-/* New ECC curves,
-
- 14 Apr 2001 (REC) ensured x1Minus arithmetic & prime point orders
- 5 Apr 2001 (REC) factored minusorder for NIST-P-192
- 3 Apr 2001 (REC) first draft
-
- c. 2001 Apple Computer, Inc.
- All Rights Reserved.
-
- Currently there are 7 (seven) curves, at varying
- bit-depth and varying parameter types:
-
- FEE curves (use Montgomery arithmetic and feemod base-prime):
- 31 bits
- 127 bits
- IEEE curves (use projective arithmetic):
- 31 bits (feemod base-prime)
- 128 bits (feemod base-prime)
- 161 bits (feemod base-prime) (default preference)
- 161 bits (general prime)
- 192 bits (general. prime) (NIST-recommended)
-
- Each curve is given key comments atop the parameters.
- For performance considerations,
-
- primeType->Mersenne is faster than primeType->feemod is
- faster than primeType->general
-
- curveType->Montgomery is faster than curveType->Weierstrass,
-
- Some choices are not obvious except to cryptographers;
- e.g., the two curves given for 161 bits exist because
- of cryptographic controversies; probably the curve with
- both orders prime is more secure, so it is perhaps
- the curve of choice at 161 bits.
-
- The parameters/points have standard meaning, except for our
- special entities as listed below. It is important to note the
- principle thgat, without exception, every CryptKit base prime
- p is = 3 (mod 4). This allows simple square-rooting in the field
- F_p. Because of this universal constraint, (-1) is always a
- quadratic nonresidue and so twist curves as below can assume
- g = -1.
-
- (...)plusOrder := The usual elliptic-curve order;
- (...)x1Plus := x-coordinate on y^2 = x^3 + c x^2 + a x + b;
- (...)x1OrderPlus := Order of x1Plus, always divides plusOrder
- (...)minusOrder := Order of the twist curve = 2p+2-plusOrder
- (...)x1Minus := x-coordinate chosen on the twist curve
- g y^2 = x^3 + c x^2 + a x + b
- where g = -1 is the nonresidue, and such that
- the special, x-coordinates-only, twofold-ambiguous "add" of
- FEED works on the minus curve, using the same curve
- parameters a,b,c as for the plus curve. Note that
- x1Minus is to be chosen so that the correct "add" arithmetic
- occurs, and also so that the desired point order accrues.
- (...)x1OrderMinus := Order of x1Plus, always divides minusOrder.
-
- In each of the curves specified below, the plusOrder (at least)
- is prime, while each of the point orders x1OrderPlus/Minus
- is always prime.
-
- Note that the older labels Atkin3, Atkin4 have been abolished.
-
- */
-
- /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY.
- * primeType->Mersenne
- * curveType->Montgomery
- * q = 31; k = 1; p = 2^q - k;
- * a = 1; b = 0; c = 666;
- * Both orders composite.
- */
-static const arrayDigit ga_31m_x1Plus[] =
- {2, 61780, 6237};
- /* 408809812 */
-static const arrayDigit ga_31m_x1Minus[] =
- {2,12973,30585};
- /* 2004431533 */
-static const arrayDigit ga_31m_plusOrder[] =
- {2, 25928, 32768 };
- /* 2147509576 = 2^3 * 268438697. */
-static const arrayDigit ga_31m_minusOrder[] =
- {2, 39608, 32767 };
- /* 2147457720 = 2^3 * 3 * 5 * 17895481. */
-static const arrayDigit ga_31m_x1OrderPlus[] =
- {2, 3241, 4096};
- /* 268438697 */
-static const arrayDigit ga_31m_x1OrderMinus[] =
- {2, 4153, 273};
- /* 17895481 */
-static const arrayDigit ga_31m_x1OrderPlusRecip[] =
- {2, 52572, 16383};
-static const arrayDigit ga_31m_lesserX1OrderRecip[] =
- {2, 759, 960};
-
- /* IEEE P1363 COMPATIBLE.
