1 /* $OpenBSD: ec_curve.c,v 1.42 2023/07/07 13:54:45 beck Exp $ */ 2 /* 3 * Written by Nils Larsch for the OpenSSL project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * openssl-core@openssl.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 /* ==================================================================== 59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 60 * 61 * Portions of the attached software ("Contribution") are developed by 62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. 63 * 64 * The Contribution is licensed pursuant to the OpenSSL open source 65 * license provided above. 66 * 67 * The elliptic curve binary polynomial software is originally written by 68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. 69 * 70 */ 71 72 #include <string.h> 73 74 #include <openssl/opensslconf.h> 75 76 #include <openssl/err.h> 77 #include <openssl/objects.h> 78 79 #include "ec_local.h" 80 81 /* the nist prime curves */ 82 static const struct { 83 uint8_t seed[20]; 84 uint8_t p[24]; 85 uint8_t a[24]; 86 uint8_t b[24]; 87 uint8_t x[24]; 88 uint8_t y[24]; 89 uint8_t order[24]; 90 } _EC_NIST_PRIME_192 = { 91 .seed = { 92 0x30, 0x45, 0xae, 0x6f, 0xc8, 0x42, 0x2f, 0x64, 0xed, 0x57, 93 0x95, 0x28, 0xd3, 0x81, 0x20, 0xea, 0xe1, 0x21, 0x96, 0xd5, 94 }, 95 .p = { 96 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 97 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 98 0xff, 0xff, 0xff, 0xff, 99 }, 100 .a = { 101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 102 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 103 0xff, 0xff, 0xff, 0xfc, 104 }, 105 .b = { 106 0x64, 0x21, 0x05, 0x19, 0xe5, 0x9c, 0x80, 0xe7, 0x0f, 0xa7, 107 0xe9, 0xab, 0x72, 0x24, 0x30, 0x49, 0xfe, 0xb8, 0xde, 0xec, 108 0xc1, 0x46, 0xb9, 0xb1, 109 }, 110 .x = { 111 0x18, 0x8d, 0xa8, 0x0e, 0xb0, 0x30, 0x90, 0xf6, 0x7c, 0xbf, 112 0x20, 0xeb, 0x43, 0xa1, 0x88, 0x00, 0xf4, 0xff, 0x0a, 0xfd, 113 0x82, 0xff, 0x10, 0x12, 114 }, 115 .y = { 116 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 117 0x11, 0xed, 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 118 0x1e, 0x79, 0x48, 0x11, 119 }, 120 .order = { 121 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 122 0xff, 0xff, 0x99, 0xde, 0xf8, 0x36, 0x14, 0x6b, 0xc9, 0xb1, 123 0xb4, 0xd2, 0x28, 0x31, 124 }, 125 }; 126 127 static const struct { 128 uint8_t seed[20]; 129 uint8_t p[28]; 130 uint8_t a[28]; 131 uint8_t b[28]; 132 uint8_t x[28]; 133 uint8_t y[28]; 134 uint8_t order[28]; 135 } _EC_NIST_PRIME_224 = { 136 .seed = { 137 0xbd, 0x71, 0x34, 0x47, 0x99, 0xd5, 0xc7, 0xfc, 0xdc, 0x45, 138 0xb5, 0x9f, 0xa3, 0xb9, 0xab, 0x8f, 0x6a, 0x94, 0x8b, 0xc5, 139 }, 140 .p = { 141 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 142 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 144 }, 145 .a = { 146 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 147 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 148 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 149 }, 150 .b = { 151 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41, 152 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7, 0xd7, 0xbf, 0xd8, 0xba, 153 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4, 154 }, 155 .x = { 156 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13, 157 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3, 0x56, 0xc2, 0x11, 0x22, 158 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21, 159 }, 160 .y = { 161 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 162 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 163 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34, 164 }, 165 .order = { 166 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 167 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2, 0xe0, 0xb8, 0xf0, 0x3e, 168 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d, 169 }, 170 }; 171 172 static const struct { 173 uint8_t seed[20]; 174 uint8_t p[48]; 175 uint8_t a[48]; 176 uint8_t b[48]; 177 uint8_t x[48]; 178 uint8_t y[48]; 179 uint8_t order[48]; 180 } _EC_NIST_PRIME_384 = { 181 .seed = { 182 0xa3, 0x35, 0x92, 0x6a, 0xa3, 0x19, 0xa2, 0x7a, 0x1d, 0x00, 183 0x89, 0x6a, 0x67, 0x73, 0xa4, 0x82, 0x7a, 0xcd, 0xac, 0x73, 184 }, 185 .p = { 186 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 187 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 188 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 189 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 190 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 191 }, 192 .a = { 193 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 194 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 195 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 196 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 197 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xfc, 198 }, 199 .b = { 200 0xb3, 0x31, 0x2f, 0xa7, 0xe2, 0x3e, 0xe7, 0xe4, 0x98, 0x8e, 201 0x05, 0x6b, 0xe3, 0xf8, 0x2d, 0x19, 0x18, 0x1d, 0x9c, 0x6e, 202 0xfe, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8f, 0x50, 0x13, 203 0x87, 0x5a, 0xc6, 0x56, 0x39, 0x8d, 0x8a, 0x2e, 0xd1, 0x9d, 204 0x2a, 0x85, 0xc8, 0xed, 0xd3, 0xec, 0x2a, 0xef, 205 }, 206 .x = { 207 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37, 0x8e, 0xb1, 208 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74, 0x6e, 0x1d, 0x3b, 0x62, 209 0x8b, 0xa7, 0x9b, 0x98, 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 210 0x2a, 0x38, 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c, 211 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7, 212 }, 213 .y = { 214 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 215 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 216 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 217 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d, 218 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, 219 }, 220 .order = { 221 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 222 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 223 0xff, 0xff, 0xff, 0xff, 0xc7, 0x63, 0x4d, 0x81, 0xf4, 0x37, 224 0x2d, 0xdf, 0x58, 0x1a, 0x0d, 0xb2, 0x48, 0xb0, 0xa7, 0x7a, 225 0xec, 0xec, 0x19, 0x6a, 0xcc, 0xc5, 0x29, 0x73, 226 }, 227 }; 228 229 static const struct { 230 uint8_t seed[20]; 231 uint8_t p[66]; 232 uint8_t a[66]; 233 uint8_t b[66]; 234 uint8_t x[66]; 235 uint8_t y[66]; 236 uint8_t order[66]; 237 } _EC_NIST_PRIME_521 = { 238 .seed = { 239 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 240 0x67, 0x17, 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 241 }, 242 .p = { 243 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 244 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 245 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 246 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 247 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 248 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 249 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 250 }, 251 .a = { 252 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 253 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 254 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 255 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 256 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 257 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 258 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 259 }, 260 .b = { 261 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, 0x1f, 262 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 263 0x72, 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 264 0x8e, 0xf1, 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 265 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 266 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, 0xf1, 0xef, 0x45, 267 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 268 }, 269 .x = { 270 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 271 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 272 0x81, 0x39, 0x05, 0x3f, 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 273 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7, 274 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, 0xa8, 0xde, 275 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, 276 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 277 }, 278 .y = { 279 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 280 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 281 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 282 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 283 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 284 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 285 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, 286 }, 287 .order = { 288 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 289 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 290 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 291 0xff, 0xff, 0xff, 0xfa, 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 292 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, 0xf7, 0x09, 0xa5, 0xd0, 293 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, 0xbb, 0x6f, 294 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 295 }, 296 }; 297 298 /* the x9.62 prime curves (minus the nist prime curves) */ 299 static const struct { 300 uint8_t seed[20]; 301 uint8_t p[24]; 302 uint8_t a[24]; 303 uint8_t b[24]; 304 uint8_t x[24]; 305 uint8_t y[24]; 306 uint8_t order[24]; 307 } _EC_X9_62_PRIME_192V2 = { 308 .seed = { 309 0x31, 0xa9, 0x2e, 0xe2, 0x02, 0x9f, 0xd1, 0x0d, 0x90, 0x1b, 310 0x11, 0x3e, 0x99, 0x07, 0x10, 0xf0, 0xd2, 0x1a, 0xc6, 0xb6, 311 }, 312 .p = { 313 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 314 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 315 0xff, 0xff, 0xff, 0xff, 316 }, 317 .a = { 318 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 319 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 320 0xff, 0xff, 0xff, 0xfc, 321 }, 322 .b = { 323 0xcc, 0x22, 0xd6, 0xdf, 0xb9, 0x5c, 0x6b, 0x25, 0xe4, 0x9c, 324 0x0d, 0x63, 0x64, 0xa4, 0xe5, 0x98, 0x0c, 0x39, 0x3a, 0xa2, 325 0x16, 0x68, 0xd9, 0x53, 326 }, 327 .x = { 328 0xee, 0xa2, 0xba, 0xe7, 0xe1, 0x49, 0x78, 0x42, 0xf2, 0xde, 329 0x77, 0x69, 0xcf, 0xe9, 0xc9, 0x89, 0xc0, 0x72, 0xad, 0x69, 330 0x6f, 0x48, 0x03, 0x4a, 331 }, 332 .y = { 333 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 334 0xb8, 0x2a, 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 335 0x70, 0xb2, 0xde, 0x15, 336 }, 337 .order = { 338 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 339 0xff, 0xfe, 0x5f, 0xb1, 0xa7, 0x24, 0xdc, 0x80, 0x41, 0x86, 340 0x48, 0xd8, 0xdd, 0x31, 341 }, 342 }; 343 344 static const struct { 345 uint8_t seed[20]; 346 uint8_t p[24]; 347 uint8_t a[24]; 348 uint8_t b[24]; 349 uint8_t x[24]; 350 uint8_t y[24]; 351 uint8_t order[24]; 352 } _EC_X9_62_PRIME_192V3 = { 353 .seed = { 354 0xc4, 0x69, 0x68, 0x44, 0x35, 0xde, 0xb3, 0x78, 0xc4, 0xb6, 355 0x5c, 0xa9, 0x59, 0x1e, 0x2a, 0x57, 0x63, 0x05, 0x9a, 0x2e, 356 }, 357 .p = { 358 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 359 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 360 0xff, 0xff, 0xff, 0xff, 361 }, 362 .a = { 363 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 364 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 365 0xff, 0xff, 0xff, 0xfc, 366 }, 367 .b = { 368 0x22, 0x12, 0x3d, 0xc2, 0x39, 0x5a, 0x05, 0xca, 0xa7, 0x42, 369 0x3d, 0xae, 0xcc, 0xc9, 0x47, 0x60, 0xa7, 0xd4, 0x62, 0x25, 370 0x6b, 0xd5, 0x69, 0x16, 371 }, 372 .x = { 373 0x7d, 0x29, 0x77, 0x81, 0x00, 0xc6, 0x5a, 0x1d, 0xa1, 0x78, 374 0x37, 0x16, 0x58, 0x8d, 0xce, 0x2b, 0x8b, 0x4a, 0xee, 0x8e, 375 0x22, 0x8f, 0x18, 0x96, 376 }, 377 .y = { 378 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 379 0xdc, 0xb6, 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 380 0x48, 0xa9, 0x43, 0xb0, 381 }, 382 .order = { 383 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 384 0xff, 0xff, 0x7a, 0x62, 0xd0, 0x31, 0xc8, 0x3f, 0x42, 0x94, 385 0xf6, 0x40, 0xec, 0x13, 386 }, 387 }; 388 389 static const struct { 390 uint8_t seed[20]; 391 uint8_t p[30]; 392 uint8_t a[30]; 393 uint8_t b[30]; 394 uint8_t x[30]; 395 uint8_t y[30]; 396 uint8_t order[30]; 397 } _EC_X9_62_PRIME_239V1 = { 398 .seed = { 399 0xe4, 0x3b, 0xb4, 0x60, 0xf0, 0xb8, 0x0c, 0xc0, 0xc0, 0xb0, 400 0x75, 0x79, 0x8e, 0x94, 0x80, 0x60, 0xf8, 0x32, 0x1b, 0x7d, 401 }, 402 .p = { 403 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 404 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 405 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 406 }, 407 .a = { 408 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 409 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 410 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc, 411 }, 412 .b = { 413 0x6b, 0x01, 0x6c, 0x3b, 0xdc, 0xf1, 0x89, 0x41, 0xd0, 0xd6, 414 0x54, 0x92, 0x14, 0x75, 0xca, 0x71, 0xa9, 0xdb, 0x2f, 0xb2, 415 0x7d, 0x1d, 0x37, 0x79, 0x61, 0x85, 0xc2, 0x94, 0x2c, 0x0a, 416 }, 417 .x = { 418 0x0f, 0xfa, 0x96, 0x3c, 0xdc, 0xa8, 0x81, 0x6c, 0xcc, 0x33, 419 0xb8, 0x64, 0x2b, 0xed, 0xf9, 0x05, 0xc3, 0xd3, 0x58, 0x57, 420 0x3d, 0x3f, 0x27, 0xfb, 0xbd, 0x3b, 0x3c, 0xb9, 0xaa, 0xaf, 421 }, 422 .y = { 423 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 424 0x54, 0xca, 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 