Hannes Tschofenig / Mbed 2 deprecated aes-gcm-test-program

Example program to test AES-GCM functionality. Used for a workshop

Dependencies:   mbed

SSL/library/ecp_curves.c@0:796d0f61a05b, 2018-09-27 (annotated)

Committer:
HannesTschofenig
Date:
Thu Sep 27 06:34:22 2018 +0000
Revision:
0:796d0f61a05b
Example AES-GCM test program

Who changed what in which revision?

UserRevisionLine numberNew contents of line
HannesTschofenig 0:796d0f61a05b 1 /*
HannesTschofenig 0:796d0f61a05b 2 * Elliptic curves over GF(p): curve-specific data and functions
HannesTschofenig 0:796d0f61a05b 3 *
HannesTschofenig 0:796d0f61a05b 4 * Copyright (C) 2006-2014, Brainspark B.V.
HannesTschofenig 0:796d0f61a05b 5 *
HannesTschofenig 0:796d0f61a05b 6 * This file is part of PolarSSL (http://www.polarssl.org)
HannesTschofenig 0:796d0f61a05b 7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
HannesTschofenig 0:796d0f61a05b 8 *
HannesTschofenig 0:796d0f61a05b 9 * All rights reserved.
HannesTschofenig 0:796d0f61a05b 10 *
HannesTschofenig 0:796d0f61a05b 11 * This program is free software; you can redistribute it and/or modify
HannesTschofenig 0:796d0f61a05b 12 * it under the terms of the GNU General Public License as published by
HannesTschofenig 0:796d0f61a05b 13 * the Free Software Foundation; either version 2 of the License, or
HannesTschofenig 0:796d0f61a05b 14 * (at your option) any later version.
HannesTschofenig 0:796d0f61a05b 15 *
HannesTschofenig 0:796d0f61a05b 16 * This program is distributed in the hope that it will be useful,
HannesTschofenig 0:796d0f61a05b 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
HannesTschofenig 0:796d0f61a05b 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
HannesTschofenig 0:796d0f61a05b 19 * GNU General Public License for more details.
HannesTschofenig 0:796d0f61a05b 20 *
HannesTschofenig 0:796d0f61a05b 21 * You should have received a copy of the GNU General Public License along
HannesTschofenig 0:796d0f61a05b 22 * with this program; if not, write to the Free Software Foundation, Inc.,
HannesTschofenig 0:796d0f61a05b 23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
HannesTschofenig 0:796d0f61a05b 24 */
HannesTschofenig 0:796d0f61a05b 25
HannesTschofenig 0:796d0f61a05b 26 #if !defined(POLARSSL_CONFIG_FILE)
HannesTschofenig 0:796d0f61a05b 27 #include "polarssl/config.h"
HannesTschofenig 0:796d0f61a05b 28 #else
HannesTschofenig 0:796d0f61a05b 29 #include POLARSSL_CONFIG_FILE
HannesTschofenig 0:796d0f61a05b 30 #endif
HannesTschofenig 0:796d0f61a05b 31
HannesTschofenig 0:796d0f61a05b 32 #if defined(POLARSSL_ECP_C)
HannesTschofenig 0:796d0f61a05b 33
HannesTschofenig 0:796d0f61a05b 34 #include "polarssl/ecp.h"
HannesTschofenig 0:796d0f61a05b 35
HannesTschofenig 0:796d0f61a05b 36 #if defined(_MSC_VER) && !defined(inline)
HannesTschofenig 0:796d0f61a05b 37 #define inline _inline
HannesTschofenig 0:796d0f61a05b 38 #else
HannesTschofenig 0:796d0f61a05b 39 #if defined(__ARMCC_VERSION) && !defined(inline)
HannesTschofenig 0:796d0f61a05b 40 #define inline __inline
HannesTschofenig 0:796d0f61a05b 41 #endif /* __ARMCC_VERSION */
HannesTschofenig 0:796d0f61a05b 42 #endif /*_MSC_VER */
HannesTschofenig 0:796d0f61a05b 43
HannesTschofenig 0:796d0f61a05b 44 /*
HannesTschofenig 0:796d0f61a05b 45 * Conversion macros for embedded constants:
HannesTschofenig 0:796d0f61a05b 46 * build lists of t_uint's from lists of unsigned char's grouped by 8, 4 or 2
HannesTschofenig 0:796d0f61a05b 47 */
HannesTschofenig 0:796d0f61a05b 48 #if defined(POLARSSL_HAVE_INT8)
HannesTschofenig 0:796d0f61a05b 49
HannesTschofenig 0:796d0f61a05b 50 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
HannesTschofenig 0:796d0f61a05b 51 a, b, c, d, e, f, g, h
HannesTschofenig 0:796d0f61a05b 52
HannesTschofenig 0:796d0f61a05b 53 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
HannesTschofenig 0:796d0f61a05b 54 a, b, c, d
HannesTschofenig 0:796d0f61a05b 55
HannesTschofenig 0:796d0f61a05b 56 #define BYTES_TO_T_UINT_2( a, b ) \
HannesTschofenig 0:796d0f61a05b 57 a, b
HannesTschofenig 0:796d0f61a05b 58
HannesTschofenig 0:796d0f61a05b 59 #elif defined(POLARSSL_HAVE_INT16)
HannesTschofenig 0:796d0f61a05b 60
HannesTschofenig 0:796d0f61a05b 61 #define BYTES_TO_T_UINT_2( a, b ) \
HannesTschofenig 0:796d0f61a05b 62 ( (t_uint) a << 0 ) | \
HannesTschofenig 0:796d0f61a05b 63 ( (t_uint) b << 8 )
HannesTschofenig 0:796d0f61a05b 64
HannesTschofenig 0:796d0f61a05b 65 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
HannesTschofenig 0:796d0f61a05b 66 BYTES_TO_T_UINT_2( a, b ), \
HannesTschofenig 0:796d0f61a05b 67 BYTES_TO_T_UINT_2( c, d )
HannesTschofenig 0:796d0f61a05b 68
HannesTschofenig 0:796d0f61a05b 69 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
HannesTschofenig 0:796d0f61a05b 70 BYTES_TO_T_UINT_2( a, b ), \
HannesTschofenig 0:796d0f61a05b 71 BYTES_TO_T_UINT_2( c, d ), \
HannesTschofenig 0:796d0f61a05b 72 BYTES_TO_T_UINT_2( e, f ), \
HannesTschofenig 0:796d0f61a05b 73 BYTES_TO_T_UINT_2( g, h )
HannesTschofenig 0:796d0f61a05b 74
HannesTschofenig 0:796d0f61a05b 75 #elif defined(POLARSSL_HAVE_INT32)
HannesTschofenig 0:796d0f61a05b 76
HannesTschofenig 0:796d0f61a05b 77 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
HannesTschofenig 0:796d0f61a05b 78 ( (t_uint) a << 0 ) | \
HannesTschofenig 0:796d0f61a05b 79 ( (t_uint) b << 8 ) | \
HannesTschofenig 0:796d0f61a05b 80 ( (t_uint) c << 16 ) | \
HannesTschofenig 0:796d0f61a05b 81 ( (t_uint) d << 24 )
HannesTschofenig 0:796d0f61a05b 82
HannesTschofenig 0:796d0f61a05b 83 #define BYTES_TO_T_UINT_2( a, b ) \
HannesTschofenig 0:796d0f61a05b 84 BYTES_TO_T_UINT_4( a, b, 0, 0 )
HannesTschofenig 0:796d0f61a05b 85
HannesTschofenig 0:796d0f61a05b 86 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
HannesTschofenig 0:796d0f61a05b 87 BYTES_TO_T_UINT_4( a, b, c, d ), \
HannesTschofenig 0:796d0f61a05b 88 BYTES_TO_T_UINT_4( e, f, g, h )
HannesTschofenig 0:796d0f61a05b 89
HannesTschofenig 0:796d0f61a05b 90 #else /* 64-bits */
HannesTschofenig 0:796d0f61a05b 91
HannesTschofenig 0:796d0f61a05b 92 #define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
HannesTschofenig 0:796d0f61a05b 93 ( (t_uint) a << 0 ) | \
HannesTschofenig 0:796d0f61a05b 94 ( (t_uint) b << 8 ) | \
HannesTschofenig 0:796d0f61a05b 95 ( (t_uint) c << 16 ) | \
HannesTschofenig 0:796d0f61a05b 96 ( (t_uint) d << 24 ) | \
HannesTschofenig 0:796d0f61a05b 97 ( (t_uint) e << 32 ) | \
HannesTschofenig 0:796d0f61a05b 98 ( (t_uint) f << 40 ) | \
HannesTschofenig 0:796d0f61a05b 99 ( (t_uint) g << 48 ) | \
HannesTschofenig 0:796d0f61a05b 100 ( (t_uint) h << 56 )
HannesTschofenig 0:796d0f61a05b 101
HannesTschofenig 0:796d0f61a05b 102 #define BYTES_TO_T_UINT_4( a, b, c, d ) \
HannesTschofenig 0:796d0f61a05b 103 BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
HannesTschofenig 0:796d0f61a05b 104
HannesTschofenig 0:796d0f61a05b 105 #define BYTES_TO_T_UINT_2( a, b ) \
HannesTschofenig 0:796d0f61a05b 106 BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
HannesTschofenig 0:796d0f61a05b 107
HannesTschofenig 0:796d0f61a05b 108 #endif /* bits in t_uint */
HannesTschofenig 0:796d0f61a05b 109
HannesTschofenig 0:796d0f61a05b 110 /*
HannesTschofenig 0:796d0f61a05b 111 * Note: the constants are in little-endian order
HannesTschofenig 0:796d0f61a05b 112 * to be directly usable in MPIs
HannesTschofenig 0:796d0f61a05b 113 */
HannesTschofenig 0:796d0f61a05b 114
HannesTschofenig 0:796d0f61a05b 115 /*
HannesTschofenig 0:796d0f61a05b 116 * Domain parameters for secp192r1
HannesTschofenig 0:796d0f61a05b 117 */
HannesTschofenig 0:796d0f61a05b 118 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 119 static const t_uint secp192r1_p[] = {
HannesTschofenig 0:796d0f61a05b 120 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 121 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 122 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 123 };
HannesTschofenig 0:796d0f61a05b 124 static const t_uint secp192r1_b[] = {
HannesTschofenig 0:796d0f61a05b 125 BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
HannesTschofenig 0:796d0f61a05b 126 BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
HannesTschofenig 0:796d0f61a05b 127 BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
HannesTschofenig 0:796d0f61a05b 128 };
HannesTschofenig 0:796d0f61a05b 129 static const t_uint secp192r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 130 BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
HannesTschofenig 0:796d0f61a05b 131 BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
HannesTschofenig 0:796d0f61a05b 132 BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
HannesTschofenig 0:796d0f61a05b 133 };
HannesTschofenig 0:796d0f61a05b 134 static const t_uint secp192r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 135 BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
HannesTschofenig 0:796d0f61a05b 136 BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
HannesTschofenig 0:796d0f61a05b 137 BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
HannesTschofenig 0:796d0f61a05b 138 };
HannesTschofenig 0:796d0f61a05b 139 static const t_uint secp192r1_n[] = {
HannesTschofenig 0:796d0f61a05b 140 BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
HannesTschofenig 0:796d0f61a05b 141 BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 142 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 143 };
HannesTschofenig 0:796d0f61a05b 144 #endif /* POLARSSL_ECP_DP_SECP192R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 145
HannesTschofenig 0:796d0f61a05b 146 /*
HannesTschofenig 0:796d0f61a05b 147 * Domain parameters for secp224r1
HannesTschofenig 0:796d0f61a05b 148 */
HannesTschofenig 0:796d0f61a05b 149 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 150 static const t_uint secp224r1_p[] = {
HannesTschofenig 0:796d0f61a05b 151 BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 152 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 153 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 154 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 155 };
HannesTschofenig 0:796d0f61a05b 156 static const t_uint secp224r1_b[] = {
HannesTschofenig 0:796d0f61a05b 157 BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
HannesTschofenig 0:796d0f61a05b 158 BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
HannesTschofenig 0:796d0f61a05b 159 BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
HannesTschofenig 0:796d0f61a05b 160 BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
HannesTschofenig 0:796d0f61a05b 161 };
HannesTschofenig 0:796d0f61a05b 162 static const t_uint secp224r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 163 BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
HannesTschofenig 0:796d0f61a05b 164 BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
HannesTschofenig 0:796d0f61a05b 165 BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
HannesTschofenig 0:796d0f61a05b 166 BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
HannesTschofenig 0:796d0f61a05b 167 };
HannesTschofenig 0:796d0f61a05b 168 static const t_uint secp224r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 169 BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
HannesTschofenig 0:796d0f61a05b 170 BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
HannesTschofenig 0:796d0f61a05b 171 BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
HannesTschofenig 0:796d0f61a05b 172 BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
HannesTschofenig 0:796d0f61a05b 173 };
HannesTschofenig 0:796d0f61a05b 174 static const t_uint secp224r1_n[] = {
HannesTschofenig 0:796d0f61a05b 175 BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
HannesTschofenig 0:796d0f61a05b 176 BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 177 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 178 BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 179 };
HannesTschofenig 0:796d0f61a05b 180 #endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 181
HannesTschofenig 0:796d0f61a05b 182 /*
HannesTschofenig 0:796d0f61a05b 183 * Domain parameters for secp256r1
HannesTschofenig 0:796d0f61a05b 184 */
HannesTschofenig 0:796d0f61a05b 185 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 186 static const t_uint secp256r1_p[] = {
