28 #if defined(POLARSSL_ECP_C)
32 #if defined(_MSC_VER) && !defined(inline)
33 #define inline _inline
35 #if defined(__ARMCC_VERSION) && !defined(inline)
36 #define inline __inline
44 #if defined(POLARSSL_HAVE_INT8)
46 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
47 a, b, c, d, e, f, g, h
49 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
52 #define BYTES_TO_T_UINT_2( a, b ) \
55 #elif defined(POLARSSL_HAVE_INT16)
57 #define BYTES_TO_T_UINT_2( a, b ) \
58 ( (t_uint) a << 0 ) | \
61 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
62 BYTES_TO_T_UINT_2( a, b ), \
63 BYTES_TO_T_UINT_2( c, d )
65 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
66 BYTES_TO_T_UINT_2( a, b ), \
67 BYTES_TO_T_UINT_2( c, d ), \
68 BYTES_TO_T_UINT_2( e, f ), \
69 BYTES_TO_T_UINT_2( g, h )
71 #elif defined(POLARSSL_HAVE_INT32)
73 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
74 ( (t_uint) a << 0 ) | \
75 ( (t_uint) b << 8 ) | \
76 ( (t_uint) c << 16 ) | \
79 #define BYTES_TO_T_UINT_2( a, b ) \
80 BYTES_TO_T_UINT_4( a, b, 0, 0 )
82 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
83 BYTES_TO_T_UINT_4( a, b, c, d ), \
84 BYTES_TO_T_UINT_4( e, f, g, h )
88 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
89 ( (t_uint) a << 0 ) | \
90 ( (t_uint) b << 8 ) | \
91 ( (t_uint) c << 16 ) | \
92 ( (t_uint) d << 24 ) | \
93 ( (t_uint) e << 32 ) | \
94 ( (t_uint) f << 40 ) | \
95 ( (t_uint) g << 48 ) | \
98 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
99 BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
101 #define BYTES_TO_T_UINT_2( a, b ) \
102 BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
114 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
115 static t_uint secp192r1_p[] = {
116 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
117 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
118 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
120 static t_uint secp192r1_b[] = {
121 BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
122 BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
123 BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
125 static t_uint secp192r1_gx[] = {
126 BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
127 BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
128 BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
130 static t_uint secp192r1_gy[] = {
131 BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
132 BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
133 BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
135 static t_uint secp192r1_n[] = {
136 BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
137 BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
138 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
145 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
146 static t_uint secp224r1_p[] = {
147 BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
148 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
149 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
150 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
152 static t_uint secp224r1_b[] = {
153 BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
154 BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
155 BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
156 BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
158 static t_uint secp224r1_gx[] = {
159 BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
160 BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
161 BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
162 BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
164 static t_uint secp224r1_gy[] = {
165 BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
166 BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
167 BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
168 BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
170 static t_uint secp224r1_n[] = {
171 BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
172 BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
173 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
174 BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
181 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
182 static t_uint secp256r1_p[] = {
183 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
184 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
185 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
186 BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
188 static t_uint secp256r1_b[] = {
189 BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
190 BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
191 BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
192 BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
194 static t_uint secp256r1_gx[] = {
195 BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
196 BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
197 BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
198 BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
200 static t_uint secp256r1_gy[] = {
201 BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
202 BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
203 BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
204 BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
206 static t_uint secp256r1_n[] = {
207 BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
208 BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
209 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
210 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
217 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
218 static t_uint secp384r1_p[] = {
219 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
220 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
221 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
222 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
223 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
224 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
226 static t_uint secp384r1_b[] = {
227 BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
228 BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
229 BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
230 BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
231 BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
232 BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
234 static t_uint secp384r1_gx[] = {
235 BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
236 BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
237 BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
238 BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
239 BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
240 BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
242 static t_uint secp384r1_gy[] = {
243 BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
244 BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
245 BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
246 BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
247 BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
248 BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
250 static t_uint secp384r1_n[] = {
251 BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
252 BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
253 BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
254 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
255 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
256 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
263 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
264 static t_uint secp521r1_p[] = {
265 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
266 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
267 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
268 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
269 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
270 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
271 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
272 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
273 BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
275 static t_uint secp521r1_b[] = {
276 BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
277 BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
278 BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
279 BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
280 BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
281 BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
282 BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
283 BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
284 BYTES_TO_T_UINT_2( 0x51, 0x00 ),
286 static t_uint secp521r1_gx[] = {
287 BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
288 BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
289 BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
290 BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
291 BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
292 BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
293 BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