- * primeType->Mersenne
- * curveType->Weierstrass
- * q = 31; k = 1; p = 2^q-k;
- * a = 5824692 b = 2067311435 c = 0
- * Both orders prime.
- */
-static const arrayDigit ga_31w_x1Plus[] =
- {1, 6 };
-static const arrayDigit ga_31w_x1Minus[] =
- {1, 7 };
-static const arrayDigit ga_31w_plusOrder[] =
- {2,59003,32766 };
- /* 2147411579 */
-static const arrayDigit ga_31w_minusOrder[] =
- {2,6533,32769 };
- /* 2147555717 */
-static const arrayDigit ga_31w_x1OrderPlus[] =
- {2,59003,32766};
- /* 2147411579 */
-static const arrayDigit ga_31w_x1OrderMinus[] =
- {2,6533,32769};
- /* 2147555717 */
-static const arrayDigit ga_31w_x1OrderPlusRecip[] =
- {2, 6535, 32769};
-
-static const arrayDigit ga_31w_a[] =
- {2,57524,88};
- /* 5824692 */
-static const arrayDigit ga_31w_b[] =
- {2,43851,31544};
- /* 2067311435 */
-
- /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY.
- * primeType->Mersenne
- * curveType->Montgomery
- * q = 127; k = 1; p = 2^q - k;
- * a = 1; b = 0; c = 666;
- * Both orders composite.
- */
-static const arrayDigit ga_127m_x1Plus[] =
- {8, 24044, 39922, 11050,
- 24692, 34049, 9793, 1228, 31562};
- /* 163879370753099435779911346846180728300 */
-static const arrayDigit ga_127m_x1Minus[] =
- {8,49015,6682,26772,63672,45560,46133,24769,8366};
- /* 43440717976631899041527862406676135799 */
-static const arrayDigit ga_127m_plusOrder[] =
- { 8, 14612, 61088, 34331,
- 32354, 65535, 65535, 65535,
- 32767};
- /* 170141183460469231722347548493196835092 =
-2^2 * 3^4 * 71 * 775627 * 9535713005180210505588285449. */
-static const arrayDigit ga_127m_minusOrder[] =
- { 8, 50924, 4447, 31204,
- 33181, 0, 0, 0,
- 32768 };
- /* 170141183460469231741027058938571376364 =
-2^2 * 17 * 743 * 1593440383 * 2113371777483973234080067. */
-static const arrayDigit ga_127m_x1OrderPlus[] =
- {6, 8201, 61942, 37082,
- 53787, 49605, 7887 };
- /* 9535713005180210505588285449 */
-static const arrayDigit ga_127m_x1OrderMinus[] =
- {6, 14659, 1977,16924,
- 7446, 49030, 1};
- /* 2113371777483973234080067 */
-static const arrayDigit ga_127m_x1OrderPlusRecip[] =
- {6, 21911, 8615, 0, 40960, 64107, 8507};
-static const arrayDigit ga_127m_lesserX1OrderRecip[] =
- {6, 44759, 65533, 17695, 61560, 18883, 2};
-
- /* IEEE P1363 COMPATIBLE.
- * primeType->feemod
- * curveType->Weierstrass
- * q = 127; k = -57675; p = 2^q - k;
- * a = 170141183460469025572049133804586627403;
- * b = 170105154311605172483148226534443139403; c = 0;
- * Both orders prime.:
- */
-static const arrayDigit ga_128w_x1Plus[] =
- {1,6};
- /* 6 */
-static const arrayDigit ga_128w_x1Minus[] =
- {1,3};
- /* 3 */
-static const arrayDigit ga_128w_plusOrder[] =
- {8,40455,13788,48100,24190,1,0,0,32768};
- /* 170141183460469231756943134065055014407. */
-static const arrayDigit ga_128w_minusOrder[] =
- {8,9361,51749,17435,41345,65534,65535,65535,32767};
- /* 170141183460469231706431473366713312401. */
-static const arrayDigit ga_128w_x1OrderPlus[] =
- {8,40455,13788,48100,24190,1,0,0,32768};
- /* 170141183460469231756943134065055014407. */
-static const arrayDigit ga_128w_x1OrderMinus[] =
- {8,9361,51749,17435,41345,65534,65535,65535,32767};
- /* 170141183460469231706431473366713312401. */
-static const arrayDigit ga_128w_x1OrderPlusRecip[] =
- {9,34802,10381,4207,34309,65530,65535,65535,65535,1};
-static const arrayDigit ga_128w_lesserX1OrderRecip[] =
- {8,56178,13786,48100,24190,1,0,0,32768};
-
-static const arrayDigit ga_128w_a[] =
- {8,29003,44777,29962,4169,54360,65535,65535,32767};
- /* 170141183460469025572049133804586627403; */
-static const arrayDigit ga_128w_b[] =
- {8,16715,42481,16221,60523,56573,13644,4000,32761};
- /* 170105154311605172483148226534443139403. */
-
- /* IEEE P1363 COMPATIBLE.
