28 #if defined(POLARSSL_ECP_C)
32 #if defined(_MSC_VER) && !defined(inline)
33 #define inline _inline
35 #if defined(__ARMCC_VERSION) && !defined(inline)
36 #define inline __inline
44 #if defined(POLARSSL_HAVE_INT8)
46 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
47 a, b, c, d, e, f, g, h
49 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
52 #define BYTES_TO_T_UINT_2( a, b ) \
55 #elif defined(POLARSSL_HAVE_INT16)
57 #define BYTES_TO_T_UINT_2( a, b ) \
58 ( (t_uint) a << 0 ) | \
61 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
62 BYTES_TO_T_UINT_2( a, b ), \
63 BYTES_TO_T_UINT_2( c, d )
65 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
66 BYTES_TO_T_UINT_2( a, b ), \
67 BYTES_TO_T_UINT_2( c, d ), \
68 BYTES_TO_T_UINT_2( e, f ), \
69 BYTES_TO_T_UINT_2( g, h )
71 #elif defined(POLARSSL_HAVE_INT32)
73 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
74 ( (t_uint) a << 0 ) | \
75 ( (t_uint) b << 8 ) | \
76 ( (t_uint) c << 16 ) | \
79 #define BYTES_TO_T_UINT_2( a, b ) \
80 BYTES_TO_T_UINT_4( a, b, 0, 0 )
82 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
83 BYTES_TO_T_UINT_4( a, b, c, d ), \
84 BYTES_TO_T_UINT_4( e, f, g, h )
88 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
89 ( (t_uint) a << 0 ) | \
90 ( (t_uint) b << 8 ) | \
91 ( (t_uint) c << 16 ) | \
92 ( (t_uint) d << 24 ) | \
93 ( (t_uint) e << 32 ) | \
94 ( (t_uint) f << 40 ) | \
95 ( (t_uint) g << 48 ) | \
98 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
99 BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
101 #define BYTES_TO_T_UINT_2( a, b ) \
102 BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
114 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
115 static t_uint secp192r1_p[] = {
116 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
117 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
118 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
120 static t_uint secp192r1_b[] = {
121 BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
122 BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
123 BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
125 static t_uint secp192r1_gx[] = {
126 BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
127 BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
128 BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
130 static t_uint secp192r1_gy[] = {
131 BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
132 BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
133 BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
135 static t_uint secp192r1_n[] = {
136 BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
137 BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
138 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
145 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
146 static t_uint secp224r1_p[] = {
147 BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
148 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
149 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
150 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
152 static t_uint secp224r1_b[] = {
153 BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
154 BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
155 BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
156 BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
158 static t_uint secp224r1_gx[] = {
159 BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
160 BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
161 BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
162 BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
164 static t_uint secp224r1_gy[] = {
165 BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
166 BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
167 BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
168 BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
170 static t_uint secp224r1_n[] = {
171 BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
172 BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
173 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
174 BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
181 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
182 static t_uint secp256r1_p[] = {
183 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
184 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
185 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
186 BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
188 static t_uint secp256r1_b[] = {
189 BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
190 BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
191 BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
192 BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
194 static t_uint secp256r1_gx[] = {
195 BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
196 BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
197 BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
198 BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
200 static t_uint secp256r1_gy[] = {
201 BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
202 BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
203 BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
204 BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
206 static t_uint secp256r1_n[] = {
207 BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
208 BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
209 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
210 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
217 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
218 static t_uint secp384r1_p[] = {
219 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
220 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
221 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
222 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
223 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
224 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
226 static t_uint secp384r1_b[] = {
227 BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
228 BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
