TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c0eabdc63657f784dee45167b010534cd3924cfa / . / library / ecp_curves.c
blob: 5d09cf70dcd1e655a5f0a487d14458c9775a3a64 [file] [log] [blame]
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]1/*
2 * Elliptic curves over GF(p): curve-specific data and functions
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]18 */
19
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]20#include "common.h"
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]21
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]22#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]23
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]24# include "mbedtls/ecp.h"
25# include "mbedtls/platform_util.h"
26# include "mbedtls/error.h"
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]27
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]28# include "bn_mul.h"
29# include "ecp_invasive.h"
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]30
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]31# include <string.h>
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]32
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]33# if !defined(MBEDTLS_ECP_ALT)
Janos Follathb0697532016-08-18 12:38:46 +0100[diff] [blame]34
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]35/* Parameter validation macros based on platform_util.h */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]36# define ECP_VALIDATE_RET(cond) \
37 MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
38# define ECP_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]39
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]40# if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
41 !defined(inline) && !defined(__cplusplus)
42# define inline __inline
43# endif
Paul Bakker498fd352013-12-02 22:17:24 +0100[diff] [blame]44
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]45# define ECP_MPI_INIT(s, n, p) \
46 { \
47 s, (n), (mbedtls_mpi_uint *)(p) \
48 }
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]49
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]50# define ECP_MPI_INIT_ARRAY(x) \
51 ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
Manuel Pégourié-Gonnard2389a602021-06-23 12:25:48 +0200[diff] [blame]52
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]53# define ECP_POINT_INIT_XY_Z0(x, y) \
54 { \
55 ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), \
56 ECP_MPI_INIT(1, 0, NULL) \
57 }
58# define ECP_POINT_INIT_XY_Z1(x, y) \
59 { \
60 ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), \
61 ECP_MPI_INIT(1, 1, mpi_one) \
62 }
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]63
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]64# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
65 defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
66 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
67 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
68 defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
69 defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
70 defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
71 defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
72 defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
73 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
74 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]75/* For these curves, we build the group parameters dynamically. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]76# define ECP_LOAD_GROUP
77static mbedtls_mpi_uint mpi_one[] = { 1 };
78# endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]79
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]80/*
Manuel Pégourié-Gonnard14a96c52013-12-11 12:15:28 +0100[diff] [blame]81 * Note: the constants are in little-endian order
82 * to be directly usable in MPIs
83 */
84
85/*
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]86 * Domain parameters for secp192r1
87 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]88# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89static const mbedtls_mpi_uint secp192r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]90 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
91 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
92 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]93};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]94static const mbedtls_mpi_uint secp192r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]95 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE),
96 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F),
97 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]98};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99static const mbedtls_mpi_uint secp192r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]100 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4),
101 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C),
102 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]103};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104static const mbedtls_mpi_uint secp192r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]105 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73),
106 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63),
107 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]108};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]109static const mbedtls_mpi_uint secp192r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]110 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14),
111 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF),
112 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]113};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]114# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]115static const mbedtls_mpi_uint secp192r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]116 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4),
117 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C),
118 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]119};
120static const mbedtls_mpi_uint secp192r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]121 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73),
122 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63),
123 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]124};
125static const mbedtls_mpi_uint secp192r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]126 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2),
127 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6),
128 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]129};
130static const mbedtls_mpi_uint secp192r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]131 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A),
132 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F),
133 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]134};
135static const mbedtls_mpi_uint secp192r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]136 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB),
137 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13),
138 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]139};
140static const mbedtls_mpi_uint secp192r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]141 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6),
142 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87),
143 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]144};
145static const mbedtls_mpi_uint secp192r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]146 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5),
147 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A),
148 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]149};
150static const mbedtls_mpi_uint secp192r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]151 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4),
152 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED),
153 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]154};
155static const mbedtls_mpi_uint secp192r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]156 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E),
157 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59),
158 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]159};
160static const mbedtls_mpi_uint secp192r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]161 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB),
162 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39),
163 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]164};
165static const mbedtls_mpi_uint secp192r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]166 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E),
167 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6),
168 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]169};
170static const mbedtls_mpi_uint secp192r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]171 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F),
172 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89),
173 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]174};
175static const mbedtls_mpi_uint secp192r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]176 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06),
177 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15),
178 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]179};
180static const mbedtls_mpi_uint secp192r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]181 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E),
182 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2),
183 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]184};
185static const mbedtls_mpi_uint secp192r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]186 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43),
187 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70),
188 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]189};
190static const mbedtls_mpi_uint secp192r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]191 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D),
192 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46),
193 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]194};
195static const mbedtls_mpi_uint secp192r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]196 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD),
197 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64),
198 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]199};
200static const mbedtls_mpi_uint secp192r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]201 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85),
202 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63),
203 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]204};
205static const mbedtls_mpi_uint secp192r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]206 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C),
207 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68),
208 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]209};
210static const mbedtls_mpi_uint secp192r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]211 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11),
212 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7),
213 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]214};
215static const mbedtls_mpi_uint secp192r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]216 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32),
217 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65),
218 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]219};
220static const mbedtls_mpi_uint secp192r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]221 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF),
222 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D),
223 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]224};
225static const mbedtls_mpi_uint secp192r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]226 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA),
227 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE),
228 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]229};
230static const mbedtls_mpi_uint secp192r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]231 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33),
232 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60),
233 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]234};
235static const mbedtls_mpi_uint secp192r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]236 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19),
237 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF),
238 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]239};
240static const mbedtls_mpi_uint secp192r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]241 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40),
242 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17),
243 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]244};
245static const mbedtls_mpi_uint secp192r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]246 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45),
247 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98),
248 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]249};
250static const mbedtls_mpi_uint secp192r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]251 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C),
252 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02),
253 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]254};
255static const mbedtls_mpi_uint secp192r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]256 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B),
257 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32),
258 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]259};
260static const mbedtls_mpi_uint secp192r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]261 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85),
262 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E),
263 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]264};
265static const mbedtls_mpi_uint secp192r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]266 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4),
267 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F),
268 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]269};
270static const mbedtls_mpi_uint secp192r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]271 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F),
272 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13),
273 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]274};
275static const mbedtls_ecp_point secp192r1_T[16] = {
276 ECP_POINT_INIT_XY_Z1(secp192r1_T_0_X, secp192r1_T_0_Y),
277 ECP_POINT_INIT_XY_Z0(secp192r1_T_1_X, secp192r1_T_1_Y),
278 ECP_POINT_INIT_XY_Z0(secp192r1_T_2_X, secp192r1_T_2_Y),
279 ECP_POINT_INIT_XY_Z0(secp192r1_T_3_X, secp192r1_T_3_Y),
280 ECP_POINT_INIT_XY_Z0(secp192r1_T_4_X, secp192r1_T_4_Y),
281 ECP_POINT_INIT_XY_Z0(secp192r1_T_5_X, secp192r1_T_5_Y),
282 ECP_POINT_INIT_XY_Z0(secp192r1_T_6_X, secp192r1_T_6_Y),
283 ECP_POINT_INIT_XY_Z0(secp192r1_T_7_X, secp192r1_T_7_Y),
284 ECP_POINT_INIT_XY_Z0(secp192r1_T_8_X, secp192r1_T_8_Y),
285 ECP_POINT_INIT_XY_Z0(secp192r1_T_9_X, secp192r1_T_9_Y),
286 ECP_POINT_INIT_XY_Z0(secp192r1_T_10_X, secp192r1_T_10_Y),
287 ECP_POINT_INIT_XY_Z0(secp192r1_T_11_X, secp192r1_T_11_Y),
288 ECP_POINT_INIT_XY_Z0(secp192r1_T_12_X, secp192r1_T_12_Y),
289 ECP_POINT_INIT_XY_Z0(secp192r1_T_13_X, secp192r1_T_13_Y),
290 ECP_POINT_INIT_XY_Z0(secp192r1_T_14_X, secp192r1_T_14_Y),
291 ECP_POINT_INIT_XY_Z0(secp192r1_T_15_X, secp192r1_T_15_Y),
292};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]293# else
294# define secp192r1_T NULL
295# endif
296# endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]297
298/*
299 * Domain parameters for secp224r1
300 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]301# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]302static const mbedtls_mpi_uint secp224r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]303 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
304 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
305 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
306 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]307};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]308static const mbedtls_mpi_uint secp224r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]309 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27),
310 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50),
311 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C),
312 MBEDTLS_BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]313};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]314static const mbedtls_mpi_uint secp224r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]315 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34),
316 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A),
317 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B),
318 MBEDTLS_BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]319};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]320static const mbedtls_mpi_uint secp224r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]321 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44),
322 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD),
323 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5),
324 MBEDTLS_BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]325};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]326static const mbedtls_mpi_uint secp224r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]327 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13),
328 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF),
329 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
330 MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]331};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]332# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]333static const mbedtls_mpi_uint secp224r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]334 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34),
335 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A),
336 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B),
337 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]338};
339static const mbedtls_mpi_uint secp224r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]340 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44),
341 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD),
342 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5),
343 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]344};
345static const mbedtls_mpi_uint secp224r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]346 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA),
347 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E),
348 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01),
349 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]350};
351static const mbedtls_mpi_uint secp224r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]352 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58),
353 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C),
354 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25),
355 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]356};
357static const mbedtls_mpi_uint secp224r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]358 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3),
359 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65),
360 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1),
361 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]362};
363static const mbedtls_mpi_uint secp224r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]364 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6),
365 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45),
366 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A),
367 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]368};
369static const mbedtls_mpi_uint secp224r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]370 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2),
371 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64),
372 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA),
373 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]374};
375static const mbedtls_mpi_uint secp224r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]376 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76),
377 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42),
378 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98),
379 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]380};
381static const mbedtls_mpi_uint secp224r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]382 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7),
383 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61),
384 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45),
385 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]386};
387static const mbedtls_mpi_uint secp224r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]388 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8),
389 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA),
390 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA),
391 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]392};
393static const mbedtls_mpi_uint secp224r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]394 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1),
395 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2),
396 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE),
397 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]398};
399static const mbedtls_mpi_uint secp224r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]400 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48),
401 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D),
402 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D),
403 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]404};
405static const mbedtls_mpi_uint secp224r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]406 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC),
407 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71),
408 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF),
409 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]410};
411static const mbedtls_mpi_uint secp224r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]412 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85),
413 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F),
414 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92),
415 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]416};
417static const mbedtls_mpi_uint secp224r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]418 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58),
419 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F),
420 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6),
421 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]422};
423static const mbedtls_mpi_uint secp224r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]424 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10),
425 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02),
426 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D),
427 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]428};
429static const mbedtls_mpi_uint secp224r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]430 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF),
431 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17),
432 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD),
433 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]434};
435static const mbedtls_mpi_uint secp224r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]436 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE),
437 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A),
438 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45),
439 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]440};
441static const mbedtls_mpi_uint secp224r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]442 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0),
443 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82),
444 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9),
445 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]446};
447static const mbedtls_mpi_uint secp224r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]448 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79),
449 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E),
450 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58),
451 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]452};
453static const mbedtls_mpi_uint secp224r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]454 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA),
455 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74),
456 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C),
457 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]458};
459static const mbedtls_mpi_uint secp224r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]460 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E),
461 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C),
462 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25),
463 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]464};
465static const mbedtls_mpi_uint secp224r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]466 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1),
467 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35),
468 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB),
469 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]470};
471static const mbedtls_mpi_uint secp224r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]472 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B),
473 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D),
474 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8),
475 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]476};
477static const mbedtls_mpi_uint secp224r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]478 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE),
479 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5),
480 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46),
481 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]482};
483static const mbedtls_mpi_uint secp224r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]484 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39),
485 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40),
486 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE),
487 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]488};
489static const mbedtls_mpi_uint secp224r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]490 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E),
491 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F),
492 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A),
493 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]494};
495static const mbedtls_mpi_uint secp224r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]496 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD),
497 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8),
498 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2),
499 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]500};
501static const mbedtls_mpi_uint secp224r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]502 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07),
503 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE),
504 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E),
505 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]506};
507static const mbedtls_mpi_uint secp224r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]508 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3),
509 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B),
510 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04),
511 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]512};
513static const mbedtls_mpi_uint secp224r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]514 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3),
515 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A),
516 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63),
517 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]518};
519static const mbedtls_mpi_uint secp224r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]520 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45),
521 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6),
522 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79),
523 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]524};
525static const mbedtls_ecp_point secp224r1_T[16] = {
526 ECP_POINT_INIT_XY_Z1(secp224r1_T_0_X, secp224r1_T_0_Y),
527 ECP_POINT_INIT_XY_Z0(secp224r1_T_1_X, secp224r1_T_1_Y),
528 ECP_POINT_INIT_XY_Z0(secp224r1_T_2_X, secp224r1_T_2_Y),
529 ECP_POINT_INIT_XY_Z0(secp224r1_T_3_X, secp224r1_T_3_Y),
530 ECP_POINT_INIT_XY_Z0(secp224r1_T_4_X, secp224r1_T_4_Y),
531 ECP_POINT_INIT_XY_Z0(secp224r1_T_5_X, secp224r1_T_5_Y),
532 ECP_POINT_INIT_XY_Z0(secp224r1_T_6_X, secp224r1_T_6_Y),
533 ECP_POINT_INIT_XY_Z0(secp224r1_T_7_X, secp224r1_T_7_Y),
534 ECP_POINT_INIT_XY_Z0(secp224r1_T_8_X, secp224r1_T_8_Y),
535 ECP_POINT_INIT_XY_Z0(secp224r1_T_9_X, secp224r1_T_9_Y),
536 ECP_POINT_INIT_XY_Z0(secp224r1_T_10_X, secp224r1_T_10_Y),
537 ECP_POINT_INIT_XY_Z0(secp224r1_T_11_X, secp224r1_T_11_Y),
538 ECP_POINT_INIT_XY_Z0(secp224r1_T_12_X, secp224r1_T_12_Y),
539 ECP_POINT_INIT_XY_Z0(secp224r1_T_13_X, secp224r1_T_13_Y),
540 ECP_POINT_INIT_XY_Z0(secp224r1_T_14_X, secp224r1_T_14_Y),
541 ECP_POINT_INIT_XY_Z0(secp224r1_T_15_X, secp224r1_T_15_Y),
542};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]543# else
544# define secp224r1_T NULL
545# endif
546# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]547
548/*
549 * Domain parameters for secp256r1
550 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]551# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]552static const mbedtls_mpi_uint secp256r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]553 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
554 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
555 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
556 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]557};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]558static const mbedtls_mpi_uint secp256r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]559 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B),
560 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65),
561 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3),
562 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]563};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]564static const mbedtls_mpi_uint secp256r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]565 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4),
566 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77),
567 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8),
568 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]569};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]570static const mbedtls_mpi_uint secp256r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]571 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB),
572 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B),
573 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E),
574 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]575};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]576static const mbedtls_mpi_uint secp256r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]577 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3),
578 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC),
579 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
580 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]581};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]582# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]583static const mbedtls_mpi_uint secp256r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]584 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4),
585 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77),
586 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8),
587 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]588};
589static const mbedtls_mpi_uint secp256r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]590 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB),
591 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B),
592 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E),
593 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]594};
595static const mbedtls_mpi_uint secp256r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]596 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7),
597 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59),
598 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF),
599 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]600};
601static const mbedtls_mpi_uint secp256r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]602 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE),
603 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62),
604 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7),
605 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]606};
607static const mbedtls_mpi_uint secp256r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]608 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD),
609 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6),
610 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28),
611 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]612};
613static const mbedtls_mpi_uint secp256r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]614 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F),
615 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3),
616 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1),
617 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]618};
619static const mbedtls_mpi_uint secp256r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]620 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE),
621 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3),
622 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB),
623 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]624};
625static const mbedtls_mpi_uint secp256r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]626 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89),
627 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22),
628 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F),
629 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]630};
631static const mbedtls_mpi_uint secp256r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]632 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B),
633 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7),
634 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F),
635 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]636};
637static const mbedtls_mpi_uint secp256r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]638 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A),
639 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5),
640 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40),
641 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]642};
643static const mbedtls_mpi_uint secp256r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]644 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D),
645 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05),
646 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76),
647 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]648};
649static const mbedtls_mpi_uint secp256r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]650 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53),
651 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B),
652 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11),
653 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]654};
655static const mbedtls_mpi_uint secp256r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]656 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D),
657 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13),
658 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD),
659 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]660};
661static const mbedtls_mpi_uint secp256r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]662 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02),
663 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67),
664 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C),
665 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]666};
667static const mbedtls_mpi_uint secp256r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]668 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE),
669 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50),
670 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3),
671 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]672};
673static const mbedtls_mpi_uint secp256r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]674 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC),
675 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0),
676 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E),
677 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]678};
679static const mbedtls_mpi_uint secp256r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]680 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93),
681 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8),
682 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D),
683 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]684};
685static const mbedtls_mpi_uint secp256r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]686 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3),
687 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43),
688 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19),
689 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]690};
691static const mbedtls_mpi_uint secp256r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]692 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8),
693 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE),
694 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10),
695 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]696};
697static const mbedtls_mpi_uint secp256r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]698 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E),
699 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48),
700 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A),
701 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]702};
703static const mbedtls_mpi_uint secp256r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]704 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D),
705 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA),
706 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55),
707 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]708};
709static const mbedtls_mpi_uint secp256r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]710 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38),
711 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C),
712 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24),
713 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]714};
715static const mbedtls_mpi_uint secp256r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]716 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2),
717 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F),
718 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9),
719 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]720};
721static const mbedtls_mpi_uint secp256r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]722 MBEDTLS_BYTES_TO_T_UINT_8(0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A),
723 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92),
724 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81),
725 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]726};
727static const mbedtls_mpi_uint secp256r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]728 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F),
729 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F),
730 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B),
731 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]732};
733static const mbedtls_mpi_uint secp256r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]734 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F),
735 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67),
736 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3),
737 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]738};
739static const mbedtls_mpi_uint secp256r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]740 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3),
741 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40),
742 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4),
743 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]744};
745static const mbedtls_mpi_uint secp256r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]746 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2),
747 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D),
748 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3),
749 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]750};
751static const mbedtls_mpi_uint secp256r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]752 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52),
753 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68),
754 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A),
755 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]756};
757static const mbedtls_mpi_uint secp256r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]758 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D),
759 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60),
760 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97),
761 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]762};
763static const mbedtls_mpi_uint secp256r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]764 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E),
765 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A),
766 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76),
767 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]768};
769static const mbedtls_mpi_uint secp256r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]770 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB),
771 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10),
772 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61),
773 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]774};
775static const mbedtls_ecp_point secp256r1_T[16] = {
776 ECP_POINT_INIT_XY_Z1(secp256r1_T_0_X, secp256r1_T_0_Y),
777 ECP_POINT_INIT_XY_Z0(secp256r1_T_1_X, secp256r1_T_1_Y),
778 ECP_POINT_INIT_XY_Z0(secp256r1_T_2_X, secp256r1_T_2_Y),
779 ECP_POINT_INIT_XY_Z0(secp256r1_T_3_X, secp256r1_T_3_Y),
780 ECP_POINT_INIT_XY_Z0(secp256r1_T_4_X, secp256r1_T_4_Y),
781 ECP_POINT_INIT_XY_Z0(secp256r1_T_5_X, secp256r1_T_5_Y),
782 ECP_POINT_INIT_XY_Z0(secp256r1_T_6_X, secp256r1_T_6_Y),
783 ECP_POINT_INIT_XY_Z0(secp256r1_T_7_X, secp256r1_T_7_Y),
784 ECP_POINT_INIT_XY_Z0(secp256r1_T_8_X, secp256r1_T_8_Y),
785 ECP_POINT_INIT_XY_Z0(secp256r1_T_9_X, secp256r1_T_9_Y),
786 ECP_POINT_INIT_XY_Z0(secp256r1_T_10_X, secp256r1_T_10_Y),
787 ECP_POINT_INIT_XY_Z0(secp256r1_T_11_X, secp256r1_T_11_Y),
