/* * Elliptic curves over GF(p): curve-specific data and functions * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" #if !defined(MBEDTLS_ECP_WITH_MPI_UINT) #if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "bn_mul.h" #include "bignum_core.h" #include "ecp_invasive.h" #include <string.h> #if !defined(MBEDTLS_ECP_ALT) #define ECP_MPI_INIT(_p, _n) … #define ECP_MPI_INIT_ARRAY(x) … #define ECP_POINT_INIT_XY_Z0(x, y) … #define ECP_POINT_INIT_XY_Z1(x, y) … #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) /* For these curves, we build the group parameters dynamically. */ #define ECP_LOAD_GROUP static const mbedtls_mpi_uint mpi_one[] = …; #endif /* * Note: the constants are in little-endian order * to be directly usable in MPIs */ /* * Domain parameters for secp192r1 */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) static const mbedtls_mpi_uint secp192r1_p[] = …; static const mbedtls_mpi_uint secp192r1_b[] = …; static const mbedtls_mpi_uint secp192r1_gx[] = …; static const mbedtls_mpi_uint secp192r1_gy[] = …; static const mbedtls_mpi_uint secp192r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp192r1_T_0_X[] = …; static const mbedtls_mpi_uint secp192r1_T_0_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_1_X[] = …; static const mbedtls_mpi_uint secp192r1_T_1_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_2_X[] = …; static const mbedtls_mpi_uint secp192r1_T_2_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_3_X[] = …; static const mbedtls_mpi_uint secp192r1_T_3_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_4_X[] = …; static const mbedtls_mpi_uint secp192r1_T_4_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_5_X[] = …; static const mbedtls_mpi_uint secp192r1_T_5_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_6_X[] = …; static const mbedtls_mpi_uint secp192r1_T_6_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_7_X[] = …; static const mbedtls_mpi_uint secp192r1_T_7_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_8_X[] = …; static const mbedtls_mpi_uint secp192r1_T_8_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_9_X[] = …; static const mbedtls_mpi_uint secp192r1_T_9_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_10_X[] = …; static const mbedtls_mpi_uint secp192r1_T_10_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_11_X[] = …; static const mbedtls_mpi_uint secp192r1_T_11_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_12_X[] = …; static const mbedtls_mpi_uint secp192r1_T_12_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_13_X[] = …; static const mbedtls_mpi_uint secp192r1_T_13_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_14_X[] = …; static const mbedtls_mpi_uint secp192r1_T_14_Y[] = …; static const mbedtls_mpi_uint secp192r1_T_15_X[] = …; static const mbedtls_mpi_uint secp192r1_T_15_Y[] = …; static const mbedtls_ecp_point secp192r1_T[16] = …; #else #define secp192r1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ /* * Domain parameters for secp224r1 */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static const mbedtls_mpi_uint secp224r1_p[] = …; static const mbedtls_mpi_uint secp224r1_b[] = …; static const mbedtls_mpi_uint secp224r1_gx[] = …; static const mbedtls_mpi_uint secp224r1_gy[] = …; static const mbedtls_mpi_uint secp224r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp224r1_T_0_X[] = …; static const mbedtls_mpi_uint secp224r1_T_0_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_1_X[] = …; static const mbedtls_mpi_uint secp224r1_T_1_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_2_X[] = …; static const mbedtls_mpi_uint secp224r1_T_2_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_3_X[] = …; static const mbedtls_mpi_uint secp224r1_T_3_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_4_X[] = …; static const mbedtls_mpi_uint secp224r1_T_4_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_5_X[] = …; static const mbedtls_mpi_uint secp224r1_T_5_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_6_X[] = …; static const mbedtls_mpi_uint secp224r1_T_6_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_7_X[] = …; static const mbedtls_mpi_uint secp224r1_T_7_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_8_X[] = …; static const mbedtls_mpi_uint secp224r1_T_8_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_9_X[] = …; static const mbedtls_mpi_uint secp224r1_T_9_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_10_X[] = …; static const mbedtls_mpi_uint secp224r1_T_10_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_11_X[] = …; static const mbedtls_mpi_uint secp224r1_T_11_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_12_X[] = …; static const mbedtls_mpi_uint secp224r1_T_12_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_13_X[] = …; static