1 /* $OpenBSD: ec_curve.c,v 1.43 2024/03/24 06:05:41 tb Exp $ */
2 /*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5 /* ====================================================================
6 * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58 /* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72 #include <string.h>
73
74 #include <openssl/opensslconf.h>
75
76 #include <openssl/err.h>
77 #include <openssl/objects.h>
78
79 #include "ec_local.h"
80
81 /* the nist prime curves */
82 static const struct {
83 uint8_t seed[20];
84 uint8_t p[24];
85 uint8_t a[24];
86 uint8_t b[24];
87 uint8_t x[24];
88 uint8_t y[24];
89 uint8_t order[24];
90 } _EC_NIST_PRIME_192 = {
91 .seed = {
92 0x30, 0x45, 0xae, 0x6f, 0xc8, 0x42, 0x2f, 0x64, 0xed, 0x57,
93 0x95, 0x28, 0xd3, 0x81, 0x20, 0xea, 0xe1, 0x21, 0x96, 0xd5,
94 },
95 .p = {
96 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
97 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
98 0xff, 0xff, 0xff, 0xff,
99 },
100 .a = {
101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
102 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
103 0xff, 0xff, 0xff, 0xfc,
104 },
105 .b = {
106 0x64, 0x21, 0x05, 0x19, 0xe5, 0x9c, 0x80, 0xe7, 0x0f, 0xa7,
107 0xe9, 0xab, 0x72, 0x24, 0x30, 0x49, 0xfe, 0xb8, 0xde, 0xec,
108 0xc1, 0x46, 0xb9, 0xb1,
109 },
110 .x = {
111 0x18, 0x8d, 0xa8, 0x0e, 0xb0, 0x30, 0x90, 0xf6, 0x7c, 0xbf,
112 0x20, 0xeb, 0x43, 0xa1, 0x88, 0x00, 0xf4, 0xff, 0x0a, 0xfd,
113 0x82, 0xff, 0x10, 0x12,
114 },
115 .y = {
116 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10,
117 0x11, 0xed, 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1,
118 0x1e, 0x79, 0x48, 0x11,
119 },
120 .order = {
121 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
122 0xff, 0xff, 0x99, 0xde, 0xf8, 0x36, 0x14, 0x6b, 0xc9, 0xb1,
123 0xb4, 0xd2, 0x28, 0x31,
124 },
125 };
126
127 static const struct {
128 uint8_t seed[20];
129 uint8_t p[28];
130 uint8_t a[28];
131 uint8_t b[28];
132 uint8_t x[28];
133 uint8_t y[28];
134 uint8_t order[28];
135 } _EC_NIST_PRIME_224 = {
136 .seed = {
137 0xbd, 0x71, 0x34, 0x47, 0x99, 0xd5, 0xc7, 0xfc, 0xdc, 0x45,
138 0xb5, 0x9f, 0xa3, 0xb9, 0xab, 0x8f, 0x6a, 0x94, 0x8b, 0xc5,
139 },
140 .p = {
141 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
142 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
144 },
145 .a = {
146 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
147 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
148 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
149 },
150 .b = {
151 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41,
152 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7, 0xd7, 0xbf, 0xd8, 0xba,
153 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4,
154 },
155 .x = {
156 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13,
157 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3, 0x56, 0xc2, 0x11, 0x22,
158 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21,
159 },
160 .y = {
161 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22,
162 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
163 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34,
164 },
165 .order = {
166 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
167 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2, 0xe0, 0xb8, 0xf0, 0x3e,
168 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d,
169 },
170 };
171
172 static const struct {
173 uint8_t seed[20];
174 uint8_t p[48];
175 uint8_t a[48];
176 uint8_t b[48];
177 uint8_t x[48];
178 uint8_t y[48];
179 uint8_t order[48];
180 } _EC_NIST_PRIME_384 = {
181 .seed = {
182 0xa3, 0x35, 0x92, 0x6a, 0xa3, 0x19, 0xa2, 0x7a, 0x1d, 0x00,
183 0x89, 0x6a, 0x67, 0x73, 0xa4, 0x82, 0x7a, 0xcd, 0xac, 0x73,
184 },
185 .p = {
186 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
187 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
188 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
189 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
190 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
191 },
192 .a = {
193 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
194 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
195 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
196 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
197 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xfc,
198 },
199 .b = {
200 0xb3, 0x31, 0x2f, 0xa7, 0xe2, 0x3e, 0xe7, 0xe4, 0x98, 0x8e,
201 0x05, 0x6b, 0xe3, 0xf8, 0x2d, 0x19, 0x18, 0x1d, 0x9c, 0x6e,
202 0xfe, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8f, 0x50, 0x13,
203 0x87, 0x5a, 0xc6, 0x56, 0x39, 0x8d, 0x8a, 0x2e, 0xd1, 0x9d,
204 0x2a, 0x85, 0xc8, 0xed, 0xd3, 0xec, 0x2a, 0xef,
205 },
206 .x = {
207 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37, 0x8e, 0xb1,
208 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74, 0x6e, 0x1d, 0x3b, 0x62,
209 0x8b, 0xa7, 0x9b, 0x98, 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54,
210 0x2a, 0x38, 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
211 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7,
212 },
213 .y = {
214 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e,
215 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd,
216 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0,
217 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
218 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
219 },
220 .order = {
221 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
222 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
223 0xff, 0xff, 0xff, 0xff, 0xc7, 0x63, 0x4d, 0x81, 0xf4, 0x37,
224 0x2d, 0xdf, 0x58, 0x1a, 0x0d, 0xb2, 0x48, 0xb0, 0xa7, 0x7a,
225 0xec, 0xec, 0x19, 0x6a, 0xcc, 0xc5, 0x29, 0x73,
226 },
227 };
228
229 static const struct {
230 uint8_t seed[20];
231 uint8_t p[66];
232 uint8_t a[66];
233 uint8_t b[66];
234 uint8_t x[66];
235 uint8_t y[66];
236 uint8_t order[66];
237 } _EC_NIST_PRIME_521 = {
238 .seed = {
239 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc,
240 0x67, 0x17, 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba,
241 },
242 .p = {
243 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
244 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
245 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
246 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
247 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
248 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
249 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
250 },
251 .a = {
252 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
253 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
254 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
255 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
256 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
257 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
258 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
259 },
260 .b = {
261 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, 0x1f,
262 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda,
263 0x72, 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91,
264 0x8e, 0xf1, 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
265 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, 0xbf, 0x07,
266 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, 0xf1, 0xef, 0x45,
267 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00,
268 },
269 .x = {
270 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd,
271 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64,
272 0x81, 0x39, 0x05, 0x3f, 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60,
273 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
274 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, 0xa8, 0xde,
275 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e,
276 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66,
277 },
278 .y = {
279 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04,
280 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5,
281 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
282 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
283 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61,
284 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
285 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
286 },
287 .order = {
288 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
289 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
290 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
291 0xff, 0xff, 0xff, 0xfa, 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f,
292 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, 0xf7, 0x09, 0xa5, 0xd0,
293 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, 0xbb, 0x6f,
294 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09,
295 },
296 };
297
298 /* the x9.62 prime curves (minus the nist prime curves) */
299 static const struct {
300 uint8_t seed[20];
301 uint8_t p[24];
302 uint8_t a[24];
303 uint8_t b[24];
304 uint8_t x[24];
305 uint8_t y[24];
306 uint8_t order[24];
307 } _EC_X9_62_PRIME_192V2 = {
308 .seed = {
309 0x31, 0xa9, 0x2e, 0xe2, 0x02, 0x9f, 0xd1, 0x0d, 0x90, 0x1b,
310 0x11, 0x3e, 0x99, 0x07, 0x10, 0xf0, 0xd2, 0x1a, 0xc6, 0xb6,
311 },
312 .p = {
313 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
314 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
315 0xff, 0xff, 0xff, 0xff,
316 },
317 .a = {
318 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
319 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
320 0xff, 0xff, 0xff, 0xfc,
321 },
322 .b = {
323 0xcc, 0x22, 0xd6, 0xdf, 0xb9, 0x5c, 0x6b, 0x25, 0xe4, 0x9c,
324 0x0d, 0x63, 0x64, 0xa4, 0xe5, 0x98, 0x0c, 0x39, 0x3a, 0xa2,
325 0x16, 0x68, 0xd9, 0x53,
326 },
327 .x = {
328 0xee, 0xa2, 0xba, 0xe7, 0xe1, 0x49, 0x78, 0x42, 0xf2, 0xde,
329 0x77, 0x69, 0xcf, 0xe9, 0xc9, 0x89, 0xc0, 0x72, 0xad, 0x69,
330 0x6f, 0x48, 0x03, 0x4a,
331 },
332 .y = {
333 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b,
334 0xb8, 0x2a, 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9,
335 0x70, 0xb2, 0xde, 0x15,
336 },
337 .order = {
338 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