HannesTschofenig 0:796d0f61a05b 187 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 188 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 189 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 190 BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 191 };
HannesTschofenig 0:796d0f61a05b 192 static const t_uint secp256r1_b[] = {
HannesTschofenig 0:796d0f61a05b 193 BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
HannesTschofenig 0:796d0f61a05b 194 BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
HannesTschofenig 0:796d0f61a05b 195 BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
HannesTschofenig 0:796d0f61a05b 196 BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
HannesTschofenig 0:796d0f61a05b 197 };
HannesTschofenig 0:796d0f61a05b 198 static const t_uint secp256r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 199 BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
HannesTschofenig 0:796d0f61a05b 200 BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
HannesTschofenig 0:796d0f61a05b 201 BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
HannesTschofenig 0:796d0f61a05b 202 BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
HannesTschofenig 0:796d0f61a05b 203 };
HannesTschofenig 0:796d0f61a05b 204 static const t_uint secp256r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 205 BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
HannesTschofenig 0:796d0f61a05b 206 BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
HannesTschofenig 0:796d0f61a05b 207 BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
HannesTschofenig 0:796d0f61a05b 208 BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
HannesTschofenig 0:796d0f61a05b 209 };
HannesTschofenig 0:796d0f61a05b 210 static const t_uint secp256r1_n[] = {
HannesTschofenig 0:796d0f61a05b 211 BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
HannesTschofenig 0:796d0f61a05b 212 BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
HannesTschofenig 0:796d0f61a05b 213 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 214 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 215 };
HannesTschofenig 0:796d0f61a05b 216 #endif /* POLARSSL_ECP_DP_SECP256R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 217
HannesTschofenig 0:796d0f61a05b 218 /*
HannesTschofenig 0:796d0f61a05b 219 * Domain parameters for secp384r1
HannesTschofenig 0:796d0f61a05b 220 */
HannesTschofenig 0:796d0f61a05b 221 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 222 static const t_uint secp384r1_p[] = {
HannesTschofenig 0:796d0f61a05b 223 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 224 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 225 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 226 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 227 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 228 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 229 };
HannesTschofenig 0:796d0f61a05b 230 static const t_uint secp384r1_b[] = {
HannesTschofenig 0:796d0f61a05b 231 BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
HannesTschofenig 0:796d0f61a05b 232 BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
HannesTschofenig 0:796d0f61a05b 233 BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
HannesTschofenig 0:796d0f61a05b 234 BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
HannesTschofenig 0:796d0f61a05b 235 BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
HannesTschofenig 0:796d0f61a05b 236 BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
HannesTschofenig 0:796d0f61a05b 237 };
HannesTschofenig 0:796d0f61a05b 238 static const t_uint secp384r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 239 BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
HannesTschofenig 0:796d0f61a05b 240 BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
HannesTschofenig 0:796d0f61a05b 241 BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
HannesTschofenig 0:796d0f61a05b 242 BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
HannesTschofenig 0:796d0f61a05b 243 BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
HannesTschofenig 0:796d0f61a05b 244 BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
HannesTschofenig 0:796d0f61a05b 245 };
HannesTschofenig 0:796d0f61a05b 246 static const t_uint secp384r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 247 BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
HannesTschofenig 0:796d0f61a05b 248 BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
HannesTschofenig 0:796d0f61a05b 249 BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
HannesTschofenig 0:796d0f61a05b 250 BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
HannesTschofenig 0:796d0f61a05b 251 BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
HannesTschofenig 0:796d0f61a05b 252 BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
HannesTschofenig 0:796d0f61a05b 253 };
HannesTschofenig 0:796d0f61a05b 254 static const t_uint secp384r1_n[] = {
HannesTschofenig 0:796d0f61a05b 255 BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
HannesTschofenig 0:796d0f61a05b 256 BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
HannesTschofenig 0:796d0f61a05b 257 BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
HannesTschofenig 0:796d0f61a05b 258 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 259 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 260 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 261 };
HannesTschofenig 0:796d0f61a05b 262 #endif /* POLARSSL_ECP_DP_SECP384R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 263
HannesTschofenig 0:796d0f61a05b 264 /*
HannesTschofenig 0:796d0f61a05b 265 * Domain parameters for secp521r1
HannesTschofenig 0:796d0f61a05b 266 */
HannesTschofenig 0:796d0f61a05b 267 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 268 static const t_uint secp521r1_p[] = {
HannesTschofenig 0:796d0f61a05b 269 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 270 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 271 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 272 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 273 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 274 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 275 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 276 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 277 BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
HannesTschofenig 0:796d0f61a05b 278 };
HannesTschofenig 0:796d0f61a05b 279 static const t_uint secp521r1_b[] = {
HannesTschofenig 0:796d0f61a05b 280 BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
HannesTschofenig 0:796d0f61a05b 281 BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
HannesTschofenig 0:796d0f61a05b 282 BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
HannesTschofenig 0:796d0f61a05b 283 BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
HannesTschofenig 0:796d0f61a05b 284 BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
HannesTschofenig 0:796d0f61a05b 285 BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
HannesTschofenig 0:796d0f61a05b 286 BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
HannesTschofenig 0:796d0f61a05b 287 BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
HannesTschofenig 0:796d0f61a05b 288 BYTES_TO_T_UINT_2( 0x51, 0x00 ),
HannesTschofenig 0:796d0f61a05b 289 };
HannesTschofenig 0:796d0f61a05b 290 static const t_uint secp521r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 291 BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
HannesTschofenig 0:796d0f61a05b 292 BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
HannesTschofenig 0:796d0f61a05b 293 BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
HannesTschofenig 0:796d0f61a05b 294 BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
HannesTschofenig 0:796d0f61a05b 295 BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
HannesTschofenig 0:796d0f61a05b 296 BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
HannesTschofenig 0:796d0f61a05b 297 BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
HannesTschofenig 0:796d0f61a05b 298 BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
HannesTschofenig 0:796d0f61a05b 299 BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
HannesTschofenig 0:796d0f61a05b 300 };
HannesTschofenig 0:796d0f61a05b 301 static const t_uint secp521r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 302 BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
HannesTschofenig 0:796d0f61a05b 303 BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
HannesTschofenig 0:796d0f61a05b 304 BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
HannesTschofenig 0:796d0f61a05b 305 BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
HannesTschofenig 0:796d0f61a05b 306 BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
HannesTschofenig 0:796d0f61a05b 307 BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
HannesTschofenig 0:796d0f61a05b 308 BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
HannesTschofenig 0:796d0f61a05b 309 BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
HannesTschofenig 0:796d0f61a05b 310 BYTES_TO_T_UINT_2( 0x18, 0x01 ),
HannesTschofenig 0:796d0f61a05b 311 };
HannesTschofenig 0:796d0f61a05b 312 static const t_uint secp521r1_n[] = {
HannesTschofenig 0:796d0f61a05b 313 BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
HannesTschofenig 0:796d0f61a05b 314 BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
HannesTschofenig 0:796d0f61a05b 315 BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
HannesTschofenig 0:796d0f61a05b 316 BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
HannesTschofenig 0:796d0f61a05b 317 BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 318 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 319 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 320 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 321 BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
HannesTschofenig 0:796d0f61a05b 322 };
HannesTschofenig 0:796d0f61a05b 323 #endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 324
HannesTschofenig 0:796d0f61a05b 325 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 326 static const t_uint secp192k1_p[] = {
HannesTschofenig 0:796d0f61a05b 327 BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 328 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 329 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 330 };
HannesTschofenig 0:796d0f61a05b 331 static const t_uint secp192k1_a[] = {
HannesTschofenig 0:796d0f61a05b 332 BYTES_TO_T_UINT_2( 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 333 };
HannesTschofenig 0:796d0f61a05b 334 static const t_uint secp192k1_b[] = {
HannesTschofenig 0:796d0f61a05b 335 BYTES_TO_T_UINT_2( 0x03, 0x00 ),
HannesTschofenig 0:796d0f61a05b 336 };
HannesTschofenig 0:796d0f61a05b 337 static const t_uint secp192k1_gx[] = {
HannesTschofenig 0:796d0f61a05b 338 BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
HannesTschofenig 0:796d0f61a05b 339 BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
HannesTschofenig 0:796d0f61a05b 340 BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
HannesTschofenig 0:796d0f61a05b 341 };
HannesTschofenig 0:796d0f61a05b 342 static const t_uint secp192k1_gy[] = {
HannesTschofenig 0:796d0f61a05b 343 BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
HannesTschofenig 0:796d0f61a05b 344 BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
HannesTschofenig 0:796d0f61a05b 345 BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
HannesTschofenig 0:796d0f61a05b 346 };
HannesTschofenig 0:796d0f61a05b 347 static const t_uint secp192k1_n[] = {
HannesTschofenig 0:796d0f61a05b 348 BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
HannesTschofenig 0:796d0f61a05b 349 BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 350 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 351 };
HannesTschofenig 0:796d0f61a05b 352 #endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 353
HannesTschofenig 0:796d0f61a05b 354 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 355 static const t_uint secp224k1_p[] = {
HannesTschofenig 0:796d0f61a05b 356 BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 357 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 358 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 359 BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 360 };
HannesTschofenig 0:796d0f61a05b 361 static const t_uint secp224k1_a[] = {
