1 /* $OpenBSD: ec_curve.c,v 1.49 2024/10/23 10:41:51 tb Exp $ */
2 /*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5 /* ====================================================================
6 * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58 /* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72 #include <limits.h>
73 #include <stdint.h>
74 #include <stdlib.h>
75 #include <string.h>
76
77 #include <openssl/opensslconf.h>
78
79 #include <openssl/bn.h>
80 #include <openssl/ec.h>
81 #include <openssl/err.h>
82 #include <openssl/objects.h>
83
84 #include "ec_local.h"
85
86 /* the nist prime curves */
87 static const struct {
88 uint8_t seed[20];
89 uint8_t p[24];
90 uint8_t a[24];
91 uint8_t b[24];
92 uint8_t x[24];
93 uint8_t y[24];
94 uint8_t order[24];
95 } _EC_NIST_PRIME_192 = {
96 .seed = {
97 0x30, 0x45, 0xae, 0x6f, 0xc8, 0x42, 0x2f, 0x64, 0xed, 0x57,
98 0x95, 0x28, 0xd3, 0x81, 0x20, 0xea, 0xe1, 0x21, 0x96, 0xd5,
99 },
100 .p = {
101 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
102 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
103 0xff, 0xff, 0xff, 0xff,
104 },
105 .a = {
106 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
107 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
108 0xff, 0xff, 0xff, 0xfc,
109 },
110 .b = {
111 0x64, 0x21, 0x05, 0x19, 0xe5, 0x9c, 0x80, 0xe7, 0x0f, 0xa7,
112 0xe9, 0xab, 0x72, 0x24, 0x30, 0x49, 0xfe, 0xb8, 0xde, 0xec,
113 0xc1, 0x46, 0xb9, 0xb1,
114 },
115 .x = {
116 0x18, 0x8d, 0xa8, 0x0e, 0xb0, 0x30, 0x90, 0xf6, 0x7c, 0xbf,
117 0x20, 0xeb, 0x43, 0xa1, 0x88, 0x00, 0xf4, 0xff, 0x0a, 0xfd,
118 0x82, 0xff, 0x10, 0x12,
119 },
120 .y = {
121 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10,
122 0x11, 0xed, 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1,
123 0x1e, 0x79, 0x48, 0x11,
124 },
125 .order = {
126 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
127 0xff, 0xff, 0x99, 0xde, 0xf8, 0x36, 0x14, 0x6b, 0xc9, 0xb1,
128 0xb4, 0xd2, 0x28, 0x31,
129 },
130 };
131
132 static const struct {
133 uint8_t seed[20];
134 uint8_t p[28];
135 uint8_t a[28];
136 uint8_t b[28];
137 uint8_t x[28];
138 uint8_t y[28];
139 uint8_t order[28];
140 } _EC_NIST_PRIME_224 = {
141 .seed = {
142 0xbd, 0x71, 0x34, 0x47, 0x99, 0xd5, 0xc7, 0xfc, 0xdc, 0x45,
143 0xb5, 0x9f, 0xa3, 0xb9, 0xab, 0x8f, 0x6a, 0x94, 0x8b, 0xc5,
144 },
145 .p = {
146 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
147 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
149 },
150 .a = {
151 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
152 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
153 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
154 },
155 .b = {
156 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41,
157 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7, 0xd7, 0xbf, 0xd8, 0xba,
158 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4,
159 },
160 .x = {
161 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13,
162 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3, 0x56, 0xc2, 0x11, 0x22,
163 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21,
164 },
165 .y = {
166 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22,
167 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
168 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34,
169 },
170 .order = {
171 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
172 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2, 0xe0, 0xb8, 0xf0, 0x3e,
173 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d,
174 },
175 };
176
177 static const struct {
178 uint8_t seed[20];
179 uint8_t p[48];
180 uint8_t a[48];
181 uint8_t b[48];
182 uint8_t x[48];
183 uint8_t y[48];
184 uint8_t order[48];
185 } _EC_NIST_PRIME_384 = {
186 .seed = {
187 0xa3, 0x35, 0x92, 0x6a, 0xa3, 0x19, 0xa2, 0x7a, 0x1d, 0x00,
188 0x89, 0x6a, 0x67, 0x73, 0xa4, 0x82, 0x7a, 0xcd, 0xac, 0x73,
189 },
190 .p = {
191 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
192 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
193 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
194 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
195 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
196 },
197 .a = {
198 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
199 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
200 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
201 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
202 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xfc,
203 },
204 .b = {
205 0xb3, 0x31, 0x2f, 0xa7, 0xe2, 0x3e, 0xe7, 0xe4, 0x98, 0x8e,
206 0x05, 0x6b, 0xe3, 0xf8, 0x2d, 0x19, 0x18, 0x1d, 0x9c, 0x6e,
207 0xfe, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8f, 0x50, 0x13,
208 0x87, 0x5a, 0xc6, 0x56, 0x39, 0x8d, 0x8a, 0x2e, 0xd1, 0x9d,
209 0x2a, 0x85, 0xc8, 0xed, 0xd3, 0xec, 0x2a, 0xef,
210 },
211 .x = {
212 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37, 0x8e, 0xb1,
213 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74, 0x6e, 0x1d, 0x3b, 0x62,
214 0x8b, 0xa7, 0x9b, 0x98, 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54,
215 0x2a, 0x38, 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
216 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7,
217 },
218 .y = {
219 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e,
220 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd,
221 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0,
222 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
223 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
224 },
225 .order = {
226 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
227 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
228 0xff, 0xff, 0xff, 0xff, 0xc7, 0x63, 0x4d, 0x81, 0xf4, 0x37,
229 0x2d, 0xdf, 0x58, 0x1a, 0x0d, 0xb2, 0x48, 0xb0, 0xa7, 0x7a,
230 0xec, 0xec, 0x19, 0x6a, 0xcc, 0xc5, 0x29, 0x73,
231 },
232 };
233
234 static const struct {
235 uint8_t seed[20];
236 uint8_t p[66];
237 uint8_t a[66];
238 uint8_t b[66];
239 uint8_t x[66];
240 uint8_t y[66];
241 uint8_t order[66];
242 } _EC_NIST_PRIME_521 = {
243 .seed = {
244 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc,
245 0x67, 0x17, 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba,
246 },
247 .p = {
248 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
249 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
250 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
251 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
252 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
253 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
254 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
255 },
256 .a = {
257 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
258 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
259 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
260 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
261 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
262 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
263 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
264 },
265 .b = {
266 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, 0x1f,
267 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda,
268 0x72, 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91,
269 0x8e, 0xf1, 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
270 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, 0xbf, 0x07,
271 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, 0xf1, 0xef, 0x45,
272 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00,
273 },
274 .x = {
275 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd,
276 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64,
277 0x81, 0x39, 0x05, 0x3f, 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60,
278 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
279 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, 0xa8, 0xde,
280 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e,
281 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66,
282 },
283 .y = {
284 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04,
285 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5,
286 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
287 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
288 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61,
289 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
290 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
291 },
292 .order = {
293 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
294 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
295 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
296 0xff, 0xff, 0xff, 0xfa, 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f,
297 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, 0xf7, 0x09, 0xa5, 0xd0,
298 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, 0xbb, 0x6f,
299 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09,
300 },
301 };
302
303 /* the x9.62 prime curves (minus the nist prime curves) */
304 static const struct {
305 uint8_t seed[20];
306 uint8_t p[24];
307 uint8_t a[24];
308 uint8_t b[24];
309 uint8_t x[24];
310 uint8_t y[24];
311 uint8_t order[24];
312 } _EC_X9_62_PRIME_192V2 = {
313 .seed = {
314 0x31, 0xa9, 0x2e, 0xe2, 0x02, 0x9f, 0xd1, 0x0d, 0x90, 0x1b,
315 0x11, 0x3e, 0x99, 0x07, 0x10, 0xf0, 0xd2, 0x1a, 0xc6, 0xb6,
316 },
317 .p = {
318 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
319 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
320 0xff, 0xff, 0xff, 0xff,
321 },
322 .a = {
323 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
324 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
325 0xff, 0xff, 0xff, 0xfc,
326 },
327 .b = {
328 0xcc, 0x22, 0xd6, 0xdf, 0xb9, 0x5c, 0x6b, 0x25, 0xe4, 0x9c,
329 0x0d, 0x63, 0x64, 0xa4, 0xe5, 0x98, 0x0c, 0x39, 0x3a, 0xa2,
330 0x16, 0x68, 0xd9, 0x53,
331 },
332 .x = {
333 0xee, 0xa2, 0xba, 0xe7, 0xe1, 0x49, 0x78, 0x42, 0xf2, 0xde,
334 0x77, 0x69, 0xcf, 0xe9, 0xc9, 0x89, 0xc0, 0x72, 0xad, 0x69,
335 0x6f, 0x48, 0x03, 0x4a,
336 },
337 .y = {
338 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b,
339 0xb8, 0x2a, 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9,
340 0x70, 0xb2, 0xde, 0x15,
341 },
342 .order = {
343 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
344 0xff, 0xfe, 0x5f, 0xb1, 0xa7, 0x24, 0xdc, 0x80, 0x41, 0x86,
345 0x48, 0xd8, 0xdd, 0x31,
346 },
347 };
348
349 static const struct {
350 uint8_t seed[20];
351 uint8_t p[24];
352 uint8_t a[24];
353 uint8_t b[24];
354 uint8_t x[24];
355 uint8_t y[24];
356 uint8_t order[24];
357 } _EC_X9_62_PRIME_192V3 = {
358 .seed = {
359 0xc4, 0x69, 0x68, 0x44, 0x35, 0xde, 0xb3, 0x78, 0xc4, 0xb6,
360 0x5c, 0xa9, 0x59, 0x1e, 0x2a, 0x57, 0x63, 0x05, 0x9a, 0x2e,
361 },
362 .p = {
363 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
364 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
365 0xff, 0xff, 0xff, 0xff,
366 },
367 .a = {
368 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