339 0xff, 0xfe, 0x5f, 0xb1, 0xa7, 0x24, 0xdc, 0x80, 0x41, 0x86,
340 0x48, 0xd8, 0xdd, 0x31,
341 },
342 };
343
344 static const struct {
345 uint8_t seed[20];
346 uint8_t p[24];
347 uint8_t a[24];
348 uint8_t b[24];
349 uint8_t x[24];
350 uint8_t y[24];
351 uint8_t order[24];
352 } _EC_X9_62_PRIME_192V3 = {
353 .seed = {
354 0xc4, 0x69, 0x68, 0x44, 0x35, 0xde, 0xb3, 0x78, 0xc4, 0xb6,
355 0x5c, 0xa9, 0x59, 0x1e, 0x2a, 0x57, 0x63, 0x05, 0x9a, 0x2e,
356 },
357 .p = {
358 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
359 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
360 0xff, 0xff, 0xff, 0xff,
361 },
362 .a = {
363 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
364 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
365 0xff, 0xff, 0xff, 0xfc,
366 },
367 .b = {
368 0x22, 0x12, 0x3d, 0xc2, 0x39, 0x5a, 0x05, 0xca, 0xa7, 0x42,
369 0x3d, 0xae, 0xcc, 0xc9, 0x47, 0x60, 0xa7, 0xd4, 0x62, 0x25,
370 0x6b, 0xd5, 0x69, 0x16,
371 },
372 .x = {
373 0x7d, 0x29, 0x77, 0x81, 0x00, 0xc6, 0x5a, 0x1d, 0xa1, 0x78,
374 0x37, 0x16, 0x58, 0x8d, 0xce, 0x2b, 0x8b, 0x4a, 0xee, 0x8e,
375 0x22, 0x8f, 0x18, 0x96,
376 },
377 .y = {
378 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49,
379 0xdc, 0xb6, 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76,
380 0x48, 0xa9, 0x43, 0xb0,
381 },
382 .order = {
383 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
384 0xff, 0xff, 0x7a, 0x62, 0xd0, 0x31, 0xc8, 0x3f, 0x42, 0x94,
385 0xf6, 0x40, 0xec, 0x13,
386 },
387 };
388
389 static const struct {
390 uint8_t seed[20];
391 uint8_t p[30];
392 uint8_t a[30];
393 uint8_t b[30];
394 uint8_t x[30];
395 uint8_t y[30];
396 uint8_t order[30];
397 } _EC_X9_62_PRIME_239V1 = {
398 .seed = {
399 0xe4, 0x3b, 0xb4, 0x60, 0xf0, 0xb8, 0x0c, 0xc0, 0xc0, 0xb0,
400 0x75, 0x79, 0x8e, 0x94, 0x80, 0x60, 0xf8, 0x32, 0x1b, 0x7d,
401 },
402 .p = {
403 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
404 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
405 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
406 },
407 .a = {
408 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
409 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
410 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
411 },
412 .b = {
413 0x6b, 0x01, 0x6c, 0x3b, 0xdc, 0xf1, 0x89, 0x41, 0xd0, 0xd6,
414 0x54, 0x92, 0x14, 0x75, 0xca, 0x71, 0xa9, 0xdb, 0x2f, 0xb2,
415 0x7d, 0x1d, 0x37, 0x79, 0x61, 0x85, 0xc2, 0x94, 0x2c, 0x0a,
416 },
417 .x = {
418 0x0f, 0xfa, 0x96, 0x3c, 0xdc, 0xa8, 0x81, 0x6c, 0xcc, 0x33,
419 0xb8, 0x64, 0x2b, 0xed, 0xf9, 0x05, 0xc3, 0xd3, 0x58, 0x57,
420 0x3d, 0x3f, 0x27, 0xfb, 0xbd, 0x3b, 0x3c, 0xb9, 0xaa, 0xaf,
421 },
422 .y = {
423 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40,
424 0x54, 0xca, 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18,
425 0xce, 0x22, 0x6b, 0x39, 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
426 },
427 .order = {
428 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
429 0xff, 0xff, 0x7f, 0xff, 0xff, 0x9e, 0x5e, 0x9a, 0x9f, 0x5d,
430 0x90, 0x71, 0xfb, 0xd1, 0x52, 0x26, 0x88, 0x90, 0x9d, 0x0b,
431 },
432 };
433
434 static const struct {
435 uint8_t seed[20];
436 uint8_t p[30];
437 uint8_t a[30];
438 uint8_t b[30];
439 uint8_t x[30];
440 uint8_t y[30];
441 uint8_t order[30];
442 } _EC_X9_62_PRIME_239V2 = {
443 .seed = {
444 0xe8, 0xb4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xca, 0x3b,
445 0x80, 0x99, 0x98, 0x2b, 0xe0, 0x9f, 0xcb, 0x9a, 0xe6, 0x16,
446 },
447 .p = {
448 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
449 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
450 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
451 },
452 .a = {
453 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
454 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
455 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
456 },
457 .b = {
458 0x61, 0x7f, 0xab, 0x68, 0x32, 0x57, 0x6c, 0xbb, 0xfe, 0xd5,
459 0x0d, 0x99, 0xf0, 0x24, 0x9c, 0x3f, 0xee, 0x58, 0xb9, 0x4b,
460 0xa0, 0x03, 0x8c, 0x7a, 0xe8, 0x4c, 0x8c, 0x83, 0x2f, 0x2c,
461 },
462 .x = {
463 0x38, 0xaf, 0x09, 0xd9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xc9,
464 0x21, 0xbb, 0x5e, 0x9e, 0x26, 0x29, 0x6a, 0x3c, 0xdc, 0xf2,
465 0xf3, 0x57, 0x57, 0xa0, 0xea, 0xfd, 0x87, 0xb8, 0x30, 0xe7,
466 },
467 .y = {
468 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d,
469 0xa0, 0xfc, 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55,
470 0xde, 0x6e, 0xf4, 0x60, 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
471 },
472 .order = {
473 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
474 0xff, 0xff, 0x80, 0x00, 0x00, 0xcf, 0xa7, 0xe8, 0x59, 0x43,
475 0x77, 0xd4, 0x14, 0xc0, 0x38, 0x21, 0xbc, 0x58, 0x20, 0x63,
476 },
477 };
478
479 static const struct {
480 uint8_t seed[20];
481 uint8_t p[30];
482 uint8_t a[30];
483 uint8_t b[30];
484 uint8_t x[30];
485 uint8_t y[30];
486 uint8_t order[30];
487 } _EC_X9_62_PRIME_239V3 = {
488 .seed = {
489 0x7d, 0x73, 0x74, 0x16, 0x8f, 0xfe, 0x34, 0x71, 0xb6, 0x0a,
490 0x85, 0x76, 0x86, 0xa1, 0x94, 0x75, 0xd3, 0xbf, 0xa2, 0xff,
491 },
492 .p = {
493 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
494 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
495 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
496 },
497 .a = {
498 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
499 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
500 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
501 },
502 .b = {
503 0x25, 0x57, 0x05, 0xfa, 0x2a, 0x30, 0x66, 0x54, 0xb1, 0xf4,
504 0xcb, 0x03, 0xd6, 0xa7, 0x50, 0xa3, 0x0c, 0x25, 0x01, 0x02,
505 0xd4, 0x98, 0x87, 0x17, 0xd9, 0xba, 0x15, 0xab, 0x6d, 0x3e,
506 },
507 .x = {
508 0x67, 0x68, 0xae, 0x8e, 0x18, 0xbb, 0x92, 0xcf, 0xcf, 0x00,
509 0x5c, 0x94, 0x9a, 0xa2, 0xc6, 0xd9, 0x48, 0x53, 0xd0, 0xe6,
510 0x60, 0xbb, 0xf8, 0x54, 0xb1, 0xc9, 0x50, 0x5f, 0xe9, 0x5a,
511 },
512 .y = {
513 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d,
514 0x55, 0x2b, 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b,
515 0x6e, 0x81, 0x84, 0x99, 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
516 },
517 .order = {
518 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
519 0xff, 0xff, 0x7f, 0xff, 0xff, 0x97, 0x5d, 0xeb, 0x41, 0xb3,
520 0xa6, 0x05, 0x7c, 0x3c, 0x43, 0x21, 0x46, 0x52, 0x65, 0x51,
521 },
522 };
523
524 static const struct {
525 uint8_t seed[20];
526 uint8_t p[32];
527 uint8_t a[32];
528 uint8_t b[32];
529 uint8_t x[32];
530 uint8_t y[32];
531 uint8_t order[32];
532 } _EC_X9_62_PRIME_256V1 = {
533 .seed = {
534 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66,
535 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90,
536 },
537 .p = {
538 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
540 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
541 0xff, 0xff,
542 },
543 .a = {
544 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
546 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
547 0xff, 0xfc,
548 },
549 .b = {
550 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb,
551 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0,
552 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2,
553 0x60, 0x4b,
554 },
555 .x = {
556 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
557 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81,
558 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98,
559 0xc2, 0x96,
560 },
561 .y = {
562 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7,
563 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57,
564 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf,
565 0x51, 0xf5,
566 },
567 .order = {
568 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
569 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad,
570 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63,
571 0x25, 0x51,
572 },
573 };
574
575 /* the secg prime curves (minus the nist and x9.62 prime curves) */
576 static const struct {
577 uint8_t seed[20];
578 uint8_t p[14];
579 uint8_t a[14];
580 uint8_t b[14];
581 uint8_t x[14];
582 uint8_t y[14];
583 uint8_t order[14];
584 } _EC_SECG_PRIME_112R1 = {
585 .seed = {
586 0x00, 0xf5, 0x0b, 0x02, 0x8e, 0x4d, 0x69, 0x6e, 0x67, 0x68,
587 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3f, 0xb1,
588 },
589 .p = {
590 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76,
591 0xbe, 0xad, 0x20, 0x8b,
592 },
593 .a = {
594 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76,
595 0xbe, 0xad, 0x20, 0x88,
596 },
597 .b = {
598 0x65, 0x9e, 0xf8, 0xba, 0x04, 0x39, 0x16, 0xee, 0xde, 0x89,
599 0x11, 0x70, 0x2b, 0x22,
600 },
601 .x = {
602 0x09, 0x48, 0x72, 0x39, 0x99, 0x5a, 0x5e, 0xe7, 0x6b, 0x55,
603 0xf9, 0xc2, 0xf0, 0x98,
604 },
605 .y = {
606 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e,
607 0x0f, 0xf7, 0x75, 0x00,
608 },
609 .order = {
610 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x76, 0x28, 0xdf,
611 0xac, 0x65, 0x61, 0xc5,
612 },
613 };
614
615 static const struct {
616 uint8_t seed[20];
617 uint8_t p[14];
618 uint8_t a[14];
619 uint8_t b[14];
620 uint8_t x[14];
621 uint8_t y[14];
622 uint8_t order[14];
623 } _EC_SECG_PRIME_112R2 = {
624 .seed = {
625 0x00, 0x27, 0x57, 0xa1, 0x11, 0x4d, 0x69, 0x6e, 0x67, 0x68,
626 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xc0, 0x5e, 0x0b, 0xd4,
627 },
628 .p = {
629 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76,
630 0xbe, 0xad, 0x20, 0x8b,
631 },
632 .a = {
633 0x61, 0x27, 0xc2, 0x4c, 0x05, 0xf3, 0x8a, 0x0a, 0xaa, 0xf6,
634 0x5c, 0x0e, 0xf0, 0x2c,
635 },
636 .b = {
637 0x51, 0xde, 0xf1, 0x81, 0x5d, 0xb5, 0xed, 0x74, 0xfc, 0xc3,
638 0x4c, 0x85, 0xd7, 0x09,
639 },
640 .x = {
641 0x4b, 0xa3, 0x0a, 0xb5, 0xe8, 0x92, 0xb4, 0xe1, 0x64, 0x9d,
642 0xd0, 0x92, 0x86, 0x43,
643 },
644 .y = {
645 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3,
646 0x6e, 0x95, 0x6e, 0x97,
647 },
648 .order = {
649 0x36, 0xdf, 0x0a, 0xaf, 0xd8, 0xb8, 0xd7, 0x59, 0x7c, 0xa1,
650 0x05, 0x20, 0xd0, 0x4b,
651 },
652 };
653
654 static const struct {
655 uint8_t seed[20];
656 uint8_t p[16];
657 uint8_t a[16];
658 uint8_t b[16];
659 uint8_t x[16];
660 uint8_t y[16];
661 uint8_t order[16];
662 } _EC_SECG_PRIME_128R1 = {
663 .seed = {