HannesTschofenig 0:796d0f61a05b 362 BYTES_TO_T_UINT_2( 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 363 };
HannesTschofenig 0:796d0f61a05b 364 static const t_uint secp224k1_b[] = {
HannesTschofenig 0:796d0f61a05b 365 BYTES_TO_T_UINT_2( 0x05, 0x00 ),
HannesTschofenig 0:796d0f61a05b 366 };
HannesTschofenig 0:796d0f61a05b 367 static const t_uint secp224k1_gx[] = {
HannesTschofenig 0:796d0f61a05b 368 BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
HannesTschofenig 0:796d0f61a05b 369 BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
HannesTschofenig 0:796d0f61a05b 370 BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
HannesTschofenig 0:796d0f61a05b 371 BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
HannesTschofenig 0:796d0f61a05b 372 };
HannesTschofenig 0:796d0f61a05b 373 static const t_uint secp224k1_gy[] = {
HannesTschofenig 0:796d0f61a05b 374 BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
HannesTschofenig 0:796d0f61a05b 375 BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
HannesTschofenig 0:796d0f61a05b 376 BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
HannesTschofenig 0:796d0f61a05b 377 BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
HannesTschofenig 0:796d0f61a05b 378 };
HannesTschofenig 0:796d0f61a05b 379 static const t_uint secp224k1_n[] = {
HannesTschofenig 0:796d0f61a05b 380 BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
HannesTschofenig 0:796d0f61a05b 381 BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
HannesTschofenig 0:796d0f61a05b 382 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 383 BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 384 };
HannesTschofenig 0:796d0f61a05b 385 #endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 386
HannesTschofenig 0:796d0f61a05b 387 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 388 static const t_uint secp256k1_p[] = {
HannesTschofenig 0:796d0f61a05b 389 BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 390 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 391 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 392 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 393 };
HannesTschofenig 0:796d0f61a05b 394 static const t_uint secp256k1_a[] = {
HannesTschofenig 0:796d0f61a05b 395 BYTES_TO_T_UINT_2( 0x00, 0x00 ),
HannesTschofenig 0:796d0f61a05b 396 };
HannesTschofenig 0:796d0f61a05b 397 static const t_uint secp256k1_b[] = {
HannesTschofenig 0:796d0f61a05b 398 BYTES_TO_T_UINT_2( 0x07, 0x00 ),
HannesTschofenig 0:796d0f61a05b 399 };
HannesTschofenig 0:796d0f61a05b 400 static const t_uint secp256k1_gx[] = {
HannesTschofenig 0:796d0f61a05b 401 BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
HannesTschofenig 0:796d0f61a05b 402 BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
HannesTschofenig 0:796d0f61a05b 403 BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
HannesTschofenig 0:796d0f61a05b 404 BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
HannesTschofenig 0:796d0f61a05b 405 };
HannesTschofenig 0:796d0f61a05b 406 static const t_uint secp256k1_gy[] = {
HannesTschofenig 0:796d0f61a05b 407 BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
HannesTschofenig 0:796d0f61a05b 408 BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
HannesTschofenig 0:796d0f61a05b 409 BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
HannesTschofenig 0:796d0f61a05b 410 BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
HannesTschofenig 0:796d0f61a05b 411 };
HannesTschofenig 0:796d0f61a05b 412 static const t_uint secp256k1_n[] = {
HannesTschofenig 0:796d0f61a05b 413 BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
HannesTschofenig 0:796d0f61a05b 414 BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
HannesTschofenig 0:796d0f61a05b 415 BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 416 BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
HannesTschofenig 0:796d0f61a05b 417 };
HannesTschofenig 0:796d0f61a05b 418 #endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 419
HannesTschofenig 0:796d0f61a05b 420 /*
HannesTschofenig 0:796d0f61a05b 421 * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
HannesTschofenig 0:796d0f61a05b 422 */
HannesTschofenig 0:796d0f61a05b 423 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 424 static const t_uint brainpoolP256r1_p[] = {
HannesTschofenig 0:796d0f61a05b 425 BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
HannesTschofenig 0:796d0f61a05b 426 BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
HannesTschofenig 0:796d0f61a05b 427 BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
HannesTschofenig 0:796d0f61a05b 428 BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
HannesTschofenig 0:796d0f61a05b 429 };
HannesTschofenig 0:796d0f61a05b 430 static const t_uint brainpoolP256r1_a[] = {
HannesTschofenig 0:796d0f61a05b 431 BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
HannesTschofenig 0:796d0f61a05b 432 BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
HannesTschofenig 0:796d0f61a05b 433 BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
HannesTschofenig 0:796d0f61a05b 434 BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
HannesTschofenig 0:796d0f61a05b 435 };
HannesTschofenig 0:796d0f61a05b 436 static const t_uint brainpoolP256r1_b[] = {
HannesTschofenig 0:796d0f61a05b 437 BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
HannesTschofenig 0:796d0f61a05b 438 BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
HannesTschofenig 0:796d0f61a05b 439 BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
HannesTschofenig 0:796d0f61a05b 440 BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
HannesTschofenig 0:796d0f61a05b 441 };
HannesTschofenig 0:796d0f61a05b 442 static const t_uint brainpoolP256r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 443 BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
HannesTschofenig 0:796d0f61a05b 444 BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
HannesTschofenig 0:796d0f61a05b 445 BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
HannesTschofenig 0:796d0f61a05b 446 BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
HannesTschofenig 0:796d0f61a05b 447 };
HannesTschofenig 0:796d0f61a05b 448 static const t_uint brainpoolP256r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 449 BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
HannesTschofenig 0:796d0f61a05b 450 BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
HannesTschofenig 0:796d0f61a05b 451 BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
HannesTschofenig 0:796d0f61a05b 452 BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
HannesTschofenig 0:796d0f61a05b 453 };
HannesTschofenig 0:796d0f61a05b 454 static const t_uint brainpoolP256r1_n[] = {
HannesTschofenig 0:796d0f61a05b 455 BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
HannesTschofenig 0:796d0f61a05b 456 BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
HannesTschofenig 0:796d0f61a05b 457 BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
HannesTschofenig 0:796d0f61a05b 458 BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
HannesTschofenig 0:796d0f61a05b 459 };
HannesTschofenig 0:796d0f61a05b 460 #endif /* POLARSSL_ECP_DP_BP256R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 461
HannesTschofenig 0:796d0f61a05b 462 /*
HannesTschofenig 0:796d0f61a05b 463 * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
HannesTschofenig 0:796d0f61a05b 464 */
HannesTschofenig 0:796d0f61a05b 465 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 466 static const t_uint brainpoolP384r1_p[] = {
HannesTschofenig 0:796d0f61a05b 467 BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
HannesTschofenig 0:796d0f61a05b 468 BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
HannesTschofenig 0:796d0f61a05b 469 BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
HannesTschofenig 0:796d0f61a05b 470 BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
HannesTschofenig 0:796d0f61a05b 471 BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
HannesTschofenig 0:796d0f61a05b 472 BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
HannesTschofenig 0:796d0f61a05b 473 };
HannesTschofenig 0:796d0f61a05b 474 static const t_uint brainpoolP384r1_a[] = {
HannesTschofenig 0:796d0f61a05b 475 BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
HannesTschofenig 0:796d0f61a05b 476 BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
HannesTschofenig 0:796d0f61a05b 477 BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
HannesTschofenig 0:796d0f61a05b 478 BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
HannesTschofenig 0:796d0f61a05b 479 BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
HannesTschofenig 0:796d0f61a05b 480 BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
HannesTschofenig 0:796d0f61a05b 481 };
HannesTschofenig 0:796d0f61a05b 482 static const t_uint brainpoolP384r1_b[] = {
HannesTschofenig 0:796d0f61a05b 483 BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
HannesTschofenig 0:796d0f61a05b 484 BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
HannesTschofenig 0:796d0f61a05b 485 BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
HannesTschofenig 0:796d0f61a05b 486 BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
HannesTschofenig 0:796d0f61a05b 487 BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
HannesTschofenig 0:796d0f61a05b 488 BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
HannesTschofenig 0:796d0f61a05b 489 };
HannesTschofenig 0:796d0f61a05b 490 static const t_uint brainpoolP384r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 491 BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
HannesTschofenig 0:796d0f61a05b 492 BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
HannesTschofenig 0:796d0f61a05b 493 BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
HannesTschofenig 0:796d0f61a05b 494 BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
HannesTschofenig 0:796d0f61a05b 495 BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
HannesTschofenig 0:796d0f61a05b 496 BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
HannesTschofenig 0:796d0f61a05b 497 };
HannesTschofenig 0:796d0f61a05b 498 static const t_uint brainpoolP384r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 499 BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
HannesTschofenig 0:796d0f61a05b 500 BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
HannesTschofenig 0:796d0f61a05b 501 BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
HannesTschofenig 0:796d0f61a05b 502 BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
HannesTschofenig 0:796d0f61a05b 503 BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
HannesTschofenig 0:796d0f61a05b 504 BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
HannesTschofenig 0:796d0f61a05b 505 };
HannesTschofenig 0:796d0f61a05b 506 static const t_uint brainpoolP384r1_n[] = {
HannesTschofenig 0:796d0f61a05b 507 BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
HannesTschofenig 0:796d0f61a05b 508 BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
HannesTschofenig 0:796d0f61a05b 509 BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
HannesTschofenig 0:796d0f61a05b 510 BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
HannesTschofenig 0:796d0f61a05b 511 BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
HannesTschofenig 0:796d0f61a05b 512 BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
HannesTschofenig 0:796d0f61a05b 513 };
HannesTschofenig 0:796d0f61a05b 514 #endif /* POLARSSL_ECP_DP_BP384R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 515
HannesTschofenig 0:796d0f61a05b 516 /*
HannesTschofenig 0:796d0f61a05b 517 * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
HannesTschofenig 0:796d0f61a05b 518 */
HannesTschofenig 0:796d0f61a05b 519 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 520 static const t_uint brainpoolP512r1_p[] = {
HannesTschofenig 0:796d0f61a05b 521 BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
HannesTschofenig 0:796d0f61a05b 522 BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
HannesTschofenig 0:796d0f61a05b 523 BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
HannesTschofenig 0:796d0f61a05b 524 BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
