]> git.saurik.com Git - apple/security.git/blame - libsecurity_cryptkit/lib/curveParamData.h
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-55471.14.18.tar.gz
[apple/security.git] / libsecurity_cryptkit / lib / curveParamData.h
CommitLineData
b1ab9ed8
A		 1/* New ECC curves,
2
3 14 Apr 2001 (REC) ensured x1Minus arithmetic & prime point orders
4 5 Apr 2001 (REC) factored minusorder for NIST-P-192
5 3 Apr 2001 (REC) first draft
6
7 c. 2001 Apple Computer, Inc.
8 All Rights Reserved.
9
10 Currently there are 7 (seven) curves, at varying
11 bit-depth and varying parameter types:
12
13 FEE curves (use Montgomery arithmetic and feemod base-prime):
14 31 bits
15 127 bits
16 IEEE curves (use projective arithmetic):
17 31 bits (feemod base-prime)
18 128 bits (feemod base-prime)
19 161 bits (feemod base-prime) (default preference)
20 161 bits (general prime)
21 192 bits (general. prime) (NIST-recommended)
22
23 Each curve is given key comments atop the parameters.
24 For performance considerations,
25
26 primeType->Mersenne is faster than primeType->feemod is
27 faster than primeType->general
28
29 curveType->Montgomery is faster than curveType->Weierstrass,
30
31 Some choices are not obvious except to cryptographers;
32 e.g., the two curves given for 161 bits exist because
33 of cryptographic controversies; probably the curve with
34 both orders prime is more secure, so it is perhaps
35 the curve of choice at 161 bits.
36
37 The parameters/points have standard meaning, except for our
38 special entities as listed below. It is important to note the
39 principle thgat, without exception, every CryptKit base prime
40 p is = 3 (mod 4). This allows simple square-rooting in the field
41 F_p. Because of this universal constraint, (-1) is always a
42 quadratic nonresidue and so twist curves as below can assume
43 g = -1.
44
45 (...)plusOrder := The usual elliptic-curve order;
46 (...)x1Plus := x-coordinate on y^2 = x^3 + c x^2 + a x + b;
47 (...)x1OrderPlus := Order of x1Plus, always divides plusOrder
48 (...)minusOrder := Order of the twist curve = 2p+2-plusOrder
49 (...)x1Minus := x-coordinate chosen on the twist curve
50 g y^2 = x^3 + c x^2 + a x + b
51 where g = -1 is the nonresidue, and such that
52 the special, x-coordinates-only, twofold-ambiguous "add" of
53 FEED works on the minus curve, using the same curve
54 parameters a,b,c as for the plus curve. Note that
55 x1Minus is to be chosen so that the correct "add" arithmetic
56 occurs, and also so that the desired point order accrues.
57 (...)x1OrderMinus := Order of x1Plus, always divides minusOrder.
58
59 In each of the curves specified below, the plusOrder (at least)
60 is prime, while each of the point orders x1OrderPlus/Minus
61 is always prime.
62
63 Note that the older labels Atkin3, Atkin4 have been abolished.
64
65 */
66
67 /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY.
68 * primeType->Mersenne
69 * curveType->Montgomery
70 * q = 31; k = 1; p = 2^q - k;
71 * a = 1; b = 0; c = 666;
72 * Both orders composite.
73 */
74static const arrayDigit ga_31m_x1Plus[] =
75 {2, 61780, 6237};
76 /* 408809812 */
77static const arrayDigit ga_31m_x1Minus[] =
78 {2,12973,30585};
79 /* 2004431533 */
80static const arrayDigit ga_31m_plusOrder[] =
81 {2, 25928, 32768 };
82 /* 2147509576 = 2^3 * 268438697. */
83static const arrayDigit ga_31m_minusOrder[] =
84 {2, 39608, 32767 };
85 /* 2147457720 = 2^3 * 3 * 5 * 17895481. */
86static const arrayDigit ga_31m_x1OrderPlus[] =
87 {2, 3241, 4096};
88 /* 268438697 */
89static const arrayDigit ga_31m_x1OrderMinus[] =
90 {2, 4153, 273};
91 /* 17895481 */
92static const arrayDigit ga_31m_x1OrderPlusRecip[] =
93 {2, 52572, 16383};
94static const arrayDigit ga_31m_lesserX1OrderRecip[] =
95 {2, 759, 960};
96
97 /* IEEE P1363 COMPATIBLE.
