TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9cce348a709201c4137555161412db554e377bd4 / . / library / ecp_curves.c
blob: 782a66acae2de1521a18cda0e05ed0031fbf0836 [file] [log] [blame]
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]1/*
2 * Elliptic curves over GF(p): curve-specific data and functions
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]18 */
19
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]20#include "common.h"
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]21
Valerio Settid4a5d462023-04-05 18:19:01 +0200[diff] [blame]22#if defined(MBEDTLS_ECP_LIGHT)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]23
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]24#include "mbedtls/ecp.h"
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]25#include "mbedtls/platform.h"
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]26#include "mbedtls/platform_util.h"
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]27#include "mbedtls/error.h"
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]28
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]29#include "mbedtls/platform.h"
30
Paul Elliottedc97682023-05-19 18:34:13 +0100[diff] [blame]31#include "constant_time_internal.h"
32
Janos Follath8c70e812021-06-24 14:48:38 +0100[diff] [blame]33#include "bn_mul.h"
Tom Cosgrove82d3f1e2022-08-23 12:01:39 +0100[diff] [blame]34#include "bignum_core.h"
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]35#include "ecp_invasive.h"
36
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]37#include <string.h>
38
Janos Follathb0697532016-08-18 12:38:46 +0100[diff] [blame]39#if !defined(MBEDTLS_ECP_ALT)
40
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]41/* Parameter validation macros based on platform_util.h */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]42#define ECP_VALIDATE_RET(cond) \
43 MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
44#define ECP_VALIDATE(cond) \
45 MBEDTLS_INTERNAL_VALIDATE(cond)
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]46
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]47#define ECP_MPI_INIT(s, n, p) { s, (n), (mbedtls_mpi_uint *) (p) }
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]48
Manuel Pégourié-Gonnard2389a602021-06-23 12:25:48 +0200[diff] [blame]49#define ECP_MPI_INIT_ARRAY(x) \
50 ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
51
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]52#define ECP_POINT_INIT_XY_Z0(x, y) { \
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]53 ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 0, NULL) }
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]54#define ECP_POINT_INIT_XY_Z1(x, y) { \
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]55 ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 1, mpi_one) }
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]56
57#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
58 defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
59 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
60 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
61 defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
62 defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
63 defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
64 defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
65 defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
66 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
67 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
68/* For these curves, we build the group parameters dynamically. */
69#define ECP_LOAD_GROUP
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]70static mbedtls_mpi_uint mpi_one[] = { 1 };
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]71#endif
72
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]73/*
Manuel Pégourié-Gonnard14a96c52013-12-11 12:15:28 +0100[diff] [blame]74 * Note: the constants are in little-endian order
75 * to be directly usable in MPIs
76 */
77
78/*
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]79 * Domain parameters for secp192r1
80 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
82static const mbedtls_mpi_uint secp192r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]83 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
84 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
85 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]86};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]87static const mbedtls_mpi_uint secp192r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE),
89 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F),
90 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]91};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92static const mbedtls_mpi_uint secp192r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]93 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4),
94 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C),
95 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]96};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97static const mbedtls_mpi_uint secp192r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]98 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73),
99 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63),
100 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]101};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102static const mbedtls_mpi_uint secp192r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]103 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14),
104 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF),
105 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]106};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]107#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
108static const mbedtls_mpi_uint secp192r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]109 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4),
110 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C),
111 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]112};
113static const mbedtls_mpi_uint secp192r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]114 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73),
115 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63),
116 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]117};
118static const mbedtls_mpi_uint secp192r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]119 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2),
120 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6),
121 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]122};
123static const mbedtls_mpi_uint secp192r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]124 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A),
125 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F),
126 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]127};
128static const mbedtls_mpi_uint secp192r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]129 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB),
130 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13),
131 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]132};
133static const mbedtls_mpi_uint secp192r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]134 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6),
135 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87),
136 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]137};
138static const mbedtls_mpi_uint secp192r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]139 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5),
140 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A),
141 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]142};
143static const mbedtls_mpi_uint secp192r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]144 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4),
145 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED),
146 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]147};
148static const mbedtls_mpi_uint secp192r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]149 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E),
150 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59),
151 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]152};
153static const mbedtls_mpi_uint secp192r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]154 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB),
155 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39),
156 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]157};
158static const mbedtls_mpi_uint secp192r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]159 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E),
160 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6),
161 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]162};
163static const mbedtls_mpi_uint secp192r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]164 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F),
165 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89),
166 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]167};
168static const mbedtls_mpi_uint secp192r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]169 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06),
170 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15),
171 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]172};
173static const mbedtls_mpi_uint secp192r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]174 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E),
175 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2),
176 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]177};
178static const mbedtls_mpi_uint secp192r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]179 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43),
180 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70),
181 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]182};
183static const mbedtls_mpi_uint secp192r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]184 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D),
185 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46),
186 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]187};
188static const mbedtls_mpi_uint secp192r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]189 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD),
190 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64),
191 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]192};
193static const mbedtls_mpi_uint secp192r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]194 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85),
195 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63),
196 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]197};
198static const mbedtls_mpi_uint secp192r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]199 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C),
200 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68),
201 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]202};
203static const mbedtls_mpi_uint secp192r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]204 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11),
205 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7),
206 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]207};
208static const mbedtls_mpi_uint secp192r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]209 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32),
210 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65),
211 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]212};
213static const mbedtls_mpi_uint secp192r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]214 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF),
215 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D),
216 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]217};
218static const mbedtls_mpi_uint secp192r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]219 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA),
220 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE),
221 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]222};
223static const mbedtls_mpi_uint secp192r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]224 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33),
225 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60),
226 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]227};
228static const mbedtls_mpi_uint secp192r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]229 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19),
230 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF),
231 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]232};
233static const mbedtls_mpi_uint secp192r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]234 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40),
235 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17),
236 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]237};
238static const mbedtls_mpi_uint secp192r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]239 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45),
240 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98),
241 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]242};
243static const mbedtls_mpi_uint secp192r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]244 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C),
245 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02),
246 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]247};
248static const mbedtls_mpi_uint secp192r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]249 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B),
250 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32),
251 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]252};
253static const mbedtls_mpi_uint secp192r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]254 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85),
255 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E),
256 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]257};
258static const mbedtls_mpi_uint secp192r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]259 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4),
260 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F),
261 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]262};
263static const mbedtls_mpi_uint secp192r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]264 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F),
265 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13),
266 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]267};
268static const mbedtls_ecp_point secp192r1_T[16] = {
269 ECP_POINT_INIT_XY_Z1(secp192r1_T_0_X, secp192r1_T_0_Y),
270 ECP_POINT_INIT_XY_Z0(secp192r1_T_1_X, secp192r1_T_1_Y),
271 ECP_POINT_INIT_XY_Z0(secp192r1_T_2_X, secp192r1_T_2_Y),
272 ECP_POINT_INIT_XY_Z0(secp192r1_T_3_X, secp192r1_T_3_Y),
273 ECP_POINT_INIT_XY_Z0(secp192r1_T_4_X, secp192r1_T_4_Y),
274 ECP_POINT_INIT_XY_Z0(secp192r1_T_5_X, secp192r1_T_5_Y),
275 ECP_POINT_INIT_XY_Z0(secp192r1_T_6_X, secp192r1_T_6_Y),
276 ECP_POINT_INIT_XY_Z0(secp192r1_T_7_X, secp192r1_T_7_Y),
277 ECP_POINT_INIT_XY_Z0(secp192r1_T_8_X, secp192r1_T_8_Y),
278 ECP_POINT_INIT_XY_Z0(secp192r1_T_9_X, secp192r1_T_9_Y),
279 ECP_POINT_INIT_XY_Z0(secp192r1_T_10_X, secp192r1_T_10_Y),
280 ECP_POINT_INIT_XY_Z0(secp192r1_T_11_X, secp192r1_T_11_Y),
281 ECP_POINT_INIT_XY_Z0(secp192r1_T_12_X, secp192r1_T_12_Y),
282 ECP_POINT_INIT_XY_Z0(secp192r1_T_13_X, secp192r1_T_13_Y),
283 ECP_POINT_INIT_XY_Z0(secp192r1_T_14_X, secp192r1_T_14_Y),
284 ECP_POINT_INIT_XY_Z0(secp192r1_T_15_X, secp192r1_T_15_Y),
285};
286#else
287#define secp192r1_T NULL
288#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]290
291/*
292 * Domain parameters for secp224r1
293 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]294#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
295static const mbedtls_mpi_uint secp224r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]296 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
297 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
298 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
299 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]300};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]301static const mbedtls_mpi_uint secp224r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]302 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27),
303 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50),
304 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C),
305 MBEDTLS_BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]306};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]307static const mbedtls_mpi_uint secp224r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]308 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34),
309 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A),
310 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B),
311 MBEDTLS_BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]312};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]313static const mbedtls_mpi_uint secp224r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]314 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44),
315 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD),
316 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5),
317 MBEDTLS_BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]318};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]319static const mbedtls_mpi_uint secp224r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]320 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13),
321 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF),
322 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
323 MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]324};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]325#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
326static const mbedtls_mpi_uint secp224r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]327 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34),
328 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A),
329 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B),
330 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]331};
332static const mbedtls_mpi_uint secp224r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]333 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44),
334 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD),
335 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5),
336 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]337};
338static const mbedtls_mpi_uint secp224r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]339 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA),
340 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E),
341 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01),
342 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]343};
344static const mbedtls_mpi_uint secp224r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]345 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58),
346 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C),
347 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25),
348 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]349};
350static const mbedtls_mpi_uint secp224r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]351 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3),
352 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65),
353 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1),
354 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]355};
356static const mbedtls_mpi_uint secp224r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]357 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6),
358 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45),
359 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A),
360 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]361};
362static const mbedtls_mpi_uint secp224r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]363 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2),
364 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64),
365 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA),
366 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]367};
368static const mbedtls_mpi_uint secp224r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]369 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76),
370 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42),
371 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98),
372 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]373};
374static const mbedtls_mpi_uint secp224r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]375 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7),
376 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61),
377 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45),
378 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]379};
380static const mbedtls_mpi_uint secp224r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]381 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8),
382 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA),
383 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA),
384 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]385};
386static const mbedtls_mpi_uint secp224r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]387 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1),
388 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2),
389 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE),
390 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]391};
392static const mbedtls_mpi_uint secp224r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]393 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48),
394 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D),
395 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D),
396 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]397};
398static const mbedtls_mpi_uint secp224r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]399 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC),
400 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71),
401 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF),
402 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]403};
404static const mbedtls_mpi_uint secp224r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]405 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85),
406 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F),
407 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92),
408 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]409};
410static const mbedtls_mpi_uint secp224r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]411 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58),
412 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F),
413 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6),
414 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]415};
416static const mbedtls_mpi_uint secp224r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]417 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10),
418 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02),
419 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D),
420 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]421};
422static const mbedtls_mpi_uint secp224r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]423 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF),
424 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17),
425 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD),
426 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]427};
428static const mbedtls_mpi_uint secp224r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]429 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE),
430 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A),
431 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45),
432 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]433};
434static const mbedtls_mpi_uint secp224r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]435 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0),
436 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82),
437 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9),
438 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]439};
440static const mbedtls_mpi_uint secp224r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]441 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79),
442 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E),
443 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58),
444 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]445};
446static const mbedtls_mpi_uint secp224r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]447 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA),
448 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74),
449 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C),
450 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]451};
452static const mbedtls_mpi_uint secp224r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]453 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E),
454 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C),
455 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25),
456 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]457};
458static const mbedtls_mpi_uint secp224r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]459 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1),
460 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35),
461 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB),
462 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]463};
464static const mbedtls_mpi_uint secp224r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]465 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B),
466 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D),
467 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8),
468 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]469};
470static const mbedtls_mpi_uint secp224r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]471 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE),
472 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5),
473 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46),
474 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]475};
476static const mbedtls_mpi_uint secp224r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]477 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39),
478 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40),
479 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE),
480 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]481};
482static const mbedtls_mpi_uint secp224r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]483 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E),
484 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F),
485 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A),
486 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]487};
488static const mbedtls_mpi_uint secp224r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]489 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD),
490 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8),
491 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2),
492 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]493};
494static const mbedtls_mpi_uint secp224r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]495 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07),
496 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE),
497 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E),
498 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]499};
500static const mbedtls_mpi_uint secp224r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]501 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3),
502 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B),
503 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04),
504 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]505};
506static const mbedtls_mpi_uint secp224r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]507 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3),
508 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A),
509 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63),
510 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]511};
512static const mbedtls_mpi_uint secp224r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]513 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45),
514 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6),
515 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79),
516 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]517};
518static const mbedtls_ecp_point secp224r1_T[16] = {
519 ECP_POINT_INIT_XY_Z1(secp224r1_T_0_X, secp224r1_T_0_Y),
520 ECP_POINT_INIT_XY_Z0(secp224r1_T_1_X, secp224r1_T_1_Y),
521 ECP_POINT_INIT_XY_Z0(secp224r1_T_2_X, secp224r1_T_2_Y),
522 ECP_POINT_INIT_XY_Z0(secp224r1_T_3_X, secp224r1_T_3_Y),
523 ECP_POINT_INIT_XY_Z0(secp224r1_T_4_X, secp224r1_T_4_Y),
524 ECP_POINT_INIT_XY_Z0(secp224r1_T_5_X, secp224r1_T_5_Y),
525 ECP_POINT_INIT_XY_Z0(secp224r1_T_6_X, secp224r1_T_6_Y),
526 ECP_POINT_INIT_XY_Z0(secp224r1_T_7_X, secp224r1_T_7_Y),
527 ECP_POINT_INIT_XY_Z0(secp224r1_T_8_X, secp224r1_T_8_Y),
528 ECP_POINT_INIT_XY_Z0(secp224r1_T_9_X, secp224r1_T_9_Y),
529 ECP_POINT_INIT_XY_Z0(secp224r1_T_10_X, secp224r1_T_10_Y),
530 ECP_POINT_INIT_XY_Z0(secp224r1_T_11_X, secp224r1_T_11_Y),
531 ECP_POINT_INIT_XY_Z0(secp224r1_T_12_X, secp224r1_T_12_Y),
532 ECP_POINT_INIT_XY_Z0(secp224r1_T_13_X, secp224r1_T_13_Y),
533 ECP_POINT_INIT_XY_Z0(secp224r1_T_14_X, secp224r1_T_14_Y),
534 ECP_POINT_INIT_XY_Z0(secp224r1_T_15_X, secp224r1_T_15_Y),
535};
536#else
537#define secp224r1_T NULL
538#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]539#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]540
541/*
542 * Domain parameters for secp256r1
543 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]544#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
545static const mbedtls_mpi_uint secp256r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]546 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
547 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
548 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
549 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]550};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]551static const mbedtls_mpi_uint secp256r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]552 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B),
553 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65),
554 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3),
555 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]556};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]557static const mbedtls_mpi_uint secp256r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]558 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4),
559 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77),
560 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8),
561 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]562};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]563static const mbedtls_mpi_uint secp256r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]564 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB),
565 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B),
566 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E),
567 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]568};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]569static const mbedtls_mpi_uint secp256r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]570 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3),
571 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC),
572 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
573 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]574};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]575#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
576static const mbedtls_mpi_uint secp256r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]577 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4),
578 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77),
579 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8),
580 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]581};
582static const mbedtls_mpi_uint secp256r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]583 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB),
584 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B),
585 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E),
586 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]587};
588static const mbedtls_mpi_uint secp256r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]589 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7),
590 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59),
591 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF),
592 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]593};
594static const mbedtls_mpi_uint secp256r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]595 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE),
596 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62),
597 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7),
598 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]599};
600static const mbedtls_mpi_uint secp256r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]601 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD),
602 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6),
603 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28),
604 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]605};
606static const mbedtls_mpi_uint secp256r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]607 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F),
608 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3),
609 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1),
610 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]611};
612static const mbedtls_mpi_uint secp256r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]613 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE),
614 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3),
615 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB),
616 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]617};
618static const mbedtls_mpi_uint secp256r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]619 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89),
620 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22),
621 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F),
622 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]623};
624static const mbedtls_mpi_uint secp256r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]625 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B),
626 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7),
627 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F),
628 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]629};
630static const mbedtls_mpi_uint secp256r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]631 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A),
632 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5),
633 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40),
634 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]635};
636static const mbedtls_mpi_uint secp256r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]637 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D),
638 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05),
639 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76),
640 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]641};
642static const mbedtls_mpi_uint secp256r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]643 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53),
644 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B),
645 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11),
646 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]647};
648static const mbedtls_mpi_uint secp256r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]649 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D),
650 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13),
651 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD),
652 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]653};
654static const mbedtls_mpi_uint secp256r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]655 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02),
656 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67),
657 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C),
658 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]659};
660static const mbedtls_mpi_uint secp256r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]661 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE),
662 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50),
663 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3),
664 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]665};
666static const mbedtls_mpi_uint secp256r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]667 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC),
668 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0),
669 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E),
670 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]671};
672static const mbedtls_mpi_uint secp256r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]673 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93),
674 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8),
675 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D),
676 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]677};
678static const mbedtls_mpi_uint secp256r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]679 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3),
680 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43),
681 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19),
682 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]683};
684static const mbedtls_mpi_uint secp256r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]685 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8),
686 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE),
687 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10),
688 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]689};
690static const mbedtls_mpi_uint secp256r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]691 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E),
692 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48),
693 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A),
694 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]695};
696static const mbedtls_mpi_uint secp256r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]697 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D),
698 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA),
699 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55),
700 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]701};
702static const mbedtls_mpi_uint secp256r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]703 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38),
704 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C),
705 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24),
706 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]707};
708static const mbedtls_mpi_uint secp256r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]709 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2),
710 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F),
711 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9),
712 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]713};
714static const mbedtls_mpi_uint secp256r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]715 MBEDTLS_BYTES_TO_T_UINT_8(0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A),
716 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92),
717 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81),
718 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]719};
720static const mbedtls_mpi_uint secp256r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]721 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F),
722 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F),
723 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B),
724 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]725};
726static const mbedtls_mpi_uint secp256r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]727 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F),
728 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67),
729 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3),
730 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]731};
732static const mbedtls_mpi_uint secp256r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]733 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3),
734 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40),
735 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4),
736 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]737};
738static const mbedtls_mpi_uint secp256r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]739 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2),
740 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D),
741 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3),
742 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]743};
744static const mbedtls_mpi_uint secp256r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]745 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52),
746 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68),
747 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A),
748 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]749};
750static const mbedtls_mpi_uint secp256r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]751 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D),
752 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60),
753 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97),
754 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]755};
756static const mbedtls_mpi_uint secp256r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]757 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E),
758 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A),
759 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76),
760 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]761};
762static const mbedtls_mpi_uint secp256r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]763 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB),
764 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10),
765 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61),
766 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]767};
768static const mbedtls_ecp_point secp256r1_T[16] = {
769 ECP_POINT_INIT_XY_Z1(secp256r1_T_0_X, secp256r1_T_0_Y),
770 ECP_POINT_INIT_XY_Z0(secp256r1_T_1_X, secp256r1_T_1_Y),
771 ECP_POINT_INIT_XY_Z0(secp256r1_T_2_X, secp256r1_T_2_Y),
772 ECP_POINT_INIT_XY_Z0(secp256r1_T_3_X, secp256r1_T_3_Y),
773 ECP_POINT_INIT_XY_Z0(secp256r1_T_4_X, secp256r1_T_4_Y),
774 ECP_POINT_INIT_XY_Z0(secp256r1_T_5_X, secp256r1_T_5_Y),
775 ECP_POINT_INIT_XY_Z0(secp256r1_T_6_X, secp256r1_T_6_Y),
776 ECP_POINT_INIT_XY_Z0(secp256r1_T_7_X, secp256r1_T_7_Y),
777 ECP_POINT_INIT_XY_Z0(secp256r1_T_8_X, secp256r1_T_8_Y),
778 ECP_POINT_INIT_XY_Z0(secp256r1_T_9_X, secp256r1_T_9_Y),
779 ECP_POINT_INIT_XY_Z0(secp256r1_T_10_X, secp256r1_T_10_Y),
780 ECP_POINT_INIT_XY_Z0(secp256r1_T_11_X, secp256r1_T_11_Y),
781 ECP_POINT_INIT_XY_Z0(secp256r1_T_12_X, secp256r1_T_12_Y),
782 ECP_POINT_INIT_XY_Z0(secp256r1_T_13_X, secp256r1_T_13_Y),
783 ECP_POINT_INIT_XY_Z0(secp256r1_T_14_X, secp256r1_T_14_Y),
784 ECP_POINT_INIT_XY_Z0(secp256r1_T_15_X, secp256r1_T_15_Y),
785};
786#else
787#define secp256r1_T NULL
788#endif
789
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]790#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]791
792/*
793 * Domain parameters for secp384r1
794 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]795#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
796static const mbedtls_mpi_uint secp384r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]797 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
798 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
799 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
800 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
801 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
802 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]803};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]804static const mbedtls_mpi_uint secp384r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]805 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A),
806 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6),
807 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03),
808 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18),
809 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98),
810 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]811};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]812static const mbedtls_mpi_uint secp384r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]813 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A),
814 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55),
815 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59),
816 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E),
817 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E),
818 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]819};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]820static const mbedtls_mpi_uint secp384r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]821 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A),
822 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A),
823 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9),
824 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8),
825 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D),
826 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]827};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]828static const mbedtls_mpi_uint secp384r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]829 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC),
830 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58),
831 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7),
832 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
833 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
834 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]835};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]836#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
837static const mbedtls_mpi_uint secp384r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]838 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A),
839 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55),
840 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59),
841 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E),
842 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E),
843 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]844};
845static const mbedtls_mpi_uint secp384r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]846 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A),
847 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A),
848 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9),
849 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8),
850 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D),
851 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]852};
853static const mbedtls_mpi_uint secp384r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]854 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37),
855 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC),
856 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7),
857 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85),
858 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC),
859 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]860};
861static const mbedtls_mpi_uint secp384r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]862 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA),
863 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C),
864 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A),
865 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94),
866 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9),
867 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]868};
869static const mbedtls_mpi_uint secp384r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]870 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98),
871 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58),
872 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67),
873 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E),
874 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7),
875 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]876};
877static const mbedtls_mpi_uint secp384r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]878 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6),
879 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E),
880 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75),
881 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1),
882 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00),
883 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]884};
885static const mbedtls_mpi_uint secp384r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]886 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16),
887 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3),
888 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A),
889 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF),
890 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58),
891 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]892};
893static const mbedtls_mpi_uint secp384r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]894 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7),
895 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34),
896 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71),
897 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE),
898 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30),
899 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]900};
901static const mbedtls_mpi_uint secp384r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]902 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30),
903 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90),
904 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3),
905 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B),
906 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56),
907 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]908};
909static const mbedtls_mpi_uint secp384r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]910 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16),
911 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB),
912 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D),
913 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6),
914 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0),
915 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]916};
917static const mbedtls_mpi_uint secp384r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]918 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50),
919 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE),
920 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38),
921 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23),
922 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F),
923 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]924};
925static const mbedtls_mpi_uint secp384r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]926 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97),
927 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17),
928 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D),
929 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7),
930 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC),
