1 /* 2 * Copyright (C) 2017 - This file is part of libecc project 3 * 4 * Authors: 5 * Ryad BENADJILA <ryadbenadjila@gmail.com> 6 * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 7 * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr> 8 * 9 * Contributors: 10 * Nicolas VIVET <nicolas.vivet@ssi.gouv.fr> 11 * Karim KHALFALLAH <karim.khalfallah@ssi.gouv.fr> 12 * 13 * This software is licensed under a dual BSD and GPL v2 license. 14 * See LICENSE file at the root folder of the project. 15 */ 16 #include <libecc/lib_ecc_config.h> 17 #ifdef WITH_CURVE_BRAINPOOLP512R1 18 19 #ifndef __EC_PARAMS_BRAINPOOLP512R1_H__ 20 #define __EC_PARAMS_BRAINPOOLP512R1_H__ 21 #include "ec_params_external.h" 22 23 static const u8 brainpoolp512r1_p[] = { 24 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 25 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 26 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, 27 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 28 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, 29 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 30 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 31 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3 32 }; 33 34 TO_EC_STR_PARAM(brainpoolp512r1_p); 35 36 #define CURVE_BRAINPOOLP512R1_P_BITLEN 512 37 static const u8 brainpoolp512r1_p_bitlen[] = { 0x02, 0x00 }; 38 39 TO_EC_STR_PARAM(brainpoolp512r1_p_bitlen); 40 41 static const u8 brainpoolp512r1_r[] = { 42 0x55, 0x22, 0x62, 0x47, 0x24, 0x16, 0x3b, 0x74, 43 0xc0, 0x2b, 0x19, 0x51, 0xcc, 0x36, 0x03, 0xf8, 44 0x34, 0xcf, 0x72, 0x4c, 0x4c, 0x36, 0x2d, 0xf1, 45 0x29, 0x9c, 0x63, 0x35, 0x8f, 0xcc, 0xf7, 0x8e, 46 0x82, 0xb2, 0x64, 0xff, 0x64, 0x39, 0x97, 0xbd, 47 0x51, 0x32, 0x5e, 0xd5, 0x19, 0x5c, 0x7f, 0x19, 48 0xd7, 0x7e, 0x00, 0xd0, 0xd2, 0x7d, 0x39, 0x7a, 49 0xd7, 0x55, 0x9f, 0xa9, 0xa7, 0xc5, 0xb7, 0x0d 50 }; 51 52 TO_EC_STR_PARAM(brainpoolp512r1_r); 53 54 static const u8 brainpoolp512r1_r_square[] = { 55 0x3c, 0x4c, 0x9d, 0x05, 0xa9, 0xff, 0x64, 0x50, 56 0x20, 0x2e, 0x19, 0x40, 0x20, 0x56, 0xee, 0xcc, 57 0xa1, 0x6d, 0xaa, 0x5f, 0xd4, 0x2b, 0xff, 0x83, 58 0x19, 0x48, 0x6f, 0xd8, 0xd5, 0x89, 0x80, 0x57, 59 0xe0, 0xc1, 0x9a, 0x77, 0x83, 0x51, 0x4a, 0x25, 60 0x53, 0xb7, 0xf9, 0xbc, 0x90, 0x5a, 0xff, 0xd3, 61 0x79, 0x3f, 0xb1, 0x30, 0x27, 0x15, 0x79, 0x05, 62 0x49, 0xad, 0x14, 0x4a, 0x61, 0x58, 0xf2, 0x05 63 }; 64 65 TO_EC_STR_PARAM(brainpoolp512r1_r_square); 66 67 /* 68 * mpinv is -p^-1 mod 2^(bitsizeof(hword_t)), this means it depends 69 * on word size. 70 */ 71 static const u8 brainpoolp512r1_mpinv[] = { 72 0x83, 0x9b, 0x32, 0x20, 0x7d, 0x89, 0xef, 0xc5 73 }; 74 75 TO_EC_STR_PARAM(brainpoolp512r1_mpinv); 76 77 static const u8 brainpoolp512r1_p_shift[] = { 78 0x00 79 }; 80 81 TO_EC_STR_PARAM(brainpoolp512r1_p_shift); 82 83 #if (WORD_BYTES == 8) /* 64-bit words */ 84 static const u8 brainpoolp512r1_p_reciprocal[] = { 85 0x7f, 0x8d, 0x7f, 0x4e, 0xd6, 0xda, 0xeb, 0x8a 86 }; 87 #elif (WORD_BYTES == 4) /* 32-bit words */ 88 static const u8 brainpoolp512r1_p_reciprocal[] = { 89 0x7f, 0x8d, 0x7f, 0x4e 90 }; 91 #elif (WORD_BYTES == 2) /* 16-bit words */ 92 static const u8 brainpoolp512r1_p_reciprocal[] = { 93 0x7f, 0x8d 94 }; 95 #else /* unknown word size */ 96 #error "Unsupported word size" 97 #endif 98 TO_EC_STR_PARAM(brainpoolp512r1_p_reciprocal); 99 100 static const u8 brainpoolp512r1_a[] = { 101 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 102 0xE2, 