summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ec_curve.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/ec/ec_curve.c1765
1 files changed, 0 insertions, 1765 deletions
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
deleted file mode 100644
index a3ec2de7fb..0000000000
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ /dev/null
@@ -1,1765 +0,0 @@
1/* $OpenBSD: ec_curve.c,v 1.54 2025/03/09 17:53:11 tb Exp $ */
2/*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5/* ====================================================================
6 * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72#include <limits.h>
73#include <stdint.h>
74#include <stdlib.h>
75#include <string.h>
76
77#include <openssl/opensslconf.h>
78
79#include <openssl/bn.h>
80#include <openssl/ec.h>
81#include <openssl/err.h>
82#include <openssl/objects.h>
83
84#include "ec_local.h"
85
86static const struct {
87 uint8_t seed[20];
88 uint8_t p[28];
89 uint8_t a[28];
90 uint8_t b[28];
91 uint8_t x[28];
92 uint8_t y[28];
93 uint8_t order[28];
94} _EC_NIST_PRIME_224 = {
95 .seed = {
96 0xbd, 0x71, 0x34, 0x47, 0x99, 0xd5, 0xc7, 0xfc, 0xdc, 0x45,
97 0xb5, 0x9f, 0xa3, 0xb9, 0xab, 0x8f, 0x6a, 0x94, 0x8b, 0xc5,
98 },
99 .p = {
100 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
103 },
104 .a = {
105 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
106 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
107 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
108 },
109 .b = {
110 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41,
111 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7, 0xd7, 0xbf, 0xd8, 0xba,
112 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4,
113 },
114 .x = {
115 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13,
116 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3, 0x56, 0xc2, 0x11, 0x22,
117 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21,
118 },
119 .y = {
120 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22,
121 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
122 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34,
123 },
124 .order = {
125 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
126 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2, 0xe0, 0xb8, 0xf0, 0x3e,
127 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d,
128 },
129};
130
131static const struct {
132 uint8_t seed[20];
133 uint8_t p[48];
134 uint8_t a[48];
135 uint8_t b[48];
136 uint8_t x[48];
137 uint8_t y[48];
138 uint8_t order[48];
139} _EC_NIST_PRIME_384 = {
140 .seed = {
141 0xa3, 0x35, 0x92, 0x6a, 0xa3, 0x19, 0xa2, 0x7a, 0x1d, 0x00,
142 0x89, 0x6a, 0x67, 0x73, 0xa4, 0x82, 0x7a, 0xcd, 0xac, 0x73,
143 },
144 .p = {
145 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
146 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
147 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
148 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
149 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
150 },
151 .a = {
152 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
154 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
155 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
156 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xfc,
157 },
158 .b = {
159 0xb3, 0x31, 0x2f, 0xa7, 0xe2, 0x3e, 0xe7, 0xe4, 0x98, 0x8e,
160 0x05, 0x6b, 0xe3, 0xf8, 0x2d, 0x19, 0x18, 0x1d, 0x9c, 0x6e,
161 0xfe, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8f, 0x50, 0x13,
162 0x87, 0x5a, 0xc6, 0x56, 0x39, 0x8d, 0x8a, 0x2e, 0xd1, 0x9d,
163 0x2a, 0x85, 0xc8, 0xed, 0xd3, 0xec, 0x2a, 0xef,
164 },
165 .x = {
166 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37, 0x8e, 0xb1,
167 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74, 0x6e, 0x1d, 0x3b, 0x62,
168 0x8b, 0xa7, 0x9b, 0x98, 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54,
169 0x2a, 0x38, 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
170 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7,
171 },
172 .y = {
173 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e,
174 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd,
175 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0,
176 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
177 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
178 },
179 .order = {
180 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
181 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
182 0xff, 0xff, 0xff, 0xff, 0xc7, 0x63, 0x4d, 0x81, 0xf4, 0x37,
183 0x2d, 0xdf, 0x58, 0x1a, 0x0d, 0xb2, 0x48, 0xb0, 0xa7, 0x7a,
184 0xec, 0xec, 0x19, 0x6a, 0xcc, 0xc5, 0x29, 0x73,
185 },
186};
187
188static const struct {
189 uint8_t seed[20];
190 uint8_t p[66];
191 uint8_t a[66];
192 uint8_t b[66];
193 uint8_t x[66];
194 uint8_t y[66];
195 uint8_t order[66];
196} _EC_NIST_PRIME_521 = {
197 .seed = {
198 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc,
199 0x67, 0x17, 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba,
200 },
201 .p = {
202 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
203 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
204 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
205 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
206 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
207 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
208 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
209 },
210 .a = {
211 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
212 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
213 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
214 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
215 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
216 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
217 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
218 },
219 .b = {
220 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, 0x1f,
221 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda,
222 0x72, 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91,
223 0x8e, 0xf1, 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
224 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, 0xbf, 0x07,
225 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, 0xf1, 0xef, 0x45,
226 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00,
227 },
228 .x = {
229 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd,
230 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64,
231 0x81, 0x39, 0x05, 0x3f, 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60,
232 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
233 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, 0xa8, 0xde,
234 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e,
235 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66,
236 },
237 .y = {
238 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04,
239 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5,
240 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
241 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