931 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]932};
933static const mbedtls_mpi_uint secp384r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]934 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A),
935 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB),
936 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B),
937 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D),
938 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5),
939 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]940};
941static const mbedtls_mpi_uint secp384r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]942 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED),
943 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92),
944 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C),
945 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E),
946 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C),
947 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]948};
949static const mbedtls_mpi_uint secp384r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]950 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B),
951 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03),
952 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB),
953 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE),
954 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4),
955 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]956};
957static const mbedtls_mpi_uint secp384r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]958 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B),
959 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38),
960 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B),
961 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5),
962 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01),
963 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]964};
965static const mbedtls_mpi_uint secp384r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]966 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2),
967 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5),
968 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8),
969 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE),
970 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90),
971 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]972};
973static const mbedtls_mpi_uint secp384r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]974 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5),
975 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6),
976 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04),
977 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B),
978 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D),
979 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]980};
981static const mbedtls_mpi_uint secp384r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]982 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56),
983 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E),
984 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07),
985 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0),
986 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB),
987 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]988};
989static const mbedtls_mpi_uint secp384r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]990 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9),
991 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46),
992 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C),
993 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8),
994 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99),
995 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]996};
997static const mbedtls_mpi_uint secp384r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]998 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63),
999 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23),
1000 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8),
1001 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4),
1002 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A),
1003 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1004};
1005static const mbedtls_mpi_uint secp384r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1006 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84),
1007 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2),
1008 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67),
1009 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8),
1010 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03),
1011 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1012};
1013static const mbedtls_mpi_uint secp384r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1014 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C),
1015 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE),
1016 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74),
1017 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50),
1018 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45),
1019 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1020};
1021static const mbedtls_mpi_uint secp384r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1022 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E),
1023 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2),
1024 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04),
1025 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45),
1026 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D),
1027 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1028};
1029static const mbedtls_mpi_uint secp384r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1030 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69),
1031 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1),
1032 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96),
1033 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17),
1034 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2),
1035 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1036};
1037static const mbedtls_mpi_uint secp384r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1038 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2),
1039 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81),
1040 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F),
1041 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96),
1042 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30),
1043 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1044};
1045static const mbedtls_mpi_uint secp384r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1046 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA),
1047 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71),
1048 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B),
1049 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01),
1050 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F),
1051 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1052};
1053static const mbedtls_mpi_uint secp384r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1054 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2),
1055 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D),
1056 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51),
1057 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04),
1058 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B),
1059 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1060};
1061static const mbedtls_mpi_uint secp384r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1062 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D),
1063 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47),
1064 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE),
1065 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF),
1066 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B),
1067 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1068};
1069static const mbedtls_mpi_uint secp384r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1070 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69),
1071 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87),
1072 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B),
1073 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D),
1074 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50),
1075 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1076};
1077static const mbedtls_mpi_uint secp384r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1078 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C),
1079 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50),
1080 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB),
1081 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93),
1082 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C),
1083 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1084};
1085static const mbedtls_mpi_uint secp384r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1086 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15),
1087 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74),
1088 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45),
1089 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3),
1090 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC),
1091 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1092};
1093static const mbedtls_mpi_uint secp384r1_T_16_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1094 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94),
1095 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE),
1096 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E),
1097 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F),
1098 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28),
1099 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1100};
1101static const mbedtls_mpi_uint secp384r1_T_16_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1102 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4),
1103 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20),
1104 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D),
1105 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D),
1106 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98),
1107 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1108};
1109static const mbedtls_mpi_uint secp384r1_T_17_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1110 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56),
1111 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05),
1112 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01),
1113 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C),
1114 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE),
1115 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1116};
1117static const mbedtls_mpi_uint secp384r1_T_17_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1118 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77),
1119 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD),
1120 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57),
1121 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48),
1122 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D),
1123 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1124};
1125static const mbedtls_mpi_uint secp384r1_T_18_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1126 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E),
1127 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE),
1128 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB),
1129 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32),
1130 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D),
1131 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1132};
1133static const mbedtls_mpi_uint secp384r1_T_18_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1134 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B),
1135 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC),
1136 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC),
1137 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59),
1138 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C),
1139 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1140};
1141static const mbedtls_mpi_uint secp384r1_T_19_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1142 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54),
1143 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F),
1144 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B),
1145 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22),
1146 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB),
1147 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1148};
1149static const mbedtls_mpi_uint secp384r1_T_19_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1150 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59),
1151 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3),
1152 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F),
1153 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81),
1154 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3),
1155 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1156};
1157static const mbedtls_mpi_uint secp384r1_T_20_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1158 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60),
1159 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA),
1160 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E),
1161 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B),
1162 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C),
1163 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1164};
1165static const mbedtls_mpi_uint secp384r1_T_20_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1166 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5),
1167 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60),
1168 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5),
1169 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC),
1170 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE),
1171 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1172};
1173static const mbedtls_mpi_uint secp384r1_T_21_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1174 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6),
1175 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42),
1176 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89),
1177 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18),
1178 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C),
1179 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1180};
1181static const mbedtls_mpi_uint secp384r1_T_21_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1182 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99),
1183 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A),
1184 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18),
1185 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31),
1186 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69),
1187 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1188};
1189static const mbedtls_mpi_uint secp384r1_T_22_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1190 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C),
1191 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6),
1192 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A),
1193 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49),
1194 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB),
1195 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1196};
1197static const mbedtls_mpi_uint secp384r1_T_22_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1198 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51),
1199 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0),
1200 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA),
1201 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A),
1202 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77),
1203 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1204};
1205static const mbedtls_mpi_uint secp384r1_T_23_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1206 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C),
1207 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1),
1208 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F),
1209 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5),
1210 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55),
1211 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1212};
1213static const mbedtls_mpi_uint secp384r1_T_23_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1214 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23),
1215 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05),
1216 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01),
1217 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8),
1218 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96),
1219 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1220};
1221static const mbedtls_mpi_uint secp384r1_T_24_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1222 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49),
1223 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF),
1224 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30),
1225 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6),
1226 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6),
1227 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1228};
1229static const mbedtls_mpi_uint secp384r1_T_24_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1230 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75),
1231 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F),
1232 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B),
1233 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66),
1234 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24),
1235 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1236};
1237static const mbedtls_mpi_uint secp384r1_T_25_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1238 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0),
1239 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE),
1240 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55),
1241 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42),
1242 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82),
1243 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1244};
1245static const mbedtls_mpi_uint secp384r1_T_25_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1246 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52),
1247 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02),
1248 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C),
1249 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17),
1250 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28),
1251 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1252};
1253static const mbedtls_mpi_uint secp384r1_T_26_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1254 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65),
1255 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4),
1256 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04),
1257 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C),
1258 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21),
1259 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1260};
1261static const mbedtls_mpi_uint secp384r1_T_26_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1262 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F),
1263 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89),
1264 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A),
1265 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2),
1266 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B),
1267 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1268};
1269static const mbedtls_mpi_uint secp384r1_T_27_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1270 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93),
1271 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B),
1272 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C),
1273 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84),
1274 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0),
1275 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1276};
1277static const mbedtls_mpi_uint secp384r1_T_27_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1278 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15),
1279 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D),
1280 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04),
1281 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53),
1282 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1),
1283 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1284};
1285static const mbedtls_mpi_uint secp384r1_T_28_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1286 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC),
1287 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6),
1288 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41),
1289 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC),
1290 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6),
1291 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1292};
1293static const mbedtls_mpi_uint secp384r1_T_28_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1294 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4),
1295 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80),
1296 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46),
1297 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C),
1298 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF),
1299 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1300};
1301static const mbedtls_mpi_uint secp384r1_T_29_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1302 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1),
1303 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C),
1304 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F),
1305 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC),
1306 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F),
1307 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1308};
1309static const mbedtls_mpi_uint secp384r1_T_29_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1310 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09),
1311 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44),
1312 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62),
1313 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67),
1314 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66),
1315 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1316};
1317static const mbedtls_mpi_uint secp384r1_T_30_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1318 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF),
1319 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B),
1320 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55),
1321 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34),
1322 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C),
1323 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1324};
1325static const mbedtls_mpi_uint secp384r1_T_30_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1326 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4),
1327 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B),
1328 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62),
1329 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C),
1330 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E),
1331 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1332};
1333static const mbedtls_mpi_uint secp384r1_T_31_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1334 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03),
1335 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF),
1336 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF),
1337 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C),
1338 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE),
1339 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1340};
1341static const mbedtls_mpi_uint secp384r1_T_31_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1342 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28),
1343 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60),
1344 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A),
1345 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9),
1346 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5),
1347 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1348};
1349static const mbedtls_ecp_point secp384r1_T[32] = {
1350 ECP_POINT_INIT_XY_Z1(secp384r1_T_0_X, secp384r1_T_0_Y),
1351 ECP_POINT_INIT_XY_Z0(secp384r1_T_1_X, secp384r1_T_1_Y),
1352 ECP_POINT_INIT_XY_Z0(secp384r1_T_2_X, secp384r1_T_2_Y),
1353 ECP_POINT_INIT_XY_Z0(secp384r1_T_3_X, secp384r1_T_3_Y),
1354 ECP_POINT_INIT_XY_Z0(secp384r1_T_4_X, secp384r1_T_4_Y),
1355 ECP_POINT_INIT_XY_Z0(secp384r1_T_5_X, secp384r1_T_5_Y),
1356 ECP_POINT_INIT_XY_Z0(secp384r1_T_6_X, secp384r1_T_6_Y),
1357 ECP_POINT_INIT_XY_Z0(secp384r1_T_7_X, secp384r1_T_7_Y),
1358 ECP_POINT_INIT_XY_Z0(secp384r1_T_8_X, secp384r1_T_8_Y),
1359 ECP_POINT_INIT_XY_Z0(secp384r1_T_9_X, secp384r1_T_9_Y),
1360 ECP_POINT_INIT_XY_Z0(secp384r1_T_10_X, secp384r1_T_10_Y),
1361 ECP_POINT_INIT_XY_Z0(secp384r1_T_11_X, secp384r1_T_11_Y),
1362 ECP_POINT_INIT_XY_Z0(secp384r1_T_12_X, secp384r1_T_12_Y),
1363 ECP_POINT_INIT_XY_Z0(secp384r1_T_13_X, secp384r1_T_13_Y),
1364 ECP_POINT_INIT_XY_Z0(secp384r1_T_14_X, secp384r1_T_14_Y),
1365 ECP_POINT_INIT_XY_Z0(secp384r1_T_15_X, secp384r1_T_15_Y),
1366 ECP_POINT_INIT_XY_Z0(secp384r1_T_16_X, secp384r1_T_16_Y),
1367 ECP_POINT_INIT_XY_Z0(secp384r1_T_17_X, secp384r1_T_17_Y),
1368 ECP_POINT_INIT_XY_Z0(secp384r1_T_18_X, secp384r1_T_18_Y),
1369 ECP_POINT_INIT_XY_Z0(secp384r1_T_19_X, secp384r1_T_19_Y),
1370 ECP_POINT_INIT_XY_Z0(secp384r1_T_20_X, secp384r1_T_20_Y),
1371 ECP_POINT_INIT_XY_Z0(secp384r1_T_21_X, secp384r1_T_21_Y),
1372 ECP_POINT_INIT_XY_Z0(secp384r1_T_22_X, secp384r1_T_22_Y),
1373 ECP_POINT_INIT_XY_Z0(secp384r1_T_23_X, secp384r1_T_23_Y),
1374 ECP_POINT_INIT_XY_Z0(secp384r1_T_24_X, secp384r1_T_24_Y),
1375 ECP_POINT_INIT_XY_Z0(secp384r1_T_25_X, secp384r1_T_25_Y),
1376 ECP_POINT_INIT_XY_Z0(secp384r1_T_26_X, secp384r1_T_26_Y),
1377 ECP_POINT_INIT_XY_Z0(secp384r1_T_27_X, secp384r1_T_27_Y),
1378 ECP_POINT_INIT_XY_Z0(secp384r1_T_28_X, secp384r1_T_28_Y),
1379 ECP_POINT_INIT_XY_Z0(secp384r1_T_29_X, secp384r1_T_29_Y),
1380 ECP_POINT_INIT_XY_Z0(secp384r1_T_30_X, secp384r1_T_30_Y),
1381 ECP_POINT_INIT_XY_Z0(secp384r1_T_31_X, secp384r1_T_31_Y),
1382};
1383#else
1384#define secp384r1_T NULL
1385#endif
1386
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1387#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]1388
1389/*
1390 * Domain parameters for secp521r1
1391 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1392#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
1393static const mbedtls_mpi_uint secp521r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1394 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1395 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1396 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1397 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1398 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1399 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1400 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1401 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1402 MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1403};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1404static const mbedtls_mpi_uint secp521r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1405 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF),
1406 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35),
1407 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16),
1408 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56),
1409 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8),
1410 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2),
1411 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92),
1412 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95),
1413 MBEDTLS_BYTES_TO_T_UINT_2(0x51, 0x00),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1414};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1415static const mbedtls_mpi_uint secp521r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1416 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9),
1417 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33),
1418 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE),
1419 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1),
1420 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8),
1421 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C),
1422 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E),
1423 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85),
1424 MBEDTLS_BYTES_TO_T_UINT_2(0xC6, 0x00),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1425};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1426static const mbedtls_mpi_uint secp521r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1427 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88),
1428 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35),
1429 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5),
1430 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97),
1431 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17),
1432 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98),
1433 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C),
1434 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39),
1435 MBEDTLS_BYTES_TO_T_UINT_2(0x18, 0x01),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1436};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1437static const mbedtls_mpi_uint secp521r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1438 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB),
1439 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B),
1440 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F),
1441 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51),
1442 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1443 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1444 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1445 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1446 MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1447};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1448#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
1449static const mbedtls_mpi_uint secp521r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1450 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9),
1451 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33),
1452 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE),
1453 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1),
1454 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8),
1455 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C),
1456 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E),
1457 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85),
1458 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1459};
1460static const mbedtls_mpi_uint secp521r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1461 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88),
1462 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35),
1463 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5),
1464 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97),
1465 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17),
1466 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98),
1467 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C),
1468 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39),
1469 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1470};
1471static const mbedtls_mpi_uint secp521r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1472 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA),
1473 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67),
1474 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32),
1475 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53),
1476 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB),
1477 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29),
1478 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00),
1479 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40),
1480 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1481};
1482static const mbedtls_mpi_uint secp521r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1483 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA),
1484 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06),
1485 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78),
1486 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D),
1487 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3),
1488 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32),
1489 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41),
1490 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF),
1491 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1492};
1493static const mbedtls_mpi_uint secp521r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1494 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36),
1495 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA),
1496 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D),
1497 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13),
1498 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02),
1499 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9),
1500 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE),
1501 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2),
1502 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1503};
1504static const mbedtls_mpi_uint secp521r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1505 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED),
1506 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA),
1507 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48),
1508 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D),
1509 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11),
1510 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39),
1511 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69),
1512 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA),
1513 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1514};
1515static const mbedtls_mpi_uint secp521r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1516 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7),
1517 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD),
1518 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52),
1519 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5),
1520 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD),
1521 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF),
1522 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA),
1523 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78),
1524 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1525};
1526static const mbedtls_mpi_uint secp521r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1527 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6),
1528 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41),
1529 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14),
1530 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51),
1531 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D),
1532 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12),
1533 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4),
1534 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86),
1535 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1536};
1537static const mbedtls_mpi_uint secp521r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1538 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B),
1539 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84),
1540 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67),
1541 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1),
1542 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B),
1543 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1),
1544 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8),
1545 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E),
1546 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1547};
1548static const mbedtls_mpi_uint secp521r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1549 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51),
1550 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C),
1551 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3),
1552 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB),
1553 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD),
1554 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92),
1555 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA),
1556 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1),
1557 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1558};
1559static const mbedtls_mpi_uint secp521r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1560 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7),
1561 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03),
1562 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21),
1563 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC),
1564 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27),
1565 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6),
1566 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57),
1567 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8),
1568 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1569};
1570static const mbedtls_mpi_uint secp521r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1571 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87),
1572 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5),
1573 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D),
1574 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15),
1575 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B),
1576 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77),
1577 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12),
1578 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46),
1579 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1580};
1581static const mbedtls_mpi_uint secp521r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1582 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A),
1583 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D),
1584 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D),
1585 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82),
1586 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82),
1587 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7),
1588 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40),
1589 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40),
1590 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1591};
1592static const mbedtls_mpi_uint secp521r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1593 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9),
1594 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84),
1595 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC),
1596 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3),
1597 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1),
1598 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42),
1599 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C),
1600 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22),
1601 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1602};
1603static const mbedtls_mpi_uint secp521r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1604 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51),
1605 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93),
1606 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98),
1607 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB),
1608 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39),
1609 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1),
1610 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6),
1611 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE),
1612 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1613};
1614static const mbedtls_mpi_uint secp521r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1615 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4),
1616 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68),
1617 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F),
1618 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36),
1619 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF),
1620 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68),
1621 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6),
1622 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C),
1623 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1624};
1625static const mbedtls_mpi_uint secp521r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1626 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66),
1627 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E),
1628 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0),
1629 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C),
1630 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85),
1631 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5),
1632 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60),
1633 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18),
1634 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1635};
1636static const mbedtls_mpi_uint secp521r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1637 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6),
1638 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37),
1639 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C),
1640 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A),
1641 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46),
1642 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D),
1643 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09),
1644 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91),
1645 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1646};
1647static const mbedtls_mpi_uint secp521r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1648 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72),
1649 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF),
1650 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6),
1651 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39),
1652 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1),
1653 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98),
1654 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD),
1655 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2),
1656 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1657};
1658static const mbedtls_mpi_uint secp521r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1659 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33),
1660 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E),
1661 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1),
1662 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29),
1663 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8),
1664 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42),
1665 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1),
1666 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85),
1667 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1668};
1669static const mbedtls_mpi_uint secp521r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1670 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55),
1671 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1),
1672 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07),
1673 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05),
1674 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20),
1675 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3),
1676 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07),
1677 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF),
1678 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1679};
1680static const mbedtls_mpi_uint secp521r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1681 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5),
1682 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2),
1683 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C),
1684 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97),
1685 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3),
1686 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57),
1687 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12),
1688 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63),
1689 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1690};
1691static const mbedtls_mpi_uint secp521r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1692 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F),
1693 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56),
1694 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7),
1695 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58),
1696 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB),
1697 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB),
1698 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8),
1699 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57),
1700 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1701};
1702static const mbedtls_mpi_uint secp521r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1703 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E),
1704 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3),
1705 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A),
1706 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C),
1707 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F),
1708 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B),
1709 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B),
1710 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA),
1711 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1712};
1713static const mbedtls_mpi_uint secp521r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1714 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB),
1715 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26),
1716 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13),
1717 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B),
1718 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78),
1719 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32),
1720 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52),
1721 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F),
1722 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1723};
1724static const mbedtls_mpi_uint secp521r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1725 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78),
1726 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42),
1727 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F),
1728 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF),
1729 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE),
1730 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC),
1731 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4),
1732 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47),
1733 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1734};
1735static const mbedtls_mpi_uint secp521r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1736 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95),
1737 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D),
1738 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32),
1739 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D),
1740 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA),
1741 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC),
1742 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5),
1743 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9),
1744 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1745};
1746static const mbedtls_mpi_uint secp521r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1747 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C),
1748 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97),
1749 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E),
1750 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D),
1751 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF),
1752 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E),
1753 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1),
1754 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A),
1755 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1756};
1757static const mbedtls_mpi_uint secp521r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1758 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1),
1759 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B),
1760 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB),
1761 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35),
1762 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58),
1763 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38),
1764 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D),
1765 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23),
1766 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1767};
1768static const mbedtls_mpi_uint secp521r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1769 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD),
1770 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6),
1771 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28),
1772 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11),
1773 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91),
1774 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0),
1775 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B),
1776 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22),
1777 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1778};
1779static const mbedtls_mpi_uint secp521r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1780 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7),
1781 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA),
1782 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84),
1783 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42),
1784 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44),
1785 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0),
1786 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5),
1787 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9),
1788 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1789};
1790static const mbedtls_mpi_uint secp521r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1791 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9),
1792 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87),
1793 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7),
1794 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20),
1795 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77),
1796 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5),
1797 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE),
1798 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3),
1799 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1800};
1801static const mbedtls_mpi_uint secp521r1_T_16_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1802 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF),
1803 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF),
1804 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9),
1805 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33),
1806 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71),
1807 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31),
1808 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D),
1809 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B),
1810 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1811};
1812static const mbedtls_mpi_uint secp521r1_T_16_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1813 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30),
1814 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA),
1815 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54),
1816 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C),
1817 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B),