const mbedtls_mpi_uint secp224r1_T_13_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_14_X[] = …; static const mbedtls_mpi_uint secp224r1_T_14_Y[] = …; static const mbedtls_mpi_uint secp224r1_T_15_X[] = …; static const mbedtls_mpi_uint secp224r1_T_15_Y[] = …; static const mbedtls_ecp_point secp224r1_T[16] = …; #else #define secp224r1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ /* * Domain parameters for secp256r1 */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static const mbedtls_mpi_uint secp256r1_p[] = …; static const mbedtls_mpi_uint secp256r1_b[] = …; static const mbedtls_mpi_uint secp256r1_gx[] = …; static const mbedtls_mpi_uint secp256r1_gy[] = …; static const mbedtls_mpi_uint secp256r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp256r1_T_0_X[] = …; static const mbedtls_mpi_uint secp256r1_T_0_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_1_X[] = …; static const mbedtls_mpi_uint secp256r1_T_1_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_2_X[] = …; static const mbedtls_mpi_uint secp256r1_T_2_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_3_X[] = …; static const mbedtls_mpi_uint secp256r1_T_3_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_4_X[] = …; static const mbedtls_mpi_uint secp256r1_T_4_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_5_X[] = …; static const mbedtls_mpi_uint secp256r1_T_5_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_6_X[] = …; static const mbedtls_mpi_uint secp256r1_T_6_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_7_X[] = …; static const mbedtls_mpi_uint secp256r1_T_7_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_8_X[] = …; static const mbedtls_mpi_uint secp256r1_T_8_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_9_X[] = …; static const mbedtls_mpi_uint secp256r1_T_9_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_10_X[] = …; static const mbedtls_mpi_uint secp256r1_T_10_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_11_X[] = …; static const mbedtls_mpi_uint secp256r1_T_11_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_12_X[] = …; static const mbedtls_mpi_uint secp256r1_T_12_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_13_X[] = …; static const mbedtls_mpi_uint secp256r1_T_13_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_14_X[] = …; static const mbedtls_mpi_uint secp256r1_T_14_Y[] = …; static const mbedtls_mpi_uint secp256r1_T_15_X[] = …; static const mbedtls_mpi_uint secp256r1_T_15_Y[] = …; static const mbedtls_ecp_point secp256r1_T[16] = …; #else #define secp256r1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ /* * Domain parameters for secp384r1 */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) static const mbedtls_mpi_uint secp384r1_p[] = …; static const mbedtls_mpi_uint secp384r1_b[] = …; static const mbedtls_mpi_uint secp384r1_gx[] = …; static const mbedtls_mpi_uint secp384r1_gy[] = …; static const mbedtls_mpi_uint secp384r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp384r1_T_0_X[] = …; static const mbedtls_mpi_uint secp384r1_T_0_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_1_X[] = …; static const mbedtls_mpi_uint secp384r1_T_1_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_2_X[] = …; static const mbedtls_mpi_uint secp384r1_T_2_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_3_X[] = …; static const mbedtls_mpi_uint secp384r1_T_3_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_4_X[] = …; static const mbedtls_mpi_uint secp384r1_T_4_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_5_X[] = …; static const mbedtls_mpi_uint secp384r1_T_5_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_6_X[] = …; static const mbedtls_mpi_uint secp384r1_T_6_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_7_X[] = …; static const mbedtls_mpi_uint secp384r1_T_7_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_8_X[] = …; static const mbedtls_mpi_uint secp384r1_T_8_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_9_X[] = …; static const mbedtls_mpi_uint secp384r1_T_9_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_10_X[] = …; static const mbedtls_mpi_uint secp384r1_T_10_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_11_X[] = …; static const mbedtls_mpi_uint secp384r1_T_11_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_12_X[] = …; static const mbedtls_mpi_uint secp384r1_T_12_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_13_X[] = …; static const mbedtls_mpi_uint secp384r1_T_13_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_14_X[] = …; static const mbedtls_mpi_uint secp384r1_T_14_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_15_X[] = …; static const mbedtls_mpi_uint secp384r1_T_15_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_16_X[] = …; static