425 0xce, 0x22, 0x6b, 0x39, 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae, 426 }, 427 .order = { 428 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 429 0xff, 0xff, 0x7f, 0xff, 0xff, 0x9e, 0x5e, 0x9a, 0x9f, 0x5d, 430 0x90, 0x71, 0xfb, 0xd1, 0x52, 0x26, 0x88, 0x90, 0x9d, 0x0b, 431 }, 432 }; 433 434 static const struct { 435 uint8_t seed[20]; 436 uint8_t p[30]; 437 uint8_t a[30]; 438 uint8_t b[30]; 439 uint8_t x[30]; 440 uint8_t y[30]; 441 uint8_t order[30]; 442 } _EC_X9_62_PRIME_239V2 = { 443 .seed = { 444 0xe8, 0xb4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xca, 0x3b, 445 0x80, 0x99, 0x98, 0x2b, 0xe0, 0x9f, 0xcb, 0x9a, 0xe6, 0x16, 446 }, 447 .p = { 448 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 449 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 450 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 451 }, 452 .a = { 453 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 454 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 455 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc, 456 }, 457 .b = { 458 0x61, 0x7f, 0xab, 0x68, 0x32, 0x57, 0x6c, 0xbb, 0xfe, 0xd5, 459 0x0d, 0x99, 0xf0, 0x24, 0x9c, 0x3f, 0xee, 0x58, 0xb9, 0x4b, 460 0xa0, 0x03, 0x8c, 0x7a, 0xe8, 0x4c, 0x8c, 0x83, 0x2f, 0x2c, 461 }, 462 .x = { 463 0x38, 0xaf, 0x09, 0xd9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xc9, 464 0x21, 0xbb, 0x5e, 0x9e, 0x26, 0x29, 0x6a, 0x3c, 0xdc, 0xf2, 465 0xf3, 0x57, 0x57, 0xa0, 0xea, 0xfd, 0x87, 0xb8, 0x30, 0xe7, 466 }, 467 .y = { 468 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 469 0xa0, 0xfc, 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 470 0xde, 0x6e, 0xf4, 0x60, 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba, 471 }, 472 .order = { 473 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 474 0xff, 0xff, 0x80, 0x00, 0x00, 0xcf, 0xa7, 0xe8, 0x59, 0x43, 475 0x77, 0xd4, 0x14, 0xc0, 0x38, 0x21, 0xbc, 0x58, 0x20, 0x63, 476 }, 477 }; 478 479 static const struct { 480 uint8_t seed[20]; 481 uint8_t p[30]; 482 uint8_t a[30]; 483 uint8_t b[30]; 484 uint8_t x[30]; 485 uint8_t y[30]; 486 uint8_t order[30]; 487 } _EC_X9_62_PRIME_239V3 = { 488 .seed = { 489 0x7d, 0x73, 0x74, 0x16, 0x8f, 0xfe, 0x34, 0x71, 0xb6, 0x0a, 490 0x85, 0x76, 0x86, 0xa1, 0x94, 0x75, 0xd3, 0xbf, 0xa2, 0xff, 491 }, 492 .p = { 493 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 494 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 495 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 496 }, 497 .a = { 498 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 499 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00, 500 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc, 501 }, 502 .b = { 503 0x25, 0x57, 0x05, 0xfa, 0x2a, 0x30, 0x66, 0x54, 0xb1, 0xf4, 504 0xcb, 0x03, 0xd6, 0xa7, 0x50, 0xa3, 0x0c, 0x25, 0x01, 0x02, 505 0xd4, 0x98, 0x87, 0x17, 0xd9, 0xba, 0x15, 0xab, 0x6d, 0x3e, 506 }, 507 .x = { 508 0x67, 0x68, 0xae, 0x8e, 0x18, 0xbb, 0x92, 0xcf, 0xcf, 0x00, 509 0x5c, 0x94, 0x9a, 0xa2, 0xc6, 0xd9, 0x48, 0x53, 0xd0, 0xe6, 510 0x60, 0xbb, 0xf8, 0x54, 0xb1, 0xc9, 0x50, 0x5f, 0xe9, 0x5a, 511 }, 512 .y = { 513 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 514 0x55, 0x2b, 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 515 0x6e, 0x81, 0x84, 0x99, 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3, 516 }, 517 .order = { 518 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 519 0xff, 0xff, 0x7f, 0xff, 0xff, 0x97, 0x5d, 0xeb, 0x41, 0xb3, 520 0xa6, 0x05, 0x7c, 0x3c, 0x43, 0x21, 0x46, 0x52, 0x65, 0x51, 521 }, 522 }; 523 524 static const struct { 525 uint8_t seed[20]; 526 uint8_t p[32]; 527 uint8_t a[32]; 528 uint8_t b[32]; 529 uint8_t x[32]; 530 uint8_t y[32]; 531 uint8_t order[32]; 532 } _EC_X9_62_PRIME_256V1 = { 533 .seed = { 534 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 535 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 536 }, 537 .p = { 538 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 540 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 541 0xff, 0xff, 542 }, 543 .a = { 544 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 546 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 547 0xff, 0xfc, 548 }, 549 .b = { 550 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 551 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 552 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 553 0x60, 0x4b, 554 }, 555 .x = { 556 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 557 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 558 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 559 0xc2, 0x96, 560 }, 561 .y = { 562 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 563 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 564 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 565 0x51, 0xf5, 566 }, 567 .order = { 568 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 569 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad, 570 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 571 0x25, 0x51, 572 }, 573 }; 574 575 /* the secg prime curves (minus the nist and x9.62 prime curves) */ 576 static const struct { 577 uint8_t seed[20]; 578 uint8_t p[14]; 579 uint8_t a[14]; 580 uint8_t b[14]; 581 uint8_t x[14]; 582 uint8_t y[14]; 583 uint8_t order[14]; 584 } _EC_SECG_PRIME_112R1 = { 585 .seed = { 586 0x00, 0xf5, 0x0b, 0x02, 0x8e, 0x4d, 0x69, 0x6e, 0x67, 0x68, 587 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3f, 0xb1, 588 }, 589 .p = { 590 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76, 591 0xbe, 0xad, 0x20, 0x8b, 592 }, 593 .a = { 594 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76, 595 0xbe, 0xad, 0x20, 0x88, 596 }, 597 .b = { 598 0x65, 0x9e, 0xf8, 0xba, 0x04, 0x39, 0x16, 0xee, 0xde, 0x89, 599 0x11, 0x70, 0x2b, 0x22, 600 }, 601 .x = { 602 0x09, 0x48, 0x72, 0x39, 0x99, 0x5a, 0x5e, 0xe7, 0x6b, 0x55, 603 0xf9, 0xc2, 0xf0, 0x98, 604 }, 605 .y = { 606 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 607 0x0f, 0xf7, 0x75, 0x00, 608 }, 609 .order = { 610 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x76, 0x28, 0xdf, 611 0xac, 0x65, 0x61, 0xc5, 612 }, 613 }; 614 615 static const struct { 616 uint8_t seed[20]; 617 uint8_t p[14]; 618 uint8_t a[14]; 619 uint8_t b[14]; 620 uint8_t x[14]; 621 uint8_t y[14]; 622 uint8_t order[14]; 623 } _EC_SECG_PRIME_112R2 = { 624 .seed = { 625 0x00, 0x27, 0x57, 0xa1, 0x11, 0x4d, 0x69, 0x6e, 0x67, 0x68, 626 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xc0, 0x5e, 0x0b, 0xd4, 627 }, 628 .p = { 629 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76, 630 0xbe, 0xad, 0x20, 0x8b, 631 }, 632 .a = { 633 0x61, 0x27, 0xc2, 0x4c, 0x05, 0xf3, 0x8a, 0x0a, 0xaa, 0xf6, 634 0x5c, 0x0e, 0xf0, 0x2c, 635 }, 636 .b = { 637 0x51, 0xde, 0xf1, 0x81, 0x5d, 0xb5, 0xed, 0x74, 0xfc, 0xc3, 638 0x4c, 0x85, 0xd7, 0x09, 639 }, 640 .x = { 641 0x4b, 0xa3, 0x0a, 0xb5, 0xe8, 0x92, 0xb4, 0xe1, 0x64, 0x9d, 642 0xd0, 0x92, 0x86, 0x43, 643 }, 644 .y = { 645 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 646 0x6e, 0x95, 0x6e, 0x97, 647 }, 648 .order = { 649 0x36, 0xdf, 0x0a, 0xaf, 0xd8, 0xb8, 0xd7, 0x59, 0x7c, 0xa1, 650 0x05, 0x20, 0xd0, 0x4b, 651 }, 652 }; 653 654 static const struct { 655 uint8_t seed[20]; 656 uint8_t p[16]; 657 uint8_t a[16]; 658 uint8_t b[16]; 659 uint8_t x[16]; 660 uint8_t y[16]; 661 uint8_t order[16]; 662 } _EC_SECG_PRIME_128R1 = { 663 .seed = { 664 0x00, 0x0e, 0x0d, 0x4d, 0x69, 0x6e, 0x67, 0x68, 0x75, 0x61, 665 0x51, 0x75, 0x0c, 0xc0, 0x3a, 0x44, 0x73, 0xd0, 0x36, 0x79, 666 }, 667 .p = { 668 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 669 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 670 }, 671 .a = { 672 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 673 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 674 }, 675 .b = { 676 0xe8, 0x75, 0x79, 0xc1, 0x10, 0x79, 0xf4, 0x3d, 0xd8, 0x24, 677 0x99, 0x3c, 0x2c, 0xee, 0x5e, 0xd3, 678 }, 679 .x = { 680 0x16, 0x1f, 0xf7, 0x52, 0x8b, 0x89, 0x9b, 0x2d, 0x0c, 0x28, 681 0x60, 0x7c, 0xa5, 0x2c, 0x5b, 0x86, 682 }, 683 .y = { 684 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 685 0xa2, 0x92, 0xdd, 0xed, 0x7a, 0x83, 686 }, 687 .order = { 688 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x75, 0xa3, 689 0x0d, 0x1b, 0x90, 0x38, 0xa1, 0x15, 690 }, 691 }; 692 693 static const struct { 694 uint8_t seed[20]; 695 uint8_t p[16]; 696 uint8_t a[16]; 697 uint8_t b[16]; 698 uint8_t x[16]; 699 uint8_t y[16]; 700 uint8_t order[16]; 701 } _EC_SECG_PRIME_128R2 = { 702 .seed = { 703 0x00, 0x4d, 0x69, 0x6e, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 704 0x12, 0xd8, 0xf0, 0x34, 0x31, 0xfc, 0xe6, 0x3b, 0x88, 0xf4, 705 }, 706 .p = { 707 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 708 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 709 }, 710 .a = { 711 0xd6, 0x03, 0x19, 0x98, 0xd1, 0xb3, 0xbb, 0xfe, 0xbf, 0x59, 712 0xcc, 0x9b, 0xbf, 0xf9, 0xae, 0xe1, 713 }, 714 .b = { 715 0x5e, 0xee, 0xfc, 0xa3, 0x80, 0xd0, 0x29, 0x19, 0xdc, 0x2c, 716 0x65, 0x58, 0xbb, 0x6d, 0x8a, 0x5d, 717 }, 718 .x = { 719 0x7b, 0x6a, 0xa5, 0xd8, 0x5e, 0x57, 0x29, 0x83, 0xe6, 0xfb, 720 0x32, 0xa7, 0xcd, 0xeb, 0xc1, 0x40, 721 }, 722 .y = { 723 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 724 0xfe, 0x80, 0x5f, 0xc3, 0x4b, 0x44, 725 }, 726 .order = { 727 0x3f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xbe, 0x00, 728 0x24, 0x72, 0x06, 0x13, 0xb5, 0xa3, 729 }, 730 }; 731 732 static const struct { 733 uint8_t p[21]; 734 uint8_t a[21]; 735 uint8_t b[21]; 736 uint8_t x[21]; 737 uint8_t y[21]; 738 uint8_t order[21]; 739 } _EC_SECG_PRIME_160K1 = { 740 .p = { 741 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 742 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac, 743 0x73, 744 }, 745 .a = { 746 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 747 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 748 0x00, 749 }, 750 .b = { 751 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 752 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 753 0x07, 754 }, 755 .x = { 756 0x00, 0x3b, 0x4c, 0x38, 0x2c, 0xe3, 0x7a, 0xa1, 0x92, 0xa4, 757 0x01, 0x9e, 0x76, 0x30, 0x36, 0xf4, 0xf5, 0xdd, 0x4d, 0x7e, 758 0xbb, 759 }, 760 .y = { 761 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 762 0xc2, 0x82, 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 763 0xee, 764 }, 765 .order = { 766 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 767 0x01, 0xb8, 0xfa, 0x16, 0xdf, 0xab, 0x9a, 0xca, 0x16, 0xb6, 768 0xb3, 769 }, 770 }; 771 772 static const struct { 773 uint8_t seed[20]; 774 uint8_t p[21]; 775 uint8_t a[21]; 776 uint8_t b[21]; 777 uint8_t x[21]; 778 uint8_t y[21]; 779 uint8_t order[21]; 780 } _EC_SECG_PRIME_160R1 = { 781 .seed = { 782 0x10, 0x53, 0xcd, 0xe4, 0x2c, 0x14, 0xd6, 0x96, 0xe6, 0x76, 783 0x87, 0x56, 0x15, 0x17, 0x53, 0x3b, 0xf3, 0xf8, 0x33, 0x45, 784 }, 785 .p = { 786 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 787 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 788 0xff, 789 }, 790 .a = { 791 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 792 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 793 0xfc, 794 }, 795 .b = { 796 0x00, 0x1c, 0x97, 0xbe, 0xfc, 0x54, 0xbd, 0x7a, 0x8b, 0x65, 797 0xac, 0xf8, 0x9f, 0x81, 0xd4, 0xd4, 0xad, 0xc5, 0x65, 0xfa, 798 0x45, 799 }, 800 .x = { 801 0x00, 0x4a, 0x96, 0xb5, 0x68, 0x8e, 0xf5, 0x73, 0x28, 0x46, 802 0x64, 0x69, 0x89, 0x68, 0xc3, 0x8b, 0xb9, 0x13, 0xcb, 0xfc, 803 0x82, 804 }, 805 .y = { 806 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 807 0xdc, 0xc9, 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 808 0x32, 809 }, 810 .order = { 811 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 812 0x01, 0xf4, 0xc8, 0xf9, 0x27, 0xae, 0xd3, 0xca, 0x75, 0x22, 813 0x57, 814 }, 815 }; 816 817 static const struct { 818 uint8_t seed[20]; 819 uint8_t p[21]; 820 uint8_t a[21]; 821 uint8_t b[21]; 822 uint8_t x[21]; 823 uint8_t y[21]; 824 uint8_t order[21]; 825 } _EC_SECG_PRIME_160R2 = { 826 .seed = { 827 0xb9, 0x9b, 0x99, 0xb0, 0x99, 0xb3, 0x23, 0xe0, 0x27, 0x09, 828 0xa4, 0xd6, 0x96, 0xe6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, 829 }, 830 .p = { 831 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 832 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac, 833 0x73, 834 }, 835 .a = { 836 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 837 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac, 838 0x70, 839 }, 840 .b = { 841 0x00, 0xb4, 0xe1, 0x34, 0xd3, 0xfb, 0x59, 0xeb, 0x8b, 0xab, 842 0x57, 0x27, 0x49, 0x04, 0x66, 0x4d, 0x5a, 0xf5, 0x03, 0x88, 843 0xba, 844 }, 845 .x = { 846 0x00, 0x52, 0xdc, 0xb0, 0x34, 0x29, 0x3a, 0x11, 0x7e, 0x1f, 847 0x4f, 0xf1, 0x1b, 0x30, 0xf7, 0x19, 0x9d, 0x31, 0x44, 0xce, 848 0x6d, 849 }, 850 .y = { 851 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 852 0x71, 0xfa, 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 853 0x2e, 854 }, 855 .order = { 856 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 857 0x00, 0x35, 0x1e, 0xe7, 0x86, 0xa8, 0x18, 0xf3, 0xa1, 0xa1, 858 0x6b, 859 }, 860 }; 861 862 static const struct { 863 uint8_t p[24]; 864 uint8_t a[24]; 865 uint8_t b[24]; 866 uint8_t x[24]; 867 uint8_t y[24]; 868 uint8_t order[24]; 869 } _EC_SECG_PRIME_192K1 = { 870 .p = { 871 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 872 