229 BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
230 BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
231 BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
232 BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
234 static t_uint secp384r1_gx[] = {
235 BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
236 BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
237 BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
238 BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
239 BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
240 BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
242 static t_uint secp384r1_gy[] = {
243 BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
244 BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
245 BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
246 BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
247 BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
248 BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
250 static t_uint secp384r1_n[] = {
251 BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
252 BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
253 BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
254 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
255 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
256 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
263 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
264 static t_uint secp521r1_p[] = {
265 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
266 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
267 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
268 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
269 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
270 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
271 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
272 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
273 BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
275 static t_uint secp521r1_b[] = {
276 BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
277 BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
278 BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
279 BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
280 BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
281 BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
282 BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
283 BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
284 BYTES_TO_T_UINT_2( 0x51, 0x00 ),
286 static t_uint secp521r1_gx[] = {
287 BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
288 BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
289 BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
290 BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
291 BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
292 BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
293 BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
294 BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
295 BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
297 static t_uint secp521r1_gy[] = {
298 BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
299 BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
300 BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
301 BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
302 BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
303 BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
304 BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
305 BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
306 BYTES_TO_T_UINT_2( 0x18, 0x01 ),
308 static t_uint secp521r1_n[] = {
309 BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
310 BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
311 BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
312 BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
313 BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
314 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
315 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
316 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
317 BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
321 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
322 static t_uint secp192k1_p[] = {
323 BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
324 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
325 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
327 static t_uint secp192k1_a[] = {
328 BYTES_TO_T_UINT_2( 0x00, 0x00 ),
330 static t_uint secp192k1_b[] = {
331 BYTES_TO_T_UINT_2( 0x03, 0x00 ),
333 static t_uint secp192k1_gx[] = {
334 BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
335 BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
336 BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
338 static t_uint secp192k1_gy[] = {
339 BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
340 BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
341 BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
343 static t_uint secp192k1_n[] = {
344 BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
345 BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
346 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
350 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
351 static t_uint secp224k1_p[] = {
352 BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
353 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
354 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
355 BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
357 static t_uint secp224k1_a[] = {
358 BYTES_TO_T_UINT_2( 0x00, 0x00 ),
360 static t_uint secp224k1_b[] = {
361 BYTES_TO_T_UINT_2( 0x05, 0x00 ),
363 static t_uint secp224k1_gx[] = {
364 BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
365 BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
366 BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
367 BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
369 static t_uint secp224k1_gy[] = {
370 BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
371 BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