788 ECP_POINT_INIT_XY_Z0(secp256r1_T_12_X, secp256r1_T_12_Y),
789 ECP_POINT_INIT_XY_Z0(secp256r1_T_13_X, secp256r1_T_13_Y),
790 ECP_POINT_INIT_XY_Z0(secp256r1_T_14_X, secp256r1_T_14_Y),
791 ECP_POINT_INIT_XY_Z0(secp256r1_T_15_X, secp256r1_T_15_Y),
792};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]793# else
794# define secp256r1_T NULL
795# endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]796
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]797# endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]798
799/*
800 * Domain parameters for secp384r1
801 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]802# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]803static const mbedtls_mpi_uint secp384r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]804 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
805 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
806 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
807 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
808 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
809 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]810};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]811static const mbedtls_mpi_uint secp384r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]812 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A),
813 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6),
814 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03),
815 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18),
816 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98),
817 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]818};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]819static const mbedtls_mpi_uint secp384r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]820 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A),
821 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55),
822 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59),
823 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E),
824 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E),
825 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]826};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]827static const mbedtls_mpi_uint secp384r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]828 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A),
829 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A),
830 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9),
831 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8),
832 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D),
833 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]834};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]835static const mbedtls_mpi_uint secp384r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]836 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC),
837 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58),
838 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7),
839 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
840 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
841 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]842};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]843# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]844static const mbedtls_mpi_uint secp384r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]845 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A),
846 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55),
847 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59),
848 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E),
849 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E),
850 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]851};
852static const mbedtls_mpi_uint secp384r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]853 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A),
854 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A),
855 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9),
856 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8),
857 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D),
858 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]859};
860static const mbedtls_mpi_uint secp384r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]861 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37),
862 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC),
863 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7),
864 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85),
865 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC),
866 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]867};
868static const mbedtls_mpi_uint secp384r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]869 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA),
870 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C),
871 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A),
872 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94),
873 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9),
874 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]875};
876static const mbedtls_mpi_uint secp384r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]877 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98),
878 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58),
879 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67),
880 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E),
881 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7),
882 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]883};
884static const mbedtls_mpi_uint secp384r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]885 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6),
886 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E),
887 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75),
888 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1),
889 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00),
890 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]891};
892static const mbedtls_mpi_uint secp384r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]893 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16),
894 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3),
895 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A),
896 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF),
897 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58),
898 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]899};
900static const mbedtls_mpi_uint secp384r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]901 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7),
902 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34),
903 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71),
904 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE),
905 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30),
906 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]907};
908static const mbedtls_mpi_uint secp384r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]909 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30),
910 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90),
911 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3),
912 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B),
913 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56),
914 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]915};
916static const mbedtls_mpi_uint secp384r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]917 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16),
918 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB),
919 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D),
920 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6),
921 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0),
922 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]923};
924static const mbedtls_mpi_uint secp384r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]925 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50),
926 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE),
927 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38),
928 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23),
929 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F),
930 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]931};
932static const mbedtls_mpi_uint secp384r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]933 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97),
934 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17),
935 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D),
936 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7),
937 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC),
938 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]939};
940static const mbedtls_mpi_uint secp384r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]941 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A),
942 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB),
943 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B),
944 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D),
945 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5),
946 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]947};
948static const mbedtls_mpi_uint secp384r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]949 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED),
950 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92),
951 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C),
952 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E),
953 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C),
954 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]955};
956static const mbedtls_mpi_uint secp384r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]957 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B),
958 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03),
959 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB),
960 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE),
961 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4),
962 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]963};
964static const mbedtls_mpi_uint secp384r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]965 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B),
966 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38),
967 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B),
968 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5),
969 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01),
970 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]971};
972static const mbedtls_mpi_uint secp384r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]973 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2),
974 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5),
975 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8),
976 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE),
977 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90),
978 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]979};
980static const mbedtls_mpi_uint secp384r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]981 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5),
982 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6),
983 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04),
984 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B),
985 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D),
986 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]987};
988static const mbedtls_mpi_uint secp384r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]989 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56),
990 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E),
991 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07),
992 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0),
993 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB),
994 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]995};
996static const mbedtls_mpi_uint secp384r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]997 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9),
998 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46),
999 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C),
1000 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8),
1001 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99),
1002 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1003};
1004static const mbedtls_mpi_uint secp384r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1005 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63),
1006 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23),
1007 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8),
1008 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4),
1009 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A),
1010 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1011};
1012static const mbedtls_mpi_uint secp384r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1013 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84),
1014 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2),
1015 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67),
1016 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8),
1017 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03),
1018 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1019};
1020static const mbedtls_mpi_uint secp384r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1021 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C),
1022 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE),
1023 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74),
1024 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50),
1025 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45),
1026 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1027};
1028static const mbedtls_mpi_uint secp384r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1029 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E),
1030 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2),
1031 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04),
1032 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45),
1033 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D),
1034 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1035};
1036static const mbedtls_mpi_uint secp384r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1037 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69),
1038 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1),
1039 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96),
1040 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17),
1041 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2),
1042 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1043};
1044static const mbedtls_mpi_uint secp384r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1045 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2),
1046 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81),
1047 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F),
1048 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96),
1049 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30),
1050 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1051};
1052static const mbedtls_mpi_uint secp384r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1053 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA),
1054 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71),
1055 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B),
1056 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01),
1057 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F),
1058 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1059};
1060static const mbedtls_mpi_uint secp384r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1061 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2),
1062 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D),
1063 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51),
1064 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04),
1065 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B),
1066 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1067};
1068static const mbedtls_mpi_uint secp384r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1069 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D),
1070 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47),
1071 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE),
1072 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF),
1073 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B),
1074 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1075};
1076static const mbedtls_mpi_uint secp384r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1077 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69),
1078 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87),
1079 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B),
1080 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D),
1081 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50),
1082 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1083};
1084static const mbedtls_mpi_uint secp384r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1085 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C),
1086 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50),
1087 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB),
1088 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93),
1089 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C),
1090 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1091};
1092static const mbedtls_mpi_uint secp384r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1093 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15),
1094 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74),
1095 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45),
1096 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3),
1097 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC),
1098 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1099};
1100static const mbedtls_mpi_uint secp384r1_T_16_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1101 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94),
1102 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE),
1103 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E),
1104 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F),
1105 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28),
1106 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1107};
1108static const mbedtls_mpi_uint secp384r1_T_16_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1109 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4),
1110 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20),
1111 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D),
1112 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D),
1113 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98),
1114 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1115};
1116static const mbedtls_mpi_uint secp384r1_T_17_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1117 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56),
1118 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05),
1119 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01),
1120 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C),
1121 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE),
1122 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1123};
1124static const mbedtls_mpi_uint secp384r1_T_17_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1125 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77),
1126 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD),
1127 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57),
1128 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48),
1129 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D),
1130 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1131};
1132static const mbedtls_mpi_uint secp384r1_T_18_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1133 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E),
1134 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE),
1135 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB),
1136 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32),
1137 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D),
1138 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1139};
1140static const mbedtls_mpi_uint secp384r1_T_18_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1141 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B),
1142 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC),
1143 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC),
1144 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59),
1145 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C),
1146 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1147};
1148static const mbedtls_mpi_uint secp384r1_T_19_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1149 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54),
1150 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F),
1151 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B),
1152 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22),
1153 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB),
1154 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1155};
1156static const mbedtls_mpi_uint secp384r1_T_19_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1157 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59),
1158 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3),
1159 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F),
1160 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81),
1161 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3),
1162 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1163};
1164static const mbedtls_mpi_uint secp384r1_T_20_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1165 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60),
1166 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA),
1167 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E),
1168 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B),
1169 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C),
1170 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1171};
1172static const mbedtls_mpi_uint secp384r1_T_20_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1173 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5),
1174 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60),
1175 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5),
1176 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC),
1177 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE),
1178 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1179};
1180static const mbedtls_mpi_uint secp384r1_T_21_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1181 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6),
1182 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42),
1183 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89),
1184 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18),
1185 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C),
1186 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1187};
1188static const mbedtls_mpi_uint secp384r1_T_21_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1189 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99),
1190 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A),
1191 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18),
1192 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31),
1193 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69),
1194 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1195};
1196static const mbedtls_mpi_uint secp384r1_T_22_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1197 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C),
1198 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6),
1199 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A),
1200 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49),
1201 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB),
1202 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1203};
1204static const mbedtls_mpi_uint secp384r1_T_22_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1205 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51),
1206 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0),
1207 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA),
1208 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A),
1209 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77),
1210 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1211};
1212static const mbedtls_mpi_uint secp384r1_T_23_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1213 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C),
1214 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1),
1215 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F),
1216 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5),
1217 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55),
1218 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1219};
1220static const mbedtls_mpi_uint secp384r1_T_23_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1221 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23),
1222 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05),
1223 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01),
1224 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8),
1225 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96),
1226 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1227};
1228static const mbedtls_mpi_uint secp384r1_T_24_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1229 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49),
1230 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF),
1231 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30),
1232 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6),
1233 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6),
1234 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1235};
1236static const mbedtls_mpi_uint secp384r1_T_24_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1237 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75),
1238 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F),
1239 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B),
1240 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66),
1241 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24),
1242 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1243};
1244static const mbedtls_mpi_uint secp384r1_T_25_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1245 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0),
1246 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE),
1247 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55),
1248 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42),
1249 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82),
1250 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1251};
1252static const mbedtls_mpi_uint secp384r1_T_25_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1253 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52),
1254 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02),
1255 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C),
1256 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17),
1257 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28),
1258 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1259};
1260static const mbedtls_mpi_uint secp384r1_T_26_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1261 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65),
1262 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4),
1263 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04),
1264 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C),
1265 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21),
1266 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1267};
1268static const mbedtls_mpi_uint secp384r1_T_26_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1269 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F),
1270 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89),
1271 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A),
1272 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2),
1273 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B),
1274 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1275};
1276static const mbedtls_mpi_uint secp384r1_T_27_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1277 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93),
1278 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B),
1279 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C),
1280 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84),
1281 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0),
1282 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1283};
1284static const mbedtls_mpi_uint secp384r1_T_27_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1285 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15),
1286 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D),
1287 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04),
1288 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53),
1289 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1),
1290 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1291};
1292static const mbedtls_mpi_uint secp384r1_T_28_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1293 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC),
1294 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6),
1295 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41),
1296 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC),
1297 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6),
1298 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1299};
1300static const mbedtls_mpi_uint secp384r1_T_28_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1301 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4),
1302 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80),
1303 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46),
1304 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C),
1305 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF),
1306 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1307};
1308static const mbedtls_mpi_uint secp384r1_T_29_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1309 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1),
1310 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C),
1311 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F),
1312 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC),
1313 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F),
1314 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1315};
1316static const mbedtls_mpi_uint secp384r1_T_29_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1317 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09),
1318 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44),
1319 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62),
1320 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67),
1321 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66),
1322 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1323};
1324static const mbedtls_mpi_uint secp384r1_T_30_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1325 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF),
1326 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B),
1327 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55),
1328 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34),
1329 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C),
1330 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1331};
1332static const mbedtls_mpi_uint secp384r1_T_30_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1333 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4),
1334 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B),
1335 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62),
1336 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C),
1337 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E),
1338 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1339};
1340static const mbedtls_mpi_uint secp384r1_T_31_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1341 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03),
1342 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF),
1343 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF),
1344 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C),
1345 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE),
1346 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1347};
1348static const mbedtls_mpi_uint secp384r1_T_31_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1349 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28),
1350 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60),
1351 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A),
1352 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9),
1353 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5),
1354 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1355};
1356static const mbedtls_ecp_point secp384r1_T[32] = {
1357 ECP_POINT_INIT_XY_Z1(secp384r1_T_0_X, secp384r1_T_0_Y),
1358 ECP_POINT_INIT_XY_Z0(secp384r1_T_1_X, secp384r1_T_1_Y),
1359 ECP_POINT_INIT_XY_Z0(secp384r1_T_2_X, secp384r1_T_2_Y),
1360 ECP_POINT_INIT_XY_Z0(secp384r1_T_3_X, secp384r1_T_3_Y),
1361 ECP_POINT_INIT_XY_Z0(secp384r1_T_4_X, secp384r1_T_4_Y),
1362 ECP_POINT_INIT_XY_Z0(secp384r1_T_5_X, secp384r1_T_5_Y),
1363 ECP_POINT_INIT_XY_Z0(secp384r1_T_6_X, secp384r1_T_6_Y),
1364 ECP_POINT_INIT_XY_Z0(secp384r1_T_7_X, secp384r1_T_7_Y),
1365 ECP_POINT_INIT_XY_Z0(secp384r1_T_8_X, secp384r1_T_8_Y),
1366 ECP_POINT_INIT_XY_Z0(secp384r1_T_9_X, secp384r1_T_9_Y),
1367 ECP_POINT_INIT_XY_Z0(secp384r1_T_10_X, secp384r1_T_10_Y),
1368 ECP_POINT_INIT_XY_Z0(secp384r1_T_11_X, secp384r1_T_11_Y),
1369 ECP_POINT_INIT_XY_Z0(secp384r1_T_12_X, secp384r1_T_12_Y),
1370 ECP_POINT_INIT_XY_Z0(secp384r1_T_13_X, secp384r1_T_13_Y),
1371 ECP_POINT_INIT_XY_Z0(secp384r1_T_14_X, secp384r1_T_14_Y),
1372 ECP_POINT_INIT_XY_Z0(secp384r1_T_15_X, secp384r1_T_15_Y),
1373 ECP_POINT_INIT_XY_Z0(secp384r1_T_16_X, secp384r1_T_16_Y),
1374 ECP_POINT_INIT_XY_Z0(secp384r1_T_17_X, secp384r1_T_17_Y),
1375 ECP_POINT_INIT_XY_Z0(secp384r1_T_18_X, secp384r1_T_18_Y),
1376 ECP_POINT_INIT_XY_Z0(secp384r1_T_19_X, secp384r1_T_19_Y),
1377 ECP_POINT_INIT_XY_Z0(secp384r1_T_20_X, secp384r1_T_20_Y),
1378 ECP_POINT_INIT_XY_Z0(secp384r1_T_21_X, secp384r1_T_21_Y),
1379 ECP_POINT_INIT_XY_Z0(secp384r1_T_22_X, secp384r1_T_22_Y),
1380 ECP_POINT_INIT_XY_Z0(secp384r1_T_23_X, secp384r1_T_23_Y),
1381 ECP_POINT_INIT_XY_Z0(secp384r1_T_24_X, secp384r1_T_24_Y),
1382 ECP_POINT_INIT_XY_Z0(secp384r1_T_25_X, secp384r1_T_25_Y),
1383 ECP_POINT_INIT_XY_Z0(secp384r1_T_26_X, secp384r1_T_26_Y),
1384 ECP_POINT_INIT_XY_Z0(secp384r1_T_27_X, secp384r1_T_27_Y),
1385 ECP_POINT_INIT_XY_Z0(secp384r1_T_28_X, secp384r1_T_28_Y),
1386 ECP_POINT_INIT_XY_Z0(secp384r1_T_29_X, secp384r1_T_29_Y),
1387 ECP_POINT_INIT_XY_Z0(secp384r1_T_30_X, secp384r1_T_30_Y),
1388 ECP_POINT_INIT_XY_Z0(secp384r1_T_31_X, secp384r1_T_31_Y),
1389};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1390# else
1391# define secp384r1_T NULL
1392# endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1393
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1394# endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]1395
1396/*
1397 * Domain parameters for secp521r1
1398 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1399# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1400static const mbedtls_mpi_uint secp521r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1401 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1402 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1403 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1404 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1405 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1406 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1407 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1408 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1409 MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1410};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1411static const mbedtls_mpi_uint secp521r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1412 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF),
1413 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35),
1414 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16),
1415 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56),
1416 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8),
1417 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2),
1418 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92),
1419 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95),
1420 MBEDTLS_BYTES_TO_T_UINT_2(0x51, 0x00),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1421};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1422static const mbedtls_mpi_uint secp521r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1423 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9),
1424 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33),
1425 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE),
1426 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1),
1427 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8),
1428 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C),
1429 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E),
1430 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85),
1431 MBEDTLS_BYTES_TO_T_UINT_2(0xC6, 0x00),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1432};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1433static const mbedtls_mpi_uint secp521r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1434 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88),
1435 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35),
1436 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5),
1437 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97),
1438 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17),
1439 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98),
1440 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C),
1441 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39),
1442 MBEDTLS_BYTES_TO_T_UINT_2(0x18, 0x01),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1443};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1444static const mbedtls_mpi_uint secp521r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1445 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB),
1446 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B),
1447 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F),
1448 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51),
1449 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1450 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1451 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1452 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
1453 MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1454};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1455# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1456static const mbedtls_mpi_uint secp521r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1457 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9),
1458 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33),
1459 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE),
1460 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1),
1461 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8),
1462 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C),
1463 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E),
1464 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85),
1465 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1466};
1467static const mbedtls_mpi_uint secp521r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1468 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88),
1469 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35),
1470 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5),
1471 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97),
1472 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17),
1473 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98),
1474 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C),
1475 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39),
1476 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1477};
1478static const mbedtls_mpi_uint secp521r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1479 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA),
1480 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67),
1481 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32),
1482 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53),
1483 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB),
1484 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29),
1485 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00),
1486 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40),
1487 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1488};
1489static const mbedtls_mpi_uint secp521r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1490 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA),
1491 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06),
1492 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78),
1493 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D),
1494 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3),
1495 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32),
1496 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41),
1497 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF),
1498 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1499};
1500static const mbedtls_mpi_uint secp521r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1501 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36),
1502 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA),
1503 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D),
1504 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13),
1505 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02),
1506 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9),
1507 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE),
1508 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2),
1509 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1510};
1511static const mbedtls_mpi_uint secp521r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1512 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED),
1513 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA),
1514 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48),
1515 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D),
1516 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11),
1517 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39),
1518 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69),
1519 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA),
1520 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1521};
1522static const mbedtls_mpi_uint secp521r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1523 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7),
1524 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD),
1525 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52),
1526 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5),
1527 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD),
1528 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF),
1529 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA),
