1 /* 2 * Copyright (C) 2017 - This file is part of libecc project 3 * 4 * Authors: 5 * Ryad BENADJILA <ryadbenadjila@gmail.com> 6 * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 7 * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr> 8 * 9 * Contributors: 10 * Nicolas VIVET <nicolas.vivet@ssi.gouv.fr> 11 * Karim KHALFALLAH <karim.khalfallah@ssi.gouv.fr> 12 * 13 * This software is licensed under a dual BSD and GPL v2 license. 14 * See LICENSE file at the root folder of the project. 15 */ 16 #include <libecc/lib_ecc_config.h> 17 #ifdef WITH_CURVE_BRAINPOOLP384R1 18 19 #ifndef __EC_PARAMS_BRAINPOOLP384R1_H__ 20 #define __EC_PARAMS_BRAINPOOLP384R1_H__ 21 #include "ec_params_external.h" 22 23 static const u8 brainpoolp384r1_p[] = { 24 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 25 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 26 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, 27 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 28 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, 29 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53 30 }; 31 32 TO_EC_STR_PARAM(brainpoolp384r1_p); 33 34 #define CURVE_BRAINPOOLP384R1_P_BITLEN 384 35 static const u8 brainpoolp384r1_p_bitlen[] = { 0x01, 0x80 }; 36 37 TO_EC_STR_PARAM(brainpoolp384r1_p_bitlen); 38 39 static const u8 brainpoolp384r1_r[] = { 40 0x73, 0x46, 0xE1, 0x7D, 0x5C, 0xC7, 0x92, 0xD7, 41 0xF0, 0xA2, 0x90, 0x81, 0xAF, 0x19, 0xBE, 0x20, 42 0xEA, 0xD0, 0x8E, 0xF6, 0x12, 0xAB, 0xA9, 0x4B, 43 0xED, 0x4E, 0x25, 0xE6, 0x80, 0x48, 0xEE, 0xDC, 44 0x53, 0x2C, 0x58, 0xD6, 0x6F, 0xE2, 0xE5, 0x8E, 45 0x78, 0xB8, 0xFF, 0xEC, 0xCE, 0xF8, 0x13, 0xAD 46 }; 47 48 TO_EC_STR_PARAM(brainpoolp384r1_r); 49 50 static const u8 brainpoolp384r1_r_square[] = { 51 0x36, 0xBF, 0x68, 0x83, 0x17, 0x8D, 0xF8, 0x42, 52 0xD5, 0xC6, 0xEF, 0x3B, 0xA5, 0x7E, 0x05, 0x2C, 53 0x62, 0x14, 0x01, 0x91, 0x99, 0x18, 0xD5, 0xAF, 54 0x8E, 0x28, 0xF9, 0x9C, 0xC9, 0x94, 0x08, 0x99, 55 0x53, 0x52, 0x83, 0x34, 0x3D, 0x7F, 0xD9, 0x65, 56 0x08, 0x7C, 0xEF, 0xFF, 0x40, 0xB6, 0x4B, 0xDE 57 }; 58 59 TO_EC_STR_PARAM(brainpoolp384r1_r_square); 60 61 #if (WORD_BYTES == 8) /* 64-bit words */ 62 static const u8 brainpoolp384r1_mpinv[] = { 63 0x9A, 0x6E, 0xA9, 0x6C, 0xEA, 0x9E, 0xC8, 0x25 64 }; 65 #elif (WORD_BYTES == 4) /* 32-bit words */ 66 static const u8 brainpoolp384r1_mpinv[] = { 67 0xEA, 0x9E, 0xC8, 0x25 68 }; 69 #elif (WORD_BYTES == 2) /* 16-bit words */ 70 static const u8 brainpoolp384r1_mpinv[] = { 71 0xC8, 0x25 72 }; 73 #else /* unknown word size */ 74 #error "Unsupported word size" 75 #endif 76 77 TO_EC_STR_PARAM(brainpoolp384r1_mpinv); 78 79 static const u8 brainpoolp384r1_p_shift[] = { 80 0x00 81 }; 82 83 TO_EC_STR_PARAM(brainpoolp384r1_p_shift); 84 85 #if (WORD_BYTES == 8) /* 64-bit words */ 86 static const u8 brainpoolp384r1_p_reciprocal[] = { 87 0xD1, 0xB5, 0x75, 0xB1, 0x6D, 0x8E, 0xC6, 0xB8 88 }; 89 #elif (WORD_BYTES == 4) /* 32-bit words */ 90 static const u8 brainpoolp384r1_p_reciprocal[] = { 91 0xD1, 0xB5, 0x75, 0xB1 92 }; 93 #elif (WORD_BYTES == 2) /* 16-bit words */ 94 static const u8 brainpoolp384r1_p_reciprocal[] = { 95 0xD1, 0xB5 96 }; 97 #else /* unknown word size */ 98 #error "Unsupported word size" 99 #endif 100 TO_EC_STR_PARAM(brainpoolp384r1_p_reciprocal); 