369 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
370 0xff, 0xff, 0xff, 0xfc,
371 },
372 .b = {
373 0x22, 0x12, 0x3d, 0xc2, 0x39, 0x5a, 0x05, 0xca, 0xa7, 0x42,
374 0x3d, 0xae, 0xcc, 0xc9, 0x47, 0x60, 0xa7, 0xd4, 0x62, 0x25,
375 0x6b, 0xd5, 0x69, 0x16,
376 },
377 .x = {
378 0x7d, 0x29, 0x77, 0x81, 0x00, 0xc6, 0x5a, 0x1d, 0xa1, 0x78,
379 0x37, 0x16, 0x58, 0x8d, 0xce, 0x2b, 0x8b, 0x4a, 0xee, 0x8e,
380 0x22, 0x8f, 0x18, 0x96,
381 },
382 .y = {
383 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49,
384 0xdc, 0xb6, 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76,
385 0x48, 0xa9, 0x43, 0xb0,
386 },
387 .order = {
388 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
389 0xff, 0xff, 0x7a, 0x62, 0xd0, 0x31, 0xc8, 0x3f, 0x42, 0x94,
390 0xf6, 0x40, 0xec, 0x13,
391 },
392 };
393
394 static const struct {
395 uint8_t seed[20];
396 uint8_t p[30];
397 uint8_t a[30];
398 uint8_t b[30];
399 uint8_t x[30];
400 uint8_t y[30];
401 uint8_t order[30];
402 } _EC_X9_62_PRIME_239V1 = {
403 .seed = {
404 0xe4, 0x3b, 0xb4, 0x60, 0xf0, 0xb8, 0x0c, 0xc0, 0xc0, 0xb0,
405 0x75, 0x79, 0x8e, 0x94, 0x80, 0x60, 0xf8, 0x32, 0x1b, 0x7d,
406 },
407 .p = {
408 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
409 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
410 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
411 },
412 .a = {
413 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
414 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
415 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
416 },
417 .b = {
418 0x6b, 0x01, 0x6c, 0x3b, 0xdc, 0xf1, 0x89, 0x41, 0xd0, 0xd6,
419 0x54, 0x92, 0x14, 0x75, 0xca, 0x71, 0xa9, 0xdb, 0x2f, 0xb2,
420 0x7d, 0x1d, 0x37, 0x79, 0x61, 0x85, 0xc2, 0x94, 0x2c, 0x0a,
421 },
422 .x = {
423 0x0f, 0xfa, 0x96, 0x3c, 0xdc, 0xa8, 0x81, 0x6c, 0xcc, 0x33,
424 0xb8, 0x64, 0x2b, 0xed, 0xf9, 0x05, 0xc3, 0xd3, 0x58, 0x57,
425 0x3d, 0x3f, 0x27, 0xfb, 0xbd, 0x3b, 0x3c, 0xb9, 0xaa, 0xaf,
426 },
427 .y = {
428 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40,
429 0x54, 0xca, 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18,
430 0xce, 0x22, 0x6b, 0x39, 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
431 },
432 .order = {
433 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
434 0xff, 0xff, 0x7f, 0xff, 0xff, 0x9e, 0x5e, 0x9a, 0x9f, 0x5d,
435 0x90, 0x71, 0xfb, 0xd1, 0x52, 0x26, 0x88, 0x90, 0x9d, 0x0b,
436 },
437 };
438
439 static const struct {
440 uint8_t seed[20];
441 uint8_t p[30];
442 uint8_t a[30];
443 uint8_t b[30];
444 uint8_t x[30];
445 uint8_t y[30];
446 uint8_t order[30];
447 } _EC_X9_62_PRIME_239V2 = {
448 .seed = {
449 0xe8, 0xb4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xca, 0x3b,
450 0x80, 0x99, 0x98, 0x2b, 0xe0, 0x9f, 0xcb, 0x9a, 0xe6, 0x16,
451 },
452 .p = {
453 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
454 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
455 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
456 },
457 .a = {
458 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
459 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
460 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
461 },
462 .b = {
463 0x61, 0x7f, 0xab, 0x68, 0x32, 0x57, 0x6c, 0xbb, 0xfe, 0xd5,
464 0x0d, 0x99, 0xf0, 0x24, 0x9c, 0x3f, 0xee, 0x58, 0xb9, 0x4b,
465 0xa0, 0x03, 0x8c, 0x7a, 0xe8, 0x4c, 0x8c, 0x83, 0x2f, 0x2c,
466 },
467 .x = {
468 0x38, 0xaf, 0x09, 0xd9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xc9,
469 0x21, 0xbb, 0x5e, 0x9e, 0x26, 0x29, 0x6a, 0x3c, 0xdc, 0xf2,
470 0xf3, 0x57, 0x57, 0xa0, 0xea, 0xfd, 0x87, 0xb8, 0x30, 0xe7,
471 },
472 .y = {
473 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d,
474 0xa0, 0xfc, 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55,
475 0xde, 0x6e, 0xf4, 0x60, 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
476 },
477 .order = {
478 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
479 0xff, 0xff, 0x80, 0x00, 0x00, 0xcf, 0xa7, 0xe8, 0x59, 0x43,
480 0x77, 0xd4, 0x14, 0xc0, 0x38, 0x21, 0xbc, 0x58, 0x20, 0x63,
481 },
482 };
483
484 static const struct {
485 uint8_t seed[20];
486 uint8_t p[30];
487 uint8_t a[30];
488 uint8_t b[30];
489 uint8_t x[30];
490 uint8_t y[30];
491 uint8_t order[30];
492 } _EC_X9_62_PRIME_239V3 = {
493 .seed = {
494 0x7d, 0x73, 0x74, 0x16, 0x8f, 0xfe, 0x34, 0x71, 0xb6, 0x0a,
495 0x85, 0x76, 0x86, 0xa1, 0x94, 0x75, 0xd3, 0xbf, 0xa2, 0xff,
496 },
497 .p = {
498 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
499 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
500 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff,
501 },
502 .a = {
503 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
504 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0x80, 0x00,
505 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfc,
506 },
507 .b = {
508 0x25, 0x57, 0x05, 0xfa, 0x2a, 0x30, 0x66, 0x54, 0xb1, 0xf4,
509 0xcb, 0x03, 0xd6, 0xa7, 0x50, 0xa3, 0x0c, 0x25, 0x01, 0x02,
510 0xd4, 0x98, 0x87, 0x17, 0xd9, 0xba, 0x15, 0xab, 0x6d, 0x3e,
511 },
512 .x = {
513 0x67, 0x68, 0xae, 0x8e, 0x18, 0xbb, 0x92, 0xcf, 0xcf, 0x00,
514 0x5c, 0x94, 0x9a, 0xa2, 0xc6, 0xd9, 0x48, 0x53, 0xd0, 0xe6,
515 0x60, 0xbb, 0xf8, 0x54, 0xb1, 0xc9, 0x50, 0x5f, 0xe9, 0x5a,
516 },
517 .y = {
518 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d,
519 0x55, 0x2b, 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b,
520 0x6e, 0x81, 0x84, 0x99, 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
521 },
522 .order = {
523 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
524 0xff, 0xff, 0x7f, 0xff, 0xff, 0x97, 0x5d, 0xeb, 0x41, 0xb3,
525 0xa6, 0x05, 0x7c, 0x3c, 0x43, 0x21, 0x46, 0x52, 0x65, 0x51,
526 },
527 };
528
529 static const struct {
530 uint8_t seed[20];
531 uint8_t p[32];
532 uint8_t a[32];
533 uint8_t b[32];
534 uint8_t x[32];
535 uint8_t y[32];
536 uint8_t order[32];
537 } _EC_X9_62_PRIME_256V1 = {
538 .seed = {
539 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66,
540 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90,
541 },
542 .p = {
543 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
544 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
545 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
546 0xff, 0xff,
547 },
548 .a = {
549 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
551 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
552 0xff, 0xfc,
553 },
554 .b = {
555 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb,
556 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0,
557 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2,
558 0x60, 0x4b,
559 },
560 .x = {
561 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
562 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81,
563 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98,
564 0xc2, 0x96,
565 },
566 .y = {
567 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7,
568 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57,
569 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf,
570 0x51, 0xf5,
571 },
572 .order = {
573 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
574 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad,
575 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63,
576 0x25, 0x51,
577 },
578 };
579
580 /* the secg prime curves (minus the nist and x9.62 prime curves) */
581 static const struct {
582 uint8_t seed[20];
583 uint8_t p[14];
584 uint8_t a[14];
585 uint8_t b[14];
586 uint8_t x[14];
587 uint8_t y[14];
588 uint8_t order[14];
589 } _EC_SECG_PRIME_112R1 = {
590 .seed = {
591 0x00, 0xf5, 0x0b, 0x02, 0x8e, 0x4d, 0x69, 0x6e, 0x67, 0x68,
592 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3f, 0xb1,
593 },
594 .p = {
595 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76,
596 0xbe, 0xad, 0x20, 0x8b,
597 },
598 .a = {
599 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76,
600 0xbe, 0xad, 0x20, 0x88,
601 },
602 .b = {
603 0x65, 0x9e, 0xf8, 0xba, 0x04, 0x39, 0x16, 0xee, 0xde, 0x89,
604 0x11, 0x70, 0x2b, 0x22,
605 },
606 .x = {
607 0x09, 0x48, 0x72, 0x39, 0x99, 0x5a, 0x5e, 0xe7, 0x6b, 0x55,
608 0xf9, 0xc2, 0xf0, 0x98,
609 },
610 .y = {
611 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e,
612 0x0f, 0xf7, 0x75, 0x00,
613 },
614 .order = {
615 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x76, 0x28, 0xdf,
616 0xac, 0x65, 0x61, 0xc5,
617 },
618 };
619
620 static const struct {
621 uint8_t seed[20];
622 uint8_t p[14];
623 uint8_t a[14];
624 uint8_t b[14];
625 uint8_t x[14];
626 uint8_t y[14];
627 uint8_t order[14];
628 } _EC_SECG_PRIME_112R2 = {
629 .seed = {
630 0x00, 0x27, 0x57, 0xa1, 0x11, 0x4d, 0x69, 0x6e, 0x67, 0x68,
631 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xc0, 0x5e, 0x0b, 0xd4,
632 },
633 .p = {
634 0xdb, 0x7c, 0x2a, 0xbf, 0x62, 0xe3, 0x5e, 0x66, 0x80, 0x76,
635 0xbe, 0xad, 0x20, 0x8b,
636 },
637 .a = {
638 0x61, 0x27, 0xc2, 0x4c, 0x05, 0xf3, 0x8a, 0x0a, 0xaa, 0xf6,
639 0x5c, 0x0e, 0xf0, 0x2c,
640 },
641 .b = {
642 0x51, 0xde, 0xf1, 0x81, 0x5d, 0xb5, 0xed, 0x74, 0xfc, 0xc3,
643 0x4c, 0x85, 0xd7, 0x09,
644 },
645 .x = {
646 0x4b, 0xa3, 0x0a, 0xb5, 0xe8, 0x92, 0xb4, 0xe1, 0x64, 0x9d,
647 0xd0, 0x92, 0x86, 0x43,
648 },
649 .y = {
650 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3,
651 0x6e, 0x95, 0x6e, 0x97,
652 },
653 .order = {
654 0x36, 0xdf, 0x0a, 0xaf, 0xd8, 0xb8, 0xd7, 0x59, 0x7c, 0xa1,
655 0x05, 0x20, 0xd0, 0x4b,
656 },
657 };
658
659 static const struct {
660 uint8_t seed[20];
661 uint8_t p[16];
662 uint8_t a[16];
663 uint8_t b[16];
664 uint8_t x[16];
665 uint8_t y[16];
666 uint8_t order[16];
667 } _EC_SECG_PRIME_128R1 = {
668 .seed = {
669 0x00, 0x0e, 0x0d, 0x4d, 0x69, 0x6e, 0x67, 0x68, 0x75, 0x61,
670 0x51, 0x75, 0x0c, 0xc0, 0x3a, 0x44, 0x73, 0xd0, 0x36, 0x79,
671 },
672 .p = {
673 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
674 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
675 },
676 .a = {
677 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
678 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
679 },
680 .b = {
681 0xe8, 0x75, 0x79, 0xc1, 0x10, 0x79, 0xf4, 0x3d, 0xd8, 0x24,
682 0x99, 0x3c, 0x2c, 0xee, 0x5e, 0xd3,
683 },
684 .x = {
685 0x16, 0x1f, 0xf7, 0x52, 0x8b, 0x89, 0x9b, 0x2d, 0x0c, 0x28,
686 0x60, 0x7c, 0xa5, 0x2c, 0x5b, 0x86,
687 },
688 .y = {
689 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d,
690 0xa2, 0x92, 0xdd, 0xed, 0x7a, 0x83,
691 },
692 .order = {
693 0xff, 0xff, 0xff, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x75, 0xa3,
694 0x0d, 0x1b, 0x90, 0x38, 0xa1, 0x15,
695 },
696 };
697
698 static const struct {
699 uint8_t seed[20];
700 uint8_t p[16];
701 uint8_t a[16];
702 uint8_t b[16];
703 uint8_t x[16];
704 uint8_t y[16];
705 uint8_t order[16];
706 } _EC_SECG_PRIME_128R2 = {
707 .seed = {
708 0x00, 0x4d, 0x69, 0x6e, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
709 0x12, 0xd8, 0xf0, 0x34, 0x31, 0xfc, 0xe6, 0x3b, 0x88, 0xf4,
710 },
711 .p = {
712 0xff, 0xff, 0xff, 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