1530 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78),
1531 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1532};
1533static const mbedtls_mpi_uint secp521r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1534 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6),
1535 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41),
1536 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14),
1537 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51),
1538 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D),
1539 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12),
1540 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4),
1541 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86),
1542 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1543};
1544static const mbedtls_mpi_uint secp521r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1545 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B),
1546 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84),
1547 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67),
1548 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1),
1549 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B),
1550 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1),
1551 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8),
1552 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E),
1553 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1554};
1555static const mbedtls_mpi_uint secp521r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1556 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51),
1557 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C),
1558 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3),
1559 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB),
1560 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD),
1561 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92),
1562 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA),
1563 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1),
1564 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1565};
1566static const mbedtls_mpi_uint secp521r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1567 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7),
1568 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03),
1569 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21),
1570 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC),
1571 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27),
1572 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6),
1573 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57),
1574 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8),
1575 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1576};
1577static const mbedtls_mpi_uint secp521r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1578 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87),
1579 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5),
1580 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D),
1581 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15),
1582 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B),
1583 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77),
1584 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12),
1585 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46),
1586 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1587};
1588static const mbedtls_mpi_uint secp521r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1589 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A),
1590 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D),
1591 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D),
1592 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82),
1593 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82),
1594 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7),
1595 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40),
1596 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40),
1597 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1598};
1599static const mbedtls_mpi_uint secp521r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1600 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9),
1601 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84),
1602 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC),
1603 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3),
1604 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1),
1605 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42),
1606 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C),
1607 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22),
1608 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1609};
1610static const mbedtls_mpi_uint secp521r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1611 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51),
1612 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93),
1613 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98),
1614 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB),
1615 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39),
1616 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1),
1617 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6),
1618 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE),
1619 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1620};
1621static const mbedtls_mpi_uint secp521r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1622 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4),
1623 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68),
1624 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F),
1625 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36),
1626 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF),
1627 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68),
1628 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6),
1629 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C),
1630 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1631};
1632static const mbedtls_mpi_uint secp521r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1633 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66),
1634 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E),
1635 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0),
1636 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C),
1637 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85),
1638 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5),
1639 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60),
1640 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18),
1641 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1642};
1643static const mbedtls_mpi_uint secp521r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1644 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6),
1645 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37),
1646 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C),
1647 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A),
1648 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46),
1649 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D),
1650 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09),
1651 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91),
1652 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1653};
1654static const mbedtls_mpi_uint secp521r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1655 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72),
1656 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF),
1657 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6),
1658 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39),
1659 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1),
1660 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98),
1661 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD),
1662 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2),
1663 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1664};
1665static const mbedtls_mpi_uint secp521r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1666 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33),
1667 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E),
1668 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1),
1669 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29),
1670 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8),
1671 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42),
1672 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1),
1673 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85),
1674 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1675};
1676static const mbedtls_mpi_uint secp521r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1677 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55),
1678 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1),
1679 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07),
1680 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05),
1681 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20),
1682 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3),
1683 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07),
1684 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF),
1685 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1686};
1687static const mbedtls_mpi_uint secp521r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1688 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5),
1689 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2),
1690 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C),
1691 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97),
1692 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3),
1693 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57),
1694 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12),
1695 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63),
1696 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1697};
1698static const mbedtls_mpi_uint secp521r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1699 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F),
1700 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56),
1701 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7),
1702 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58),
1703 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB),
1704 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB),
1705 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8),
1706 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57),
1707 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1708};
1709static const mbedtls_mpi_uint secp521r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1710 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E),
1711 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3),
1712 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A),
1713 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C),
1714 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F),
1715 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B),
1716 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B),
1717 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA),
1718 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1719};
1720static const mbedtls_mpi_uint secp521r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1721 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB),
1722 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26),
1723 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13),
1724 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B),
1725 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78),
1726 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32),
1727 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52),
1728 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F),
1729 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1730};
1731static const mbedtls_mpi_uint secp521r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1732 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78),
1733 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42),
1734 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F),
1735 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF),
1736 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE),
1737 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC),
1738 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4),
1739 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47),
1740 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1741};
1742static const mbedtls_mpi_uint secp521r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1743 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95),
1744 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D),
1745 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32),
1746 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D),
1747 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA),
1748 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC),
1749 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5),
1750 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9),
1751 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1752};
1753static const mbedtls_mpi_uint secp521r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1754 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C),
1755 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97),
1756 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E),
1757 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D),
1758 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF),
1759 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E),
1760 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1),
1761 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A),
1762 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1763};
1764static const mbedtls_mpi_uint secp521r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1765 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1),
1766 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B),
1767 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB),
1768 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35),
1769 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58),
1770 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38),
1771 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D),
1772 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23),
1773 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1774};
1775static const mbedtls_mpi_uint secp521r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1776 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD),
1777 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6),
1778 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28),
1779 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11),
1780 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91),
1781 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0),
1782 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B),
1783 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22),
1784 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1785};
1786static const mbedtls_mpi_uint secp521r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1787 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7),
1788 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA),
1789 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84),
1790 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42),
1791 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44),
1792 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0),
1793 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5),
1794 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9),
1795 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1796};
1797static const mbedtls_mpi_uint secp521r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1798 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9),
1799 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87),
1800 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7),
1801 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20),
1802 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77),
1803 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5),
1804 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE),
1805 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3),
1806 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1807};
1808static const mbedtls_mpi_uint secp521r1_T_16_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1809 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF),
1810 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF),
1811 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9),
1812 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33),
1813 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71),
1814 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31),
1815 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D),
1816 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B),
1817 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1818};
1819static const mbedtls_mpi_uint secp521r1_T_16_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1820 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30),
1821 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA),
1822 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54),
1823 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C),
1824 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B),
1825 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42),
1826 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F),
1827 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23),
1828 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1829};
1830static const mbedtls_mpi_uint secp521r1_T_17_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1831 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94),
1832 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D),
1833 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2),
1834 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE),
1835 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11),
1836 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01),
1837 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26),
1838 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47),
1839 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1840};
1841static const mbedtls_mpi_uint secp521r1_T_17_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1842 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20),
1843 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE),
1844 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07),
1845 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF),
1846 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81),
1847 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F),
1848 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61),
1849 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81),
1850 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1851};
1852static const mbedtls_mpi_uint secp521r1_T_18_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1853 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56),
1854 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3),
1855 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99),
1856 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E),
1857 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F),
1858 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC),
1859 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34),
1860 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D),
1861 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1862};
1863static const mbedtls_mpi_uint secp521r1_T_18_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1864 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47),
1865 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6),
1866 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD),
1867 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E),
1868 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C),
1869 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C),
1870 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70),
1871 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70),
1872 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1873};
1874static const mbedtls_mpi_uint secp521r1_T_19_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1875 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB),
1876 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45),
1877 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF),
1878 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B),
1879 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60),
1880 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9),
1881 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C),
1882 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72),
1883 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1884};
1885static const mbedtls_mpi_uint secp521r1_T_19_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1886 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28),
1887 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA),
1888 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2),
1889 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33),
1890 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38),
1891 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D),
1892 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14),
1893 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63),
1894 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1895};
1896static const mbedtls_mpi_uint secp521r1_T_20_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1897 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03),
1898 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86),
1899 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68),
1900 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96),
1901 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0),
1902 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54),
1903 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7),
1904 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65),
1905 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1906};
1907static const mbedtls_mpi_uint secp521r1_T_20_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1908 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8),
1909 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10),
1910 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64),
1911 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA),
1912 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4),
1913 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F),
1914 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E),
1915 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0),
1916 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1917};
1918static const mbedtls_mpi_uint secp521r1_T_21_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1919 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E),
1920 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67),
1921 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA),
1922 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE),
1923 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11),
1924 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28),
1925 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06),
1926 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9),
1927 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1928};
1929static const mbedtls_mpi_uint secp521r1_T_21_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1930 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5),
1931 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1),
1932 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08),
1933 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88),
1934 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27),
1935 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15),
1936 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E),
1937 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D),
1938 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1939};
1940static const mbedtls_mpi_uint secp521r1_T_22_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1941 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8),
1942 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E),
1943 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9),
1944 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8),
1945 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6),
1946 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67),
1947 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42),
1948 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA),
1949 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1950};
1951static const mbedtls_mpi_uint secp521r1_T_22_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1952 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44),
1953 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32),
1954 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10),
1955 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8),
1956 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C),
1957 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3),
1958 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2),
1959 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86),
1960 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1961};
1962static const mbedtls_mpi_uint secp521r1_T_23_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1963 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E),
1964 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE),
1965 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41),
1966 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20),
1967 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97),
1968 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43),
1969 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E),
1970 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7),
1971 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1972};
1973static const mbedtls_mpi_uint secp521r1_T_23_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1974 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31),
1975 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26),
1976 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20),
1977 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27),
1978 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03),
1979 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38),
1980 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87),
1981 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C),
1982 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1983};
1984static const mbedtls_mpi_uint secp521r1_T_24_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1985 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A),
1986 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C),
1987 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC),
1988 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F),
1989 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15),
1990 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7),
1991 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF),
1992 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B),
1993 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1994};
1995static const mbedtls_mpi_uint secp521r1_T_24_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1996 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1),
1997 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F),
1998 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0),
1999 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96),
2000 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0),
2001 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F),
2002 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80),
2003 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F),
2004 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2005};
2006static const mbedtls_mpi_uint secp521r1_T_25_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2007 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08),
2008 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67),
2009 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2),
2010 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98),
2011 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85),
2012 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65),
2013 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38),
2014 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3),
2015 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2016};
2017static const mbedtls_mpi_uint secp521r1_T_25_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2018 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96),
2019 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC),
2020 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4),
2021 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93),
2022 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8),
2023 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0),
2024 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E),
2025 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6),
2026 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2027};
2028static const mbedtls_mpi_uint secp521r1_T_26_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2029 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA),
2030 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E),
2031 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8),
2032 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2),
2033 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC),
2034 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64),
2035 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61),
2036 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB),
2037 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2038};
2039static const mbedtls_mpi_uint secp521r1_T_26_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2040 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25),
2041 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81),
2042 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B),
2043 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5),
2044 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34),
2045 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3),
2046 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D),
2047 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5),
2048 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2049};
2050static const mbedtls_mpi_uint secp521r1_T_27_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2051 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C),
2052 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8),
2053 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B),
2054 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79),
2055 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94),
2056 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC),
2057 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42),
2058 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9),
2059 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2060};
2061static const mbedtls_mpi_uint secp521r1_T_27_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2062 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85),
2063 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35),
2064 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95),
2065 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01),
2066 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36),
2067 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8),
2068 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D),
2069 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9),
2070 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2071};
2072static const mbedtls_mpi_uint secp521r1_T_28_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2073 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8),
2074 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7),
2075 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55),
2076 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5),
2077 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6),
2078 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE),
2079 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E),
2080 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22),
2081 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2082};
2083static const mbedtls_mpi_uint secp521r1_T_28_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2084 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12),
2085 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7),
2086 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3),
2087 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E),
2088 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72),
2089 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E),
2090 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71),
2091 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2),
2092 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2093};
2094static const mbedtls_mpi_uint secp521r1_T_29_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2095 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE),
2096 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40),
2097 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74),
2098 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0),
2099 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB),
2100 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C),
2101 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF),
2102 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8),
2103 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2104};
2105static const mbedtls_mpi_uint secp521r1_T_29_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2106 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB),
2107 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86),
2108 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F),
2109 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01),
2110 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8),
2111 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6),
2112 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10),
2113 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47),
2114 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2115};
2116static const mbedtls_mpi_uint secp521r1_T_30_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2117 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66),
2118 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32),
2119 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC),
2120 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA),
2121 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9),
2122 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF),
2123 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3),
2124 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68),
2125 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2126};
2127static const mbedtls_mpi_uint secp521r1_T_30_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2128 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE),
2129 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89),
2130 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6),
2131 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D),
2132 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68),
2133 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61),
2134 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77),
2135 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42),
2136 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2137};
2138static const mbedtls_mpi_uint secp521r1_T_31_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2139 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27),
2140 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22),
2141 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23),
2142 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27),
2143 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B),
2144 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3),
2145 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1),
2146 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE),
2147 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2148};
2149static const mbedtls_mpi_uint secp521r1_T_31_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2150 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D),
2151 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22),
2152 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05),
2153 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4),
2154 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94),
2155 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22),
2156 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B),
2157 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51),
2158 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2159};
2160static const mbedtls_ecp_point secp521r1_T[32] = {
2161 ECP_POINT_INIT_XY_Z1(secp521r1_T_0_X, secp521r1_T_0_Y),
2162 ECP_POINT_INIT_XY_Z0(secp521r1_T_1_X, secp521r1_T_1_Y),
2163 ECP_POINT_INIT_XY_Z0(secp521r1_T_2_X, secp521r1_T_2_Y),
2164 ECP_POINT_INIT_XY_Z0(secp521r1_T_3_X, secp521r1_T_3_Y),
2165 ECP_POINT_INIT_XY_Z0(secp521r1_T_4_X, secp521r1_T_4_Y),
2166 ECP_POINT_INIT_XY_Z0(secp521r1_T_5_X, secp521r1_T_5_Y),
2167 ECP_POINT_INIT_XY_Z0(secp521r1_T_6_X, secp521r1_T_6_Y),
2168 ECP_POINT_INIT_XY_Z0(secp521r1_T_7_X, secp521r1_T_7_Y),
2169 ECP_POINT_INIT_XY_Z0(secp521r1_T_8_X, secp521r1_T_8_Y),
2170 ECP_POINT_INIT_XY_Z0(secp521r1_T_9_X, secp521r1_T_9_Y),
2171 ECP_POINT_INIT_XY_Z0(secp521r1_T_10_X, secp521r1_T_10_Y),
2172 ECP_POINT_INIT_XY_Z0(secp521r1_T_11_X, secp521r1_T_11_Y),
2173 ECP_POINT_INIT_XY_Z0(secp521r1_T_12_X, secp521r1_T_12_Y),
2174 ECP_POINT_INIT_XY_Z0(secp521r1_T_13_X, secp521r1_T_13_Y),
2175 ECP_POINT_INIT_XY_Z0(secp521r1_T_14_X, secp521r1_T_14_Y),
2176 ECP_POINT_INIT_XY_Z0(secp521r1_T_15_X, secp521r1_T_15_Y),
2177 ECP_POINT_INIT_XY_Z0(secp521r1_T_16_X, secp521r1_T_16_Y),
2178 ECP_POINT_INIT_XY_Z0(secp521r1_T_17_X, secp521r1_T_17_Y),
2179 ECP_POINT_INIT_XY_Z0(secp521r1_T_18_X, secp521r1_T_18_Y),
2180 ECP_POINT_INIT_XY_Z0(secp521r1_T_19_X, secp521r1_T_19_Y),
2181 ECP_POINT_INIT_XY_Z0(secp521r1_T_20_X, secp521r1_T_20_Y),
2182 ECP_POINT_INIT_XY_Z0(secp521r1_T_21_X, secp521r1_T_21_Y),
2183 ECP_POINT_INIT_XY_Z0(secp521r1_T_22_X, secp521r1_T_22_Y),
2184 ECP_POINT_INIT_XY_Z0(secp521r1_T_23_X, secp521r1_T_23_Y),
2185 ECP_POINT_INIT_XY_Z0(secp521r1_T_24_X, secp521r1_T_24_Y),
2186 ECP_POINT_INIT_XY_Z0(secp521r1_T_25_X, secp521r1_T_25_Y),
2187 ECP_POINT_INIT_XY_Z0(secp521r1_T_26_X, secp521r1_T_26_Y),
2188 ECP_POINT_INIT_XY_Z0(secp521r1_T_27_X, secp521r1_T_27_Y),
2189 ECP_POINT_INIT_XY_Z0(secp521r1_T_28_X, secp521r1_T_28_Y),
2190 ECP_POINT_INIT_XY_Z0(secp521r1_T_29_X, secp521r1_T_29_Y),
2191 ECP_POINT_INIT_XY_Z0(secp521r1_T_30_X, secp521r1_T_30_Y),
2192 ECP_POINT_INIT_XY_Z0(secp521r1_T_31_X, secp521r1_T_31_Y),
2193};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2194# else
2195# define secp521r1_T NULL
2196# endif
2197# endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]2198
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2199# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2200static const mbedtls_mpi_uint secp192k1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2201 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
2202 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2203 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2204};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2205static const mbedtls_mpi_uint secp192k1_a[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2206 MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2207};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2208static const mbedtls_mpi_uint secp192k1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2209 MBEDTLS_BYTES_TO_T_UINT_2(0x03, 0x00),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2210};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2211static const mbedtls_mpi_uint secp192k1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2212 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D),
2213 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26),
2214 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2215};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2216static const mbedtls_mpi_uint secp192k1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2217 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40),
2218 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84),
2219 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2220};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2221static const mbedtls_mpi_uint secp192k1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2222 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F),
2223 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF),
2224 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2225};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2226
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2227# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2228static const mbedtls_mpi_uint secp192k1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2229 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D),
2230 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26),
2231 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2232};
2233static const mbedtls_mpi_uint secp192k1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2234 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40),
2235 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84),
2236 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2237};
2238static const mbedtls_mpi_uint secp192k1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2239 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9),
2240 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54),
2241 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2242};
2243static const mbedtls_mpi_uint secp192k1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2244 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B),
2245 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9),
2246 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2247};
2248static const mbedtls_mpi_uint secp192k1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2249 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23),
2250 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75),
2251 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2252};
2253static const mbedtls_mpi_uint secp192k1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2254 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96),
2255 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82),
2256 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2257};
2258static const mbedtls_mpi_uint secp192k1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2259 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54),
2260 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99),
2261 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2262};
2263static const mbedtls_mpi_uint secp192k1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2264 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75),
