TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f72803d6f98669ed8e04e81da4dec4cc31c17041 / . / library / ecp_curves.c
blob: 8bc80cd4e6e907e47f89efc595556ada4397ab59 [file] [log] [blame]
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]1/*
2 * Elliptic curves over GF(p): curve-specific data and functions
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]18 */
19
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]20#include "common.h"
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]21
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]22#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]23
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]24#include "mbedtls/ecp.h"
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]25#include "mbedtls/platform_util.h"
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]26#include "mbedtls/error.h"
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]27
Janos Follath8c70e812021-06-24 14:48:38 +0100[diff] [blame]28#include "bn_mul.h"
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]29#include "bignum_internal.h"
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]30#include "ecp_invasive.h"
31
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]32#include <string.h>
33
Janos Follathb0697532016-08-18 12:38:46 +0100[diff] [blame]34#if !defined(MBEDTLS_ECP_ALT)
35
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]36/* Parameter validation macros based on platform_util.h */
37#define ECP_VALIDATE_RET( cond ) \
38 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
39#define ECP_VALIDATE( cond ) \
40 MBEDTLS_INTERNAL_VALIDATE( cond )
41
Manuel Pégourié-Gonnard0223ab92015-10-05 11:40:01 +0100[diff] [blame]42#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
43 !defined(inline) && !defined(__cplusplus)
Paul Bakker498fd352013-12-02 22:17:24 +0100[diff] [blame]44#define inline __inline
Manuel Pégourié-Gonnard20af64d2015-07-07 18:33:39 +0200[diff] [blame]45#endif
Paul Bakker498fd352013-12-02 22:17:24 +0100[diff] [blame]46
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]47#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
48
Manuel Pégourié-Gonnard2389a602021-06-23 12:25:48 +0200[diff] [blame]49#define ECP_MPI_INIT_ARRAY(x) \
50 ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
51
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]52#define ECP_POINT_INIT_XY_Z0(x, y) { \
Manuel Pégourié-Gonnard2389a602021-06-23 12:25:48 +0200[diff] [blame]53 ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 0, NULL) }
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]54#define ECP_POINT_INIT_XY_Z1(x, y) { \
Manuel Pégourié-Gonnard2389a602021-06-23 12:25:48 +0200[diff] [blame]55 ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 1, mpi_one) }
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]56
57#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
58 defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
59 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
60 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
61 defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
62 defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
63 defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
64 defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
65 defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
66 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
67 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
68/* For these curves, we build the group parameters dynamically. */
69#define ECP_LOAD_GROUP
70static mbedtls_mpi_uint mpi_one[] = {1};
71#endif
72
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]73/*
Manuel Pégourié-Gonnard14a96c52013-12-11 12:15:28 +0100[diff] [blame]74 * Note: the constants are in little-endian order
75 * to be directly usable in MPIs
76 */
77
78/*
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]79 * Domain parameters for secp192r1
80 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
82static const mbedtls_mpi_uint secp192r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]83 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
84 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
85 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]86};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]87static const mbedtls_mpi_uint secp192r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]88 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
89 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
90 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]91};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92static const mbedtls_mpi_uint secp192r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]93 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
94 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
95 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]96};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97static const mbedtls_mpi_uint secp192r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]98 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
99 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
100 MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]101};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102static const mbedtls_mpi_uint secp192r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]103 MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
104 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
105 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]106};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]107#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
108static const mbedtls_mpi_uint secp192r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]109 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
110 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
111 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]112};
113static const mbedtls_mpi_uint secp192r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]114 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
115 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
116 MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]117};
118static const mbedtls_mpi_uint secp192r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]119 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2 ),
120 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6 ),
121 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]122};
123static const mbedtls_mpi_uint secp192r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]124 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A ),
125 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F ),
126 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]127};
128static const mbedtls_mpi_uint secp192r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]129 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB ),
130 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13 ),
131 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]132};
133static const mbedtls_mpi_uint secp192r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]134 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6 ),
135 MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87 ),
136 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]137};
138static const mbedtls_mpi_uint secp192r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]139 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5 ),
140 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A ),
141 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]142};
143static const mbedtls_mpi_uint secp192r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]144 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4 ),
145 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED ),
146 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]147};
148static const mbedtls_mpi_uint secp192r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]149 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E ),
150 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59 ),
151 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]152};
153static const mbedtls_mpi_uint secp192r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]154 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB ),
155 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39 ),
156 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]157};
158static const mbedtls_mpi_uint secp192r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]159 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E ),
160 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6 ),
161 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]162};
163static const mbedtls_mpi_uint secp192r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]164 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F ),
165 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89 ),
166 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]167};
168static const mbedtls_mpi_uint secp192r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]169 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06 ),
170 MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15 ),
171 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]172};
173static const mbedtls_mpi_uint secp192r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]174 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E ),
175 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2 ),
176 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]177};
178static const mbedtls_mpi_uint secp192r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]179 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43 ),
180 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70 ),
181 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]182};
183static const mbedtls_mpi_uint secp192r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]184 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D ),
185 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46 ),
186 MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]187};
188static const mbedtls_mpi_uint secp192r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]189 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD ),
190 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64 ),
191 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]192};
193static const mbedtls_mpi_uint secp192r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]194 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85 ),
195 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63 ),
196 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]197};
198static const mbedtls_mpi_uint secp192r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]199 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C ),
200 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68 ),
201 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]202};
203static const mbedtls_mpi_uint secp192r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]204 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11 ),
205 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7 ),
206 MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]207};
208static const mbedtls_mpi_uint secp192r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]209 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32 ),
210 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65 ),
211 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]212};
213static const mbedtls_mpi_uint secp192r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]214 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF ),
215 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D ),
216 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]217};
218static const mbedtls_mpi_uint secp192r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]219 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA ),
220 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE ),
221 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]222};
223static const mbedtls_mpi_uint secp192r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]224 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33 ),
225 MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60 ),
226 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]227};
228static const mbedtls_mpi_uint secp192r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]229 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19 ),
230 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF ),
231 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]232};
233static const mbedtls_mpi_uint secp192r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]234 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40 ),
235 MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17 ),
236 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]237};
238static const mbedtls_mpi_uint secp192r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]239 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45 ),
240 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98 ),
241 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]242};
243static const mbedtls_mpi_uint secp192r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]244 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C ),
245 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02 ),
246 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]247};
248static const mbedtls_mpi_uint secp192r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]249 MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B ),
250 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32 ),
251 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]252};
253static const mbedtls_mpi_uint secp192r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]254 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85 ),
255 MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E ),
256 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]257};
258static const mbedtls_mpi_uint secp192r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]259 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4 ),
260 MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F ),
261 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]262};
263static const mbedtls_mpi_uint secp192r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]264 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F ),
265 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13 ),
266 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]267};
268static const mbedtls_ecp_point secp192r1_T[16] = {
269 ECP_POINT_INIT_XY_Z1(secp192r1_T_0_X, secp192r1_T_0_Y),
270 ECP_POINT_INIT_XY_Z0(secp192r1_T_1_X, secp192r1_T_1_Y),
271 ECP_POINT_INIT_XY_Z0(secp192r1_T_2_X, secp192r1_T_2_Y),
272 ECP_POINT_INIT_XY_Z0(secp192r1_T_3_X, secp192r1_T_3_Y),
273 ECP_POINT_INIT_XY_Z0(secp192r1_T_4_X, secp192r1_T_4_Y),
274 ECP_POINT_INIT_XY_Z0(secp192r1_T_5_X, secp192r1_T_5_Y),
275 ECP_POINT_INIT_XY_Z0(secp192r1_T_6_X, secp192r1_T_6_Y),
276 ECP_POINT_INIT_XY_Z0(secp192r1_T_7_X, secp192r1_T_7_Y),
277 ECP_POINT_INIT_XY_Z0(secp192r1_T_8_X, secp192r1_T_8_Y),
278 ECP_POINT_INIT_XY_Z0(secp192r1_T_9_X, secp192r1_T_9_Y),
279 ECP_POINT_INIT_XY_Z0(secp192r1_T_10_X, secp192r1_T_10_Y),
280 ECP_POINT_INIT_XY_Z0(secp192r1_T_11_X, secp192r1_T_11_Y),
281 ECP_POINT_INIT_XY_Z0(secp192r1_T_12_X, secp192r1_T_12_Y),
282 ECP_POINT_INIT_XY_Z0(secp192r1_T_13_X, secp192r1_T_13_Y),
283 ECP_POINT_INIT_XY_Z0(secp192r1_T_14_X, secp192r1_T_14_Y),
284 ECP_POINT_INIT_XY_Z0(secp192r1_T_15_X, secp192r1_T_15_Y),
285};
286#else
287#define secp192r1_T NULL
288#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]290
291/*
292 * Domain parameters for secp224r1
293 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]294#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
295static const mbedtls_mpi_uint secp224r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]296 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
297 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
298 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
299 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]300};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]301static const mbedtls_mpi_uint secp224r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]302 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
303 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
304 MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
305 MBEDTLS_BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]306};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]307static const mbedtls_mpi_uint secp224r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]308 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
309 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
310 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
311 MBEDTLS_BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]312};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]313static const mbedtls_mpi_uint secp224r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]314 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
315 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
316 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
317 MBEDTLS_BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]318};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]319static const mbedtls_mpi_uint secp224r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]320 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
321 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
322 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
323 MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]324};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]325#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
326static const mbedtls_mpi_uint secp224r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]327 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
328 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
329 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
330 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]331};
332static const mbedtls_mpi_uint secp224r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]333 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
334 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
335 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
336 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]337};
338static const mbedtls_mpi_uint secp224r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]339 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA ),
340 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E ),
341 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01 ),
342 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]343};
344static const mbedtls_mpi_uint secp224r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]345 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58 ),
346 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C ),
347 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25 ),
348 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]349};
350static const mbedtls_mpi_uint secp224r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]351 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3 ),
352 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65 ),
353 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1 ),
354 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]355};
356static const mbedtls_mpi_uint secp224r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]357 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6 ),
358 MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45 ),
359 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A ),
360 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]361};
362static const mbedtls_mpi_uint secp224r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]363 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2 ),
364 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64 ),
365 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA ),
366 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]367};
368static const mbedtls_mpi_uint secp224r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]369 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76 ),
370 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42 ),
371 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98 ),
372 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]373};
374static const mbedtls_mpi_uint secp224r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]375 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7 ),
376 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61 ),
377 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45 ),
378 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]379};
380static const mbedtls_mpi_uint secp224r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]381 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8 ),
382 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA ),
383 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA ),
384 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]385};
386static const mbedtls_mpi_uint secp224r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]387 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1 ),
388 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2 ),
389 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE ),
390 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]391};
392static const mbedtls_mpi_uint secp224r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]393 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48 ),
394 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D ),
395 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D ),
396 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]397};
398static const mbedtls_mpi_uint secp224r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]399 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC ),
400 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71 ),
401 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF ),
402 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]403};
404static const mbedtls_mpi_uint secp224r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]405 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85 ),
406 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F ),
407 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92 ),
408 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]409};
410static const mbedtls_mpi_uint secp224r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]411 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58 ),
412 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F ),
413 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6 ),
414 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]415};
416static const mbedtls_mpi_uint secp224r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]417 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10 ),
418 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02 ),
419 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D ),
420 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]421};
422static const mbedtls_mpi_uint secp224r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]423 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF ),
424 MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17 ),
425 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD ),
426 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]427};
428static const mbedtls_mpi_uint secp224r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]429 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE ),
430 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A ),
431 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45 ),
432 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]433};
434static const mbedtls_mpi_uint secp224r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]435 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0 ),
436 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82 ),
437 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9 ),
438 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]439};
440static const mbedtls_mpi_uint secp224r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]441 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79 ),
442 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E ),
443 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58 ),
444 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]445};
446static const mbedtls_mpi_uint secp224r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]447 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA ),
448 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74 ),
449 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C ),
450 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]451};
452static const mbedtls_mpi_uint secp224r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]453 MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E ),
454 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C ),
455 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25 ),
456 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]457};
458static const mbedtls_mpi_uint secp224r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]459 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1 ),
460 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35 ),
461 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB ),
462 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]463};
464static const mbedtls_mpi_uint secp224r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]465 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B ),
466 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D ),
467 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8 ),
468 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]469};
470static const mbedtls_mpi_uint secp224r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]471 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE ),
472 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5 ),
473 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46 ),
474 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]475};
476static const mbedtls_mpi_uint secp224r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]477 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39 ),
478 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40 ),
479 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE ),
480 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]481};
482static const mbedtls_mpi_uint secp224r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]483 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E ),
484 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F ),
485 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A ),
486 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]487};
488static const mbedtls_mpi_uint secp224r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]489 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD ),
490 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8 ),
491 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2 ),
492 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]493};
494static const mbedtls_mpi_uint secp224r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]495 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07 ),
496 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE ),
497 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E ),
498 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]499};
500static const mbedtls_mpi_uint secp224r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]501 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3 ),
502 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B ),
503 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04 ),
504 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]505};
506static const mbedtls_mpi_uint secp224r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]507 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3 ),
508 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A ),
509 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63 ),
510 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]511};
512static const mbedtls_mpi_uint secp224r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]513 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45 ),
514 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6 ),
515 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79 ),
516 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]517};
518static const mbedtls_ecp_point secp224r1_T[16] = {
519 ECP_POINT_INIT_XY_Z1(secp224r1_T_0_X, secp224r1_T_0_Y),
520 ECP_POINT_INIT_XY_Z0(secp224r1_T_1_X, secp224r1_T_1_Y),
521 ECP_POINT_INIT_XY_Z0(secp224r1_T_2_X, secp224r1_T_2_Y),
522 ECP_POINT_INIT_XY_Z0(secp224r1_T_3_X, secp224r1_T_3_Y),
523 ECP_POINT_INIT_XY_Z0(secp224r1_T_4_X, secp224r1_T_4_Y),
524 ECP_POINT_INIT_XY_Z0(secp224r1_T_5_X, secp224r1_T_5_Y),
525 ECP_POINT_INIT_XY_Z0(secp224r1_T_6_X, secp224r1_T_6_Y),
526 ECP_POINT_INIT_XY_Z0(secp224r1_T_7_X, secp224r1_T_7_Y),
527 ECP_POINT_INIT_XY_Z0(secp224r1_T_8_X, secp224r1_T_8_Y),
528 ECP_POINT_INIT_XY_Z0(secp224r1_T_9_X, secp224r1_T_9_Y),
529 ECP_POINT_INIT_XY_Z0(secp224r1_T_10_X, secp224r1_T_10_Y),
530 ECP_POINT_INIT_XY_Z0(secp224r1_T_11_X, secp224r1_T_11_Y),
531 ECP_POINT_INIT_XY_Z0(secp224r1_T_12_X, secp224r1_T_12_Y),
532 ECP_POINT_INIT_XY_Z0(secp224r1_T_13_X, secp224r1_T_13_Y),
533 ECP_POINT_INIT_XY_Z0(secp224r1_T_14_X, secp224r1_T_14_Y),
534 ECP_POINT_INIT_XY_Z0(secp224r1_T_15_X, secp224r1_T_15_Y),
535};
536#else
537#define secp224r1_T NULL
538#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]539#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]540
541/*
542 * Domain parameters for secp256r1
543 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]544#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
545static const mbedtls_mpi_uint secp256r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]546 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
547 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
548 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
549 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]550};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]551static const mbedtls_mpi_uint secp256r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]552 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
553 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
554 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
555 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]556};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]557static const mbedtls_mpi_uint secp256r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]558 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
559 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
560 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
561 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]562};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]563static const mbedtls_mpi_uint secp256r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]564 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
565 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
566 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
567 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]568};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]569static const mbedtls_mpi_uint secp256r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]570 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
571 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
572 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
573 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]574};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]575#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
576static const mbedtls_mpi_uint secp256r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]577 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
578 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
579 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
580 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]581};
582static const mbedtls_mpi_uint secp256r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]583 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
584 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
585 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
586 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]587};
588static const mbedtls_mpi_uint secp256r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]589 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7 ),
590 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59 ),
591 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF ),
592 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]593};
594static const mbedtls_mpi_uint secp256r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]595 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE ),
596 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62 ),
597 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7 ),
598 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]599};
600static const mbedtls_mpi_uint secp256r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]601 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD ),
602 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6 ),
603 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28 ),
604 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]605};
606static const mbedtls_mpi_uint secp256r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]607 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F ),
608 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3 ),
609 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1 ),
610 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]611};
612static const mbedtls_mpi_uint secp256r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]613 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE ),
614 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3 ),
615 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB ),
616 MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]617};
618static const mbedtls_mpi_uint secp256r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]619 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89 ),
620 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22 ),
621 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F ),
622 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]623};
624static const mbedtls_mpi_uint secp256r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]625 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B ),
626 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7 ),
627 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F ),
628 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]629};
630static const mbedtls_mpi_uint secp256r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]631 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A ),
632 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5 ),
633 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40 ),
634 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]635};
636static const mbedtls_mpi_uint secp256r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]637 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D ),
638 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05 ),
639 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76 ),
640 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]641};
642static const mbedtls_mpi_uint secp256r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]643 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53 ),
644 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B ),
645 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11 ),
646 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]647};
648static const mbedtls_mpi_uint secp256r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]649 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D ),
650 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13 ),
651 MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD ),
652 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]653};
654static const mbedtls_mpi_uint secp256r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]655 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02 ),
656 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67 ),
657 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C ),
658 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]659};
660static const mbedtls_mpi_uint secp256r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]661 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE ),
662 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50 ),
663 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3 ),
664 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]665};
666static const mbedtls_mpi_uint secp256r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]667 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC ),
668 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0 ),
669 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E ),
670 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]671};
672static const mbedtls_mpi_uint secp256r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]673 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93 ),
674 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8 ),
675 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D ),
676 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]677};
678static const mbedtls_mpi_uint secp256r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]679 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3 ),
680 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43 ),
681 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19 ),
682 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]683};
684static const mbedtls_mpi_uint secp256r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]685 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8 ),
686 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE ),
687 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10 ),
688 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]689};
690static const mbedtls_mpi_uint secp256r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]691 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E ),
692 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48 ),
693 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A ),
694 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]695};
696static const mbedtls_mpi_uint secp256r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]697 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D ),
698 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA ),
699 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55 ),
700 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]701};
702static const mbedtls_mpi_uint secp256r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]703 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38 ),
704 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C ),
705 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24 ),
706 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]707};
708static const mbedtls_mpi_uint secp256r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]709 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2 ),
710 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F ),
711 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9 ),
712 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]713};
714static const mbedtls_mpi_uint secp256r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]715 MBEDTLS_BYTES_TO_T_UINT_8( 0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A ),
716 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92 ),
717 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81 ),
718 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]719};
720static const mbedtls_mpi_uint secp256r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]721 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F ),
722 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F ),
723 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B ),
724 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]725};
726static const mbedtls_mpi_uint secp256r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]727 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F ),
728 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67 ),
729 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3 ),
