X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5dd5f9ec28f304ca377c42fd7f711d6cf12b90e1..5c19dc3ae3bd8e40a9c028b0deddd50ff337692c:/Security/libsecurity_cryptkit/lib/curveParamData.h diff --git a/Security/libsecurity_cryptkit/lib/curveParamData.h b/Security/libsecurity_cryptkit/lib/curveParamData.h deleted file mode 100644 index 24b5e6fc..00000000 --- a/Security/libsecurity_cryptkit/lib/curveParamData.h +++ /dev/null @@ -1,540 +0,0 @@ -/* New ECC curves, - - 14 Apr 2001 (REC) ensured x1Minus arithmetic & prime point orders - 5 Apr 2001 (REC) factored minusorder for NIST-P-192 - 3 Apr 2001 (REC) first draft - - c. 2001 Apple Computer, Inc. - All Rights Reserved. - - Currently there are 7 (seven) curves, at varying - bit-depth and varying parameter types: - - FEE curves (use Montgomery arithmetic and feemod base-prime): - 31 bits - 127 bits - IEEE curves (use projective arithmetic): - 31 bits (feemod base-prime) - 128 bits (feemod base-prime) - 161 bits (feemod base-prime) (default preference) - 161 bits (general prime) - 192 bits (general. prime) (NIST-recommended) - - Each curve is given key comments atop the parameters. - For performance considerations, - - primeType->Mersenne is faster than primeType->feemod is - faster than primeType->general - - curveType->Montgomery is faster than curveType->Weierstrass, - - Some choices are not obvious except to cryptographers; - e.g., the two curves given for 161 bits exist because - of cryptographic controversies; probably the curve with - both orders prime is more secure, so it is perhaps - the curve of choice at 161 bits. - - The parameters/points have standard meaning, except for our - special entities as listed below. It is important to note the - principle thgat, without exception, every CryptKit base prime - p is = 3 (mod 4). This allows simple square-rooting in the field - F_p. Because of this universal constraint, (-1) is always a - quadratic nonresidue and so twist curves as below can assume - g = -1. - - (...)plusOrder := The usual elliptic-curve order; - (...)x1Plus := x-coordinate on y^2 = x^3 + c x^2 + a x + b; - (...)x1OrderPlus := Order of x1Plus, always divides plusOrder - (...)minusOrder := Order of the twist curve = 2p+2-plusOrder - (...)x1Minus := x-coordinate chosen on the twist curve - g y^2 = x^3 + c x^2 + a x + b - where g = -1 is the nonresidue, and such that - the special, x-coordinates-only, twofold-ambiguous "add" of - FEED works on the minus curve, using the same curve - parameters a,b,c as for the plus curve. Note that - x1Minus is to be chosen so that the correct "add" arithmetic - occurs, and also so that the desired point order accrues. - (...)x1OrderMinus := Order of x1Plus, always divides minusOrder. - - In each of the curves specified below, the plusOrder (at least) - is prime, while each of the point orders x1OrderPlus/Minus - is always prime. - - Note that the older labels Atkin3, Atkin4 have been abolished. - - */ - - /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY. - * primeType->Mersenne - * curveType->Montgomery - * q = 31; k = 1; p = 2^q - k; - * a = 1; b = 0; c = 666; - * Both orders composite. - */ -static const arrayDigit ga_31m_x1Plus[] = - {2, 61780, 6237}; - /* 408809812 */ -static const arrayDigit ga_31m_x1Minus[] = - {2,12973,30585}; - /* 2004431533 */ -static const arrayDigit ga_31m_plusOrder[] = - {2, 25928, 32768 }; - /* 2147509576 = 2^3 * 268438697. */ -static const arrayDigit