98 * primeType->Mersenne
99 * curveType->Weierstrass
100 * q = 31; k = 1; p = 2^q-k;
101 * a = 5824692 b = 2067311435 c = 0
102 * Both orders prime.
103 */
104static const arrayDigit ga_31w_x1Plus[] =
105 {1, 6 };
106static const arrayDigit ga_31w_x1Minus[] =
107 {1, 7 };
108static const arrayDigit ga_31w_plusOrder[] =
109 {2,59003,32766 };
110 /* 2147411579 */
111static const arrayDigit ga_31w_minusOrder[] =
112 {2,6533,32769 };
113 /* 2147555717 */
114static const arrayDigit ga_31w_x1OrderPlus[] =
115 {2,59003,32766};
116 /* 2147411579 */
117static const arrayDigit ga_31w_x1OrderMinus[] =
118 {2,6533,32769};
119 /* 2147555717 */
120static const arrayDigit ga_31w_x1OrderPlusRecip[] =
121 {2, 6535, 32769};
122
123static const arrayDigit ga_31w_a[] =
124 {2,57524,88};
125 /* 5824692 */
126static const arrayDigit ga_31w_b[] =
127 {2,43851,31544};
128 /* 2067311435 */
129
130 /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY.
131 * primeType->Mersenne
132 * curveType->Montgomery
133 * q = 127; k = 1; p = 2^q - k;
134 * a = 1; b = 0; c = 666;
135 * Both orders composite.
136 */
137static const arrayDigit ga_127m_x1Plus[] =
138 {8, 24044, 39922, 11050,
139 24692, 34049, 9793, 1228, 31562};
140 /* 163879370753099435779911346846180728300 */
141static const arrayDigit ga_127m_x1Minus[] =
142 {8,49015,6682,26772,63672,45560,46133,24769,8366};
143 /* 43440717976631899041527862406676135799 */
144static const arrayDigit ga_127m_plusOrder[] =
145 { 8, 14612, 61088, 34331,
146 32354, 65535, 65535, 65535,
147 32767};
148 /* 170141183460469231722347548493196835092 =
1492^2 * 3^4 * 71 * 775627 * 9535713005180210505588285449. */
150static const arrayDigit ga_127m_minusOrder[] =
151 { 8, 50924, 4447, 31204,
152 33181, 0, 0, 0,
153 32768 };
154 /* 170141183460469231741027058938571376364 =
1552^2 * 17 * 743 * 1593440383 * 2113371777483973234080067. */
156static const arrayDigit ga_127m_x1OrderPlus[] =
157 {6, 8201, 61942, 37082,
158 53787, 49605, 7887 };
159 /* 9535713005180210505588285449 */
160static const arrayDigit ga_127m_x1OrderMinus[] =
161 {6, 14659, 1977,16924,
162 7446, 49030, 1};
163 /* 2113371777483973234080067 */
164static const arrayDigit ga_127m_x1OrderPlusRecip[] =
165 {6, 21911, 8615, 0, 40960, 64107, 8507};
166static const arrayDigit ga_127m_lesserX1OrderRecip[] =
167 {6, 44759, 65533, 17695, 61560, 18883, 2};
168
169 /* IEEE P1363 COMPATIBLE.
