summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/ec/ec_curve.c2272
1 files changed, 1530 insertions, 742 deletions
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index f9a177ca0d..efb806dd43 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_curve.c,v 1.34 2023/05/01 13:49:26 tb Exp $ */ 1/* $OpenBSD: ec_curve.c,v 1.35 2023/05/01 17:28:03 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -78,144 +78,168 @@
78 78
79#include "ec_local.h" 79#include "ec_local.h"
80 80
81typedef struct {
82 int seed_len;
83 int param_len;
84 unsigned int cofactor; /* promoted to BN_ULONG */
85} EC_CURVE_DATA;
86
87/* the nist prime curves */ 81/* the nist prime curves */
88static const struct { 82static const struct {
89 EC_CURVE_DATA h; 83 uint8_t seed[20];
90 unsigned char data[20 + 24 * 6]; 84 uint8_t p[24];
91} 85 uint8_t a[24];
92 _EC_NIST_PRIME_192 = { 86 uint8_t b[24];
93 { 87 uint8_t x[24];
94 .seed_len = 20, 88 uint8_t y[24];
95 .param_len = 24, 89 uint8_t order[24];
96 .cofactor = 1, 90} _EC_NIST_PRIME_192 = {
97 }, 91 .seed = {
98 {
99 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, /* seed */ 92 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, /* seed */
100 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, 93 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5,
101 94 },
95 .p = {
102 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 96 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
103 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 97 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
104 0xFF, 0xFF, 0xFF, 0xFF, 98 0xFF, 0xFF, 0xFF, 0xFF,
99 },
100 .a = {
105 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 101 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
106 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 102 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
107 0xFF, 0xFF, 0xFF, 0xFC, 103 0xFF, 0xFF, 0xFF, 0xFC,
104 },
105 .b = {
108 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, /* b */ 106 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, /* b */
109 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 107 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC,
110 0xC1, 0x46, 0xB9, 0xB1, 108 0xC1, 0x46, 0xB9, 0xB1,
109 },
110 .x = {
111 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, /* x */ 111 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, /* x */
112 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 112 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD,
113 0x82, 0xFF, 0x10, 0x12, 113 0x82, 0xFF, 0x10, 0x12,
114 },
115 .y = {
114 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, /* y */ 116 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, /* y */
115 0x11, 0xed, 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 117 0x11, 0xed, 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1,
116 0x1e, 0x79, 0x48, 0x11, 118 0x1e, 0x79, 0x48, 0x11,
119 },
120 .order = {
117 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 121 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
118 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 122 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1,
119 0xB4, 0xD2, 0x28, 0x31 123 0xB4, 0xD2, 0x28, 0x31,
120 } 124 },
121}; 125};
122 126
123static const struct { 127static const struct {
124 EC_CURVE_DATA h; 128 uint8_t seed[20];
125 unsigned char data[20 + 28 * 6]; 129 uint8_t p[28];
126} 130 uint8_t a[28];
127 _EC_NIST_PRIME_224 = { 131 uint8_t b[28];
128 { 132 uint8_t x[28];
129 .seed_len = 20, 133 uint8_t y[28];
130 .param_len = 28, 134 uint8_t order[28];
131 .cofactor = 1, 135} _EC_NIST_PRIME_224 = {
132 }, 136 .seed = {
133 {
134 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, /* seed */ 137 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, /* seed */
135 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, 138 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
136 139 },
140 .p = {
137 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 141 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 142 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
139 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
144 },
145 .a = {
140 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 146 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
141 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 147 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
142 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 148 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
149 },
150 .b = {
143 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */ 151 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */
144 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 152 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA,
145 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4, 153 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4,
154 },
155 .x = {
146 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */ 156 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */
147 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 157 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22,
148 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21, 158 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21,
159 },
160 .y = {
149 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */ 161 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */
150 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 162 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
151 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34, 163 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34,
164 },
165 .order = {
152 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 166 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
153 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 167 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E,
154 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D 168 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D,
155 } 169 },
156}; 170};
157 171
158static const struct { 172static const struct {
159 EC_CURVE_DATA h; 173 uint8_t seed[20];
160 unsigned char data[20 + 48 * 6]; 174 uint8_t p[48];
161} 175 uint8_t a[48];
162 _EC_NIST_PRIME_384 = { 176 uint8_t b[48];
163 { 177 uint8_t x[48];
164 .seed_len = 20, 178 uint8_t y[48];
165 .param_len = 48, 179 uint8_t order[48];
166 .cofactor = 1, 180} _EC_NIST_PRIME_384 = {
167 }, 181 .seed = {
168 {
169 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, /* seed */ 182 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, /* seed */
170 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, 183 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
171 184 },
185 .p = {
172 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 186 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 187 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
174 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 188 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
175 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 189 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
176 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 190 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
191 },
192 .a = {
177 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 193 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
178 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 194 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
179 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 195 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
180 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 196 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
181 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, 197 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
198 },
199 .b = {
182 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, /* b */ 200 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, /* b */
183 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 201 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E,
184 0xFE, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 202 0xFE, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13,
185 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D, 203 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D,
186 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, 204 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
205 },
206 .x = {
187 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, /* x */ 207 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, /* x */
188 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 208 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62,
189 0x8B, 0xA7, 0x9B, 0x98, 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 209 0x8B, 0xA7, 0x9B, 0x98, 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54,
190 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C, 210 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C,
191 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, 211 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
212 },
213 .y = {
192 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, /* y */ 214 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, /* y */
193 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 215 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd,
194 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 216 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0,
195 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d, 217 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
196 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, 218 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
219 },
220 .order = {
197 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 221 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
198 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 222 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
199 0xFF, 0xFF, 0xFF, 0xFF, 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 223 0xFF, 0xFF, 0xFF, 0xFF, 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37,
200 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, 224 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A,
201 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 225 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73,
202 } 226 },
203}; 227};
204 228
205static const struct { 229static const struct {
206 EC_CURVE_DATA h; 230 uint8_t seed[20];
207 unsigned char data[20 + 66 * 6]; 231 uint8_t p[66];
208} 232 uint8_t a[66];
209 _EC_NIST_PRIME_521 = { 233 uint8_t b[66];
210 { 234 uint8_t x[66];
211 .seed_len = 20, 235 uint8_t y[66];
212 .param_len = 66, 236 uint8_t order[66];
213 .cofactor = 1, 237} _EC_NIST_PRIME_521 = {
214 }, 238 .seed = {
215 {
216 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, /* seed */ 239 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, /* seed */
217 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, 240 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
218 241 },
242 .p = {
219 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 243 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
220 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 244 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
221 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 245 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -223,6 +247,8 @@ static const struct {
223 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 247 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
224 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 248 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
225 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 249 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
250 },
251 .a = {
226 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 252 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
227 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 253 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
228 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 254 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -230,6 +256,8 @@ static const struct {
230 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 256 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
231 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 257 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
232 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 258 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
259 },
260 .b = {
233 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, /* b */ 261 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, /* b */
234 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 262 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA,
235 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 263 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91,
@@ -237,6 +265,8 @@ static const struct {
237 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07, 265 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07,
238 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, 266 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
239 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, 267 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
268 },
269 .x = {
240 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, /* x */ 270 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, /* x */
241 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 271 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64,
242 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 272 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60,
@@ -244,6 +274,8 @@ static const struct {
244 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE, 274 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE,
245 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, 275 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
246 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, 276 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
277 },
278 .y = {
247 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, /* y */ 279 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, /* y */
248 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 280 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5,
249 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 281 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
@@ -251,1100 +283,1348 @@ static const struct {
251 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 283 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61,
252 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 284 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
253 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, 285 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
286 },
287 .order = {
254 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 288 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
255 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 289 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
256 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 290 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
257 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 291 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F,
258 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0, 292 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0,
259 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, 293 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
260 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 294 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09,
261 } 295 },
262}; 296};
263 297
264/* the x9.62 prime curves (minus the nist prime curves) */ 298/* the x9.62 prime curves (minus the nist prime curves) */
265static const struct { 299static const struct {
266 EC_CURVE_DATA h; 300 uint8_t seed[20];
267 unsigned char data[20 + 24 * 6]; 301 uint8_t p[24];
268} 302 uint8_t a[24];
269 _EC_X9_62_PRIME_192V2 = { 303 uint8_t b[24];
270 { 304 uint8_t x[24];
271 .seed_len = 20, 305 uint8_t y[24];
272 .param_len = 24, 306 uint8_t order[24];
273 .cofactor = 1, 307} _EC_X9_62_PRIME_192V2 = {
274 }, 308 .seed = {
275 {
276 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, /* seed */ 309 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, /* seed */
277 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, 310 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6,
278 311 },
312 .p = {
279 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 313 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
280 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 314 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
281 0xFF, 0xFF, 0xFF, 0xFF, 315 0xFF, 0xFF, 0xFF, 0xFF,
316 },
317 .a = {
282 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 318 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
283 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 319 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
284 0xFF, 0xFF, 0xFF, 0xFC, 320 0xFF, 0xFF, 0xFF, 0xFC,
321 },
322 .b = {
285 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, /* b */ 323 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, /* b */
286 0x0D, 0x63, 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 324 0x0D, 0x63, 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2,
287 0x16, 0x68, 0xD9, 0x53, 325 0x16, 0x68, 0xD9, 0x53,
326 },
327 .x = {
288 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, /* x */ 328 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, /* x */
289 0x77, 0x69, 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 329 0x77, 0x69, 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69,
290 0x6F, 0x48, 0x03, 0x4A, 330 0x6F, 0x48, 0x03, 0x4A,
331 },
332 .y = {
291 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, /* y */ 333 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, /* y */
292 0xb8, 0x2a, 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 334 0xb8, 0x2a, 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9,
293 0x70, 0xb2, 0xde, 0x15, 335 0x70, 0xb2, 0xde, 0x15,
336 },
337 .order = {
294 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 338 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
295 0xFF, 0xFE, 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 339 0xFF, 0xFE, 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86,
296 0x48, 0xD8, 0xDD, 0x31 340 0x48, 0xD8, 0xDD, 0x31,
297 } 341 },
298}; 342};
299 343
300static const struct { 344static const struct {
301 EC_CURVE_DATA h; 345 uint8_t seed[20];
302 unsigned char data[20 + 24 * 6]; 346 uint8_t p[24];
303} 347 uint8_t a[24];
304 _EC_X9_62_PRIME_192V3 = { 348 uint8_t b[24];
305 { 349 uint8_t x[24];
306 .seed_len = 20, 350 uint8_t y[24];
307 .param_len = 24, 351 uint8_t order[24];
308 .cofactor = 1, 352} _EC_X9_62_PRIME_192V3 = {
309 }, 353 .seed = {
310 {
311 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, /* seed */ 354 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, /* seed */
312 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, 355 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E,
313 356 },
357 .p = {
314 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 358 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
315 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 359 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
316 0xFF, 0xFF, 0xFF, 0xFF, 360 0xFF, 0xFF, 0xFF, 0xFF,
361 },
362 .a = {
317 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 363 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
318 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 364 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
319 0xFF, 0xFF, 0xFF, 0xFC, 365 0xFF, 0xFF, 0xFF, 0xFC,
366 },
367 .b = {
320 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, /* b */ 368 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, /* b */
321 0x3D, 0xAE, 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 369 0x3D, 0xAE, 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25,
322 0x6B, 0xD5, 0x69, 0x16, 370 0x6B, 0xD5, 0x69, 0x16,
371 },
372 .x = {
323 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, /* x */ 373 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, /* x */
324 0x37, 0x16, 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 374 0x37, 0x16, 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E,
325 0x22, 0x8F, 0x18, 0x96, 375 0x22, 0x8F, 0x18, 0x96,
376 },
377 .y = {
326 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, /* y */ 378 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, /* y */
327 0xdc, 0xb6, 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 379 0xdc, 0xb6, 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76,
328 0x48, 0xa9, 0x43, 0xb0, 380 0x48, 0xa9, 0x43, 0xb0,
381 },
382 .order = {
329 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 383 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
330 0xFF, 0xFF, 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 384 0xFF, 0xFF, 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94,
331 0xF6, 0x40, 0xEC, 0x13 385 0xF6, 0x40, 0xEC, 0x13,
332 } 386 },
333}; 387};
334 388
335static const struct { 389static const struct {
336 EC_CURVE_DATA h; 390 uint8_t seed[20];
337 unsigned char data[20 + 30 * 6]; 391 uint8_t p[30];
338} 392 uint8_t a[30];
339 _EC_X9_62_PRIME_239V1 = { 393 uint8_t b[30];
340 { 394 uint8_t x[30];
341 .seed_len = 20, 395 uint8_t y[30];
342 .param_len = 30, 396 uint8_t order[30];
343 .cofactor = 1, 397} _EC_X9_62_PRIME_239V1 = {
344 }, 398 .seed = {
345 {
346 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, /* seed */ 399 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, /* seed */
347 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, 400 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D,
348 401 },
402 .p = {
349 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 403 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
350 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 404 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00,
351 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 405 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 406 },
407 .a = {
353 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 408 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
354 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 409 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00,
355 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 410 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
356 411 },
412 .b = {
357 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, /* b */ 413 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, /* b */
358 0x54, 0x92, 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 414 0x54, 0x92, 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2,
359 0x7D, 0x1D, 0x37, 0x79, 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A, 415 0x7D, 0x1D, 0x37, 0x79, 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A,
360 416 },
417 .x = {
361 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, /* x */ 418 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, /* x */
362 0xB8, 0x64, 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 419 0xB8, 0x64, 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57,
363 0x3D, 0x3F, 0x27, 0xFB, 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF, 420 0x3D, 0x3F, 0x27, 0xFB, 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF,
364 421 },
422 .y = {
365 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, /* y */ 423 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, /* y */
366 0x54, 0xca, 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 424 0x54, 0xca, 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18,
367 0xce, 0x22, 0x6b, 0x39, 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae, 425 0xce, 0x22, 0x6b, 0x39, 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
368 426 },
427 .order = {
369 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 428 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
370 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 429 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D,
371 0x90, 0x71, 0xFB, 0xD1, 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B 430 0x90, 0x71, 0xFB, 0xD1, 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B,
372 } 431 },
373}; 432};
374 433
375static const struct { 434static const struct {
376 EC_CURVE_DATA h; 435 uint8_t seed[20];
377 unsigned char data[20 + 30 * 6]; 436 uint8_t p[30];
378} 437 uint8_t a[30];
379 _EC_X9_62_PRIME_239V2 = { 438 uint8_t b[30];
380 { 439 uint8_t x[30];
381 .seed_len = 20, 440 uint8_t y[30];
382 .param_len = 30, 441 uint8_t order[30];
383 .cofactor = 1, 442} _EC_X9_62_PRIME_239V2 = {
384 }, 443 .seed = {
385 {
386 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, /* seed */ 444 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, /* seed */
387 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, 445 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16,
388 446 },
447 .p = {
389 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 448 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
390 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 449 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00,
391 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 450 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
392 451 },
452 .a = {
393 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 453 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
394 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 454 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00,
395 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 455 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
396 456 },
457 .b = {
397 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, /* b */ 458 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, /* b */
398 0x0D, 0x99, 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 459 0x0D, 0x99, 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B,
399 0xA0, 0x03, 0x8C, 0x7A, 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C, 460 0xA0, 0x03, 0x8C, 0x7A, 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C,
400 461 },
462 .x = {
401 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, /* x */ 463 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, /* x */
402 0x21, 0xBB, 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 464 0x21, 0xBB, 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2,
403 0xF3, 0x57, 0x57, 0xA0, 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7, 465 0xF3, 0x57, 0x57, 0xA0, 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7,
404 466 },
467 .y = {
405 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, /* y */ 468 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, /* y */
406 0xa0, 0xfc, 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 469 0xa0, 0xfc, 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55,
407 0xde, 0x6e, 0xf4, 0x60, 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba, 470 0xde, 0x6e, 0xf4, 0x60, 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
408 471 },
472 .order = {
409 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 473 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
410 0xFF, 0xFF, 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 474 0xFF, 0xFF, 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43,
411 0x77, 0xD4, 0x14, 0xC0, 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 475 0x77, 0xD4, 0x14, 0xC0, 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63,
412 } 476 },
413}; 477};
414 478
415static const struct { 479static const struct {
416 EC_CURVE_DATA h; 480 uint8_t seed[20];
417 unsigned char data[20 + 30 * 6]; 481 uint8_t p[30];
418} 482 uint8_t a[30];
419 _EC_X9_62_PRIME_239V3 = { 483 uint8_t b[30];
420 { 484 uint8_t x[30];
421 .seed_len = 20, 485 uint8_t y[30];
422 .param_len = 30, 486 uint8_t order[30];
423 .cofactor = 1, 487} _EC_X9_62_PRIME_239V3 = {
424 }, 488 .seed = {
425 {
426 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, /* seed */ 489 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, /* seed */
427 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, 490 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF,
428 491 },
492 .p = {
429 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 493 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
430 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 494 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00,
431 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 495 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
432 496 },
497 .a = {
433 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 498 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
434 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 499 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00,
435 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 500 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
436 501 },
502 .b = {
437 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, /* b */ 503 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, /* b */
438 0xCB, 0x03, 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 504 0xCB, 0x03, 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02,
439 0xD4, 0x98, 0x87, 0x17, 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E, 505 0xD4, 0x98, 0x87, 0x17, 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E,
440 506 },
507 .x = {
441 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, /* x */ 508 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, /* x */
442 0x5C, 0x94, 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 509 0x5C, 0x94, 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6,
443 0x60, 0xBB, 0xF8, 0x54, 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A, 510 0x60, 0xBB, 0xF8, 0x54, 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A,
444 511 },
512 .y = {
445 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, /* y */ 513 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, /* y */
446 0x55, 0x2b, 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 514 0x55, 0x2b, 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b,
447 0x6e, 0x81, 0x84, 0x99, 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3, 515 0x6e, 0x81, 0x84, 0x99, 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
448 516 },
517 .order = {
449 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 518 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
450 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 519 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3,
451 0xA6, 0x05, 0x7C, 0x3C, 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 520 0xA6, 0x05, 0x7C, 0x3C, 0x43, 0x21, 0x46, 0x52, 0x65, 0x51,
452 } 521 },
453}; 522};
454 523
455
456static const struct { 524static const struct {
457 EC_CURVE_DATA h; 525 uint8_t seed[20];
458 unsigned char data[20 + 32 * 6]; 526 uint8_t p[32];
459} 527 uint8_t a[32];
460 _EC_X9_62_PRIME_256V1 = { 528 uint8_t b[32];
461 { 529 uint8_t x[32];
462 .seed_len = 20, 530 uint8_t y[32];
463 .param_len = 32, 531 uint8_t order[32];
464 .cofactor = 1, 532} _EC_X9_62_PRIME_256V1 = {
465 }, 533 .seed = {
466 {
467 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, /* seed */ 534 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, /* seed */
468 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, 535 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
469 536 },
537 .p = {
470 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, /* p */ 538 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, /* p */
471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