664 0x00, 0x0e, 0x0d, 0x4d, 0x69, 0x6e, 0x67, 0x68, 0x75, 0x61,
665 0x51, 0x75, 0x0c, 0xc0, 0x3a, 0x44, 0x73, 0xd0, 0x36, 0x79,
666 },
667 .p = {
668 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
669 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
670 },
671 .a = {
672 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
673 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
674 },
675 .b = {
676 0xe8, 0x75, 0x79, 0xc1, 0x10, 0x79, 0xf4, 0x3d, 0xd8, 0x24,
677 0x99, 0x3c, 0x2c, 0xee, 0x5e, 0xd3,
678 },
679 .x = {
680 0x16, 0x1f, 0xf7, 0x52, 0x8b, 0x89, 0x9b, 0x2d, 0x0c, 0x28,
681 0x60, 0x7c, 0xa5, 0x2c, 0x5b, 0x86,
682 },
683 .y = {
684 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d,
685 0xa2, 0x92, 0xdd, 0xed, 0x7a, 0x83,
686 },
687 .order = {
688 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x75, 0xa3,
689 0x0d, 0x1b, 0x90, 0x38, 0xa1, 0x15,
690 },
691 };
692
693 static const struct {
694 uint8_t seed[20];
695 uint8_t p[16];
696 uint8_t a[16];
697 uint8_t b[16];
698 uint8_t x[16];
699 uint8_t y[16];
700 uint8_t order[16];
701 } _EC_SECG_PRIME_128R2 = {
702 .seed = {
703 0x00, 0x4d, 0x69, 0x6e, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
704 0x12, 0xd8, 0xf0, 0x34, 0x31, 0xfc, 0xe6, 0x3b, 0x88, 0xf4,
705 },
706 .p = {
707 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
708 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
709 },
710 .a = {
711 0xd6, 0x03, 0x19, 0x98, 0xd1, 0xb3, 0xbb, 0xfe, 0xbf, 0x59,
712 0xcc, 0x9b, 0xbf, 0xf9, 0xae, 0xe1,
713 },
714 .b = {
715 0x5e, 0xee, 0xfc, 0xa3, 0x80, 0xd0, 0x29, 0x19, 0xdc, 0x2c,
716 0x65, 0x58, 0xbb, 0x6d, 0x8a, 0x5d,
717 },
718 .x = {
719 0x7b, 0x6a, 0xa5, 0xd8, 0x5e, 0x57, 0x29, 0x83, 0xe6, 0xfb,
720 0x32, 0xa7, 0xcd, 0xeb, 0xc1, 0x40,
721 },
722 .y = {
723 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06,
724 0xfe, 0x80, 0x5f, 0xc3, 0x4b, 0x44,
725 },
726 .order = {
727 0x3f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xbe, 0x00,
728 0x24, 0x72, 0x06, 0x13, 0xb5, 0xa3,
729 },
730 };
731
732 static const struct {
733 uint8_t p[21];
734 uint8_t a[21];
735 uint8_t b[21];
736 uint8_t x[21];
737 uint8_t y[21];
738 uint8_t order[21];
739 } _EC_SECG_PRIME_160K1 = {
740 .p = {
741 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
742 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac,
743 0x73,
744 },
745 .a = {
746 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
747 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
748 0x00,
749 },
750 .b = {
751 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
752 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
753 0x07,
754 },
755 .x = {
756 0x00, 0x3b, 0x4c, 0x38, 0x2c, 0xe3, 0x7a, 0xa1, 0x92, 0xa4,
757 0x01, 0x9e, 0x76, 0x30, 0x36, 0xf4, 0xf5, 0xdd, 0x4d, 0x7e,
758 0xbb,
759 },
760 .y = {
761 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b,
762 0xc2, 0x82, 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f,
763 0xee,
764 },
765 .order = {
766 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
767 0x01, 0xb8, 0xfa, 0x16, 0xdf, 0xab, 0x9a, 0xca, 0x16, 0xb6,
768 0xb3,
769 },
770 };
771
772 static const struct {
773 uint8_t seed[20];
774 uint8_t p[21];
775 uint8_t a[21];
776 uint8_t b[21];
777 uint8_t x[21];
778 uint8_t y[21];
779 uint8_t order[21];
780 } _EC_SECG_PRIME_160R1 = {
781 .seed = {
782 0x10, 0x53, 0xcd, 0xe4, 0x2c, 0x14, 0xd6, 0x96, 0xe6, 0x76,
783 0x87, 0x56, 0x15, 0x17, 0x53, 0x3b, 0xf3, 0xf8, 0x33, 0x45,
784 },
785 .p = {
786 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
787 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff,
788 0xff,
789 },
790 .a = {
791 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
792 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff,
793 0xfc,
794 },
795 .b = {
796 0x00, 0x1c, 0x97, 0xbe, 0xfc, 0x54, 0xbd, 0x7a, 0x8b, 0x65,
797 0xac, 0xf8, 0x9f, 0x81, 0xd4, 0xd4, 0xad, 0xc5, 0x65, 0xfa,
798 0x45,
799 },
800 .x = {
801 0x00, 0x4a, 0x96, 0xb5, 0x68, 0x8e, 0xf5, 0x73, 0x28, 0x46,
802 0x64, 0x69, 0x89, 0x68, 0xc3, 0x8b, 0xb9, 0x13, 0xcb, 0xfc,
803 0x82,
804 },
805 .y = {
806 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59,
807 0xdc, 0xc9, 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb,
808 0x32,
809 },
810 .order = {
811 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
812 0x01, 0xf4, 0xc8, 0xf9, 0x27, 0xae, 0xd3, 0xca, 0x75, 0x22,
813 0x57,
814 },
815 };
816
817 static const struct {
818 uint8_t seed[20];
819 uint8_t p[21];
820 uint8_t a[21];
821 uint8_t b[21];
822 uint8_t x[21];
823 uint8_t y[21];
824 uint8_t order[21];
825 } _EC_SECG_PRIME_160R2 = {
826 .seed = {
827 0xb9, 0x9b, 0x99, 0xb0, 0x99, 0xb3, 0x23, 0xe0, 0x27, 0x09,
828 0xa4, 0xd6, 0x96, 0xe6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
829 },
830 .p = {
831 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
832 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac,
833 0x73,
834 },
835 .a = {
836 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
837 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac,
838 0x70,
839 },
840 .b = {
841 0x00, 0xb4, 0xe1, 0x34, 0xd3, 0xfb, 0x59, 0xeb, 0x8b, 0xab,
842 0x57, 0x27, 0x49, 0x04, 0x66, 0x4d, 0x5a, 0xf5, 0x03, 0x88,
843 0xba,
844 },
845 .x = {
846 0x00, 0x52, 0xdc, 0xb0, 0x34, 0x29, 0x3a, 0x11, 0x7e, 0x1f,
847 0x4f, 0xf1, 0x1b, 0x30, 0xf7, 0x19, 0x9d, 0x31, 0x44, 0xce,
848 0x6d,
849 },
850 .y = {
851 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0,
852 0x71, 0xfa, 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f,
853 0x2e,
854 },
855 .order = {
856 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
857 0x00, 0x35, 0x1e, 0xe7, 0x86, 0xa8, 0x18, 0xf3, 0xa1, 0xa1,
858 0x6b,
859 },
860 };
861
862 static const struct {
863 uint8_t p[24];
864 uint8_t a[24];
865 uint8_t b[24];
866 uint8_t x[24];
867 uint8_t y[24];
868 uint8_t order[24];
869 } _EC_SECG_PRIME_192K1 = {
870 .p = {
871 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
872 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
873 0xff, 0xff, 0xee, 0x37,
874 },
875 .a = {
876 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
877 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
878 0x00, 0x00, 0x00, 0x00,
879 },
880 .b = {
881 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
882 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
883 0x00, 0x00, 0x00, 0x03,
884 },
885 .x = {
886 0xdb, 0x4f, 0xf1, 0x0e, 0xc0, 0x57, 0xe9, 0xae, 0x26, 0xb0,
887 0x7d, 0x02, 0x80, 0xb7, 0xf4, 0x34, 0x1d, 0xa5, 0xd1, 0xb1,
888 0xea, 0xe0, 0x6c, 0x7d,
889 },
890 .y = {
891 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41,
892 0x63, 0xd0, 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88,
893 0xd9, 0x5e, 0x2f, 0x9d,
894 },
895 .order = {
896 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
897 0xff, 0xfe, 0x26, 0xf2, 0xfc, 0x17, 0x0f, 0x69, 0x46, 0x6a,
898 0x74, 0xde, 0xfd, 0x8d,
899 },
900 };
901
902 static const struct {
903 uint8_t p[29];
904 uint8_t a[29];
905 uint8_t b[29];
906 uint8_t x[29];
907 uint8_t y[29];
908 uint8_t order[29];
909 } _EC_SECG_PRIME_224K1 = {
910 .p = {
911 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
912 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
913 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xe5, 0x6d,
914 },
915 .a = {
916 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
918 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
919 },
920 .b = {
921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
923 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
924 },
925 .x = {
926 0x00, 0xa1, 0x45, 0x5b, 0x33, 0x4d, 0xf0, 0x99, 0xdf, 0x30,
927 0xfc, 0x28, 0xa1, 0x69, 0xa4, 0x67, 0xe9, 0xe4, 0x70, 0x75,
928 0xa9, 0x0f, 0x7e, 0x65, 0x0e, 0xb6, 0xb7, 0xa4, 0x5c,
929 },
930 .y = {
931 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82,
932 0xca, 0xfb, 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd,
933 0x59, 0xe2, 0xca, 0x4b, 0xdb, 0x55, 0x6d, 0x61, 0xa5,
934 },
935 .order = {
936 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
937 0x00, 0x00, 0x00, 0x00, 0x01, 0xdc, 0xe8, 0xd2, 0xec, 0x61,
938 0x84, 0xca, 0xf0, 0xa9, 0x71, 0x76, 0x9f, 0xb1, 0xf7,
939 },
940 };
941
942 static const struct {
943 uint8_t p[32];
944 uint8_t a[32];
945 uint8_t b[32];
946 uint8_t x[32];
947 uint8_t y[32];
948 uint8_t order[32];
949 } _EC_SECG_PRIME_256K1 = {
950 .p = {
951 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
952 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
953 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff,
954 0xfc, 0x2f,
955 },
956 .a = {
957 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
958 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
959 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
960 0x00, 0x00,
961 },
962 .b = {
963 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
964 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
965 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
966 0x00, 0x07,
967 },
968 .x = {
969 0x79, 0xbe, 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
970 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb,
971 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8,
972 0x17, 0x98,
973 },
974 .y = {
975 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
976 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48,
977 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10,
978 0xd4, 0xb8,
979 },
980 .order = {
981 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
982 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6,
983 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36,
984 0x41, 0x41,
985 },
986 };
987
988 /* some wap/wtls curves */
989 static const struct {
990 uint8_t p[15];
991 uint8_t a[15];
992 uint8_t b[15];
993 uint8_t x[15];
994 uint8_t y[15];
995 uint8_t order[15];
996 } _EC_WTLS_8 = {
997 .p = {
998 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
999 0xff, 0xff, 0xff, 0xfd, 0xe7,
1000 },
1001 .a = {
1002 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1003 0x00, 0x00, 0x00, 0x00, 0x00,
1004 },
1005 .b = {
1006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1007 0x00, 0x00, 0x00, 0x00, 0x03,
1008 },
1009 .x = {