730 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]731};
732static const mbedtls_mpi_uint secp256r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]733 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3 ),
734 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40 ),
735 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4 ),
736 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]737};
738static const mbedtls_mpi_uint secp256r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]739 MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2 ),
740 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D ),
741 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3 ),
742 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]743};
744static const mbedtls_mpi_uint secp256r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]745 MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52 ),
746 MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68 ),
747 MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A ),
748 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]749};
750static const mbedtls_mpi_uint secp256r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]751 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D ),
752 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60 ),
753 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97 ),
754 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]755};
756static const mbedtls_mpi_uint secp256r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]757 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E ),
758 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A ),
759 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76 ),
760 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]761};
762static const mbedtls_mpi_uint secp256r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]763 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB ),
764 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10 ),
765 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61 ),
766 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]767};
768static const mbedtls_ecp_point secp256r1_T[16] = {
769 ECP_POINT_INIT_XY_Z1(secp256r1_T_0_X, secp256r1_T_0_Y),
770 ECP_POINT_INIT_XY_Z0(secp256r1_T_1_X, secp256r1_T_1_Y),
771 ECP_POINT_INIT_XY_Z0(secp256r1_T_2_X, secp256r1_T_2_Y),
772 ECP_POINT_INIT_XY_Z0(secp256r1_T_3_X, secp256r1_T_3_Y),
773 ECP_POINT_INIT_XY_Z0(secp256r1_T_4_X, secp256r1_T_4_Y),
774 ECP_POINT_INIT_XY_Z0(secp256r1_T_5_X, secp256r1_T_5_Y),
775 ECP_POINT_INIT_XY_Z0(secp256r1_T_6_X, secp256r1_T_6_Y),
776 ECP_POINT_INIT_XY_Z0(secp256r1_T_7_X, secp256r1_T_7_Y),
777 ECP_POINT_INIT_XY_Z0(secp256r1_T_8_X, secp256r1_T_8_Y),
778 ECP_POINT_INIT_XY_Z0(secp256r1_T_9_X, secp256r1_T_9_Y),
779 ECP_POINT_INIT_XY_Z0(secp256r1_T_10_X, secp256r1_T_10_Y),
780 ECP_POINT_INIT_XY_Z0(secp256r1_T_11_X, secp256r1_T_11_Y),
781 ECP_POINT_INIT_XY_Z0(secp256r1_T_12_X, secp256r1_T_12_Y),
782 ECP_POINT_INIT_XY_Z0(secp256r1_T_13_X, secp256r1_T_13_Y),
783 ECP_POINT_INIT_XY_Z0(secp256r1_T_14_X, secp256r1_T_14_Y),
784 ECP_POINT_INIT_XY_Z0(secp256r1_T_15_X, secp256r1_T_15_Y),
785};
786#else
787#define secp256r1_T NULL
788#endif
789
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]790#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]791
792/*
793 * Domain parameters for secp384r1
794 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]795#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
796static const mbedtls_mpi_uint secp384r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]797 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
798 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
799 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
800 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
801 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
802 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]803};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]804static const mbedtls_mpi_uint secp384r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]805 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
806 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
807 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
808 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
809 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
810 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]811};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]812static const mbedtls_mpi_uint secp384r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]813 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
814 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
815 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
816 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
817 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
818 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]819};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]820static const mbedtls_mpi_uint secp384r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]821 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
822 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
823 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
824 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
825 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
826 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]827};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]828static const mbedtls_mpi_uint secp384r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]829 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
830 MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
831 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
832 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
833 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
834 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]835};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]836#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
837static const mbedtls_mpi_uint secp384r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]838 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
839 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
840 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
841 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
842 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
843 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]844};
845static const mbedtls_mpi_uint secp384r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]846 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
847 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
848 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
849 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
850 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
851 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]852};
853static const mbedtls_mpi_uint secp384r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]854 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37 ),
855 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC ),
856 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7 ),
857 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85 ),
858 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC ),
859 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]860};
861static const mbedtls_mpi_uint secp384r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]862 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA ),
863 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C ),
864 MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A ),
865 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94 ),
866 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9 ),
867 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]868};
869static const mbedtls_mpi_uint secp384r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]870 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98 ),
871 MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58 ),
872 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67 ),
873 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E ),
874 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7 ),
875 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]876};
877static const mbedtls_mpi_uint secp384r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]878 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6 ),
879 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E ),
880 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75 ),
881 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1 ),
882 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00 ),
883 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]884};
885static const mbedtls_mpi_uint secp384r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]886 MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16 ),
887 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3 ),
888 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A ),
889 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF ),
890 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58 ),
891 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]892};
893static const mbedtls_mpi_uint secp384r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]894 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7 ),
895 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34 ),
896 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71 ),
897 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE ),
898 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30 ),
899 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]900};
901static const mbedtls_mpi_uint secp384r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]902 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30 ),
903 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90 ),
904 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3 ),
905 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B ),
906 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56 ),
907 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]908};
909static const mbedtls_mpi_uint secp384r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]910 MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16 ),
911 MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB ),
912 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D ),
913 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6 ),
914 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0 ),
915 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]916};
917static const mbedtls_mpi_uint secp384r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]918 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50 ),
919 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE ),
920 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38 ),
921 MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23 ),
922 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F ),
923 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]924};
925static const mbedtls_mpi_uint secp384r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]926 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97 ),
927 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17 ),
928 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D ),
929 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7 ),
930 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC ),
931 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]932};
933static const mbedtls_mpi_uint secp384r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]934 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A ),
935 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB ),
936 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B ),
937 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D ),
938 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5 ),
939 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]940};
941static const mbedtls_mpi_uint secp384r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]942 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED ),
943 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92 ),
944 MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C ),
945 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E ),
946 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C ),
947 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]948};
949static const mbedtls_mpi_uint secp384r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]950 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B ),
951 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03 ),
952 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB ),
953 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE ),
954 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4 ),
955 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]956};
957static const mbedtls_mpi_uint secp384r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]958 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B ),
959 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38 ),
960 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B ),
961 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5 ),
962 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01 ),
963 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]964};
965static const mbedtls_mpi_uint secp384r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]966 MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2 ),
967 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5 ),
968 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8 ),
969 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE ),
970 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90 ),
971 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]972};
973static const mbedtls_mpi_uint secp384r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]974 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5 ),
975 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6 ),
976 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04 ),
977 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B ),
978 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D ),
979 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]980};
981static const mbedtls_mpi_uint secp384r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]982 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56 ),
983 MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E ),
984 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07 ),
985 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0 ),
986 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB ),
987 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]988};
989static const mbedtls_mpi_uint secp384r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]990 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9 ),
991 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46 ),
992 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C ),
993 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8 ),
994 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99 ),
995 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]996};
997static const mbedtls_mpi_uint secp384r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]998 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63 ),
999 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23 ),
1000 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8 ),
1001 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4 ),
1002 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A ),
1003 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1004};
1005static const mbedtls_mpi_uint secp384r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1006 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84 ),
1007 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2 ),
1008 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67 ),
1009 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8 ),
1010 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03 ),
1011 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1012};
1013static const mbedtls_mpi_uint secp384r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1014 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C ),
1015 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE ),
1016 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74 ),
1017 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50 ),
1018 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45 ),
1019 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1020};
1021static const mbedtls_mpi_uint secp384r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1022 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E ),
1023 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2 ),
1024 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04 ),
1025 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45 ),
1026 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D ),
1027 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1028};
1029static const mbedtls_mpi_uint secp384r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1030 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69 ),
1031 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1 ),
1032 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96 ),
1033 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17 ),
1034 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2 ),
1035 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1036};
1037static const mbedtls_mpi_uint secp384r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1038 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2 ),
1039 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81 ),
1040 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F ),
1041 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96 ),
1042 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30 ),
1043 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1044};
1045static const mbedtls_mpi_uint secp384r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1046 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA ),
1047 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71 ),
1048 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B ),
1049 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01 ),
1050 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F ),
1051 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1052};
1053static const mbedtls_mpi_uint secp384r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1054 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2 ),
1055 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D ),
1056 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51 ),
1057 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04 ),
1058 MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B ),
1059 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1060};
1061static const mbedtls_mpi_uint secp384r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1062 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D ),
1063 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47 ),
1064 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE ),
1065 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF ),
1066 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B ),
1067 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1068};
1069static const mbedtls_mpi_uint secp384r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1070 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69 ),
1071 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87 ),
1072 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B ),
1073 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D ),
1074 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50 ),
1075 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1076};
1077static const mbedtls_mpi_uint secp384r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1078 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C ),
1079 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50 ),
1080 MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB ),
1081 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93 ),
1082 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C ),
1083 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1084};
1085static const mbedtls_mpi_uint secp384r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1086 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15 ),
1087 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74 ),
1088 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45 ),
1089 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3 ),
1090 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC ),
1091 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1092};
1093static const mbedtls_mpi_uint secp384r1_T_16_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1094 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94 ),
1095 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE ),
1096 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E ),
1097 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F ),
1098 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28 ),
1099 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1100};
1101static const mbedtls_mpi_uint secp384r1_T_16_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1102 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4 ),
1103 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20 ),
1104 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D ),
1105 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D ),
1106 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98 ),
1107 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1108};
1109static const mbedtls_mpi_uint secp384r1_T_17_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1110 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56 ),
1111 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05 ),
1112 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01 ),
1113 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C ),
1114 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE ),
1115 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1116};
1117static const mbedtls_mpi_uint secp384r1_T_17_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1118 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77 ),
1119 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD ),
1120 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57 ),
1121 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48 ),
1122 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D ),
1123 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1124};
1125static const mbedtls_mpi_uint secp384r1_T_18_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1126 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E ),
1127 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE ),
1128 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB ),
1129 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32 ),
1130 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D ),
1131 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1132};
1133static const mbedtls_mpi_uint secp384r1_T_18_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1134 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B ),
1135 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC ),
1136 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC ),
1137 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59 ),
1138 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C ),
1139 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1140};
1141static const mbedtls_mpi_uint secp384r1_T_19_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1142 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54 ),
1143 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F ),
1144 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B ),
1145 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22 ),
1146 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB ),
1147 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1148};
1149static const mbedtls_mpi_uint secp384r1_T_19_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1150 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59 ),
1151 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3 ),
1152 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F ),
1153 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81 ),
1154 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3 ),
1155 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1156};
1157static const mbedtls_mpi_uint secp384r1_T_20_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1158 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60 ),
1159 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA ),
1160 MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E ),
1161 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B ),
1162 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C ),
1163 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1164};
1165static const mbedtls_mpi_uint secp384r1_T_20_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1166 MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5 ),
1167 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60 ),
1168 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5 ),
1169 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC ),
1170 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE ),
1171 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1172};
1173static const mbedtls_mpi_uint secp384r1_T_21_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1174 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6 ),
1175 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42 ),
1176 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89 ),
1177 MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18 ),
1178 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C ),
1179 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1180};
1181static const mbedtls_mpi_uint secp384r1_T_21_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1182 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99 ),
1183 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A ),
1184 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18 ),
1185 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31 ),
1186 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69 ),
1187 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1188};
1189static const mbedtls_mpi_uint secp384r1_T_22_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1190 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C ),
1191 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6 ),
1192 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A ),
1193 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49 ),
1194 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB ),
1195 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1196};
1197static const mbedtls_mpi_uint secp384r1_T_22_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1198 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51 ),
1199 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0 ),
1200 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA ),
1201 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A ),
1202 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77 ),
1203 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1204};
1205static const mbedtls_mpi_uint secp384r1_T_23_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1206 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C ),
1207 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1 ),
1208 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F ),
1209 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5 ),
1210 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55 ),
1211 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1212};
1213static const mbedtls_mpi_uint secp384r1_T_23_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1214 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23 ),
1215 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05 ),
1216 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01 ),
1217 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8 ),
1218 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96 ),
1219 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1220};
1221static const mbedtls_mpi_uint secp384r1_T_24_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1222 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49 ),
1223 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF ),
1224 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30 ),
1225 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6 ),
1226 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6 ),
1227 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1228};
1229static const mbedtls_mpi_uint secp384r1_T_24_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1230 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75 ),
1231 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F ),
1232 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B ),
1233 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66 ),
1234 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24 ),
1235 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1236};
1237static const mbedtls_mpi_uint secp384r1_T_25_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1238 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0 ),
1239 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE ),
1240 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55 ),
1241 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42 ),
1242 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82 ),
1243 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1244};
1245static const mbedtls_mpi_uint secp384r1_T_25_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1246 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52 ),
1247 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02 ),
1248 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C ),
1249 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17 ),
1250 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28 ),
1251 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1252};
1253static const mbedtls_mpi_uint secp384r1_T_26_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1254 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65 ),
1255 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4 ),
1256 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04 ),
1257 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C ),
1258 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21 ),
1259 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1260};
1261static const mbedtls_mpi_uint secp384r1_T_26_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1262 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F ),
1263 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89 ),
1264 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A ),
1265 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2 ),
1266 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B ),
1267 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1268};
1269static const mbedtls_mpi_uint secp384r1_T_27_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1270 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93 ),
1271 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B ),
1272 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C ),
1273 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84 ),
1274 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0 ),
1275 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1276};
1277static const mbedtls_mpi_uint secp384r1_T_27_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1278 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15 ),
1279 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D ),
1280 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04 ),
1281 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53 ),
1282 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1 ),
1283 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1284};
1285static const mbedtls_mpi_uint secp384r1_T_28_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1286 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC ),
1287 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6 ),
1288 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41 ),
1289 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC ),
1290 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6 ),
1291 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1292};
1293static const mbedtls_mpi_uint secp384r1_T_28_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1294 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4 ),
1295 MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80 ),
1296 MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46 ),
1297 MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C ),
1298 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF ),
1299 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1300};
1301static const mbedtls_mpi_uint secp384r1_T_29_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1302 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1 ),
1303 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C ),
1304 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F ),
1305 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC ),
1306 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F ),
1307 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1308};
1309static const mbedtls_mpi_uint secp384r1_T_29_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1310 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09 ),
1311 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44 ),
1312 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62 ),
1313 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67 ),
1314 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66 ),
1315 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1316};
1317static const mbedtls_mpi_uint secp384r1_T_30_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1318 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF ),
1319 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B ),
1320 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55 ),
1321 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34 ),
1322 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C ),
1323 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1324};
1325static const mbedtls_mpi_uint secp384r1_T_30_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1326 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4 ),
1327 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B ),
1328 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62 ),
1329 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C ),
1330 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E ),
1331 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1332};
1333static const mbedtls_mpi_uint secp384r1_T_31_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1334 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03 ),
1335 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF ),
1336 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF ),
1337 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C ),
1338 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE ),
1339 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1340};
1341static const mbedtls_mpi_uint secp384r1_T_31_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1342 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28 ),
1343 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60 ),
1344 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A ),
1345 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9 ),
1346 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5 ),
1347 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1348};
1349static const mbedtls_ecp_point secp384r1_T[32] = {
1350 ECP_POINT_INIT_XY_Z1(secp384r1_T_0_X, secp384r1_T_0_Y),
1351 ECP_POINT_INIT_XY_Z0(secp384r1_T_1_X, secp384r1_T_1_Y),
1352 ECP_POINT_INIT_XY_Z0(secp384r1_T_2_X, secp384r1_T_2_Y),
1353 ECP_POINT_INIT_XY_Z0(secp384r1_T_3_X, secp384r1_T_3_Y),
1354 ECP_POINT_INIT_XY_Z0(secp384r1_T_4_X, secp384r1_T_4_Y),
1355 ECP_POINT_INIT_XY_Z0(secp384r1_T_5_X, secp384r1_T_5_Y),
1356 ECP_POINT_INIT_XY_Z0(secp384r1_T_6_X, secp384r1_T_6_Y),
1357 ECP_POINT_INIT_XY_Z0(secp384r1_T_7_X, secp384r1_T_7_Y),
1358 ECP_POINT_INIT_XY_Z0(secp384r1_T_8_X, secp384r1_T_8_Y),
1359 ECP_POINT_INIT_XY_Z0(secp384r1_T_9_X, secp384r1_T_9_Y),
1360 ECP_POINT_INIT_XY_Z0(secp384r1_T_10_X, secp384r1_T_10_Y),
1361 ECP_POINT_INIT_XY_Z0(secp384r1_T_11_X, secp384r1_T_11_Y),
1362 ECP_POINT_INIT_XY_Z0(secp384r1_T_12_X, secp384r1_T_12_Y),
1363 ECP_POINT_INIT_XY_Z0(secp384r1_T_13_X, secp384r1_T_13_Y),
1364 ECP_POINT_INIT_XY_Z0(secp384r1_T_14_X, secp384r1_T_14_Y),
1365 ECP_POINT_INIT_XY_Z0(secp384r1_T_15_X, secp384r1_T_15_Y),
1366 ECP_POINT_INIT_XY_Z0(secp384r1_T_16_X, secp384r1_T_16_Y),
1367 ECP_POINT_INIT_XY_Z0(secp384r1_T_17_X, secp384r1_T_17_Y),
1368 ECP_POINT_INIT_XY_Z0(secp384r1_T_18_X, secp384r1_T_18_Y),
1369 ECP_POINT_INIT_XY_Z0(secp384r1_T_19_X, secp384r1_T_19_Y),
1370 ECP_POINT_INIT_XY_Z0(secp384r1_T_20_X, secp384r1_T_20_Y),
1371 ECP_POINT_INIT_XY_Z0(secp384r1_T_21_X, secp384r1_T_21_Y),
1372 ECP_POINT_INIT_XY_Z0(secp384r1_T_22_X, secp384r1_T_22_Y),
1373 ECP_POINT_INIT_XY_Z0(secp384r1_T_23_X, secp384r1_T_23_Y),
1374 ECP_POINT_INIT_XY_Z0(secp384r1_T_24_X, secp384r1_T_24_Y),
1375 ECP_POINT_INIT_XY_Z0(secp384r1_T_25_X, secp384r1_T_25_Y),
1376 ECP_POINT_INIT_XY_Z0(secp384r1_T_26_X, secp384r1_T_26_Y),
1377 ECP_POINT_INIT_XY_Z0(secp384r1_T_27_X, secp384r1_T_27_Y),
1378 ECP_POINT_INIT_XY_Z0(secp384r1_T_28_X, secp384r1_T_28_Y),
1379 ECP_POINT_INIT_XY_Z0(secp384r1_T_29_X, secp384r1_T_29_Y),
1380 ECP_POINT_INIT_XY_Z0(secp384r1_T_30_X, secp384r1_T_30_Y),
1381 ECP_POINT_INIT_XY_Z0(secp384r1_T_31_X, secp384r1_T_31_Y),
1382};
1383#else
1384#define secp384r1_T NULL
1385#endif
1386
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1387#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]1388
1389/*
1390 * Domain parameters for secp521r1
1391 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1392#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
1393static const mbedtls_mpi_uint secp521r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1394 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1395 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1396 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1397 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1398 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1399 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1400 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1401 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1402 MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1403};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1404static const mbedtls_mpi_uint secp521r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1405 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
1406 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
1407 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
1408 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
1409 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
1410 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
1411 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
1412 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
1413 MBEDTLS_BYTES_TO_T_UINT_2( 0x51, 0x00 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1414};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1415static const mbedtls_mpi_uint secp521r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1416 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
1417 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
1418 MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
1419 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
1420 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
1421 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
1422 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
1423 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
1424 MBEDTLS_BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1425};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1426static const mbedtls_mpi_uint secp521r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1427 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
1428 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
1429 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