472 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 540 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
473 0xFF, 0xFF, 541 0xFF, 0xFF,
542 },
543 .a = {
474 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, /* a */ 544 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, /* a */
475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
476 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 546 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
477 0xFF, 0xFC, 547 0xFF, 0xFC,
548 },
549 .b = {
478 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, /* b */ 550 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, /* b */
479 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 551 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0,
480 0xCC, 0x53, 0xB0, 0xF6, 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 552 0xCC, 0x53, 0xB0, 0xF6, 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2,
481 0x60, 0x4B, 553 0x60, 0x4B,
554 },
555 .x = {
482 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, /* x */ 556 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, /* x */
483 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 557 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81,
484 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 558 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98,
485 0xC2, 0x96, 559 0xC2, 0x96,
560 },
561 .y = {
486 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, /* y */ 562 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, /* y */
487 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 563 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57,
488 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 564 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf,
489 0x51, 0xf5, 565 0x51, 0xf5,
566 },
567 .order = {
490 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, /* order */ 568 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, /* order */
491 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 569 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD,
492 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 570 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63,
493 0x25, 0x51 571 0x25, 0x51,
494 } 572 },
495}; 573};
496 574
497/* the secg prime curves (minus the nist and x9.62 prime curves) */ 575/* the secg prime curves (minus the nist and x9.62 prime curves) */
498static const struct { 576static const struct {
499 EC_CURVE_DATA h; 577 uint8_t seed[20];
500 unsigned char data[20 + 14 * 6]; 578 uint8_t p[14];
501} 579 uint8_t a[14];
502 _EC_SECG_PRIME_112R1 = { 580 uint8_t b[14];
503 { 581 uint8_t x[14];
504 .seed_len = 20, 582 uint8_t y[14];
505 .param_len = 14, 583 uint8_t order[14];
506 .cofactor = 1, 584} _EC_SECG_PRIME_112R1 = {
507 }, 585 .seed = {
508 {
509 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, /* seed */ 586 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, /* seed */
510 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, 587 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1,
511 588 },
589 .p = {
512 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* p */ 590 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* p */
513 0xBE, 0xAD, 0x20, 0x8B, 591 0xBE, 0xAD, 0x20, 0x8B,
592 },
593 .a = {
514 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* a */ 594 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* a */
515 0xBE, 0xAD, 0x20, 0x88, 595 0xBE, 0xAD, 0x20, 0x88,
596 },
597 .b = {
516 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, /* b */ 598 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, /* b */
517 0x11, 0x70, 0x2B, 0x22, 599 0x11, 0x70, 0x2B, 0x22,
600 },
601 .x = {
518 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, /* x */ 602 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, /* x */
519 0xF9, 0xC2, 0xF0, 0x98, 603 0xF9, 0xC2, 0xF0, 0x98,
604 },
605 .y = {
520 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, /* y */ 606 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, /* y */
521 0x0f, 0xf7, 0x75, 0x00, 607 0x0f, 0xf7, 0x75, 0x00,
608 },
609 .order = {
522 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, /* order */ 610 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, /* order */
523 0xAC, 0x65, 0x61, 0xC5 611 0xAC, 0x65, 0x61, 0xC5,
524 } 612 },
525}; 613};
526 614
527static const struct { 615static const struct {
528 EC_CURVE_DATA h; 616 uint8_t seed[20];
529 unsigned char data[20 + 14 * 6]; 617 uint8_t p[14];
530} 618 uint8_t a[14];
531 _EC_SECG_PRIME_112R2 = { 619 uint8_t b[14];
532 { 620 uint8_t x[14];
533 .seed_len = 20, 621 uint8_t y[14];
534 .param_len = 14, 622 uint8_t order[14];
535 .cofactor = 4, 623} _EC_SECG_PRIME_112R2 = {
536 }, 624 .seed = {
537 {
538 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, /* seed */ 625 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, /* seed */
539 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, 626 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4,
540 627 },
628 .p = {
541 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* p */ 629 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* p */
542 0xBE, 0xAD, 0x20, 0x8B, 630 0xBE, 0xAD, 0x20, 0x8B,
631 },
632 .a = {
543 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, /* a */ 633 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, /* a */
544 0x5C, 0x0E, 0xF0, 0x2C, 634 0x5C, 0x0E, 0xF0, 0x2C,
635 },
636 .b = {
545 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, /* b */ 637 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, /* b */
546 0x4C, 0x85, 0xD7, 0x09, 638 0x4C, 0x85, 0xD7, 0x09,
639 },
640 .x = {
547 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, /* x */ 641 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, /* x */
548 0xD0, 0x92, 0x86, 0x43, 642 0xD0, 0x92, 0x86, 0x43,
643 },
644 .y = {
549 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, /* y */ 645 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, /* y */
550 0x6e, 0x95, 0x6e, 0x97, 646 0x6e, 0x95, 0x6e, 0x97,
647 },
648 .order = {
551 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, /* order */ 649 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, /* order */
552 0x05, 0x20, 0xD0, 0x4B 650 0x05, 0x20, 0xD0, 0x4B,
553 } 651 },
554}; 652};
555 653
556static const struct { 654static const struct {
557 EC_CURVE_DATA h; 655 uint8_t seed[20];
558 unsigned char data[20 + 16 * 6]; 656 uint8_t p[16];
559} 657 uint8_t a[16];
560 _EC_SECG_PRIME_128R1 = { 658 uint8_t b[16];
561 { 659 uint8_t x[16];
562 .seed_len = 20, 660 uint8_t y[16];
563 .param_len = 16, 661 uint8_t order[16];
564 .cofactor = 1, 662} _EC_SECG_PRIME_128R1 = {
565 }, 663 .seed = {
566 {
567 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, /* seed */ 664 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, /* seed */
568 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, 665 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79,
569 666 },
667 .p = {
570 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 668 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
571 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 669 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
670 },
671 .a = {
572 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 672 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
573 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 673 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
674 },
675 .b = {
574 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, /* b */ 676 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, /* b */
575 0x99, 0x3C, 0x2C, 0xEE, 0x5E, 0xD3, 677 0x99, 0x3C, 0x2C, 0xEE, 0x5E, 0xD3,
678 },
679 .x = {
576 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, /* x */ 680 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, /* x */
577 0x60, 0x7C, 0xA5, 0x2C, 0x5B, 0x86, 681 0x60, 0x7C, 0xA5, 0x2C, 0x5B, 0x86,
682 },
683 .y = {
578 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, /* y */ 684 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, /* y */
579 0xa2, 0x92, 0xdd, 0xed, 0x7a, 0x83, 685 0xa2, 0x92, 0xdd, 0xed, 0x7a, 0x83,
686 },
687 .order = {
580 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, /* order */ 688 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, /* order */
581 0x0D, 0x1B, 0x90, 0x38, 0xA1, 0x15 689 0x0D, 0x1B, 0x90, 0x38, 0xA1, 0x15,
582 } 690 },
583}; 691};
584 692
585static const struct { 693static const struct {
586 EC_CURVE_DATA h; 694 uint8_t seed[20];
587 unsigned char data[20 + 16 * 6]; 695 uint8_t p[16];
588} 696 uint8_t a[16];
589 _EC_SECG_PRIME_128R2 = { 697 uint8_t b[16];
590 { 698 uint8_t x[16];
591 .seed_len = 20, 699 uint8_t y[16];
592 .param_len = 16, 700 uint8_t order[16];
593 .cofactor = 4, 701} _EC_SECG_PRIME_128R2 = {
594 }, 702 .seed = {
595 {
596 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, /* seed */ 703 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, /* seed */
597 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, 704 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4,
598 705 },
706 .p = {
599 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 707 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
600 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 708 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
709 },
710 .a = {
601 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, /* a */ 711 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, /* a */
602 0xCC, 0x9B, 0xBF, 0xF9, 0xAE, 0xE1, 712 0xCC, 0x9B, 0xBF, 0xF9, 0xAE, 0xE1,
713 },
714 .b = {
603 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, /* b */ 715 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, /* b */
604 0x65, 0x58, 0xBB, 0x6D, 0x8A, 0x5D, 716 0x65, 0x58, 0xBB, 0x6D, 0x8A, 0x5D,
717 },
718 .x = {
605 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, /* x */ 719 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, /* x */
606 0x32, 0xA7, 0xCD, 0xEB, 0xC1, 0x40, 720 0x32, 0xA7, 0xCD, 0xEB, 0xC1, 0x40,
721 },
722 .y = {
607 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, /* y */ 723 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, /* y */
608 0xfe, 0x80, 0x5f, 0xc3, 0x4b, 0x44, 724 0xfe, 0x80, 0x5f, 0xc3, 0x4b, 0x44,
725 },
726 .order = {
609 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, /* order */ 727 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, /* order */
610 0x24, 0x72, 0x06, 0x13, 0xB5, 0xA3 728 0x24, 0x72, 0x06, 0x13, 0xB5, 0xA3,
611 } 729 },
612}; 730};
613 731
614static const struct { 732static const struct {
615 EC_CURVE_DATA h; 733 uint8_t p[21];
616 unsigned char data[0 + 21 * 6]; 734 uint8_t a[21];
617} 735 uint8_t b[21];
618 _EC_SECG_PRIME_160K1 = { 736 uint8_t x[21];
619 { 737 uint8_t y[21];
620 .seed_len = 0, 738 uint8_t order[21];
621 .param_len = 21, 739} _EC_SECG_PRIME_160K1 = {
622 .cofactor = 1, 740 .p = {
623 },
624 { /* no seed */
625 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 741 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
626 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 742 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC,
627 0x73, 743 0x73,
744 },
745 .a = {
628 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 746 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
629 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 747 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
630 0x00, 748 0x00,
749 },
750 .b = {
631 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 751 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
632 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 752 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
633 0x07, 753 0x07,
754 },
755 .x = {
634 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, /* x */ 756 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, /* x */
635 0x01, 0x9E, 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 757 0x01, 0x9E, 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E,
636 0xBB, 758 0xBB,
759 },
760 .y = {
637 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, /* y */ 761 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, /* y */
638 0xc2, 0x82, 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 762 0xc2, 0x82, 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f,
639 0xee, 763 0xee,
764 },
765 .order = {
640 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 766 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
641 0x01, 0xB8, 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 767 0x01, 0xB8, 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6,
642 0xB3 768 0xB3,
643 } 769 },
644}; 770};
645 771
646static const struct { 772static const struct {
647 EC_CURVE_DATA h; 773 uint8_t seed[20];
648 unsigned char data[20 + 21 * 6]; 774 uint8_t p[21];
649} 775 uint8_t a[21];
650 _EC_SECG_PRIME_160R1 = { 776 uint8_t b[21];
651 { 777 uint8_t x[21];
652 .seed_len = 20, 778 uint8_t y[21];
653 .param_len = 21, 779 uint8_t order[21];
654 .cofactor = 1, 780} _EC_SECG_PRIME_160R1 = {
655 }, 781 .seed = {
656 {
657 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, /* seed */ 782 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, /* seed */
658 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, 783 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45,
659 784 },
785 .p = {
660 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 786 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
661 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 787 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF,
662 0xFF, 788 0xFF,
789 },
790 .a = {
663 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 791 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
664 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 792 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF,
665 0xFC, 793 0xFC,
794 },
795 .b = {
666 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, /* b */ 796 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, /* b */
667 0xAC, 0xF8, 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 797 0xAC, 0xF8, 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA,
668 0x45, 798 0x45,
799 },
800 .x = {
669 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, /* x */ 801 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, /* x */
670 0x64, 0x69, 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 802 0x64, 0x69, 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC,
671 0x82, 803 0x82,
804 },
805 .y = {
672 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, /* y */ 806 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, /* y */
673 0xdc, 0xc9, 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 807 0xdc, 0xc9, 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb,
674 0x32, 808 0x32,
809 },
810 .order = {
675 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 811 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
676 0x01, 0xF4, 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 812 0x01, 0xF4, 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22,
677 0x57 813 0x57,
678 } 814 },
679}; 815};
680 816
681static const struct { 817static const struct {
682 EC_CURVE_DATA h; 818 uint8_t seed[20];
683 unsigned char data[20 + 21 * 6]; 819 uint8_t p[21];
684} 820 uint8_t a[21];
685 _EC_SECG_PRIME_160R2 = { 821 uint8_t b[21];
686 { 822 uint8_t x[21];
687 .seed_len = 20, 823 uint8_t y[21];
688 .param_len = 21, 824 uint8_t order[21];
689 .cofactor = 1, 825} _EC_SECG_PRIME_160R2 = {
690 }, 826 .seed = {
691 {
692 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, /* seed */ 827 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, /* seed */
693 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, 828 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
694 829 },
830 .p = {
695 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 831 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
696 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 832 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC,
697 0x73, 833 0x73,
834 },
835 .a = {
698 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 836 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
699 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 837 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC,
700 0x70, 838 0x70,
839 },
840 .b = {
701 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, /* b */ 841 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, /* b */
702 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 842 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88,
703 0xBA, 843 0xBA,
844 },
845 .x = {
704 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, /* x */ 846 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, /* x */
705 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 847 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE,
706 0x6D, 848 0x6D,
849 },
850 .y = {
707 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, /* y */ 851 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, /* y */
708 0x71, 0xfa, 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 852 0x71, 0xfa, 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f,
709 0x2e, 853 0x2e,
854 },
855 .order = {
710 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 856 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
711 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 857 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1,
712 0x6B 858 0x6B,
713 } 859 },
714}; 860};
715 861
716static const struct { 862static const struct {
717 EC_CURVE_DATA h; 863 uint8_t p[24];
718 unsigned char data[0 + 24 * 6]; 864 uint8_t a[24];
719} 865 uint8_t b[24];
720 _EC_SECG_PRIME_192K1 = { 866 uint8_t x[24];
721 { 867 uint8_t y[24];
722 .seed_len = 0, 868 uint8_t order[24];
723 .param_len = 24, 869} _EC_SECG_PRIME_192K1 = {
724 .cofactor = 1, 870 .p = {
725 },
726 { /* no seed */
727 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 871 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
728 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 872 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
729 0xFF, 0xFF, 0xEE, 0x37, 873 0xFF, 0xFF, 0xEE, 0x37,
874 },
875 .a = {
730 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 876 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
731 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 877 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
732 0x00, 0x00, 0x00, 0x00, 878 0x00, 0x00, 0x00, 0x00,
879 },
880 .b = {
733 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 881 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
734 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 882 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
735 0x00, 0x00, 0x00, 0x03, 883 0x00, 0x00, 0x00, 0x03,
884 },
885 .x = {
736 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, /* x */ 886 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, /* x */
737 0x7D, 0x02, 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 887 0x7D, 0x02, 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1,
738 0xEA, 0xE0, 0x6C, 0x7D, 888 0xEA, 0xE0, 0x6C, 0x7D,
889 },
890 .y = {
739 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, /* y */ 891 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, /* y */
740 0x63, 0xd0, 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 892 0x63, 0xd0, 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88,
741 0xd9, 0x5e, 0x2f, 0x9d, 893 0xd9, 0x5e, 0x2f, 0x9d,
894 },
895 .order = {
742 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 896 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
743 0xFF, 0xFE, 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 897 0xFF, 0xFE, 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A,
744 0x74, 0xDE, 0xFD, 0x8D 898 0x74, 0xDE, 0xFD, 0x8D,
745 } 899 },
746}; 900};
747 901
748static const struct { 902static const struct {
749 EC_CURVE_DATA h; 903 uint8_t p[29];
750 unsigned char data[0 + 29 * 6]; 904 uint8_t a[29];
751} 905 uint8_t b[29];
752 _EC_SECG_PRIME_224K1 = { 906 uint8_t x[29];
753 { 907 uint8_t y[29];
754 .seed_len = 0, 908 uint8_t order[29];
755 .param_len = 29, 909} _EC_SECG_PRIME_224K1 = {
756 .cofactor = 1, 910 .p = {
757 },
758 { /* no seed */
759 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 911 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
760 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 912 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
761 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xE5, 0x6D, 913 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xE5, 0x6D,
914 },
915 .a = {
762 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 916 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
763 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
764 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 918 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
919 },
920 .b = {
765 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
766 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
767 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 923 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
924 },
925 .x = {
768 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, /* x */ 926 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, /* x */
769 0xFC, 0x28, 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 927 0xFC, 0x28, 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75,
770 0xA9, 0x0F, 0x7E, 0x65, 0x0E, 0xB6, 0xB7, 0xA4, 0x5C, 928 0xA9, 0x0F, 0x7E, 0x65, 0x0E, 0xB6, 0xB7, 0xA4, 0x5C,
929 },
930 .y = {
771 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, /* y */ 931 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, /* y */
772 0xca, 0xfb, 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 932 0xca, 0xfb, 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd,
773 0x59, 0xe2, 0xca, 0x4b, 0xdb, 0x55, 0x6d, 0x61, 0xa5, 933 0x59, 0xe2, 0xca, 0x4b, 0xdb, 0x55, 0x6d, 0x61, 0xa5,
934 },
935 .order = {
774 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 936 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
775 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 937 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61,
776 0x84, 0xCA, 0xF0, 0xA9, 0x71, 0x76, 0x9F, 0xB1, 0xF7 938 0x84, 0xCA, 0xF0, 0xA9, 0x71, 0x76, 0x9F, 0xB1, 0xF7,
777 } 939 },
778}; 940};
779 941
780static const struct { 942static const struct {
781 EC_CURVE_DATA h; 943 uint8_t p[32];
782 unsigned char data[0 + 32 * 6]; 944 uint8_t a[32];
783} 945 uint8_t b[32];
784 _EC_SECG_PRIME_256K1 = { 946 uint8_t x[32];
785 { 947 uint8_t y[32];
786 .seed_len = 0, 948 uint8_t order[32];
787 .param_len = 32, 949} _EC_SECG_PRIME_256K1 = {
788 .cofactor = 1, 950 .p = {
789 },
790 { /* no seed */
791 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 951 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
792 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 952 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
793 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 953 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF,
794 0xFC, 0x2F, 954 0xFC, 0x2F,
955 },
956 .a = {
795 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 957 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
796 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 958 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
797 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 959 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
798 0x00, 0x00, 960 0x00, 0x00,
961 },
962 .b = {
799 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 963 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
800 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 964 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
801 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 965 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
802 0x00, 0x07, 966 0x00, 0x07,
967 },
968 .x = {
803 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, /* x */ 969 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, /* x */
804 0x62, 0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 970 0x62, 0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB,
805 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 971 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8,
806 0x17, 0x98, 972 0x17, 0x98,
973 },
974 .y = {
807 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, /* y */ 975 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, /* y */
808 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 976 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48,
809 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 977 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10,
810 0xd4, 0xb8, 978 0xd4, 0xb8,
979 },
980 .order = {
811 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 981 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
812 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 982 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6,
813 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 983 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36,
814 0x41, 0x41 984 0x41, 0x41,
815 } 985 },
816}; 986};
817 987
818/* some wap/wtls curves */ 988/* some wap/wtls curves */
819static const struct { 989static const struct {
820 EC_CURVE_DATA h; 990 uint8_t p[15];
821 unsigned char data[0 + 15 * 6]; 991 uint8_t a[15];
822} 992 uint8_t b[15];
823 _EC_WTLS_8 = { 993 uint8_t x[15];
824 { 994 uint8_t y[15];
825 .seed_len = 0, 995 uint8_t order[15];
826 .param_len = 15, 996} _EC_WTLS_8 = {
827 .cofactor = 1, 997 .p = {
828 },
829 { /* no seed */
830 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 998 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
831 0xFF, 0xFF, 0xFF, 0xFD, 0xE7, 999 0xFF, 0xFF, 0xFF, 0xFD, 0xE7,
1000 },
1001 .a = {
832 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 1002 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
833 0x00, 0x00, 0x00, 0x00, 0x00, 1003 0x00, 0x00, 0x00, 0x00, 0x00,
1004 },
1005 .b = {
834 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 1006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
835 0x00, 0x00, 0x00, 0x00, 0x03, 1007 0x00, 0x00, 0x00, 0x00, 0x03,
1008 },
1009 .x = {
836 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 1010 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
837 0x00, 0x00, 0x00, 0x00, 0x01, 1011 0x00, 0x00, 0x00, 0x00, 0x01,
1012 },
1013 .y = {
838 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */ 1014 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */
839 0x00, 0x00, 0x00, 0x00, 0x02, 1015 0x00, 0x00, 0x00, 0x00, 0x02,
1016 },
1017 .order = {
840 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, /* order */ 1018 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, /* order */
841 0x55, 0x1A, 0xD8, 0x37, 0xE9 1019 0x55, 0x1A, 0xD8, 0x37, 0xE9,
842 } 1020 },
843}; 1021};
844 1022
845static const struct { 1023static const struct {
846 EC_CURVE_DATA h; 1024 uint8_t p[21];
847 unsigned char data[0 + 21 * 6]; 1025 uint8_t a[21];
848} 1026 uint8_t b[21];
849 _EC_WTLS_9 = { 1027 uint8_t x[21];
850 { 1028 uint8_t y[21];
851 .seed_len = 0, 1029 uint8_t order[21];
852 .param_len = 21, 1030} _EC_WTLS_9 = {
853 .cofactor = 1, 1031 .p = {
854 },
855 { /* no seed */
856 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 1032 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
857 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 1033 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80,
858 0x8F, 1034 0x8F,
1035 },
1036 .a = {
859 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 1037 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
860 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1038 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
861 0x00, 1039 0x00,
1040 },
1041 .b = {
862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 1042 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
863 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1043 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
864 0x03, 1044 0x03,
1045 },
1046 .x = {
865 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 1047 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
866 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1048 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
867 0x01, 1049 0x01,
1050 },
1051 .y = {
868 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */ 1052 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */
869 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1053 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
870 0x02, 1054 0x02,
1055 },
1056 .order = {
871 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 1057 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
872 0x01, 0xCD, 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 1058 0x01, 0xCD, 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF,
873 0x33 1059 0x33,
874 } 1060 },
875}; 1061};
876 1062
877static const struct { 1063static const struct {
878 EC_CURVE_DATA h; 1064 uint8_t p[28];
879 unsigned char data[0 + 28 * 6]; 1065 uint8_t a[28];
880} 1066 uint8_t b[28];
881 _EC_WTLS_12 = { 1067 uint8_t x[28];
882 { 1068 uint8_t y[28];
883 .seed_len = 0, 1069 uint8_t order[28];
884 .param_len = 28, 1070} _EC_WTLS_12 = {
885 .cofactor = 1, 1071 .p = {
886 },
887 { /* no seed */
888 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 1072 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
889 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 1073 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1074 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1075 },
1076 .a = {
891 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 1077 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
892 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 1078 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
893 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 1079 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
1080 },
1081 .b = {
894 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */ 1082 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */
895 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 1083 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA,
896 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4, 1084 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4,
1085 },
1086 .x = {
897 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */ 1087 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */
898 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 1088 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22,
899 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21, 1089 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21,
1090 },
1091 .y = {
900 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */ 1092 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */
901 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 1093 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
902 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34, 1094 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34,
1095 },
1096 .order = {
903 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 1097 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
904 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 1098 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E,
905 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D 1099 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D,
906 } 1100 },
907}; 1101};
908 1102
909/* These curves were added by Annie Yousar <a.yousar@informatik.hu-berlin.de>
910 * For the definition of RFC 5639 curves see
911 * https://www.ietf.org/rfc/rfc5639.txt
912 * These curves are generated verifiable at random, nevertheless the seed is
913 * omitted as parameter because the generation mechanism is different from
914 * those defined in ANSI X9.62.