713 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
714 },
715 .a = {
716 0xd6, 0x03, 0x19, 0x98, 0xd1, 0xb3, 0xbb, 0xfe, 0xbf, 0x59,
717 0xcc, 0x9b, 0xbf, 0xf9, 0xae, 0xe1,
718 },
719 .b = {
720 0x5e, 0xee, 0xfc, 0xa3, 0x80, 0xd0, 0x29, 0x19, 0xdc, 0x2c,
721 0x65, 0x58, 0xbb, 0x6d, 0x8a, 0x5d,
722 },
723 .x = {
724 0x7b, 0x6a, 0xa5, 0xd8, 0x5e, 0x57, 0x29, 0x83, 0xe6, 0xfb,
725 0x32, 0xa7, 0xcd, 0xeb, 0xc1, 0x40,
726 },
727 .y = {
728 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06,
729 0xfe, 0x80, 0x5f, 0xc3, 0x4b, 0x44,
730 },
731 .order = {
732 0x3f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xbe, 0x00,
733 0x24, 0x72, 0x06, 0x13, 0xb5, 0xa3,
734 },
735 };
736
737 static const struct {
738 uint8_t p[21];
739 uint8_t a[21];
740 uint8_t b[21];
741 uint8_t x[21];
742 uint8_t y[21];
743 uint8_t order[21];
744 } _EC_SECG_PRIME_160K1 = {
745 .p = {
746 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
747 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac,
748 0x73,
749 },
750 .a = {
751 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
752 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
753 0x00,
754 },
755 .b = {
756 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
757 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
758 0x07,
759 },
760 .x = {
761 0x00, 0x3b, 0x4c, 0x38, 0x2c, 0xe3, 0x7a, 0xa1, 0x92, 0xa4,
762 0x01, 0x9e, 0x76, 0x30, 0x36, 0xf4, 0xf5, 0xdd, 0x4d, 0x7e,
763 0xbb,
764 },
765 .y = {
766 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b,
767 0xc2, 0x82, 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f,
768 0xee,
769 },
770 .order = {
771 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
772 0x01, 0xb8, 0xfa, 0x16, 0xdf, 0xab, 0x9a, 0xca, 0x16, 0xb6,
773 0xb3,
774 },
775 };
776
777 static const struct {
778 uint8_t seed[20];
779 uint8_t p[21];
780 uint8_t a[21];
781 uint8_t b[21];
782 uint8_t x[21];
783 uint8_t y[21];
784 uint8_t order[21];
785 } _EC_SECG_PRIME_160R1 = {
786 .seed = {
787 0x10, 0x53, 0xcd, 0xe4, 0x2c, 0x14, 0xd6, 0x96, 0xe6, 0x76,
788 0x87, 0x56, 0x15, 0x17, 0x53, 0x3b, 0xf3, 0xf8, 0x33, 0x45,
789 },
790 .p = {
791 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
792 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff,
793 0xff,
794 },
795 .a = {
796 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
797 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff,
798 0xfc,
799 },
800 .b = {
801 0x00, 0x1c, 0x97, 0xbe, 0xfc, 0x54, 0xbd, 0x7a, 0x8b, 0x65,
802 0xac, 0xf8, 0x9f, 0x81, 0xd4, 0xd4, 0xad, 0xc5, 0x65, 0xfa,
803 0x45,
804 },
805 .x = {
806 0x00, 0x4a, 0x96, 0xb5, 0x68, 0x8e, 0xf5, 0x73, 0x28, 0x46,
807 0x64, 0x69, 0x89, 0x68, 0xc3, 0x8b, 0xb9, 0x13, 0xcb, 0xfc,
808 0x82,
809 },
810 .y = {
811 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59,
812 0xdc, 0xc9, 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb,
813 0x32,
814 },
815 .order = {
816 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
817 0x01, 0xf4, 0xc8, 0xf9, 0x27, 0xae, 0xd3, 0xca, 0x75, 0x22,
818 0x57,
819 },
820 };
821
822 static const struct {
823 uint8_t seed[20];
824 uint8_t p[21];
825 uint8_t a[21];
826 uint8_t b[21];
827 uint8_t x[21];
828 uint8_t y[21];
829 uint8_t order[21];
830 } _EC_SECG_PRIME_160R2 = {
831 .seed = {
832 0xb9, 0x9b, 0x99, 0xb0, 0x99, 0xb3, 0x23, 0xe0, 0x27, 0x09,
833 0xa4, 0xd6, 0x96, 0xe6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
834 },
835 .p = {
836 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
837 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac,
838 0x73,
839 },
840 .a = {
841 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
842 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xac,
843 0x70,
844 },
845 .b = {
846 0x00, 0xb4, 0xe1, 0x34, 0xd3, 0xfb, 0x59, 0xeb, 0x8b, 0xab,
847 0x57, 0x27, 0x49, 0x04, 0x66, 0x4d, 0x5a, 0xf5, 0x03, 0x88,
848 0xba,
849 },
850 .x = {
851 0x00, 0x52, 0xdc, 0xb0, 0x34, 0x29, 0x3a, 0x11, 0x7e, 0x1f,
852 0x4f, 0xf1, 0x1b, 0x30, 0xf7, 0x19, 0x9d, 0x31, 0x44, 0xce,
853 0x6d,
854 },
855 .y = {
856 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0,
857 0x71, 0xfa, 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f,
858 0x2e,
859 },
860 .order = {
861 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
862 0x00, 0x35, 0x1e, 0xe7, 0x86, 0xa8, 0x18, 0xf3, 0xa1, 0xa1,
863 0x6b,
864 },
865 };
866
867 static const struct {
868 uint8_t p[24];
869 uint8_t a[24];
870 uint8_t b[24];
871 uint8_t x[24];
872 uint8_t y[24];
873 uint8_t order[24];
874 } _EC_SECG_PRIME_192K1 = {
875 .p = {
876 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
877 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
878 0xff, 0xff, 0xee, 0x37,
879 },
880 .a = {
881 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
882 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
883 0x00, 0x00, 0x00, 0x00,
884 },
885 .b = {
886 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
887 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
888 0x00, 0x00, 0x00, 0x03,
889 },
890 .x = {
891 0xdb, 0x4f, 0xf1, 0x0e, 0xc0, 0x57, 0xe9, 0xae, 0x26, 0xb0,
892 0x7d, 0x02, 0x80, 0xb7, 0xf4, 0x34, 0x1d, 0xa5, 0xd1, 0xb1,
893 0xea, 0xe0, 0x6c, 0x7d,
894 },
895 .y = {
896 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41,
897 0x63, 0xd0, 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88,
898 0xd9, 0x5e, 0x2f, 0x9d,
899 },
900 .order = {
901 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
902 0xff, 0xfe, 0x26, 0xf2, 0xfc, 0x17, 0x0f, 0x69, 0x46, 0x6a,
903 0x74, 0xde, 0xfd, 0x8d,
904 },
905 };
906
907 static const struct {
908 uint8_t p[29];
909 uint8_t a[29];
910 uint8_t b[29];
911 uint8_t x[29];
912 uint8_t y[29];
913 uint8_t order[29];
914 } _EC_SECG_PRIME_224K1 = {
915 .p = {
916 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
917 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
918 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xe5, 0x6d,
919 },
920 .a = {
921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
923 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
924 },
925 .b = {
926 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
927 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
928 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
929 },
930 .x = {
931 0x00, 0xa1, 0x45, 0x5b, 0x33, 0x4d, 0xf0, 0x99, 0xdf, 0x30,
932 0xfc, 0x28, 0xa1, 0x69, 0xa4, 0x67, 0xe9, 0xe4, 0x70, 0x75,
933 0xa9, 0x0f, 0x7e, 0x65, 0x0e, 0xb6, 0xb7, 0xa4, 0x5c,
934 },
935 .y = {
936 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82,
937 0xca, 0xfb, 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd,
938 0x59, 0xe2, 0xca, 0x4b, 0xdb, 0x55, 0x6d, 0x61, 0xa5,
939 },
940 .order = {
941 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
942 0x00, 0x00, 0x00, 0x00, 0x01, 0xdc, 0xe8, 0xd2, 0xec, 0x61,
943 0x84, 0xca, 0xf0, 0xa9, 0x71, 0x76, 0x9f, 0xb1, 0xf7,
944 },
945 };
946
947 static const struct {
948 uint8_t p[32];
949 uint8_t a[32];
950 uint8_t b[32];
951 uint8_t x[32];
952 uint8_t y[32];
953 uint8_t order[32];
954 } _EC_SECG_PRIME_256K1 = {
955 .p = {
956 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
957 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
958 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff,
959 0xfc, 0x2f,
960 },
961 .a = {
962 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
963 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
964 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
965 0x00, 0x00,
966 },
967 .b = {
968 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
969 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
970 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
971 0x00, 0x07,
972 },
973 .x = {
974 0x79, 0xbe, 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
975 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, 0xfc, 0xdb,
976 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, 0x81, 0x5b, 0x16, 0xf8,
977 0x17, 0x98,
978 },
979 .y = {
980 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
981 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48,
982 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10,
983 0xd4, 0xb8,
984 },
985 .order = {
986 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
987 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6,
988 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36,
989 0x41, 0x41,
990 },
991 };
992
993 /* some wap/wtls curves */
994 static const struct {
995 uint8_t p[15];
996 uint8_t a[15];
997 uint8_t b[15];
998 uint8_t x[15];
999 uint8_t y[15];
1000 uint8_t order[15];
1001 } _EC_WTLS_8 = {
1002 .p = {
1003 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1004 0xff, 0xff, 0xff, 0xfd, 0xe7,
1005 },
1006 .a = {
1007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008 0x00, 0x00, 0x00, 0x00, 0x00,
1009 },
1010 .b = {
1011 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1012 0x00, 0x00, 0x00, 0x00, 0x03,
1013 },
1014 .x = {
1015 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1016 0x00, 0x00, 0x00, 0x00, 0x01,
1017 },
1018 .y = {
1019 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1020 0x00, 0x00, 0x00, 0x00, 0x02,
1021 },
1022 .order = {
1023 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xec, 0xea,
1024 0x55, 0x1a, 0xd8, 0x37, 0xe9,
1025 },
1026 };
1027
1028 static const struct {
1029 uint8_t p[21];
1030 uint8_t a[21];
1031 uint8_t b[21];
1032 uint8_t x[21];
1033 uint8_t y[21];
1034 uint8_t order[21];
1035 } _EC_WTLS_9 = {
1036 .p = {
1037 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1038 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x80,
1039 0x8f,
1040 },
1041 .a = {
1042 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1043 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1044 0x00,
1045 },
1046 .b = {
1047 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1048 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1049 0x03,
1050 },
1051 .x = {
1052 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1053 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1054 0x01,
1055 },
1056 .y = {
1057 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1058 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1059 0x02,
1060 },
1061 .order = {
1062 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1063 0x01, 0xcd, 0xc9, 0x8a, 0xe0, 0xe2, 0xde, 0x57, 0x4a, 0xbf,
1064 0x33,
1065 },
1066 };
1067
1068 static const struct {
1069 uint8_t p[28];
1070 uint8_t a[28];
1071 uint8_t b[28];
1072 uint8_t x[28];
1073 uint8_t y[28];
1074 uint8_t order[28];
1075 } _EC_WTLS_12 = {
1076 .p = {
1077 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1078 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
1079 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1080 },
1081 .a = {
1082 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1083 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
1084 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
1085 },
1086 .b = {
