X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fec%2Fec_curve.c;h=f14611fc6b679d360f81066db856ed126b4ffbf9;hp=23274e4031c6fbeb00b1cf364c3bb250a011f2ae;hb=bc792813f0bd02deff545aaba3b81334956779da;hpb=0d0ed9187a48797b867e0ffc32b3ea9c5cc30639 diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 23274e4031..f14611fc6b 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -69,9 +69,11 @@ * */ +#include #include "ec_lcl.h" #include #include +#include typedef struct { int field_type, /* either NID_X9_62_prime_field or @@ -703,6 +705,8 @@ static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; } 0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D } }; +#ifndef OPENSSL_NO_EC2M + /* characteristic two curves */ static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; } _EC_SECG_CHAR2_113R1 = { @@ -1300,7 +1304,7 @@ static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; } { 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, /* seed */ 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD, - 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ + 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, 0x07, 0x01,0x08,0xB3,0x9E,0x77,0xC4,0xB1,0x08,0xBE,0xD9, /* a */ @@ -1817,103 +1821,571 @@ static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; } 0xBA,0xFC,0xA7,0x5E } }; +#endif + +/* These curves were added by Annie Yousar + * For the definition of RFC 5639 curves see + * http://www.ietf.org/rfc/rfc5639.txt + * These curves are generated verifiable at random, nevertheless the seed is + * omitted as parameter because the generation mechanism is different from + * those defined in ANSI X9.62. + */ + +static const struct { EC_CURVE_DATA h; unsigned char data[0+20*6]; } + _EC_brainpoolP160r1 = { + { NID_X9_62_prime_field, 0,20,1 }, + { /* no seed */ + 0xE9,0x5E,0x4A,0x5F,0x73,0x70,0x59,0xDC,0x60,0xDF, /* p */ + 0xC7,0xAD,0x95,0xB3,0xD8,0x13,0x95,0x15,0x62,0x0F, + 0x34,0x0E,0x7B,0xE2,0xA2,0x80,0xEB,0x74,0xE2,0xBE, /* a */ + 0x61,0xBA,0xDA,0x74,0x5D,0x97,0xE8,0xF7,0xC3,0x00, + 0x1E,0x58,0x9A,0x85,0x95,0x42,0x34,0x12,0x13,0x4F, /* b */ + 0xAA,0x2D,0xBD,0xEC,0x95,0xC8,0xD8,0x67,0x5E,0x58, + 0xBE,0xD5,0xAF,0x16,0xEA,0x3F,0x6A,0x4F,0x62,0x93, /* x */ + 0x8C,0x46,0x31,0xEB,0x5A,0xF7,0xBD,0xBC,0xDB,0xC3, + 0x16,0x67,0xCB,0x47,0x7A,0x1A,0x8E,0xC3,0x38,0xF9, /* y */ + 0x47,0x41,0x66,0x9C,0x97,0x63,0x16,0xDA,0x63,0x21, + 0xE9,0x5E,0x4A,0x5F,0x73,0x70,0x59,0xDC,0x60,0xDF, /* order */ + 0x59,0x91,0xD4,0x50,0x29,0x40,0x9E,0x60,0xFC,0x09 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+20*6]; } + _EC_brainpoolP160t1 = { + { NID_X9_62_prime_field, 0,20,1 }, + { /* no seed */ + 0xE9,0x5E,0x4A,0x5F,0x73,0x70,0x59,0xDC,0x60,0xDF, /* p */ + 0xC7,0xAD,0x95,0xB3,0xD8,0x13,0x95,0x15,0x62,0x0F, + 0xE9,0x5E,0x4A,0x5F,0x73,0x70,0x59,0xDC,0x60,0xDF, /* a */ + 0xC7,0xAD,0x95,0xB3,0xD8,0x13,0x95,0x15,0x62,0x0C, + 0x7A,0x55,0x6B,0x6D,0xAE,0x53,0x5B,0x7B,0x51,0xED, /* b */ + 0x2C,0x4D,0x7D,0xAA,0x7A,0x0B,0x5C,0x55,0xF3,0x80, + 0xB1,0x99,0xB1,0x3B,0x9B,0x34,0xEF,0xC1,0x39,0x7E, /* x */ + 0x64,0xBA,0xEB,0x05,0xAC,0xC2,0x65,0xFF,0x23,0x78, + 0xAD,0xD6,0x71,0x8B,0x7C,0x7C,0x19,0x61,0xF0,0x99, /* y */ + 0x1B,0x84,0x24,0x43,0x77,0x21,0x52,0xC9,0xE0,0xAD, + 0xE9,0x5E,0x4A,0x5F,0x73,0x70,0x59,0xDC,0x60,0xDF, /* order */ + 0x59,0x91,0xD4,0x50,0x29,0x40,0x9E,0x60,0xFC,0x09 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; } + _EC_brainpoolP192r1 = { + { NID_X9_62_prime_field, 0,24,1 }, + { /* no seed */ + 0xC3,0x02,0xF4,0x1D,0x93,0x2A,0x36,0xCD,0xA7,0xA3, /* p */ + 0x46,0x30,0x93,0xD1,0x8D,0xB7,0x8F,0xCE,0x47,0x6D, + 0xE1,0xA8,0x62,0x97, + 0x6A,0x91,0x17,0x40,0x76,0xB1,0xE0,0xE1,0x9C,0x39, /* a */ + 0xC0,0x31,0xFE,0x86,0x85,0xC1,0xCA,0xE0,0x40,0xE5, + 0xC6,0x9A,0x28,0xEF, + 0x46,0x9A,0x28,0xEF,0x7C,0x28,0xCC,0xA3,0xDC,0x72, /* b */ + 0x1D,0x04,0x4F,0x44,0x96,0xBC,0xCA,0x7E,0xF4,0x14, + 0x6F,0xBF,0x25,0xC9, + 0xC0,0xA0,0x64,0x7E,0xAA,0xB6,0xA4,0x87,0x53,0xB0, /* x */ + 0x33,0xC5,0x6C,0xB0,0xF0,0x90,0x0A,0x2F,0x5C,0x48, + 0x53,0x37,0x5F,0xD6, + 0x14,0xB6,0x90,0x86,0x6A,0xBD,0x5B,0xB8,0x8B,0x5F, /* y */ + 0x48,0x28,0xC1,0x49,0x00,0x02,0xE6,0x77,0x3F,0xA2, + 0xFA,0x29,0x9B,0x8F, + 0xC3,0x02,0xF4,0x1D,0x93,0x2A,0x36,0xCD,0xA7,0xA3, /* order */ + 0x46,0x2F,0x9E,0x9E,0x91,0x6B,0x5B,0xE8,0xF1,0x02, + 0x9A,0xC4,0xAC,0xC1 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; } + _EC_brainpoolP192t1 = { + { NID_X9_62_prime_field, 0,24,1 }, + { /* no seed */ + 0xC3,0x02,0xF4,0x1D,0x93,0x2A,0x36,0xCD,0xA7,0xA3, /* p */ + 0x46,0x30,0x93,0xD1,0x8D,0xB7,0x8F,0xCE,0x47,0x6D, + 0xE1,0xA8,0x62,0x97, + 0xC3,0x02,0xF4,0x1D,0x93,0x2A,0x36,0xCD,0xA7,0xA3, /* a */ + 0x46,0x30,0x93,0xD1,0x8D,0xB7,0x8F,0xCE,0x47,0x6D, + 0xE1,0xA8,0x62,0x94, + 0x13,0xD5,0x6F,0xFA,0xEC,0x78,0x68,0x1E,0x68,0xF9, /* b */ + 0xDE,0xB4,0x3B,0x35,0xBE,0xC2,0xFB,0x68,0x54,0x2E, + 0x27,0x89,0x7B,0x79, + 0x3A,0xE9,0xE5,0x8C,0x82,0xF6,0x3C,0x30,0x28,0x2E, /* x */ + 0x1F,0xE7,0xBB,0xF4,0x3F,0xA7,0x2C,0x44,0x6A,0xF6, + 0xF4,0x61,0x81,0x29, + 0x09,0x7E,0x2C,0x56,0x67,0xC2,0x22,0x3A,0x90,0x2A, /* y */ + 0xB5,0xCA,0x44,0x9D,0x00,0x84,0xB7,0xE5,0xB3,0xDE, + 0x7C,0xCC,0x01,0xC9, + 0xC3,0x02,0xF4,0x1D,0x93,0x2A,0x36,0xCD,0xA7,0xA3, /* order */ + 0x46,0x2F,0x9E,0x9E,0x91,0x6B,0x5B,0xE8,0xF1,0x02, + 0x9A,0xC4,0xAC,0xC1 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; } + _EC_brainpoolP224r1 = { + { NID_X9_62_prime_field, 0,28,1 }, + { /* no seed */ + 0xD7,0xC1,0x34,0xAA,0x26,0x43,0x66,0x86,0x2A,0x18, /* p */ + 0x30,0x25,0x75,0xD1,0xD7,0x87,0xB0,0x9F,0x07,0x57, + 0x97,0xDA,0x89,0xF5,0x7E,0xC8,0xC0,0xFF, + 0x68,0xA5,0xE6,0x2C,0xA9,0xCE,0x6C,0x1C,0x29,0x98, /* a */ + 0x03,0xA6,0xC1,0x53,0x0B,0x51,0x4E,0x18,0x2A,0xD8, + 0xB0,0x04,0x2A,0x59,0xCA,0xD2,0x9F,0x43, + 0x25,0x80,0xF6,0x3C,0xCF,0xE4,0x41,0x38,0x87,0x07, /* b */ + 0x13,0xB1,0xA9,0x23,0x69,0xE3,0x3E,0x21,0x35,0xD2, + 0x66,0xDB,0xB3,0x72,0x38,0x6C,0x40,0x0B, + 0x0D,0x90,0x29,0xAD,0x2C,0x7E,0x5C,0xF4,0x34,0x08, /* x */ + 0x23,0xB2,0xA8,0x7D,0xC6,0x8C,0x9E,0x4C,0xE3,0x17, + 0x4C,0x1E,0x6E,0xFD,0xEE,0x12,0xC0,0x7D, + 0x58,0xAA,0x56,0xF7,0x72,0xC0,0x72,0x6F,0x24,0xC6, /* y */ + 0xB8,0x9E,0x4E,0xCD,0xAC,0x24,0x35,0x4B,0x9E,0x99, + 0xCA,0xA3,0xF6,0xD3,0x76,0x14,0x02,0xCD, + 0xD7,0xC1,0x34,0xAA,0x26,0x43,0x66,0x86,0x2A,0x18, /* order */ + 0x30,0x25,0x75,0xD0,0xFB,0x98,0xD1,0x16,0xBC,0x4B, + 0x6D,0xDE,0xBC,0xA3,0xA5,0xA7,0x93,0x9F } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; } + _EC_brainpoolP224t1 = { + { NID_X9_62_prime_field, 0,28,1 }, + { /* no seed */ + 0xD7,0xC1,0x34,0xAA,0x26,0x43,0x66,0x86,0x2A,0x18, /* p */ + 