ga_31m_minusOrder[] = - {2, 39608, 32767 }; - /* 2147457720 = 2^3 * 3 * 5 * 17895481. */ -static const arrayDigit ga_31m_x1OrderPlus[] = - {2, 3241, 4096}; - /* 268438697 */ -static const arrayDigit ga_31m_x1OrderMinus[] = - {2, 4153, 273}; - /* 17895481 */ -static const arrayDigit ga_31m_x1OrderPlusRecip[] = - {2, 52572, 16383}; -static const arrayDigit ga_31m_lesserX1OrderRecip[] = - {2, 759, 960}; - - /* IEEE P1363 COMPATIBLE. - * primeType->Mersenne - * curveType->Weierstrass - * q = 31; k = 1; p = 2^q-k; - * a = 5824692 b = 2067311435 c = 0 - * Both orders prime. - */ -static const arrayDigit ga_31w_x1Plus[] = - {1, 6 }; -static const arrayDigit ga_31w_x1Minus[] = - {1, 7 }; -static const arrayDigit ga_31w_plusOrder[] = - {2,59003,32766 }; - /* 2147411579 */ -static const arrayDigit ga_31w_minusOrder[] = - {2,6533,32769 }; - /* 2147555717 */ -static const arrayDigit ga_31w_x1OrderPlus[] = - {2,59003,32766}; - /* 2147411579 */ -static const arrayDigit ga_31w_x1OrderMinus[] = - {2,6533,32769}; - /* 2147555717 */ -static const arrayDigit ga_31w_x1OrderPlusRecip[] = - {2, 6535, 32769}; - -static const arrayDigit ga_31w_a[] = - {2,57524,88}; - /* 5824692 */ -static const arrayDigit ga_31w_b[] = - {2,43851,31544}; - /* 2067311435 */ - - /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY. - * primeType->Mersenne - * curveType->Montgomery - * q = 127; k = 1; p = 2^q - k; - * a = 1; b = 0; c = 666; - * Both orders composite. - */ -static const arrayDigit ga_127m_x1Plus[] = - {8, 24044, 39922, 11050, - 24692, 34049, 9793, 1228, 31562}; - /* 163879370753099435779911346846180728300 */ -static const arrayDigit ga_127m_x1Minus[] = - {8,49015,6682,26772,63672,45560,46133,24769,8366}; - /* 43440717976631899041527862406676135799 */ -static const arrayDigit ga_127m_plusOrder[] = - { 8, 14612, 61088, 34331, - 32354, 65535, 65535, 65535, - 32767}; - /* 170141183460469231722347548493196835092 = -2^2 * 3^4 * 71 * 775627 * 9535713005180210505588285449. */ -static const arrayDigit ga_127m_minusOrder[] = - { 8, 50924, 4447, 31204, - 33181, 0, 0, 0, - 32768 }; - /* 170141183460469231741027058938571376364 = -2^2 * 17 * 743 * 1593440383 * 2113371777483973234080067. */ -static const arrayDigit ga_127m_x1OrderPlus[] = - {6, 8201, 61942, 37082, - 53787, 49605, 7887 }; - /* 9535713005180210505588285449 */ -static const arrayDigit ga_127m_x1OrderMinus[] = - {6, 14659, 1977,16924, - 7446, 49030, 1}; - /* 2113371777483973234080067 */ -static const arrayDigit ga_127m_x1OrderPlusRecip[] = - {6, 21911, 8615, 0, 40960, 64107, 8507}; -static const arrayDigit ga_127m_lesserX1OrderRecip[] = - {6, 44759, 65533, 17695, 61560, 18883, 2}; - - /* IEEE P1363 COMPATIBLE. - * primeType->feemod - * curveType->Weierstrass - * q = 127; k = -57675; p = 2^q - k; - * a = 170141183460469025572049133804586627403; - * b = 170105154311605172483148226534443139403; c = 0; - * Both orders prime.: - */ -static const arrayDigit ga_128w_x1Plus[] = - {1,6}; - /* 6 */ -static const arrayDigit ga_128w_x1Minus[] = - {1,3}; - /* 3 */ -static const arrayDigit ga_128w_plusOrder[] = - {8,40455,13788,48100,24190,1,0,0,32768}; - /* 170141183460469231756943134065055014407. */ -static const arrayDigit ga_128w_minusOrder[] = - {8,9361,51749,17435,41345,65534,65535,65535,32767}; - /* 170141183460469231706431473366713312401. */ -static const arrayDigit ga_128w_x1OrderPlus[] = - {8,40455,13788,48100,24190,1,0,0,32768}; - /* 170141183460469231756943134065055014407. */ -static