]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_cryptkit/lib/curveParamData.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / OSX / libsecurity_cryptkit / lib / curveParamData.h
1 /* New ECC curves,
2
3 14 Apr 2001 (REC) ensured x1Minus arithmetic & prime point orders
4 5 Apr 2001 (REC) factored minusorder for NIST-P-192
5 3 Apr 2001 (REC) first draft
6
7 c. 2001 Apple Computer, Inc.
8 All Rights Reserved.
9
10 Currently there are 7 (seven) curves, at varying
11 bit-depth and varying parameter types:
12
13 FEE curves (use Montgomery arithmetic and feemod base-prime):
14 31 bits
15 127 bits
16 IEEE curves (use projective arithmetic):
17 31 bits (feemod base-prime)
18 128 bits (feemod base-prime)
19 161 bits (feemod base-prime) (default preference)
20 161 bits (general prime)
21 192 bits (general. prime) (NIST-recommended)
22
23 Each curve is given key comments atop the parameters.
24 For performance considerations,
25
26 primeType->Mersenne is faster than primeType->feemod is
27 faster than primeType->general
28
29 curveType->Montgomery is faster than curveType->Weierstrass,
30
31 Some choices are not obvious except to cryptographers;
32 e.g., the two curves given for 161 bits exist because
33 of cryptographic controversies; probably the curve with
34 both orders prime is more secure, so it is perhaps
35 the curve of choice at 161 bits.
36
37 The parameters/points have standard meaning, except for our
38 special entities as listed below. It is important to note the
39 principle thgat, without exception, every CryptKit base prime
40 p is = 3 (mod 4). This allows simple square-rooting in the field
41 F_p. Because of this universal constraint, (-1) is always a
42 quadratic nonresidue and so twist curves as below can assume
43 g = -1.
44
45 (...)plusOrder := The usual elliptic-curve order;
46 (...)x1Plus := x-coordinate on y^2 = x^3 + c x^2 + a x + b;
47 (...)x1OrderPlus := Order of x1Plus, always divides plusOrder
48 (...)minusOrder := Order of the twist curve = 2p+2-plusOrder
49 (...)x1Minus := x-coordinate chosen on the twist curve
50 g y^2 = x^3 + c x^2 + a x + b
51 where g = -1 is the nonresidue, and such that
52 the special, x-coordinates-only, twofold-ambiguous "add" of
53 FEED works on the minus curve, using the same curve
54 parameters a,b,c as for the plus curve. Note that
55 x1Minus is to be chosen so that the correct "add" arithmetic
56 occurs, and also so that the desired point order accrues.
57 (...)x1OrderMinus := Order of x1Plus, always divides minusOrder.
58
59 In each of the curves specified below, the plusOrder (at least)
60 is prime, while each of the point orders x1OrderPlus/Minus
61 is always prime.
62
63 Note that the older labels Atkin3, Atkin4 have been abolished.
64
65 */
66
67 /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY.
68 * primeType->Mersenne
69 * curveType->Montgomery
70 * q = 31; k = 1; p = 2^q - k;
71 * a = 1; b = 0; c = 666;
72 * Both orders composite.
73 */
74 static const arrayDigit ga_31m_x1Plus[] =
75 {2, 61780, 6237};
76 /* 408809812 */
77 static const arrayDigit ga_31m_x1Minus[] =
78 {2,12973,30585};
79 /* 2004431533 */
80 static const arrayDigit ga_31m_plusOrder[] =
81 {2, 25928, 32768 };
82 /* 2147509576 = 2^3 * 268438697. */
83 static const arrayDigit ga_31m_minusOrder[] =
84 {2, 39608, 32767 };
85 /* 2147457720 = 2^3 * 3 * 5 * 17895481. */
86 static const arrayDigit ga_31m_x1OrderPlus[] =
87 {2, 3241, 4096};
88 /* 268438697 */
89 static const arrayDigit ga_31m_x1OrderMinus[] =
90 {2, 4153, 273};
91 /* 17895481 */
92 static const arrayDigit ga_31m_x1OrderPlusRecip[] =
93 {2, 52572, 16383};
94 static const arrayDigit ga_31m_lesserX1OrderRecip[] =
95 {2, 759, 960};
96
97 /* IEEE P1363 COMPATIBLE.