1430 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
1431 MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
1432 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
1433 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
1434 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
1435 MBEDTLS_BYTES_TO_T_UINT_2( 0x18, 0x01 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1436};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1437static const mbedtls_mpi_uint secp521r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1438 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
1439 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
1440 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
1441 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
1442 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1443 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1444 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1445 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
1446 MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]1447};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1448#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
1449static const mbedtls_mpi_uint secp521r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1450 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
1451 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
1452 MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
1453 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
1454 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
1455 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
1456 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
1457 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
1458 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1459};
1460static const mbedtls_mpi_uint secp521r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1461 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
1462 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
1463 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
1464 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
1465 MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
1466 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
1467 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
1468 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
1469 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1470};
1471static const mbedtls_mpi_uint secp521r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1472 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA ),
1473 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67 ),
1474 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32 ),
1475 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53 ),
1476 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB ),
1477 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29 ),
1478 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00 ),
1479 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40 ),
1480 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1481};
1482static const mbedtls_mpi_uint secp521r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1483 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA ),
1484 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06 ),
1485 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78 ),
1486 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D ),
1487 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3 ),
1488 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32 ),
1489 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41 ),
1490 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF ),
1491 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1492};
1493static const mbedtls_mpi_uint secp521r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1494 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36 ),
1495 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA ),
1496 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D ),
1497 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13 ),
1498 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02 ),
1499 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9 ),
1500 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE ),
1501 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2 ),
1502 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1503};
1504static const mbedtls_mpi_uint secp521r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1505 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED ),
1506 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA ),
1507 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48 ),
1508 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D ),
1509 MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11 ),
1510 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39 ),
1511 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69 ),
1512 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA ),
1513 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1514};
1515static const mbedtls_mpi_uint secp521r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1516 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7 ),
1517 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD ),
1518 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52 ),
1519 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5 ),
1520 MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD ),
1521 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF ),
1522 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA ),
1523 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78 ),
1524 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1525};
1526static const mbedtls_mpi_uint secp521r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1527 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6 ),
1528 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41 ),
1529 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14 ),
1530 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51 ),
1531 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D ),
1532 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12 ),
1533 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4 ),
1534 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86 ),
1535 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1536};
1537static const mbedtls_mpi_uint secp521r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1538 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B ),
1539 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84 ),
1540 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67 ),
1541 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1 ),
1542 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B ),
1543 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1 ),
1544 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8 ),
1545 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E ),
1546 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1547};
1548static const mbedtls_mpi_uint secp521r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1549 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51 ),
1550 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C ),
1551 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3 ),
1552 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB ),
1553 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD ),
1554 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92 ),
1555 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA ),
1556 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1 ),
1557 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1558};
1559static const mbedtls_mpi_uint secp521r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1560 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7 ),
1561 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03 ),
1562 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21 ),
1563 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC ),
1564 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27 ),
1565 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6 ),
1566 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57 ),
1567 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8 ),
1568 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1569};
1570static const mbedtls_mpi_uint secp521r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1571 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87 ),
1572 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5 ),
1573 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D ),
1574 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15 ),
1575 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B ),
1576 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77 ),
1577 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12 ),
1578 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46 ),
1579 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1580};
1581static const mbedtls_mpi_uint secp521r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1582 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A ),
1583 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D ),
1584 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D ),
1585 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82 ),
1586 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82 ),
1587 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7 ),
1588 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40 ),
1589 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40 ),
1590 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1591};
1592static const mbedtls_mpi_uint secp521r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1593 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9 ),
1594 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84 ),
1595 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC ),
1596 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3 ),
1597 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1 ),
1598 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42 ),
1599 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C ),
1600 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22 ),
1601 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1602};
1603static const mbedtls_mpi_uint secp521r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1604 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51 ),
1605 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93 ),
1606 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98 ),
1607 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB ),
1608 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39 ),
1609 MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1 ),
1610 MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6 ),
1611 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE ),
1612 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1613};
1614static const mbedtls_mpi_uint secp521r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1615 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4 ),
1616 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68 ),
1617 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F ),
1618 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36 ),
1619 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF ),
1620 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68 ),
1621 MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6 ),
1622 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C ),
1623 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1624};
1625static const mbedtls_mpi_uint secp521r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1626 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66 ),
1627 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E ),
1628 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0 ),
1629 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C ),
1630 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85 ),
1631 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5 ),
1632 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60 ),
1633 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18 ),
1634 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1635};
1636static const mbedtls_mpi_uint secp521r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1637 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6 ),
1638 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37 ),
1639 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C ),
1640 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A ),
1641 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46 ),
1642 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D ),
1643 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09 ),
1644 MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91 ),
1645 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1646};
1647static const mbedtls_mpi_uint secp521r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1648 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72 ),
1649 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF ),
1650 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6 ),
1651 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39 ),
1652 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1 ),
1653 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98 ),
1654 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD ),
1655 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2 ),
1656 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1657};
1658static const mbedtls_mpi_uint secp521r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1659 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33 ),
1660 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E ),
1661 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1 ),
1662 MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29 ),
1663 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8 ),
1664 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42 ),
1665 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1 ),
1666 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85 ),
1667 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1668};
1669static const mbedtls_mpi_uint secp521r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1670 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55 ),
1671 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1 ),
1672 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07 ),
1673 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05 ),
1674 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20 ),
1675 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3 ),
1676 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07 ),
1677 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF ),
1678 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1679};
1680static const mbedtls_mpi_uint secp521r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1681 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5 ),
1682 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2 ),
1683 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C ),
1684 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97 ),
1685 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3 ),
1686 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57 ),
1687 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12 ),
1688 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63 ),
1689 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1690};
1691static const mbedtls_mpi_uint secp521r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1692 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F ),
1693 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56 ),
1694 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7 ),
1695 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58 ),
1696 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB ),
1697 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB ),
1698 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8 ),
1699 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57 ),
1700 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1701};
1702static const mbedtls_mpi_uint secp521r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1703 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E ),
1704 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3 ),
1705 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A ),
1706 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C ),
1707 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F ),
1708 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B ),
1709 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B ),
1710 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA ),
1711 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1712};
1713static const mbedtls_mpi_uint secp521r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1714 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB ),
1715 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26 ),
1716 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13 ),
1717 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B ),
1718 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78 ),
1719 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32 ),
1720 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52 ),
1721 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F ),
1722 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1723};
1724static const mbedtls_mpi_uint secp521r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1725 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78 ),
1726 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42 ),
1727 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F ),
1728 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF ),
1729 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE ),
1730 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC ),
1731 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4 ),
1732 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47 ),
1733 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1734};
1735static const mbedtls_mpi_uint secp521r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1736 MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95 ),
1737 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D ),
1738 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32 ),
1739 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D ),
1740 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA ),
1741 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC ),
1742 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5 ),
1743 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9 ),
1744 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1745};
1746static const mbedtls_mpi_uint secp521r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1747 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C ),
1748 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97 ),
1749 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E ),
1750 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D ),
1751 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF ),
1752 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E ),
1753 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1 ),
1754 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A ),
1755 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1756};
1757static const mbedtls_mpi_uint secp521r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1758 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1 ),
1759 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B ),
1760 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB ),
1761 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35 ),
1762 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58 ),
1763 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38 ),
1764 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D ),
1765 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23 ),
1766 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1767};
1768static const mbedtls_mpi_uint secp521r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1769 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD ),
1770 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6 ),
1771 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28 ),
1772 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11 ),
1773 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91 ),
1774 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0 ),
1775 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B ),
1776 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22 ),
1777 MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1778};
1779static const mbedtls_mpi_uint secp521r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1780 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7 ),
1781 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA ),
1782 MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84 ),
1783 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42 ),
1784 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44 ),
1785 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0 ),
1786 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5 ),
1787 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9 ),
1788 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1789};
1790static const mbedtls_mpi_uint secp521r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1791 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9 ),
1792 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87 ),
1793 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7 ),
1794 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20 ),
1795 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77 ),
1796 MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5 ),
1797 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE ),
1798 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3 ),
1799 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1800};
1801static const mbedtls_mpi_uint secp521r1_T_16_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1802 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF ),
1803 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF ),
1804 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9 ),
1805 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33 ),
1806 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71 ),
1807 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31 ),
1808 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D ),
1809 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B ),
1810 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1811};
1812static const mbedtls_mpi_uint secp521r1_T_16_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1813 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30 ),
1814 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA ),
1815 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54 ),
1816 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C ),
1817 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B ),
1818 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42 ),
1819 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F ),
1820 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23 ),
1821 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1822};
1823static const mbedtls_mpi_uint secp521r1_T_17_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1824 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94 ),
1825 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D ),
1826 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2 ),
1827 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE ),
1828 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11 ),
1829 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01 ),
1830 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26 ),
1831 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47 ),
1832 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1833};
1834static const mbedtls_mpi_uint secp521r1_T_17_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1835 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20 ),
1836 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE ),
1837 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07 ),
1838 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF ),
1839 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81 ),
1840 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F ),
1841 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61 ),
1842 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81 ),
1843 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1844};
1845static const mbedtls_mpi_uint secp521r1_T_18_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1846 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56 ),
1847 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3 ),
1848 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99 ),
1849 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E ),
1850 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F ),
1851 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC ),
1852 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34 ),
1853 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D ),
1854 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1855};
1856static const mbedtls_mpi_uint secp521r1_T_18_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1857 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47 ),
1858 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6 ),
1859 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD ),
1860 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E ),
1861 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C ),
1862 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C ),
1863 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70 ),
1864 MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70 ),
1865 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1866};
1867static const mbedtls_mpi_uint secp521r1_T_19_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1868 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB ),
1869 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45 ),
1870 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF ),
1871 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B ),
1872 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60 ),
1873 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9 ),
1874 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C ),
1875 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72 ),
1876 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1877};
1878static const mbedtls_mpi_uint secp521r1_T_19_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1879 MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28 ),
1880 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA ),
1881 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2 ),
1882 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33 ),
1883 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38 ),
1884 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D ),
1885 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14 ),
1886 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63 ),
1887 MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1888};
1889static const mbedtls_mpi_uint secp521r1_T_20_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1890 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03 ),
1891 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86 ),
1892 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68 ),
1893 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96 ),
1894 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0 ),
1895 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54 ),
1896 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7 ),
1897 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65 ),
1898 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1899};
1900static const mbedtls_mpi_uint secp521r1_T_20_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1901 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8 ),
1902 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10 ),
1903 MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64 ),
1904 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA ),
1905 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4 ),
1906 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F ),
1907 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E ),
1908 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0 ),
1909 MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1910};
1911static const mbedtls_mpi_uint secp521r1_T_21_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1912 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E ),
1913 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67 ),
1914 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA ),
1915 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE ),
1916 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11 ),
1917 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28 ),
1918 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06 ),
1919 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9 ),
1920 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1921};
1922static const mbedtls_mpi_uint secp521r1_T_21_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1923 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5 ),
1924 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1 ),
1925 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08 ),
1926 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88 ),
1927 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27 ),
1928 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15 ),
1929 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E ),
1930 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D ),
1931 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1932};
1933static const mbedtls_mpi_uint secp521r1_T_22_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1934 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8 ),
1935 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E ),
1936 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9 ),
1937 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8 ),
1938 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6 ),
1939 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67 ),
1940 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42 ),
1941 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA ),
1942 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1943};
1944static const mbedtls_mpi_uint secp521r1_T_22_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1945 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44 ),
1946 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32 ),
1947 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10 ),
1948 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8 ),
1949 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C ),
1950 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3 ),
1951 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2 ),
1952 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86 ),
1953 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1954};
1955static const mbedtls_mpi_uint secp521r1_T_23_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1956 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E ),
1957 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE ),
1958 MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41 ),
1959 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20 ),
1960 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97 ),
1961 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43 ),
1962 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E ),
1963 MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7 ),
1964 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1965};
1966static const mbedtls_mpi_uint secp521r1_T_23_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1967 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31 ),
1968 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26 ),
1969 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20 ),
1970 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27 ),
1971 MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03 ),
1972 MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38 ),
1973 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87 ),
1974 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C ),
1975 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1976};
1977static const mbedtls_mpi_uint secp521r1_T_24_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1978 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A ),
1979 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C ),
1980 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC ),
1981 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F ),
1982 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15 ),
1983 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7 ),
1984 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF ),
1985 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B ),
1986 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1987};
1988static const mbedtls_mpi_uint secp521r1_T_24_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]1989 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1 ),
1990 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F ),
1991 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0 ),
1992 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96 ),
1993 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0 ),
1994 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F ),
1995 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80 ),
1996 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F ),
1997 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]1998};
1999static const mbedtls_mpi_uint secp521r1_T_25_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2000 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08 ),
2001 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67 ),
2002 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2 ),
2003 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98 ),
2004 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85 ),
2005 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65 ),
2006 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38 ),
2007 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3 ),
2008 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2009};
2010static const mbedtls_mpi_uint secp521r1_T_25_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2011 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96 ),
2012 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC ),
2013 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4 ),
2014 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93 ),
2015 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8 ),
2016 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0 ),
2017 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E ),
2018 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6 ),
2019 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2020};
2021static const mbedtls_mpi_uint secp521r1_T_26_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2022 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA ),
2023 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E ),
2024 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8 ),
2025 MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2 ),
2026 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC ),
2027 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64 ),
2028 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61 ),
2029 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB ),
2030 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2031};
2032static const mbedtls_mpi_uint secp521r1_T_26_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2033 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25 ),
2034 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81 ),
2035 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B ),
2036 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5 ),
2037 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34 ),
2038 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3 ),
2039 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D ),
2040 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5 ),
2041 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2042};
2043static const mbedtls_mpi_uint secp521r1_T_27_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2044 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C ),
2045 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8 ),
2046 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B ),
2047 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79 ),
2048 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94 ),
2049 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC ),
2050 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42 ),
2051 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9 ),
2052 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2053};
2054static const mbedtls_mpi_uint secp521r1_T_27_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2055 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85 ),
2056 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35 ),
2057 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95 ),
2058 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01 ),
2059 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36 ),
2060 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8 ),
2061 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D ),
2062 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9 ),
2063 MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2064};
2065static const mbedtls_mpi_uint secp521r1_T_28_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2066 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8 ),
2067 MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7 ),
2068 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55 ),
2069 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5 ),
2070 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6 ),
2071 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE ),
2072 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E ),
2073 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22 ),
2074 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2075};
2076static const mbedtls_mpi_uint secp521r1_T_28_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2077 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12 ),
2078 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7 ),
2079 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3 ),
2080 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E ),
2081 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72 ),
2082 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E ),
2083 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71 ),
2084 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2 ),
2085 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2086};
2087static const mbedtls_mpi_uint secp521r1_T_29_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2088 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE ),
2089 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40 ),
2090 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74 ),
2091 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0 ),
2092 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB ),
2093 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C ),
2094 MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF ),
2095 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8 ),
2096 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2097};
2098static const mbedtls_mpi_uint secp521r1_T_29_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2099 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB ),
2100 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86 ),
2101 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F ),
2102 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01 ),
2103 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8 ),
2104 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6 ),
2105 MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10 ),
2106 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47 ),
2107 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2108};