- * primeType->feemod
- * curveType->Weierstrass
- * q = 160; k = -5875; p = 2^q - k;
- * a = 1461501637330902918203684832716283019448563798259;
- * b = 36382017816364032; c = 0;
- * Both orders prime.:
- */
-static const arrayDigit ga_161w_x1Plus[] =
- {1,7};
- /* 7 */
-static const arrayDigit ga_161w_x1Minus[] =
- {1,4};
- /* 4 */
-static const arrayDigit ga_161w_plusOrder[] =
- {11,50651,30352,49719,403,64085,1,0,0,0,0,1};
- /* 1461501637330902918203687223801810245920805144027. */
-static const arrayDigit ga_161w_minusOrder[] =
- {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535};
- /* 1461501637330902918203682441630755793391059953677. */
-static const arrayDigit ga_161w_x1OrderPlus[] =
- {11,50651,30352,49719,403,64085,1,0,0,0,0,1};
- /* 1461501637330902918203687223801810245920805144027. */
-static const arrayDigit ga_161w_x1OrderMinus[] =
- {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535};
- /* 1461501637330902918203682441630755793391059953677. */
-static const arrayDigit ga_161w_x1OrderPlusRecip[] =
- {11,59555,9660,63266,63920,5803,65528,65535,65535,65535,65535,3};
-/* added by dmitch */
-static const arrayDigit ga_161w_lesserX1OrderRecip[] =
- {12,38902,30352,49719,403,64085,1,0,0,0,0,1,0};
-/* end addenda */
-
-static const arrayDigit ga_161w_a[] = {10,4339,47068,65487,65535,65535,65535,65535,65535,65535,65535};
-/* 1461501637330902918203684832716283019448563798259; */
-static const arrayDigit ga_161w_b[] = {4,1024,41000,16704,129};
-/* 36382017816364032. */
-
- /* IEEE P1363 COMPATIBLE.
- * primeType->General
- * curveType->Weierstrass
- * p is a 161-bit random prime (below, ga_161_gen_bp[]);
- * a = -152; b = 722; c = 0;
- * Both orders composite.:
- */
-static const arrayDigit ga_161_gen_bp[] =
- {11,41419,58349,36408,14563,25486,9098,29127,50972,7281,8647,1};
- /* baseprime = 1654338658923174831024422729553880293604080853451 */
-static const arrayDigit ga_161_gen_x1Plus[] =
- {10,59390,38748,49144,50217,32781,46057,53816,62856,18968,55868};
- /* 1245904487553815885170631576005220733978383542270 */
-static const arrayDigit ga_161_gen_x1Minus[] =
- {10,12140,40021,9852,49578,18446,39468,28773,10952,26720,52624};
- /* 1173563507729187954550227059395955904200719019884 */
-static const arrayDigit ga_161_gen_plusOrder[] =
- {11,41420,58349,36408,14563,25486,9100,29127,50972,7281,8647,1};
- /* 1654338658923174831024425147405519522862430265804 =
- 2^2 * 23 * 359 * 479 * 102107 * 1024120625531724089187207582052247831. */
-static const arrayDigit ga_161_gen_minusOrder[] =
- {11,41420,58349,36408,14563,25486,9096,29127,50972,7281,8647,1};
- /* 1654338658923174831024420311702241064345731441100 =
-2^2 * 5^2 * 17^2 * 57243552211874561627142571339177891499852299. */
-static const arrayDigit ga_161_gen_x1OrderPlus[] =
- {8,59671,64703,58305,55887,34170,37971,15627,197};
- /* 1024120625531724089187207582052247831 */
-static const arrayDigit ga_161_gen_x1OrderMinus[] =
- {10,49675,56911,64364,6281,5543,59511,52057,44604,37151,2};
- /* 57243552211874561627142571339177891499852299 */
-static const arrayDigit ga_161_gen_x1OrderPlusRecip[] =
- {8, 7566, 37898, 14581, 2404, 52670, 23839, 17554, 332};
-
-static const arrayDigit ga_161_gen_a[] = {-1, 152}; /* a = -152 */
-static const arrayDigit ga_161_gen_b[] = { 1, 722}; /* b = 722 */
-
-
- /* IEEE P1363 COMPATIBLE.