98 * primeType->Mersenne
99 * curveType->Weierstrass
100 * q = 31; k = 1; p = 2^q-k;
101 * a = 5824692 b = 2067311435 c = 0
102 * Both orders prime.
103 */
104 static const arrayDigit ga_31w_x1Plus[] =
105 {1, 6 };
106 static const arrayDigit ga_31w_x1Minus[] =
107 {1, 7 };
108 static const arrayDigit ga_31w_plusOrder[] =
109 {2,59003,32766 };
110 /* 2147411579 */
111 static const arrayDigit ga_31w_minusOrder[] =
112 {2,6533,32769 };
113 /* 2147555717 */
114 static const arrayDigit ga_31w_x1OrderPlus[] =
115 {2,59003,32766};
116 /* 2147411579 */
117 static const arrayDigit ga_31w_x1OrderMinus[] =
118 {2,6533,32769};
119 /* 2147555717 */
120 static const arrayDigit ga_31w_x1OrderPlusRecip[] =
121 {2, 6535, 32769};
122
123 static const arrayDigit ga_31w_a[] =
124 {2,57524,88};
125 /* 5824692 */
126 static const arrayDigit ga_31w_b[] =
127 {2,43851,31544};
128 /* 2067311435 */
129
130 /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY.
131 * primeType->Mersenne
132 * curveType->Montgomery
133 * q = 127; k = 1; p = 2^q - k;
134 * a = 1; b = 0; c = 666;
135 * Both orders composite.
136 */
137 static const arrayDigit ga_127m_x1Plus[] =
138 {8, 24044, 39922, 11050,
139 24692, 34049, 9793, 1228, 31562};
140 /* 163879370753099435779911346846180728300 */
141 static const arrayDigit ga_127m_x1Minus[] =
142 {8,49015,6682,26772,63672,45560,46133,24769,8366};
143 /* 43440717976631899041527862406676135799 */
144 static const arrayDigit ga_127m_plusOrder[] =
145 { 8, 14612, 61088, 34331,
146 32354, 65535, 65535, 65535,
147 32767};
148 /* 170141183460469231722347548493196835092 =
149 2^2 * 3^4 * 71 * 775627 * 9535713005180210505588285449. */
150 static const arrayDigit ga_127m_minusOrder[] =
151 { 8, 50924, 4447, 31204,
152 33181, 0, 0, 0,
153 32768 };
154 /* 170141183460469231741027058938571376364 =
155 2^2 * 17 * 743 * 1593440383 * 2113371777483973234080067. */
156 static const arrayDigit ga_127m_x1OrderPlus[] =
157 {6, 8201, 61942, 37082,
158 53787, 49605, 7887 };
159 /* 9535713005180210505588285449 */
160 static const arrayDigit ga_127m_x1OrderMinus[] =
161 {6, 14659, 1977,16924,
162 7446, 49030, 1};
163 /* 2113371777483973234080067 */
164 static const arrayDigit ga_127m_x1OrderPlusRecip[] =
165 {6, 21911, 8615, 0, 40960, 64107, 8507};
166 static const arrayDigit ga_127m_lesserX1OrderRecip[] =
167 {6, 44759, 65533, 17695, 61560, 18883, 2};
168
169 /* IEEE P1363 COMPATIBLE.