const mbedtls_mpi_uint secp384r1_T_16_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_17_X[] = …; static const mbedtls_mpi_uint secp384r1_T_17_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_18_X[] = …; static const mbedtls_mpi_uint secp384r1_T_18_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_19_X[] = …; static const mbedtls_mpi_uint secp384r1_T_19_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_20_X[] = …; static const mbedtls_mpi_uint secp384r1_T_20_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_21_X[] = …; static const mbedtls_mpi_uint secp384r1_T_21_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_22_X[] = …; static const mbedtls_mpi_uint secp384r1_T_22_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_23_X[] = …; static const mbedtls_mpi_uint secp384r1_T_23_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_24_X[] = …; static const mbedtls_mpi_uint secp384r1_T_24_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_25_X[] = …; static const mbedtls_mpi_uint secp384r1_T_25_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_26_X[] = …; static const mbedtls_mpi_uint secp384r1_T_26_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_27_X[] = …; static const mbedtls_mpi_uint secp384r1_T_27_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_28_X[] = …; static const mbedtls_mpi_uint secp384r1_T_28_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_29_X[] = …; static const mbedtls_mpi_uint secp384r1_T_29_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_30_X[] = …; static const mbedtls_mpi_uint secp384r1_T_30_Y[] = …; static const mbedtls_mpi_uint secp384r1_T_31_X[] = …; static const mbedtls_mpi_uint secp384r1_T_31_Y[] = …; static const mbedtls_ecp_point secp384r1_T[32] = …; #else #define secp384r1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ /* * Domain parameters for secp521r1 */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static const mbedtls_mpi_uint secp521r1_p[] = …; static const mbedtls_mpi_uint secp521r1_b[] = …; static const mbedtls_mpi_uint secp521r1_gx[] = …; static const mbedtls_mpi_uint secp521r1_gy[] = …; static const mbedtls_mpi_uint secp521r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp521r1_T_0_X[] = …; static const mbedtls_mpi_uint secp521r1_T_0_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_1_X[] = …; static const mbedtls_mpi_uint secp521r1_T_1_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_2_X[] = …; static const mbedtls_mpi_uint secp521r1_T_2_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_3_X[] = …; static const mbedtls_mpi_uint secp521r1_T_3_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_4_X[] = …; static const mbedtls_mpi_uint secp521r1_T_4_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_5_X[] = …; static const mbedtls_mpi_uint secp521r1_T_5_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_6_X[] = …; static const mbedtls_mpi_uint secp521r1_T_6_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_7_X[] = …; static const mbedtls_mpi_uint secp521r1_T_7_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_8_X[] = …; static const mbedtls_mpi_uint secp521r1_T_8_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_9_X[] = …; static const mbedtls_mpi_uint secp521r1_T_9_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_10_X[] = …; static const mbedtls_mpi_uint secp521r1_T_10_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_11_X[] = …; static const mbedtls_mpi_uint secp521r1_T_11_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_12_X[] = …; static const mbedtls_mpi_uint secp521r1_T_12_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_13_X[] = …; static const mbedtls_mpi_uint secp521r1_T_13_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_14_X[] = …; static const mbedtls_mpi_uint secp521r1_T_14_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_15_X[] = …; static const mbedtls_mpi_uint secp521r1_T_15_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_16_X[] = …; static const mbedtls_mpi_uint secp521r1_T_16_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_17_X[] = …; static const mbedtls_mpi_uint secp521r1_T_17_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_18_X[] = …; static const mbedtls_mpi_uint secp521r1_T_18_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_19_X[] = …; static const mbedtls_mpi_uint secp521r1_T_19_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_20_X[] = …; static const mbedtls_mpi_uint secp521r1_T_20_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_21_X[] = …; static const mbedtls_mpi_uint secp521r1_T_21_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_22_X[] = …; static const mbedtls_mpi_uint secp521r1_T_22_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_23_X[] = …; static const