HannesTschofenig 0:796d0f61a05b 525 BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
HannesTschofenig 0:796d0f61a05b 526 BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
HannesTschofenig 0:796d0f61a05b 527 BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
HannesTschofenig 0:796d0f61a05b 528 BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
HannesTschofenig 0:796d0f61a05b 529 };
HannesTschofenig 0:796d0f61a05b 530 static const t_uint brainpoolP512r1_a[] = {
HannesTschofenig 0:796d0f61a05b 531 BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
HannesTschofenig 0:796d0f61a05b 532 BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
HannesTschofenig 0:796d0f61a05b 533 BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
HannesTschofenig 0:796d0f61a05b 534 BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
HannesTschofenig 0:796d0f61a05b 535 BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
HannesTschofenig 0:796d0f61a05b 536 BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
HannesTschofenig 0:796d0f61a05b 537 BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
HannesTschofenig 0:796d0f61a05b 538 BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
HannesTschofenig 0:796d0f61a05b 539 };
HannesTschofenig 0:796d0f61a05b 540 static const t_uint brainpoolP512r1_b[] = {
HannesTschofenig 0:796d0f61a05b 541 BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
HannesTschofenig 0:796d0f61a05b 542 BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
HannesTschofenig 0:796d0f61a05b 543 BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
HannesTschofenig 0:796d0f61a05b 544 BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
HannesTschofenig 0:796d0f61a05b 545 BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
HannesTschofenig 0:796d0f61a05b 546 BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
HannesTschofenig 0:796d0f61a05b 547 BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
HannesTschofenig 0:796d0f61a05b 548 BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
HannesTschofenig 0:796d0f61a05b 549 };
HannesTschofenig 0:796d0f61a05b 550 static const t_uint brainpoolP512r1_gx[] = {
HannesTschofenig 0:796d0f61a05b 551 BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
HannesTschofenig 0:796d0f61a05b 552 BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
HannesTschofenig 0:796d0f61a05b 553 BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
HannesTschofenig 0:796d0f61a05b 554 BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
HannesTschofenig 0:796d0f61a05b 555 BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
HannesTschofenig 0:796d0f61a05b 556 BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
HannesTschofenig 0:796d0f61a05b 557 BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
HannesTschofenig 0:796d0f61a05b 558 BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
HannesTschofenig 0:796d0f61a05b 559 };
HannesTschofenig 0:796d0f61a05b 560 static const t_uint brainpoolP512r1_gy[] = {
HannesTschofenig 0:796d0f61a05b 561 BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
HannesTschofenig 0:796d0f61a05b 562 BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
HannesTschofenig 0:796d0f61a05b 563 BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
HannesTschofenig 0:796d0f61a05b 564 BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
HannesTschofenig 0:796d0f61a05b 565 BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
HannesTschofenig 0:796d0f61a05b 566 BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
HannesTschofenig 0:796d0f61a05b 567 BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
HannesTschofenig 0:796d0f61a05b 568 BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
HannesTschofenig 0:796d0f61a05b 569 };
HannesTschofenig 0:796d0f61a05b 570 static const t_uint brainpoolP512r1_n[] = {
HannesTschofenig 0:796d0f61a05b 571 BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
HannesTschofenig 0:796d0f61a05b 572 BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
HannesTschofenig 0:796d0f61a05b 573 BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
HannesTschofenig 0:796d0f61a05b 574 BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
HannesTschofenig 0:796d0f61a05b 575 BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
HannesTschofenig 0:796d0f61a05b 576 BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
HannesTschofenig 0:796d0f61a05b 577 BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
HannesTschofenig 0:796d0f61a05b 578 BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
HannesTschofenig 0:796d0f61a05b 579 };
HannesTschofenig 0:796d0f61a05b 580 #endif /* POLARSSL_ECP_DP_BP512R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 581
HannesTschofenig 0:796d0f61a05b 582 /*
HannesTschofenig 0:796d0f61a05b 583 * Create an MPI from embedded constants
HannesTschofenig 0:796d0f61a05b 584 * (assumes len is an exact multiple of sizeof t_uint)
HannesTschofenig 0:796d0f61a05b 585 */
HannesTschofenig 0:796d0f61a05b 586 static inline void ecp_mpi_load( mpi *X, const t_uint *p, size_t len )
HannesTschofenig 0:796d0f61a05b 587 {
HannesTschofenig 0:796d0f61a05b 588 X->s = 1;
HannesTschofenig 0:796d0f61a05b 589 X->n = len / sizeof( t_uint );
HannesTschofenig 0:796d0f61a05b 590 X->p = (t_uint *) p;
HannesTschofenig 0:796d0f61a05b 591 }
HannesTschofenig 0:796d0f61a05b 592
HannesTschofenig 0:796d0f61a05b 593 /*
HannesTschofenig 0:796d0f61a05b 594 * Set an MPI to static value 1
HannesTschofenig 0:796d0f61a05b 595 */
HannesTschofenig 0:796d0f61a05b 596 static inline void ecp_mpi_set1( mpi *X )
HannesTschofenig 0:796d0f61a05b 597 {
HannesTschofenig 0:796d0f61a05b 598 static t_uint one[] = { 1 };
HannesTschofenig 0:796d0f61a05b 599 X->s = 1;
HannesTschofenig 0:796d0f61a05b 600 X->n = 1;
HannesTschofenig 0:796d0f61a05b 601 X->p = one;
HannesTschofenig 0:796d0f61a05b 602 }
HannesTschofenig 0:796d0f61a05b 603
HannesTschofenig 0:796d0f61a05b 604 /*
HannesTschofenig 0:796d0f61a05b 605 * Make group available from embedded constants
HannesTschofenig 0:796d0f61a05b 606 */
HannesTschofenig 0:796d0f61a05b 607 static int ecp_group_load( ecp_group *grp,
HannesTschofenig 0:796d0f61a05b 608 const t_uint *p, size_t plen,
HannesTschofenig 0:796d0f61a05b 609 const t_uint *a, size_t alen,
HannesTschofenig 0:796d0f61a05b 610 const t_uint *b, size_t blen,
HannesTschofenig 0:796d0f61a05b 611 const t_uint *gx, size_t gxlen,
HannesTschofenig 0:796d0f61a05b 612 const t_uint *gy, size_t gylen,
HannesTschofenig 0:796d0f61a05b 613 const t_uint *n, size_t nlen)
HannesTschofenig 0:796d0f61a05b 614 {
HannesTschofenig 0:796d0f61a05b 615 ecp_mpi_load( &grp->P, p, plen );
HannesTschofenig 0:796d0f61a05b 616 if( a != NULL )
HannesTschofenig 0:796d0f61a05b 617 ecp_mpi_load( &grp->A, a, alen );
HannesTschofenig 0:796d0f61a05b 618 ecp_mpi_load( &grp->B, b, blen );
HannesTschofenig 0:796d0f61a05b 619 ecp_mpi_load( &grp->N, n, nlen );
HannesTschofenig 0:796d0f61a05b 620
HannesTschofenig 0:796d0f61a05b 621 ecp_mpi_load( &grp->G.X, gx, gxlen );
HannesTschofenig 0:796d0f61a05b 622 ecp_mpi_load( &grp->G.Y, gy, gylen );
HannesTschofenig 0:796d0f61a05b 623 ecp_mpi_set1( &grp->G.Z );
HannesTschofenig 0:796d0f61a05b 624
HannesTschofenig 0:796d0f61a05b 625 grp->pbits = mpi_msb( &grp->P );
HannesTschofenig 0:796d0f61a05b 626 grp->nbits = mpi_msb( &grp->N );
HannesTschofenig 0:796d0f61a05b 627
HannesTschofenig 0:796d0f61a05b 628 grp->h = 1;
HannesTschofenig 0:796d0f61a05b 629
HannesTschofenig 0:796d0f61a05b 630 return( 0 );
HannesTschofenig 0:796d0f61a05b 631 }
HannesTschofenig 0:796d0f61a05b 632
HannesTschofenig 0:796d0f61a05b 633 #if defined(POLARSSL_ECP_NIST_OPTIM)
HannesTschofenig 0:796d0f61a05b 634 /* Forward declarations */
HannesTschofenig 0:796d0f61a05b 635 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 636 static int ecp_mod_p192( mpi * );
HannesTschofenig 0:796d0f61a05b 637 #endif
HannesTschofenig 0:796d0f61a05b 638 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 639 static int ecp_mod_p224( mpi * );
HannesTschofenig 0:796d0f61a05b 640 #endif
HannesTschofenig 0:796d0f61a05b 641 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 642 static int ecp_mod_p256( mpi * );
HannesTschofenig 0:796d0f61a05b 643 #endif
HannesTschofenig 0:796d0f61a05b 644 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 645 static int ecp_mod_p384( mpi * );
HannesTschofenig 0:796d0f61a05b 646 #endif
HannesTschofenig 0:796d0f61a05b 647 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 648 static int ecp_mod_p521( mpi * );
HannesTschofenig 0:796d0f61a05b 649 #endif
HannesTschofenig 0:796d0f61a05b 650
HannesTschofenig 0:796d0f61a05b 651 #define NIST_MODP( P ) grp->modp = ecp_mod_ ## P;
HannesTschofenig 0:796d0f61a05b 652 #else
HannesTschofenig 0:796d0f61a05b 653 #define NIST_MODP( P )
HannesTschofenig 0:796d0f61a05b 654 #endif /* POLARSSL_ECP_NIST_OPTIM */
HannesTschofenig 0:796d0f61a05b 655
HannesTschofenig 0:796d0f61a05b 656 /* Additional forward declarations */
HannesTschofenig 0:796d0f61a05b 657 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
HannesTschofenig 0:796d0f61a05b 658 static int ecp_mod_p255( mpi * );
HannesTschofenig 0:796d0f61a05b 659 #endif
HannesTschofenig 0:796d0f61a05b 660 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 661 static int ecp_mod_p192k1( mpi * );
HannesTschofenig 0:796d0f61a05b 662 #endif
HannesTschofenig 0:796d0f61a05b 663 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 664 static int ecp_mod_p224k1( mpi * );
HannesTschofenig 0:796d0f61a05b 665 #endif
HannesTschofenig 0:796d0f61a05b 666 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 667 static int ecp_mod_p256k1( mpi * );
HannesTschofenig 0:796d0f61a05b 668 #endif
HannesTschofenig 0:796d0f61a05b 669
HannesTschofenig 0:796d0f61a05b 670 #define LOAD_GROUP_A( G ) ecp_group_load( grp, \
HannesTschofenig 0:796d0f61a05b 671 G ## _p, sizeof( G ## _p ), \
HannesTschofenig 0:796d0f61a05b 672 G ## _a, sizeof( G ## _a ), \
HannesTschofenig 0:796d0f61a05b 673 G ## _b, sizeof( G ## _b ), \
HannesTschofenig 0:796d0f61a05b 674 G ## _gx, sizeof( G ## _gx ), \
HannesTschofenig 0:796d0f61a05b 675 G ## _gy, sizeof( G ## _gy ), \
HannesTschofenig 0:796d0f61a05b 676 G ## _n, sizeof( G ## _n ) )
HannesTschofenig 0:796d0f61a05b 677
HannesTschofenig 0:796d0f61a05b 678 #define LOAD_GROUP( G ) ecp_group_load( grp, \
HannesTschofenig 0:796d0f61a05b 679 G ## _p, sizeof( G ## _p ), \
HannesTschofenig 0:796d0f61a05b 680 NULL, 0, \
HannesTschofenig 0:796d0f61a05b 681 G ## _b, sizeof( G ## _b ), \
HannesTschofenig 0:796d0f61a05b 682 G ## _gx, sizeof( G ## _gx ), \
HannesTschofenig 0:796d0f61a05b 683 G ## _gy, sizeof( G ## _gy ), \
HannesTschofenig 0:796d0f61a05b 684 G ## _n, sizeof( G ## _n ) )
HannesTschofenig 0:796d0f61a05b 685
HannesTschofenig 0:796d0f61a05b 686 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
HannesTschofenig 0:796d0f61a05b 687 /*
HannesTschofenig 0:796d0f61a05b 688 * Specialized function for creating the Curve25519 group
HannesTschofenig 0:796d0f61a05b 689 */
HannesTschofenig 0:796d0f61a05b 690 static int ecp_use_curve25519( ecp_group *grp )
HannesTschofenig 0:796d0f61a05b 691 {
HannesTschofenig 0:796d0f61a05b 692 int ret;
HannesTschofenig 0:796d0f61a05b 693
HannesTschofenig 0:796d0f61a05b 694 /* Actually ( A + 2 ) / 4 */
HannesTschofenig 0:796d0f61a05b 695 MPI_CHK( mpi_read_string( &grp->A, 16, "01DB42" ) );
HannesTschofenig 0:796d0f61a05b 696
HannesTschofenig 0:796d0f61a05b 697 /* P = 2^255 - 19 */
HannesTschofenig 0:796d0f61a05b 698 MPI_CHK( mpi_lset( &grp->P, 1 ) );
HannesTschofenig 0:796d0f61a05b 699 MPI_CHK( mpi_shift_l( &grp->P, 255 ) );
HannesTschofenig 0:796d0f61a05b 700 MPI_CHK( mpi_sub_int( &grp->P, &grp->P, 19 ) );
HannesTschofenig 0:796d0f61a05b 701 grp->pbits = mpi_msb( &grp->P );
HannesTschofenig 0:796d0f61a05b 702
HannesTschofenig 0:796d0f61a05b 703 /* Y intentionaly not set, since we use x/z coordinates.
HannesTschofenig 0:796d0f61a05b 704 * This is used as a marker to identify Montgomery curves! */
HannesTschofenig 0:796d0f61a05b 705 MPI_CHK( mpi_lset( &grp->G.X, 9 ) );
HannesTschofenig 0:796d0f61a05b 706 MPI_CHK( mpi_lset( &grp->G.Z, 1 ) );
HannesTschofenig 0:796d0f61a05b 707 mpi_free( &grp->G.Y );
HannesTschofenig 0:796d0f61a05b 708
HannesTschofenig 0:796d0f61a05b 709 /* Actually, the required msb for private keys */
HannesTschofenig 0:796d0f61a05b 710 grp->nbits = 254;