- * (NIST-P-192 RECOMMENDED PRIME)
- * primeType->General
- * curveType->Weierstrass
- * p is a 192-bit prime (with efficient bit structure) (below, ga_192_gen_bp[]);
- * a = -3; b = 2455155546008943817740293915197451784769108058161191238065; c = 0;
- * Plus-order is prime, minus-order is composite.
- */
-static const arrayDigit ga_192_gen_bp[] =
- {12,65535,65535,65535,65535,65534,65535,65535,65535,65535,65535,65535,65535};
- /* baseprime =
-6277101735386680763835789423207666416083908700390324961279 */
-static const arrayDigit ga_192_gen_x1Plus[] =
- {1,3};
- /* 3 */
-static const arrayDigit ga_192_gen_x1Minus[] =
- {12,25754,63413,46363,42413,24848,21836,55473,50853,40413,10264,8715,59556};
- /* 5704344264203732742656350325931731344592841761552300598426 */
-static const arrayDigit ga_192_gen_plusOrder[] =
- {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535};
- /* 6277101735386680763835789423176059013767194773182842284081 */
-static const arrayDigit ga_192_gen_minusOrder[] =
- {13,55247,19245,13902,60308,1991,26145,0,0,0,0,0,0,1};
- /* 6277101735386680763835789423239273818400622627597807638479 =
- 23 * 10864375060560251605900677743 *
- 25120401793443689936479125511 */
-static const arrayDigit ga_192_gen_x1OrderPlus[] =
- {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535};
- /* 6277101735386680763835789423176059013767194773182842284081 */
-static const arrayDigit ga_192_gen_x1OrderMinus[] =
- {12,16649,40728,9152,53911,59923,9684,22795,17096,45590,34192,25644,2849};
- /* 272917466755942641905903887966924948626114027286861201673 =
-10864375060560251605900677743 * 25120401793443689936479125511
-*/
-static const arrayDigit ga_192_gen_x1OrderPlusRecip[] =
- {13,55247,19245,13902,60308,1993,26145,0,0,0,0,0,0,1};
-static const arrayDigit ga_192_gen_lesserX1OrderRecip[] =
-{12,57756,63294,44830,2517,2125,63187,65535,65535,65535,65535,65535,5887};
-
-static const arrayDigit ga_192_gen_a[] = {-1, 3}; /* a = -3. */
-static const arrayDigit ga_192_gen_b[] =
-{12,47537,49478,57068,65208,12361,29220,59819,4007,32999,58780,1305,25633};
-/* b = 2455155546008943817740293915197451784769108058161191238065. */
-
-/***
- *** ANSI X9.62/Certicom curves
- ***/
-
-/*
- * secp192r1
- *
- * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF
- * = 6277101735386680763835789423207666416083908700390324961279 (d)
- * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC
- * = 6277101735386680763835789423207666416083908700390324961276
- * b = 64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1
- * = 2455155546008943817740293915197451784769108058161191238065
- * x = 188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012
- * = 602046282375688656758213480587526111916698976636884684818
- * y = 07192B95FFC8DA78631011ED6B24CDD573F977A11E794811
- * = 174050332293622031404857552280219410364023488927386650641
- * order = FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
- * = 6277101735386680763835789423176059013767194773182842284081
- * x1OrderRecip = 1000000000000000000000000662107c9eb94364e4b2dd7cf
- */
-static const arrayDigit ga_192_secp_bp[] =
- {12, 0xffff, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-static const arrayDigit ga_192_secp_x1Plus[] =
- {12, 0x1012, 0x82ff, 0xafd, 0xf4ff, 0x8800, 0x43a1, 0x20eb, 0x7cbf, 0x90f6, 0xb030, 0xa80e, 0x188d};
-static const arrayDigit ga_192_secp_y1Plus[] =