1010 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1011 0x00, 0x00, 0x00, 0x00, 0x01,
1012 },
1013 .y = {
1014 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1015 0x00, 0x00, 0x00, 0x00, 0x02,
1016 },
1017 .order = {
1018 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xec, 0xea,
1019 0x55, 0x1a, 0xd8, 0x37, 0xe9,
1020 },
1021 };
1022
1023 static const struct {
1024 uint8_t p[21];
1025 uint8_t a[21];
1026 uint8_t b[21];
1027 uint8_t x[21];
1028 uint8_t y[21];
1029 uint8_t order[21];
1030 } _EC_WTLS_9 = {
1031 .p = {
1032 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1033 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x80,
1034 0x8f,
1035 },
1036 .a = {
1037 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1038 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1039 0x00,
1040 },
1041 .b = {
1042 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1043 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1044 0x03,
1045 },
1046 .x = {
1047 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1048 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1049 0x01,
1050 },
1051 .y = {
1052 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1053 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1054 0x02,
1055 },
1056 .order = {
1057 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1058 0x01, 0xcd, 0xc9, 0x8a, 0xe0, 0xe2, 0xde, 0x57, 0x4a, 0xbf,
1059 0x33,
1060 },
1061 };
1062
1063 static const struct {
1064 uint8_t p[28];
1065 uint8_t a[28];
1066 uint8_t b[28];
1067 uint8_t x[28];
1068 uint8_t y[28];
1069 uint8_t order[28];
1070 } _EC_WTLS_12 = {
1071 .p = {
1072 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1073 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
1074 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1075 },
1076 .a = {
1077 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1078 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
1079 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
1080 },
1081 .b = {
1082 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41,
1083 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7, 0xd7, 0xbf, 0xd8, 0xba,
1084 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4,
1085 },
1086 .x = {
1087 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13,
1088 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3, 0x56, 0xc2, 0x11, 0x22,
1089 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21,
1090 },
1091 .y = {
1092 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22,
1093 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
1094 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34,
1095 },
1096 .order = {
1097 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1098 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2, 0xe0, 0xb8, 0xf0, 0x3e,
1099 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d,
1100 },
1101 };
1102
1103 static const struct {
1104 uint8_t p[20];
1105 uint8_t a[20];
1106 uint8_t b[20];
1107 uint8_t x[20];
1108 uint8_t y[20];
1109 uint8_t order[20];
1110 } _EC_brainpoolP160r1 = {
1111 .p = {
1112 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1113 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0f,
1114 },
1115 .a = {
1116 0x34, 0x0e, 0x7b, 0xe2, 0xa2, 0x80, 0xeb, 0x74, 0xe2, 0xbe,
1117 0x61, 0xba, 0xda, 0x74, 0x5d, 0x97, 0xe8, 0xf7, 0xc3, 0x00,
1118 },
1119 .b = {
1120 0x1e, 0x58, 0x9a, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4f,
1121 0xaa, 0x2d, 0xbd, 0xec, 0x95, 0xc8, 0xd8, 0x67, 0x5e, 0x58,
1122 },
1123 .x = {
1124 0xbe, 0xd5, 0xaf, 0x16, 0xea, 0x3f, 0x6a, 0x4f, 0x62, 0x93,
1125 0x8c, 0x46, 0x31, 0xeb, 0x5a, 0xf7, 0xbd, 0xbc, 0xdb, 0xc3,
1126 },
1127 .y = {
1128 0x16, 0x67, 0xcb, 0x47, 0x7a, 0x1a, 0x8e, 0xc3, 0x38, 0xf9,
1129 0x47, 0x41, 0x66, 0x9c, 0x97, 0x63, 0x16, 0xda, 0x63, 0x21,
1130 },
1131 .order = {
1132 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1133 0x59, 0x91, 0xd4, 0x50, 0x29, 0x40, 0x9e, 0x60, 0xfc, 0x09,
1134 },
1135 };
1136
1137 static const struct {
1138 uint8_t p[20];
1139 uint8_t a[20];
1140 uint8_t b[20];
1141 uint8_t x[20];
1142 uint8_t y[20];
1143 uint8_t order[20];
1144 } _EC_brainpoolP160t1 = {
1145 .p = {
1146 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1147 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0f,
1148 },
1149 .a = {
1150 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1151 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0c,
1152 },
1153 .b = {
1154 0x7a, 0x55, 0x6b, 0x6d, 0xae, 0x53, 0x5b, 0x7b, 0x51, 0xed,
1155 0x2c, 0x4d, 0x7d, 0xaa, 0x7a, 0x0b, 0x5c, 0x55, 0xf3, 0x80,
1156 },
1157 .x = {
1158 0xb1, 0x99, 0xb1, 0x3b, 0x9b, 0x34, 0xef, 0xc1, 0x39, 0x7e,
1159 0x64, 0xba, 0xeb, 0x05, 0xac, 0xc2, 0x65, 0xff, 0x23, 0x78,
1160 },
1161 .y = {
1162 0xad, 0xd6, 0x71, 0x8b, 0x7c, 0x7c, 0x19, 0x61, 0xf0, 0x99,
1163 0x1b, 0x84, 0x24, 0x43, 0x77, 0x21, 0x52, 0xc9, 0xe0, 0xad,
1164 },
1165 .order = {
1166 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1167 0x59, 0x91, 0xd4, 0x50, 0x29, 0x40, 0x9e, 0x60, 0xfc, 0x09,
1168 },
1169 };
1170
1171 static const struct {
1172 uint8_t p[24];
1173 uint8_t a[24];
1174 uint8_t b[24];
1175 uint8_t x[24];
1176 uint8_t y[24];
1177 uint8_t order[24];
1178 } _EC_brainpoolP192r1 = {
1179 .p = {
1180 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1181 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d,
1182 0xe1, 0xa8, 0x62, 0x97,
1183 },
1184 .a = {
1185 0x6a, 0x91, 0x17, 0x40, 0x76, 0xb1, 0xe0, 0xe1, 0x9c, 0x39,
1186 0xc0, 0x31, 0xfe, 0x86, 0x85, 0xc1, 0xca, 0xe0, 0x40, 0xe5,
1187 0xc6, 0x9a, 0x28, 0xef,
1188 },
1189 .b = {
1190 0x46, 0x9a, 0x28, 0xef, 0x7c, 0x28, 0xcc, 0xa3, 0xdc, 0x72,
1191 0x1d, 0x04, 0x4f, 0x44, 0x96, 0xbc, 0xca, 0x7e, 0xf4, 0x14,
1192 0x6f, 0xbf, 0x25, 0xc9,
1193 },
1194 .x = {
1195 0xc0, 0xa0, 0x64, 0x7e, 0xaa, 0xb6, 0xa4, 0x87, 0x53, 0xb0,
1196 0x33, 0xc5, 0x6c, 0xb0, 0xf0, 0x90, 0x0a, 0x2f, 0x5c, 0x48,
1197 0x53, 0x37, 0x5f, 0xd6,
1198 },
1199 .y = {
1200 0x14, 0xb6, 0x90, 0x86, 0x6a, 0xbd, 0x5b, 0xb8, 0x8b, 0x5f,
1201 0x48, 0x28, 0xc1, 0x49, 0x00, 0x02, 0xe6, 0x77, 0x3f, 0xa2,
1202 0xfa, 0x29, 0x9b, 0x8f,
1203 },
1204 .order = {
1205 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1206 0x46, 0x2f, 0x9e, 0x9e, 0x91, 0x6b, 0x5b, 0xe8, 0xf1, 0x02,
1207 0x9a, 0xc4, 0xac, 0xc1,
1208 },
1209 };
1210
1211 static const struct {
1212 uint8_t p[24];
1213 uint8_t a[24];
1214 uint8_t b[24];
1215 uint8_t x[24];
1216 uint8_t y[24];
1217 uint8_t order[24];
1218 } _EC_brainpoolP192t1 = {
1219 .p = {
1220 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1221 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d,
1222 0xe1, 0xa8, 0x62, 0x97,
1223 },
1224 .a = {
1225 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1226 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d,
1227 0xe1, 0xa8, 0x62, 0x94,
1228 },
1229 .b = {
1230 0x13, 0xd5, 0x6f, 0xfa, 0xec, 0x78, 0x68, 0x1e, 0x68, 0xf9,
1231 0xde, 0xb4, 0x3b, 0x35, 0xbe, 0xc2, 0xfb, 0x68, 0x54, 0x2e,
1232 0x27, 0x89, 0x7b, 0x79,
1233 },
1234 .x = {
1235 0x3a, 0xe9, 0xe5, 0x8c, 0x82, 0xf6, 0x3c, 0x30, 0x28, 0x2e,
1236 0x1f, 0xe7, 0xbb, 0xf4, 0x3f, 0xa7, 0x2c, 0x44, 0x6a, 0xf6,
1237 0xf4, 0x61, 0x81, 0x29,
1238 },
1239 .y = {
1240 0x09, 0x7e, 0x2c, 0x56, 0x67, 0xc2, 0x22, 0x3a, 0x90, 0x2a,
1241 0xb5, 0xca, 0x44, 0x9d, 0x00, 0x84, 0xb7, 0xe5, 0xb3, 0xde,
1242 0x7c, 0xcc, 0x01, 0xc9,
1243 },
1244 .order = {
1245 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1246 0x46, 0x2f, 0x9e, 0x9e, 0x91, 0x6b, 0x5b, 0xe8, 0xf1, 0x02,
1247 0x9a, 0xc4, 0xac, 0xc1,
1248 },
1249 };
1250
1251 static const struct {
1252 uint8_t p[28];
1253 uint8_t a[28];
1254 uint8_t b[28];
1255 uint8_t x[28];
1256 uint8_t y[28];
1257 uint8_t order[28];
1258 } _EC_brainpoolP224r1 = {
1259 .p = {
1260 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1261 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
1262 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff,
1263 },
1264 .a = {
1265 0x68, 0xa5, 0xe6, 0x2c, 0xa9, 0xce, 0x6c, 0x1c, 0x29, 0x98,
1266 0x03, 0xa6, 0xc1, 0x53, 0x0b, 0x51, 0x4e, 0x18, 0x2a, 0xd8,
1267 0xb0, 0x04, 0x2a, 0x59, 0xca, 0xd2, 0x9f, 0x43,
1268 },
1269 .b = {
1270 0x25, 0x80, 0xf6, 0x3c, 0xcf, 0xe4, 0x41, 0x38, 0x87, 0x07,
1271 0x13, 0xb1, 0xa9, 0x23, 0x69, 0xe3, 0x3e, 0x21, 0x35, 0xd2,
1272 0x66, 0xdb, 0xb3, 0x72, 0x38, 0x6c, 0x40, 0x0b,
1273 },
1274 .x = {
1275 0x0d, 0x90, 0x29, 0xad, 0x2c, 0x7e, 0x5c, 0xf4, 0x34, 0x08,
1276 0x23, 0xb2, 0xa8, 0x7d, 0xc6, 0x8c, 0x9e, 0x4c, 0xe3, 0x17,
1277 0x4c, 0x1e, 0x6e, 0xfd, 0xee, 0x12, 0xc0, 0x7d,
1278 },
1279 .y = {
1280 0x58, 0xaa, 0x56, 0xf7, 0x72, 0xc0, 0x72, 0x6f, 0x24, 0xc6,
1281 0xb8, 0x9e, 0x4e, 0xcd, 0xac, 0x24, 0x35, 0x4b, 0x9e, 0x99,
1282 0xca, 0xa3, 0xf6, 0xd3, 0x76, 0x14, 0x02, 0xcd,
1283 },
1284 .order = {
1285 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1286 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b,
1287 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f,
1288 },
1289 };
1290
1291 static const struct {
1292 uint8_t p[28];
1293 uint8_t a[28];
1294 uint8_t b[28];
1295 uint8_t x[28];
1296 uint8_t y[28];
1297 uint8_t order[28];
1298 } _EC_brainpoolP224t1 = {
1299 .p = {
1300 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1301 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
1302 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff,
1303 },
1304 .a = {
1305 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1306 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
1307 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xfc,
1308 },
1309 .b = {
1310 0x4b, 0x33, 0x7d, 0x93, 0x41, 0x04, 0xcd, 0x7b, 0xef, 0x27,
1311 0x1b, 0xf6, 0x0c, 0xed, 0x1e, 0xd2, 0x0d, 0xa1, 0x4c, 0x08,
1312 0xb3, 0xbb, 0x64, 0xf1, 0x8a, 0x60, 0x88, 0x8d,
1313 },
1314 .x = {
1315 0x6a, 0xb1, 0xe3, 0x44, 0xce, 0x25, 0xff, 0x38, 0x96, 0x42,
1316 0x4e, 0x7f, 0xfe, 0x14, 0x76, 0x2e, 0xcb, 0x49, 0xf8, 0x92,
1317 0x8a, 0xc0, 0xc7, 0x60, 0x29, 0xb4, 0xd5, 0x80,
1318 },
1319 .y = {
1320 0x03, 0x74, 0xe9, 0xf5, 0x14, 0x3e, 0x56, 0x8c, 0xd2, 0x3f,
1321 0x3f, 0x4d, 0x7c, 0x0d, 0x4b, 0x1e, 0x41, 0xc8, 0xcc, 0x0d,
1322 0x1c, 0x6a, 0xbd, 0x5f, 0x1a, 0x46, 0xdb, 0x4c,
1323 },
1324 .order = {