HannesTschofenig 0:796d0f61a05b 711
HannesTschofenig 0:796d0f61a05b 712 cleanup:
HannesTschofenig 0:796d0f61a05b 713 if( ret != 0 )
HannesTschofenig 0:796d0f61a05b 714 ecp_group_free( grp );
HannesTschofenig 0:796d0f61a05b 715
HannesTschofenig 0:796d0f61a05b 716 return( ret );
HannesTschofenig 0:796d0f61a05b 717 }
HannesTschofenig 0:796d0f61a05b 718 #endif /* POLARSSL_ECP_DP_M255_ENABLED */
HannesTschofenig 0:796d0f61a05b 719
HannesTschofenig 0:796d0f61a05b 720 /*
HannesTschofenig 0:796d0f61a05b 721 * Set a group using well-known domain parameters
HannesTschofenig 0:796d0f61a05b 722 */
HannesTschofenig 0:796d0f61a05b 723 int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
HannesTschofenig 0:796d0f61a05b 724 {
HannesTschofenig 0:796d0f61a05b 725 ecp_group_free( grp );
HannesTschofenig 0:796d0f61a05b 726
HannesTschofenig 0:796d0f61a05b 727 grp->id = id;
HannesTschofenig 0:796d0f61a05b 728
HannesTschofenig 0:796d0f61a05b 729 switch( id )
HannesTschofenig 0:796d0f61a05b 730 {
HannesTschofenig 0:796d0f61a05b 731 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 732 case POLARSSL_ECP_DP_SECP192R1:
HannesTschofenig 0:796d0f61a05b 733 NIST_MODP( p192 );
HannesTschofenig 0:796d0f61a05b 734 return( LOAD_GROUP( secp192r1 ) );
HannesTschofenig 0:796d0f61a05b 735 #endif /* POLARSSL_ECP_DP_SECP192R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 736
HannesTschofenig 0:796d0f61a05b 737 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 738 case POLARSSL_ECP_DP_SECP224R1:
HannesTschofenig 0:796d0f61a05b 739 NIST_MODP( p224 );
HannesTschofenig 0:796d0f61a05b 740 return( LOAD_GROUP( secp224r1 ) );
HannesTschofenig 0:796d0f61a05b 741 #endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 742
HannesTschofenig 0:796d0f61a05b 743 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 744 case POLARSSL_ECP_DP_SECP256R1:
HannesTschofenig 0:796d0f61a05b 745 NIST_MODP( p256 );
HannesTschofenig 0:796d0f61a05b 746 return( LOAD_GROUP( secp256r1 ) );
HannesTschofenig 0:796d0f61a05b 747 #endif /* POLARSSL_ECP_DP_SECP256R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 748
HannesTschofenig 0:796d0f61a05b 749 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 750 case POLARSSL_ECP_DP_SECP384R1:
HannesTschofenig 0:796d0f61a05b 751 NIST_MODP( p384 );
HannesTschofenig 0:796d0f61a05b 752 return( LOAD_GROUP( secp384r1 ) );
HannesTschofenig 0:796d0f61a05b 753 #endif /* POLARSSL_ECP_DP_SECP384R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 754
HannesTschofenig 0:796d0f61a05b 755 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 756 case POLARSSL_ECP_DP_SECP521R1:
HannesTschofenig 0:796d0f61a05b 757 NIST_MODP( p521 );
HannesTschofenig 0:796d0f61a05b 758 return( LOAD_GROUP( secp521r1 ) );
HannesTschofenig 0:796d0f61a05b 759 #endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 760
HannesTschofenig 0:796d0f61a05b 761 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 762 case POLARSSL_ECP_DP_SECP192K1:
HannesTschofenig 0:796d0f61a05b 763 grp->modp = ecp_mod_p192k1;
HannesTschofenig 0:796d0f61a05b 764 return( LOAD_GROUP_A( secp192k1 ) );
HannesTschofenig 0:796d0f61a05b 765 #endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 766
HannesTschofenig 0:796d0f61a05b 767 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 768 case POLARSSL_ECP_DP_SECP224K1:
HannesTschofenig 0:796d0f61a05b 769 grp->modp = ecp_mod_p224k1;
HannesTschofenig 0:796d0f61a05b 770 return( LOAD_GROUP_A( secp224k1 ) );
HannesTschofenig 0:796d0f61a05b 771 #endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 772
HannesTschofenig 0:796d0f61a05b 773 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 774 case POLARSSL_ECP_DP_SECP256K1:
HannesTschofenig 0:796d0f61a05b 775 grp->modp = ecp_mod_p256k1;
HannesTschofenig 0:796d0f61a05b 776 return( LOAD_GROUP_A( secp256k1 ) );
HannesTschofenig 0:796d0f61a05b 777 #endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 778
HannesTschofenig 0:796d0f61a05b 779 #if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 780 case POLARSSL_ECP_DP_BP256R1:
HannesTschofenig 0:796d0f61a05b 781 return( LOAD_GROUP_A( brainpoolP256r1 ) );
HannesTschofenig 0:796d0f61a05b 782 #endif /* POLARSSL_ECP_DP_BP256R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 783
HannesTschofenig 0:796d0f61a05b 784 #if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 785 case POLARSSL_ECP_DP_BP384R1:
HannesTschofenig 0:796d0f61a05b 786 return( LOAD_GROUP_A( brainpoolP384r1 ) );
HannesTschofenig 0:796d0f61a05b 787 #endif /* POLARSSL_ECP_DP_BP384R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 788
HannesTschofenig 0:796d0f61a05b 789 #if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 790 case POLARSSL_ECP_DP_BP512R1:
HannesTschofenig 0:796d0f61a05b 791 return( LOAD_GROUP_A( brainpoolP512r1 ) );
HannesTschofenig 0:796d0f61a05b 792 #endif /* POLARSSL_ECP_DP_BP512R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 793
HannesTschofenig 0:796d0f61a05b 794 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
HannesTschofenig 0:796d0f61a05b 795 case POLARSSL_ECP_DP_M255:
HannesTschofenig 0:796d0f61a05b 796 grp->modp = ecp_mod_p255;
HannesTschofenig 0:796d0f61a05b 797 return( ecp_use_curve25519( grp ) );
HannesTschofenig 0:796d0f61a05b 798 #endif /* POLARSSL_ECP_DP_M255_ENABLED */
HannesTschofenig 0:796d0f61a05b 799
HannesTschofenig 0:796d0f61a05b 800 default:
HannesTschofenig 0:796d0f61a05b 801 ecp_group_free( grp );
HannesTschofenig 0:796d0f61a05b 802 return( POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE );
HannesTschofenig 0:796d0f61a05b 803 }
HannesTschofenig 0:796d0f61a05b 804 }
HannesTschofenig 0:796d0f61a05b 805
HannesTschofenig 0:796d0f61a05b 806 #if defined(POLARSSL_ECP_NIST_OPTIM)
HannesTschofenig 0:796d0f61a05b 807 /*
HannesTschofenig 0:796d0f61a05b 808 * Fast reduction modulo the primes used by the NIST curves.
HannesTschofenig 0:796d0f61a05b 809 *
HannesTschofenig 0:796d0f61a05b 810 * These functions are critical for speed, but not needed for correct
HannesTschofenig 0:796d0f61a05b 811 * operations. So, we make the choice to heavily rely on the internals of our
HannesTschofenig 0:796d0f61a05b 812 * bignum library, which creates a tight coupling between these functions and
HannesTschofenig 0:796d0f61a05b 813 * our MPI implementation. However, the coupling between the ECP module and
HannesTschofenig 0:796d0f61a05b 814 * MPI remains loose, since these functions can be deactivated at will.
HannesTschofenig 0:796d0f61a05b 815 */
HannesTschofenig 0:796d0f61a05b 816
HannesTschofenig 0:796d0f61a05b 817 #if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 818 /*
HannesTschofenig 0:796d0f61a05b 819 * Compared to the way things are presented in FIPS 186-3 D.2,
HannesTschofenig 0:796d0f61a05b 820 * we proceed in columns, from right (least significant chunk) to left,
HannesTschofenig 0:796d0f61a05b 821 * adding chunks to N in place, and keeping a carry for the next chunk.
HannesTschofenig 0:796d0f61a05b 822 * This avoids moving things around in memory, and uselessly adding zeros,
HannesTschofenig 0:796d0f61a05b 823 * compared to the more straightforward, line-oriented approach.
HannesTschofenig 0:796d0f61a05b 824 *
HannesTschofenig 0:796d0f61a05b 825 * For this prime we need to handle data in chunks of 64 bits.
HannesTschofenig 0:796d0f61a05b 826 * Since this is always a multiple of our basic t_uint, we can
HannesTschofenig 0:796d0f61a05b 827 * use a t_uint * to designate such a chunk, and small loops to handle it.
HannesTschofenig 0:796d0f61a05b 828 */
HannesTschofenig 0:796d0f61a05b 829
HannesTschofenig 0:796d0f61a05b 830 /* Add 64-bit chunks (dst += src) and update carry */
HannesTschofenig 0:796d0f61a05b 831 static inline void add64( t_uint *dst, t_uint *src, t_uint *carry )
HannesTschofenig 0:796d0f61a05b 832 {
HannesTschofenig 0:796d0f61a05b 833 unsigned char i;
HannesTschofenig 0:796d0f61a05b 834 t_uint c = 0;
HannesTschofenig 0:796d0f61a05b 835 for( i = 0; i < 8 / sizeof( t_uint ); i++, dst++, src++ )
HannesTschofenig 0:796d0f61a05b 836 {
HannesTschofenig 0:796d0f61a05b 837 *dst += c; c = ( *dst < c );
HannesTschofenig 0:796d0f61a05b 838 *dst += *src; c += ( *dst < *src );
HannesTschofenig 0:796d0f61a05b 839 }
HannesTschofenig 0:796d0f61a05b 840 *carry += c;
HannesTschofenig 0:796d0f61a05b 841 }
HannesTschofenig 0:796d0f61a05b 842
HannesTschofenig 0:796d0f61a05b 843 /* Add carry to a 64-bit chunk and update carry */
HannesTschofenig 0:796d0f61a05b 844 static inline void carry64( t_uint *dst, t_uint *carry )
HannesTschofenig 0:796d0f61a05b 845 {
HannesTschofenig 0:796d0f61a05b 846 unsigned char i;
HannesTschofenig 0:796d0f61a05b 847 for( i = 0; i < 8 / sizeof( t_uint ); i++, dst++ )
HannesTschofenig 0:796d0f61a05b 848 {
HannesTschofenig 0:796d0f61a05b 849 *dst += *carry;
HannesTschofenig 0:796d0f61a05b 850 *carry = ( *dst < *carry );
HannesTschofenig 0:796d0f61a05b 851 }
HannesTschofenig 0:796d0f61a05b 852 }
HannesTschofenig 0:796d0f61a05b 853
HannesTschofenig 0:796d0f61a05b 854 #define WIDTH 8 / sizeof( t_uint )
HannesTschofenig 0:796d0f61a05b 855 #define A( i ) N->p + i * WIDTH
HannesTschofenig 0:796d0f61a05b 856 #define ADD( i ) add64( p, A( i ), &c )
HannesTschofenig 0:796d0f61a05b 857 #define NEXT p += WIDTH; carry64( p, &c )
HannesTschofenig 0:796d0f61a05b 858 #define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
HannesTschofenig 0:796d0f61a05b 859
HannesTschofenig 0:796d0f61a05b 860 /*
HannesTschofenig 0:796d0f61a05b 861 * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
HannesTschofenig 0:796d0f61a05b 862 */
HannesTschofenig 0:796d0f61a05b 863 static int ecp_mod_p192( mpi *N )
HannesTschofenig 0:796d0f61a05b 864 {
HannesTschofenig 0:796d0f61a05b 865 int ret;
HannesTschofenig 0:796d0f61a05b 866 t_uint c = 0;
HannesTschofenig 0:796d0f61a05b 867 t_uint *p, *end;
HannesTschofenig 0:796d0f61a05b 868
HannesTschofenig 0:796d0f61a05b 869 /* Make sure we have enough blocks so that A(5) is legal */
HannesTschofenig 0:796d0f61a05b 870 MPI_CHK( mpi_grow( N, 6 * WIDTH ) );
HannesTschofenig 0:796d0f61a05b 871
HannesTschofenig 0:796d0f61a05b 872 p = N->p;
HannesTschofenig 0:796d0f61a05b 873 end = p + N->n;
HannesTschofenig 0:796d0f61a05b 874
HannesTschofenig 0:796d0f61a05b 875 ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5
HannesTschofenig 0:796d0f61a05b 876 ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5
HannesTschofenig 0:796d0f61a05b 877 ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5
HannesTschofenig 0:796d0f61a05b 878
HannesTschofenig 0:796d0f61a05b 879 cleanup:
HannesTschofenig 0:796d0f61a05b 880 return( ret );
HannesTschofenig 0:796d0f61a05b 881 }
HannesTschofenig 0:796d0f61a05b 882
HannesTschofenig 0:796d0f61a05b 883 #undef WIDTH
HannesTschofenig 0:796d0f61a05b 884 #undef A
HannesTschofenig 0:796d0f61a05b 885 #undef ADD
HannesTschofenig 0:796d0f61a05b 886 #undef NEXT
HannesTschofenig 0:796d0f61a05b 887 #undef LAST
HannesTschofenig 0:796d0f61a05b 888 #endif /* POLARSSL_ECP_DP_SECP192R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 889
HannesTschofenig 0:796d0f61a05b 890 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) || \
HannesTschofenig 0:796d0f61a05b 891 defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) || \
HannesTschofenig 0:796d0f61a05b 892 defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 893 /*
HannesTschofenig 0:796d0f61a05b 894 * The reader is advised to first understand ecp_mod_p192() since the same
HannesTschofenig 0:796d0f61a05b 895 * general structure is used here, but with additional complications:
HannesTschofenig 0:796d0f61a05b 896 * (1) chunks of 32 bits, and (2) subtractions.
HannesTschofenig 0:796d0f61a05b 897 */
HannesTschofenig 0:796d0f61a05b 898
HannesTschofenig 0:796d0f61a05b 899 /*
HannesTschofenig 0:796d0f61a05b 900 * For these primes, we need to handle data in chunks of 32 bits.
HannesTschofenig 0:796d0f61a05b 901 * This makes it more complicated if we use 64 bits limbs in MPI,
HannesTschofenig 0:796d0f61a05b 902 * which prevents us from using a uniform access method as for p192.
HannesTschofenig 0:796d0f61a05b 903 *
HannesTschofenig 0:796d0f61a05b 904 * So, we define a mini abstraction layer to access 32 bit chunks,
HannesTschofenig 0:796d0f61a05b 905 * load them in 'cur' for work, and store them back from 'cur' when done.
HannesTschofenig 0:796d0f61a05b 906 *
HannesTschofenig 0:796d0f61a05b 907 * While at it, also define the size of N in terms of 32-bit chunks.