0x32, 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5, 103 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10, 104 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, 105 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, 106 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 107 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 108 0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA 109 }; 110 111 TO_EC_STR_PARAM(brainpoolp512r1_a); 112 113 static const u8 brainpoolp512r1_b[] = { 114 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 115 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, 116 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, 117 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, 118 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, 119 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, 120 0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 121 0x28, 0x09, 0xBD, 0x63, 0x80, 0x16, 0xF7, 0x23 122 }; 123 124 TO_EC_STR_PARAM(brainpoolp512r1_b); 125 126 #define CURVE_BRAINPOOLP512R1_CURVE_ORDER_BITLEN 512 127 static const u8 brainpoolp512r1_curve_order[] = { 128 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 129 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 130 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, 131 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 132 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, 133 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 134 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 135 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 136 }; 137 138 TO_EC_STR_PARAM(brainpoolp512r1_curve_order); 139 140 static const u8 brainpoolp512r1_gx[] = { 141 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 142 0x5A, 0x21, 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93, 143 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1, 144 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, 145 0xFF, 0x3B, 0x1F, 0x78, 0xE2, 0xD0, 0xD4, 0x8D, 146 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, 147 0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 148 0x8B, 0x35, 0x22, 0x09, 0xBC, 0xB9, 0xF8, 0x22, 149 }; 150 151 TO_EC_STR_PARAM(brainpoolp512r1_gx); 152 153 static const u8 brainpoolp512r1_gy[] = { 154 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 155 0xC0, 0xEA, 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD, 156 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A, 157 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, 158 0xB2, 0xDC, 0xDE, 0x49, 0x4A, 0x5F, 0x48, 0x5E, 159 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, 160 0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 161 0x78, 0xCD, 0x1E, 0x0F, 0x3A, 0xD8, 0x08, 0x92 162 }; 163 164 TO_EC_STR_PARAM(brainpoolp512r1_gy); 165 166 static const u8 brainpoolp512r1_gz[] = { 167 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 171 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 172 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 174 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 175 }; 176 177 TO_EC_STR_PARAM(brainpoolp512r1_gz); 178 179 static const u8 brainpoolp512r1_gen_order[] = { 180 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 181 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 182 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, 183 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 184 