X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_cryptkit/lib/curveParamData.h?ds=sidebyside diff --git a/Security/libsecurity_cryptkit/lib/curveParamData.h b/Security/libsecurity_cryptkit/lib/curveParamData.h new file mode 100644 index 00000000..24b5e6fc --- /dev/null +++ b/Security/libsecurity_cryptkit/lib/curveParamData.h @@ -0,0 +1,540 @@ +/* New ECC curves, + + 14 Apr 2001 (REC) ensured x1Minus arithmetic & prime point orders + 5 Apr 2001 (REC) factored minusorder for NIST-P-192 + 3 Apr 2001 (REC) first draft + + c. 2001 Apple Computer, Inc. + All Rights Reserved. + + Currently there are 7 (seven) curves, at varying + bit-depth and varying parameter types: + + FEE curves (use Montgomery arithmetic and feemod base-prime): + 31 bits + 127 bits + IEEE curves (use projective arithmetic): + 31 bits (feemod base-prime) + 128 bits (feemod base-prime) + 161 bits (feemod base-prime) (default preference) + 161 bits (general prime) + 192 bits (general. prime) (NIST-recommended) + + Each curve is given key comments atop the parameters. + For performance considerations, + + primeType->Mersenne is faster than primeType->feemod is + faster than primeType->general + + curveType->Montgomery is faster than curveType->Weierstrass, + + Some choices are not obvious except to cryptographers; + e.g., the two curves given for 161 bits exist because + of cryptographic controversies; probably the curve with + both orders prime is more secure, so it is perhaps + the curve of choice at 161 bits. + + The parameters/points have standard meaning, except for our + special entities as listed below. It is important to note the + principle thgat, without exception, every CryptKit base prime + p is = 3 (mod 4). This allows simple square-rooting in the field + F_p. Because of this universal constraint, (-1) is always a + quadratic nonresidue and so twist curves as below can assume + g = -1. + + (...)plusOrder := The usual elliptic-curve order; + (...)x1Plus := x-coordinate on y^2 = x^3 + c x^2 + a x + b; + (...)x1OrderPlus := Order of x1Plus, always divides plusOrder + (...)minusOrder := Order of the twist curve = 2p+2-plusOrder + (...)x1Minus := x-coordinate chosen on the twist curve + g y^2 = x^3 + c x^2 + a x + b + where g = -1 is the nonresidue, and such that + the special, x-coordinates-only, twofold-ambiguous "add" of + FEED works on the minus curve, using the same curve + parameters a,b,c as for the plus curve. Note that + x1Minus is to be chosen so that the correct "add" arithmetic + occurs, and also so that the desired point order accrues. + (...)x1OrderMinus := Order of x1Plus, always divides minusOrder. + + In each of the curves specified below, the plusOrder (at least) + is prime, while each of the point orders x1OrderPlus/Minus + is always prime. + + Note that the older labels Atkin3, Atkin4 have been abolished. + + */ + + /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY. + * primeType->Mersenne + * curveType->Montgomery + * q = 31; k = 1; p = 2^q - k; + * a = 1; b = 0; c = 666; + * Both orders composite. + */ +static const arrayDigit ga_31m_x1Plus[] = + {2, 61780, 6237}; + /* 408809812 */ +static const arrayDigit ga_31m_x1Minus[] = + {2,12973,30585}; + /* 2004431533 */ +static const arrayDigit ga_31m_plusOrder[] = + {2, 25928, 32768 }; + /* 2147509576 = 2^3 * 268438697. */ +static const arrayDigit ga_31m_minusOrder[] = + {2, 39608, 32767 }; + /* 2147457720 = 2^3 * 3 * 5 * 17895481. */ +static const arrayDigit ga_31m_x1OrderPlus[] = + {2, 