1818 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42),
1819 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F),
1820 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23),
1821 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1822};
1823static const mbedtls_mpi_uint secp521r1_T_17_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1824 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94),
1825 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D),
1826 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2),
1827 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE),
1828 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11),
1829 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01),
1830 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26),
1831 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47),
1832 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1833};
1834static const mbedtls_mpi_uint secp521r1_T_17_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1835 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20),
1836 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE),
1837 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07),
1838 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF),
1839 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81),
1840 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F),
1841 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61),
1842 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81),
1843 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1844};
1845static const mbedtls_mpi_uint secp521r1_T_18_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1846 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56),
1847 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3),
1848 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99),
1849 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E),
1850 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F),
1851 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC),
1852 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34),
1853 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D),
1854 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1855};
1856static const mbedtls_mpi_uint secp521r1_T_18_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1857 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47),
1858 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6),
1859 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD),
1860 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E),
1861 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C),
1862 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C),
1863 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70),
1864 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70),
1865 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1866};
1867static const mbedtls_mpi_uint secp521r1_T_19_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1868 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB),
1869 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45),
1870 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF),
1871 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B),
1872 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60),
1873 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9),
1874 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C),
1875 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72),
1876 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1877};
1878static const mbedtls_mpi_uint secp521r1_T_19_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1879 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28),
1880 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA),
1881 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2),
1882 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33),
1883 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38),
1884 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D),
1885 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14),
1886 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63),
1887 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1888};
1889static const mbedtls_mpi_uint secp521r1_T_20_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1890 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03),
1891 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86),
1892 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68),
1893 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96),
1894 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0),
1895 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54),
1896 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7),
1897 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65),
1898 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1899};
1900static const mbedtls_mpi_uint secp521r1_T_20_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1901 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8),
1902 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10),
1903 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64),
1904 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA),
1905 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4),
1906 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F),
1907 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E),
1908 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0),
1909 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1910};
1911static const mbedtls_mpi_uint secp521r1_T_21_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1912 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E),
1913 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67),
1914 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA),
1915 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE),
1916 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11),
1917 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28),
1918 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06),
1919 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9),
1920 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1921};
1922static const mbedtls_mpi_uint secp521r1_T_21_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1923 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5),
1924 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1),
1925 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08),
1926 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88),
1927 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27),
1928 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15),
1929 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E),
1930 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D),
1931 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1932};
1933static const mbedtls_mpi_uint secp521r1_T_22_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1934 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8),
1935 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E),
1936 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9),
1937 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8),
1938 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6),
1939 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67),
1940 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42),
1941 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA),
1942 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1943};
1944static const mbedtls_mpi_uint secp521r1_T_22_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1945 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44),
1946 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32),
1947 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10),
1948 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8),
1949 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C),
1950 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3),
1951 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2),
1952 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86),
1953 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1954};
1955static const mbedtls_mpi_uint secp521r1_T_23_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1956 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E),
1957 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE),
1958 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41),
1959 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20),
1960 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97),
1961 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43),
1962 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E),
1963 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7),
1964 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1965};
1966static const mbedtls_mpi_uint secp521r1_T_23_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1967 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31),
1968 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26),
1969 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20),
1970 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27),
1971 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03),
1972 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38),
1973 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87),
1974 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C),
1975 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1976};
1977static const mbedtls_mpi_uint secp521r1_T_24_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1978 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A),
1979 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C),
1980 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC),
1981 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F),
1982 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15),
1983 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7),
1984 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF),
1985 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B),
1986 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1987};
1988static const mbedtls_mpi_uint secp521r1_T_24_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]1989 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1),
1990 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F),
1991 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0),
1992 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96),
1993 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0),
1994 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F),
1995 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80),
1996 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F),
1997 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1998};
1999static const mbedtls_mpi_uint secp521r1_T_25_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2000 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08),
2001 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67),
2002 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2),
2003 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98),
2004 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85),
2005 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65),
2006 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38),
2007 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3),
2008 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2009};
2010static const mbedtls_mpi_uint secp521r1_T_25_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2011 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96),
2012 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC),
2013 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4),
2014 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93),
2015 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8),
2016 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0),
2017 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E),
2018 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6),
2019 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2020};
2021static const mbedtls_mpi_uint secp521r1_T_26_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2022 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA),
2023 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E),
2024 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8),
2025 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2),
2026 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC),
2027 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64),
2028 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61),
2029 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB),
2030 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2031};
2032static const mbedtls_mpi_uint secp521r1_T_26_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2033 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25),
2034 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81),
2035 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B),
2036 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5),
2037 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34),
2038 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3),
2039 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D),
2040 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5),
2041 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2042};
2043static const mbedtls_mpi_uint secp521r1_T_27_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2044 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C),
2045 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8),
2046 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B),
2047 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79),
2048 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94),
2049 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC),
2050 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42),
2051 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9),
2052 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2053};
2054static const mbedtls_mpi_uint secp521r1_T_27_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2055 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85),
2056 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35),
2057 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95),
2058 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01),
2059 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36),
2060 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8),
2061 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D),
2062 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9),
2063 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2064};
2065static const mbedtls_mpi_uint secp521r1_T_28_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2066 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8),
2067 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7),
2068 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55),
2069 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5),
2070 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6),
2071 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE),
2072 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E),
2073 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22),
2074 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2075};
2076static const mbedtls_mpi_uint secp521r1_T_28_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2077 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12),
2078 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7),
2079 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3),
2080 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E),
2081 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72),
2082 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E),
2083 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71),
2084 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2),
2085 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2086};
2087static const mbedtls_mpi_uint secp521r1_T_29_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2088 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE),
2089 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40),
2090 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74),
2091 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0),
2092 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB),
2093 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C),
2094 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF),
2095 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8),
2096 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2097};
2098static const mbedtls_mpi_uint secp521r1_T_29_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2099 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB),
2100 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86),
2101 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F),
2102 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01),
2103 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8),
2104 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6),
2105 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10),
2106 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47),
2107 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2108};
2109static const mbedtls_mpi_uint secp521r1_T_30_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2110 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66),
2111 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32),
2112 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC),
2113 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA),
2114 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9),
2115 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF),
2116 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3),
2117 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68),
2118 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2119};
2120static const mbedtls_mpi_uint secp521r1_T_30_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2121 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE),
2122 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89),
2123 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6),
2124 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D),
2125 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68),
2126 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61),
2127 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77),
2128 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42),
2129 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2130};
2131static const mbedtls_mpi_uint secp521r1_T_31_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2132 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27),
2133 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22),
2134 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23),
2135 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27),
2136 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B),
2137 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3),
2138 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1),
2139 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE),
2140 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2141};
2142static const mbedtls_mpi_uint secp521r1_T_31_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2143 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D),
2144 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22),
2145 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05),
2146 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4),
2147 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94),
2148 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22),
2149 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B),
2150 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51),
2151 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2152};
2153static const mbedtls_ecp_point secp521r1_T[32] = {
2154 ECP_POINT_INIT_XY_Z1(secp521r1_T_0_X, secp521r1_T_0_Y),
2155 ECP_POINT_INIT_XY_Z0(secp521r1_T_1_X, secp521r1_T_1_Y),
2156 ECP_POINT_INIT_XY_Z0(secp521r1_T_2_X, secp521r1_T_2_Y),
2157 ECP_POINT_INIT_XY_Z0(secp521r1_T_3_X, secp521r1_T_3_Y),
2158 ECP_POINT_INIT_XY_Z0(secp521r1_T_4_X, secp521r1_T_4_Y),
2159 ECP_POINT_INIT_XY_Z0(secp521r1_T_5_X, secp521r1_T_5_Y),
2160 ECP_POINT_INIT_XY_Z0(secp521r1_T_6_X, secp521r1_T_6_Y),
2161 ECP_POINT_INIT_XY_Z0(secp521r1_T_7_X, secp521r1_T_7_Y),
2162 ECP_POINT_INIT_XY_Z0(secp521r1_T_8_X, secp521r1_T_8_Y),
2163 ECP_POINT_INIT_XY_Z0(secp521r1_T_9_X, secp521r1_T_9_Y),
2164 ECP_POINT_INIT_XY_Z0(secp521r1_T_10_X, secp521r1_T_10_Y),
2165 ECP_POINT_INIT_XY_Z0(secp521r1_T_11_X, secp521r1_T_11_Y),
2166 ECP_POINT_INIT_XY_Z0(secp521r1_T_12_X, secp521r1_T_12_Y),
2167 ECP_POINT_INIT_XY_Z0(secp521r1_T_13_X, secp521r1_T_13_Y),
2168 ECP_POINT_INIT_XY_Z0(secp521r1_T_14_X, secp521r1_T_14_Y),
2169 ECP_POINT_INIT_XY_Z0(secp521r1_T_15_X, secp521r1_T_15_Y),
2170 ECP_POINT_INIT_XY_Z0(secp521r1_T_16_X, secp521r1_T_16_Y),
2171 ECP_POINT_INIT_XY_Z0(secp521r1_T_17_X, secp521r1_T_17_Y),
2172 ECP_POINT_INIT_XY_Z0(secp521r1_T_18_X, secp521r1_T_18_Y),
2173 ECP_POINT_INIT_XY_Z0(secp521r1_T_19_X, secp521r1_T_19_Y),
2174 ECP_POINT_INIT_XY_Z0(secp521r1_T_20_X, secp521r1_T_20_Y),
2175 ECP_POINT_INIT_XY_Z0(secp521r1_T_21_X, secp521r1_T_21_Y),
2176 ECP_POINT_INIT_XY_Z0(secp521r1_T_22_X, secp521r1_T_22_Y),
2177 ECP_POINT_INIT_XY_Z0(secp521r1_T_23_X, secp521r1_T_23_Y),
2178 ECP_POINT_INIT_XY_Z0(secp521r1_T_24_X, secp521r1_T_24_Y),
2179 ECP_POINT_INIT_XY_Z0(secp521r1_T_25_X, secp521r1_T_25_Y),
2180 ECP_POINT_INIT_XY_Z0(secp521r1_T_26_X, secp521r1_T_26_Y),
2181 ECP_POINT_INIT_XY_Z0(secp521r1_T_27_X, secp521r1_T_27_Y),
2182 ECP_POINT_INIT_XY_Z0(secp521r1_T_28_X, secp521r1_T_28_Y),
2183 ECP_POINT_INIT_XY_Z0(secp521r1_T_29_X, secp521r1_T_29_Y),
2184 ECP_POINT_INIT_XY_Z0(secp521r1_T_30_X, secp521r1_T_30_Y),
2185 ECP_POINT_INIT_XY_Z0(secp521r1_T_31_X, secp521r1_T_31_Y),
2186};
2187#else
2188#define secp521r1_T NULL
2189#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2190#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]2191
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2192#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
2193static const mbedtls_mpi_uint secp192k1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2194 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
2195 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2196 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2197};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2198static const mbedtls_mpi_uint secp192k1_a[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2199 MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2200};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2201static const mbedtls_mpi_uint secp192k1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2202 MBEDTLS_BYTES_TO_T_UINT_2(0x03, 0x00),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2203};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2204static const mbedtls_mpi_uint secp192k1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2205 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D),
2206 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26),
2207 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2208};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2209static const mbedtls_mpi_uint secp192k1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2210 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40),
2211 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84),
2212 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2213};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2214static const mbedtls_mpi_uint secp192k1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2215 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F),
2216 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF),
2217 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2218};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2219
2220#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2221static const mbedtls_mpi_uint secp192k1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2222 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D),
2223 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26),
2224 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2225};
2226static const mbedtls_mpi_uint secp192k1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2227 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40),
2228 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84),
2229 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2230};
2231static const mbedtls_mpi_uint secp192k1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2232 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9),
2233 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54),
2234 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2235};
2236static const mbedtls_mpi_uint secp192k1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2237 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B),
2238 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9),
2239 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2240};
2241static const mbedtls_mpi_uint secp192k1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2242 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23),
2243 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75),
2244 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2245};
2246static const mbedtls_mpi_uint secp192k1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2247 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96),
2248 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82),
2249 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2250};
2251static const mbedtls_mpi_uint secp192k1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2252 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54),
2253 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99),
2254 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2255};
2256static const mbedtls_mpi_uint secp192k1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2257 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75),
2258 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E),
2259 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2260};
2261static const mbedtls_mpi_uint secp192k1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2262 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC),
2263 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20),
2264 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2265};
2266static const mbedtls_mpi_uint secp192k1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2267 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2),
2268 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1),
2269 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2270};
2271static const mbedtls_mpi_uint secp192k1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2272 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23),
2273 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E),
2274 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2275};
2276static const mbedtls_mpi_uint secp192k1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2277 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15),
2278 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7),
2279 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2280};
2281static const mbedtls_mpi_uint secp192k1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2282 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33),
2283 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85),
2284 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2285};
2286static const mbedtls_mpi_uint secp192k1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2287 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F),
2288 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE),
2289 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2290};
2291static const mbedtls_mpi_uint secp192k1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2292 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1),
2293 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2),
2294 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2295};
2296static const mbedtls_mpi_uint secp192k1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2297 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14),
2298 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91),
2299 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2300};
2301static const mbedtls_mpi_uint secp192k1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2302 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33),
2303 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26),
2304 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2305};
2306static const mbedtls_mpi_uint secp192k1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2307 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E),
2308 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5),
2309 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2310};
2311static const mbedtls_mpi_uint secp192k1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2312 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4),
2313 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3),
2314 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2315};
2316static const mbedtls_mpi_uint secp192k1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2317 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9),
2318 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C),
2319 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2320};
2321static const mbedtls_mpi_uint secp192k1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2322 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5),
2323 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB),
2324 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2325};
2326static const mbedtls_mpi_uint secp192k1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2327 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55),
2328 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00),
2329 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2330};
2331static const mbedtls_mpi_uint secp192k1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2332 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7),
2333 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C),
2334 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2335};
2336static const mbedtls_mpi_uint secp192k1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2337 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4),
2338 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A),
2339 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2340};
2341static const mbedtls_mpi_uint secp192k1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2342 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A),
2343 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D),
2344 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2345};
2346static const mbedtls_mpi_uint secp192k1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2347 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A),
2348 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89),
2349 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2350};
2351static const mbedtls_mpi_uint secp192k1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2352 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6),
2353 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C),
2354 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2355};
2356static const mbedtls_mpi_uint secp192k1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2357 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7),
2358 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39),
2359 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2360};
2361static const mbedtls_mpi_uint secp192k1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2362 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D),
2363 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB),
2364 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2365};
2366static const mbedtls_mpi_uint secp192k1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2367 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66),
2368 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58),
2369 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2370};
2371static const mbedtls_mpi_uint secp192k1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2372 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0),
2373 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5),
2374 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2375};
2376static const mbedtls_mpi_uint secp192k1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2377 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87),
2378 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7),
2379 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2380};
2381static const mbedtls_ecp_point secp192k1_T[16] = {
2382 ECP_POINT_INIT_XY_Z1(secp192k1_T_0_X, secp192k1_T_0_Y),
2383 ECP_POINT_INIT_XY_Z0(secp192k1_T_1_X, secp192k1_T_1_Y),
2384 ECP_POINT_INIT_XY_Z0(secp192k1_T_2_X, secp192k1_T_2_Y),
2385 ECP_POINT_INIT_XY_Z0(secp192k1_T_3_X, secp192k1_T_3_Y),
2386 ECP_POINT_INIT_XY_Z0(secp192k1_T_4_X, secp192k1_T_4_Y),
2387 ECP_POINT_INIT_XY_Z0(secp192k1_T_5_X, secp192k1_T_5_Y),
2388 ECP_POINT_INIT_XY_Z0(secp192k1_T_6_X, secp192k1_T_6_Y),
2389 ECP_POINT_INIT_XY_Z0(secp192k1_T_7_X, secp192k1_T_7_Y),
2390 ECP_POINT_INIT_XY_Z0(secp192k1_T_8_X, secp192k1_T_8_Y),
2391 ECP_POINT_INIT_XY_Z0(secp192k1_T_9_X, secp192k1_T_9_Y),
2392 ECP_POINT_INIT_XY_Z0(secp192k1_T_10_X, secp192k1_T_10_Y),
2393 ECP_POINT_INIT_XY_Z0(secp192k1_T_11_X, secp192k1_T_11_Y),
2394 ECP_POINT_INIT_XY_Z0(secp192k1_T_12_X, secp192k1_T_12_Y),
2395 ECP_POINT_INIT_XY_Z0(secp192k1_T_13_X, secp192k1_T_13_Y),
2396 ECP_POINT_INIT_XY_Z0(secp192k1_T_14_X, secp192k1_T_14_Y),
2397 ECP_POINT_INIT_XY_Z0(secp192k1_T_15_X, secp192k1_T_15_Y),
2398};
2399#else
2400#define secp192k1_T NULL
2401#endif
2402
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2403#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2404
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2405#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
2406static const mbedtls_mpi_uint secp224k1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2407 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
2408 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2409 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2410 MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2411};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2412static const mbedtls_mpi_uint secp224k1_a[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2413 MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2414};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2415static const mbedtls_mpi_uint secp224k1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2416 MBEDTLS_BYTES_TO_T_UINT_2(0x05, 0x00),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2417};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2418static const mbedtls_mpi_uint secp224k1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2419 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F),
2420 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69),
2421 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D),
2422 MBEDTLS_BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2423};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2424static const mbedtls_mpi_uint secp224k1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2425 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2),
2426 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7),
2427 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F),
2428 MBEDTLS_BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2429};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2430static const mbedtls_mpi_uint secp224k1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2431 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA),
2432 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00),
2433 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
2434 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2435};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2436
2437#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2438static const mbedtls_mpi_uint secp224k1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2439 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F),
2440 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69),
2441 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D),
2442 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2443};
2444static const mbedtls_mpi_uint secp224k1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2445 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2),
2446 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7),
2447 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F),
2448 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2449};
2450static const mbedtls_mpi_uint secp224k1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2451 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A),
2452 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B),
2453 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED),
2454 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2455};
2456static const mbedtls_mpi_uint secp224k1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2457 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30),
2458 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98),
2459 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E),
2460 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2461};
2462static const mbedtls_mpi_uint secp224k1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2463 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56),
2464 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC),
2465 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98),
2466 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2467};
2468static const mbedtls_mpi_uint secp224k1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2469 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD),
2470 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65),
2471 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B),
2472 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2473};
2474static const mbedtls_mpi_uint secp224k1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2475 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E),
2476 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85),
2477 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37),
2478 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2479};
2480static const mbedtls_mpi_uint secp224k1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2481 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A),
2482 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23),
2483 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE),
2484 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2485};
2486static const mbedtls_mpi_uint secp224k1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2487 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66),
2488 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41),
2489 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7),
2490 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2491};
2492static const mbedtls_mpi_uint secp224k1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2493 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D),
2494 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD),
2495 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E),
2496 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2497};
2498static const mbedtls_mpi_uint secp224k1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2499 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F),
2500 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70),
2501 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81),
2502 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2503};
2504static const mbedtls_mpi_uint secp224k1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2505 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD),
2506 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F),
2507 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74),
2508 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2509};
2510static const mbedtls_mpi_uint secp224k1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2511 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77),
2512 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52),
2513 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED),
2514 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2515};
2516static const mbedtls_mpi_uint secp224k1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2517 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82),
2518 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A),
2519 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44),
2520 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2521};
2522static const mbedtls_mpi_uint secp224k1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2523 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21),
2524 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE),
2525 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE),
2526 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2527};
2528static const mbedtls_mpi_uint secp224k1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2529 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78),
2530 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43),
2531 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8),
2532 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2533};
2534static const mbedtls_mpi_uint secp224k1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2535 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01),
2536 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D),
2537 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1),
2538 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2539};
2540static const mbedtls_mpi_uint secp224k1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2541 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB),
2542 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8),
2543 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41),
2544 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2545};
2546static const mbedtls_mpi_uint secp224k1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2547 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32),
2548 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0),
2549 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F),
2550 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2551};
2552static const mbedtls_mpi_uint secp224k1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2553 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF),
2554 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED),
2555 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06),
2556 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2557};
2558static const mbedtls_mpi_uint secp224k1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2559 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E),
2560 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9),
2561 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52),
2562 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2563};
2564static const mbedtls_mpi_uint secp224k1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2565 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41),
2566 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9),
2567 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64),
2568 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2569};
2570static const mbedtls_mpi_uint secp224k1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2571 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14),
2572 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5),
2573 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E),
2574 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2575};
2576static const mbedtls_mpi_uint secp224k1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2577 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1),
2578 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE),
2579 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA),
2580 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2581};
2582static const mbedtls_mpi_uint secp224k1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2583 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61),
2584 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50),
2585 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65),
2586 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2587};
2588static const mbedtls_mpi_uint secp224k1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2589 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C),
2590 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67),
2591 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A),
2592 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2593};
2594static const mbedtls_mpi_uint secp224k1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2595 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0),
2596 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F),
2597 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED),
2598 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2599};
2600static const mbedtls_mpi_uint secp224k1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2601 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9),
2602 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31),
2603 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC),
2604 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2605};
2606static const mbedtls_mpi_uint secp224k1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2607 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93),
2608 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A),
2609 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9),
2610 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2611};
2612static const mbedtls_mpi_uint secp224k1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2613 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6),
2614 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68),
2615 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44),
2616 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2617};
2618static const mbedtls_mpi_uint secp224k1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2619 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03),
2620 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F),
2621 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF),
2622 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2623};
2624static const mbedtls_mpi_uint secp224k1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2625 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8),
2626 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38),
2627 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE),
2628 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2629};
2630static const mbedtls_ecp_point secp224k1_T[16] = {
2631 ECP_POINT_INIT_XY_Z1(secp224k1_T_0_X, secp224k1_T_0_Y),
2632 ECP_POINT_INIT_XY_Z0(secp224k1_T_1_X, secp224k1_T_1_Y),
2633 ECP_POINT_INIT_XY_Z0(secp224k1_T_2_X, secp224k1_T_2_Y),
2634 ECP_POINT_INIT_XY_Z0(secp224k1_T_3_X, secp224k1_T_3_Y),
2635 ECP_POINT_INIT_XY_Z0(secp224k1_T_4_X, secp224k1_T_4_Y),
2636 ECP_POINT_INIT_XY_Z0(secp224k1_T_5_X, secp224k1_T_5_Y),
2637 ECP_POINT_INIT_XY_Z0(secp224k1_T_6_X, secp224k1_T_6_Y),
2638 ECP_POINT_INIT_XY_Z0(secp224k1_T_7_X, secp224k1_T_7_Y),
2639 ECP_POINT_INIT_XY_Z0(secp224k1_T_8_X, secp224k1_T_8_Y),
2640 ECP_POINT_INIT_XY_Z0(secp224k1_T_9_X, secp224k1_T_9_Y),
2641 ECP_POINT_INIT_XY_Z0(secp224k1_T_10_X, secp224k1_T_10_Y),
2642 ECP_POINT_INIT_XY_Z0(secp224k1_T_11_X, secp224k1_T_11_Y),
2643 ECP_POINT_INIT_XY_Z0(secp224k1_T_12_X, secp224k1_T_12_Y),
2644 ECP_POINT_INIT_XY_Z0(secp224k1_T_13_X, secp224k1_T_13_Y),
2645 ECP_POINT_INIT_XY_Z0(secp224k1_T_14_X, secp224k1_T_14_Y),
2646 ECP_POINT_INIT_XY_Z0(secp224k1_T_15_X, secp224k1_T_15_Y),
2647};
2648#else
2649#define secp224k1_T NULL
2650#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2651#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2652
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2653#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
2654static const mbedtls_mpi_uint secp256k1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2655 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
2656 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2657 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2658 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2659};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2660static const mbedtls_mpi_uint secp256k1_a[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2661 MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2662};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2663static const mbedtls_mpi_uint secp256k1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2664 MBEDTLS_BYTES_TO_T_UINT_2(0x07, 0x00),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2665};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2666static const mbedtls_mpi_uint secp256k1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2667 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59),
2668 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02),
2669 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55),
2670 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2671};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2672static const mbedtls_mpi_uint secp256k1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2673 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C),
2674 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD),
2675 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D),
2676 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2677};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2678static const mbedtls_mpi_uint secp256k1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2679 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF),
2680 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA),
2681 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2682 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2683};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2684
2685#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2686static const mbedtls_mpi_uint secp256k1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2687 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59),
2688 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02),
2689 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55),
2690 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2691};
2692static const mbedtls_mpi_uint secp256k1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2693 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C),
2694 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD),
2695 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D),
2696 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2697};
2698static const mbedtls_mpi_uint secp256k1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2699 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74),
2700 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78),
2701 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73),
2702 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2703};
2704static const mbedtls_mpi_uint secp256k1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2705 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3),
2706 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E),
2707 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14),
2708 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2709};
