[linux.git] / crypto / ecrdsa.c

// SPDX-License-Identifier: GPL-2.0+
/*
 * Elliptic Curve (Russian) Digital Signature Algorithm for Cryptographic API
 *
 * Copyright (c) 2019 Vitaly Chikunov <[email protected]>
 *
 * References:
 * GOST 34.10-2018, GOST R 34.10-2012, RFC 7091, ISO/IEC 14888-3:2018.
 *
 * Historical references:
 * GOST R 34.10-2001, RFC 4357, ISO/IEC 14888-3:2006/Amd 1:2010.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 */

#include <linux/module.h>
#include <linux/crypto.h>
#include <crypto/streebog.h>
#include <crypto/internal/akcipher.h>
#include <crypto/internal/ecc.h>
#include <crypto/akcipher.h>
#include <linux/oid_registry.h>
#include <linux/scatterlist.h>
#include "ecrdsa_params.asn1.h"
#include "ecrdsa_pub_key.asn1.h"
#include "ecrdsa_defs.h"

#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8)
#define ECRDSA_MAX_DIGITS (512 / 64)

struct ecrdsa_ctx {
	enum OID algo_oid; /* overall public key oid */
	enum OID curve_oid; /* parameter */
	enum OID digest_oid; /* parameter */
	const struct ecc_curve *curve; /* curve from oid */
	unsigned int digest_len; /* parameter (bytes) */
	const char *digest; /* digest name from oid */
	unsigned int key_len; /* @key length (bytes) */
	const char *key; /* raw public key */
	struct ecc_point pub_key;
	u64 _pubp[2][ECRDSA_MAX_DIGITS]; /* point storage for @pub_key */
};

static const struct ecc_curve *get_curve_by_oid(enum OID oid)
{
	switch (oid) {
	case OID_gostCPSignA:
	case OID_gostTC26Sign256B:
		return &gost_cp256a;
	case OID_gostCPSignB:
	case OID_gostTC26Sign256C:
		return &gost_cp256b;
	case OID_gostCPSignC:
	case OID_gostTC26Sign256D:
		return &gost_cp256c;
	case OID_gostTC26Sign512A:
		return &gost_tc512a;
	case OID_gostTC26Sign512B:
		return &gost_tc512b;
	/* The following two aren't implemented: */
	case OID_gostTC26Sign256A:
	case OID_gostTC26Sign512C:
	default:
		return NULL;
	}
}

static int ecrdsa_verify(struct akcipher_request *req)
{
	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
	unsigned char sig[ECRDSA_MAX_SIG_SIZE];
	unsigned char digest[STREEBOG512_DIGEST_SIZE];
	unsigned int ndigits = req->dst_len / sizeof(u64);
	u64 r[ECRDSA_MAX_DIGITS]; /* witness (r) */
	u64 _r[ECRDSA_MAX_DIGITS]; /* -r */
	u64 s[ECRDSA_MAX_DIGITS]; /* second part of sig (s) */
	u64 e[ECRDSA_MAX_DIGITS]; /* h \mod q */
	u64 *v = e;		  /* e^{-1} \mod q */
	u64 z1[ECRDSA_MAX_DIGITS];
	u64 *z2 = _r;
	struct ecc_point cc = ECC_POINT_INIT(s, e, ndigits); /* reuse s, e */

	/*
	 * Digest value, digest algorithm, and curve (modulus) should have the
	 * same length (256 or 512 bits), public key and signature should be
	 * twice bigger.
	 */
	if (!ctx->curve ||
	    !ctx->digest ||
	    !req->src ||
	    !ctx->pub_key.x ||
	    req->dst_len != ctx->digest_len ||
	    req->dst_len != ctx->curve->g.ndigits * sizeof(u64) ||
	    ctx->pub_key.ndigits != ctx->curve->g.ndigits ||
	    req->dst_len * 2 != req->src_len ||
	    WARN_ON(req->src_len > sizeof(sig)) ||
	    WARN_ON(req->dst_len > sizeof(digest)))
		return -EBADMSG;

	sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len),
			  sig, req->src_len);
	sg_pcopy_to_buffer(req->src,
			   sg_nents_for_len(req->src,
					    req->src_len + req->dst_len),
			   digest, req->dst_len, req->src_len);

	vli_from_be64(s, sig, ndigits);
	vli_from_be64(r, sig + ndigits * sizeof(u64), ndigits);