170 * primeType->feemod
171 * curveType->Weierstrass
172 * q = 127; k = -57675; p = 2^q - k;
173 * a = 170141183460469025572049133804586627403;
174 * b = 170105154311605172483148226534443139403; c = 0;
175 * Both orders prime.:
176 */
177 static const arrayDigit ga_128w_x1Plus[] =
178 {1,6};
179 /* 6 */
180 static const arrayDigit ga_128w_x1Minus[] =
181 {1,3};
182 /* 3 */
183 static const arrayDigit ga_128w_plusOrder[] =
184 {8,40455,13788,48100,24190,1,0,0,32768};
185 /* 170141183460469231756943134065055014407. */
186 static const arrayDigit ga_128w_minusOrder[] =
187 {8,9361,51749,17435,41345,65534,65535,65535,32767};
188 /* 170141183460469231706431473366713312401. */
189 static const arrayDigit ga_128w_x1OrderPlus[] =
190 {8,40455,13788,48100,24190,1,0,0,32768};
191 /* 170141183460469231756943134065055014407. */
192 static const arrayDigit ga_128w_x1OrderMinus[] =
193 {8,9361,51749,17435,41345,65534,65535,65535,32767};
194 /* 170141183460469231706431473366713312401. */
195 static const arrayDigit ga_128w_x1OrderPlusRecip[] =
196 {9,34802,10381,4207,34309,65530,65535,65535,65535,1};
197 static const arrayDigit ga_128w_lesserX1OrderRecip[] =
198 {8,56178,13786,48100,24190,1,0,0,32768};
199
200 static const arrayDigit ga_128w_a[] =
201 {8,29003,44777,29962,4169,54360,65535,65535,32767};
202 /* 170141183460469025572049133804586627403; */
203 static const arrayDigit ga_128w_b[] =
204 {8,16715,42481,16221,60523,56573,13644,4000,32761};
205 /* 170105154311605172483148226534443139403. */
206
207 /* IEEE P1363 COMPATIBLE.
208 * primeType->feemod
209 * curveType->Weierstrass
210 * q = 160; k = -5875; p = 2^q - k;
211 * a = 1461501637330902918203684832716283019448563798259;
212 * b = 36382017816364032; c = 0;
213 * Both orders prime.:
214 */
215 static const arrayDigit ga_161w_x1Plus[] =
216 {1,7};
217 /* 7 */
218 static const arrayDigit ga_161w_x1Minus[] =
219 {1,4};
220 /* 4 */
221 static const arrayDigit ga_161w_plusOrder[] =
222 {11,50651,30352,49719,403,64085,1,0,0,0,0,1};
223 /* 1461501637330902918203687223801810245920805144027. */
224 static const arrayDigit ga_161w_minusOrder[] =
225 {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535};
226 /* 1461501637330902918203682441630755793391059953677. */
227 static const arrayDigit ga_161w_x1OrderPlus[] =
228 {11,50651,30352,49719,403,64085,1,0,0,0,0,1};
229 /* 1461501637330902918203687223801810245920805144027. */
230 static const arrayDigit ga_161w_x1OrderMinus[] =
231 {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535};
232 /* 1461501637330902918203682441630755793391059953677. */
233 static const arrayDigit ga_161w_x1OrderPlusRecip[] =
234 {11,59555,9660,63266,63920,5803,65528,65535,65535,65535,65535,3};
235 /* added by dmitch */
236 static const arrayDigit ga_161w_lesserX1OrderRecip[] =
237 {12,38902,30352,49719,403,64085,1,0,0,0,0,1,0};
238 /* end addenda */
239
240 static const arrayDigit ga_161w_a[] = {10,4339,47068,65487,65535,65535,65535,65535,65535,65535,65535};
241 /* 1461501637330902918203684832716283019448563798259; */
242 static const arrayDigit ga_161w_b[] = {4,1024,41000,16704,129};
243 /* 36382017816364032. */
244
245 /* IEEE P1363 COMPATIBLE.
246 * primeType->General
247 * curveType->Weierstrass
248 * p is a 161-bit random prime (below, ga_161_gen_bp[]);
249 * a = -152; b = 722; c = 0;
250 * Both orders composite.:
251 */
252 static const arrayDigit ga_161_gen_bp[] =
253 {11,41419,58349,36408,14563,25486,9098,29127,50972,7281,8647,1};
254 /* baseprime = 1654338658923174831024422729553880293604080853451 */
255 static const arrayDigit ga_161_gen_x1Plus[] =
256 {10,59390,38748,49144,50217,32781,46057,53816,62856,18968,55868};
257 /* 1245904487553815885170631576005220733978383542270 */
258 static const arrayDigit ga_161_gen_x1Minus[] =
259 {10,12140,40021,9852,49578,18446,39468,28773,10952,26720,52624};
260 /* 1173563507729187954550227059395955904200719019884 */
261 static const arrayDigit ga_161_gen_plusOrder[] =
262 {11,41420,58349,36408,14563,25486,9100,29127,50972,7281,8647,1};
263 /* 1654338658923174831024425147405519522862430265804 =
264 2^2 * 23 * 359 * 479 * 102107 * 1024120625531724089187207582052247831. */
265 static const arrayDigit ga_161_gen_minusOrder[] =
266 {11,41420,58349,36408,14563,25486,9096,29127,50972,7281,8647,1};
267 /* 1654338658923174831024420311702241064345731441100 =
268 2^2 * 5^2 * 17^2 * 57243552211874561627142571339177891499852299. */
269 static const arrayDigit ga_161_gen_x1OrderPlus[] =
270 {8,59671,64703,58305,55887,34170,37971,15627,197};
271 /* 1024120625531724089187207582052247831 */
272 static const arrayDigit ga_161_gen_x1OrderMinus[] =
273 {10,49675,56911,64364,6281,5543,59511,52057,44604,37151,2};
274 /* 57243552211874561627142571339177891499852299 */
275 static const arrayDigit ga_161_gen_x1OrderPlusRecip[] =
276 {8, 7566, 37898, 14581, 2404, 52670, 23839, 17554, 332};
277
278 static const arrayDigit ga_161_gen_a[] = {-1, 152}; /* a = -152 */
279 static const arrayDigit ga_161_gen_b[] = { 1, 722}; /* b = 722 */
280
281
282 /* IEEE P1363 COMPATIBLE.