2265 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E),
2266 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2267};
2268static const mbedtls_mpi_uint secp192k1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2269 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC),
2270 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20),
2271 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2272};
2273static const mbedtls_mpi_uint secp192k1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2274 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2),
2275 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1),
2276 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2277};
2278static const mbedtls_mpi_uint secp192k1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2279 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23),
2280 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E),
2281 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2282};
2283static const mbedtls_mpi_uint secp192k1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2284 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15),
2285 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7),
2286 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2287};
2288static const mbedtls_mpi_uint secp192k1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2289 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33),
2290 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85),
2291 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2292};
2293static const mbedtls_mpi_uint secp192k1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2294 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F),
2295 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE),
2296 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2297};
2298static const mbedtls_mpi_uint secp192k1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2299 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1),
2300 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2),
2301 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2302};
2303static const mbedtls_mpi_uint secp192k1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2304 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14),
2305 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91),
2306 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2307};
2308static const mbedtls_mpi_uint secp192k1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2309 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33),
2310 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26),
2311 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2312};
2313static const mbedtls_mpi_uint secp192k1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2314 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E),
2315 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5),
2316 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2317};
2318static const mbedtls_mpi_uint secp192k1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2319 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4),
2320 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3),
2321 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2322};
2323static const mbedtls_mpi_uint secp192k1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2324 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9),
2325 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C),
2326 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2327};
2328static const mbedtls_mpi_uint secp192k1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2329 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5),
2330 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB),
2331 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2332};
2333static const mbedtls_mpi_uint secp192k1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2334 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55),
2335 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00),
2336 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2337};
2338static const mbedtls_mpi_uint secp192k1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2339 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7),
2340 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C),
2341 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2342};
2343static const mbedtls_mpi_uint secp192k1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2344 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4),
2345 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A),
2346 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2347};
2348static const mbedtls_mpi_uint secp192k1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2349 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A),
2350 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D),
2351 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2352};
2353static const mbedtls_mpi_uint secp192k1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2354 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A),
2355 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89),
2356 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2357};
2358static const mbedtls_mpi_uint secp192k1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2359 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6),
2360 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C),
2361 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2362};
2363static const mbedtls_mpi_uint secp192k1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2364 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7),
2365 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39),
2366 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2367};
2368static const mbedtls_mpi_uint secp192k1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2369 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D),
2370 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB),
2371 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2372};
2373static const mbedtls_mpi_uint secp192k1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2374 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66),
2375 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58),
2376 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2377};
2378static const mbedtls_mpi_uint secp192k1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2379 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0),
2380 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5),
2381 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2382};
2383static const mbedtls_mpi_uint secp192k1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2384 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87),
2385 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7),
2386 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2387};
2388static const mbedtls_ecp_point secp192k1_T[16] = {
2389 ECP_POINT_INIT_XY_Z1(secp192k1_T_0_X, secp192k1_T_0_Y),
2390 ECP_POINT_INIT_XY_Z0(secp192k1_T_1_X, secp192k1_T_1_Y),
2391 ECP_POINT_INIT_XY_Z0(secp192k1_T_2_X, secp192k1_T_2_Y),
2392 ECP_POINT_INIT_XY_Z0(secp192k1_T_3_X, secp192k1_T_3_Y),
2393 ECP_POINT_INIT_XY_Z0(secp192k1_T_4_X, secp192k1_T_4_Y),
2394 ECP_POINT_INIT_XY_Z0(secp192k1_T_5_X, secp192k1_T_5_Y),
2395 ECP_POINT_INIT_XY_Z0(secp192k1_T_6_X, secp192k1_T_6_Y),
2396 ECP_POINT_INIT_XY_Z0(secp192k1_T_7_X, secp192k1_T_7_Y),
2397 ECP_POINT_INIT_XY_Z0(secp192k1_T_8_X, secp192k1_T_8_Y),
2398 ECP_POINT_INIT_XY_Z0(secp192k1_T_9_X, secp192k1_T_9_Y),
2399 ECP_POINT_INIT_XY_Z0(secp192k1_T_10_X, secp192k1_T_10_Y),
2400 ECP_POINT_INIT_XY_Z0(secp192k1_T_11_X, secp192k1_T_11_Y),
2401 ECP_POINT_INIT_XY_Z0(secp192k1_T_12_X, secp192k1_T_12_Y),
2402 ECP_POINT_INIT_XY_Z0(secp192k1_T_13_X, secp192k1_T_13_Y),
2403 ECP_POINT_INIT_XY_Z0(secp192k1_T_14_X, secp192k1_T_14_Y),
2404 ECP_POINT_INIT_XY_Z0(secp192k1_T_15_X, secp192k1_T_15_Y),
2405};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2406# else
2407# define secp192k1_T NULL
2408# endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2409
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2410# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2411
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2412# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2413static const mbedtls_mpi_uint secp224k1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2414 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
2415 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2416 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2417 MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2418};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2419static const mbedtls_mpi_uint secp224k1_a[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2420 MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2421};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2422static const mbedtls_mpi_uint secp224k1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2423 MBEDTLS_BYTES_TO_T_UINT_2(0x05, 0x00),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2424};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2425static const mbedtls_mpi_uint secp224k1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2426 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F),
2427 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69),
2428 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D),
2429 MBEDTLS_BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2430};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2431static const mbedtls_mpi_uint secp224k1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2432 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2),
2433 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7),
2434 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F),
2435 MBEDTLS_BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2436};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2437static const mbedtls_mpi_uint secp224k1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2438 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA),
2439 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00),
2440 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
2441 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2442};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2443
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2444# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2445static const mbedtls_mpi_uint secp224k1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2446 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F),
2447 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69),
2448 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D),
2449 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2450};
2451static const mbedtls_mpi_uint secp224k1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2452 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2),
2453 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7),
2454 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F),
2455 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2456};
2457static const mbedtls_mpi_uint secp224k1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2458 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A),
2459 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B),
2460 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED),
2461 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2462};
2463static const mbedtls_mpi_uint secp224k1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2464 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30),
2465 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98),
2466 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E),
2467 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2468};
2469static const mbedtls_mpi_uint secp224k1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2470 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56),
2471 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC),
2472 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98),
2473 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2474};
2475static const mbedtls_mpi_uint secp224k1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2476 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD),
2477 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65),
2478 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B),
2479 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2480};
2481static const mbedtls_mpi_uint secp224k1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2482 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E),
2483 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85),
2484 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37),
2485 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2486};
2487static const mbedtls_mpi_uint secp224k1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2488 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A),
2489 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23),
2490 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE),
2491 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2492};
2493static const mbedtls_mpi_uint secp224k1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2494 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66),
2495 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41),
2496 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7),
2497 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2498};
2499static const mbedtls_mpi_uint secp224k1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2500 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D),
2501 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD),
2502 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E),
2503 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2504};
2505static const mbedtls_mpi_uint secp224k1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2506 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F),
2507 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70),
2508 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81),
2509 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2510};
2511static const mbedtls_mpi_uint secp224k1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2512 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD),
2513 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F),
2514 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74),
2515 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2516};
2517static const mbedtls_mpi_uint secp224k1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2518 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77),
2519 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52),
2520 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED),
2521 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2522};
2523static const mbedtls_mpi_uint secp224k1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2524 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82),
2525 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A),
2526 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44),
2527 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2528};
2529static const mbedtls_mpi_uint secp224k1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2530 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21),
2531 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE),
2532 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE),
2533 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2534};
2535static const mbedtls_mpi_uint secp224k1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2536 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78),
2537 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43),
2538 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8),
2539 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2540};
2541static const mbedtls_mpi_uint secp224k1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2542 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01),
2543 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D),
2544 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1),
2545 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2546};
2547static const mbedtls_mpi_uint secp224k1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2548 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB),
2549 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8),
2550 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41),
2551 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2552};
2553static const mbedtls_mpi_uint secp224k1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2554 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32),
2555 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0),
2556 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F),
2557 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2558};
2559static const mbedtls_mpi_uint secp224k1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2560 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF),
2561 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED),
2562 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06),
2563 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2564};
2565static const mbedtls_mpi_uint secp224k1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2566 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E),
2567 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9),
2568 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52),
2569 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2570};
2571static const mbedtls_mpi_uint secp224k1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2572 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41),
2573 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9),
2574 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64),
2575 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2576};
2577static const mbedtls_mpi_uint secp224k1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2578 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14),
2579 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5),
2580 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E),
2581 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2582};
2583static const mbedtls_mpi_uint secp224k1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2584 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1),
2585 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE),
2586 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA),
2587 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2588};
2589static const mbedtls_mpi_uint secp224k1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2590 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61),
2591 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50),
2592 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65),
2593 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2594};
2595static const mbedtls_mpi_uint secp224k1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2596 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C),
2597 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67),
2598 MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A),
2599 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2600};
2601static const mbedtls_mpi_uint secp224k1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2602 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0),
2603 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F),
2604 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED),
2605 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2606};
2607static const mbedtls_mpi_uint secp224k1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2608 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9),
2609 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31),
2610 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC),
2611 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2612};
2613static const mbedtls_mpi_uint secp224k1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2614 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93),
2615 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A),
2616 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9),
2617 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2618};
2619static const mbedtls_mpi_uint secp224k1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2620 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6),
2621 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68),
2622 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44),
2623 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2624};
2625static const mbedtls_mpi_uint secp224k1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2626 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03),
2627 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F),
2628 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF),
2629 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2630};
2631static const mbedtls_mpi_uint secp224k1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2632 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8),
2633 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38),
2634 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE),
2635 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2636};
2637static const mbedtls_ecp_point secp224k1_T[16] = {
2638 ECP_POINT_INIT_XY_Z1(secp224k1_T_0_X, secp224k1_T_0_Y),
2639 ECP_POINT_INIT_XY_Z0(secp224k1_T_1_X, secp224k1_T_1_Y),
2640 ECP_POINT_INIT_XY_Z0(secp224k1_T_2_X, secp224k1_T_2_Y),
2641 ECP_POINT_INIT_XY_Z0(secp224k1_T_3_X, secp224k1_T_3_Y),
2642 ECP_POINT_INIT_XY_Z0(secp224k1_T_4_X, secp224k1_T_4_Y),
2643 ECP_POINT_INIT_XY_Z0(secp224k1_T_5_X, secp224k1_T_5_Y),
2644 ECP_POINT_INIT_XY_Z0(secp224k1_T_6_X, secp224k1_T_6_Y),
2645 ECP_POINT_INIT_XY_Z0(secp224k1_T_7_X, secp224k1_T_7_Y),
2646 ECP_POINT_INIT_XY_Z0(secp224k1_T_8_X, secp224k1_T_8_Y),
2647 ECP_POINT_INIT_XY_Z0(secp224k1_T_9_X, secp224k1_T_9_Y),
2648 ECP_POINT_INIT_XY_Z0(secp224k1_T_10_X, secp224k1_T_10_Y),
2649 ECP_POINT_INIT_XY_Z0(secp224k1_T_11_X, secp224k1_T_11_Y),
2650 ECP_POINT_INIT_XY_Z0(secp224k1_T_12_X, secp224k1_T_12_Y),
2651 ECP_POINT_INIT_XY_Z0(secp224k1_T_13_X, secp224k1_T_13_Y),
2652 ECP_POINT_INIT_XY_Z0(secp224k1_T_14_X, secp224k1_T_14_Y),
2653 ECP_POINT_INIT_XY_Z0(secp224k1_T_15_X, secp224k1_T_15_Y),
2654};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2655# else
2656# define secp224k1_T NULL
2657# endif
2658# endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2659
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2660# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2661static const mbedtls_mpi_uint secp256k1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2662 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF),
2663 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2664 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2665 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2666};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2667static const mbedtls_mpi_uint secp256k1_a[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2668 MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2669};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2670static const mbedtls_mpi_uint secp256k1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2671 MBEDTLS_BYTES_TO_T_UINT_2(0x07, 0x00),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2672};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2673static const mbedtls_mpi_uint secp256k1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2674 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59),
2675 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02),
2676 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55),
2677 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2678};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2679static const mbedtls_mpi_uint secp256k1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2680 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C),
2681 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD),
2682 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D),
2683 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2684};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2685static const mbedtls_mpi_uint secp256k1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2686 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF),
2687 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA),
2688 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
2689 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2690};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2691
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2692# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2693static const mbedtls_mpi_uint secp256k1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2694 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59),
2695 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02),
2696 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55),
2697 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2698};
2699static const mbedtls_mpi_uint secp256k1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2700 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C),
2701 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD),
2702 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D),
2703 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2704};
2705static const mbedtls_mpi_uint secp256k1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2706 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74),
2707 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78),
2708 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73),
2709 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2710};
2711static const mbedtls_mpi_uint secp256k1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2712 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3),
2713 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E),
2714 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14),
2715 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2716};
2717static const mbedtls_mpi_uint secp256k1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2718 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D),
2719 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91),
2720 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58),
2721 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2722};
2723static const mbedtls_mpi_uint secp256k1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2724 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A),
2725 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56),
2726 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC),
2727 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2728};
2729static const mbedtls_mpi_uint secp256k1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2730 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD),
2731 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50),
2732 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C),
2733 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2734};
2735static const mbedtls_mpi_uint secp256k1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2736 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90),
2737 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2),
2738 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA),
2739 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2740};
2741static const mbedtls_mpi_uint secp256k1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2742 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90),
2743 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85),
2744 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85),
2745 MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2746};
2747static const mbedtls_mpi_uint secp256k1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2748 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78),
2749 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34),
2750 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53),
2751 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2752};
2753static const mbedtls_mpi_uint secp256k1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2754 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96),
2755 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E),
2756 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA),
2757 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2758};
2759static const mbedtls_mpi_uint secp256k1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2760 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0),
2761 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32),
2762 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22),
2763 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2764};
2765static const mbedtls_mpi_uint secp256k1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2766 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8),
2767 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77),
2768 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5),
2769 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2770};
2771static const mbedtls_mpi_uint secp256k1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2772 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB),
2773 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25),
2774 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F),
2775 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2776};
2777static const mbedtls_mpi_uint secp256k1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2778 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45),
2779 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D),
2780 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86),
2781 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2782};
2783static const mbedtls_mpi_uint secp256k1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2784 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2),
2785 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F),
2786 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42),
2787 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2788};
2789static const mbedtls_mpi_uint secp256k1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2790 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA),
2791 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7),
2792 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8),
2793 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2794};
2795static const mbedtls_mpi_uint secp256k1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2796 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C),
2797 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A),
2798 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86),
2799 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2800};
2801static const mbedtls_mpi_uint secp256k1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2802 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82),
2803 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72),
2804 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19),
2805 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2806};
2807static const mbedtls_mpi_uint secp256k1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2808 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3),
2809 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2),
2810 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54),
2811 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2812};
2813static const mbedtls_mpi_uint secp256k1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2814 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA),
2815 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA),
2816 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7),
2817 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2818};
2819static const mbedtls_mpi_uint secp256k1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2820 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75),
2821 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6),
2822 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67),
2823 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2824};
2825static const mbedtls_mpi_uint secp256k1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2826 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA),
2827 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05),
2828 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7),
2829 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2830};
2831static const mbedtls_mpi_uint secp256k1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2832 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F),
2833 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D),
2834 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE),
2835 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2836};
2837static const mbedtls_mpi_uint secp256k1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2838 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B),
2839 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D),
2840 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19),
2841 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2842};
2843static const mbedtls_mpi_uint secp256k1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2844 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D),
2845 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43),
2846 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A),
2847 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2848};
2849static const mbedtls_mpi_uint secp256k1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2850 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A),
2851 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D),
2852 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F),
2853 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2854};
2855static const mbedtls_mpi_uint secp256k1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2856 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59),
2857 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9),
2858 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8),
2859 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2860};
2861static const mbedtls_mpi_uint secp256k1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2862 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57),
2863 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6),
2864 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B),
2865 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2866};
2867static const mbedtls_mpi_uint secp256k1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2868 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F),
2869 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA),
2870 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C),
2871 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2872};
2873static const mbedtls_mpi_uint secp256k1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2874 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11),
2875 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC),
2876 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56),
2877 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2878};
2879static const mbedtls_mpi_uint secp256k1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2880 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C),
2881 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2),
2882 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95),
2883 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2884};
2885static const mbedtls_ecp_point secp256k1_T[16] = {
2886 ECP_POINT_INIT_XY_Z1(secp256k1_T_0_X, secp256k1_T_0_Y),
2887 ECP_POINT_INIT_XY_Z0(secp256k1_T_1_X, secp256k1_T_1_Y),
2888 ECP_POINT_INIT_XY_Z0(secp256k1_T_2_X, secp256k1_T_2_Y),
2889 ECP_POINT_INIT_XY_Z0(secp256k1_T_3_X, secp256k1_T_3_Y),
2890 ECP_POINT_INIT_XY_Z0(secp256k1_T_4_X, secp256k1_T_4_Y),
2891 ECP_POINT_INIT_XY_Z0(secp256k1_T_5_X, secp256k1_T_5_Y),
2892 ECP_POINT_INIT_XY_Z0(secp256k1_T_6_X, secp256k1_T_6_Y),
2893 ECP_POINT_INIT_XY_Z0(secp256k1_T_7_X, secp256k1_T_7_Y),
2894 ECP_POINT_INIT_XY_Z0(secp256k1_T_8_X, secp256k1_T_8_Y),
2895 ECP_POINT_INIT_XY_Z0(secp256k1_T_9_X, secp256k1_T_9_Y),
2896 ECP_POINT_INIT_XY_Z0(secp256k1_T_10_X, secp256k1_T_10_Y),
2897 ECP_POINT_INIT_XY_Z0(secp256k1_T_11_X, secp256k1_T_11_Y),
2898 ECP_POINT_INIT_XY_Z0(secp256k1_T_12_X, secp256k1_T_12_Y),
2899 ECP_POINT_INIT_XY_Z0(secp256k1_T_13_X, secp256k1_T_13_Y),
2900 ECP_POINT_INIT_XY_Z0(secp256k1_T_14_X, secp256k1_T_14_Y),
2901 ECP_POINT_INIT_XY_Z0(secp256k1_T_15_X, secp256k1_T_15_Y),
2902};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2903# else
2904# define secp256k1_T NULL
2905# endif
2906# endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2907
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]2908/*
2909 * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
2910 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2911# if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2912static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2913 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20),
2914 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E),
2915 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
2916 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2917};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2918static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2919 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9),
2920 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB),
2921 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE),
2922 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2923};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2924static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2925 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B),
2926 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95),
2927 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3),
2928 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2929};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2930static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2931 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A),
2932 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9),
2933 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C),
2934 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2935};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2936static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2937 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C),
2938 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2),
2939 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97),
2940 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2941};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2942static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2943 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90),
2944 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C),
2945 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E),
2946 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2947};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2948
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2949# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2950static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2951 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A),
2952 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9),
2953 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C),
2954 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2955};
2956static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2957 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C),
2958 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2),
2959 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97),
2960 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2961};
2962static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2963 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5),
2964 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1),
2965 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB),
2966 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2967};
2968static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2969 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38),
2970 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E),
2971 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB),
2972 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2973};
2974static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2975 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17),
2976 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93),
2977 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C),
2978 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2979};
2980static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2981 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B),
2982 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4),
2983 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6),
2984 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2985};
2986static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2987 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C),
2988 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0),
2989 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D),
2990 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2991};
2992static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2993 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3),
2994 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02),
2995 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8),
2996 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2997};
2998static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]2999 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04),
3000 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74),
3001 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40),
3002 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3003};
3004static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3005 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD),
3006 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47),
3007 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9),
3008 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3009};
3010static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3011 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20),
3012 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E),
3013 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7),
3014 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3015};
3016static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3017 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7),
3018 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92),
3019 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69),
3020 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3021};
3022static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3023 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E),
3024 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D),
3025 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B),
3026 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3027};
