -EINVAL;  in sm2_ec_ctx_init()  local
76 	p = mpi_scanval(ecp->p);  in sm2_ec_ctx_init()
77 	a = mpi_scanval(ecp->a);  in sm2_ec_ctx_init()
78 	b = mpi_scanval(ecp->b);  in sm2_ec_ctx_init()
82 	x = mpi_scanval(ecp->g_x);  in sm2_ec_ctx_init()
83 	y = mpi_scanval(ecp->g_y);  in sm2_ec_ctx_init()
84 	if (!x || !y)  in sm2_ec_ctx_init()
87 	rc = -ENOMEM;  in sm2_ec_ctx_init()
89 	ec->Q = mpi_point_new(0);  in sm2_ec_ctx_init()
90 	if (!ec->Q)  in sm2_ec_ctx_init()
94 	ec->G = mpi_point_new(0);  in sm2_ec_ctx_init()
95 	if (!ec->G) {  in sm2_ec_ctx_init()
96 		mpi_point_release(ec->Q);  in sm2_ec_ctx_init()
100 	mpi_set(ec->G->x, x);  in sm2_ec_ctx_init()
101 	mpi_set(ec->G->y, y);  in sm2_ec_ctx_init()
102 	mpi_set_ui(ec->G->z, 1);  in sm2_ec_ctx_init()
104 	rc = -EINVAL;  in sm2_ec_ctx_init()
105 	ec->n = mpi_scanval(ecp->n);  in sm2_ec_ctx_init()
106 	if (!ec->n) {  in sm2_ec_ctx_init()
107 		mpi_point_release(ec->Q);  in sm2_ec_ctx_init()
108 		mpi_point_release(ec->G);  in sm2_ec_ctx_init()
112 	ec->h = ecp->h;  in sm2_ec_ctx_init()
113 	ec->name = ecp->desc;  in sm2_ec_ctx_init()
114 	mpi_ec_init(ec, ecp->model, ecp->dialect, 0, p, a, b);  in sm2_ec_ctx_init()
116 	rc = 0;  in sm2_ec_ctx_init()
120 	mpi_free(y);  in sm2_ec_ctx_init()
126 	return rc;  in sm2_ec_ctx_init()
141 	int rc;  in sm2_ecc_os2ec()  local
144 	MPI x, y;  in sm2_ecc_os2ec()  local
149 		return -ENOMEM;  in sm2_ecc_os2ec()
151 	rc = mpi_print(GCRYMPI_FMT_USG, buf, n, &n, value);  in sm2_ecc_os2ec()
152 	if (rc)  in sm2_ecc_os2ec()
155 	rc = -EINVAL;  in sm2_ecc_os2ec()
156 	if (n < 1 || ((n - 1) % 2))  in sm2_ecc_os2ec()
162 	rc = -ENOMEM;  in sm2_ecc_os2ec()
163 	n = (n - 1) / 2;  in sm2_ecc_os2ec()
167 	y = mpi_read_raw_data(buf + 1 + n, n);  in sm2_ecc_os2ec()
168 	if (!y)  in sm2_ecc_os2ec()
172 	mpi_normalize(y);  in sm2_ecc_os2ec()
173 	mpi_set(result->x, x);  in sm2_ecc_os2ec()
174 	mpi_set(result->y, y);  in sm2_ecc_os2ec()
175 	mpi_set_ui(result->z, 1);  in sm2_ecc_os2ec()
177 	rc = 0;  in sm2_ecc_os2ec()
179 	mpi_free(y);  in sm2_ecc_os2ec()
184 	return rc;  in sm2_ecc_os2ec()
198 		return -EINVAL;  in sm2_get_signature_r()
200 	sig->sig_r = mpi_read_raw_data(value, vlen);  in sm2_get_signature_r()
201 	if (!sig->sig_r)  in sm2_get_signature_r()
202 		return -ENOMEM;  in sm2_get_signature_r()
213 		return -EINVAL;  in sm2_get_signature_s()
215 	sig->sig_s = mpi_read_raw_data(value, vlen);  in sm2_get_signature_s()
216 	if (!sig->sig_s)  in sm2_get_signature_s()
217 		return -ENOMEM;  in sm2_get_signature_s()