const arrayDigit ga_128w_x1OrderMinus[] = - {8,9361,51749,17435,41345,65534,65535,65535,32767}; - /* 170141183460469231706431473366713312401. */ -static const arrayDigit ga_128w_x1OrderPlusRecip[] = - {9,34802,10381,4207,34309,65530,65535,65535,65535,1}; -static const arrayDigit ga_128w_lesserX1OrderRecip[] = - {8,56178,13786,48100,24190,1,0,0,32768}; - -static const arrayDigit ga_128w_a[] = - {8,29003,44777,29962,4169,54360,65535,65535,32767}; - /* 170141183460469025572049133804586627403; */ -static const arrayDigit ga_128w_b[] = - {8,16715,42481,16221,60523,56573,13644,4000,32761}; - /* 170105154311605172483148226534443139403. */ - - /* IEEE P1363 COMPATIBLE. - * primeType->feemod - * curveType->Weierstrass - * q = 160; k = -5875; p = 2^q - k; - * a = 1461501637330902918203684832716283019448563798259; - * b = 36382017816364032; c = 0; - * Both orders prime.: - */ -static const arrayDigit ga_161w_x1Plus[] = - {1,7}; - /* 7 */ -static const arrayDigit ga_161w_x1Minus[] = - {1,4}; - /* 4 */ -static const arrayDigit ga_161w_plusOrder[] = - {11,50651,30352,49719,403,64085,1,0,0,0,0,1}; - /* 1461501637330902918203687223801810245920805144027. */ -static const arrayDigit ga_161w_minusOrder[] = - {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535}; - /* 1461501637330902918203682441630755793391059953677. */ -static const arrayDigit ga_161w_x1OrderPlus[] = - {11,50651,30352,49719,403,64085,1,0,0,0,0,1}; - /* 1461501637330902918203687223801810245920805144027. */ -static const arrayDigit ga_161w_x1OrderMinus[] = - {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535}; - /* 1461501637330902918203682441630755793391059953677. */ -static const arrayDigit ga_161w_x1OrderPlusRecip[] = - {11,59555,9660,63266,63920,5803,65528,65535,65535,65535,65535,3}; -/* added by dmitch */ -static const arrayDigit ga_161w_lesserX1OrderRecip[] = - {12,38902,30352,49719,403,64085,1,0,0,0,0,1,0}; -/* end addenda */ - -static const arrayDigit ga_161w_a[] = {10,4339,47068,65487,65535,65535,65535,65535,65535,65535,65535}; -/* 1461501637330902918203684832716283019448563798259; */ -static const arrayDigit ga_161w_b[] = {4,1024,41000,16704,129}; -/* 36382017816364032. */ - - /* IEEE P1363 COMPATIBLE. - * primeType->General - * curveType->Weierstrass - * p is a 161-bit random prime (below, ga_161_gen_bp[]); - * a = -152; b = 722; c = 0; - * Both orders composite.: - */ -static const arrayDigit ga_161_gen_bp[] = - {11,41419,58349,36408,14563,25486,9098,29127,50972,7281,8647,1}; - /* baseprime = 1654338658923174831024422729553880293604080853451 */ -static const arrayDigit ga_161_gen_x1Plus[] = - {10,59390,38748,49144,50217,32781,46057,53816,62856,18968,55868}; - /* 1245904487553815885170631576005220733978383542270 */ -static const arrayDigit ga_161_gen_x1Minus[] = - {10,12140,40021,9852,49578,18446,39468,28773,10952,26720,52624}; - /* 1173563507729187954550227059395955904200719019884 */ -static const arrayDigit ga_161_gen_plusOrder[] = - {11,41420,58349,36408,14563,25486,9100,29127,50972,7281,8647,1}; - /* 1654338658923174831024425147405519522862430265804 = - 2^2 * 23 * 359 * 479 * 102107 * 1024120625531724089187207582052247831. */ -static const arrayDigit ga_161_gen_minusOrder[] = - {11,41420,58349,36408,14563,25486,9096,29127,50972,7281,8647,1}; - /* 1654338658923174831024420311702241064345731441100 = -2^2 * 5^2 * 17^2 * 57243552211874561627142571339177891499852299. */ -static const arrayDigit