3028static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3029 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8),
3030 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA),
3031 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD),
3032 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3033};
3034static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3035 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09),
3036 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7),
3037 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A),
3038 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3039};
3040static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3041 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52),
3042 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3),
3043 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3),
3044 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3045};
3046static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3047 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA),
3048 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E),
3049 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C),
3050 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3051};
3052static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3053 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57),
3054 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C),
3055 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD),
3056 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3057};
3058static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3059 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2),
3060 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F),
3061 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F),
3062 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3063};
3064static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3065 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C),
3066 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09),
3067 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60),
3068 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3069};
3070static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3071 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7),
3072 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10),
3073 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1),
3074 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3075};
3076static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3077 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A),
3078 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45),
3079 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D),
3080 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3081};
3082static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3083 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84),
3084 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E),
3085 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE),
3086 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3087};
3088static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3089 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2),
3090 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5),
3091 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8),
3092 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3093};
3094static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3095 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33),
3096 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2),
3097 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12),
3098 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3099};
3100static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3101 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F),
3102 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95),
3103 MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18),
3104 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3105};
3106static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3107 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1),
3108 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10),
3109 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76),
3110 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3111};
3112static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3113 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24),
3114 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E),
3115 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B),
3116 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3117};
3118static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3119 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF),
3120 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48),
3121 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B),
3122 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3123};
3124static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3125 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38),
3126 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6),
3127 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D),
3128 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3129};
3130static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3131 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D),
3132 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40),
3133 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68),
3134 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3135};
3136static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3137 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD),
3138 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C),
3139 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45),
3140 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3141};
3142static const mbedtls_ecp_point brainpoolP256r1_T[16] = {
3143 ECP_POINT_INIT_XY_Z1(brainpoolP256r1_T_0_X, brainpoolP256r1_T_0_Y),
3144 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_1_X, brainpoolP256r1_T_1_Y),
3145 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_2_X, brainpoolP256r1_T_2_Y),
3146 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_3_X, brainpoolP256r1_T_3_Y),
3147 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_4_X, brainpoolP256r1_T_4_Y),
3148 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_5_X, brainpoolP256r1_T_5_Y),
3149 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_6_X, brainpoolP256r1_T_6_Y),
3150 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_7_X, brainpoolP256r1_T_7_Y),
3151 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_8_X, brainpoolP256r1_T_8_Y),
3152 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_9_X, brainpoolP256r1_T_9_Y),
3153 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_10_X, brainpoolP256r1_T_10_Y),
3154 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_11_X, brainpoolP256r1_T_11_Y),
3155 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_12_X, brainpoolP256r1_T_12_Y),
3156 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_13_X, brainpoolP256r1_T_13_Y),
3157 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_14_X, brainpoolP256r1_T_14_Y),
3158 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_15_X, brainpoolP256r1_T_15_Y),
3159};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3160# else
3161# define brainpoolP256r1_T NULL
3162# endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3163
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3164# endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3165
3166/*
3167 * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
3168 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3169# if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3170static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3171 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87),
3172 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC),
3173 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12),
3174 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
3175 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
3176 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3177};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3178static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3179 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
3180 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A),
3181 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13),
3182 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2),
3183 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C),
3184 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3185};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3186static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3187 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A),
3188 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C),
3189 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E),
3190 MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F),
3191 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B),
3192 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3193};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3194static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3195 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF),
3196 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8),
3197 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB),
3198 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88),
3199 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2),
3200 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3201};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3202static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3203 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42),
3204 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E),
3205 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1),
3206 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62),
3207 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C),
3208 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3209};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3210static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3211 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B),
3212 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF),
3213 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F),
3214 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15),
3215 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F),
3216 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3217};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3218
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3219# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3220static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3221 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF),
3222 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8),
3223 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB),
3224 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88),
3225 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2),
3226 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3227};
3228static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3229 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42),
3230 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E),
3231 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1),
3232 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62),
3233 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C),
3234 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3235};
3236static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3237 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D),
3238 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03),
3239 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A),
3240 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3),
3241 MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31),
3242 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3243};
3244static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3245 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19),
3246 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2),
3247 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4),
3248 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A),
3249 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04),
3250 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3251};
3252static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3253 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D),
3254 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF),
3255 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE),
3256 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27),
3257 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0),
3258 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3259};
3260static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3261 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC),
3262 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42),
3263 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0),
3264 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0),
3265 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B),
3266 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3267};
3268static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3269 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8),
3270 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08),
3271 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7),
3272 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82),
3273 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15),
3274 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3275};
3276static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3277 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA),
3278 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83),
3279 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7),
3280 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB),
3281 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81),
3282 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3283};
3284static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3285 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9),
3286 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97),
3287 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D),
3288 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62),
3289 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B),
3290 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3291};
3292static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3293 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02),
3294 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30),
3295 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A),
3296 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B),
3297 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B),
3298 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3299};
3300static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3301 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1),
3302 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1),
3303 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2),
3304 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF),
3305 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1),
3306 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3307};
3308static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3309 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26),
3310 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38),
3311 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE),
3312 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C),
3313 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF),
3314 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3315};
3316static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3317 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD),
3318 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1),
3319 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B),
3320 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9),
3321 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76),
3322 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3323};
3324static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3325 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26),
3326 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5),
3327 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B),
3328 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D),
3329 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58),
3330 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3331};
3332static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3333 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57),
3334 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61),
3335 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90),
3336 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5),
3337 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20),
3338 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3339};
3340static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3341 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41),
3342 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06),
3343 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A),
3344 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8),
3345 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03),
3346 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3347};
3348static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3349 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E),
3350 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11),
3351 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4),
3352 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23),
3353 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE),
3354 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3355};
3356static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3357 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8),
3358 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66),
3359 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0),
3360 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17),
3361 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75),
3362 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3363};
3364static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3365 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF),
3366 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F),
3367 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5),
3368 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2),
3369 MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3),
3370 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3371};
3372static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3373 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94),
3374 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA),
3375 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8),
3376 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15),
3377 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13),
3378 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3379};
3380static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3381 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04),
3382 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E),
3383 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6),
3384 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E),
3385 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07),
3386 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3387};
3388static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3389 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF),
3390 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE),
3391 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1),
3392 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78),
3393 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28),
3394 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3395};
3396static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3397 MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55),
3398 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F),
3399 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89),
3400 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE),
3401 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A),
3402 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3403};
3404static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3405 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C),
3406 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C),
3407 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9),
3408 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC),
3409 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C),
3410 MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3411};
3412static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3413 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C),
3414 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98),
3415 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04),
3416 MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C),
3417 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96),
3418 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3419};
3420static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3421 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6),
3422 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55),
3423 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94),
3424 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D),
3425 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD),
3426 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3427};
3428static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3429 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9),
3430 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3),
3431 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B),
3432 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF),
3433 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75),
3434 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3435};
3436static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3437 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA),
3438 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA),
3439 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6),
3440 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7),
3441 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72),
3442 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3443};
3444static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3445 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50),
3446 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29),
3447 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87),
3448 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB),
3449 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41),
3450 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3451};
3452static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3453 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14),
3454 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B),
3455 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5),
3456 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3),
3457 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28),
3458 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3459};
3460static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3461 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14),
3462 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC),
3463 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36),
3464 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA),
3465 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB),
3466 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3467};
3468static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3469 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD),
3470 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA),
3471 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52),
3472 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5),
3473 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD),
3474 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3475};
3476static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3477 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22),
3478 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA),
3479 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20),
3480 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3),
3481 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89),
3482 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3483};
3484static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3485 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D),
3486 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05),
3487 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D),
3488 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F),
3489 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06),
3490 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3491};
3492static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3493 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB),
3494 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF),
3495 MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10),
3496 MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C),
3497 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80),
3498 MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3499};
3500static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3501 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA),
3502 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E),
3503 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83),
3504 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8),
3505 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5),
3506 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3507};
3508static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3509 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62),
3510 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1),
3511 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F),
3512 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E),
3513 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3),
3514 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3515};
3516static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3517 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C),
3518 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F),
3519 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C),
3520 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD),
3521 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F),
3522 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3523};
3524static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3525 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24),
3526 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC),
3527 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB),
3528 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF),
3529 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86),
3530 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3531};
3532static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3533 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15),
3534 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03),
3535 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B),
3536 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41),
3537 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB),
3538 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3539};
3540static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3541 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED),
3542 MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63),
3543 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C),
3544 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91),
3545 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F),
3546 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3547};
3548static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3549 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC),
3550 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89),
3551 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9),
3552 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A),
3553 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6),
3554 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3555};
3556static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3557 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E),
3558 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8),
3559 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE),
3560 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94),
3561 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2),
3562 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3563};
3564static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3565 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42),
3566 MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3),
3567 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D),
3568 MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F),
3569 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F),
3570 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3571};
3572static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3573 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01),
3574 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3),
3575 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52),
3576 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02),
3577 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55),
3578 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3579};
3580static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3581 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07),
3582 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8),
3583 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C),
3584 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A),
3585 MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6),
3586 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3587};
3588static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3589 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22),
3590 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61),
3591 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D),
3592 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8),
3593 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96),
3594 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3595};
3596static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3597 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E),
3598 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3),
3599 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F),
3600 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52),
3601 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC),
3602 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3603};
3604static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3605 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA),
3606 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7),
3607 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45),
3608 MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F),
3609 MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2),
3610 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3611};
3612static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3613 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31),
3614 MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4),
3615 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62),
3616 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41),
3617 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71),
3618 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3619};
3620static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3621 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59),
3622 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7),
3623 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18),
3624 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C),
3625 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8),
3626 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3627};
3628static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3629 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB),
3630 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41),
3631 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6),
3632 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26),
3633 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5),
3634 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3635};
3636static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3637 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98),
3638 MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3),
3639 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E),
3640 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62),
3641 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74),
3642 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3643};
3644static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3645 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F),
3646 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE),
3647 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7),
3648 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1),
3649 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84),
3650 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3651};
3652static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3653 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B),
3654 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23),
3655 MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B),
3656 MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B),
3657 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC),
3658 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3659};
3660static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3661 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A),
3662 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30),
3663 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD),
3664 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40),
3665 MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49),
3666 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3667};
3668static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3669 MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47),
3670 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50),
3671 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D),
3672 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15),
3673 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D),
3674 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3675};
3676static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3677 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB),
3678 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7),
3679 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32),
3680 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5),
3681 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5),
3682 MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3683};
3684static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3685 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA),
3686 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A),
3687 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E),
3688 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D),
3689 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13),
3690 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3691};
3692static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3693 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30),
3694 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F),
3695 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE),
3696 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3),
3697 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8),
3698 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3699};
3700static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3701 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76),
3702 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA),
3703 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9),
3704 MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D),
3705 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D),
3706 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3707};
3708static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3709 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F),
3710 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32),
3711 MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83),
3712 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F),
3713 MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C),
3714 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3715};
3716static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3717 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10),
3718 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64),
3719 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE),
3720 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32),
3721 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55),
3722 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3723};
3724static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3725 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65),
3726 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40),
3727 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F),
3728 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3),
3729 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10),
3730 MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3731};
3732static const mbedtls_ecp_point brainpoolP384r1_T[32] = {
3733 ECP_POINT_INIT_XY_Z1(brainpoolP384r1_T_0_X, brainpoolP384r1_T_0_Y),
3734 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_1_X, brainpoolP384r1_T_1_Y),
3735 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_2_X, brainpoolP384r1_T_2_Y),
3736 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_3_X, brainpoolP384r1_T_3_Y),
3737 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_4_X, brainpoolP384r1_T_4_Y),
3738 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_5_X, brainpoolP384r1_T_5_Y),
3739 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_6_X, brainpoolP384r1_T_6_Y),
3740 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_7_X, brainpoolP384r1_T_7_Y),
3741 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_8_X, brainpoolP384r1_T_8_Y),
3742 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_9_X, brainpoolP384r1_T_9_Y),
3743 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_10_X, brainpoolP384r1_T_10_Y),
3744 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_11_X, brainpoolP384r1_T_11_Y),
3745 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_12_X, brainpoolP384r1_T_12_Y),
3746 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_13_X, brainpoolP384r1_T_13_Y),
3747 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_14_X, brainpoolP384r1_T_14_Y),
3748 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_15_X, brainpoolP384r1_T_15_Y),
3749 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_16_X, brainpoolP384r1_T_16_Y),
3750 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_17_X, brainpoolP384r1_T_17_Y),
3751 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_18_X, brainpoolP384r1_T_18_Y),
3752 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_19_X, brainpoolP384r1_T_19_Y),
3753 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_20_X, brainpoolP384r1_T_20_Y),
3754 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_21_X, brainpoolP384r1_T_21_Y),
3755 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_22_X, brainpoolP384r1_T_22_Y),
3756 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_23_X, brainpoolP384r1_T_23_Y),
3757 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_24_X, brainpoolP384r1_T_24_Y),
3758 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_25_X, brainpoolP384r1_T_25_Y),
3759 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_26_X, brainpoolP384r1_T_26_Y),
3760 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_27_X, brainpoolP384r1_T_27_Y),
3761 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_28_X, brainpoolP384r1_T_28_Y),
3762 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_29_X, brainpoolP384r1_T_29_Y),
3763 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_30_X, brainpoolP384r1_T_30_Y),
3764 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_31_X, brainpoolP384r1_T_31_Y),
3765};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3766# else
3767# define brainpoolP384r1_T NULL
3768# endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3769
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3770# endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3771
3772/*
3773 * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
3774 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3775# if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3776static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3777 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28),
3778 MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28),
3779 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE),
3780 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D),
3781 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
3782 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
3783 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
3784 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3785};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3786static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3787 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7),
3788 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F),
3789 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A),
3790 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D),
3791 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8),
3792 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94),
3793 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2),
3794 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3795};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3796static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3797 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28),
3798 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98),
3799 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77),
3800 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B),
3801 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B),
3802 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8),
3803 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA),