1325 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1326 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b,
1327 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f,
1328 },
1329 };
1330
1331 static const struct {
1332 uint8_t p[32];
1333 uint8_t a[32];
1334 uint8_t b[32];
1335 uint8_t x[32];
1336 uint8_t y[32];
1337 uint8_t order[32];
1338 } _EC_brainpoolP256r1 = {
1339 .p = {
1340 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1341 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
1342 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
1343 0x53, 0x77,
1344 },
1345 .a = {
1346 0x7d, 0x5a, 0x09, 0x75, 0xfc, 0x2c, 0x30, 0x57, 0xee, 0xf6,
1347 0x75, 0x30, 0x41, 0x7a, 0xff, 0xe7, 0xfb, 0x80, 0x55, 0xc1,
1348 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30,
1349 0xb5, 0xd9,
1350 },
1351 .b = {
1352 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30,
1353 0xb5, 0xd9, 0xbb, 0xd7, 0x7c, 0xbf, 0x95, 0x84, 0x16, 0x29,
1354 0x5c, 0xf7, 0xe1, 0xce, 0x6b, 0xcc, 0xdc, 0x18, 0xff, 0x8c,
1355 0x07, 0xb6,
1356 },
1357 .x = {
1358 0x8b, 0xd2, 0xae, 0xb9, 0xcb, 0x7e, 0x57, 0xcb, 0x2c, 0x4b,
1359 0x48, 0x2f, 0xfc, 0x81, 0xb7, 0xaf, 0xb9, 0xde, 0x27, 0xe1,
1360 0xe3, 0xbd, 0x23, 0xc2, 0x3a, 0x44, 0x53, 0xbd, 0x9a, 0xce,
1361 0x32, 0x62,
1362 },
1363 .y = {
1364 0x54, 0x7e, 0xf8, 0x35, 0xc3, 0xda, 0xc4, 0xfd, 0x97, 0xf8,
1365 0x46, 0x1a, 0x14, 0x61, 0x1d, 0xc9, 0xc2, 0x77, 0x45, 0x13,
1366 0x2d, 0xed, 0x8e, 0x54, 0x5c, 0x1d, 0x54, 0xc7, 0x2f, 0x04,
1367 0x69, 0x97,
1368 },
1369 .order = {
1370 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1371 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3,
1372 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48,
1373 0x56, 0xa7,
1374 },
1375 };
1376
1377 static const struct {
1378 uint8_t p[32];
1379 uint8_t a[32];
1380 uint8_t b[32];
1381 uint8_t x[32];
1382 uint8_t y[32];
1383 uint8_t order[32];
1384 } _EC_brainpoolP256t1 = {
1385 .p = {
1386 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1387 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
1388 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
1389 0x53, 0x77,
1390 },
1391 .a = {
1392 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1393 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
1394 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
1395 0x53, 0x74,
1396 },
1397 .b = {
1398 0x66, 0x2c, 0x61, 0xc4, 0x30, 0xd8, 0x4e, 0xa4, 0xfe, 0x66,
1399 0xa7, 0x73, 0x3d, 0x0b, 0x76, 0xb7, 0xbf, 0x93, 0xeb, 0xc4,
1400 0xaf, 0x2f, 0x49, 0x25, 0x6a, 0xe5, 0x81, 0x01, 0xfe, 0xe9,
1401 0x2b, 0x04,
1402 },
1403 .x = {
1404 0xa3, 0xe8, 0xeb, 0x3c, 0xc1, 0xcf, 0xe7, 0xb7, 0x73, 0x22,
1405 0x13, 0xb2, 0x3a, 0x65, 0x61, 0x49, 0xaf, 0xa1, 0x42, 0xc4,
1406 0x7a, 0xaf, 0xbc, 0x2b, 0x79, 0xa1, 0x91, 0x56, 0x2e, 0x13,
1407 0x05, 0xf4,
1408 },
1409 .y = {
1410 0x2d, 0x99, 0x6c, 0x82, 0x34, 0x39, 0xc5, 0x6d, 0x7f, 0x7b,
1411 0x22, 0xe1, 0x46, 0x44, 0x41, 0x7e, 0x69, 0xbc, 0xb6, 0xde,
1412 0x39, 0xd0, 0x27, 0x00, 0x1d, 0xab, 0xe8, 0xf3, 0x5b, 0x25,
1413 0xc9, 0xbe,
1414 },
1415 .order = {
1416 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1417 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3,
1418 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48,
1419 0x56, 0xa7,
1420 },
1421 };
1422
1423 static const struct {
1424 uint8_t p[40];
1425 uint8_t a[40];
1426 uint8_t b[40];
1427 uint8_t x[40];
1428 uint8_t y[40];
1429 uint8_t order[40];
1430 } _EC_brainpoolP320r1 = {
1431 .p = {
1432 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1433 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
1434 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
1435 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27,
1436 },
1437 .a = {
1438 0x3e, 0xe3, 0x0b, 0x56, 0x8f, 0xba, 0xb0, 0xf8, 0x83, 0xcc,
1439 0xeb, 0xd4, 0x6d, 0x3f, 0x3b, 0xb8, 0xa2, 0xa7, 0x35, 0x13,
1440 0xf5, 0xeb, 0x79, 0xda, 0x66, 0x19, 0x0e, 0xb0, 0x85, 0xff,
1441 0xa9, 0xf4, 0x92, 0xf3, 0x75, 0xa9, 0x7d, 0x86, 0x0e, 0xb4,
1442 },
1443 .b = {
1444 0x52, 0x08, 0x83, 0x94, 0x9d, 0xfd, 0xbc, 0x42, 0xd3, 0xad,
1445 0x19, 0x86, 0x40, 0x68, 0x8a, 0x6f, 0xe1, 0x3f, 0x41, 0x34,
1446 0x95, 0x54, 0xb4, 0x9a, 0xcc, 0x31, 0xdc, 0xcd, 0x88, 0x45,
1447 0x39, 0x81, 0x6f, 0x5e, 0xb4, 0xac, 0x8f, 0xb1, 0xf1, 0xa6,
1448 },
1449 .x = {
1450 0x43, 0xbd, 0x7e, 0x9a, 0xfb, 0x53, 0xd8, 0xb8, 0x52, 0x89,
1451 0xbc, 0xc4, 0x8e, 0xe5, 0xbf, 0xe6, 0xf2, 0x01, 0x37, 0xd1,
1452 0x0a, 0x08, 0x7e, 0xb6, 0xe7, 0x87, 0x1e, 0x2a, 0x10, 0xa5,
1453 0x99, 0xc7, 0x10, 0xaf, 0x8d, 0x0d, 0x39, 0xe2, 0x06, 0x11,
1454 },
1455 .y = {
1456 0x14, 0xfd, 0xd0, 0x55, 0x45, 0xec, 0x1c, 0xc8, 0xab, 0x40,
1457 0x93, 0x24, 0x7f, 0x77, 0x27, 0x5e, 0x07, 0x43, 0xff, 0xed,
1458 0x11, 0x71, 0x82, 0xea, 0xa9, 0xc7, 0x78, 0x77, 0xaa, 0xac,
1459 0x6a, 0xc7, 0xd3, 0x52, 0x45, 0xd1, 0x69, 0x2e, 0x8e, 0xe1,
1460 },
1461 .order = {
1462 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1463 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5,
1464 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86,
1465 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11,
1466 },
1467 };
1468
1469 static const struct {
1470 uint8_t p[40];
1471 uint8_t a[40];
1472 uint8_t b[40];
1473 uint8_t x[40];
1474 uint8_t y[40];
1475 uint8_t order[40];
1476 } _EC_brainpoolP320t1 = {
1477 .p = {
1478 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1479 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
1480 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
1481 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27,
1482 },
1483 .a = {
1484 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1485 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
1486 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
1487 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x24,
1488 },
1489 .b = {
1490 0xa7, 0xf5, 0x61, 0xe0, 0x38, 0xeb, 0x1e, 0xd5, 0x60, 0xb3,
1491 0xd1, 0x47, 0xdb, 0x78, 0x20, 0x13, 0x06, 0x4c, 0x19, 0xf2,
1492 0x7e, 0xd2, 0x7c, 0x67, 0x80, 0xaa, 0xf7, 0x7f, 0xb8, 0xa5,
1493 0x47, 0xce, 0xb5, 0xb4, 0xfe, 0xf4, 0x22, 0x34, 0x03, 0x53,
1494 },
1495 .x = {
1496 0x92, 0x5b, 0xe9, 0xfb, 0x01, 0xaf, 0xc6, 0xfb, 0x4d, 0x3e,
1497 0x7d, 0x49, 0x90, 0x01, 0x0f, 0x81, 0x34, 0x08, 0xab, 0x10,
1498 0x6c, 0x4f, 0x09, 0xcb, 0x7e, 0xe0, 0x78, 0x68, 0xcc, 0x13,
1499 0x6f, 0xff, 0x33, 0x57, 0xf6, 0x24, 0xa2, 0x1b, 0xed, 0x52,
1500 },
1501 .y = {
1502 0x63, 0xba, 0x3a, 0x7a, 0x27, 0x48, 0x3e, 0xbf, 0x66, 0x71,
1503 0xdb, 0xef, 0x7a, 0xbb, 0x30, 0xeb, 0xee, 0x08, 0x4e, 0x58,
1504 0xa0, 0xb0, 0x77, 0xad, 0x42, 0xa5, 0xa0, 0x98, 0x9d, 0x1e,
1505 0xe7, 0x1b, 0x1b, 0x9b, 0xc0, 0x45, 0x5f, 0xb0, 0xd2, 0xc3,
1506 },
1507 .order = {
1508 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1509 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5,
1510 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86,
1511 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11,
1512 },
1513 };
1514
1515 static const struct {
1516 uint8_t p[48];
1517 uint8_t a[48];
1518 uint8_t b[48];
1519 uint8_t x[48];
1520 uint8_t y[48];
1521 uint8_t order[48];
1522 } _EC_brainpoolP384r1 = {
1523 .p = {
1524 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1525 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1526 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
1527 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
1528 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53,
1529 },
1530 .a = {
1531 0x7b, 0xc3, 0x82, 0xc6, 0x3d, 0x8c, 0x15, 0x0c, 0x3c, 0x72,
1532 0x08, 0x0a, 0xce, 0x05, 0xaf, 0xa0, 0xc2, 0xbe, 0xa2, 0x8e,
1533 0x4f, 0xb2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xef, 0xba, 0x91,
1534 0xf9, 0x0f, 0x8a, 0xa5, 0x81, 0x4a, 0x50, 0x3a, 0xd4, 0xeb,
1535 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26,
1536 },
1537 .b = {
1538 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26, 0x8b, 0x39,
1539 0xb5, 0x54, 0x16, 0xf0, 0x44, 0x7c, 0x2f, 0xb7, 0x7d, 0xe1,
1540 0x07, 0xdc, 0xd2, 0xa6, 0x2e, 0x88, 0x0e, 0xa5, 0x3e, 0xeb,
1541 0x62, 0xd5, 0x7c, 0xb4, 0x39, 0x02, 0x95, 0xdb, 0xc9, 0x94,
1542 0x3a, 0xb7, 0x86, 0x96, 0xfa, 0x50, 0x4c, 0x11,
1543 },
1544 .x = {
1545 0x1d, 0x1c, 0x64, 0xf0, 0x68, 0xcf, 0x45, 0xff, 0xa2, 0xa6,
1546 0x3a, 0x81, 0xb7, 0xc1, 0x3f, 0x6b, 0x88, 0x47, 0xa3, 0xe7,
1547 0x7e, 0xf1, 0x4f, 0xe3, 0xdb, 0x7f, 0xca, 0xfe, 0x0c, 0xbd,
1548 0x10, 0xe8, 0xe8, 0x26, 0xe0, 0x34, 0x36, 0xd6, 0x46, 0xaa,
1549 0xef, 0x87, 0xb2, 0xe2, 0x47, 0xd4, 0xaf, 0x1e,
1550 },
1551 .y = {
1552 0x8a, 0xbe, 0x1d, 0x75, 0x20, 0xf9, 0xc2, 0xa4, 0x5c, 0xb1,
1553 0xeb, 0x8e, 0x95, 0xcf, 0xd5, 0x52, 0x62, 0xb7, 0x0b, 0x29,
1554 0xfe, 0xec, 0x58, 0x64, 0xe1, 0x9c, 0x05, 0x4f, 0xf9, 0x91,
1555 0x29, 0x28, 0x0e, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11,
1556 0x42, 0x82, 0x03, 0x41, 0x26, 0x3c, 0x53, 0x15,
1557 },
1558 .order = {
1559 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1560 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1561 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04,
1562 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10,
1563 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65,
1564 },
1565 };
1566
1567 static const struct {
1568 uint8_t p[48];
1569 uint8_t a[48];
1570 uint8_t b[48];
1571 uint8_t x[48];
1572 uint8_t y[48];
1573 uint8_t order[48];
1574 } _EC_brainpoolP384t1 = {
1575 .p = {
1576 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1577 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1578 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
1579 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
1580 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53,
1581 },
1582 .a = {
1583 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1584 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1585 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
1586 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
1587 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x50,
1588 },
1589 .b = {
1590 0x7f, 0x51, 0x9e, 0xad, 0xa7, 0xbd, 0xa8, 0x1b, 0xd8, 0x26,
1591 0xdb, 0xa6, 0x47, 0x91, 0x0f, 0x8c, 0x4b, 0x93, 0x46, 0xed,
1592 0x8c, 0xcd, 0xc6, 0x4e, 0x4b, 0x1a, 0xbd, 0x11, 0x75, 0x6d,