283 * (NIST-P-192 RECOMMENDED PRIME)
284 * primeType->General
285 * curveType->Weierstrass
286 * p is a 192-bit prime (with efficient bit structure) (below, ga_192_gen_bp[]);
287 * a = -3; b = 2455155546008943817740293915197451784769108058161191238065; c = 0;
288 * Plus-order is prime, minus-order is composite.
289 */
290 static const arrayDigit ga_192_gen_bp[] =
291 {12,65535,65535,65535,65535,65534,65535,65535,65535,65535,65535,65535,65535};
292 /* baseprime =
293 6277101735386680763835789423207666416083908700390324961279 */
294 static const arrayDigit ga_192_gen_x1Plus[] =
295 {1,3};
296 /* 3 */
297 static const arrayDigit ga_192_gen_x1Minus[] =
298 {12,25754,63413,46363,42413,24848,21836,55473,50853,40413,10264,8715,59556};
299 /* 5704344264203732742656350325931731344592841761552300598426 */
300 static const arrayDigit ga_192_gen_plusOrder[] =
301 {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535};
302 /* 6277101735386680763835789423176059013767194773182842284081 */
303 static const arrayDigit ga_192_gen_minusOrder[] =
304 {13,55247,19245,13902,60308,1991,26145,0,0,0,0,0,0,1};
305 /* 6277101735386680763835789423239273818400622627597807638479 =
306 23 * 10864375060560251605900677743 *
307 25120401793443689936479125511 */
308 static const arrayDigit ga_192_gen_x1OrderPlus[] =
309 {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535};
310 /* 6277101735386680763835789423176059013767194773182842284081 */
311 static const arrayDigit ga_192_gen_x1OrderMinus[] =
312 {12,16649,40728,9152,53911,59923,9684,22795,17096,45590,34192,25644,2849};
313 /* 272917466755942641905903887966924948626114027286861201673 =
314 10864375060560251605900677743 * 25120401793443689936479125511
315 */
316 static const arrayDigit ga_192_gen_x1OrderPlusRecip[] =
317 {13,55247,19245,13902,60308,1993,26145,0,0,0,0,0,0,1};
318 static const arrayDigit ga_192_gen_lesserX1OrderRecip[] =
319 {12,57756,63294,44830,2517,2125,63187,65535,65535,65535,65535,65535,5887};
320
321 static const arrayDigit ga_192_gen_a[] = {-1, 3}; /* a = -3. */
322 static const arrayDigit ga_192_gen_b[] =
323 {12,47537,49478,57068,65208,12361,29220,59819,4007,32999,58780,1305,25633};
324 /* b = 2455155546008943817740293915197451784769108058161191238065. */
325
326 /***
327 *** ANSI X9.62/Certicom curves
328 ***/
329
330 /*
331 * secp192r1
332 *
333 * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF
334 * = 6277101735386680763835789423207666416083908700390324961279 (d)
335 * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC
336 * = 6277101735386680763835789423207666416083908700390324961276
337 * b = 64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1
338 * = 2455155546008943817740293915197451784769108058161191238065
339 * x = 188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012
340 * = 602046282375688656758213480587526111916698976636884684818
341 * y = 07192B95FFC8DA78631011ED6B24CDD573F977A11E794811
342 * = 174050332293622031404857552280219410364023488927386650641
343 * order = FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
344 * = 6277101735386680763835789423176059013767194773182842284081
345 * x1OrderRecip = 1000000000000000000000000662107c9eb94364e4b2dd7cf
346 */
347 static const arrayDigit ga_192_secp_bp[] =
348 {12, 0xffff, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
349 static const arrayDigit ga_192_secp_x1Plus[] =
350 {12, 0x1012, 0x82ff, 0xafd, 0xf4ff, 0x8800, 0x43a1, 0x20eb, 0x7cbf, 0x90f6, 0xb030, 0xa80e, 0x188d};
351 static const arrayDigit ga_192_secp_y1Plus[] =
352 {12, 0x4811, 0x1e79, 0x77a1, 0x73f9, 0xcdd5, 0x6b24, 0x11ed, 0x6310, 0xda78, 0xffc8, 0x2b95, 0x719};
353 static const arrayDigit ga_192_secp_plusOrder[] =