242 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61,
243 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
244 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
245 },
246 .order = {
247 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
248 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
249 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
250 0xff, 0xff, 0xff, 0xfa, 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f,
251 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, 0xf7, 0x09, 0xa5, 0xd0,
252 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, 0xbb, 0x6f,
253 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09,
254 },
255};
256
257static const struct {
258 uint8_t seed[20];
259 uint8_t p[30];
260 uint8_t a[30];
261 uint8_t b[30];
262 uint8_t x[30];
263 uint8_t y[30];
264 uint8_t order[30];
265} _EC_X9_62_PRIME_239V1 = {
266 .seed = {
267 0xe4, 0x3b, 0xb4, 0x60, 0xf0, 0xb8, 0x0c, 0xc0, 0xc0, 0xb0,
268 0x75, 0x79, 0x8e, 0x94, 0x80, 0x60, 0xf8, 0x32, 0x1b, 0x7d,
269 },
270 .p = {
271 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
272 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
273 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
274 },
275 .a = {
276 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
277 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
278 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
279 },
280 .b = {
281 0x6b, 0x01, 0x6c, 0x3b, 0xdc, 0xf1, 0x89, 0x41, 0xd0, 0xd6,
282 0x54, 0x92, 0x14, 0x75, 0xca, 0x71, 0xa9, 0xdb, 0x2f, 0xb2,
283 0x7d, 0x1d, 0x37, 0x79, 0x61, 0x85, 0xc2, 0x94, 0x2c, 0x0a,
284 },
285 .x = {
286 0x0f, 0xfa, 0x96, 0x3c, 0xdc, 0xa8, 0x81, 0x6c, 0xcc, 0x33,
287 0xb8, 0x64, 0x2b, 0xed, 0xf9, 0x05, 0xc3, 0xd3, 0x58, 0x57,
288 0x3d, 0x3f, 0x27, 0xfb, 0xbd, 0x3b, 0x3c, 0xb9, 0xaa, 0xaf,
289 },
290 .y = {
291 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40,
292 0x54, 0xca, 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18,
293 0xce, 0x22, 0x6b, 0x39, 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
294 },
295 .order = {
296 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
297 0xff, 0xff, 0x7f, 0xff, 0xff, 0x9e, 0x5e, 0x9a, 0x9f, 0x5d,
298 0x90, 0x71, 0xfb, 0xd1, 0x52, 0x26, 0x88, 0x90, 0x9d, 0x0b,
299 },
300};
301
302static const struct {
303 uint8_t seed[20];
304 uint8_t p[30];
305 uint8_t a[30];
306 uint8_t b[30];
307 uint8_t x[30];
308 uint8_t y[30];
309 uint8_t order[30];
310} _EC_X9_62_PRIME_239V2 = {
311 .seed = {
312 0xe8, 0xb4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xca, 0x3b,
313 0x80, 0x99, 0x98, 0x2b, 0xe0, 0x9f, 0xcb, 0x9a, 0xe6, 0x16,
314 },
315 .p = {
316 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
317 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
318 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
319 },
320 .a = {
321 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
322 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
323 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
324 },
325 .b = {
326 0x61, 0x7f, 0xab, 0x68, 0x32, 0x57, 0x6c, 0xbb, 0xfe, 0xd5,
327 0x0d, 0x99, 0xf0, 0x24, 0x9c, 0x3f, 0xee, 0x58, 0xb9, 0x4b,
328 0xa0, 0x03, 0x8c, 0x7a, 0xe8, 0x4c, 0x8c, 0x83, 0x2f, 0x2c,
329 },
330 .x = {
331 0x38, 0xaf, 0x09, 0xd9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xc9,
332 0x21, 0xbb, 0x5e, 0x9e, 0x26, 0x29, 0x6a, 0x3c, 0xdc, 0xf2,
333 0xf3, 0x57, 0x57, 0xa0, 0xea, 0xfd, 0x87, 0xb8, 0x30, 0xe7,
334 },
335 .y = {
336 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d,
337 0xa0, 0xfc, 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55,
338 0xde, 0x6e, 0xf4, 0x60, 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
339 },
340 .order = {
341 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
342 0xff, 0xff, 0x80, 0x00, 0x00, 0xcf, 0xa7, 0xe8, 0x59, 0x43,
343 0x77, 0xd4, 0x14, 0xc0, 0x38, 0x21, 0xbc, 0x58, 0x20, 0x63,
344 },
345};
346
347static const struct {
348 uint8_t seed[20];
349 uint8_t p[30];
350 uint8_t a[30];
351 uint8_t b[30];
352 uint8_t x[30];
353 uint8_t y[30];
354 uint8_t order[30];
355} _EC_X9_62_PRIME_239V3 = {
356 .seed = {
357 0x7d, 0x73, 0x74, 0x16, 0x8f, 0xfe, 0x34, 0x71, 0xb6, 0x0a,
358 0x85, 0x76, 0x86, 0xa1, 0x94, 0x75, 0xd3, 0xbf, 0xa2, 0xff,
359 },
360 .p = {
361 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
362 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
363 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
364 },
365 .a = {
366 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
367 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
368 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
369 },
370 .b = {
371 0x25, 0x57, 0x05, 0xfa, 0x2a, 0x30, 0x66, 0x54, 0xb1, 0xf4,
372 0xcb, 0x03, 0xd6, 0xa7, 0x50, 0xa3, 0x0c, 0x25, 0x01, 0x02,
373 0xd4, 0x98, 0x87, 0x17, 0xd9, 0xba, 0x15, 0xab, 0x6d, 0x3e,
374 },
375 .x = {
376 0x67, 0x68, 0xae, 0x8e, 0x18, 0xbb, 0x92, 0xcf, 0xcf, 0x00,
377 0x5c, 0x94, 0x9a, 0xa2, 0xc6, 0xd9, 0x48, 0x53, 0xd0, 0xe6,
378 0x60, 0xbb, 0xf8, 0x54, 0xb1, 0xc9, 0x50, 0x5f, 0xe9, 0x5a,
379 },
380 .y = {
381 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d,
382 0x55, 0x2b, 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b,
383 0x6e, 0x81, 0x84, 0x99, 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
384 },
385 .order = {
386 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
387 0xff, 0xff, 0x7f, 0xff, 0xff, 0x97, 0x5d, 0xeb, 0x41, 0xb3,
388 0xa6, 0x05, 0x7c, 0x3c, 0x43, 0x21, 0x46, 0x52, 0x65, 0x51,
389 },
390};
391
392static const struct {
393 uint8_t seed[20];
394 uint8_t p[32];
395 uint8_t a[32];
396 uint8_t b[32];
397 uint8_t x[32];
398 uint8_t y[32];
399 uint8_t order[32];
400} _EC_X9_62_PRIME_256V1 = {
401 .seed = {
402 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66,
403 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90,
404 },
405 .p = {
406 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
407 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
408 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
409 0xff, 0xff,
410 },
411 .a = {
412 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
413 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
414 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
415 0xff, 0xfc,
416 },
417 .b = {
418 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb,
419 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0,
420 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2,
421 0x60, 0x4b,
422 },
423 .x = {
424 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
425 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81,
426 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98,
427 0xc2, 0x96,
428 },
429 .y = {
430 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7,
431 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57,
432 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf,
433 0x51, 0xf5,
434 },
435 .order = {
436 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
437 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad,