mbedtls_mpi_uint secp521r1_T_23_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_24_X[] = …; static const mbedtls_mpi_uint secp521r1_T_24_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_25_X[] = …; static const mbedtls_mpi_uint secp521r1_T_25_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_26_X[] = …; static const mbedtls_mpi_uint secp521r1_T_26_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_27_X[] = …; static const mbedtls_mpi_uint secp521r1_T_27_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_28_X[] = …; static const mbedtls_mpi_uint secp521r1_T_28_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_29_X[] = …; static const mbedtls_mpi_uint secp521r1_T_29_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_30_X[] = …; static const mbedtls_mpi_uint secp521r1_T_30_Y[] = …; static const mbedtls_mpi_uint secp521r1_T_31_X[] = …; static const mbedtls_mpi_uint secp521r1_T_31_Y[] = …; static const mbedtls_ecp_point secp521r1_T[32] = …; #else #define secp521r1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static const mbedtls_mpi_uint secp192k1_p[] = …; static const mbedtls_mpi_uint secp192k1_a[] = …; static const mbedtls_mpi_uint secp192k1_b[] = …; static const mbedtls_mpi_uint secp192k1_gx[] = …; static const mbedtls_mpi_uint secp192k1_gy[] = …; static const mbedtls_mpi_uint secp192k1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp192k1_T_0_X[] = …; static const mbedtls_mpi_uint secp192k1_T_0_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_1_X[] = …; static const mbedtls_mpi_uint secp192k1_T_1_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_2_X[] = …; static const mbedtls_mpi_uint secp192k1_T_2_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_3_X[] = …; static const mbedtls_mpi_uint secp192k1_T_3_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_4_X[] = …; static const mbedtls_mpi_uint secp192k1_T_4_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_5_X[] = …; static const mbedtls_mpi_uint secp192k1_T_5_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_6_X[] = …; static const mbedtls_mpi_uint secp192k1_T_6_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_7_X[] = …; static const mbedtls_mpi_uint secp192k1_T_7_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_8_X[] = …; static const mbedtls_mpi_uint secp192k1_T_8_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_9_X[] = …; static const mbedtls_mpi_uint secp192k1_T_9_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_10_X[] = …; static const mbedtls_mpi_uint secp192k1_T_10_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_11_X[] = …; static const mbedtls_mpi_uint secp192k1_T_11_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_12_X[] = …; static const mbedtls_mpi_uint secp192k1_T_12_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_13_X[] = …; static const mbedtls_mpi_uint secp192k1_T_13_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_14_X[] = …; static const mbedtls_mpi_uint secp192k1_T_14_Y[] = …; static const mbedtls_mpi_uint secp192k1_T_15_X[] = …; static const mbedtls_mpi_uint secp192k1_T_15_Y[] = …; static const mbedtls_ecp_point secp192k1_T[16] = …; #else #define secp192k1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static const mbedtls_mpi_uint secp224k1_p[] = …; static const mbedtls_mpi_uint secp224k1_a[] = …; static const mbedtls_mpi_uint secp224k1_b[] = …; static const mbedtls_mpi_uint secp224k1_gx[] = …; static const mbedtls_mpi_uint secp224k1_gy[] = …; static const mbedtls_mpi_uint secp224k1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp224k1_T_0_X[] = …; static const mbedtls_mpi_uint secp224k1_T_0_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_1_X[] = …; static const mbedtls_mpi_uint secp224k1_T_1_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_2_X[] = …; static const mbedtls_mpi_uint secp224k1_T_2_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_3_X[] = …; static const mbedtls_mpi_uint secp224k1_T_3_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_4_X[] = …; static const mbedtls_mpi_uint secp224k1_T_4_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_5_X[] = …; static const mbedtls_mpi_uint secp224k1_T_5_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_6_X[] = …; static const mbedtls_mpi_uint secp224k1_T_6_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_7_X[] = …; static const mbedtls_mpi_uint secp224k1_T_7_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_8_X[] = …; static const mbedtls_mpi_uint secp224k1_T_8_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_9_X[] = …; static const mbedtls_mpi_uint secp224k1_T_9_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_10_X[] = …; static const mbedtls_mpi_uint secp224k1_T_10_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_11_X[] = …; static