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 873 0xff, 0xff, 0xee, 0x37, 874 }, 875 .a = { 876 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 877 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 878 0x00, 0x00, 0x00, 0x00, 879 }, 880 .b = { 881 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 882 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 883 0x00, 0x00, 0x00, 0x03, 884 }, 885 .x = { 886 0xdb, 0x4f, 0xf1, 0x0e, 0xc0, 0x57, 0xe9, 0xae, 0x26, 0xb0, 887 0x7d, 0x02, 0x80, 0xb7, 0xf4, 0x34, 0x1d, 0xa5, 0xd1, 0xb1, 888 0xea, 0xe0, 0x6c, 0x7d, 889 }, 890 .y = { 891 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 892 0x63, 0xd0, 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 893 0xd9, 0x5e, 0x2f, 0x9d, 894 }, 895 .order = { 896 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 897 0xff, 0xfe, 0x26, 0xf2, 0xfc, 0x17, 0x0f, 0x69, 0x46, 0x6a, 898 0x74, 0xde, 0xfd, 0x8d, 899 }, 900 }; 901 902 static const struct { 903 uint8_t p[29]; 904 uint8_t a[29]; 905 uint8_t b[29]; 906 uint8_t x[29]; 907 uint8_t y[29]; 908 uint8_t order[29]; 909 } _EC_SECG_PRIME_224K1 = { 910 .p = { 911 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 912 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 913 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xe5, 0x6d, 914 }, 915 .a = { 916 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 918 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 919 }, 920 .b = { 921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 923 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 924 }, 925 .x = { 926 0x00, 0xa1, 0x45, 0x5b, 0x33, 0x4d, 0xf0, 0x99, 0xdf, 0x30, 927 0xfc, 0x28, 0xa1, 0x69, 0xa4, 0x67, 0xe9, 0xe4, 0x70, 0x75, 928 0xa9, 0x0f, 0x7e, 0x65, 0x0e, 0xb6, 0xb7, 0xa4, 0x5c, 929 }, 930 .y = { 931 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 932 0xca, 0xfb, 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 933 0x59, 0xe2, 0xca, 0x4b, 0xdb, 0x55, 0x6d, 0x61, 0xa5, 934 }, 935 .order = { 936 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 937 0x00, 0x00, 0x00, 0x00, 0x01, 0xdc, 0xe8, 0xd2, 0xec, 0x61, 938 0x84, 0xca, 0xf0, 0xa9, 0x71, 0x76, 0x9f, 0xb1, 0xf7, 939 }, 940 }; 941 942 static const struct { 943 uint8_t p[32]; 944 uint8_t a[32]; 945 uint8_t b[32]; 946 uint8_t x[32]; 947 uint8_t y[32]; 948 uint8_t order[32]; 949 } _EC_SECG_PRIME_256K1 = { 950 .p = { 951 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 952 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 953 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 954 0xfc, 0x2f, 955 }, 956 .a = { 957 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 958 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 959 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 960 0x00, 0x00, 961 }, 962 .b = { 963 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 964 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 965 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 966 0x00, 0x07, 967 }, 968 .x = { 969 0x79, 0xbe, 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0, 970 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb, 971 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8, 972 0x17, 0x98, 973 }, 974 .y = { 975 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 976 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 977 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 978 0xd4, 0xb8, 979 }, 980 .order = { 981 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 982 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6, 983 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 984 0x41, 0x41, 985 }, 986 }; 987 988 /* some wap/wtls curves */ 989 static const struct { 990 uint8_t p[15]; 991 uint8_t a[15]; 992 uint8_t b[15]; 993 uint8_t x[15]; 994 uint8_t y[15]; 995 uint8_t order[15]; 996 } _EC_WTLS_8 = { 997 .p = { 998 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 999 0xff, 0xff, 0xff, 0xfd, 0xe7, 1000 }, 1001 .a = { 1002 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1003 0x00, 0x00, 0x00, 0x00, 0x00, 1004 }, 1005 .b = { 1006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1007 0x00, 0x00, 0x00, 0x00, 0x03, 1008 }, 1009 .x = { 1010 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1011 0x00, 0x00, 0x00, 0x00, 0x01, 1012 }, 1013 .y = { 1014 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1015 0x00, 0x00, 0x00, 0x00, 0x02, 1016 }, 1017 .order = { 1018 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xec, 0xea, 1019 0x55, 0x1a, 0xd8, 0x37, 0xe9, 1020 }, 1021 }; 1022 1023 static const struct { 1024 uint8_t p[21]; 1025 uint8_t a[21]; 1026 uint8_t b[21]; 1027 uint8_t x[21]; 1028 uint8_t y[21]; 1029 uint8_t order[21]; 1030 } _EC_WTLS_9 = { 1031 .p = { 1032 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1033 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x80, 1034 0x8f, 1035 }, 1036 .a = { 1037 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1038 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1039 0x00, 1040 }, 1041 .b = { 1042 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1043 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1044 0x03, 1045 }, 1046 .x = { 1047 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1048 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1049 0x01, 1050 }, 1051 .y = { 1052 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1053 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1054 0x02, 1055 }, 1056 .order = { 1057 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1058 0x01, 0xcd, 0xc9, 0x8a, 0xe0, 0xe2, 0xde, 0x57, 0x4a, 0xbf, 1059 0x33, 1060 }, 1061 }; 1062 1063 static const struct { 1064 uint8_t p[28]; 1065 uint8_t a[28]; 1066 uint8_t b[28]; 1067 uint8_t x[28]; 1068 uint8_t y[28]; 1069 uint8_t order[28]; 1070 } _EC_WTLS_12 = { 1071 .p = { 1072 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1073 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 1074 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1075 }, 1076 .a = { 1077 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1078 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 1079 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 1080 }, 1081 .b = { 1082 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41, 1083 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7, 0xd7, 0xbf, 0xd8, 0xba, 1084 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4, 1085 }, 1086 .x = { 1087 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13, 1088 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3, 0x56, 0xc2, 0x11, 0x22, 1089 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21, 1090 }, 1091 .y = { 1092 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 1093 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 1094 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34, 1095 }, 1096 .order = { 1097 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1098 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2, 0xe0, 0xb8, 0xf0, 0x3e, 1099 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d, 1100 }, 1101 }; 1102 1103 static const struct { 1104 uint8_t p[20]; 1105 uint8_t a[20]; 1106 uint8_t b[20]; 1107 uint8_t x[20]; 1108 uint8_t y[20]; 1109 uint8_t order[20]; 1110 } _EC_brainpoolP160r1 = { 1111 .p = { 1112 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf, 1113 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0f, 1114 }, 1115 .a = { 1116 0x34, 0x0e, 0x7b, 0xe2, 0xa2, 0x80, 0xeb, 0x74, 0xe2, 0xbe, 1117 0x61, 0xba, 0xda, 0x74, 0x5d, 0x97, 0xe8, 0xf7, 0xc3, 0x00, 1118 }, 1119 .b = { 1120 0x1e, 0x58, 0x9a, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4f, 1121 0xaa, 0x2d, 0xbd, 0xec, 0x95, 0xc8, 0xd8, 0x67, 0x5e, 0x58, 1122 }, 1123 .x = { 1124 0xbe, 0xd5, 0xaf, 0x16, 0xea, 0x3f, 0x6a, 0x4f, 0x62, 0x93, 1125 0x8c, 0x46, 0x31, 0xeb, 0x5a, 0xf7, 0xbd, 0xbc, 0xdb, 0xc3, 1126 }, 1127 .y = { 1128 0x16, 0x67, 0xcb, 0x47, 0x7a, 0x1a, 0x8e, 0xc3, 0x38, 0xf9, 1129 0x47, 0x41, 0x66, 0x9c, 0x97, 0x63, 0x16, 0xda, 0x63, 0x21, 1130 }, 1131 .order = { 1132 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf, 1133 0x59, 0x91, 0xd4, 0x50, 0x29, 0x40, 0x9e, 0x60, 0xfc, 0x09, 1134 }, 1135 }; 1136 1137 static const struct { 1138 uint8_t p[20]; 1139 uint8_t a[20]; 1140 uint8_t b[20]; 1141 uint8_t x[20]; 1142 uint8_t y[20]; 1143 uint8_t order[20]; 1144 } _EC_brainpoolP160t1 = { 1145 .p = { 1146 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf, 1147 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0f, 1148 }, 1149 .a = { 1150 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf, 1151 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0c, 1152 }, 1153 .b = { 1154 0x7a, 0x55, 0x6b, 0x6d, 0xae, 0x53, 0x5b, 0x7b, 0x51, 0xed, 1155 0x2c, 0x4d, 0x7d, 0xaa, 0x7a, 0x0b, 0x5c, 0x55, 0xf3, 0x80, 1156 }, 1157 .x = { 1158 0xb1, 0x99, 0xb1, 0x3b, 0x9b, 0x34, 0xef, 0xc1, 0x39, 0x7e, 1159 0x64, 0xba, 0xeb, 0x05, 0xac, 0xc2, 0x65, 0xff, 0x23, 0x78, 1160 }, 1161 .y = { 1162 0xad, 0xd6, 0x71, 0x8b, 0x7c, 0x7c, 0x19, 0x61, 0xf0, 0x99, 1163 0x1b, 0x84, 0x24, 0x43, 0x77, 0x21, 0x52, 0xc9, 0xe0, 0xad, 1164 }, 1165 .order = { 1166 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf, 1167 0x59, 0x91, 0xd4, 0x50, 0x29, 0x40, 0x9e, 0x60, 0xfc, 0x09, 1168 }, 1169 }; 1170 1171 static const struct { 1172 uint8_t p[24]; 1173 uint8_t a[24]; 1174 uint8_t b[24]; 1175 uint8_t x[24]; 1176 uint8_t y[24]; 1177 uint8_t order[24]; 1178 } _EC_brainpoolP192r1 = { 1179 .p = { 1180 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3, 1181 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d, 1182 0xe1, 0xa8, 0x62, 0x97, 1183 }, 1184 .a = { 1185 0x6a, 0x91, 0x17, 0x40, 0x76, 0xb1, 0xe0, 0xe1, 0x9c, 0x39, 1186 0xc0, 0x31, 0xfe, 0x86, 0x85, 0xc1, 0xca, 0xe0, 0x40, 0xe5, 1187 0xc6, 0x9a, 0x28, 0xef, 1188 }, 1189 .b = { 1190 0x46, 0x9a, 0x28, 0xef, 0x7c, 0x28, 0xcc, 0xa3, 0xdc, 0x72, 1191 0x1d, 0x04, 0x4f, 0x44, 0x96, 0xbc, 0xca, 0x7e, 0xf4, 0x14, 1192 0x6f, 0xbf, 0x25, 0xc9, 1193 }, 1194 .x = { 1195 0xc0, 0xa0, 0x64, 0x7e, 0xaa, 0xb6, 0xa4, 0x87, 0x53, 0xb0, 1196 0x33, 0xc5, 0x6c, 0xb0, 0xf0, 0x90, 0x0a, 0x2f, 0x5c, 0x48, 1197 0x53, 0x37, 0x5f, 0xd6, 1198 }, 1199 .y = { 1200 0x14, 0xb6, 0x90, 0x86, 0x6a, 0xbd, 0x5b, 0xb8, 0x8b, 0x5f, 1201 0x48, 0x28, 0xc1, 0x49, 0x00, 0x02, 0xe6, 0x77, 0x3f, 0xa2, 1202 0xfa, 0x29, 0x9b, 0x8f, 1203 }, 1204 .order = { 1205 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3, 1206 0x46, 0x2f, 0x9e, 0x9e, 0x91, 0x6b, 0x5b, 0xe8, 0xf1, 0x02, 1207 0x9a, 0xc4, 0xac, 0xc1, 1208 }, 1209 }; 1210 1211 static const struct { 1212 uint8_t p[24]; 1213 uint8_t a[24]; 1214 uint8_t b[24]; 1215 uint8_t x[24]; 1216 uint8_t y[24]; 1217 uint8_t order[24]; 1218 } _EC_brainpoolP192t1 = { 1219 .p = { 1220 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3, 1221 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d, 1222 0xe1, 0xa8, 0x62, 0x97, 1223 }, 1224 .a = { 1225 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3, 1226 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d, 1227 0xe1, 0xa8, 0x62, 0x94, 1228 }, 1229 .b = { 1230 0x13, 0xd5, 0x6f, 0xfa, 0xec, 0x78, 0x68, 0x1e, 0x68, 0xf9, 1231 0xde, 0xb4, 0x3b, 0x35, 0xbe, 0xc2, 0xfb, 0x68, 0x54, 0x2e, 1232 0x27, 0x89, 0x7b, 0x79, 1233 }, 1234 .x = { 1235 0x3a, 0xe9, 0xe5, 0x8c, 0x82, 0xf6, 0x3c, 0x30, 0x28, 0x2e, 1236 0x1f, 0xe7, 0xbb, 0xf4, 0x3f, 0xa7, 0x2c, 0x44, 0x6a, 0xf6, 1237 0xf4, 0x61, 0x81, 0x29, 1238 }, 1239 .y = { 1240 0x09, 0x7e, 0x2c, 0x56, 0x67, 0xc2, 0x22, 0x3a, 0x90, 0x2a, 1241 0xb5, 0xca, 0x44, 0x9d, 0x00, 0x84, 0xb7, 0xe5, 0xb3, 0xde, 1242 0x7c, 0xcc, 0x01, 0xc9, 1243 }, 1244 .order = { 1245 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3, 1246 0x46, 0x2f, 0x9e, 0x9e, 0x91, 0x6b, 0x5b, 0xe8, 0xf1, 0x02, 1247 0x9a, 0xc4, 0xac, 0xc1, 1248 }, 1249 }; 1250 1251 static const struct { 1252 uint8_t p[28]; 1253 uint8_t a[28]; 1254 uint8_t b[28]; 1255 uint8_t x[28]; 1256 uint8_t y[28]; 1257 uint8_t order[28]; 1258 } _EC_brainpoolP224r1 = { 1259 .p = { 1260 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18, 1261 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57, 1262 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff, 1263 }, 1264 .a = { 1265 0x68, 0xa5, 0xe6, 0x2c, 0xa9, 0xce, 0x6c, 0x1c, 0x29, 0x98, 1266 0x03, 0xa6, 0xc1, 0x53, 0x0b, 0x51, 0x4e, 0x18, 0x2a, 0xd8, 1267 0xb0, 0x04, 0x2a, 0x59, 0xca, 0xd2, 0x9f, 0x43, 1268 }, 1269 .b = { 1270 0x25, 0x80, 0xf6, 0x3c, 0xcf, 0xe4, 0x41, 0x38, 0x87, 0x07, 1271 0x13, 0xb1, 0xa9, 0x23, 0x69, 0xe3, 0x3e, 0x21, 0x35, 0xd2, 1272 0x66, 0xdb, 0xb3, 0x72, 0x38, 0x6c, 0x40, 0x0b, 1273 }, 1274 .x = { 1275 0x0d, 0x90, 0x29, 0xad, 0x2c, 0x7e, 0x5c, 0xf4, 0x34, 0x08, 1276 0x23, 0xb2, 0xa8, 0x7d, 0xc6, 0x8c, 0x9e, 0x4c, 0xe3, 0x17, 1277 0x4c, 0x1e, 0x6e, 0xfd, 0xee, 0x12, 0xc0, 0x7d, 1278 }, 1279 .y = { 1280 0x58, 0xaa, 0x56, 0xf7, 0x72, 0xc0, 0x72, 0x6f, 0x24, 0xc6, 1281 0xb8, 0x9e, 0x4e, 0xcd, 0xac, 0x24, 0x35, 0x4b, 0x9e, 0x99, 1282 0xca, 0xa3, 0xf6, 0xd3, 0x76, 0x14, 0x02, 0xcd, 1283 }, 1284 .order = { 1285 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18, 1286 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b, 1287 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f, 1288 }, 1289 }; 1290 1291 static const struct { 1292 uint8_t p[28]; 1293 uint8_t a[28]; 1294 uint8_t b[28]; 1295 uint8_t x[28]; 1296 uint8_t y[28]; 