372 BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
373 BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
375 static t_uint secp224k1_n[] = {
376 BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
377 BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
378 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
379 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
383 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
384 static t_uint secp256k1_p[] = {
385 BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
386 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
387 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
388 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
390 static t_uint secp256k1_a[] = {
391 BYTES_TO_T_UINT_2( 0x00, 0x00 ),
393 static t_uint secp256k1_b[] = {
394 BYTES_TO_T_UINT_2( 0x07, 0x00 ),
396 static t_uint secp256k1_gx[] = {
397 BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
398 BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
399 BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
400 BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
402 static t_uint secp256k1_gy[] = {
403 BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
404 BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
405 BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
406 BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
408 static t_uint secp256k1_n[] = {
409 BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
410 BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
411 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
412 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
419 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
420 static t_uint brainpoolP256r1_p[] = {
421 BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
422 BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
423 BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
424 BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
426 static t_uint brainpoolP256r1_a[] = {
427 BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
428 BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
429 BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
430 BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
432 static t_uint brainpoolP256r1_b[] = {
433 BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
434 BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
435 BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
436 BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
438 static t_uint brainpoolP256r1_gx[] = {
439 BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
440 BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
441 BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
442 BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
444 static t_uint brainpoolP256r1_gy[] = {
445 BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
446 BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
447 BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
448 BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
450 static t_uint brainpoolP256r1_n[] = {
451 BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
452 BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
453 BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
454 BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
461 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
462 static t_uint brainpoolP384r1_p[] = {
463 BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
464 BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
465 BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
466 BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
467 BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
468 BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
470 static t_uint brainpoolP384r1_a[] = {
471 BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
472 BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
473 BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
474 BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
475 BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
476 BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
478 static t_uint brainpoolP384r1_b[] = {
479 BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
480 BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
481 BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
482 BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
483 BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
484 BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
486 static t_uint brainpoolP384r1_gx[] = {
487 BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
488 BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
489 BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
490 BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
491 BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
492 BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
494 static t_uint brainpoolP384r1_gy[] = {
495 BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
496 BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
497 BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
498 BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
499 BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
500 BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
502 static t_uint brainpoolP384r1_n[] = {
503 BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
504 BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
505 BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
506 BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
507 BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
508 BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
515 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
516 static t_uint brainpoolP512r1_p[] = {
517 BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
518 BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
519 BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
520 BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