HannesTschofenig 0:796d0f61a05b 908 */
HannesTschofenig 0:796d0f61a05b 909 #define LOAD32 cur = A( i );
HannesTschofenig 0:796d0f61a05b 910
HannesTschofenig 0:796d0f61a05b 911 #if defined(POLARSSL_HAVE_INT8) /* 8 bit */
HannesTschofenig 0:796d0f61a05b 912
HannesTschofenig 0:796d0f61a05b 913 #define MAX32 N->n / 4
HannesTschofenig 0:796d0f61a05b 914 #define A( j ) (uint32_t)( N->p[4*j+0] ) | \
HannesTschofenig 0:796d0f61a05b 915 ( N->p[4*j+1] << 8 ) | \
HannesTschofenig 0:796d0f61a05b 916 ( N->p[4*j+2] << 16 ) | \
HannesTschofenig 0:796d0f61a05b 917 ( N->p[4*j+3] << 24 )
HannesTschofenig 0:796d0f61a05b 918 #define STORE32 N->p[4*i+0] = (t_uint)( cur ); \
HannesTschofenig 0:796d0f61a05b 919 N->p[4*i+1] = (t_uint)( cur >> 8 ); \
HannesTschofenig 0:796d0f61a05b 920 N->p[4*i+2] = (t_uint)( cur >> 16 ); \
HannesTschofenig 0:796d0f61a05b 921 N->p[4*i+3] = (t_uint)( cur >> 24 );
HannesTschofenig 0:796d0f61a05b 922
HannesTschofenig 0:796d0f61a05b 923 #elif defined(POLARSSL_HAVE_INT16) /* 16 bit */
HannesTschofenig 0:796d0f61a05b 924
HannesTschofenig 0:796d0f61a05b 925 #define MAX32 N->n / 2
HannesTschofenig 0:796d0f61a05b 926 #define A( j ) (uint32_t)( N->p[2*j] ) | ( N->p[2*j+1] << 16 )
HannesTschofenig 0:796d0f61a05b 927 #define STORE32 N->p[2*i+0] = (t_uint)( cur ); \
HannesTschofenig 0:796d0f61a05b 928 N->p[2*i+1] = (t_uint)( cur >> 16 );
HannesTschofenig 0:796d0f61a05b 929
HannesTschofenig 0:796d0f61a05b 930 #elif defined(POLARSSL_HAVE_INT32) /* 32 bit */
HannesTschofenig 0:796d0f61a05b 931
HannesTschofenig 0:796d0f61a05b 932 #define MAX32 N->n
HannesTschofenig 0:796d0f61a05b 933 #define A( j ) N->p[j]
HannesTschofenig 0:796d0f61a05b 934 #define STORE32 N->p[i] = cur;
HannesTschofenig 0:796d0f61a05b 935
HannesTschofenig 0:796d0f61a05b 936 #else /* 64-bit */
HannesTschofenig 0:796d0f61a05b 937
HannesTschofenig 0:796d0f61a05b 938 #define MAX32 N->n * 2
HannesTschofenig 0:796d0f61a05b 939 #define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] )
HannesTschofenig 0:796d0f61a05b 940 #define STORE32 \
HannesTschofenig 0:796d0f61a05b 941 if( i % 2 ) { \
HannesTschofenig 0:796d0f61a05b 942 N->p[i/2] &= 0x00000000FFFFFFFF; \
HannesTschofenig 0:796d0f61a05b 943 N->p[i/2] |= ((t_uint) cur) << 32; \
HannesTschofenig 0:796d0f61a05b 944 } else { \
HannesTschofenig 0:796d0f61a05b 945 N->p[i/2] &= 0xFFFFFFFF00000000; \
HannesTschofenig 0:796d0f61a05b 946 N->p[i/2] |= (t_uint) cur; \
HannesTschofenig 0:796d0f61a05b 947 }
HannesTschofenig 0:796d0f61a05b 948
HannesTschofenig 0:796d0f61a05b 949 #endif /* sizeof( t_uint ) */
HannesTschofenig 0:796d0f61a05b 950
HannesTschofenig 0:796d0f61a05b 951 /*
HannesTschofenig 0:796d0f61a05b 952 * Helpers for addition and subtraction of chunks, with signed carry.
HannesTschofenig 0:796d0f61a05b 953 */
HannesTschofenig 0:796d0f61a05b 954 static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
HannesTschofenig 0:796d0f61a05b 955 {
HannesTschofenig 0:796d0f61a05b 956 *dst += src;
HannesTschofenig 0:796d0f61a05b 957 *carry += ( *dst < src );
HannesTschofenig 0:796d0f61a05b 958 }
HannesTschofenig 0:796d0f61a05b 959
HannesTschofenig 0:796d0f61a05b 960 static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
HannesTschofenig 0:796d0f61a05b 961 {
HannesTschofenig 0:796d0f61a05b 962 *carry -= ( *dst < src );
HannesTschofenig 0:796d0f61a05b 963 *dst -= src;
HannesTschofenig 0:796d0f61a05b 964 }
HannesTschofenig 0:796d0f61a05b 965
HannesTschofenig 0:796d0f61a05b 966 #define ADD( j ) add32( &cur, A( j ), &c );
HannesTschofenig 0:796d0f61a05b 967 #define SUB( j ) sub32( &cur, A( j ), &c );
HannesTschofenig 0:796d0f61a05b 968
HannesTschofenig 0:796d0f61a05b 969 /*
HannesTschofenig 0:796d0f61a05b 970 * Helpers for the main 'loop'
HannesTschofenig 0:796d0f61a05b 971 * (see fix_negative for the motivation of C)
HannesTschofenig 0:796d0f61a05b 972 */
HannesTschofenig 0:796d0f61a05b 973 #define INIT( b ) \
HannesTschofenig 0:796d0f61a05b 974 int ret; \
HannesTschofenig 0:796d0f61a05b 975 signed char c = 0, cc; \
HannesTschofenig 0:796d0f61a05b 976 uint32_t cur; \
HannesTschofenig 0:796d0f61a05b 977 size_t i = 0, bits = b; \
HannesTschofenig 0:796d0f61a05b 978 mpi C; \
HannesTschofenig 0:796d0f61a05b 979 t_uint Cp[ b / 8 / sizeof( t_uint) + 1 ]; \
HannesTschofenig 0:796d0f61a05b 980 \
HannesTschofenig 0:796d0f61a05b 981 C.s = 1; \
HannesTschofenig 0:796d0f61a05b 982 C.n = b / 8 / sizeof( t_uint) + 1; \
HannesTschofenig 0:796d0f61a05b 983 C.p = Cp; \
HannesTschofenig 0:796d0f61a05b 984 memset( Cp, 0, C.n * sizeof( t_uint ) ); \
HannesTschofenig 0:796d0f61a05b 985 \
HannesTschofenig 0:796d0f61a05b 986 MPI_CHK( mpi_grow( N, b * 2 / 8 / sizeof( t_uint ) ) ); \
HannesTschofenig 0:796d0f61a05b 987 LOAD32;
HannesTschofenig 0:796d0f61a05b 988
HannesTschofenig 0:796d0f61a05b 989 #define NEXT \
HannesTschofenig 0:796d0f61a05b 990 STORE32; i++; LOAD32; \
HannesTschofenig 0:796d0f61a05b 991 cc = c; c = 0; \
HannesTschofenig 0:796d0f61a05b 992 if( cc < 0 ) \
HannesTschofenig 0:796d0f61a05b 993 sub32( &cur, -cc, &c ); \
HannesTschofenig 0:796d0f61a05b 994 else \
HannesTschofenig 0:796d0f61a05b 995 add32( &cur, cc, &c ); \
HannesTschofenig 0:796d0f61a05b 996
HannesTschofenig 0:796d0f61a05b 997 #define LAST \
HannesTschofenig 0:796d0f61a05b 998 STORE32; i++; \
HannesTschofenig 0:796d0f61a05b 999 cur = c > 0 ? c : 0; STORE32; \
HannesTschofenig 0:796d0f61a05b 1000 cur = 0; while( ++i < MAX32 ) { STORE32; } \
HannesTschofenig 0:796d0f61a05b 1001 if( c < 0 ) fix_negative( N, c, &C, bits );
HannesTschofenig 0:796d0f61a05b 1002
HannesTschofenig 0:796d0f61a05b 1003 /*
HannesTschofenig 0:796d0f61a05b 1004 * If the result is negative, we get it in the form
HannesTschofenig 0:796d0f61a05b 1005 * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
HannesTschofenig 0:796d0f61a05b 1006 */
HannesTschofenig 0:796d0f61a05b 1007 static inline int fix_negative( mpi *N, signed char c, mpi *C, size_t bits )
HannesTschofenig 0:796d0f61a05b 1008 {
HannesTschofenig 0:796d0f61a05b 1009 int ret;
HannesTschofenig 0:796d0f61a05b 1010
HannesTschofenig 0:796d0f61a05b 1011 /* C = - c * 2^(bits + 32) */
HannesTschofenig 0:796d0f61a05b 1012 #if !defined(POLARSSL_HAVE_INT64)
HannesTschofenig 0:796d0f61a05b 1013 ((void) bits);
HannesTschofenig 0:796d0f61a05b 1014 #else
HannesTschofenig 0:796d0f61a05b 1015 if( bits == 224 )
HannesTschofenig 0:796d0f61a05b 1016 C->p[ C->n - 1 ] = ((t_uint) -c) << 32;
HannesTschofenig 0:796d0f61a05b 1017 else
HannesTschofenig 0:796d0f61a05b 1018 #endif
HannesTschofenig 0:796d0f61a05b 1019 C->p[ C->n - 1 ] = (t_uint) -c;
HannesTschofenig 0:796d0f61a05b 1020
HannesTschofenig 0:796d0f61a05b 1021 /* N = - ( C - N ) */
HannesTschofenig 0:796d0f61a05b 1022 MPI_CHK( mpi_sub_abs( N, C, N ) );
HannesTschofenig 0:796d0f61a05b 1023 N->s = -1;
HannesTschofenig 0:796d0f61a05b 1024
HannesTschofenig 0:796d0f61a05b 1025 cleanup:
HannesTschofenig 0:796d0f61a05b 1026
HannesTschofenig 0:796d0f61a05b 1027 return( ret );
HannesTschofenig 0:796d0f61a05b 1028 }
HannesTschofenig 0:796d0f61a05b 1029
HannesTschofenig 0:796d0f61a05b 1030 #if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1031 /*
HannesTschofenig 0:796d0f61a05b 1032 * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
HannesTschofenig 0:796d0f61a05b 1033 */
HannesTschofenig 0:796d0f61a05b 1034 static int ecp_mod_p224( mpi *N )
HannesTschofenig 0:796d0f61a05b 1035 {
HannesTschofenig 0:796d0f61a05b 1036 INIT( 224 );
HannesTschofenig 0:796d0f61a05b 1037
HannesTschofenig 0:796d0f61a05b 1038 SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11
HannesTschofenig 0:796d0f61a05b 1039 SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12
HannesTschofenig 0:796d0f61a05b 1040 SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13
HannesTschofenig 0:796d0f61a05b 1041 SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11
HannesTschofenig 0:796d0f61a05b 1042 SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12
HannesTschofenig 0:796d0f61a05b 1043 SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13
HannesTschofenig 0:796d0f61a05b 1044 SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10
HannesTschofenig 0:796d0f61a05b 1045
HannesTschofenig 0:796d0f61a05b 1046 cleanup:
HannesTschofenig 0:796d0f61a05b 1047 return( ret );
HannesTschofenig 0:796d0f61a05b 1048 }
HannesTschofenig 0:796d0f61a05b 1049 #endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1050
HannesTschofenig 0:796d0f61a05b 1051 #if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1052 /*
HannesTschofenig 0:796d0f61a05b 1053 * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
HannesTschofenig 0:796d0f61a05b 1054 */
HannesTschofenig 0:796d0f61a05b 1055 static int ecp_mod_p256( mpi *N )
HannesTschofenig 0:796d0f61a05b 1056 {
HannesTschofenig 0:796d0f61a05b 1057 INIT( 256 );
HannesTschofenig 0:796d0f61a05b 1058
HannesTschofenig 0:796d0f61a05b 1059 ADD( 8 ); ADD( 9 );
HannesTschofenig 0:796d0f61a05b 1060 SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0
HannesTschofenig 0:796d0f61a05b 1061
HannesTschofenig 0:796d0f61a05b 1062 ADD( 9 ); ADD( 10 );
HannesTschofenig 0:796d0f61a05b 1063 SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1
HannesTschofenig 0:796d0f61a05b 1064
HannesTschofenig 0:796d0f61a05b 1065 ADD( 10 ); ADD( 11 );
HannesTschofenig 0:796d0f61a05b 1066 SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2
HannesTschofenig 0:796d0f61a05b 1067
HannesTschofenig 0:796d0f61a05b 1068 ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
HannesTschofenig 0:796d0f61a05b 1069 SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3
HannesTschofenig 0:796d0f61a05b 1070
HannesTschofenig 0:796d0f61a05b 1071 ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
HannesTschofenig 0:796d0f61a05b 1072 SUB( 9 ); SUB( 10 ); NEXT; // A4
HannesTschofenig 0:796d0f61a05b 1073
HannesTschofenig 0:796d0f61a05b 1074 ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
HannesTschofenig 0:796d0f61a05b 1075 SUB( 10 ); SUB( 11 ); NEXT; // A5
HannesTschofenig 0:796d0f61a05b 1076
HannesTschofenig 0:796d0f61a05b 1077 ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
HannesTschofenig 0:796d0f61a05b 1078 SUB( 8 ); SUB( 9 ); NEXT; // A6
HannesTschofenig 0:796d0f61a05b 1079
HannesTschofenig 0:796d0f61a05b 1080 ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
HannesTschofenig 0:796d0f61a05b 1081 SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7
HannesTschofenig 0:796d0f61a05b 1082