354 {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
355 /* the curve order is prime, so x1Order = curveOrder */
356 static const arrayDigit ga_192_secp_x1OrderPlus[] =
357 {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
358 static const arrayDigit ga_192_secp_x1OrderPlusRecip[] =
359 {13, 0xd7cf, 0x4b2d, 0x364e, 0xeb94, 0x7c9, 0x6621, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1};
360 static const arrayDigit ga_192_secp_a[] =
361 {12, 0xfffc, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
362 static const arrayDigit ga_192_secp_b[] =
363 {12, 0xb9b1, 0xc146, 0xdeec, 0xfeb8, 0x3049, 0x7224, 0xe9ab, 0xfa7, 0x80e7, 0xe59c, 0x519, 0x6421};
364
365
366 /*
367 * secp256r1
368 *
369 * p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
370 * = 115792089210356248762697446949407573530086143415290314195533631308867097853951
371 * a = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
372 * = 115792089210356248762697446949407573530086143415290314195533631308867097853948
373 * b = 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
374 * = 41058363725152142129326129780047268409114441015993725554835256314039467401291
375 * x = 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
376 * = 48439561293906451759052585252797914202762949526041747995844080717082404635286
377 * y = 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
378 * = 36134250956749795798585127919587881956611106672985015071877198253568414405109
379 * order = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
380 * = 115792089210356248762697446949407573529996955224135760342422259061068512044369
381 * FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
382 * x1OrderRecip = 100000000fffffffffffffffeffffffff43190552df1a6c21012ffd85eedf9bfe
383 */
384 static const arrayDigit ga_256_secp_bp[] =
385 {16, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
386 0x0, 0x1, 0x0, 0xffff, 0xffff};
387 static const arrayDigit ga_256_secp_x1Plus[] =
388 {16, 0xc296, 0xd898, 0x3945, 0xf4a1, 0x33a0, 0x2deb, 0x7d81, 0x7703, 0x40f2,
389 0x63a4, 0xe6e5, 0xf8bc, 0x4247, 0xe12c, 0xd1f2, 0x6b17};
390 static const arrayDigit ga_256_secp_y1Plus[] =
391 {16, 0x51f5, 0x37bf, 0x4068, 0xcbb6, 0x5ece, 0x6b31, 0x3357, 0x2bce, 0x9e16,
392 0x7c0f, 0xeb4a, 0x8ee7, 0x7f9b, 0xfe1a, 0x42e2, 0x4fe3};
393 static const arrayDigit ga_256_secp_plusOrder[] =
394 {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff,
395 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff};
396 static const arrayDigit ga_256_secp_x1OrderPlus[] =
397 {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff,
398 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff};
399 static const arrayDigit ga_256_secp_x1OrderPlusRecip[] =
400 {17, 0x9bfe, 0xeedf, 0xfd85, 0x12f, 0x6c21, 0xdf1a, 0x552, 0x4319, 0xffff,
401 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x1};
402 static const arrayDigit ga_256_secp_a[] =
403 {16, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
404 0x0, 0x1, 0x0, 0xffff, 0xffff};
405 static const arrayDigit ga_256_secp_b[] =
406 {16, 0x604b, 0x27d2, 0x3c3e, 0x3bce, 0xb0f6, 0xcc53, 0x6b0, 0x651d, 0x86bc,
407 0x7698, 0xbd55, 0xb3eb, 0x93e7, 0xaa3a, 0x35d8, 0x5ac6};
408
409 /*
410 * secp384r1
411 *
412 * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\
413 * 0000000000000000FFFFFFFF
414 * = 394020061963944792122790401001436138050797392704654466679482934042457217\
415 * 71496870329047266088258938001861606973112319
416 * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\
417 * 0000000000000000FFFFFFFC
418 * = 394020061963944792122790401001436138050797392704654466679482934042457217\