521 BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
522 BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
523 BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
524 BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
526 static t_uint brainpoolP512r1_a[] = {
527 BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
528 BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
529 BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
530 BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
531 BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
532 BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
533 BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
534 BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
536 static t_uint brainpoolP512r1_b[] = {
537 BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
538 BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
539 BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
540 BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
541 BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
542 BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
543 BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
544 BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
546 static t_uint brainpoolP512r1_gx[] = {
547 BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
548 BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
549 BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
550 BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
551 BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
552 BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
553 BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
554 BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
556 static t_uint brainpoolP512r1_gy[] = {
557 BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
558 BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
559 BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
560 BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
561 BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
562 BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
563 BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
564 BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
566 static t_uint brainpoolP512r1_n[] = {
567 BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
568 BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
569 BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
570 BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
571 BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
572 BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
573 BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
574 BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
582 static inline void ecp_mpi_load(
mpi *X,
const t_uint *p,
size_t len )
592 static inline void ecp_mpi_set1(
mpi *X )
594 static t_uint one[] = { 1 };
603 static int ecp_group_load(
ecp_group *grp,
604 const t_uint *p,
size_t plen,
605 const t_uint *a,
size_t alen,
606 const t_uint *b,
size_t blen,
607 const t_uint *gx,
size_t gxlen,
608 const t_uint *gy,
size_t gylen,
609 const t_uint *n,
size_t nlen)
611 ecp_mpi_load( &grp->
P, p, plen );
613 ecp_mpi_load( &grp->
A, a, alen );
614 ecp_mpi_load( &grp->
B, b, blen );
615 ecp_mpi_load( &grp->
N, n, nlen );
617 ecp_mpi_load( &grp->
G.
X, gx, gxlen );
618 ecp_mpi_load( &grp->
G.
Y, gy, gylen );
619 ecp_mpi_set1( &grp->
G.
Z );
629 #if defined(POLARSSL_ECP_NIST_OPTIM)
631 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
632 static int ecp_mod_p192(
mpi * );
634 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
635 static int ecp_mod_p224(
mpi * );
637 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
638 static int ecp_mod_p256(
mpi * );
640 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
641 static int ecp_mod_p384(
mpi * );
643 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
644 static int ecp_mod_p521(
mpi * );
647 #define NIST_MODP( P ) grp->modp = ecp_mod_ ## P;
649 #define NIST_MODP( P )
653 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
654 static int ecp_mod_p255(
mpi * );
656 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
657 static int ecp_mod_p192k1(
mpi * );
659 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
660 static int ecp_mod_p224k1(
mpi * );
662 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
663 static int ecp_mod_p256k1(
mpi * );
666 #define LOAD_GROUP_A( G ) ecp_group_load( grp, \
667 G ## _p, sizeof( G ## _p ), \
668 G ## _a, sizeof( G ## _a ), \
669 G ## _b, sizeof( G ## _b ), \
670 G ## _gx, sizeof( G ## _gx ), \
671 G ## _gy, sizeof( G ## _gy ), \
672 G ## _n, sizeof( G ## _n ) )
674 #define LOAD_GROUP( G ) ecp_group_load( grp, \
675 G ## _p, sizeof( G ## _p ), \
677 G ## _b, sizeof( G ## _b ), \
678 G ## _gx, sizeof( G ## _gx ), \
679 G ## _gy, sizeof( G ## _gy ), \
680 G ## _n, sizeof( G ## _n ) )
682 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
686 static int ecp_use_curve25519(
ecp_group *grp )
727 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
730 return( LOAD_GROUP( secp192r1 ) );
733 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
736 return( LOAD_GROUP( secp224r1 ) );
739 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
742 return( LOAD_GROUP( secp256r1 ) );
745 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
748 return( LOAD_GROUP( secp384r1 ) );
751 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
754 return( LOAD_GROUP( secp521r1 ) );
757 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
759 grp->
modp = ecp_mod_p192k1;
760 return( LOAD_GROUP_A( secp192k1 ) );
763 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
765 grp->
modp = ecp_mod_p224k1;
766 return( LOAD_GROUP_A( secp224k1 ) );
769 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
771 grp->
modp = ecp_mod_p256k1;
772 return( LOAD_GROUP_A( secp256k1 ) );
775 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
777 return( LOAD_GROUP_A( brainpoolP256r1 ) );
780 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
782 return( LOAD_GROUP_A( brainpoolP384r1 ) );