3241, 4096}; + /* 268438697 */ +static const arrayDigit ga_31m_x1OrderMinus[] = + {2, 4153, 273}; + /* 17895481 */ +static const arrayDigit ga_31m_x1OrderPlusRecip[] = + {2, 52572, 16383}; +static const arrayDigit ga_31m_lesserX1OrderRecip[] = + {2, 759, 960}; + + /* IEEE P1363 COMPATIBLE. + * primeType->Mersenne + * curveType->Weierstrass + * q = 31; k = 1; p = 2^q-k; + * a = 5824692 b = 2067311435 c = 0 + * Both orders prime. + */ +static const arrayDigit ga_31w_x1Plus[] = + {1, 6 }; +static const arrayDigit ga_31w_x1Minus[] = + {1, 7 }; +static const arrayDigit ga_31w_plusOrder[] = + {2,59003,32766 }; + /* 2147411579 */ +static const arrayDigit ga_31w_minusOrder[] = + {2,6533,32769 }; + /* 2147555717 */ +static const arrayDigit ga_31w_x1OrderPlus[] = + {2,59003,32766}; + /* 2147411579 */ +static const arrayDigit ga_31w_x1OrderMinus[] = + {2,6533,32769}; + /* 2147555717 */ +static const arrayDigit ga_31w_x1OrderPlusRecip[] = + {2, 6535, 32769}; + +static const arrayDigit ga_31w_a[] = + {2,57524,88}; + /* 5824692 */ +static const arrayDigit ga_31w_b[] = + {2,43851,31544}; + /* 2067311435 */ + + /* FEE CURVE: USE FOR FEE SIG. & FEED ONLY. + * primeType->Mersenne + * curveType->Montgomery + * q = 127; k = 1; p = 2^q - k; + * a = 1; b = 0; c = 666; + * Both orders composite. + */ +static const arrayDigit ga_127m_x1Plus[] = + {8, 24044, 39922, 11050, + 24692, 34049, 9793, 1228, 31562}; + /* 163879370753099435779911346846180728300 */ +static const arrayDigit ga_127m_x1Minus[] = + {8,49015,6682,26772,63672,45560,46133,24769,8366}; + /* 43440717976631899041527862406676135799 */ +static const arrayDigit ga_127m_plusOrder[] = + { 8, 14612, 61088, 34331, + 32354, 65535, 65535, 65535, + 32767}; + /* 170141183460469231722347548493196835092 = +2^2 * 3^4 * 71 * 775627 * 9535713005180210505588285449. */ +static const arrayDigit ga_127m_minusOrder[] = + { 8, 50924, 4447, 31204, + 33181, 0, 0, 0, + 32768 }; + /* 170141183460469231741027058938571376364 = +2^2 * 17 * 743 * 1593440383 * 2113371777483973234080067. */ +static const arrayDigit ga_127m_x1OrderPlus[] = + {6, 8201, 61942, 37082, + 53787, 49605, 7887 }; + /* 9535713005180210505588285449 */ +static const arrayDigit ga_127m_x1OrderMinus[] = + {6, 14659, 1977,16924, + 7446, 49030, 1}; + /* 2113371777483973234080067 */ +static const arrayDigit ga_127m_x1OrderPlusRecip[] = + {6, 21911, 8615, 0, 40960, 64107, 8507}; +static const arrayDigit ga_127m_lesserX1OrderRecip[] = + {6, 44759, 65533, 17695, 61560, 18883, 2}; + + /* IEEE P1363 COMPATIBLE. + * primeType->feemod + * curveType->Weierstrass + * q = 127; k = -57675; p = 2^q - k; + * a = 170141183460469025572049133804586627403; + * b = 170105154311605172483148226534443139403; c = 0; + * Both orders prime.: + */ +static const arrayDigit ga_128w_x1Plus[] = + {1,6}; + /* 6 */ +static const arrayDigit ga_128w_x1Minus[] = + {1,3}; + /* 3 */ +static const arrayDigit ga_128w_plusOrder[] = + {8,40455,13788,48100,24190,1,0,0,32768}; + /* 170141183460469231756943134065055014407. */ +static const arrayDigit ga_128w_minusOrder[] = + {8,9361,51749,17435,41345,65534,65535,65535,32767}; + /* 170141183460469231706431473366713312401. */ +static const arrayDigit ga_128w_x1OrderPlus[] = + {8,40455,13788,48100,24190,1,0,0,32768}; + /* 170141183460469231756943134065055014407. */ +static const arrayDigit ga_128w_x1OrderMinus[] = + {8,9361,51749,17435,41345,65534,65535,65535,32767}; + /* 170141183460469231706431473366713312401. */ +static const arrayDigit