1087 0xb4, 0x05, 0x0a, 0x85, 0x0c, 0x04, 0xb3, 0xab, 0xf5, 0x41,
1088 0x32, 0x56, 0x50, 0x44, 0xb0, 0xb7, 0xd7, 0xbf, 0xd8, 0xba,
1089 0x27, 0x0b, 0x39, 0x43, 0x23, 0x55, 0xff, 0xb4,
1090 },
1091 .x = {
1092 0xb7, 0x0e, 0x0c, 0xbd, 0x6b, 0xb4, 0xbf, 0x7f, 0x32, 0x13,
1093 0x90, 0xb9, 0x4a, 0x03, 0xc1, 0xd3, 0x56, 0xc2, 0x11, 0x22,
1094 0x34, 0x32, 0x80, 0xd6, 0x11, 0x5c, 0x1d, 0x21,
1095 },
1096 .y = {
1097 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22,
1098 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
1099 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34,
1100 },
1101 .order = {
1102 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1103 0xff, 0xff, 0xff, 0xff, 0x16, 0xa2, 0xe0, 0xb8, 0xf0, 0x3e,
1104 0x13, 0xdd, 0x29, 0x45, 0x5c, 0x5c, 0x2a, 0x3d,
1105 },
1106 };
1107
1108 static const struct {
1109 uint8_t p[20];
1110 uint8_t a[20];
1111 uint8_t b[20];
1112 uint8_t x[20];
1113 uint8_t y[20];
1114 uint8_t order[20];
1115 } _EC_brainpoolP160r1 = {
1116 .p = {
1117 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1118 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0f,
1119 },
1120 .a = {
1121 0x34, 0x0e, 0x7b, 0xe2, 0xa2, 0x80, 0xeb, 0x74, 0xe2, 0xbe,
1122 0x61, 0xba, 0xda, 0x74, 0x5d, 0x97, 0xe8, 0xf7, 0xc3, 0x00,
1123 },
1124 .b = {
1125 0x1e, 0x58, 0x9a, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4f,
1126 0xaa, 0x2d, 0xbd, 0xec, 0x95, 0xc8, 0xd8, 0x67, 0x5e, 0x58,
1127 },
1128 .x = {
1129 0xbe, 0xd5, 0xaf, 0x16, 0xea, 0x3f, 0x6a, 0x4f, 0x62, 0x93,
1130 0x8c, 0x46, 0x31, 0xeb, 0x5a, 0xf7, 0xbd, 0xbc, 0xdb, 0xc3,
1131 },
1132 .y = {
1133 0x16, 0x67, 0xcb, 0x47, 0x7a, 0x1a, 0x8e, 0xc3, 0x38, 0xf9,
1134 0x47, 0x41, 0x66, 0x9c, 0x97, 0x63, 0x16, 0xda, 0x63, 0x21,
1135 },
1136 .order = {
1137 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1138 0x59, 0x91, 0xd4, 0x50, 0x29, 0x40, 0x9e, 0x60, 0xfc, 0x09,
1139 },
1140 };
1141
1142 static const struct {
1143 uint8_t p[20];
1144 uint8_t a[20];
1145 uint8_t b[20];
1146 uint8_t x[20];
1147 uint8_t y[20];
1148 uint8_t order[20];
1149 } _EC_brainpoolP160t1 = {
1150 .p = {
1151 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1152 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0f,
1153 },
1154 .a = {
1155 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1156 0xc7, 0xad, 0x95, 0xb3, 0xd8, 0x13, 0x95, 0x15, 0x62, 0x0c,
1157 },
1158 .b = {
1159 0x7a, 0x55, 0x6b, 0x6d, 0xae, 0x53, 0x5b, 0x7b, 0x51, 0xed,
1160 0x2c, 0x4d, 0x7d, 0xaa, 0x7a, 0x0b, 0x5c, 0x55, 0xf3, 0x80,
1161 },
1162 .x = {
1163 0xb1, 0x99, 0xb1, 0x3b, 0x9b, 0x34, 0xef, 0xc1, 0x39, 0x7e,
1164 0x64, 0xba, 0xeb, 0x05, 0xac, 0xc2, 0x65, 0xff, 0x23, 0x78,
1165 },
1166 .y = {
1167 0xad, 0xd6, 0x71, 0x8b, 0x7c, 0x7c, 0x19, 0x61, 0xf0, 0x99,
1168 0x1b, 0x84, 0x24, 0x43, 0x77, 0x21, 0x52, 0xc9, 0xe0, 0xad,
1169 },
1170 .order = {
1171 0xe9, 0x5e, 0x4a, 0x5f, 0x73, 0x70, 0x59, 0xdc, 0x60, 0xdf,
1172 0x59, 0x91, 0xd4, 0x50, 0x29, 0x40, 0x9e, 0x60, 0xfc, 0x09,
1173 },
1174 };
1175
1176 static const struct {
1177 uint8_t p[24];
1178 uint8_t a[24];
1179 uint8_t b[24];
1180 uint8_t x[24];
1181 uint8_t y[24];
1182 uint8_t order[24];
1183 } _EC_brainpoolP192r1 = {
1184 .p = {
1185 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1186 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d,
1187 0xe1, 0xa8, 0x62, 0x97,
1188 },
1189 .a = {
1190 0x6a, 0x91, 0x17, 0x40, 0x76, 0xb1, 0xe0, 0xe1, 0x9c, 0x39,
1191 0xc0, 0x31, 0xfe, 0x86, 0x85, 0xc1, 0xca, 0xe0, 0x40, 0xe5,
1192 0xc6, 0x9a, 0x28, 0xef,
1193 },
1194 .b = {
1195 0x46, 0x9a, 0x28, 0xef, 0x7c, 0x28, 0xcc, 0xa3, 0xdc, 0x72,
1196 0x1d, 0x04, 0x4f, 0x44, 0x96, 0xbc, 0xca, 0x7e, 0xf4, 0x14,
1197 0x6f, 0xbf, 0x25, 0xc9,
1198 },
1199 .x = {
1200 0xc0, 0xa0, 0x64, 0x7e, 0xaa, 0xb6, 0xa4, 0x87, 0x53, 0xb0,
1201 0x33, 0xc5, 0x6c, 0xb0, 0xf0, 0x90, 0x0a, 0x2f, 0x5c, 0x48,
1202 0x53, 0x37, 0x5f, 0xd6,
1203 },
1204 .y = {
1205 0x14, 0xb6, 0x90, 0x86, 0x6a, 0xbd, 0x5b, 0xb8, 0x8b, 0x5f,
1206 0x48, 0x28, 0xc1, 0x49, 0x00, 0x02, 0xe6, 0x77, 0x3f, 0xa2,
1207 0xfa, 0x29, 0x9b, 0x8f,
1208 },
1209 .order = {
1210 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1211 0x46, 0x2f, 0x9e, 0x9e, 0x91, 0x6b, 0x5b, 0xe8, 0xf1, 0x02,
1212 0x9a, 0xc4, 0xac, 0xc1,
1213 },
1214 };
1215
1216 static const struct {
1217 uint8_t p[24];
1218 uint8_t a[24];
1219 uint8_t b[24];
1220 uint8_t x[24];
1221 uint8_t y[24];
1222 uint8_t order[24];
1223 } _EC_brainpoolP192t1 = {
1224 .p = {
1225 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1226 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d,
1227 0xe1, 0xa8, 0x62, 0x97,
1228 },
1229 .a = {
1230 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1231 0x46, 0x30, 0x93, 0xd1, 0x8d, 0xb7, 0x8f, 0xce, 0x47, 0x6d,
1232 0xe1, 0xa8, 0x62, 0x94,
1233 },
1234 .b = {
1235 0x13, 0xd5, 0x6f, 0xfa, 0xec, 0x78, 0x68, 0x1e, 0x68, 0xf9,
1236 0xde, 0xb4, 0x3b, 0x35, 0xbe, 0xc2, 0xfb, 0x68, 0x54, 0x2e,
1237 0x27, 0x89, 0x7b, 0x79,
1238 },
1239 .x = {
1240 0x3a, 0xe9, 0xe5, 0x8c, 0x82, 0xf6, 0x3c, 0x30, 0x28, 0x2e,
1241 0x1f, 0xe7, 0xbb, 0xf4, 0x3f, 0xa7, 0x2c, 0x44, 0x6a, 0xf6,
1242 0xf4, 0x61, 0x81, 0x29,
1243 },
1244 .y = {
1245 0x09, 0x7e, 0x2c, 0x56, 0x67, 0xc2, 0x22, 0x3a, 0x90, 0x2a,
1246 0xb5, 0xca, 0x44, 0x9d, 0x00, 0x84, 0xb7, 0xe5, 0xb3, 0xde,
1247 0x7c, 0xcc, 0x01, 0xc9,
1248 },
1249 .order = {
1250 0xc3, 0x02, 0xf4, 0x1d, 0x93, 0x2a, 0x36, 0xcd, 0xa7, 0xa3,
1251 0x46, 0x2f, 0x9e, 0x9e, 0x91, 0x6b, 0x5b, 0xe8, 0xf1, 0x02,
1252 0x9a, 0xc4, 0xac, 0xc1,
1253 },
1254 };
1255
1256 static const struct {
1257 uint8_t p[28];
1258 uint8_t a[28];
1259 uint8_t b[28];
1260 uint8_t x[28];
1261 uint8_t y[28];
1262 uint8_t order[28];
1263 } _EC_brainpoolP224r1 = {
1264 .p = {
1265 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1266 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
1267 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff,
1268 },
1269 .a = {
1270 0x68, 0xa5, 0xe6, 0x2c, 0xa9, 0xce, 0x6c, 0x1c, 0x29, 0x98,
1271 0x03, 0xa6, 0xc1, 0x53, 0x0b, 0x51, 0x4e, 0x18, 0x2a, 0xd8,
1272 0xb0, 0x04, 0x2a, 0x59, 0xca, 0xd2, 0x9f, 0x43,
1273 },
1274 .b = {
1275 0x25, 0x80, 0xf6, 0x3c, 0xcf, 0xe4, 0x41, 0x38, 0x87, 0x07,
1276 0x13, 0xb1, 0xa9, 0x23, 0x69, 0xe3, 0x3e, 0x21, 0x35, 0xd2,
1277 0x66, 0xdb, 0xb3, 0x72, 0x38, 0x6c, 0x40, 0x0b,
1278 },
1279 .x = {
1280 0x0d, 0x90, 0x29, 0xad, 0x2c, 0x7e, 0x5c, 0xf4, 0x34, 0x08,
1281 0x23, 0xb2, 0xa8, 0x7d, 0xc6, 0x8c, 0x9e, 0x4c, 0xe3, 0x17,
1282 0x4c, 0x1e, 0x6e, 0xfd, 0xee, 0x12, 0xc0, 0x7d,
1283 },
1284 .y = {
1285 0x58, 0xaa, 0x56, 0xf7, 0x72, 0xc0, 0x72, 0x6f, 0x24, 0xc6,
1286 0xb8, 0x9e, 0x4e, 0xcd, 0xac, 0x24, 0x35, 0x4b, 0x9e, 0x99,
1287 0xca, 0xa3, 0xf6, 0xd3, 0x76, 0x14, 0x02, 0xcd,
1288 },
1289 .order = {
1290 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1291 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b,
1292 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f,
1293 },
1294 };
1295
1296 static const struct {
1297 uint8_t p[28];
1298 uint8_t a[28];
1299 uint8_t b[28];
1300 uint8_t x[28];
1301 uint8_t y[28];
1302 uint8_t order[28];
1303 } _EC_brainpoolP224t1 = {
1304 .p = {
1305 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1306 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
1307 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xff,
1308 },
1309 .a = {
1310 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1311 0x30, 0x25, 0x75, 0xd1, 0xd7, 0x87, 0xb0, 0x9f, 0x07, 0x57,
1312 0x97, 0xda, 0x89, 0xf5, 0x7e, 0xc8, 0xc0, 0xfc,
1313 },
1314 .b = {
1315 0x4b, 0x33, 0x7d, 0x93, 0x41, 0x04, 0xcd, 0x7b, 0xef, 0x27,
1316 0x1b, 0xf6, 0x0c, 0xed, 0x1e, 0xd2, 0x0d, 0xa1, 0x4c, 0x08,
1317 0xb3, 0xbb, 0x64, 0xf1, 0x8a, 0x60, 0x88, 0x8d,
1318 },
1319 .x = {
1320 0x6a, 0xb1, 0xe3, 0x44, 0xce, 0x25, 0xff, 0x38, 0x96, 0x42,
1321 0x4e, 0x7f, 0xfe, 0x14, 0x76, 0x2e, 0xcb, 0x49, 0xf8, 0x92,
1322 0x8a, 0xc0, 0xc7, 0x60, 0x29, 0xb4, 0xd5, 0x80,
1323 },
1324 .y = {
1325 0x03, 0x74, 0xe9, 0xf5, 0x14, 0x3e, 0x56, 0x8c, 0xd2, 0x3f,
1326 0x3f, 0x4d, 0x7c, 0x0d, 0x4b, 0x1e, 0x41, 0xc8, 0xcc, 0x0d,
1327 0x1c, 0x6a, 0xbd, 0x5f, 0x1a, 0x46, 0xdb, 0x4c,
1328 },
1329 .order = {
1330 0xd7, 0xc1, 0x34, 0xaa, 0x26, 0x43, 0x66, 0x86, 0x2a, 0x18,
1331 0x30, 0x25, 0x75, 0xd0, 0xfb, 0x98, 0xd1, 0x16, 0xbc, 0x4b,
1332 0x6d, 0xde, 0xbc, 0xa3, 0xa5, 0xa7, 0x93, 0x9f,
1333 },
1334 };
1335
1336 static const struct {
1337 uint8_t p[32];
1338 uint8_t a[32];
1339 uint8_t b[32];
1340 uint8_t x[32];
1341 uint8_t y[32];
1342 uint8_t order[32];
1343 } _EC_brainpoolP256r1 = {
1344 .p = {
1345 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1346 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
1347 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
1348 0x53, 0x77,
1349 },
1350 .a = {
1351 0x7d, 0x5a, 0x09, 0x75, 0xfc, 0x2c, 0x30, 0x57, 0xee, 0xf6,
1352 0x75, 0x30, 0x41, 0x7a, 0xff, 0xe7, 0xfb, 0x80, 0x55, 0xc1,
1353 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30,
1354 0xb5, 0xd9,
1355 },
1356 .b = {
1357 0x26, 0xdc, 0x5c, 0x6c, 0xe9, 0x4a, 0x4b, 0x44, 0xf3, 0x30,
1358 0xb5, 0xd9, 0xbb, 0xd7, 0x7c, 0xbf, 0x95, 0x84, 0x16, 0x29,
1359 0x5c, 0xf7, 0xe1, 0xce, 0x6b, 0xcc, 0xdc, 0x18, 0xff, 0x8c,
1360 0x07, 0xb6,
1361 },
1362 .x = {
1363 0x8b, 0xd2, 0xae, 0xb9, 0xcb, 0x7e, 0x57, 0xcb, 0x2c, 0x4b,
1364 0x48, 0x2f, 0xfc, 0x81, 0xb7, 0xaf, 0xb9, 0xde, 0x27, 0xe1,
1365 0xe3, 0xbd, 0x23, 0xc2, 0x3a, 0x44, 0x53, 0xbd, 0x9a, 0xce,
1366 0x32, 0x62,
1367 },
1368 .y = {
1369 0x54, 0x7e, 0xf8, 0x35, 0xc3, 0xda, 0xc4, 0xfd, 0x97, 0xf8,
1370 0x46, 0x1a, 0x14, 0x61, 0x1d, 0xc9, 0xc2, 0x77, 0x45, 0x13,
1371 0x2d, 0xed, 0x8e, 0x54, 0x5c, 0x1d, 0x54, 0xc7, 0x2f, 0x04,
1372 0x69, 0x97,
1373 },
1374 .order = {
1375 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1376 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3,
1377 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48,
1378 0x56, 0xa7,
1379 },
1380 };
1381
1382 static const struct {
1383 uint8_t p[32];
1384 uint8_t a[32];
1385 uint8_t b[32];
1386 uint8_t x[32];
1387 uint8_t y[32];
1388 uint8_t order[32];
1389 } _EC_brainpoolP256t1 = {
1390 .p = {
1391 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1392 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
1393 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
1394 0x53, 0x77,
1395 },
1396 .a = {
1397 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1398 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x72, 0x6e, 0x3b, 0xf6, 0x23,
1399 0xd5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1d, 0x1f, 0x6e,
1400 0x53, 0x74,
1401 },
1402 .b = {
1403 0x66, 0x2c, 0x61, 0xc4, 0x30, 0xd8, 0x4e, 0xa4, 0xfe, 0x66,
1404 0xa7, 0x73, 0x3d, 0x0b, 0x76, 0xb7, 0xbf, 0x93, 0xeb, 0xc4,
1405 0xaf, 0x2f, 0x49, 0x25, 0x6a, 0xe5, 0x81, 0x01, 0xfe, 0xe9,
1406 0x2b, 0x04,
1407 },
1408 .x = {
1409 0xa3, 0xe8, 0xeb, 0x3c, 0xc1, 0xcf, 0xe7, 0xb7, 0x73, 0x22,
1410 0x13, 0xb2, 0x3a, 0x65, 0x61, 0x49, 0xaf, 0xa1, 0x42, 0xc4,
1411 0x7a, 0xaf, 0xbc, 0x2b, 0x79, 0xa1, 0x91, 0x56, 0x2e, 0x13,
1412 0x05, 0xf4,
1413 },
1414 .y = {