915 */
916
917static const struct { 1103static const struct {
918 EC_CURVE_DATA h; 1104 uint8_t p[20];
919 unsigned char data[0 + 20 * 6]; 1105 uint8_t a[20];
920} 1106 uint8_t b[20];
921 _EC_brainpoolP160r1 = { 1107 uint8_t x[20];
922 { 1108 uint8_t y[20];
923 .seed_len = 0, 1109 uint8_t order[20];
924 .param_len = 20, 1110} _EC_brainpoolP160r1 = {
925 .cofactor = 1, 1111 .p = {
926 },
927 { /* no seed */
928 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* p */ 1112 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* p */
929 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, 1113 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
1114 },
1115 .a = {
930 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, /* a */ 1116 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, /* a */
931 0x61, 0xBA, 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00, 1117 0x61, 0xBA, 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00,
1118 },
1119 .b = {
932 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, /* b */ 1120 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, /* b */
933 0xAA, 0x2D, 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58, 1121 0xAA, 0x2D, 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58,
1122 },
1123 .x = {
934 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, /* x */ 1124 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, /* x */
935 0x8C, 0x46, 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3, 1125 0x8C, 0x46, 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3,
1126 },
1127 .y = {
936 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, /* y */ 1128 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, /* y */
937 0x47, 0x41, 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, 1129 0x47, 0x41, 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21,
1130 },
1131 .order = {
938 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* order */ 1132 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* order */
939 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 1133 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09,
940 } 1134 },
941}; 1135};
942 1136
943static const struct { 1137static const struct {
944 EC_CURVE_DATA h; 1138 uint8_t p[20];
945 unsigned char data[0 + 20 * 6]; 1139 uint8_t a[20];
946} 1140 uint8_t b[20];
947 _EC_brainpoolP160t1 = { 1141 uint8_t x[20];
948 { 1142 uint8_t y[20];
949 .seed_len = 0, 1143 uint8_t order[20];
950 .param_len = 20, 1144} _EC_brainpoolP160t1 = {
951 .cofactor = 1, 1145 .p = {
952 },
953 { /* no seed */
954 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* p */ 1146 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* p */
955 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, 1147 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
1148 },
1149 .a = {
956 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* a */ 1150 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* a */
957 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C, 1151 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C,
1152 },
1153 .b = {
958 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, /* b */ 1154 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, /* b */
959 0x2C, 0x4D, 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80, 1155 0x2C, 0x4D, 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80,
1156 },
1157 .x = {
960 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, /* x */ 1158 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, /* x */
961 0x64, 0xBA, 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78, 1159 0x64, 0xBA, 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78,
1160 },
1161 .y = {
962 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, /* y */ 1162 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, /* y */
963 0x1B, 0x84, 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, 1163 0x1B, 0x84, 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD,
1164 },
1165 .order = {
964 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* order */ 1166 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* order */
965 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 1167 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09,
966 } 1168 },
967}; 1169};
968 1170
969static const struct { 1171static const struct {
970 EC_CURVE_DATA h; 1172 uint8_t p[24];
971 unsigned char data[0 + 24 * 6]; 1173 uint8_t a[24];
972} 1174 uint8_t b[24];
973 _EC_brainpoolP192r1 = { 1175 uint8_t x[24];
974 { 1176 uint8_t y[24];
975 .seed_len = 0, 1177 uint8_t order[24];
976 .param_len = 24, 1178} _EC_brainpoolP192r1 = {
977 .cofactor = 1, 1179 .p = {
978 },
979 { /* no seed */
980 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* p */ 1180 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* p */
981 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 1181 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D,
982 0xE1, 0xA8, 0x62, 0x97, 1182 0xE1, 0xA8, 0x62, 0x97,
1183 },
1184 .a = {
983 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, /* a */ 1185 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, /* a */
984 0xC0, 0x31, 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 1186 0xC0, 0x31, 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5,
985 0xC6, 0x9A, 0x28, 0xEF, 1187 0xC6, 0x9A, 0x28, 0xEF,
1188 },
1189 .b = {
986 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, /* b */ 1190 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, /* b */
987 0x1D, 0x04, 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 1191 0x1D, 0x04, 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14,
988 0x6F, 0xBF, 0x25, 0xC9, 1192 0x6F, 0xBF, 0x25, 0xC9,
1193 },
1194 .x = {
989 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, /* x */ 1195 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, /* x */
990 0x33, 0xC5, 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 1196 0x33, 0xC5, 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48,
991 0x53, 0x37, 0x5F, 0xD6, 1197 0x53, 0x37, 0x5F, 0xD6,
1198 },
1199 .y = {
992 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, /* y */ 1200 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, /* y */
993 0x48, 0x28, 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 1201 0x48, 0x28, 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2,
994 0xFA, 0x29, 0x9B, 0x8F, 1202 0xFA, 0x29, 0x9B, 0x8F,
1203 },
1204 .order = {
995 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* order */ 1205 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* order */
996 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 1206 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02,
997 0x9A, 0xC4, 0xAC, 0xC1 1207 0x9A, 0xC4, 0xAC, 0xC1,
998 } 1208 },
999}; 1209};
1000 1210
1001static const struct { 1211static const struct {
1002 EC_CURVE_DATA h; 1212 uint8_t p[24];
1003 unsigned char data[0 + 24 * 6]; 1213 uint8_t a[24];
1004} 1214 uint8_t b[24];
1005 _EC_brainpoolP192t1 = { 1215 uint8_t x[24];
1006 { 1216 uint8_t y[24];
1007 .seed_len = 0, 1217 uint8_t order[24];
1008 .param_len = 24, 1218} _EC_brainpoolP192t1 = {
1009 .cofactor = 1, 1219 .p = {
1010 },
1011 { /* no seed */
1012 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* p */ 1220 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* p */
1013 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 1221 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D,
1014 0xE1, 0xA8, 0x62, 0x97, 1222 0xE1, 0xA8, 0x62, 0x97,
1223 },
1224 .a = {
1015 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* a */ 1225 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* a */
1016 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 1226 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D,
1017 0xE1, 0xA8, 0x62, 0x94, 1227 0xE1, 0xA8, 0x62, 0x94,
1228 },
1229 .b = {
1018 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, /* b */ 1230 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, /* b */
1019 0xDE, 0xB4, 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 1231 0xDE, 0xB4, 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E,
1020 0x27, 0x89, 0x7B, 0x79, 1232 0x27, 0x89, 0x7B, 0x79,
1233 },
1234 .x = {
1021 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, /* x */ 1235 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, /* x */
1022 0x1F, 0xE7, 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 1236 0x1F, 0xE7, 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6,
1023 0xF4, 0x61, 0x81, 0x29, 1237 0xF4, 0x61, 0x81, 0x29,
1238 },
1239 .y = {
1024 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, /* y */ 1240 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, /* y */
1025 0xB5, 0xCA, 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 1241 0xB5, 0xCA, 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE,
1026 0x7C, 0xCC, 0x01, 0xC9, 1242 0x7C, 0xCC, 0x01, 0xC9,
1243 },
1244 .order = {
1027 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* order */ 1245 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* order */
1028 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 1246 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02,
1029 0x9A, 0xC4, 0xAC, 0xC1 1247 0x9A, 0xC4, 0xAC, 0xC1,
1030 } 1248 },
1031}; 1249};
1032 1250
1033static const struct { 1251static const struct {
1034 EC_CURVE_DATA h; 1252 uint8_t p[28];
1035 unsigned char data[0 + 28 * 6]; 1253 uint8_t a[28];
1036} 1254 uint8_t b[28];
1037 _EC_brainpoolP224r1 = { 1255 uint8_t x[28];
1038 { 1256 uint8_t y[28];
1039 .seed_len = 0, 1257 uint8_t order[28];
1040 .param_len = 28, 1258} _EC_brainpoolP224r1 = {
1041 .cofactor = 1, 1259 .p = {
1042 },
1043 { /* no seed */
1044 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* p */ 1260 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* p */
1045 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 1261 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57,
1046 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFF, 1262 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFF,
1263 },
1264 .a = {
1047 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, /* a */ 1265 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, /* a */
1048 0x03, 0xA6, 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 1266 0x03, 0xA6, 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8,
1049 0xB0, 0x04, 0x2A, 0x59, 0xCA, 0xD2, 0x9F, 0x43, 1267 0xB0, 0x04, 0x2A, 0x59, 0xCA, 0xD2, 0x9F, 0x43,
1268 },
1269 .b = {
1050 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, /* b */ 1270 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, /* b */
1051 0x13, 0xB1, 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 1271 0x13, 0xB1, 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2,
1052 0x66, 0xDB, 0xB3, 0x72, 0x38, 0x6C, 0x40, 0x0B, 1272 0x66, 0xDB, 0xB3, 0x72, 0x38, 0x6C, 0x40, 0x0B,
1273 },
1274 .x = {
1053 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, /* x */ 1275 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, /* x */
1054 0x23, 0xB2, 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 1276 0x23, 0xB2, 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17,
1055 0x4C, 0x1E, 0x6E, 0xFD, 0xEE, 0x12, 0xC0, 0x7D, 1277 0x4C, 0x1E, 0x6E, 0xFD, 0xEE, 0x12, 0xC0, 0x7D,
1278 },
1279 .y = {
1056 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, /* y */ 1280 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, /* y */
1057 0xB8, 0x9E, 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 1281 0xB8, 0x9E, 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99,
1058 0xCA, 0xA3, 0xF6, 0xD3, 0x76, 0x14, 0x02, 0xCD, 1282 0xCA, 0xA3, 0xF6, 0xD3, 0x76, 0x14, 0x02, 0xCD,
1283 },
1284 .order = {
1059 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* order */ 1285 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* order */
1060 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 1286 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B,
1061 0x6D, 0xDE, 0xBC, 0xA3, 0xA5, 0xA7, 0x93, 0x9F 1287 0x6D, 0xDE, 0xBC, 0xA3, 0xA5, 0xA7, 0x93, 0x9F,
1062 } 1288 },
1063}; 1289};
1064 1290
1065static const struct { 1291static const struct {
1066 EC_CURVE_DATA h; 1292 uint8_t p[28];
1067 unsigned char data[0 + 28 * 6]; 1293 uint8_t a[28];
1068} 1294 uint8_t b[28];
1069 _EC_brainpoolP224t1 = { 1295 uint8_t x[28];
1070 { 1296 uint8_t y[28];
1071 .seed_len = 0, 1297 uint8_t order[28];
1072 .param_len = 28, 1298} _EC_brainpoolP224t1 = {
1073 .cofactor = 1, 1299 .p = {
1074 },
1075 { /* no seed */
1076 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* p */ 1300 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* p */
1077 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 1301 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57,
1078 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFF, 1302 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFF,
1303 },
1304 .a = {
1079 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* a */ 1305 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* a */
1080 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 1306 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57,
1081 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFC, 1307 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFC,
1308 },
1309 .b = {
1082 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, /* b */ 1310 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, /* b */
1083 0x1B, 0xF6, 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 1311 0x1B, 0xF6, 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08,
1084 0xB3, 0xBB, 0x64, 0xF1, 0x8A, 0x60, 0x88, 0x8D, 1312 0xB3, 0xBB, 0x64, 0xF1, 0x8A, 0x60, 0x88, 0x8D,
1313 },
1314 .x = {
1085 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, /* x */ 1315 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, /* x */
1086 0x4E, 0x7F, 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 1316 0x4E, 0x7F, 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92,
1087 0x8A, 0xC0, 0xC7, 0x60, 0x29, 0xB4, 0xD5, 0x80, 1317 0x8A, 0xC0, 0xC7, 0x60, 0x29, 0xB4, 0xD5, 0x80,
1318 },
1319 .y = {
1088 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, /* y */ 1320 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, /* y */
1089 0x3F, 0x4D, 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 1321 0x3F, 0x4D, 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D,
1090 0x1C, 0x6A, 0xBD, 0x5F, 0x1A, 0x46, 0xDB, 0x4C, 1322 0x1C, 0x6A, 0xBD, 0x5F, 0x1A, 0x46, 0xDB, 0x4C,
1323 },
1324 .order = {
1091 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* order */ 1325 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* order */
1092 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 1326 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B,
1093 0x6D, 0xDE, 0xBC, 0xA3, 0xA5, 0xA7, 0x93, 0x9F 1327 0x6D, 0xDE, 0xBC, 0xA3, 0xA5, 0xA7, 0x93, 0x9F,
1094 } 1328 },
1095}; 1329};
1096 1330
1097static const struct { 1331static const struct {
1098 EC_CURVE_DATA h; 1332 uint8_t p[32];
1099 unsigned char data[0 + 32 * 6]; 1333 uint8_t a[32];
1100} 1334 uint8_t b[32];
1101 _EC_brainpoolP256r1 = { 1335 uint8_t x[32];
1102 { 1336 uint8_t y[32];
1103 .seed_len = 0, 1337 uint8_t order[32];
1104 .param_len = 32, 1338} _EC_brainpoolP256r1 = {
1105 .cofactor = 1, 1339 .p = {
1106 },
1107 { /* no seed */
1108 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* p */ 1340 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* p */
1109 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 1341 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23,
1110 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 1342 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E,
1111 0x53, 0x77, 1343 0x53, 0x77,
1344 },
1345 .a = {
1112 0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, /* a */ 1346 0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, /* a */
1113 0x75, 0x30, 0x41, 0x7A, 0xFF, 0xE7, 0xFB, 0x80, 0x55, 0xC1, 1347 0x75, 0x30, 0x41, 0x7A, 0xFF, 0xE7, 0xFB, 0x80, 0x55, 0xC1,
1114 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 1348 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30,
1115 0xB5, 0xD9, 1349 0xB5, 0xD9,
1350 },
1351 .b = {
1116 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, /* b */ 1352 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, /* b */
1117 0xB5, 0xD9, 0xBB, 0xD7, 0x7C, 0xBF, 0x95, 0x84, 0x16, 0x29, 1353 0xB5, 0xD9, 0xBB, 0xD7, 0x7C, 0xBF, 0x95, 0x84, 0x16, 0x29,
1118 0x5C, 0xF7, 0xE1, 0xCE, 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 1354 0x5C, 0xF7, 0xE1, 0xCE, 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C,
1119 0x07, 0xB6, 1355 0x07, 0xB6,
1356 },
1357 .x = {
1120 0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, /* x */ 1358 0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, /* x */
1121 0x48, 0x2F, 0xFC, 0x81, 0xB7, 0xAF, 0xB9, 0xDE, 0x27, 0xE1, 1359 0x48, 0x2F, 0xFC, 0x81, 0xB7, 0xAF, 0xB9, 0xDE, 0x27, 0xE1,
1122 0xE3, 0xBD, 0x23, 0xC2, 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 1360 0xE3, 0xBD, 0x23, 0xC2, 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE,
1123 0x32, 0x62, 1361 0x32, 0x62,
1362 },
1363 .y = {
1124 0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, /* y */ 1364 0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, /* y */
1125 0x46, 0x1A, 0x14, 0x61, 0x1D, 0xC9, 0xC2, 0x77, 0x45, 0x13, 1365 0x46, 0x1A, 0x14, 0x61, 0x1D, 0xC9, 0xC2, 0x77, 0x45, 0x13,
1126 0x2D, 0xED, 0x8E, 0x54, 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 1366 0x2D, 0xED, 0x8E, 0x54, 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04,
1127 0x69, 0x97, 1367 0x69, 0x97,
1368 },
1369 .order = {
1128 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* order */ 1370 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* order */
1129 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 1371 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3,
1130 0xB5, 0x61, 0xA6, 0xF7, 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 1372 0xB5, 0x61, 0xA6, 0xF7, 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48,
1131 0x56, 0xA7 1373 0x56, 0xA7,
1132 } 1374 },
1133}; 1375};
1134 1376
1135static const struct { 1377static const struct {
1136 EC_CURVE_DATA h; 1378 uint8_t p[32];
1137 unsigned char data[0 + 32 * 6]; 1379 uint8_t a[32];
1138} 1380 uint8_t b[32];
1139 _EC_brainpoolP256t1 = { 1381 uint8_t x[32];
1140 { 1382 uint8_t y[32];
1141 .seed_len = 0, 1383 uint8_t order[32];
1142 .param_len = 32, 1384} _EC_brainpoolP256t1 = {
1143 .cofactor = 1, 1385 .p = {
1144 },
1145 { /* no seed */
1146 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* p */ 1386 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* p */
1147 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 1387 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23,
1148 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 1388 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E,
1149 0x53, 0x77, 1389 0x53, 0x77,
1390 },
1391 .a = {
1150 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* a */ 1392 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* a */
1151 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 1393 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23,
1152 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 1394 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E,
1153 0x53, 0x74, 1395 0x53, 0x74,
1396 },
1397 .b = {
1154 0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, 0xFE, 0x66, /* b */ 1398 0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, 0xFE, 0x66, /* b */
1155 0xA7, 0x73, 0x3D, 0x0B, 0x76, 0xB7, 0xBF, 0x93, 0xEB, 0xC4, 1399 0xA7, 0x73, 0x3D, 0x0B, 0x76, 0xB7, 0xBF, 0x93, 0xEB, 0xC4,
1156 0xAF, 0x2F, 0x49, 0x25, 0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 1400 0xAF, 0x2F, 0x49, 0x25, 0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9,
1157 0x2B, 0x04, 1401 0x2B, 0x04,
1402 },
1403 .x = {
1158 0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, 0x73, 0x22, /* x */ 1404 0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, 0x73, 0x22, /* x */
1159 0x13, 0xB2, 0x3A, 0x65, 0x61, 0x49, 0xAF, 0xA1, 0x42, 0xC4, 1405 0x13, 0xB2, 0x3A, 0x65, 0x61, 0x49, 0xAF, 0xA1, 0x42, 0xC4,
1160 0x7A, 0xAF, 0xBC, 0x2B, 0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 1406 0x7A, 0xAF, 0xBC, 0x2B, 0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13,
1161 0x05, 0xF4, 1407 0x05, 0xF4,
1408 },
1409 .y = {
1162 0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, 0x7F, 0x7B, /* y */ 1410 0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, 0x7F, 0x7B, /* y */
1163 0x22, 0xE1, 0x46, 0x44, 0x41, 0x7E, 0x69, 0xBC, 0xB6, 0xDE, 1411 0x22, 0xE1, 0x46, 0x44, 0x41, 0x7E, 0x69, 0xBC, 0xB6, 0xDE,
1164 0x39, 0xD0, 0x27, 0x00, 0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 1412 0x39, 0xD0, 0x27, 0x00, 0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25,
1165 0xC9, 0xBE, 1413 0xC9, 0xBE,
1414 },
1415 .order = {
1166 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* order */ 1416 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* order */
1167 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 1417 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3,
1168 0xB5, 0x61, 0xA6, 0xF7, 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 1418 0xB5, 0x61, 0xA6, 0xF7, 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48,
1169 0x56, 0xA7 1419 0x56, 0xA7,
1170 } 1420 },
1171}; 1421};
1172 1422
1173static const struct { 1423static const struct {
1174 EC_CURVE_DATA h; 1424 uint8_t p[40];
1175 unsigned char data[0 + 40 * 6]; 1425 uint8_t a[40];
1176} 1426 uint8_t b[40];
1177 _EC_brainpoolP320r1 = { 1427 uint8_t x[40];
1178 { 1428 uint8_t y[40];
1179 .seed_len = 0, 1429 uint8_t order[40];
1180 .param_len = 40, 1430} _EC_brainpoolP320r1 = {
1181 .cofactor = 1, 1431 .p = {
1182 },
1183 { /* no seed */
1184 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* p */ 1432 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* p */
1185 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 1433 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6,
1186 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 1434 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93,
1187 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27, 1435 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27,
1436 },
1437 .a = {
1188 0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, /* a */ 1438 0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, /* a */
1189 0xEB, 0xD4, 0x6D, 0x3F, 0x3B, 0xB8, 0xA2, 0xA7, 0x35, 0x13, 1439 0xEB, 0xD4, 0x6D, 0x3F, 0x3B, 0xB8, 0xA2, 0xA7, 0x35, 0x13,
1190 0xF5, 0xEB, 0x79, 0xDA, 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 1440 0xF5, 0xEB, 0x79, 0xDA, 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF,
1191 0xA9, 0xF4, 0x92, 0xF3, 0x75, 0xA9, 0x7D, 0x86, 0x0E, 0xB4, 1441 0xA9, 0xF4, 0x92, 0xF3, 0x75, 0xA9, 0x7D, 0x86, 0x0E, 0xB4,
1442 },
1443 .b = {
1192 0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, /* b */ 1444 0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, /* b */
1193 0x19, 0x86, 0x40, 0x68, 0x8A, 0x6F, 0xE1, 0x3F, 0x41, 0x34, 1445 0x19, 0x86, 0x40, 0x68, 0x8A, 0x6F, 0xE1, 0x3F, 0x41, 0x34,
1194 0x95, 0x54, 0xB4, 0x9A, 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 1446 0x95, 0x54, 0xB4, 0x9A, 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45,
1195 0x39, 0x81, 0x6F, 0x5E, 0xB4, 0xAC, 0x8F, 0xB1, 0xF1, 0xA6, 1447 0x39, 0x81, 0x6F, 0x5E, 0xB4, 0xAC, 0x8F, 0xB1, 0xF1, 0xA6,
1448 },
1449 .x = {
1196 0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, /* x */ 1450 0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, /* x */
1197 0xBC, 0xC4, 0x8E, 0xE5, 0xBF, 0xE6, 0xF2, 0x01, 0x37, 0xD1, 1451 0xBC, 0xC4, 0x8E, 0xE5, 0xBF, 0xE6, 0xF2, 0x01, 0x37, 0xD1,
1198 0x0A, 0x08, 0x7E, 0xB6, 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 1452 0x0A, 0x08, 0x7E, 0xB6, 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5,
1199 0x99, 0xC7, 0x10, 0xAF, 0x8D, 0x0D, 0x39, 0xE2, 0x06, 0x11, 1453 0x99, 0xC7, 0x10, 0xAF, 0x8D, 0x0D, 0x39, 0xE2, 0x06, 0x11,
1454 },
1455 .y = {
1200 0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, /* y */ 1456 0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, /* y */
1201 0x93, 0x24, 0x7F, 0x77, 0x27, 0x5E, 0x07, 0x43, 0xFF, 0xED, 1457 0x93, 0x24, 0x7F, 0x77, 0x27, 0x5E, 0x07, 0x43, 0xFF, 0xED,
1202 0x11, 0x71, 0x82, 0xEA, 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 1458 0x11, 0x71, 0x82, 0xEA, 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC,
1203 0x6A, 0xC7, 0xD3, 0x52, 0x45, 0xD1, 0x69, 0x2E, 0x8E, 0xE1, 1459 0x6A, 0xC7, 0xD3, 0x52, 0x45, 0xD1, 0x69, 0x2E, 0x8E, 0xE1,
1460 },
1461 .order = {
1204 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* order */ 1462 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* order */
1205 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 1463 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5,
1206 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 1464 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86,
1207 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 1465 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11,
1208 } 1466 },
1209}; 1467};
1210 1468
1211static const struct { 1469static const struct {
1212 EC_CURVE_DATA h; 1470 uint8_t p[40];
1213 unsigned char data[0 + 40 * 6]; 1471 uint8_t a[40];
1214} 1472 uint8_t b[40];
1215 _EC_brainpoolP320t1 = { 1473 uint8_t x[40];
1216 { 1474 uint8_t y[40];
1217 .seed_len = 0, 1475 uint8_t order[40];
1218 .param_len = 40, 1476} _EC_brainpoolP320t1 = {
1219 .cofactor = 1, 1477 .p = {
1220 },
1221 { /* no seed */
1222 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* p */ 1478 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* p */
1223 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 1479 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6,
1224 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 1480 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93,
1225 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27, 1481 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27,
1482 },
1483 .a = {
1226 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* a */ 1484 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* a */
1227 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 1485 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6,
1228 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 1486 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93,
1229 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x24, 1487 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x24,
1488 },
1489 .b = {
1230 0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, 0x60, 0xB3, /* b */ 1490 0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, 0x60, 0xB3, /* b */
1231 0xD1, 0x47, 0xDB, 0x78, 0x20, 0x13, 0x06, 0x4C, 0x19, 0xF2, 1491 0xD1, 0x47, 0xDB, 0x78, 0x20, 0x13, 0x06, 0x4C, 0x19, 0xF2,
1232 0x7E, 0xD2, 0x7C, 0x67, 0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 1492 0x7E, 0xD2, 0x7C, 0x67, 0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5,
1233 0x47, 0xCE, 0xB5, 0xB4, 0xFE, 0xF4, 0x22, 0x34, 0x03, 0x53, 1493 0x47, 0xCE, 0xB5, 0xB4, 0xFE, 0xF4, 0x22, 0x34, 0x03, 0x53,
1494 },
1495 .x = {