	/* Step 1: verify that 0 < r < q, 0 < s < q */
	if (vli_is_zero(r, ndigits) ||
	    vli_cmp(r, ctx->curve->n, ndigits) >= 0 ||
	    vli_is_zero(s, ndigits) ||
	    vli_cmp(s, ctx->curve->n, ndigits) >= 0)
		return -EKEYREJECTED;

	/* Step 2: calculate hash (h) of the message (passed as input) */
	/* Step 3: calculate e = h \mod q */
	vli_from_le64(e, digest, ndigits);
	if (vli_cmp(e, ctx->curve->n, ndigits) >= 0)
		vli_sub(e, e, ctx->curve->n, ndigits);
	if (vli_is_zero(e, ndigits))
		e[0] = 1;

	/* Step 4: calculate v = e^{-1} \mod q */
	vli_mod_inv(v, e, ctx->curve->n, ndigits);

	/* Step 5: calculate z_1 = sv \mod q, z_2 = -rv \mod q */
	vli_mod_mult_slow(z1, s, v, ctx->curve->n, ndigits);
	vli_sub(_r, ctx->curve->n, r, ndigits);
	vli_mod_mult_slow(z2, _r, v, ctx->curve->n, ndigits);

	/* Step 6: calculate point C = z_1P + z_2Q, and R = x_c \mod q */
	ecc_point_mult_shamir(&cc, z1, &ctx->curve->g, z2, &ctx->pub_key,
			      ctx->curve);
	if (vli_cmp(cc.x, ctx->curve->n, ndigits) >= 0)
		vli_sub(cc.x, cc.x, ctx->curve->n, ndigits);

	/* Step 7: if R == r signature is valid */
	if (!vli_cmp(cc.x, r, ndigits))
		return 0;
	else
		return -EKEYREJECTED;
}

int ecrdsa_param_curve(void *context, size_t hdrlen, unsigned char tag,
		       const void *value, size_t vlen)
{
	struct ecrdsa_ctx *ctx = context;

	ctx->curve_oid = look_up_OID(value, vlen);
	if (!ctx->curve_oid)
		return -EINVAL;
	ctx->curve = get_curve_by_oid(ctx->curve_oid);
	return 0;
}

/* Optional. If present should match expected digest algo OID. */
int ecrdsa_param_digest(void *context, size_t hdrlen, unsigned char tag,
			const void *value, size_t vlen)
{
	struct ecrdsa_ctx *ctx = context;
	int digest_oid = look_up_OID(value, vlen);

	if (digest_oid != ctx->digest_oid)
		return -EINVAL;
	return 0;
}

int ecrdsa_parse_pub_key(void *context, size_t hdrlen, unsigned char tag,
			 const void *value, size_t vlen)
{
	struct ecrdsa_ctx *ctx = context;

	ctx->key = value;
	ctx->key_len = vlen;
	return 0;
}

static u8 *ecrdsa_unpack_u32(u32 *dst, void *src)
{
	memcpy(dst, src, sizeof(u32));
	return src + sizeof(u32);
}

/* Parse BER encoded subjectPublicKey. */
static int ecrdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
			      unsigned int keylen)
{
	struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
	unsigned int ndigits;
	u32 algo, paramlen;
	u8 *params;
	int err;

	err = asn1_ber_decoder(&ecrdsa_pub_key_decoder, ctx, key, keylen);
	if (err < 0)
		return err;

	/* Key parameters is in the key after keylen. */
	params = ecrdsa_unpack_u32(&paramlen,
			  ecrdsa_unpack_u32(&algo, (u8 *)key + keylen));

	if (algo == OID_gost2012PKey256) {
		ctx->digest	= "streebog256";
		ctx->digest_oid	= OID_gost2012Digest256;
		ctx->digest_len	= 256 / 8;
	} else if (algo == OID_gost2012PKey512) {
		ctx->digest	= "streebog512";
		ctx->digest_oid	= OID_gost2012Digest512;
		ctx->digest_len	= 512 / 8;
	} else
		return -ENOPKG;
	ctx->algo_oid = algo;