1593 0xce, 0x1d, 0x20, 0x74, 0xaa, 0x26, 0x3b, 0x88, 0x80, 0x5c,
1594 0xed, 0x70, 0x35, 0x5a, 0x33, 0xb4, 0x71, 0xee,
1595 },
1596 .x = {
1597 0x18, 0xde, 0x98, 0xb0, 0x2d, 0xb9, 0xa3, 0x06, 0xf2, 0xaf,
1598 0xcd, 0x72, 0x35, 0xf7, 0x2a, 0x81, 0x9b, 0x80, 0xab, 0x12,
1599 0xeb, 0xd6, 0x53, 0x17, 0x24, 0x76, 0xfe, 0xcd, 0x46, 0x2a,
1600 0xab, 0xff, 0xc4, 0xff, 0x19, 0x1b, 0x94, 0x6a, 0x5f, 0x54,
1601 0xd8, 0xd0, 0xaa, 0x2f, 0x41, 0x88, 0x08, 0xcc,
1602 },
1603 .y = {
1604 0x25, 0xab, 0x05, 0x69, 0x62, 0xd3, 0x06, 0x51, 0xa1, 0x14,
1605 0xaf, 0xd2, 0x75, 0x5a, 0xd3, 0x36, 0x74, 0x7f, 0x93, 0x47,
1606 0x5b, 0x7a, 0x1f, 0xca, 0x3b, 0x88, 0xf2, 0xb6, 0xa2, 0x08,
1607 0xcc, 0xfe, 0x46, 0x94, 0x08, 0x58, 0x4d, 0xc2, 0xb2, 0x91,
1608 0x26, 0x75, 0xbf, 0x5b, 0x9e, 0x58, 0x29, 0x28,
1609 },
1610 .order = {
1611 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1612 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1613 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04,
1614 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10,
1615 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65,
1616 },
1617 };
1618
1619 static const struct {
1620 uint8_t p[64];
1621 uint8_t a[64];
1622 uint8_t b[64];
1623 uint8_t x[64];
1624 uint8_t y[64];
1625 uint8_t order[64];
1626 } _EC_brainpoolP512r1 = {
1627 .p = {
1628 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1629 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1630 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1631 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
1632 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
1633 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
1634 0x58, 0x3a, 0x48, 0xf3,
1635 },
1636 .a = {
1637 0x78, 0x30, 0xa3, 0x31, 0x8b, 0x60, 0x3b, 0x89, 0xe2, 0x32,
1638 0x71, 0x45, 0xac, 0x23, 0x4c, 0xc5, 0x94, 0xcb, 0xdd, 0x8d,
1639 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98,
1640 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1,
1641 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11,
1642 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d,
1643 0x77, 0xfc, 0x94, 0xca,
1644 },
1645 .b = {
1646 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98,
1647 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1,
1648 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11,
1649 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d,
1650 0x77, 0xfc, 0x94, 0xca, 0xdc, 0x08, 0x3e, 0x67, 0x98, 0x40,
1651 0x50, 0xb7, 0x5e, 0xba, 0xe5, 0xdd, 0x28, 0x09, 0xbd, 0x63,
1652 0x80, 0x16, 0xf7, 0x23,
1653 },
1654 .x = {
1655 0x81, 0xae, 0xe4, 0xbd, 0xd8, 0x2e, 0xd9, 0x64, 0x5a, 0x21,
1656 0x32, 0x2e, 0x9c, 0x4c, 0x6a, 0x93, 0x85, 0xed, 0x9f, 0x70,
1657 0xb5, 0xd9, 0x16, 0xc1, 0xb4, 0x3b, 0x62, 0xee, 0xf4, 0xd0,
1658 0x09, 0x8e, 0xff, 0x3b, 0x1f, 0x78, 0xe2, 0xd0, 0xd4, 0x8d,
1659 0x50, 0xd1, 0x68, 0x7b, 0x93, 0xb9, 0x7d, 0x5f, 0x7c, 0x6d,
1660 0x50, 0x47, 0x40, 0x6a, 0x5e, 0x68, 0x8b, 0x35, 0x22, 0x09,
1661 0xbc, 0xb9, 0xf8, 0x22,
1662 },
1663 .y = {
1664 0x7d, 0xde, 0x38, 0x5d, 0x56, 0x63, 0x32, 0xec, 0xc0, 0xea,
1665 0xbf, 0xa9, 0xcf, 0x78, 0x22, 0xfd, 0xf2, 0x09, 0xf7, 0x00,
1666 0x24, 0xa5, 0x7b, 0x1a, 0xa0, 0x00, 0xc5, 0x5b, 0x88, 0x1f,
1667 0x81, 0x11, 0xb2, 0xdc, 0xde, 0x49, 0x4a, 0x5f, 0x48, 0x5e,
1668 0x5b, 0xca, 0x4b, 0xd8, 0x8a, 0x27, 0x63, 0xae, 0xd1, 0xca,
1669 0x2b, 0x2f, 0xa8, 0xf0, 0x54, 0x06, 0x78, 0xcd, 0x1e, 0x0f,
1670 0x3a, 0xd8, 0x08, 0x92,
1671 },
1672 .order = {
1673 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1674 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1675 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1676 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19,
1677 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1,
1678 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82,
1679 0x9c, 0xa9, 0x00, 0x69,
1680 },
1681 };
1682
1683 static const struct {
1684 uint8_t p[64];
1685 uint8_t a[64];
1686 uint8_t b[64];
1687 uint8_t x[64];
1688 uint8_t y[64];
1689 uint8_t order[64];
1690 } _EC_brainpoolP512t1 = {
1691 .p = {
1692 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1693 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1694 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1695 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
1696 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
1697 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
1698 0x58, 0x3a, 0x48, 0xf3,
1699 },
1700 .a = {
1701 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1702 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1703 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1704 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
1705 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
1706 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
1707 0x58, 0x3a, 0x48, 0xf0,
1708 },
1709 .b = {
1710 0x7c, 0xbb, 0xbc, 0xf9, 0x44, 0x1c, 0xfa, 0xb7, 0x6e, 0x18,
1711 0x90, 0xe4, 0x68, 0x84, 0xea, 0xe3, 0x21, 0xf7, 0x0c, 0x0b,
1712 0xcb, 0x49, 0x81, 0x52, 0x78, 0x97, 0x50, 0x4b, 0xec, 0x3e,
1713 0x36, 0xa6, 0x2b, 0xcd, 0xfa, 0x23, 0x04, 0x97, 0x65, 0x40,
1714 0xf6, 0x45, 0x00, 0x85, 0xf2, 0xda, 0xe1, 0x45, 0xc2, 0x25,
1715 0x53, 0xb4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0e, 0xa2, 0x57,
1716 0x18, 0x67, 0x42, 0x3e,
1717 },
1718 .x = {
1719 0x64, 0x0e, 0xce, 0x5c, 0x12, 0x78, 0x87, 0x17, 0xb9, 0xc1,
1720 0xba, 0x06, 0xcb, 0xc2, 0xa6, 0xfe, 0xba, 0x85, 0x84, 0x24,
1721 0x58, 0xc5, 0x6d, 0xde, 0x9d, 0xb1, 0x75, 0x8d, 0x39, 0xc0,
1722 0x31, 0x3d, 0x82, 0xba, 0x51, 0x73, 0x5c, 0xdb, 0x3e, 0xa4,
1723 0x99, 0xaa, 0x77, 0xa7, 0xd6, 0x94, 0x3a, 0x64, 0xf7, 0xa3,
1724 0xf2, 0x5f, 0xe2, 0x6f, 0x06, 0xb5, 0x1b, 0xaa, 0x26, 0x96,
1725 0xfa, 0x90, 0x35, 0xda,
1726 },
1727 .y = {
1728 0x5b, 0x53, 0x4b, 0xd5, 0x95, 0xf5, 0xaf, 0x0f, 0xa2, 0xc8,
1729 0x92, 0x37, 0x6c, 0x84, 0xac, 0xe1, 0xbb, 0x4e, 0x30, 0x19,
1730 0xb7, 0x16, 0x34, 0xc0, 0x11, 0x31, 0x15, 0x9c, 0xae, 0x03,
1731 0xce, 0xe9, 0xd9, 0x93, 0x21, 0x84, 0xbe, 0xef, 0x21, 0x6b,
1732 0xd7, 0x1d, 0xf2, 0xda, 0xdf, 0x86, 0xa6, 0x27, 0x30, 0x6e,
1733 0xcf, 0xf9, 0x6d, 0xbb, 0x8b, 0xac, 0xe1, 0x98, 0xb6, 0x1e,
1734 0x00, 0xf8, 0xb3, 0x32,
1735 },
1736 .order = {
1737 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1738 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1739 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1740 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19,
1741 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1,
1742 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82,
1743 0x9c, 0xa9, 0x00, 0x69,
1744 },
1745 };
1746
1747 static const struct {
1748 uint8_t p[32];
1749 uint8_t a[32];
1750 uint8_t b[32];
1751 uint8_t x[32];
1752 uint8_t y[32];
1753 uint8_t order[32];
1754 } _EC_FRP256v1 = {
1755 .p = {
1756 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1757 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc,
1758 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e,
1759 0x9c, 0x03,
1760 },
1761 .a = {
1762 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1763 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc,
1764 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e,
1765 0x9c, 0x00,
1766 },
1767 .b = {
1768 0xee, 0x35, 0x3f, 0xca, 0x54, 0x28, 0xa9, 0x30, 0x0d, 0x4a,
1769 0xba, 0x75, 0x4a, 0x44, 0xc0, 0x0f, 0xdf, 0xec, 0x0c, 0x9a,
1770 0xe4, 0xb1, 0xa1, 0x80, 0x30, 0x75, 0xed, 0x96, 0x7b, 0x7b,
1771 0xb7, 0x3f,
1772 },
1773 .x = {
1774 0xb6, 0xb3, 0xd4, 0xc3, 0x56, 0xc1, 0x39, 0xeb, 0x31, 0x18,
1775 0x3d, 0x47, 0x49, 0xd4, 0x23, 0x95, 0x8c, 0x27, 0xd2, 0xdc,
1776 0xaf, 0x98, 0xb7, 0x01, 0x64, 0xc9, 0x7a, 0x2d, 0xd9, 0x8f,
1777 0x5c, 0xff,
1778 },
1779 .y = {
1780 0x61, 0x42, 0xe0, 0xf7, 0xc8, 0xb2, 0x04, 0x91, 0x1f, 0x92,
1781 0x71, 0xf0, 0xf3, 0xec, 0xef, 0x8c, 0x27, 0x01, 0xc3, 0x07,
1782 0xe8, 0xe4, 0xc9, 0xe1, 0x83, 0x11, 0x5a, 0x15, 0x54, 0x06,
1783 0x2c, 0xfb,
1784 },
1785 .order = {
1786 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1787 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x53, 0xdc, 0x67, 0xe1,
1788 0x40, 0xd2, 0xbf, 0x94, 0x1f, 0xfd, 0xd4, 0x59, 0xc6, 0xd6,
1789 0x55, 0xe1,
1790 },
1791 };
1792
1793 static const struct ec_list_element {
1794 const char *comment;
1795 int nid;
1796 int seed_len;
1797 int param_len;
1798 unsigned int cofactor;
1799 const uint8_t *seed;
1800 const uint8_t *p;
1801 const uint8_t *a;
1802 const uint8_t *b;
1803 const uint8_t *x;
1804 const uint8_t *y;
1805 const uint8_t *order;
1806 } curve_list[] = {
1807 /* secg curves */
1808 {
1809 .comment = "SECG/WTLS curve over a 112 bit prime field",
1810 .nid = NID_secp112r1,
1811 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed),
1812 .param_len = sizeof(_EC_SECG_PRIME_112R1.p),
1813 .seed = _EC_SECG_PRIME_112R1.seed,
1814 .p = _EC_SECG_PRIME_112R1.p,
1815 .a = _EC_SECG_PRIME_112R1.a,
1816 .b = _EC_SECG_PRIME_112R1.b,
1817 .x = _EC_SECG_PRIME_112R1.x,
1818 .y = _EC_SECG_PRIME_112R1.y,
1819 .order = _EC_SECG_PRIME_112R1.order,
1820 .cofactor = 1,
1821 },
1822 {
1823 .comment = "SECG curve over a 112 bit prime field",
1824 .nid = NID_secp112r2,
1825 .seed_len = sizeof(_EC_SECG_PRIME_112R2.seed),
1826 .param_len = sizeof(_EC_SECG_PRIME_112R2.p),
1827 .seed = _EC_SECG_PRIME_112R2.seed,
1828 .p = _EC_SECG_PRIME_112R2.p,
1829 .a = _EC_SECG_PRIME_112R2.a,
1830 .b = _EC_SECG_PRIME_112R2.b,
1831 .x = _EC_SECG_PRIME_112R2.x,
1832 .y = _EC_SECG_PRIME_112R2.y,
1833 .order = _EC_SECG_PRIME_112R2.order,
1834 .cofactor = 4,
1835 },
1836 {
1837 .comment = "SECG curve over a 128 bit prime field",
1838 .nid = NID_secp128r1,
1839 .seed_len = sizeof(_EC_SECG_PRIME_128R1.seed),
1840 .param_len = sizeof(_EC_SECG_PRIME_128R1.p),
1841 .seed = _EC_SECG_PRIME_128R1.seed,
1842 .p = _EC_SECG_PRIME_128R1.p,
1843 .a = _EC_SECG_PRIME_128R1.a,
1844 .b = _EC_SECG_PRIME_128R1.b,
1845 .x = _EC_SECG_PRIME_128R1.x,
1846 .y = _EC_SECG_PRIME_128R1.y,
1847 .order = _EC_SECG_PRIME_128R1.order,
1848 .cofactor = 1,
1849 },
1850 {
1851 .comment = "SECG curve over a 128 bit prime field",
1852 .nid = NID_secp128r2,
1853 .seed_len = sizeof(_EC_SECG_PRIME_128R2.seed),
1854 .param_len = sizeof(_EC_SECG_PRIME_128R2.p),
1855 .seed = _EC_SECG_PRIME_128R2.seed,