2109static const mbedtls_mpi_uint secp521r1_T_30_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2110 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66 ),
2111 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32 ),
2112 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC ),
2113 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA ),
2114 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9 ),
2115 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF ),
2116 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3 ),
2117 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68 ),
2118 MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2119};
2120static const mbedtls_mpi_uint secp521r1_T_30_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2121 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE ),
2122 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89 ),
2123 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6 ),
2124 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D ),
2125 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68 ),
2126 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61 ),
2127 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77 ),
2128 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42 ),
2129 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2130};
2131static const mbedtls_mpi_uint secp521r1_T_31_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2132 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27 ),
2133 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22 ),
2134 MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23 ),
2135 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27 ),
2136 MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B ),
2137 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3 ),
2138 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1 ),
2139 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE ),
2140 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2141};
2142static const mbedtls_mpi_uint secp521r1_T_31_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2143 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D ),
2144 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22 ),
2145 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05 ),
2146 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4 ),
2147 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94 ),
2148 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22 ),
2149 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B ),
2150 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51 ),
2151 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2152};
2153static const mbedtls_ecp_point secp521r1_T[32] = {
2154 ECP_POINT_INIT_XY_Z1(secp521r1_T_0_X, secp521r1_T_0_Y),
2155 ECP_POINT_INIT_XY_Z0(secp521r1_T_1_X, secp521r1_T_1_Y),
2156 ECP_POINT_INIT_XY_Z0(secp521r1_T_2_X, secp521r1_T_2_Y),
2157 ECP_POINT_INIT_XY_Z0(secp521r1_T_3_X, secp521r1_T_3_Y),
2158 ECP_POINT_INIT_XY_Z0(secp521r1_T_4_X, secp521r1_T_4_Y),
2159 ECP_POINT_INIT_XY_Z0(secp521r1_T_5_X, secp521r1_T_5_Y),
2160 ECP_POINT_INIT_XY_Z0(secp521r1_T_6_X, secp521r1_T_6_Y),
2161 ECP_POINT_INIT_XY_Z0(secp521r1_T_7_X, secp521r1_T_7_Y),
2162 ECP_POINT_INIT_XY_Z0(secp521r1_T_8_X, secp521r1_T_8_Y),
2163 ECP_POINT_INIT_XY_Z0(secp521r1_T_9_X, secp521r1_T_9_Y),
2164 ECP_POINT_INIT_XY_Z0(secp521r1_T_10_X, secp521r1_T_10_Y),
2165 ECP_POINT_INIT_XY_Z0(secp521r1_T_11_X, secp521r1_T_11_Y),
2166 ECP_POINT_INIT_XY_Z0(secp521r1_T_12_X, secp521r1_T_12_Y),
2167 ECP_POINT_INIT_XY_Z0(secp521r1_T_13_X, secp521r1_T_13_Y),
2168 ECP_POINT_INIT_XY_Z0(secp521r1_T_14_X, secp521r1_T_14_Y),
2169 ECP_POINT_INIT_XY_Z0(secp521r1_T_15_X, secp521r1_T_15_Y),
2170 ECP_POINT_INIT_XY_Z0(secp521r1_T_16_X, secp521r1_T_16_Y),
2171 ECP_POINT_INIT_XY_Z0(secp521r1_T_17_X, secp521r1_T_17_Y),
2172 ECP_POINT_INIT_XY_Z0(secp521r1_T_18_X, secp521r1_T_18_Y),
2173 ECP_POINT_INIT_XY_Z0(secp521r1_T_19_X, secp521r1_T_19_Y),
2174 ECP_POINT_INIT_XY_Z0(secp521r1_T_20_X, secp521r1_T_20_Y),
2175 ECP_POINT_INIT_XY_Z0(secp521r1_T_21_X, secp521r1_T_21_Y),
2176 ECP_POINT_INIT_XY_Z0(secp521r1_T_22_X, secp521r1_T_22_Y),
2177 ECP_POINT_INIT_XY_Z0(secp521r1_T_23_X, secp521r1_T_23_Y),
2178 ECP_POINT_INIT_XY_Z0(secp521r1_T_24_X, secp521r1_T_24_Y),
2179 ECP_POINT_INIT_XY_Z0(secp521r1_T_25_X, secp521r1_T_25_Y),
2180 ECP_POINT_INIT_XY_Z0(secp521r1_T_26_X, secp521r1_T_26_Y),
2181 ECP_POINT_INIT_XY_Z0(secp521r1_T_27_X, secp521r1_T_27_Y),
2182 ECP_POINT_INIT_XY_Z0(secp521r1_T_28_X, secp521r1_T_28_Y),
2183 ECP_POINT_INIT_XY_Z0(secp521r1_T_29_X, secp521r1_T_29_Y),
2184 ECP_POINT_INIT_XY_Z0(secp521r1_T_30_X, secp521r1_T_30_Y),
2185 ECP_POINT_INIT_XY_Z0(secp521r1_T_31_X, secp521r1_T_31_Y),
2186};
2187#else
2188#define secp521r1_T NULL
2189#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2190#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]2191
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2192#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
2193static const mbedtls_mpi_uint secp192k1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2194 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
2195 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
2196 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2197};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2198static const mbedtls_mpi_uint secp192k1_a[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2199 MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2200};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2201static const mbedtls_mpi_uint secp192k1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2202 MBEDTLS_BYTES_TO_T_UINT_2( 0x03, 0x00 ),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2203};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2204static const mbedtls_mpi_uint secp192k1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2205 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
2206 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
2207 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2208};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2209static const mbedtls_mpi_uint secp192k1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2210 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
2211 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
2212 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2213};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2214static const mbedtls_mpi_uint secp192k1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2215 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
2216 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
2217 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2218};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2219
2220#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2221static const mbedtls_mpi_uint secp192k1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2222 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
2223 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
2224 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2225};
2226static const mbedtls_mpi_uint secp192k1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2227 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
2228 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
2229 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2230};
2231static const mbedtls_mpi_uint secp192k1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2232 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9 ),
2233 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54 ),
2234 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2235};
2236static const mbedtls_mpi_uint secp192k1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2237 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B ),
2238 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9 ),
2239 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2240};
2241static const mbedtls_mpi_uint secp192k1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2242 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23 ),
2243 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75 ),
2244 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2245};
2246static const mbedtls_mpi_uint secp192k1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2247 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96 ),
2248 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82 ),
2249 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2250};
2251static const mbedtls_mpi_uint secp192k1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2252 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54 ),
2253 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99 ),
2254 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2255};
2256static const mbedtls_mpi_uint secp192k1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2257 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75 ),
2258 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E ),
2259 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2260};
2261static const mbedtls_mpi_uint secp192k1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2262 MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC ),
2263 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20 ),
2264 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2265};
2266static const mbedtls_mpi_uint secp192k1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2267 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2 ),
2268 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1 ),
2269 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2270};
2271static const mbedtls_mpi_uint secp192k1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2272 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23 ),
2273 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E ),
2274 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2275};
2276static const mbedtls_mpi_uint secp192k1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2277 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15 ),
2278 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7 ),
2279 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2280};
2281static const mbedtls_mpi_uint secp192k1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2282 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33 ),
2283 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85 ),
2284 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2285};
2286static const mbedtls_mpi_uint secp192k1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2287 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F ),
2288 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE ),
2289 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2290};
2291static const mbedtls_mpi_uint secp192k1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2292 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1 ),
2293 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2 ),
2294 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2295};
2296static const mbedtls_mpi_uint secp192k1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2297 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14 ),
2298 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91 ),
2299 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2300};
2301static const mbedtls_mpi_uint secp192k1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2302 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33 ),
2303 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26 ),
2304 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2305};
2306static const mbedtls_mpi_uint secp192k1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2307 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E ),
2308 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5 ),
2309 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2310};
2311static const mbedtls_mpi_uint secp192k1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2312 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4 ),
2313 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3 ),
2314 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2315};
2316static const mbedtls_mpi_uint secp192k1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2317 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9 ),
2318 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C ),
2319 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2320};
2321static const mbedtls_mpi_uint secp192k1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2322 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5 ),
2323 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB ),
2324 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2325};
2326static const mbedtls_mpi_uint secp192k1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2327 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55 ),
2328 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00 ),
2329 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2330};
2331static const mbedtls_mpi_uint secp192k1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2332 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7 ),
2333 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C ),
2334 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2335};
2336static const mbedtls_mpi_uint secp192k1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2337 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4 ),
2338 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A ),
2339 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2340};
2341static const mbedtls_mpi_uint secp192k1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2342 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A ),
2343 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D ),
2344 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2345};
2346static const mbedtls_mpi_uint secp192k1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2347 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A ),
2348 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89 ),
2349 MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2350};
2351static const mbedtls_mpi_uint secp192k1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2352 MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6 ),
2353 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C ),
2354 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2355};
2356static const mbedtls_mpi_uint secp192k1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2357 MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7 ),
2358 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39 ),
2359 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2360};
2361static const mbedtls_mpi_uint secp192k1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2362 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D ),
2363 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB ),
2364 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2365};
2366static const mbedtls_mpi_uint secp192k1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2367 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66 ),
2368 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58 ),
2369 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2370};
2371static const mbedtls_mpi_uint secp192k1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2372 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0 ),
2373 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5 ),
2374 MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2375};
2376static const mbedtls_mpi_uint secp192k1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2377 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87 ),
2378 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7 ),
2379 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2380};
2381static const mbedtls_ecp_point secp192k1_T[16] = {
2382 ECP_POINT_INIT_XY_Z1(secp192k1_T_0_X, secp192k1_T_0_Y),
2383 ECP_POINT_INIT_XY_Z0(secp192k1_T_1_X, secp192k1_T_1_Y),
2384 ECP_POINT_INIT_XY_Z0(secp192k1_T_2_X, secp192k1_T_2_Y),
2385 ECP_POINT_INIT_XY_Z0(secp192k1_T_3_X, secp192k1_T_3_Y),
2386 ECP_POINT_INIT_XY_Z0(secp192k1_T_4_X, secp192k1_T_4_Y),
2387 ECP_POINT_INIT_XY_Z0(secp192k1_T_5_X, secp192k1_T_5_Y),
2388 ECP_POINT_INIT_XY_Z0(secp192k1_T_6_X, secp192k1_T_6_Y),
2389 ECP_POINT_INIT_XY_Z0(secp192k1_T_7_X, secp192k1_T_7_Y),
2390 ECP_POINT_INIT_XY_Z0(secp192k1_T_8_X, secp192k1_T_8_Y),
2391 ECP_POINT_INIT_XY_Z0(secp192k1_T_9_X, secp192k1_T_9_Y),
2392 ECP_POINT_INIT_XY_Z0(secp192k1_T_10_X, secp192k1_T_10_Y),
2393 ECP_POINT_INIT_XY_Z0(secp192k1_T_11_X, secp192k1_T_11_Y),
2394 ECP_POINT_INIT_XY_Z0(secp192k1_T_12_X, secp192k1_T_12_Y),
2395 ECP_POINT_INIT_XY_Z0(secp192k1_T_13_X, secp192k1_T_13_Y),
2396 ECP_POINT_INIT_XY_Z0(secp192k1_T_14_X, secp192k1_T_14_Y),
2397 ECP_POINT_INIT_XY_Z0(secp192k1_T_15_X, secp192k1_T_15_Y),
2398};
2399#else
2400#define secp192k1_T NULL
2401#endif
2402
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2403#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]2404
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2405#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
2406static const mbedtls_mpi_uint secp224k1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2407 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
2408 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
2409 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
2410 MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2411};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2412static const mbedtls_mpi_uint secp224k1_a[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2413 MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2414};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2415static const mbedtls_mpi_uint secp224k1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2416 MBEDTLS_BYTES_TO_T_UINT_2( 0x05, 0x00 ),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2417};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2418static const mbedtls_mpi_uint secp224k1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2419 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
2420 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
2421 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
2422 MBEDTLS_BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2423};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2424static const mbedtls_mpi_uint secp224k1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2425 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
2426 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
2427 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
2428 MBEDTLS_BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2429};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2430static const mbedtls_mpi_uint secp224k1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2431 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
2432 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
2433 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
2434 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2435};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2436
2437#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2438static const mbedtls_mpi_uint secp224k1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2439 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
2440 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
2441 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
2442 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2443};
2444static const mbedtls_mpi_uint secp224k1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2445 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
2446 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
2447 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
2448 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2449};
2450static const mbedtls_mpi_uint secp224k1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2451 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A ),
2452 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B ),
2453 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED ),
2454 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2455};
2456static const mbedtls_mpi_uint secp224k1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2457 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30 ),
2458 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98 ),
2459 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E ),
2460 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2461};
2462static const mbedtls_mpi_uint secp224k1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2463 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56 ),
2464 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC ),
2465 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98 ),
2466 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2467};
2468static const mbedtls_mpi_uint secp224k1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2469 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD ),
2470 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65 ),
2471 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B ),
2472 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2473};
2474static const mbedtls_mpi_uint secp224k1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2475 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E ),
2476 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85 ),
2477 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37 ),
2478 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2479};
2480static const mbedtls_mpi_uint secp224k1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2481 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A ),
2482 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23 ),
2483 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE ),
2484 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2485};
2486static const mbedtls_mpi_uint secp224k1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2487 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66 ),
2488 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41 ),
2489 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7 ),
2490 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2491};
2492static const mbedtls_mpi_uint secp224k1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2493 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D ),
2494 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD ),
2495 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E ),
2496 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2497};
2498static const mbedtls_mpi_uint secp224k1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2499 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F ),
2500 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70 ),
2501 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81 ),
2502 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2503};
2504static const mbedtls_mpi_uint secp224k1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2505 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD ),
2506 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F ),
2507 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74 ),
2508 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2509};
2510static const mbedtls_mpi_uint secp224k1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2511 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77 ),
2512 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52 ),
2513 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED ),
2514 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2515};
2516static const mbedtls_mpi_uint secp224k1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2517 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82 ),
2518 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A ),
2519 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44 ),
2520 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2521};
2522static const mbedtls_mpi_uint secp224k1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2523 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21 ),
2524 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE ),
2525 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE ),
2526 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2527};
2528static const mbedtls_mpi_uint secp224k1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2529 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78 ),
2530 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43 ),
2531 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8 ),
2532 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2533};
2534static const mbedtls_mpi_uint secp224k1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2535 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01 ),
2536 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D ),
2537 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1 ),
2538 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2539};
2540static const mbedtls_mpi_uint secp224k1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2541 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB ),
2542 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8 ),
2543 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41 ),
2544 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2545};
2546static const mbedtls_mpi_uint secp224k1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2547 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32 ),
2548 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0 ),
2549 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F ),
2550 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2551};
2552static const mbedtls_mpi_uint secp224k1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2553 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF ),
2554 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED ),
2555 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06 ),
2556 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2557};
2558static const mbedtls_mpi_uint secp224k1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2559 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E ),
2560 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9 ),
2561 MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52 ),
2562 MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2563};
2564static const mbedtls_mpi_uint secp224k1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2565 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41 ),
2566 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9 ),
2567 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64 ),
2568 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2569};
2570static const mbedtls_mpi_uint secp224k1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2571 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14 ),
2572 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5 ),
2573 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E ),
2574 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2575};
2576static const mbedtls_mpi_uint secp224k1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2577 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1 ),
2578 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE ),
2579 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA ),
2580 MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2581};
2582static const mbedtls_mpi_uint secp224k1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2583 MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61 ),
2584 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50 ),
2585 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65 ),
2586 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2587};
2588static const mbedtls_mpi_uint secp224k1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2589 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C ),
2590 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67 ),
2591 MBEDTLS_BYTES_TO_T_UINT_8( 0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A ),
2592 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2593};
2594static const mbedtls_mpi_uint secp224k1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2595 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0 ),
2596 MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F ),
2597 MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED ),
2598 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2599};
2600static const mbedtls_mpi_uint secp224k1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2601 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9 ),
2602 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31 ),
2603 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC ),
2604 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2605};
2606static const mbedtls_mpi_uint secp224k1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2607 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93 ),
2608 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A ),
2609 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9 ),
2610 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2611};
2612static const mbedtls_mpi_uint secp224k1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2613 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6 ),
2614 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68 ),
2615 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44 ),
2616 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2617};
2618static const mbedtls_mpi_uint secp224k1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2619 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03 ),
2620 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F ),
2621 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF ),
2622 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2623};
2624static const mbedtls_mpi_uint secp224k1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2625 MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8 ),
2626 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38 ),
2627 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE ),
2628 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2629};
2630static const mbedtls_ecp_point secp224k1_T[16] = {
2631 ECP_POINT_INIT_XY_Z1(secp224k1_T_0_X, secp224k1_T_0_Y),
2632 ECP_POINT_INIT_XY_Z0(secp224k1_T_1_X, secp224k1_T_1_Y),
2633 ECP_POINT_INIT_XY_Z0(secp224k1_T_2_X, secp224k1_T_2_Y),
2634 ECP_POINT_INIT_XY_Z0(secp224k1_T_3_X, secp224k1_T_3_Y),
2635 ECP_POINT_INIT_XY_Z0(secp224k1_T_4_X, secp224k1_T_4_Y),
2636 ECP_POINT_INIT_XY_Z0(secp224k1_T_5_X, secp224k1_T_5_Y),
2637 ECP_POINT_INIT_XY_Z0(secp224k1_T_6_X, secp224k1_T_6_Y),
2638 ECP_POINT_INIT_XY_Z0(secp224k1_T_7_X, secp224k1_T_7_Y),
2639 ECP_POINT_INIT_XY_Z0(secp224k1_T_8_X, secp224k1_T_8_Y),
2640 ECP_POINT_INIT_XY_Z0(secp224k1_T_9_X, secp224k1_T_9_Y),
2641 ECP_POINT_INIT_XY_Z0(secp224k1_T_10_X, secp224k1_T_10_Y),
2642 ECP_POINT_INIT_XY_Z0(secp224k1_T_11_X, secp224k1_T_11_Y),
2643 ECP_POINT_INIT_XY_Z0(secp224k1_T_12_X, secp224k1_T_12_Y),
2644 ECP_POINT_INIT_XY_Z0(secp224k1_T_13_X, secp224k1_T_13_Y),
2645 ECP_POINT_INIT_XY_Z0(secp224k1_T_14_X, secp224k1_T_14_Y),
2646 ECP_POINT_INIT_XY_Z0(secp224k1_T_15_X, secp224k1_T_15_Y),
2647};
2648#else
2649#define secp224k1_T NULL
2650#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2651#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]2652
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2653#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
2654static const mbedtls_mpi_uint secp256k1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2655 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
2656 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
2657 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
2658 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2659};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2660static const mbedtls_mpi_uint secp256k1_a[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2661 MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2662};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2663static const mbedtls_mpi_uint secp256k1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2664 MBEDTLS_BYTES_TO_T_UINT_2( 0x07, 0x00 ),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2665};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2666static const mbedtls_mpi_uint secp256k1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2667 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
2668 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
2669 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
2670 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2671};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2672static const mbedtls_mpi_uint secp256k1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2673 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
2674 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
2675 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
2676 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2677};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2678static const mbedtls_mpi_uint secp256k1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2679 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
2680 MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
2681 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
2682 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2683};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2684
2685#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2686static const mbedtls_mpi_uint secp256k1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2687 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
2688 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
2689 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
2690 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2691};
2692static const mbedtls_mpi_uint secp256k1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2693 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
2694 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
2695 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
2696 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2697};
2698static const mbedtls_mpi_uint secp256k1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2699 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74 ),
2700 MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78 ),
2701 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73 ),
2702 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2703};
2704static const mbedtls_mpi_uint secp256k1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2705 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3 ),
2706 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E ),
2707 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14 ),
2708 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2709};
2710static const mbedtls_mpi_uint secp256k1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2711 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D ),
2712 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91 ),
2713 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58 ),
2714 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2715};
2716static const mbedtls_mpi_uint secp256k1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2717 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A ),
2718 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56 ),
2719 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC ),
2720 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2721};
2722static const mbedtls_mpi_uint secp256k1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2723 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD ),
2724 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50 ),
2725 MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C ),
2726 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2727};
2728static const mbedtls_mpi_uint secp256k1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2729 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90 ),
2730 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2 ),
2731 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA ),
2732 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2733};
2734static const mbedtls_mpi_uint secp256k1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2735 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90 ),
2736 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85 ),
2737 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85 ),
2738 MBEDTLS_BYTES_TO_T_UINT_8( 0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2739};
2740static const mbedtls_mpi_uint secp256k1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2741 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78 ),
2742 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34 ),
2743 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53 ),
2744 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2745};
2746static const mbedtls_mpi_uint secp256k1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2747 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96 ),
2748 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E ),
2749 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA ),
2750 MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2751};
2752static const mbedtls_mpi_uint secp256k1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2753 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0 ),
2754 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32 ),
2755 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22 ),
2756 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2757};
2758static const mbedtls_mpi_uint secp256k1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2759 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8 ),
2760 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77 ),
2761 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5 ),
2762 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2763};
2764static const mbedtls_mpi_uint secp256k1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2765 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB ),
2766 MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25 ),
2767 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F ),
2768 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2769};
2770static const mbedtls_mpi_uint secp256k1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2771 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45 ),
2772 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D ),
2773 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86 ),
2774 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2775};
2776static const mbedtls_mpi_uint secp256k1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2777 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2 ),
2778 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F ),
2779 MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42 ),
2780 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2781};
2782static const mbedtls_mpi_uint secp256k1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2783 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA ),
2784 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7 ),
2785 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8 ),
2786 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2787};
2788static const mbedtls_mpi_uint secp256k1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2789 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C ),
2790 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A ),
2791 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86 ),
2792 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2793};
2794static const mbedtls_mpi_uint secp256k1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2795 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82 ),
2796 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72 ),
2797 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19 ),
2798 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2799};
2800static const mbedtls_mpi_uint secp256k1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2801 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3 ),
2802 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2 ),
2803 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54 ),
2804 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2805};
2806static const mbedtls_mpi_uint secp256k1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2807 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA ),