ga_161_gen_x1OrderPlus[] = - {8,59671,64703,58305,55887,34170,37971,15627,197}; - /* 1024120625531724089187207582052247831 */ -static const arrayDigit ga_161_gen_x1OrderMinus[] = - {10,49675,56911,64364,6281,5543,59511,52057,44604,37151,2}; - /* 57243552211874561627142571339177891499852299 */ -static const arrayDigit ga_161_gen_x1OrderPlusRecip[] = - {8, 7566, 37898, 14581, 2404, 52670, 23839, 17554, 332}; - -static const arrayDigit ga_161_gen_a[] = {-1, 152}; /* a = -152 */ -static const arrayDigit ga_161_gen_b[] = { 1, 722}; /* b = 722 */ - - - /* IEEE P1363 COMPATIBLE. - * (NIST-P-192 RECOMMENDED PRIME) - * primeType->General - * curveType->Weierstrass - * p is a 192-bit prime (with efficient bit structure) (below, ga_192_gen_bp[]); - * a = -3; b = 2455155546008943817740293915197451784769108058161191238065; c = 0; - * Plus-order is prime, minus-order is composite. - */ -static const arrayDigit ga_192_gen_bp[] = - {12,65535,65535,65535,65535,65534,65535,65535,65535,65535,65535,65535,65535}; - /* baseprime = -6277101735386680763835789423207666416083908700390324961279 */ -static const arrayDigit ga_192_gen_x1Plus[] = - {1,3}; - /* 3 */ -static const arrayDigit ga_192_gen_x1Minus[] = - {12,25754,63413,46363,42413,24848,21836,55473,50853,40413,10264,8715,59556}; - /* 5704344264203732742656350325931731344592841761552300598426 */ -static const arrayDigit ga_192_gen_plusOrder[] = - {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535}; - /* 6277101735386680763835789423176059013767194773182842284081 */ -static const arrayDigit ga_192_gen_minusOrder[] = - {13,55247,19245,13902,60308,1991,26145,0,0,0,0,0,0,1}; - /* 6277101735386680763835789423239273818400622627597807638479 = - 23 * 10864375060560251605900677743 * - 25120401793443689936479125511 */ -static const arrayDigit ga_192_gen_x1OrderPlus[] = - {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535}; - /* 6277101735386680763835789423176059013767194773182842284081 */ -static const arrayDigit ga_192_gen_x1OrderMinus[] = - {12,16649,40728,9152,53911,59923,9684,22795,17096,45590,34192,25644,2849}; - /* 272917466755942641905903887966924948626114027286861201673 = -10864375060560251605900677743 * 25120401793443689936479125511 -*/ -static const arrayDigit ga_192_gen_x1OrderPlusRecip[] = - {13,55247,19245,13902,60308,1993,26145,0,0,0,0,0,0,1}; -static const arrayDigit ga_192_gen_lesserX1OrderRecip[] = -{12,57756,63294,44830,2517,2125,63187,65535,65535,65535,65535,65535,5887}; - -static const arrayDigit ga_192_gen_a[] = {-1, 3}; /* a = -3. */ -static const arrayDigit ga_192_gen_b[] = -{12,47537,49478,57068,65208,12361,29220,59819,4007,32999,58780,1305,25633}; -/* b = 2455155546008943817740293915197451784769108058161191238065. */ - -/*** - *** ANSI X9.62/Certicom curves - ***/ - -/* - * secp192r1 - * - * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF - * = 6277101735386680763835789423207666416083908700390324961279 (d) - * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC - * = 6277101735386680763835789423207666416083908700390324961276 - * b = 64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1 - * = 2455155546008943817740293915197451784769108058161191238065 - * x = 188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012 - * = 602046282375688656758213480587526111916698976636884684818 - * y = 07192B95FFC8DA78631011ED6B24CDD573F977A11E794811 - * = 174050332293622031404857552280219410364023488927386650641 - * order = FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831 - * = 6277101735386680763835789423176059013767194773182842284081 - * x1OrderRecip = 1000000000000000000000000662107c9eb94364e4b2dd7cf - */ -static const arrayDigit ga_192_secp_bp[] = - {12, 0xffff, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -static const arrayDigit ga_192_secp_x1Plus[] = - {12, 0x1012, 0x82ff, 0xafd, 0xf4ff, 0x8800, 0x43a1, 0x20eb, 0x7cbf, 0x90f6, 0xb030, 0xa80e, 0x188d}; -static const arrayDigit ga_192_secp_y1Plus[] = - {12, 0x4811, 0x1e79, 0x77a1, 0x73f9, 0xcdd5, 0x6b24, 0x11ed, 0x6310, 0xda78, 0xffc8, 0x2b95, 0x719}; -static const arrayDigit ga_192_secp_plusOrder[] = - {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -/* the curve order is prime, so x1Order = curveOrder */ -static const arrayDigit ga_192_secp_x1OrderPlus[] = - {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -static const arrayDigit ga_192_secp_x1OrderPlusRecip[] = - {13, 0xd7cf, 0x4b2d, 0x364e, 0xeb94, 0x7c9, 0x6621, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}; -static const arrayDigit ga_192_secp_a[] = - {12, 0xfffc, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -static const arrayDigit ga_192_secp_b[] = - {12, 0xb9b1, 0xc146, 0xdeec, 0xfeb8, 0x3049, 0x7224, 0xe9ab, 0xfa7, 0x80e7, 0xe59c, 0x519, 0x6421}; - - -/* - * secp256r1 - * - * p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF - * = 115792089210356248762697446949407573530086143415290314195533631308867097853951 - * a = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC - * = 115792089210356248762697446949407573530086143415290314195533631308867097853948 - * b = 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B - * = 41058363725152142129326129780047268409114441015993725554835256314039467401291 - * x = 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 - * = 48439561293906451759052585252797914202762949526041747995844080717082404635286 - * y = 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 - * = 36134250956749795798585127919587881956611106672985015071877198253568414405109 - * order = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 - * = 115792089210356248762697446949407573529996955224135760342422259061068512044369 - * FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 - * x1OrderRecip = 100000000fffffffffffffffeffffffff43190552df1a6c21012ffd85eedf9bfe - */ -static const arrayDigit ga_256_secp_bp[] = - {16, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x1, 0x0, 0xffff, 0xffff}; -static const arrayDigit ga_256_secp_x1Plus[] = - {16, 0xc296, 0xd898, 0x3945, 0xf4a1, 0x33a0, 0x2deb, 0x7d81, 0x7703, 0x40f2, - 0x63a4, 0xe6e5, 0xf8bc, 0x4247, 0xe12c, 0xd1f2, 0x6b17}; -static const arrayDigit ga_256_secp_y1Plus[] = - {16, 0x51f5, 0x37bf, 0x4068, 0xcbb6, 0x5ece, 0x6b31, 0x3357, 0x2bce, 0x9e16, - 0x7c0f, 0xeb4a, 0x8ee7, 0x7f9b, 0xfe1a, 0x42e2, 0x4fe3}; -static const arrayDigit ga_256_secp_plusOrder[] = - {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff, - 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff}; -static const arrayDigit ga_256_secp_x1OrderPlus[] = - {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff, - 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff}; -static const arrayDigit ga_256_secp_x1OrderPlusRecip[] = - {17, 0x9bfe, 0xeedf, 0xfd85, 0x12f, 0x6c21, 0xdf1a, 0x552, 0x4319, 0xffff, - 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x1}; -static const arrayDigit ga_256_secp_a[] = - {16, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x1, 0x0, 