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, 185 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 186 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 187 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69 188 }; 189 190 TO_EC_STR_PARAM(brainpoolp512r1_gen_order); 191 192 #define CURVE_BRAINPOOLP512R1_Q_BITLEN 512 193 static const u8 brainpoolp512r1_gen_order_bitlen[] = { 0x02, 0x00 }; 194 195 TO_EC_STR_PARAM(brainpoolp512r1_gen_order_bitlen); 196 197 static const u8 brainpoolp512r1_cofactor[] = { 0x01 }; 198 199 TO_EC_STR_PARAM(brainpoolp512r1_cofactor); 200 201 static const u8 brainpoolp512r1_alpha_montgomery[] = { 202 0x00, 203 }; 204 205 TO_EC_STR_PARAM_FIXED_SIZE(brainpoolp512r1_alpha_montgomery, 0); 206 207 static const u8 brainpoolp512r1_gamma_montgomery[] = { 208 0x00, 209 }; 210 211 TO_EC_STR_PARAM_FIXED_SIZE(brainpoolp512r1_gamma_montgomery, 0); 212 213 static const u8 brainpoolp512r1_alpha_edwards[] = { 214 0x00, 215 }; 216 217 TO_EC_STR_PARAM_FIXED_SIZE(brainpoolp512r1_alpha_edwards, 0); 218 219 static const u8 brainpoolp512r1_oid[] = "1.3.36.3.3.2.8.1.1.13"; 220 TO_EC_STR_PARAM(brainpoolp512r1_oid); 221 222 static const u8 brainpoolp512r1_name[] = "BRAINPOOLP512R1"; 223 TO_EC_STR_PARAM(brainpoolp512r1_name); 224 225 static const ec_str_params brainpoolp512r1_str_params = { 226 .p = &brainpoolp512r1_p_str_param, 227 .p_bitlen = &brainpoolp512r1_p_bitlen_str_param, 228 .r = &brainpoolp512r1_r_str_param, 229 .r_square = &brainpoolp512r1_r_square_str_param, 230 .mpinv = &brainpoolp512r1_mpinv_str_param, 231 .p_shift = &brainpoolp512r1_p_shift_str_param, 232 .p_normalized = &brainpoolp512r1_p_str_param, 233 .p_reciprocal = &brainpoolp512r1_p_reciprocal_str_param, 234 .a = &brainpoolp512r1_a_str_param, 235 .b = &brainpoolp512r1_b_str_param, 236 .curve_order = &brainpoolp512r1_curve_order_str_param, 237 .gx = &brainpoolp512r1_gx_str_param, 238 .gy = &brainpoolp512r1_gy_str_param, 239 .gz = &brainpoolp512r1_gz_str_param, 240 .gen_order = &brainpoolp512r1_gen_order_str_param, 241 .gen_order_bitlen = &brainpoolp512r1_gen_order_bitlen_str_param, 242 .cofactor = &brainpoolp512r1_cofactor_str_param, 243 .alpha_montgomery = &brainpoolp512r1_alpha_montgomery_str_param, 244 .gamma_montgomery = &brainpoolp512r1_gamma_montgomery_str_param, 245 .alpha_edwards = &brainpoolp512r1_alpha_edwards_str_param, 246 .oid = &brainpoolp512r1_oid_str_param, 247 .name = &brainpoolp512r1_name_str_param, 248 }; 249 250 /* 251 * Compute max bit length of all curves for p and q 252 */ 253 #ifndef CURVES_MAX_P_BIT_LEN 254 #define CURVES_MAX_P_BIT_LEN 0 255 #endif 256 #if (CURVES_MAX_P_BIT_LEN < CURVE_BRAINPOOLP512R1_P_BITLEN) 257 #undef CURVES_MAX_P_BIT_LEN 258 #define CURVES_MAX_P_BIT_LEN CURVE_BRAINPOOLP512R1_P_BITLEN 259 #endif 260 #ifndef CURVES_MAX_Q_BIT_LEN 261 #define CURVES_MAX_Q_BIT_LEN 0 262 #endif 263 #if (CURVES_MAX_Q_BIT_LEN < CURVE_BRAINPOOLP512R1_Q_BITLEN) 264 #undef CURVES_MAX_Q_BIT_LEN 265 #define CURVES_MAX_Q_BIT_LEN CURVE_BRAINPOOLP512R1_Q_BITLEN 266 #endif 267 #ifndef CURVES_MAX_CURVE_ORDER_BIT_LEN 268 #define CURVES_MAX_CURVE_ORDER_BIT_LEN 0 269 #endif 270 #if (CURVES_MAX_CURVE_ORDER_BIT_LEN < CURVE_BRAINPOOLP512R1_CURVE_ORDER_BITLEN) 271 #undef CURVES_MAX_CURVE_ORDER_BIT_LEN 272 #define CURVES_MAX_CURVE_ORDER_BIT_LEN CURVE_BRAINPOOLP512R1_CURVE_ORDER_BITLEN 273 #endif 274 275 #endif /* __EC_PARAMS_BRAINPOOLP512R1_H__ */ 276 #endif /* WITH_CURVE_BRAINPOOLP512R1 */ 277