2808 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA ),
2809 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7 ),
2810 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2811};
2812static const mbedtls_mpi_uint secp256k1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2813 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75 ),
2814 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6 ),
2815 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67 ),
2816 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2817};
2818static const mbedtls_mpi_uint secp256k1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2819 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA ),
2820 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05 ),
2821 MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7 ),
2822 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2823};
2824static const mbedtls_mpi_uint secp256k1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2825 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F ),
2826 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D ),
2827 MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE ),
2828 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2829};
2830static const mbedtls_mpi_uint secp256k1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2831 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B ),
2832 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D ),
2833 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19 ),
2834 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2835};
2836static const mbedtls_mpi_uint secp256k1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2837 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D ),
2838 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43 ),
2839 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A ),
2840 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2841};
2842static const mbedtls_mpi_uint secp256k1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2843 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A ),
2844 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D ),
2845 MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F ),
2846 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2847};
2848static const mbedtls_mpi_uint secp256k1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2849 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59 ),
2850 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9 ),
2851 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8 ),
2852 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2853};
2854static const mbedtls_mpi_uint secp256k1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2855 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57 ),
2856 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6 ),
2857 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B ),
2858 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2859};
2860static const mbedtls_mpi_uint secp256k1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2861 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F ),
2862 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA ),
2863 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C ),
2864 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2865};
2866static const mbedtls_mpi_uint secp256k1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2867 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11 ),
2868 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC ),
2869 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56 ),
2870 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2871};
2872static const mbedtls_mpi_uint secp256k1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2873 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C ),
2874 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2 ),
2875 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95 ),
2876 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2877};
2878static const mbedtls_ecp_point secp256k1_T[16] = {
2879 ECP_POINT_INIT_XY_Z1(secp256k1_T_0_X, secp256k1_T_0_Y),
2880 ECP_POINT_INIT_XY_Z0(secp256k1_T_1_X, secp256k1_T_1_Y),
2881 ECP_POINT_INIT_XY_Z0(secp256k1_T_2_X, secp256k1_T_2_Y),
2882 ECP_POINT_INIT_XY_Z0(secp256k1_T_3_X, secp256k1_T_3_Y),
2883 ECP_POINT_INIT_XY_Z0(secp256k1_T_4_X, secp256k1_T_4_Y),
2884 ECP_POINT_INIT_XY_Z0(secp256k1_T_5_X, secp256k1_T_5_Y),
2885 ECP_POINT_INIT_XY_Z0(secp256k1_T_6_X, secp256k1_T_6_Y),
2886 ECP_POINT_INIT_XY_Z0(secp256k1_T_7_X, secp256k1_T_7_Y),
2887 ECP_POINT_INIT_XY_Z0(secp256k1_T_8_X, secp256k1_T_8_Y),
2888 ECP_POINT_INIT_XY_Z0(secp256k1_T_9_X, secp256k1_T_9_Y),
2889 ECP_POINT_INIT_XY_Z0(secp256k1_T_10_X, secp256k1_T_10_Y),
2890 ECP_POINT_INIT_XY_Z0(secp256k1_T_11_X, secp256k1_T_11_Y),
2891 ECP_POINT_INIT_XY_Z0(secp256k1_T_12_X, secp256k1_T_12_Y),
2892 ECP_POINT_INIT_XY_Z0(secp256k1_T_13_X, secp256k1_T_13_Y),
2893 ECP_POINT_INIT_XY_Z0(secp256k1_T_14_X, secp256k1_T_14_Y),
2894 ECP_POINT_INIT_XY_Z0(secp256k1_T_15_X, secp256k1_T_15_Y),
2895};
2896#else
2897#define secp256k1_T NULL
2898#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2899#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]2900
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]2901/*
2902 * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
2903 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2904#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
2905static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2906 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
2907 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
2908 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
2909 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2910};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2911static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2912 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
2913 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
2914 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
2915 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2916};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2917static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2918 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
2919 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
2920 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
2921 MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2922};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2923static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2924 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
2925 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
2926 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
2927 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2928};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2929static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2930 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
2931 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
2932 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
2933 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2934};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2935static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2936 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
2937 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
2938 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
2939 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]2940};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2941
2942#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
2943static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2944 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
2945 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
2946 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
2947 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2948};
2949static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2950 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
2951 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
2952 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
2953 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2954};
2955static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2956 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5 ),
2957 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1 ),
2958 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB ),
2959 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2960};
2961static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2962 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38 ),
2963 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E ),
2964 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB ),
2965 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2966};
2967static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2968 MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17 ),
2969 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93 ),
2970 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C ),
2971 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2972};
2973static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2974 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B ),
2975 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4 ),
2976 MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6 ),
2977 MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2978};
2979static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2980 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C ),
2981 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0 ),
2982 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D ),
2983 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2984};
2985static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2986 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3 ),
2987 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02 ),
2988 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8 ),
2989 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2990};
2991static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2992 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04 ),
2993 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74 ),
2994 MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40 ),
2995 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]2996};
2997static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]2998 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD ),
2999 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47 ),
3000 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9 ),
3001 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3002};
3003static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3004 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20 ),
3005 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E ),
3006 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7 ),
3007 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3008};
3009static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3010 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7 ),
3011 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92 ),
3012 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69 ),
3013 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3014};
3015static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3016 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E ),
3017 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D ),
3018 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B ),
3019 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3020};
3021static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3022 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8 ),
3023 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA ),
3024 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD ),
3025 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3026};
3027static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3028 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09 ),
3029 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7 ),
3030 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A ),
3031 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3032};
3033static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3034 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52 ),
3035 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3 ),
3036 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3 ),
3037 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3038};
3039static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3040 MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA ),
3041 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E ),
3042 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C ),
3043 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3044};
3045static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3046 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57 ),
3047 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C ),
3048 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD ),
3049 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3050};
3051static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3052 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2 ),
3053 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F ),
3054 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F ),
3055 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3056};
3057static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3058 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C ),
3059 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09 ),
3060 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60 ),
3061 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3062};
3063static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3064 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7 ),
3065 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10 ),
3066 MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1 ),
3067 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3068};
3069static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3070 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A ),
3071 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45 ),
3072 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D ),
3073 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3074};
3075static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3076 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84 ),
3077 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E ),
3078 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE ),
3079 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3080};
3081static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3082 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2 ),
3083 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5 ),
3084 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8 ),
3085 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3086};
3087static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3088 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33 ),
3089 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2 ),
3090 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12 ),
3091 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3092};
3093static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3094 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F ),
3095 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95 ),
3096 MBEDTLS_BYTES_TO_T_UINT_8( 0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18 ),
3097 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3098};
3099static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3100 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1 ),
3101 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10 ),
3102 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76 ),
3103 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3104};
3105static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3106 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24 ),
3107 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E ),
3108 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B ),
3109 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3110};
3111static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3112 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF ),
3113 MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48 ),
3114 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B ),
3115 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3116};
3117static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3118 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38 ),
3119 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6 ),
3120 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D ),
3121 MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3122};
3123static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3124 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D ),
3125 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40 ),
3126 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68 ),
3127 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3128};
3129static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3130 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD ),
3131 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C ),
3132 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45 ),
3133 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3134};
3135static const mbedtls_ecp_point brainpoolP256r1_T[16] = {
3136 ECP_POINT_INIT_XY_Z1(brainpoolP256r1_T_0_X, brainpoolP256r1_T_0_Y),
3137 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_1_X, brainpoolP256r1_T_1_Y),
3138 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_2_X, brainpoolP256r1_T_2_Y),
3139 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_3_X, brainpoolP256r1_T_3_Y),
3140 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_4_X, brainpoolP256r1_T_4_Y),
3141 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_5_X, brainpoolP256r1_T_5_Y),
3142 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_6_X, brainpoolP256r1_T_6_Y),
3143 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_7_X, brainpoolP256r1_T_7_Y),
3144 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_8_X, brainpoolP256r1_T_8_Y),
3145 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_9_X, brainpoolP256r1_T_9_Y),
3146 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_10_X, brainpoolP256r1_T_10_Y),
3147 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_11_X, brainpoolP256r1_T_11_Y),
3148 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_12_X, brainpoolP256r1_T_12_Y),
3149 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_13_X, brainpoolP256r1_T_13_Y),
3150 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_14_X, brainpoolP256r1_T_14_Y),
3151 ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_15_X, brainpoolP256r1_T_15_Y),
3152};
3153#else
3154#define brainpoolP256r1_T NULL
3155#endif
3156
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3157#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3158
3159/*
3160 * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
3161 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3162#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
3163static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3164 MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
3165 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
3166 MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
3167 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
3168 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
3169 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3170};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3171static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3172 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
3173 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
3174 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
3175 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
3176 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
3177 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3178};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3179static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3180 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
3181 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
3182 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
3183 MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
3184 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
3185 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3186};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3187static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3188 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
3189 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
3190 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
3191 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
3192 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
3193 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3194};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3195static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3196 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
3197 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
3198 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
3199 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
3200 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
3201 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3202};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3203static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3204 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
3205 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
3206 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
3207 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
3208 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
3209 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3210};
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3211
3212#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
3213static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3214 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
3215 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
3216 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
3217 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
3218 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
3219 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3220};
3221static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3222 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
3223 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
3224 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
3225 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
3226 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
3227 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3228};
3229static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3230 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D ),
3231 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03 ),
3232 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A ),
3233 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3 ),
3234 MBEDTLS_BYTES_TO_T_UINT_8( 0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31 ),
3235 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3236};
3237static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3238 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19 ),
3239 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2 ),
3240 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4 ),
3241 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A ),
3242 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04 ),
3243 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3244};
3245static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3246 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D ),
3247 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF ),
3248 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE ),
3249 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27 ),
3250 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0 ),
3251 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3252};
3253static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3254 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC ),
3255 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42 ),
3256 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0 ),
3257 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0 ),
3258 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B ),
3259 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3260};
3261static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3262 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8 ),
3263 MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08 ),
3264 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7 ),
3265 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82 ),
3266 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15 ),
3267 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3268};
3269static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3270 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA ),
3271 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83 ),
3272 MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7 ),
3273 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB ),
3274 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81 ),
3275 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3276};
3277static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3278 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9 ),
3279 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97 ),
3280 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D ),
3281 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62 ),
3282 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B ),
3283 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3284};
3285static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3286 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02 ),
3287 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30 ),
3288 MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A ),
3289 MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B ),
3290 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B ),
3291 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3292};
3293static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3294 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1 ),
3295 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1 ),
3296 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2 ),
3297 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF ),
3298 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1 ),
3299 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3300};
3301static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3302 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26 ),
3303 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38 ),
3304 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE ),
3305 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C ),
3306 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF ),
3307 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3308};
3309static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3310 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD ),
3311 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1 ),
3312 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B ),
3313 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9 ),
3314 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76 ),
3315 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3316};
3317static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3318 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26 ),
3319 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5 ),
3320 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B ),
3321 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D ),
3322 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58 ),
3323 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3324};
3325static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3326 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57 ),
3327 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61 ),
3328 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90 ),
3329 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5 ),
3330 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20 ),
3331 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3332};
3333static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3334 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41 ),
3335 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06 ),
3336 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A ),
3337 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8 ),
3338 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03 ),
3339 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3340};
3341static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3342 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E ),
3343 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11 ),
3344 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4 ),
3345 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23 ),
3346 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE ),
3347 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3348};
3349static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3350 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8 ),
3351 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66 ),
3352 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0 ),
3353 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17 ),
3354 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75 ),
3355 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3356};
3357static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3358 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF ),
3359 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F ),
3360 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5 ),
3361 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2 ),
3362 MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3 ),
3363 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3364};
3365static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3366 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94 ),
3367 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA ),
3368 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8 ),
3369 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15 ),
3370 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13 ),
3371 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3372};
3373static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3374 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04 ),
3375 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E ),
3376 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6 ),
3377 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E ),
3378 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07 ),
3379 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3380};
3381static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3382 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF ),
3383 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE ),
3384 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1 ),
3385 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78 ),
3386 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28 ),
3387 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3388};
3389static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3390 MBEDTLS_BYTES_TO_T_UINT_8( 0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55 ),
3391 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F ),
3392 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89 ),
3393 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE ),
3394 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A ),
3395 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3396};
3397static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3398 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C ),
3399 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C ),
3400 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9 ),
3401 MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC ),
3402 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C ),
3403 MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3404};
3405static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3406 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C ),
3407 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98 ),
3408 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04 ),
3409 MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C ),
3410 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96 ),
3411 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3412};
3413static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3414 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6 ),
3415 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55 ),
3416 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94 ),
3417 MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D ),
3418 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD ),
3419 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3420};
3421static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3422 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9 ),
3423 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3 ),
3424 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B ),
3425 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF ),
3426 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75 ),
3427 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3428};
3429static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3430 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA ),
3431 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA ),
3432 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6 ),
3433 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7 ),
3434 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72 ),
3435 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3436};
3437static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3438 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50 ),
3439 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29 ),
3440 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87 ),
3441 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB ),
3442 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41 ),
3443 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3444};
3445static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3446 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14 ),
3447 MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B ),
3448 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5 ),
3449 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3 ),
3450 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28 ),
3451 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3452};
3453static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3454 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14 ),
3455 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC ),
3456 MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36 ),
3457 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA ),
3458 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB ),
3459 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3460};
3461static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3462 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD ),
3463 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA ),
3464 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52 ),
3465 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5 ),
3466 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD ),
3467 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3468};
3469static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3470 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22 ),
3471 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA ),
3472 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20 ),
3473 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3 ),
3474 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89 ),
3475 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3476};
3477static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3478 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D ),
3479 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05 ),
3480 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D ),
3481 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F ),
3482 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06 ),
3483 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3484};
3485static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3486 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB ),
3487 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF ),
3488 MBEDTLS_BYTES_TO_T_UINT_8( 0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10 ),
3489 MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C ),
3490 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80 ),
3491 MBEDTLS_BYTES_TO_T_UINT_8( 0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3492};
3493static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3494 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA ),
3495 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E ),
3496 MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83 ),
3497 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8 ),
3498 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5 ),
3499 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3500};
3501static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3502 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62 ),
3503 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1 ),
3504 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F ),
3505 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E ),
3506 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3 ),
3507 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3508};
3509static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3510 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C ),
3511 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F ),
3512 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C ),
3513 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD ),
3514 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F ),
3515 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3516};
3517static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3518 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24 ),
3519 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC ),
3520 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB ),
3521 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF ),
3522 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86 ),
3523 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3524};
3525static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3526 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15 ),
3527 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03 ),
3528 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B ),
3529 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41 ),
3530 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB ),
3531 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3532};
3533static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3534 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED ),
3535 MBEDTLS_BYTES_TO_T_UINT_8( 0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63 ),
3536 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C ),
3537 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91 ),
3538 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F ),
3539 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3540};
3541static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3542 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC ),
3543 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89 ),
3544 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9 ),
3545 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A ),
3546 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6 ),