HannesTschofenig 0:796d0f61a05b 1083 cleanup:
HannesTschofenig 0:796d0f61a05b 1084 return( ret );
HannesTschofenig 0:796d0f61a05b 1085 }
HannesTschofenig 0:796d0f61a05b 1086 #endif /* POLARSSL_ECP_DP_SECP256R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1087
HannesTschofenig 0:796d0f61a05b 1088 #if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1089 /*
HannesTschofenig 0:796d0f61a05b 1090 * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
HannesTschofenig 0:796d0f61a05b 1091 */
HannesTschofenig 0:796d0f61a05b 1092 static int ecp_mod_p384( mpi *N )
HannesTschofenig 0:796d0f61a05b 1093 {
HannesTschofenig 0:796d0f61a05b 1094 INIT( 384 );
HannesTschofenig 0:796d0f61a05b 1095
HannesTschofenig 0:796d0f61a05b 1096 ADD( 12 ); ADD( 21 ); ADD( 20 );
HannesTschofenig 0:796d0f61a05b 1097 SUB( 23 ); NEXT; // A0
HannesTschofenig 0:796d0f61a05b 1098
HannesTschofenig 0:796d0f61a05b 1099 ADD( 13 ); ADD( 22 ); ADD( 23 );
HannesTschofenig 0:796d0f61a05b 1100 SUB( 12 ); SUB( 20 ); NEXT; // A2
HannesTschofenig 0:796d0f61a05b 1101
HannesTschofenig 0:796d0f61a05b 1102 ADD( 14 ); ADD( 23 );
HannesTschofenig 0:796d0f61a05b 1103 SUB( 13 ); SUB( 21 ); NEXT; // A2
HannesTschofenig 0:796d0f61a05b 1104
HannesTschofenig 0:796d0f61a05b 1105 ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
HannesTschofenig 0:796d0f61a05b 1106 SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3
HannesTschofenig 0:796d0f61a05b 1107
HannesTschofenig 0:796d0f61a05b 1108 ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
HannesTschofenig 0:796d0f61a05b 1109 SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4
HannesTschofenig 0:796d0f61a05b 1110
HannesTschofenig 0:796d0f61a05b 1111 ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
HannesTschofenig 0:796d0f61a05b 1112 SUB( 16 ); NEXT; // A5
HannesTschofenig 0:796d0f61a05b 1113
HannesTschofenig 0:796d0f61a05b 1114 ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
HannesTschofenig 0:796d0f61a05b 1115 SUB( 17 ); NEXT; // A6
HannesTschofenig 0:796d0f61a05b 1116
HannesTschofenig 0:796d0f61a05b 1117 ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
HannesTschofenig 0:796d0f61a05b 1118 SUB( 18 ); NEXT; // A7
HannesTschofenig 0:796d0f61a05b 1119
HannesTschofenig 0:796d0f61a05b 1120 ADD( 20 ); ADD( 17 ); ADD( 16 );
HannesTschofenig 0:796d0f61a05b 1121 SUB( 19 ); NEXT; // A8
HannesTschofenig 0:796d0f61a05b 1122
HannesTschofenig 0:796d0f61a05b 1123 ADD( 21 ); ADD( 18 ); ADD( 17 );
HannesTschofenig 0:796d0f61a05b 1124 SUB( 20 ); NEXT; // A9
HannesTschofenig 0:796d0f61a05b 1125
HannesTschofenig 0:796d0f61a05b 1126 ADD( 22 ); ADD( 19 ); ADD( 18 );
HannesTschofenig 0:796d0f61a05b 1127 SUB( 21 ); NEXT; // A10
HannesTschofenig 0:796d0f61a05b 1128
HannesTschofenig 0:796d0f61a05b 1129 ADD( 23 ); ADD( 20 ); ADD( 19 );
HannesTschofenig 0:796d0f61a05b 1130 SUB( 22 ); LAST; // A11
HannesTschofenig 0:796d0f61a05b 1131
HannesTschofenig 0:796d0f61a05b 1132 cleanup:
HannesTschofenig 0:796d0f61a05b 1133 return( ret );
HannesTschofenig 0:796d0f61a05b 1134 }
HannesTschofenig 0:796d0f61a05b 1135 #endif /* POLARSSL_ECP_DP_SECP384R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1136
HannesTschofenig 0:796d0f61a05b 1137 #undef A
HannesTschofenig 0:796d0f61a05b 1138 #undef LOAD32
HannesTschofenig 0:796d0f61a05b 1139 #undef STORE32
HannesTschofenig 0:796d0f61a05b 1140 #undef MAX32
HannesTschofenig 0:796d0f61a05b 1141 #undef INIT
HannesTschofenig 0:796d0f61a05b 1142 #undef NEXT
HannesTschofenig 0:796d0f61a05b 1143 #undef LAST
HannesTschofenig 0:796d0f61a05b 1144
HannesTschofenig 0:796d0f61a05b 1145 #endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED ||
HannesTschofenig 0:796d0f61a05b 1146 POLARSSL_ECP_DP_SECP256R1_ENABLED ||
HannesTschofenig 0:796d0f61a05b 1147 POLARSSL_ECP_DP_SECP384R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1148
HannesTschofenig 0:796d0f61a05b 1149 #if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1150 /*
HannesTschofenig 0:796d0f61a05b 1151 * Here we have an actual Mersenne prime, so things are more straightforward.
HannesTschofenig 0:796d0f61a05b 1152 * However, chunks are aligned on a 'weird' boundary (521 bits).
HannesTschofenig 0:796d0f61a05b 1153 */
HannesTschofenig 0:796d0f61a05b 1154
HannesTschofenig 0:796d0f61a05b 1155 /* Size of p521 in terms of t_uint */
HannesTschofenig 0:796d0f61a05b 1156 #define P521_WIDTH ( 521 / 8 / sizeof( t_uint ) + 1 )
HannesTschofenig 0:796d0f61a05b 1157
HannesTschofenig 0:796d0f61a05b 1158 /* Bits to keep in the most significant t_uint */
HannesTschofenig 0:796d0f61a05b 1159 #if defined(POLARSSL_HAVE_INT8)
HannesTschofenig 0:796d0f61a05b 1160 #define P521_MASK 0x01
HannesTschofenig 0:796d0f61a05b 1161 #else
HannesTschofenig 0:796d0f61a05b 1162 #define P521_MASK 0x01FF
HannesTschofenig 0:796d0f61a05b 1163 #endif
HannesTschofenig 0:796d0f61a05b 1164
HannesTschofenig 0:796d0f61a05b 1165 /*
HannesTschofenig 0:796d0f61a05b 1166 * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
HannesTschofenig 0:796d0f61a05b 1167 * Write N as A1 + 2^521 A0, return A0 + A1
HannesTschofenig 0:796d0f61a05b 1168 */
HannesTschofenig 0:796d0f61a05b 1169 static int ecp_mod_p521( mpi *N )
HannesTschofenig 0:796d0f61a05b 1170 {
HannesTschofenig 0:796d0f61a05b 1171 int ret;
HannesTschofenig 0:796d0f61a05b 1172 size_t i;
HannesTschofenig 0:796d0f61a05b 1173 mpi M;
HannesTschofenig 0:796d0f61a05b 1174 t_uint Mp[P521_WIDTH + 1];
HannesTschofenig 0:796d0f61a05b 1175 /* Worst case for the size of M is when t_uint is 16 bits:
HannesTschofenig 0:796d0f61a05b 1176 * we need to hold bits 513 to 1056, which is 34 limbs, that is
HannesTschofenig 0:796d0f61a05b 1177 * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
HannesTschofenig 0:796d0f61a05b 1178
HannesTschofenig 0:796d0f61a05b 1179 if( N->n < P521_WIDTH )
HannesTschofenig 0:796d0f61a05b 1180 return( 0 );
HannesTschofenig 0:796d0f61a05b 1181
HannesTschofenig 0:796d0f61a05b 1182 /* M = A1 */
HannesTschofenig 0:796d0f61a05b 1183 M.s = 1;
HannesTschofenig 0:796d0f61a05b 1184 M.n = N->n - ( P521_WIDTH - 1 );
HannesTschofenig 0:796d0f61a05b 1185 if( M.n > P521_WIDTH + 1 )
HannesTschofenig 0:796d0f61a05b 1186 M.n = P521_WIDTH + 1;
HannesTschofenig 0:796d0f61a05b 1187 M.p = Mp;
HannesTschofenig 0:796d0f61a05b 1188 memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( t_uint ) );
HannesTschofenig 0:796d0f61a05b 1189 MPI_CHK( mpi_shift_r( &M, 521 % ( 8 * sizeof( t_uint ) ) ) );
HannesTschofenig 0:796d0f61a05b 1190
HannesTschofenig 0:796d0f61a05b 1191 /* N = A0 */
HannesTschofenig 0:796d0f61a05b 1192 N->p[P521_WIDTH - 1] &= P521_MASK;
HannesTschofenig 0:796d0f61a05b 1193 for( i = P521_WIDTH; i < N->n; i++ )
HannesTschofenig 0:796d0f61a05b 1194 N->p[i] = 0;
HannesTschofenig 0:796d0f61a05b 1195
HannesTschofenig 0:796d0f61a05b 1196 /* N = A0 + A1 */
HannesTschofenig 0:796d0f61a05b 1197 MPI_CHK( mpi_add_abs( N, N, &M ) );
HannesTschofenig 0:796d0f61a05b 1198
HannesTschofenig 0:796d0f61a05b 1199 cleanup:
HannesTschofenig 0:796d0f61a05b 1200 return( ret );
HannesTschofenig 0:796d0f61a05b 1201 }
HannesTschofenig 0:796d0f61a05b 1202
HannesTschofenig 0:796d0f61a05b 1203 #undef P521_WIDTH
HannesTschofenig 0:796d0f61a05b 1204 #undef P521_MASK
HannesTschofenig 0:796d0f61a05b 1205 #endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1206
HannesTschofenig 0:796d0f61a05b 1207 #endif /* POLARSSL_ECP_NIST_OPTIM */
HannesTschofenig 0:796d0f61a05b 1208
HannesTschofenig 0:796d0f61a05b 1209 #if defined(POLARSSL_ECP_DP_M255_ENABLED)
HannesTschofenig 0:796d0f61a05b 1210
HannesTschofenig 0:796d0f61a05b 1211 /* Size of p255 in terms of t_uint */
HannesTschofenig 0:796d0f61a05b 1212 #define P255_WIDTH ( 255 / 8 / sizeof( t_uint ) + 1 )
HannesTschofenig 0:796d0f61a05b 1213
HannesTschofenig 0:796d0f61a05b 1214 /*
HannesTschofenig 0:796d0f61a05b 1215 * Fast quasi-reduction modulo p255 = 2^255 - 19
HannesTschofenig 0:796d0f61a05b 1216 * Write N as A0 + 2^255 A1, return A0 + 19 * A1
HannesTschofenig 0:796d0f61a05b 1217 */
HannesTschofenig 0:796d0f61a05b 1218 static int ecp_mod_p255( mpi *N )
HannesTschofenig 0:796d0f61a05b 1219 {
HannesTschofenig 0:796d0f61a05b 1220 int ret;
HannesTschofenig 0:796d0f61a05b 1221 size_t i;
HannesTschofenig 0:796d0f61a05b 1222 mpi M;
HannesTschofenig 0:796d0f61a05b 1223 t_uint Mp[P255_WIDTH + 2];
HannesTschofenig 0:796d0f61a05b 1224
HannesTschofenig 0:796d0f61a05b 1225 if( N->n < P255_WIDTH )
HannesTschofenig 0:796d0f61a05b 1226 return( 0 );
HannesTschofenig 0:796d0f61a05b 1227
HannesTschofenig 0:796d0f61a05b 1228 /* M = A1 */
HannesTschofenig 0:796d0f61a05b 1229 M.s = 1;
HannesTschofenig 0:796d0f61a05b 1230 M.n = N->n - ( P255_WIDTH - 1 );
HannesTschofenig 0:796d0f61a05b 1231 if( M.n > P255_WIDTH + 1 )
HannesTschofenig 0:796d0f61a05b 1232 M.n = P255_WIDTH + 1;
HannesTschofenig 0:796d0f61a05b 1233 M.p = Mp;
HannesTschofenig 0:796d0f61a05b 1234 memset( Mp, 0, sizeof Mp );
HannesTschofenig 0:796d0f61a05b 1235 memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( t_uint ) );
HannesTschofenig 0:796d0f61a05b 1236 MPI_CHK( mpi_shift_r( &M, 255 % ( 8 * sizeof( t_uint ) ) ) );
HannesTschofenig 0:796d0f61a05b 1237 M.n++; /* Make room for multiplication by 19 */
HannesTschofenig 0:796d0f61a05b 1238
HannesTschofenig 0:796d0f61a05b 1239 /* N = A0 */
HannesTschofenig 0:796d0f61a05b 1240 MPI_CHK( mpi_set_bit( N, 255, 0 ) );
HannesTschofenig 0:796d0f61a05b 1241 for( i = P255_WIDTH; i < N->n; i++ )
HannesTschofenig 0:796d0f61a05b 1242 N->p[i] = 0;
HannesTschofenig 0:796d0f61a05b 1243
HannesTschofenig 0:796d0f61a05b 1244 /* N = A0 + 19 * A1 */
HannesTschofenig 0:796d0f61a05b 1245 MPI_CHK( mpi_mul_int( &M, &M, 19 ) );
HannesTschofenig 0:796d0f61a05b 1246 MPI_CHK( mpi_add_abs( N, N, &M ) );
HannesTschofenig 0:796d0f61a05b 1247
HannesTschofenig 0:796d0f61a05b 1248 cleanup:
HannesTschofenig 0:796d0f61a05b 1249 return( ret );
HannesTschofenig 0:796d0f61a05b 1250 }
HannesTschofenig 0:796d0f61a05b 1251 #endif /* POLARSSL_ECP_DP_M255_ENABLED */
HannesTschofenig 0:796d0f61a05b 1252
HannesTschofenig 0:796d0f61a05b 1253 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED) || \
HannesTschofenig 0:796d0f61a05b 1254 defined(POLARSSL_ECP_DP_SECP224K1_ENABLED) || \
HannesTschofenig 0:796d0f61a05b 1255 defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1256 /*
HannesTschofenig 0:796d0f61a05b 1257 * Fast quasi-reduction modulo P = 2^s - R,
HannesTschofenig 0:796d0f61a05b 1258 * with R about 33 bits, used by the Koblitz curves.