438 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63,
439 0x25, 0x51,
440 },
441};
442
443static const struct {
444 uint8_t p[29];
445 uint8_t a[29];
446 uint8_t b[29];
447 uint8_t x[29];
448 uint8_t y[29];
449 uint8_t order[29];
450} _EC_SECG_PRIME_224K1 = {
451 .p = {
452 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
453 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
454 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xe5, 0x6d,
455 },
456 .a = {
457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
458 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
459 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
460 },
461 .b = {
462 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
463 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
464 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
465 },
466 .x = {
467 0x00, 0xa1, 0x45, 0x5b, 0x33, 0x4d, 0xf0, 0x99, 0xdf, 0x30,
468 0xfc, 0x28, 0xa1, 0x69, 0xa4, 0x67, 0xe9, 0xe4, 0x70, 0x75,
469 0xa9, 0x0f, 0x7e, 0x65, 0x0e, 0xb6, 0xb7, 0xa4, 0x5c,
470 },
471 .y = {
472 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82,
473 0xca, 0xfb, 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd,
474 0x59, 0xe2, 0xca, 0x4b, 0xdb, 0x55, 0x6d, 0x61, 0xa5,
475 },
476 .order = {
477 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
478 0x00, 0x00, 0x00, 0x00, 0x01, 0xdc, 0xe8, 0xd2, 0xec, 0x61,
479 0x84, 0xca, 0xf0, 0xa9, 0x71, 0x76, 0x9f, 0xb1, 0xf7,
480 },
481};
482
483static const struct {
484 uint8_t p[32];
485 uint8_t a[32];
486 uint8_t b[32];
487 uint8_t x[32];
488 uint8_t y[32];
489 uint8_t order[32];
490} _EC_SECG_PRIME_256K1 = {
491 .p = {
492 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
493 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
494 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff,
495 0xfc, 0x2f,
496 },
497 .a = {
498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
499 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
500 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
501 0x00, 0x00,
502 },
503 .b = {
504 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
506 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
507 0x00, 0x07,
508 },
509 .x = {
510 0x79, 0xbe, 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
511 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb,
512 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8,
513 0x17, 0x98,
514 },
515 .y = {
516 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
517 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48,
518 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10,
519 0xd4, 0xb8,
520 },
521 .order = {
522 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
523 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6,
524 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36,
525 0x41, 0x41,
526 },
527};
528
529static const struct {
530 uint8_t p[28];
531 uint8_t a[28];
532 uint8_t b[28];
533 uint8_t x[28];
534 uint8_t y[28];
535 uint8_t order[28];
536} _EC_brainpoolP224r1 = {
537 .p = {
538 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
539 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
540 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff,
541 },
542 .a = {
543 0x68, 0xa5, 0xe6, 0x2c, 0xa9, 0xce, 0x6c, 0x1c, 0x29, 0x98,
544 0x03, 0xa6, 0xc1, 0x53, 0x0b, 0x51, 0x4e, 0x18, 0x2a, 0xd8,
545 0xb0, 0x04, 0x2a, 0x59, 0xca, 0xd2, 0x9f, 0x43,
546 },
547 .b = {
548 0x25, 0x80, 0xf6, 0x3c, 0xcf, 0xe4, 0x41, 0x38, 0x87, 0x07,
549 0x13, 0xb1, 0xa9, 0x23, 0x69, 0xe3, 0x3e, 0x21, 0x35, 0xd2,
550 0x66, 0xdb, 0xb3, 0x72, 0x38, 0x6c, 0x40, 0x0b,
551 },
552 .x = {
553 0x0d, 0x90, 0x29, 0xad, 0x2c, 0x7e, 0x5c, 0xf4, 0x34, 0x08,
554 0x23, 0xb2, 0xa8, 0x7d, 0xc6, 0x8c, 0x9e, 0x4c, 0xe3, 0x17,
555 0x4c, 0x1e, 0x6e, 0xfd, 0xee, 0x12, 0xc0, 0x7d,
556 },
557 .y = {
558 0x58, 0xaa, 0x56, 0xf7, 0x72, 0xc0, 0x72, 0x6f, 0x24, 0xc6,
559 0xb8, 0x9e, 0x4e, 0xcd, 0xac, 0x24, 0x35, 0x4b, 0x9e, 0x99,
560 0xca, 0xa3, 0xf6, 0xd3, 0x76, 0x14, 0x02, 0xcd,
561 },
562 .order = {
563 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
564 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b,
565 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f,
566 },
567};
568
569static const struct {
570 uint8_t p[28];
571 uint8_t a[28];
572 uint8_t b[28];
573 uint8_t x[28];
574 uint8_t y[28];
575 uint8_t order[28];
576} _EC_brainpoolP224t1 = {
577 .p = {
578 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
579 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
580 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff,
581 },
582 .a = {
583 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
584 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
585 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xfc,
586 },
587 .b = {
588 0x4b, 0x33, 0x7d, 0x93, 0x41, 0x04, 0xcd, 0x7b, 0xef, 0x27,
589 0x1b, 0xf6, 0x0c, 0xed, 0x1e, 0xd2, 0x0d, 0xa1, 0x4c, 0x08,
590 0xb3, 0xbb, 0x64, 0xf1, 0x8a, 0x60, 0x88, 0x8d,
591 },
592 .x = {
593 0x6a, 0xb1, 0xe3, 0x44, 0xce, 0x25, 0xff, 0x38, 0x96, 0x42,
594 0x4e, 0x7f, 0xfe, 0x14, 0x76, 0x2e, 0xcb, 0x49, 0xf8, 0x92,
595 0x8a, 0xc0, 0xc7, 0x60, 0x29, 0xb4, 0xd5, 0x80,
596 },
597 .y = {
598 0x03, 0x74, 0xe9, 0xf5, 0x14, 0x3e, 0x56, 0x8c, 0xd2, 0x3f,
599 0x3f, 0x4d, 0x7c, 0x0d, 0x4b, 0x1e, 0x41, 0xc8, 0xcc, 0x0d,
600 0x1c, 0x6a, 0xbd, 0x5f, 0x1a, 0x46, 0xdb, 0x4c,
601 },
602 .order = {
603 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
604 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b,
605 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f,
606 },
607};
608
609static const struct {
610 uint8_t p[32];
611 uint8_t a[32];
612 uint8_t b[32];
613 uint8_t x[32];
614 uint8_t y[32];
615 uint8_t order[32];
616} _EC_brainpoolP256r1 = {
617 .p = {
618 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
619 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
620 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
621 0x53, 0x77,
622 },
623 .a = {
624 0x7d, 0x5a, 0x09, 0x75, 0xfc, 0x2c, 0x30, 0x57, 0xee, 0xf6,
625 0x75, 0x30, 0x41, 0x7a, 0xff, 0xe7, 0xfb, 0x80, 0x55, 0xc1,
626 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30,
627 0xb5, 0xd9,
628 },
629 .b = {
630 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30,
631 0xb5, 0xd9, 0xbb, 0xd7, 0x7c, 0xbf, 0x95, 0x84, 0x16, 0x29,
632 0x5c, 0xf7, 0xe1, 0xce, 0x6b, 0xcc, 0xdc, 0x18, 0xff, 0x8c,
633 0x07, 0xb6,
634 },
635 .x = {
636 0x8b, 0xd2, 0xae, 0xb9, 0xcb, 0x7e, 0x57, 0xcb, 0x2c, 0x4b,
637 0x48, 0x2f, 0xfc, 0x81, 0xb7, 0xaf, 0xb9, 0xde, 0x27, 0xe1,
638 0xe3, 0xbd, 0x23, 0xc2, 0x3a, 0x44, 0x53, 0xbd, 0x9a, 0xce,
639 0x32, 0x62,
640 },
641 .y = {
642 0x54, 0x7e, 0xf8, 0x35, 0xc3, 0xda, 0xc4, 0xfd, 0x97, 0xf8,
643 0x46, 0x1a, 0x14, 0x61, 0x1d, 0xc9, 0xc2, 0x77, 0x45, 0x13,
644 0x2d, 0xed, 0x8e, 0x54, 0x5c, 0x1d, 0x54, 0xc7, 0x2f, 0x04,
645 0x69, 0x97,
646 },
647 .order = {
648 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
649 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3,