3547 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3548};
3549static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3550 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E ),
3551 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8 ),
3552 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE ),
3553 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94 ),
3554 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2 ),
3555 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3556};
3557static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3558 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42 ),
3559 MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3 ),
3560 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D ),
3561 MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F ),
3562 MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F ),
3563 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3564};
3565static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3566 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01 ),
3567 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3 ),
3568 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52 ),
3569 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02 ),
3570 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55 ),
3571 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3572};
3573static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3574 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07 ),
3575 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8 ),
3576 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C ),
3577 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A ),
3578 MBEDTLS_BYTES_TO_T_UINT_8( 0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6 ),
3579 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3580};
3581static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3582 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22 ),
3583 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61 ),
3584 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D ),
3585 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8 ),
3586 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96 ),
3587 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3588};
3589static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3590 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E ),
3591 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3 ),
3592 MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F ),
3593 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52 ),
3594 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC ),
3595 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3596};
3597static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3598 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA ),
3599 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7 ),
3600 MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45 ),
3601 MBEDTLS_BYTES_TO_T_UINT_8( 0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F ),
3602 MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2 ),
3603 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3604};
3605static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3606 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31 ),
3607 MBEDTLS_BYTES_TO_T_UINT_8( 0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4 ),
3608 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62 ),
3609 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41 ),
3610 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71 ),
3611 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3612};
3613static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3614 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59 ),
3615 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7 ),
3616 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18 ),
3617 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C ),
3618 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8 ),
3619 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3620};
3621static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3622 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB ),
3623 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41 ),
3624 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6 ),
3625 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26 ),
3626 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5 ),
3627 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3628};
3629static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3630 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98 ),
3631 MBEDTLS_BYTES_TO_T_UINT_8( 0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3 ),
3632 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E ),
3633 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62 ),
3634 MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74 ),
3635 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3636};
3637static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3638 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F ),
3639 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE ),
3640 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7 ),
3641 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1 ),
3642 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84 ),
3643 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3644};
3645static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3646 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B ),
3647 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23 ),
3648 MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B ),
3649 MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B ),
3650 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC ),
3651 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3652};
3653static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3654 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A ),
3655 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30 ),
3656 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD ),
3657 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40 ),
3658 MBEDTLS_BYTES_TO_T_UINT_8( 0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49 ),
3659 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3660};
3661static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3662 MBEDTLS_BYTES_TO_T_UINT_8( 0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47 ),
3663 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50 ),
3664 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D ),
3665 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15 ),
3666 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D ),
3667 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3668};
3669static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3670 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB ),
3671 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7 ),
3672 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32 ),
3673 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5 ),
3674 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5 ),
3675 MBEDTLS_BYTES_TO_T_UINT_8( 0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3676};
3677static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3678 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA ),
3679 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A ),
3680 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E ),
3681 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D ),
3682 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13 ),
3683 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3684};
3685static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3686 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30 ),
3687 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F ),
3688 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE ),
3689 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3 ),
3690 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8 ),
3691 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3692};
3693static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3694 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76 ),
3695 MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA ),
3696 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9 ),
3697 MBEDTLS_BYTES_TO_T_UINT_8( 0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D ),
3698 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D ),
3699 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3700};
3701static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3702 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F ),
3703 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32 ),
3704 MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83 ),
3705 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F ),
3706 MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C ),
3707 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3708};
3709static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3710 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10 ),
3711 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64 ),
3712 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE ),
3713 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32 ),
3714 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55 ),
3715 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3716};
3717static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3718 MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65 ),
3719 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40 ),
3720 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F ),
3721 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3 ),
3722 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10 ),
3723 MBEDTLS_BYTES_TO_T_UINT_8( 0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3724};
3725static const mbedtls_ecp_point brainpoolP384r1_T[32] = {
3726 ECP_POINT_INIT_XY_Z1(brainpoolP384r1_T_0_X, brainpoolP384r1_T_0_Y),
3727 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_1_X, brainpoolP384r1_T_1_Y),
3728 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_2_X, brainpoolP384r1_T_2_Y),
3729 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_3_X, brainpoolP384r1_T_3_Y),
3730 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_4_X, brainpoolP384r1_T_4_Y),
3731 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_5_X, brainpoolP384r1_T_5_Y),
3732 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_6_X, brainpoolP384r1_T_6_Y),
3733 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_7_X, brainpoolP384r1_T_7_Y),
3734 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_8_X, brainpoolP384r1_T_8_Y),
3735 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_9_X, brainpoolP384r1_T_9_Y),
3736 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_10_X, brainpoolP384r1_T_10_Y),
3737 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_11_X, brainpoolP384r1_T_11_Y),
3738 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_12_X, brainpoolP384r1_T_12_Y),
3739 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_13_X, brainpoolP384r1_T_13_Y),
3740 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_14_X, brainpoolP384r1_T_14_Y),
3741 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_15_X, brainpoolP384r1_T_15_Y),
3742 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_16_X, brainpoolP384r1_T_16_Y),
3743 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_17_X, brainpoolP384r1_T_17_Y),
3744 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_18_X, brainpoolP384r1_T_18_Y),
3745 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_19_X, brainpoolP384r1_T_19_Y),
3746 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_20_X, brainpoolP384r1_T_20_Y),
3747 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_21_X, brainpoolP384r1_T_21_Y),
3748 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_22_X, brainpoolP384r1_T_22_Y),
3749 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_23_X, brainpoolP384r1_T_23_Y),
3750 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_24_X, brainpoolP384r1_T_24_Y),
3751 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_25_X, brainpoolP384r1_T_25_Y),
3752 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_26_X, brainpoolP384r1_T_26_Y),
3753 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_27_X, brainpoolP384r1_T_27_Y),
3754 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_28_X, brainpoolP384r1_T_28_Y),
3755 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_29_X, brainpoolP384r1_T_29_Y),
3756 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_30_X, brainpoolP384r1_T_30_Y),
3757 ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_31_X, brainpoolP384r1_T_31_Y),
3758};
3759#else
3760#define brainpoolP384r1_T NULL
3761#endif
3762
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3763#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3764
3765/*
3766 * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
3767 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3768#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
3769static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3770 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
3771 MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
3772 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
3773 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
3774 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
3775 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
3776 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
3777 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3778};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3779static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3780 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
3781 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
3782 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
3783 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
3784 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
3785 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
3786 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
3787 MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3788};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3789static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3790 MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
3791 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
3792 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
3793 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
3794 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
3795 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
3796 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
3797 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3798};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3799static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3800 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
3801 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
3802 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
3803 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
3804 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
3805 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
3806 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
3807 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3808};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3809static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3810 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
3811 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
3812 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
3813 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
3814 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
3815 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
3816 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
3817 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3818};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3819static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3820 MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
3821 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
3822 MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
3823 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
3824 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
3825 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
3826 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
3827 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]3828};
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]3829
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3830#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
3831static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3832 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
3833 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
3834 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
3835 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
3836 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
3837 MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
3838 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
3839 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3840};
3841static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3842 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
3843 MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
3844 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
3845 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
3846 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
3847 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
3848 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
3849 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3850};
3851static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3852 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43 ),
3853 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37 ),
3854 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6 ),
3855 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33 ),
3856 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69 ),
3857 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B ),
3858 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD ),
3859 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3860};
3861static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3862 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0 ),
3863 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74 ),
3864 MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B ),
3865 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC ),
3866 MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91 ),
3867 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3 ),
3868 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42 ),
3869 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3870};
3871static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3872 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78 ),
3873 MBEDTLS_BYTES_TO_T_UINT_8( 0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B ),
3874 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93 ),
3875 MBEDTLS_BYTES_TO_T_UINT_8( 0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B ),
3876 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09 ),
3877 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4 ),
3878 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF ),
3879 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3880};
3881static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3882 MBEDTLS_BYTES_TO_T_UINT_8( 0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69 ),
3883 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06 ),
3884 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B ),
3885 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F ),
3886 MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15 ),
3887 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0 ),
3888 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA ),
3889 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3890};
3891static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3892 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE ),
3893 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D ),
3894 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF ),
3895 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B ),
3896 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4 ),
3897 MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B ),
3898 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51 ),
3899 MBEDTLS_BYTES_TO_T_UINT_8( 0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3900};
3901static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3902 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6 ),
3903 MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46 ),
3904 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A ),
3905 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E ),
3906 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE ),
3907 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3 ),
3908 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C ),
3909 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3910};
3911static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3912 MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C ),
3913 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1 ),
3914 MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A ),
3915 MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8 ),
3916 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B ),
3917 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5 ),
3918 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40 ),
3919 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3920};
3921static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3922 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66 ),
3923 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9 ),
3924 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82 ),
3925 MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65 ),
3926 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B ),
3927 MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27 ),
3928 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4 ),
3929 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3930};
3931static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3932 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90 ),
3933 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1 ),
3934 MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A ),
3935 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA ),
3936 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9 ),
3937 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B ),
3938 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40 ),
3939 MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3940};
3941static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3942 MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F ),
3943 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74 ),
3944 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9 ),
3945 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E ),
3946 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A ),
3947 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A ),
3948 MBEDTLS_BYTES_TO_T_UINT_8( 0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD ),
3949 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3950};
3951static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3952 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4 ),
3953 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68 ),
3954 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB ),
3955 MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F ),
3956 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F ),
3957 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B ),
3958 MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E ),
3959 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3960};
3961static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3962 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3 ),
3963 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8 ),
3964 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5 ),
3965 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC ),
3966 MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F ),
3967 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C ),
3968 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4 ),
3969 MBEDTLS_BYTES_TO_T_UINT_8( 0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3970};
3971static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3972 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3 ),
3973 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9 ),
3974 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74 ),
3975 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD ),
3976 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39 ),
3977 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0 ),
3978 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58 ),
3979 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3980};
3981static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3982 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5 ),
3983 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66 ),
3984 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B ),
3985 MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB ),
3986 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73 ),
3987 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34 ),
3988 MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94 ),
3989 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]3990};
3991static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]3992 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9 ),
3993 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17 ),
3994 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03 ),
3995 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10 ),
3996 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D ),
3997 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B ),
3998 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28 ),
3999 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4000};
4001static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4002 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90 ),
4003 MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE ),
4004 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62 ),
4005 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F ),
4006 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7 ),
4007 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B ),
4008 MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F ),
4009 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4010};
4011static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4012 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65 ),
4013 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A ),
4014 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD ),
4015 MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54 ),
4016 MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69 ),
4017 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5 ),
4018 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2 ),
4019 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4020};
4021static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4022 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C ),
4023 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A ),
4024 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2 ),
4025 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7 ),
4026 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26 ),
4027 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB ),
4028 MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3 ),
4029 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4030};
4031static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4032 MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83 ),
4033 MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17 ),
4034 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A ),
4035 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24 ),
4036 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05 ),
4037 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72 ),
4038 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB ),
4039 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4040};
4041static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4042 MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD ),
4043 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61 ),
4044 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC ),
4045 MBEDTLS_BYTES_TO_T_UINT_8( 0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55 ),
4046 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5 ),
4047 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD ),
4048 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2 ),
4049 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4050};
4051static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4052 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0 ),
4053 MBEDTLS_BYTES_TO_T_UINT_8( 0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92 ),
4054 MBEDTLS_BYTES_TO_T_UINT_8( 0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9 ),
4055 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8 ),
4056 MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF ),
4057 MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B ),
4058 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4 ),
4059 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4060};
4061static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4062 MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C ),
4063 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A ),
4064 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E ),
4065 MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B ),
4066 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95 ),
4067 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92 ),
4068 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB ),
4069 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4070};
4071static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4072 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19 ),
4073 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D ),
4074 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5 ),
4075 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89 ),
4076 MBEDTLS_BYTES_TO_T_UINT_8( 0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA ),
4077 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64 ),
4078 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0 ),
4079 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4080};
4081static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4082 MBEDTLS_BYTES_TO_T_UINT_8( 0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0 ),
4083 MBEDTLS_BYTES_TO_T_UINT_8( 0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6 ),
4084 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D ),
4085 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51 ),
4086 MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2 ),
4087 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC ),
4088 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B ),
4089 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4090};
4091static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4092 MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2 ),
4093 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96 ),
4094 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA ),
4095 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D ),
4096 MBEDTLS_BYTES_TO_T_UINT_8( 0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F ),
4097 MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59 ),
4098 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F ),
4099 MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4100};
4101static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4102 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF ),
4103 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52 ),
4104 MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46 ),
4105 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED ),
4106 MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7 ),
4107 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62 ),
4108 MBEDTLS_BYTES_TO_T_UINT_8( 0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7 ),
4109 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4110};
4111static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4112 MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8 ),
4113 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49 ),
4114 MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C ),
4115 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49 ),
4116 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA ),
4117 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8 ),
4118 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99 ),
4119 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4120};
4121static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4122 MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B ),
4123 MBEDTLS_BYTES_TO_T_UINT_8( 0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F ),
4124 MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9 ),
4125 MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F ),
4126 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B ),
4127 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E ),
4128 MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F ),
4129 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4130};
4131static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4132 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA ),
4133 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49 ),
4134 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4 ),
4135 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D ),
4136 MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C ),
4137 MBEDTLS_BYTES_TO_T_UINT_8( 0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A ),
4138 MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE ),
4139 MBEDTLS_BYTES_TO_T_UINT_8( 0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4140};
4141static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4142 MBEDTLS_BYTES_TO_T_UINT_8( 0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32 ),
4143 MBEDTLS_BYTES_TO_T_UINT_8( 0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32 ),
4144 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F ),
4145 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E ),
4146 MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1 ),
4147 MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52 ),
4148 MBEDTLS_BYTES_TO_T_UINT_8( 0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82 ),
4149 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4150};
4151static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4152 MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0 ),
4153 MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A ),
4154 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B ),
4155 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52 ),
4156 MBEDTLS_BYTES_TO_T_UINT_8( 0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27 ),
4157 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68 ),
4158 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D ),
4159 MBEDTLS_BYTES_TO_T_UINT_8( 0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4160};
4161static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4162 MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9 ),
4163 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9 ),
4164 MBEDTLS_BYTES_TO_T_UINT_8( 0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F ),
4165 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D ),
4166 MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74 ),
4167 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8 ),
4168 MBEDTLS_BYTES_TO_T_UINT_8( 0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE ),
4169 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4170};
4171static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4172 MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81 ),
4173 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC ),
4174 MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E ),
4175 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80 ),
4176 MBEDTLS_BYTES_TO_T_UINT_8( 0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C ),
4177 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5 ),
4178 MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E ),
4179 MBEDTLS_BYTES_TO_T_UINT_8( 0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4180};
4181static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4182 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8 ),
4183 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF ),
4184 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E ),
4185 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A ),
4186 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD ),
4187 MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED ),
4188 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17 ),
4189 MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4190};
4191static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4192 MBEDTLS_BYTES_TO_T_UINT_8( 0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35 ),
4193 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14 ),
4194 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4 ),
4195 MBEDTLS_BYTES_TO_T_UINT_8( 0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97 ),
4196 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8 ),
4197 MBEDTLS_BYTES_TO_T_UINT_8( 0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F ),
4198 MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD ),
4199 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4200};
4201static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4202 MBEDTLS_BYTES_TO_T_UINT_8( 0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D ),
4203 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25 ),
4204 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F ),
4205 MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A ),
4206 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24 ),
4207 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A ),
4208 MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E ),
4209 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4210};
4211static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4212 MBEDTLS_BYTES_TO_T_UINT_8( 0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69 ),
4213 MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C ),
4214 MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8 ),
4215 MBEDTLS_BYTES_TO_T_UINT_8( 0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05 ),
4216 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF ),
4217 MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80 ),
4218 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D ),
4219 MBEDTLS_BYTES_TO_T_UINT_8( 0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4220};
4221static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4222 MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2 ),
4223 MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4 ),
4224 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2 ),
4225 MBEDTLS_BYTES_TO_T_UINT_8( 0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90 ),
4226 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47 ),
4227 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23 ),
4228 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76 ),
4229 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4230};
4231static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4232 MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5 ),
4233 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73 ),
4234 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2 ),
4235 MBEDTLS_BYTES_TO_T_UINT_8( 0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC ),
4236 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0 ),
4237 MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16 ),
4238 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16 ),