170 * primeType->feemod
171 * curveType->Weierstrass
172 * q = 127; k = -57675; p = 2^q - k;
173 * a = 170141183460469025572049133804586627403;
174 * b = 170105154311605172483148226534443139403; c = 0;
175 * Both orders prime.:
176 */
177static const arrayDigit ga_128w_x1Plus[] =
178 {1,6};
179 /* 6 */
180static const arrayDigit ga_128w_x1Minus[] =
181 {1,3};
182 /* 3 */
183static const arrayDigit ga_128w_plusOrder[] =
184 {8,40455,13788,48100,24190,1,0,0,32768};
185 /* 170141183460469231756943134065055014407. */
186static const arrayDigit ga_128w_minusOrder[] =
187 {8,9361,51749,17435,41345,65534,65535,65535,32767};
188 /* 170141183460469231706431473366713312401. */
189static const arrayDigit ga_128w_x1OrderPlus[] =
190 {8,40455,13788,48100,24190,1,0,0,32768};
191 /* 170141183460469231756943134065055014407. */
192static const arrayDigit ga_128w_x1OrderMinus[] =
193 {8,9361,51749,17435,41345,65534,65535,65535,32767};
194 /* 170141183460469231706431473366713312401. */
195static const arrayDigit ga_128w_x1OrderPlusRecip[] =
196 {9,34802,10381,4207,34309,65530,65535,65535,65535,1};
197static const arrayDigit ga_128w_lesserX1OrderRecip[] =
198 {8,56178,13786,48100,24190,1,0,0,32768};
199
200static const arrayDigit ga_128w_a[] =
201 {8,29003,44777,29962,4169,54360,65535,65535,32767};
202 /* 170141183460469025572049133804586627403; */
203static const arrayDigit ga_128w_b[] =
204 {8,16715,42481,16221,60523,56573,13644,4000,32761};
205 /* 170105154311605172483148226534443139403. */
206
207 /* IEEE P1363 COMPATIBLE.
208 * primeType->feemod
209 * curveType->Weierstrass
210 * q = 160; k = -5875; p = 2^q - k;
211 * a = 1461501637330902918203684832716283019448563798259;
212 * b = 36382017816364032; c = 0;
213 * Both orders prime.:
214 */
215static const arrayDigit ga_161w_x1Plus[] =
216 {1,7};
217 /* 7 */
218static const arrayDigit ga_161w_x1Minus[] =
219 {1,4};
220 /* 4 */
221static const arrayDigit ga_161w_plusOrder[] =
222 {11,50651,30352,49719,403,64085,1,0,0,0,0,1};
223 /* 1461501637330902918203687223801810245920805144027. */
224static const arrayDigit ga_161w_minusOrder[] =
225 {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535};
226 /* 1461501637330902918203682441630755793391059953677. */
227static const arrayDigit ga_161w_x1OrderPlus[] =
228 {11,50651,30352,49719,403,64085,1,0,0,0,0,1};
229 /* 1461501637330902918203687223801810245920805144027. */
230static const arrayDigit ga_161w_x1OrderMinus[] =
231 {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535};
232 /* 1461501637330902918203682441630755793391059953677. */
233static const arrayDigit ga_161w_x1OrderPlusRecip[] =
234 {11,59555,9660,63266,63920,5803,65528,65535,65535,65535,65535,3};
235/* added by dmitch */
236static const arrayDigit ga_161w_lesserX1OrderRecip[] =
237 {12,38902,30352,49719,403,64085,1,0,0,0,0,1,0};
238/* end addenda */
239
240static const arrayDigit ga_161w_a[] = {10,4339,47068,65487,65535,65535,65535,65535,65535,65535,65535};
241/* 1461501637330902918203684832716283019448563798259; */
242static const arrayDigit ga_161w_b[] = {4,1024,41000,16704,129};
243/* 36382017816364032. */
244
245 /* IEEE P1363 COMPATIBLE.