650 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48,
651 0x56, 0xa7,
652 },
653};
654
655static const struct {
656 uint8_t p[32];
657 uint8_t a[32];
658 uint8_t b[32];
659 uint8_t x[32];
660 uint8_t y[32];
661 uint8_t order[32];
662} _EC_brainpoolP256t1 = {
663 .p = {
664 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
665 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
666 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
667 0x53, 0x77,
668 },
669 .a = {
670 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
671 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
672 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
673 0x53, 0x74,
674 },
675 .b = {
676 0x66, 0x2c, 0x61, 0xc4, 0x30, 0xd8, 0x4e, 0xa4, 0xfe, 0x66,
677 0xa7, 0x73, 0x3d, 0x0b, 0x76, 0xb7, 0xbf, 0x93, 0xeb, 0xc4,
678 0xaf, 0x2f, 0x49, 0x25, 0x6a, 0xe5, 0x81, 0x01, 0xfe, 0xe9,
679 0x2b, 0x04,
680 },
681 .x = {
682 0xa3, 0xe8, 0xeb, 0x3c, 0xc1, 0xcf, 0xe7, 0xb7, 0x73, 0x22,
683 0x13, 0xb2, 0x3a, 0x65, 0x61, 0x49, 0xaf, 0xa1, 0x42, 0xc4,
684 0x7a, 0xaf, 0xbc, 0x2b, 0x79, 0xa1, 0x91, 0x56, 0x2e, 0x13,
685 0x05, 0xf4,
686 },
687 .y = {
688 0x2d, 0x99, 0x6c, 0x82, 0x34, 0x39, 0xc5, 0x6d, 0x7f, 0x7b,
689 0x22, 0xe1, 0x46, 0x44, 0x41, 0x7e, 0x69, 0xbc, 0xb6, 0xde,
690 0x39, 0xd0, 0x27, 0x00, 0x1d, 0xab, 0xe8, 0xf3, 0x5b, 0x25,
691 0xc9, 0xbe,
692 },
693 .order = {
694 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
695 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3,
696 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48,
697 0x56, 0xa7,
698 },
699};
700
701static const struct {
702 uint8_t p[40];
703 uint8_t a[40];
704 uint8_t b[40];
705 uint8_t x[40];
706 uint8_t y[40];
707 uint8_t order[40];
708} _EC_brainpoolP320r1 = {
709 .p = {
710 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
711 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
712 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
713 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27,
714 },
715 .a = {
716 0x3e, 0xe3, 0x0b, 0x56, 0x8f, 0xba, 0xb0, 0xf8, 0x83, 0xcc,
717 0xeb, 0xd4, 0x6d, 0x3f, 0x3b, 0xb8, 0xa2, 0xa7, 0x35, 0x13,
718 0xf5, 0xeb, 0x79, 0xda, 0x66, 0x19, 0x0e, 0xb0, 0x85, 0xff,
719 0xa9, 0xf4, 0x92, 0xf3, 0x75, 0xa9, 0x7d, 0x86, 0x0e, 0xb4,
720 },
721 .b = {
722 0x52, 0x08, 0x83, 0x94, 0x9d, 0xfd, 0xbc, 0x42, 0xd3, 0xad,
723 0x19, 0x86, 0x40, 0x68, 0x8a, 0x6f, 0xe1, 0x3f, 0x41, 0x34,
724 0x95, 0x54, 0xb4, 0x9a, 0xcc, 0x31, 0xdc, 0xcd, 0x88, 0x45,
725 0x39, 0x81, 0x6f, 0x5e, 0xb4, 0xac, 0x8f, 0xb1, 0xf1, 0xa6,
726 },
727 .x = {
728 0x43, 0xbd, 0x7e, 0x9a, 0xfb, 0x53, 0xd8, 0xb8, 0x52, 0x89,
729 0xbc, 0xc4, 0x8e, 0xe5, 0xbf, 0xe6, 0xf2, 0x01, 0x37, 0xd1,
730 0x0a, 0x08, 0x7e, 0xb6, 0xe7, 0x87, 0x1e, 0x2a, 0x10, 0xa5,
731 0x99, 0xc7, 0x10, 0xaf, 0x8d, 0x0d, 0x39, 0xe2, 0x06, 0x11,
732 },
733 .y = {
734 0x14, 0xfd, 0xd0, 0x55, 0x45, 0xec, 0x1c, 0xc8, 0xab, 0x40,
735 0x93, 0x24, 0x7f, 0x77, 0x27, 0x5e, 0x07, 0x43, 0xff, 0xed,
736 0x11, 0x71, 0x82, 0xea, 0xa9, 0xc7, 0x78, 0x77, 0xaa, 0xac,
737 0x6a, 0xc7, 0xd3, 0x52, 0x45, 0xd1, 0x69, 0x2e, 0x8e, 0xe1,
738 },
739 .order = {
740 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
741 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5,
742 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86,
743 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11,
744 },
745};
746
747static const struct {
748 uint8_t p[40];
749 uint8_t a[40];
750 uint8_t b[40];
751 uint8_t x[40];
752 uint8_t y[40];
753 uint8_t order[40];
754} _EC_brainpoolP320t1 = {
755 .p = {
756 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
757 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
758 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
759 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27,
760 },
761 .a = {
762 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
763 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
764 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
765 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x24,
766 },
767 .b = {
768 0xa7, 0xf5, 0x61, 0xe0, 0x38, 0xeb, 0x1e, 0xd5, 0x60, 0xb3,
769 0xd1, 0x47, 0xdb, 0x78, 0x20, 0x13, 0x06, 0x4c, 0x19, 0xf2,
770 0x7e, 0xd2, 0x7c, 0x67, 0x80, 0xaa, 0xf7, 0x7f, 0xb8, 0xa5,
771 0x47, 0xce, 0xb5, 0xb4, 0xfe, 0xf4, 0x22, 0x34, 0x03, 0x53,
772 },
773 .x = {
774 0x92, 0x5b, 0xe9, 0xfb, 0x01, 0xaf, 0xc6, 0xfb, 0x4d, 0x3e,
775 0x7d, 0x49, 0x90, 0x01, 0x0f, 0x81, 0x34, 0x08, 0xab, 0x10,
776 0x6c, 0x4f, 0x09, 0xcb, 0x7e, 0xe0, 0x78, 0x68, 0xcc, 0x13,
777 0x6f, 0xff, 0x33, 0x57, 0xf6, 0x24, 0xa2, 0x1b, 0xed, 0x52,
778 },
779 .y = {
780 0x63, 0xba, 0x3a, 0x7a, 0x27, 0x48, 0x3e, 0xbf, 0x66, 0x71,
781 0xdb, 0xef, 0x7a, 0xbb, 0x30, 0xeb, 0xee, 0x08, 0x4e, 0x58,
782 0xa0, 0xb0, 0x77, 0xad, 0x42, 0xa5, 0xa0, 0x98, 0x9d, 0x1e,
783 0xe7, 0x1b, 0x1b, 0x9b, 0xc0, 0x45, 0x5f, 0xb0, 0xd2, 0xc3,
784 },
785 .order = {
786 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
787 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5,
788 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86,
789 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11,
790 },
791};
792
793static const struct {
794 uint8_t p[48];
795 uint8_t a[48];
796 uint8_t b[48];
797 uint8_t x[48];
798 uint8_t y[48];
799 uint8_t order[48];
800} _EC_brainpoolP384r1 = {
801 .p = {
802 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
803 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
804 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
805 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
806 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53,
807 },
808 .a = {
809 0x7b, 0xc3, 0x82, 0xc6, 0x3d, 0x8c, 0x15, 0x0c, 0x3c, 0x72,
810 0x08, 0x0a, 0xce, 0x05, 0xaf, 0xa0, 0xc2, 0xbe, 0xa2, 0x8e,
811 0x4f, 0xb2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xef, 0xba, 0x91,
812 0xf9, 0x0f, 0x8a, 0xa5, 0x81, 0x4a, 0x50, 0x3a, 0xd4, 0xeb,
813 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26,
814 },
815 .b = {
816 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26, 0x8b, 0x39,
817 0xb5, 0x54, 0x16, 0xf0, 0x44, 0x7c, 0x2f, 0xb7, 0x7d, 0xe1,
818 0x07, 0xdc, 0xd2, 0xa6, 0x2e, 0x88, 0x0e, 0xa5, 0x3e, 0xeb,
819 0x62, 0xd5, 0x7c, 0xb4, 0x39, 0x02, 0x95, 0xdb, 0xc9, 0x94,
820 0x3a, 0xb7, 0x86, 0x96, 0xfa, 0x50, 0x4c, 0x11,
821 },
822 .x = {
823 0x1d, 0x1c, 0x64, 0xf0, 0x68, 0xcf, 0x45, 0xff, 0xa2, 0xa6,
824 0x3a, 0x81, 0xb7, 0xc1, 0x3f, 0x6b, 0x88, 0x47, 0xa3, 0xe7,
825 0x7e, 0xf1, 0x4f, 0xe3, 0xdb, 0x7f, 0xca, 0xfe, 0x0c, 0xbd,
826 0x10, 0xe8, 0xe8, 0x26, 0xe0, 0x34, 0x36, 0xd6, 0x46, 0xaa,
827 0xef, 0x87, 0xb2, 0xe2, 0x47, 0xd4, 0xaf, 0x1e,
828 },
829 .y = {
830 0x8a, 0xbe, 0x1d, 0x75, 0x20, 0xf9, 0xc2, 0xa4, 0x5c, 0xb1,
831 0xeb, 0x8e, 0x95, 0xcf, 0xd5, 0x52, 0x62, 0xb7, 0x0b, 0x29,
832 0xfe, 0xec, 0x58, 0x64, 0xe1, 0x9c, 0x05, 0x4f, 0xf9, 0x91,
833 0x29, 0x28, 0x0e, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11,
834 0x42, 0x82, 0x03, 0x41, 0x26, 0x3c, 0x53, 0x15,
835 },
836 .order = {
837 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