1856 .p = _EC_SECG_PRIME_128R2.p,
1857 .a = _EC_SECG_PRIME_128R2.a,
1858 .b = _EC_SECG_PRIME_128R2.b,
1859 .x = _EC_SECG_PRIME_128R2.x,
1860 .y = _EC_SECG_PRIME_128R2.y,
1861 .order = _EC_SECG_PRIME_128R2.order,
1862 .cofactor = 4,
1863 },
1864 {
1865 .comment = "SECG curve over a 160 bit prime field",
1866 .nid = NID_secp160k1,
1867 .param_len = sizeof(_EC_SECG_PRIME_160K1.p),
1868 .p = _EC_SECG_PRIME_160K1.p,
1869 .a = _EC_SECG_PRIME_160K1.a,
1870 .b = _EC_SECG_PRIME_160K1.b,
1871 .x = _EC_SECG_PRIME_160K1.x,
1872 .y = _EC_SECG_PRIME_160K1.y,
1873 .order = _EC_SECG_PRIME_160K1.order,
1874 .cofactor = 1,
1875 },
1876 {
1877 .comment = "SECG curve over a 160 bit prime field",
1878 .nid = NID_secp160r1,
1879 .seed_len = sizeof(_EC_SECG_PRIME_160R1.seed),
1880 .param_len = sizeof(_EC_SECG_PRIME_160R1.p),
1881 .seed = _EC_SECG_PRIME_160R1.seed,
1882 .p = _EC_SECG_PRIME_160R1.p,
1883 .a = _EC_SECG_PRIME_160R1.a,
1884 .b = _EC_SECG_PRIME_160R1.b,
1885 .x = _EC_SECG_PRIME_160R1.x,
1886 .y = _EC_SECG_PRIME_160R1.y,
1887 .order = _EC_SECG_PRIME_160R1.order,
1888 .cofactor = 1,
1889 },
1890 {
1891 .comment = "SECG/WTLS curve over a 160 bit prime field",
1892 .nid = NID_secp160r2,
1893 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed),
1894 .param_len = sizeof(_EC_SECG_PRIME_160R2.p),
1895 .seed = _EC_SECG_PRIME_160R2.seed,
1896 .p = _EC_SECG_PRIME_160R2.p,
1897 .a = _EC_SECG_PRIME_160R2.a,
1898 .b = _EC_SECG_PRIME_160R2.b,
1899 .x = _EC_SECG_PRIME_160R2.x,
1900 .y = _EC_SECG_PRIME_160R2.y,
1901 .order = _EC_SECG_PRIME_160R2.order,
1902 .cofactor = 1,
1903 },
1904 /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
1905 {
1906 .comment = "SECG curve over a 192 bit prime field",
1907 .nid = NID_secp192k1,
1908 .param_len = sizeof(_EC_SECG_PRIME_192K1.p),
1909 .p = _EC_SECG_PRIME_192K1.p,
1910 .a = _EC_SECG_PRIME_192K1.a,
1911 .b = _EC_SECG_PRIME_192K1.b,
1912 .x = _EC_SECG_PRIME_192K1.x,
1913 .y = _EC_SECG_PRIME_192K1.y,
1914 .order = _EC_SECG_PRIME_192K1.order,
1915 .cofactor = 1,
1916 },
1917 {
1918 .comment = "SECG curve over a 224 bit prime field",
1919 .nid = NID_secp224k1,
1920 .param_len = sizeof(_EC_SECG_PRIME_224K1.p),
1921 .p = _EC_SECG_PRIME_224K1.p,
1922 .a = _EC_SECG_PRIME_224K1.a,
1923 .b = _EC_SECG_PRIME_224K1.b,
1924 .x = _EC_SECG_PRIME_224K1.x,
1925 .y = _EC_SECG_PRIME_224K1.y,
1926 .order = _EC_SECG_PRIME_224K1.order,
1927 .cofactor = 1,
1928 },
1929 {
1930 .comment = "NIST/SECG curve over a 224 bit prime field",
1931 .nid = NID_secp224r1,
1932 .seed_len = sizeof(_EC_NIST_PRIME_224.seed),
1933 .param_len = sizeof(_EC_NIST_PRIME_224.p),
1934 .seed = _EC_NIST_PRIME_224.seed,
1935 .p = _EC_NIST_PRIME_224.p,
1936 .a = _EC_NIST_PRIME_224.a,
1937 .b = _EC_NIST_PRIME_224.b,
1938 .x = _EC_NIST_PRIME_224.x,
1939 .y = _EC_NIST_PRIME_224.y,
1940 .order = _EC_NIST_PRIME_224.order,
1941 .cofactor = 1,
1942 },
1943 {
1944 .comment = "SECG curve over a 256 bit prime field",
1945 .nid = NID_secp256k1,
1946 .param_len = sizeof(_EC_SECG_PRIME_256K1.p),
1947 .p = _EC_SECG_PRIME_256K1.p,
1948 .a = _EC_SECG_PRIME_256K1.a,
1949 .b = _EC_SECG_PRIME_256K1.b,
1950 .x = _EC_SECG_PRIME_256K1.x,
1951 .y = _EC_SECG_PRIME_256K1.y,
1952 .order = _EC_SECG_PRIME_256K1.order,
1953 .cofactor = 1,
1954 },
1955 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
1956 {
1957 .comment = "NIST/SECG curve over a 384 bit prime field",
1958 .nid = NID_secp384r1,
1959 .seed_len = sizeof(_EC_NIST_PRIME_384.seed),
1960 .param_len = sizeof(_EC_NIST_PRIME_384.p),
1961 .seed = _EC_NIST_PRIME_384.seed,
1962 .p = _EC_NIST_PRIME_384.p,
1963 .a = _EC_NIST_PRIME_384.a,
1964 .b = _EC_NIST_PRIME_384.b,
1965 .x = _EC_NIST_PRIME_384.x,
1966 .y = _EC_NIST_PRIME_384.y,
1967 .order = _EC_NIST_PRIME_384.order,
1968 .cofactor = 1,
1969 },
1970 {
1971 .comment = "NIST/SECG curve over a 521 bit prime field",
1972 .nid = NID_secp521r1,
1973 .seed_len = sizeof(_EC_NIST_PRIME_521.seed),
1974 .param_len = sizeof(_EC_NIST_PRIME_521.p),
1975 .seed = _EC_NIST_PRIME_521.seed,
1976 .p = _EC_NIST_PRIME_521.p,
1977 .a = _EC_NIST_PRIME_521.a,
1978 .b = _EC_NIST_PRIME_521.b,
1979 .x = _EC_NIST_PRIME_521.x,
1980 .y = _EC_NIST_PRIME_521.y,
1981 .order = _EC_NIST_PRIME_521.order,
1982 .cofactor = 1,
1983 },
1984 /* X9.62 curves */
1985 {
1986 .comment = "NIST/X9.62/SECG curve over a 192 bit prime field",
1987 .nid = NID_X9_62_prime192v1,
1988 .seed_len = sizeof(_EC_NIST_PRIME_192.seed),
1989 .param_len = sizeof(_EC_NIST_PRIME_192.p),
1990 .seed = _EC_NIST_PRIME_192.seed,
1991 .p = _EC_NIST_PRIME_192.p,
1992 .a = _EC_NIST_PRIME_192.a,
1993 .b = _EC_NIST_PRIME_192.b,
1994 .x = _EC_NIST_PRIME_192.x,
1995 .y = _EC_NIST_PRIME_192.y,
1996 .order = _EC_NIST_PRIME_192.order,
1997 .cofactor = 1,
1998 },
1999 {
2000 .comment = "X9.62 curve over a 192 bit prime field",
2001 .nid = NID_X9_62_prime192v2,
2002 .seed_len = sizeof(_EC_X9_62_PRIME_192V2.seed),
2003 .param_len = sizeof(_EC_X9_62_PRIME_192V2.p),
2004 .seed = _EC_X9_62_PRIME_192V2.seed,
2005 .p = _EC_X9_62_PRIME_192V2.p,
2006 .a = _EC_X9_62_PRIME_192V2.a,
2007 .b = _EC_X9_62_PRIME_192V2.b,
2008 .x = _EC_X9_62_PRIME_192V2.x,
2009 .y = _EC_X9_62_PRIME_192V2.y,
2010 .order = _EC_X9_62_PRIME_192V2.order,
2011 .cofactor = 1,
2012 },
2013 {
2014 .comment = "X9.62 curve over a 192 bit prime field",
2015 .nid = NID_X9_62_prime192v3,
2016 .seed_len = sizeof(_EC_X9_62_PRIME_192V3.seed),
2017 .param_len = sizeof(_EC_X9_62_PRIME_192V3.p),
2018 .seed = _EC_X9_62_PRIME_192V3.seed,
2019 .p = _EC_X9_62_PRIME_192V3.p,
2020 .a = _EC_X9_62_PRIME_192V3.a,
2021 .b = _EC_X9_62_PRIME_192V3.b,
2022 .x = _EC_X9_62_PRIME_192V3.x,
2023 .y = _EC_X9_62_PRIME_192V3.y,
2024 .order = _EC_X9_62_PRIME_192V3.order,
2025 .cofactor = 1,
2026 },
2027 {
2028 .comment = "X9.62 curve over a 239 bit prime field",
2029 .nid = NID_X9_62_prime239v1,
2030 .seed_len = sizeof(_EC_X9_62_PRIME_239V1.seed),
2031 .param_len = sizeof(_EC_X9_62_PRIME_239V1.p),
2032 .seed = _EC_X9_62_PRIME_239V1.seed,
2033 .p = _EC_X9_62_PRIME_239V1.p,
2034 .a = _EC_X9_62_PRIME_239V1.a,
2035 .b = _EC_X9_62_PRIME_239V1.b,
2036 .x = _EC_X9_62_PRIME_239V1.x,
2037 .y = _EC_X9_62_PRIME_239V1.y,
2038 .order = _EC_X9_62_PRIME_239V1.order,
2039 .cofactor = 1,
2040 },
2041 {
2042 .comment = "X9.62 curve over a 239 bit prime field",
2043 .nid = NID_X9_62_prime239v2,
2044 .seed_len = sizeof(_EC_X9_62_PRIME_239V2.seed),
2045 .param_len = sizeof(_EC_X9_62_PRIME_239V2.p),
2046 .seed = _EC_X9_62_PRIME_239V2.seed,
2047 .p = _EC_X9_62_PRIME_239V2.p,
2048 .a = _EC_X9_62_PRIME_239V2.a,
2049 .b = _EC_X9_62_PRIME_239V2.b,
2050 .x = _EC_X9_62_PRIME_239V2.x,
2051 .y = _EC_X9_62_PRIME_239V2.y,
2052 .order = _EC_X9_62_PRIME_239V2.order,
2053 .cofactor = 1,
2054 },
2055 {
2056 .comment = "X9.62 curve over a 239 bit prime field",
2057 .nid = NID_X9_62_prime239v3,
2058 .seed_len = sizeof(_EC_X9_62_PRIME_239V3.seed),
2059 .param_len = sizeof(_EC_X9_62_PRIME_239V3.p),
2060 .seed = _EC_X9_62_PRIME_239V3.seed,
2061 .p = _EC_X9_62_PRIME_239V3.p,
2062 .a = _EC_X9_62_PRIME_239V3.a,
2063 .b = _EC_X9_62_PRIME_239V3.b,
2064 .x = _EC_X9_62_PRIME_239V3.x,
2065 .y = _EC_X9_62_PRIME_239V3.y,
2066 .order = _EC_X9_62_PRIME_239V3.order,
2067 .cofactor = 1,
2068 },
2069 {
2070 .comment = "X9.62/SECG curve over a 256 bit prime field",
2071 .nid = NID_X9_62_prime256v1,
2072 .seed_len = sizeof(_EC_X9_62_PRIME_256V1.seed),
2073 .param_len = sizeof(_EC_X9_62_PRIME_256V1.p),
2074 .seed = _EC_X9_62_PRIME_256V1.seed,
2075 .p = _EC_X9_62_PRIME_256V1.p,
2076 .a = _EC_X9_62_PRIME_256V1.a,
2077 .b = _EC_X9_62_PRIME_256V1.b,
2078 .x = _EC_X9_62_PRIME_256V1.x,
2079 .y = _EC_X9_62_PRIME_256V1.y,
2080 .order = _EC_X9_62_PRIME_256V1.order,
2081 .cofactor = 1,
2082 },
2083 {
2084 .comment = "SECG/WTLS curve over a 112 bit prime field",
2085 .nid = NID_wap_wsg_idm_ecid_wtls6,
2086 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed),
2087 .param_len = sizeof(_EC_SECG_PRIME_112R1.p),
2088 .seed = _EC_SECG_PRIME_112R1.seed,
2089 .p = _EC_SECG_PRIME_112R1.p,
2090 .a = _EC_SECG_PRIME_112R1.a,
2091 .b = _EC_SECG_PRIME_112R1.b,
2092 .x = _EC_SECG_PRIME_112R1.x,
2093 .y = _EC_SECG_PRIME_112R1.y,
2094 .order = _EC_SECG_PRIME_112R1.order,
2095 .cofactor = 1,
2096 },
2097 {
2098 .comment = "SECG/WTLS curve over a 160 bit prime field",
2099 .nid = NID_wap_wsg_idm_ecid_wtls7,
2100 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed),
2101 .param_len = sizeof(_EC_SECG_PRIME_160R2.p),
2102 .seed = _EC_SECG_PRIME_160R2.seed,
2103 .p = _EC_SECG_PRIME_160R2.p,
2104 .a = _EC_SECG_PRIME_160R2.a,
2105 .b = _EC_SECG_PRIME_160R2.b,
2106 .x = _EC_SECG_PRIME_160R2.x,
2107 .y = _EC_SECG_PRIME_160R2.y,
2108 .order = _EC_SECG_PRIME_160R2.order,
2109 .cofactor = 1,
2110 },
2111 {
2112 .comment = "WTLS curve over a 112 bit prime field",
2113 .nid = NID_wap_wsg_idm_ecid_wtls8,
2114 .param_len = sizeof(_EC_WTLS_8.p),
2115 .p = _EC_WTLS_8.p,
2116 .a = _EC_WTLS_8.a,
2117 .b = _EC_WTLS_8.b,
2118 .x = _EC_WTLS_8.x,
2119 .y = _EC_WTLS_8.y,
2120 .order = _EC_WTLS_8.order,
2121 .cofactor = 1,
2122 },
2123 {
2124 .comment = "WTLS curve over a 160 bit prime field",
2125 .nid = NID_wap_wsg_idm_ecid_wtls9,
2126 .param_len = sizeof(_EC_WTLS_9.p),
2127 .p = _EC_WTLS_9.p,
2128 .a = _EC_WTLS_9.a,
2129 .b = _EC_WTLS_9.b,
2130 .x = _EC_WTLS_9.x,
2131 .y = _EC_WTLS_9.y,
2132 .order = _EC_WTLS_9.order,
2133 .cofactor = 1,
2134 },
2135 {
2136 .comment = "WTLS curve over a 224 bit prime field",
2137 .nid = NID_wap_wsg_idm_ecid_wtls12,
2138 .param_len = sizeof(_EC_WTLS_12.p),
2139 .p = _EC_WTLS_12.p,
2140 .a = _EC_WTLS_12.a,
2141 .b = _EC_WTLS_12.b,
2142 .x = _EC_WTLS_12.x,
2143 .y = _EC_WTLS_12.y,
2144 .order = _EC_WTLS_12.order,
2145 .cofactor = 1,
2146 },
2147 /* RFC 5639 curves */
2148 {
2149 .comment = "RFC 5639 curve over a 160 bit prime field",
2150 .nid = NID_brainpoolP160r1,
2151 .param_len = sizeof(_EC_brainpoolP160r1.p),
2152 .p = _EC_brainpoolP160r1.p,
2153 .a = _EC_brainpoolP160r1.a,
2154 .b = _EC_brainpoolP160r1.b,
2155 .x = _EC_brainpoolP160r1.x,
2156 .y = _EC_brainpoolP160r1.y,
2157 .order = _EC_brainpoolP160r1.order,
2158 .cofactor = 1,
2159 },
2160 {
2161 .comment = "RFC 5639 curve over a 160 bit prime field",
2162 .nid = NID_brainpoolP160t1,
2163 .param_len = sizeof(_EC_brainpoolP160t1.p),