2710static const mbedtls_mpi_uint secp256k1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2711 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D),
2712 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91),
2713 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58),
2714 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2715};
2716static const mbedtls_mpi_uint secp256k1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2717 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A),
2718 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56),
2719 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC),
2720 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2721};
2722static const mbedtls_mpi_uint secp256k1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2723 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD),
2724 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50),
2725 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C),
2726 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2727};
2728static const mbedtls_mpi_uint secp256k1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2729 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90),
2730 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2),
2731 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA),
2732 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2733};
2734static const mbedtls_mpi_uint secp256k1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2735 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90),
2736 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85),
2737 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85),
2738 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2739};
2740static const mbedtls_mpi_uint secp256k1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2741 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78),
2742 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34),
2743 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53),
2744 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2745};
2746static const mbedtls_mpi_uint secp256k1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2747 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96),
2748 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E),
2749 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA),
2750 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2751};
2752static const mbedtls_mpi_uint secp256k1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2753 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0),
2754 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32),
2755 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22),
2756 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2757};
2758static const mbedtls_mpi_uint secp256k1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2759 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8),
2760 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77),
2761 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5),
2762 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2763};
2764static const mbedtls_mpi_uint secp256k1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2765 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB),
2766 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25),
2767 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F),
2768 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2769};
2770static const mbedtls_mpi_uint secp256k1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2771 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45),
2772 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D),
2773 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86),
2774 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2775};
2776static const mbedtls_mpi_uint secp256k1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2777 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2),
2778 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F),
2779 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42),
2780 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2781};
2782static const mbedtls_mpi_uint secp256k1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2783 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA),
2784 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7),
2785 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8),
2786 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2787};
2788static const mbedtls_mpi_uint secp256k1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2789 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C),
2790 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A),
2791 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86),
2792 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2793};
2794static const mbedtls_mpi_uint secp256k1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2795 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82),
2796 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72),
2797 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19),
2798 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2799};
2800static const mbedtls_mpi_uint secp256k1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2801 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3),
2802 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2),
2803 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54),
2804 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2805};
2806static const mbedtls_mpi_uint secp256k1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2807 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA),
2808 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA),
2809 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7),
2810 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2811};
2812static const mbedtls_mpi_uint secp256k1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2813 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75),
2814 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6),
2815 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67),
2816 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2817};
2818static const mbedtls_mpi_uint secp256k1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2819 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA),
2820 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05),
2821 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7),
2822 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2823};
2824static const mbedtls_mpi_uint secp256k1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2825 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F),
2826 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D),
2827 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE),
2828 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2829};
2830static const mbedtls_mpi_uint secp256k1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2831 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B),
2832 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D),
2833 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19),
2834 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2835};
2836static const mbedtls_mpi_uint secp256k1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2837 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D),
2838 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43),
2839 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A),
2840 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2841};
2842static const mbedtls_mpi_uint secp256k1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2843 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A),
2844 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D),
2845 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F),
2846 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2847};
2848static const mbedtls_mpi_uint secp256k1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2849 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59),
2850 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9),
2851 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8),
2852 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2853};
2854static const mbedtls_mpi_uint secp256k1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2855 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57),
2856 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6),
2857 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B),
2858 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2859};
2860static const mbedtls_mpi_uint secp256k1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2861 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F),
2862 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA),
2863 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C),
2864 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2865};
2866static const mbedtls_mpi_uint secp256k1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2867 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11),
2868 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC),
2869 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56),
2870 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2871};
2872static const mbedtls_mpi_uint secp256k1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2873 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C),
2874 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2),
2875 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95),
2876 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2877};
2878static const mbedtls_ecp_point secp256k1_T[16] = {
2879 ECP_POINT_INIT_XY_Z1(secp256k1_T_0_X, secp256k1_T_0_Y),
2880 ECP_POINT_INIT_XY_Z0(secp256k1_T_1_X, secp256k1_T_1_Y),
2881 ECP_POINT_INIT_XY_Z0(secp256k1_T_2_X, secp256k1_T_2_Y),
2882 ECP_POINT_INIT_XY_Z0(secp256k1_T_3_X, secp256k1_T_3_Y),
2883 ECP_POINT_INIT_XY_Z0(secp256k1_T_4_X, secp256k1_T_4_Y),
2884 ECP_POINT_INIT_XY_Z0(secp256k1_T_5_X, secp256k1_T_5_Y),
2885 ECP_POINT_INIT_XY_Z0(secp256k1_T_6_X, secp256k1_T_6_Y),
2886 ECP_POINT_INIT_XY_Z0(secp256k1_T_7_X, secp256k1_T_7_Y),
2887 ECP_POINT_INIT_XY_Z0(secp256k1_T_8_X, secp256k1_T_8_Y),
2888 ECP_POINT_INIT_XY_Z0(secp256k1_T_9_X, secp256k1_T_9_Y),
2889 ECP_POINT_INIT_XY_Z0(secp256k1_T_10_X, secp256k1_T_10_Y),
2890 ECP_POINT_INIT_XY_Z0(secp256k1_T_11_X, secp256k1_T_11_Y),
2891 ECP_POINT_INIT_XY_Z0(secp256k1_T_12_X, secp256k1_T_12_Y),
2892 ECP_POINT_INIT_XY_Z0(secp256k1_T_13_X, secp256k1_T_13_Y),
2893 ECP_POINT_INIT_XY_Z0(secp256k1_T_14_X, secp256k1_T_14_Y),
2894 ECP_POINT_INIT_XY_Z0(secp256k1_T_15_X, secp256k1_T_15_Y),
2895};
2896#else
2897#define secp256k1_T NULL
2898#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2899#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2900
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]2901/*
2902 * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
2903 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2904#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
2905static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2906 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20),
2907 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E),
2908 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
2909 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2910};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2911static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2912 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9),
2913 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB),
2914 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE),
2915 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2916};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2917static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2918 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B),
2919 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95),
2920 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3),
2921 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2922};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2923static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2924 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A),
2925 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9),
2926 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C),
2927 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2928};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2929static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2930 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C),
2931 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2),
2932 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97),
2933 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2934};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2935static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2936 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90),
2937 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C),
2938 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
2939 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2940};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2941
2942#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2943static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2944 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A),
2945 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9),
2946 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C),
2947 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2948};
2949static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2950 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C),
2951 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2),
2952 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97),
2953 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2954};
2955static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2956 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5),
2957 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1),
2958 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB),
2959 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2960};
2961static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2962 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38),
2963 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E),
2964 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB),
2965 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2966};
2967static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2968 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17),
2969 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93),
2970 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C),
2971 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2972};
2973static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2974 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B),
2975 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4),
2976 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6),
2977 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2978};
2979static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2980 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C),
2981 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0),
2982 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D),
2983 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2984};
2985static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2986 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3),
2987 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02),
2988 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8),
2989 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2990};
2991static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2992 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04),
2993 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74),
2994 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40),
2995 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2996};
2997static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]2998 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD),
2999 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47),
3000 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9),
3001 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3002};
3003static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3004 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20),
3005 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E),
3006 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7),
3007 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3008};
3009static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3010 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7),
3011 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92),
3012 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69),
3013 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3014};
3015static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3016 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E),
3017 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D),
3018 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B),
3019 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3020};
3021static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3022 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8),
3023 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA),
3024 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD),
3025 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3026};
3027static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3028 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09),
3029 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7),
3030 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A),
3031 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3032};
3033static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3034 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52),
3035 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3),
3036 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3),
3037 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3038};
3039static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3040 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA),
3041 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E),
3042 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C),
3043 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3044};
3045static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3046 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57),
3047 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C),
3048 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD),
3049 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3050};
3051static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3052 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2),
3053 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F),
3054 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F),
3055 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3056};
3057static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3058 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C),
3059 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09),
3060 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60),
3061 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3062};
3063static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3064 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7),
3065 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10),
3066 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1),
3067 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3068};
3069static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3070 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A),
3071 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45),
3072 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D),
3073 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3074};
3075static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3076 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84),
3077 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E),
3078 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE),
3079 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3080};
3081static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3082 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2),
3083 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5),
3084 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8),
3085 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3086};
3087static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3088 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33),
3089 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2),
3090 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12),
3091 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3092};
3093static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3094 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F),
3095 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95),
3096 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18),
3097 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3098};
3099static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3100 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1),
3101 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10),
3102 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76),
3103 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3104};
3105static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3106 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24),
3107 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E),
3108 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B),
3109 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3110};
3111static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3112 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF),
3113 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48),
3114 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B),
3115 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3116};
3117static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3118 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38),
3119 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6),
3120 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D),
3121 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3122};
3123static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3124 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D),
3125 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40),
3126 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68),
3127 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3128};
3129static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3130 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD),
3131 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C),
3132 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45),
3133 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3134};
3135static const mbedtls_ecp_point brainpoolP256r1_T[16] = {
3136 ECP_POINT_INIT_XY_Z1(brainpoolP256r1_T_0_X, brainpoolP256r1_T_0_Y),
3137 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_1_X, brainpoolP256r1_T_1_Y),
3138 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_2_X, brainpoolP256r1_T_2_Y),
3139 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_3_X, brainpoolP256r1_T_3_Y),
3140 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_4_X, brainpoolP256r1_T_4_Y),
3141 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_5_X, brainpoolP256r1_T_5_Y),
3142 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_6_X, brainpoolP256r1_T_6_Y),
3143 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_7_X, brainpoolP256r1_T_7_Y),
3144 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_8_X, brainpoolP256r1_T_8_Y),
3145 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_9_X, brainpoolP256r1_T_9_Y),
3146 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_10_X, brainpoolP256r1_T_10_Y),
3147 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_11_X, brainpoolP256r1_T_11_Y),
3148 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_12_X, brainpoolP256r1_T_12_Y),
3149 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_13_X, brainpoolP256r1_T_13_Y),
3150 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_14_X, brainpoolP256r1_T_14_Y),
3151 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_15_X, brainpoolP256r1_T_15_Y),
3152};
3153#else
3154#define brainpoolP256r1_T NULL
3155#endif
3156
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3157#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3158
3159/*
3160 * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
3161 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3162#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
3163static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3164 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87),
3165 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC),
3166 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12),
3167 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
3168 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
3169 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3170};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3171static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3172 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
3173 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A),
3174 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13),
3175 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2),
3176 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C),
3177 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3178};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3179static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3180 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A),
3181 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C),
3182 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E),
3183 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F),
3184 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B),
3185 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3186};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3187static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3188 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF),
3189 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8),
3190 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB),
3191 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88),
3192 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2),
3193 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3194};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3195static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3196 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42),
3197 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E),
3198 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1),
3199 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62),
3200 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C),
3201 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3202};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3203static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3204 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B),
3205 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF),
3206 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F),
3207 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
3208 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
3209 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3210};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3211
3212#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
3213static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3214 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF),
3215 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8),
3216 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB),
3217 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88),
3218 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2),
3219 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3220};
3221static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3222 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42),
3223 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E),
3224 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1),
3225 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62),
3226 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C),
3227 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3228};
3229static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3230 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D),
3231 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03),
3232 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A),
3233 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3),
3234 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31),
3235 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3236};
3237static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3238 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19),
3239 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2),
3240 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4),
3241 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A),
3242 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04),
3243 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3244};
3245static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3246 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D),
3247 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF),
3248 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE),
3249 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27),
3250 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0),
3251 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3252};
3253static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3254 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC),
3255 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42),
3256 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0),
3257 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0),
3258 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B),
3259 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3260};
3261static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3262 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8),
3263 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08),
3264 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7),
3265 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82),
3266 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15),
3267 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3268};
3269static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3270 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA),
3271 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83),
3272 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7),
3273 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB),
3274 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81),
3275 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3276};
3277static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3278 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9),
3279 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97),
3280 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D),
3281 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62),
3282 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B),
3283 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3284};
3285static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3286 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02),
3287 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30),
3288 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A),
3289 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B),
3290 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B),
3291 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3292};
3293static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3294 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1),
3295 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1),
3296 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2),
3297 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF),
3298 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1),
3299 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3300};
3301static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3302 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26),
3303 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38),
3304 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE),
3305 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C),
3306 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF),
3307 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3308};
3309static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3310 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD),
3311 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1),
3312 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B),
3313 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9),
3314 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76),
3315 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3316};
3317static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3318 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26),
3319 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5),
3320 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B),
3321 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D),
3322 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58),
3323 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3324};
3325static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3326 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57),
3327 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61),
3328 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90),
3329 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5),
3330 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20),
3331 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3332};
3333static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3334 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41),
3335 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06),
3336 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A),
3337 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8),
3338 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03),
3339 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3340};
3341static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3342 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E),
3343 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11),
3344 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4),
3345 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23),
3346 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE),
3347 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3348};
3349static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3350 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8),
3351 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66),
3352 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0),
3353 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17),
3354 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75),
3355 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3356};
3357static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3358 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF),
3359 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F),
3360 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5),
3361 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2),
3362 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3),
3363 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3364};
3365static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3366 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94),
3367 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA),
3368 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8),
3369 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15),
3370 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13),
3371 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3372};
3373static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3374 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04),
3375 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E),
3376 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6),
3377 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E),
3378 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07),
3379 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3380};
3381static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3382 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF),
3383 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE),
3384 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1),
3385 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78),
3386 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28),
3387 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3388};
3389static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3390 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55),
3391 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F),
3392 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89),
3393 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE),
3394 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A),
3395 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3396};
3397static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3398 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C),
3399 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C),
3400 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9),
3401 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC),
3402 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C),
3403 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3404};
3405static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3406 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C),
3407 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98),
3408 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04),
3409 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C),
3410 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96),
3411 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3412};
3413static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3414 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6),
3415 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55),
3416 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94),
3417 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D),
3418 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD),
3419 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3420};
3421static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3422 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9),
3423 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3),
3424 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B),
3425 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF),
3426 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75),
3427 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3428};
3429static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3430 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA),
3431 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA),
3432 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6),
3433 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7),
3434 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72),
3435 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3436};
3437static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3438 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50),
3439 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29),
3440 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87),
3441 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB),
3442 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41),
3443 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3444};
3445static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3446 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14),
3447 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B),
3448 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5),
3449 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3),
3450 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28),
3451 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3452};
3453static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3454 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14),
3455 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC),
3456 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36),
3457 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA),
3458 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB),
3459 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3460};
3461static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3462 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD),
3463 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA),
3464 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52),
3465 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5),
3466 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD),
3467 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3468};
3469static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3470 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22),
3471 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA),
3472 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20),
3473 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3),
3474 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89),
3475 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3476};
3477static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3478 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D),
3479 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05),
3480 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D),
3481 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F),
3482 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06),
3483 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3484};
3485static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3486 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB),
3487 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF),
3488 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10),
3489 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C),
3490 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80),
3491 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3492};
3493static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3494 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA),
3495 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E),
3496 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83),
3497 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8),
3498 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5),
3499 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3500};
3501static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3502 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62),
3503 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1),
3504 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F),
3505 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E),
3506 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3),
3507 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3508};
3509static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3510 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C),
3511 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F),
3512 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C),
3513 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD),
3514 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F),
3515 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3516};
3517static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3518 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24),
3519 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC),
3520 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB),
3521 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF),
3522 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86),
3523 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3524};
3525static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3526 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15),
3527 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03),
3528 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B),
3529 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41),
3530 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB),
3531 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3532};
3533static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3534 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED),
3535 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63),
3536 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C),
3537 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91),
3538 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F),
3539 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3540};
3541static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3542 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC),
3543 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89),
3544 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9),
3545 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A),
3546 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6),
3547 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3548};
3549static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3550 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E),
3551 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8),
3552 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE),
3553 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94),
3554 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2),
3555 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3556};
3557static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3558 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42),
3559 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3),
3560 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D),
3561 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F),
3562 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F),
3563 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3564};
3565static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3566 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01),
3567 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3),
3568 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52),
3569 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02),
3570 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55),
3571 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3572};
3573static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3574 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07),
3575 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8),
3576 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C),
3577 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A),
3578 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6),
3579 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3580};
3581static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3582 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22),
3583 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61),
3584 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D),
3585 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8),
3586 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96),
3587 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3588};
3589static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3590 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E),
3591 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3),
3592 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F),
3593 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52),
3594 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC),
3595 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3596};
3597static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3598 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA),
3599 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7),
3600 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45),
3601 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F),
3602 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2),
3603 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3604};
3605static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3606 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31),
3607 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4),
3608 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62),
3609 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41),
3610 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71),
3611 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3612};
3613static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3614 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59),
3615 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7),
3616 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18),
3617 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C),
3618 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8),
3619 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3620};
3621static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3622 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB),
3623 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41),
3624 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6),
3625 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26),
3626 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5),
3627 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3628};
3629static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3630 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98),
3631 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3),
3632 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E),
3633 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62),
3634 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74),
3635 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3636};
3637static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3638 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F),
3639 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE),
3640 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7),
3641 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1),
3642 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84),
3643 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3644};
3645static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3646 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B),
3647 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23),
3648 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B),
3649 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B),
3650 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC),
3651 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3652};
3653static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3654 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A),
3655 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30),
3656 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD),
3657 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40),
3658 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49),
3659 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3660};