1234 0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, 0x4D, 0x3E, /* x */ 1496 0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, 0x4D, 0x3E, /* x */
1235 0x7D, 0x49, 0x90, 0x01, 0x0F, 0x81, 0x34, 0x08, 0xAB, 0x10, 1497 0x7D, 0x49, 0x90, 0x01, 0x0F, 0x81, 0x34, 0x08, 0xAB, 0x10,
1236 0x6C, 0x4F, 0x09, 0xCB, 0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 1498 0x6C, 0x4F, 0x09, 0xCB, 0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13,
1237 0x6F, 0xFF, 0x33, 0x57, 0xF6, 0x24, 0xA2, 0x1B, 0xED, 0x52, 1499 0x6F, 0xFF, 0x33, 0x57, 0xF6, 0x24, 0xA2, 0x1B, 0xED, 0x52,
1500 },
1501 .y = {
1238 0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, 0x66, 0x71, /* y */ 1502 0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, 0x66, 0x71, /* y */
1239 0xDB, 0xEF, 0x7A, 0xBB, 0x30, 0xEB, 0xEE, 0x08, 0x4E, 0x58, 1503 0xDB, 0xEF, 0x7A, 0xBB, 0x30, 0xEB, 0xEE, 0x08, 0x4E, 0x58,
1240 0xA0, 0xB0, 0x77, 0xAD, 0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 1504 0xA0, 0xB0, 0x77, 0xAD, 0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E,
1241 0xE7, 0x1B, 0x1B, 0x9B, 0xC0, 0x45, 0x5F, 0xB0, 0xD2, 0xC3, 1505 0xE7, 0x1B, 0x1B, 0x9B, 0xC0, 0x45, 0x5F, 0xB0, 0xD2, 0xC3,
1506 },
1507 .order = {
1242 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* order */ 1508 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* order */
1243 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 1509 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5,
1244 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 1510 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86,
1245 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 1511 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11,
1246 } 1512 },
1247}; 1513};
1248 1514
1249static const struct { 1515static const struct {
1250 EC_CURVE_DATA h; 1516 uint8_t p[48];
1251 unsigned char data[0 + 48 * 6]; 1517 uint8_t a[48];
1252} 1518 uint8_t b[48];
1253 _EC_brainpoolP384r1 = { 1519 uint8_t x[48];
1254 { 1520 uint8_t y[48];
1255 .seed_len = 0, 1521 uint8_t order[48];
1256 .param_len = 48, 1522} _EC_brainpoolP384r1 = {
1257 .cofactor = 1, 1523 .p = {
1258 },
1259 { /* no seed */
1260 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* p */ 1524 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* p */
1261 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 1525 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09,
1262 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 1526 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7,
1263 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, 1527 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71,
1264 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53, 1528 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
1529 },
1530 .a = {
1265 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, /* a */ 1531 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, /* a */
1266 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0, 0xC2, 0xBE, 0xA2, 0x8E, 1532 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0, 0xC2, 0xBE, 0xA2, 0x8E,
1267 0x4F, 0xB2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 1533 0x4F, 0xB2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91,
1268 0xF9, 0x0F, 0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB, 1534 0xF9, 0x0F, 0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB,
1269 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 1535 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26,
1536 },
1537 .b = {
1270 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, /* b */ 1538 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, /* b */
1271 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C, 0x2F, 0xB7, 0x7D, 0xE1, 1539 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C, 0x2F, 0xB7, 0x7D, 0xE1,
1272 0x07, 0xDC, 0xD2, 0xA6, 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 1540 0x07, 0xDC, 0xD2, 0xA6, 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB,
1273 0x62, 0xD5, 0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94, 1541 0x62, 0xD5, 0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94,
1274 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11, 1542 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11,
1543 },
1544 .x = {
1275 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, /* x */ 1545 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, /* x */
1276 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B, 0x88, 0x47, 0xA3, 0xE7, 1546 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B, 0x88, 0x47, 0xA3, 0xE7,
1277 0x7E, 0xF1, 0x4F, 0xE3, 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 1547 0x7E, 0xF1, 0x4F, 0xE3, 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD,
1278 0x10, 0xE8, 0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA, 1548 0x10, 0xE8, 0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA,
1279 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E, 1549 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E,
1550 },
1551 .y = {
1280 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, /* y */ 1552 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, /* y */
1281 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52, 0x62, 0xB7, 0x0B, 0x29, 1553 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52, 0x62, 0xB7, 0x0B, 0x29,
1282 0xFE, 0xEC, 0x58, 0x64, 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 1554 0xFE, 0xEC, 0x58, 0x64, 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91,
1283 0x29, 0x28, 0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, 1555 0x29, 0x28, 0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11,
1284 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15, 1556 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15,
1557 },
1558 .order = {
1285 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* order */ 1559 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* order */
1286 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 1560 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09,
1287 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 1561 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04,
1288 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, 1562 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10,
1289 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 1563 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65,
1290 } 1564 },
1291}; 1565};
1292 1566
1293static const struct { 1567static const struct {
1294 EC_CURVE_DATA h; 1568 uint8_t p[48];
1295 unsigned char data[0 + 48 * 6]; 1569 uint8_t a[48];
1296} 1570 uint8_t b[48];
1297 _EC_brainpoolP384t1 = { 1571 uint8_t x[48];
1298 { 1572 uint8_t y[48];
1299 .seed_len = 0, 1573 uint8_t order[48];
1300 .param_len = 48, 1574} _EC_brainpoolP384t1 = {
1301 .cofactor = 1, 1575 .p = {
1302 },
1303 { /* no seed */
1304 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* p */ 1576 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* p */
1305 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 1577 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09,
1306 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 1578 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7,
1307 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, 1579 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71,
1308 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53, 1580 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
1581 },
1582 .a = {
1309 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* a */ 1583 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* a */
1310 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 1584 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09,
1311 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 1585 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7,
1312 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, 1586 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71,
1313 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50, 1587 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50,
1588 },
1589 .b = {
1314 0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, 0xD8, 0x26, /* b */ 1590 0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, 0xD8, 0x26, /* b */
1315 0xDB, 0xA6, 0x47, 0x91, 0x0F, 0x8C, 0x4B, 0x93, 0x46, 0xED, 1591 0xDB, 0xA6, 0x47, 0x91, 0x0F, 0x8C, 0x4B, 0x93, 0x46, 0xED,
1316 0x8C, 0xCD, 0xC6, 0x4E, 0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 1592 0x8C, 0xCD, 0xC6, 0x4E, 0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D,
1317 0xCE, 0x1D, 0x20, 0x74, 0xAA, 0x26, 0x3B, 0x88, 0x80, 0x5C, 1593 0xCE, 0x1D, 0x20, 0x74, 0xAA, 0x26, 0x3B, 0x88, 0x80, 0x5C,
1318 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE, 1594 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE,
1595 },
1596 .x = {
1319 0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, 0xF2, 0xAF, /* x */ 1597 0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, 0xF2, 0xAF, /* x */
1320 0xCD, 0x72, 0x35, 0xF7, 0x2A, 0x81, 0x9B, 0x80, 0xAB, 0x12, 1598 0xCD, 0x72, 0x35, 0xF7, 0x2A, 0x81, 0x9B, 0x80, 0xAB, 0x12,
1321 0xEB, 0xD6, 0x53, 0x17, 0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 1599 0xEB, 0xD6, 0x53, 0x17, 0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A,
1322 0xAB, 0xFF, 0xC4, 0xFF, 0x19, 0x1B, 0x94, 0x6A, 0x5F, 0x54, 1600 0xAB, 0xFF, 0xC4, 0xFF, 0x19, 0x1B, 0x94, 0x6A, 0x5F, 0x54,
1323 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC, 1601 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC,
1602 },
1603 .y = {
1324 0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, 0xA1, 0x14, /* y */ 1604 0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, 0xA1, 0x14, /* y */
1325 0xAF, 0xD2, 0x75, 0x5A, 0xD3, 0x36, 0x74, 0x7F, 0x93, 0x47, 1605 0xAF, 0xD2, 0x75, 0x5A, 0xD3, 0x36, 0x74, 0x7F, 0x93, 0x47,
1326 0x5B, 0x7A, 0x1F, 0xCA, 0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 1606 0x5B, 0x7A, 0x1F, 0xCA, 0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08,
1327 0xCC, 0xFE, 0x46, 0x94, 0x08, 0x58, 0x4D, 0xC2, 0xB2, 0x91, 1607 0xCC, 0xFE, 0x46, 0x94, 0x08, 0x58, 0x4D, 0xC2, 0xB2, 0x91,
1328 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28, 1608 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28,
1609 },
1610 .order = {
1329 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* order */ 1611 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* order */
1330 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 1612 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09,
1331 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 1613 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04,
1332 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, 1614 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10,
1333 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 1615 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65,
1334 } 1616 },
1335}; 1617};
1336 1618
1337static const struct { 1619static const struct {
1338 EC_CURVE_DATA h; 1620 uint8_t p[64];
1339 unsigned char data[0 + 64 * 6]; 1621 uint8_t a[64];
1340} 1622 uint8_t b[64];
1341 _EC_brainpoolP512r1 = { 1623 uint8_t x[64];
1342 { 1624 uint8_t y[64];
1343 .seed_len = 0, 1625 uint8_t order[64];
1344 .param_len = 64, 1626} _EC_brainpoolP512r1 = {
1345 .cofactor = 1, 1627 .p = {
1346 },
1347 { /* no seed */
1348 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* p */ 1628 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* p */
1349 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 1629 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3,
1350 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 1630 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33,
@@ -1352,6 +1632,8 @@ static const struct {
1352 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81, 1632 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81,
1353 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, 1633 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
1354 0x58, 0x3A, 0x48, 0xF3, 1634 0x58, 0x3A, 0x48, 0xF3,
1635 },
1636 .a = {
1355 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, /* a */ 1637 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, /* a */
1356 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5, 0x94, 0xCB, 0xDD, 0x8D, 1638 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5, 0x94, 0xCB, 0xDD, 0x8D,
1357 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 1639 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98,
@@ -1359,6 +1641,8 @@ static const struct {
1359 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 1641 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11,
1360 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, 1642 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D,
1361 0x77, 0xFC, 0x94, 0xCA, 1643 0x77, 0xFC, 0x94, 0xCA,
1644 },
1645 .b = {
1362 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, /* b */ 1646 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, /* b */
1363 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, 1647 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1,
1364 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 1648 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11,
@@ -1366,6 +1650,8 @@ static const struct {
1366 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, 0x98, 0x40, 1650 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, 0x98, 0x40,
1367 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63, 1651 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63,
1368 0x80, 0x16, 0xF7, 0x23, 1652 0x80, 0x16, 0xF7, 0x23,
1653 },
1654 .x = {
1369 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, /* x */ 1655 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, /* x */
1370 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93, 0x85, 0xED, 0x9F, 0x70, 1656 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93, 0x85, 0xED, 0x9F, 0x70,
1371 0xB5, 0xD9, 0x16, 0xC1, 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 1657 0xB5, 0xD9, 0x16, 0xC1, 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0,
@@ -1373,6 +1659,8 @@ static const struct {
1373 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, 0x7C, 0x6D, 1659 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, 0x7C, 0x6D,
1374 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09, 1660 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09,
1375 0xBC, 0xB9, 0xF8, 0x22, 1661 0xBC, 0xB9, 0xF8, 0x22,
1662 },
1663 .y = {
1376 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, /* y */ 1664 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, /* y */
1377 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD, 0xF2, 0x09, 0xF7, 0x00, 1665 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD, 0xF2, 0x09, 0xF7, 0x00,
1378 0x24, 0xA5, 0x7B, 0x1A, 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 1666 0x24, 0xA5, 0x7B, 0x1A, 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F,
@@ -1380,27 +1668,27 @@ static const struct {
1380 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, 0xD1, 0xCA, 1668 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, 0xD1, 0xCA,
1381 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F, 1669 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F,
1382 0x3A, 0xD8, 0x08, 0x92, 1670 0x3A, 0xD8, 0x08, 0x92,
1671 },
1672 .order = {
1383 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* order */ 1673 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* order */
1384 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 1674 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3,
1385 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 1675 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33,
1386 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, 1676 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19,
1387 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1, 1677 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1,
1388 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, 1678 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
1389 0x9C, 0xA9, 0x00, 0x69 1679 0x9C, 0xA9, 0x00, 0x69,
1390 } 1680 },
1391}; 1681};
1392 1682
1393static const struct { 1683static const struct {
1394 EC_CURVE_DATA h; 1684 uint8_t p[64];
1395 unsigned char data[0 + 64 * 6]; 1685 uint8_t a[64];
1396} 1686 uint8_t b[64];
1397 _EC_brainpoolP512t1 = { 1687 uint8_t x[64];
1398 { 1688 uint8_t y[64];
1399 .seed_len = 0, 1689 uint8_t order[64];
1400 .param_len = 64, 1690} _EC_brainpoolP512t1 = {
1401 .cofactor = 1, 1691 .p = {
1402 },
1403 { /* no seed */
1404 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* p */ 1692 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* p */
1405 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 1693 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3,
1406 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 1694 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33,
@@ -1408,6 +1696,8 @@ static const struct {
1408 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81, 1696 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81,
1409 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, 1697 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
1410 0x58, 0x3A, 0x48, 0xF3, 1698 0x58, 0x3A, 0x48, 0xF3,
1699 },
1700 .a = {
1411 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* a */ 1701 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* a */
1412 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 1702 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3,
1413 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 1703 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33,
@@ -1415,6 +1705,8 @@ static const struct {
1415 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81, 1705 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81,
1416 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, 1706 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
1417 0x58, 0x3A, 0x48, 0xF0, 1707 0x58, 0x3A, 0x48, 0xF0,
1708 },
1709 .b = {
1418 0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, 0x6E, 0x18, /* b */ 1710 0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, 0x6E, 0x18, /* b */
1419 0x90, 0xE4, 0x68, 0x84, 0xEA, 0xE3, 0x21, 0xF7, 0x0C, 0x0B, 1711 0x90, 0xE4, 0x68, 0x84, 0xEA, 0xE3, 0x21, 0xF7, 0x0C, 0x0B,
1420 0xCB, 0x49, 0x81, 0x52, 0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 1712 0xCB, 0x49, 0x81, 0x52, 0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E,
@@ -1422,6 +1714,8 @@ static const struct {
1422 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45, 0xC2, 0x25, 1714 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45, 0xC2, 0x25,
1423 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0E, 0xA2, 0x57, 1715 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0E, 0xA2, 0x57,
1424 0x18, 0x67, 0x42, 0x3E, 1716 0x18, 0x67, 0x42, 0x3E,
1717 },
1718 .x = {
1425 0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, 0xB9, 0xC1, /* x */ 1719 0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, 0xB9, 0xC1, /* x */
1426 0xBA, 0x06, 0xCB, 0xC2, 0xA6, 0xFE, 0xBA, 0x85, 0x84, 0x24, 1720 0xBA, 0x06, 0xCB, 0xC2, 0xA6, 0xFE, 0xBA, 0x85, 0x84, 0x24,
1427 0x58, 0xC5, 0x6D, 0xDE, 0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 1721 0x58, 0xC5, 0x6D, 0xDE, 0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0,
@@ -1429,6 +1723,8 @@ static const struct {
1429 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64, 0xF7, 0xA3, 1723 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64, 0xF7, 0xA3,
1430 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, 0x1B, 0xAA, 0x26, 0x96, 1724 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, 0x1B, 0xAA, 0x26, 0x96,
1431 0xFA, 0x90, 0x35, 0xDA, 1725 0xFA, 0x90, 0x35, 0xDA,
1726 },
1727 .y = {
1432 0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, 0xA2, 0xC8, /* y */ 1728 0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, 0xA2, 0xC8, /* y */
1433 0x92, 0x37, 0x6C, 0x84, 0xAC, 0xE1, 0xBB, 0x4E, 0x30, 0x19, 1729 0x92, 0x37, 0x6C, 0x84, 0xAC, 0xE1, 0xBB, 0x4E, 0x30, 0x19,
1434 0xB7, 0x16, 0x34, 0xC0, 0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 1730 0xB7, 0x16, 0x34, 0xC0, 0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03,
@@ -1436,205 +1732,247 @@ static const struct {
1436 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27, 0x30, 0x6E, 1732 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27, 0x30, 0x6E,
1437 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, 0xE1, 0x98, 0xB6, 0x1E, 1733 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, 0xE1, 0x98, 0xB6, 0x1E,
1438 0x00, 0xF8, 0xB3, 0x32, 1734 0x00, 0xF8, 0xB3, 0x32,
1735 },
1736 .order = {
1439 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* order */ 1737 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* order */
1440 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 1738 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3,
1441 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 1739 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33,
1442 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, 1740 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19,
1443 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1, 1741 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1,
1444 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, 1742 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
1445 0x9C, 0xA9, 0x00, 0x69 1743 0x9C, 0xA9, 0x00, 0x69,
1446 } 1744 },
1447}; 1745};
1448 1746
1449static const struct { 1747static const struct {
1450 EC_CURVE_DATA h; 1748 uint8_t p[32];
1451 unsigned char data[0 + 32 * 6]; 1749 uint8_t a[32];
1452} 1750 uint8_t b[32];
1453 _EC_FRP256v1 = { 1751 uint8_t x[32];
1454 { 1752 uint8_t y[32];
1455 .seed_len = 0, 1753 uint8_t order[32];
1456 .param_len = 32, 1754} _EC_FRP256v1 = {
1457 .cofactor = 1, 1755 .p = {
1458 },
1459 { /* no seed */
1460 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* p */ 1756 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* p */
1461 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x39, 0x61, 0xAD, 0xBC, 1757 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x39, 0x61, 0xAD, 0xBC,
1462 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E, 1758 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E,
1463 0x9C, 0x03, 1759 0x9C, 0x03,
1760 },
1761 .a = {
1464 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* a */ 1762 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* a */
1465 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x39, 0x61, 0xAD, 0xBC, 1763 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x39, 0x61, 0xAD, 0xBC,
1466 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E, 1764 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E,
1467 0x9C, 0x00, 1765 0x9C, 0x00,
1766 },
1767 .b = {
1468 0xEE, 0x35, 0x3F, 0xCA, 0x54, 0x28, 0xA9, 0x30, 0x0D, 0x4A, /* b */ 1768 0xEE, 0x35, 0x3F, 0xCA, 0x54, 0x28, 0xA9, 0x30, 0x0D, 0x4A, /* b */
1469 0xBA, 0x75, 0x4A, 0x44, 0xC0, 0x0F, 0xDF, 0xEC, 0x0C, 0x9A, 1769 0xBA, 0x75, 0x4A, 0x44, 0xC0, 0x0F, 0xDF, 0xEC, 0x0C, 0x9A,
1470 0xE4, 0xB1, 0xA1, 0x80, 0x30, 0x75, 0xED, 0x96, 0x7B, 0x7B, 1770 0xE4, 0xB1, 0xA1, 0x80, 0x30, 0x75, 0xED, 0x96, 0x7B, 0x7B,
1471 0xB7, 0x3F, 1771 0xB7, 0x3F,
1772 },
1773 .x = {
1472 0xB6, 0xB3, 0xD4, 0xC3, 0x56, 0xC1, 0x39, 0xEB, 0x31, 0x18, /* x */ 1774 0xB6, 0xB3, 0xD4, 0xC3, 0x56, 0xC1, 0x39, 0xEB, 0x31, 0x18, /* x */
1473 0x3D, 0x47, 0x49, 0xD4, 0x23, 0x95, 0x8C, 0x27, 0xD2, 0xDC, 1775 0x3D, 0x47, 0x49, 0xD4, 0x23, 0x95, 0x8C, 0x27, 0xD2, 0xDC,
1474 0xAF, 0x98, 0xB7, 0x01, 0x64, 0xC9, 0x7A, 0x2D, 0xD9, 0x8F, 1776 0xAF, 0x98, 0xB7, 0x01, 0x64, 0xC9, 0x7A, 0x2D, 0xD9, 0x8F,
1475 0x5C, 0xFF, 1777 0x5C, 0xFF,
1778 },
1779 .y = {
1476 0x61, 0x42, 0xE0, 0xF7, 0xC8, 0xB2, 0x04, 0x91, 0x1F, 0x92, /* y */ 1780 0x61, 0x42, 0xE0, 0xF7, 0xC8, 0xB2, 0x04, 0x91, 0x1F, 0x92, /* y */
1477 0x71, 0xF0, 0xF3, 0xEC, 0xEF, 0x8C, 0x27, 0x01, 0xC3, 0x07, 1781 0x71, 0xF0, 0xF3, 0xEC, 0xEF, 0x8C, 0x27, 0x01, 0xC3, 0x07,
1478 0xE8, 0xE4, 0xC9, 0xE1, 0x83, 0x11, 0x5A, 0x15, 0x54, 0x06, 1782 0xE8, 0xE4, 0xC9, 0xE1, 0x83, 0x11, 0x5A, 0x15, 0x54, 0x06,
1479 0x2C, 0xFB, 1783 0x2C, 0xFB,
1784 },
1785 .order = {
1480 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* order */ 1786 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* order */
1481 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x53, 0xDC, 0x67, 0xE1, 1787 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x53, 0xDC, 0x67, 0xE1,
1482 0x40, 0xD2, 0xBF, 0x94, 0x1F, 0xFD, 0xD4, 0x59, 0xC6, 0xD6, 1788 0x40, 0xD2, 0xBF, 0x94, 0x1F, 0xFD, 0xD4, 0x59, 0xC6, 0xD6,
1483 0x55, 0xE1 1789 0x55, 0xE1,
1484 } 1790 },
1485}; 1791};
1486 1792
1487#ifndef OPENSSL_NO_GOST 1793#ifndef OPENSSL_NO_GOST
1488static const struct { 1794static const struct {
1489 EC_CURVE_DATA h; 1795 uint8_t p[32];
1490 unsigned char data[0 + 32 * 6]; 1796 uint8_t a[32];
1491} 1797 uint8_t b[32];
1492 _EC_GOST_2001_Test = { 1798 uint8_t x[32];
1493 { 1799 uint8_t y[32];
1494 .seed_len = 0, 1800 uint8_t order[32];
1495 .param_len = 32, 1801} _EC_GOST_2001_Test = {
1496 .cofactor = 1, 1802 .p = {
1497 },
1498 { /* no seed */
1499 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ 1803 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */
1500 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1804 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1501 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1805 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1502 0x04, 0x31, 1806 0x04, 0x31,
1807 },
1808 .a = {
1503 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 1809 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
1504 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1810 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1811 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1506 0x00, 0x07, 1812 0x00, 0x07,
1813 },
1814 .b = {
1507 0x5F, 0xBF, 0xF4, 0x98, 0xAA, 0x93, 0x8C, 0xE7, 0x39, 0xB8, /* b */ 1815 0x5F, 0xBF, 0xF4, 0x98, 0xAA, 0x93, 0x8C, 0xE7, 0x39, 0xB8, /* b */
1508 0xE0, 0x22, 0xFB, 0xAF, 0xEF, 0x40, 0x56, 0x3F, 0x6E, 0x6A, 1816 0xE0, 0x22, 0xFB, 0xAF, 0xEF, 0x40, 0x56, 0x3F, 0x6E, 0x6A,
1509 0x34, 0x72, 0xFC, 0x2A, 0x51, 0x4C, 0x0C, 0xE9, 0xDA, 0xE2, 1817 0x34, 0x72, 0xFC, 0x2A, 0x51, 0x4C, 0x0C, 0xE9, 0xDA, 0xE2,
1510 0x3B, 0x7E, 1818 0x3B, 0x7E,
1819 },
1820 .x = {
1511 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 1821 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
1512 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1822 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1513 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1823 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1514 0x00, 0x02, 1824 0x00, 0x02,
1825 },
1826 .y = {
1515 0x08, 0xE2, 0xA8, 0xA0, 0xE6, 0x51, 0x47, 0xD4, 0xBD, 0x63, /* y */ 1827 0x08, 0xE2, 0xA8, 0xA0, 0xE6, 0x51, 0x47, 0xD4, 0xBD, 0x63, /* y */
1516 0x16, 0x03, 0x0E, 0x16, 0xD1, 0x9C, 0x85, 0xC9, 0x7F, 0x0A, 1828 0x16, 0x03, 0x0E, 0x16, 0xD1, 0x9C, 0x85, 0xC9, 0x7F, 0x0A,
1517 0x9C, 0xA2, 0x67, 0x12, 0x2B, 0x96, 0xAB, 0xBC, 0xEA, 0x7E, 1829 0x9C, 0xA2, 0x67, 0x12, 0x2B, 0x96, 0xAB, 0xBC, 0xEA, 0x7E,
1518 0x8F, 0xC8, 1830 0x8F, 0xC8,