- {12, 0x4811, 0x1e79, 0x77a1, 0x73f9, 0xcdd5, 0x6b24, 0x11ed, 0x6310, 0xda78, 0xffc8, 0x2b95, 0x719};
-static const arrayDigit ga_192_secp_plusOrder[] =
- {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-/* the curve order is prime, so x1Order = curveOrder */
-static const arrayDigit ga_192_secp_x1OrderPlus[] =
- {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-static const arrayDigit ga_192_secp_x1OrderPlusRecip[] =
- {13, 0xd7cf, 0x4b2d, 0x364e, 0xeb94, 0x7c9, 0x6621, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1};
-static const arrayDigit ga_192_secp_a[] =
- {12, 0xfffc, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-static const arrayDigit ga_192_secp_b[] =
- {12, 0xb9b1, 0xc146, 0xdeec, 0xfeb8, 0x3049, 0x7224, 0xe9ab, 0xfa7, 0x80e7, 0xe59c, 0x519, 0x6421};
-
-
-/*
- * secp256r1
- *
- * p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
- * = 115792089210356248762697446949407573530086143415290314195533631308867097853951
- * a = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
- * = 115792089210356248762697446949407573530086143415290314195533631308867097853948
- * b = 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
- * = 41058363725152142129326129780047268409114441015993725554835256314039467401291
- * x = 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
- * = 48439561293906451759052585252797914202762949526041747995844080717082404635286
- * y = 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
- * = 36134250956749795798585127919587881956611106672985015071877198253568414405109
- * order = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
- * = 115792089210356248762697446949407573529996955224135760342422259061068512044369
- * FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
- * x1OrderRecip = 100000000fffffffffffffffeffffffff43190552df1a6c21012ffd85eedf9bfe
- */
-static const arrayDigit ga_256_secp_bp[] =
- {16, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x1, 0x0, 0xffff, 0xffff};
-static const arrayDigit ga_256_secp_x1Plus[] =
- {16, 0xc296, 0xd898, 0x3945, 0xf4a1, 0x33a0, 0x2deb, 0x7d81, 0x7703, 0x40f2,
- 0x63a4, 0xe6e5, 0xf8bc, 0x4247, 0xe12c, 0xd1f2, 0x6b17};
-static const arrayDigit ga_256_secp_y1Plus[] =
- {16, 0x51f5, 0x37bf, 0x4068, 0xcbb6, 0x5ece, 0x6b31, 0x3357, 0x2bce, 0x9e16,
- 0x7c0f, 0xeb4a, 0x8ee7, 0x7f9b, 0xfe1a, 0x42e2, 0x4fe3};
-static const arrayDigit ga_256_secp_plusOrder[] =
- {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff,
- 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff};
-static const arrayDigit ga_256_secp_x1OrderPlus[] =
- {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff,
- 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff};
-static const arrayDigit ga_256_secp_x1OrderPlusRecip[] =
- {17, 0x9bfe, 0xeedf, 0xfd85, 0x12f, 0x6c21, 0xdf1a, 0x552, 0x4319, 0xffff,
- 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x1};
-static const arrayDigit ga_256_secp_a[] =
- {16, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0,
- 0x0, 0x1, 0x0, 0xffff, 0xffff};
-static const arrayDigit ga_256_secp_b[] =
- {16, 0x604b, 0x27d2, 0x3c3e, 0x3bce, 0xb0f6, 0xcc53, 0x6b0, 0x651d, 0x86bc,
- 0x7698, 0xbd55, 0xb3eb, 0x93e7, 0xaa3a, 0x35d8, 0x5ac6};
-
-/*
- * secp384r1
- *
- * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\
- * 0000000000000000FFFFFFFF