101 102 static const u8 brainpoolp384r1_a[] = { 103 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 104 0x3C, 0x72, 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0, 105 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87, 106 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, 107 0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB, 108 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26 109 }; 110 111 TO_EC_STR_PARAM(brainpoolp384r1_a); 112 113 static const u8 brainpoolp384r1_b[] = { 114 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 115 0x8B, 0x39, 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C, 116 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6, 117 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, 118 0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94, 119 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11 120 }; 121 122 TO_EC_STR_PARAM(brainpoolp384r1_b); 123 124 static const u8 brainpoolp384r1_curve_order[] = { 125 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 126 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 127 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, 128 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 129 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, 130 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 131 }; 132 133 TO_EC_STR_PARAM(brainpoolp384r1_curve_order); 134 135 static const u8 brainpoolp384r1_gx[] = { 136 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 137 0xA2, 0xA6, 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B, 138 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3, 139 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, 140 0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA, 141 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E 142 }; 143 144 TO_EC_STR_PARAM(brainpoolp384r1_gx); 145 146 static const u8 brainpoolp384r1_gy[] = { 147 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 148 0x5C, 0xB1, 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52, 149 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64, 150 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, 151 0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, 152 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15 153 }; 154 155 TO_EC_STR_PARAM(brainpoolp384r1_gy); 156 157 static const u8 brainpoolp384r1_gz[] = { 158 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 159 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 160 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 161 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 162 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 163 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 164 }; 165 166 TO_EC_STR_PARAM(brainpoolp384r1_gz); 167 168 #define CURVE_BRAINPOOLP384R1_CURVE_ORDER_BITLEN 384 169 static const u8 brainpoolp384r1_gen_order[] = { 170 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 171 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 172 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, 173 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 174 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, 175 