ga_128w_x1OrderPlusRecip[] = + {9,34802,10381,4207,34309,65530,65535,65535,65535,1}; +static const arrayDigit ga_128w_lesserX1OrderRecip[] = + {8,56178,13786,48100,24190,1,0,0,32768}; + +static const arrayDigit ga_128w_a[] = + {8,29003,44777,29962,4169,54360,65535,65535,32767}; + /* 170141183460469025572049133804586627403; */ +static const arrayDigit ga_128w_b[] = + {8,16715,42481,16221,60523,56573,13644,4000,32761}; + /* 170105154311605172483148226534443139403. */ + + /* IEEE P1363 COMPATIBLE. + * primeType->feemod + * curveType->Weierstrass + * q = 160; k = -5875; p = 2^q - k; + * a = 1461501637330902918203684832716283019448563798259; + * b = 36382017816364032; c = 0; + * Both orders prime.: + */ +static const arrayDigit ga_161w_x1Plus[] = + {1,7}; + /* 7 */ +static const arrayDigit ga_161w_x1Minus[] = + {1,4}; + /* 4 */ +static const arrayDigit ga_161w_plusOrder[] = + {11,50651,30352,49719,403,64085,1,0,0,0,0,1}; + /* 1461501637330902918203687223801810245920805144027. */ +static const arrayDigit ga_161w_minusOrder[] = + {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535}; + /* 1461501637330902918203682441630755793391059953677. */ +static const arrayDigit ga_161w_x1OrderPlus[] = + {11,50651,30352,49719,403,64085,1,0,0,0,0,1}; + /* 1461501637330902918203687223801810245920805144027. */ +static const arrayDigit ga_161w_x1OrderMinus[] = + {10,26637,35183,15816,65132,1450,65534,65535,65535,65535,65535}; + /* 1461501637330902918203682441630755793391059953677. */ +static const arrayDigit ga_161w_x1OrderPlusRecip[] = + {11,59555,9660,63266,63920,5803,65528,65535,65535,65535,65535,3}; +/* added by dmitch */ +static const arrayDigit ga_161w_lesserX1OrderRecip[] = + {12,38902,30352,49719,403,64085,1,0,0,0,0,1,0}; +/* end addenda */ + +static const arrayDigit ga_161w_a[] = {10,4339,47068,65487,65535,65535,65535,65535,65535,65535,65535}; +/* 1461501637330902918203684832716283019448563798259; */ +static const arrayDigit ga_161w_b[] = {4,1024,41000,16704,129}; +/* 36382017816364032. */ + + /* IEEE P1363 COMPATIBLE. + * primeType->General + * curveType->Weierstrass + * p is a 161-bit random prime (below, ga_161_gen_bp[]); + * a = -152; b = 722; c = 0; + * Both orders composite.: + */ +static const arrayDigit ga_161_gen_bp[] = + {11,41419,58349,36408,14563,25486,9098,29127,50972,7281,8647,1}; + /* baseprime = 1654338658923174831024422729553880293604080853451 */ +static const arrayDigit ga_161_gen_x1Plus[] = + {10,59390,38748,49144,50217,32781,46057,53816,62856,18968,55868}; + /* 1245904487553815885170631576005220733978383542270 */ +static const arrayDigit ga_161_gen_x1Minus[] = + {10,12140,40021,9852,49578,18446,39468,28773,10952,26720,52624}; + /* 1173563507729187954550227059395955904200719019884 */ +static const arrayDigit ga_161_gen_plusOrder[] = + {11,41420,58349,36408,14563,25486,9100,29127,50972,7281,8647,1}; + /* 1654338658923174831024425147405519522862430265804 = + 2^2 * 23 * 359 * 479 * 102107 * 1024120625531724089187207582052247831. */ +static const arrayDigit ga_161_gen_minusOrder[] = + {11,41420,58349,36408,14563,25486,9096,29127,50972,7281,8647,1}; + /* 1654338658923174831024420311702241064345731441100 = +2^2 * 5^2 * 17^2 * 57243552211874561627142571339177891499852299. */ +static const arrayDigit ga_161_gen_x1OrderPlus[] = + {8,59671,64703,58305,55887,34170,37971,15627,197}; + /* 1024120625531724089187207582052247831 */ +static const arrayDigit ga_161_gen_x1OrderMinus[] = + {10,49675,56911,64364,6281,5543,59511,52057,44604,37151,2}; + /* 