294 BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
295 BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
297 static t_uint secp521r1_gy[] = {
298 BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
299 BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
300 BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
301 BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
302 BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
303 BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
304 BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
305 BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
306 BYTES_TO_T_UINT_2( 0x18, 0x01 ),
308 static t_uint secp521r1_n[] = {
309 BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
310 BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
311 BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
312 BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
313 BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
314 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
315 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
316 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
317 BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
324 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
325 static t_uint brainpoolP256r1_p[] = {
326 BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
327 BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
328 BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
329 BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
331 static t_uint brainpoolP256r1_a[] = {
332 BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
333 BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
334 BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
335 BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
337 static t_uint brainpoolP256r1_b[] = {
338 BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
339 BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
340 BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
341 BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
343 static t_uint brainpoolP256r1_gx[] = {
344 BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
345 BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
346 BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
347 BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
349 static t_uint brainpoolP256r1_gy[] = {
350 BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
351 BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
352 BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
353 BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
355 static t_uint brainpoolP256r1_n[] = {
356 BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
357 BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
358 BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
359 BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
366 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
367 static t_uint brainpoolP384r1_p[] = {
368 BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
369 BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
370 BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
371 BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
372 BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
373 BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
375 static t_uint brainpoolP384r1_a[] = {
376 BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
377 BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
378 BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
379 BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
380 BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
381 BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
383 static t_uint brainpoolP384r1_b[] = {
384 BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
385 BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
386 BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
387 BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
388 BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
389 BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
391 static t_uint brainpoolP384r1_gx[] = {
392 BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
393 BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
394 BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
395 BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
396 BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
397 BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
399 static t_uint brainpoolP384r1_gy[] = {
400 BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
401 BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
402 BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
403 BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
404 BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
405 BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
407 static t_uint brainpoolP384r1_n[] = {
408 BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
409 BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
410 BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
411 BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
412 BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
413 BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
420 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
421 static t_uint brainpoolP512r1_p[] = {
422 BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
423 BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
424 BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
425 BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
426 BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
427 BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
428 BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
429 BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
431 static t_uint brainpoolP512r1_a[] = {
432 BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
433 BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
434 BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
435 BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
436 BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
437 BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
438 BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
439 BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
441 static t_uint brainpoolP512r1_b[] = {
442 BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
443 BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
444 BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
445 BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
446 BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
447 BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
448 BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
449 BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
451 static t_uint brainpoolP512r1_gx[] = {
452 BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
453 BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
454 BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
455 BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
456 BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
457 BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
458 BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
459 BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
461 static t_uint brainpoolP512r1_gy[] = {
462 BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
463 BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
464 BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
465 BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
466 BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
467 BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
468 BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
469 BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
471 static t_uint brainpoolP512r1_n[] = {
472 BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
473 BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
474 BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
475 BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
476 BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
477 BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
478 BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
479 BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
487 static inline void ecp_mpi_load(
mpi *X,
const t_uint *p,
size_t len )
497 static inline void ecp_mpi_set1(
mpi *X )
499 static t_uint one[] = { 1 };
508 static int ecp_group_load(
ecp_group *grp,
509 const t_uint *p,
size_t plen,
510 const t_uint *a,
size_t alen,
511 const t_uint *b,
size_t blen,
512 const t_uint *gx,
size_t gxlen,
513 const t_uint *gy,
size_t gylen,
514 const t_uint *n,
size_t nlen)
516 ecp_mpi_load( &grp->
P, p, plen );
518 ecp_mpi_load( &grp->
A, a, alen );
519 ecp_mpi_load( &grp->
B, b, blen );
520 ecp_mpi_load( &grp->
N, n, nlen );
522 ecp_mpi_load( &grp->
G.
X, gx, gxlen );
523 ecp_mpi_load( &grp->
G.
Y, gy, gylen );
524 ecp_mpi_set1( &grp->
G.