3804 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3805};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3806static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3807 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B),
3808 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C),
3809 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50),
3810 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF),
3811 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4),
3812 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85),
3813 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A),
3814 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3815};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3816static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3817 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78),
3818 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1),
3819 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B),
3820 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2),
3821 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0),
3822 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2),
3823 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0),
3824 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3825};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3826static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3827 MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5),
3828 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D),
3829 MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41),
3830 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55),
3831 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6),
3832 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB),
3833 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F),
3834 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3835};
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3836
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3837# if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3838static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3839 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B),
3840 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C),
3841 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50),
3842 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF),
3843 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4),
3844 MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85),
3845 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A),
3846 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3847};
3848static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3849 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78),
3850 MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1),
3851 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B),
3852 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2),
3853 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0),
3854 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2),
3855 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0),
3856 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3857};
3858static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3859 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43),
3860 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37),
3861 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6),
3862 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33),
3863 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69),
3864 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B),
3865 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD),
3866 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3867};
3868static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3869 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0),
3870 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74),
3871 MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B),
3872 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC),
3873 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91),
3874 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3),
3875 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42),
3876 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3877};
3878static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3879 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78),
3880 MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B),
3881 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93),
3882 MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B),
3883 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09),
3884 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4),
3885 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF),
3886 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3887};
3888static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3889 MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69),
3890 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06),
3891 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B),
3892 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F),
3893 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15),
3894 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0),
3895 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA),
3896 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3897};
3898static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3899 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE),
3900 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D),
3901 MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF),
3902 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B),
3903 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4),
3904 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B),
3905 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51),
3906 MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3907};
3908static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3909 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6),
3910 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46),
3911 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A),
3912 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E),
3913 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE),
3914 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3),
3915 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C),
3916 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3917};
3918static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3919 MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C),
3920 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1),
3921 MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A),
3922 MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8),
3923 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B),
3924 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5),
3925 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40),
3926 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3927};
3928static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3929 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66),
3930 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9),
3931 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82),
3932 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65),
3933 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B),
3934 MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27),
3935 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4),
3936 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3937};
3938static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3939 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90),
3940 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1),
3941 MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A),
3942 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA),
3943 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9),
3944 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B),
3945 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40),
3946 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3947};
3948static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3949 MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F),
3950 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74),
3951 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9),
3952 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E),
3953 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A),
3954 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A),
3955 MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD),
3956 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3957};
3958static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3959 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4),
3960 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68),
3961 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB),
3962 MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F),
3963 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F),
3964 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B),
3965 MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E),
3966 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3967};
3968static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3969 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3),
3970 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8),
3971 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5),
3972 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC),
3973 MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F),
3974 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C),
3975 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4),
3976 MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3977};
3978static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3979 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3),
3980 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9),
3981 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74),
3982 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD),
3983 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39),
3984 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0),
3985 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58),
3986 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3987};
3988static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3989 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5),
3990 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66),
3991 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B),
3992 MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB),
3993 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73),
3994 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34),
3995 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94),
3996 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3997};
3998static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]3999 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9),
4000 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17),
4001 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03),
4002 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10),
4003 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D),
4004 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B),
4005 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28),
4006 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4007};
4008static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4009 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90),
4010 MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE),
4011 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62),
4012 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F),
4013 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7),
4014 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B),
4015 MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F),
4016 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4017};
4018static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4019 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65),
4020 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A),
4021 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD),
4022 MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54),
4023 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69),
4024 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5),
4025 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2),
4026 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4027};
4028static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4029 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C),
4030 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A),
4031 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2),
4032 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7),
4033 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26),
4034 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB),
4035 MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3),
4036 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4037};
4038static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4039 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83),
4040 MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17),
4041 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A),
4042 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24),
4043 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05),
4044 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72),
4045 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB),
4046 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4047};
4048static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4049 MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD),
4050 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61),
4051 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC),
4052 MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55),
4053 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5),
4054 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD),
4055 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2),
4056 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4057};
4058static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4059 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0),
4060 MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92),
4061 MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9),
4062 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8),
4063 MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF),
4064 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B),
4065 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4),
4066 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4067};
4068static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4069 MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C),
4070 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A),
4071 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E),
4072 MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B),
4073 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95),
4074 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92),
4075 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB),
4076 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4077};
4078static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4079 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19),
4080 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D),
4081 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5),
4082 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89),
4083 MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA),
4084 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64),
4085 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0),
4086 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4087};
4088static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4089 MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0),
4090 MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6),
4091 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D),
4092 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51),
4093 MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2),
4094 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC),
4095 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B),
4096 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4097};
4098static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4099 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2),
4100 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96),
4101 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA),
4102 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D),
4103 MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F),
4104 MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59),
4105 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F),
4106 MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4107};
4108static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4109 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF),
4110 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52),
4111 MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46),
4112 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED),
4113 MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7),
4114 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62),
4115 MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7),
4116 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4117};
4118static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4119 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8),
4120 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49),
4121 MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C),
4122 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49),
4123 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA),
4124 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8),
4125 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99),
4126 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4127};
4128static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4129 MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B),
4130 MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F),
4131 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9),
4132 MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F),
4133 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B),
4134 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E),
4135 MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F),
4136 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4137};
4138static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4139 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA),
4140 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49),
4141 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4),
4142 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D),
4143 MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C),
4144 MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A),
4145 MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE),
4146 MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4147};
4148static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4149 MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32),
4150 MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32),
4151 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F),
4152 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E),
4153 MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1),
4154 MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52),
4155 MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82),
4156 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4157};
4158static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4159 MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0),
4160 MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A),
4161 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B),
4162 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52),
4163 MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27),
4164 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68),
4165 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D),
4166 MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4167};
4168static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4169 MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9),
4170 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9),
4171 MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F),
4172 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D),
4173 MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74),
4174 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8),
4175 MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE),
4176 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4177};
4178static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4179 MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81),
4180 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC),
4181 MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E),
4182 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80),
4183 MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C),
4184 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5),
4185 MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E),
4186 MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4187};
4188static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4189 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8),
4190 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF),
4191 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E),
4192 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A),
4193 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD),
4194 MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED),
4195 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17),
4196 MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4197};
4198static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4199 MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35),
4200 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14),
4201 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4),
4202 MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97),
4203 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8),
4204 MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F),
4205 MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD),
4206 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4207};
4208static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4209 MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D),
4210 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25),
4211 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F),
4212 MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A),
4213 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24),
4214 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A),
4215 MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E),
4216 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4217};
4218static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4219 MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69),
4220 MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C),
4221 MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8),
4222 MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05),
4223 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF),
4224 MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80),
4225 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D),
4226 MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4227};
4228static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4229 MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2),
4230 MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4),
4231 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2),
4232 MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90),
4233 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47),
4234 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23),
4235 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76),
4236 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4237};
4238static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4239 MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5),
4240 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73),
4241 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2),
4242 MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC),
4243 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0),
4244 MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16),
4245 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16),
4246 MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4247};
4248static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4249 MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A),
4250 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5),
4251 MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53),
4252 MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1),
4253 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E),
4254 MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC),
4255 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34),
4256 MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4257};
4258static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4259 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2),
4260 MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12),
4261 MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B),
4262 MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD),
4263 MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B),
4264 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79),
4265 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7),
4266 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4267};
4268static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4269 MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D),
4270 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81),
4271 MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF),
4272 MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF),
4273 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6),
4274 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3),
4275 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB),
4276 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4277};
4278static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4279 MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5),
4280 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD),
4281 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57),
4282 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45),
4283 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2),
4284 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42),
4285 MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE),
4286 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4287};
4288static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4289 MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88),
4290 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93),
4291 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF),
4292 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75),
4293 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08),
4294 MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86),
4295 MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA),
4296 MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4297};
4298static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4299 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4),
4300 MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F),
4301 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC),
4302 MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F),
4303 MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E),
4304 MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01),
4305 MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B),
4306 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4307};
4308static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4309 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE),
4310 MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2),
4311 MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A),
4312 MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41),
4313 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24),
4314 MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24),
4315 MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4),
4316 MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4317};
4318static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4319 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70),
4320 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8),
4321 MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6),
4322 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81),
4323 MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53),
4324 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22),
4325 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68),
4326 MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4327};
4328static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4329 MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36),
4330 MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06),
4331 MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87),
4332 MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75),
4333 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60),
4334 MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9),
4335 MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B),
4336 MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4337};
4338static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4339 MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB),
4340 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34),
4341 MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA),
4342 MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56),
4343 MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84),
4344 MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC),
4345 MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3),
4346 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4347};
4348static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4349 MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52),
4350 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7),
4351 MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D),
4352 MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79),
4353 MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C),
4354 MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14),
4355 MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F),
4356 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4357};
4358static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4359 MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F),
4360 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71),
4361 MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD),
4362 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6),
4363 MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A),
4364 MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57),
4365 MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6),
4366 MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4367};
4368static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4369 MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA),
4370 MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82),
4371 MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13),
4372 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95),
4373 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3),
4374 MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A),
4375 MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A),
4376 MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4377};
4378static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4379 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05),
4380 MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12),
4381 MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0),
4382 MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3),
4383 MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A),
4384 MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22),
4385 MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB),
4386 MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4387};
4388static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4389 MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F),
4390 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A),
4391 MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A),
4392 MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7),
4393 MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D),
4394 MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44),
4395 MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0),
4396 MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4397};
4398static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4399 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42),
4400 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39),
4401 MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF),
4402 MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20),
4403 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D),
4404 MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41),
4405 MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1),
4406 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4407};
4408static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4409 MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F),
4410 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A),
4411 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4),
4412 MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53),
4413 MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96),
4414 MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD),
4415 MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B),
4416 MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4417};
4418static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4419 MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6),
4420 MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA),
4421 MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4),
4422 MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A),
4423 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE),
4424 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE),
4425 MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06),
4426 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4427};
4428static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4429 MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6),
4430 MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC),
4431 MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2),
4432 MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D),
4433 MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B),
4434 MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13),
4435 MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95),
4436 MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4437};
4438static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4439 MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3),
4440 MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45),
4441 MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98),
4442 MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B),
4443 MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD),
4444 MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84),
4445 MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B),
4446 MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4447};
4448static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4449 MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B),
4450 MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43),
4451 MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A),
4452 MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11),
4453 MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E),
4454 MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC),
4455 MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2),
4456 MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4457};
4458static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4459 MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63),
4460 MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB),
4461 MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A),
4462 MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E),
4463 MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB),
4464 MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93),
4465 MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08),
4466 MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4467};
4468static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4469 MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25),
4470 MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C),
4471 MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1),
4472 MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9),
4473 MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63),
4474 MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1),
4475 MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4),
4476 MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4477};
4478static const mbedtls_ecp_point brainpoolP512r1_T[32] = {
4479 ECP_POINT_INIT_XY_Z1(brainpoolP512r1_T_0_X, brainpoolP512r1_T_0_Y),
4480 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_1_X, brainpoolP512r1_T_1_Y),
4481 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_2_X, brainpoolP512r1_T_2_Y),
4482 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_3_X, brainpoolP512r1_T_3_Y),
4483 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_4_X, brainpoolP512r1_T_4_Y),
4484 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_5_X, brainpoolP512r1_T_5_Y),
4485 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_6_X, brainpoolP512r1_T_6_Y),
4486 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_7_X, brainpoolP512r1_T_7_Y),
4487 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_8_X, brainpoolP512r1_T_8_Y),
4488 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_9_X, brainpoolP512r1_T_9_Y),
4489 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_10_X, brainpoolP512r1_T_10_Y),
4490 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_11_X, brainpoolP512r1_T_11_Y),
4491 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_12_X, brainpoolP512r1_T_12_Y),
4492 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_13_X, brainpoolP512r1_T_13_Y),
4493 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_14_X, brainpoolP512r1_T_14_Y),
4494 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_15_X, brainpoolP512r1_T_15_Y),
4495 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_16_X, brainpoolP512r1_T_16_Y),
4496 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_17_X, brainpoolP512r1_T_17_Y),
4497 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_18_X, brainpoolP512r1_T_18_Y),
4498 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_19_X, brainpoolP512r1_T_19_Y),
4499 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_20_X, brainpoolP512r1_T_20_Y),
4500 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_21_X, brainpoolP512r1_T_21_Y),
4501 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_22_X, brainpoolP512r1_T_22_Y),
4502 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_23_X, brainpoolP512r1_T_23_Y),
4503 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_24_X, brainpoolP512r1_T_24_Y),
4504 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_25_X, brainpoolP512r1_T_25_Y),
4505 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_26_X, brainpoolP512r1_T_26_Y),
4506 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_27_X, brainpoolP512r1_T_27_Y),
4507 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_28_X, brainpoolP512r1_T_28_Y),
4508 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_29_X, brainpoolP512r1_T_29_Y),
4509 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_30_X, brainpoolP512r1_T_30_Y),
4510 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_31_X, brainpoolP512r1_T_31_Y),
4511};
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4512# else
4513# define brainpoolP512r1_T NULL
4514# endif
4515# endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4516
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4517# if defined(ECP_LOAD_GROUP)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4518/*
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4519 * Create an MPI from embedded constants
Mateusz Starzyke36f5b12021-07-22 16:43:35 +0200[diff] [blame]4520 * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint))
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4521 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4522static inline void
4523ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4524{
4525 X->s = 1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4526 X->n = len / sizeof(mbedtls_mpi_uint);
4527 X->p = (mbedtls_mpi_uint *)p;
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4528}
4529
4530/*
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4531 * Set an MPI to static value 1
4532 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4533static inline void ecp_mpi_set1(mbedtls_mpi *X)
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4534{
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4535 X->s = 1;
4536 X->n = 1;
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4537 X->p = mpi_one;
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4538}
4539
4540/*
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4541 * Make group available from embedded constants
4542 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4543static int ecp_group_load(mbedtls_ecp_group *grp,
4544 const mbedtls_mpi_uint *p,
4545 size_t plen,
4546 const mbedtls_mpi_uint *a,
4547 size_t alen,
4548 const mbedtls_mpi_uint *b,
4549 size_t blen,
4550 const mbedtls_mpi_uint *gx,
4551 size_t gxlen,
4552 const mbedtls_mpi_uint *gy,
4553 size_t gylen,
4554 const mbedtls_mpi_uint *n,
4555 size_t nlen,
4556 const mbedtls_ecp_point *T)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4557{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4558 ecp_mpi_load(&grp->P, p, plen);
4559 if (a != NULL)
4560 ecp_mpi_load(&grp->A, a, alen);
4561 ecp_mpi_load(&grp->B, b, blen);
4562 ecp_mpi_load(&grp->N, n, nlen);
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4563
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4564 ecp_mpi_load(&grp->G.X, gx, gxlen);
4565 ecp_mpi_load(&grp->G.Y, gy, gylen);
4566 ecp_mpi_set1(&grp->G.Z);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4567
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4568 grp->pbits = mbedtls_mpi_bitlen(&grp->P);
4569 grp->nbits = mbedtls_mpi_bitlen(&grp->N);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4570
Manuel Pégourié-Gonnard1f82b042013-12-06 12:51:50 +0100[diff] [blame]4571 grp->h = 1;
4572
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4573 grp->T = (mbedtls_ecp_point *)T;
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4574 /*
4575 * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free.