1297 uint8_t order[28]; 1298 } _EC_brainpoolP224t1 = { 1299 .p = { 1300 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18, 1301 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57, 1302 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff, 1303 }, 1304 .a = { 1305 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18, 1306 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57, 1307 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xfc, 1308 }, 1309 .b = { 1310 0x4b, 0x33, 0x7d, 0x93, 0x41, 0x04, 0xcd, 0x7b, 0xef, 0x27, 1311 0x1b, 0xf6, 0x0c, 0xed, 0x1e, 0xd2, 0x0d, 0xa1, 0x4c, 0x08, 1312 0xb3, 0xbb, 0x64, 0xf1, 0x8a, 0x60, 0x88, 0x8d, 1313 }, 1314 .x = { 1315 0x6a, 0xb1, 0xe3, 0x44, 0xce, 0x25, 0xff, 0x38, 0x96, 0x42, 1316 0x4e, 0x7f, 0xfe, 0x14, 0x76, 0x2e, 0xcb, 0x49, 0xf8, 0x92, 1317 0x8a, 0xc0, 0xc7, 0x60, 0x29, 0xb4, 0xd5, 0x80, 1318 }, 1319 .y = { 1320 0x03, 0x74, 0xe9, 0xf5, 0x14, 0x3e, 0x56, 0x8c, 0xd2, 0x3f, 1321 0x3f, 0x4d, 0x7c, 0x0d, 0x4b, 0x1e, 0x41, 0xc8, 0xcc, 0x0d, 1322 0x1c, 0x6a, 0xbd, 0x5f, 0x1a, 0x46, 0xdb, 0x4c, 1323 }, 1324 .order = { 1325 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18, 1326 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b, 1327 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f, 1328 }, 1329 }; 1330 1331 static const struct { 1332 uint8_t p[32]; 1333 uint8_t a[32]; 1334 uint8_t b[32]; 1335 uint8_t x[32]; 1336 uint8_t y[32]; 1337 uint8_t order[32]; 1338 } _EC_brainpoolP256r1 = { 1339 .p = { 1340 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66, 1341 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23, 1342 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e, 1343 0x53, 0x77, 1344 }, 1345 .a = { 1346 0x7d, 0x5a, 0x09, 0x75, 0xfc, 0x2c, 0x30, 0x57, 0xee, 0xf6, 1347 0x75, 0x30, 0x41, 0x7a, 0xff, 0xe7, 0xfb, 0x80, 0x55, 0xc1, 1348 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30, 1349 0xb5, 0xd9, 1350 }, 1351 .b = { 1352 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30, 1353 0xb5, 0xd9, 0xbb, 0xd7, 0x7c, 0xbf, 0x95, 0x84, 0x16, 0x29, 1354 0x5c, 0xf7, 0xe1, 0xce, 0x6b, 0xcc, 0xdc, 0x18, 0xff, 0x8c, 1355 0x07, 0xb6, 1356 }, 1357 .x = { 1358 0x8b, 0xd2, 0xae, 0xb9, 0xcb, 0x7e, 0x57, 0xcb, 0x2c, 0x4b, 1359 0x48, 0x2f, 0xfc, 0x81, 0xb7, 0xaf, 0xb9, 0xde, 0x27, 0xe1, 1360 0xe3, 0xbd, 0x23, 0xc2, 0x3a, 0x44, 0x53, 0xbd, 0x9a, 0xce, 1361 0x32, 0x62, 1362 }, 1363 .y = { 1364 0x54, 0x7e, 0xf8, 0x35, 0xc3, 0xda, 0xc4, 0xfd, 0x97, 0xf8, 1365 0x46, 0x1a, 0x14, 0x61, 0x1d, 0xc9, 0xc2, 0x77, 0x45, 0x13, 1366 0x2d, 0xed, 0x8e, 0x54, 0x5c, 0x1d, 0x54, 0xc7, 0x2f, 0x04, 1367 0x69, 0x97, 1368 }, 1369 .order = { 1370 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66, 1371 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3, 1372 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48, 1373 0x56, 0xa7, 1374 }, 1375 }; 1376 1377 static const struct { 1378 uint8_t p[32]; 1379 uint8_t a[32]; 1380 uint8_t b[32]; 1381 uint8_t x[32]; 1382 uint8_t y[32]; 1383 uint8_t order[32]; 1384 } _EC_brainpoolP256t1 = { 1385 .p = { 1386 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66, 1387 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23, 1388 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e, 1389 0x53, 0x77, 1390 }, 1391 .a = { 1392 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66, 1393 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23, 1394 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e, 1395 0x53, 0x74, 1396 }, 1397 .b = { 1398 0x66, 0x2c, 0x61, 0xc4, 0x30, 0xd8, 0x4e, 0xa4, 0xfe, 0x66, 1399 0xa7, 0x73, 0x3d, 0x0b, 0x76, 0xb7, 0xbf, 0x93, 0xeb, 0xc4, 1400 0xaf, 0x2f, 0x49, 0x25, 0x6a, 0xe5, 0x81, 0x01, 0xfe, 0xe9, 1401 0x2b, 0x04, 1402 }, 1403 .x = { 1404 0xa3, 0xe8, 0xeb, 0x3c, 0xc1, 0xcf, 0xe7, 0xb7, 0x73, 0x22, 1405 0x13, 0xb2, 0x3a, 0x65, 0x61, 0x49, 0xaf, 0xa1, 0x42, 0xc4, 1406 0x7a, 0xaf, 0xbc, 0x2b, 0x79, 0xa1, 0x91, 0x56, 0x2e, 0x13, 1407 0x05, 0xf4, 1408 }, 1409 .y = { 1410 0x2d, 0x99, 0x6c, 0x82, 0x34, 0x39, 0xc5, 0x6d, 0x7f, 0x7b, 1411 0x22, 0xe1, 0x46, 0x44, 0x41, 0x7e, 0x69, 0xbc, 0xb6, 0xde, 1412 0x39, 0xd0, 0x27, 0x00, 0x1d, 0xab, 0xe8, 0xf3, 0x5b, 0x25, 1413 0xc9, 0xbe, 1414 }, 1415 .order = { 1416 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66, 1417 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3, 1418 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48, 1419 0x56, 0xa7, 1420 }, 1421 }; 1422 1423 static const struct { 1424 uint8_t p[40]; 1425 uint8_t a[40]; 1426 uint8_t b[40]; 1427 uint8_t x[40]; 1428 uint8_t y[40]; 1429 uint8_t order[40]; 1430 } _EC_brainpoolP320r1 = { 1431 .p = { 1432 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c, 1433 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6, 1434 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93, 1435 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27, 1436 }, 1437 .a = { 1438 0x3e, 0xe3, 0x0b, 0x56, 0x8f, 0xba, 0xb0, 0xf8, 0x83, 0xcc, 1439 0xeb, 0xd4, 0x6d, 0x3f, 0x3b, 0xb8, 0xa2, 0xa7, 0x35, 0x13, 1440 0xf5, 0xeb, 0x79, 0xda, 0x66, 0x19, 0x0e, 0xb0, 0x85, 0xff, 1441 0xa9, 0xf4, 0x92, 0xf3, 0x75, 0xa9, 0x7d, 0x86, 0x0e, 0xb4, 1442 }, 1443 .b = { 1444 0x52, 0x08, 0x83, 0x94, 0x9d, 0xfd, 0xbc, 0x42, 0xd3, 0xad, 1445 0x19, 0x86, 0x40, 0x68, 0x8a, 0x6f, 0xe1, 0x3f, 0x41, 0x34, 1446 0x95, 0x54, 0xb4, 0x9a, 0xcc, 0x31, 0xdc, 0xcd, 0x88, 0x45, 1447 0x39, 0x81, 0x6f, 0x5e, 0xb4, 0xac, 0x8f, 0xb1, 0xf1, 0xa6, 1448 }, 1449 .x = { 1450 0x43, 0xbd, 0x7e, 0x9a, 0xfb, 0x53, 0xd8, 0xb8, 0x52, 0x89, 1451 0xbc, 0xc4, 0x8e, 0xe5, 0xbf, 0xe6, 0xf2, 0x01, 0x37, 0xd1, 1452 0x0a, 0x08, 0x7e, 0xb6, 0xe7, 0x87, 0x1e, 0x2a, 0x10, 0xa5, 1453 0x99, 0xc7, 0x10, 0xaf, 0x8d, 0x0d, 0x39, 0xe2, 0x06, 0x11, 1454 }, 1455 .y = { 1456 0x14, 0xfd, 0xd0, 0x55, 0x45, 0xec, 0x1c, 0xc8, 0xab, 0x40, 1457 0x93, 0x24, 0x7f, 0x77, 0x27, 0x5e, 0x07, 0x43, 0xff, 0xed, 1458 0x11, 0x71, 0x82, 0xea, 0xa9, 0xc7, 0x78, 0x77, 0xaa, 0xac, 1459 0x6a, 0xc7, 0xd3, 0x52, 0x45, 0xd1, 0x69, 0x2e, 0x8e, 0xe1, 1460 }, 1461 .order = { 1462 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c, 1463 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5, 1464 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86, 1465 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11, 1466 }, 1467 }; 1468 1469 static const struct { 1470 uint8_t p[40]; 1471 uint8_t a[40]; 1472 uint8_t b[40]; 1473 uint8_t x[40]; 1474 uint8_t y[40]; 1475 uint8_t order[40]; 1476 } _EC_brainpoolP320t1 = { 1477 .p = { 1478 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c, 1479 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6, 1480 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93, 1481 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27, 1482 }, 1483 .a = { 1484 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c, 1485 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6, 1486 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93, 1487 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x24, 1488 }, 1489 .b = { 1490 0xa7, 0xf5, 0x61, 0xe0, 0x38, 0xeb, 0x1e, 0xd5, 0x60, 0xb3, 1491 0xd1, 0x47, 0xdb, 0x78, 0x20, 0x13, 0x06, 0x4c, 0x19, 0xf2, 1492 0x7e, 0xd2, 0x7c, 0x67, 0x80, 0xaa, 0xf7, 0x7f, 0xb8, 0xa5, 1493 0x47, 0xce, 0xb5, 0xb4, 0xfe, 0xf4, 0x22, 0x34, 0x03, 0x53, 1494 }, 1495 .x = { 1496 0x92, 0x5b, 0xe9, 0xfb, 0x01, 0xaf, 0xc6, 0xfb, 0x4d, 0x3e, 1497 0x7d, 0x49, 0x90, 0x01, 0x0f, 0x81, 0x34, 0x08, 0xab, 0x10, 1498 0x6c, 0x4f, 0x09, 0xcb, 0x7e, 0xe0, 0x78, 0x68, 0xcc, 0x13, 1499 0x6f, 0xff, 0x33, 0x57, 0xf6, 0x24, 0xa2, 0x1b, 0xed, 0x52, 1500 }, 1501 .y = { 1502 0x63, 0xba, 0x3a, 0x7a, 0x27, 0x48, 0x3e, 0xbf, 0x66, 0x71, 1503 0xdb, 0xef, 0x7a, 0xbb, 0x30, 0xeb, 0xee, 0x08, 0x4e, 0x58, 1504 0xa0, 0xb0, 0x77, 0xad, 0x42, 0xa5, 0xa0, 0x98, 0x9d, 0x1e, 1505 0xe7, 0x1b, 0x1b, 0x9b, 0xc0, 0x45, 0x5f, 0xb0, 0xd2, 0xc3, 1506 }, 1507 .order = { 1508 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c, 1509 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5, 1510 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86, 1511 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11, 1512 }, 1513 }; 1514 1515 static const struct { 1516 uint8_t p[48]; 1517 uint8_t a[48]; 1518 uint8_t b[48]; 1519 uint8_t x[48]; 1520 uint8_t y[48]; 1521 uint8_t order[48]; 1522 } _EC_brainpoolP384r1 = { 1523 .p = { 1524 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d, 1525 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09, 1526 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7, 1527 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71, 1528 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53, 1529 }, 1530 .a = { 1531 0x7b, 0xc3, 0x82, 0xc6, 0x3d, 0x8c, 0x15, 0x0c, 0x3c, 0x72, 1532 0x08, 0x0a, 0xce, 0x05, 0xaf, 0xa0, 0xc2, 0xbe, 0xa2, 0x8e, 1533 0x4f, 0xb2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xef, 0xba, 0x91, 1534 0xf9, 0x0f, 0x8a, 0xa5, 0x81, 0x4a, 0x50, 0x3a, 0xd4, 0xeb, 1535 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26, 1536 }, 1537 .b = { 1538 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26, 0x8b, 0x39, 1539 0xb5, 0x54, 0x16, 0xf0, 0x44, 0x7c, 0x2f, 0xb7, 0x7d, 0xe1, 1540 0x07, 0xdc, 0xd2, 0xa6, 0x2e, 0x88, 0x0e, 0xa5, 0x3e, 0xeb, 1541 0x62, 0xd5, 0x7c, 0xb4, 0x39, 0x02, 0x95, 0xdb, 0xc9, 0x94, 1542 0x3a, 0xb7, 0x86, 0x96, 0xfa, 0x50, 0x4c, 0x11, 1543 }, 1544 .x = { 1545 0x1d, 0x1c, 0x64, 0xf0, 0x68, 0xcf, 0x45, 0xff, 0xa2, 0xa6, 1546 0x3a, 0x81, 0xb7, 0xc1, 0x3f, 0x6b, 0x88, 0x47, 0xa3, 0xe7, 1547 0x7e, 0xf1, 0x4f, 0xe3, 0xdb, 0x7f, 0xca, 0xfe, 0x0c, 0xbd, 1548 0x10, 0xe8, 0xe8, 0x26, 0xe0, 0x34, 0x36, 0xd6, 0x46, 0xaa, 1549 0xef, 0x87, 0xb2, 0xe2, 0x47, 0xd4, 0xaf, 0x1e, 1550 }, 1551 .y = { 1552 0x8a, 0xbe, 0x1d, 0x75, 0x20, 0xf9, 0xc2, 0xa4, 0x5c, 0xb1, 1553 0xeb, 0x8e, 0x95, 0xcf, 0xd5, 0x52, 0x62, 0xb7, 0x0b, 0x29, 1554 0xfe, 0xec, 0x58, 0x64, 0xe1, 0x9c, 0x05, 0x4f, 0xf9, 0x91, 1555 0x29, 0x28, 0x0e, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, 1556 0x42, 0x82, 0x03, 0x41, 0x26, 0x3c, 0x53, 0x15, 1557 }, 1558 .order = { 1559 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d, 1560 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09, 1561 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04, 1562 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10, 1563 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65, 1564 }, 1565 }; 1566 1567 static const struct { 1568 uint8_t p[48]; 1569 uint8_t a[48]; 1570 uint8_t b[48]; 1571 uint8_t x[48]; 1572 uint8_t y[48]; 1573 uint8_t order[48]; 1574 } _EC_brainpoolP384t1 = { 1575 .p = { 1576 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d, 1577 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09, 1578 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7, 1579 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71, 1580 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53, 1581 }, 1582 .a = { 1583 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d, 1584 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09, 1585 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7, 1586 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71, 1587 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x50, 1588 }, 1589 .b = { 1590 0x7f, 0x51, 0x9e, 0xad, 0xa7, 0xbd, 0xa8, 0x1b, 0xd8, 0x26, 1591 0xdb, 0xa6, 0x47, 0x91, 0x0f, 0x8c, 0x4b, 0x93, 0x46, 0xed, 1592 0x8c, 0xcd, 0xc6, 0x4e, 0x4b, 0x1a, 0xbd, 0x11, 0x75, 0x6d, 1593 0xce, 0x1d, 0x20, 0x74, 0xaa, 0x26, 0x3b, 0x88, 0x80, 0x5c, 1594 0xed, 0x70, 0x35, 0x5a, 0x33, 0xb4, 0x71, 0xee, 1595 }, 1596 .x = { 1597 0x18, 0xde, 0x98, 0xb0, 0x2d, 0xb9, 0xa3, 0x06, 0xf2, 0xaf, 1598 0xcd, 0x72, 0x35, 0xf7, 0x2a, 0x81, 0x9b, 0x80, 0xab, 0x12, 1599 0xeb, 0xd6, 0x53, 0x17, 0x24, 0x76, 0xfe, 0xcd, 0x46, 0x2a, 1600 0xab, 0xff, 0xc4, 0xff, 0x19, 0x1b, 0x94, 0x6a, 0x5f, 0x54, 1601 0xd8, 0xd0, 0xaa, 0x2f, 0x41, 0x88, 0x08, 0xcc, 1602 }, 1603 .y = { 1604 0x25, 0xab, 0x05, 0x69, 0x62, 0xd3, 0x06, 0x51, 0xa1, 0x14, 1605 0xaf, 0xd2, 0x75, 0x5a, 0xd3, 0x36, 0x74, 0x7f, 0x93, 0x47, 1606 0x5b, 0x7a, 0x1f, 0xca, 0x3b, 0x88, 0xf2, 0xb6, 0xa2, 0x08, 1607 0xcc, 0xfe, 0x46, 0x94, 0x08, 0x58, 0x4d, 0xc2, 0xb2, 0x91, 1608 0x26, 0x75, 0xbf, 0x5b, 0x9e, 0x58, 0x29, 0x28, 1609 }, 1610 .order = { 1611 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d, 1612 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09, 1613 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04, 1614 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10, 1615 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65, 1616 }, 1617 }; 1618 1619 static const struct { 1620 uint8_t p[64]; 1621 uint8_t a[64]; 1622 uint8_t b[64]; 1623 uint8_t x[64]; 1624 uint8_t y[64]; 1625 uint8_t order[64]; 1626 } _EC_brainpoolP512r1 = { 1627 .p = { 1628 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4, 1629 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3, 1630 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33, 1631 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42, 1632 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81, 1633 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56, 1634 0x58, 0x3a, 0x48, 0xf3, 1635 }, 1636 .a = { 1637 0x78, 0x30, 0xa3, 0x31, 0x8b, 0x60, 0x3b, 0x89, 0xe2, 0x32, 1638 0x71, 0x45, 0xac, 0x23, 0x4c, 0xc5, 0x94, 0xcb, 0xdd, 0x8d, 1639 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98, 