3661static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3662 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47),
3663 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50),
3664 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D),
3665 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15),
3666 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D),
3667 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3668};
3669static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3670 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB),
3671 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7),
3672 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32),
3673 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5),
3674 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5),
3675 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3676};
3677static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3678 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA),
3679 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A),
3680 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E),
3681 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D),
3682 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13),
3683 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3684};
3685static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3686 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30),
3687 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F),
3688 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE),
3689 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3),
3690 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8),
3691 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3692};
3693static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3694 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76),
3695 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA),
3696 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9),
3697 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D),
3698 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D),
3699 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3700};
3701static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3702 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F),
3703 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32),
3704 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83),
3705 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F),
3706 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C),
3707 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3708};
3709static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3710 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10),
3711 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64),
3712 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE),
3713 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32),
3714 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55),
3715 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3716};
3717static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3718 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65),
3719 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40),
3720 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F),
3721 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3),
3722 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10),
3723 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3724};
3725static const mbedtls_ecp_point brainpoolP384r1_T[32] = {
3726 ECP_POINT_INIT_XY_Z1(brainpoolP384r1_T_0_X, brainpoolP384r1_T_0_Y),
3727 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_1_X, brainpoolP384r1_T_1_Y),
3728 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_2_X, brainpoolP384r1_T_2_Y),
3729 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_3_X, brainpoolP384r1_T_3_Y),
3730 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_4_X, brainpoolP384r1_T_4_Y),
3731 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_5_X, brainpoolP384r1_T_5_Y),
3732 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_6_X, brainpoolP384r1_T_6_Y),
3733 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_7_X, brainpoolP384r1_T_7_Y),
3734 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_8_X, brainpoolP384r1_T_8_Y),
3735 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_9_X, brainpoolP384r1_T_9_Y),
3736 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_10_X, brainpoolP384r1_T_10_Y),
3737 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_11_X, brainpoolP384r1_T_11_Y),
3738 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_12_X, brainpoolP384r1_T_12_Y),
3739 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_13_X, brainpoolP384r1_T_13_Y),
3740 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_14_X, brainpoolP384r1_T_14_Y),
3741 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_15_X, brainpoolP384r1_T_15_Y),
3742 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_16_X, brainpoolP384r1_T_16_Y),
3743 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_17_X, brainpoolP384r1_T_17_Y),
3744 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_18_X, brainpoolP384r1_T_18_Y),
3745 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_19_X, brainpoolP384r1_T_19_Y),
3746 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_20_X, brainpoolP384r1_T_20_Y),
3747 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_21_X, brainpoolP384r1_T_21_Y),
3748 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_22_X, brainpoolP384r1_T_22_Y),
3749 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_23_X, brainpoolP384r1_T_23_Y),
3750 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_24_X, brainpoolP384r1_T_24_Y),
3751 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_25_X, brainpoolP384r1_T_25_Y),
3752 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_26_X, brainpoolP384r1_T_26_Y),
3753 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_27_X, brainpoolP384r1_T_27_Y),
3754 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_28_X, brainpoolP384r1_T_28_Y),
3755 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_29_X, brainpoolP384r1_T_29_Y),
3756 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_30_X, brainpoolP384r1_T_30_Y),
3757 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_31_X, brainpoolP384r1_T_31_Y),
3758};
3759#else
3760#define brainpoolP384r1_T NULL
3761#endif
3762
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3763#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3764
3765/*
3766 * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
3767 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3768#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
3769static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3770 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28),
3771 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28),
3772 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE),
3773 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D),
3774 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
3775 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
3776 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
3777 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3778};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3779static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3780 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7),
3781 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F),
3782 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A),
3783 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D),
3784 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8),
3785 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94),
3786 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2),
3787 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3788};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3789static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3790 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28),
3791 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98),
3792 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77),
3793 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B),
3794 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B),
3795 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8),
3796 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA),
3797 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3798};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3799static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3800 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B),
3801 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C),
3802 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50),
3803 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF),
3804 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4),
3805 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85),
3806 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A),
3807 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3808};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3809static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3810 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78),
3811 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1),
3812 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B),
3813 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2),
3814 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0),
3815 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2),
3816 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0),
3817 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3818};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3819static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3820 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5),
3821 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D),
3822 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41),
3823 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55),
3824 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
3825 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
3826 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
3827 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3828};
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3829
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3830#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
3831static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3832 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B),
3833 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C),
3834 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50),
3835 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF),
3836 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4),
3837 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85),
3838 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A),
3839 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3840};
3841static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3842 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78),
3843 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1),
3844 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B),
3845 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2),
3846 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0),
3847 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2),
3848 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0),
3849 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3850};
3851static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3852 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43),
3853 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37),
3854 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6),
3855 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33),
3856 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69),
3857 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B),
3858 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD),
3859 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3860};
3861static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3862 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0),
3863 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74),
3864 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B),
3865 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC),
3866 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91),
3867 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3),
3868 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42),
3869 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3870};
3871static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3872 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78),
3873 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B),
3874 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93),
3875 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B),
3876 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09),
3877 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4),
3878 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF),
3879 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3880};
3881static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3882 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69),
3883 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06),
3884 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B),
3885 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F),
3886 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15),
3887 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0),
3888 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA),
3889 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3890};
3891static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3892 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE),
3893 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D),
3894 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF),
3895 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B),
3896 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4),
3897 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B),
3898 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51),
3899 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3900};
3901static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3902 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6),
3903 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46),
3904 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A),
3905 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E),
3906 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE),
3907 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3),
3908 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C),
3909 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3910};
3911static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3912 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C),
3913 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1),
3914 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A),
3915 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8),
3916 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B),
3917 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5),
3918 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40),
3919 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3920};
3921static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3922 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66),
3923 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9),
3924 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82),
3925 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65),
3926 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B),
3927 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27),
3928 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4),
3929 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3930};
3931static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3932 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90),
3933 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1),
3934 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A),
3935 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA),
3936 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9),
3937 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B),
3938 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40),
3939 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3940};
3941static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3942 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F),
3943 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74),
3944 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9),
3945 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E),
3946 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A),
3947 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A),
3948 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD),
3949 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3950};
3951static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3952 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4),
3953 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68),
3954 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB),
3955 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F),
3956 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F),
3957 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B),
3958 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E),
3959 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3960};
3961static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3962 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3),
3963 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8),
3964 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5),
3965 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC),
3966 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F),
3967 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C),
3968 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4),
3969 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3970};
3971static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3972 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3),
3973 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9),
3974 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74),
3975 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD),
3976 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39),
3977 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0),
3978 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58),
3979 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3980};
3981static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3982 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5),
3983 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66),
3984 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B),
3985 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB),
3986 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73),
3987 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34),
3988 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94),
3989 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3990};
3991static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]3992 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9),
3993 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17),
3994 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03),
3995 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10),
3996 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D),
3997 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B),
3998 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28),
3999 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4000};
4001static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4002 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90),
4003 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE),
4004 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62),
4005 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F),
4006 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7),
4007 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B),
4008 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F),
4009 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4010};
4011static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4012 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65),
4013 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A),
4014 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD),
4015 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54),
4016 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69),
4017 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5),
4018 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2),
4019 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4020};
4021static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4022 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C),
4023 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A),
4024 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2),
4025 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7),
4026 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26),
4027 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB),
4028 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3),
4029 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4030};
4031static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4032 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83),
4033 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17),
4034 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A),
4035 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24),
4036 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05),
4037 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72),
4038 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB),
4039 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4040};
4041static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4042 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD),
4043 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61),
4044 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC),
4045 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55),
4046 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5),
4047 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD),
4048 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2),
4049 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4050};
4051static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4052 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0),
4053 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92),
4054 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9),
4055 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8),
4056 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF),
4057 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B),
4058 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4),
4059 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4060};
4061static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4062 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C),
4063 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A),
4064 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E),
4065 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B),
4066 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95),
4067 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92),
4068 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB),
4069 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4070};
4071static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4072 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19),
4073 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D),
4074 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5),
4075 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89),
4076 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA),
4077 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64),
4078 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0),
4079 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4080};
4081static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4082 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0),
4083 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6),
4084 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D),
4085 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51),
4086 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2),
4087 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC),
4088 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B),
4089 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4090};
4091static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4092 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2),
4093 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96),
4094 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA),
4095 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D),
4096 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F),
4097 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59),
4098 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F),
4099 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4100};
4101static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4102 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF),
4103 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52),
4104 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46),
4105 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED),
4106 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7),
4107 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62),
4108 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7),
4109 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4110};
4111static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4112 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8),
4113 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49),
4114 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C),
4115 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49),
4116 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA),
4117 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8),
4118 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99),
4119 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4120};
4121static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4122 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B),
4123 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F),
4124 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9),
4125 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F),
4126 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B),
4127 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E),
4128 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F),
4129 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4130};
4131static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4132 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA),
4133 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49),
4134 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4),
4135 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D),
4136 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C),
4137 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A),
4138 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE),
4139 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4140};
4141static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4142 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32),
4143 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32),
4144 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F),
4145 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E),
4146 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1),
4147 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52),
4148 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82),
4149 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4150};
4151static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4152 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0),
4153 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A),
4154 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B),
4155 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52),
4156 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27),
4157 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68),
4158 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D),
4159 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4160};
4161static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4162 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9),
4163 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9),
4164 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F),
4165 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D),
4166 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74),
4167 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8),
4168 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE),
4169 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4170};
4171static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4172 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81),
4173 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC),
4174 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E),
4175 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80),
4176 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C),
4177 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5),
4178 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E),
4179 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4180};
4181static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4182 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8),
4183 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF),
4184 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E),
4185 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A),
4186 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD),
4187 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED),
4188 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17),
4189 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4190};
4191static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4192 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35),
4193 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14),
4194 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4),
4195 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97),
4196 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8),
4197 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F),
4198 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD),
4199 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4200};
4201static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4202 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D),
4203 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25),
4204 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F),
4205 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A),
4206 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24),
4207 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A),
4208 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E),
4209 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4210};
4211static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4212 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69),
4213 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C),
4214 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8),
4215 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05),
4216 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF),
4217 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80),
4218 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D),
4219 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4220};
4221static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4222 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2),
4223 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4),
4224 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2),
4225 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90),
4226 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47),
4227 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23),
4228 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76),
4229 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4230};
4231static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4232 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5),
4233 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73),
4234 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2),
4235 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC),
4236 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0),
4237 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16),
4238 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16),
4239 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4240};
4241static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4242 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A),
4243 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5),
4244 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53),
4245 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1),
4246 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E),
4247 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC),
4248 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34),
4249 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4250};
4251static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4252 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2),
4253 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12),
4254 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B),
4255 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD),
4256 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B),
4257 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79),
4258 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7),
4259 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4260};
4261static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4262 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D),
4263 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81),
4264 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF),
4265 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF),
4266 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6),
4267 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3),
4268 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB),
4269 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4270};
4271static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4272 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5),
4273 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD),
4274 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57),
4275 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45),
4276 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2),
4277 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42),
4278 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE),
4279 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4280};
4281static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4282 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88),
4283 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93),
4284 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF),
4285 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75),
4286 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08),
4287 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86),
4288 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA),
4289 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4290};
4291static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4292 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4),
4293 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F),
4294 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC),
4295 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F),
4296 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E),
4297 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01),
4298 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B),
4299 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4300};
4301static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4302 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE),
4303 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2),
4304 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A),
4305 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41),
4306 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24),
4307 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24),
4308 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4),
4309 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4310};
4311static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4312 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70),
4313 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8),
4314 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6),
4315 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81),
4316 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53),
4317 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22),
4318 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68),
4319 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4320};
4321static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4322 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36),
4323 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06),
4324 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87),
4325 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75),
4326 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60),
4327 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9),
4328 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B),
4329 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4330};
4331static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4332 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB),
4333 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34),
4334 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA),
4335 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56),
4336 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84),
4337 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC),
4338 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3),
4339 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4340};
4341static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4342 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52),
4343 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7),
4344 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D),
4345 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79),
4346 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C),
4347 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14),
4348 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F),
4349 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4350};
4351static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4352 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F),
4353 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71),
4354 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD),
4355 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6),
4356 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A),
4357 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57),
4358 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6),
4359 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4360};
4361static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4362 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA),
4363 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82),
4364 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13),
4365 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95),
4366 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3),
4367 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A),
4368 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A),
4369 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4370};
4371static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4372 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05),
4373 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12),
4374 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0),
4375 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3),
4376 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A),
4377 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22),
4378 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB),
4379 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4380};
4381static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4382 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F),
4383 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A),
4384 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A),
4385 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7),
4386 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D),
4387 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44),
4388 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0),
4389 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4390};
4391static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4392 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42),
4393 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39),
4394 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF),
4395 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20),
4396 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D),
4397 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41),
4398 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1),
4399 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4400};
4401static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4402 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F),
4403 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A),
4404 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4),
4405 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53),
4406 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96),
4407 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD),
4408 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B),
4409 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4410};
4411static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4412 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6),
4413 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA),
4414 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4),
4415 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A),
4416 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE),
4417 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE),
4418 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06),
4419 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4420};
4421static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4422 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6),
4423 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC),
4424 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2),
4425 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D),
4426 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B),
4427 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13),
4428 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95),
4429 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4430};
4431static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4432 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3),
4433 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45),
4434 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98),
4435 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B),
4436 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD),
4437 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84),
4438 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B),
4439 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4440};
4441static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4442 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B),
4443 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43),
4444 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A),
4445 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11),
4446 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E),
4447 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC),
4448 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2),
4449 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4450};
4451static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4452 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63),
4453 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB),
4454 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A),
4455 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E),
4456 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB),
4457 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93),
4458 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08),
4459 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4460};
4461static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4462 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25),
4463 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C),
4464 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1),
4465 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9),
4466 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63),
4467 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1),
4468 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4),
4469 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4470};
4471static const mbedtls_ecp_point brainpoolP512r1_T[32] = {
4472 ECP_POINT_INIT_XY_Z1(brainpoolP512r1_T_0_X, brainpoolP512r1_T_0_Y),
4473 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_1_X, brainpoolP512r1_T_1_Y),
4474 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_2_X, brainpoolP512r1_T_2_Y),
4475 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_3_X, brainpoolP512r1_T_3_Y),
4476 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_4_X, brainpoolP512r1_T_4_Y),
4477 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_5_X, brainpoolP512r1_T_5_Y),
4478 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_6_X, brainpoolP512r1_T_6_Y),
4479 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_7_X, brainpoolP512r1_T_7_Y),
4480 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_8_X, brainpoolP512r1_T_8_Y),
4481 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_9_X, brainpoolP512r1_T_9_Y),
4482 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_10_X, brainpoolP512r1_T_10_Y),
4483 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_11_X, brainpoolP512r1_T_11_Y),
4484 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_12_X, brainpoolP512r1_T_12_Y),
4485 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_13_X, brainpoolP512r1_T_13_Y),
4486 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_14_X, brainpoolP512r1_T_14_Y),
4487 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_15_X, brainpoolP512r1_T_15_Y),
4488 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_16_X, brainpoolP512r1_T_16_Y),
4489 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_17_X, brainpoolP512r1_T_17_Y),
4490 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_18_X, brainpoolP512r1_T_18_Y),
4491 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_19_X, brainpoolP512r1_T_19_Y),
4492 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_20_X, brainpoolP512r1_T_20_Y),
4493 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_21_X, brainpoolP512r1_T_21_Y),
4494 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_22_X, brainpoolP512r1_T_22_Y),
4495 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_23_X, brainpoolP512r1_T_23_Y),
4496 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_24_X, brainpoolP512r1_T_24_Y),
4497 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_25_X, brainpoolP512r1_T_25_Y),
4498 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_26_X, brainpoolP512r1_T_26_Y),
4499 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_27_X, brainpoolP512r1_T_27_Y),
4500 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_28_X, brainpoolP512r1_T_28_Y),
4501 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_29_X, brainpoolP512r1_T_29_Y),
4502 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_30_X, brainpoolP512r1_T_30_Y),
4503 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_31_X, brainpoolP512r1_T_31_Y),
4504};
4505#else
4506#define brainpoolP512r1_T NULL
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4507#endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4508#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4509
Minos Galanakise9fa7a72023-01-18 09:46:52 +0000[diff] [blame]4510
4511#if defined(ECP_LOAD_GROUP) || defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
4512 defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4513/*
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4514 * Create an MPI from embedded constants
Dave Rodgman6dd757a2023-02-02 12:40:50 +0000[diff] [blame]4515 * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint))
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4516 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4517static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4518{
4519 X->s = 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4520 X->n = len / sizeof(mbedtls_mpi_uint);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4521 X->p = (mbedtls_mpi_uint *) p;
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4522}
Minos Galanakise9fa7a72023-01-18 09:46:52 +0000[diff] [blame]4523#endif
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4524
Minos Galanakise9fa7a72023-01-18 09:46:52 +0000[diff] [blame]4525#if defined(ECP_LOAD_GROUP)
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4526/*
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4527 * Set an MPI to static value 1
4528 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4529static inline void ecp_mpi_set1(mbedtls_mpi *X)
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4530{
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4531 X->s = 1;
4532 X->n = 1;
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4533 X->p = mpi_one;
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4534}
4535
4536/*
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4537 * Make group available from embedded constants
4538 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4539static int ecp_group_load(mbedtls_ecp_group *grp,
4540 const mbedtls_mpi_uint *p, size_t plen,
4541 const mbedtls_mpi_uint *a, size_t alen,
4542 const mbedtls_mpi_uint *b, size_t blen,
4543 const mbedtls_mpi_uint *gx, size_t gxlen,
4544 const mbedtls_mpi_uint *gy, size_t gylen,
4545 const mbedtls_mpi_uint *n, size_t nlen,
4546 const mbedtls_ecp_point *T)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4547{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4548 ecp_mpi_load(&grp->P, p, plen);
4549 if (a != NULL) {
4550 ecp_mpi_load(&grp->A, a, alen);
4551 }
4552 ecp_mpi_load(&grp->B, b, blen);
4553 ecp_mpi_load(&grp->N, n, nlen);
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4554
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4555 ecp_mpi_load(&grp->G.X, gx, gxlen);
4556 ecp_mpi_load(&grp->G.Y, gy, gylen);
4557 ecp_mpi_set1(&grp->G.Z);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4558
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4559 grp->pbits = mbedtls_mpi_bitlen(&grp->P);
4560 grp->nbits = mbedtls_mpi_bitlen(&grp->N);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4561
Manuel Pégourié-Gonnard1f82b042013-12-06 12:51:50 +0100[diff] [blame]4562 grp->h = 1;
4563
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4564 grp->T = (mbedtls_ecp_point *) T;
4565 /*
4566 * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free.