	/* Parse SubjectPublicKeyInfo.AlgorithmIdentifier.parameters. */
	err = asn1_ber_decoder(&ecrdsa_params_decoder, ctx, params, paramlen);
	if (err < 0)
		return err;
	/*
	 * Sizes of algo (set in digest_len) and curve should match
	 * each other.
	 */
	if (!ctx->curve ||
	    ctx->curve->g.ndigits * sizeof(u64) != ctx->digest_len)
		return -ENOPKG;
	/*
	 * Key is two 256- or 512-bit coordinates which should match
	 * curve size.
	 */
	if ((ctx->key_len != (2 * 256 / 8) &&
	     ctx->key_len != (2 * 512 / 8)) ||
	    ctx->key_len != ctx->curve->g.ndigits * sizeof(u64) * 2)
		return -ENOPKG;

	ndigits = ctx->key_len / sizeof(u64) / 2;
	ctx->pub_key = ECC_POINT_INIT(ctx->_pubp[0], ctx->_pubp[1], ndigits);
	vli_from_le64(ctx->pub_key.x, ctx->key, ndigits);
	vli_from_le64(ctx->pub_key.y, ctx->key + ndigits * sizeof(u64),
		      ndigits);

	if (ecc_is_pubkey_valid_partial(ctx->curve, &ctx->pub_key))
		return -EKEYREJECTED;

	return 0;
}

static unsigned int ecrdsa_max_size(struct crypto_akcipher *tfm)
{
	struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);

	/*
	 * Verify doesn't need any output, so it's just informational
	 * for keyctl to determine the key bit size.
	 */
	return ctx->pub_key.ndigits * sizeof(u64);
}

static void ecrdsa_exit_tfm(struct crypto_akcipher *tfm)
{
}

static struct akcipher_alg ecrdsa_alg = {
	.verify		= ecrdsa_verify,
	.set_pub_key	= ecrdsa_set_pub_key,
	.max_size	= ecrdsa_max_size,
	.exit		= ecrdsa_exit_tfm,
	.base = {
		.cra_name	 = "ecrdsa",
		.cra_driver_name = "ecrdsa-generic",
		.cra_priority	 = 100,
		.cra_module	 = THIS_MODULE,
		.cra_ctxsize	 = sizeof(struct ecrdsa_ctx),
	},
};

static int __init ecrdsa_mod_init(void)
{
	return crypto_register_akcipher(&ecrdsa_alg);
}

static void __exit ecrdsa_mod_fini(void)
{
	crypto_unregister_akcipher(&ecrdsa_alg);
}