const mbedtls_mpi_uint secp224k1_T_11_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_12_X[] = …; static const mbedtls_mpi_uint secp224k1_T_12_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_13_X[] = …; static const mbedtls_mpi_uint secp224k1_T_13_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_14_X[] = …; static const mbedtls_mpi_uint secp224k1_T_14_Y[] = …; static const mbedtls_mpi_uint secp224k1_T_15_X[] = …; static const mbedtls_mpi_uint secp224k1_T_15_Y[] = …; static const mbedtls_ecp_point secp224k1_T[16] = …; #else #define secp224k1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static const mbedtls_mpi_uint secp256k1_p[] = …; static const mbedtls_mpi_uint secp256k1_a[] = …; static const mbedtls_mpi_uint secp256k1_b[] = …; static const mbedtls_mpi_uint secp256k1_gx[] = …; static const mbedtls_mpi_uint secp256k1_gy[] = …; static const mbedtls_mpi_uint secp256k1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint secp256k1_T_0_X[] = …; static const mbedtls_mpi_uint secp256k1_T_0_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_1_X[] = …; static const mbedtls_mpi_uint secp256k1_T_1_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_2_X[] = …; static const mbedtls_mpi_uint secp256k1_T_2_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_3_X[] = …; static const mbedtls_mpi_uint secp256k1_T_3_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_4_X[] = …; static const mbedtls_mpi_uint secp256k1_T_4_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_5_X[] = …; static const mbedtls_mpi_uint secp256k1_T_5_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_6_X[] = …; static const mbedtls_mpi_uint secp256k1_T_6_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_7_X[] = …; static const mbedtls_mpi_uint secp256k1_T_7_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_8_X[] = …; static const mbedtls_mpi_uint secp256k1_T_8_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_9_X[] = …; static const mbedtls_mpi_uint secp256k1_T_9_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_10_X[] = …; static const mbedtls_mpi_uint secp256k1_T_10_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_11_X[] = …; static const mbedtls_mpi_uint secp256k1_T_11_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_12_X[] = …; static const mbedtls_mpi_uint secp256k1_T_12_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_13_X[] = …; static const mbedtls_mpi_uint secp256k1_T_13_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_14_X[] = …; static const mbedtls_mpi_uint secp256k1_T_14_Y[] = …; static const mbedtls_mpi_uint secp256k1_T_15_X[] = …; static const mbedtls_mpi_uint secp256k1_T_15_Y[] = …; static const mbedtls_ecp_point secp256k1_T[16] = …; #else #define secp256k1_T … #endif #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ /* * Domain parameters for brainpoolP256r1 (RFC 5639 3.4) */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) static const mbedtls_mpi_uint brainpoolP256r1_p[] = …; static const mbedtls_mpi_uint brainpoolP256r1_a[] = …; static const mbedtls_mpi_uint brainpoolP256r1_b[] = …; static const mbedtls_mpi_uint brainpoolP256r1_gx[] = …; static const mbedtls_mpi_uint brainpoolP256r1_gy[] = …; static const mbedtls_mpi_uint brainpoolP256r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = …; static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = …; static const mbedtls_ecp_point brainpoolP256r1_T[16] = …; #else #define brainpoolP256r1_T … #endif #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ /* * Domain parameters for brainpoolP384r1 (RFC 5639 3.6) */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) static const mbedtls_mpi_uint brainpoolP384r1_p[] = …; static const mbedtls_mpi_uint brainpoolP384r1_a[] = …; static const mbedtls_mpi_uint brainpoolP384r1_b[] = …; static const mbedtls_mpi_uint brainpoolP384r1_gx[] = …; static const mbedtls_mpi_uint brainpoolP384r1_gy[] = …; static const mbedtls_mpi_uint brainpoolP384r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = …; static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = …; static const mbedtls_ecp_point brainpoolP384r1_T[32] = …; #else #define brainpoolP384r1_T … #endif #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ /* * Domain parameters for brainpoolP512r1 (RFC 5639 3.7) */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) static const mbedtls_mpi_uint brainpoolP512r1_p[] = …; static const mbedtls_mpi_uint brainpoolP512r1_a[] = …; static const mbedtls_mpi_uint brainpoolP512r1_b[] = …; static const mbedtls_mpi_uint brainpoolP512r1_gx[] = …; static const mbedtls_mpi_uint brainpoolP512r1_gy[] = …; static const mbedtls_mpi_uint brainpoolP512r1_n[] = …; #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = …; static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = …; static