4567 */
4568 grp->T_size = 0;
4569
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4570 return 0;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4571}
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4572#endif /* ECP_LOAD_GROUP */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4573
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4574#if defined(MBEDTLS_ECP_NIST_OPTIM)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4575/* Forward declarations */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4576#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4577static int ecp_mod_p192(mbedtls_mpi *);
Gabor Mezeideece2b2023-01-25 17:57:36 +0100[diff] [blame]4578MBEDTLS_STATIC_TESTABLE
Gabor Mezei2038ce92023-01-31 14:33:12 +0100[diff] [blame]4579int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn);
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4580#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4581#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4582static int ecp_mod_p224(mbedtls_mpi *);
Gabor Mezeie14b5bd2023-02-08 17:23:03 +0100[diff] [blame]4583MBEDTLS_STATIC_TESTABLE
Gabor Mezeiaeadc2d2023-03-01 16:53:03 +0100[diff] [blame]4584int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs);
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4585#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4586#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4587static int ecp_mod_p256(mbedtls_mpi *);
Gabor Mezei5221c042023-03-01 16:05:21 +0100[diff] [blame]4588MBEDTLS_STATIC_TESTABLE
Gabor Mezeied1acf62023-03-01 16:09:13 +0100[diff] [blame]4589int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs);
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4590#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4591#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4592static int ecp_mod_p384(mbedtls_mpi *);
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]4593MBEDTLS_STATIC_TESTABLE
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]4594int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs);
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4595#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4596#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4597static int ecp_mod_p521(mbedtls_mpi *);
Gabor Mezei2cb630e2023-02-01 14:02:16 +0100[diff] [blame]4598MBEDTLS_STATIC_TESTABLE
Gabor Mezeib62ad5d2023-02-06 17:13:02 +0100[diff] [blame]4599int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n);
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4600#endif
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4601
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4602#define NIST_MODP(P) grp->modp = ecp_mod_ ## P;
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4603#else
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4604#define NIST_MODP(P)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4605#endif /* MBEDTLS_ECP_NIST_OPTIM */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4606
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4607/* Additional forward declarations */
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4608#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4609static int ecp_mod_p255(mbedtls_mpi *);
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4610#endif
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4611#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4612static int ecp_mod_p448(mbedtls_mpi *);
Paul Elliott47a3c822023-04-23 23:18:50 +0100[diff] [blame]4613MBEDTLS_STATIC_TESTABLE
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]4614int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *, size_t);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4615#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4616#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4617static int ecp_mod_p192k1(mbedtls_mpi *);
Gabor Mezei0a11ee62023-04-11 18:02:33 +0200[diff] [blame]4618MBEDTLS_STATIC_TESTABLE
Gabor Mezeidacfe562023-05-02 14:05:13 +0200[diff] [blame]4619int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4620#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4621#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
Minos Galanakis9d808792023-04-13 12:22:41 +0100[diff] [blame]4622static int ecp_mod_p224k1(mbedtls_mpi *);
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]4623MBEDTLS_STATIC_TESTABLE
Gabor Mezeie42bb622023-05-02 14:10:57 +0200[diff] [blame]4624int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4625#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4626#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4627static int ecp_mod_p256k1(mbedtls_mpi *);
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]4628MBEDTLS_STATIC_TESTABLE
Gabor Mezei03558b82023-05-02 14:12:25 +0200[diff] [blame]4629int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4630#endif
4631
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4632#if defined(ECP_LOAD_GROUP)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4633#define LOAD_GROUP_A(G) ecp_group_load(grp, \
4634 G ## _p, sizeof(G ## _p), \
4635 G ## _a, sizeof(G ## _a), \
4636 G ## _b, sizeof(G ## _b), \
4637 G ## _gx, sizeof(G ## _gx), \
4638 G ## _gy, sizeof(G ## _gy), \
4639 G ## _n, sizeof(G ## _n), \
4640 G ## _T \
4641 )
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4642
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4643#define LOAD_GROUP(G) ecp_group_load(grp, \
4644 G ## _p, sizeof(G ## _p), \
4645 NULL, 0, \
4646 G ## _b, sizeof(G ## _b), \
4647 G ## _gx, sizeof(G ## _gx), \
4648 G ## _gy, sizeof(G ## _gy), \
4649 G ## _n, sizeof(G ## _n), \
4650 G ## _T \
4651 )
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4652#endif /* ECP_LOAD_GROUP */
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4653
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4654#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4655/* Constants used by ecp_use_curve25519() */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4656static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42;
Minos Galanakisbececeb2023-01-16 16:16:49 +0000[diff] [blame]4657
4658/* P = 2^255 - 19 */
4659static const mbedtls_mpi_uint curve25519_p[] = {
4660 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4661 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4662 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4663 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X7F)
4664};
4665
4666/* N = 2^252 + 27742317777372353535851937790883648493 */
4667static const mbedtls_mpi_uint curve25519_n[] = {
4668 MBEDTLS_BYTES_TO_T_UINT_8(0XED, 0XD3, 0XF5, 0X5C, 0X1A, 0X63, 0X12, 0X58),
4669 MBEDTLS_BYTES_TO_T_UINT_8(0XD6, 0X9C, 0XF7, 0XA2, 0XDE, 0XF9, 0XDE, 0X14),
4670 MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0x00, 0x00, 0x00, 0x00),
4671 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4672};
4673
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4674/*
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4675 * Specialized function for creating the Curve25519 group
4676 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4677static int ecp_use_curve25519(mbedtls_ecp_group *grp)
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4678{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4679 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4680
4681 /* Actually ( A + 2 ) / 4 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4682 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24));
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4683
Minos Galanakisbececeb2023-01-16 16:16:49 +0000[diff] [blame]4684 ecp_mpi_load(&grp->P, curve25519_p, sizeof(curve25519_p));
4685
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4686 grp->pbits = mbedtls_mpi_bitlen(&grp->P);
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4687
Minos Galanakisbececeb2023-01-16 16:16:49 +0000[diff] [blame]4688 ecp_mpi_load(&grp->N, curve25519_n, sizeof(curve25519_n));
Nicholas Wilson54fc34e2016-05-16 15:15:45 +0100[diff] [blame]4689
Manuel Pégourié-Gonnard18b78432018-03-28 11:14:06 +0200[diff] [blame]4690 /* Y intentionally not set, since we use x/z coordinates.
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]4691 * This is used as a marker to identify Montgomery curves! */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4692 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9));
4693 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
4694 mbedtls_mpi_free(&grp->G.Y);
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]4695
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4696 /* Actually, the required msb for private keys */
4697 grp->nbits = 254;
4698
4699cleanup:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4700 if (ret != 0) {
4701 mbedtls_ecp_group_free(grp);
4702 }
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4703
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4704 return ret;
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4705}
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4706#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4707
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4708#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4709/* Constants used by ecp_use_curve448() */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4710static const mbedtls_mpi_sint curve448_a24 = 0x98AA;
Minos Galanakis146fed92023-01-16 17:17:08 +0000[diff] [blame]4711
4712/* P = 2^448 - 2^224 - 1 */
4713static const mbedtls_mpi_uint curve448_p[] = {
4714 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4715 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4716 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4717 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFE, 0XFF, 0XFF, 0XFF),
4718 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4719 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4720 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4721 MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00)
4722};
4723
4724/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
4725static const mbedtls_mpi_uint curve448_n[] = {
4726 MBEDTLS_BYTES_TO_T_UINT_8(0XF3, 0X44, 0X58, 0XAB, 0X92, 0XC2, 0X78, 0X23),
4727 MBEDTLS_BYTES_TO_T_UINT_8(0X55, 0X8F, 0XC5, 0X8D, 0X72, 0XC2, 0X6C, 0X21),
4728 MBEDTLS_BYTES_TO_T_UINT_8(0X90, 0X36, 0XD6, 0XAE, 0X49, 0XDB, 0X4E, 0XC4),
4729 MBEDTLS_BYTES_TO_T_UINT_8(0XE9, 0X23, 0XCA, 0X7C, 0XFF, 0XFF, 0XFF, 0XFF),
4730 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4731 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
4732 MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X3F),
4733 MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4734};
4735
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4736/*
4737 * Specialized function for creating the Curve448 group
4738 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4739static int ecp_use_curve448(mbedtls_ecp_group *grp)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4740{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4741 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4742
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4743 /* Actually ( A + 2 ) / 4 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4744 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4745
Minos Galanakis146fed92023-01-16 17:17:08 +0000[diff] [blame]4746 ecp_mpi_load(&grp->P, curve448_p, sizeof(curve448_p));
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4747 grp->pbits = mbedtls_mpi_bitlen(&grp->P);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4748
4749 /* Y intentionally not set, since we use x/z coordinates.
4750 * This is used as a marker to identify Montgomery curves! */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4751 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5));
4752 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
4753 mbedtls_mpi_free(&grp->G.Y);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4754
Minos Galanakis146fed92023-01-16 17:17:08 +0000[diff] [blame]4755 ecp_mpi_load(&grp->N, curve448_n, sizeof(curve448_n));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4756
4757 /* Actually, the required msb for private keys */
4758 grp->nbits = 447;
4759
4760cleanup:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4761 if (ret != 0) {
4762 mbedtls_ecp_group_free(grp);
4763 }
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4764
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4765 return ret;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4766}
4767#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
4768
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4769/*
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4770 * Set a group using well-known domain parameters
4771 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4772int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4773{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4774 ECP_VALIDATE_RET(grp != NULL);
4775 mbedtls_ecp_group_free(grp);
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4776
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4777 mbedtls_ecp_group_init(grp);
Pol Henarejosb101cb62022-05-06 18:43:58 +0200[diff] [blame]4778
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4779 grp->id = id;
4780
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4781 switch (id) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4782#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
4783 case MBEDTLS_ECP_DP_SECP192R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4784 NIST_MODP(p192);
4785 return LOAD_GROUP(secp192r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4786#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4787
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4788#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
4789 case MBEDTLS_ECP_DP_SECP224R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4790 NIST_MODP(p224);
4791 return LOAD_GROUP(secp224r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4792#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4793
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4794#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
4795 case MBEDTLS_ECP_DP_SECP256R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4796 NIST_MODP(p256);
4797 return LOAD_GROUP(secp256r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4798#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4799
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4800#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
4801 case MBEDTLS_ECP_DP_SECP384R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4802 NIST_MODP(p384);
4803 return LOAD_GROUP(secp384r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4804#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4805
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4806#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
4807 case MBEDTLS_ECP_DP_SECP521R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4808 NIST_MODP(p521);
4809 return LOAD_GROUP(secp521r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4810#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4811
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4812#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
4813 case MBEDTLS_ECP_DP_SECP192K1:
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4814 grp->modp = ecp_mod_p192k1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4815 return LOAD_GROUP_A(secp192k1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4816#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]4817
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4818#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
4819 case MBEDTLS_ECP_DP_SECP224K1:
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4820 grp->modp = ecp_mod_p224k1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4821 return LOAD_GROUP_A(secp224k1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4822#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]4823
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4824#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
4825 case MBEDTLS_ECP_DP_SECP256K1:
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4826 grp->modp = ecp_mod_p256k1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4827 return LOAD_GROUP_A(secp256k1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4828#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]4829
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4830#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
4831 case MBEDTLS_ECP_DP_BP256R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4832 return LOAD_GROUP_A(brainpoolP256r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4833#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4834
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4835#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
4836 case MBEDTLS_ECP_DP_BP384R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4837 return LOAD_GROUP_A(brainpoolP384r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4838#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4839
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4840#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
4841 case MBEDTLS_ECP_DP_BP512R1:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4842 return LOAD_GROUP_A(brainpoolP512r1);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4843#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4844
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4845#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
4846 case MBEDTLS_ECP_DP_CURVE25519:
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4847 grp->modp = ecp_mod_p255;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4848 return ecp_use_curve25519(grp);
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4849#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4850
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4851#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
4852 case MBEDTLS_ECP_DP_CURVE448:
4853 grp->modp = ecp_mod_p448;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4854 return ecp_use_curve448(grp);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4855#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
4856
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4857 default:
Alexander K56a74cd2019-09-10 17:58:20 +0300[diff] [blame]4858 grp->id = MBEDTLS_ECP_DP_NONE;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4859 return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4860 }
4861}
4862
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4863#if defined(MBEDTLS_ECP_NIST_OPTIM)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4864/*
4865 * Fast reduction modulo the primes used by the NIST curves.
4866 *
4867 * These functions are critical for speed, but not needed for correct
4868 * operations. So, we make the choice to heavily rely on the internals of our
4869 * bignum library, which creates a tight coupling between these functions and
4870 * our MPI implementation. However, the coupling between the ECP module and
4871 * MPI remains loose, since these functions can be deactivated at will.
4872 */
4873
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4874#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4875/*
4876 * Compared to the way things are presented in FIPS 186-3 D.2,
4877 * we proceed in columns, from right (least significant chunk) to left,
4878 * adding chunks to N in place, and keeping a carry for the next chunk.
4879 * This avoids moving things around in memory, and uselessly adding zeros,
4880 * compared to the more straightforward, line-oriented approach.
4881 *
4882 * For this prime we need to handle data in chunks of 64 bits.
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4883 * Since this is always a multiple of our basic mbedtls_mpi_uint, we can
4884 * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it.
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4885 */
4886
4887/* Add 64-bit chunks (dst += src) and update carry */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4888static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4889{
4890 unsigned char i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4891 mbedtls_mpi_uint c = 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4892 for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
4893 *dst += c; c = (*dst < c);
4894 *dst += *src; c += (*dst < *src);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4895 }
4896 *carry += c;
4897}
4898
4899/* Add carry to a 64-bit chunk and update carry */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4900static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4901{
4902 unsigned char i;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4903 for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4904 *dst += *carry;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4905 *carry = (*dst < *carry);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4906 }
4907}
4908
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4909#define WIDTH 8 / sizeof(mbedtls_mpi_uint)
Gabor Mezeib5bba492023-01-20 10:58:12 +0100[diff] [blame]4910#define A(i) Np + (i) * WIDTH
4911#define ADD(i) add64(p, A(i), &c)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4912#define NEXT p += WIDTH; carry64(p, &c)
Gabor Mezei514806b2023-03-28 15:03:20 +0200[diff] [blame]4913#define LAST p += WIDTH; do *p = 0; while (++p < end)
Gabor Mezeib5bba492023-01-20 10:58:12 +0100[diff] [blame]4914#define RESET last_carry[0] = c; c = 0; p = Np
4915#define ADD_LAST add64(p, last_carry, &c)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4916
4917/*
4918 * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
4919 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4920static int ecp_mod_p192(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4921{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4922 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gabor Mezeib5bba492023-01-20 10:58:12 +0100[diff] [blame]4923 size_t expected_width = 2 * ((192 + biL - 1) / biL);
4924 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
Gabor Mezei2038ce92023-01-31 14:33:12 +0100[diff] [blame]4925 ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4926
4927cleanup:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]4928 return ret;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4929}
4930
Gabor Mezeideece2b2023-01-25 17:57:36 +0100[diff] [blame]4931MBEDTLS_STATIC_TESTABLE
Gabor Mezei2038ce92023-01-31 14:33:12 +0100[diff] [blame]4932int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn)
Gabor Mezeib5bba492023-01-20 10:58:12 +0100[diff] [blame]4933{
4934 mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 };
4935 mbedtls_mpi_uint *p, *end;
4936
4937 if (Nn != 2*((192 + biL - 1)/biL)) {
4938 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
4939 }
4940
4941 p = Np;
4942 end = p + Nn;
4943
4944 ADD(3); ADD(5); NEXT; // A0 += A3 + A5
4945 ADD(3); ADD(4); ADD(5); NEXT; // A1 += A3 + A4 + A5
4946 ADD(4); ADD(5); // A2 += A4 + A5
4947
4948 RESET;
4949
Gabor Mezeia2648312023-02-13 16:29:05 +0100[diff] [blame]4950 /* Use the reduction for the carry as well:
4951 * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192
Gabor Mezei514806b2023-03-28 15:03:20 +0200[diff] [blame]4952 * It can generate a carry. */
4953 ADD_LAST; NEXT; // A0 += last_carry
4954 ADD_LAST; NEXT; // A1 += last_carry
4955 // A2 += carry
4956
4957 RESET;
4958
4959 /* Use the reduction for the carry as well:
4960 * 2^192 * last_carry = 2^64 * last_carry + last_carry mod P192
Gabor Mezeia2648312023-02-13 16:29:05 +0100[diff] [blame]4961 */
4962 ADD_LAST; NEXT; // A0 += last_carry
4963 ADD_LAST; NEXT; // A1 += last_carry
Gabor Mezei514806b2023-03-28 15:03:20 +0200[diff] [blame]4964 // A2 += carry
Gabor Mezeib5bba492023-01-20 10:58:12 +0100[diff] [blame]4965
Gabor Mezei514806b2023-03-28 15:03:20 +0200[diff] [blame]4966 LAST;
Gabor Mezeib5bba492023-01-20 10:58:12 +0100[diff] [blame]4967
4968 return 0;
4969}
4970
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4971#undef WIDTH
4972#undef A
4973#undef ADD
4974#undef NEXT
4975#undef LAST
Gabor Mezeib5bba492023-01-20 10:58:12 +0100[diff] [blame]4976#undef RESET
4977#undef ADD_LAST
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4978#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4979
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4980#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
4981 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
4982 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]4983
4984/*
4985 * The reader is advised to first understand ecp_mod_p192() since the same
4986 * general structure is used here, but with additional complications:
4987 * (1) chunks of 32 bits, and (2) subtractions.
4988 */
4989
4990/*
4991 * For these primes, we need to handle data in chunks of 32 bits.
4992 * This makes it more complicated if we use 64 bits limbs in MPI,
4993 * which prevents us from using a uniform access method as for p192.
4994 *
4995 * So, we define a mini abstraction layer to access 32 bit chunks,
4996 * load them in 'cur' for work, and store them back from 'cur' when done.
4997 *
4998 * While at it, also define the size of N in terms of 32-bit chunks.