1640 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1, 1641 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11, 1642 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d, 1643 0x77, 0xfc, 0x94, 0xca, 1644 }, 1645 .b = { 1646 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98, 1647 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1, 1648 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11, 1649 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d, 1650 0x77, 0xfc, 0x94, 0xca, 0xdc, 0x08, 0x3e, 0x67, 0x98, 0x40, 1651 0x50, 0xb7, 0x5e, 0xba, 0xe5, 0xdd, 0x28, 0x09, 0xbd, 0x63, 1652 0x80, 0x16, 0xf7, 0x23, 1653 }, 1654 .x = { 1655 0x81, 0xae, 0xe4, 0xbd, 0xd8, 0x2e, 0xd9, 0x64, 0x5a, 0x21, 1656 0x32, 0x2e, 0x9c, 0x4c, 0x6a, 0x93, 0x85, 0xed, 0x9f, 0x70, 1657 0xb5, 0xd9, 0x16, 0xc1, 0xb4, 0x3b, 0x62, 0xee, 0xf4, 0xd0, 1658 0x09, 0x8e, 0xff, 0x3b, 0x1f, 0x78, 0xe2, 0xd0, 0xd4, 0x8d, 1659 0x50, 0xd1, 0x68, 0x7b, 0x93, 0xb9, 0x7d, 0x5f, 0x7c, 0x6d, 1660 0x50, 0x47, 0x40, 0x6a, 0x5e, 0x68, 0x8b, 0x35, 0x22, 0x09, 1661 0xbc, 0xb9, 0xf8, 0x22, 1662 }, 1663 .y = { 1664 0x7d, 0xde, 0x38, 0x5d, 0x56, 0x63, 0x32, 0xec, 0xc0, 0xea, 1665 0xbf, 0xa9, 0xcf, 0x78, 0x22, 0xfd, 0xf2, 0x09, 0xf7, 0x00, 1666 0x24, 0xa5, 0x7b, 0x1a, 0xa0, 0x00, 0xc5, 0x5b, 0x88, 0x1f, 1667 0x81, 0x11, 0xb2, 0xdc, 0xde, 0x49, 0x4a, 0x5f, 0x48, 0x5e, 1668 0x5b, 0xca, 0x4b, 0xd8, 0x8a, 0x27, 0x63, 0xae, 0xd1, 0xca, 1669 0x2b, 0x2f, 0xa8, 0xf0, 0x54, 0x06, 0x78, 0xcd, 0x1e, 0x0f, 1670 0x3a, 0xd8, 0x08, 0x92, 1671 }, 1672 .order = { 1673 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4, 1674 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3, 1675 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33, 1676 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19, 1677 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1, 1678 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82, 1679 0x9c, 0xa9, 0x00, 0x69, 1680 }, 1681 }; 1682 1683 static const struct { 1684 uint8_t p[64]; 1685 uint8_t a[64]; 1686 uint8_t b[64]; 1687 uint8_t x[64]; 1688 uint8_t y[64]; 1689 uint8_t order[64]; 1690 } _EC_brainpoolP512t1 = { 1691 .p = { 1692 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4, 1693 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3, 1694 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33, 1695 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42, 1696 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81, 1697 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56, 1698 0x58, 0x3a, 0x48, 0xf3, 1699 }, 1700 .a = { 1701 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4, 1702 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3, 1703 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33, 1704 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42, 1705 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81, 1706 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56, 1707 0x58, 0x3a, 0x48, 0xf0, 1708 }, 1709 .b = { 1710 0x7c, 0xbb, 0xbc, 0xf9, 0x44, 0x1c, 0xfa, 0xb7, 0x6e, 0x18, 1711 0x90, 0xe4, 0x68, 0x84, 0xea, 0xe3, 0x21, 0xf7, 0x0c, 0x0b, 1712 0xcb, 0x49, 0x81, 0x52, 0x78, 0x97, 0x50, 0x4b, 0xec, 0x3e, 1713 0x36, 0xa6, 0x2b, 0xcd, 0xfa, 0x23, 0x04, 0x97, 0x65, 0x40, 1714 0xf6, 0x45, 0x00, 0x85, 0xf2, 0xda, 0xe1, 0x45, 0xc2, 0x25, 1715 0x53, 0xb4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0e, 0xa2, 0x57, 1716 0x18, 0x67, 0x42, 0x3e, 1717 }, 1718 .x = { 1719 0x64, 0x0e, 0xce, 0x5c, 0x12, 0x78, 0x87, 0x17, 0xb9, 0xc1, 1720 0xba, 0x06, 0xcb, 0xc2, 0xa6, 0xfe, 0xba, 0x85, 0x84, 0x24, 1721 0x58, 0xc5, 0x6d, 0xde, 0x9d, 0xb1, 0x75, 0x8d, 0x39, 0xc0, 1722 0x31, 0x3d, 0x82, 0xba, 0x51, 0x73, 0x5c, 0xdb, 0x3e, 0xa4, 1723 0x99, 0xaa, 0x77, 0xa7, 0xd6, 0x94, 0x3a, 0x64, 0xf7, 0xa3, 1724 0xf2, 0x5f, 0xe2, 0x6f, 0x06, 0xb5, 0x1b, 0xaa, 0x26, 0x96, 1725 0xfa, 0x90, 0x35, 0xda, 1726 }, 1727 .y = { 1728 0x5b, 0x53, 0x4b, 0xd5, 0x95, 0xf5, 0xaf, 0x0f, 0xa2, 0xc8, 1729 0x92, 0x37, 0x6c, 0x84, 0xac, 0xe1, 0xbb, 0x4e, 0x30, 0x19, 1730 0xb7, 0x16, 0x34, 0xc0, 0x11, 0x31, 0x15, 0x9c, 0xae, 0x03, 1731 0xce, 0xe9, 0xd9, 0x93, 0x21, 0x84, 0xbe, 0xef, 0x21, 0x6b, 1732 0xd7, 0x1d, 0xf2, 0xda, 0xdf, 0x86, 0xa6, 0x27, 0x30, 0x6e, 1733 0xcf, 0xf9, 0x6d, 0xbb, 0x8b, 0xac, 0xe1, 0x98, 0xb6, 0x1e, 1734 0x00, 0xf8, 0xb3, 0x32, 1735 }, 1736 .order = { 1737 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4, 1738 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3, 1739 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33, 1740 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19, 1741 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1, 1742 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82, 1743 0x9c, 0xa9, 0x00, 0x69, 1744 }, 1745 }; 1746 1747 static const struct { 1748 uint8_t p[32]; 1749 uint8_t a[32]; 1750 uint8_t b[32]; 1751 uint8_t x[32]; 1752 uint8_t y[32]; 1753 uint8_t order[32]; 1754 } _EC_FRP256v1 = { 1755 .p = { 1756 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12, 1757 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc, 1758 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e, 1759 0x9c, 0x03, 1760 }, 1761 .a = { 1762 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12, 1763 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc, 1764 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e, 1765 0x9c, 0x00, 1766 }, 1767 .b = { 1768 0xee, 0x35, 0x3f, 0xca, 0x54, 0x28, 0xa9, 0x30, 0x0d, 0x4a, 1769 0xba, 0x75, 0x4a, 0x44, 0xc0, 0x0f, 0xdf, 0xec, 0x0c, 0x9a, 1770 0xe4, 0xb1, 0xa1, 0x80, 0x30, 0x75, 0xed, 0x96, 0x7b, 0x7b, 1771 0xb7, 0x3f, 1772 }, 1773 .x = { 1774 0xb6, 0xb3, 0xd4, 0xc3, 0x56, 0xc1, 0x39, 0xeb, 0x31, 0x18, 1775 0x3d, 0x47, 0x49, 0xd4, 0x23, 0x95, 0x8c, 0x27, 0xd2, 0xdc, 1776 0xaf, 0x98, 0xb7, 0x01, 0x64, 0xc9, 0x7a, 0x2d, 0xd9, 0x8f, 1777 0x5c, 0xff, 1778 }, 1779 .y = { 1780 0x61, 0x42, 0xe0, 0xf7, 0xc8, 0xb2, 0x04, 0x91, 0x1f, 0x92, 1781 0x71, 0xf0, 0xf3, 0xec, 0xef, 0x8c, 0x27, 0x01, 0xc3, 0x07, 1782 0xe8, 0xe4, 0xc9, 0xe1, 0x83, 0x11, 0x5a, 0x15, 0x54, 0x06, 1783 0x2c, 0xfb, 1784 }, 1785 .order = { 1786 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12, 1787 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x53, 0xdc, 0x67, 0xe1, 1788 0x40, 0xd2, 0xbf, 0x94, 0x1f, 0xfd, 0xd4, 0x59, 0xc6, 0xd6, 1789 0x55, 0xe1, 1790 }, 1791 }; 1792 1793 #ifndef OPENSSL_NO_GOST 1794 static const struct { 1795 uint8_t p[32]; 1796 uint8_t a[32]; 1797 uint8_t b[32]; 1798 uint8_t x[32]; 1799 uint8_t y[32]; 1800 uint8_t order[32]; 1801 } _EC_GOST_2001_Test = { 1802 .p = { 1803 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1804 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1805 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1806 0x04, 0x31, 1807 }, 1808 .a = { 1809 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1810 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1811 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1812 0x00, 0x07, 1813 }, 1814 .b = { 1815 0x5f, 0xbf, 0xf4, 0x98, 0xaa, 0x93, 0x8c, 0xe7, 0x39, 0xb8, 1816 0xe0, 0x22, 0xfb, 0xaf, 0xef, 0x40, 0x56, 0x3f, 0x6e, 0x6a, 1817 0x34, 0x72, 0xfc, 0x2a, 0x51, 0x4c, 0x0c, 0xe9, 0xda, 0xe2, 1818 0x3b, 0x7e, 1819 }, 1820 .x = { 1821 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1822 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1823 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1824 0x00, 0x02, 1825 }, 1826 .y = { 1827 0x08, 0xe2, 0xa8, 0xa0, 0xe6, 0x51, 0x47, 0xd4, 0xbd, 0x63, 1828 0x16, 0x03, 0x0e, 0x16, 0xd1, 0x9c, 0x85, 0xc9, 0x7f, 0x0a, 1829 0x9c, 0xa2, 0x67, 0x12, 0x2b, 0x96, 0xab, 0xbc, 0xea, 0x7e, 1830 0x8f, 0xc8, 1831 }, 1832 .order = { 1833 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1834 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xfe, 0x8a, 0x18, 1835 0x92, 0x97, 0x61, 0x54, 0xc5, 0x9c, 0xfc, 0x19, 0x3a, 0xcc, 1836 0xf5, 0xb3, 1837 }, 1838 }; 1839 1840 static const struct { 1841 uint8_t p[32]; 1842 uint8_t a[32]; 1843 uint8_t b[32]; 1844 uint8_t x[32]; 1845 uint8_t y[32]; 1846 uint8_t order[32]; 1847 } _EC_GOST_2001_CryptoPro_A = { 1848 .p = { 1849 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1850 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1851 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1852 0xfd, 0x97, 1853 }, 1854 .a = { 1855 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1856 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1857 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1858 0xfd, 0x94, 1859 }, 1860 .b = { 1861 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1863 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1864 0x00, 0xa6, 1865 }, 1866 .x = { 1867 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1868 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1869 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1870 0x00, 0x01, 1871 }, 1872 .y = { 1873 0x8d, 0x91, 0xe4, 0x71, 0xe0, 0x98, 0x9c, 0xda, 0x27, 0xdf, 1874 0x50, 0x5a, 0x45, 0x3f, 0x2b, 0x76, 0x35, 0x29, 0x4f, 0x2d, 1875 0xdf, 0x23, 0xe3, 0xb1, 0x22, 0xac, 0xc9, 0x9c, 0x9e, 0x9f, 1876 0x1e, 0x14, 1877 }, 1878 .order = { 1879 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1880 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x6c, 0x61, 0x10, 0x70, 1881 0x99, 0x5a, 0xd1, 0x00, 0x45, 0x84, 0x1b, 0x09, 0xb7, 0x61, 1882 0xb8, 0x93, 1883 }, 1884 }; 1885 1886 static const struct { 1887 uint8_t p[32]; 1888 uint8_t a[32]; 1889 uint8_t b[32]; 1890 uint8_t x[32]; 1891 uint8_t y[32]; 1892 uint8_t order[32]; 1893 } _EC_GOST_2001_CryptoPro_B = { 1894 .p = { 1895 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1896 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1897 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1898 0x0c, 0x99, 1899 }, 1900 .a = { 1901 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1902 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1903 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1904 0x0c, 0x96, 1905 }, 1906 .b = { 1907 0x3e, 0x1a, 0xf4, 0x19, 0xa2, 0x69, 0xa5, 0xf8, 0x66, 0xa7, 1908 0xd3, 0xc2, 0x5c, 0x3d, 0xf8, 0x0a, 0xe9, 0x79, 0x25, 0x93, 1909 0x73, 0xff, 0x2b, 0x18, 0x2f, 0x49, 0xd4, 0xce, 0x7e, 0x1b, 1910 0xbc, 0x8b, 1911 }, 1912 .x = { 1913 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1914 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1915 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1916 0x00, 0x01, 1917 }, 1918 .y = { 1919 0x3f, 0xa8, 0x12, 0x43, 0x59, 0xf9, 0x66, 0x80, 0xb8, 0x3d, 1920 0x1c, 0x3e, 0xb2, 0xc0, 0x70, 0xe5, 0xc5, 0x45, 0xc9, 0x85, 1921 0x8d, 0x03, 0xec, 0xfb, 0x74, 0x4b, 0xf8, 0xd7, 0x17, 0x71, 1922 0x7e, 0xfc, 1923 }, 1924 .order = { 1925 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1926 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5f, 0x70, 0x0c, 0xff, 1927 0xf1, 0xa6, 0x24, 0xe5, 0xe4, 0x97, 0x16, 0x1b, 0xcc, 0x8a, 1928 0x19, 0x8f, 1929 }, 1930 }; 1931 1932 static const struct { 1933 uint8_t p[32]; 1934 uint8_t a[32]; 1935 uint8_t b[32]; 1936 uint8_t x[32]; 1937 uint8_t y[32]; 1938 uint8_t order[32]; 1939 } _EC_GOST_2001_CryptoPro_C = { 1940 .p = { 1941 0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e, 1942 0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0xcf, 0x84, 0x6e, 0x86, 1943 0x78, 0x90, 0x51, 0xd3, 0x79, 0x98, 0xf7, 0xb9, 0x02, 0x2d, 1944 0x75, 0x9b, 1945 }, 1946 .a = { 1947 0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e, 1948 0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0xcf, 0x84, 0x6e, 0x86, 1949 0x78, 0x90, 0x51, 0xd3, 0x79, 0x98, 0xf7, 0xb9, 0x02, 0x2d, 1950 0x75, 0x98, 1951 }, 1952 .b = { 1953 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1954 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1955 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1956 0x80, 0x5a, 1957 }, 1958 .x = { 1959 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1960 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1961 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1962 0x00, 0x00, 1963 }, 1964 .y = { 1965 0x41, 0xec, 0xe5, 0x57, 0x43, 0x71, 0x1a, 0x8c, 0x3c, 0xbf, 1966 0x37, 0x83, 0xcd, 0x08, 0xc0, 0xee, 0x4d, 0x4d, 0xc4, 0x40, 1967 0xd4, 0x64, 0x1a, 0x8f, 0x36, 0x6e, 0x55, 0x0d, 0xfd, 0xb3, 1968 0xbb, 0x67, 1969 }, 1970 .order = { 1971 0x9b, 0x9f, 0x60, 0x5f, 0x5a, 0x85, 0x81, 0x07, 0xab, 0x1e, 1972 0xc8, 0x5e, 0x6b, 0x41, 0xc8, 0xaa, 0x58, 0x2c, 0xa3, 0x51, 1973 0x1e, 0xdd, 0xfb, 0x74, 0xf0, 0x2f, 0x3a, 0x65, 0x98, 0x98, 1974 0x0b, 0xb9, 1975 }, 1976 }; 1977 1978 /* 1979 * This curve is defined in two birationally equal forms: canonical and Twisted 1980 * Edwards. We do calculations in canonical (Weierstrass) form. 1981 */ 1982 static const struct { 1983 uint8_t p[32]; 1984 uint8_t a[32]; 1985 uint8_t b[32]; 1986 uint8_t x[32]; 1987 uint8_t y[32]; 1988 uint8_t order[32]; 1989 } _EC_GOST_2012_256_TC26_A = { 1990 .p = { 1991 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1992 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1993 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1994 0xfd, 0x97, 1995 }, 1996 .a = { 1997 0xc2, 0x17, 0x3f, 0x15, 0x13, 0x98, 0x16, 0x73, 0xaf, 0x48, 1998 0x92, 0xc2, 0x30, 0x35, 0xa2, 0x7c, 0xe2, 0x5e, 0x20, 0x13, 1999 0xbf, 0x95, 0xaa, 0x33, 0xb2, 0x2c, 0x65, 0x6f, 0x27, 0x7e, 2000 0x73, 0x35, 2001 }, 2002 .b = { 2003 0x29, 0x5f, 0x9b, 0xae, 0x74, 0x28, 