Z );
534 #if defined(POLARSSL_ECP_NIST_OPTIM)
536 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
537 static int ecp_mod_p192(
mpi * );
539 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
540 static int ecp_mod_p224(
mpi * );
542 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
543 static int ecp_mod_p256(
mpi * );
545 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
546 static int ecp_mod_p384(
mpi * );
548 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
549 static int ecp_mod_p521(
mpi * );
551 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
552 static int ecp_mod_p255(
mpi * );
555 #define NIST_MODP( P ) grp->modp = ecp_mod_ ## P;
557 #define NIST_MODP( P )
560 #define LOAD_GROUP_A( G ) ecp_group_load( grp, \
561 G ## _p, sizeof( G ## _p ), \
562 G ## _a, sizeof( G ## _a ), \
563 G ## _b, sizeof( G ## _b ), \
564 G ## _gx, sizeof( G ## _gx ), \
565 G ## _gy, sizeof( G ## _gy ), \
566 G ## _n, sizeof( G ## _n ) )
568 #define LOAD_GROUP( G ) ecp_group_load( grp, \
569 G ## _p, sizeof( G ## _p ), \
571 G ## _b, sizeof( G ## _b ), \
572 G ## _gx, sizeof( G ## _gx ), \
573 G ## _gy, sizeof( G ## _gy ), \
574 G ## _n, sizeof( G ## _n ) )
576 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
580 static int ecp_use_curve25519(
ecp_group *grp )
621 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
624 return( LOAD_GROUP( secp192r1 ) );
627 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
630 return( LOAD_GROUP( secp224r1 ) );
633 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
636 return( LOAD_GROUP( secp256r1 ) );
639 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
642 return( LOAD_GROUP( secp384r1 ) );
645 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
648 return( LOAD_GROUP( secp521r1 ) );
651 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
653 return( LOAD_GROUP_A( brainpoolP256r1 ) );
656 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
658 return( LOAD_GROUP_A( brainpoolP384r1 ) );
661 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
663 return( LOAD_GROUP_A( brainpoolP512r1 ) );
666 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
668 grp->
modp = ecp_mod_p255;
669 return( ecp_use_curve25519( grp ) );
678 #if defined(POLARSSL_ECP_NIST_OPTIM)
689 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
707 for( i = 0; i < 8 /
sizeof(
t_uint ); i++, dst++, src++ )
709 *dst += c; c = ( *dst < c );
710 *dst += *src; c += ( *dst < *src );
716 static inline void carry64(
t_uint *dst,
t_uint *carry )
719 for( i = 0; i < 8 /
sizeof(
t_uint ); i++, dst++ )
722 *carry = ( *dst < *carry );
726 #define WIDTH 8 / sizeof( t_uint )
727 #define A( i ) N->p + i * WIDTH
728 #define ADD( i ) add64( p, A( i ), &c )
729 #define NEXT p += WIDTH; carry64( p, &c )
730 #define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
735 static int ecp_mod_p192(
mpi *N )
747 ADD( 3 ); ADD( 5 ); NEXT;
748 ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT;
749 ADD( 4 ); ADD( 5 ); LAST;
762 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) || \
763 defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) || \
764 defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
781 #define LOAD32 cur = A( i );
783 #if defined(POLARSSL_HAVE_INT8)
785 #define MAX32 N->n / 4
786 #define A( j ) (uint32_t)( N->p[4*j+0] ) | \
787 ( N->p[4*j+1] << 8 ) | \
788 ( N->p[4*j+2] << 16 ) | \
789 ( N->p[4*j+3] << 24 )
790 #define STORE32 N->p[4*i+0] = (t_uint)( cur ); \
791 N->p[4*i+1] = (t_uint)( cur >> 8 ); \
792 N->p[4*i+2] = (t_uint)( cur >> 16 ); \
793 N->p[4*i+3] = (t_uint)( cur >> 24 );
795 #elif defined(POLARSSL_HAVE_INT16)
797 #define MAX32 N->n / 2
798 #define A( j ) (uint32_t)( N->p[2*j] ) | ( N->p[2*j+1] << 16 )
799 #define STORE32 N->p[2*i+0] = (t_uint)( cur ); \
800 N->p[2*i+1] = (t_uint)( cur >> 16 );
802 #elif defined(POLARSSL_HAVE_INT32)
805 #define A( j ) N->p[j]
806 #define STORE32 N->p[i] = cur;
810 #define MAX32 N->n * 2
811 #define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] )
814 N->p[i/2] &= 0x00000000FFFFFFFF; \
815 N->p[i/2] |= ((t_uint) cur) << 32; \
817 N->p[i/2] &= 0xFFFFFFFF00000000; \
818 N->p[i/2] |= (t_uint) cur; \
826 static inline void add32( uint32_t *dst, uint32_t src,
signed char *carry )
829 *carry += ( *dst < src );
832 static inline void sub32( uint32_t *dst, uint32_t src,
signed char *carry )
834 *carry -= ( *dst < src );
838 #define ADD( j ) add32( &cur, A( j ), &c );
839 #define SUB( j ) sub32( &cur, A( j ), &c );
847 signed char c = 0, cc; \
849 size_t i = 0, bits = b; \
851 t_uint Cp[ b / 8 / sizeof( t_uint) + 1 ]; \
854 C.n = b / 8 / sizeof( t_uint) + 1; \
856 memset( Cp, 0, C.n * sizeof( t_uint ) ); \
858 MPI_CHK( mpi_grow( N, b * 2 / 8 / sizeof( t_uint ) ) ); \