4999 */
5000#define LOAD32 cur = A(i);
5001
5002#if defined(MBEDTLS_HAVE_INT32) /* 32 bit */
5003
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5004#define MAX32 X_limbs
5005#define A(j) X[j]
Gabor Mezei620f0dc2023-02-28 18:42:33 +0100[diff] [blame]5006#define STORE32 X[i] = (mbedtls_mpi_uint) cur;
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5007#define STORE0 X[i] = 0;
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5008
5009#else /* 64 bit */
5010
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5011#define MAX32 X_limbs * 2
Gabor Mezei5afb80e2023-02-27 17:00:34 +0100[diff] [blame]5012#define A(j) \
5013 (j) % 2 ? \
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5014 (uint32_t) (X[(j) / 2] >> 32) : \
5015 (uint32_t) (X[(j) / 2])
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5016#define STORE32 \
5017 if (i % 2) { \
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5018 X[i/2] &= 0x00000000FFFFFFFF; \
5019 X[i/2] |= (uint64_t) (cur) << 32; \
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5020 } else { \
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5021 X[i/2] &= 0xFFFFFFFF00000000; \
5022 X[i/2] |= (uint32_t) cur; \
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5023 }
5024
5025#define STORE0 \
5026 if (i % 2) { \
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5027 X[i/2] &= 0x00000000FFFFFFFF; \
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5028 } else { \
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5029 X[i/2] &= 0xFFFFFFFF00000000; \
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5030 }
5031
5032#endif
5033
5034static inline int8_t extract_carry(int64_t cur)
5035{
5036 return (int8_t) (cur >> 32);
5037}
5038
5039#define ADD(j) cur += A(j)
5040#define SUB(j) cur -= A(j)
5041
5042#define ADD_CARRY(cc) cur += (cc)
5043#define SUB_CARRY(cc) cur -= (cc)
5044
5045#define ADD_LAST ADD_CARRY(last_c)
5046#define SUB_LAST SUB_CARRY(last_c)
5047
5048/*
5049 * Helpers for the main 'loop'
5050 */
5051#define INIT(b) \
5052 int8_t c = 0, last_c; \
5053 int64_t cur; \
5054 size_t i = 0; \
5055 LOAD32;
5056
5057#define NEXT \
5058 c = extract_carry(cur); \
5059 STORE32; i++; LOAD32; \
5060 ADD_CARRY(c);
5061
5062#define RESET \
5063 c = extract_carry(cur); \
5064 last_c = c; \
5065 STORE32; i = 0; LOAD32; \
5066 c = 0; \
5067
5068#define LAST \
5069 c = extract_carry(cur); \
5070 STORE32; i++; \
5071 if (c != 0) \
5072 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; \
5073 while (i < MAX32) { STORE0; i++; }
5074
5075#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
5076
5077/*
5078 * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
5079 */
5080static int ecp_mod_p224(mbedtls_mpi *N)
5081{
5082 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gabor Mezeiaef0f2d2023-02-14 18:18:37 +0100[diff] [blame]5083 size_t expected_width = 2 * 224 / biL;
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5084 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
Gabor Mezei804cfd32023-02-27 16:50:09 +0100[diff] [blame]5085 ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width);
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5086cleanup:
5087 return ret;
5088}
5089
Gabor Mezeie14b5bd2023-02-08 17:23:03 +0100[diff] [blame]5090MBEDTLS_STATIC_TESTABLE
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5091int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs)
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5092{
Gabor Mezei08a94952023-02-28 18:40:57 +0100[diff] [blame]5093 if (X_limbs != 2 * 224 / biL) {
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5094 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5095 }
5096
5097 INIT(224);
5098
Gabor Mezei5afb80e2023-02-27 17:00:34 +0100[diff] [blame]5099 SUB(7); SUB(11); NEXT; // A0 += -A7 - A11
5100 SUB(8); SUB(12); NEXT; // A1 += -A8 - A12
5101 SUB(9); SUB(13); NEXT; // A2 += -A9 - A13
5102 SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11
5103 SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12
5104 SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13
Gabor Mezeibf506362023-02-27 16:33:30 +0100[diff] [blame]5105 SUB(13); ADD(10); // A6 += -A13 + A10
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5106
5107 RESET;
5108
Gabor Mezeibf506362023-02-27 16:33:30 +0100[diff] [blame]5109 /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */
Gabor Mezei97803ab2023-03-06 16:17:02 +0100[diff] [blame]5110 SUB_LAST; NEXT; // A0 -= last_c
Gabor Mezei5afb80e2023-02-27 17:00:34 +0100[diff] [blame]5111 ; NEXT; // A1
5112 ; NEXT; // A2
Gabor Mezeia835d202023-02-23 17:38:00 +0100[diff] [blame]5113 ADD_LAST; NEXT; // A3 += last_c
Gabor Mezei5afb80e2023-02-27 17:00:34 +0100[diff] [blame]5114 ; NEXT; // A4
5115 ; NEXT; // A5
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5116 // A6
5117
Gabor Mezei97803ab2023-03-06 16:17:02 +0100[diff] [blame]5118 /* The carry reduction cannot generate a carry
5119 * (see commit 73e8553 for details)*/
5120
Gabor Mezei66f88a92023-02-08 17:11:13 +0100[diff] [blame]5121 LAST;
5122
5123 return 0;
5124}
5125
5126#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
5127
Gabor Mezeiab6ac912023-03-01 16:01:52 +0100[diff] [blame]5128#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
5129
5130/*
5131 * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
5132 */
5133static int ecp_mod_p256(mbedtls_mpi *N)
5134{
5135 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gabor Mezei716447f2023-03-01 16:11:11 +0100[diff] [blame]5136 size_t expected_width = 2 * 256 / biL;
Gabor Mezeiab6ac912023-03-01 16:01:52 +0100[diff] [blame]5137 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
Gabor Mezeied1acf62023-03-01 16:09:13 +0100[diff] [blame]5138 ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width);
Gabor Mezeiab6ac912023-03-01 16:01:52 +0100[diff] [blame]5139cleanup:
5140 return ret;
5141}
Gabor Mezei5221c042023-03-01 16:05:21 +0100[diff] [blame]5142
5143MBEDTLS_STATIC_TESTABLE
Gabor Mezeied1acf62023-03-01 16:09:13 +0100[diff] [blame]5144int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs)
Gabor Mezeiab6ac912023-03-01 16:01:52 +0100[diff] [blame]5145{
Gabor Mezei716447f2023-03-01 16:11:11 +0100[diff] [blame]5146 if (X_limbs != 2 * 256 / biL) {
Gabor Mezeiab6ac912023-03-01 16:01:52 +0100[diff] [blame]5147 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5148 }
5149
5150 INIT(256);
5151
5152 ADD(8); ADD(9);
5153 SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0
5154
5155 ADD(9); ADD(10);
5156 SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1
5157
5158 ADD(10); ADD(11);
5159 SUB(13); SUB(14); SUB(15); NEXT; // A2
5160
5161 ADD(11); ADD(11); ADD(12); ADD(12); ADD(13);
5162 SUB(15); SUB(8); SUB(9); NEXT; // A3
5163
5164 ADD(12); ADD(12); ADD(13); ADD(13); ADD(14);
5165 SUB(9); SUB(10); NEXT; // A4
5166
5167 ADD(13); ADD(13); ADD(14); ADD(14); ADD(15);
5168 SUB(10); SUB(11); NEXT; // A5
5169
5170 ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13);
5171 SUB(8); SUB(9); NEXT; // A6
5172
5173 ADD(15); ADD(15); ADD(15); ADD(8);
5174 SUB(10); SUB(11); SUB(12); SUB(13); // A7
5175
5176 RESET;
5177
Gabor Mezeie4710ae2023-03-09 13:41:10 +0100[diff] [blame]5178 /* Use 2^224 * (2^32 - 1) + 2^192 + 2^96 - 1
5179 * to modulo reduce the final carry. */
Gabor Mezeiab6ac912023-03-01 16:01:52 +0100[diff] [blame]5180 ADD_LAST; NEXT; // A0
5181 ; NEXT; // A1
5182 ; NEXT; // A2
5183 SUB_LAST; NEXT; // A3
5184 ; NEXT; // A4
5185 ; NEXT; // A5
5186 SUB_LAST; NEXT; // A6
5187 ADD_LAST; // A7
5188
5189 RESET;
5190
Gabor Mezeie4710ae2023-03-09 13:41:10 +0100[diff] [blame]5191 /* Use 2^224 * (2^32 - 1) + 2^192 + 2^96 - 1
5192 * to modulo reduce the carry generated by the previous reduction. */
Gabor Mezeiab6ac912023-03-01 16:01:52 +0100[diff] [blame]5193 ADD_LAST; NEXT; // A0
5194 ; NEXT; // A1
5195 ; NEXT; // A2
5196 SUB_LAST; NEXT; // A3
5197 ; NEXT; // A4
5198 ; NEXT; // A5
5199 SUB_LAST; NEXT; // A6
5200 ADD_LAST; // A7
5201
5202 LAST;
5203
5204 return 0;
5205}
5206
5207#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
5208
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5209#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5210/*
5211 * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
5212 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5213static int ecp_mod_p384(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5214{
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5215 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
5216 size_t expected_width = 2 * ((384 + biL - 1) / biL);
5217 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
5218 ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width);
5219cleanup:
5220 return ret;
5221}
5222
5223MBEDTLS_STATIC_TESTABLE
5224int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs)
5225{
5226 if (X_limbs != 2*((384 + biL - 1)/biL)) {
5227 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5228 }
5229
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5230 INIT(384);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5231
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5232 ADD(12); ADD(21); ADD(20);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5233 SUB(23); NEXT; // A0
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5234
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5235 ADD(13); ADD(22); ADD(23);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5236 SUB(12); SUB(20); NEXT; // A1
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5237
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5238 ADD(14); ADD(23);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5239 SUB(13); SUB(21); NEXT; // A2
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5240
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5241 ADD(15); ADD(12); ADD(20); ADD(21);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5242 SUB(14); SUB(22); SUB(23); NEXT; // A3
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5243
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5244 ADD(21); ADD(21); ADD(16); ADD(13); ADD(12); ADD(20); ADD(22);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5245 SUB(15); SUB(23); SUB(23); NEXT; // A4
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5246
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5247 ADD(22); ADD(22); ADD(17); ADD(14); ADD(13); ADD(21); ADD(23);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5248 SUB(16); NEXT; // A5
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5249
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5250 ADD(23); ADD(23); ADD(18); ADD(15); ADD(14); ADD(22);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5251 SUB(17); NEXT; // A6
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5252
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5253 ADD(19); ADD(16); ADD(15); ADD(23);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5254 SUB(18); NEXT; // A7
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5255
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5256 ADD(20); ADD(17); ADD(16);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5257 SUB(19); NEXT; // A8
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5258
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5259 ADD(21); ADD(18); ADD(17);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5260 SUB(20); NEXT; // A9
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5261
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5262 ADD(22); ADD(19); ADD(18);
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5263 SUB(21); NEXT; // A10
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5264
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5265 ADD(23); ADD(20); ADD(19);
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5266 SUB(22); // A11
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5267
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5268 RESET;
5269
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5270 /* Use 2^384 = P + 2^128 + 2^96 - 2^32 + 1 to modulo reduce the final carry */
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5271 ADD_LAST; NEXT; // A0
5272 SUB_LAST; NEXT; // A1
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5273 ; NEXT; // A2
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5274 ADD_LAST; NEXT; // A3
5275 ADD_LAST; NEXT; // A4
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5276 ; NEXT; // A5
5277 ; NEXT; // A6
5278 ; NEXT; // A7
5279 ; NEXT; // A8
5280 ; NEXT; // A9
5281 ; NEXT; // A10
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5282 // A11
5283
5284 RESET;
5285
5286 ADD_LAST; NEXT; // A0
5287 SUB_LAST; NEXT; // A1
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5288 ; NEXT; // A2
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5289 ADD_LAST; NEXT; // A3
5290 ADD_LAST; NEXT; // A4
Minos Galanakis37f4cb62023-03-09 11:15:15 +0000[diff] [blame]5291 ; NEXT; // A5
5292 ; NEXT; // A6
5293 ; NEXT; // A7
5294 ; NEXT; // A8
5295 ; NEXT; // A9
5296 ; NEXT; // A10
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5297 // A11
5298
5299 LAST;
5300
5301 return 0;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5302}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5303#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5304
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5305#undef LOAD32
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5306#undef MAX32
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5307#undef A
5308#undef STORE32
5309#undef STORE0
5310#undef ADD
5311#undef SUB
5312#undef ADD_CARRY
5313#undef SUB_CARRY
5314#undef ADD_LAST
5315#undef SUB_LAST
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5316#undef INIT
5317#undef NEXT
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5318#undef RESET
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5319#undef LAST
5320
Minos Galanakis6fb105f2023-02-22 15:28:20 +0000[diff] [blame]5321#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED ||
5322 MBEDTLS_ECP_DP_SECP256R1_ENABLED ||
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5323 MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5324
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5325#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5326/* Size of p521 in terms of mbedtls_mpi_uint */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5327#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5328
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5329/* Bits to keep in the most significant mbedtls_mpi_uint */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5330#define P521_MASK 0x01FF
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5331
5332/*
Gabor Mezei42df16c2023-02-01 13:58:04 +0100[diff] [blame]5333 * Fast quasi-reduction modulo p521 = 2^521 - 1 (FIPS 186-3 D.2.5)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5334 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5335static int ecp_mod_p521(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5336{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5337 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gabor Mezeicf228702023-02-15 16:52:33 +0100[diff] [blame]5338 size_t expected_width = 2 * P521_WIDTH;
Gabor Mezei42df16c2023-02-01 13:58:04 +0100[diff] [blame]5339 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
Gabor Mezeib62ad5d2023-02-06 17:13:02 +0100[diff] [blame]5340 ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width);
Gabor Mezei42df16c2023-02-01 13:58:04 +0100[diff] [blame]5341cleanup:
5342 return ret;
5343}
Gabor Mezei2cb630e2023-02-01 14:02:16 +0100[diff] [blame]5344
5345MBEDTLS_STATIC_TESTABLE
Janos Follath666673e2023-02-07 15:49:15 +0000[diff] [blame]5346int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs)
Gabor Mezei42df16c2023-02-01 13:58:04 +0100[diff] [blame]5347{
5348 mbedtls_mpi_uint carry = 0;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5349
Gabor Mezeicf228702023-02-15 16:52:33 +0100[diff] [blame]5350 if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) {
Gabor Mezeiac70ad62023-02-16 19:31:21 +0100[diff] [blame]5351 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5352 }
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5353
Janos Follathfe24e912023-02-08 10:14:21 +0000[diff] [blame]5354 /* Step 1: Reduction to P521_WIDTH limbs */
Gabor Mezeicf228702023-02-15 16:52:33 +0100[diff] [blame]5355 /* Helper references for bottom part of X */
5356 mbedtls_mpi_uint *X0 = X;
5357 size_t X0_limbs = P521_WIDTH;
5358 /* Helper references for top part of X */
5359 mbedtls_mpi_uint *X1 = X + X0_limbs;
5360 size_t X1_limbs = X_limbs - X0_limbs;
5361 /* Split X as X0 + 2^P521_WIDTH X1 and compute X0 + 2^(biL - 9) X1.
5362 * (We are using that 2^P521_WIDTH = 2^(512 + biL) and that
5363 * 2^(512 + biL) X1 = 2^(biL - 9) X1 mod P521.)
5364 * The high order limb of the result will be held in carry and the rest
5365 * in X0 (that is the result will be represented as
5366 * 2^P521_WIDTH carry + X0).
5367 *
5368 * Also, note that the resulting carry is either 0 or 1:
5369 * X0 < 2^P521_WIDTH = 2^(512 + biL) and X1 < 2^(P521_WIDTH-biL) = 2^512
5370 * therefore
5371 * X0 + 2^(biL - 9) X1 < 2^(512 + biL) + 2^(512 + biL - 9)
5372 * which in turn is less than 2 * 2^(512 + biL).
5373 */
5374 mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9);
5375 carry = mbedtls_mpi_core_mla(X0, X0_limbs, X1, X1_limbs, shift);
5376 /* Set X to X0 (by clearing the top part). */
5377 memset(X1, 0, X1_limbs * sizeof(mbedtls_mpi_uint));
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5378
Janos Follathfe24e912023-02-08 10:14:21 +0000[diff] [blame]5379 /* Step 2: Reduction modulo P521
5380 *
5381 * At this point X is reduced to P521_WIDTH limbs. What remains is to add
5382 * the carry (that is 2^P521_WIDTH carry) and to reduce mod P521. */
5383
5384 /* 2^P521_WIDTH carry = 2^(512 + biL) carry = 2^(biL - 9) carry mod P521.
5385 * Also, recall that carry is either 0 or 1. */
5386 mbedtls_mpi_uint addend = carry << (biL - 9);
5387 /* Keep the top 9 bits and reduce the rest, using 2^521 = 1 mod P521. */
5388 addend += (X[P521_WIDTH - 1] >> 9);
Janos Follath666673e2023-02-07 15:49:15 +0000[diff] [blame]5389 X[P521_WIDTH - 1] &= P521_MASK;
Gabor Mezeid10d4292023-02-08 16:27:03 +0100[diff] [blame]5390
Tom Cosgrove5c8505f2023-03-07 11:39:52 +0000[diff] [blame]5391 /* Reuse the top part of X (already zeroed) as a helper array for
Gabor Mezeid10d4292023-02-08 16:27:03 +0100[diff] [blame]5392 * carrying out the addition. */
5393 mbedtls_mpi_uint *addend_arr = X + P521_WIDTH;
Janos Follathfe24e912023-02-08 10:14:21 +0000[diff] [blame]5394 addend_arr[0] = addend;
Gabor Mezeicf228702023-02-15 16:52:33 +0100[diff] [blame]5395 (void) mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH);
5396 /* Both addends were less than P521 therefore X < 2 * P521. (This also means
5397 * that the result fit in P521_WIDTH limbs and there won't be any carry.) */
Gabor Mezeid10d4292023-02-08 16:27:03 +0100[diff] [blame]5398
5399 /* Clear the reused part of X. */
5400 addend_arr[0] = 0;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5401
Gabor Mezei42df16c2023-02-01 13:58:04 +0100[diff] [blame]5402 return 0;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5403}
5404
5405#undef P521_WIDTH
5406#undef P521_MASK
Gabor Mezei42df16c2023-02-01 13:58:04 +0100[diff] [blame]5407
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5408#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5409
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5410#endif /* MBEDTLS_ECP_NIST_OPTIM */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5411
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]5412#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5413
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5414/* Size of p255 in terms of mbedtls_mpi_uint */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5415#define P255_WIDTH (255 / 8 / sizeof(mbedtls_mpi_uint) + 1)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5416
5417/*
5418 * Fast quasi-reduction modulo p255 = 2^255 - 19
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5419 * Write N as A0 + 2^256 A1, return A0 + 38 * A1
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5420 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5421static int ecp_mod_p255(mbedtls_mpi *N)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5422{
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5423 mbedtls_mpi_uint Mp[P255_WIDTH];
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5424
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5425 /* Helper references for top part of N */
5426 mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;
Hanno Becker53b3c602022-04-11 13:46:30 +0100[diff] [blame]5427 const size_t NT_n = N->n - P255_WIDTH;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5428 if (N->n <= P255_WIDTH) {
5429 return 0;
5430 }
5431 if (NT_n > P255_WIDTH) {
5432 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5433 }
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5434
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5435 /* Split N as N + 2^256 M */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5436 memcpy(Mp, NT_p, sizeof(mbedtls_mpi_uint) * NT_n);
5437 memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n);
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5438
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5439 /* N = A0 + 38 * A1 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5440 mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1,
5441 Mp, NT_n,
5442 38);
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5443
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5444 return 0;
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5445}
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]5446#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5447
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5448#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
5449
5450/* Size of p448 in terms of mbedtls_mpi_uint */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5451#define P448_WIDTH (448 / 8 / sizeof(mbedtls_mpi_uint))
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5452
5453/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5454#define DIV_ROUND_UP(X, Y) (((X) + (Y) -1) / (Y))
5455#define P224_WIDTH_MIN (28 / sizeof(mbedtls_mpi_uint))
5456#define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint))
5457#define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5458
Paul Elliott47a3c822023-04-23 23:18:50 +0100[diff] [blame]5459static int ecp_mod_p448(mbedtls_mpi *N)
5460{
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5461 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
5462 size_t expected_width = 2 * ((448 + biL - 1) / biL);
5463
5464 /* This is required as some tests and use cases do not pass in a Bignum of
5465 * the correct size, and expect the growth to be done automatically, which
5466 * will no longer happen. */
5467 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
5468
5469 ret = mbedtls_ecp_mod_p448(N->p, N->n);
5470
5471cleanup:
5472 return ret;
Paul Elliott47a3c822023-04-23 23:18:50 +0100[diff] [blame]5473}
5474
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5475/*
5476 * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
Paul Elliottc05f51d2023-05-16 17:55:44 +0100[diff] [blame]5477 * Write X as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return A0 + A1 + B1 +
5478 * (B0 + B1) * 2^224. This is different to the reference implementation of
5479 * Curve448, which uses its own special 56-bit limbs rather than a generic
5480 * bignum library. We could squeeze some extra speed out on 32-bit machines by
5481 * splitting N up into 32-bit limbs and doing the arithmetic using the limbs
5482 * directly as we do for the NIST primes above, but for 64-bit targets it should
5483 * use half the number of operations if we do the reduction with 224-bit limbs,
Paul Elliott70506622023-05-24 17:31:57 +0100[diff] [blame]5484 * since mpi_core_add will then use 64-bit adds.