module_init(ecrdsa_mod_init);
module_exit(ecrdsa_mod_fini);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Vitaly Chikunov <[email protected]>");
MODULE_DESCRIPTION("EC-RDSA generic algorithm");
MODULE_ALIAS_CRYPTO("ecrdsa-generic");
Commit	Line	Data
0d7a7864 VC	1	// SPDX-License-Identifier: GPL-2.0+
	2	/*
	3	* Elliptic Curve (Russian) Digital Signature Algorithm for Cryptographic API
	4	*
	5	* Copyright (c) 2019 Vitaly Chikunov <[email protected]>
	6	*
	7	* References:
	8	* GOST 34.10-2018, GOST R 34.10-2012, RFC 7091, ISO/IEC 14888-3:2018.
	9	*
	10	* Historical references:
	11	* GOST R 34.10-2001, RFC 4357, ISO/IEC 14888-3:2006/Amd 1:2010.
	12	*
	13	* This program is free software; you can redistribute it and/or modify it
	14	* under the terms of the GNU General Public License as published by the Free
	15	* Software Foundation; either version 2 of the License, or (at your option)
	16	* any later version.
	17	*/
	18
	19	#include <linux/module.h>
	20	#include <linux/crypto.h>
	21	#include <crypto/streebog.h>
	22	#include <crypto/internal/akcipher.h>
a745d3ac	23	#include <crypto/internal/ecc.h>
0d7a7864 VC	24	#include <crypto/akcipher.h>
0d7a7864 VC	25	#include <linux/oid_registry.h>
0c3dc787	26	#include <linux/scatterlist.h>
0d7a7864 VC	27	#include "ecrdsa_params.asn1.h"
0d7a7864 VC	28	#include "ecrdsa_pub_key.asn1.h"
0d7a7864 VC	29	#include "ecrdsa_defs.h"
	30
	31	#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8)
	32	#define ECRDSA_MAX_DIGITS (512 / 64)
	33
	34	struct ecrdsa_ctx {
	35	enum OID algo_oid; /* overall public key oid */
	36	enum OID curve_oid; /* parameter */
	37	enum OID digest_oid; /* parameter */
	38	const struct ecc_curve curve; / curve from oid */
	39	unsigned int digest_len; /* parameter (bytes) */
	40	const char digest; / digest name from oid */
	41	unsigned int key_len; /* @key length (bytes) */
	42	const char key; / raw public key */
	43	struct ecc_point pub_key;
	44	u64 _pubp[2][ECRDSA_MAX_DIGITS]; /* point storage for @pub_key */
	45	};
	46
	47	static const struct ecc_curve *get_curve_by_oid(enum OID oid)
	48	{
	49	switch (oid) {
	50	case OID_gostCPSignA:
	51	case OID_gostTC26Sign256B:
	52	return &gost_cp256a;
	53	case OID_gostCPSignB:
	54	case OID_gostTC26Sign256C:
	55	return &gost_cp256b;
	56	case OID_gostCPSignC:
	57	case OID_gostTC26Sign256D:
	58	return &gost_cp256c;
	59	case OID_gostTC26Sign512A:
	60	return &gost_tc512a;
	61	case OID_gostTC26Sign512B:
	62	return &gost_tc512b;
	63	/* The following two aren't implemented: */
	64	case OID_gostTC26Sign256A:
	65	case OID_gostTC26Sign512C:
	66	default:
	67	return NULL;
	68	}
	69	}
	70
	71	static int ecrdsa_verify(struct akcipher_request *req)
	72	{
	73	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	74	struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
	75	unsigned char sig[ECRDSA_MAX_SIG_SIZE];
	76	unsigned char digest[STREEBOG512_DIGEST_SIZE];
	77	unsigned int ndigits = req->dst_len / sizeof(u64);
	78	u64 r[ECRDSA_MAX_DIGITS]; /* witness (r) */
	79	u64 _r[ECRDSA_MAX_DIGITS]; /* -r */
	80	u64 s[ECRDSA_MAX_DIGITS]; /* second part of sig (s) */
	81	u64 e[ECRDSA_MAX_DIGITS]; /* h \mod q */
	82	u64 v = e; / e^{-1} \mod q */
	83	u64 z1[ECRDSA_MAX_DIGITS];
	84	u64 *z2 = _r;
	85	struct ecc_point cc = ECC_POINT_INIT(s, e, ndigits); /* reuse s, e */