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 176 }; 177 178 TO_EC_STR_PARAM(brainpoolp384r1_gen_order); 179 180 #define CURVE_BRAINPOOLP384R1_Q_BITLEN 384 181 static const u8 brainpoolp384r1_gen_order_bitlen[] = { 0x01, 0x80 }; 182 183 TO_EC_STR_PARAM(brainpoolp384r1_gen_order_bitlen); 184 185 static const u8 brainpoolp384r1_cofactor[] = { 0x01 }; 186 187 TO_EC_STR_PARAM(brainpoolp384r1_cofactor); 188 189 static const u8 brainpoolp384r1_alpha_montgomery[] = { 190 0x00, 191 }; 192 193 TO_EC_STR_PARAM_FIXED_SIZE(brainpoolp384r1_alpha_montgomery, 0); 194 195 static const u8 brainpoolp384r1_gamma_montgomery[] = { 196 0x00, 197 }; 198 199 TO_EC_STR_PARAM_FIXED_SIZE(brainpoolp384r1_gamma_montgomery, 0); 200 201 static const u8 brainpoolp384r1_alpha_edwards[] = { 202 0x00, 203 }; 204 205 TO_EC_STR_PARAM_FIXED_SIZE(brainpoolp384r1_alpha_edwards, 0); 206 207 static const u8 brainpoolp384r1_oid[] = "1.3.36.3.3.2.8.1.1.11"; 208 TO_EC_STR_PARAM(brainpoolp384r1_oid); 209 210 static const u8 brainpoolp384r1_name[] = "BRAINPOOLP384R1"; 211 TO_EC_STR_PARAM(brainpoolp384r1_name); 212 213 static const ec_str_params brainpoolp384r1_str_params = { 214 .p = &brainpoolp384r1_p_str_param, 215 .p_bitlen = &brainpoolp384r1_p_bitlen_str_param, 216 .r = &brainpoolp384r1_r_str_param, 217 .r_square = &brainpoolp384r1_r_square_str_param, 218 .mpinv = &brainpoolp384r1_mpinv_str_param, 219 .p_shift = &brainpoolp384r1_p_shift_str_param, 220 .p_normalized = &brainpoolp384r1_p_str_param, 221 .p_reciprocal = &brainpoolp384r1_p_reciprocal_str_param, 222 .a = &brainpoolp384r1_a_str_param, 223 .b = &brainpoolp384r1_b_str_param, 224 .curve_order = &brainpoolp384r1_curve_order_str_param, 225 .gx = &brainpoolp384r1_gx_str_param, 226 .gy = &brainpoolp384r1_gy_str_param, 227 .gz = &brainpoolp384r1_gz_str_param, 228 .gen_order = &brainpoolp384r1_gen_order_str_param, 229 .gen_order_bitlen = &brainpoolp384r1_gen_order_bitlen_str_param, 230 .cofactor = &brainpoolp384r1_cofactor_str_param, 231 .alpha_montgomery = &brainpoolp384r1_alpha_montgomery_str_param, 232 .gamma_montgomery = &brainpoolp384r1_gamma_montgomery_str_param, 233 .alpha_edwards = &brainpoolp384r1_alpha_edwards_str_param, 234 .oid = &brainpoolp384r1_oid_str_param, 235 .name = &brainpoolp384r1_name_str_param, 236 }; 237 238 /* 239 * Compute max bit length of all curves for p and q 240 */ 241 #ifndef CURVES_MAX_P_BIT_LEN 242 #define CURVES_MAX_P_BIT_LEN 0 243 #endif 244 #if (CURVES_MAX_P_BIT_LEN < CURVE_BRAINPOOLP384R1_P_BITLEN) 245 #undef CURVES_MAX_P_BIT_LEN 246 #define CURVES_MAX_P_BIT_LEN CURVE_BRAINPOOLP384R1_P_BITLEN 247 #endif 248 #ifndef CURVES_MAX_Q_BIT_LEN 249 #define CURVES_MAX_Q_BIT_LEN 0 250 #endif 251 #if (CURVES_MAX_Q_BIT_LEN < CURVE_BRAINPOOLP384R1_Q_BITLEN) 252 #undef CURVES_MAX_Q_BIT_LEN 253 #define CURVES_MAX_Q_BIT_LEN CURVE_BRAINPOOLP384R1_Q_BITLEN 254 #endif 255 #ifndef CURVES_MAX_CURVE_ORDER_BIT_LEN 256 #define CURVES_MAX_CURVE_ORDER_BIT_LEN 0 257 #endif 258 #if (CURVES_MAX_CURVE_ORDER_BIT_LEN < CURVE_BRAINPOOLP384R1_CURVE_ORDER_BITLEN) 259 #undef CURVES_MAX_CURVE_ORDER_BIT_LEN 260 #define CURVES_MAX_CURVE_ORDER_BIT_LEN CURVE_BRAINPOOLP384R1_CURVE_ORDER_BITLEN 261 #endif 262 263 #endif /* __EC_PARAMS_BRAINPOOLP384R1_H__ */ 264 265 #endif /* WITH_CURVE_BRAINPOOLP384R1 */ 266