4576 */
4577 grp->T_size = 0;
4578
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4579 return 0;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4580}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4581# endif /* ECP_LOAD_GROUP */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4582
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4583# if defined(MBEDTLS_ECP_NIST_OPTIM)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4584/* Forward declarations */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4585# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
4586static int ecp_mod_p192(mbedtls_mpi *);
4587# endif
4588# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
4589static int ecp_mod_p224(mbedtls_mpi *);
4590# endif
4591# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
4592static int ecp_mod_p256(mbedtls_mpi *);
4593# endif
4594# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
4595static int ecp_mod_p384(mbedtls_mpi *);
4596# endif
4597# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
4598static int ecp_mod_p521(mbedtls_mpi *);
4599# endif
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4600
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4601# define NIST_MODP(P) grp->modp = ecp_mod_##P;
4602# else
4603# define NIST_MODP(P)
4604# endif /* MBEDTLS_ECP_NIST_OPTIM */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4605
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4606/* Additional forward declarations */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4607# if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
4608static int ecp_mod_p255(mbedtls_mpi *);
4609# endif
4610# if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
4611static int ecp_mod_p448(mbedtls_mpi *);
4612# endif
4613# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
4614static int ecp_mod_p192k1(mbedtls_mpi *);
4615# endif
4616# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
4617static int ecp_mod_p224k1(mbedtls_mpi *);
4618# endif
4619# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
4620static int ecp_mod_p256k1(mbedtls_mpi *);
4621# endif
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4622
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4623# if defined(ECP_LOAD_GROUP)
4624# define LOAD_GROUP_A(G) \
4625 ecp_group_load(grp, G##_p, sizeof(G##_p), G##_a, \
4626 sizeof(G##_a), G##_b, sizeof(G##_b), G##_gx, \
4627 sizeof(G##_gx), G##_gy, sizeof(G##_gy), G##_n, \
4628 sizeof(G##_n), G##_T)
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4629
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4630# define LOAD_GROUP(G) \
4631 ecp_group_load(grp, G##_p, sizeof(G##_p), NULL, 0, G##_b, \
4632 sizeof(G##_b), G##_gx, sizeof(G##_gx), G##_gy, \
4633 sizeof(G##_gy), G##_n, sizeof(G##_n), G##_T)
4634# endif /* ECP_LOAD_GROUP */
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4635
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4636# if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4637/* Constants used by ecp_use_curve25519() */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4638static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42;
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4639static const unsigned char curve25519_part_of_n[] = {
4640 0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6,
4641 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED,
4642};
4643
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4644/*
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4645 * Specialized function for creating the Curve25519 group
4646 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4647static int ecp_use_curve25519(mbedtls_ecp_group *grp)
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4648{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4649 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4650
4651 /* Actually ( A + 2 ) / 4 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4652 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24));
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4653
4654 /* P = 2^255 - 19 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4655 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
4656 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255));
4657 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19));
4658 grp->pbits = mbedtls_mpi_bitlen(&grp->P);
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4659
Nicholas Wilson54fc34e2016-05-16 15:15:45 +0100[diff] [blame]4660 /* N = 2^252 + 27742317777372353535851937790883648493 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4661 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N, curve25519_part_of_n,
4662 sizeof(curve25519_part_of_n)));
4663 MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1));
Nicholas Wilson54fc34e2016-05-16 15:15:45 +0100[diff] [blame]4664
Manuel Pégourié-Gonnard18b78432018-03-28 11:14:06 +0200[diff] [blame]4665 /* Y intentionally not set, since we use x/z coordinates.
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]4666 * This is used as a marker to identify Montgomery curves! */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4667 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9));
4668 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
4669 mbedtls_mpi_free(&grp->G.Y);
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]4670
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4671 /* Actually, the required msb for private keys */
4672 grp->nbits = 254;
4673
4674cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4675 if (ret != 0)
4676 mbedtls_ecp_group_free(grp);
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4677
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4678 return ret;
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4679}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4680# endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4681
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4682# if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4683/* Constants used by ecp_use_curve448() */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4684static const mbedtls_mpi_sint curve448_a24 = 0x98AA;
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4685static const unsigned char curve448_part_of_n[] = {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4686 0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24, 0xB6, 0x51, 0x29,
4687 0xC9, 0x6F, 0xDE, 0x93, 0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA,
4688 0xDC, 0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D,
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4689};
4690
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4691/*
4692 * Specialized function for creating the Curve448 group
4693 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4694static int ecp_use_curve448(mbedtls_ecp_group *grp)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4695{
4696 mbedtls_mpi Ns;
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4697 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4698
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4699 mbedtls_mpi_init(&Ns);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4700
4701 /* Actually ( A + 2 ) / 4 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4702 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4703
4704 /* P = 2^448 - 2^224 - 1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4705 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
4706 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
4707 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
4708 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
4709 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
4710 grp->pbits = mbedtls_mpi_bitlen(&grp->P);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4711
4712 /* Y intentionally not set, since we use x/z coordinates.
4713 * This is used as a marker to identify Montgomery curves! */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4714 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5));
4715 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
4716 mbedtls_mpi_free(&grp->G.Y);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4717
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4718 /* N = 2^446 -
4719 * 13818066809895115352007386748515426880336692474882178609894547503885 */
4720 MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1));
4721 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns, curve448_part_of_n,
4722 sizeof(curve448_part_of_n)));
4723 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4724
4725 /* Actually, the required msb for private keys */
4726 grp->nbits = 447;
4727
4728cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4729 mbedtls_mpi_free(&Ns);
4730 if (ret != 0)
4731 mbedtls_ecp_group_free(grp);
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4732
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4733 return ret;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4734}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4735# endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4736
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4737/*
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4738 * Set a group using well-known domain parameters
4739 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4740int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4741{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4742 ECP_VALIDATE_RET(grp != NULL);
4743 mbedtls_ecp_group_free(grp);
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4744
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4745 grp->id = id;
4746
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4747 switch (id) {
4748# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4749 case MBEDTLS_ECP_DP_SECP192R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4750 NIST_MODP(p192);
4751 return LOAD_GROUP(secp192r1);
4752# endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4753
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4754# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4755 case MBEDTLS_ECP_DP_SECP224R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4756 NIST_MODP(p224);
4757 return LOAD_GROUP(secp224r1);
4758# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4759
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4760# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4761 case MBEDTLS_ECP_DP_SECP256R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4762 NIST_MODP(p256);
4763 return LOAD_GROUP(secp256r1);
4764# endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4765
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4766# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4767 case MBEDTLS_ECP_DP_SECP384R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4768 NIST_MODP(p384);
4769 return LOAD_GROUP(secp384r1);
4770# endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4771
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4772# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4773 case MBEDTLS_ECP_DP_SECP521R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4774 NIST_MODP(p521);
4775 return LOAD_GROUP(secp521r1);
4776# endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4777
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4778# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4779 case MBEDTLS_ECP_DP_SECP192K1:
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4780 grp->modp = ecp_mod_p192k1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4781 return LOAD_GROUP_A(secp192k1);
4782# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]4783
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4784# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4785 case MBEDTLS_ECP_DP_SECP224K1:
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4786 grp->modp = ecp_mod_p224k1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4787 return LOAD_GROUP_A(secp224k1);
4788# endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]4789
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4790# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4791 case MBEDTLS_ECP_DP_SECP256K1:
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4792 grp->modp = ecp_mod_p256k1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4793 return LOAD_GROUP_A(secp256k1);
4794# endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]4795
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4796# if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4797 case MBEDTLS_ECP_DP_BP256R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4798 return LOAD_GROUP_A(brainpoolP256r1);
4799# endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4800
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4801# if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4802 case MBEDTLS_ECP_DP_BP384R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4803 return LOAD_GROUP_A(brainpoolP384r1);
4804# endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4805
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4806# if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4807 case MBEDTLS_ECP_DP_BP512R1:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4808 return LOAD_GROUP_A(brainpoolP512r1);
4809# endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4810
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4811# if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4812 case MBEDTLS_ECP_DP_CURVE25519:
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4813 grp->modp = ecp_mod_p255;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4814 return ecp_use_curve25519(grp);
4815# endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4816
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4817# if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4818 case MBEDTLS_ECP_DP_CURVE448:
4819 grp->modp = ecp_mod_p448;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4820 return ecp_use_curve448(grp);
4821# endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4822
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4823 default:
Alexander K56a74cd2019-09-10 17:58:20 +0300[diff] [blame]4824 grp->id = MBEDTLS_ECP_DP_NONE;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4825 return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4826 }
4827}
4828
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4829# if defined(MBEDTLS_ECP_NIST_OPTIM)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4830/*
4831 * Fast reduction modulo the primes used by the NIST curves.
4832 *
4833 * These functions are critical for speed, but not needed for correct
4834 * operations. So, we make the choice to heavily rely on the internals of our
4835 * bignum library, which creates a tight coupling between these functions and
4836 * our MPI implementation. However, the coupling between the ECP module and
4837 * MPI remains loose, since these functions can be deactivated at will.
4838 */
4839
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4840# if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4841/*
4842 * Compared to the way things are presented in FIPS 186-3 D.2,
4843 * we proceed in columns, from right (least significant chunk) to left,
4844 * adding chunks to N in place, and keeping a carry for the next chunk.
4845 * This avoids moving things around in memory, and uselessly adding zeros,
4846 * compared to the more straightforward, line-oriented approach.
4847 *
4848 * For this prime we need to handle data in chunks of 64 bits.
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4849 * Since this is always a multiple of our basic mbedtls_mpi_uint, we can
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4850 * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle
4851 * it.
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4852 */
4853
4854/* Add 64-bit chunks (dst += src) and update carry */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4855static inline void
4856add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4857{
4858 unsigned char i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4859 mbedtls_mpi_uint c = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4860 for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
4861 *dst += c;
4862 c = (*dst < c);
4863 *dst += *src;
4864 c += (*dst < *src);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4865 }
4866 *carry += c;
4867}
4868
4869/* Add carry to a 64-bit chunk and update carry */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4870static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4871{
4872 unsigned char i;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4873 for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4874 *dst += *carry;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4875 *carry = (*dst < *carry);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4876 }
4877}
4878
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4879# define WIDTH 8 / sizeof(mbedtls_mpi_uint)
4880# define A(i) N->p + (i)*WIDTH
4881# define ADD(i) add64(p, A(i), &c)
4882# define NEXT \
4883 p += WIDTH; \
4884 carry64(p, &c)
4885# define LAST \
4886 p += WIDTH; \
4887 *p = c; \
4888 while (++p < end) \
4889 *p = 0
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4890
4891/*
4892 * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
4893 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4894static int ecp_mod_p192(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4895{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4896 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4897 mbedtls_mpi_uint c = 0;
4898 mbedtls_mpi_uint *p, *end;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4899
4900 /* Make sure we have enough blocks so that A(5) is legal */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4901 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH));
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4902
4903 p = N->p;
4904 end = p + N->n;
4905
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4906 ADD(3);
4907 ADD(5);
4908 NEXT; // A0 += A3 + A5
4909 ADD(3);
4910 ADD(4);
4911 ADD(5);
4912 NEXT; // A1 += A3 + A4 + A5
4913 ADD(4);
4914 ADD(5);
4915 LAST; // A2 += A4 + A5
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4916
4917cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4918 return ret;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4919}
4920
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4921# undef WIDTH
4922# undef A
4923# undef ADD
4924# undef NEXT
4925# undef LAST
4926# endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4927
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4928# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
4929 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
4930 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4931/*
4932 * The reader is advised to first understand ecp_mod_p192() since the same
4933 * general structure is used here, but with additional complications:
4934 * (1) chunks of 32 bits, and (2) subtractions.
4935 */
4936
4937/*
4938 * For these primes, we need to handle data in chunks of 32 bits.
4939 * This makes it more complicated if we use 64 bits limbs in MPI,
4940 * which prevents us from using a uniform access method as for p192.
4941 *
4942 * So, we define a mini abstraction layer to access 32 bit chunks,
4943 * load them in 'cur' for work, and store them back from 'cur' when done.
4944 *
4945 * While at it, also define the size of N in terms of 32-bit chunks.
4946 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4947# define LOAD32 cur = A(i);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4948
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4949# if defined(MBEDTLS_HAVE_INT32) /* 32 bit */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4950
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4951# define MAX32 N->n
4952# define A(j) N->p[j]
4953# define STORE32 N->p[i] = cur;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4954
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4955# else /* 64-bit */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4956
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4957# define MAX32 N->n * 2
4958# define A(j) \
4959 (j) % 2 ? (uint32_t)(N->p[(j) / 2] >> 32) : \
4960 (uint32_t)(N->p[(j) / 2])
4961# define STORE32 \
4962 if (i % 2) { \
4963 N->p[i / 2] &= 0x00000000FFFFFFFF; \
4964 N->p[i / 2] |= ((mbedtls_mpi_uint)cur) << 32; \
4965 } else { \
4966 N->p[i / 2] &= 0xFFFFFFFF00000000; \
4967 N->p[i / 2] |= (mbedtls_mpi_uint)cur; \
4968 }
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4969
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4970# endif /* sizeof( mbedtls_mpi_uint ) */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4971
4972/*
4973 * Helpers for addition and subtraction of chunks, with signed carry.