246 * primeType->General
247 * curveType->Weierstrass
248 * p is a 161-bit random prime (below, ga_161_gen_bp[]);
249 * a = -152; b = 722; c = 0;
250 * Both orders composite.:
251 */
252static const arrayDigit ga_161_gen_bp[] =
253 {11,41419,58349,36408,14563,25486,9098,29127,50972,7281,8647,1};
254 /* baseprime = 1654338658923174831024422729553880293604080853451 */
255static const arrayDigit ga_161_gen_x1Plus[] =
256 {10,59390,38748,49144,50217,32781,46057,53816,62856,18968,55868};
257 /* 1245904487553815885170631576005220733978383542270 */
258static const arrayDigit ga_161_gen_x1Minus[] =
259 {10,12140,40021,9852,49578,18446,39468,28773,10952,26720,52624};
260 /* 1173563507729187954550227059395955904200719019884 */
261static const arrayDigit ga_161_gen_plusOrder[] =
262 {11,41420,58349,36408,14563,25486,9100,29127,50972,7281,8647,1};
263 /* 1654338658923174831024425147405519522862430265804 =
264 2^2 * 23 * 359 * 479 * 102107 * 1024120625531724089187207582052247831. */
265static const arrayDigit ga_161_gen_minusOrder[] =
266 {11,41420,58349,36408,14563,25486,9096,29127,50972,7281,8647,1};
267 /* 1654338658923174831024420311702241064345731441100 =
2682^2 * 5^2 * 17^2 * 57243552211874561627142571339177891499852299. */
269static const arrayDigit ga_161_gen_x1OrderPlus[] =
270 {8,59671,64703,58305,55887,34170,37971,15627,197};
271 /* 1024120625531724089187207582052247831 */
272static const arrayDigit ga_161_gen_x1OrderMinus[] =
273 {10,49675,56911,64364,6281,5543,59511,52057,44604,37151,2};
274 /* 57243552211874561627142571339177891499852299 */
275static const arrayDigit ga_161_gen_x1OrderPlusRecip[] =
276 {8, 7566, 37898, 14581, 2404, 52670, 23839, 17554, 332};
277
278static const arrayDigit ga_161_gen_a[] = {-1, 152}; /* a = -152 */
279static const arrayDigit ga_161_gen_b[] = { 1, 722}; /* b = 722 */
280
281
282 /* IEEE P1363 COMPATIBLE.
283 * (NIST-P-192 RECOMMENDED PRIME)
284 * primeType->General
285 * curveType->Weierstrass
286 * p is a 192-bit prime (with efficient bit structure) (below, ga_192_gen_bp[]);
287 * a = -3; b = 2455155546008943817740293915197451784769108058161191238065; c = 0;
288 * Plus-order is prime, minus-order is composite.
289 */
290static const arrayDigit ga_192_gen_bp[] =
291 {12,65535,65535,65535,65535,65534,65535,65535,65535,65535,65535,65535,65535};
292 /* baseprime =
2936277101735386680763835789423207666416083908700390324961279 */
294static const arrayDigit ga_192_gen_x1Plus[] =
295 {1,3};
296 /* 3 */
297static const arrayDigit ga_192_gen_x1Minus[] =
298 {12,25754,63413,46363,42413,24848,21836,55473,50853,40413,10264,8715,59556};
299 /* 5704344264203732742656350325931731344592841761552300598426 */
300static const arrayDigit ga_192_gen_plusOrder[] =
301 {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535};
302 /* 6277101735386680763835789423176059013767194773182842284081 */
303static const arrayDigit ga_192_gen_minusOrder[] =
304 {13,55247,19245,13902,60308,1991,26145,0,0,0,0,0,0,1};
305 /* 6277101735386680763835789423239273818400622627597807638479 =
306 23 * 10864375060560251605900677743 *
307 25120401793443689936479125511 */
308static const arrayDigit ga_192_gen_x1OrderPlus[] =
309 {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535};
310 /* 6277101735386680763835789423176059013767194773182842284081 */
311static const arrayDigit ga_192_gen_x1OrderMinus[] =
312 {12,16649,40728,9152,53911,59923,9684,22795,17096,45590,34192,25644,2849};
313 /* 272917466755942641905903887966924948626114027286861201673 =
31410864375060560251605900677743 * 25120401793443689936479125511
315*/
316static const arrayDigit ga_192_gen_x1OrderPlusRecip[] =
317 {13,55247,19245,13902,60308,1993,26145,0,0,0,0,0,0,1};
318static const arrayDigit ga_192_gen_lesserX1OrderRecip[] =
319{12,57756,63294,44830,2517,2125,63187,65535,65535,65535,65535,65535,5887};
320
321static const arrayDigit ga_192_gen_a[] = {-1, 3}; /* a = -3. */
322static const arrayDigit ga_192_gen_b[] =
323{12,47537,49478,57068,65208,12361,29220,59819,4007,32999,58780,1305,25633};
324/* b = 2455155546008943817740293915197451784769108058161191238065. */
325
326/***