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5485 */
Paul Elliott47a3c822023-04-23 23:18:50 +0100[diff] [blame]5486MBEDTLS_STATIC_TESTABLE
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5487int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5488{
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5489 size_t i;
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5490 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5491
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5492 if (X_limbs <= P448_WIDTH) {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5493 return 0;
5494 }
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5495
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5496 size_t M_limbs = X_limbs - (P448_WIDTH);
Paul Elliott6b1f7f12023-05-16 15:59:56 +0100[diff] [blame]5497 const size_t Q_limbs = M_limbs;
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5498
5499 if (M_limbs > P448_WIDTH) {
Paul Elliottc05f51d2023-05-16 17:55:44 +0100[diff] [blame]5500 /* Shouldn't be called with X larger than 2^896! */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5501 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5502 }
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5503
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5504 /* Extra limb for carry below. */
5505 M_limbs++;
5506
Paul Elliottedc97682023-05-19 18:34:13 +0100[diff] [blame]5507 mbedtls_mpi_uint *M = NULL;
5508 mbedtls_mpi_uint *Q = NULL;
5509 const mbedtls_mpi_uint *P = (mbedtls_mpi_uint *) curve448_p;
5510 const size_t P_limbs = CHARS_TO_LIMBS(sizeof(curve448_p));
5511
5512 M = mbedtls_calloc(M_limbs, ciL);
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5513
5514 if (M == NULL) {
5515 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5516 }
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5517
Paul Elliottedc97682023-05-19 18:34:13 +0100[diff] [blame]5518 Q = mbedtls_calloc(Q_limbs, ciL);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5519
Paul Elliott235c1942023-05-16 15:51:23 +0100[diff] [blame]5520 if (Q == NULL) {
5521 ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
5522 goto cleanup;
5523 }
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5524
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5525 /* M = A1 */
5526 memset(M, 0, (M_limbs * ciL));
5527
5528 /* Do not copy into the overflow limb, as this would read past the end of
Paul Elliottc05f51d2023-05-16 17:55:44 +0100[diff] [blame]5529 * X. */
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5530 memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL));
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5531
Paul Elliott3b6bf102023-05-23 17:51:52 +0100[diff] [blame]5532 /* X = A0 */
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5533 for (i = P448_WIDTH; i < X_limbs; i++) {
5534 X[i] = 0;
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5535 }
5536
Paul Elliottedc97682023-05-19 18:34:13 +0100[diff] [blame]5537 /* X += A1 - Carry here fits in oversize X. Oversize M means it will get
5538 * added in, not returned as carry. */
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5539 (void) mbedtls_mpi_core_add(X, X, M, M_limbs);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5540
Paul Elliottedc97682023-05-19 18:34:13 +0100[diff] [blame]5541 /* Deal with carry bit from add by subtracting P if necessary. */
5542 if (X[P448_WIDTH] != 0) {
5543 mbedtls_mpi_core_sub(X, X, P, P_limbs);
5544 }
5545
Paul Elliottc05f51d2023-05-16 17:55:44 +0100[diff] [blame]5546 /* Q = B1, X += B1 */
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5547 memcpy(Q, M, (Q_limbs * ciL));
5548
5549 mbedtls_mpi_core_shift_r(Q, Q_limbs, 224);
5550
5551 /* No carry here - only max 224 bits */
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5552 (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5553
Paul Elliott3b6bf102023-05-23 17:51:52 +0100[diff] [blame]5554 /* M = (B0 + B1) * 2^224, X += M */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5555 if (sizeof(mbedtls_mpi_uint) > 4) {
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5556 M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5557 }
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5558 for (i = P224_WIDTH_MAX; i < M_limbs; ++i) {
5559 M[i] = 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5560 }
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5561
5562 (void) mbedtls_mpi_core_add(M, M, Q, Q_limbs);
5563
Paul Elliottedc97682023-05-19 18:34:13 +0100[diff] [blame]5564 /* Shifted carry bit from the addition fits in oversize M */
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5565 mbedtls_mpi_core_shift_l(M, M_limbs, 224);
Paul Elliott34b08e52023-05-16 15:28:30 +0100[diff] [blame]5566 (void) mbedtls_mpi_core_add(X, X, M, M_limbs);
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5567
Paul Elliottedc97682023-05-19 18:34:13 +0100[diff] [blame]5568 /* Deal with carry bit by subtracting P if necessary. */
5569 if (X[P448_WIDTH] != 0) {
5570 mbedtls_mpi_core_sub(X, X, P, P_limbs);
5571 }
5572
5573 /* Returned result should be 0 < X < P. Although we have controlled bit
5574 * width, we may still have a result which is greater than P. Subtract P
5575 * if this is the case. */
5576 if (mbedtls_mpi_core_lt_ct(P, X, P_limbs)) {
5577 mbedtls_mpi_core_sub(X, X, P, P_limbs);
5578 }
5579
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5580 ret = 0;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5581
5582cleanup:
Paul Elliott4fa83342023-05-01 22:30:54 +0100[diff] [blame]5583 mbedtls_free(M);
5584 mbedtls_free(Q);
5585
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5586 return ret;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5587}
5588#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
5589
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5590#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
5591 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
5592 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5593
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5594/*
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5595 * Fast quasi-reduction modulo P = 2^s - R,
5596 * with R about 33 bits, used by the Koblitz curves.
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5597 *
Gabor Mezeicaac83c2023-05-16 17:41:26 +0200[diff] [blame]5598 * Write X as A0 + 2^224 A1, return A0 + R * A1.
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5599 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5600#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5601
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5602static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X,
5603 size_t X_limbs,
5604 mbedtls_mpi_uint *R,
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5605 size_t bits)
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5606{
5607 int ret = 0;
5608
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5609 /* Determine if A1 is aligned to limb bitsize. If not then the used limbs
5610 * of P, A0 and A1 must be set accordingly and there is a middle limb
5611 * which is shared by A0 and A1 and need to handle accordingly.
5612 */
5613 size_t shift = bits % biL;
5614 size_t adjust = (shift + biL - 1) / biL;
5615 size_t P_limbs = bits / biL + adjust;
5616
5617 mbedtls_mpi_uint *A1 = mbedtls_calloc(P_limbs, ciL);
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5618 if (A1 == NULL) {
Gabor Mezei19c6f472023-04-26 15:22:11 +0200[diff] [blame]5619 return MBEDTLS_ERR_ECP_ALLOC_FAILED;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5620 }
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5621
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5622 /* Create a buffer to store the value of `R * A1` */
Gabor Mezei19c6f472023-04-26 15:22:11 +0200[diff] [blame]5623 size_t R_limbs = P_KOBLITZ_R;
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5624 size_t M_limbs = P_limbs + R_limbs;
Gabor Mezei19c6f472023-04-26 15:22:11 +0200[diff] [blame]5625 mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL);
5626 if (M == NULL) {
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5627 ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
5628 goto cleanup;
5629 }
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5630
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5631 mbedtls_mpi_uint mask = 0;
5632 if (adjust != 0) {
5633 mask = ((mbedtls_mpi_uint) 1 << shift) - 1;
5634 }
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5635
Gabor Mezeia2740412023-05-15 14:50:17 +0200[diff] [blame]5636 /* Two passes are needed to reduce the value of `A0 + R * A1` and then
5637 * we need an additional one to reduce the possible overflow during
Gabor Mezeib6653f32023-05-08 17:32:44 +0200[diff] [blame]5638 * the addition.
5639 */
Gabor Mezeidcaf99e2023-05-02 13:59:57 +0200[diff] [blame]5640 for (size_t pass = 0; pass < 3; pass++) {
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5641 /* Copy A1 */
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5642 memcpy(A1, X + P_limbs - adjust, P_limbs * ciL);
5643
5644 /* Shift A1 to be aligned */
Gabor Mezeif921f4d2023-04-14 15:11:14 +0200[diff] [blame]5645 if (shift != 0) {
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5646 mbedtls_mpi_core_shift_r(A1, P_limbs, shift);
Gabor Mezeif921f4d2023-04-14 15:11:14 +0200[diff] [blame]5647 }
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5648
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5649 /* Zeroize the A1 part of the shared limb */
Gabor Mezeif921f4d2023-04-14 15:11:14 +0200[diff] [blame]5650 if (mask != 0) {
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5651 X[P_limbs - 1] &= mask;
Gabor Mezeif921f4d2023-04-14 15:11:14 +0200[diff] [blame]5652 }
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5653
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5654 /* X = A0
5655 * Zeroize the A1 part of X to keep only the A0 part.
5656 */
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5657 for (size_t i = P_limbs; i < X_limbs; i++) {
5658 X[i] = 0;
5659 }
5660
5661 /* X = A0 + R * A1 */
Gabor Mezei908f4002023-05-05 15:09:24 +0200[diff] [blame]5662 mbedtls_mpi_core_mul(M, A1, P_limbs, R, R_limbs);
5663 (void) mbedtls_mpi_core_add(X, X, M, P_limbs + R_limbs);
Gabor Mezei03367fe2023-04-24 16:34:29 +0200[diff] [blame]5664
5665 /* Carry can not be generated since R is a 33-bit value and stored in
5666 * 64 bits. The result value of the multiplication is at most
5667 * P length + 33 bits in length and the result value of the addition
5668 * is at most P length + 34 bits in length. So the result of the
5669 * addition always fits in P length + 64 bits.
5670 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5671 }
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5672
5673cleanup:
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5674 mbedtls_free(M);
5675 mbedtls_free(A1);
5676
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5677 return ret;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5678}
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5679
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5680#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
5681 MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
5682 MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5683
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5684#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5685
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5686/*
5687 * Fast quasi-reduction modulo p192k1 = 2^192 - R,
Gabor Mezeid2c0ba12023-04-24 16:33:17 +0200[diff] [blame]5688 * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5689 */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5690static int ecp_mod_p192k1(mbedtls_mpi *N)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5691{
Gabor Mezei70974472023-04-21 17:28:25 +0200[diff] [blame]5692 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
5693 size_t expected_width = 2 * ((192 + biL - 1) / biL);
5694 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
Gabor Mezeidacfe562023-05-02 14:05:13 +0200[diff] [blame]5695 ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width);
Gabor Mezei70974472023-04-21 17:28:25 +0200[diff] [blame]5696
5697cleanup:
5698 return ret;
Gabor Mezei83669d92023-04-11 15:42:18 +0200[diff] [blame]5699}
5700
5701MBEDTLS_STATIC_TESTABLE
Gabor Mezeidacfe562023-05-02 14:05:13 +0200[diff] [blame]5702int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
Gabor Mezei83669d92023-04-11 15:42:18 +0200[diff] [blame]5703{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5704 static mbedtls_mpi_uint Rp[] = {
Gabor Mezeidacfe562023-05-02 14:05:13 +0200[diff] [blame]5705 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00,
5706 0x01, 0x00, 0x00, 0x00)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5707 };
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5708
Gabor Mezeid56e6e02023-05-17 17:51:19 +0200[diff] [blame]5709 if (X_limbs != 2 * ((192 + biL - 1) / biL)) {
5710 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5711 }
5712
Gabor Mezeidacfe562023-05-02 14:05:13 +0200[diff] [blame]5713 return ecp_mod_koblitz(X, X_limbs, Rp, 192);
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5714}
Gabor Mezei8183c5d2023-04-20 15:50:59 +0200[diff] [blame]5715
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5716#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5717
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5718#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
Minos Galanakis9d808792023-04-13 12:22:41 +0100[diff] [blame]5719
Gabor Mezeie42bb622023-05-02 14:10:57 +0200[diff] [blame]5720/*
5721 * Fast quasi-reduction modulo p224k1 = 2^224 - R,
5722 * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
5723 */
Minos Galanakis9d808792023-04-13 12:22:41 +0100[diff] [blame]5724static int ecp_mod_p224k1(mbedtls_mpi *N)
5725{
Gabor Mezei70974472023-04-21 17:28:25 +0200[diff] [blame]5726 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
5727 size_t expected_width = 2 * 224 / biL;
5728 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
Gabor Mezeie42bb622023-05-02 14:10:57 +0200[diff] [blame]5729 ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width);
Gabor Mezei70974472023-04-21 17:28:25 +0200[diff] [blame]5730
5731cleanup:
5732 return ret;
Minos Galanakis9d808792023-04-13 12:22:41 +0100[diff] [blame]5733}
5734
Minos Galanakise5dab972023-04-11 16:42:06 +0100[diff] [blame]5735MBEDTLS_STATIC_TESTABLE
Gabor Mezeie42bb622023-05-02 14:10:57 +0200[diff] [blame]5736int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5737{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5738 static mbedtls_mpi_uint Rp[] = {
Gabor Mezeie42bb622023-05-02 14:10:57 +0200[diff] [blame]5739 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00,
5740 0x01, 0x00, 0x00, 0x00)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5741 };
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5742
Gabor Mezeid56e6e02023-05-17 17:51:19 +0200[diff] [blame]5743 if (X_limbs != 2 * 224 / biL) {
5744 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5745 }
5746
Gabor Mezeie42bb622023-05-02 14:10:57 +0200[diff] [blame]5747 return ecp_mod_koblitz(X, X_limbs, Rp, 224);
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5748}
5749
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5750#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5751
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5752#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Minos Galanakis9c2c81f2023-04-12 11:10:03 +0100[diff] [blame]5753
Gabor Mezei03558b82023-05-02 14:12:25 +0200[diff] [blame]5754/*
5755 * Fast quasi-reduction modulo p256k1 = 2^256 - R,
5756 * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
5757 */
Minos Galanakis9c2c81f2023-04-12 11:10:03 +0100[diff] [blame]5758static int ecp_mod_p256k1(mbedtls_mpi *N)
5759{
Gabor Mezei70974472023-04-21 17:28:25 +0200[diff] [blame]5760 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
5761 size_t expected_width = 2 * ((256 + biL - 1) / biL);
5762 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
Gabor Mezei03558b82023-05-02 14:12:25 +0200[diff] [blame]5763 ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width);
Gabor Mezei70974472023-04-21 17:28:25 +0200[diff] [blame]5764
5765cleanup:
5766 return ret;
Minos Galanakis9c2c81f2023-04-12 11:10:03 +0100[diff] [blame]5767}
5768
Minos Galanakisd6751dc2023-04-11 17:25:31 +0100[diff] [blame]5769MBEDTLS_STATIC_TESTABLE
Gabor Mezei03558b82023-05-02 14:12:25 +0200[diff] [blame]5770int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5771{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5772 static mbedtls_mpi_uint Rp[] = {
Gabor Mezei03558b82023-05-02 14:12:25 +0200[diff] [blame]5773 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00,
5774 0x01, 0x00, 0x00, 0x00)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]5775 };
Gabor Mezeid56e6e02023-05-17 17:51:19 +0200[diff] [blame]5776
5777 if (X_limbs != 2 * ((256 + biL - 1) / biL)) {
5778 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5779 }
5780
Gabor Mezei03558b82023-05-02 14:12:25 +0200[diff] [blame]5781 return ecp_mod_koblitz(X, X_limbs, Rp, 256);
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5782}
Gabor Mezei03558b82023-05-02 14:12:25 +0200[diff] [blame]5783
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5784#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5785
Minos Galanakisd2ca8022023-02-03 19:07:39 +0000[diff] [blame]5786#if defined(MBEDTLS_TEST_HOOKS)
Minos Galanakisd2ca8022023-02-03 19:07:39 +0000[diff] [blame]5787MBEDTLS_STATIC_TESTABLE
5788int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
5789 const mbedtls_ecp_group_id id,
5790 const mbedtls_ecp_curve_type ctype)
5791{
5792 mbedtls_mpi_uint *p = NULL;
5793 size_t p_limbs;
5794
5795 if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \
5796 ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) {
5797 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5798 }
5799
5800 switch (id) {
5801#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
5802 case MBEDTLS_ECP_DP_SECP192R1:
5803 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5804 p = (mbedtls_mpi_uint *) secp192r1_p;
5805 p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p));
5806 } else {
5807 p = (mbedtls_mpi_uint *) secp192r1_n;
5808 p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_n));
5809 }
5810 break;
5811#endif
5812
5813#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
5814 case MBEDTLS_ECP_DP_SECP224R1:
5815 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5816 p = (mbedtls_mpi_uint *) secp224r1_p;
5817 p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p));
5818 } else {
5819 p = (mbedtls_mpi_uint *) secp224r1_n;
5820 p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_n));
5821 }
5822 break;
5823#endif
5824
5825#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
5826 case MBEDTLS_ECP_DP_SECP256R1:
5827 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5828 p = (mbedtls_mpi_uint *) secp256r1_p;
5829 p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p));
5830 } else {
5831 p = (mbedtls_mpi_uint *) secp256r1_n;
5832 p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_n));
5833 }
5834 break;
5835#endif
5836
5837#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
5838 case MBEDTLS_ECP_DP_SECP384R1:
5839 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5840 p = (mbedtls_mpi_uint *) secp384r1_p;
5841 p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p));
5842 } else {
5843 p = (mbedtls_mpi_uint *) secp384r1_n;
5844 p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_n));
5845 }
5846 break;
5847#endif
5848
5849#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
5850 case MBEDTLS_ECP_DP_SECP521R1:
5851 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5852 p = (mbedtls_mpi_uint *) secp521r1_p;
5853 p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p));
5854 } else {
5855 p = (mbedtls_mpi_uint *) secp521r1_n;
5856 p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_n));
5857 }
5858 break;
5859#endif
5860
5861#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
5862 case MBEDTLS_ECP_DP_BP256R1:
5863 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5864 p = (mbedtls_mpi_uint *) brainpoolP256r1_p;
5865 p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p));
5866 } else {
5867 p = (mbedtls_mpi_uint *) brainpoolP256r1_n;
5868 p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_n));
5869 }
5870 break;
5871#endif
5872
5873#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
5874 case MBEDTLS_ECP_DP_BP384R1:
5875 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5876 p = (mbedtls_mpi_uint *) brainpoolP384r1_p;
5877 p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p));
5878 } else {
5879 p = (mbedtls_mpi_uint *) brainpoolP384r1_n;
5880 p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_n));
5881 }
5882 break;
5883#endif
5884
5885#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
5886 case MBEDTLS_ECP_DP_BP512R1:
5887 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5888 p = (mbedtls_mpi_uint *) brainpoolP512r1_p;
5889 p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p));
5890 } else {
5891 p = (mbedtls_mpi_uint *) brainpoolP512r1_n;
5892 p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_n));
5893 }
5894 break;
5895#endif
5896
5897#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
5898 case MBEDTLS_ECP_DP_CURVE25519:
5899 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5900 p = (mbedtls_mpi_uint *) curve25519_p;
5901 p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p));
5902 } else {
5903 p = (mbedtls_mpi_uint *) curve25519_n;
5904 p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_n));
5905 }
5906 break;
5907#endif
5908
5909#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
5910 case MBEDTLS_ECP_DP_SECP192K1:
5911 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5912 p = (mbedtls_mpi_uint *) secp192k1_p;
5913 p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p));
5914 } else {
5915 p = (mbedtls_mpi_uint *) secp192k1_n;
5916 p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_n));
5917 }
5918 break;
5919#endif
5920
5921#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
5922 case MBEDTLS_ECP_DP_SECP224K1:
5923 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5924 p = (mbedtls_mpi_uint *) secp224k1_p;
5925 p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p));
5926 } else {
5927 p = (mbedtls_mpi_uint *) secp224k1_n;
5928 p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_n));
5929 }
5930 break;
5931#endif
5932
5933#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
5934 case MBEDTLS_ECP_DP_SECP256K1:
5935 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5936 p = (mbedtls_mpi_uint *) secp256k1_p;
5937 p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p));
5938 } else {
5939 p = (mbedtls_mpi_uint *) secp256k1_n;
5940 p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_n));
5941 }
5942 break;
5943#endif
5944
5945#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
5946 case MBEDTLS_ECP_DP_CURVE448:
5947 if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
5948 p = (mbedtls_mpi_uint *) curve448_p;
5949 p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p));
5950 } else {
5951 p = (mbedtls_mpi_uint *) curve448_n;
5952 p_limbs = CHARS_TO_LIMBS(sizeof(curve448_n));
5953 }
5954 break;
5955#endif
5956
5957 default:
5958 case MBEDTLS_ECP_DP_NONE:
5959 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
5960 }
5961
5962 if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs,
5963 MBEDTLS_MPI_MOD_REP_MONTGOMERY)) {
Minos Galanakisa30afe22023-02-15 15:36:29 +0000[diff] [blame]5964 return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Minos Galanakisd2ca8022023-02-03 19:07:39 +0000[diff] [blame]5965 }
5966 return 0;
5967}
5968#endif /* MBEDTLS_TEST_HOOKS */
5969#endif /* !MBEDTLS_ECP_ALT */
Valerio Settid4a5d462023-04-05 18:19:01 +0200[diff] [blame]5970#endif /* MBEDTLS_ECP_LIGHT */