0x30,0x25,0x75,0xD1,0xD7,0x87,0xB0,0x9F,0x07,0x57, + 0x97,0xDA,0x89,0xF5,0x7E,0xC8,0xC0,0xFF, + 0xD7,0xC1,0x34,0xAA,0x26,0x43,0x66,0x86,0x2A,0x18, /* a */ + 0x30,0x25,0x75,0xD1,0xD7,0x87,0xB0,0x9F,0x07,0x57, + 0x97,0xDA,0x89,0xF5,0x7E,0xC8,0xC0,0xFC, + 0x4B,0x33,0x7D,0x93,0x41,0x04,0xCD,0x7B,0xEF,0x27, /* b */ + 0x1B,0xF6,0x0C,0xED,0x1E,0xD2,0x0D,0xA1,0x4C,0x08, + 0xB3,0xBB,0x64,0xF1,0x8A,0x60,0x88,0x8D, + 0x6A,0xB1,0xE3,0x44,0xCE,0x25,0xFF,0x38,0x96,0x42, /* x */ + 0x4E,0x7F,0xFE,0x14,0x76,0x2E,0xCB,0x49,0xF8,0x92, + 0x8A,0xC0,0xC7,0x60,0x29,0xB4,0xD5,0x80, + 0x03,0x74,0xE9,0xF5,0x14,0x3E,0x56,0x8C,0xD2,0x3F, /* y */ + 0x3F,0x4D,0x7C,0x0D,0x4B,0x1E,0x41,0xC8,0xCC,0x0D, + 0x1C,0x6A,0xBD,0x5F,0x1A,0x46,0xDB,0x4C, + 0xD7,0xC1,0x34,0xAA,0x26,0x43,0x66,0x86,0x2A,0x18, /* order */ + 0x30,0x25,0x75,0xD0,0xFB,0x98,0xD1,0x16,0xBC,0x4B, + 0x6D,0xDE,0xBC,0xA3,0xA5,0xA7,0x93,0x9F } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; } + _EC_brainpoolP256r1 = { + { NID_X9_62_prime_field, 0,32,1 }, + { /* no seed */ + 0xA9,0xFB,0x57,0xDB,0xA1,0xEE,0xA9,0xBC,0x3E,0x66, /* p */ + 0x0A,0x90,0x9D,0x83,0x8D,0x72,0x6E,0x3B,0xF6,0x23, + 0xD5,0x26,0x20,0x28,0x20,0x13,0x48,0x1D,0x1F,0x6E, + 0x53,0x77, + 0x7D,0x5A,0x09,0x75,0xFC,0x2C,0x30,0x57,0xEE,0xF6, /* a */ + 0x75,0x30,0x41,0x7A,0xFF,0xE7,0xFB,0x80,0x55,0xC1, + 0x26,0xDC,0x5C,0x6C,0xE9,0x4A,0x4B,0x44,0xF3,0x30, + 0xB5,0xD9, + 0x26,0xDC,0x5C,0x6C,0xE9,0x4A,0x4B,0x44,0xF3,0x30, /* b */ + 0xB5,0xD9,0xBB,0xD7,0x7C,0xBF,0x95,0x84,0x16,0x29, + 0x5C,0xF7,0xE1,0xCE,0x6B,0xCC,0xDC,0x18,0xFF,0x8C, + 0x07,0xB6, + 0x8B,0xD2,0xAE,0xB9,0xCB,0x7E,0x57,0xCB,0x2C,0x4B, /* x */ + 0x48,0x2F,0xFC,0x81,0xB7,0xAF,0xB9,0xDE,0x27,0xE1, + 0xE3,0xBD,0x23,0xC2,0x3A,0x44,0x53,0xBD,0x9A,0xCE, + 0x32,0x62, + 0x54,0x7E,0xF8,0x35,0xC3,0xDA,0xC4,0xFD,0x97,0xF8, /* y */ + 0x46,0x1A,0x14,0x61,0x1D,0xC9,0xC2,0x77,0x45,0x13, + 0x2D,0xED,0x8E,0x54,0x5C,0x1D,0x54,0xC7,0x2F,0x04, + 0x69,0x97, + 0xA9,0xFB,0x57,0xDB,0xA1,0xEE,0xA9,0xBC,0x3E,0x66, /* order */ + 0x0A,0x90,0x9D,0x83,0x8D,0x71,0x8C,0x39,0x7A,0xA3, + 0xB5,0x61,0xA6,0xF7,0x90,0x1E,0x0E,0x82,0x97,0x48, + 0x56,0xA7 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; } + _EC_brainpoolP256t1 = { + { NID_X9_62_prime_field, 0,32,1 }, + { /* no seed */ + 0xA9,0xFB,0x57,0xDB,0xA1,0xEE,0xA9,0xBC,0x3E,0x66, /* p */ + 0x0A,0x90,0x9D,0x83,0x8D,0x72,0x6E,0x3B,0xF6,0x23, + 0xD5,0x26,0x20,0x28,0x20,0x13,0x48,0x1D,0x1F,0x6E, + 0x53,0x77, + 0xA9,0xFB,0x57,0xDB,0xA1,0xEE,0xA9,0xBC,0x3E,0x66, /* a */ + 0x0A,0x90,0x9D,0x83,0x8D,0x72,0x6E,0x3B,0xF6,0x23, + 0xD5,0x26,0x20,0x28,0x20,0x13,0x48,0x1D,0x1F,0x6E, + 0x53,0x74, + 0x66,0x2C,0x61,0xC4,0x30,0xD8,0x4E,0xA4,0xFE,0x66, /* b */ + 0xA7,0x73,0x3D,0x0B,0x76,0xB7,0xBF,0x93,0xEB,0xC4, + 0xAF,0x2F,0x49,0x25,0x6A,0xE5,0x81,0x01,0xFE,0xE9, + 0x2B,0x04, + 0xA3,0xE8,0xEB,0x3C,0xC1,0xCF,0xE7,0xB7,0x73,0x22, /* x */ + 0x13,0xB2,0x3A,0x65,0x61,0x49,0xAF,0xA1,0x42,0xC4, + 0x7A,0xAF,0xBC,0x2B,0x79,0xA1,0x91,0x56,0x2E,0x13, + 0x05,0xF4, + 0x2D,0x99,0x6C,0x82,0x34,0x39,0xC5,0x6D,0x7F,0x7B, /* y */ + 0x22,0xE1,0x46,0x44,0x41,0x7E,0x69,0xBC,0xB6,0xDE, + 0x39,0xD0,0x27,0x00,0x1D,0xAB,0xE8,0xF3,0x5B,0x25, + 0xC9,0xBE, + 0xA9,0xFB,0x57,0xDB,0xA1,0xEE,0xA9,0xBC,0x3E,0x66, /* order */ + 0x0A,0x90,0x9D,0x83,0x8D,0x71,0x8C,0x39,0x7A,0xA3, + 0xB5,0x61,0xA6,0xF7,0x90,0x1E,0x0E,0x82,0x97,0x48, + 0x56,0xA7 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+40*6]; } + _EC_brainpoolP320r1 = { + { NID_X9_62_prime_field, 0,40,1 }, + { /* no seed */ + 0xD3,0x5E,0x47,0x20,0x36,0xBC,0x4F,0xB7,0xE1,0x3C, /* p */ + 0x78,0x5E,0xD2,0x01,0xE0,0x65,0xF9,0x8F,0xCF,0xA6, + 0xF6,0xF4,0x0D,0xEF,0x4F,0x92,0xB9,0xEC,0x78,0x93, + 0xEC,0x28,0xFC,0xD4,0x12,0xB1,0xF1,0xB3,0x2E,0x27, + 0x3E,0xE3,0x0B,0x56,0x8F,0xBA,0xB0,0xF8,0x83,0xCC, /* a */ + 0xEB,0xD4,0x6D,0x3F,0x3B,0xB8,0xA2,0xA7,0x35,0x13, + 0xF5,0xEB,0x79,0xDA,0x66,0x19,0x0E,0xB0,0x85,0xFF, + 0xA9,0xF4,0x92,0xF3,0x75,0xA9,0x7D,0x86,0x0E,0xB4, + 0x52,0x08,0x83,0x94,0x9D,0xFD,0xBC,0x42,0xD3,0xAD, /* b */ + 0x19,0x86,0x40,0x68,0x8A,0x6F,0xE1,0x3F,0x41,0x34, + 0x95,0x54,0xB4,0x9A,0xCC,0x31,0xDC,0xCD,0x88,0x45, + 0x39,0x81,0x6F,0x5E,0xB4,0xAC,0x8F,0xB1,0xF1,0xA6, + 0x43,0xBD,0x7E,0x9A,0xFB,0x53,0xD8,0xB8,0x52,0x89, /* x */ + 0xBC,0xC4,0x8E,0xE5,0xBF,0xE6,0xF2,0x01,0x37,0xD1, + 0x0A,0x08,0x7E,0xB6,0xE7,0x87,0x1E,0x2A,0x10,0xA5, + 0x99,0xC7,0x10,0xAF,0x8D,0x0D,0x39,0xE2,0x06,0x11, + 