785 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
787 return( LOAD_GROUP_A( brainpoolP512r1 ) );
790 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
792 grp->
modp = ecp_mod_p255;
793 return( ecp_use_curve25519( grp ) );
802 #if defined(POLARSSL_ECP_NIST_OPTIM)
813 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
831 for( i = 0; i < 8 /
sizeof(
t_uint ); i++, dst++, src++ )
833 *dst += c; c = ( *dst < c );
834 *dst += *src; c += ( *dst < *src );
840 static inline void carry64(
t_uint *dst,
t_uint *carry )
843 for( i = 0; i < 8 /
sizeof(
t_uint ); i++, dst++ )
846 *carry = ( *dst < *carry );
850 #define WIDTH 8 / sizeof( t_uint )
851 #define A( i ) N->p + i * WIDTH
852 #define ADD( i ) add64( p, A( i ), &c )
853 #define NEXT p += WIDTH; carry64( p, &c )
854 #define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
859 static int ecp_mod_p192(
mpi *N )
871 ADD( 3 ); ADD( 5 ); NEXT;
872 ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT;
873 ADD( 4 ); ADD( 5 ); LAST;
886 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) || \
887 defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) || \
888 defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
905 #define LOAD32 cur = A( i );
907 #if defined(POLARSSL_HAVE_INT8)
909 #define MAX32 N->n / 4
910 #define A( j ) (uint32_t)( N->p[4*j+0] ) | \
911 ( N->p[4*j+1] << 8 ) | \
912 ( N->p[4*j+2] << 16 ) | \
913 ( N->p[4*j+3] << 24 )
914 #define STORE32 N->p[4*i+0] = (t_uint)( cur ); \
915 N->p[4*i+1] = (t_uint)( cur >> 8 ); \
916 N->p[4*i+2] = (t_uint)( cur >> 16 ); \
917 N->p[4*i+3] = (t_uint)( cur >> 24 );
919 #elif defined(POLARSSL_HAVE_INT16)
921 #define MAX32 N->n / 2
922 #define A( j ) (uint32_t)( N->p[2*j] ) | ( N->p[2*j+1] << 16 )
923 #define STORE32 N->p[2*i+0] = (t_uint)( cur ); \
924 N->p[2*i+1] = (t_uint)( cur >> 16 );
926 #elif defined(POLARSSL_HAVE_INT32)
929 #define A( j ) N->p[j]
930 #define STORE32 N->p[i] = cur;
934 #define MAX32 N->n * 2
935 #define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] )
938 N->p[i/2] &= 0x00000000FFFFFFFF; \
939 N->p[i/2] |= ((t_uint) cur) << 32; \
941 N->p[i/2] &= 0xFFFFFFFF00000000; \
942 N->p[i/2] |= (t_uint) cur; \
950 static inline void add32( uint32_t *dst, uint32_t src,
signed char *carry )
953 *carry += ( *dst < src );
956 static inline void sub32( uint32_t *dst, uint32_t src,
signed char *carry )
958 *carry -= ( *dst < src );
962 #define ADD( j ) add32( &cur, A( j ), &c );
963 #define SUB( j ) sub32( &cur, A( j ), &c );
971 signed char c = 0, cc; \
973 size_t i = 0, bits = b; \
975 t_uint Cp[ b / 8 / sizeof( t_uint) + 1 ]; \
978 C.n = b / 8 / sizeof( t_uint) + 1; \
980 memset( Cp, 0, C.n * sizeof( t_uint ) ); \
982 MPI_CHK( mpi_grow( N, b * 2 / 8 / sizeof( t_uint ) ) ); \
986 STORE32; i++; LOAD32; \
989 sub32( &cur, -cc, &c ); \
991 add32( &cur, cc, &c ); \
995 cur = c > 0 ? c : 0; STORE32; \
996 cur = 0; while( ++i < MAX32 ) { STORE32; } \
997 if( c < 0 ) fix_negative( N, c, &C, bits );
1003 static inline int fix_negative(
mpi *N,
signed char c,
mpi *C,
size_t bits )
1008 #if !defined(POLARSSL_HAVE_INT64)
1012 C->
p[ C->
n - 1 ] = ((
t_uint) -c) << 32;
1026 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
1030 static int ecp_mod_p224(
mpi *N )
1034 SUB( 7 ); SUB( 11 ); NEXT;
1035 SUB( 8 ); SUB( 12 ); NEXT;
1036 SUB( 9 ); SUB( 13 ); NEXT;
1037 SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT;
1038 SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT;
1039 SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT;
1040 SUB( 13 ); ADD( 10 ); LAST;
1047 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
1051 static int ecp_mod_p256(
mpi *N )
1056 SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT;
1058 ADD( 9 ); ADD( 10 );
1059 SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT;
1061 ADD( 10 ); ADD( 11 );
1062 SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT;
1064 ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
1065 SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT;
1067 ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
1068 SUB( 9 ); SUB( 10 ); NEXT;
1070 ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
1071 SUB( 10 ); SUB( 11 ); NEXT;
1073 ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
1074 SUB( 8 ); SUB( 9 ); NEXT;
1076 ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
1077 SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST;
1084 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
1088 static int ecp_mod_p384(
mpi *N )
1092 ADD( 12 ); ADD( 21 ); ADD( 20 );
1095 ADD( 13 ); ADD( 22 ); ADD( 23 );
1096 SUB( 12 ); SUB( 20 ); NEXT;
1098 ADD( 14 ); ADD( 23 );
1099 SUB( 13 ); SUB( 21 ); NEXT;
1101 ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
1102 SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT;
1104 ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
1105 SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT;
1107 ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
1110 ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
1113 ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
1116 ADD( 20 ); ADD( 17 ); ADD( 16 );
1119 ADD( 21 ); ADD( 18 ); ADD( 17 );
1122 ADD( 22 ); ADD( 19 ); ADD( 18 );
1125 ADD( 23 ); ADD( 20 ); ADD( 19 );
1145 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
1152 #define P521_WIDTH ( 521 / 8 / sizeof( t_uint ) + 1 )
1155 #if defined(POLARSSL_HAVE_INT8)
1156 #define P521_MASK 0x01
1158 #define P521_MASK 0x01FF
1165 static int ecp_mod_p521(
mpi *N )
1170 t_uint Mp[P521_WIDTH + 1];
1175 if( N->
n < P521_WIDTH )
1180 M.
n = N->
n - ( P521_WIDTH - 1 );
1181 if( M.
n > P521_WIDTH + 1 )
1182 M.
n = P521_WIDTH + 1;
1184 memcpy( Mp, N->
p + P521_WIDTH - 1, M.
n *
sizeof(
t_uint ) );
1188 N->
p[P521_WIDTH - 1] &= P521_MASK;
1189 for( i = P521_WIDTH; i < N->
n; i++ )
1205 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
1208 #define P255_WIDTH ( 255 / 8 / sizeof( t_uint ) + 1 )
1214 static int ecp_mod_p255(
mpi *N )
1219 t_uint Mp[P255_WIDTH + 2];
1221 if( N->
n < P255_WIDTH )
1226 M.
n = N->
n - ( P255_WIDTH - 1 );
1227 if( M.
n > P255_WIDTH + 1 )
1228 M.
n = P255_WIDTH + 1;
1230 memset( Mp, 0,
sizeof Mp );
1231 memcpy( Mp, N->
p + P255_WIDTH - 1, M.