838 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
839 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04,
840 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10,
841 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65,
842 },
843};
844
845static const struct {
846 uint8_t p[48];
847 uint8_t a[48];
848 uint8_t b[48];
849 uint8_t x[48];
850 uint8_t y[48];
851 uint8_t order[48];
852} _EC_brainpoolP384t1 = {
853 .p = {
854 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
855 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
856 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
857 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
858 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53,
859 },
860 .a = {
861 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
862 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
863 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
864 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
865 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x50,
866 },
867 .b = {
868 0x7f, 0x51, 0x9e, 0xad, 0xa7, 0xbd, 0xa8, 0x1b, 0xd8, 0x26,
869 0xdb, 0xa6, 0x47, 0x91, 0x0f, 0x8c, 0x4b, 0x93, 0x46, 0xed,
870 0x8c, 0xcd, 0xc6, 0x4e, 0x4b, 0x1a, 0xbd, 0x11, 0x75, 0x6d,
871 0xce, 0x1d, 0x20, 0x74, 0xaa, 0x26, 0x3b, 0x88, 0x80, 0x5c,
872 0xed, 0x70, 0x35, 0x5a, 0x33, 0xb4, 0x71, 0xee,
873 },
874 .x = {
875 0x18, 0xde, 0x98, 0xb0, 0x2d, 0xb9, 0xa3, 0x06, 0xf2, 0xaf,
876 0xcd, 0x72, 0x35, 0xf7, 0x2a, 0x81, 0x9b, 0x80, 0xab, 0x12,
877 0xeb, 0xd6, 0x53, 0x17, 0x24, 0x76, 0xfe, 0xcd, 0x46, 0x2a,
878 0xab, 0xff, 0xc4, 0xff, 0x19, 0x1b, 0x94, 0x6a, 0x5f, 0x54,
879 0xd8, 0xd0, 0xaa, 0x2f, 0x41, 0x88, 0x08, 0xcc,
880 },
881 .y = {
882 0x25, 0xab, 0x05, 0x69, 0x62, 0xd3, 0x06, 0x51, 0xa1, 0x14,
883 0xaf, 0xd2, 0x75, 0x5a, 0xd3, 0x36, 0x74, 0x7f, 0x93, 0x47,
884 0x5b, 0x7a, 0x1f, 0xca, 0x3b, 0x88, 0xf2, 0xb6, 0xa2, 0x08,
885 0xcc, 0xfe, 0x46, 0x94, 0x08, 0x58, 0x4d, 0xc2, 0xb2, 0x91,
886 0x26, 0x75, 0xbf, 0x5b, 0x9e, 0x58, 0x29, 0x28,
887 },
888 .order = {
889 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
890 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
891 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04,
892 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10,
893 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65,
894 },
895};
896
897static const struct {
898 uint8_t p[64];
899 uint8_t a[64];
900 uint8_t b[64];
901 uint8_t x[64];
902 uint8_t y[64];
903 uint8_t order[64];
904} _EC_brainpoolP512r1 = {
905 .p = {
906 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
907 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
908 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
909 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
910 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
911 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
912 0x58, 0x3a, 0x48, 0xf3,
913 },
914 .a = {
915 0x78, 0x30, 0xa3, 0x31, 0x8b, 0x60, 0x3b, 0x89, 0xe2, 0x32,
916 0x71, 0x45, 0xac, 0x23, 0x4c, 0xc5, 0x94, 0xcb, 0xdd, 0x8d,
917 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98,
918 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1,
919 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11,
920 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d,
921 0x77, 0xfc, 0x94, 0xca,
922 },
923 .b = {
924 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98,
925 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1,
926 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11,
927 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d,
928 0x77, 0xfc, 0x94, 0xca, 0xdc, 0x08, 0x3e, 0x67, 0x98, 0x40,
929 0x50, 0xb7, 0x5e, 0xba, 0xe5, 0xdd, 0x28, 0x09, 0xbd, 0x63,
930 0x80, 0x16, 0xf7, 0x23,
931 },
932 .x = {
933 0x81, 0xae, 0xe4, 0xbd, 0xd8, 0x2e, 0xd9, 0x64, 0x5a, 0x21,
934 0x32, 0x2e, 0x9c, 0x4c, 0x6a, 0x93, 0x85, 0xed, 0x9f, 0x70,
935 0xb5, 0xd9, 0x16, 0xc1, 0xb4, 0x3b, 0x62, 0xee, 0xf4, 0xd0,
936 0x09, 0x8e, 0xff, 0x3b, 0x1f, 0x78, 0xe2, 0xd0, 0xd4, 0x8d,
937 0x50, 0xd1, 0x68, 0x7b, 0x93, 0xb9, 0x7d, 0x5f, 0x7c, 0x6d,
938 0x50, 0x47, 0x40, 0x6a, 0x5e, 0x68, 0x8b, 0x35, 0x22, 0x09,
939 0xbc, 0xb9, 0xf8, 0x22,
940 },
941 .y = {
942 0x7d, 0xde, 0x38, 0x5d, 0x56, 0x63, 0x32, 0xec, 0xc0, 0xea,
943 0xbf, 0xa9, 0xcf, 0x78, 0x22, 0xfd, 0xf2, 0x09, 0xf7, 0x00,
944 0x24, 0xa5, 0x7b, 0x1a, 0xa0, 0x00, 0xc5, 0x5b, 0x88, 0x1f,
945 0x81, 0x11, 0xb2, 0xdc, 0xde, 0x49, 0x4a, 0x5f, 0x48, 0x5e,
946 0x5b, 0xca, 0x4b, 0xd8, 0x8a, 0x27, 0x63, 0xae, 0xd1, 0xca,
947 0x2b, 0x2f, 0xa8, 0xf0, 0x54, 0x06, 0x78, 0xcd, 0x1e, 0x0f,
948 0x3a, 0xd8, 0x08, 0x92,
949 },
950 .order = {
951 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
952 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
953 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
954 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19,
955 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1,
956 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82,
957 0x9c, 0xa9, 0x00, 0x69,
958 },
959};
960
961static const struct {
962 uint8_t p[64];
963 uint8_t a[64];
964 uint8_t b[64];
965 uint8_t x[64];
966 uint8_t y[64];
967 uint8_t order[64];
968} _EC_brainpoolP512t1 = {
969 .p = {
970 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
971 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
972 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
973 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
974 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
975 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
976 0x58, 0x3a, 0x48, 0xf3,
977 },
978 .a = {
979 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
980 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
981 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
982 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
983 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
984 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
985 0x58, 0x3a, 0x48, 0xf0,
986 },
987 .b = {
988 0x7c, 0xbb, 0xbc, 0xf9, 0x44, 0x1c, 0xfa, 0xb7, 0x6e, 0x18,
989 0x90, 0xe4, 0x68, 0x84, 0xea, 0xe3, 0x21, 0xf7, 0x0c, 0x0b,
990 0xcb, 0x49, 0x81, 0x52, 0x78, 0x97, 0x50, 0x4b, 0xec, 0x3e,
991 0x36, 0xa6, 0x2b, 0xcd, 0xfa, 0x23, 0x04, 0x97, 0x65, 0x40,
992 0xf6, 0x45, 0x00, 0x85, 0xf2, 0xda, 0xe1, 0x45, 0xc2, 0x25,
993 0x53, 0xb4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0e, 0xa2, 0x57,
994 0x18, 0x67, 0x42, 0x3e,
995 },
996 .x = {
997 0x64, 0x0e, 0xce, 0x5c, 0x12, 0x78, 0x87, 0x17, 0xb9, 0xc1,
998 0xba, 0x06, 0xcb, 0xc2, 0xa6, 0xfe, 0xba, 0x85, 0x84, 0x24,
999 0x58, 0xc5, 0x6d, 0xde, 0x9d, 0xb1, 0x75, 0x8d, 0x39, 0xc0,
1000 0x31, 0x3d, 0x82, 0xba, 0x51, 0x73, 0x5c, 0xdb, 0x3e, 0xa4,
1001 0x99, 0xaa, 0x77, 0xa7, 0xd6, 0x94, 0x3a, 0x64, 0xf7, 0xa3,
1002 0xf2, 0x5f, 0xe2, 0x6f, 0x06, 0xb5, 0x1b, 0xaa, 0x26, 0x96,
1003 0xfa, 0x90, 0x35, 0xda,
1004 },
1005 .y = {
1006 0x5b, 0x53, 0x4b, 0xd5, 0x95, 0xf5, 0xaf, 0x0f, 0xa2, 0xc8,
1007 0x92, 0x37, 0x6c, 0x84, 0xac, 0xe1, 0xbb, 0x4e, 0x30, 0x19,