	86
	87	/*
	88	* Digest value, digest algorithm, and curve (modulus) should have the
	89	* same length (256 or 512 bits), public key and signature should be
	90	* twice bigger.
	91	*/
	92	if (!ctx->curve \|\|
93	!ctx->digest \|\|
94	!req->src \|\|
95	!ctx->pub_key.x \|\|
96	req->dst_len != ctx->digest_len \|\|
97	req->dst_len != ctx->curve->g.ndigits * sizeof(u64) \|\|
98	ctx->pub_key.ndigits != ctx->curve->g.ndigits \|\|
99	req->dst_len * 2 != req->src_len \|\|
100	WARN_ON(req->src_len > sizeof(sig)) \|\|
101	WARN_ON(req->dst_len > sizeof(digest)))
102	return -EBADMSG;
103
104	sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len),
105	sig, req->src_len);
106	sg_pcopy_to_buffer(req->src,
107	sg_nents_for_len(req->src,
108	req->src_len + req->dst_len),
109	digest, req->dst_len, req->src_len);
110
111	vli_from_be64(s, sig, ndigits);
112	vli_from_be64(r, sig + ndigits * sizeof(u64), ndigits);
113
114	/* Step 1: verify that 0 < r < q, 0 < s < q */
115	if (vli_is_zero(r, ndigits) \|\|
7cc7ab73	116	vli_cmp(r, ctx->curve->n, ndigits) >= 0 \|\|
0d7a7864	117	vli_is_zero(s, ndigits) \|\|
7cc7ab73	118	vli_cmp(s, ctx->curve->n, ndigits) >= 0)
0d7a7864 VC	119	return -EKEYREJECTED;
	120
	121	/* Step 2: calculate hash (h) of the message (passed as input) */
	122	/* Step 3: calculate e = h \mod q */
	123	vli_from_le64(e, digest, ndigits);
7cc7ab73	124	if (vli_cmp(e, ctx->curve->n, ndigits) >= 0)
0d7a7864 VC	125	vli_sub(e, e, ctx->curve->n, ndigits);
	126	if (vli_is_zero(e, ndigits))
	127	e[0] = 1;
	128
	129	/* Step 4: calculate v = e^{-1} \mod q */
	130	vli_mod_inv(v, e, ctx->curve->n, ndigits);
	131
	132	/* Step 5: calculate z_1 = sv \mod q, z_2 = -rv \mod q */
	133	vli_mod_mult_slow(z1, s, v, ctx->curve->n, ndigits);
	134	vli_sub(_r, ctx->curve->n, r, ndigits);
	135	vli_mod_mult_slow(z2, _r, v, ctx->curve->n, ndigits);
	136
	137	/* Step 6: calculate point C = z_1P + z_2Q, and R = x_c \mod q */
	138	ecc_point_mult_shamir(&cc, z1, &ctx->curve->g, z2, &ctx->pub_key,
	139	ctx->curve);
7cc7ab73	140	if (vli_cmp(cc.x, ctx->curve->n, ndigits) >= 0)
0d7a7864 VC	141	vli_sub(cc.x, cc.x, ctx->curve->n, ndigits);
	142
	143	/* Step 7: if R == r signature is valid */
	144	if (!vli_cmp(cc.x, r, ndigits))
	145	return 0;
	146	else
	147	return -EKEYREJECTED;
	148	}
	149
	150	int ecrdsa_param_curve(void *context, size_t hdrlen, unsigned char tag,
	151	const void *value, size_t vlen)
	152	{
	153	struct ecrdsa_ctx *ctx = context;
	154
	155	ctx->curve_oid = look_up_OID(value, vlen);
	156	if (!ctx->curve_oid)
	157	return -EINVAL;
	158	ctx->curve = get_curve_by_oid(ctx->curve_oid);
	159	return 0;
	160	}
	161
	162	/* Optional. If present should match expected digest algo OID. */
	163	int ecrdsa_param_digest(void *context, size_t hdrlen, unsigned char tag,
	164	const void *value, size_t vlen)
	165	{
	166	struct ecrdsa_ctx *ctx = context;
	167	int digest_oid = look_up_OID(value, vlen);
	168
	169	if (digest_oid != ctx->digest_oid)
	170	return -EINVAL;
	171	return 0;
	172	}
	173
	174	int ecrdsa_parse_pub_key(void *context, size_t hdrlen, unsigned char tag,
	175	const void *value, size_t vlen)
	176	{
	177	struct ecrdsa_ctx *ctx = context;
	178
	179	ctx->key = value;
	180	ctx->key_len = vlen;
	181	return 0;
	182	}
	183
	184	static u8 ecrdsa_unpack_u32(u32 dst, void *src)