1831 },
1832 .order = {
1519 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 1833 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
1520 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xFE, 0x8A, 0x18, 1834 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xFE, 0x8A, 0x18,
1521 0x92, 0x97, 0x61, 0x54, 0xC5, 0x9C, 0xFC, 0x19, 0x3A, 0xCC, 1835 0x92, 0x97, 0x61, 0x54, 0xC5, 0x9C, 0xFC, 0x19, 0x3A, 0xCC,
1522 0xF5, 0xB3, 1836 0xF5, 0xB3,
1523 } 1837 },
1524}; 1838};
1525 1839
1526static const struct { 1840static const struct {
1527 EC_CURVE_DATA h; 1841 uint8_t p[32];
1528 unsigned char data[0 + 32 * 6]; 1842 uint8_t a[32];
1529} 1843 uint8_t b[32];
1530 _EC_GOST_2001_CryptoPro_A = { 1844 uint8_t x[32];
1531 { 1845 uint8_t y[32];
1532 .seed_len = 0, 1846 uint8_t order[32];
1533 .param_len = 32, 1847} _EC_GOST_2001_CryptoPro_A = {
1534 .cofactor = 1, 1848 .p = {
1535 },
1536 { /* no seed */
1537 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 1849 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
1538 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 1850 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1539 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 1851 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1540 0xFD, 0x97, 1852 0xFD, 0x97,
1853 },
1854 .a = {
1541 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ 1855 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
1542 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 1856 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1543 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 1857 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1544 0xFD, 0x94, 1858 0xFD, 0x94,
1859 },
1860 .b = {
1545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 1861 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
1546 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1547 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1863 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1548 0x00, 0xA6, 1864 0x00, 0xA6,
1865 },
1866 .x = {
1549 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 1867 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
1550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1868 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1551 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1869 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1552 0x00, 0x01, 1870 0x00, 0x01,
1871 },
1872 .y = {
1553 0x8D, 0x91, 0xE4, 0x71, 0xE0, 0x98, 0x9C, 0xDA, 0x27, 0xDF, /* y */ 1873 0x8D, 0x91, 0xE4, 0x71, 0xE0, 0x98, 0x9C, 0xDA, 0x27, 0xDF, /* y */
1554 0x50, 0x5A, 0x45, 0x3F, 0x2B, 0x76, 0x35, 0x29, 0x4F, 0x2D, 1874 0x50, 0x5A, 0x45, 0x3F, 0x2B, 0x76, 0x35, 0x29, 0x4F, 0x2D,
1555 0xDF, 0x23, 0xE3, 0xB1, 0x22, 0xAC, 0xC9, 0x9C, 0x9E, 0x9F, 1875 0xDF, 0x23, 0xE3, 0xB1, 0x22, 0xAC, 0xC9, 0x9C, 0x9E, 0x9F,
1556 0x1E, 0x14, 1876 0x1E, 0x14,
1877 },
1878 .order = {
1557 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ 1879 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */
1558 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x6C, 0x61, 0x10, 0x70, 1880 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x6C, 0x61, 0x10, 0x70,
1559 0x99, 0x5A, 0xD1, 0x00, 0x45, 0x84, 0x1B, 0x09, 0xB7, 0x61, 1881 0x99, 0x5A, 0xD1, 0x00, 0x45, 0x84, 0x1B, 0x09, 0xB7, 0x61,
1560 0xB8, 0x93, 1882 0xB8, 0x93,
1561 } 1883 },
1562}; 1884};
1563 1885
1564static const struct { 1886static const struct {
1565 EC_CURVE_DATA h; 1887 uint8_t p[32];
1566 unsigned char data[0 + 32 * 6]; 1888 uint8_t a[32];
1567} 1889 uint8_t b[32];
1568 _EC_GOST_2001_CryptoPro_B = { 1890 uint8_t x[32];
1569 { 1891 uint8_t y[32];
1570 .seed_len = 0, 1892 uint8_t order[32];
1571 .param_len = 32, 1893} _EC_GOST_2001_CryptoPro_B = {
1572 .cofactor = 1, 1894 .p = {
1573 },
1574 { /* no seed */
1575 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ 1895 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */
1576 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1896 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1577 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1897 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1578 0x0C, 0x99, 1898 0x0C, 0x99,
1899 },
1900 .a = {
1579 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 1901 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
1580 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1902 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1581 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1903 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1582 0x0C, 0x96, 1904 0x0C, 0x96,
1905 },
1906 .b = {
1583 0x3E, 0x1A, 0xF4, 0x19, 0xA2, 0x69, 0xA5, 0xF8, 0x66, 0xA7, /* b */ 1907 0x3E, 0x1A, 0xF4, 0x19, 0xA2, 0x69, 0xA5, 0xF8, 0x66, 0xA7, /* b */
1584 0xD3, 0xC2, 0x5C, 0x3D, 0xF8, 0x0A, 0xE9, 0x79, 0x25, 0x93, 1908 0xD3, 0xC2, 0x5C, 0x3D, 0xF8, 0x0A, 0xE9, 0x79, 0x25, 0x93,
1585 0x73, 0xFF, 0x2B, 0x18, 0x2F, 0x49, 0xD4, 0xCE, 0x7E, 0x1B, 1909 0x73, 0xFF, 0x2B, 0x18, 0x2F, 0x49, 0xD4, 0xCE, 0x7E, 0x1B,
1586 0xBC, 0x8B, 1910 0xBC, 0x8B,
1911 },
1912 .x = {
1587 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 1913 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
1588 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1914 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1589 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1915 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1590 0x00, 0x01, 1916 0x00, 0x01,
1917 },
1918 .y = {
1591 0x3F, 0xA8, 0x12, 0x43, 0x59, 0xF9, 0x66, 0x80, 0xB8, 0x3D, /* y */ 1919 0x3F, 0xA8, 0x12, 0x43, 0x59, 0xF9, 0x66, 0x80, 0xB8, 0x3D, /* y */
1592 0x1C, 0x3E, 0xB2, 0xC0, 0x70, 0xE5, 0xC5, 0x45, 0xC9, 0x85, 1920 0x1C, 0x3E, 0xB2, 0xC0, 0x70, 0xE5, 0xC5, 0x45, 0xC9, 0x85,
1593 0x8D, 0x03, 0xEC, 0xFB, 0x74, 0x4B, 0xF8, 0xD7, 0x17, 0x71, 1921 0x8D, 0x03, 0xEC, 0xFB, 0x74, 0x4B, 0xF8, 0xD7, 0x17, 0x71,
1594 0x7E, 0xFC, 1922 0x7E, 0xFC,
1923 },
1924 .order = {
1595 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 1925 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
1596 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5F, 0x70, 0x0C, 0xFF, 1926 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5F, 0x70, 0x0C, 0xFF,
1597 0xF1, 0xA6, 0x24, 0xE5, 0xE4, 0x97, 0x16, 0x1B, 0xCC, 0x8A, 1927 0xF1, 0xA6, 0x24, 0xE5, 0xE4, 0x97, 0x16, 0x1B, 0xCC, 0x8A,
1598 0x19, 0x8F, 1928 0x19, 0x8F,
1599 } 1929 },
1600}; 1930};
1601 1931
1602static const struct { 1932static const struct {
1603 EC_CURVE_DATA h; 1933 uint8_t p[32];
1604 unsigned char data[0 + 32 * 6]; 1934 uint8_t a[32];
1605} 1935 uint8_t b[32];
1606 _EC_GOST_2001_CryptoPro_C = { 1936 uint8_t x[32];
1607 { 1937 uint8_t y[32];
1608 .seed_len = 0, 1938 uint8_t order[32];
1609 .param_len = 32, 1939} _EC_GOST_2001_CryptoPro_C = {
1610 .cofactor = 1, 1940 .p = {
1611 },
1612 { /* no seed */
1613 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* p */ 1941 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* p */
1614 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86, 1942 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86,
1615 0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D, 1943 0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D,
1616 0x75, 0x9B, 1944 0x75, 0x9B,
1945 },
1946 .a = {
1617 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* a */ 1947 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* a */
1618 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86, 1948 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86,
1619 0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D, 1949 0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D,
1620 0x75, 0x98, 1950 0x75, 0x98,
1951 },
1952 .b = {
1621 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ 1953 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */
1622 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1954 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1623 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1955 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1624 0x80, 0x5A, 1956 0x80, 0x5A,
1957 },
1958 .x = {
1625 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 1959 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
1626 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1960 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1961 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1628 0x00, 0x00, 1962 0x00, 0x00,
1963 },
1964 .y = {
1629 0x41, 0xEC, 0xE5, 0x57, 0x43, 0x71, 0x1A, 0x8C, 0x3C, 0xBF, /* y */ 1965 0x41, 0xEC, 0xE5, 0x57, 0x43, 0x71, 0x1A, 0x8C, 0x3C, 0xBF, /* y */
1630 0x37, 0x83, 0xCD, 0x08, 0xC0, 0xEE, 0x4D, 0x4D, 0xC4, 0x40, 1966 0x37, 0x83, 0xCD, 0x08, 0xC0, 0xEE, 0x4D, 0x4D, 0xC4, 0x40,
1631 0xD4, 0x64, 0x1A, 0x8F, 0x36, 0x6E, 0x55, 0x0D, 0xFD, 0xB3, 1967 0xD4, 0x64, 0x1A, 0x8F, 0x36, 0x6E, 0x55, 0x0D, 0xFD, 0xB3,
1632 0xBB, 0x67, 1968 0xBB, 0x67,
1969 },
1970 .order = {
1633 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* order */ 1971 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* order */
1634 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0x58, 0x2C, 0xA3, 0x51, 1972 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0x58, 0x2C, 0xA3, 0x51,
1635 0x1E, 0xDD, 0xFB, 0x74, 0xF0, 0x2F, 0x3A, 0x65, 0x98, 0x98, 1973 0x1E, 0xDD, 0xFB, 0x74, 0xF0, 0x2F, 0x3A, 0x65, 0x98, 0x98,
1636 0x0B, 0xB9, 1974 0x0B, 0xB9,
1637 } 1975 },
1638}; 1976};
1639 1977
1640/* 1978/*
@@ -1642,54 +1980,60 @@ static const struct {
1642 * Edwards. We do calculations in canonical (Weierstrass) form. 1980 * Edwards. We do calculations in canonical (Weierstrass) form.
1643 */ 1981 */
1644static const struct { 1982static const struct {
1645 EC_CURVE_DATA h; 1983 uint8_t p[32];
1646 unsigned char data[0 + 32 * 6]; 1984 uint8_t a[32];
1647} 1985 uint8_t b[32];
1648 _EC_GOST_2012_256_TC26_A = { 1986 uint8_t x[32];
1649 { 1987 uint8_t y[32];
1650 .seed_len = 0, 1988 uint8_t order[32];
1651 .param_len = 32, 1989} _EC_GOST_2012_256_TC26_A = {
1652 .cofactor = 4, 1990 .p = {
1653 },
1654 { /* no seed */
1655 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ 1991 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
1656 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 1992 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1657 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 1993 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1658 0xFD, 0x97, 1994 0xFD, 0x97,
1995 },
1996 .a = {
1659 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, /* a */ 1997 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, /* a */
1660 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13, 1998 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13,
1661 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e, 1999 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e,
1662 0x73, 0x35, 2000 0x73, 0x35,
2001 },
2002 .b = {
1663 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, /* b */ 2003 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, /* b */
1664 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91, 2004 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91,
1665 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae, 2005 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae,
1666 0x95, 0x13, 2006 0x95, 0x13,
2007 },
2008 .x = {
1667 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, /* x */ 2009 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, /* x */
1668 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96, 2010 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96,
1669 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d, 2011 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d,
1670 0xaa, 0x28, 2012 0xaa, 0x28,
2013 },
2014 .y = {
1671 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, /* y */ 2015 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, /* y */
1672 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53, 2016 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53,
1673 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32, 2017 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32,
1674 0x2e, 0x5c, 2018 0x2e, 0x5c,
2019 },
2020 .order = {
1675 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 2021 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
1676 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf, 2022 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf,
1677 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36, 2023 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36,
1678 0x0c, 0x67, 2024 0x0c, 0x67,
1679 } 2025 },
1680}; 2026};
1681 2027
1682static const struct { 2028static const struct {
1683 EC_CURVE_DATA h; 2029 uint8_t p[64];
1684 unsigned char data[0 + 64 * 6]; 2030 uint8_t a[64];
1685} 2031 uint8_t b[64];
1686 _EC_GOST_2012_512_Test = { 2032 uint8_t x[64];
1687 { 2033 uint8_t y[64];
1688 .seed_len = 0, 2034 uint8_t order[64];
1689 .param_len = 64, 2035} _EC_GOST_2012_512_Test = {
1690 .cofactor = 1, 2036 .p = {
1691 },
1692 { /* no seed */
1693 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, /* p */ 2037 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, /* p */
1694 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, 2038 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
1695 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, 2039 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
@@ -1697,6 +2041,8 @@ static const struct {
1697 0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8, 2041 0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8,
1698 0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5, 2042 0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5,
1699 0x28, 0xbe, 0x63, 0x73, 2043 0x28, 0xbe, 0x63, 0x73,
2044 },
2045 .a = {
1700 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 2046 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
1701 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2047 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1702 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2048 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1704,6 +2050,8 @@ static const struct {
1704 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2050 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1705 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2051 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1706 0x00, 0x00, 0x00, 0x07, 2052 0x00, 0x00, 0x00, 0x07,
2053 },
2054 .b = {
1707 0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8, /* b */ 2055 0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8, /* b */
1708 0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77, 2056 0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77,
1709 0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1, 2057 0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1,
@@ -1711,6 +2059,8 @@ static const struct {
1711 0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e, 2059 0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e,
1712 0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08, 2060 0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08,
1713 0x4f, 0x30, 0x2a, 0xdc, 2061 0x4f, 0x30, 0x2a, 0xdc,
2062 },
2063 .x = {
1714 0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96, /* x */ 2064 0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96, /* x */
1715 0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3, 2065 0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3,
1716 0xd7, 0x05, 0x7c, 0xc8, 0x25, 0xf9, 0x10, 0x93, 0xa6, 0x8c, 2066 0xd7, 0x05, 0x7c, 0xc8, 0x25, 0xf9, 0x10, 0x93, 0xa6, 0x8c,
@@ -1718,6 +2068,8 @@ static const struct {
1718 0xc6, 0xb6, 0x0a, 0xa7, 0xee, 0xe8, 0x04, 0xe2, 0x8b, 0xc8, 2068 0xc6, 0xb6, 0x0a, 0xa7, 0xee, 0xe8, 0x04, 0xe2, 0x8b, 0xc8,
1719 0x49, 0x97, 0x7f, 0xac, 0x33, 0xb4, 0xb5, 0x30, 0xf1, 0xb1, 2069 0x49, 0x97, 0x7f, 0xac, 0x33, 0xb4, 0xb5, 0x30, 0xf1, 0xb1,
1720 0x20, 0x24, 0x8a, 0x9a, 2070 0x20, 0x24, 0x8a, 0x9a,
2071 },
2072 .y = {
1721 0x2b, 0xb3, 0x12, 0xa4, 0x3b, 0xd2, 0xce, 0x6e, 0x0d, 0x02, /* y */ 2073 0x2b, 0xb3, 0x12, 0xa4, 0x3b, 0xd2, 0xce, 0x6e, 0x0d, 0x02, /* y */
1722 0x06, 0x13, 0xc8, 0x57, 0xac, 0xdd, 0xcf, 0xbf, 0x06, 0x1e, 2074 0x06, 0x13, 0xc8, 0x57, 0xac, 0xdd, 0xcf, 0xbf, 0x06, 0x1e,
1723 0x91, 0xe5, 0xf2, 0xc3, 0xf3, 0x24, 0x47, 0xc2, 0x59, 0xf3, 2075 0x91, 0xe5, 0xf2, 0xc3, 0xf3, 0x24, 0x47, 0xc2, 0x59, 0xf3,
@@ -1725,6 +2077,8 @@ static const struct {
1725 0xf7, 0xeb, 0x33, 0x51, 0xe1, 0xee, 0x4e, 0x43, 0xdc, 0x1a, 2077 0xf7, 0xeb, 0x33, 0x51, 0xe1, 0xee, 0x4e, 0x43, 0xdc, 0x1a,
1726 0x18, 0xb9, 0x1b, 0x24, 0x64, 0x0b, 0x6d, 0xbb, 0x92, 0xcb, 2078 0x18, 0xb9, 0x1b, 0x24, 0x64, 0x0b, 0x6d, 0xbb, 0x92, 0xcb,
1727 0x1a, 0xdd, 0x37, 0x1e, 2079 0x1a, 0xdd, 0x37, 0x1e,
2080 },
2081 .order = {
1728 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, /* order */ 2082 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, /* order */
1729 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, 2083 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2,
1730 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, 2084 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2,
@@ -1732,20 +2086,18 @@ static const struct {
1732 0x19, 0x90, 0x5c, 0x5e, 0xec, 0xc4, 0x23, 0xf1, 0xd8, 0x6e, 2086 0x19, 0x90, 0x5c, 0x5e, 0xec, 0xc4, 0x23, 0xf1, 0xd8, 0x6e,
1733 0x25, 0xed, 0xbe, 0x23, 0xc5, 0x95, 0xd6, 0x44, 0xaa, 0xf1, 2087 0x25, 0xed, 0xbe, 0x23, 0xc5, 0x95, 0xd6, 0x44, 0xaa, 0xf1,
1734 0x87, 0xe6, 0xe6, 0xdf, 2088 0x87, 0xe6, 0xe6, 0xdf,
1735 } 2089 },
1736}; 2090};
1737 2091
1738static const struct { 2092static const struct {
1739 EC_CURVE_DATA h; 2093 uint8_t p[64];
1740 unsigned char data[0 + 64 * 6]; 2094 uint8_t a[64];
1741} 2095 uint8_t b[64];
1742 _EC_GOST_2012_512_TC26_A = { 2096 uint8_t x[64];
1743 { 2097 uint8_t y[64];
1744 .seed_len = 0, 2098 uint8_t order[64];
1745 .param_len = 64, 2099} _EC_GOST_2012_512_TC26_A = {
1746 .cofactor = 1, 2100 .p = {
1747 },
1748 { /* no seed */
1749 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */ 2101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */
1750 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2102 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1751 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2103 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -1753,6 +2105,8 @@ static const struct {
1753 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2105 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1754 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2106 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1755 0xff, 0xff, 0xfd, 0xc7, 2107 0xff, 0xff, 0xfd, 0xc7,
2108 },
2109 .a = {
1756 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a */ 2110 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a */
1757 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2111 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1758 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2112 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -1760,6 +2114,8 @@ static const struct {
1760 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2114 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1761 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2115 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1762 0xff, 0xff, 0xfd, 0xc4, 2116 0xff, 0xff, 0xfd, 0xc4,
2117 },
2118 .b = {
1763 0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd, /* b */ 2119 0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd, /* b */
1764 0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74, 2120 0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74,
1765 0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b, 2121 0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b,
@@ -1767,6 +2123,8 @@ static const struct {
1767 0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e, 2123 0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e,
1768 0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78, 2124 0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78,
1769 0x5a, 0x71, 0xc7, 0x60, 2125 0x5a, 0x71, 0xc7, 0x60,
2126 },
2127 .x = {
1770 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 2128 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
1771 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2129 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1772 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2130 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1774,6 +2132,8 @@ static const struct {
1774 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2132 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1775 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2133 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1776 0x00, 0x00, 0x00, 0x03, 2134 0x00, 0x00, 0x00, 0x03,
2135 },
2136 .y = {
1777 0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b, /* y */ 2137 0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b, /* y */
1778 0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93, 2138 0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93,
1779 0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef, 2139 0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef,
@@ -1781,27 +2141,27 @@ static const struct {
1781 0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28, 2141 0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28,
1782 0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb, 2142 0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb,
1783 0x52, 0x15, 0xf2, 0xa4, 2143 0x52, 0x15, 0xf2, 0xa4,
2144 },
2145 .order = {
1784 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* order */ 2146 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* order */
1785 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2147 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1786 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2148 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1787 0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11, 2149 0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11,
1788 0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b, 2150 0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b,
1789 0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41, 2151 0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41,
1790 0x1f, 0x10, 0xb2, 0x75 2152 0x1f, 0x10, 0xb2, 0x75,
1791 } 2153 },
1792}; 2154};
1793 2155
1794static const struct { 2156static const struct {
1795 EC_CURVE_DATA h; 2157 uint8_t p[64];
1796 unsigned char data[0 + 64 * 6]; 2158 uint8_t a[64];
1797} 2159 uint8_t b[64];
1798 _EC_GOST_2012_512_TC26_B = { 2160 uint8_t x[64];
1799 { 2161 uint8_t y[64];
1800 .seed_len = 0, 2162 uint8_t order[64];
1801 .param_len = 64, 2163} _EC_GOST_2012_512_TC26_B = {
1802 .cofactor = 1, 2164 .p = {
1803 },
1804 { /* no seed */
1805 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ 2165 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */
1806 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2166 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1807 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2167 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1809,6 +2169,8 @@ static const struct {
1809 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1810 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2170 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1811 0x00, 0x00, 0x00, 0x6f, 2171 0x00, 0x00, 0x00, 0x6f,
2172 },
2173 .a = {
1812 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ 2174 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */
1813 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2175 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1814 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1816,6 +2178,8 @@ static const struct {
1816 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2178 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1817 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2179 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1818 0x00, 0x00, 0x00, 0x6c, 2180 0x00, 0x00, 0x00, 0x6c,
2181 },
2182 .b = {
1819 0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e, /* b */ 2183 0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e, /* b */
1820 0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61, 2184 0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61,
1821 0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b, 2185 0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b,
@@ -1823,6 +2187,8 @@ static const struct {
1823 0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7, 2187 0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7,
1824 0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7, 2188 0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7,
1825 0xc5, 0x14, 0x01, 0x16, 2189 0xc5, 0x14, 0x01, 0x16,
2190 },
2191 .x = {
1826 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ 2192 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */
1827 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2193 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1828 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2194 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1830,6 +2196,8 @@ static const struct {
1830 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2196 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1831 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2197 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1832 0x00, 0x00, 0x00, 0x02, 2198 0x00, 0x00, 0x00, 0x02,
2199 },
2200 .y = {
1833 0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07, /* y */ 2201 0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07, /* y */
1834 0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69, 2202 0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69,
1835 0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec, 2203 0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec,
@@ -1837,14 +2205,16 @@ static const struct {
1837 0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04, 2205 0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04,
1838 0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07, 2206 0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07,
1839 0x80, 0xfe, 0x41, 0xbd, 2207 0x80, 0xfe, 0x41, 0xbd,
2208 },
2209 .order = {
1840 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ 2210 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */
1841 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1842 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1843 0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45, 2213 0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45,
1844 0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99, 2214 0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99,
1845 0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54, 2215 0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54,
1846 0x37, 0x4f, 0x25, 0xbd 2216 0x37, 0x4f, 0x25, 0xbd,
1847 } 2217 },
1848}; 2218};
1849 2219
1850/* 2220/*
@@ -1852,16 +2222,14 @@ static const struct {
1852 * Edwards. We do calculations in canonical (Weierstrass) form. 2222 * Edwards. We do calculations in canonical (Weierstrass) form.