0xed, 0x9c, 0xcc, 0x20, 2004 0xe7, 0xc3, 0x59, 0xa9, 0xd4, 0x1a, 0x22, 0xfc, 0xcd, 0x91, 2005 0x08, 0xe1, 0x7b, 0xf7, 0xba, 0x93, 0x37, 0xa6, 0xf8, 0xae, 2006 0x95, 0x13, 2007 }, 2008 .x = { 2009 0x91, 0xe3, 0x84, 0x43, 0xa5, 0xe8, 0x2c, 0x0d, 0x88, 0x09, 2010 0x23, 0x42, 0x57, 0x12, 0xb2, 0xbb, 0x65, 0x8b, 0x91, 0x96, 2011 0x93, 0x2e, 0x02, 0xc7, 0x8b, 0x25, 0x82, 0xfe, 0x74, 0x2d, 2012 0xaa, 0x28, 2013 }, 2014 .y = { 2015 0x32, 0x87, 0x94, 0x23, 0xab, 0x1a, 0x03, 0x75, 0x89, 0x57, 2016 0x86, 0xc4, 0xbb, 0x46, 0xe9, 0x56, 0x5f, 0xde, 0x0b, 0x53, 2017 0x44, 0x76, 0x67, 0x40, 0xaf, 0x26, 0x8a, 0xdb, 0x32, 0x32, 2018 0x2e, 0x5c, 2019 }, 2020 .order = { 2021 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2022 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xd8, 0xcd, 0xdf, 2023 0xc8, 0x7b, 0x66, 0x35, 0xc1, 0x15, 0xaf, 0x55, 0x6c, 0x36, 2024 0x0c, 0x67, 2025 }, 2026 }; 2027 2028 static const struct { 2029 uint8_t p[64]; 2030 uint8_t a[64]; 2031 uint8_t b[64]; 2032 uint8_t x[64]; 2033 uint8_t y[64]; 2034 uint8_t order[64]; 2035 } _EC_GOST_2012_512_Test = { 2036 .p = { 2037 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, 2038 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, 2039 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, 2040 0xd1, 0x5d, 0xf1, 0xd8, 0x52, 0x74, 0x1a, 0xf4, 0x70, 0x4a, 2041 0x04, 0x58, 0x04, 0x7e, 0x80, 0xe4, 0x54, 0x6d, 0x35, 0xb8, 2042 0x33, 0x6f, 0xac, 0x22, 0x4d, 0xd8, 0x16, 0x64, 0xbb, 0xf5, 2043 0x28, 0xbe, 0x63, 0x73, 2044 }, 2045 .a = { 2046 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2047 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2048 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2049 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2050 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2051 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2052 0x00, 0x00, 0x00, 0x07, 2053 }, 2054 .b = { 2055 0x1c, 0xff, 0x08, 0x06, 0xa3, 0x11, 0x16, 0xda, 0x29, 0xd8, 2056 0xcf, 0xa5, 0x4e, 0x57, 0xeb, 0x74, 0x8b, 0xc5, 0xf3, 0x77, 2057 0xe4, 0x94, 0x00, 0xfd, 0xd7, 0x88, 0xb6, 0x49, 0xec, 0xa1, 2058 0xac, 0x43, 0x61, 0x83, 0x40, 0x13, 0xb2, 0xad, 0x73, 0x22, 2059 0x48, 0x0a, 0x89, 0xca, 0x58, 0xe0, 0xcf, 0x74, 0xbc, 0x9e, 2060 0x54, 0x0c, 0x2a, 0xdd, 0x68, 0x97, 0xfa, 0xd0, 0xa3, 0x08, 2061 0x4f, 0x30, 0x2a, 0xdc, 2062 }, 2063 .x = { 2064 0x24, 0xd1, 0x9c, 0xc6, 0x45, 0x72, 0xee, 0x30, 0xf3, 0x96, 2065 0xbf, 0x6e, 0xbb, 0xfd, 0x7a, 0x6c, 0x52, 0x13, 0xb3, 0xb3, 2066 0xd7, 0x05, 0x7c, 0xc8, 0x25, 0xf9, 0x10, 0x93, 0xa6, 0x8c, 2067 0xd7, 0x62, 0xfd, 0x60, 0x61, 0x12, 0x62, 0xcd, 0x83, 0x8d, 2068 0xc6, 0xb6, 0x0a, 0xa7, 0xee, 0xe8, 0x04, 0xe2, 0x8b, 0xc8, 2069 0x49, 0x97, 0x7f, 0xac, 0x33, 0xb4, 0xb5, 0x30, 0xf1, 0xb1, 2070 0x20, 0x24, 0x8a, 0x9a, 2071 }, 2072 .y = { 2073 0x2b, 0xb3, 0x12, 0xa4, 0x3b, 0xd2, 0xce, 0x6e, 0x0d, 0x02, 2074 0x06, 0x13, 0xc8, 0x57, 0xac, 0xdd, 0xcf, 0xbf, 0x06, 0x1e, 2075 0x91, 0xe5, 0xf2, 0xc3, 0xf3, 0x24, 0x47, 0xc2, 0x59, 0xf3, 2076 0x9b, 0x2c, 0x83, 0xab, 0x15, 0x6d, 0x77, 0xf1, 0x49, 0x6b, 2077 0xf7, 0xeb, 0x33, 0x51, 0xe1, 0xee, 0x4e, 0x43, 0xdc, 0x1a, 2078 0x18, 0xb9, 0x1b, 0x24, 0x64, 0x0b, 0x6d, 0xbb, 0x92, 0xcb, 2079 0x1a, 0xdd, 0x37, 0x1e, 2080 }, 2081 .order = { 2082 0x45, 0x31, 0xac, 0xd1, 0xfe, 0x00, 0x23, 0xc7, 0x55, 0x0d, 2083 0x26, 0x7b, 0x6b, 0x2f, 0xee, 0x80, 0x92, 0x2b, 0x14, 0xb2, 2084 0xff, 0xb9, 0x0f, 0x04, 0xd4, 0xeb, 0x7c, 0x09, 0xb5, 0xd2, 2085 0xd1, 0x5d, 0xa8, 0x2f, 0x2d, 0x7e, 0xcb, 0x1d, 0xba, 0xc7, 2086 0x19, 0x90, 0x5c, 0x5e, 0xec, 0xc4, 0x23, 0xf1, 0xd8, 0x6e, 2087 0x25, 0xed, 0xbe, 0x23, 0xc5, 0x95, 0xd6, 0x44, 0xaa, 0xf1, 2088 0x87, 0xe6, 0xe6, 0xdf, 2089 }, 2090 }; 2091 2092 static const struct { 2093 uint8_t p[64]; 2094 uint8_t a[64]; 2095 uint8_t b[64]; 2096 uint8_t x[64]; 2097 uint8_t y[64]; 2098 uint8_t order[64]; 2099 } _EC_GOST_2012_512_TC26_A = { 2100 .p = { 2101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2102 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2103 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2104 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2105 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2106 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2107 0xff, 0xff, 0xfd, 0xc7, 2108 }, 2109 .a = { 2110 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2111 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2112 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2113 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2114 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2115 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2116 0xff, 0xff, 0xfd, 0xc4, 2117 }, 2118 .b = { 2119 0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd, 2120 0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74, 2121 0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b, 2122 0x62, 0x65, 0xee, 0x3c, 0xb0, 0x90, 0xf3, 0x0d, 0x27, 0x61, 2123 0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e, 2124 0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78, 2125 0x5a, 0x71, 0xc7, 0x60, 2126 }, 2127 .x = { 2128 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2129 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2130 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2131 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2132 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2133 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2134 0x00, 0x00, 0x00, 0x03, 2135 }, 2136 .y = { 2137 0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b, 2138 0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93, 2139 0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef, 2140 0xa9, 0x21, 0xdf, 0x16, 0x26, 0xbe, 0x4f, 0xd0, 0x36, 0xe9, 2141 0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28, 2142 0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb, 2143 0x52, 0x15, 0xf2, 0xa4, 2144 }, 2145 .order = { 2146 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2147 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2148 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2149 0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11, 2150 0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b, 2151 0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41, 2152 0x1f, 0x10, 0xb2, 0x75, 2153 }, 2154 }; 2155 2156 static const struct { 2157 uint8_t p[64]; 2158 uint8_t a[64]; 2159 uint8_t b[64]; 2160 uint8_t x[64]; 2161 uint8_t y[64]; 2162 uint8_t order[64]; 2163 } _EC_GOST_2012_512_TC26_B = { 2164 .p = { 2165 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2166 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2167 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2170 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2171 0x00, 0x00, 0x00, 0x6f, 2172 }, 2173 .a = { 2174 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2175 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2177 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2178 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2179 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2180 0x00, 0x00, 0x00, 0x6c, 2181 }, 2182 .b = { 2183 0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e, 2184 0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61, 2185 0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b, 2186 0x28, 0x9f, 0x3e, 0x96, 0x5d, 0x2d, 0xb1, 0x41, 0x6d, 0x21, 2187 0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7, 2188 0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7, 2189 0xc5, 0x14, 0x01, 0x16, 2190 }, 2191 .x = { 2192 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2193 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2194 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2195 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2196 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2197 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2198 0x00, 0x00, 0x00, 0x02, 2199 }, 2200 .y = { 2201 0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07, 2202 0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69, 2203 0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec, 2204 0x73, 0x35, 0xdc, 0xb2, 0x28, 0xfd, 0x1e, 0xdf, 0x4a, 0x39, 2205 0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04, 2206 0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07, 2207 0x80, 0xfe, 0x41, 0xbd, 2208 }, 2209 .order = { 2210 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2213 0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45, 2214 0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99, 2215 0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54, 2216 0x37, 0x4f, 0x25, 0xbd, 2217 }, 2218 }; 2219 2220 /* 2221 * This curve is defined in two birationally equal forms: canonical and Twisted 2222 * Edwards. We do calculations in canonical (Weierstrass) form. 2223 */ 2224 static const struct { 2225 uint8_t p[64]; 2226 uint8_t a[64]; 2227 uint8_t b[64]; 2228 uint8_t x[64]; 2229 uint8_t y[64]; 2230 uint8_t order[64]; 2231 } _EC_GOST_2012_512_TC26_C = { 2232 .p = { 2233 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2234 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2235 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2236 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2237 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2238 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2239 0xff, 0xff, 0xfd, 0xc7, 2240 }, 2241 .a = { 2242 0xdc, 0x92, 0x03, 0xe5, 0x14, 0xa7, 0x21, 0x87, 0x54, 0x85, 2243 0xa5, 0x29, 0xd2, 0xc7, 0x22, 0xfb, 0x18, 0x7b, 0xc8, 0x98, 2244 0x0e, 0xb8, 0x66, 0x64, 0x4d, 0xe4, 0x1c, 0x68, 0xe1, 0x43, 2245 0x06, 0x45, 0x46, 0xe8, 0x61, 0xc0, 0xe2, 0xc9, 0xed, 0xd9, 2246 0x2a, 0xde, 0x71, 0xf4, 0x6f, 0xcf, 0x50, 0xff, 0x2a, 0xd9, 2247 0x7f, 0x95, 0x1f, 0xda, 0x9f, 0x2a, 0x2e, 0xb6, 0x54, 0x6f, 2248 0x39, 0x68, 0x9b, 0xd3, 2249 }, 2250 .b = { 2251 0xb4, 0xc4, 0xee, 0x28, 0xce, 0xbc, 0x6c, 0x2c, 0x8a, 0xc1, 2252 0x29, 0x52, 0xcf, 0x37, 0xf1, 0x6a, 0xc7, 0xef, 0xb6, 0xa9, 2253 0xf6, 0x9f, 0x4b, 0x57, 0xff, 0xda, 0x2e, 0x4f, 0x0d, 0xe5, 2254 0xad, 0xe0, 0x38, 0xcb, 0xc2, 0xff, 0xf7, 0x19, 0xd2, 0xc1, 2255 0x8d, 0xe0, 0x28, 0x4b, 0x8b, 0xfe, 0xf3, 0xb5, 0x2b, 0x8c, 2256 0xc7, 0xa5, 0xf5, 0xbf, 0x0a, 0x3c, 0x8d, 0x23, 0x19, 0xa5, 2257 0x31, 0x25, 0x57, 0xe1, 2258 }, 2259 .x = { 2260 0xe2, 0xe3, 0x1e, 0xdf, 0xc2, 0x3d, 0xe7, 0xbd, 0xeb, 0xe2, 2261 0x41, 0xce, 0x59, 0x3e, 0xf5, 0xde, 0x22, 0x95, 0xb7, 0xa9, 2262 0xcb, 0xae, 0xf0, 0x21, 0xd3, 0x85, 0xf7, 0x07, 0x4c, 0xea, 2263 0x04, 0x3a, 0xa2, 0x72, 0x72, 0xa7, 0xae, 0x60, 0x2b, 0xf2, 2264 0xa7, 0xb9, 0x03, 0x3d, 0xb9, 0xed, 0x36, 0x10, 0xc6, 0xfb, 2265 0x85, 0x48, 0x7e, 0xae, 0x97, 0xaa, 0xc5, 0xbc, 0x79, 0x28, 2266 0xc1, 0x95, 0x01, 0x48, 2267 }, 2268 .y = { 2269 0xf5, 0xce, 0x40, 0xd9, 0x5b, 0x5e, 0xb8, 0x99, 0xab, 0xbc, 2270 0xcf, 0xf5, 0x91, 0x1c, 0xb8, 0x57, 0x79, 0x39, 0x80, 0x4d, 2271 0x65, 0x27, 0x37, 0x8b, 0x8c, 0x10, 0x8c, 0x3d, 0x20, 0x90, 2272 0xff, 0x9b, 0xe1, 0x8e, 0x2d, 0x33, 0xe3, 0x02, 0x1e, 0xd2, 2273 0xef, 0x32, 0xd8, 0x58, 0x22, 0x42, 0x3b, 0x63, 0x04, 0xf7, 2274 0x26, 0xaa, 0x85, 0x4b, 0xae, 0x07, 0xd0, 0x39, 0x6e, 0x9a, 2275 0x9a, 0xdd, 0xc4, 0x0f, 2276 }, 2277 .order = { 2278 0x3f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2279 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2280 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2281 0xff, 0xff, 0xc9, 0x8c, 0xdb, 0xa4, 0x65, 0x06, 0xab, 0x00, 2282 0x4c, 0x33, 0xa9, 0xff, 0x51, 0x47, 0x50, 0x2c, 0xc8, 0xed, 2283 0xa9, 0xe7, 0xa7, 0x69, 0xa1, 0x26, 0x94, 0x62, 0x3c, 0xef, 2284 0x47, 0xf0, 0x23, 0xed, 2285 }, 2286 }; 2287 #endif 2288 2289 static const struct ec_list_element { 2290 const char *comment; 2291 int nid; 2292 int seed_len; 2293 int param_len; 2294 unsigned int cofactor; 2295 const uint8_t *seed; 2296 const uint8_t *p; 2297 const uint8_t *a; 2298 const uint8_t *b; 2299 const uint8_t *x; 2300 const uint8_t *y; 2301 const uint8_t *order; 2302 } curve_list[] = { 2303 /* secg curves */ 2304 { 2305 .comment = "SECG/WTLS curve over a 112 bit prime field", 2306 .nid = NID_secp112r1, 2307 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed), 2308 .param_len = sizeof(_EC_SECG_PRIME_112R1.p), 2309 .seed = _EC_SECG_PRIME_112R1.seed, 2310 .p = _EC_SECG_PRIME_112R1.p, 2311 .a = _EC_SECG_PRIME_112R1.a, 2312 .b = _EC_SECG_PRIME_112R1.b, 2313 .x = _EC_SECG_PRIME_112R1.x, 2314 .y = _EC_SECG_PRIME_112R1.y, 2315 .order = _EC_SECG_PRIME_112R1.order, 2316 .cofactor = 1, 2317 }, 2318 { 2319 .comment = "SECG curve over a 112 bit prime field", 2320 .nid = NID_secp112r2, 2321 .seed_len = sizeof(_EC_SECG_PRIME_112R2.seed), 2322 .param_len = sizeof(_EC_SECG_PRIME_112R2.p), 2323 .seed = _EC_SECG_PRIME_112R2.seed, 2324 .p = _EC_SECG_PRIME_112R2.p, 2325 .a = _EC_SECG_PRIME_112R2.a, 2326 .b = _EC_SECG_PRIME_112R2.b, 2327 .x = _EC_SECG_PRIME_112R2.x, 2328 .y = _EC_SECG_PRIME_112R2.y, 2329 .order = _EC_SECG_PRIME_112R2.order, 2330 .cofactor = 4, 2331 }, 2332 { 2333 .comment = "SECG curve over a 128 bit prime field", 2334 .nid = NID_secp128r1, 2335 .seed_len = sizeof(_EC_SECG_PRIME_128R1.seed), 2336 .param_len = sizeof(_EC_SECG_PRIME_128R1.p), 2337 .seed = _EC_SECG_PRIME_128R1.seed, 2338 .p = _EC_SECG_PRIME_128R1.p, 2339 .a = _EC_SECG_PRIME_128R1.a, 2340 .b = _EC_SECG_PRIME_128R1.b, 2341 .x = _EC_SECG_PRIME_128R1.x, 2342 .y = _EC_SECG_PRIME_128R1.y, 2343 .order = _EC_SECG_PRIME_128R1.order, 2344 .cofactor = 1, 2345 }, 2346 { 2347 .comment = "SECG curve over a 128 bit prime field", 2348 .nid = NID_secp128r2, 2349 .seed_len = sizeof(_EC_SECG_PRIME_128R2.seed), 2350 .param_len = sizeof(_EC_SECG_PRIME_128R2.p), 2351 .seed = _EC_SECG_PRIME_128R2.seed, 2352 .p = _EC_SECG_PRIME_128R2.p, 2353 .a = _EC_SECG_PRIME_128R2.a, 2354 .b = _EC_SECG_PRIME_128R2.b, 2355 .x = _EC_SECG_PRIME_128R2.x, 2356 .y = _EC_SECG_PRIME_128R2.y, 2357 .order = _EC_SECG_PRIME_128R2.order, 2358 .cofactor = 4, 2359 }, 2360 { 2361 .comment = "SECG curve over a 160 bit prime field", 2362 .nid = NID_secp160k1, 2363 .param_len = sizeof(_EC_SECG_PRIME_160K1.p), 2364 .p = _EC_SECG_PRIME_160K1.p, 2365 .a = _EC_SECG_PRIME_160K1.a, 2366 .b = _EC_SECG_PRIME_160K1.b, 2367 .x = _EC_SECG_PRIME_160K1.x, 2368 .y = _EC_SECG_PRIME_160K1.y, 2369 .order = _EC_SECG_PRIME_160K1.order, 2370 .cofactor = 1, 2371 }, 2372 { 2373 .comment = "SECG curve over a 160 bit prime field", 2374 .nid = NID_secp160r1, 2375 .seed_len = sizeof(_EC_SECG_PRIME_160R1.seed), 2376 .param_len = sizeof(_EC_SECG_PRIME_160R1.p), 2377 .seed = _EC_SECG_PRIME_160R1.seed, 2378 .p = _EC_SECG_PRIME_160R1.p, 2379 .a = _EC_SECG_PRIME_160R1.a, 2380 .b = _EC_SECG_PRIME_160R1.b, 2381 .x = _EC_SECG_PRIME_160R1.x, 2382 .y = _EC_SECG_PRIME_160R1.y, 2383 .order = _EC_SECG_PRIME_160R1.order, 2384 .cofactor = 1, 2385 }, 2386 { 2387 .comment = "SECG/WTLS curve over a 160 bit prime field", 2388 .nid = NID_secp160r2, 2389 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed), 2390 .param_len = sizeof(_EC_SECG_PRIME_160R2.p), 2391 .seed = _EC_SECG_PRIME_160R2.seed, 2392 .p = _EC_SECG_PRIME_160R2.p, 2393 .a = _EC_SECG_PRIME_160R2.a, 2394 .b = _EC_SECG_PRIME_160R2.b, 2395 .x = _EC_SECG_PRIME_160R2.x, 2396 .y = _EC_SECG_PRIME_160R2.y, 2397 .order = _EC_SECG_PRIME_160R2.order, 2398 .cofactor = 1, 2399 }, 2400 /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ 2401 { 2402 .comment = "SECG curve over a 192 bit prime field", 2403 .nid = NID_secp192k1, 2404 .param_len = sizeof(_EC_SECG_PRIME_192K1.p), 2405 .p = _EC_SECG_PRIME_192K1.p, 2406 .a = _EC_SECG_PRIME_192K1.a, 2407 .b = _EC_SECG_PRIME_192K1.b, 2408 .x = _EC_SECG_PRIME_192K1.x, 2409 .y = _EC_SECG_PRIME_192K1.y, 2410 .order = _EC_SECG_PRIME_192K1.order, 2411 .cofactor = 1, 2412 }, 2413 { 2414 .comment = "SECG curve over a 224 bit prime field", 2415 .nid = NID_secp224k1, 2416 .param_len = sizeof(_EC_SECG_PRIME_224K1.p), 2417 .p = _EC_SECG_PRIME_224K1.p, 2418 .a = _EC_SECG_PRIME_224K1.a, 2419 .b = _EC_SECG_PRIME_224K1.b, 2420 .x = _EC_SECG_PRIME_224K1.x, 2421 .y = _EC_SECG_PRIME_224K1.y, 2422 .order = _EC_SECG_PRIME_224K1.order, 2423 .cofactor = 1, 2424 }, 2425 { 2426 .comment = "NIST/SECG curve over a 224 bit prime field", 2427 .nid = NID_secp224r1, 2428 .seed_len = sizeof(_EC_NIST_PRIME_224.seed), 2429 .param_len = sizeof(_EC_NIST_PRIME_224.p), 2430 .seed = _EC_NIST_PRIME_224.seed, 2431 .p = _EC_NIST_PRIME_224.p, 2432 .a = _EC_NIST_PRIME_224.a, 2433 .b = _EC_NIST_PRIME_224.b, 2434 .x = _EC_NIST_PRIME_224.x, 2435 .y = _EC_NIST_PRIME_224.y, 2436 .order = _EC_NIST_PRIME_224.order, 2437 .cofactor = 1, 2438 }, 2439 { 2440 .comment = "SECG curve over a 256 bit prime field", 2441 .nid = NID_secp256k1, 2442 .param_len = sizeof(_EC_SECG_PRIME_256K1.p), 2443 .p = _EC_SECG_PRIME_256K1.p, 2444 .a = _EC_SECG_PRIME_256K1.a, 2445 .b = _EC_SECG_PRIME_256K1.b, 2446 .x = _EC_SECG_PRIME_256K1.x, 2447 .y = _EC_SECG_PRIME_256K1.y, 2448 .order = _EC_SECG_PRIME_256K1.order, 2449 .cofactor = 1, 2450 }, 2451 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ 2452 { 2453 .comment = "NIST/SECG curve over a 384 bit prime field", 2454 .nid = NID_secp384r1, 2455 .seed_len = sizeof(_EC_NIST_PRIME_384.seed), 2456 .param_len = sizeof(_EC_NIST_PRIME_384.p), 2457 .seed = _EC_NIST_PRIME_384.seed, 2458 .p = _EC_NIST_PRIME_384.p, 2459 .a = _EC_NIST_PRIME_384.a, 2460 .b = _EC_NIST_PRIME_384.b, 2461 .x = _EC_NIST_PRIME_384.x, 2462 .y = _EC_NIST_PRIME_384.y, 2463 .order = _EC_NIST_PRIME_384.order, 2464 .cofactor = 1, 2465 }, 2466 { 2467 .comment = "NIST/SECG curve over a 521 bit prime field", 2468 .nid = NID_secp521r1, 2469 .seed_len = sizeof(_EC_NIST_PRIME_521.seed), 2470 .param_len = sizeof(_EC_NIST_PRIME_521.p), 2471 .seed = _EC_NIST_PRIME_521.seed, 2472 .p = _EC_NIST_PRIME_521.p, 2473 .a = _EC_NIST_PRIME_521.a, 2474 .b = _EC_NIST_PRIME_521.b, 2475 .x = _EC_NIST_PRIME_521.x, 2476 .y = _EC_NIST_PRIME_521.y, 2477 .order = _EC_NIST_PRIME_521.order, 2478 .cofactor = 1, 2479 }, 2480 /* X9.62 curves */ 2481 { 2482 .comment = "NIST/X9.62/SECG curve over a 192 bit prime field", 2483 .nid = NID_X9_62_prime192v1, 2484 .seed_len = sizeof(_EC_NIST_PRIME_192.seed), 2485 .param_len = sizeof(_EC_NIST_PRIME_192.p), 2486 .seed = _EC_NIST_PRIME_192.seed, 2487 .p = _EC_NIST_PRIME_192.p, 2488 .a = _EC_NIST_PRIME_192.a, 2489 .b = _EC_NIST_PRIME_192.b, 2490 .x = _EC_NIST_PRIME_192.x, 2491 .y = _EC_NIST_PRIME_192.y, 2492 .order = _EC_NIST_PRIME_192.order, 2493 .cofactor = 1, 2494 }, 2495 { 2496 .comment = "X9.62 curve over a 192 bit prime field", 2497 .nid = NID_X9_62_prime192v2, 2498 .seed_len = sizeof(_EC_X9_62_PRIME_192V2.seed), 2499 .param_len = sizeof(_EC_X9_62_PRIME_192V2.p), 2500 .seed = _EC_X9_62_PRIME_192V2.seed, 2501 .p = _EC_X9_62_PRIME_192V2.p, 2502 .a = _EC_X9_62_PRIME_192V2.a, 2503 .b = _EC_X9_62_PRIME_192V2.b, 2504 .x = _EC_X9_62_PRIME_192V2.x, 2505 .y = _EC_X9_62_PRIME_192V2.y, 2506 .order = _EC_X9_62_PRIME_192V2.order, 2507 .cofactor = 1, 2508 }, 2509 { 2510 .comment = "X9.62 curve over a 192 bit prime field", 2511 .nid = NID_X9_62_prime192v3, 2512 .seed_len = sizeof(_EC_X9_62_PRIME_192V3.seed), 2513 .param_len = sizeof(_EC_X9_62_PRIME_192V3.p), 2514 .seed = _EC_X9_62_PRIME_192V3.seed, 2515 .p = _EC_X9_62_PRIME_192V3.p, 2516 .a = _EC_X9_62_PRIME_192V3.a, 2517 .b = _EC_X9_62_PRIME_192V3.b, 2518 .x = _EC_X9_62_PRIME_192V3.x, 2519 .y = _EC_X9_62_PRIME_192V3.y, 2520 .order = _EC_X9_62_PRIME_192V3.order, 2521 .cofactor = 1, 2522 }, 2523 { 2524 .comment = "X9.62 curve over a 239 bit prime field", 2525 .nid = NID_X9_62_prime239v1, 2526 .seed_len = sizeof(_EC_X9_62_PRIME_239V1.seed), 2527 .param_len = sizeof(_EC_X9_62_PRIME_239V1.p), 2528 .seed = _EC_X9_62_PRIME_239V1.seed, 2529 .p = _EC_X9_62_PRIME_239V1.p, 2530 .a = _EC_X9_62_PRIME_239V1.a, 2531 .b = _EC_X9_62_PRIME_239V1.b, 2532 .x = _EC_X9_62_PRIME_239V1.x, 2533 .y = _EC_X9_62_PRIME_239V1.y, 2534 .order = _EC_X9_62_PRIME_239V1.order, 2535 .cofactor = 1, 2536 }, 2537 { 2538 .comment = "X9.62 curve over a 239 bit prime field", 2539 .nid = NID_X9_62_prime239v2, 2540 .seed_len = sizeof(_EC_X9_62_PRIME_239V2.seed), 2541 .param_len = sizeof(_EC_X9_62_PRIME_239V2.p), 2542 .seed = _EC_X9_62_PRIME_239V2.seed, 2543 .p = _EC_X9_62_PRIME_239V2.p, 2544 .a = _EC_X9_62_PRIME_239V2.a, 2545 .b = _EC_X9_62_PRIME_239V2.b, 2546 .x = _EC_X9_62_PRIME_239V2.x, 2547 .y = _EC_X9_62_PRIME_239V2.y, 2548 .order = _EC_X9_62_PRIME_239V2.order, 2549 .cofactor = 1, 2550 }, 2551 { 2552 .comment = "X9.62 curve over a 239 bit prime field", 2553 .nid = NID_X9_62_prime239v3, 2554 .seed_len = sizeof(_EC_X9_62_PRIME_239V3.seed), 2555 .param_len = sizeof(_EC_X9_62_PRIME_239V3.p), 2556 .seed = _EC_X9_62_PRIME_239V3.seed, 2557 .p = _EC_X9_62_PRIME_239V3.p, 2558 .a = _EC_X9_62_PRIME_239V3.a, 2559 .b = _EC_X9_62_PRIME_239V3.b, 2560 .x = _EC_X9_62_PRIME_239V3.x, 2561 .y = _EC_X9_62_PRIME_239V3.y, 2562 .order = _EC_X9_62_PRIME_239V3.order, 2563 .cofactor = 1, 2564 }, 2565 { 2566 .comment = "X9.62/SECG curve over a 256 bit prime field", 2567 .nid = NID_X9_62_prime256v1, 2568 .seed_len = sizeof(_EC_X9_62_PRIME_256V1.seed), 2569 .param_len = sizeof(_EC_X9_62_PRIME_256V1.p), 2570 .seed = _EC_X9_62_PRIME_256V1.seed, 2571 .p = _EC_X9_62_PRIME_256V1.p, 2572 .a = _EC_X9_62_PRIME_256V1.a, 2573 .b = _EC_X9_62_PRIME_256V1.b, 2574 .x = _EC_X9_62_PRIME_256V1.x, 2575 .y = _EC_X9_62_PRIME_256V1.y, 2576 .order = _EC_X9_62_PRIME_256V1.order, 2577 .cofactor = 1, 2578 }, 2579 { 2580 .comment = "SECG/WTLS curve over a 112 bit prime field", 2581 .nid = NID_wap_wsg_idm_ecid_wtls6, 2582 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed), 2583 .param_len = sizeof(_EC_SECG_PRIME_112R1.p), 2584 .seed = _EC_SECG_PRIME_112R1.seed, 2585 .p = _EC_SECG_PRIME_112R1.p, 2586 .a = _EC_SECG_PRIME_112R1.a, 2587 .b = _EC_SECG_PRIME_112R1.b, 2588 .x = _EC_SECG_PRIME_112R1.x, 2589 .y = _EC_SECG_PRIME_112R1.y, 2590 .order = _EC_SECG_PRIME_112R1.order, 2591 .cofactor = 1, 2592 }, 2593 { 2594 .comment = "SECG/WTLS curve over a 160 bit prime field", 2595 .nid = NID_wap_wsg_idm_ecid_wtls7, 2596 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed), 2597 .param_len = sizeof(_EC_SECG_PRIME_160R2.p), 2598 .seed = _EC_SECG_PRIME_160R2.seed, 2599 .p = _EC_SECG_PRIME_160R2.p, 2600 .a = _EC_SECG_PRIME_160R2.a, 2601 .b = _EC_SECG_PRIME_160R2.b, 2602 .x = _EC_SECG_PRIME_160R2.x, 2603 .y = _EC_SECG_PRIME_160R2.y, 2604 .order = _EC_SECG_PRIME_160R2.order, 2605 .cofactor = 1, 2606 }, 2607 { 2608 .comment = "WTLS curve over a 112 bit prime field", 2609 .nid = NID_wap_wsg_idm_ecid_wtls8, 2610 .param_len = sizeof(_EC_WTLS_8.p), 2611 .p = _EC_WTLS_8.p, 2612 .a = _EC_WTLS_8.a, 2613 .b = _EC_WTLS_8.b, 2614 .x = _EC_WTLS_8.x, 2615 .y = _EC_WTLS_8.y, 2616 .order = _EC_WTLS_8.order, 2617 .cofactor = 1, 2618 }, 2619 { 2620 .comment = "WTLS curve over a 160 bit prime field", 2621 .nid = NID_wap_wsg_idm_ecid_wtls9, 2622 .param_len = sizeof(_EC_WTLS_9.p), 2623 .p = _EC_WTLS_9.p, 2624 .a = _EC_WTLS_9.a, 2625 .b = _EC_WTLS_9.b, 2626 .x = _EC_WTLS_9.x, 2627 .y = _EC_WTLS_9.y, 2628 .order = _EC_WTLS_9.order, 2629 .cofactor = 1, 2630 }, 2631 { 2632 .comment = "WTLS curve over a 224 bit prime field", 2633 .nid = NID_wap_wsg_idm_ecid_wtls12, 2634 .param_len = sizeof(_EC_WTLS_12.p), 2635 .p = _EC_WTLS_12.p, 2636 .a = _EC_WTLS_12.a, 2637 .b = _EC_WTLS_12.b, 2638 .x = _EC_WTLS_12.x, 2639 .y = _EC_WTLS_12.y, 2640 .order = _EC_WTLS_12.order, 2641 .cofactor = 1, 2642 }, 2643 /* RFC 5639 curves */ 2644 { 2645 .comment = "RFC 5639 curve over a 160 bit prime field", 2646 .nid = NID_brainpoolP160r1, 2647 .param_len = sizeof(_EC_brainpoolP160r1.p), 2648 .p = _EC_brainpoolP160r1.p, 2649 .a = _EC_brainpoolP160r1.a, 2650 .b = _EC_brainpoolP160r1.b, 2651 .x = _EC_brainpoolP160r1.x, 2652 .y = _EC_brainpoolP160r1.y, 2653 .order = _EC_brainpoolP160r1.order, 2654 .cofactor = 1, 2655 }, 2656 { 2657 .comment = "RFC 5639 curve over a 160 bit prime field", 2658 .nid = NID_brainpoolP160t1, 2659 .param_len = sizeof(_EC_brainpoolP160t1.p), 2660 .p = _EC_brainpoolP160t1.p, 2661 .a = _EC_brainpoolP160t1.a, 2662 .b = _EC_brainpoolP160t1.b, 2663 .x = _EC_brainpoolP160t1.x, 2664 .y = _EC_brainpoolP160t1.y, 2665 .order = _EC_brainpoolP160t1.order, 2666 .cofactor = 1, 2667 }, 2668 { 2669 .comment = "RFC 5639 curve over a 192 bit prime field", 2670 .nid = NID_brainpoolP192r1, 2671 .param_len = sizeof(_EC_brainpoolP192r1.p), 2672 .p = _EC_brainpoolP192r1.p, 2673 .a = _EC_brainpoolP192r1.a, 2674 .b = _EC_brainpoolP192r1.b, 2675 .x = _EC_brainpoolP192r1.x, 2676 .y = _EC_brainpoolP192r1.y, 2677 .order = _EC_brainpoolP192r1.order, 2678 .cofactor = 1, 2679 }, 2680 { 2681 .comment = "RFC 5639 curve over a 192 bit prime field", 2682 .nid = NID_brainpoolP192t1, 2683 .param_len = sizeof(_EC_brainpoolP192t1.p), 2684 .p = _EC_brainpoolP192t1.p, 2685 .a = _EC_brainpoolP192t1.a, 2686 .b = _EC_brainpoolP192t1.b, 2687 .x = _EC_brainpoolP192t1.x, 2688 .y = _EC_brainpoolP192t1.y, 2689 .order = _EC_brainpoolP192t1.order, 2690 .cofactor = 1, 2691 }, 2692 { 2693 .comment = "RFC 5639 curve over a 224 bit prime field", 2694 .nid = NID_brainpoolP224r1, 2695 .param_len = sizeof(_EC_brainpoolP224r1.p), 2696 .p = _EC_brainpoolP224r1.p, 2697 .a = _EC_brainpoolP224r1.a, 2698 .b = _EC_brainpoolP224r1.b, 2699 .x = _EC_brainpoolP224r1.x, 2700 .y = _EC_brainpoolP224r1.y, 2701 .order = _EC_brainpoolP224r1.order, 2702 .cofactor = 1, 2703 }, 2704 { 2705 .comment = "RFC 5639 curve over a 224 bit prime field", 2706 .nid = NID_brainpoolP224t1, 2707 .param_len = sizeof(_EC_brainpoolP224t1.p), 2708 .p = _EC_brainpoolP224t1.p, 2709 .a = _EC_brainpoolP224t1.a, 2710 .b = _EC_brainpoolP224t1.b, 2711 .x = _EC_brainpoolP224t1.x, 2712 .y = _EC_brainpoolP224t1.y, 2713 .order = _EC_brainpoolP224t1.order, 2714 .cofactor = 1, 2715 }, 2716 { 2717 .comment = "RFC 5639 curve over a 256 bit prime field", 2718 .nid = NID_brainpoolP256r1, 2719 .param_len = sizeof(_EC_brainpoolP256r1.p), 2720 .p = _EC_brainpoolP256r1.p, 2721 .a = _EC_brainpoolP256r1.a, 2722 .b = _EC_brainpoolP256r1.b, 2723 .x = _EC_brainpoolP256r1.x, 2724 .y = _EC_brainpoolP256r1.y, 2725 .order = _EC_brainpoolP256r1.order, 2726 .cofactor = 1, 2727 }, 2728 { 2729 .comment = "RFC 5639 curve over a 256 bit prime field", 2730 .nid = NID_brainpoolP256t1, 2731 .param_len = sizeof(_EC_brainpoolP256t1.p), 2732 .p = _EC_brainpoolP256t1.p, 2733 .a = _EC_brainpoolP256t1.a, 2734 .b = _EC_brainpoolP256t1.b, 2735 .x = _EC_brainpoolP256t1.x, 2736 .y = _EC_brainpoolP256t1.y, 2737 .order = _EC_brainpoolP256t1.order, 2738 .cofactor = 1, 2739 }, 2740 { 2741 .comment = "RFC 5639 curve over a 320 bit prime field", 2742 .nid = NID_brainpoolP320r1, 2743 .param_len = sizeof(_EC_brainpoolP320r1.p), 2744 .p = _EC_brainpoolP320r1.p, 2745 .a = _EC_brainpoolP320r1.a, 2746 .b = _EC_brainpoolP320r1.b, 2747 .x = _EC_brainpoolP320r1.x, 2748 .y = _EC_brainpoolP320r1.y, 2749 .order = _EC_brainpoolP320r1.order, 2750 .cofactor = 1, 2751 }, 2752 { 2753 .comment = "RFC 5639 curve over a 320 bit prime field", 2754 .nid = NID_brainpoolP320t1, 2755 .param_len = sizeof(_EC_brainpoolP320t1.p), 2756 .p = _EC_brainpoolP320t1.p, 2757 .a = _EC_brainpoolP320t1.a, 2758 .b = _EC_brainpoolP320t1.b, 2759 .x = _EC_brainpoolP320t1.x, 2760 .y = _EC_brainpoolP320t1.y, 2761 .order = _EC_brainpoolP320t1.order, 2762 .cofactor = 1, 2763 }, 2764 { 2765 .comment = "RFC 5639 curve over a 384 bit prime field", 2766 .nid = NID_brainpoolP384r1, 2767 .param_len = sizeof(_EC_brainpoolP384r1.p), 2768 .p = _EC_brainpoolP384r1.p, 2769 .a = _EC_brainpoolP384r1.a, 2770 .b = _EC_brainpoolP384r1.b, 2771 .x = _EC_brainpoolP384r1.x, 2772 .y = _EC_brainpoolP384r1.y, 2773 .order = _EC_brainpoolP384r1.order, 2774 .cofactor = 1, 2775 }, 2776 { 2777 .comment = "RFC 5639 curve over a 384 bit prime field", 2778 .nid = NID_brainpoolP384t1, 2779 .param_len = sizeof(_EC_brainpoolP384t1.p), 2780 .p = _EC_brainpoolP384t1.p, 2781 .a = _EC_brainpoolP384t1.a, 2782 .b = _EC_brainpoolP384t1.b, 2783 .x = _EC_brainpoolP384t1.x, 2784 .y = _EC_brainpoolP384t1.y, 2785 .order = _EC_brainpoolP384t1.order, 2786 .cofactor = 1, 2787 }, 2788 { 2789 .comment = "RFC 5639 curve over a 512 bit prime field", 2790 .nid = NID_brainpoolP512r1, 2791 .param_len = sizeof(_EC_brainpoolP512r1.p), 2792 .p = _EC_brainpoolP512r1.p, 2793 .a = _EC_brainpoolP512r1.a, 2794 .b = _EC_brainpoolP512r1.b, 2795 .x = _EC_brainpoolP512r1.x, 2796 .y = _EC_brainpoolP512r1.y, 2797 .order = _EC_brainpoolP512r1.order, 2798 .cofactor = 1, 2799 }, 2800 { 2801 .comment = "RFC 5639 curve over a 512 bit prime field", 2802 .nid = NID_brainpoolP512t1, 2803 .param_len = sizeof(_EC_brainpoolP512t1.p), 2804 .p = _EC_brainpoolP512t1.p, 2805 .a = _EC_brainpoolP512t1.a, 2806 .b = _EC_brainpoolP512t1.b, 2807 .x = _EC_brainpoolP512t1.x, 2808 .y = _EC_brainpoolP512t1.y, 2809 .order = _EC_brainpoolP512t1.order, 2810 .cofactor = 1, 2811 }, 2812 /* ANSSI */ 2813 { 2814 .comment = "FRP256v1", 2815 .nid = NID_FRP256v1, 2816 .param_len = sizeof(_EC_FRP256v1.p), 2817 .p = _EC_FRP256v1.p, 2818 .a = _EC_FRP256v1.a, 2819 .b = _EC_FRP256v1.b, 2820 .x = _EC_FRP256v1.x, 2821 .y = _EC_FRP256v1.y, 2822 .order = _EC_FRP256v1.order, 2823 .cofactor = 1, 2824 }, 2825 #ifndef OPENSSL_NO_GOST 2826 /* GOST R 34.10-2001 */ 2827 { 2828 .comment = "GOST R 34.10-2001 Test Curve", 2829 .nid = NID_id_GostR3410_2001_TestParamSet, 2830 .param_len = sizeof(_EC_GOST_2001_Test.p), 2831 .p = _EC_GOST_2001_Test.p, 2832 .a = _EC_GOST_2001_Test.a, 2833 .b = _EC_GOST_2001_Test.b, 2834 .x = _EC_GOST_2001_Test.x, 2835 .y = _EC_GOST_2001_Test.y, 2836 .order = _EC_GOST_2001_Test.order, 2837 .cofactor = 1, 2838 }, 2839 { 2840 .comment = "GOST R 34.10-2001 CryptoPro-A", 2841 .nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 2842 .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p), 2843 .p = _EC_GOST_2001_CryptoPro_A.p, 2844 .a = _EC_GOST_2001_CryptoPro_A.a, 2845 .b = _EC_GOST_2001_CryptoPro_A.b, 2846 .x = _EC_GOST_2001_CryptoPro_A.x, 2847 .y = _EC_GOST_2001_CryptoPro_A.y, 2848 .order = _EC_GOST_2001_CryptoPro_A.order, 2849 .cofactor = 1, 2850 }, 2851 { 2852 .comment = "GOST R 34.10-2001 CryptoPro-B", 2853 .nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 2854 .param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p), 2855 .p = _EC_GOST_2001_CryptoPro_B.p, 2856 .a = _EC_GOST_2001_CryptoPro_B.a, 2857 .b = _EC_GOST_2001_CryptoPro_B.b, 2858 .x = _EC_GOST_2001_CryptoPro_B.x, 2859 .y = _EC_GOST_2001_CryptoPro_B.y, 2860 .order = _EC_GOST_2001_CryptoPro_B.order, 2861 .cofactor = 1, 2862 }, 2863 { 2864 .comment = "GOST R 34.10-2001 CryptoPro-C", 2865 .nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 2866 .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p), 2867 .p = _EC_GOST_2001_CryptoPro_C.p, 2868 .a = _EC_GOST_2001_CryptoPro_C.a, 2869 .b = _EC_GOST_2001_CryptoPro_C.b, 2870 .x = _EC_GOST_2001_CryptoPro_C.x, 2871 .y = _EC_GOST_2001_CryptoPro_C.y, 2872 .order = _EC_GOST_2001_CryptoPro_C.order, 2873 .cofactor = 1, 2874 }, 2875 { 2876 .comment = "GOST R 34.10-2001 CryptoPro-XchA", 2877 .nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 2878 .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p), 2879 .p = _EC_GOST_2001_CryptoPro_A.p, 2880 .a = _EC_GOST_2001_CryptoPro_A.a, 2881 .b = _EC_GOST_2001_CryptoPro_A.b, 2882 .x = _EC_GOST_2001_CryptoPro_A.x, 2883 .y = _EC_GOST_2001_CryptoPro_A.y, 2884 .order = _EC_GOST_2001_CryptoPro_A.order, 2885 .cofactor = 1, 2886 }, 2887 { 2888 .comment = "GOST R 34.10-2001 CryptoPro-XchB", 2889 .nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 2890 .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p), 2891 .p = _EC_GOST_2001_CryptoPro_C.p, 2892 .a = _EC_GOST_2001_CryptoPro_C.a, 2893 .b = _EC_GOST_2001_CryptoPro_C.b, 2894 .x = _EC_GOST_2001_CryptoPro_C.x, 2895 .y = _EC_GOST_2001_CryptoPro_C.y, 2896 .order = _EC_GOST_2001_CryptoPro_C.order, 2897 .cofactor = 1, 2898 }, 2899 { 2900 .comment = "GOST R 34.10-2012 256 TC26-A", 2901 .nid = NID_id_tc26_gost_3410_12_256_paramSetA, 2902 .param_len = sizeof(_EC_GOST_2012_256_TC26_A.p), 2903 .p = _EC_GOST_2012_256_TC26_A.p, 2904 .a = _EC_GOST_2012_256_TC26_A.a, 2905 .b = _EC_GOST_2012_256_TC26_A.b, 2906 .x = _EC_GOST_2012_256_TC26_A.x, 2907 .y = _EC_GOST_2012_256_TC26_A.y, 2908 .order = _EC_GOST_2012_256_TC26_A.order, 2909 .cofactor = 4, 2910 }, 2911 { 2912 .comment = "GOST R 34.10-2012 256 TC26-B", 2913 .nid = NID_id_tc26_gost_3410_12_256_paramSetB, 2914 .param_len = sizeof(_EC_GOST_2001_CryptoPro_A.p), 2915 .p = _EC_GOST_2001_CryptoPro_A.p, 2916 .a = _EC_GOST_2001_CryptoPro_A.a, 2917 .b = _EC_GOST_2001_CryptoPro_A.b, 2918 .x = _EC_GOST_2001_CryptoPro_A.x, 2919 .y = _EC_GOST_2001_CryptoPro_A.y, 2920 .order = _EC_GOST_2001_CryptoPro_A.order, 2921 .cofactor = 1, 2922 }, 2923 { 2924 .comment = "GOST R 34.10-2012 256 TC26-C", 2925 .nid = NID_id_tc26_gost_3410_12_256_paramSetC, 2926 .param_len = sizeof(_EC_GOST_2001_CryptoPro_B.p), 2927 .p = _EC_GOST_2001_CryptoPro_B.p, 2928 .a = _EC_GOST_2001_CryptoPro_B.a, 2929 .b = _EC_GOST_2001_CryptoPro_B.b, 2930 .x = _EC_GOST_2001_CryptoPro_B.x, 2931 .y = _EC_GOST_2001_CryptoPro_B.y, 2932 .order = _EC_GOST_2001_CryptoPro_B.order, 2933 .cofactor = 1, 2934 }, 2935 { 2936 .comment = "GOST R 34.10-2012 256 TC26-D", 2937 .nid = NID_id_tc26_gost_3410_12_256_paramSetD, 2938 .param_len = sizeof(_EC_GOST_2001_CryptoPro_C.p), 2939 .p = _EC_GOST_2001_CryptoPro_C.p, 2940 .a = _EC_GOST_2001_CryptoPro_C.a, 2941 .b = _EC_GOST_2001_CryptoPro_C.b, 2942 .x = _EC_GOST_2001_CryptoPro_C.x, 2943 .y = _EC_GOST_2001_CryptoPro_C.y, 2944 .order = _EC_GOST_2001_CryptoPro_C.order, 2945 .cofactor = 1, 2946 }, 2947 { 2948 .comment = "GOST R 34.10-2012 512 Test Curve", 2949 .nid = NID_id_tc26_gost_3410_12_512_paramSetTest, 2950 .param_len = sizeof(_EC_GOST_2012_512_Test.p), 2951 .p = _EC_GOST_2012_512_Test.p, 2952 .a = _EC_GOST_2012_512_Test.a, 2953 .b = _EC_GOST_2012_512_Test.b, 2954 .x = _EC_GOST_2012_512_Test.x, 2955 .y = _EC_GOST_2012_512_Test.y, 2956 .order = _EC_GOST_2012_512_Test.order, 2957 .cofactor = 1, 2958 }, 2959 { 2960 .comment = "GOST R 34.10-2012 512 TC26-A", 2961 .nid = NID_id_tc26_gost_3410_12_512_paramSetA, 2962 .param_len = sizeof(_EC_GOST_2012_512_TC26_A.p), 2963 .p = _EC_GOST_2012_512_TC26_A.p, 2964 .a = _EC_GOST_2012_512_TC26_A.a, 2965 .b = _EC_GOST_2012_512_TC26_A.b, 2966 .x = _EC_GOST_2012_512_TC26_A.x, 2967 .y = _EC_GOST_2012_512_TC26_A.y, 2968 .order = _EC_GOST_2012_512_TC26_A.order, 2969 .cofactor = 1, 2970 }, 2971 { 2972 .comment = "GOST R 34.10-2012 512 TC26-B", 2973 .nid = NID_id_tc26_gost_3410_12_512_paramSetB, 2974 .param_len = sizeof(_EC_GOST_2012_512_TC26_B.p), 2975 .p = _EC_GOST_2012_512_TC26_B.p, 2976 .a = _EC_GOST_2012_512_TC26_B.a, 2977 .b = _EC_GOST_2012_512_TC26_B.b, 2978 .x = _EC_GOST_2012_512_TC26_B.x, 2979 .y = _EC_GOST_2012_512_TC26_B.y, 2980 .order = _EC_GOST_2012_512_TC26_B.order, 2981 .cofactor = 1, 2982 }, 2983 { 2984 .comment = "GOST R 34.10-2012 512 TC26-C", 2985 .nid = NID_id_tc26_gost_3410_12_512_paramSetC, 2986 .param_len = sizeof(_EC_GOST_2012_512_TC26_C.p), 2987 .p = _EC_GOST_2012_512_TC26_C.p, 2988 .a = _EC_GOST_2012_512_TC26_C.a, 2989 .b = _EC_GOST_2012_512_TC26_C.b, 2990 .x = _EC_GOST_2012_512_TC26_C.x, 2991 .y = _EC_GOST_2012_512_TC26_C.y, 2992 .order = _EC_GOST_2012_512_TC26_C.order, 2993 .cofactor = 4, 2994 }, 2995 #endif 2996 }; 2997 2998 #define CURVE_LIST_LENGTH (sizeof(curve_list) / sizeof(curve_list[0])) 2999 3000 static EC_GROUP * 3001 ec_group_new_from_data(const struct ec_list_element *curve) 3002 { 3003 EC_GROUP *group = NULL, *ret = NULL; 3004 EC_POINT *generator = NULL; 3005 BN_CTX *ctx = NULL; 3006 BIGNUM *p, *a, *b, *x, *y, *order, *cofactor; 3007 3008 if ((ctx = BN_CTX_new()) == NULL) { 3009 ECerror(ERR_R_MALLOC_FAILURE); 3010 goto err; 3011 } 3012 BN_CTX_start(ctx); 3013 3014 if ((p = BN_CTX_get(ctx)) == NULL) { 3015 ECerror(ERR_R_BN_LIB); 3016 goto err; 3017 } 3018 if ((a = BN_CTX_get(ctx)) == NULL) { 3019 ECerror(ERR_R_BN_LIB); 3020 goto err; 3021 } 3022 if ((b = BN_CTX_get(ctx)) == NULL) { 3023 ECerror(ERR_R_BN_LIB); 3024 goto err; 3025 } 3026 if ((x = BN_CTX_get(ctx)) == NULL) { 3027 ECerror(ERR_R_BN_LIB); 3028 goto err; 3029 } 3030 if ((y = BN_CTX_get(ctx)) == NULL) { 3031 ECerror(ERR_R_BN_LIB); 3032 goto err; 3033 } 3034 if ((order = BN_CTX_get(ctx)) == NULL) { 3035 ECerror(ERR_R_BN_LIB); 3036 goto err; 3037 } 3038 if ((cofactor = BN_CTX_get(ctx)) == NULL) { 3039 ECerror(ERR_R_BN_LIB); 3040 goto err; 3041 } 3042 3043 if (BN_bin2bn(curve->p, curve->param_len, p) == NULL) { 3044 ECerror(ERR_R_BN_LIB); 3045 goto err; 3046 } 3047 if (BN_bin2bn(curve->a, curve->param_len, a) == NULL) { 3048 ECerror(ERR_R_BN_LIB); 3049 goto err; 3050 } 3051 if (BN_bin2bn(curve->b, curve->param_len, b) == NULL) { 3052 ECerror(ERR_R_BN_LIB); 3053 goto err; 3054 } 3055 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { 3056 ECerror(ERR_R_EC_LIB); 3057 goto err; 3058 } 3059 EC_GROUP_set_curve_name(group, curve->nid); 3060 3061 if ((generator = EC_POINT_new(group)) == NULL) { 3062 ECerror(ERR_R_EC_LIB); 3063 goto err; 3064 } 3065 if (BN_bin2bn(curve->x, curve->param_len, x) == NULL) { 3066 ECerror(ERR_R_BN_LIB); 3067 goto err; 3068 } 3069 if (BN_bin2bn(curve->y, curve->param_len, y) == NULL) { 3070 ECerror(ERR_R_BN_LIB); 3071 goto err; 3072 } 3073 if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) { 3074 ECerror(ERR_R_EC_LIB); 3075 goto err; 3076 } 3077 if (BN_bin2bn(curve->order, curve->param_len, order) == NULL) { 3078 ECerror(ERR_R_EC_LIB); 3079 goto err; 3080 } 3081 if (!BN_set_word(cofactor, curve->cofactor)) { 3082 ECerror(ERR_R_BN_LIB); 3083 goto err; 3084 } 3085 if (!EC_GROUP_set_generator(group, generator, order, cofactor)) { 3086 ECerror(ERR_R_EC_LIB); 3087 goto err; 3088 } 3089 3090 if (curve->seed != NULL) { 3091 if (!EC_GROUP_set_seed(group, curve->seed, curve->seed_len)) { 3092 ECerror(ERR_R_EC_LIB); 3093 goto err; 3094 } 3095 } 3096 3097 ret = group; 3098 group = NULL; 3099 3100 err: 3101 EC_GROUP_free(group); 3102 EC_POINT_free(generator); 3103 BN_CTX_end(ctx); 3104 BN_CTX_free(ctx); 3105 3106 return ret; 3107 } 3108 3109 EC_GROUP * 3110 EC_GROUP_new_by_curve_name(int nid) 3111 { 3112 size_t i; 3113 3114 if (nid <= 0) 3115 return NULL; 3116 3117 for (i = 0; i < CURVE_LIST_LENGTH; i++) { 3118 if (curve_list[i].nid == nid) 3119 return ec_group_new_from_data(&curve_list[i]); 3120 } 3121 3122 ECerror(EC_R_UNKNOWN_GROUP); 3123 return NULL; 3124 } 3125 LCRYPTO_ALIAS(EC_GROUP_new_by_curve_name); 3126 3127 size_t 3128 EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) 3129 { 3130 size_t i, min; 3131 3132 if (r == NULL || nitems == 0) 3133 return CURVE_LIST_LENGTH; 3134 3135 min = nitems < CURVE_LIST_LENGTH ? nitems : CURVE_LIST_LENGTH; 3136 3137 for (i = 0; i < min; i++) { 3138 r[i].nid = curve_list[i].nid; 3139 r[i].comment = curve_list[i].comment; 3140 } 3141 3142 return CURVE_LIST_LENGTH; 3143 } 3144 LCRYPTO_ALIAS(EC_get_builtin_curves); 3145 3146 static const struct { 3147 const char *name; 3148 int nid; 3149 } nist_curves[] = { 3150 { "B-163", NID_sect163r2 }, 3151 { "B-233", NID_sect233r1 }, 3152 { "B-283", NID_sect283r1 }, 3153 { "B-409", NID_sect409r1 }, 3154 { "B-571", NID_sect571r1 }, 3155 { "K-163", NID_sect163k1 }, 3156 { "K-233", NID_sect233k1 }, 3157 { "K-283", NID_sect283k1 }, 3158 { "K-409", NID_sect409k1 }, 3159 { "K-571", NID_sect571k1 }, 3160 { "P-192", NID_X9_62_prime192v1 }, 3161 { "P-224", NID_secp224r1 }, 3162 { "P-256", NID_X9_62_prime256v1 }, 3163 { "P-384", NID_secp384r1 }, 3164 { "P-521", NID_secp521r1 } 3165 }; 3166 3167 const char * 3168 EC_curve_nid2nist(int nid) 3169 { 3170 size_t i; 3171 3172 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) { 3173 if (nist_curves[i].nid == nid) 3174 return nist_curves[i].name; 3175 } 3176 3177 return NULL; 3178 } 3179 LCRYPTO_ALIAS(EC_curve_nid2nist); 3180 3181 int 3182 EC_curve_nist2nid(const char *name) 3183 { 3184 size_t i; 3185 3186 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) { 3187 if (strcmp(nist_curves[i].name, name) == 0) 3188 return nist_curves[i].nid; 3189 } 3190 3191 return NID_undef; 3192 } 3193 LCRYPTO_ALIAS(EC_curve_nist2nid); 3194