0x14,0xFD,0xD0,0x55,0x45,0xEC,0x1C,0xC8,0xAB,0x40, /* y */ + 0x93,0x24,0x7F,0x77,0x27,0x5E,0x07,0x43,0xFF,0xED, + 0x11,0x71,0x82,0xEA,0xA9,0xC7,0x78,0x77,0xAA,0xAC, + 0x6A,0xC7,0xD3,0x52,0x45,0xD1,0x69,0x2E,0x8E,0xE1, + 0xD3,0x5E,0x47,0x20,0x36,0xBC,0x4F,0xB7,0xE1,0x3C, /* order */ + 0x78,0x5E,0xD2,0x01,0xE0,0x65,0xF9,0x8F,0xCF,0xA5, + 0xB6,0x8F,0x12,0xA3,0x2D,0x48,0x2E,0xC7,0xEE,0x86, + 0x58,0xE9,0x86,0x91,0x55,0x5B,0x44,0xC5,0x93,0x11 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+40*6]; } + _EC_brainpoolP320t1 = { + { NID_X9_62_prime_field, 0,40,1 }, + { /* no seed */ + 0xD3,0x5E,0x47,0x20,0x36,0xBC,0x4F,0xB7,0xE1,0x3C, /* p */ + 0x78,0x5E,0xD2,0x01,0xE0,0x65,0xF9,0x8F,0xCF,0xA6, + 0xF6,0xF4,0x0D,0xEF,0x4F,0x92,0xB9,0xEC,0x78,0x93, + 0xEC,0x28,0xFC,0xD4,0x12,0xB1,0xF1,0xB3,0x2E,0x27, + 0xD3,0x5E,0x47,0x20,0x36,0xBC,0x4F,0xB7,0xE1,0x3C, /* a */ + 0x78,0x5E,0xD2,0x01,0xE0,0x65,0xF9,0x8F,0xCF,0xA6, + 0xF6,0xF4,0x0D,0xEF,0x4F,0x92,0xB9,0xEC,0x78,0x93, + 0xEC,0x28,0xFC,0xD4,0x12,0xB1,0xF1,0xB3,0x2E,0x24, + 0xA7,0xF5,0x61,0xE0,0x38,0xEB,0x1E,0xD5,0x60,0xB3, /* b */ + 0xD1,0x47,0xDB,0x78,0x20,0x13,0x06,0x4C,0x19,0xF2, + 0x7E,0xD2,0x7C,0x67,0x80,0xAA,0xF7,0x7F,0xB8,0xA5, + 0x47,0xCE,0xB5,0xB4,0xFE,0xF4,0x22,0x34,0x03,0x53, + 0x92,0x5B,0xE9,0xFB,0x01,0xAF,0xC6,0xFB,0x4D,0x3E, /* x */ + 0x7D,0x49,0x90,0x01,0x0F,0x81,0x34,0x08,0xAB,0x10, + 0x6C,0x4F,0x09,0xCB,0x7E,0xE0,0x78,0x68,0xCC,0x13, + 0x6F,0xFF,0x33,0x57,0xF6,0x24,0xA2,0x1B,0xED,0x52, + 0x63,0xBA,0x3A,0x7A,0x27,0x48,0x3E,0xBF,0x66,0x71, /* y */ + 0xDB,0xEF,0x7A,0xBB,0x30,0xEB,0xEE,0x08,0x4E,0x58, + 0xA0,0xB0,0x77,0xAD,0x42,0xA5,0xA0,0x98,0x9D,0x1E, + 0xE7,0x1B,0x1B,0x9B,0xC0,0x45,0x5F,0xB0,0xD2,0xC3, + 0xD3,0x5E,0x47,0x20,0x36,0xBC,0x4F,0xB7,0xE1,0x3C, /* order */ + 0x78,0x5E,0xD2,0x01,0xE0,0x65,0xF9,0x8F,0xCF,0xA5, + 0xB6,0x8F,0x12,0xA3,0x2D,0x48,0x2E,0xC7,0xEE,0x86, + 0x58,0xE9,0x86,0x91,0x55,0x5B,0x44,0xC5,0x93,0x11 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+48*6]; } + _EC_brainpoolP384r1 = { + { NID_X9_62_prime_field, 0,48,1 }, + { /* no seed */ + 0x8C,0xB9,0x1E,0x82,0xA3,0x38,0x6D,0x28,0x0F,0x5D, /* p */ + 0x6F,0x7E,0x50,0xE6,0x41,0xDF,0x15,0x2F,0x71,0x09, + 