327 *** ANSI X9.62/Certicom curves
328 ***/
329
330/*
331 * secp192r1
332 *
333 * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF
334 * = 6277101735386680763835789423207666416083908700390324961279 (d)
335 * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC
336 * = 6277101735386680763835789423207666416083908700390324961276
337 * b = 64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1
338 * = 2455155546008943817740293915197451784769108058161191238065
339 * x = 188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012
340 * = 602046282375688656758213480587526111916698976636884684818
341 * y = 07192B95FFC8DA78631011ED6B24CDD573F977A11E794811
342 * = 174050332293622031404857552280219410364023488927386650641
343 * order = FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
344 * = 6277101735386680763835789423176059013767194773182842284081
345 * x1OrderRecip = 1000000000000000000000000662107c9eb94364e4b2dd7cf
346 */
347static const arrayDigit ga_192_secp_bp[] =
348 {12, 0xffff, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
349static const arrayDigit ga_192_secp_x1Plus[] =
350 {12, 0x1012, 0x82ff, 0xafd, 0xf4ff, 0x8800, 0x43a1, 0x20eb, 0x7cbf, 0x90f6, 0xb030, 0xa80e, 0x188d};
351static const arrayDigit ga_192_secp_y1Plus[] =
352 {12, 0x4811, 0x1e79, 0x77a1, 0x73f9, 0xcdd5, 0x6b24, 0x11ed, 0x6310, 0xda78, 0xffc8, 0x2b95, 0x719};
353static const arrayDigit ga_192_secp_plusOrder[] =
354 {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
355/* the curve order is prime, so x1Order = curveOrder */
356static const arrayDigit ga_192_secp_x1OrderPlus[] =
357 {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
358static const arrayDigit ga_192_secp_x1OrderPlusRecip[] =
359 {13, 0xd7cf, 0x4b2d, 0x364e, 0xeb94, 0x7c9, 0x6621, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1};
360static const arrayDigit ga_192_secp_a[] =
361 {12, 0xfffc, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
362static const arrayDigit ga_192_secp_b[] =
363 {12, 0xb9b1, 0xc146, 0xdeec, 0xfeb8, 0x3049, 0x7224, 0xe9ab, 0xfa7, 0x80e7, 0xe59c, 0x519, 0x6421};
364
365
366/*
367 * secp256r1
368 *
369 * p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
370 * = 115792089210356248762697446949407573530086143415290314195533631308867097853951
371 * a = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
372 * = 115792089210356248762697446949407573530086143415290314195533631308867097853948
373 * b = 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
374 * = 41058363725152142129326129780047268409114441015993725554835256314039467401291
375 * x = 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
376 * = 48439561293906451759052585252797914202762949526041747995844080717082404635286
377 * y = 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
378 * = 36134250956749795798585127919587881956611106672985015071877198253568414405109
379 * order = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
380 * = 115792089210356248762697446949407573529996955224135760342422259061068512044369
381 * FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
382 * x1OrderRecip = 100000000fffffffffffffffeffffffff43190552df1a6c21012ffd85eedf9bfe
383 */
384static const arrayDigit ga_256_secp_bp[] =
385 {16, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
386 0x0, 0x1, 0x0, 0xffff, 0xffff};
387static const arrayDigit ga_256_secp_x1Plus[] =
388 {16, 0xc296, 0xd898, 0x3945, 0xf4a1, 0x33a0, 0x2deb, 0x7d81, 0x7703, 0x40f2,
389 0x63a4, 0xe6e5, 0xf8bc, 0x4247, 0xe12c, 0xd1f2, 0x6b17};
390static const arrayDigit ga_256_secp_y1Plus[] =
391 {16, 0x51f5, 0x37bf, 0x4068, 0xcbb6, 0x5ece, 0x6b31, 0x3357, 0x2bce, 0x9e16,
392 0x7c0f, 0xeb4a, 0x8ee7, 0x7f9b, 0xfe1a, 0x42e2, 0x4fe3};
393static const arrayDigit ga_256_secp_plusOrder[] =
394 {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff,
395 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff};
396static const arrayDigit ga_256_secp_x1OrderPlus[] =
397 {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff,
398 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff};
399static const arrayDigit ga_256_secp_x1OrderPlusRecip[] =