232 		return -EINVAL;  in sm2_z_digest_update()
236 		err = crypto_shash_update(desc, zero, pbytes - inlen) ?:  in sm2_z_digest_update()
240 		err = crypto_shash_update(desc, in + inlen - pbytes, pbytes);  in sm2_z_digest_update()
253 	MPI x, y;  in sm2_z_digest_update_point()  local
254 	int ret = -EINVAL;  in sm2_z_digest_update_point()
257 	y = mpi_new(0);  in sm2_z_digest_update_point()
259 	ret = mpi_ec_get_affine(x, y, point, ec) ? -EINVAL :  in sm2_z_digest_update_point()
261 	      sm2_z_digest_update(desc, y, pbytes);  in sm2_z_digest_update_point()
264 	mpi_free(y);  in sm2_z_digest_update_point()
279 		return -ENOMEM;  in sm2_compute_z_digest()
293 	pbytes = MPI_NBYTES(ec->p);  in sm2_compute_z_digest()
309 	err = sm2_z_digest_update(desc, ec->a, pbytes) ?:  in sm2_compute_z_digest()
310 	      sm2_z_digest_update(desc, ec->b, pbytes) ?:  in sm2_compute_z_digest()
311 	      sm2_z_digest_update_point(desc, ec->G, ec, pbytes) ?:  in sm2_compute_z_digest()
312 	      sm2_z_digest_update_point(desc, ec->Q, ec, pbytes);  in sm2_compute_z_digest()
328 	int rc = -EINVAL;  in _sm2_verify()  local
339 	/* r, s in [1, n-1] */  in _sm2_verify()
340 	if (mpi_cmp_ui(sig_r, 1) < 0 || mpi_cmp(sig_r, ec->n) > 0 ||  in _sm2_verify()
341 		mpi_cmp_ui(sig_s, 1) < 0 || mpi_cmp(sig_s, ec->n) > 0) {  in _sm2_verify()
346 	mpi_addm(t, sig_r, sig_s, ec->n);  in _sm2_verify()
351 	rc = -EBADMSG;  in _sm2_verify()
352 	mpi_ec_mul_point(&sG, sig_s, ec->G, ec);  in _sm2_verify()
353 	mpi_ec_mul_point(&tP, t, ec->Q, ec);  in _sm2_verify()
359 	mpi_addm(t, hash, x1, ec->n);  in _sm2_verify()
362 	rc = -EKEYREJECTED;  in _sm2_verify()
366 	rc = 0;  in _sm2_verify()
375 	return rc;  in _sm2_verify()
387 	if (unlikely(!ec->Q))  in sm2_verify()
388 		return -EINVAL;  in sm2_verify()
390 	buffer = kmalloc(req->src_len + req->dst_len, GFP_KERNEL);  in sm2_verify()
392 		return -ENOMEM;  in sm2_verify()
394 	sg_pcopy_to_buffer(req->src,  in sm2_verify()
395 		sg_nents_for_len(req->src, req->src_len + req->dst_len),  in sm2_verify()
396 		buffer, req->src_len + req->dst_len, 0);  in sm2_verify()
401 				buffer, req->src_len);  in sm2_verify()
405 	ret = -ENOMEM;  in sm2_verify()
406 	hash = mpi_read_raw_data(buffer + req->src_len, req->dst_len);  in sm2_verify()
433 	int rc;  in __sm2_set_pub_key()  local
438 		return -ENOMEM;  in __sm2_set_pub_key()
441 	rc = sm2_ecc_os2ec(ec->Q, a);  in __sm2_set_pub_key()
444 	return rc;  in __sm2_set_pub_key()
475 		.cra_driver_name = "sm2-generic",
498 MODULE_ALIAS_CRYPTO("sm2-generic");