const mbedtls_ecp_point brainpoolP512r1_T[32] = …; #else #define brainpoolP512r1_T … #endif #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ #if defined(ECP_LOAD_GROUP) /* * Create an MPI from embedded constants * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint)) */ static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len) { … } /* * Set an MPI to static value 1 */ static inline void ecp_mpi_set1(mbedtls_mpi *X) { … } /* * Make group available from embedded constants */ static int ecp_group_load(mbedtls_ecp_group *grp, const mbedtls_mpi_uint *p, size_t plen, const mbedtls_mpi_uint *a, size_t alen, const mbedtls_mpi_uint *b, size_t blen, const mbedtls_mpi_uint *gx, size_t gxlen, const mbedtls_mpi_uint *gy, size_t gylen, const mbedtls_mpi_uint *n, size_t nlen, const mbedtls_ecp_point *T) { … } #endif /* ECP_LOAD_GROUP */ #if defined(MBEDTLS_ECP_NIST_OPTIM) /* Forward declarations */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) static int ecp_mod_p192(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static int ecp_mod_p224(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static int ecp_mod_p256(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) static int ecp_mod_p384(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static int ecp_mod_p521(mbedtls_mpi *); #endif #define NIST_MODP(P) … #else #define NIST_MODP … #endif /* MBEDTLS_ECP_NIST_OPTIM */ /* Additional forward declarations */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) static int ecp_mod_p255(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) static int ecp_mod_p448(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static int ecp_mod_p192k1(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static int ecp_mod_p224k1(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static int ecp_mod_p256k1(mbedtls_mpi *); #endif #if defined(ECP_LOAD_GROUP) #define LOAD_GROUP_A(G) … #define LOAD_GROUP(G) … #endif /* ECP_LOAD_GROUP */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) /* Constants used by ecp_use_curve25519() */ static const mbedtls_mpi_sint curve25519_a24 = …; static const unsigned char curve25519_part_of_n[] = …; /* * Specialized function for creating the Curve25519 group */ static int ecp_use_curve25519(mbedtls_ecp_group *grp) { … } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) /* Constants used by ecp_use_curve448() */ static const mbedtls_mpi_sint curve448_a24 = …; static const unsigned char curve448_part_of_n[] = …; /* * Specialized function for creating the Curve448 group */ static int ecp_use_curve448(mbedtls_ecp_group *grp) { … } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ /* * Set a group using well-known domain parameters */ int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) { … } #if defined(MBEDTLS_ECP_NIST_OPTIM) /* * Fast reduction modulo the primes used by the NIST curves. * * These functions are critical for speed, but not needed for correct * operations. So, we make the choice to heavily rely on the internals of our * bignum library, which creates a tight coupling between these functions and * our MPI implementation. However, the coupling between the ECP module and * MPI remains loose, since these functions can be deactivated at will. */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) /* * Compared to the way things are presented in FIPS 186-3 D.2, * we proceed in columns, from right (least significant chunk) to left, * adding chunks to N in place, and keeping a carry for the next chunk. * This avoids moving things around in memory, and uselessly adding zeros, * compared to the more straightforward, line-oriented approach. * * For this prime we need to handle data in chunks of 64 bits. * Since this is always a multiple of our basic mbedtls_mpi_uint, we can * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it. */ /* Add 64-bit chunks (dst += src) and update carry */ static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry) { … } /* Add carry to a 64-bit chunk and update carry */ static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) { … } #define WIDTH … #define A … #define ADD(i) … #define NEXT … #define LAST … /* * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1) */ static int ecp_mod_p192(mbedtls_mpi *N) { … } #undef WIDTH #undef A #undef ADD #undef NEXT #undef LAST #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) /* * The reader is advised to first understand ecp_mod_p192() since the same * general structure is used here, but with additional complications: * (1) chunks of 32 bits, and (2) subtractions. */ /* * For these primes, we need to handle data in chunks of 32 bits. * This makes it more complicated if we use 64 bits limbs in MPI, * which prevents us from using a uniform access method