1415 0x2d, 0x99, 0x6c, 0x82, 0x34, 0x39, 0xc5, 0x6d, 0x7f, 0x7b,
1416 0x22, 0xe1, 0x46, 0x44, 0x41, 0x7e, 0x69, 0xbc, 0xb6, 0xde,
1417 0x39, 0xd0, 0x27, 0x00, 0x1d, 0xab, 0xe8, 0xf3, 0x5b, 0x25,
1418 0xc9, 0xbe,
1419 },
1420 .order = {
1421 0xa9, 0xfb, 0x57, 0xdb, 0xa1, 0xee, 0xa9, 0xbc, 0x3e, 0x66,
1422 0x0a, 0x90, 0x9d, 0x83, 0x8d, 0x71, 0x8c, 0x39, 0x7a, 0xa3,
1423 0xb5, 0x61, 0xa6, 0xf7, 0x90, 0x1e, 0x0e, 0x82, 0x97, 0x48,
1424 0x56, 0xa7,
1425 },
1426 };
1427
1428 static const struct {
1429 uint8_t p[40];
1430 uint8_t a[40];
1431 uint8_t b[40];
1432 uint8_t x[40];
1433 uint8_t y[40];
1434 uint8_t order[40];
1435 } _EC_brainpoolP320r1 = {
1436 .p = {
1437 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1438 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
1439 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
1440 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27,
1441 },
1442 .a = {
1443 0x3e, 0xe3, 0x0b, 0x56, 0x8f, 0xba, 0xb0, 0xf8, 0x83, 0xcc,
1444 0xeb, 0xd4, 0x6d, 0x3f, 0x3b, 0xb8, 0xa2, 0xa7, 0x35, 0x13,
1445 0xf5, 0xeb, 0x79, 0xda, 0x66, 0x19, 0x0e, 0xb0, 0x85, 0xff,
1446 0xa9, 0xf4, 0x92, 0xf3, 0x75, 0xa9, 0x7d, 0x86, 0x0e, 0xb4,
1447 },
1448 .b = {
1449 0x52, 0x08, 0x83, 0x94, 0x9d, 0xfd, 0xbc, 0x42, 0xd3, 0xad,
1450 0x19, 0x86, 0x40, 0x68, 0x8a, 0x6f, 0xe1, 0x3f, 0x41, 0x34,
1451 0x95, 0x54, 0xb4, 0x9a, 0xcc, 0x31, 0xdc, 0xcd, 0x88, 0x45,
1452 0x39, 0x81, 0x6f, 0x5e, 0xb4, 0xac, 0x8f, 0xb1, 0xf1, 0xa6,
1453 },
1454 .x = {
1455 0x43, 0xbd, 0x7e, 0x9a, 0xfb, 0x53, 0xd8, 0xb8, 0x52, 0x89,
1456 0xbc, 0xc4, 0x8e, 0xe5, 0xbf, 0xe6, 0xf2, 0x01, 0x37, 0xd1,
1457 0x0a, 0x08, 0x7e, 0xb6, 0xe7, 0x87, 0x1e, 0x2a, 0x10, 0xa5,
1458 0x99, 0xc7, 0x10, 0xaf, 0x8d, 0x0d, 0x39, 0xe2, 0x06, 0x11,
1459 },
1460 .y = {
1461 0x14, 0xfd, 0xd0, 0x55, 0x45, 0xec, 0x1c, 0xc8, 0xab, 0x40,
1462 0x93, 0x24, 0x7f, 0x77, 0x27, 0x5e, 0x07, 0x43, 0xff, 0xed,
1463 0x11, 0x71, 0x82, 0xea, 0xa9, 0xc7, 0x78, 0x77, 0xaa, 0xac,
1464 0x6a, 0xc7, 0xd3, 0x52, 0x45, 0xd1, 0x69, 0x2e, 0x8e, 0xe1,
1465 },
1466 .order = {
1467 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1468 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5,
1469 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86,
1470 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11,
1471 },
1472 };
1473
1474 static const struct {
1475 uint8_t p[40];
1476 uint8_t a[40];
1477 uint8_t b[40];
1478 uint8_t x[40];
1479 uint8_t y[40];
1480 uint8_t order[40];
1481 } _EC_brainpoolP320t1 = {
1482 .p = {
1483 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1484 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
1485 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
1486 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x27,
1487 },
1488 .a = {
1489 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1490 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa6,
1491 0xf6, 0xf4, 0x0d, 0xef, 0x4f, 0x92, 0xb9, 0xec, 0x78, 0x93,
1492 0xec, 0x28, 0xfc, 0xd4, 0x12, 0xb1, 0xf1, 0xb3, 0x2e, 0x24,
1493 },
1494 .b = {
1495 0xa7, 0xf5, 0x61, 0xe0, 0x38, 0xeb, 0x1e, 0xd5, 0x60, 0xb3,
1496 0xd1, 0x47, 0xdb, 0x78, 0x20, 0x13, 0x06, 0x4c, 0x19, 0xf2,
1497 0x7e, 0xd2, 0x7c, 0x67, 0x80, 0xaa, 0xf7, 0x7f, 0xb8, 0xa5,
1498 0x47, 0xce, 0xb5, 0xb4, 0xfe, 0xf4, 0x22, 0x34, 0x03, 0x53,
1499 },
1500 .x = {
1501 0x92, 0x5b, 0xe9, 0xfb, 0x01, 0xaf, 0xc6, 0xfb, 0x4d, 0x3e,
1502 0x7d, 0x49, 0x90, 0x01, 0x0f, 0x81, 0x34, 0x08, 0xab, 0x10,
1503 0x6c, 0x4f, 0x09, 0xcb, 0x7e, 0xe0, 0x78, 0x68, 0xcc, 0x13,
1504 0x6f, 0xff, 0x33, 0x57, 0xf6, 0x24, 0xa2, 0x1b, 0xed, 0x52,
1505 },
1506 .y = {
1507 0x63, 0xba, 0x3a, 0x7a, 0x27, 0x48, 0x3e, 0xbf, 0x66, 0x71,
1508 0xdb, 0xef, 0x7a, 0xbb, 0x30, 0xeb, 0xee, 0x08, 0x4e, 0x58,
1509 0xa0, 0xb0, 0x77, 0xad, 0x42, 0xa5, 0xa0, 0x98, 0x9d, 0x1e,
1510 0xe7, 0x1b, 0x1b, 0x9b, 0xc0, 0x45, 0x5f, 0xb0, 0xd2, 0xc3,
1511 },
1512 .order = {
1513 0xd3, 0x5e, 0x47, 0x20, 0x36, 0xbc, 0x4f, 0xb7, 0xe1, 0x3c,
1514 0x78, 0x5e, 0xd2, 0x01, 0xe0, 0x65, 0xf9, 0x8f, 0xcf, 0xa5,
1515 0xb6, 0x8f, 0x12, 0xa3, 0x2d, 0x48, 0x2e, 0xc7, 0xee, 0x86,
1516 0x58, 0xe9, 0x86, 0x91, 0x55, 0x5b, 0x44, 0xc5, 0x93, 0x11,
1517 },
1518 };
1519
1520 static const struct {
1521 uint8_t p[48];
1522 uint8_t a[48];
1523 uint8_t b[48];
1524 uint8_t x[48];
1525 uint8_t y[48];
1526 uint8_t order[48];
1527 } _EC_brainpoolP384r1 = {
1528 .p = {
1529 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1530 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1531 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
1532 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
1533 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53,
1534 },
1535 .a = {
1536 0x7b, 0xc3, 0x82, 0xc6, 0x3d, 0x8c, 0x15, 0x0c, 0x3c, 0x72,
1537 0x08, 0x0a, 0xce, 0x05, 0xaf, 0xa0, 0xc2, 0xbe, 0xa2, 0x8e,
1538 0x4f, 0xb2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xef, 0xba, 0x91,
1539 0xf9, 0x0f, 0x8a, 0xa5, 0x81, 0x4a, 0x50, 0x3a, 0xd4, 0xeb,
1540 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26,
1541 },
1542 .b = {
1543 0x04, 0xa8, 0xc7, 0xdd, 0x22, 0xce, 0x28, 0x26, 0x8b, 0x39,
1544 0xb5, 0x54, 0x16, 0xf0, 0x44, 0x7c, 0x2f, 0xb7, 0x7d, 0xe1,
1545 0x07, 0xdc, 0xd2, 0xa6, 0x2e, 0x88, 0x0e, 0xa5, 0x3e, 0xeb,
1546 0x62, 0xd5, 0x7c, 0xb4, 0x39, 0x02, 0x95, 0xdb, 0xc9, 0x94,
1547 0x3a, 0xb7, 0x86, 0x96, 0xfa, 0x50, 0x4c, 0x11,
1548 },
1549 .x = {
1550 0x1d, 0x1c, 0x64, 0xf0, 0x68, 0xcf, 0x45, 0xff, 0xa2, 0xa6,
1551 0x3a, 0x81, 0xb7, 0xc1, 0x3f, 0x6b, 0x88, 0x47, 0xa3, 0xe7,
1552 0x7e, 0xf1, 0x4f, 0xe3, 0xdb, 0x7f, 0xca, 0xfe, 0x0c, 0xbd,
1553 0x10, 0xe8, 0xe8, 0x26, 0xe0, 0x34, 0x36, 0xd6, 0x46, 0xaa,
1554 0xef, 0x87, 0xb2, 0xe2, 0x47, 0xd4, 0xaf, 0x1e,
1555 },
1556 .y = {
1557 0x8a, 0xbe, 0x1d, 0x75, 0x20, 0xf9, 0xc2, 0xa4, 0x5c, 0xb1,
1558 0xeb, 0x8e, 0x95, 0xcf, 0xd5, 0x52, 0x62, 0xb7, 0x0b, 0x29,
1559 0xfe, 0xec, 0x58, 0x64, 0xe1, 0x9c, 0x05, 0x4f, 0xf9, 0x91,
1560 0x29, 0x28, 0x0e, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11,
1561 0x42, 0x82, 0x03, 0x41, 0x26, 0x3c, 0x53, 0x15,
1562 },
1563 .order = {
1564 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1565 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1566 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04,
1567 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10,
1568 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65,
1569 },
1570 };
1571
1572 static const struct {
1573 uint8_t p[48];
1574 uint8_t a[48];
1575 uint8_t b[48];
1576 uint8_t x[48];
1577 uint8_t y[48];
1578 uint8_t order[48];
1579 } _EC_brainpoolP384t1 = {
1580 .p = {
1581 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1582 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1583 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
1584 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
1585 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x53,
1586 },
1587 .a = {
1588 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1589 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1590 0xed, 0x54, 0x56, 0xb4, 0x12, 0xb1, 0xda, 0x19, 0x7f, 0xb7,
1591 0x11, 0x23, 0xac, 0xd3, 0xa7, 0x29, 0x90, 0x1d, 0x1a, 0x71,
1592 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xec, 0x50,
1593 },
1594 .b = {
1595 0x7f, 0x51, 0x9e, 0xad, 0xa7, 0xbd, 0xa8, 0x1b, 0xd8, 0x26,
1596 0xdb, 0xa6, 0x47, 0x91, 0x0f, 0x8c, 0x4b, 0x93, 0x46, 0xed,
1597 0x8c, 0xcd, 0xc6, 0x4e, 0x4b, 0x1a, 0xbd, 0x11, 0x75, 0x6d,
1598 0xce, 0x1d, 0x20, 0x74, 0xaa, 0x26, 0x3b, 0x88, 0x80, 0x5c,
1599 0xed, 0x70, 0x35, 0x5a, 0x33, 0xb4, 0x71, 0xee,
1600 },
1601 .x = {
1602 0x18, 0xde, 0x98, 0xb0, 0x2d, 0xb9, 0xa3, 0x06, 0xf2, 0xaf,
1603 0xcd, 0x72, 0x35, 0xf7, 0x2a, 0x81, 0x9b, 0x80, 0xab, 0x12,
1604 0xeb, 0xd6, 0x53, 0x17, 0x24, 0x76, 0xfe, 0xcd, 0x46, 0x2a,
1605 0xab, 0xff, 0xc4, 0xff, 0x19, 0x1b, 0x94, 0x6a, 0x5f, 0x54,
1606 0xd8, 0xd0, 0xaa, 0x2f, 0x41, 0x88, 0x08, 0xcc,
1607 },
1608 .y = {
1609 0x25, 0xab, 0x05, 0x69, 0x62, 0xd3, 0x06, 0x51, 0xa1, 0x14,
1610 0xaf, 0xd2, 0x75, 0x5a, 0xd3, 0x36, 0x74, 0x7f, 0x93, 0x47,
1611 0x5b, 0x7a, 0x1f, 0xca, 0x3b, 0x88, 0xf2, 0xb6, 0xa2, 0x08,
1612 0xcc, 0xfe, 0x46, 0x94, 0x08, 0x58, 0x4d, 0xc2, 0xb2, 0x91,
1613 0x26, 0x75, 0xbf, 0x5b, 0x9e, 0x58, 0x29, 0x28,
1614 },
1615 .order = {
1616 0x8c, 0xb9, 0x1e, 0x82, 0xa3, 0x38, 0x6d, 0x28, 0x0f, 0x5d,
1617 0x6f, 0x7e, 0x50, 0xe6, 0x41, 0xdf, 0x15, 0x2f, 0x71, 0x09,
1618 0xed, 0x54, 0x56, 0xb3, 0x1f, 0x16, 0x6e, 0x6c, 0xac, 0x04,
1619 0x25, 0xa7, 0xcf, 0x3a, 0xb6, 0xaf, 0x6b, 0x7f, 0xc3, 0x10,
1620 0x3b, 0x88, 0x32, 0x02, 0xe9, 0x04, 0x65, 0x65,
1621 },
1622 };
1623
1624 static const struct {
1625 uint8_t p[64];
1626 uint8_t a[64];
1627 uint8_t b[64];
1628 uint8_t x[64];
1629 uint8_t y[64];
1630 uint8_t order[64];
1631 } _EC_brainpoolP512r1 = {
1632 .p = {
1633 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1634 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1635 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1636 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
1637 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
1638 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
1639 0x58, 0x3a, 0x48, 0xf3,
1640 },
1641 .a = {
1642 0x78, 0x30, 0xa3, 0x31, 0x8b, 0x60, 0x3b, 0x89, 0xe2, 0x32,
1643 0x71, 0x45, 0xac, 0x23, 0x4c, 0xc5, 0x94, 0xcb, 0xdd, 0x8d,
1644 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98,
1645 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1,
1646 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11,
1647 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d,
1648 0x77, 0xfc, 0x94, 0xca,
1649 },
1650 .b = {
1651 0x3d, 0xf9, 0x16, 0x10, 0xa8, 0x34, 0x41, 0xca, 0xea, 0x98,
1652 0x63, 0xbc, 0x2d, 0xed, 0x5d, 0x5a, 0xa8, 0x25, 0x3a, 0xa1,
1653 0x0a, 0x2e, 0xf1, 0xc9, 0x8b, 0x9a, 0xc8, 0xb5, 0x7f, 0x11,
1654 0x17, 0xa7, 0x2b, 0xf2, 0xc7, 0xb9, 0xe7, 0xc1, 0xac, 0x4d,
1655 0x77, 0xfc, 0x94, 0xca, 0xdc, 0x08, 0x3e, 0x67, 0x98, 0x40,
1656 0x50, 0xb7, 0x5e, 0xba, 0xe5, 0xdd, 0x28, 0x09, 0xbd, 0x63,
1657 0x80, 0x16, 0xf7, 0x23,
1658 },
1659 .x = {
1660 0x81, 0xae, 0xe4, 0xbd, 0xd8, 0x2e, 0xd9, 0x64, 0x5a, 0x21,
1661 0x32, 0x2e, 0x9c, 0x4c, 0x6a, 0x93, 0x85, 0xed, 0x9f, 0x70,
1662 0xb5, 0xd9, 0x16, 0xc1, 0xb4, 0x3b, 0x62, 0xee, 0xf4, 0xd0,
1663 0x09, 0x8e, 0xff, 0x3b, 0x1f, 0x78, 0xe2, 0xd0, 0xd4, 0x8d,
1664 0x50, 0xd1, 0x68, 0x7b, 0x93, 0xb9, 0x7d, 0x5f, 0x7c, 0x6d,
1665 0x50, 0x47, 0x40, 0x6a, 0x5e, 0x68, 0x8b, 0x35, 0x22, 0x09,
1666 0xbc, 0xb9, 0xf8, 0x22,
1667 },
1668 .y = {
1669 0x7d, 0xde, 0x38, 0x5d, 0x56, 0x63, 0x32, 0xec, 0xc0, 0xea,
1670 0xbf, 0xa9, 0xcf, 0x78, 0x22, 0xfd, 0xf2, 0x09, 0xf7, 0x00,
1671 0x24, 0xa5, 0x7b, 0x1a, 0xa0, 0x00, 0xc5, 0x5b, 0x88, 0x1f,
1672 0x81, 0x11, 0xb2, 0xdc, 0xde, 0x49, 0x4a, 0x5f, 0x48, 0x5e,
1673 0x5b, 0xca, 0x4b, 0xd8, 0x8a, 0x27, 0x63, 0xae, 0xd1, 0xca,
1674 0x2b, 0x2f, 0xa8, 0xf0, 0x54, 0x06, 0x78, 0xcd, 0x1e, 0x0f,
1675 0x3a, 0xd8, 0x08, 0x92,
1676 },
1677 .order = {