1853 */ 2223 */
1854static const struct { 2224static const struct {
1855 EC_CURVE_DATA h; 2225 uint8_t p[64];
1856 unsigned char data[0 + 64 * 6]; 2226 uint8_t a[64];
1857} 2227 uint8_t b[64];
1858 _EC_GOST_2012_512_TC26_C = { 2228 uint8_t x[64];
1859 { 2229 uint8_t y[64];
1860 .seed_len = 0, 2230 uint8_t order[64];
1861 .param_len = 64, 2231} _EC_GOST_2012_512_TC26_C = {
1862 .cofactor = 4, 2232 .p = {
1863 },
1864 { /* no seed */
1865 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */ 2233 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */
1866 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2234 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1867 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2235 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -1869,6 +2237,8 @@ static const struct {
1869 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2237 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1870 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2238 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1871 0xff, 0xff, 0xfd, 0xc7, 2239 0xff, 0xff, 0xfd, 0xc7,
2240 },
2241 .a = {
1872 0xdc, 0x92, 0x03, 0xe5, 0x14, 0xa7, 0x21, 0x87, 0x54, 0x85, /* a */ 2242 0xdc, 0x92, 0x03, 0xe5, 0x14, 0xa7, 0x21, 0x87, 0x54, 0x85, /* a */
1873 0xa5, 0x29, 0xd2, 0xc7, 0x22, 0xfb, 0x18, 0x7b, 0xc8, 0x98, 2243 0xa5, 0x29, 0xd2, 0xc7, 0x22, 0xfb, 0x18, 0x7b, 0xc8, 0x98,
1874 0x0e, 0xb8, 0x66, 0x64, 0x4d, 0xe4, 0x1c, 0x68, 0xe1, 0x43, 2244 0x0e, 0xb8, 0x66, 0x64, 0x4d, 0xe4, 0x1c, 0x68, 0xe1, 0x43,
@@ -1876,6 +2246,8 @@ static const struct {
1876 0x2a, 0xde, 0x71, 0xf4, 0x6f, 0xcf, 0x50, 0xff, 0x2a, 0xd9, 2246 0x2a, 0xde, 0x71, 0xf4, 0x6f, 0xcf, 0x50, 0xff, 0x2a, 0xd9,
1877 0x7f, 0x95, 0x1f, 0xda, 0x9f, 0x2a, 0x2e, 0xb6, 0x54, 0x6f, 2247 0x7f, 0x95, 0x1f, 0xda, 0x9f, 0x2a, 0x2e, 0xb6, 0x54, 0x6f,
1878 0x39, 0x68, 0x9b, 0xd3, 2248 0x39, 0x68, 0x9b, 0xd3,
2249 },
2250 .b = {
1879 0xb4, 0xc4, 0xee, 0x28, 0xce, 0xbc, 0x6c, 0x2c, 0x8a, 0xc1, /* b */ 2251 0xb4, 0xc4, 0xee, 0x28, 0xce, 0xbc, 0x6c, 0x2c, 0x8a, 0xc1, /* b */
1880 0x29, 0x52, 0xcf, 0x37, 0xf1, 0x6a, 0xc7, 0xef, 0xb6, 0xa9, 2252 0x29, 0x52, 0xcf, 0x37, 0xf1, 0x6a, 0xc7, 0xef, 0xb6, 0xa9,
1881 0xf6, 0x9f, 0x4b, 0x57, 0xff, 0xda, 0x2e, 0x4f, 0x0d, 0xe5, 2253 0xf6, 0x9f, 0x4b, 0x57, 0xff, 0xda, 0x2e, 0x4f, 0x0d, 0xe5,
@@ -1883,6 +2255,8 @@ static const struct {
1883 0x8d, 0xe0, 0x28, 0x4b, 0x8b, 0xfe, 0xf3, 0xb5, 0x2b, 0x8c, 2255 0x8d, 0xe0, 0x28, 0x4b, 0x8b, 0xfe, 0xf3, 0xb5, 0x2b, 0x8c,
1884 0xc7, 0xa5, 0xf5, 0xbf, 0x0a, 0x3c, 0x8d, 0x23, 0x19, 0xa5, 2256 0xc7, 0xa5, 0xf5, 0xbf, 0x0a, 0x3c, 0x8d, 0x23, 0x19, 0xa5,
1885 0x31, 0x25, 0x57, 0xe1, 2257 0x31, 0x25, 0x57, 0xe1,
2258 },
2259 .x = {
1886 0xe2, 0xe3, 0x1e, 0xdf, 0xc2, 0x3d, 0xe7, 0xbd, 0xeb, 0xe2, /* x */ 2260 0xe2, 0xe3, 0x1e, 0xdf, 0xc2, 0x3d, 0xe7, 0xbd, 0xeb, 0xe2, /* x */
1887 0x41, 0xce, 0x59, 0x3e, 0xf5, 0xde, 0x22, 0x95, 0xb7, 0xa9, 2261 0x41, 0xce, 0x59, 0x3e, 0xf5, 0xde, 0x22, 0x95, 0xb7, 0xa9,
1888 0xcb, 0xae, 0xf0, 0x21, 0xd3, 0x85, 0xf7, 0x07, 0x4c, 0xea, 2262 0xcb, 0xae, 0xf0, 0x21, 0xd3, 0x85, 0xf7, 0x07, 0x4c, 0xea,
@@ -1890,6 +2264,8 @@ static const struct {
1890 0xa7, 0xb9, 0x03, 0x3d, 0xb9, 0xed, 0x36, 0x10, 0xc6, 0xfb, 2264 0xa7, 0xb9, 0x03, 0x3d, 0xb9, 0xed, 0x36, 0x10, 0xc6, 0xfb,
1891 0x85, 0x48, 0x7e, 0xae, 0x97, 0xaa, 0xc5, 0xbc, 0x79, 0x28, 2265 0x85, 0x48, 0x7e, 0xae, 0x97, 0xaa, 0xc5, 0xbc, 0x79, 0x28,
1892 0xc1, 0x95, 0x01, 0x48, 2266 0xc1, 0x95, 0x01, 0x48,
2267 },
2268 .y = {
1893 0xf5, 0xce, 0x40, 0xd9, 0x5b, 0x5e, 0xb8, 0x99, 0xab, 0xbc, /* y */ 2269 0xf5, 0xce, 0x40, 0xd9, 0x5b, 0x5e, 0xb8, 0x99, 0xab, 0xbc, /* y */
1894 0xcf, 0xf5, 0x91, 0x1c, 0xb8, 0x57, 0x79, 0x39, 0x80, 0x4d, 2270 0xcf, 0xf5, 0x91, 0x1c, 0xb8, 0x57, 0x79, 0x39, 0x80, 0x4d,
1895 0x65, 0x27, 0x37, 0x8b, 0x8c, 0x10, 0x8c, 0x3d, 0x20, 0x90, 2271 0x65, 0x27, 0x37, 0x8b, 0x8c, 0x10, 0x8c, 0x3d, 0x20, 0x90,
@@ -1897,6 +2273,8 @@ static const struct {
1897 0xef, 0x32, 0xd8, 0x58, 0x22, 0x42, 0x3b, 0x63, 0x04, 0xf7, 2273 0xef, 0x32, 0xd8, 0x58, 0x22, 0x42, 0x3b, 0x63, 0x04, 0xf7,
1898 0x26, 0xaa, 0x85, 0x4b, 0xae, 0x07, 0xd0, 0x39, 0x6e, 0x9a, 2274 0x26, 0xaa, 0x85, 0x4b, 0xae, 0x07, 0xd0, 0x39, 0x6e, 0x9a,
1899 0x9a, 0xdd, 0xc4, 0x0f, 2275 0x9a, 0xdd, 0xc4, 0x0f,
2276 },
2277 .order = {
1900 0x3f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* order */ 2278 0x3f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* order */
1901 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2279 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1902 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2280 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -1904,313 +2282,729 @@ static const struct {
1904 0x4c, 0x33, 0xa9, 0xff, 0x51, 0x47, 0x50, 0x2c, 0xc8, 0xed, 2282 0x4c, 0x33, 0xa9, 0xff, 0x51, 0x47, 0x50, 0x2c, 0xc8, 0xed,
1905 0xa9, 0xe7, 0xa7, 0x69, 0xa1, 0x26, 0x94, 0x62, 0x3c, 0xef, 2283 0xa9, 0xe7, 0xa7, 0x69, 0xa1, 0x26, 0x94, 0x62, 0x3c, 0xef,
1906 0x47, 0xf0, 0x23, 0xed, 2284 0x47, 0xf0, 0x23, 0xed,
1907 } 2285 },
1908}; 2286};
1909
1910#endif 2287#endif
1911 2288
1912typedef struct _ec_list_element_st { 2289static const struct ec_list_element {
1913 int nid;
1914 const EC_CURVE_DATA *data;
1915 const char *comment; 2290 const char *comment;
1916} ec_list_element; 2291 int nid;
1917 2292 int seed_len;
1918static const ec_list_element curve_list[] = { 2293 int param_len;
1919 /* prime field curves */ 2294 unsigned int cofactor;
2295 const uint8_t *seed;
2296 const uint8_t *p;
2297 const uint8_t *a;
2298 const uint8_t *b;
2299 const uint8_t *x;
2300 const uint8_t *y;
2301 const uint8_t *order;
2302} curve_list[] = {
1920 /* secg curves */ 2303 /* secg curves */
1921 { 2304 {
1922 .nid = NID_secp112r1,
1923 .data = &_EC_SECG_PRIME_112R1.h,
1924 .comment = "SECG/WTLS curve over a 112 bit prime field", 2305 .comment = "SECG/WTLS curve over a 112 bit prime field",
2306 .nid = NID_secp112r1,
2307 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed),
2308 .param_len = sizeof(_EC_SECG_PRIME_112R1.p),
2309 .seed = _EC_SECG_PRIME_112R1.seed,
2310 .p = _EC_SECG_PRIME_112R1.p,
2311 .a = _EC_SECG_PRIME_112R1.a,
2312 .b = _EC_SECG_PRIME_112R1.b,
2313 .x = _EC_SECG_PRIME_112R1.x,
2314 .y = _EC_SECG_PRIME_112R1.y,
2315 .order = _EC_SECG_PRIME_112R1.order,
2316 .cofactor = 1,
1925 }, 2317 },
1926 { 2318 {
1927 .nid = NID_secp112r2,
1928 .data = &_EC_SECG_PRIME_112R2.h,
1929 .comment = "SECG curve over a 112 bit prime field", 2319 .comment = "SECG curve over a 112 bit prime field",
2320 .nid = NID_secp112r2,
2321 .seed_len = sizeof(_EC_SECG_PRIME_112R2.seed),
2322 .param_len = sizeof(_EC_SECG_PRIME_112R2.p),
2323 .seed = _EC_SECG_PRIME_112R2.seed,
2324 .p = _EC_SECG_PRIME_112R2.p,
2325 .a = _EC_SECG_PRIME_112R2.a,
2326 .b = _EC_SECG_PRIME_112R2.b,
2327 .x = _EC_SECG_PRIME_112R2.x,
2328 .y = _EC_SECG_PRIME_112R2.y,
2329 .order = _EC_SECG_PRIME_112R2.order,
2330 .cofactor = 4,
1930 }, 2331 },
1931 { 2332 {
1932 .nid = NID_secp128r1,
1933 .data = &_EC_SECG_PRIME_128R1.h,
1934 .comment = "SECG curve over a 128 bit prime field", 2333 .comment = "SECG curve over a 128 bit prime field",
2334 .nid = NID_secp128r1,
2335 .seed_len = sizeof(_EC_SECG_PRIME_128R1.seed),
2336 .param_len = sizeof(_EC_SECG_PRIME_128R1.p),
2337 .seed = _EC_SECG_PRIME_128R1.seed,
2338 .p = _EC_SECG_PRIME_128R1.p,
2339 .a = _EC_SECG_PRIME_128R1.a,
2340 .b = _EC_SECG_PRIME_128R1.b,
2341 .x = _EC_SECG_PRIME_128R1.x,
2342 .y = _EC_SECG_PRIME_128R1.y,
2343 .order = _EC_SECG_PRIME_128R1.order,
2344 .cofactor = 1,
1935 }, 2345 },
1936 { 2346 {
1937 .nid = NID_secp128r2,
1938 .data = &_EC_SECG_PRIME_128R2.h,
1939 .comment = "SECG curve over a 128 bit prime field", 2347 .comment = "SECG curve over a 128 bit prime field",
2348 .nid = NID_secp128r2,
2349 .seed_len = sizeof(_EC_SECG_PRIME_128R2.seed),
2350 .param_len = sizeof(_EC_SECG_PRIME_128R2.p),
2351 .seed = _EC_SECG_PRIME_128R2.seed,
2352 .p = _EC_SECG_PRIME_128R2.p,
2353 .a = _EC_SECG_PRIME_128R2.a,
2354 .b = _EC_SECG_PRIME_128R2.b,
2355 .x = _EC_SECG_PRIME_128R2.x,
2356 .y = _EC_SECG_PRIME_128R2.y,
2357 .order = _EC_SECG_PRIME_128R2.order,
2358 .cofactor = 4,
1940 }, 2359 },
1941 { 2360 {
1942 .nid = NID_secp160k1,
1943 .data = &_EC_SECG_PRIME_160K1.h,
1944 .comment = "SECG curve over a 160 bit prime field", 2361 .comment = "SECG curve over a 160 bit prime field",
2362 .nid = NID_secp160k1,
2363 .param_len = sizeof(_EC_SECG_PRIME_160K1.p),
2364 .p = _EC_SECG_PRIME_160K1.p,
2365 .a = _EC_SECG_PRIME_160K1.a,
2366 .b = _EC_SECG_PRIME_160K1.b,
2367 .x = _EC_SECG_PRIME_160K1.x,
2368 .y = _EC_SECG_PRIME_160K1.y,
2369 .order = _EC_SECG_PRIME_160K1.order,
2370 .cofactor = 1,
1945 }, 2371 },
1946 { 2372 {
1947 .nid = NID_secp160r1,
1948 .data = &_EC_SECG_PRIME_160R1.h,
1949 .comment = "SECG curve over a 160 bit prime field", 2373 .comment = "SECG curve over a 160 bit prime field",
2374 .nid = NID_secp160r1,
2375 .seed_len = sizeof(_EC_SECG_PRIME_160R1.seed),
2376 .param_len = sizeof(_EC_SECG_PRIME_160R1.p),
2377 .seed = _EC_SECG_PRIME_160R1.seed,
2378 .p = _EC_SECG_PRIME_160R1.p,
2379 .a = _EC_SECG_PRIME_160R1.a,
2380 .b = _EC_SECG_PRIME_160R1.b,
2381 .x = _EC_SECG_PRIME_160R1.x,
2382 .y = _EC_SECG_PRIME_160R1.y,
2383 .order = _EC_SECG_PRIME_160R1.order,
2384 .cofactor = 1,
1950 }, 2385 },
1951 { 2386 {
1952 .nid = NID_secp160r2,
1953 .data = &_EC_SECG_PRIME_160R2.h,
1954 .comment = "SECG/WTLS curve over a 160 bit prime field", 2387 .comment = "SECG/WTLS curve over a 160 bit prime field",
2388 .nid = NID_secp160r2,
2389 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed),
2390 .param_len = sizeof(_EC_SECG_PRIME_160R2.p),
2391 .seed = _EC_SECG_PRIME_160R2.seed,
2392 .p = _EC_SECG_PRIME_160R2.p,
2393 .a = _EC_SECG_PRIME_160R2.a,
2394 .b = _EC_SECG_PRIME_160R2.b,
2395 .x = _EC_SECG_PRIME_160R2.x,
2396 .y = _EC_SECG_PRIME_160R2.y,
2397 .order = _EC_SECG_PRIME_160R2.order,
2398 .cofactor = 1,
1955 }, 2399 },
1956 /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ 2400 /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
1957 { 2401 {
1958 .nid = NID_secp192k1,
1959 .data = &_EC_SECG_PRIME_192K1.h,
1960 .comment = "SECG curve over a 192 bit prime field", 2402 .comment = "SECG curve over a 192 bit prime field",
2403 .nid = NID_secp192k1,
2404 .param_len = sizeof(_EC_SECG_PRIME_192K1.p),
2405 .p = _EC_SECG_PRIME_192K1.p,
2406 .a = _EC_SECG_PRIME_192K1.a,
2407 .b = _EC_SECG_PRIME_192K1.b,
2408 .x = _EC_SECG_PRIME_192K1.x,
2409 .y = _EC_SECG_PRIME_192K1.y,
2410 .order = _EC_SECG_PRIME_192K1.order,
2411 .cofactor = 1,
1961 }, 2412 },
1962 { 2413 {
1963 .nid = NID_secp224k1,
1964 .data = &_EC_SECG_PRIME_224K1.h,
1965 .comment = "SECG curve over a 224 bit prime field", 2414 .comment = "SECG curve over a 224 bit prime field",
2415 .nid = NID_secp224k1,
2416 .param_len = sizeof(_EC_SECG_PRIME_224K1.p),
2417 .p = _EC_SECG_PRIME_224K1.p,
2418 .a = _EC_SECG_PRIME_224K1.a,
2419 .b = _EC_SECG_PRIME_224K1.b,
2420 .x = _EC_SECG_PRIME_224K1.x,
2421 .y = _EC_SECG_PRIME_224K1.y,
2422 .order = _EC_SECG_PRIME_224K1.order,
2423 .cofactor = 1,
1966 }, 2424 },
1967 { 2425 {
1968 .nid = NID_secp224r1,
1969 .data = &_EC_NIST_PRIME_224.h,
1970 .comment = "NIST/SECG curve over a 224 bit prime field", 2426 .comment = "NIST/SECG curve over a 224 bit prime field",
2427 .nid = NID_secp224r1,
2428 .seed_len = sizeof(_EC_NIST_PRIME_224.seed),
2429 .param_len = sizeof(_EC_NIST_PRIME_224.p),
2430 .seed = _EC_NIST_PRIME_224.seed,
2431 .p = _EC_NIST_PRIME_224.p,
2432 .a = _EC_NIST_PRIME_224.a,
2433 .b = _EC_NIST_PRIME_224.b,
2434 .x = _EC_NIST_PRIME_224.x,
2435 .y = _EC_NIST_PRIME_224.y,
2436 .order = _EC_NIST_PRIME_224.order,
2437 .cofactor = 1,
1971 }, 2438 },
1972 { 2439 {
1973 .nid = NID_secp256k1,
1974 .data = &_EC_SECG_PRIME_256K1.h,
1975 .comment = "SECG curve over a 256 bit prime field", 2440 .comment = "SECG curve over a 256 bit prime field",
2441 .nid = NID_secp256k1,
2442 .param_len = sizeof(_EC_SECG_PRIME_256K1.p),
2443 .p = _EC_SECG_PRIME_256K1.p,
2444 .a = _EC_SECG_PRIME_256K1.a,
2445 .b = _EC_SECG_PRIME_256K1.b,
2446 .x = _EC_SECG_PRIME_256K1.x,
2447 .y = _EC_SECG_PRIME_256K1.y,
2448 .order = _EC_SECG_PRIME_256K1.order,
2449 .cofactor = 1,
1976 }, 2450 },
1977 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ 2451 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
1978 { 2452 {
1979 .nid = NID_secp384r1,
1980 .data = &_EC_NIST_PRIME_384.h,
1981 .comment = "NIST/SECG curve over a 384 bit prime field", 2453 .comment = "NIST/SECG curve over a 384 bit prime field",
2454 .nid = NID_secp384r1,
2455 .seed_len = sizeof(_EC_NIST_PRIME_384.seed),
2456 .param_len = sizeof(_EC_NIST_PRIME_384.p),
2457 .seed = _EC_NIST_PRIME_384.seed,
2458 .p = _EC_NIST_PRIME_384.p,
2459 .a = _EC_NIST_PRIME_384.a,
2460 .b = _EC_NIST_PRIME_384.b,
2461 .x = _EC_NIST_PRIME_384.x,
2462 .y = _EC_NIST_PRIME_384.y,
2463 .order = _EC_NIST_PRIME_384.order,
2464 .cofactor = 1,
1982 }, 2465 },
1983 { 2466 {
1984 .nid = NID_secp521r1,
1985 .data = &_EC_NIST_PRIME_521.h,
1986 .comment = "NIST/SECG curve over a 521 bit prime field", 2467 .comment = "NIST/SECG curve over a 521 bit prime field",
2468 .nid = NID_secp521r1,
2469 .seed_len = sizeof(_EC_NIST_PRIME_521.seed),
2470 .param_len = sizeof(_EC_NIST_PRIME_521.p),
2471 .seed = _EC_NIST_PRIME_521.seed,
2472 .p = _EC_NIST_PRIME_521.p,
2473 .a = _EC_NIST_PRIME_521.a,
2474 .b = _EC_NIST_PRIME_521.b,
2475 .x = _EC_NIST_PRIME_521.x,
2476 .y = _EC_NIST_PRIME_521.y,
2477 .order = _EC_NIST_PRIME_521.order,
2478 .cofactor = 1,
1987 }, 2479 },
1988 /* X9.62 curves */ 2480 /* X9.62 curves */
1989 { 2481 {
1990 .nid = NID_X9_62_prime192v1,
1991 .data = &_EC_NIST_PRIME_192.h,
1992 .comment = "NIST/X9.62/SECG curve over a 192 bit prime field", 2482 .comment = "NIST/X9.62/SECG curve over a 192 bit prime field",