2164 .p = _EC_brainpoolP160t1.p,
2165 .a = _EC_brainpoolP160t1.a,
2166 .b = _EC_brainpoolP160t1.b,
2167 .x = _EC_brainpoolP160t1.x,
2168 .y = _EC_brainpoolP160t1.y,
2169 .order = _EC_brainpoolP160t1.order,
2170 .cofactor = 1,
2171 },
2172 {
2173 .comment = "RFC 5639 curve over a 192 bit prime field",
2174 .nid = NID_brainpoolP192r1,
2175 .param_len = sizeof(_EC_brainpoolP192r1.p),
2176 .p = _EC_brainpoolP192r1.p,
2177 .a = _EC_brainpoolP192r1.a,
2178 .b = _EC_brainpoolP192r1.b,
2179 .x = _EC_brainpoolP192r1.x,
2180 .y = _EC_brainpoolP192r1.y,
2181 .order = _EC_brainpoolP192r1.order,
2182 .cofactor = 1,
2183 },
2184 {
2185 .comment = "RFC 5639 curve over a 192 bit prime field",
2186 .nid = NID_brainpoolP192t1,
2187 .param_len = sizeof(_EC_brainpoolP192t1.p),
2188 .p = _EC_brainpoolP192t1.p,
2189 .a = _EC_brainpoolP192t1.a,
2190 .b = _EC_brainpoolP192t1.b,
2191 .x = _EC_brainpoolP192t1.x,
2192 .y = _EC_brainpoolP192t1.y,
2193 .order = _EC_brainpoolP192t1.order,
2194 .cofactor = 1,
2195 },
2196 {
2197 .comment = "RFC 5639 curve over a 224 bit prime field",
2198 .nid = NID_brainpoolP224r1,
2199 .param_len = sizeof(_EC_brainpoolP224r1.p),
2200 .p = _EC_brainpoolP224r1.p,
2201 .a = _EC_brainpoolP224r1.a,
2202 .b = _EC_brainpoolP224r1.b,
2203 .x = _EC_brainpoolP224r1.x,
2204 .y = _EC_brainpoolP224r1.y,
2205 .order = _EC_brainpoolP224r1.order,
2206 .cofactor = 1,
2207 },
2208 {
2209 .comment = "RFC 5639 curve over a 224 bit prime field",
2210 .nid = NID_brainpoolP224t1,
2211 .param_len = sizeof(_EC_brainpoolP224t1.p),
2212 .p = _EC_brainpoolP224t1.p,
2213 .a = _EC_brainpoolP224t1.a,
2214 .b = _EC_brainpoolP224t1.b,
2215 .x = _EC_brainpoolP224t1.x,
2216 .y = _EC_brainpoolP224t1.y,
2217 .order = _EC_brainpoolP224t1.order,
2218 .cofactor = 1,
2219 },
2220 {
2221 .comment = "RFC 5639 curve over a 256 bit prime field",
2222 .nid = NID_brainpoolP256r1,
2223 .param_len = sizeof(_EC_brainpoolP256r1.p),
2224 .p = _EC_brainpoolP256r1.p,
2225 .a = _EC_brainpoolP256r1.a,
2226 .b = _EC_brainpoolP256r1.b,
2227 .x = _EC_brainpoolP256r1.x,
2228 .y = _EC_brainpoolP256r1.y,
2229 .order = _EC_brainpoolP256r1.order,
2230 .cofactor = 1,
2231 },
2232 {
2233 .comment = "RFC 5639 curve over a 256 bit prime field",
2234 .nid = NID_brainpoolP256t1,
2235 .param_len = sizeof(_EC_brainpoolP256t1.p),
2236 .p = _EC_brainpoolP256t1.p,
2237 .a = _EC_brainpoolP256t1.a,
2238 .b = _EC_brainpoolP256t1.b,
2239 .x = _EC_brainpoolP256t1.x,
2240 .y = _EC_brainpoolP256t1.y,
2241 .order = _EC_brainpoolP256t1.order,
2242 .cofactor = 1,
2243 },
2244 {
2245 .comment = "RFC 5639 curve over a 320 bit prime field",
2246 .nid = NID_brainpoolP320r1,
2247 .param_len = sizeof(_EC_brainpoolP320r1.p),
2248 .p = _EC_brainpoolP320r1.p,
2249 .a = _EC_brainpoolP320r1.a,
2250 .b = _EC_brainpoolP320r1.b,
2251 .x = _EC_brainpoolP320r1.x,
2252 .y = _EC_brainpoolP320r1.y,
2253 .order = _EC_brainpoolP320r1.order,
2254 .cofactor = 1,
2255 },
2256 {
2257 .comment = "RFC 5639 curve over a 320 bit prime field",
2258 .nid = NID_brainpoolP320t1,
2259 .param_len = sizeof(_EC_brainpoolP320t1.p),
2260 .p = _EC_brainpoolP320t1.p,
2261 .a = _EC_brainpoolP320t1.a,
2262 .b = _EC_brainpoolP320t1.b,
2263 .x = _EC_brainpoolP320t1.x,
2264 .y = _EC_brainpoolP320t1.y,
2265 .order = _EC_brainpoolP320t1.order,
2266 .cofactor = 1,
2267 },
2268 {
2269 .comment = "RFC 5639 curve over a 384 bit prime field",
2270 .nid = NID_brainpoolP384r1,
2271 .param_len = sizeof(_EC_brainpoolP384r1.p),
2272 .p = _EC_brainpoolP384r1.p,
2273 .a = _EC_brainpoolP384r1.a,
2274 .b = _EC_brainpoolP384r1.b,
2275 .x = _EC_brainpoolP384r1.x,
2276 .y = _EC_brainpoolP384r1.y,
2277 .order = _EC_brainpoolP384r1.order,
2278 .cofactor = 1,
2279 },
2280 {
2281 .comment = "RFC 5639 curve over a 384 bit prime field",
2282 .nid = NID_brainpoolP384t1,
2283 .param_len = sizeof(_EC_brainpoolP384t1.p),
2284 .p = _EC_brainpoolP384t1.p,
2285 .a = _EC_brainpoolP384t1.a,
2286 .b = _EC_brainpoolP384t1.b,
2287 .x = _EC_brainpoolP384t1.x,
2288 .y = _EC_brainpoolP384t1.y,
2289 .order = _EC_brainpoolP384t1.order,
2290 .cofactor = 1,
2291 },
2292 {
2293 .comment = "RFC 5639 curve over a 512 bit prime field",
2294 .nid = NID_brainpoolP512r1,
2295 .param_len = sizeof(_EC_brainpoolP512r1.p),
2296 .p = _EC_brainpoolP512r1.p,
2297 .a = _EC_brainpoolP512r1.a,
2298 .b = _EC_brainpoolP512r1.b,
2299 .x = _EC_brainpoolP512r1.x,
2300 .y = _EC_brainpoolP512r1.y,
2301 .order = _EC_brainpoolP512r1.order,
2302 .cofactor = 1,
2303 },
2304 {
2305 .comment = "RFC 5639 curve over a 512 bit prime field",
2306 .nid = NID_brainpoolP512t1,
2307 .param_len = sizeof(_EC_brainpoolP512t1.p),
2308 .p = _EC_brainpoolP512t1.p,
2309 .a = _EC_brainpoolP512t1.a,
2310 .b = _EC_brainpoolP512t1.b,
2311 .x = _EC_brainpoolP512t1.x,
2312 .y = _EC_brainpoolP512t1.y,
2313 .order = _EC_brainpoolP512t1.order,
2314 .cofactor = 1,
2315 },
2316 /* ANSSI */
2317 {
2318 .comment = "FRP256v1",
2319 .nid = NID_FRP256v1,
2320 .param_len = sizeof(_EC_FRP256v1.p),
2321 .p = _EC_FRP256v1.p,
2322 .a = _EC_FRP256v1.a,
2323 .b = _EC_FRP256v1.b,
2324 .x = _EC_FRP256v1.x,
2325 .y = _EC_FRP256v1.y,
2326 .order = _EC_FRP256v1.order,
2327 .cofactor = 1,
2328 },
2329 };
2330
2331 #define CURVE_LIST_LENGTH (sizeof(curve_list) / sizeof(curve_list[0]))
2332
2333 static EC_GROUP *
ec_group_new_from_data(const struct ec_list_element * curve)2334 ec_group_new_from_data(const struct ec_list_element *curve)
2335 {
2336 EC_GROUP *group = NULL, *ret = NULL;
2337 EC_POINT *generator = NULL;
2338 BN_CTX *ctx = NULL;
2339 BIGNUM *p, *a, *b, *x, *y, *order, *cofactor;
2340
2341 if ((ctx = BN_CTX_new()) == NULL) {
2342 ECerror(ERR_R_MALLOC_FAILURE);
2343 goto err;
2344 }
2345 BN_CTX_start(ctx);
2346
2347 if ((p = BN_CTX_get(ctx)) == NULL) {
2348 ECerror(ERR_R_BN_LIB);
2349 goto err;
2350 }
2351 if ((a = BN_CTX_get(ctx)) == NULL) {
2352 ECerror(ERR_R_BN_LIB);
2353 goto err;
2354 }
2355 if ((b = BN_CTX_get(ctx)) == NULL) {
2356 ECerror(ERR_R_BN_LIB);
2357 goto err;
2358 }
2359 if ((x = BN_CTX_get(ctx)) == NULL) {
2360 ECerror(ERR_R_BN_LIB);
2361 goto err;
2362 }
2363 if ((y = BN_CTX_get(ctx)) == NULL) {
2364 ECerror(ERR_R_BN_LIB);
2365 goto err;
2366 }
2367 if ((order = BN_CTX_get(ctx)) == NULL) {
2368 ECerror(ERR_R_BN_LIB);
2369 goto err;
2370 }
2371 if ((cofactor = BN_CTX_get(ctx)) == NULL) {
2372 ECerror(ERR_R_BN_LIB);
2373 goto err;
2374 }
2375
2376 if (BN_bin2bn(curve->p, curve->param_len, p) == NULL) {
2377 ECerror(ERR_R_BN_LIB);
2378 goto err;
2379 }
2380 if (BN_bin2bn(curve->a, curve->param_len, a) == NULL) {
2381 ECerror(ERR_R_BN_LIB);
2382 goto err;
2383 }
2384 if (BN_bin2bn(curve->b, curve->param_len, b) == NULL) {
2385 ECerror(ERR_R_BN_LIB);
2386 goto err;
2387 }
2388 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
2389 ECerror(ERR_R_EC_LIB);
2390 goto err;
2391 }
2392 EC_GROUP_set_curve_name(group, curve->nid);
2393
2394 if ((generator = EC_POINT_new(group)) == NULL) {
2395 ECerror(ERR_R_EC_LIB);
2396 goto err;
2397 }
2398 if (BN_bin2bn(curve->x, curve->param_len, x) == NULL) {
2399 ECerror(ERR_R_BN_LIB);
2400 goto err;
2401 }
2402 if (BN_bin2bn(curve->y, curve->param_len, y) == NULL) {
2403 ECerror(ERR_R_BN_LIB);
2404 goto err;
2405 }
2406 if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) {
2407 ECerror(ERR_R_EC_LIB);
2408 goto err;
2409 }
2410 if (BN_bin2bn(curve->order, curve->param_len, order) == NULL) {
2411 ECerror(ERR_R_EC_LIB);
2412 goto err;
2413 }
2414 if (!BN_set_word(cofactor, curve->cofactor)) {
2415 ECerror(ERR_R_BN_LIB);
2416 goto err;
2417 }
2418 if (!EC_GROUP_set_generator(group, generator, order, cofactor)) {
2419 ECerror(ERR_R_EC_LIB);
2420 goto err;
2421 }
2422
2423 if (curve->seed != NULL) {
2424 if (!EC_GROUP_set_seed(group, curve->seed, curve->seed_len)) {
2425 ECerror(ERR_R_EC_LIB);
2426 goto err;
2427 }
2428 }
2429
2430 ret = group;
2431 group = NULL;
2432
2433 err:
2434 EC_GROUP_free(group);
2435 EC_POINT_free(generator);
2436 BN_CTX_end(ctx);
2437 BN_CTX_free(ctx);
2438
2439 return ret;
2440 }
2441
2442 EC_GROUP *
EC_GROUP_new_by_curve_name(int nid)2443 EC_GROUP_new_by_curve_name(int nid)
2444 {
2445 size_t i;
2446
2447 if (nid <= 0)
2448 return NULL;
2449
2450 for (i = 0; i < CURVE_LIST_LENGTH; i++) {
2451 if (curve_list[i].nid == nid)
2452 return ec_group_new_from_data(&curve_list[i]);
2453 }
2454
2455 ECerror(EC_R_UNKNOWN_GROUP);
2456 return NULL;
2457 }
2458 LCRYPTO_ALIAS(EC_GROUP_new_by_curve_name);
2459
2460 size_t
EC_get_builtin_curves(EC_builtin_curve * r,size_t nitems)2461 EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
2462 {
2463 size_t i, min;
2464
2465 if (r == NULL || nitems == 0)
2466 return CURVE_LIST_LENGTH;
2467
2468 min = nitems < CURVE_LIST_LENGTH ? nitems : CURVE_LIST_LENGTH;
2469
2470 for (i = 0; i < min; i++) {
2471 r[i].nid = curve_list[i].nid;
2472 r[i].comment = curve_list[i].comment;
2473 }
2474
2475 return CURVE_LIST_LENGTH;
2476 }
2477 LCRYPTO_ALIAS(EC_get_builtin_curves);
2478
2479 static const struct {
2480 const char *name;
2481 int nid;
2482 } nist_curves[] = {
2483 { "B-163", NID_sect163r2 },
2484 { "B-233", NID_sect233r1 },
2485 { "B-283", NID_sect283r1 },
2486 { "B-409", NID_sect409r1 },
2487 { "B-571", NID_sect571r1 },
2488 { "K-163", NID_sect163k1 },
2489 { "K-233", NID_sect233k1 },
2490 { "K-283", NID_sect283k1 },
2491 { "K-409", NID_sect409k1 },
2492 { "K-571", NID_sect571k1 },
2493 { "P-192", NID_X9_62_prime192v1 },
2494 { "P-224", NID_secp224r1 },
2495 { "P-256", NID_X9_62_prime256v1 },
2496 { "P-384", NID_secp384r1 },
2497 { "P-521", NID_secp521r1 }
2498 };
2499
2500 const char *
EC_curve_nid2nist(int nid)2501 EC_curve_nid2nist(int nid)
2502 {
2503 size_t i;
2504
2505 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) {
2506 if (nist_curves[i].nid == nid)
2507 return nist_curves[i].name;
2508 }
2509
2510 return NULL;
2511 }
2512 LCRYPTO_ALIAS(EC_curve_nid2nist);
2513
2514 int
EC_curve_nist2nid(const char * name)2515 EC_curve_nist2nid(const char *name)
2516 {
2517 size_t i;
2518
2519 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) {
2520 if (strcmp(nist_curves[i].name, name) == 0)
2521 return nist_curves[i].nid;
2522 }
2523
2524 return NID_undef;
2525 }
2526 LCRYPTO_ALIAS(EC_curve_nist2nid);
2527