419 * 71496870329047266088258938001861606973112316
420 * b = B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D\
421 * 8A2ED19D2A85C8EDD3EC2AEF
422 * = 275801935599597058778490118403890480930569058563615685214287073019886892\
423 * 41309860865136260764883745107765439761230575
424 * x = AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25D\
425 * BF55296C3A545E3872760AB7
426 * = 262470350957996892686231567445669818918529234911092133878156159009255188\
427 * 54738050089022388053975719786650872476732087
428 * y = 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE\
429 * 1D7E819D7A431D7C90EA0E5F
430 * = 832571096148902998554675128952010817928785304886131559470920590248050319\
431 * 9884419224438643760392947333078086511627871
432 * order = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB2\
433 * 48B0A77AECEC196ACCC52973
434 * = 394020061963944792122790401001436138050797392704654466679469052796276593\
435 * 99113263569398956308152294913554433653942643
436 */
437 static const arrayDigit ga_384_secp_bp[] =
438 {24, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff,
439 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
440 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
441 static const arrayDigit ga_384_secp_x1Plus[] =
442 {24, 0xab7, 0x7276, 0x5e38, 0x3a54, 0x296c, 0xbf55, 0xf25d, 0x5502, 0x2a38,
443 0x8254, 0x41e0, 0x59f7, 0x9b98, 0x8ba7, 0x3b62, 0x6e1d, 0xad74, 0xf320,
444 0xc71e, 0x8eb1, 0x537, 0xbe8b, 0xca22, 0xaa87};
445 static const arrayDigit ga_384_secp_y1Plus[] =
446 {24, 0xe5f, 0x90ea, 0x1d7c, 0x7a43, 0x819d, 0x1d7e, 0xb1ce, 0xa60, 0xb8c0,
447 0xb5f0, 0x3113, 0xe9da, 0x147c, 0x289a, 0x1dbd, 0xf8f4, 0xdc29, 0x9292,
448 0x98bf, 0x5d9e, 0x2c6f, 0x9626, 0xde4a, 0x3617};
449 static const arrayDigit ga_384_secp_plusOrder[] =
450 {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf,
451 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
452 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
453 static const arrayDigit ga_384_secp_x1OrderPlus[] =
454 {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf,
455 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
456 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
457 static const arrayDigit ga_384_secp_x1OrderPlusRecip[] =
458 {25, 0xd68d, 0x333a, 0xe695, 0x1313, 0x5885, 0xb74f, 0xf24d, 0xa7e5, 0xd220, 0xbc8,
459 0xb27e, 0x389c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1};
460 static const arrayDigit ga_384_secp_a[] =
461 {24, 0xfffc, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff,
462 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
463 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
464 static const arrayDigit ga_384_secp_b[] =
465 {24, 0x2aef, 0xd3ec, 0xc8ed, 0x2a85, 0xd19d, 0x8a2e, 0x398d, 0xc656, 0x875a,
466 0x5013, 0x88f, 0x314, 0x4112, 0xfe81, 0x9c6e, 0x181d, 0x2d19, 0xe3f8, 0x56b,
467 0x988e, 0xe7e4, 0xe23e, 0x2fa7, 0xb331};
468
469 /*
470 * secp521r1
471 * p = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\
472 * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
473 * = 686479766013060971498190079908139321726943530014330540939446345918554318\
474 * 339765605212255964066145455497729631139148085803712198799971664381257402\
475 * 8291115057151
476 * a = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\
477 * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC
478 * = 686479766013060971498190079908139321726943530014330540939446345918554318\
479 * 339765605212255964066145455497729631139148085803712198799971664381257402\
480 * 8291115057148
481 * b = 0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E15619\
482 * 3951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00