1678 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1679 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1680 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1681 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19,
1682 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1,
1683 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82,
1684 0x9c, 0xa9, 0x00, 0x69,
1685 },
1686 };
1687
1688 static const struct {
1689 uint8_t p[64];
1690 uint8_t a[64];
1691 uint8_t b[64];
1692 uint8_t x[64];
1693 uint8_t y[64];
1694 uint8_t order[64];
1695 } _EC_brainpoolP512t1 = {
1696 .p = {
1697 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1698 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1699 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1700 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
1701 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
1702 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
1703 0x58, 0x3a, 0x48, 0xf3,
1704 },
1705 .a = {
1706 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1707 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1708 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1709 0x08, 0x71, 0x7d, 0x4d, 0x9b, 0x00, 0x9b, 0xc6, 0x68, 0x42,
1710 0xae, 0xcd, 0xa1, 0x2a, 0xe6, 0xa3, 0x80, 0xe6, 0x28, 0x81,
1711 0xff, 0x2f, 0x2d, 0x82, 0xc6, 0x85, 0x28, 0xaa, 0x60, 0x56,
1712 0x58, 0x3a, 0x48, 0xf0,
1713 },
1714 .b = {
1715 0x7c, 0xbb, 0xbc, 0xf9, 0x44, 0x1c, 0xfa, 0xb7, 0x6e, 0x18,
1716 0x90, 0xe4, 0x68, 0x84, 0xea, 0xe3, 0x21, 0xf7, 0x0c, 0x0b,
1717 0xcb, 0x49, 0x81, 0x52, 0x78, 0x97, 0x50, 0x4b, 0xec, 0x3e,
1718 0x36, 0xa6, 0x2b, 0xcd, 0xfa, 0x23, 0x04, 0x97, 0x65, 0x40,
1719 0xf6, 0x45, 0x00, 0x85, 0xf2, 0xda, 0xe1, 0x45, 0xc2, 0x25,
1720 0x53, 0xb4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0e, 0xa2, 0x57,
1721 0x18, 0x67, 0x42, 0x3e,
1722 },
1723 .x = {
1724 0x64, 0x0e, 0xce, 0x5c, 0x12, 0x78, 0x87, 0x17, 0xb9, 0xc1,
1725 0xba, 0x06, 0xcb, 0xc2, 0xa6, 0xfe, 0xba, 0x85, 0x84, 0x24,
1726 0x58, 0xc5, 0x6d, 0xde, 0x9d, 0xb1, 0x75, 0x8d, 0x39, 0xc0,
1727 0x31, 0x3d, 0x82, 0xba, 0x51, 0x73, 0x5c, 0xdb, 0x3e, 0xa4,
1728 0x99, 0xaa, 0x77, 0xa7, 0xd6, 0x94, 0x3a, 0x64, 0xf7, 0xa3,
1729 0xf2, 0x5f, 0xe2, 0x6f, 0x06, 0xb5, 0x1b, 0xaa, 0x26, 0x96,
1730 0xfa, 0x90, 0x35, 0xda,
1731 },
1732 .y = {
1733 0x5b, 0x53, 0x4b, 0xd5, 0x95, 0xf5, 0xaf, 0x0f, 0xa2, 0xc8,
1734 0x92, 0x37, 0x6c, 0x84, 0xac, 0xe1, 0xbb, 0x4e, 0x30, 0x19,
1735 0xb7, 0x16, 0x34, 0xc0, 0x11, 0x31, 0x15, 0x9c, 0xae, 0x03,
1736 0xce, 0xe9, 0xd9, 0x93, 0x21, 0x84, 0xbe, 0xef, 0x21, 0x6b,
1737 0xd7, 0x1d, 0xf2, 0xda, 0xdf, 0x86, 0xa6, 0x27, 0x30, 0x6e,
1738 0xcf, 0xf9, 0x6d, 0xbb, 0x8b, 0xac, 0xe1, 0x98, 0xb6, 0x1e,
1739 0x00, 0xf8, 0xb3, 0x32,
1740 },
1741 .order = {
1742 0xaa, 0xdd, 0x9d, 0xb8, 0xdb, 0xe9, 0xc4, 0x8b, 0x3f, 0xd4,
1743 0xe6, 0xae, 0x33, 0xc9, 0xfc, 0x07, 0xcb, 0x30, 0x8d, 0xb3,
1744 0xb3, 0xc9, 0xd2, 0x0e, 0xd6, 0x63, 0x9c, 0xca, 0x70, 0x33,
1745 0x08, 0x70, 0x55, 0x3e, 0x5c, 0x41, 0x4c, 0xa9, 0x26, 0x19,
1746 0x41, 0x86, 0x61, 0x19, 0x7f, 0xac, 0x10, 0x47, 0x1d, 0xb1,
1747 0xd3, 0x81, 0x08, 0x5d, 0xda, 0xdd, 0xb5, 0x87, 0x96, 0x82,
1748 0x9c, 0xa9, 0x00, 0x69,
1749 },
1750 };
1751
1752 static const struct {
1753 uint8_t p[32];
1754 uint8_t a[32];
1755 uint8_t b[32];
1756 uint8_t x[32];
1757 uint8_t y[32];
1758 uint8_t order[32];
1759 } _EC_FRP256v1 = {
1760 .p = {
1761 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1762 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc,
1763 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e,
1764 0x9c, 0x03,
1765 },
1766 .a = {
1767 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1768 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x39, 0x61, 0xad, 0xbc,
1769 0xab, 0xc8, 0xca, 0x6d, 0xe8, 0xfc, 0xf3, 0x53, 0xd8, 0x6e,
1770 0x9c, 0x00,
1771 },
1772 .b = {
1773 0xee, 0x35, 0x3f, 0xca, 0x54, 0x28, 0xa9, 0x30, 0x0d, 0x4a,
1774 0xba, 0x75, 0x4a, 0x44, 0xc0, 0x0f, 0xdf, 0xec, 0x0c, 0x9a,
1775 0xe4, 0xb1, 0xa1, 0x80, 0x30, 0x75, 0xed, 0x96, 0x7b, 0x7b,
1776 0xb7, 0x3f,
1777 },
1778 .x = {
1779 0xb6, 0xb3, 0xd4, 0xc3, 0x56, 0xc1, 0x39, 0xeb, 0x31, 0x18,
1780 0x3d, 0x47, 0x49, 0xd4, 0x23, 0x95, 0x8c, 0x27, 0xd2, 0xdc,
1781 0xaf, 0x98, 0xb7, 0x01, 0x64, 0xc9, 0x7a, 0x2d, 0xd9, 0x8f,
1782 0x5c, 0xff,
1783 },
1784 .y = {
1785 0x61, 0x42, 0xe0, 0xf7, 0xc8, 0xb2, 0x04, 0x91, 0x1f, 0x92,
1786 0x71, 0xf0, 0xf3, 0xec, 0xef, 0x8c, 0x27, 0x01, 0xc3, 0x07,
1787 0xe8, 0xe4, 0xc9, 0xe1, 0x83, 0x11, 0x5a, 0x15, 0x54, 0x06,
1788 0x2c, 0xfb,
1789 },
1790 .order = {
1791 0xf1, 0xfd, 0x17, 0x8c, 0x0b, 0x3a, 0xd5, 0x8f, 0x10, 0x12,
1792 0x6d, 0xe8, 0xce, 0x42, 0x43, 0x5b, 0x53, 0xdc, 0x67, 0xe1,
1793 0x40, 0xd2, 0xbf, 0x94, 0x1f, 0xfd, 0xd4, 0x59, 0xc6, 0xd6,
1794 0x55, 0xe1,
1795 },
1796 };
1797
1798 static const struct ec_curve {
1799 const char *comment;
1800 int nid;
1801 int seed_len;
1802 int param_len;
1803 unsigned int cofactor;
1804 const uint8_t *seed;
1805 const uint8_t *p;
1806 const uint8_t *a;
1807 const uint8_t *b;
1808 const uint8_t *x;
1809 const uint8_t *y;
1810 const uint8_t *order;
1811 } ec_curve_list[] = {
1812 /* secg curves */
1813 {
1814 .comment = "SECG/WTLS curve over a 112 bit prime field",
1815 .nid = NID_secp112r1,
1816 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed),
1817 .param_len = sizeof(_EC_SECG_PRIME_112R1.p),
1818 .seed = _EC_SECG_PRIME_112R1.seed,
1819 .p = _EC_SECG_PRIME_112R1.p,
1820 .a = _EC_SECG_PRIME_112R1.a,
1821 .b = _EC_SECG_PRIME_112R1.b,
1822 .x = _EC_SECG_PRIME_112R1.x,
1823 .y = _EC_SECG_PRIME_112R1.y,
1824 .order = _EC_SECG_PRIME_112R1.order,
1825 .cofactor = 1,
1826 },
1827 {
1828 .comment = "SECG curve over a 112 bit prime field",
1829 .nid = NID_secp112r2,
1830 .seed_len = sizeof(_EC_SECG_PRIME_112R2.seed),
1831 .param_len = sizeof(_EC_SECG_PRIME_112R2.p),
1832 .seed = _EC_SECG_PRIME_112R2.seed,
1833 .p = _EC_SECG_PRIME_112R2.p,
1834 .a = _EC_SECG_PRIME_112R2.a,
1835 .b = _EC_SECG_PRIME_112R2.b,
1836 .x = _EC_SECG_PRIME_112R2.x,
1837 .y = _EC_SECG_PRIME_112R2.y,
1838 .order = _EC_SECG_PRIME_112R2.order,
1839 .cofactor = 4,
1840 },
1841 {
1842 .comment = "SECG curve over a 128 bit prime field",
1843 .nid = NID_secp128r1,
1844 .seed_len = sizeof(_EC_SECG_PRIME_128R1.seed),
1845 .param_len = sizeof(_EC_SECG_PRIME_128R1.p),
1846 .seed = _EC_SECG_PRIME_128R1.seed,
1847 .p = _EC_SECG_PRIME_128R1.p,
1848 .a = _EC_SECG_PRIME_128R1.a,
1849 .b = _EC_SECG_PRIME_128R1.b,
1850 .x = _EC_SECG_PRIME_128R1.x,
1851 .y = _EC_SECG_PRIME_128R1.y,
1852 .order = _EC_SECG_PRIME_128R1.order,
1853 .cofactor = 1,
1854 },
1855 {
1856 .comment = "SECG curve over a 128 bit prime field",
1857 .nid = NID_secp128r2,
1858 .seed_len = sizeof(_EC_SECG_PRIME_128R2.seed),
1859 .param_len = sizeof(_EC_SECG_PRIME_128R2.p),
1860 .seed = _EC_SECG_PRIME_128R2.seed,
1861 .p = _EC_SECG_PRIME_128R2.p,
1862 .a = _EC_SECG_PRIME_128R2.a,
1863 .b = _EC_SECG_PRIME_128R2.b,
1864 .x = _EC_SECG_PRIME_128R2.x,
1865 .y = _EC_SECG_PRIME_128R2.y,
1866 .order = _EC_SECG_PRIME_128R2.order,
1867 .cofactor = 4,
1868 },
1869 {
1870 .comment = "SECG curve over a 160 bit prime field",
1871 .nid = NID_secp160k1,
1872 .param_len = sizeof(_EC_SECG_PRIME_160K1.p),
1873 .p = _EC_SECG_PRIME_160K1.p,
1874 .a = _EC_SECG_PRIME_160K1.a,
1875 .b = _EC_SECG_PRIME_160K1.b,
1876 .x = _EC_SECG_PRIME_160K1.x,
1877 .y = _EC_SECG_PRIME_160K1.y,
1878 .order = _EC_SECG_PRIME_160K1.order,
1879 .cofactor = 1,
1880 },
1881 {
1882 .comment = "SECG curve over a 160 bit prime field",
1883 .nid = NID_secp160r1,
1884 .seed_len = sizeof(_EC_SECG_PRIME_160R1.seed),
1885 .param_len = sizeof(_EC_SECG_PRIME_160R1.p),
1886 .seed = _EC_SECG_PRIME_160R1.seed,
1887 .p = _EC_SECG_PRIME_160R1.p,
1888 .a = _EC_SECG_PRIME_160R1.a,
1889 .b = _EC_SECG_PRIME_160R1.b,
1890 .x = _EC_SECG_PRIME_160R1.x,
1891 .y = _EC_SECG_PRIME_160R1.y,
1892 .order = _EC_SECG_PRIME_160R1.order,
1893 .cofactor = 1,
1894 },
1895 {
1896 .comment = "SECG/WTLS curve over a 160 bit prime field",
1897 .nid = NID_secp160r2,
1898 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed),
1899 .param_len = sizeof(_EC_SECG_PRIME_160R2.p),
1900 .seed = _EC_SECG_PRIME_160R2.seed,
1901 .p = _EC_SECG_PRIME_160R2.p,
1902 .a = _EC_SECG_PRIME_160R2.a,
1903 .b = _EC_SECG_PRIME_160R2.b,
1904 .x = _EC_SECG_PRIME_160R2.x,
1905 .y = _EC_SECG_PRIME_160R2.y,
1906 .order = _EC_SECG_PRIME_160R2.order,
1907 .cofactor = 1,
1908 },
1909 /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
1910 {
1911 .comment = "SECG curve over a 192 bit prime field",
1912 .nid = NID_secp192k1,
1913 .param_len = sizeof(_EC_SECG_PRIME_192K1.p),
1914 .p = _EC_SECG_PRIME_192K1.p,
1915 .a = _EC_SECG_PRIME_192K1.a,
1916 .b = _EC_SECG_PRIME_192K1.b,
1917 .x = _EC_SECG_PRIME_192K1.x,
1918 .y = _EC_SECG_PRIME_192K1.y,
1919 .order = _EC_SECG_PRIME_192K1.order,
1920 .cofactor = 1,
1921 },
1922 {
1923 .comment = "SECG curve over a 224 bit prime field",
1924 .nid = NID_secp224k1,
1925 .param_len = sizeof(_EC_SECG_PRIME_224K1.p),
1926 .p = _EC_SECG_PRIME_224K1.p,
1927 .a = _EC_SECG_PRIME_224K1.a,
1928 .b = _EC_SECG_PRIME_224K1.b,
1929 .x = _EC_SECG_PRIME_224K1.x,
1930 .y = _EC_SECG_PRIME_224K1.y,
1931 .order = _EC_SECG_PRIME_224K1.order,
1932 .cofactor = 1,
1933 },
1934 {
1935 .comment = "NIST/SECG curve over a 224 bit prime field",
1936 .nid = NID_secp224r1,
1937 .seed_len = sizeof(_EC_NIST_PRIME_224.seed),
1938 .param_len = sizeof(_EC_NIST_PRIME_224.p),
1939 .seed = _EC_NIST_PRIME_224.seed,
1940 .p = _EC_NIST_PRIME_224.p,
1941 .a = _EC_NIST_PRIME_224.a,
1942 .b = _EC_NIST_PRIME_224.b,
1943 .x = _EC_NIST_PRIME_224.x,
1944 .y = _EC_NIST_PRIME_224.y,
1945 .order = _EC_NIST_PRIME_224.order,
1946 .cofactor = 1,
1947 },
1948 {
1949 .comment = "SECG curve over a 256 bit prime field",
1950 .nid = NID_secp256k1,
1951 .param_len = sizeof(_EC_SECG_PRIME_256K1.p),
1952 .p = _EC_SECG_PRIME_256K1.p,
1953 .a = _EC_SECG_PRIME_256K1.a,
1954 .b = _EC_SECG_PRIME_256K1.b,
1955 .x = _EC_SECG_PRIME_256K1.x,
1956 .y = _EC_SECG_PRIME_256K1.y,
1957 .order = _EC_SECG_PRIME_256K1.order,
1958 .cofactor = 1,
1959 },
1960 /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
1961 {
1962 .comment = "NIST/SECG curve over a 384 bit prime field",
1963 .nid = NID_secp384r1,
1964 .seed_len = sizeof(_EC_NIST_PRIME_384.seed),
1965 .param_len = sizeof(_EC_NIST_PRIME_384.p),
1966 .seed = _EC_NIST_PRIME_384.seed,
1967 .p = _EC_NIST_PRIME_384.p,
1968 .a = _EC_NIST_PRIME_384.a,
1969 .b = _EC_NIST_PRIME_384.b,
1970 .x = _EC_NIST_PRIME_384.x,
1971 .y = _EC_NIST_PRIME_384.y,
1972 .order = _EC_NIST_PRIME_384.order,
1973 .cofactor = 1,
1974 },
1975 {
1976 .comment = "NIST/SECG curve over a 521 bit prime field",
1977 .nid = NID_secp521r1,
1978 .seed_len = sizeof(_EC_NIST_PRIME_521.seed),
1979 .param_len = sizeof(_EC_NIST_PRIME_521.p),
1980 .seed = _EC_NIST_PRIME_521.seed,
1981 .p = _EC_NIST_PRIME_521.p,
1982 .a = _EC_NIST_PRIME_521.a,
1983 .b = _EC_NIST_PRIME_521.b,
1984 .x = _EC_NIST_PRIME_521.x,
1985 .y = _EC_NIST_PRIME_521.y,
1986 .order = _EC_NIST_PRIME_521.order,
1987 .cofactor = 1,
1988 },
1989 /* X9.62 curves */