400 {17, 0x9bfe, 0xeedf, 0xfd85, 0x12f, 0x6c21, 0xdf1a, 0x552, 0x4319, 0xffff,
401 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x1};
402static const arrayDigit ga_256_secp_a[] =
403 {16, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
404 0x0, 0x1, 0x0, 0xffff, 0xffff};
405static const arrayDigit ga_256_secp_b[] =
406 {16, 0x604b, 0x27d2, 0x3c3e, 0x3bce, 0xb0f6, 0xcc53, 0x6b0, 0x651d, 0x86bc,
407 0x7698, 0xbd55, 0xb3eb, 0x93e7, 0xaa3a, 0x35d8, 0x5ac6};
408
409/*
410 * secp384r1
411 *
412 * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\
413 * 0000000000000000FFFFFFFF
414 * = 394020061963944792122790401001436138050797392704654466679482934042457217\
415 * 71496870329047266088258938001861606973112319
416 * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\
417 * 0000000000000000FFFFFFFC
418 * = 394020061963944792122790401001436138050797392704654466679482934042457217\
419 * 71496870329047266088258938001861606973112316
420 * b = B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D\
421 * 8A2ED19D2A85C8EDD3EC2AEF
422 * = 275801935599597058778490118403890480930569058563615685214287073019886892\
423 * 41309860865136260764883745107765439761230575
424 * x = AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25D\
425 * BF55296C3A545E3872760AB7
426 * = 262470350957996892686231567445669818918529234911092133878156159009255188\
427 * 54738050089022388053975719786650872476732087
428 * y = 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE\
429 * 1D7E819D7A431D7C90EA0E5F
430 * = 832571096148902998554675128952010817928785304886131559470920590248050319\
431 * 9884419224438643760392947333078086511627871
432 * order = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB2\
433 * 48B0A77AECEC196ACCC52973
434 * = 394020061963944792122790401001436138050797392704654466679469052796276593\
435 * 99113263569398956308152294913554433653942643
436 */
437static const arrayDigit ga_384_secp_bp[] =
438 {24, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff,
439 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
440 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
441static const arrayDigit ga_384_secp_x1Plus[] =
442 {24, 0xab7, 0x7276, 0x5e38, 0x3a54, 0x296c, 0xbf55, 0xf25d, 0x5502, 0x2a38,
443 0x8254, 0x41e0, 0x59f7, 0x9b98, 0x8ba7, 0x3b62, 0x6e1d, 0xad74, 0xf320,
444 0xc71e, 0x8eb1, 0x537, 0xbe8b, 0xca22, 0xaa87};
445static const arrayDigit ga_384_secp_y1Plus[] =
446 {24, 0xe5f, 0x90ea, 0x1d7c, 0x7a43, 0x819d, 0x1d7e, 0xb1ce, 0xa60, 0xb8c0,
447 0xb5f0, 0x3113, 0xe9da, 0x147c, 0x289a, 0x1dbd, 0xf8f4, 0xdc29, 0x9292,
448 0x98bf, 0x5d9e, 0x2c6f, 0x9626, 0xde4a, 0x3617};
449static const arrayDigit ga_384_secp_plusOrder[] =
450 {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf,
451 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
452 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
453static const arrayDigit ga_384_secp_x1OrderPlus[] =
454 {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf,
455 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
456 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
457static const arrayDigit ga_384_secp_x1OrderPlusRecip[] =
458 {25, 0xd68d, 0x333a, 0xe695, 0x1313, 0x5885, 0xb74f, 0xf24d, 0xa7e5, 0xd220, 0xbc8,
459 0xb27e, 0x389c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1};
460static const arrayDigit ga_384_secp_a[] =
461 {24, 0xfffc, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff,
462 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
463 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
464static const arrayDigit ga_384_secp_b[] =
465 {24, 0x2aef, 0xd3ec, 0xc8ed, 0x2a85, 0xd19d, 0x8a2e, 0x398d, 0xc656, 0x875a,
466 0x5013, 0x88f, 0x314, 0x4112, 0xfe81, 0x9c6e, 0x181d, 0x2d19, 0xe3f8, 0x56b,
467 0x988e, 0xe7e4, 0xe23e, 0x2fa7, 0xb331};
468
469/*
470 * secp521r1
471 * p = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\
472 * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
473 * = 686479766013060971498190079908139321726943530014330540939446345918554318\
474 * 339765605212255964066145455497729631139148085803712198799971664381257402\