0xffff, 0xffff}; -static const arrayDigit ga_256_secp_b[] = - {16, 0x604b, 0x27d2, 0x3c3e, 0x3bce, 0xb0f6, 0xcc53, 0x6b0, 0x651d, 0x86bc, - 0x7698, 0xbd55, 0xb3eb, 0x93e7, 0xaa3a, 0x35d8, 0x5ac6}; - -/* - * secp384r1 - * - * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\ - * 0000000000000000FFFFFFFF - * = 394020061963944792122790401001436138050797392704654466679482934042457217\ - * 71496870329047266088258938001861606973112319 - * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\ - * 0000000000000000FFFFFFFC - * = 394020061963944792122790401001436138050797392704654466679482934042457217\ - * 71496870329047266088258938001861606973112316 - * b = B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D\ - * 8A2ED19D2A85C8EDD3EC2AEF - * = 275801935599597058778490118403890480930569058563615685214287073019886892\ - * 41309860865136260764883745107765439761230575 - * x = AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25D\ - * BF55296C3A545E3872760AB7 - * = 262470350957996892686231567445669818918529234911092133878156159009255188\ - * 54738050089022388053975719786650872476732087 - * y = 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE\ - * 1D7E819D7A431D7C90EA0E5F - * = 832571096148902998554675128952010817928785304886131559470920590248050319\ - * 9884419224438643760392947333078086511627871 - * order = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB2\ - * 48B0A77AECEC196ACCC52973 - * = 394020061963944792122790401001436138050797392704654466679469052796276593\ - * 99113263569398956308152294913554433653942643 - */ -static const arrayDigit ga_384_secp_bp[] = - {24, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -static const arrayDigit ga_384_secp_x1Plus[] = - {24, 0xab7, 0x7276, 0x5e38, 0x3a54, 0x296c, 0xbf55, 0xf25d, 0x5502, 0x2a38, - 0x8254, 0x41e0, 0x59f7, 0x9b98, 0x8ba7, 0x3b62, 0x6e1d, 0xad74, 0xf320, - 0xc71e, 0x8eb1, 0x537, 0xbe8b, 0xca22, 0xaa87}; -static const arrayDigit ga_384_secp_y1Plus[] = - {24, 0xe5f, 0x90ea, 0x1d7c, 0x7a43, 0x819d, 0x1d7e, 0xb1ce, 0xa60, 0xb8c0, - 0xb5f0, 0x3113, 0xe9da, 0x147c, 0x289a, 0x1dbd, 0xf8f4, 0xdc29, 0x9292, - 0x98bf, 0x5d9e, 0x2c6f, 0x9626, 0xde4a, 0x3617}; -static const arrayDigit ga_384_secp_plusOrder[] = - {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf, - 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -static const arrayDigit ga_384_secp_x1OrderPlus[] = - {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf, - 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -static const arrayDigit ga_384_secp_x1OrderPlusRecip[] = - {25, 0xd68d, 0x333a, 0xe695, 0x1313, 0x5885, 0xb74f, 0xf24d, 0xa7e5, 0xd220, 0xbc8, - 0xb27e, 0x389c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}; -static const arrayDigit ga_384_secp_a[] = - {24, 0xfffc, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; -static const arrayDigit ga_384_secp_b[] = - {24, 0x2aef, 0xd3ec, 0xc8ed, 0x2a85, 0xd19d, 0x8a2e, 0x398d, 0xc656, 0x875a, - 0x5013, 0x88f, 0x314, 0x4112, 0xfe81, 0x9c6e, 0x181d, 0x2d19, 0xe3f8, 0x56b, - 0x988e, 0xe7e4, 0xe23e, 0x2fa7, 0xb331}; - -/* - * secp521r1 - * p = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\ - * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - * = 686479766013060971498190079908139321726943530014330540939446345918554318\ - * 339765605212255964066145455497729631139148085803712198799971664381257402\ - * 8291115057151 - * a = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\ - * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC - * = 686479766013060971498190079908139321726943530014330540939446345918554318\ - * 339765605212255964066145455497729631139148085803712198799971664381257402\ - * 8291115057148 - * b = 0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E15619\ - * 3951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00 - * = 109384903807373427451111239076680556993620759895168374899458639449595311\ - * 615073501601370873757375962324859213229670631330943845253159101291214232\ - * 7488478985984 - * x = 00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B\ - * 5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66 - * = 266174080205021706322876871672336096072985916875697314770667136841880294\ - * 499642780849154508062777190235209424122506555866215711354557091681416163\ - * 7315895999846 - * y = 011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE\ - * 72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650 - * = 375718002577002046354550722449118360359445513476976248669456777961554447\ - * 744055631669123440501294553956214444453728942852258566672919658081012434\ - * 4277578376784 - * order = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5186\ - * 8783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409 - * = 686479766013060971498190079908139321726943530014330540939446345918554318\ - * 339765539424505774633321719753296399637136332111386476861244038034037280\ - * 8892707005449 - * orderRecip = 200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000005 \ - * ae79787c 40d06994 8033feb7 08f65a2f c44a3647 7663b851 449048e1 6ec79bf7 - * orderRecip = 2000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7 - */ -static const arrayDigit ga_521_secp_bp[] = - {33, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0x1ff}; -static const arrayDigit ga_521_secp_x1Plus[] = - {33, 0xbd66, 0xc2e5, 0x7e31, 0xf97e, 0x429b, 0x856a, 0xb3c1, 0x3348, 0xa8de, 0xa2ff, - 0xc127, 0xfe1d, 0x5928, 0xefe7, 0x5e77, 0xa14b, 0x3dba, 0x6b4d, 0xaf60, 0xf828, 0xb521, - 0x53f, 0x8139, 0x9c64, 0xb442, 0x2395, 0xcb66, 0x9e3e, 0xe9cd, 0x404, 0x6b7, 0x858e, 0xc6}; -static const arrayDigit ga_521_secp_y1Plus[] = - {33, 0x6650, 0x9fd1, 0x9476, 0x88be, 0xc240, 0xa272, 0x7086, 0x353c, 0x761, 0x3fad, - 0xb901, 0xc550, 0x2640, 0x5ef4, 0x7299, 0x97ee, 0x662c, 0x273e, 0xbd17, 0x17af, 0x4468, - 0x579b, 0x4449, 0x98f5, 0x1bd9, 0x2c7d, 0x5fb4, 0x5c8a, 0xc004, 0x9a3b, 0x6a78, 0x3929, - 0x118}; -static const arrayDigit ga_521_secp_plusOrder[] = - {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709, - 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0x1ff}; -static const arrayDigit ga_521_secp_x1OrderPlus[] = - {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709, - 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0x1ff}; -static const arrayDigit ga_521_secp_x1OrderPlusRecip[] = -{33, 0x9bf7, 0x6ec7, 0x48e1, 0x4490, 0xb851, 0x7663, 0x3647, 0xc44a, 0x5a2f, 0x8f6, 0xfeb7, 0x8033, 0x6994, 0x40d0, 0x787c, 0xae79, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}; -static const arrayDigit ga_521_secp_a[] = - {33, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0x1ff}; -static const arrayDigit ga_521_secp_b[] = - {33, 0x3f00, 0x6b50, 0x1fd4, 0xef45, 0x34f1, 0x3d2c, 0xdf88, 0x3573, 0xbf07, - 0x3bb1, 0xc0bd, 0x1652, 0x937b, 0xec7e, 0x3951, 0x5619, 0x9e1, 0x8ef1, 0x8991, - 0xb8b4, 0x15f3, 0x99b3, 0x725b, 0xa2da, 0x40ee, 0xb685, 0x21a0, 0x929a, 0x9a1f, - 0x8e1c, 0xb961, 0x953e, 0x51};