4239 MBEDTLS_BYTES_TO_T_UINT_8( 0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4240};
4241static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4242 MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A ),
4243 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5 ),
4244 MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53 ),
4245 MBEDTLS_BYTES_TO_T_UINT_8( 0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1 ),
4246 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E ),
4247 MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC ),
4248 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34 ),
4249 MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4250};
4251static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4252 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2 ),
4253 MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12 ),
4254 MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B ),
4255 MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD ),
4256 MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B ),
4257 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79 ),
4258 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7 ),
4259 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4260};
4261static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4262 MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D ),
4263 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81 ),
4264 MBEDTLS_BYTES_TO_T_UINT_8( 0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF ),
4265 MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF ),
4266 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6 ),
4267 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3 ),
4268 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB ),
4269 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4270};
4271static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4272 MBEDTLS_BYTES_TO_T_UINT_8( 0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5 ),
4273 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD ),
4274 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57 ),
4275 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45 ),
4276 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2 ),
4277 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42 ),
4278 MBEDTLS_BYTES_TO_T_UINT_8( 0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE ),
4279 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4280};
4281static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4282 MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88 ),
4283 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93 ),
4284 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF ),
4285 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75 ),
4286 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08 ),
4287 MBEDTLS_BYTES_TO_T_UINT_8( 0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86 ),
4288 MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA ),
4289 MBEDTLS_BYTES_TO_T_UINT_8( 0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4290};
4291static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4292 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4 ),
4293 MBEDTLS_BYTES_TO_T_UINT_8( 0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F ),
4294 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC ),
4295 MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F ),
4296 MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E ),
4297 MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01 ),
4298 MBEDTLS_BYTES_TO_T_UINT_8( 0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B ),
4299 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4300};
4301static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4302 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE ),
4303 MBEDTLS_BYTES_TO_T_UINT_8( 0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2 ),
4304 MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A ),
4305 MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41 ),
4306 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24 ),
4307 MBEDTLS_BYTES_TO_T_UINT_8( 0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24 ),
4308 MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4 ),
4309 MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4310};
4311static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4312 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70 ),
4313 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8 ),
4314 MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6 ),
4315 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81 ),
4316 MBEDTLS_BYTES_TO_T_UINT_8( 0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53 ),
4317 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22 ),
4318 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68 ),
4319 MBEDTLS_BYTES_TO_T_UINT_8( 0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4320};
4321static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4322 MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36 ),
4323 MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06 ),
4324 MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87 ),
4325 MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75 ),
4326 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60 ),
4327 MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9 ),
4328 MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B ),
4329 MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4330};
4331static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4332 MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB ),
4333 MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34 ),
4334 MBEDTLS_BYTES_TO_T_UINT_8( 0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA ),
4335 MBEDTLS_BYTES_TO_T_UINT_8( 0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56 ),
4336 MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84 ),
4337 MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC ),
4338 MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3 ),
4339 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4340};
4341static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4342 MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52 ),
4343 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7 ),
4344 MBEDTLS_BYTES_TO_T_UINT_8( 0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D ),
4345 MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79 ),
4346 MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C ),
4347 MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14 ),
4348 MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F ),
4349 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4350};
4351static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4352 MBEDTLS_BYTES_TO_T_UINT_8( 0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F ),
4353 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71 ),
4354 MBEDTLS_BYTES_TO_T_UINT_8( 0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD ),
4355 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6 ),
4356 MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A ),
4357 MBEDTLS_BYTES_TO_T_UINT_8( 0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57 ),
4358 MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6 ),
4359 MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4360};
4361static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4362 MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA ),
4363 MBEDTLS_BYTES_TO_T_UINT_8( 0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82 ),
4364 MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13 ),
4365 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95 ),
4366 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3 ),
4367 MBEDTLS_BYTES_TO_T_UINT_8( 0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A ),
4368 MBEDTLS_BYTES_TO_T_UINT_8( 0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A ),
4369 MBEDTLS_BYTES_TO_T_UINT_8( 0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4370};
4371static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4372 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05 ),
4373 MBEDTLS_BYTES_TO_T_UINT_8( 0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12 ),
4374 MBEDTLS_BYTES_TO_T_UINT_8( 0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0 ),
4375 MBEDTLS_BYTES_TO_T_UINT_8( 0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3 ),
4376 MBEDTLS_BYTES_TO_T_UINT_8( 0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A ),
4377 MBEDTLS_BYTES_TO_T_UINT_8( 0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22 ),
4378 MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB ),
4379 MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4380};
4381static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4382 MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F ),
4383 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A ),
4384 MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A ),
4385 MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7 ),
4386 MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D ),
4387 MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44 ),
4388 MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0 ),
4389 MBEDTLS_BYTES_TO_T_UINT_8( 0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4390};
4391static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4392 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42 ),
4393 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39 ),
4394 MBEDTLS_BYTES_TO_T_UINT_8( 0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF ),
4395 MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20 ),
4396 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D ),
4397 MBEDTLS_BYTES_TO_T_UINT_8( 0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41 ),
4398 MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1 ),
4399 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4400};
4401static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4402 MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F ),
4403 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A ),
4404 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4 ),
4405 MBEDTLS_BYTES_TO_T_UINT_8( 0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53 ),
4406 MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96 ),
4407 MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD ),
4408 MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B ),
4409 MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4410};
4411static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4412 MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6 ),
4413 MBEDTLS_BYTES_TO_T_UINT_8( 0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA ),
4414 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4 ),
4415 MBEDTLS_BYTES_TO_T_UINT_8( 0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A ),
4416 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE ),
4417 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE ),
4418 MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06 ),
4419 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4420};
4421static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4422 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6 ),
4423 MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC ),
4424 MBEDTLS_BYTES_TO_T_UINT_8( 0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2 ),
4425 MBEDTLS_BYTES_TO_T_UINT_8( 0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D ),
4426 MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B ),
4427 MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13 ),
4428 MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95 ),
4429 MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4430};
4431static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4432 MBEDTLS_BYTES_TO_T_UINT_8( 0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3 ),
4433 MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45 ),
4434 MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98 ),
4435 MBEDTLS_BYTES_TO_T_UINT_8( 0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B ),
4436 MBEDTLS_BYTES_TO_T_UINT_8( 0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD ),
4437 MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84 ),
4438 MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B ),
4439 MBEDTLS_BYTES_TO_T_UINT_8( 0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4440};
4441static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4442 MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B ),
4443 MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43 ),
4444 MBEDTLS_BYTES_TO_T_UINT_8( 0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A ),
4445 MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11 ),
4446 MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E ),
4447 MBEDTLS_BYTES_TO_T_UINT_8( 0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC ),
4448 MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2 ),
4449 MBEDTLS_BYTES_TO_T_UINT_8( 0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4450};
4451static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4452 MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63 ),
4453 MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB ),
4454 MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A ),
4455 MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E ),
4456 MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB ),
4457 MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93 ),
4458 MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08 ),
4459 MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4460};
4461static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]4462 MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25 ),
4463 MBEDTLS_BYTES_TO_T_UINT_8( 0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C ),
4464 MBEDTLS_BYTES_TO_T_UINT_8( 0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1 ),
4465 MBEDTLS_BYTES_TO_T_UINT_8( 0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9 ),
4466 MBEDTLS_BYTES_TO_T_UINT_8( 0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63 ),
4467 MBEDTLS_BYTES_TO_T_UINT_8( 0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1 ),
4468 MBEDTLS_BYTES_TO_T_UINT_8( 0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4 ),
4469 MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42 ),
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4470};
4471static const mbedtls_ecp_point brainpoolP512r1_T[32] = {
4472 ECP_POINT_INIT_XY_Z1(brainpoolP512r1_T_0_X, brainpoolP512r1_T_0_Y),
4473 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_1_X, brainpoolP512r1_T_1_Y),
4474 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_2_X, brainpoolP512r1_T_2_Y),
4475 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_3_X, brainpoolP512r1_T_3_Y),
4476 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_4_X, brainpoolP512r1_T_4_Y),
4477 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_5_X, brainpoolP512r1_T_5_Y),
4478 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_6_X, brainpoolP512r1_T_6_Y),
4479 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_7_X, brainpoolP512r1_T_7_Y),
4480 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_8_X, brainpoolP512r1_T_8_Y),
4481 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_9_X, brainpoolP512r1_T_9_Y),
4482 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_10_X, brainpoolP512r1_T_10_Y),
4483 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_11_X, brainpoolP512r1_T_11_Y),
4484 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_12_X, brainpoolP512r1_T_12_Y),
4485 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_13_X, brainpoolP512r1_T_13_Y),
4486 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_14_X, brainpoolP512r1_T_14_Y),
4487 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_15_X, brainpoolP512r1_T_15_Y),
4488 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_16_X, brainpoolP512r1_T_16_Y),
4489 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_17_X, brainpoolP512r1_T_17_Y),
4490 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_18_X, brainpoolP512r1_T_18_Y),
4491 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_19_X, brainpoolP512r1_T_19_Y),
4492 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_20_X, brainpoolP512r1_T_20_Y),
4493 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_21_X, brainpoolP512r1_T_21_Y),
4494 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_22_X, brainpoolP512r1_T_22_Y),
4495 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_23_X, brainpoolP512r1_T_23_Y),
4496 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_24_X, brainpoolP512r1_T_24_Y),
4497 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_25_X, brainpoolP512r1_T_25_Y),
4498 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_26_X, brainpoolP512r1_T_26_Y),
4499 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_27_X, brainpoolP512r1_T_27_Y),
4500 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_28_X, brainpoolP512r1_T_28_Y),
4501 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_29_X, brainpoolP512r1_T_29_Y),
4502 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_30_X, brainpoolP512r1_T_30_Y),
4503 ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_31_X, brainpoolP512r1_T_31_Y),
4504};
4505#else
4506#define brainpoolP512r1_T NULL
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4507#endif
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4508#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4509
4510#if defined(ECP_LOAD_GROUP)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4511/*
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4512 * Create an MPI from embedded constants
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4513 * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4514 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4515static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4516{
4517 X->s = 1;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4518 X->n = len / sizeof( mbedtls_mpi_uint );
4519 X->p = (mbedtls_mpi_uint *) p;
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4520}
4521
4522/*
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4523 * Set an MPI to static value 1
4524 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4525static inline void ecp_mpi_set1( mbedtls_mpi *X )
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4526{
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4527 X->s = 1;
4528 X->n = 1;
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4529 X->p = mpi_one;
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4530}
4531
4532/*
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4533 * Make group available from embedded constants
4534 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4535static int ecp_group_load( mbedtls_ecp_group *grp,
4536 const mbedtls_mpi_uint *p, size_t plen,
4537 const mbedtls_mpi_uint *a, size_t alen,
4538 const mbedtls_mpi_uint *b, size_t blen,
4539 const mbedtls_mpi_uint *gx, size_t gxlen,
4540 const mbedtls_mpi_uint *gy, size_t gylen,
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4541 const mbedtls_mpi_uint *n, size_t nlen,
4542 const mbedtls_ecp_point *T)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4543{
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4544 ecp_mpi_load( &grp->P, p, plen );
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4545 if( a != NULL )
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4546 ecp_mpi_load( &grp->A, a, alen );
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4547 ecp_mpi_load( &grp->B, b, blen );
4548 ecp_mpi_load( &grp->N, n, nlen );
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4549
Manuel Pégourié-Gonnard731d08b2013-12-06 12:16:10 +0100[diff] [blame]4550 ecp_mpi_load( &grp->G.X, gx, gxlen );
4551 ecp_mpi_load( &grp->G.Y, gy, gylen );
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4552 ecp_mpi_set1( &grp->G.Z );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4553
Manuel Pégourié-Gonnardc0696c22015-06-18 16:47:17 +0200[diff] [blame]4554 grp->pbits = mbedtls_mpi_bitlen( &grp->P );
4555 grp->nbits = mbedtls_mpi_bitlen( &grp->N );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4556
Manuel Pégourié-Gonnard1f82b042013-12-06 12:51:50 +0100[diff] [blame]4557 grp->h = 1;
4558
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4559 grp->T = (mbedtls_ecp_point *) T;
4560 /*
4561 * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free.
4562 */
4563 grp->T_size = 0;
4564
Manuel Pégourié-Gonnard73cc01d2013-12-06 12:41:30 +0100[diff] [blame]4565 return( 0 );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4566}
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4567#endif /* ECP_LOAD_GROUP */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4568
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4569#if defined(MBEDTLS_ECP_NIST_OPTIM)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4570/* Forward declarations */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4571#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
4572static int ecp_mod_p192( mbedtls_mpi * );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4573#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4574#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
4575static int ecp_mod_p224( mbedtls_mpi * );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4576#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4577#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
4578static int ecp_mod_p256( mbedtls_mpi * );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4579#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4580#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
4581static int ecp_mod_p384( mbedtls_mpi * );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4582#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4583#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
4584static int ecp_mod_p521( mbedtls_mpi * );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4585#endif
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4586
4587#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P;
4588#else
4589#define NIST_MODP( P )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4590#endif /* MBEDTLS_ECP_NIST_OPTIM */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4591
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4592/* Additional forward declarations */
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4593#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4594static int ecp_mod_p255( mbedtls_mpi * );
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4595#endif
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4596#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
4597static int ecp_mod_p448( mbedtls_mpi * );
4598#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4599#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
4600static int ecp_mod_p192k1( mbedtls_mpi * );
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4601#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4602#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
4603static int ecp_mod_p224k1( mbedtls_mpi * );
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4604#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4605#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
4606static int ecp_mod_p256k1( mbedtls_mpi * );
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4607#endif
4608
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4609#if defined(ECP_LOAD_GROUP)
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4610#define LOAD_GROUP_A( G ) ecp_group_load( grp, \
4611 G ## _p, sizeof( G ## _p ), \
4612 G ## _a, sizeof( G ## _a ), \
4613 G ## _b, sizeof( G ## _b ), \
4614 G ## _gx, sizeof( G ## _gx ), \
4615 G ## _gy, sizeof( G ## _gy ), \
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4616 G ## _n, sizeof( G ## _n ), \
4617 G ## _T \
4618 )
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4619
4620#define LOAD_GROUP( G ) ecp_group_load( grp, \
4621 G ## _p, sizeof( G ## _p ), \
4622 NULL, 0, \
4623 G ## _b, sizeof( G ## _b ), \
4624 G ## _gx, sizeof( G ## _gx ), \
4625 G ## _gy, sizeof( G ## _gy ), \
kXuanba9cb762021-04-08 14:32:06 +0800[diff] [blame]4626 G ## _n, sizeof( G ## _n ), \
4627 G ## _T \
4628 )
Gilles Peskineaa9493a2018-09-12 14:44:03 +0200[diff] [blame]4629#endif /* ECP_LOAD_GROUP */
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4630
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4631#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4632/* Constants used by ecp_use_curve25519() */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4633static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42;
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4634static const unsigned char curve25519_part_of_n[] = {
4635 0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6,
4636 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED,
4637};
4638
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4639/*
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4640 * Specialized function for creating the Curve25519 group
4641 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4642static int ecp_use_curve25519( mbedtls_ecp_group *grp )
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4643{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4644 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4645
4646 /* Actually ( A + 2 ) / 4 */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4647 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve25519_a24 ) );
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4648
4649 /* P = 2^255 - 19 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4650 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
4651 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) );
4652 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
Manuel Pégourié-Gonnardc0696c22015-06-18 16:47:17 +0200[diff] [blame]4653 grp->pbits = mbedtls_mpi_bitlen( &grp->P );
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4654
Nicholas Wilson54fc34e2016-05-16 15:15:45 +0100[diff] [blame]4655 /* N = 2^252 + 27742317777372353535851937790883648493 */
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4656 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->N,
4657 curve25519_part_of_n, sizeof( curve25519_part_of_n ) ) );
Nicholas Wilson54fc34e2016-05-16 15:15:45 +0100[diff] [blame]4658 MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
4659
Manuel Pégourié-Gonnard18b78432018-03-28 11:14:06 +0200[diff] [blame]4660 /* Y intentionally not set, since we use x/z coordinates.
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]4661 * This is used as a marker to identify Montgomery curves! */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4662 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
4663 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
4664 mbedtls_mpi_free( &grp->G.Y );
Manuel Pégourié-Gonnard312d2e82013-12-04 11:08:01 +0100[diff] [blame]4665
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4666 /* Actually, the required msb for private keys */
4667 grp->nbits = 254;
4668
4669cleanup:
4670 if( ret != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4671 mbedtls_ecp_group_free( grp );
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4672
4673 return( ret );
4674}
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4675#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4676
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4677#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4678/* Constants used by ecp_use_curve448() */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4679static const mbedtls_mpi_sint curve448_a24 = 0x98AA;
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4680static const unsigned char curve448_part_of_n[] = {
4681 0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24,
4682 0xB6, 0x51, 0x29, 0xC9, 0x6F, 0xDE, 0x93,
4683 0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA, 0xDC,
4684 0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D,
4685};
4686
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4687/*
4688 * Specialized function for creating the Curve448 group
4689 */
4690static int ecp_use_curve448( mbedtls_ecp_group *grp )
4691{
4692 mbedtls_mpi Ns;
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4693 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4694
4695 mbedtls_mpi_init( &Ns );
4696
4697 /* Actually ( A + 2 ) / 4 */
Janos Follath8b8b7812021-06-24 15:00:33 +0100[diff] [blame]4698 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve448_a24 ) );
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4699
4700 /* P = 2^448 - 2^224 - 1 */
4701 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
4702 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
4703 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
4704 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
4705 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
4706 grp->pbits = mbedtls_mpi_bitlen( &grp->P );
4707
4708 /* Y intentionally not set, since we use x/z coordinates.
4709 * This is used as a marker to identify Montgomery curves! */
4710 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
4711 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
4712 mbedtls_mpi_free( &grp->G.Y );
4713
4714 /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
Pol Henarejosaa68d362022-05-05 19:22:29 +0200[diff] [blame]4715 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->N, 0 ) );
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4716 MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
Manuel Pégourié-Gonnard2d457b82021-06-23 12:43:34 +0200[diff] [blame]4717 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Ns,
4718 curve448_part_of_n, sizeof( curve448_part_of_n ) ) );
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4719 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
4720
4721 /* Actually, the required msb for private keys */
4722 grp->nbits = 447;
4723
4724cleanup:
4725 mbedtls_mpi_free( &Ns );
4726 if( ret != 0 )
4727 mbedtls_ecp_group_free( grp );
4728
4729 return( ret );
4730}
4731#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
4732
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4733/*
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4734 * Set a group using well-known domain parameters
4735 */
Manuel Pégourié-Gonnarde3a062b2015-05-11 18:46:47 +0200[diff] [blame]4736int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4737{
Hanno Becker4f8e8e52018-12-14 15:08:03 +0000[diff] [blame]4738 ECP_VALIDATE_RET( grp != NULL );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4739 mbedtls_ecp_group_free( grp );
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4740
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4741 grp->id = id;
4742
4743 switch( id )
4744 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4745#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
4746 case MBEDTLS_ECP_DP_SECP192R1:
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4747 NIST_MODP( p192 );
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4748 return( LOAD_GROUP( secp192r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4749#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4750
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4751#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
4752 case MBEDTLS_ECP_DP_SECP224R1:
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4753 NIST_MODP( p224 );
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4754 return( LOAD_GROUP( secp224r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4755#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4756
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4757#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
4758 case MBEDTLS_ECP_DP_SECP256R1:
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4759 NIST_MODP( p256 );
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4760 return( LOAD_GROUP( secp256r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4761#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4762
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4763#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
4764 case MBEDTLS_ECP_DP_SECP384R1:
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4765 NIST_MODP( p384 );
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4766 return( LOAD_GROUP( secp384r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4767#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4768
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4769#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
4770 case MBEDTLS_ECP_DP_SECP521R1:
Manuel Pégourié-Gonnard3ee90002013-12-02 17:14:48 +0100[diff] [blame]4771 NIST_MODP( p521 );
Manuel Pégourié-Gonnard9854fe92013-12-02 16:30:43 +0100[diff] [blame]4772 return( LOAD_GROUP( secp521r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4773#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4774
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4775#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
4776 case MBEDTLS_ECP_DP_SECP192K1:
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4777 grp->modp = ecp_mod_p192k1;
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]4778 return( LOAD_GROUP_A( secp192k1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4779#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnardea499a72014-01-11 15:58:47 +0100[diff] [blame]4780
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4781#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
4782 case MBEDTLS_ECP_DP_SECP224K1:
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]4783 grp->modp = ecp_mod_p224k1;
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]4784 return( LOAD_GROUP_A( secp224k1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4785#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard18e3ec92014-01-11 15:22:07 +0100[diff] [blame]4786
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4787#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
4788 case MBEDTLS_ECP_DP_SECP256K1:
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]4789 grp->modp = ecp_mod_p256k1;
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]4790 return( LOAD_GROUP_A( secp256k1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4791#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnardf51c8fc2014-01-10 18:17:18 +0100[diff] [blame]4792
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4793#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
4794 case MBEDTLS_ECP_DP_BP256R1:
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4795 return( LOAD_GROUP_A( brainpoolP256r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4796#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4797
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4798#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
4799 case MBEDTLS_ECP_DP_BP384R1:
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4800 return( LOAD_GROUP_A( brainpoolP384r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4801#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4802
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4803#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
4804 case MBEDTLS_ECP_DP_BP512R1:
Manuel Pégourié-Gonnard81e1b102013-12-06 13:28:05 +0100[diff] [blame]4805 return( LOAD_GROUP_A( brainpoolP512r1 ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4806#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4807
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4808#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
4809 case MBEDTLS_ECP_DP_CURVE25519:
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]4810 grp->modp = ecp_mod_p255;
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4811 return( ecp_use_curve25519( grp ) );
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]4812#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard66153662013-12-03 14:12:26 +0100[diff] [blame]4813
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]4814#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
4815 case MBEDTLS_ECP_DP_CURVE448:
4816 grp->modp = ecp_mod_p448;
4817 return( ecp_use_curve448( grp ) );
4818#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
4819
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4820 default:
Alexander K56a74cd2019-09-10 17:58:20 +0300[diff] [blame]4821 grp->id = MBEDTLS_ECP_DP_NONE;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4822 return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4823 }
4824}
4825
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4826#if defined(MBEDTLS_ECP_NIST_OPTIM)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4827/*
4828 * Fast reduction modulo the primes used by the NIST curves.
4829 *
4830 * These functions are critical for speed, but not needed for correct
4831 * operations. So, we make the choice to heavily rely on the internals of our
4832 * bignum library, which creates a tight coupling between these functions and
4833 * our MPI implementation. However, the coupling between the ECP module and
4834 * MPI remains loose, since these functions can be deactivated at will.
4835 */
4836
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4837#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4838/*
4839 * Compared to the way things are presented in FIPS 186-3 D.2,
4840 * we proceed in columns, from right (least significant chunk) to left,
4841 * adding chunks to N in place, and keeping a carry for the next chunk.
4842 * This avoids moving things around in memory, and uselessly adding zeros,
4843 * compared to the more straightforward, line-oriented approach.
4844 *
4845 * For this prime we need to handle data in chunks of 64 bits.
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4846 * Since this is always a multiple of our basic mbedtls_mpi_uint, we can
4847 * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it.
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4848 */
4849
4850/* Add 64-bit chunks (dst += src) and update carry */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4851static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4852{
4853 unsigned char i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4854 mbedtls_mpi_uint c = 0;
4855 for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4856 {
4857 *dst += c; c = ( *dst < c );
4858 *dst += *src; c += ( *dst < *src );
4859 }
4860 *carry += c;
4861}
4862
4863/* Add carry to a 64-bit chunk and update carry */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4864static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4865{
4866 unsigned char i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4867 for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4868 {
4869 *dst += *carry;
4870 *carry = ( *dst < *carry );
4871 }
4872}
4873
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4874#define WIDTH 8 / sizeof( mbedtls_mpi_uint )
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]4875#define A( i ) N->p + (i) * WIDTH
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4876#define ADD( i ) add64( p, A( i ), &c )
4877#define NEXT p += WIDTH; carry64( p, &c )
4878#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
4879
4880/*
4881 * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
4882 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4883static int ecp_mod_p192( mbedtls_mpi *N )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4884{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]4885 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4886 mbedtls_mpi_uint c = 0;
4887 mbedtls_mpi_uint *p, *end;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4888
4889 /* Make sure we have enough blocks so that A(5) is legal */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4890 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4891
4892 p = N->p;
4893 end = p + N->n;
4894
4895 ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5
4896 ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5
4897 ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5
4898
4899cleanup:
4900 return( ret );
4901}
4902
4903#undef WIDTH
4904#undef A
4905#undef ADD
4906#undef NEXT
4907#undef LAST
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4908#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4909
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4910#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
4911 defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
4912 defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4913/*
4914 * The reader is advised to first understand ecp_mod_p192() since the same
4915 * general structure is used here, but with additional complications:
4916 * (1) chunks of 32 bits, and (2) subtractions.