475 * 8291115057151
476 * a = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\
477 * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC
478 * = 686479766013060971498190079908139321726943530014330540939446345918554318\
479 * 339765605212255964066145455497729631139148085803712198799971664381257402\
480 * 8291115057148
481 * b = 0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E15619\
482 * 3951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00
483 * = 109384903807373427451111239076680556993620759895168374899458639449595311\
484 * 615073501601370873757375962324859213229670631330943845253159101291214232\
485 * 7488478985984
486 * x = 00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B\
487 * 5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66
488 * = 266174080205021706322876871672336096072985916875697314770667136841880294\
489 * 499642780849154508062777190235209424122506555866215711354557091681416163\
490 * 7315895999846
491 * y = 011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE\
492 * 72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650
493 * = 375718002577002046354550722449118360359445513476976248669456777961554447\
494 * 744055631669123440501294553956214444453728942852258566672919658081012434\
495 * 4277578376784
496 * order = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5186\
497 * 8783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409
498 * = 686479766013060971498190079908139321726943530014330540939446345918554318\
499 * 339765539424505774633321719753296399637136332111386476861244038034037280\
500 * 8892707005449
501 * orderRecip = 200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000005 \
502 * ae79787c 40d06994 8033feb7 08f65a2f c44a3647 7663b851 449048e1 6ec79bf7
503 * orderRecip = 2000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7
504 */
505static const arrayDigit ga_521_secp_bp[] =
506 {33, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
507 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
508 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
509 0xffff, 0xffff, 0xffff, 0x1ff};
510static const arrayDigit ga_521_secp_x1Plus[] =
511 {33, 0xbd66, 0xc2e5, 0x7e31, 0xf97e, 0x429b, 0x856a, 0xb3c1, 0x3348, 0xa8de, 0xa2ff,
512 0xc127, 0xfe1d, 0x5928, 0xefe7, 0x5e77, 0xa14b, 0x3dba, 0x6b4d, 0xaf60, 0xf828, 0xb521,
513 0x53f, 0x8139, 0x9c64, 0xb442, 0x2395, 0xcb66, 0x9e3e, 0xe9cd, 0x404, 0x6b7, 0x858e, 0xc6};
514static const arrayDigit ga_521_secp_y1Plus[] =
515 {33, 0x6650, 0x9fd1, 0x9476, 0x88be, 0xc240, 0xa272, 0x7086, 0x353c, 0x761, 0x3fad,
516 0xb901, 0xc550, 0x2640, 0x5ef4, 0x7299, 0x97ee, 0x662c, 0x273e, 0xbd17, 0x17af, 0x4468,
517 0x579b, 0x4449, 0x98f5, 0x1bd9, 0x2c7d, 0x5fb4, 0x5c8a, 0xc004, 0x9a3b, 0x6a78, 0x3929,
518 0x118};
519static const arrayDigit ga_521_secp_plusOrder[] =
520 {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709,
521 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff,
522 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
523 0x1ff};
524static const arrayDigit ga_521_secp_x1OrderPlus[] =
525 {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709,
526 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff,
527 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
528 0x1ff};
529static const arrayDigit ga_521_secp_x1OrderPlusRecip[] =
530{33, 0x9bf7, 0x6ec7, 0x48e1, 0x4490, 0xb851, 0x7663, 0x3647, 0xc44a, 0x5a2f, 0x8f6, 0xfeb7, 0x8033, 0x6994, 0x40d0, 0x787c, 0xae79, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200};
531static const arrayDigit ga_521_secp_a[] =
532 {33, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
533 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
534 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
535 0xffff, 0xffff, 0xffff, 0x1ff};
536static const arrayDigit ga_521_secp_b[] =
537 {33, 0x3f00, 0x6b50, 0x1fd4, 0xef45, 0x34f1, 0x3d2c, 0xdf88, 0x3573, 0xbf07,
538 0x3bb1, 0xc0bd, 0x1652, 0x937b, 0xec7e, 0x3951, 0x5619, 0x9e1, 0x8ef1, 0x8991,
539 0xb8b4, 0x15f3, 0x99b3, 0x725b, 0xa2da, 0x40ee, 0xb685, 0x21a0, 0x929a, 0x9a1f,
540 0x8e1c, 0xb961, 0x953e, 0x51};
mirror of Security