862 STORE32; i++; LOAD32; \
865 sub32( &cur, -cc, &c ); \
867 add32( &cur, cc, &c ); \
871 cur = c > 0 ? c : 0; STORE32; \
872 cur = 0; while( ++i < MAX32 ) { STORE32; } \
873 if( c < 0 ) fix_negative( N, c, &C, bits );
879 static inline int fix_negative(
mpi *N,
signed char c,
mpi *C,
size_t bits )
884 #if !defined(POLARSSL_HAVE_INT64)
888 C->
p[ C->
n - 1 ] = ((
t_uint) -c) << 32;
902 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
906 static int ecp_mod_p224(
mpi *N )
910 SUB( 7 ); SUB( 11 ); NEXT;
911 SUB( 8 ); SUB( 12 ); NEXT;
912 SUB( 9 ); SUB( 13 ); NEXT;
913 SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT;
914 SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT;
915 SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT;
916 SUB( 13 ); ADD( 10 ); LAST;
923 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
927 static int ecp_mod_p256(
mpi *N )
932 SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT;
935 SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT;
937 ADD( 10 ); ADD( 11 );
938 SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT;
940 ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
941 SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT;
943 ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
944 SUB( 9 ); SUB( 10 ); NEXT;
946 ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
947 SUB( 10 ); SUB( 11 ); NEXT;
949 ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
950 SUB( 8 ); SUB( 9 ); NEXT;
952 ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
953 SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST;
960 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
964 static int ecp_mod_p384(
mpi *N )
968 ADD( 12 ); ADD( 21 ); ADD( 20 );
971 ADD( 13 ); ADD( 22 ); ADD( 23 );
972 SUB( 12 ); SUB( 20 ); NEXT;
974 ADD( 14 ); ADD( 23 );
975 SUB( 13 ); SUB( 21 ); NEXT;
977 ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
978 SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT;
980 ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
981 SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT;
983 ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
986 ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
989 ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
992 ADD( 20 ); ADD( 17 ); ADD( 16 );
995 ADD( 21 ); ADD( 18 ); ADD( 17 );
998 ADD( 22 ); ADD( 19 ); ADD( 18 );
1001 ADD( 23 ); ADD( 20 ); ADD( 19 );
1021 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
1028 #define P521_WIDTH ( 521 / 8 / sizeof( t_uint ) + 1 )
1031 #if defined(POLARSSL_HAVE_INT8)
1032 #define P521_MASK 0x01
1034 #define P521_MASK 0x01FF
1041 static int ecp_mod_p521(
mpi *N )
1046 t_uint Mp[P521_WIDTH + 1];
1051 if( N->
n < P521_WIDTH )
1056 M.
n = N->
n - ( P521_WIDTH - 1 );
1057 if( M.
n > P521_WIDTH + 1 )
1058 M.
n = P521_WIDTH + 1;
1060 memcpy( Mp, N->
p + P521_WIDTH - 1, M.
n *
sizeof(
t_uint ) );
1064 N->
p[P521_WIDTH - 1] &= P521_MASK;
1065 for( i = P521_WIDTH; i < N->
n; i++ )
1081 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
1084 #define P255_WIDTH ( 255 / 8 / sizeof( t_uint ) + 1 )
1090 static int ecp_mod_p255(
mpi *N )
1095 t_uint Mp[P255_WIDTH + 2];
1097 if( N->
n < P255_WIDTH )
1102 M.
n = N->
n - ( P255_WIDTH - 1 );
1103 if( M.
n > P255_WIDTH + 1 )
1104 M.
n = P255_WIDTH + 1;
1106 memset( Mp, 0,
sizeof Mp );
1107 memcpy( Mp, N->
p + P255_WIDTH - 1, M.
n *
sizeof(
t_uint ) );
1113 for( i = P255_WIDTH; i < N->
n; i++ )
Elliptic curves over GF(p)
int mpi_sub_abs(mpi *X, const mpi *A, const mpi *B)
Unsigned subtraction: X = |A| - |B|.
Configuration options (set of defines)
int mpi_lset(mpi *X, t_sint z)
Set value from integer.
#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE
Requested curve not available.
int mpi_shift_r(mpi *X, size_t count)
Right-shift: X >>= count.
void mpi_free(mpi *X)
Unallocate one MPI.
int mpi_mul_int(mpi *X, const mpi *A, t_sint b)
Baseline multiplication: X = A * b Note: despite the functon signature, b is treated as a t_uint...
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
int mpi_grow(mpi *X, size_t nblimbs)
Enlarge to the specified number of limbs.
size_t mpi_msb(const mpi *X)
Return the number of bits up to and including the most significant '1' bit'.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_add_abs(mpi *X, const mpi *A, const mpi *B)
Unsigned addition: X = |A| + |B|.
int mpi_read_string(mpi *X, int radix, const char *s)
Import from an ASCII string.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
int mpi_shift_l(mpi *X, size_t count)
Left-shift: X <<= count.
int mpi_set_bit(mpi *X, size_t pos, unsigned char val)
Set a bit of X to a specific value of 0 or 1.
int mpi_sub_int(mpi *X, const mpi *A, t_sint b)
Signed subtraction: X = A - b.