1008 0xb7, 0x16, 0x34, 0xc0, 0x11, 0x31, 0x15, 0x9c, 0xae, 0x03,
1009 0xce, 0xe9, 0xd9, 0x93, 0x21, 0x84, 0xbe, 0xef, 0x21, 0x6b,
1010 0xd7, 0x1d, 0xf2, 0xda, 0xdf, 0x86, 0xa6, 0x27, 0x30, 0x6e,
1011 0xcf, 0xf9, 0x6d, 0xbb, 0x8b, 0xac, 0xe1, 0x98, 0xb6, 0x1e,
1012 0x00, 0xf8, 0xb3, 0x32,
1013 },
1014 .order = {
1015 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1016 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1017 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1018 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19,
1019 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1,
1020 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82,
1021 0x9c, 0xa9, 0x00, 0x69,
1022 },
1023};
1024
1025static const struct {
1026 uint8_t p[32];
1027 uint8_t a[32];
1028 uint8_t b[32];
1029 uint8_t x[32];
1030 uint8_t y[32];
1031 uint8_t order[32];
1032} _EC_FRP256v1 = {
1033 .p = {
1034 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1035 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc,
1036 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e,
1037 0x9c, 0x03,
1038 },
1039 .a = {
1040 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1041 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc,
1042 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e,
1043 0x9c, 0x00,
1044 },
1045 .b = {
1046 0xee, 0x35, 0x3f, 0xca, 0x54, 0x28, 0xa9, 0x30, 0x0d, 0x4a,
1047 0xba, 0x75, 0x4a, 0x44, 0xc0, 0x0f, 0xdf, 0xec, 0x0c, 0x9a,
1048 0xe4, 0xb1, 0xa1, 0x80, 0x30, 0x75, 0xed, 0x96, 0x7b, 0x7b,
1049 0xb7, 0x3f,
1050 },
1051 .x = {
1052 0xb6, 0xb3, 0xd4, 0xc3, 0x56, 0xc1, 0x39, 0xeb, 0x31, 0x18,
1053 0x3d, 0x47, 0x49, 0xd4, 0x23, 0x95, 0x8c, 0x27, 0xd2, 0xdc,
1054 0xaf, 0x98, 0xb7, 0x01, 0x64, 0xc9, 0x7a, 0x2d, 0xd9, 0x8f,
1055 0x5c, 0xff,
1056 },
1057 .y = {
1058 0x61, 0x42, 0xe0, 0xf7, 0xc8, 0xb2, 0x04, 0x91, 0x1f, 0x92,
1059 0x71, 0xf0, 0xf3, 0xec, 0xef, 0x8c, 0x27, 0x01, 0xc3, 0x07,
1060 0xe8, 0xe4, 0xc9, 0xe1, 0x83, 0x11, 0x5a, 0x15, 0x54, 0x06,
1061 0x2c, 0xfb,
1062 },
1063 .order = {
1064 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1065 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x53, 0xdc, 0x67, 0xe1,
1066 0x40, 0xd2, 0xbf, 0x94, 0x1f, 0xfd, 0xd4, 0x59, 0xc6, 0xd6,
1067 0x55, 0xe1,
1068 },
1069};
1070
1071static const struct ec_curve {
1072 const char *comment;
1073 int nid;
1074 int seed_len;
1075 int param_len;
1076 unsigned int cofactor;
1077 const uint8_t *seed;
1078 const uint8_t *p;
1079 const uint8_t *a;
1080 const uint8_t *b;
1081 const uint8_t *x;
1082 const uint8_t *y;
1083 const uint8_t *order;
1084} ec_curve_list[] = {
1085 /* secg curves */
1086 {
1087 .comment = "SECG curve secp224k1",
1088 .nid = NID_secp224k1,
1089 .param_len = sizeof(_EC_SECG_PRIME_224K1.p),
1090 .p = _EC_SECG_PRIME_224K1.p,
1091 .a = _EC_SECG_PRIME_224K1.a,
1092 .b = _EC_SECG_PRIME_224K1.b,
1093 .x = _EC_SECG_PRIME_224K1.x,
1094 .y = _EC_SECG_PRIME_224K1.y,
1095 .order = _EC_SECG_PRIME_224K1.order,
1096 .cofactor = 1,
1097 },
1098 {
1099 .comment = "NIST/SECG curve secp224r1",
1100 .nid = NID_secp224r1,
1101 .seed_len = sizeof(_EC_NIST_PRIME_224.seed),
1102 .param_len = sizeof(_EC_NIST_PRIME_224.p),
1103 .seed = _EC_NIST_PRIME_224.seed,
1104 .p = _EC_NIST_PRIME_224.p,
1105 .a = _EC_NIST_PRIME_224.a,
1106 .b = _EC_NIST_PRIME_224.b,
1107 .x = _EC_NIST_PRIME_224.x,
1108 .y = _EC_NIST_PRIME_224.y,
1109 .order = _EC_NIST_PRIME_224.order,
1110 .cofactor = 1,
1111 },
1112 {
1113 .comment = "SECG curve secp256k1",
1114 .nid = NID_secp256k1,
1115 .param_len = sizeof(_EC_SECG_PRIME_256K1.p),
1116 .p = _EC_SECG_PRIME_256K1.p,
1117 .a = _EC_SECG_PRIME_256K1.a,
1118 .b = _EC_SECG_PRIME_256K1.b,
1119 .x = _EC_SECG_PRIME_256K1.x,
1120 .y = _EC_SECG_PRIME_256K1.y,
1121 .order = _EC_SECG_PRIME_256K1.order,
1122 .cofactor = 1,
1123 },
1124 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
1125 {
1126 .comment = "NIST/SECG curve secp384r1",
1127 .nid = NID_secp384r1,
1128 .seed_len = sizeof(_EC_NIST_PRIME_384.seed),
1129 .param_len = sizeof(_EC_NIST_PRIME_384.p),
1130 .seed = _EC_NIST_PRIME_384.seed,
1131 .p = _EC_NIST_PRIME_384.p,
1132 .a = _EC_NIST_PRIME_384.a,
1133 .b = _EC_NIST_PRIME_384.b,
1134 .x = _EC_NIST_PRIME_384.x,
1135 .y = _EC_NIST_PRIME_384.y,
1136 .order = _EC_NIST_PRIME_384.order,
1137 .cofactor = 1,
1138 },
1139 {
1140 .comment = "NIST/SECG curve secp521r1",
1141 .nid = NID_secp521r1,
1142 .seed_len = sizeof(_EC_NIST_PRIME_521.seed),
1143 .param_len = sizeof(_EC_NIST_PRIME_521.p),
1144 .seed = _EC_NIST_PRIME_521.seed,
1145 .p = _EC_NIST_PRIME_521.p,
1146 .a = _EC_NIST_PRIME_521.a,
1147 .b = _EC_NIST_PRIME_521.b,
1148 .x = _EC_NIST_PRIME_521.x,
1149 .y = _EC_NIST_PRIME_521.y,
1150 .order = _EC_NIST_PRIME_521.order,
1151 .cofactor = 1,
1152 },
1153 /* X9.62 curves */
1154 {
1155 .comment = "X9.62 curve prime239v1",
1156 .nid = NID_X9_62_prime239v1,
1157 .seed_len = sizeof(_EC_X9_62_PRIME_239V1.seed),
1158 .param_len = sizeof(_EC_X9_62_PRIME_239V1.p),
1159 .seed = _EC_X9_62_PRIME_239V1.seed,
1160 .p = _EC_X9_62_PRIME_239V1.p,
1161 .a = _EC_X9_62_PRIME_239V1.a,
1162 .b = _EC_X9_62_PRIME_239V1.b,
1163 .x = _EC_X9_62_PRIME_239V1.x,
1164 .y = _EC_X9_62_PRIME_239V1.y,
1165 .order = _EC_X9_62_PRIME_239V1.order,
1166 .cofactor = 1,
1167 },
1168 {
1169 .comment = "X9.62 curve prime239v2",
1170 .nid = NID_X9_62_prime239v2,
1171 .seed_len = sizeof(_EC_X9_62_PRIME_239V2.seed),
1172 .param_len = sizeof(_EC_X9_62_PRIME_239V2.p),
1173 .seed = _EC_X9_62_PRIME_239V2.seed,
1174 .p = _EC_X9_62_PRIME_239V2.p,
1175 .a = _EC_X9_62_PRIME_239V2.a,
1176 .b = _EC_X9_62_PRIME_239V2.b,
1177 .x = _EC_X9_62_PRIME_239V2.x,
1178 .y = _EC_X9_62_PRIME_239V2.y,
1179 .order = _EC_X9_62_PRIME_239V2.order,
1180 .cofactor = 1,
1181 },
1182 {
1183 .comment = "X9.62 curve prime239v3",
1184 .nid = NID_X9_62_prime239v3,
1185 .seed_len = sizeof(_EC_X9_62_PRIME_239V3.seed),
1186 .param_len = sizeof(_EC_X9_62_PRIME_239V3.p),
1187 .seed = _EC_X9_62_PRIME_239V3.seed,
1188 .p = _EC_X9_62_PRIME_239V3.p,
1189 .a = _EC_X9_62_PRIME_239V3.a,
1190 .b = _EC_X9_62_PRIME_239V3.b,
1191 .x = _EC_X9_62_PRIME_239V3.x,
1192 .y = _EC_X9_62_PRIME_239V3.y,
1193 .order = _EC_X9_62_PRIME_239V3.order,
1194 .cofactor = 1,
1195 },
1196 {
1197 .comment = "X9.62/SECG curve prime256v1",
1198 .nid = NID_X9_62_prime256v1,
1199 .seed_len = sizeof(_EC_X9_62_PRIME_256V1.seed),
1200 .param_len = sizeof(_EC_X9_62_PRIME_256V1.p),
1201 .seed = _EC_X9_62_PRIME_256V1.seed,
1202 .p = _EC_X9_62_PRIME_256V1.p,
1203 .a = _EC_X9_62_PRIME_256V1.a,
1204 .b = _EC_X9_62_PRIME_256V1.b,
1205 .x = _EC_X9_62_PRIME_256V1.x,
1206 .y = _EC_X9_62_PRIME_256V1.y,
1207 .order = _EC_X9_62_PRIME_256V1.order,
1208 .cofactor = 1,
1209 },
1210 /* RFC 5639 curves */
1211 {
1212 .comment = "RFC 5639 curve brainpoolP224r1",
1213 .nid = NID_brainpoolP224r1,
1214 .param_len = sizeof(_EC_brainpoolP224r1.p),
1215 .p = _EC_brainpoolP224r1.p,
1216 .a = _EC_brainpoolP224r1.a,
1217 .b = _EC_brainpoolP224r1.b,
1218 .x = _EC_brainpoolP224r1.x,
1219 .y = _EC_brainpoolP224r1.y,
1220 .order = _EC_brainpoolP224r1.order,
1221 .cofactor = 1,