4917 */
4918
4919/*
4920 * For these primes, we need to handle data in chunks of 32 bits.
4921 * This makes it more complicated if we use 64 bits limbs in MPI,
4922 * which prevents us from using a uniform access method as for p192.
4923 *
4924 * So, we define a mini abstraction layer to access 32 bit chunks,
4925 * load them in 'cur' for work, and store them back from 'cur' when done.
4926 *
4927 * While at it, also define the size of N in terms of 32-bit chunks.
4928 */
4929#define LOAD32 cur = A( i );
4930
Manuel Pégourié-Gonnard7b538892015-04-09 17:00:17 +0200[diff] [blame]4931#if defined(MBEDTLS_HAVE_INT32) /* 32 bit */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4932
4933#define MAX32 N->n
4934#define A( j ) N->p[j]
4935#define STORE32 N->p[i] = cur;
4936
4937#else /* 64-bit */
4938
4939#define MAX32 N->n * 2
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]4940#define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \
4941 (uint32_t)( N->p[(j)/2] )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4942#define STORE32 \
4943 if( i % 2 ) { \
4944 N->p[i/2] &= 0x00000000FFFFFFFF; \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4945 N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4946 } else { \
4947 N->p[i/2] &= 0xFFFFFFFF00000000; \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4948 N->p[i/2] |= (mbedtls_mpi_uint) cur; \
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4949 }
4950
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]4951#endif /* sizeof( mbedtls_mpi_uint ) */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4952
4953/*
4954 * Helpers for addition and subtraction of chunks, with signed carry.
4955 */
4956static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
4957{
4958 *dst += src;
4959 *carry += ( *dst < src );
4960}
4961
4962static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
4963{
4964 *carry -= ( *dst < src );
4965 *dst -= src;
4966}
4967
4968#define ADD( j ) add32( &cur, A( j ), &c );
4969#define SUB( j ) sub32( &cur, A( j ), &c );
4970
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]4971#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
Gilles Peskineb76517b2021-03-10 23:44:28 +0100[diff] [blame]4972#define biL (ciL << 3) /* bits in limb */
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]4973
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4974/*
4975 * Helpers for the main 'loop'
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4976 */
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]4977#define INIT( b ) \
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]4978 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]4979 signed char c = 0, cc; \
4980 uint32_t cur; \
4981 size_t i = 0, bits = (b); \
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]4982 /* N is the size of the product of two b-bit numbers, plus one */ \
4983 /* limb for fix_negative */ \
4984 MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, ( b ) * 2 / biL + 1 ) ); \
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]4985 LOAD32;
4986
4987#define NEXT \
4988 STORE32; i++; LOAD32; \
4989 cc = c; c = 0; \
4990 if( cc < 0 ) \
4991 sub32( &cur, -cc, &c ); \
4992 else \
4993 add32( &cur, cc, &c ); \
4994
4995#define LAST \
4996 STORE32; i++; \
4997 cur = c > 0 ? c : 0; STORE32; \
4998 cur = 0; while( ++i < MAX32 ) { STORE32; } \
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]4999 if( c < 0 ) mbedtls_ecp_fix_negative( N, c, bits );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5000
5001/*
5002 * If the result is negative, we get it in the form
Gilles Peskine349b3722021-04-03 21:40:11 +0200[diff] [blame]5003 * c * 2^bits + N, with c negative and N positive shorter than 'bits'
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5004 */
Gilles Peskine618be2e2021-04-03 21:47:53 +0200[diff] [blame]5005MBEDTLS_STATIC_TESTABLE
5006void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5007{
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]5008 size_t i;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5009
Gilles Peskineff6a32d2021-04-03 20:21:43 +0200[diff] [blame]5010 /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
5011 * set the absolute value to 0xfff...fff - N. There is no carry
5012 * since we're subtracting from all-bits-one. */
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]5013 for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
5014 {
5015 N->p[i] = ~(mbedtls_mpi_uint)0 - N->p[i];
5016 }
Gilles Peskineff6a32d2021-04-03 20:21:43 +0200[diff] [blame]5017 /* Add 1, taking care of the carry. */
5018 i = 0;
5019 do
5020 ++N->p[i];
5021 while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) );
5022 /* Invert the sign.
5023 * Now N = N0 - 2^bits where N0 is the initial value of N. */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5024 N->s = -1;
5025
Gilles Peskine349b3722021-04-03 21:40:11 +0200[diff] [blame]5026 /* Add |c| * 2^bits to the absolute value. Since c and N are
5027 * negative, this adds c * 2^bits. */
Gilles Peskined10e8fa2020-07-22 19:58:28 +0200[diff] [blame]5028 mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
5029#if defined(MBEDTLS_HAVE_INT64)
5030 if( bits == 224 )
5031 msw <<= 32;
5032#endif
5033 N->p[bits / 8 / sizeof( mbedtls_mpi_uint)] += msw;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5034}
5035
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5036#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5037/*
5038 * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
5039 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5040static int ecp_mod_p224( mbedtls_mpi *N )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5041{
5042 INIT( 224 );
5043
5044 SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11
5045 SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12
5046 SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13
5047 SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11
5048 SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12
5049 SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13
5050 SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10
5051
5052cleanup:
5053 return( ret );
5054}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5055#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5056
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5057#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5058/*
5059 * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
5060 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5061static int ecp_mod_p256( mbedtls_mpi *N )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5062{
5063 INIT( 256 );
5064
5065 ADD( 8 ); ADD( 9 );
5066 SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0
5067
5068 ADD( 9 ); ADD( 10 );
5069 SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1
5070
5071 ADD( 10 ); ADD( 11 );
5072 SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2
5073
5074 ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
5075 SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3
5076
5077 ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
5078 SUB( 9 ); SUB( 10 ); NEXT; // A4
5079
5080 ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
5081 SUB( 10 ); SUB( 11 ); NEXT; // A5
5082
5083 ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
5084 SUB( 8 ); SUB( 9 ); NEXT; // A6
5085
5086 ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
5087 SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7
5088
5089cleanup:
5090 return( ret );
5091}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5092#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5093
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5094#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5095/*
5096 * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
5097 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5098static int ecp_mod_p384( mbedtls_mpi *N )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5099{
5100 INIT( 384 );
5101
5102 ADD( 12 ); ADD( 21 ); ADD( 20 );
5103 SUB( 23 ); NEXT; // A0
5104
5105 ADD( 13 ); ADD( 22 ); ADD( 23 );
5106 SUB( 12 ); SUB( 20 ); NEXT; // A2
5107
5108 ADD( 14 ); ADD( 23 );
5109 SUB( 13 ); SUB( 21 ); NEXT; // A2
5110
5111 ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
5112 SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3
5113
5114 ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
5115 SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4
5116
5117 ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
5118 SUB( 16 ); NEXT; // A5
5119
5120 ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
5121 SUB( 17 ); NEXT; // A6
5122
5123 ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
5124 SUB( 18 ); NEXT; // A7
5125
5126 ADD( 20 ); ADD( 17 ); ADD( 16 );
5127 SUB( 19 ); NEXT; // A8
5128
5129 ADD( 21 ); ADD( 18 ); ADD( 17 );
5130 SUB( 20 ); NEXT; // A9
5131
5132 ADD( 22 ); ADD( 19 ); ADD( 18 );
5133 SUB( 21 ); NEXT; // A10
5134
5135 ADD( 23 ); ADD( 20 ); ADD( 19 );
5136 SUB( 22 ); LAST; // A11
5137
5138cleanup:
5139 return( ret );
5140}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5141#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5142
5143#undef A
5144#undef LOAD32
5145#undef STORE32
5146#undef MAX32
5147#undef INIT
5148#undef NEXT
5149#undef LAST
5150
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5151#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED ||
5152 MBEDTLS_ECP_DP_SECP256R1_ENABLED ||
5153 MBEDTLS_ECP_DP_SECP384R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5154
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5155#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5156/*
5157 * Here we have an actual Mersenne prime, so things are more straightforward.
5158 * However, chunks are aligned on a 'weird' boundary (521 bits).
5159 */
5160
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5161/* Size of p521 in terms of mbedtls_mpi_uint */
5162#define P521_WIDTH ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5163
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5164/* Bits to keep in the most significant mbedtls_mpi_uint */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5165#define P521_MASK 0x01FF
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5166
5167/*
5168 * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
5169 * Write N as A1 + 2^521 A0, return A0 + A1
5170 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5171static int ecp_mod_p521( mbedtls_mpi *N )
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5172{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5173 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5174 size_t i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5175 mbedtls_mpi M;
5176 mbedtls_mpi_uint Mp[P521_WIDTH + 1];
5177 /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits:
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5178 * we need to hold bits 513 to 1056, which is 34 limbs, that is
5179 * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
5180
5181 if( N->n < P521_WIDTH )
5182 return( 0 );
5183
5184 /* M = A1 */
5185 M.s = 1;
5186 M.n = N->n - ( P521_WIDTH - 1 );
5187 if( M.n > P521_WIDTH + 1 )
5188 M.n = P521_WIDTH + 1;
5189 M.p = Mp;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5190 memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
5191 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5192
5193 /* N = A0 */
5194 N->p[P521_WIDTH - 1] &= P521_MASK;
5195 for( i = P521_WIDTH; i < N->n; i++ )
5196 N->p[i] = 0;
5197
5198 /* N = A0 + A1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5199 MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5200
5201cleanup:
5202 return( ret );
5203}
5204
5205#undef P521_WIDTH
5206#undef P521_MASK
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5207#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5208
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5209#endif /* MBEDTLS_ECP_NIST_OPTIM */
Manuel Pégourié-Gonnard32b04c12013-12-02 15:49:09 +0100[diff] [blame]5210
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]5211#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5212
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5213/* Size of p255 in terms of mbedtls_mpi_uint */
5214#define P255_WIDTH ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5215
5216/*
5217 * Fast quasi-reduction modulo p255 = 2^255 - 19
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5218 * Write N as A0 + 2^256 A1, return A0 + 38 * A1
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5219 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5220static int ecp_mod_p255( mbedtls_mpi *N )
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5221{
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5222 mbedtls_mpi_uint Mp[P255_WIDTH];
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5223
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5224 /* Helper references for top part of N */
5225 mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;
Hanno Becker53b3c602022-04-11 13:46:30 +0100[diff] [blame]5226 const size_t NT_n = N->n - P255_WIDTH;
Hanno Beckerbb04cb92022-04-12 11:18:11 +0100[diff] [blame]5227 if( N->n <= P255_WIDTH )
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5228 return( 0 );
Hanno Becker127fcab2022-04-12 22:18:36 +0100[diff] [blame]5229 if( NT_n > P255_WIDTH )
5230 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5231
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5232 /* Split N as N + 2^256 M */
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5233 memcpy( Mp, NT_p, sizeof( mbedtls_mpi_uint ) * NT_n );
5234 memset( NT_p, 0, sizeof( mbedtls_mpi_uint ) * NT_n );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5235
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5236 /* N = A0 + 38 * A1 */
Hanno Becker0dbf04a2022-04-13 06:54:48 +0100[diff] [blame]5237 mbedtls_mpi_core_mla( N->p, P255_WIDTH + 1,
5238 Mp, NT_n,
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5239 38 );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5240
Hanno Becker25bb7322022-04-11 07:03:48 +0100[diff] [blame]5241 return( 0 );
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5242}
Manuel Pégourié-Gonnard07894332015-06-23 00:18:41 +0200[diff] [blame]5243#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
Manuel Pégourié-Gonnard3d7053a2013-12-04 20:51:13 +0100[diff] [blame]5244
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5245#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
5246
5247/* Size of p448 in terms of mbedtls_mpi_uint */
5248#define P448_WIDTH ( 448 / 8 / sizeof( mbedtls_mpi_uint ) )
5249
5250/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
5251#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) )
5252#define P224_WIDTH_MIN ( 28 / sizeof( mbedtls_mpi_uint ) )
5253#define P224_WIDTH_MAX DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) )
5254#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 )
5255
5256/*
5257 * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
5258 * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return
5259 * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference
5260 * implementation of Curve448, which uses its own special 56-bit limbs rather
5261 * than a generic bignum library. We could squeeze some extra speed out on
5262 * 32-bit machines by splitting N up into 32-bit limbs and doing the
5263 * arithmetic using the limbs directly as we do for the NIST primes above,
5264 * but for 64-bit targets it should use half the number of operations if we do
5265 * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
5266 */
5267static int ecp_mod_p448( mbedtls_mpi *N )
5268{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5269 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Nicholas Wilson08f3ef12015-11-10 13:10:01 +0000[diff] [blame]5270 size_t i;
5271 mbedtls_mpi M, Q;
5272 mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
5273
5274 if( N->n <= P448_WIDTH )
5275 return( 0 );
5276
5277 /* M = A1 */
5278 M.s = 1;
5279 M.n = N->n - ( P448_WIDTH );
5280 if( M.n > P448_WIDTH )
5281 /* Shouldn't be called with N larger than 2^896! */
5282 return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
5283 M.p = Mp;
5284 memset( Mp, 0, sizeof( Mp ) );
5285 memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
5286
5287 /* N = A0 */
5288 for( i = P448_WIDTH; i < N->n; i++ )
5289 N->p[i] = 0;
5290
5291 /* N += A1 */
5292 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
5293
5294 /* Q = B1, N += B1 */
5295 Q = M;
5296 Q.p = Qp;
5297 memcpy( Qp, Mp, sizeof( Qp ) );
5298 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
5299 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
5300
5301 /* M = (B0 + B1) * 2^224, N += M */
5302 if( sizeof( mbedtls_mpi_uint ) > 4 )
5303 Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
5304 for( i = P224_WIDTH_MAX; i < M.n; ++i )
5305 Mp[i] = 0;
5306 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
5307 M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
5308 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
5309 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
5310
5311cleanup:
5312 return( ret );
5313}
5314#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
5315
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5316#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
5317 defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
5318 defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5319/*
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5320 * Fast quasi-reduction modulo P = 2^s - R,
5321 * with R about 33 bits, used by the Koblitz curves.
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5322 *
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5323 * Write N as A0 + 2^224 A1, return A0 + R * A1.
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5324 * Actually do two passes, since R is big.
5325 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5326#define P_KOBLITZ_MAX ( 256 / 8 / sizeof( mbedtls_mpi_uint ) ) // Max limbs in P
5327#define P_KOBLITZ_R ( 8 / sizeof( mbedtls_mpi_uint ) ) // Limbs in R
5328static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
5329 size_t adjust, size_t shift, mbedtls_mpi_uint mask )
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5330{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]5331 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5332 size_t i;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5333 mbedtls_mpi M, R;
Janos Follath7dadc2f2017-01-27 16:05:20 +0000[diff] [blame]5334 mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5335
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5336 if( N->n < p_limbs )
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5337 return( 0 );
5338
5339 /* Init R */
5340 R.s = 1;
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5341 R.p = Rp;
5342 R.n = P_KOBLITZ_R;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5343
5344 /* Common setup for M */
5345 M.s = 1;
5346 M.p = Mp;
5347
5348 /* M = A1 */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5349 M.n = N->n - ( p_limbs - adjust );
5350 if( M.n > p_limbs + adjust )
5351 M.n = p_limbs + adjust;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5352 memset( Mp, 0, sizeof Mp );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5353 memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]5354 if( shift != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5355 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
Janos Follath7dadc2f2017-01-27 16:05:20 +0000[diff] [blame]5356 M.n += R.n; /* Make room for multiplication by R */
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5357
5358 /* N = A0 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]5359 if( mask != 0 )
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5360 N->p[p_limbs - 1] &= mask;
5361 for( i = p_limbs; i < N->n; i++ )
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5362 N->p[i] = 0;
5363
5364 /* N = A0 + R * A1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5365 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
5366 MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5367
5368 /* Second pass */
5369
5370 /* M = A1 */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5371 M.n = N->n - ( p_limbs - adjust );
5372 if( M.n > p_limbs + adjust )
5373 M.n = p_limbs + adjust;
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5374 memset( Mp, 0, sizeof Mp );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5375 memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]5376 if( shift != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5377 MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
Janos Follath7dadc2f2017-01-27 16:05:20 +0000[diff] [blame]5378 M.n += R.n; /* Make room for multiplication by R */
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5379
5380 /* N = A0 */
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]5381 if( mask != 0 )
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5382 N->p[p_limbs - 1] &= mask;
5383 for( i = p_limbs; i < N->n; i++ )
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5384 N->p[i] = 0;
5385
5386 /* N = A0 + R * A1 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5387 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
5388 MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5389
5390cleanup:
5391 return( ret );
5392}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5393#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
5394 MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
5395 MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5396
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5397#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5398/*
5399 * Fast quasi-reduction modulo p192k1 = 2^192 - R,
5400 * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
5401 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5402static int ecp_mod_p192k1( mbedtls_mpi *N )
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5403{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5404 static mbedtls_mpi_uint Rp[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]5405 MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
5406 0x00 ) };
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5407
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]5408 return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
5409 0 ) );
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5410}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5411#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5412
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5413#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5414/*
5415 * Fast quasi-reduction modulo p224k1 = 2^224 - R,
5416 * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
5417 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5418static int ecp_mod_p224k1( mbedtls_mpi *N )
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5419{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5420 static mbedtls_mpi_uint Rp[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]5421 MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
5422 0x00 ) };
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5423
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5424#if defined(MBEDTLS_HAVE_INT64)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5425 return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
5426#else
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]5427 return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
5428 0 ) );
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5429#endif
5430}
5431
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5432#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5433
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5434#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5435/*
5436 * Fast quasi-reduction modulo p256k1 = 2^256 - R,
5437 * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
5438 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5439static int ecp_mod_p256k1( mbedtls_mpi *N )
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5440{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5441 static mbedtls_mpi_uint Rp[] = {
Janos Follath1107ee42021-06-25 12:43:26 +0100[diff] [blame]5442 MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
5443 0x00 ) };
5444 return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
5445 0 ) );
Manuel Pégourié-Gonnard9af7d3a2014-01-18 17:28:59 +0100[diff] [blame]5446}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5447#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
Manuel Pégourié-Gonnard8887d8d2014-01-17 23:17:10 +0100[diff] [blame]5448
Janos Follathb0697532016-08-18 12:38:46 +0100[diff] [blame]5449#endif /* !MBEDTLS_ECP_ALT */
5450
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5451#endif /* MBEDTLS_ECP_C */