2483 .nid = NID_X9_62_prime192v1,
2484 .seed_len = sizeof(_EC_NIST_PRIME_192.seed),
2485 .param_len = sizeof(_EC_NIST_PRIME_192.p),
2486 .seed = _EC_NIST_PRIME_192.seed,
2487 .p = _EC_NIST_PRIME_192.p,
2488 .a = _EC_NIST_PRIME_192.a,
2489 .b = _EC_NIST_PRIME_192.b,
2490 .x = _EC_NIST_PRIME_192.x,
2491 .y = _EC_NIST_PRIME_192.y,
2492 .order = _EC_NIST_PRIME_192.order,
2493 .cofactor = 1,
1993 }, 2494 },
1994 { 2495 {
1995 .nid = NID_X9_62_prime192v2,
1996 .data = &_EC_X9_62_PRIME_192V2.h,
1997 .comment = "X9.62 curve over a 192 bit prime field", 2496 .comment = "X9.62 curve over a 192 bit prime field",
2497 .nid = NID_X9_62_prime192v2,
2498 .seed_len = sizeof(_EC_X9_62_PRIME_192V2.seed),
2499 .param_len = sizeof(_EC_X9_62_PRIME_192V2.p),
2500 .seed = _EC_X9_62_PRIME_192V2.seed,
2501 .p = _EC_X9_62_PRIME_192V2.p,
2502 .a = _EC_X9_62_PRIME_192V2.a,
2503 .b = _EC_X9_62_PRIME_192V2.b,
2504 .x = _EC_X9_62_PRIME_192V2.x,
2505 .y = _EC_X9_62_PRIME_192V2.y,
2506 .order = _EC_X9_62_PRIME_192V2.order,
2507 .cofactor = 1,
1998 }, 2508 },
1999 { 2509 {
2000 .nid = NID_X9_62_prime192v3,
2001 .data = &_EC_X9_62_PRIME_192V3.h,
2002 .comment = "X9.62 curve over a 192 bit prime field", 2510 .comment = "X9.62 curve over a 192 bit prime field",
2511 .nid = NID_X9_62_prime192v3,
2512 .seed_len = sizeof(_EC_X9_62_PRIME_192V3.seed),
2513 .param_len = sizeof(_EC_X9_62_PRIME_192V3.p),
2514 .seed = _EC_X9_62_PRIME_192V3.seed,
2515 .p = _EC_X9_62_PRIME_192V3.p,
2516 .a = _EC_X9_62_PRIME_192V3.a,
2517 .b = _EC_X9_62_PRIME_192V3.b,
2518 .x = _EC_X9_62_PRIME_192V3.x,
2519 .y = _EC_X9_62_PRIME_192V3.y,
2520 .order = _EC_X9_62_PRIME_192V3.order,
2521 .cofactor = 1,
2003 }, 2522 },
2004 { 2523 {
2005 .nid = NID_X9_62_prime239v1,
2006 .data = &_EC_X9_62_PRIME_239V1.h,
2007 .comment = "X9.62 curve over a 239 bit prime field", 2524 .comment = "X9.62 curve over a 239 bit prime field",
2525 .nid = NID_X9_62_prime239v1,
2526 .seed_len = sizeof(_EC_X9_62_PRIME_239V1.seed),
2527 .param_len = sizeof(_EC_X9_62_PRIME_239V1.p),
2528 .seed = _EC_X9_62_PRIME_239V1.seed,
2529 .p = _EC_X9_62_PRIME_239V1.p,
2530 .a = _EC_X9_62_PRIME_239V1.a,
2531 .b = _EC_X9_62_PRIME_239V1.b,
2532 .x = _EC_X9_62_PRIME_239V1.x,
2533 .y = _EC_X9_62_PRIME_239V1.y,
2534 .order = _EC_X9_62_PRIME_239V1.order,
2535 .cofactor = 1,
2008 }, 2536 },
2009 { 2537 {
2010 .nid = NID_X9_62_prime239v2,
2011 .data = &_EC_X9_62_PRIME_239V2.h,
2012 .comment = "X9.62 curve over a 239 bit prime field", 2538 .comment = "X9.62 curve over a 239 bit prime field",
2539 .nid = NID_X9_62_prime239v2,
2540 .seed_len = sizeof(_EC_X9_62_PRIME_239V2.seed),
2541 .param_len = sizeof(_EC_X9_62_PRIME_239V2.p),
2542 .seed = _EC_X9_62_PRIME_239V2.seed,
2543 .p = _EC_X9_62_PRIME_239V2.p,
2544 .a = _EC_X9_62_PRIME_239V2.a,
2545 .b = _EC_X9_62_PRIME_239V2.b,
2546 .x = _EC_X9_62_PRIME_239V2.x,
2547 .y = _EC_X9_62_PRIME_239V2.y,
2548 .order = _EC_X9_62_PRIME_239V2.order,
2549 .cofactor = 1,
2013 }, 2550 },
2014 { 2551 {
2015 .nid = NID_X9_62_prime239v3,
2016 .data = &_EC_X9_62_PRIME_239V3.h,
2017 .comment = "X9.62 curve over a 239 bit prime field", 2552 .comment = "X9.62 curve over a 239 bit prime field",
2553 .nid = NID_X9_62_prime239v3,
2554 .seed_len = sizeof(_EC_X9_62_PRIME_239V3.seed),
2555 .param_len = sizeof(_EC_X9_62_PRIME_239V3.p),
2556 .seed = _EC_X9_62_PRIME_239V3.seed,
2557 .p = _EC_X9_62_PRIME_239V3.p,
2558 .a = _EC_X9_62_PRIME_239V3.a,
2559 .b = _EC_X9_62_PRIME_239V3.b,
2560 .x = _EC_X9_62_PRIME_239V3.x,
2561 .y = _EC_X9_62_PRIME_239V3.y,
2562 .order = _EC_X9_62_PRIME_239V3.order,
2563 .cofactor = 1,
2018 }, 2564 },
2019 { 2565 {
2020 .nid = NID_X9_62_prime256v1,
2021 .data = &_EC_X9_62_PRIME_256V1.h,
2022 .comment = "X9.62/SECG curve over a 256 bit prime field", 2566 .comment = "X9.62/SECG curve over a 256 bit prime field",
2567 .nid = NID_X9_62_prime256v1,
2568 .seed_len = sizeof(_EC_X9_62_PRIME_256V1.seed),
2569 .param_len = sizeof(_EC_X9_62_PRIME_256V1.p),
2570 .seed = _EC_X9_62_PRIME_256V1.seed,
2571 .p = _EC_X9_62_PRIME_256V1.p,
2572 .a = _EC_X9_62_PRIME_256V1.a,
2573 .b = _EC_X9_62_PRIME_256V1.b,
2574 .x = _EC_X9_62_PRIME_256V1.x,
2575 .y = _EC_X9_62_PRIME_256V1.y,
2576 .order = _EC_X9_62_PRIME_256V1.order,
2577 .cofactor = 1,
2023 }, 2578 },
2024 { 2579 {
2025 .nid = NID_wap_wsg_idm_ecid_wtls6,
2026 .data = &_EC_SECG_PRIME_112R1.h,
2027 .comment = "SECG/WTLS curve over a 112 bit prime field", 2580 .comment = "SECG/WTLS curve over a 112 bit prime field",
2581 .nid = NID_wap_wsg_idm_ecid_wtls6,
2582 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed),
2583 .param_len = sizeof(_EC_SECG_PRIME_112R1.p),
2584 .seed = _EC_SECG_PRIME_112R1.seed,
2585 .p = _EC_SECG_PRIME_112R1.p,
2586 .a = _EC_SECG_PRIME_112R1.a,
2587 .b = _EC_SECG_PRIME_112R1.b,
2588 .x = _EC_SECG_PRIME_112R1.x,
2589 .y = _EC_SECG_PRIME_112R1.y,
2590 .order = _EC_SECG_PRIME_112R1.order,
2591 .cofactor = 1,
2028 }, 2592 },
2029 { 2593 {
2030 .nid = NID_wap_wsg_idm_ecid_wtls7,
2031 .data = &_EC_SECG_PRIME_160R2.h,
2032 .comment = "SECG/WTLS curve over a 160 bit prime field", 2594 .comment = "SECG/WTLS curve over a 160 bit prime field",
2595 .nid = NID_wap_wsg_idm_ecid_wtls7,
2596 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed),
2597 .param_len = sizeof(_EC_SECG_PRIME_160R2.p),
2598 .seed = _EC_SECG_PRIME_160R2.seed,
2599 .p = _EC_SECG_PRIME_160R2.p,
2600 .a = _EC_SECG_PRIME_160R2.a,
2601 .b = _EC_SECG_PRIME_160R2.b,
2602 .x = _EC_SECG_PRIME_160R2.x,
2603 .y = _EC_SECG_PRIME_160R2.y,
2604 .order = _EC_SECG_PRIME_160R2.order,
2605 .cofactor = 1,
2033 }, 2606 },
2034 { 2607 {
2035 .nid = NID_wap_wsg_idm_ecid_wtls8,
2036 .data = &_EC_WTLS_8.h,
2037 .comment = "WTLS curve over a 112 bit prime field", 2608 .comment = "WTLS curve over a 112 bit prime field",
2609 .nid = NID_wap_wsg_idm_ecid_wtls8,
2610 .param_len = sizeof(_EC_WTLS_8.p),
2611 .p = _EC_WTLS_8.p,
2612 .a = _EC_WTLS_8.a,
2613 .b = _EC_WTLS_8.b,
2614 .x = _EC_WTLS_8.x,
2615 .y = _EC_WTLS_8.y,
2616 .order = _EC_WTLS_8.order,
2617 .cofactor = 1,
2038 }, 2618 },
2039 { 2619 {
2040 .nid = NID_wap_wsg_idm_ecid_wtls9,
2041 .data = &_EC_WTLS_9.h,
2042 .comment = "WTLS curve over a 160 bit prime field", 2620 .comment = "WTLS curve over a 160 bit prime field",
2621 .nid = NID_wap_wsg_idm_ecid_wtls9,
2622 .param_len = sizeof(_EC_WTLS_9.p),
2623 .p = _EC_WTLS_9.p,
2624 .a = _EC_WTLS_9.a,
2625 .b = _EC_WTLS_9.b,
2626 .x = _EC_WTLS_9.x,
2627 .y = _EC_WTLS_9.y,
2628 .order = _EC_WTLS_9.order,
2629 .cofactor = 1,
2043 }, 2630 },
2044 { 2631 {
2045 .nid = NID_wap_wsg_idm_ecid_wtls12,
2046 .data = &_EC_WTLS_12.h,
2047 .comment = "WTLS curve over a 224 bit prime field", 2632 .comment = "WTLS curve over a 224 bit prime field",
2633 .nid = NID_wap_wsg_idm_ecid_wtls12,
2634 .param_len = sizeof(_EC_WTLS_12.p),
2635 .p = _EC_WTLS_12.p,
2636 .a = _EC_WTLS_12.a,
2637 .b = _EC_WTLS_12.b,
2638 .x = _EC_WTLS_12.x,
2639 .y = _EC_WTLS_12.y,
2640 .order = _EC_WTLS_12.order,
2641 .cofactor = 1,
2048 }, 2642 },
2049 /* RFC 5639 curves */ 2643 /* RFC 5639 curves */
2050 { 2644 {
2051 .nid = NID_brainpoolP160r1,
2052 .data = &_EC_brainpoolP160r1.h,
2053 .comment = "RFC 5639 curve over a 160 bit prime field", 2645 .comment = "RFC 5639 curve over a 160 bit prime field",
2646 .nid = NID_brainpoolP160r1,
2647 .param_len = sizeof(_EC_brainpoolP160r1.p),
2648 .p = _EC_brainpoolP160r1.p,
2649 .a = _EC_brainpoolP160r1.a,
2650 .b = _EC_brainpoolP160r1.b,
2651 .x = _EC_brainpoolP160r1.x,
2652 .y = _EC_brainpoolP160r1.y,
2653 .order = _EC_brainpoolP160r1.order,
2654 .cofactor = 1,
2054 }, 2655 },
2055 { 2656 {
2056 .nid = NID_brainpoolP160t1,
2057 .data = &_EC_brainpoolP160t1.h,
2058 .comment = "RFC 5639 curve over a 160 bit prime field", 2657 .comment = "RFC 5639 curve over a 160 bit prime field",
2658 .nid = NID_brainpoolP160t1,
2659 .param_len = sizeof(_EC_brainpoolP160t1.p),
2660 .p = _EC_brainpoolP160t1.p,
2661 .a = _EC_brainpoolP160t1.a,
2662 .b = _EC_brainpoolP160t1.b,
2663 .x = _EC_brainpoolP160t1.x,
2664 .y = _EC_brainpoolP160t1.y,
2665 .order = _EC_brainpoolP160t1.order,
2666 .cofactor = 1,
2059 }, 2667 },
2060 { 2668 {
2061 .nid = NID_brainpoolP192r1,
2062 .data = &_EC_brainpoolP192r1.h,
2063 .comment = "RFC 5639 curve over a 192 bit prime field", 2669 .comment = "RFC 5639 curve over a 192 bit prime field",
2670 .nid = NID_brainpoolP192r1,
2671 .param_len = sizeof(_EC_brainpoolP192r1.p),
2672 .p = _EC_brainpoolP192r1.p,
2673 .a = _EC_brainpoolP192r1.a,
2674 .b = _EC_brainpoolP192r1.b,
2675 .x = _EC_brainpoolP192r1.x,
2676 .y = _EC_brainpoolP192r1.y,
2677 .order = _EC_brainpoolP192r1.order,
2678 .cofactor = 1,
2064 }, 2679 },
2065 { 2680 {
2066 .nid = NID_brainpoolP192t1,
2067 .data = &_EC_brainpoolP192t1.h,
2068 .comment = "RFC 5639 curve over a 192 bit prime field", 2681 .comment = "RFC 5639 curve over a 192 bit prime field",
2682 .nid = NID_brainpoolP192t1,
2683 .param_len = sizeof(_EC_brainpoolP192t1.p),
2684 .p = _EC_brainpoolP192t1.p,
2685 .a = _EC_brainpoolP192t1.a,
2686 .b = _EC_brainpoolP192t1.b,
2687 .x = _EC_brainpoolP192t1.x,
2688 .y = _EC_brainpoolP192t1.y,
2689 .order = _EC_brainpoolP192t1.order,
2690 .cofactor = 1,
2069 }, 2691 },
2070 { 2692 {
2071 .nid = NID_brainpoolP224r1,
2072 .data = &_EC_brainpoolP224r1.h,
2073 .comment = "RFC 5639 curve over a 224 bit prime field", 2693 .comment = "RFC 5639 curve over a 224 bit prime field",
2694 .nid = NID_brainpoolP224r1,
2695 .param_len = sizeof(_EC_brainpoolP224r1.p),
2696 .p = _EC_brainpoolP224r1.p,
2697 .a = _EC_brainpoolP224r1.a,
2698 .b = _EC_brainpoolP224r1.b,
2699 .x = _EC_brainpoolP224r1.x,
2700 .y = _EC_brainpoolP224r1.y,
2701 .order = _EC_brainpoolP224r1.order,
2702 .cofactor = 1,
2074 }, 2703 },
2075 { 2704 {
2076 .nid = NID_brainpoolP224t1,
2077 .data = &_EC_brainpoolP224t1.h,
2078 .comment = "RFC 5639 curve over a 224 bit prime field", 2705 .comment = "RFC 5639 curve over a 224 bit prime field",
2706 .nid = NID_brainpoolP224t1,
2707 .param_len = sizeof(_EC_brainpoolP224t1.p),
2708 .p = _EC_brainpoolP224t1.p,
2709 .a = _EC_brainpoolP224t1.a,
2710 .b = _EC_brainpoolP224t1.b,
2711 .x = _EC_brainpoolP224t1.x,
2712 .y = _EC_brainpoolP224t1.y,
2713 .order = _EC_brainpoolP224t1.order,
2714 .cofactor = 1,
2079 }, 2715 },
2080 { 2716 {
2081 .nid = NID_brainpoolP256r1,
2082 .data = &_EC_brainpoolP256r1.h,
2083 .comment = "RFC 5639 curve over a 256 bit prime field", 2717 .comment = "RFC 5639 curve over a 256 bit prime field",
2718 .nid = NID_brainpoolP256r1,
2719 .param_len = sizeof(_EC_brainpoolP256r1.p),
2720 .p = _EC_brainpoolP256r1.p,
2721 .a = _EC_brainpoolP256r1.a,
2722 .b = _EC_brainpoolP256r1.b,
2723 .x = _EC_brainpoolP256r1.x,
2724 .y = _EC_brainpoolP256r1.y,
2725 .order = _EC_brainpoolP256r1.order,
2726 .cofactor = 1,
2084 }, 2727 },
2085 { 2728 {
2086 .nid = NID_brainpoolP256t1,
2087 .data = &_EC_brainpoolP256t1.h,
2088 .comment = "RFC 5639 curve over a 256 bit prime field", 2729 .comment = "RFC 5639 curve over a 256 bit prime field",
2730 .nid = NID_brainpoolP256t1,
2731 .param_len = sizeof(_EC_brainpoolP256t1.p),
2732 .p = _EC_brainpoolP256t1.p,
2733 .a = _EC_brainpoolP256t1.a,
2734 .b = _EC_brainpoolP256t1.b,
2735 .x = _EC_brainpoolP256t1.x,
2736 .y = _EC_brainpoolP256t1.y,
2737 .order = _EC_brainpoolP256t1.order,
2738 .cofactor = 1,
2089 }, 2739 },
2090 { 2740 {
2091 .nid = NID_brainpoolP320r1,
2092 .data = &_EC_brainpoolP320r1.h,
2093 .comment = "RFC 5639 curve over a 320 bit prime field", 2741 .comment = "RFC 5639 curve over a 320 bit prime field",
2742 .nid = NID_brainpoolP320r1,
2743 .param_len = sizeof(_EC_brainpoolP320r1.p),
2744 .p = _EC_brainpoolP320r1.p,
2745 .a = _EC_brainpoolP320r1.a,
2746 .b = _EC_brainpoolP320r1.b,
2747 .x = _EC_brainpoolP320r1.x,
2748 .y = _EC_brainpoolP320r1.y,
2749 .order = _EC_brainpoolP320r1.order,
2750 .cofactor = 1,
2094 }, 2751 },
2095 { 2752 {
2096 .nid = NID_brainpoolP320t1,
2097 .data = &_EC_brainpoolP320t1.h,
2098 .comment = "RFC 5639 curve over a 320 bit prime field", 2753 .comment = "RFC 5639 curve over a 320 bit prime field",
2754 .nid = NID_brainpoolP320t1,
2755 .param_len = sizeof(_EC_brainpoolP320t1.p),
2756 .p = _EC_brainpoolP320t1.p,
2757 .a = _EC_brainpoolP320t1.a,
2758 .b = _EC_brainpoolP320t1.b,
2759 .x = _EC_brainpoolP320t1.x,
2760 .y = _EC_brainpoolP320t1.y,
2761 .order = _EC_brainpoolP320t1.order,
2762 .cofactor = 1,
2099 }, 2763 },
2100 { 2764 {
2101 .nid = NID_brainpoolP384r1,
2102 .data = &_EC_brainpoolP384r1.h,
2103 .comment = "RFC 5639 curve over a 384 bit prime field", 2765 .comment = "RFC 5639 curve over a 384 bit prime field",
2766 .nid = NID_brainpoolP384r1,
2767 .param_len = sizeof(_EC_brainpoolP384r1.p),
2768 .p = _EC_brainpoolP384r1.p,
2769 .a = _EC_brainpoolP384r1.a,
2770 .b = _EC_brainpoolP384r1.b,
2771 .x = _EC_brainpoolP384r1.x,
2772 .y = _EC_brainpoolP384r1.y,
2773 .order = _EC_brainpoolP384r1.order,
2774 .cofactor = 1,
2104 }, 2775 },
2105 { 2776 {
2106 .nid = NID_brainpoolP384t1,
2107 .data = &_EC_brainpoolP384t1.h,
2108 .comment = "RFC 5639 curve over a 384 bit prime field", 2777 .comment = "RFC 5639 curve over a 384 bit prime field",
2778 .nid = NID_brainpoolP384t1,
2779 .param_len = sizeof(_EC_brainpoolP384t1.p),
2780 .p = _EC_brainpoolP384t1.p,
2781 .a = _EC_brainpoolP384t1.a,
2782 .b = _EC_brainpoolP384t1.b,
2783 .x = _EC_brainpoolP384t1.x,
2784 .y = _EC_brainpoolP384t1.y,
2785 .order = _EC_brainpoolP384t1.order,
2786 .cofactor = 1,
2109 }, 2787 },
2110 { 2788 {
2111 .nid = NID_brainpoolP512r1,
2112 .data = &_EC_brainpoolP512r1.h,
2113 .comment = "RFC 5639 curve over a 512 bit prime field", 2789 .comment = "RFC 5639 curve over a 512 bit prime field",
2790 .nid = NID_brainpoolP512r1,
2791 .param_len = sizeof(_EC_brainpoolP512r1.p),
2792 .p = _EC_brainpoolP512r1.p,
2793 .a = _EC_brainpoolP512r1.a,