57243552211874561627142571339177891499852299 */ +static const arrayDigit ga_161_gen_x1OrderPlusRecip[] = + {8, 7566, 37898, 14581, 2404, 52670, 23839, 17554, 332}; + +static const arrayDigit ga_161_gen_a[] = {-1, 152}; /* a = -152 */ +static const arrayDigit ga_161_gen_b[] = { 1, 722}; /* b = 722 */ + + + /* IEEE P1363 COMPATIBLE. + * (NIST-P-192 RECOMMENDED PRIME) + * primeType->General + * curveType->Weierstrass + * p is a 192-bit prime (with efficient bit structure) (below, ga_192_gen_bp[]); + * a = -3; b = 2455155546008943817740293915197451784769108058161191238065; c = 0; + * Plus-order is prime, minus-order is composite. + */ +static const arrayDigit ga_192_gen_bp[] = + {12,65535,65535,65535,65535,65534,65535,65535,65535,65535,65535,65535,65535}; + /* baseprime = +6277101735386680763835789423207666416083908700390324961279 */ +static const arrayDigit ga_192_gen_x1Plus[] = + {1,3}; + /* 3 */ +static const arrayDigit ga_192_gen_x1Minus[] = + {12,25754,63413,46363,42413,24848,21836,55473,50853,40413,10264,8715,59556}; + /* 5704344264203732742656350325931731344592841761552300598426 */ +static const arrayDigit ga_192_gen_plusOrder[] = + {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535}; + /* 6277101735386680763835789423176059013767194773182842284081 */ +static const arrayDigit ga_192_gen_minusOrder[] = + {13,55247,19245,13902,60308,1991,26145,0,0,0,0,0,0,1}; + /* 6277101735386680763835789423239273818400622627597807638479 = + 23 * 10864375060560251605900677743 * + 25120401793443689936479125511 */ +static const arrayDigit ga_192_gen_x1OrderPlus[] = + {12,10289,46290,51633,5227,63542,39390,65535,65535,65535,65535,65535,65535}; + /* 6277101735386680763835789423176059013767194773182842284081 */ +static const arrayDigit ga_192_gen_x1OrderMinus[] = + {12,16649,40728,9152,53911,59923,9684,22795,17096,45590,34192,25644,2849}; + /* 272917466755942641905903887966924948626114027286861201673 = +10864375060560251605900677743 * 25120401793443689936479125511 +*/ +static const arrayDigit ga_192_gen_x1OrderPlusRecip[] = + {13,55247,19245,13902,60308,1993,26145,0,0,0,0,0,0,1}; +static const arrayDigit ga_192_gen_lesserX1OrderRecip[] = +{12,57756,63294,44830,2517,2125,63187,65535,65535,65535,65535,65535,5887}; + +static const arrayDigit ga_192_gen_a[] = {-1, 3}; /* a = -3. */ +static const arrayDigit ga_192_gen_b[] = +{12,47537,49478,57068,65208,12361,29220,59819,4007,32999,58780,1305,25633}; +/* b = 2455155546008943817740293915197451784769108058161191238065. */ + +/*** + *** ANSI X9.62/Certicom curves + ***/ + +/* + * secp192r1 + * + * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF + * = 6277101735386680763835789423207666416083908700390324961279 (d) + * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC + * = 6277101735386680763835789423207666416083908700390324961276 + * b = 64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1 + * = 2455155546008943817740293915197451784769108058161191238065 + * x = 188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012 + * = 602046282375688656758213480587526111916698976636884684818 + * y = 07192B95FFC8DA78631011ED6B24CDD573F977A11E794811 + * = 174050332293622031404857552280219410364023488927386650641 + * order = FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831 + * = 6277101735386680763835789423176059013767194773182842284081 + * x1OrderRecip = 1000000000000000000000000662107c9eb94364e4b2dd7cf + */ +static const arrayDigit ga_192_secp_bp[] = + {12, 0xffff, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +static const arrayDigit ga_192_secp_x1Plus[] = + {12, 0x1012, 0x82ff, 0xafd, 0xf4ff, 0x8800, 0x43a1, 0x20eb, 0x7cbf, 0x90f6, 0xb030, 0xa80e, 0x188d}; +static const arrayDigit ga_192_secp_y1Plus[] = + {12, 0x4811, 0x1e79, 0x77a1, 0x73f9, 0xcdd5, 0x6b24, 0x11ed, 0x6310, 0xda78, 0xffc8, 0x2b95, 0x719}; +static const arrayDigit ga_192_secp_plusOrder[] = + {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +/* the curve order is prime, so x1Order = curveOrder */ +static const arrayDigit ga_192_secp_x1OrderPlus[] = + {12, 0x2831, 0xb4d2, 0xc9b1, 0x146b, 0xf836, 0x99de, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +static const arrayDigit ga_192_secp_x1OrderPlusRecip[] = + {13, 0xd7cf, 0x4b2d, 0x364e, 0xeb94, 0x7c9, 0x6621, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}; +static const arrayDigit ga_192_secp_a[] = + {12, 0xfffc, 0xffff, 0xffff, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +static const arrayDigit ga_192_secp_b[] = + {12, 0xb9b1, 0xc146, 0xdeec, 0xfeb8, 0x3049, 0x7224, 0xe9ab, 0xfa7, 0x80e7, 0xe59c, 0x519, 0x6421}; + + +/* + * secp256r1 + * + * p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF + * = 115792089210356248762697446949407573530086143415290314195533631308867097853951 + * a = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC + * = 115792089210356248762697446949407573530086143415290314195533631308867097853948 + * b = 5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B + * = 41058363725152142129326129780047268409114441015993725554835256314039467401291 + * x = 6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296 + * = 48439561293906451759052585252797914202762949526041747995844080717082404635286 + * y = 4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5 + * = 36134250956749795798585127919587881956611106672985015071877198253568414405109 + * order = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 + * = 115792089210356248762697446949407573529996955224135760342422259061068512044369 + * FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 + * x1OrderRecip = 100000000fffffffffffffffeffffffff43190552df1a6c21012ffd85eedf9bfe + */ +static const arrayDigit ga_256_secp_bp[] = + {16, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x1, 0x0, 0xffff, 0xffff}; +static const arrayDigit ga_256_secp_x1Plus[] = + {16, 0xc296, 0xd898, 0x3945, 0xf4a1, 0x33a0, 0x2deb, 0x7d81, 0x7703, 0x40f2, + 0x63a4, 0xe6e5, 0xf8bc, 0x4247, 0xe12c, 0xd1f2, 0x6b17}; +static const arrayDigit ga_256_secp_y1Plus[] = + {16, 0x51f5, 0x37bf, 0x4068, 0xcbb6, 0x5ece, 0x6b31, 0x3357, 0x2bce, 0x9e16, + 0x7c0f, 0xeb4a, 0x8ee7, 0x7f9b, 0xfe1a, 0x42e2, 0x4fe3}; +static const arrayDigit ga_256_secp_plusOrder[] = + {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff, + 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff}; +static const arrayDigit ga_256_secp_x1OrderPlus[] = + {16, 0x2551, 0xfc63, 0xcac2, 0xf3b9, 0x9e84, 0xa717, 0xfaad, 0xbce6, 0xffff, + 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0xffff, 0xffff}; +static const arrayDigit ga_256_secp_x1OrderPlusRecip[] = + {17, 0x9bfe, 0xeedf, 0xfd85, 0x12f, 0x6c21, 0xdf1a, 0x552, 0x4319, 0xffff, + 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x1}; +static const arrayDigit ga_256_secp_a[] = + {16, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x1, 0x0, 0xffff, 0xffff}; +static const arrayDigit ga_256_secp_b[] = + {16, 0x604b, 0x27d2, 0x3c3e, 0x3bce, 0xb0f6, 0xcc53, 0x6b0, 0x651d, 0x86bc, + 0x7698, 0xbd55, 0xb3eb, 