1990 {
1991 .comment = "NIST/X9.62/SECG curve over a 192 bit prime field",
1992 .nid = NID_X9_62_prime192v1,
1993 .seed_len = sizeof(_EC_NIST_PRIME_192.seed),
1994 .param_len = sizeof(_EC_NIST_PRIME_192.p),
1995 .seed = _EC_NIST_PRIME_192.seed,
1996 .p = _EC_NIST_PRIME_192.p,
1997 .a = _EC_NIST_PRIME_192.a,
1998 .b = _EC_NIST_PRIME_192.b,
1999 .x = _EC_NIST_PRIME_192.x,
2000 .y = _EC_NIST_PRIME_192.y,
2001 .order = _EC_NIST_PRIME_192.order,
2002 .cofactor = 1,
2003 },
2004 {
2005 .comment = "X9.62 curve over a 192 bit prime field",
2006 .nid = NID_X9_62_prime192v2,
2007 .seed_len = sizeof(_EC_X9_62_PRIME_192V2.seed),
2008 .param_len = sizeof(_EC_X9_62_PRIME_192V2.p),
2009 .seed = _EC_X9_62_PRIME_192V2.seed,
2010 .p = _EC_X9_62_PRIME_192V2.p,
2011 .a = _EC_X9_62_PRIME_192V2.a,
2012 .b = _EC_X9_62_PRIME_192V2.b,
2013 .x = _EC_X9_62_PRIME_192V2.x,
2014 .y = _EC_X9_62_PRIME_192V2.y,
2015 .order = _EC_X9_62_PRIME_192V2.order,
2016 .cofactor = 1,
2017 },
2018 {
2019 .comment = "X9.62 curve over a 192 bit prime field",
2020 .nid = NID_X9_62_prime192v3,
2021 .seed_len = sizeof(_EC_X9_62_PRIME_192V3.seed),
2022 .param_len = sizeof(_EC_X9_62_PRIME_192V3.p),
2023 .seed = _EC_X9_62_PRIME_192V3.seed,
2024 .p = _EC_X9_62_PRIME_192V3.p,
2025 .a = _EC_X9_62_PRIME_192V3.a,
2026 .b = _EC_X9_62_PRIME_192V3.b,
2027 .x = _EC_X9_62_PRIME_192V3.x,
2028 .y = _EC_X9_62_PRIME_192V3.y,
2029 .order = _EC_X9_62_PRIME_192V3.order,
2030 .cofactor = 1,
2031 },
2032 {
2033 .comment = "X9.62 curve over a 239 bit prime field",
2034 .nid = NID_X9_62_prime239v1,
2035 .seed_len = sizeof(_EC_X9_62_PRIME_239V1.seed),
2036 .param_len = sizeof(_EC_X9_62_PRIME_239V1.p),
2037 .seed = _EC_X9_62_PRIME_239V1.seed,
2038 .p = _EC_X9_62_PRIME_239V1.p,
2039 .a = _EC_X9_62_PRIME_239V1.a,
2040 .b = _EC_X9_62_PRIME_239V1.b,
2041 .x = _EC_X9_62_PRIME_239V1.x,
2042 .y = _EC_X9_62_PRIME_239V1.y,
2043 .order = _EC_X9_62_PRIME_239V1.order,
2044 .cofactor = 1,
2045 },
2046 {
2047 .comment = "X9.62 curve over a 239 bit prime field",
2048 .nid = NID_X9_62_prime239v2,
2049 .seed_len = sizeof(_EC_X9_62_PRIME_239V2.seed),
2050 .param_len = sizeof(_EC_X9_62_PRIME_239V2.p),
2051 .seed = _EC_X9_62_PRIME_239V2.seed,
2052 .p = _EC_X9_62_PRIME_239V2.p,
2053 .a = _EC_X9_62_PRIME_239V2.a,
2054 .b = _EC_X9_62_PRIME_239V2.b,
2055 .x = _EC_X9_62_PRIME_239V2.x,
2056 .y = _EC_X9_62_PRIME_239V2.y,
2057 .order = _EC_X9_62_PRIME_239V2.order,
2058 .cofactor = 1,
2059 },
2060 {
2061 .comment = "X9.62 curve over a 239 bit prime field",
2062 .nid = NID_X9_62_prime239v3,
2063 .seed_len = sizeof(_EC_X9_62_PRIME_239V3.seed),
2064 .param_len = sizeof(_EC_X9_62_PRIME_239V3.p),
2065 .seed = _EC_X9_62_PRIME_239V3.seed,
2066 .p = _EC_X9_62_PRIME_239V3.p,
2067 .a = _EC_X9_62_PRIME_239V3.a,
2068 .b = _EC_X9_62_PRIME_239V3.b,
2069 .x = _EC_X9_62_PRIME_239V3.x,
2070 .y = _EC_X9_62_PRIME_239V3.y,
2071 .order = _EC_X9_62_PRIME_239V3.order,
2072 .cofactor = 1,
2073 },
2074 {
2075 .comment = "X9.62/SECG curve over a 256 bit prime field",
2076 .nid = NID_X9_62_prime256v1,
2077 .seed_len = sizeof(_EC_X9_62_PRIME_256V1.seed),
2078 .param_len = sizeof(_EC_X9_62_PRIME_256V1.p),
2079 .seed = _EC_X9_62_PRIME_256V1.seed,
2080 .p = _EC_X9_62_PRIME_256V1.p,
2081 .a = _EC_X9_62_PRIME_256V1.a,
2082 .b = _EC_X9_62_PRIME_256V1.b,
2083 .x = _EC_X9_62_PRIME_256V1.x,
2084 .y = _EC_X9_62_PRIME_256V1.y,
2085 .order = _EC_X9_62_PRIME_256V1.order,
2086 .cofactor = 1,
2087 },
2088 {
2089 .comment = "SECG/WTLS curve over a 112 bit prime field",
2090 .nid = NID_wap_wsg_idm_ecid_wtls6,
2091 .seed_len = sizeof(_EC_SECG_PRIME_112R1.seed),
2092 .param_len = sizeof(_EC_SECG_PRIME_112R1.p),
2093 .seed = _EC_SECG_PRIME_112R1.seed,
2094 .p = _EC_SECG_PRIME_112R1.p,
2095 .a = _EC_SECG_PRIME_112R1.a,
2096 .b = _EC_SECG_PRIME_112R1.b,
2097 .x = _EC_SECG_PRIME_112R1.x,
2098 .y = _EC_SECG_PRIME_112R1.y,
2099 .order = _EC_SECG_PRIME_112R1.order,
2100 .cofactor = 1,
2101 },
2102 {
2103 .comment = "SECG/WTLS curve over a 160 bit prime field",
2104 .nid = NID_wap_wsg_idm_ecid_wtls7,
2105 .seed_len = sizeof(_EC_SECG_PRIME_160R2.seed),
2106 .param_len = sizeof(_EC_SECG_PRIME_160R2.p),
2107 .seed = _EC_SECG_PRIME_160R2.seed,
2108 .p = _EC_SECG_PRIME_160R2.p,
2109 .a = _EC_SECG_PRIME_160R2.a,
2110 .b = _EC_SECG_PRIME_160R2.b,
2111 .x = _EC_SECG_PRIME_160R2.x,
2112 .y = _EC_SECG_PRIME_160R2.y,
2113 .order = _EC_SECG_PRIME_160R2.order,
2114 .cofactor = 1,
2115 },
2116 {
2117 .comment = "WTLS curve over a 112 bit prime field",
2118 .nid = NID_wap_wsg_idm_ecid_wtls8,
2119 .param_len = sizeof(_EC_WTLS_8.p),
2120 .p = _EC_WTLS_8.p,
2121 .a = _EC_WTLS_8.a,
2122 .b = _EC_WTLS_8.b,
2123 .x = _EC_WTLS_8.x,
2124 .y = _EC_WTLS_8.y,
2125 .order = _EC_WTLS_8.order,
2126 .cofactor = 1,
2127 },
2128 {
2129 .comment = "WTLS curve over a 160 bit prime field",
2130 .nid = NID_wap_wsg_idm_ecid_wtls9,
2131 .param_len = sizeof(_EC_WTLS_9.p),
2132 .p = _EC_WTLS_9.p,
2133 .a = _EC_WTLS_9.a,
2134 .b = _EC_WTLS_9.b,
2135 .x = _EC_WTLS_9.x,
2136 .y = _EC_WTLS_9.y,
2137 .order = _EC_WTLS_9.order,
2138 .cofactor = 1,
2139 },
2140 {
2141 .comment = "WTLS curve over a 224 bit prime field",
2142 .nid = NID_wap_wsg_idm_ecid_wtls12,
2143 .param_len = sizeof(_EC_WTLS_12.p),
2144 .p = _EC_WTLS_12.p,
2145 .a = _EC_WTLS_12.a,
2146 .b = _EC_WTLS_12.b,
2147 .x = _EC_WTLS_12.x,
2148 .y = _EC_WTLS_12.y,
2149 .order = _EC_WTLS_12.order,
2150 .cofactor = 1,
2151 },
2152 /* RFC 5639 curves */
2153 {
2154 .comment = "RFC 5639 curve over a 160 bit prime field",
2155 .nid = NID_brainpoolP160r1,
2156 .param_len = sizeof(_EC_brainpoolP160r1.p),
2157 .p = _EC_brainpoolP160r1.p,
2158 .a = _EC_brainpoolP160r1.a,
2159 .b = _EC_brainpoolP160r1.b,
2160 .x = _EC_brainpoolP160r1.x,
2161 .y = _EC_brainpoolP160r1.y,
2162 .order = _EC_brainpoolP160r1.order,
2163 .cofactor = 1,
2164 },
2165 {
2166 .comment = "RFC 5639 curve over a 160 bit prime field",
2167 .nid = NID_brainpoolP160t1,
2168 .param_len = sizeof(_EC_brainpoolP160t1.p),
2169 .p = _EC_brainpoolP160t1.p,
2170 .a = _EC_brainpoolP160t1.a,
2171 .b = _EC_brainpoolP160t1.b,
2172 .x = _EC_brainpoolP160t1.x,
2173 .y = _EC_brainpoolP160t1.y,
2174 .order = _EC_brainpoolP160t1.order,
2175 .cofactor = 1,
2176 },
2177 {
2178 .comment = "RFC 5639 curve over a 192 bit prime field",
2179 .nid = NID_brainpoolP192r1,
2180 .param_len = sizeof(_EC_brainpoolP192r1.p),
2181 .p = _EC_brainpoolP192r1.p,
2182 .a = _EC_brainpoolP192r1.a,
2183 .b = _EC_brainpoolP192r1.b,
2184 .x = _EC_brainpoolP192r1.x,
2185 .y = _EC_brainpoolP192r1.y,
2186 .order = _EC_brainpoolP192r1.order,
2187 .cofactor = 1,
2188 },
2189 {
2190 .comment = "RFC 5639 curve over a 192 bit prime field",
2191 .nid = NID_brainpoolP192t1,
2192 .param_len = sizeof(_EC_brainpoolP192t1.p),
2193 .p = _EC_brainpoolP192t1.p,
2194 .a = _EC_brainpoolP192t1.a,
2195 .b = _EC_brainpoolP192t1.b,
2196 .x = _EC_brainpoolP192t1.x,
2197 .y = _EC_brainpoolP192t1.y,
2198 .order = _EC_brainpoolP192t1.order,
2199 .cofactor = 1,
2200 },
2201 {
2202 .comment = "RFC 5639 curve over a 224 bit prime field",
2203 .nid = NID_brainpoolP224r1,
2204 .param_len = sizeof(_EC_brainpoolP224r1.p),
2205 .p = _EC_brainpoolP224r1.p,
2206 .a = _EC_brainpoolP224r1.a,
2207 .b = _EC_brainpoolP224r1.b,
2208 .x = _EC_brainpoolP224r1.x,
2209 .y = _EC_brainpoolP224r1.y,
2210 .order = _EC_brainpoolP224r1.order,
2211 .cofactor = 1,
2212 },
2213 {
2214 .comment = "RFC 5639 curve over a 224 bit prime field",
2215 .nid = NID_brainpoolP224t1,
2216 .param_len = sizeof(_EC_brainpoolP224t1.p),
2217 .p = _EC_brainpoolP224t1.p,
2218 .a = _EC_brainpoolP224t1.a,
2219 .b = _EC_brainpoolP224t1.b,
2220 .x = _EC_brainpoolP224t1.x,
2221 .y = _EC_brainpoolP224t1.y,
2222 .order = _EC_brainpoolP224t1.order,
2223 .cofactor = 1,
2224 },
2225 {
2226 .comment = "RFC 5639 curve over a 256 bit prime field",
2227 .nid = NID_brainpoolP256r1,
2228 .param_len = sizeof(_EC_brainpoolP256r1.p),
2229 .p = _EC_brainpoolP256r1.p,
2230 .a = _EC_brainpoolP256r1.a,
2231 .b = _EC_brainpoolP256r1.b,
2232 .x = _EC_brainpoolP256r1.x,
2233 .y = _EC_brainpoolP256r1.y,
2234 .order = _EC_brainpoolP256r1.order,
2235 .cofactor = 1,
2236 },
2237 {
2238 .comment = "RFC 5639 curve over a 256 bit prime field",
2239 .nid = NID_brainpoolP256t1,
2240 .param_len = sizeof(_EC_brainpoolP256t1.p),
2241 .p = _EC_brainpoolP256t1.p,
2242 .a = _EC_brainpoolP256t1.a,
2243 .b = _EC_brainpoolP256t1.b,
2244 .x = _EC_brainpoolP256t1.x,
2245 .y = _EC_brainpoolP256t1.y,
2246 .order = _EC_brainpoolP256t1.order,
2247 .cofactor = 1,
2248 },
2249 {
2250 .comment = "RFC 5639 curve over a 320 bit prime field",
2251 .nid = NID_brainpoolP320r1,
2252 .param_len = sizeof(_EC_brainpoolP320r1.p),
2253 .p = _EC_brainpoolP320r1.p,
2254 .a = _EC_brainpoolP320r1.a,
2255 .b = _EC_brainpoolP320r1.b,
2256 .x = _EC_brainpoolP320r1.x,
2257 .y = _EC_brainpoolP320r1.y,
2258 .order = _EC_brainpoolP320r1.order,
2259 .cofactor = 1,
2260 },
2261 {
2262 .comment = "RFC 5639 curve over a 320 bit prime field",
2263 .nid = NID_brainpoolP320t1,
2264 .param_len = sizeof(_EC_brainpoolP320t1.p),
2265 .p = _EC_brainpoolP320t1.p,
2266 .a = _EC_brainpoolP320t1.a,
2267 .b = _EC_brainpoolP320t1.b,
2268 .x = _EC_brainpoolP320t1.x,
2269 .y = _EC_brainpoolP320t1.y,
2270 .order = _EC_brainpoolP320t1.order,
2271 .cofactor = 1,
2272 },
2273 {
2274 .comment = "RFC 5639 curve over a 384 bit prime field",
2275 .nid = NID_brainpoolP384r1,
2276 .param_len = sizeof(_EC_brainpoolP384r1.p),
2277 .p = _EC_brainpoolP384r1.p,
2278 .a = _EC_brainpoolP384r1.a,
2279 .b = _EC_brainpoolP384r1.b,
2280 .x = _EC_brainpoolP384r1.x,
2281 .y = _EC_brainpoolP384r1.y,
2282 .order = _EC_brainpoolP384r1.order,
2283 .cofactor = 1,
2284 },
2285 {
2286 .comment = "RFC 5639 curve over a 384 bit prime field",
2287 .nid = NID_brainpoolP384t1,
2288 .param_len = sizeof(_EC_brainpoolP384t1.p),
2289 .p = _EC_brainpoolP384t1.p,
2290 .a = _EC_brainpoolP384t1.a,
2291 .b = _EC_brainpoolP384t1.b,
2292 .x = _EC_brainpoolP384t1.x,
2293 .y = _EC_brainpoolP384t1.y,
2294 .order = _EC_brainpoolP384t1.order,
2295 .cofactor = 1,
2296 },
2297 {
2298 .comment = "RFC 5639 curve over a 512 bit prime field",
2299 .nid = NID_brainpoolP512r1,
2300 .param_len = sizeof(_EC_brainpoolP512r1.p),
2301 .p = _EC_brainpoolP512r1.p,
2302 .a = _EC_brainpoolP512r1.a,
2303 .b = _EC_brainpoolP512r1.b,
2304 .x = _EC_brainpoolP512r1.x,
2305 .y = _EC_brainpoolP512r1.y,
2306 .order = _EC_brainpoolP512r1.order,
2307 .cofactor = 1,
2308 },
2309 {
2310 .comment = "RFC 5639 curve over a 512 bit prime field",
2311 .nid = NID_brainpoolP512t1,
2312 .param_len = sizeof(_EC_brainpoolP512t1.p),
2313 .p = _EC_brainpoolP512t1.p,
2314 .a = _EC_brainpoolP512t1.a,
2315 .b = _EC_brainpoolP512t1.b,
2316 .x = _EC_brainpoolP512t1.x,
2317 .y = _EC_brainpoolP512t1.y,
2318 .order = _EC_brainpoolP512t1.order,
2319 .cofactor = 1,
2320 },
2321 /* ANSSI */
2322 {
2323 .comment = "FRP256v1",
2324 .nid = NID_FRP256v1,
2325 .param_len = sizeof(_EC_FRP256v1.p),
2326 .p = _EC_FRP256v1.p,
2327 .a = _EC_FRP256v1.a,
2328 .b = _EC_FRP256v1.b,