n *
sizeof(
t_uint ) );
1237 for( i = P255_WIDTH; i < N->
n; i++ )
1249 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED) || \
1250 defined(POLARSSL_ECP_DP_SECP224K1_ENABLED) || \
1251 defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
1259 #define P_KOBLITZ_MAX ( 256 / 8 / sizeof( t_uint ) ) // Max limbs in P
1260 #define P_KOBLITZ_R ( 8 / sizeof( t_uint ) ) // Limbs in R
1261 static inline int ecp_mod_koblitz(
mpi *N,
t_uint *Rp,
size_t p_limbs,
1262 size_t adjust,
size_t shift,
t_uint mask )
1267 t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
1269 if( N->
n < p_limbs )
1282 M.
n = N->
n - ( p_limbs - adjust );
1283 if( M.
n > p_limbs + adjust )
1284 M.
n = p_limbs + adjust;
1285 memset( Mp, 0,
sizeof Mp );
1286 memcpy( Mp, N->
p + p_limbs - adjust, M.
n *
sizeof(
t_uint ) );
1289 M.
n += R.
n - adjust;
1293 N->
p[p_limbs - 1] &= mask;
1294 for( i = p_limbs; i < N->
n; i++ )
1304 M.
n = N->
n - ( p_limbs - adjust );
1305 if( M.
n > p_limbs + adjust )
1306 M.
n = p_limbs + adjust;
1307 memset( Mp, 0,
sizeof Mp );
1308 memcpy( Mp, N->
p + p_limbs - adjust, M.
n *
sizeof(
t_uint ) );
1311 M.
n += R.
n - adjust;
1315 N->
p[p_limbs - 1] &= mask;
1316 for( i = p_limbs; i < N->
n; i++ )
1330 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
1335 static int ecp_mod_p192k1(
mpi *N )
1338 BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
1340 return( ecp_mod_koblitz( N, Rp, 192 / 8 /
sizeof(
t_uint ), 0, 0, 0 ) );
1344 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
1349 static int ecp_mod_p224k1(
mpi *N )
1352 BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
1354 #if defined(POLARSSL_HAVE_INT64)
1355 return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
1357 return( ecp_mod_koblitz( N, Rp, 224 / 8 /
sizeof(
t_uint ), 0, 0, 0 ) );
1363 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
1368 static int ecp_mod_p256k1(
mpi *N )
1371 BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
1372 return( ecp_mod_koblitz( N, Rp, 256 / 8 /
sizeof(
t_uint ), 0, 0, 0 ) );
Elliptic curves over GF(p)
int mpi_sub_abs(mpi *X, const mpi *A, const mpi *B)
Unsigned subtraction: X = |A| - |B|.
Configuration options (set of defines)
int mpi_lset(mpi *X, t_sint z)
Set value from integer.
#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE
Requested curve not available.
int mpi_shift_r(mpi *X, size_t count)
Right-shift: X >>= count.
void mpi_free(mpi *X)
Unallocate one MPI.
int mpi_mul_int(mpi *X, const mpi *A, t_sint b)
Baseline multiplication: X = A * b Note: despite the functon signature, b is treated as a t_uint...
void ecp_group_free(ecp_group *grp)
Free the components of an ECP group.
int mpi_grow(mpi *X, size_t nblimbs)
Enlarge to the specified number of limbs.
size_t mpi_msb(const mpi *X)
Return the number of bits up to and including the most significant '1' bit'.
int ecp_use_known_dp(ecp_group *grp, ecp_group_id index)
Set a group using well-known domain parameters.
int mpi_add_abs(mpi *X, const mpi *A, const mpi *B)
Unsigned addition: X = |A| + |B|.
int mpi_read_string(mpi *X, int radix, const char *s)
Import from an ASCII string.
ecp_group_id
Domain parameters (curve, subgroup and generator) identifiers.
int mpi_shift_l(mpi *X, size_t count)
Left-shift: X <<= count.
int mpi_mul_mpi(mpi *X, const mpi *A, const mpi *B)
Baseline multiplication: X = A * B.
int mpi_set_bit(mpi *X, size_t pos, unsigned char val)
Set a bit of X to a specific value of 0 or 1.
int mpi_sub_int(mpi *X, const mpi *A, t_sint b)
Signed subtraction: X = A - b.