2794 .b = _EC_brainpoolP512r1.b,
2795 .x = _EC_brainpoolP512r1.x,
2796 .y = _EC_brainpoolP512r1.y,
2797 .order = _EC_brainpoolP512r1.order,
2798 .cofactor = 1,
2114 }, 2799 },
2115 { 2800 {
2116 .nid = NID_brainpoolP512t1,
2117 .data = &_EC_brainpoolP512t1.h,
2118 .comment = "RFC 5639 curve over a 512 bit prime field", 2801 .comment = "RFC 5639 curve over a 512 bit prime field",
2802 .nid = NID_brainpoolP512t1,
2803 .param_len = sizeof(_EC_brainpoolP512t1.p),
2804 .p = _EC_brainpoolP512t1.p,
2805 .a = _EC_brainpoolP512t1.a,
2806 .b = _EC_brainpoolP512t1.b,
2807 .x = _EC_brainpoolP512t1.x,
2808 .y = _EC_brainpoolP512t1.y,
2809 .order = _EC_brainpoolP512t1.order,
2810 .cofactor = 1,
2119 }, 2811 },
2120 /* ANSSI */ 2812 /* ANSSI */
2121 { 2813 {
2122 .nid = NID_FRP256v1,
2123 .data = &_EC_FRP256v1.h,
2124 .comment = "FRP256v1", 2814 .comment = "FRP256v1",
2815 .nid = NID_FRP256v1,
2816 .param_len = sizeof(_EC_FRP256v1.p),
2817 .p = _EC_FRP256v1.p,
2818 .a = _EC_FRP256v1.a,
2819 .b = _EC_FRP256v1.b,
2820 .x = _EC_FRP256v1.x,
2821 .y = _EC_FRP256v1.y,
2822 .order = _EC_FRP256v1.order,
2823 .cofactor = 1,
2125 }, 2824 },
2126#ifndef OPENSSL_NO_GOST 2825#ifndef OPENSSL_NO_GOST
2127 /* GOST R 34.10-2001 */ 2826 /* GOST R 34.10-2001 */
2128 { 2827 {
2129 .nid = NID_id_GostR3410_2001_TestParamSet,
2130 .data = &_EC_GOST_2001_Test.h,
2131 .comment = "GOST R 34.10-2001 Test Curve", 2828 .comment = "GOST R 34.10-2001 Test Curve",
2829 .nid = NID_id_GostR3410_2001_TestParamSet,
2830 .param_len = sizeof(_EC_GOST_2001_Test.p),
2831 .p = _EC_GOST_2001_Test.p,
2832 .a = _EC_GOST_2001_Test.a,
2833 .b = _EC_GOST_2001_Test.b,
2834 .x = _EC_GOST_2001_Test.x,
2835 .y = _EC_GOST_2001_Test.y,
2836 .order = _EC_GOST_2001_Test.order,
2837 .cofactor = 1,
2132 }, 2838 },
2133 { 2839 {
2134 .nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
2135 .data = &_EC_GOST_2001_CryptoPro_A.h,
2136 .comment = "GOST R 34.10-2001 CryptoPro-A", 2840 .comment = "GOST R 34.10-2001 CryptoPro-A",
2841 .nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
2842 .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p),
2843 .p = _EC_GOST_2001_CryptoPro_A.p,
2844 .a = _EC_GOST_2001_CryptoPro_A.a,
2845 .b = _EC_GOST_2001_CryptoPro_A.b,
2846 .x = _EC_GOST_2001_CryptoPro_A.x,
2847 .y = _EC_GOST_2001_CryptoPro_A.y,
2848 .order = _EC_GOST_2001_CryptoPro_A.order,
2849 .cofactor = 1,
2137 }, 2850 },
2138 { 2851 {
2139 .nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
2140 .data = &_EC_GOST_2001_CryptoPro_B.h,
2141 .comment = "GOST R 34.10-2001 CryptoPro-B", 2852 .comment = "GOST R 34.10-2001 CryptoPro-B",
2853 .nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet,
2854 .param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p),
2855 .p = _EC_GOST_2001_CryptoPro_B.p,
2856 .a = _EC_GOST_2001_CryptoPro_B.a,
2857 .b = _EC_GOST_2001_CryptoPro_B.b,
2858 .x = _EC_GOST_2001_CryptoPro_B.x,
2859 .y = _EC_GOST_2001_CryptoPro_B.y,
2860 .order = _EC_GOST_2001_CryptoPro_B.order,
2861 .cofactor = 1,
2142 }, 2862 },
2143 { 2863 {
2144 .nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
2145 .data = &_EC_GOST_2001_CryptoPro_C.h,
2146 .comment = "GOST R 34.10-2001 CryptoPro-C", 2864 .comment = "GOST R 34.10-2001 CryptoPro-C",
2865 .nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet,
2866 .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p),
2867 .p = _EC_GOST_2001_CryptoPro_C.p,
2868 .a = _EC_GOST_2001_CryptoPro_C.a,
2869 .b = _EC_GOST_2001_CryptoPro_C.b,
2870 .x = _EC_GOST_2001_CryptoPro_C.x,
2871 .y = _EC_GOST_2001_CryptoPro_C.y,
2872 .order = _EC_GOST_2001_CryptoPro_C.order,
2873 .cofactor = 1,
2147 }, 2874 },
2148 { 2875 {
2149 .nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
2150 .data = &_EC_GOST_2001_CryptoPro_A.h,
2151 .comment = "GOST R 34.10-2001 CryptoPro-XchA", 2876 .comment = "GOST R 34.10-2001 CryptoPro-XchA",
2877 .nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,
2878 .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p),
2879 .p = _EC_GOST_2001_CryptoPro_A.p,
2880 .a = _EC_GOST_2001_CryptoPro_A.a,
2881 .b = _EC_GOST_2001_CryptoPro_A.b,
2882 .x = _EC_GOST_2001_CryptoPro_A.x,
2883 .y = _EC_GOST_2001_CryptoPro_A.y,
2884 .order = _EC_GOST_2001_CryptoPro_A.order,
2885 .cofactor = 1,
2152 }, 2886 },
2153 { 2887 {
2154 .nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
2155 .data = &_EC_GOST_2001_CryptoPro_C.h,
2156 .comment = "GOST R 34.10-2001 CryptoPro-XchB", 2888 .comment = "GOST R 34.10-2001 CryptoPro-XchB",
2889 .nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,
2890 .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p),
2891 .p = _EC_GOST_2001_CryptoPro_C.p,
2892 .a = _EC_GOST_2001_CryptoPro_C.a,
2893 .b = _EC_GOST_2001_CryptoPro_C.b,
2894 .x = _EC_GOST_2001_CryptoPro_C.x,
2895 .y = _EC_GOST_2001_CryptoPro_C.y,
2896 .order = _EC_GOST_2001_CryptoPro_C.order,
2897 .cofactor = 1,
2157 }, 2898 },
2158 { 2899 {
2159 .nid = NID_id_tc26_gost_3410_12_256_paramSetA,
2160 .data = &_EC_GOST_2012_256_TC26_A.h,
2161 .comment = "GOST R 34.10-2012 256 TC26-A", 2900 .comment = "GOST R 34.10-2012 256 TC26-A",
2901 .nid = NID_id_tc26_gost_3410_12_256_paramSetA,
2902 .param_len = sizeof(_EC_GOST_2012_256_TC26_A.p),
2903 .p = _EC_GOST_2012_256_TC26_A.p,
2904 .a = _EC_GOST_2012_256_TC26_A.a,
2905 .b = _EC_GOST_2012_256_TC26_A.b,
2906 .x = _EC_GOST_2012_256_TC26_A.x,
2907 .y = _EC_GOST_2012_256_TC26_A.y,
2908 .order = _EC_GOST_2012_256_TC26_A.order,
2909 .cofactor = 4,
2162 }, 2910 },
2163 { 2911 {
2164 .nid = NID_id_tc26_gost_3410_12_256_paramSetB,
2165 .data = &_EC_GOST_2001_CryptoPro_A.h,
2166 .comment = "GOST R 34.10-2012 256 TC26-B", 2912 .comment = "GOST R 34.10-2012 256 TC26-B",
2913 .nid = NID_id_tc26_gost_3410_12_256_paramSetB,
2914 .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p),
2915 .p = _EC_GOST_2001_CryptoPro_A.p,
2916 .a = _EC_GOST_2001_CryptoPro_A.a,
2917 .b = _EC_GOST_2001_CryptoPro_A.b,
2918 .x = _EC_GOST_2001_CryptoPro_A.x,
2919 .y = _EC_GOST_2001_CryptoPro_A.y,
2920 .order = _EC_GOST_2001_CryptoPro_A.order,
2921 .cofactor = 1,
2167 }, 2922 },
2168 { 2923 {
2169 .nid = NID_id_tc26_gost_3410_12_256_paramSetC,
2170 .data = &_EC_GOST_2001_CryptoPro_B.h,
2171 .comment = "GOST R 34.10-2012 256 TC26-C", 2924 .comment = "GOST R 34.10-2012 256 TC26-C",
2925 .nid = NID_id_tc26_gost_3410_12_256_paramSetC,
2926 .param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p),
2927 .p = _EC_GOST_2001_CryptoPro_B.p,
2928 .a = _EC_GOST_2001_CryptoPro_B.a,
2929 .b = _EC_GOST_2001_CryptoPro_B.b,
2930 .x = _EC_GOST_2001_CryptoPro_B.x,
2931 .y = _EC_GOST_2001_CryptoPro_B.y,
2932 .order = _EC_GOST_2001_CryptoPro_B.order,
2933 .cofactor = 1,
2172 }, 2934 },
2173 { 2935 {
2174 .nid = NID_id_tc26_gost_3410_12_256_paramSetD,
2175 .data = &_EC_GOST_2001_CryptoPro_C.h,
2176 .comment = "GOST R 34.10-2012 256 TC26-D", 2936 .comment = "GOST R 34.10-2012 256 TC26-D",
2937 .nid = NID_id_tc26_gost_3410_12_256_paramSetD,
2938 .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p),
2939 .p = _EC_GOST_2001_CryptoPro_C.p,
2940 .a = _EC_GOST_2001_CryptoPro_C.a,
2941 .b = _EC_GOST_2001_CryptoPro_C.b,
2942 .x = _EC_GOST_2001_CryptoPro_C.x,
2943 .y = _EC_GOST_2001_CryptoPro_C.y,
2944 .order = _EC_GOST_2001_CryptoPro_C.order,
2945 .cofactor = 1,
2177 }, 2946 },
2178 { 2947 {
2179 .nid = NID_id_tc26_gost_3410_12_512_paramSetTest,
2180 .data = &_EC_GOST_2012_512_Test.h,
2181 .comment = "GOST R 34.10-2012 512 Test Curve", 2948 .comment = "GOST R 34.10-2012 512 Test Curve",
2949 .nid = NID_id_tc26_gost_3410_12_512_paramSetTest,
2950 .param_len = sizeof(_EC_GOST_2012_512_Test.p),
2951 .p = _EC_GOST_2012_512_Test.p,
2952 .a = _EC_GOST_2012_512_Test.a,
2953 .b = _EC_GOST_2012_512_Test.b,
2954 .x = _EC_GOST_2012_512_Test.x,
2955 .y = _EC_GOST_2012_512_Test.y,
2956 .order = _EC_GOST_2012_512_Test.order,
2957 .cofactor = 1,
2182 }, 2958 },
2183 { 2959 {
2184 .nid = NID_id_tc26_gost_3410_12_512_paramSetA,
2185 .data = &_EC_GOST_2012_512_TC26_A.h,
2186 .comment = "GOST R 34.10-2012 512 TC26-A", 2960 .comment = "GOST R 34.10-2012 512 TC26-A",
2961 .nid = NID_id_tc26_gost_3410_12_512_paramSetA,
2962 .param_len = sizeof(_EC_GOST_2012_512_TC26_A.p),
2963 .p = _EC_GOST_2012_512_TC26_A.p,
2964 .a = _EC_GOST_2012_512_TC26_A.a,
2965 .b = _EC_GOST_2012_512_TC26_A.b,
2966 .x = _EC_GOST_2012_512_TC26_A.x,
2967 .y = _EC_GOST_2012_512_TC26_A.y,
2968 .order = _EC_GOST_2012_512_TC26_A.order,
2969 .cofactor = 1,
2187 }, 2970 },
2188 { 2971 {
2189 .nid = NID_id_tc26_gost_3410_12_512_paramSetB,
2190 .data = &_EC_GOST_2012_512_TC26_B.h,
2191 .comment = "GOST R 34.10-2012 512 TC26-B", 2972 .comment = "GOST R 34.10-2012 512 TC26-B",
2973 .nid = NID_id_tc26_gost_3410_12_512_paramSetB,
2974 .param_len = sizeof(_EC_GOST_2012_512_TC26_B.p),
2975 .p = _EC_GOST_2012_512_TC26_B.p,
2976 .a = _EC_GOST_2012_512_TC26_B.a,
2977 .b = _EC_GOST_2012_512_TC26_B.b,
2978 .x = _EC_GOST_2012_512_TC26_B.x,
2979 .y = _EC_GOST_2012_512_TC26_B.y,
2980 .order = _EC_GOST_2012_512_TC26_B.order,
2981 .cofactor = 1,
2192 }, 2982 },
2193 { 2983 {
2194 .nid = NID_id_tc26_gost_3410_12_512_paramSetC,
2195 .data = &_EC_GOST_2012_512_TC26_C.h,
2196 .comment = "GOST R 34.10-2012 512 TC26-C", 2984 .comment = "GOST R 34.10-2012 512 TC26-C",
2985 .nid = NID_id_tc26_gost_3410_12_512_paramSetC,
2986 .param_len = sizeof(_EC_GOST_2012_512_TC26_C.p),
2987 .p = _EC_GOST_2012_512_TC26_C.p,
2988 .a = _EC_GOST_2012_512_TC26_C.a,
2989 .b = _EC_GOST_2012_512_TC26_C.b,
2990 .x = _EC_GOST_2012_512_TC26_C.x,
2991 .y = _EC_GOST_2012_512_TC26_C.y,
2992 .order = _EC_GOST_2012_512_TC26_C.order,
2993 .cofactor = 4,
2197 }, 2994 },
2198#endif 2995#endif
2199}; 2996};
2200 2997
2201#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element)) 2998#define curve_list_length (sizeof(curve_list) / sizeof(curve_list[0]))
2202 2999
2203static EC_GROUP * 3000static EC_GROUP *
2204ec_group_new_from_data(const ec_list_element curve) 3001ec_group_new_from_data(const struct ec_list_element *curve)
2205{ 3002{
2206 EC_GROUP *group = NULL; 3003 EC_GROUP *group = NULL;
2207 EC_POINT *P = NULL; 3004 EC_POINT *P = NULL;
2208 BN_CTX *ctx = NULL; 3005 BN_CTX *ctx = NULL;
2209 BIGNUM *p, *a, *b, *x, *y, *order, *cofactor; 3006 BIGNUM *p, *a, *b, *x, *y, *order, *cofactor;
2210 int ok = 0; 3007 int ok = 0;
2211 int seed_len, param_len;
2212 const EC_CURVE_DATA *data;
2213 const unsigned char *params;
2214 3008
2215 if ((ctx = BN_CTX_new()) == NULL) { 3009 if ((ctx = BN_CTX_new()) == NULL) {
2216 ECerror(ERR_R_MALLOC_FAILURE); 3010 ECerror(ERR_R_MALLOC_FAILURE);
@@ -2247,21 +3041,15 @@ ec_group_new_from_data(const ec_list_element curve)
2247 goto err; 3041 goto err;
2248 } 3042 }
2249 3043
2250 data = curve.data; 3044 if (BN_bin2bn(curve->p, curve->param_len, p) == NULL) {
2251 seed_len = data->seed_len;
2252 param_len = data->param_len;
2253 params = (const unsigned char *) (data + 1); /* skip header */
2254 params += seed_len; /* skip seed */
2255
2256 if (BN_bin2bn(params + 0 * param_len, param_len, p) == NULL) {
2257 ECerror(ERR_R_BN_LIB); 3045 ECerror(ERR_R_BN_LIB);
2258 goto err; 3046 goto err;
2259 } 3047 }
2260 if (BN_bin2bn(params + 1 * param_len, param_len, a) == NULL) { 3048 if (BN_bin2bn(curve->a, curve->param_len, a) == NULL) {
2261 ECerror(ERR_R_BN_LIB); 3049 ECerror(ERR_R_BN_LIB);
2262 goto err; 3050 goto err;
2263 } 3051 }
2264 if (BN_bin2bn(params + 2 * param_len, param_len, b) == NULL) { 3052 if (BN_bin2bn(curve->b, curve->param_len, b) == NULL) {
2265 ECerror(ERR_R_BN_LIB); 3053 ECerror(ERR_R_BN_LIB);
2266 goto err; 3054 goto err;
2267 } 3055 }
@@ -2274,11 +3062,11 @@ ec_group_new_from_data(const ec_list_element curve)
2274 ECerror(ERR_R_EC_LIB); 3062 ECerror(ERR_R_EC_LIB);
2275 goto err; 3063 goto err;
2276 } 3064 }
2277 if (BN_bin2bn(params + 3 * param_len, param_len, x) == NULL) { 3065 if (BN_bin2bn(curve->x, curve->param_len, x) == NULL) {
2278 ECerror(ERR_R_BN_LIB); 3066 ECerror(ERR_R_BN_LIB);
2279 goto err; 3067 goto err;
2280 } 3068 }
2281 if (BN_bin2bn(params + 4 * param_len, param_len, y) == NULL) { 3069 if (BN_bin2bn(curve->y, curve->param_len, y) == NULL) {
2282 ECerror(ERR_R_BN_LIB); 3070 ECerror(ERR_R_BN_LIB);
2283 goto err; 3071 goto err;
2284 } 3072 }
@@ -2286,11 +3074,11 @@ ec_group_new_from_data(const ec_list_element curve)
2286 ECerror(ERR_R_EC_LIB); 3074 ECerror(ERR_R_EC_LIB);
2287 goto err; 3075 goto err;
2288 } 3076 }
2289 if (BN_bin2bn(params + 5 * param_len, param_len, order) == NULL) { 3077 if (BN_bin2bn(curve->order, curve->param_len, order) == NULL) {
2290 ECerror(ERR_R_BN_LIB); 3078 ECerror(ERR_R_EC_LIB);
2291 goto err; 3079 goto err;
2292 } 3080 }
2293 if (!BN_set_word(cofactor, data->cofactor)) { 3081 if (!BN_set_word(cofactor, curve->cofactor)) {
2294 ECerror(ERR_R_BN_LIB); 3082 ECerror(ERR_R_BN_LIB);
2295 goto err; 3083 goto err;
2296 } 3084 }
@@ -2298,8 +3086,8 @@ ec_group_new_from_data(const ec_list_element curve)
2298 ECerror(ERR_R_EC_LIB); 3086 ECerror(ERR_R_EC_LIB);
2299 goto err; 3087 goto err;
2300 } 3088 }
2301 if (seed_len) { 3089 if (curve->seed != NULL) {
2302 if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { 3090 if (!EC_GROUP_set_seed(group, curve->seed, curve->seed_len)) {
2303 ECerror(ERR_R_EC_LIB); 3091 ECerror(ERR_R_EC_LIB);
2304 goto err; 3092 goto err;
2305 } 3093 }
@@ -2328,7 +3116,7 @@ EC_GROUP_new_by_curve_name(int nid)
2328 3116
2329 for (i = 0; i < curve_list_length; i++) 3117 for (i = 0; i < curve_list_length; i++)
2330 if (curve_list[i].nid == nid) { 3118 if (curve_list[i].nid == nid) {
2331 ret = ec_group_new_from_data(curve_list[i]); 3119 ret = ec_group_new_from_data(&curve_list[i]);
2332 break; 3120 break;
2333 } 3121 }
2334 if (ret == NULL) { 3122 if (ret == NULL) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-31 19:47:45 +0000