2329 .x = _EC_FRP256v1.x,
2330 .y = _EC_FRP256v1.y,
2331 .order = _EC_FRP256v1.order,
2332 .cofactor = 1,
2333 },
2334 };
2335
2336 #define EC_CURVE_LIST_LENGTH (sizeof(ec_curve_list) / sizeof(ec_curve_list[0]))
2337
2338 static EC_GROUP *
ec_group_new_from_data(const struct ec_curve * curve)2339 ec_group_new_from_data(const struct ec_curve *curve)
2340 {
2341 EC_GROUP *group = NULL, *ret = NULL;
2342 EC_POINT *generator = NULL;
2343 BN_CTX *ctx = NULL;
2344 BIGNUM *p, *a, *b, *x, *y, *order, *cofactor;
2345
2346 if ((ctx = BN_CTX_new()) == NULL) {
2347 ECerror(ERR_R_MALLOC_FAILURE);
2348 goto err;
2349 }
2350 BN_CTX_start(ctx);
2351
2352 if ((p = BN_CTX_get(ctx)) == NULL) {
2353 ECerror(ERR_R_BN_LIB);
2354 goto err;
2355 }
2356 if ((a = BN_CTX_get(ctx)) == NULL) {
2357 ECerror(ERR_R_BN_LIB);
2358 goto err;
2359 }
2360 if ((b = BN_CTX_get(ctx)) == NULL) {
2361 ECerror(ERR_R_BN_LIB);
2362 goto err;
2363 }
2364 if ((x = BN_CTX_get(ctx)) == NULL) {
2365 ECerror(ERR_R_BN_LIB);
2366 goto err;
2367 }
2368 if ((y = BN_CTX_get(ctx)) == NULL) {
2369 ECerror(ERR_R_BN_LIB);
2370 goto err;
2371 }
2372 if ((order = BN_CTX_get(ctx)) == NULL) {
2373 ECerror(ERR_R_BN_LIB);
2374 goto err;
2375 }
2376 if ((cofactor = BN_CTX_get(ctx)) == NULL) {
2377 ECerror(ERR_R_BN_LIB);
2378 goto err;
2379 }
2380
2381 if (BN_bin2bn(curve->p, curve->param_len, p) == NULL) {
2382 ECerror(ERR_R_BN_LIB);
2383 goto err;
2384 }
2385 if (BN_bin2bn(curve->a, curve->param_len, a) == NULL) {
2386 ECerror(ERR_R_BN_LIB);
2387 goto err;
2388 }
2389 if (BN_bin2bn(curve->b, curve->param_len, b) == NULL) {
2390 ECerror(ERR_R_BN_LIB);
2391 goto err;
2392 }
2393 if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
2394 ECerror(ERR_R_EC_LIB);
2395 goto err;
2396 }
2397 EC_GROUP_set_curve_name(group, curve->nid);
2398
2399 if ((generator = EC_POINT_new(group)) == NULL) {
2400 ECerror(ERR_R_EC_LIB);
2401 goto err;
2402 }
2403 if (BN_bin2bn(curve->x, curve->param_len, x) == NULL) {
2404 ECerror(ERR_R_BN_LIB);
2405 goto err;
2406 }
2407 if (BN_bin2bn(curve->y, curve->param_len, y) == NULL) {
2408 ECerror(ERR_R_BN_LIB);
2409 goto err;
2410 }
2411 if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) {
2412 ECerror(ERR_R_EC_LIB);
2413 goto err;
2414 }
2415 if (BN_bin2bn(curve->order, curve->param_len, order) == NULL) {
2416 ECerror(ERR_R_EC_LIB);
2417 goto err;
2418 }
2419 if (!BN_set_word(cofactor, curve->cofactor)) {
2420 ECerror(ERR_R_BN_LIB);
2421 goto err;
2422 }
2423 if (!EC_GROUP_set_generator(group, generator, order, cofactor)) {
2424 ECerror(ERR_R_EC_LIB);
2425 goto err;
2426 }
2427
2428 if (curve->seed != NULL) {
2429 if (!EC_GROUP_set_seed(group, curve->seed, curve->seed_len)) {
2430 ECerror(ERR_R_EC_LIB);
2431 goto err;
2432 }
2433 }
2434
2435 ret = group;
2436 group = NULL;
2437
2438 err:
2439 EC_GROUP_free(group);
2440 EC_POINT_free(generator);
2441 BN_CTX_end(ctx);
2442 BN_CTX_free(ctx);
2443
2444 return ret;
2445 }
2446
2447 EC_GROUP *
EC_GROUP_new_by_curve_name(int nid)2448 EC_GROUP_new_by_curve_name(int nid)
2449 {
2450 size_t i;
2451
2452 if (nid <= 0)
2453 return NULL;
2454
2455 for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) {
2456 if (ec_curve_list[i].nid == nid)
2457 return ec_group_new_from_data(&ec_curve_list[i]);
2458 }
2459
2460 ECerror(EC_R_UNKNOWN_GROUP);
2461 return NULL;
2462 }
2463 LCRYPTO_ALIAS(EC_GROUP_new_by_curve_name);
2464
2465 static void
ec_curve_free(struct ec_curve * curve)2466 ec_curve_free(struct ec_curve *curve)
2467 {
2468 if (curve == NULL)
2469 return;
2470
2471 /* PERM UGLY CASTS */
2472 free((uint8_t *)curve->seed);
2473 free((uint8_t *)curve->p);
2474 free((uint8_t *)curve->a);
2475 free((uint8_t *)curve->b);
2476 free((uint8_t *)curve->x);
2477 free((uint8_t *)curve->y);
2478 free((uint8_t *)curve->order);
2479
2480 free(curve);
2481 }
2482
2483 static int
ec_curve_encode_parameter(const BIGNUM * bn,int param_len,const uint8_t ** out_param)2484 ec_curve_encode_parameter(const BIGNUM *bn, int param_len,
2485 const uint8_t **out_param)
2486 {
2487 uint8_t *buf = NULL;
2488 int ret = 0;
2489
2490 if (out_param == NULL || *out_param != NULL)
2491 goto err;
2492
2493 if ((buf = calloc(1, param_len)) == NULL)
2494 goto err;
2495 if (BN_bn2binpad(bn, buf, param_len) != param_len)
2496 goto err;
2497
2498 *out_param = buf;
2499 buf = NULL;
2500
2501 ret = 1;
2502
2503 err:
2504 free(buf);
2505
2506 return ret;
2507 }
2508
2509 static struct ec_curve *
ec_curve_from_group(const EC_GROUP * group)2510 ec_curve_from_group(const EC_GROUP *group)
2511 {
2512 struct ec_curve *curve = NULL;
2513 BN_CTX *ctx;
2514 BIGNUM *p, *a, *b, *x, *y;
2515 const EC_POINT *generator = NULL;
2516 const BIGNUM *order, *cofactor;
2517 size_t seed_len;
2518
2519 if ((ctx = BN_CTX_new()) == NULL)
2520 goto err;
2521 BN_CTX_start(ctx);
2522
2523 if ((p = BN_CTX_get(ctx)) == NULL)
2524 goto err;
2525 if ((a = BN_CTX_get(ctx)) == NULL)
2526 goto err;
2527 if ((b = BN_CTX_get(ctx)) == NULL)
2528 goto err;
2529 if ((x = BN_CTX_get(ctx)) == NULL)
2530 goto err;
2531 if ((y = BN_CTX_get(ctx)) == NULL)
2532 goto err;
2533
2534 if (!EC_GROUP_get_curve(group, p, a, b, ctx))
2535 goto err;
2536 if ((generator = EC_GROUP_get0_generator(group)) == NULL)
2537 goto err;
2538 if (!EC_POINT_get_affine_coordinates(group, generator, x, y, ctx))
2539 goto err;
2540 if ((order = EC_GROUP_get0_order(group)) == NULL)
2541 goto err;
2542
2543 if ((curve = calloc(1, sizeof(*curve))) == NULL)
2544 goto err;
2545
2546 curve->param_len = BN_num_bytes(p);
2547 if (BN_num_bytes(order) > curve->param_len)
2548 curve->param_len = BN_num_bytes(order);
2549
2550 if (!ec_curve_encode_parameter(p, curve->param_len, &curve->p))
2551 goto err;
2552 if (!ec_curve_encode_parameter(a, curve->param_len, &curve->a))
2553 goto err;
2554 if (!ec_curve_encode_parameter(b, curve->param_len, &curve->b))
2555 goto err;
2556 if (!ec_curve_encode_parameter(x, curve->param_len, &curve->x))
2557 goto err;
2558 if (!ec_curve_encode_parameter(y, curve->param_len, &curve->y))
2559 goto err;
2560 if (!ec_curve_encode_parameter(order, curve->param_len, &curve->order))
2561 goto err;
2562
2563 if ((cofactor = EC_GROUP_get0_cofactor(group)) != NULL) {
2564 BN_ULONG cofactor_word;
2565
2566 if ((cofactor_word = BN_get_word(cofactor)) == BN_MASK2)
2567 goto err;
2568 if (cofactor_word > INT_MAX)
2569 goto err;
2570
2571 curve->cofactor = cofactor_word;
2572 }
2573
2574 if ((seed_len = EC_GROUP_get_seed_len(group)) > 0) {
2575 uint8_t *seed;
2576
2577 if (seed_len > INT_MAX)
2578 goto err;
2579 if ((seed = calloc(1, seed_len)) == NULL)
2580 goto err;
2581 memcpy(seed, EC_GROUP_get0_seed(group), seed_len);
2582
2583 curve->seed = seed;
2584 curve->seed_len = seed_len;
2585 }
2586
2587 BN_CTX_end(ctx);
2588 BN_CTX_free(ctx);
2589
2590 return curve;
2591
2592 err:
2593 BN_CTX_end(ctx);
2594 BN_CTX_free(ctx);
2595
2596 ec_curve_free(curve);
2597
2598 return NULL;
2599 }
2600
2601 static int
ec_curve_cmp(const struct ec_curve * a,const struct ec_curve * b)2602 ec_curve_cmp(const struct ec_curve *a, const struct ec_curve *b)
2603 {
2604 int cmp;
2605
2606 /* Treat nid as optional. The OID isn't part of EC parameters. */
2607 if (a->nid != NID_undef && b->nid != NID_undef) {
2608 if (a->nid < b->nid)
2609 return -1;
2610 if (a->nid > b->nid)
2611 return 1;
2612 }
2613
2614 if (a->cofactor < b->cofactor)
2615 return -1;
2616 if (a->cofactor > b->cofactor)
2617 return 1;
2618 if (a->param_len < b->param_len)
2619 return -1;
2620 if (a->param_len > b->param_len)
2621 return 1;
2622
2623 if ((cmp = memcmp(a->p, b->p, a->param_len)) != 0)
2624 return cmp;
2625 if ((cmp = memcmp(a->a, b->a, a->param_len)) != 0)
2626 return cmp;
2627 if ((cmp = memcmp(a->b, b->b, a->param_len)) != 0)
2628 return cmp;
2629 if ((cmp = memcmp(a->x, b->x, a->param_len)) != 0)
2630 return cmp;
2631 if ((cmp = memcmp(a->y, b->y, a->param_len)) != 0)
2632 return cmp;
2633 if ((cmp = memcmp(a->order, b->order, a->param_len)) != 0)
2634 return cmp;
2635
2636 /* Seed is optional, not used for computation. Must match if present. */
2637 if (a->seed_len != 0 && b->seed_len != 0) {
2638 if (a->seed_len < b->seed_len)
2639 return -1;
2640 if (a->seed_len > b->seed_len)
2641 return 1;
2642 if (a->seed != NULL && b->seed != NULL) {
2643 if ((cmp = memcmp(a->seed, b->seed, a->seed_len)) != 0)
2644 return cmp;
2645 }
2646 }
2647
2648 return 0;
2649 }
2650
2651 static int
ec_group_nid_from_curve(const struct ec_curve * curve)2652 ec_group_nid_from_curve(const struct ec_curve *curve)
2653 {
2654 size_t i;
2655
2656 for (i = 0; i < EC_CURVE_LIST_LENGTH; i++) {
2657 if (ec_curve_cmp(curve, &ec_curve_list[i]) == 0)
2658 return ec_curve_list[i].nid;
2659 }
2660
2661 return NID_undef;
2662 }
2663
2664 int
ec_group_is_builtin_curve(const EC_GROUP * group)2665 ec_group_is_builtin_curve(const EC_GROUP *group)
2666 {
2667 struct ec_curve *curve;
2668 int ret = 0;
2669
2670 if ((curve = ec_curve_from_group(group)) == NULL)
2671 goto err;
2672 if (ec_group_nid_from_curve(curve) == NID_undef)
2673 goto err;
2674
2675 ret = 1;
2676
2677 err:
2678 ec_curve_free(curve);
2679
2680 return ret;
2681 }
2682
2683 size_t
EC_get_builtin_curves(EC_builtin_curve * curves,size_t nitems)2684 EC_get_builtin_curves(EC_builtin_curve *curves, size_t nitems)
2685 {
2686 size_t i;
2687
2688 if (curves == NULL || nitems == 0)
2689 return EC_CURVE_LIST_LENGTH;
2690
2691 if (nitems > EC_CURVE_LIST_LENGTH)
2692 nitems = EC_CURVE_LIST_LENGTH;
2693
2694 for (i = 0; i < nitems; i++) {
2695 curves[i].nid = ec_curve_list[i].nid;
2696 curves[i].comment = ec_curve_list[i].comment;
2697 }
2698
2699 return EC_CURVE_LIST_LENGTH;
2700 }
2701 LCRYPTO_ALIAS(EC_get_builtin_curves);
2702
2703 static const struct {
2704 const char *name;
2705 int nid;
2706 } nist_curves[] = {
2707 { "B-163", NID_sect163r2 },
2708 { "B-233", NID_sect233r1 },
2709 { "B-283", NID_sect283r1 },
2710 { "B-409", NID_sect409r1 },
2711 { "B-571", NID_sect571r1 },
2712 { "K-163", NID_sect163k1 },
2713 { "K-233", NID_sect233k1 },
2714 { "K-283", NID_sect283k1 },
2715 { "K-409", NID_sect409k1 },
2716 { "K-571", NID_sect571k1 },
2717 { "P-192", NID_X9_62_prime192v1 },
2718 { "P-224", NID_secp224r1 },
2719 { "P-256", NID_X9_62_prime256v1 },
2720 { "P-384", NID_secp384r1 },
2721 { "P-521", NID_secp521r1 }
2722 };
2723
2724 const char *
EC_curve_nid2nist(int nid)2725 EC_curve_nid2nist(int nid)
2726 {
2727 size_t i;
2728
2729 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) {
2730 if (nist_curves[i].nid == nid)
2731 return nist_curves[i].name;
2732 }
2733
2734 return NULL;
2735 }
2736 LCRYPTO_ALIAS(EC_curve_nid2nist);
2737
2738 int
EC_curve_nist2nid(const char * name)2739 EC_curve_nist2nid(const char *name)
2740 {
2741 size_t i;
2742
2743 for (i = 0; i < sizeof(nist_curves) / sizeof(nist_curves[0]); i++) {
2744 if (strcmp(nist_curves[i].name, name) == 0)
2745 return nist_curves[i].nid;
2746 }
2747
2748 return NID_undef;
2749 }
2750 LCRYPTO_ALIAS(EC_curve_nist2nid);
2751