- * = 394020061963944792122790401001436138050797392704654466679482934042457217\
- * 71496870329047266088258938001861606973112319
- * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\
- * 0000000000000000FFFFFFFC
- * = 394020061963944792122790401001436138050797392704654466679482934042457217\
- * 71496870329047266088258938001861606973112316
- * b = B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D\
- * 8A2ED19D2A85C8EDD3EC2AEF
- * = 275801935599597058778490118403890480930569058563615685214287073019886892\
- * 41309860865136260764883745107765439761230575
- * x = AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25D\
- * BF55296C3A545E3872760AB7
- * = 262470350957996892686231567445669818918529234911092133878156159009255188\
- * 54738050089022388053975719786650872476732087
- * y = 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE\
- * 1D7E819D7A431D7C90EA0E5F
- * = 832571096148902998554675128952010817928785304886131559470920590248050319\
- * 9884419224438643760392947333078086511627871
- * order = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB2\
- * 48B0A77AECEC196ACCC52973
- * = 394020061963944792122790401001436138050797392704654466679469052796276593\
- * 99113263569398956308152294913554433653942643
- */
-static const arrayDigit ga_384_secp_bp[] =
- {24, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-static const arrayDigit ga_384_secp_x1Plus[] =
- {24, 0xab7, 0x7276, 0x5e38, 0x3a54, 0x296c, 0xbf55, 0xf25d, 0x5502, 0x2a38,
- 0x8254, 0x41e0, 0x59f7, 0x9b98, 0x8ba7, 0x3b62, 0x6e1d, 0xad74, 0xf320,
- 0xc71e, 0x8eb1, 0x537, 0xbe8b, 0xca22, 0xaa87};
-static const arrayDigit ga_384_secp_y1Plus[] =
- {24, 0xe5f, 0x90ea, 0x1d7c, 0x7a43, 0x819d, 0x1d7e, 0xb1ce, 0xa60, 0xb8c0,
- 0xb5f0, 0x3113, 0xe9da, 0x147c, 0x289a, 0x1dbd, 0xf8f4, 0xdc29, 0x9292,
- 0x98bf, 0x5d9e, 0x2c6f, 0x9626, 0xde4a, 0x3617};
-static const arrayDigit ga_384_secp_plusOrder[] =
- {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf,
- 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-static const arrayDigit ga_384_secp_x1OrderPlus[] =
- {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf,
- 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-static const arrayDigit ga_384_secp_x1OrderPlusRecip[] =
- {25, 0xd68d, 0x333a, 0xe695, 0x1313, 0x5885, 0xb74f, 0xf24d, 0xa7e5, 0xd220, 0xbc8,
- 0xb27e, 0x389c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1};
-static const arrayDigit ga_384_secp_a[] =
- {24, 0xfffc, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff};
-static const arrayDigit ga_384_secp_b[] =
- {24, 0x2aef, 0xd3ec, 0xc8ed, 0x2a85, 0xd19d, 0x8a2e, 0x398d, 0xc656, 0x875a,
- 0x5013, 0x88f, 0x314, 0x4112, 0xfe81, 0x9c6e, 0x181d, 0x2d19, 0xe3f8, 0x56b,
- 0x988e, 0xe7e4, 0xe23e, 0x2fa7, 0xb331};
-
-/*
- * secp521r1
- * p = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\
- * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
- * = 686479766013060971498190079908139321726943530014330540939446345918554318\
- * 339765605212255964066145455497729631139148085803712198799971664381257402\
- * 8291115057151
- * a = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\
- * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC
- * = 686479766013060971498190079908139321726943530014330540939446345918554318\
- * 339765605212255964066145455497729631139148085803712198799971664381257402\