HannesTschofenig 0:796d0f61a05b 1259 *
HannesTschofenig 0:796d0f61a05b 1260 * Write N as A0 + 2^224 A1, return A0 + R * A1.
HannesTschofenig 0:796d0f61a05b 1261 * Actually do two passes, since R is big.
HannesTschofenig 0:796d0f61a05b 1262 */
HannesTschofenig 0:796d0f61a05b 1263 #define P_KOBLITZ_MAX ( 256 / 8 / sizeof( t_uint ) ) // Max limbs in P
HannesTschofenig 0:796d0f61a05b 1264 #define P_KOBLITZ_R ( 8 / sizeof( t_uint ) ) // Limbs in R
HannesTschofenig 0:796d0f61a05b 1265 static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs,
HannesTschofenig 0:796d0f61a05b 1266 size_t adjust, size_t shift, t_uint mask )
HannesTschofenig 0:796d0f61a05b 1267 {
HannesTschofenig 0:796d0f61a05b 1268 int ret;
HannesTschofenig 0:796d0f61a05b 1269 size_t i;
HannesTschofenig 0:796d0f61a05b 1270 mpi M, R;
HannesTschofenig 0:796d0f61a05b 1271 t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
HannesTschofenig 0:796d0f61a05b 1272
HannesTschofenig 0:796d0f61a05b 1273 if( N->n < p_limbs )
HannesTschofenig 0:796d0f61a05b 1274 return( 0 );
HannesTschofenig 0:796d0f61a05b 1275
HannesTschofenig 0:796d0f61a05b 1276 /* Init R */
HannesTschofenig 0:796d0f61a05b 1277 R.s = 1;
HannesTschofenig 0:796d0f61a05b 1278 R.p = Rp;
HannesTschofenig 0:796d0f61a05b 1279 R.n = P_KOBLITZ_R;
HannesTschofenig 0:796d0f61a05b 1280
HannesTschofenig 0:796d0f61a05b 1281 /* Common setup for M */
HannesTschofenig 0:796d0f61a05b 1282 M.s = 1;
HannesTschofenig 0:796d0f61a05b 1283 M.p = Mp;
HannesTschofenig 0:796d0f61a05b 1284
HannesTschofenig 0:796d0f61a05b 1285 /* M = A1 */
HannesTschofenig 0:796d0f61a05b 1286 M.n = N->n - ( p_limbs - adjust );
HannesTschofenig 0:796d0f61a05b 1287 if( M.n > p_limbs + adjust )
HannesTschofenig 0:796d0f61a05b 1288 M.n = p_limbs + adjust;
HannesTschofenig 0:796d0f61a05b 1289 memset( Mp, 0, sizeof Mp );
HannesTschofenig 0:796d0f61a05b 1290 memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
HannesTschofenig 0:796d0f61a05b 1291 if (shift != 0 )
HannesTschofenig 0:796d0f61a05b 1292 MPI_CHK( mpi_shift_r( &M, shift ) );
HannesTschofenig 0:796d0f61a05b 1293 M.n += R.n - adjust; /* Make room for multiplication by R */
HannesTschofenig 0:796d0f61a05b 1294
HannesTschofenig 0:796d0f61a05b 1295 /* N = A0 */
HannesTschofenig 0:796d0f61a05b 1296 if (mask != 0 )
HannesTschofenig 0:796d0f61a05b 1297 N->p[p_limbs - 1] &= mask;
HannesTschofenig 0:796d0f61a05b 1298 for( i = p_limbs; i < N->n; i++ )
HannesTschofenig 0:796d0f61a05b 1299 N->p[i] = 0;
HannesTschofenig 0:796d0f61a05b 1300
HannesTschofenig 0:796d0f61a05b 1301 /* N = A0 + R * A1 */
HannesTschofenig 0:796d0f61a05b 1302 MPI_CHK( mpi_mul_mpi( &M, &M, &R ) );
HannesTschofenig 0:796d0f61a05b 1303 MPI_CHK( mpi_add_abs( N, N, &M ) );
HannesTschofenig 0:796d0f61a05b 1304
HannesTschofenig 0:796d0f61a05b 1305 /* Second pass */
HannesTschofenig 0:796d0f61a05b 1306
HannesTschofenig 0:796d0f61a05b 1307 /* M = A1 */
HannesTschofenig 0:796d0f61a05b 1308 M.n = N->n - ( p_limbs - adjust );
HannesTschofenig 0:796d0f61a05b 1309 if( M.n > p_limbs + adjust )
HannesTschofenig 0:796d0f61a05b 1310 M.n = p_limbs + adjust;
HannesTschofenig 0:796d0f61a05b 1311 memset( Mp, 0, sizeof Mp );
HannesTschofenig 0:796d0f61a05b 1312 memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
HannesTschofenig 0:796d0f61a05b 1313 if (shift != 0 )
HannesTschofenig 0:796d0f61a05b 1314 MPI_CHK( mpi_shift_r( &M, shift ) );
HannesTschofenig 0:796d0f61a05b 1315 M.n += R.n - adjust; /* Make room for multiplication by R */
HannesTschofenig 0:796d0f61a05b 1316
HannesTschofenig 0:796d0f61a05b 1317 /* N = A0 */
HannesTschofenig 0:796d0f61a05b 1318 if (mask != 0 )
HannesTschofenig 0:796d0f61a05b 1319 N->p[p_limbs - 1] &= mask;
HannesTschofenig 0:796d0f61a05b 1320 for( i = p_limbs; i < N->n; i++ )
HannesTschofenig 0:796d0f61a05b 1321 N->p[i] = 0;
HannesTschofenig 0:796d0f61a05b 1322
HannesTschofenig 0:796d0f61a05b 1323 /* N = A0 + R * A1 */
HannesTschofenig 0:796d0f61a05b 1324 MPI_CHK( mpi_mul_mpi( &M, &M, &R ) );
HannesTschofenig 0:796d0f61a05b 1325 MPI_CHK( mpi_add_abs( N, N, &M ) );
HannesTschofenig 0:796d0f61a05b 1326
HannesTschofenig 0:796d0f61a05b 1327 cleanup:
HannesTschofenig 0:796d0f61a05b 1328 return( ret );
HannesTschofenig 0:796d0f61a05b 1329 }
HannesTschofenig 0:796d0f61a05b 1330 #endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED) ||
HannesTschofenig 0:796d0f61a05b 1331 POLARSSL_ECP_DP_SECP224K1_ENABLED) ||
HannesTschofenig 0:796d0f61a05b 1332 POLARSSL_ECP_DP_SECP256K1_ENABLED) */
HannesTschofenig 0:796d0f61a05b 1333
HannesTschofenig 0:796d0f61a05b 1334 #if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1335 /*
HannesTschofenig 0:796d0f61a05b 1336 * Fast quasi-reduction modulo p192k1 = 2^192 - R,
HannesTschofenig 0:796d0f61a05b 1337 * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
HannesTschofenig 0:796d0f61a05b 1338 */
HannesTschofenig 0:796d0f61a05b 1339 static int ecp_mod_p192k1( mpi *N )
HannesTschofenig 0:796d0f61a05b 1340 {
HannesTschofenig 0:796d0f61a05b 1341 static t_uint Rp[] = {
HannesTschofenig 0:796d0f61a05b 1342 BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
HannesTschofenig 0:796d0f61a05b 1343
HannesTschofenig 0:796d0f61a05b 1344 return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( t_uint ), 0, 0, 0 ) );
HannesTschofenig 0:796d0f61a05b 1345 }
HannesTschofenig 0:796d0f61a05b 1346 #endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1347
HannesTschofenig 0:796d0f61a05b 1348 #if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1349 /*
HannesTschofenig 0:796d0f61a05b 1350 * Fast quasi-reduction modulo p224k1 = 2^224 - R,
HannesTschofenig 0:796d0f61a05b 1351 * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
HannesTschofenig 0:796d0f61a05b 1352 */
HannesTschofenig 0:796d0f61a05b 1353 static int ecp_mod_p224k1( mpi *N )
HannesTschofenig 0:796d0f61a05b 1354 {
HannesTschofenig 0:796d0f61a05b 1355 static t_uint Rp[] = {
HannesTschofenig 0:796d0f61a05b 1356 BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
HannesTschofenig 0:796d0f61a05b 1357
HannesTschofenig 0:796d0f61a05b 1358 #if defined(POLARSSL_HAVE_INT64)
HannesTschofenig 0:796d0f61a05b 1359 return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
HannesTschofenig 0:796d0f61a05b 1360 #else
HannesTschofenig 0:796d0f61a05b 1361 return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( t_uint ), 0, 0, 0 ) );
HannesTschofenig 0:796d0f61a05b 1362 #endif
HannesTschofenig 0:796d0f61a05b 1363 }
HannesTschofenig 0:796d0f61a05b 1364
HannesTschofenig 0:796d0f61a05b 1365 #endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1366
HannesTschofenig 0:796d0f61a05b 1367 #if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
HannesTschofenig 0:796d0f61a05b 1368 /*
HannesTschofenig 0:796d0f61a05b 1369 * Fast quasi-reduction modulo p256k1 = 2^256 - R,
HannesTschofenig 0:796d0f61a05b 1370 * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
HannesTschofenig 0:796d0f61a05b 1371 */
HannesTschofenig 0:796d0f61a05b 1372 static int ecp_mod_p256k1( mpi *N )
HannesTschofenig 0:796d0f61a05b 1373 {
HannesTschofenig 0:796d0f61a05b 1374 static t_uint Rp[] = {
HannesTschofenig 0:796d0f61a05b 1375 BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
HannesTschofenig 0:796d0f61a05b 1376 return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( t_uint ), 0, 0, 0 ) );
HannesTschofenig 0:796d0f61a05b 1377 }
HannesTschofenig 0:796d0f61a05b 1378 #endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
HannesTschofenig 0:796d0f61a05b 1379
HannesTschofenig 0:796d0f61a05b 1380 #endif /* POLARSSL_ECP_C */
HannesTschofenig 0:796d0f61a05b 1381
HannesTschofenig 0:796d0f61a05b 1382