4974 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4975static inline void add32(uint32_t *dst, uint32_t src, signed char *carry)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4976{
4977 *dst += src;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4978 *carry += (*dst < src);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4979}
4980
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4981static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4982{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4983 *carry -= (*dst < src);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4984 *dst -= src;
4985}
4986
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4987# define ADD(j) add32(&cur, A(j), &c);
4988# define SUB(j) sub32(&cur, A(j), &c);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4989
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4990# define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
4991# define biL (ciL << 3) /* bits in limb */
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]4992
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4993/*
4994 * Helpers for the main 'loop'
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4995 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]4996# define INIT(b) \
4997 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \
4998 signed char c = 0, cc; \
4999 uint32_t cur; \
5000 size_t i = 0, bits = (b); \
5001 /* N is the size of the product of two b-bit numbers, plus \
5002 * one */ \
5003 /* limb for fix_negative */ \
5004 MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b)*2 / biL + 1)); \
5005 LOAD32;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5006
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5007# define NEXT \
5008 STORE32; \
5009 i++; \
5010 LOAD32; \
5011 cc = c; \
5012 c = 0; \
5013 if (cc < 0) \
5014 sub32(&cur, -cc, &c); \
5015 else \
5016 add32(&cur, cc, &c);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5017
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5018# define LAST \
5019 STORE32; \
5020 i++; \
5021 cur = c > 0 ? c : 0; \
5022 STORE32; \
5023 cur = 0; \
5024 while (++i < MAX32) { \
5025 STORE32; \
5026 } \
5027 if (c < 0) \
5028 mbedtls_ecp_fix_negative(N, c, bits);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5029
5030/*
5031 * If the result is negative, we get it in the form
Gilles Peskine349b3722021-04-03 21:40:11 +0200[diff] [blame]5032 * c * 2^bits + N, with c negative and N positive shorter than 'bits'
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5033 */
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]5034MBEDTLS_STATIC_TESTABLE
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5035void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5036{
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]5037 size_t i;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5038
Gilles Peskineff6a32d2021-04-03 20:21:43 +0200[diff] [blame]5039 /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
5040 * set the absolute value to 0xfff...fff - N. There is no carry
5041 * since we're subtracting from all-bits-one. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5042 for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) {
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]5043 N->p[i] = ~(mbedtls_mpi_uint)0 - N->p[i];
5044 }
Gilles Peskineff6a32d2021-04-03 20:21:43 +0200[diff] [blame]5045 /* Add 1, taking care of the carry. */
5046 i = 0;
5047 do
5048 ++N->p[i];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5049 while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));
Gilles Peskineff6a32d2021-04-03 20:21:43 +0200[diff] [blame]5050 /* Invert the sign.
5051 * Now N = N0 - 2^bits where N0 is the initial value of N. */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5052 N->s = -1;
5053
Gilles Peskine349b3722021-04-03 21:40:11 +0200[diff] [blame]5054 /* Add |c| * 2^bits to the absolute value. Since c and N are
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5055 * negative, this adds c * 2^bits. */
5056 mbedtls_mpi_uint msw = (mbedtls_mpi_uint)-c;
5057# if defined(MBEDTLS_HAVE_INT64)
5058 if (bits == 224)
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]5059 msw <<= 32;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5060# endif
5061 N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5062}
5063
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5064# if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5065/*
5066 * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
5067 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5068static int ecp_mod_p224(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5069{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5070 INIT(224);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5071
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5072 SUB(7);
5073 SUB(11);
5074 NEXT; // A0 += -A7 - A11
5075 SUB(8);
5076 SUB(12);
5077 NEXT; // A1 += -A8 - A12
5078 SUB(9);
5079 SUB(13);
5080 NEXT; // A2 += -A9 - A13
5081 SUB(10);
5082 ADD(7);
5083 ADD(11);
5084 NEXT; // A3 += -A10 + A7 + A11
5085 SUB(11);
5086 ADD(8);
5087 ADD(12);
5088 NEXT; // A4 += -A11 + A8 + A12
5089 SUB(12);
5090 ADD(9);
5091 ADD(13);
5092 NEXT; // A5 += -A12 + A9 + A13
5093 SUB(13);
5094 ADD(10);
5095 LAST; // A6 += -A13 + A10
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5096
5097cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5098 return ret;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5099}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5100# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5101
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5102# if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5103/*
5104 * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
5105 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5106static int ecp_mod_p256(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5107{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5108 INIT(256);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5109
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5110 ADD(8);
5111 ADD(9);
5112 SUB(11);
5113 SUB(12);
5114 SUB(13);
5115 SUB(14);
5116 NEXT; // A0
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5117
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5118 ADD(9);
5119 ADD(10);
5120 SUB(12);
5121 SUB(13);
5122 SUB(14);
5123 SUB(15);
5124 NEXT; // A1
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5125
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5126 ADD(10);
5127 ADD(11);
5128 SUB(13);
5129 SUB(14);
5130 SUB(15);
5131 NEXT; // A2
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5132
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5133 ADD(11);
5134 ADD(11);
5135 ADD(12);
5136 ADD(12);
5137 ADD(13);
5138 SUB(15);
5139 SUB(8);
5140 SUB(9);
5141 NEXT; // A3
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5142
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5143 ADD(12);
5144 ADD(12);
5145 ADD(13);
5146 ADD(13);
5147 ADD(14);
5148 SUB(9);
5149 SUB(10);
5150 NEXT; // A4
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5151
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5152 ADD(13);
5153 ADD(13);
5154 ADD(14);
5155 ADD(14);
5156 ADD(15);
5157 SUB(10);
5158 SUB(11);
5159 NEXT; // A5
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5160
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5161 ADD(14);
5162 ADD(14);
5163 ADD(15);
5164 ADD(15);
5165 ADD(14);
5166 ADD(13);
5167 SUB(8);
5168 SUB(9);
5169 NEXT; // A6
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5170
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5171 ADD(15);
5172 ADD(15);
5173 ADD(15);
5174 ADD(8);
5175 SUB(10);
5176 SUB(11);
5177 SUB(12);
5178 SUB(13);
5179 LAST; // A7
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5180
5181cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5182 return ret;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5183}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5184# endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5185
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5186# if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5187/*
5188 * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
5189 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5190static int ecp_mod_p384(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5191{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5192 INIT(384);
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5193
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5194 ADD(12);
5195 ADD(21);
5196 ADD(20);
5197 SUB(23);
5198 NEXT; // A0
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5199
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5200 ADD(13);
5201 ADD(22);
5202 ADD(23);
5203 SUB(12);
5204 SUB(20);
5205 NEXT; // A2
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5206
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5207 ADD(14);
5208 ADD(23);
5209 SUB(13);
5210 SUB(21);
5211 NEXT; // A2
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5212
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5213 ADD(15);
5214 ADD(12);
5215 ADD(20);
5216 ADD(21);
5217 SUB(14);
5218 SUB(22);
5219 SUB(23);
5220 NEXT; // A3
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5221
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5222 ADD(21);
5223 ADD(21);
5224 ADD(16);
5225 ADD(13);
5226 ADD(12);
5227 ADD(20);
5228 ADD(22);
5229 SUB(15);
5230 SUB(23);
5231 SUB(23);
5232 NEXT; // A4
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5233
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5234 ADD(22);
5235 ADD(22);
5236 ADD(17);
5237 ADD(14);
5238 ADD(13);
5239 ADD(21);
5240 ADD(23);
5241 SUB(16);
5242 NEXT; // A5
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5243
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5244 ADD(23);
5245 ADD(23);
5246 ADD(18);
5247 ADD(15);
5248 ADD(14);
5249 ADD(22);
5250 SUB(17);
5251 NEXT; // A6
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5252
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5253 ADD(19);
5254 ADD(16);
5255 ADD(15);
5256 ADD(23);
5257 SUB(18);
5258 NEXT; // A7
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5259
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5260 ADD(20);
5261 ADD(17);
5262 ADD(16);
5263 SUB(19);
5264 NEXT; // A8
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5265
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5266 ADD(21);
5267 ADD(18);
5268 ADD(17);
5269 SUB(20);
5270 NEXT; // A9
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5271
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5272 ADD(22);
5273 ADD(19);
5274 ADD(18);
5275 SUB(21);
5276 NEXT; // A10
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5277
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5278 ADD(23);
5279 ADD(20);
5280 ADD(19);
5281 SUB(22);
5282 LAST; // A11
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5283
5284cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5285 return ret;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5286}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5287# endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5288
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5289# undef A
5290# undef LOAD32
5291# undef STORE32
5292# undef MAX32
5293# undef INIT
5294# undef NEXT
5295# undef LAST
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5296
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5297# endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || \
5298 MBEDTLS_ECP_DP_SECP256R1_ENABLED || \
5299 MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5300
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5301# if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5302/*
5303 * Here we have an actual Mersenne prime, so things are more straightforward.
5304 * However, chunks are aligned on a 'weird' boundary (521 bits).
5305 */
5306
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5307/* Size of p521 in terms of mbedtls_mpi_uint */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5308# define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5309
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5310/* Bits to keep in the most significant mbedtls_mpi_uint */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5311# define P521_MASK 0x01FF
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5312
5313/*
5314 * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
5315 * Write N as A1 + 2^521 A0, return A0 + A1
5316 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5317static int ecp_mod_p521(mbedtls_mpi *N)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5318{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5319 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5320 size_t i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5321 mbedtls_mpi M;
5322 mbedtls_mpi_uint Mp[P521_WIDTH + 1];
5323 /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits:
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5324 * we need to hold bits 513 to 1056, which is 34 limbs, that is
5325 * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
5326
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5327 if (N->n < P521_WIDTH)
5328 return 0;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5329
5330 /* M = A1 */
5331 M.s = 1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5332 M.n = N->n - (P521_WIDTH - 1);
5333 if (M.n > P521_WIDTH + 1)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5334 M.n = P521_WIDTH + 1;
5335 M.p = Mp;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5336 memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
5337 MBEDTLS_MPI_CHK(
5338 mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint))));
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5339
5340 /* N = A0 */
5341 N->p[P521_WIDTH - 1] &= P521_MASK;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5342 for (i = P521_WIDTH; i < N->n; i++)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5343 N->p[i] = 0;
5344
5345 /* N = A0 + A1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5346 MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5347
5348cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5349 return ret;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5350}
5351
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5352# undef P521_WIDTH
5353# undef P521_MASK
5354# endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5355
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5356# endif /* MBEDTLS_ECP_NIST_OPTIM */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5357
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5358# if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5359
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5360/* Size of p255 in terms of mbedtls_mpi_uint */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5361# define P255_WIDTH (255 / 8 / sizeof(mbedtls_mpi_uint) + 1)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5362
5363/*
5364 * Fast quasi-reduction modulo p255 = 2^255 - 19
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5365 * Write N as A0 + 2^255 A1, return A0 + 19 * A1
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5366 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5367static int ecp_mod_p255(mbedtls_mpi *N)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5368{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5369 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5370 size_t i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5371 mbedtls_mpi M;
5372 mbedtls_mpi_uint Mp[P255_WIDTH + 2];
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5373
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5374 if (N->n < P255_WIDTH)
5375 return 0;
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5376
5377 /* M = A1 */
5378 M.s = 1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5379 M.n = N->n - (P255_WIDTH - 1);
5380 if (M.n > P255_WIDTH + 1)
5381 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5382 M.p = Mp;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5383 memset(Mp, 0, sizeof(Mp));
5384 memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
5385 MBEDTLS_MPI_CHK(
5386 mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint))));
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5387 M.n++; /* Make room for multiplication by 19 */
5388
5389 /* N = A0 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5390 MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(N, 255, 0));
5391 for (i = P255_WIDTH; i < N->n; i++)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5392 N->p[i] = 0;
5393
5394 /* N = A0 + 19 * A1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5395 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &M, 19));
5396 MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5397
5398cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5399 return ret;
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5400}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5401# endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5402
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5403# if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5404
5405/* Size of p448 in terms of mbedtls_mpi_uint */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5406# define P448_WIDTH (448 / 8 / sizeof(mbedtls_mpi_uint))
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5407
5408/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5409# define DIV_ROUND_UP(X, Y) (((X) + (Y)-1) / (Y))
5410# define P224_WIDTH_MIN (28 / sizeof(mbedtls_mpi_uint))
5411# define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint))
5412# define P224_UNUSED_BITS \
5413 ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5414
5415/*
5416 * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
5417 * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return
5418 * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference
5419 * implementation of Curve448, which uses its own special 56-bit limbs rather
5420 * than a generic bignum library. We could squeeze some extra speed out on
5421 * 32-bit machines by splitting N up into 32-bit limbs and doing the
5422 * arithmetic using the limbs directly as we do for the NIST primes above,
5423 * but for 64-bit targets it should use half the number of operations if we do
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5424 * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit
5425 * adds.
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5426 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5427static int ecp_mod_p448(mbedtls_mpi *N)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5428{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5429 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5430 size_t i;
5431 mbedtls_mpi M, Q;
5432 mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
5433
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5434 if (N->n <= P448_WIDTH)
5435 return 0;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5436
5437 /* M = A1 */
5438 M.s = 1;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5439 M.n = N->n - (P448_WIDTH);
5440 if (M.n > P448_WIDTH)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5441 /* Shouldn't be called with N larger than 2^896! */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5442 return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5443 M.p = Mp;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5444 memset(Mp, 0, sizeof(Mp));
5445 memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5446
5447 /* N = A0 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5448 for (i = P448_WIDTH; i < N->n; i++)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5449 N->p[i] = 0;
5450
5451 /* N += A1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5452 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5453
5454 /* Q = B1, N += B1 */
5455 Q = M;
5456 Q.p = Qp;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5457 memcpy(Qp, Mp, sizeof(Qp));
5458 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224));
5459 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5460
5461 /* M = (B0 + B1) * 2^224, N += M */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5462 if (sizeof(mbedtls_mpi_uint) > 4)
5463 Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
5464 for (i = P224_WIDTH_MAX; i < M.n; ++i)
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5465 Mp[i] = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5466 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));
5467 M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition
5468 */
5469 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));
5470 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5471
5472cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5473 return ret;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5474}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5475# endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5476
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5477# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
5478 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
5479 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5480/*
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5481 * Fast quasi-reduction modulo P = 2^s - R,
5482 * with R about 33 bits, used by the Koblitz curves.
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5483 *
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5484 * Write N as A0 + 2^224 A1, return A0 + R * A1.
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5485 * Actually do two passes, since R is big.
5486 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5487# define P_KOBLITZ_MAX \
5488 (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
5489# define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
5490static inline int ecp_mod_koblitz(mbedtls_mpi *N,
5491 mbedtls_mpi_uint *Rp,
5492 size_t p_limbs,
5493 size_t adjust,
5494 size_t shift,
5495 mbedtls_mpi_uint mask)
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5496{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5497 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5498 size_t i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5499 mbedtls_mpi M, R;
Janos Follath7dadc2f2017-01-27 16:05:20 +0000[diff] [blame]5500 mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5501
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5502 if (N->n < p_limbs)
5503 return 0;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5504
5505 /* Init R */
5506 R.s = 1;
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5507 R.p = Rp;
5508 R.n = P_KOBLITZ_R;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5509
5510 /* Common setup for M */
5511 M.s = 1;
5512 M.p = Mp;
5513
5514 /* M = A1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5515 M.n = N->n - (p_limbs - adjust);
5516 if (M.n > p_limbs + adjust)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5517 M.n = p_limbs + adjust;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5518 memset(Mp, 0, sizeof(Mp));
5519 memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
5520 if (shift != 0)
5521 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
Janos Follath7dadc2f2017-01-27 16:05:20 +0000[diff] [blame]5522 M.n += R.n; /* Make room for multiplication by R */
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5523
5524 /* N = A0 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5525 if (mask != 0)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5526 N->p[p_limbs - 1] &= mask;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5527 for (i = p_limbs; i < N->n; i++)
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5528 N->p[i] = 0;
5529
5530 /* N = A0 + R * A1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5531 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
5532 MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5533
5534 /* Second pass */
5535
5536 /* M = A1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5537 M.n = N->n - (p_limbs - adjust);
5538 if (M.n > p_limbs + adjust)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5539 M.n = p_limbs + adjust;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5540 memset(Mp, 0, sizeof(Mp));
5541 memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
5542 if (shift != 0)
5543 MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
Janos Follath7dadc2f2017-01-27 16:05:20 +0000[diff] [blame]5544 M.n += R.n; /* Make room for multiplication by R */
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5545
5546 /* N = A0 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5547 if (mask != 0)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5548 N->p[p_limbs - 1] &= mask;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5549 for (i = p_limbs; i < N->n; i++)
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5550 N->p[i] = 0;
5551
5552 /* N = A0 + R * A1 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5553 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
5554 MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5555
5556cleanup:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5557 return ret;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5558}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5559# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
5560 MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
5561 MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5562
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5563# if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5564/*
5565 * Fast quasi-reduction modulo p192k1 = 2^192 - R,
5566 * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
5567 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5568static int ecp_mod_p192k1(mbedtls_mpi *N)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5569{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5570 static mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(
5571 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) };
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5572
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5573 return (
5574 ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0));
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5575}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5576# endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5577
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5578# if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5579/*
5580 * Fast quasi-reduction modulo p224k1 = 2^224 - R,
5581 * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
5582 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5583static int ecp_mod_p224k1(mbedtls_mpi *N)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5584{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5585 static mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(
5586 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) };
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5587
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5588# if defined(MBEDTLS_HAVE_INT64)
5589 return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);
5590# else
5591 return (
5592 ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0));
5593# endif
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5594}
5595
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5596# endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5597
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5598# if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5599/*
5600 * Fast quasi-reduction modulo p256k1 = 2^256 - R,
5601 * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
5602 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5603static int ecp_mod_p256k1(mbedtls_mpi *N)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5604{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5605 static mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(
5606 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) };
5607 return (
5608 ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0));
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5609}
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5610# endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5611
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5612# endif /* !MBEDTLS_ECP_ALT */
Janos Follathb0697532016-08-18 12:38:46 +0100[diff] [blame]5613
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5614#endif /* MBEDTLS_ECP_C */