1222 },
1223 {
1224 .comment = "RFC 5639 curve brainpoolP224r2",
1225 .nid = NID_brainpoolP224t1,
1226 .param_len = sizeof(_EC_brainpoolP224t1.p),
1227 .p = _EC_brainpoolP224t1.p,
1228 .a = _EC_brainpoolP224t1.a,
1229 .b = _EC_brainpoolP224t1.b,
1230 .x = _EC_brainpoolP224t1.x,
1231 .y = _EC_brainpoolP224t1.y,
1232 .order = _EC_brainpoolP224t1.order,
1233 .cofactor = 1,
1234 },
1235 {
1236 .comment = "RFC 5639 curve brainpoolP256r1",
1237 .nid = NID_brainpoolP256r1,
1238 .param_len = sizeof(_EC_brainpoolP256r1.p),
1239 .p = _EC_brainpoolP256r1.p,
1240 .a = _EC_brainpoolP256r1.a,
1241 .b = _EC_brainpoolP256r1.b,
1242 .x = _EC_brainpoolP256r1.x,
1243 .y = _EC_brainpoolP256r1.y,
1244 .order = _EC_brainpoolP256r1.order,
1245 .cofactor = 1,
1246 },
1247 {
1248 .comment = "RFC 5639 curve brainpoolP256t1",
1249 .nid = NID_brainpoolP256t1,
1250 .param_len = sizeof(_EC_brainpoolP256t1.p),
1251 .p = _EC_brainpoolP256t1.p,
1252 .a = _EC_brainpoolP256t1.a,
1253 .b = _EC_brainpoolP256t1.b,
1254 .x = _EC_brainpoolP256t1.x,
1255 .y = _EC_brainpoolP256t1.y,
1256 .order = _EC_brainpoolP256t1.order,
1257 .cofactor = 1,
1258 },
1259 {
1260 .comment = "RFC 5639 curve brainpoolP320r1",
1261 .nid = NID_brainpoolP320r1,
1262 .param_len = sizeof(_EC_brainpoolP320r1.p),
1263 .p = _EC_brainpoolP320r1.p,
1264 .a = _EC_brainpoolP320r1.a,
1265 .b = _EC_brainpoolP320r1.b,
1266 .x = _EC_brainpoolP320r1.x,
1267 .y = _EC_brainpoolP320r1.y,
1268 .order = _EC_brainpoolP320r1.order,
1269 .cofactor = 1,
1270 },
1271 {
1272 .comment = "RFC 5639 curve brainpoolP320t1",
1273 .nid = NID_brainpoolP320t1,
1274 .param_len = sizeof(_EC_brainpoolP320t1.p),
1275 .p = _EC_brainpoolP320t1.p,
1276 .a = _EC_brainpoolP320t1.a,
1277 .b = _EC_brainpoolP320t1.b,
1278 .x = _EC_brainpoolP320t1.x,
1279 .y = _EC_brainpoolP320t1.y,
1280 .order = _EC_brainpoolP320t1.order,
1281 .cofactor = 1,
1282 },
1283 {
1284 .comment = "RFC 5639 curve brainpoolP384r1",
1285 .nid = NID_brainpoolP384r1,
1286 .param_len = sizeof(_EC_brainpoolP384r1.p),
1287 .p = _EC_brainpoolP384r1.p,
1288 .a = _EC_brainpoolP384r1.a,
1289 .b = _EC_brainpoolP384r1.b,
1290 .x = _EC_brainpoolP384r1.x,
1291 .y = _EC_brainpoolP384r1.y,
1292 .order = _EC_brainpoolP384r1.order,
1293 .cofactor = 1,
1294 },
1295 {
1296 .comment = "RFC 5639 curve brainpoolP384t1",
1297 .nid = NID_brainpoolP384t1,
1298 .param_len = sizeof(_EC_brainpoolP384t1.p),
1299 .p = _EC_brainpoolP384t1.p,
1300 .a = _EC_brainpoolP384t1.a,
1301 .b = _EC_brainpoolP384t1.b,
1302 .x = _EC_brainpoolP384t1.x,
1303 .y = _EC_brainpoolP384t1.y,
1304 .order = _EC_brainpoolP384t1.order,
1305 .cofactor = 1,
1306 },
1307 {
1308 .comment = "RFC 5639 curve brainpoolP512r1",
1309 .nid = NID_brainpoolP512r1,
1310 .param_len = sizeof(_EC_brainpoolP512r1.p),
1311 .p = _EC_brainpoolP512r1.p,
1312 .a = _EC_brainpoolP512r1.a,
1313 .b = _EC_brainpoolP512r1.b,
1314 .x = _EC_brainpoolP512r1.x,
1315 .y = _EC_brainpoolP512r1.y,
1316 .order = _EC_brainpoolP512r1.order,
1317 .cofactor = 1,
1318 },
1319 {
1320 .comment = "RFC 5639 curve brainpoolP512t1",
1321 .nid = NID_brainpoolP512t1,
1322 .param_len = sizeof(_EC_brainpoolP512t1.p),
1323 .p = _EC_brainpoolP512t1.p,
1324 .a = _EC_brainpoolP512t1.a,
1325 .b = _EC_brainpoolP512t1.b,
1326 .x = _EC_brainpoolP512t1.x,
1327 .y = _EC_brainpoolP512t1.y,
1328 .order = _EC_brainpoolP512t1.order,
1329 .cofactor = 1,
1330 },
1331 /* ANSSI */
1332 {
1333 .comment = "ANSSI curve FRP256v1",
1334 .nid = NID_FRP256v1,
1335 .param_len = sizeof(_EC_FRP256v1.p),
1336 .p = _EC_FRP256v1.p,
1337 .a = _EC_FRP256v1.a,
1338 .b = _EC_FRP256v1.b,
1339 .x = _EC_FRP256v1.x,
1340 .y = _EC_FRP256v1.y,
1341 .order = _EC_FRP256v1.order,
1342 .cofactor = 1,
1343 },
1344};
1345
1346#define EC_CURVE_LIST_LENGTH (sizeof(ec_curve_list) / sizeof(ec_curve_list[0]))
1347
1348static EC_GROUP *
1349ec_group_new_from_data(const struct ec_curve *curve)
1350{
1351 EC_GROUP *group = NULL, *ret = NULL;
1352 EC_POINT *generator = NULL;
1353 BN_CTX *ctx = NULL;
1354 BIGNUM *p, *a, *b, *x, *y, *order, *cofactor;
1355
1356 if ((ctx = BN_CTX_new()) == NULL) {
1357 ECerror(ERR_R_MALLOC_FAILURE);
1358 goto err;
1359 }
1360 BN_CTX_start(ctx);
1361
1362 if ((p = BN_CTX_get(ctx)) == NULL) {
1363 ECerror(ERR_R_BN_LIB);
1364 goto err;
1365 }
1366 if ((a = BN_CTX_get(ctx)) == NULL) {
1367 ECerror(ERR_R_BN_LIB);
1368 goto err;
1369 }
1370 if ((b = BN_CTX_get(ctx)) == NULL) {
1371 ECerror(ERR_R_BN_LIB);
1372 goto err;
1373 }
1374 if ((x = BN_CTX_get(ctx)) == NULL) {
1375 ECerror(ERR_R_BN_LIB);
1376 goto err;
1377 }
1378 if ((y = BN_CTX_get(ctx)) == NULL) {
1379 ECerror(ERR_R_BN_LIB);
1380 goto err;
1381 }
1382 if ((order = BN_CTX_get(ctx)) == NULL) {
1383 ECerror(ERR_R_BN_LIB);
1384 goto err;
1385 }
1386 if ((cofactor = BN_CTX_get(ctx)) == NULL) {
1387 ECerror(ERR_R_BN_LIB);
1388 goto err;
1389 }
1390
1391 if (BN_bin2bn(curve->p, curve->param_len, p) == NULL) {
1392 ECerror(ERR_R_BN_LIB);
1393 goto err;
1394 }
1395 if (BN_bin2bn(curve->a, curve->param_len, a) == NULL) {
1396 ECerror(ERR_R_BN_LIB);
1397 goto err;
1398 }
1399 if (BN_bin2bn(curve->b, curve->param_len, b) == NULL) {
1400 ECerror(ERR_R_BN_LIB);
1401 goto err;
1402 }
1403 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
1404 ECerror(ERR_R_EC_LIB);
1405 goto err;
1406 }
1407 EC_GROUP_set_curve_name(group, curve->nid);
1408
1409 if ((generator = EC_POINT_new(group)) == NULL) {
1410 ECerror(ERR_R_EC_LIB);
1411 goto err;
1412 }
1413 if (BN_bin2bn(curve->x, curve->param_len, x) == NULL) {
1414 ECerror(ERR_R_BN_LIB);
1415 goto err;
1416 }
1417 if (BN_bin2bn(curve->y, curve->param_len, y) == NULL) {
1418 ECerror(ERR_R_BN_LIB);
1419 goto err;
1420 }
1421 if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) {
1422 ECerror(ERR_R_EC_LIB);
1423 goto err;
1424 }
1425 if (BN_bin2bn(curve->order, curve->param_len, order) == NULL) {
1426 ECerror(ERR_R_EC_LIB);
1427 goto err;
1428 }
1429 if (!BN_set_word(cofactor, curve->cofactor)) {
1430 ECerror(ERR_R_BN_LIB);
1431 goto err;
1432 }
1433 if (!EC_GROUP_set_generator(group, generator, order, cofactor)) {
1434 ECerror(ERR_R_EC_LIB);
1435 goto err;
1436 }
1437
1438 if (curve->seed != NULL) {
1439 if (!EC_GROUP_set_seed(group, curve->seed, curve->seed_len)) {
1440 ECerror(ERR_R_EC_LIB);
1441 goto err;
1442 }
1443 }
1444
1445 ret = group;
1446 group = NULL;
1447
1448 err:
1449 EC_GROUP_free(group);
1450 EC_POINT_free(generator);
1451 BN_CTX_end(ctx);
1452 BN_CTX_free(ctx);
1453
1454 return ret;
1455}
1456
1457EC_GROUP *
1458EC_GROUP_new_by_curve_name(int nid)
1459{
1460 size_t i;
1461
1462 if (nid <= 0)
1463 return NULL;
1464
1465 for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) {
1466 if (ec_curve_list[i].nid == nid)
1467 return ec_group_new_from_data(&ec_curve_list[i]);
1468 }
1469
1470 ECerror(EC_R_UNKNOWN_GROUP);
1471 return NULL;
1472}
1473LCRYPTO_ALIAS(EC_GROUP_new_by_curve_name);
1474
1475static void
1476ec_curve_free(struct ec_curve *curve)
1477{
1478 if (curve == NULL)
1479 return;
1480
1481 /* PERM UGLY CASTS */
1482 free((uint8_t *)curve->seed);
1483 free((uint8_t *)curve->p);