as for p192. * * So, we define a mini abstraction layer to access 32 bit chunks, * load them in 'cur' for work, and store them back from 'cur' when done. * * While at it, also define the size of N in terms of 32-bit chunks. */ #define LOAD32 … #if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ #define MAX32 … #define A … #define STORE32 … #else /* 64-bit */ #define MAX32 … #define A … #define STORE32 … #endif /* sizeof( mbedtls_mpi_uint ) */ /* * Helpers for addition and subtraction of chunks, with signed carry. */ static inline void add32(uint32_t *dst, uint32_t src, signed char *carry) { … } static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry) { … } #define ADD(j) … #define SUB(j) … /* * Helpers for the main 'loop' */ #define INIT … #define NEXT … \ #define LAST … /* * If the result is negative, we get it in the form * c * 2^bits + N, with c negative and N positive shorter than 'bits' */ static void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits) { … } #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) /* * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) */ static int ecp_mod_p224(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) /* * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) */ static int ecp_mod_p256(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) /* * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4) */ static int ecp_mod_p384(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #undef A #undef LOAD32 #undef STORE32 #undef MAX32 #undef INIT #undef NEXT #undef LAST #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || MBEDTLS_ECP_DP_SECP256R1_ENABLED || MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) /* * Here we have an actual Mersenne prime, so things are more straightforward. * However, chunks are aligned on a 'weird' boundary (521 bits). */ /* Size of p521 in terms of mbedtls_mpi_uint */ #define P521_WIDTH … /* Bits to keep in the most significant mbedtls_mpi_uint */ #define P521_MASK … /* * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5) * Write N as A1 + 2^521 A0, return A0 + A1 */ static int ecp_mod_p521(mbedtls_mpi *N) { … } #undef P521_WIDTH #undef P521_MASK #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* MBEDTLS_ECP_NIST_OPTIM */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) /* Size of p255 in terms of mbedtls_mpi_uint */ #define P255_WIDTH … /* * Fast quasi-reduction modulo p255 = 2^255 - 19 * Write N as A0 + 2^256 A1, return A0 + 38 * A1 */ static int ecp_mod_p255(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) /* Size of p448 in terms of mbedtls_mpi_uint */ #define P448_WIDTH … /* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ #define DIV_ROUND_UP(X, Y) … #define P224_SIZE … #define P224_WIDTH_MIN … #define P224_WIDTH_MAX … #define P224_UNUSED_BITS … /* * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference * implementation of Curve448, which uses its own special 56-bit limbs rather * than a generic bignum library. We could squeeze some extra speed out on * 32-bit machines by splitting N up into 32-bit limbs and doing the * arithmetic using the limbs directly as we do for the NIST primes above, * but for 64-bit targets it should use half the number of operations if we do * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. */ static int ecp_mod_p448(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) /* * Fast quasi-reduction modulo P = 2^s - R, * with R about 33 bits, used by the Koblitz curves. * * Write N as A0 + 2^224 A1, return A0 + R * A1. * Actually do two passes, since R is big. */ #define P_KOBLITZ_MAX … #define P_KOBLITZ_R … static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs, size_t adjust, size_t shift, mbedtls_mpi_uint mask) { … } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || MBEDTLS_ECP_DP_SECP224K1_ENABLED) || MBEDTLS_ECP_DP_SECP256K1_ENABLED) */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) /* * Fast quasi-reduction modulo p192k1 = 2^192 - R, * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9 */ static int ecp_mod_p192k1(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) /* * Fast quasi-reduction modulo p224k1 = 2^224 - R, * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 */ static int ecp_mod_p224k1(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) /* * Fast quasi-reduction modulo p256k1 = 2^256 - R, * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 */ static int ecp_mod_p256k1(mbedtls_mpi *N) { … } #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) MBEDTLS_STATIC_TESTABLE mbedtls_ecp_variant mbedtls_ecp_get_variant(void) { return MBEDTLS_ECP_VARIANT_WITH_MPI_STRUCT; } #endif /* MBEDTLS_TEST_HOOKS */ #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_ECP_WITH_MPI_UINT */
Codebase Browser
godot