- * 8291115057148
- * b = 0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E15619\
- * 3951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00
- * = 109384903807373427451111239076680556993620759895168374899458639449595311\
- * 615073501601370873757375962324859213229670631330943845253159101291214232\
- * 7488478985984
- * x = 00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B\
- * 5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66
- * = 266174080205021706322876871672336096072985916875697314770667136841880294\
- * 499642780849154508062777190235209424122506555866215711354557091681416163\
- * 7315895999846
- * y = 011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE\
- * 72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650
- * = 375718002577002046354550722449118360359445513476976248669456777961554447\
- * 744055631669123440501294553956214444453728942852258566672919658081012434\
- * 4277578376784
- * order = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5186\
- * 8783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409
- * = 686479766013060971498190079908139321726943530014330540939446345918554318\
- * 339765539424505774633321719753296399637136332111386476861244038034037280\
- * 8892707005449
- * orderRecip = 200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000005 \
- * ae79787c 40d06994 8033feb7 08f65a2f c44a3647 7663b851 449048e1 6ec79bf7
- * orderRecip = 2000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7
- */
-static const arrayDigit ga_521_secp_bp[] =
- {33, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0x1ff};
-static const arrayDigit ga_521_secp_x1Plus[] =
- {33, 0xbd66, 0xc2e5, 0x7e31, 0xf97e, 0x429b, 0x856a, 0xb3c1, 0x3348, 0xa8de, 0xa2ff,
- 0xc127, 0xfe1d, 0x5928, 0xefe7, 0x5e77, 0xa14b, 0x3dba, 0x6b4d, 0xaf60, 0xf828, 0xb521,
- 0x53f, 0x8139, 0x9c64, 0xb442, 0x2395, 0xcb66, 0x9e3e, 0xe9cd, 0x404, 0x6b7, 0x858e, 0xc6};
-static const arrayDigit ga_521_secp_y1Plus[] =
- {33, 0x6650, 0x9fd1, 0x9476, 0x88be, 0xc240, 0xa272, 0x7086, 0x353c, 0x761, 0x3fad,
- 0xb901, 0xc550, 0x2640, 0x5ef4, 0x7299, 0x97ee, 0x662c, 0x273e, 0xbd17, 0x17af, 0x4468,
- 0x579b, 0x4449, 0x98f5, 0x1bd9, 0x2c7d, 0x5fb4, 0x5c8a, 0xc004, 0x9a3b, 0x6a78, 0x3929,
- 0x118};
-static const arrayDigit ga_521_secp_plusOrder[] =
- {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709,
- 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0x1ff};
-static const arrayDigit ga_521_secp_x1OrderPlus[] =
- {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709,
- 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0x1ff};
-static const arrayDigit ga_521_secp_x1OrderPlusRecip[] =
-{33, 0x9bf7, 0x6ec7, 0x48e1, 0x4490, 0xb851, 0x7663, 0x3647, 0xc44a, 0x5a2f, 0x8f6, 0xfeb7, 0x8033, 0x6994, 0x40d0, 0x787c, 0xae79, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200};
-static const arrayDigit ga_521_secp_a[] =
- {33, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
- 0xffff, 0xffff, 0xffff, 0x1ff};
-static const arrayDigit ga_521_secp_b[] =
- {33, 0x3f00, 0x6b50, 0x1fd4, 0xef45, 0x34f1, 0x3d2c, 0xdf88, 0x3573, 0xbf07,
- 0x3bb1, 0xc0bd, 0x1652, 0x937b, 0xec7e, 0x3951, 0x5619, 0x9e1, 0x8ef1, 0x8991,
- 0xb8b4, 0x15f3, 0x99b3, 0x725b, 0xa2da, 0x40ee, 0xb685, 0x21a0, 0x929a, 0x9a1f,
- 0x8e1c, 0xb961, 0x953e, 0x51};
projects / apple / security.git / blobdiff