1484 free((uint8_t *)curve->a);
1485 free((uint8_t *)curve->b);
1486 free((uint8_t *)curve->x);
1487 free((uint8_t *)curve->y);
1488 free((uint8_t *)curve->order);
1489
1490 free(curve);
1491}
1492
1493static int
1494ec_curve_encode_parameter(const BIGNUM *bn, int param_len,
1495 const uint8_t **out_param)
1496{
1497 uint8_t *buf = NULL;
1498 int ret = 0;
1499
1500 if (out_param == NULL || *out_param != NULL)
1501 goto err;
1502
1503 if ((buf = calloc(1, param_len)) == NULL)
1504 goto err;
1505 if (BN_bn2binpad(bn, buf, param_len) != param_len)
1506 goto err;
1507
1508 *out_param = buf;
1509 buf = NULL;
1510
1511 ret = 1;
1512
1513 err:
1514 free(buf);
1515
1516 return ret;
1517}
1518
1519static struct ec_curve *
1520ec_curve_from_group(const EC_GROUP *group)
1521{
1522 struct ec_curve *curve = NULL;
1523 BN_CTX *ctx;
1524 BIGNUM *p, *a, *b, *x, *y;
1525 const EC_POINT *generator = NULL;
1526 const BIGNUM *order, *cofactor;
1527 size_t seed_len;
1528
1529 if ((ctx = BN_CTX_new()) == NULL)
1530 goto err;
1531 BN_CTX_start(ctx);
1532
1533 if ((p = BN_CTX_get(ctx)) == NULL)
1534 goto err;
1535 if ((a = BN_CTX_get(ctx)) == NULL)
1536 goto err;
1537 if ((b = BN_CTX_get(ctx)) == NULL)
1538 goto err;
1539 if ((x = BN_CTX_get(ctx)) == NULL)
1540 goto err;
1541 if ((y = BN_CTX_get(ctx)) == NULL)
1542 goto err;
1543
1544 if (!EC_GROUP_get_curve(group, p, a, b, ctx))
1545 goto err;
1546 if ((generator = EC_GROUP_get0_generator(group)) == NULL)
1547 goto err;
1548 if (!EC_POINT_get_affine_coordinates(group, generator, x, y, ctx))
1549 goto err;
1550 if ((order = EC_GROUP_get0_order(group)) == NULL)
1551 goto err;
1552
1553 if ((curve = calloc(1, sizeof(*curve))) == NULL)
1554 goto err;
1555
1556 curve->param_len = BN_num_bytes(p);
1557 if (BN_num_bytes(order) > curve->param_len)
1558 curve->param_len = BN_num_bytes(order);
1559
1560 if (!ec_curve_encode_parameter(p, curve->param_len, &curve->p))
1561 goto err;
1562 if (!ec_curve_encode_parameter(a, curve->param_len, &curve->a))
1563 goto err;
1564 if (!ec_curve_encode_parameter(b, curve->param_len, &curve->b))
1565 goto err;
1566 if (!ec_curve_encode_parameter(x, curve->param_len, &curve->x))
1567 goto err;
1568 if (!ec_curve_encode_parameter(y, curve->param_len, &curve->y))
1569 goto err;
1570 if (!ec_curve_encode_parameter(order, curve->param_len, &curve->order))
1571 goto err;
1572
1573 if ((cofactor = EC_GROUP_get0_cofactor(group)) != NULL) {
1574 BN_ULONG cofactor_word;
1575
1576 if ((cofactor_word = BN_get_word(cofactor)) == BN_MASK2)
1577 goto err;
1578 if (cofactor_word > INT_MAX)
1579 goto err;
1580
1581 curve->cofactor = cofactor_word;
1582 }
1583
1584 if ((seed_len = EC_GROUP_get_seed_len(group)) > 0) {
1585 uint8_t *seed;
1586
1587 if (seed_len > INT_MAX)
1588 goto err;
1589 if ((seed = calloc(1, seed_len)) == NULL)
1590 goto err;
1591 memcpy(seed, EC_GROUP_get0_seed(group), seed_len);
1592
1593 curve->seed = seed;
1594 curve->seed_len = seed_len;
1595 }
1596
1597 BN_CTX_end(ctx);
1598 BN_CTX_free(ctx);
1599
1600 return curve;
1601
1602 err:
1603 BN_CTX_end(ctx);
1604 BN_CTX_free(ctx);
1605
1606 ec_curve_free(curve);
1607
1608 return NULL;
1609}
1610
1611static int
1612ec_curve_cmp(const struct ec_curve *a, const struct ec_curve *b)
1613{
1614 int cmp;
1615
1616 /* Treat nid as optional. The OID isn't part of EC parameters. */
1617 if (a->nid != NID_undef && b->nid != NID_undef) {
1618 if (a->nid < b->nid)
1619 return -1;
1620 if (a->nid > b->nid)
1621 return 1;
1622 }
1623
1624 if (a->cofactor < b->cofactor)
1625 return -1;
1626 if (a->cofactor > b->cofactor)
1627 return 1;
1628 if (a->param_len < b->param_len)
1629 return -1;
1630 if (a->param_len > b->param_len)
1631 return 1;
1632
1633 if ((cmp = memcmp(a->p, b->p, a->param_len)) != 0)
1634 return cmp;
1635 if ((cmp = memcmp(a->a, b->a, a->param_len)) != 0)
1636 return cmp;
1637 if ((cmp = memcmp(a->b, b->b, a->param_len)) != 0)
1638 return cmp;
1639 if ((cmp = memcmp(a->x, b->x, a->param_len)) != 0)
1640 return cmp;
1641 if ((cmp = memcmp(a->y, b->y, a->param_len)) != 0)
1642 return cmp;
1643 if ((cmp = memcmp(a->order, b->order, a->param_len)) != 0)
1644 return cmp;
1645
1646 /* Seed is optional, not used for computation. Must match if present. */
1647 if (a->seed_len != 0 && b->seed_len != 0) {
1648 if (a->seed_len < b->seed_len)
1649 return -1;
1650 if (a->seed_len > b->seed_len)
1651 return 1;
1652 if (a->seed != NULL && b->seed != NULL) {
1653 if ((cmp = memcmp(a->seed, b->seed, a->seed_len)) != 0)
1654 return cmp;
1655 }
1656 }
1657
1658 return 0;
1659}
1660
1661static int
1662ec_group_nid_from_curve(const struct ec_curve *curve)
1663{
1664 size_t i;
1665
1666 for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) {
1667 if (ec_curve_cmp(curve, &ec_curve_list[i]) == 0)
1668 return ec_curve_list[i].nid;
1669 }
1670
1671 return NID_undef;
1672}
1673
1674int
1675ec_group_is_builtin_curve(const EC_GROUP *group, int *out_nid)
1676{
1677 struct ec_curve *curve;
1678 int ret = 0;
1679 int nid;
1680
1681 *out_nid = NID_undef;
1682
1683 if ((curve = ec_curve_from_group(group)) == NULL)
1684 goto err;
1685 if ((nid = ec_group_nid_from_curve(curve)) == NID_undef)
1686 goto err;
1687
1688 *out_nid = nid;
1689
1690 ret = 1;
1691
1692 err:
1693 ec_curve_free(curve);
1694
1695 return ret;
1696}
1697
1698size_t
1699EC_get_builtin_curves(EC_builtin_curve *curves, size_t nitems)
1700{
1701 size_t i;
1702
1703 if (curves == NULL || nitems == 0)
1704 return EC_CURVE_LIST_LENGTH;
1705
1706 if (nitems > EC_CURVE_LIST_LENGTH)
1707 nitems = EC_CURVE_LIST_LENGTH;
1708
1709 for (i = 0; i < nitems; i++) {
1710 curves[i].nid = ec_curve_list[i].nid;
1711 curves[i].comment = ec_curve_list[i].comment;
1712 }
1713
1714 return EC_CURVE_LIST_LENGTH;
1715}
1716LCRYPTO_ALIAS(EC_get_builtin_curves);
1717
1718static const struct {
1719 const char *name;
1720 int nid;
1721} nist_curves[] = {
1722 { "B-163", NID_sect163r2 },
1723 { "B-233", NID_sect233r1 },
1724 { "B-283", NID_sect283r1 },
1725 { "B-409", NID_sect409r1 },
1726 { "B-571", NID_sect571r1 },
1727 { "K-163", NID_sect163k1 },
1728 { "K-233", NID_sect233k1 },
1729 { "K-283", NID_sect283k1 },
1730 { "K-409", NID_sect409k1 },
1731 { "K-571", NID_sect571k1 },
1732 { "P-192", NID_X9_62_prime192v1 },
1733 { "P-224", NID_secp224r1 },
1734 { "P-256", NID_X9_62_prime256v1 },
1735 { "P-384", NID_secp384r1 },
1736 { "P-521", NID_secp521r1 }
1737};
1738
1739const char *
1740EC_curve_nid2nist(int nid)
1741{
1742 size_t i;
1743
1744 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) {
1745 if (nist_curves[i].nid == nid)
1746 return nist_curves[i].name;
1747 }
1748
1749 return NULL;
1750}
1751LCRYPTO_ALIAS(EC_curve_nid2nist);
1752
1753int
1754EC_curve_nist2nid(const char *name)
1755{
1756 size_t i;
1757
1758 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) {
1759 if (strcmp(nist_curves[i].name, name) == 0)
1760 return nist_curves[i].nid;
1761 }
1762
1763 return NID_undef;
1764}
1765LCRYPTO_ALIAS(EC_curve_nist2nid);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 21:45:01 +0000