	185	{
	186	memcpy(dst, src, sizeof(u32));
	187	return src + sizeof(u32);
	188	}
	189
	190	/* Parse BER encoded subjectPublicKey. */
	191	static int ecrdsa_set_pub_key(struct crypto_akcipher tfm, const void key,
	192	unsigned int keylen)
	193	{
	194	struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
	195	unsigned int ndigits;
	196	u32 algo, paramlen;
	197	u8 *params;
	198	int err;
	199
	200	err = asn1_ber_decoder(&ecrdsa_pub_key_decoder, ctx, key, keylen);
	201	if (err < 0)
	202	return err;
	203
	204	/* Key parameters is in the key after keylen. */
205	params = ecrdsa_unpack_u32(&paramlen,
206	ecrdsa_unpack_u32(&algo, (u8 *)key + keylen));
207
208	if (algo == OID_gost2012PKey256) {
209	ctx->digest = "streebog256";
210	ctx->digest_oid = OID_gost2012Digest256;
211	ctx->digest_len = 256 / 8;
212	} else if (algo == OID_gost2012PKey512) {
213	ctx->digest = "streebog512";
214	ctx->digest_oid = OID_gost2012Digest512;
215	ctx->digest_len = 512 / 8;
216	} else
217	return -ENOPKG;
218	ctx->algo_oid = algo;
219
220	/* Parse SubjectPublicKeyInfo.AlgorithmIdentifier.parameters. */
221	err = asn1_ber_decoder(&ecrdsa_params_decoder, ctx, params, paramlen);
222	if (err < 0)
223	return err;
224	/*
225	* Sizes of algo (set in digest_len) and curve should match
226	* each other.
227	*/
228	if (!ctx->curve \|\|
229	ctx->curve->g.ndigits * sizeof(u64) != ctx->digest_len)
230	return -ENOPKG;
231	/*
232	* Key is two 256- or 512-bit coordinates which should match
233	* curve size.
234	*/
235	if ((ctx->key_len != (2 * 256 / 8) &&
236	ctx->key_len != (2 * 512 / 8)) \|\|
237	ctx->key_len != ctx->curve->g.ndigits * sizeof(u64) * 2)
238	return -ENOPKG;
239
240	ndigits = ctx->key_len / sizeof(u64) / 2;
241	ctx->pub_key = ECC_POINT_INIT(ctx->_pubp[0], ctx->_pubp[1], ndigits);
242	vli_from_le64(ctx->pub_key.x, ctx->key, ndigits);
243	vli_from_le64(ctx->pub_key.y, ctx->key + ndigits * sizeof(u64),
244	ndigits);
245
246	if (ecc_is_pubkey_valid_partial(ctx->curve, &ctx->pub_key))
247	return -EKEYREJECTED;
248
249	return 0;
250	}
251
252	static unsigned int ecrdsa_max_size(struct crypto_akcipher *tfm)
253	{
254	struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
255
256	/*
257	* Verify doesn't need any output, so it's just informational
258	* for keyctl to determine the key bit size.
259	*/
260	return ctx->pub_key.ndigits * sizeof(u64);
261	}
262
263	static void ecrdsa_exit_tfm(struct crypto_akcipher *tfm)
264	{
265	}
266
267	static struct akcipher_alg ecrdsa_alg = {
268	.verify = ecrdsa_verify,
269	.set_pub_key = ecrdsa_set_pub_key,
270	.max_size = ecrdsa_max_size,
271	.exit = ecrdsa_exit_tfm,
272	.base = {
273	.cra_name = "ecrdsa",
274	.cra_driver_name = "ecrdsa-generic",
275	.cra_priority = 100,
276	.cra_module = THIS_MODULE,
277	.cra_ctxsize = sizeof(struct ecrdsa_ctx),
278	},
279	};
280
281	static int __init ecrdsa_mod_init(void)
282	{
283	return crypto_register_akcipher(&ecrdsa_alg);
284	}
285
286	static void __exit ecrdsa_mod_fini(void)
287	{
288	crypto_unregister_akcipher(&ecrdsa_alg);
289	}
290
291	module_init(ecrdsa_mod_init);
292	module_exit(ecrdsa_mod_fini);
293
294	MODULE_LICENSE("GPL");
295	MODULE_AUTHOR("Vitaly Chikunov <[email protected]>");
296	MODULE_DESCRIPTION("EC-RDSA generic algorithm");
297	MODULE_ALIAS_CRYPTO("ecrdsa-generic");