483 * = 109384903807373427451111239076680556993620759895168374899458639449595311\
484 * 615073501601370873757375962324859213229670631330943845253159101291214232\
485 * 7488478985984
486 * x = 00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B\
487 * 5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66
488 * = 266174080205021706322876871672336096072985916875697314770667136841880294\
489 * 499642780849154508062777190235209424122506555866215711354557091681416163\
490 * 7315895999846
491 * y = 011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE\
492 * 72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650
493 * = 375718002577002046354550722449118360359445513476976248669456777961554447\
494 * 744055631669123440501294553956214444453728942852258566672919658081012434\
495 * 4277578376784
496 * order = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5186\
497 * 8783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409
498 * = 686479766013060971498190079908139321726943530014330540939446345918554318\
499 * 339765539424505774633321719753296399637136332111386476861244038034037280\
500 * 8892707005449
501 * orderRecip = 200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000005 \
502 * ae79787c 40d06994 8033feb7 08f65a2f c44a3647 7663b851 449048e1 6ec79bf7
503 * orderRecip = 2000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7
504 */
505 static const arrayDigit ga_521_secp_bp[] =
506 {33, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
507 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
508 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
509 0xffff, 0xffff, 0xffff, 0x1ff};
510 static const arrayDigit ga_521_secp_x1Plus[] =
511 {33, 0xbd66, 0xc2e5, 0x7e31, 0xf97e, 0x429b, 0x856a, 0xb3c1, 0x3348, 0xa8de, 0xa2ff,
512 0xc127, 0xfe1d, 0x5928, 0xefe7, 0x5e77, 0xa14b, 0x3dba, 0x6b4d, 0xaf60, 0xf828, 0xb521,
513 0x53f, 0x8139, 0x9c64, 0xb442, 0x2395, 0xcb66, 0x9e3e, 0xe9cd, 0x404, 0x6b7, 0x858e, 0xc6};
514 static const arrayDigit ga_521_secp_y1Plus[] =
515 {33, 0x6650, 0x9fd1, 0x9476, 0x88be, 0xc240, 0xa272, 0x7086, 0x353c, 0x761, 0x3fad,
516 0xb901, 0xc550, 0x2640, 0x5ef4, 0x7299, 0x97ee, 0x662c, 0x273e, 0xbd17, 0x17af, 0x4468,
517 0x579b, 0x4449, 0x98f5, 0x1bd9, 0x2c7d, 0x5fb4, 0x5c8a, 0xc004, 0x9a3b, 0x6a78, 0x3929,
518 0x118};
519 static const arrayDigit ga_521_secp_plusOrder[] =
520 {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709,
521 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff,
522 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
523 0x1ff};
524 static const arrayDigit ga_521_secp_x1OrderPlus[] =
525 {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709,
526 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff,
527 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
528 0x1ff};
529 static const arrayDigit ga_521_secp_x1OrderPlusRecip[] =
530 {33, 0x9bf7, 0x6ec7, 0x48e1, 0x4490, 0xb851, 0x7663, 0x3647, 0xc44a, 0x5a2f, 0x8f6, 0xfeb7, 0x8033, 0x6994, 0x40d0, 0x787c, 0xae79, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200};
531 static const arrayDigit ga_521_secp_a[] =
532 {33, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
533 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
534 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
535 0xffff, 0xffff, 0xffff, 0x1ff};
536 static const arrayDigit ga_521_secp_b[] =
537 {33, 0x3f00, 0x6b50, 0x1fd4, 0xef45, 0x34f1, 0x3d2c, 0xdf88, 0x3573, 0xbf07,
538 0x3bb1, 0xc0bd, 0x1652, 0x937b, 0xec7e, 0x3951, 0x5619, 0x9e1, 0x8ef1, 0x8991,
539 0xb8b4, 0x15f3, 0x99b3, 0x725b, 0xa2da, 0x40ee, 0xb685, 0x21a0, 0x929a, 0x9a1f,
540 0x8e1c, 0xb961, 0x953e, 0x51};
mirror of Security