0x93e7, 0xaa3a, 0x35d8, 0x5ac6}; + +/* + * secp384r1 + * + * p = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\ + * 0000000000000000FFFFFFFF + * = 394020061963944792122790401001436138050797392704654466679482934042457217\ + * 71496870329047266088258938001861606973112319 + * a = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF\ + * 0000000000000000FFFFFFFC + * = 394020061963944792122790401001436138050797392704654466679482934042457217\ + * 71496870329047266088258938001861606973112316 + * b = B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D\ + * 8A2ED19D2A85C8EDD3EC2AEF + * = 275801935599597058778490118403890480930569058563615685214287073019886892\ + * 41309860865136260764883745107765439761230575 + * x = AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25D\ + * BF55296C3A545E3872760AB7 + * = 262470350957996892686231567445669818918529234911092133878156159009255188\ + * 54738050089022388053975719786650872476732087 + * y = 3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE\ + * 1D7E819D7A431D7C90EA0E5F + * = 832571096148902998554675128952010817928785304886131559470920590248050319\ + * 9884419224438643760392947333078086511627871 + * order = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB2\ + * 48B0A77AECEC196ACCC52973 + * = 394020061963944792122790401001436138050797392704654466679469052796276593\ + * 99113263569398956308152294913554433653942643 + */ +static const arrayDigit ga_384_secp_bp[] = + {24, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +static const arrayDigit ga_384_secp_x1Plus[] = + {24, 0xab7, 0x7276, 0x5e38, 0x3a54, 0x296c, 0xbf55, 0xf25d, 0x5502, 0x2a38, + 0x8254, 0x41e0, 0x59f7, 0x9b98, 0x8ba7, 0x3b62, 0x6e1d, 0xad74, 0xf320, + 0xc71e, 0x8eb1, 0x537, 0xbe8b, 0xca22, 0xaa87}; +static const arrayDigit ga_384_secp_y1Plus[] = + {24, 0xe5f, 0x90ea, 0x1d7c, 0x7a43, 0x819d, 0x1d7e, 0xb1ce, 0xa60, 0xb8c0, + 0xb5f0, 0x3113, 0xe9da, 0x147c, 0x289a, 0x1dbd, 0xf8f4, 0xdc29, 0x9292, + 0x98bf, 0x5d9e, 0x2c6f, 0x9626, 0xde4a, 0x3617}; +static const arrayDigit ga_384_secp_plusOrder[] = + {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf, + 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +static const arrayDigit ga_384_secp_x1OrderPlus[] = + {24, 0x2973, 0xccc5, 0x196a, 0xecec, 0xa77a, 0x48b0, 0xdb2, 0x581a, 0x2ddf, + 0xf437, 0x4d81, 0xc763, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +static const arrayDigit ga_384_secp_x1OrderPlusRecip[] = + {25, 0xd68d, 0x333a, 0xe695, 0x1313, 0x5885, 0xb74f, 0xf24d, 0xa7e5, 0xd220, 0xbc8, + 0xb27e, 0x389c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}; +static const arrayDigit ga_384_secp_a[] = + {24, 0xfffc, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0xffff, 0xfffe, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}; +static const arrayDigit ga_384_secp_b[] = + {24, 0x2aef, 0xd3ec, 0xc8ed, 0x2a85, 0xd19d, 0x8a2e, 0x398d, 0xc656, 0x875a, + 0x5013, 0x88f, 0x314, 0x4112, 0xfe81, 0x9c6e, 0x181d, 0x2d19, 0xe3f8, 0x56b, + 0x988e, 0xe7e4, 0xe23e, 0x2fa7, 0xb331}; + +/* + * secp521r1 + * p = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\ + * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + * = 686479766013060971498190079908139321726943530014330540939446345918554318\ + * 339765605212255964066145455497729631139148085803712198799971664381257402\ + * 8291115057151 + * a = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\ + * FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC + * = 686479766013060971498190079908139321726943530014330540939446345918554318\ + * 339765605212255964066145455497729631139148085803712198799971664381257402\ + * 8291115057148 + * b = 0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E15619\ + * 3951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00 + * = 109384903807373427451111239076680556993620759895168374899458639449595311\ + * 615073501601370873757375962324859213229670631330943845253159101291214232\ + * 7488478985984 + * x = 00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B\ + * 5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66 + * = 266174080205021706322876871672336096072985916875697314770667136841880294\ + * 499642780849154508062777190235209424122506555866215711354557091681416163\ + * 7315895999846 + * y = 011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE\ + * 72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650 + * = 375718002577002046354550722449118360359445513476976248669456777961554447\ + * 744055631669123440501294553956214444453728942852258566672919658081012434\ + * 4277578376784 + * order = 01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5186\ + * 8783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409 + * = 686479766013060971498190079908139321726943530014330540939446345918554318\ + * 339765539424505774633321719753296399637136332111386476861244038034037280\ + * 8892707005449 + * orderRecip = 200 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000005 \ + * ae79787c 40d06994 8033feb7 08f65a2f c44a3647 7663b851 449048e1 6ec79bf7 + * orderRecip = 2000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7 + */ +static const arrayDigit ga_521_secp_bp[] = + {33, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0x1ff}; +static const arrayDigit ga_521_secp_x1Plus[] = + {33, 0xbd66, 0xc2e5, 0x7e31, 0xf97e, 0x429b, 0x856a, 0xb3c1, 0x3348, 0xa8de, 0xa2ff, + 0xc127, 0xfe1d, 0x5928, 0xefe7, 0x5e77, 0xa14b, 0x3dba, 0x6b4d, 0xaf60, 0xf828, 0xb521, + 0x53f, 0x8139, 0x9c64, 0xb442, 0x2395, 0xcb66, 0x9e3e, 0xe9cd, 0x404, 0x6b7, 0x858e, 0xc6}; +static const arrayDigit ga_521_secp_y1Plus[] = + {33, 0x6650, 0x9fd1, 0x9476, 0x88be, 0xc240, 0xa272, 0x7086, 0x353c, 0x761, 0x3fad, + 0xb901, 0xc550, 0x2640, 0x5ef4, 0x7299, 0x97ee, 0x662c, 0x273e, 0xbd17, 0x17af, 0x4468, + 0x579b, 0x4449, 0x98f5, 0x1bd9, 0x2c7d, 0x5fb4, 0x5c8a, 0xc004, 0x9a3b, 0x6a78, 0x3929, + 0x118}; +static const arrayDigit ga_521_secp_plusOrder[] = + {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709, + 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0x1ff}; +static const arrayDigit ga_521_secp_x1OrderPlus[] = + {33, 0x6409, 0x9138, 0xb71e, 0xbb6f, 0x47ae, 0x899c, 0xc9b8, 0x3bb5, 0xa5d0, 0xf709, + 0x148, 0x7fcc, 0x966b, 0xbf2f, 0x8783, 0x5186, 0xfffa, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0x1ff}; +static const arrayDigit ga_521_secp_x1OrderPlusRecip[] = +{33, 0x9bf7, 0x6ec7, 0x48e1, 0x4490, 0xb851, 0x7663, 0x3647, 0xc44a, 0x5a2f, 0x8f6, 0xfeb7, 0x8033, 0x6994, 0x40d0, 0x787c, 0xae79, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}; +static const arrayDigit ga_521_secp_a[] = + {33, 0xfffc, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, + 0xffff, 0xffff, 0xffff, 0x1ff}; +static const arrayDigit ga_521_secp_b[] = + {33, 0x3f00, 0x6b50, 0x1fd4, 0xef45, 0x34f1, 0x3d2c, 0xdf88, 0x3573, 0xbf07, + 0x3bb1, 0xc0bd, 0x1652, 0x937b, 0xec7e, 0x3951, 0x5619, 0x9e1, 0x8ef1, 0x8991, + 0xb8b4, 0x15f3, 0x99b3, 0x725b, 0xa2da, 0x40ee, 0xb685, 0x21a0, 0x929a, 0x9a1f, + 0x8e1c, 0xb961, 0x953e, 0x51};