0xED,0x54,0x56,0xB4,0x12,0xB1,0xDA,0x19,0x7F,0xB7, + 0x11,0x23,0xAC,0xD3,0xA7,0x29,0x90,0x1D,0x1A,0x71, + 0x87,0x47,0x00,0x13,0x31,0x07,0xEC,0x53, + 0x7B,0xC3,0x82,0xC6,0x3D,0x8C,0x15,0x0C,0x3C,0x72, /* a */ + 0x08,0x0A,0xCE,0x05,0xAF,0xA0,0xC2,0xBE,0xA2,0x8E, + 0x4F,0xB2,0x27,0x87,0x13,0x91,0x65,0xEF,0xBA,0x91, + 0xF9,0x0F,0x8A,0xA5,0x81,0x4A,0x50,0x3A,0xD4,0xEB, + 0x04,0xA8,0xC7,0xDD,0x22,0xCE,0x28,0x26, + 0x04,0xA8,0xC7,0xDD,0x22,0xCE,0x28,0x26,0x8B,0x39, /* b */ + 0xB5,0x54,0x16,0xF0,0x44,0x7C,0x2F,0xB7,0x7D,0xE1, + 0x07,0xDC,0xD2,0xA6,0x2E,0x88,0x0E,0xA5,0x3E,0xEB, + 0x62,0xD5,0x7C,0xB4,0x39,0x02,0x95,0xDB,0xC9,0x94, + 0x3A,0xB7,0x86,0x96,0xFA,0x50,0x4C,0x11, + 0x1D,0x1C,0x64,0xF0,0x68,0xCF,0x45,0xFF,0xA2,0xA6, /* x */ + 0x3A,0x81,0xB7,0xC1,0x3F,0x6B,0x88,0x47,0xA3,0xE7, + 0x7E,0xF1,0x4F,0xE3,0xDB,0x7F,0xCA,0xFE,0x0C,0xBD, + 0x10,0xE8,0xE8,0x26,0xE0,0x34,0x36,0xD6,0x46,0xAA, + 0xEF,0x87,0xB2,0xE2,0x47,0xD4,0xAF,0x1E, + 0x8A,0xBE,0x1D,0x75,0x20,0xF9,0xC2,0xA4,0x5C,0xB1, /* y */ + 0xEB,0x8E,0x95,0xCF,0xD5,0x52,0x62,0xB7,0x0B,0x29, + 0xFE,0xEC,0x58,0x64,0xE1,0x9C,0x05,0x4F,0xF9,0x91, + 0x29,0x28,0x0E,0x46,0x46,0x21,0x77,0x91,0x81,0x11, + 0x42,0x82,0x03,0x41,0x26,0x3C,0x53,0x15, + 0x8C,0xB9,0x1E,0x82,0xA3,0x38,0x6D,0x28,0x0F,0x5D, /* order */ + 0x6F,0x7E,0x50,0xE6,0x41,0xDF,0x15,0x2F,0x71,0x09, + 0xED,0x54,0x56,0xB3,0x1F,0x16,0x6E,0x6C,0xAC,0x04, + 0x25,0xA7,0xCF,0x3A,0xB6,0xAF,0x6B,0x7F,0xC3,0x10, + 0x3B,0x88,0x32,0x02,0xE9,0x04,0x65,0x65 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+48*6]; } + _EC_brainpoolP384t1 = { + { NID_X9_62_prime_field, 0,48,1 }, + { /* no seed */ + 0x8C,0xB9,0x1E,0x82,0xA3,0x38,0x6D,0x28,0x0F,0x5D, /* p */ + 0x6F,0x7E,0x50,0xE6,0x41,0xDF,0x15,0x2F,0x71,0x09, + 0xED,0x54,0x56,0xB4,0x12,0xB1,0xDA,0x19,0x7F,0xB7, + 0x11,0x23,0xAC,0xD3,0xA7,0x29,0x90,0x1D,0x1A,0x71, + 0x87,0x47,0x00,0x13,0x31,0x07,0xEC,0x53, + 0x8C,0xB9,0x1E,0x82,0xA3,0x38,0x6D,0x28,0x0F,0x5D, /* a */ + 0x6F,0x7E,0x50,0xE6,0x41,0xDF,0x15,0x2F,0x71,0x09, + 0xED,0x54,0x56,0xB4,0x12,0xB1,0xDA,0x19,0x7F,0xB7, + 0x11,0x23,0xAC,0xD3,0xA7,0x29,0x90,0x1D,0x1A,0x71, + 0x87,0x47,0x00,0x13,0x31,0x07,0xEC,0x50, + 0x7F,0x51,0x9E,0xAD,0xA7,0xBD,0xA8,0x1B,0xD8,0x26, /* b */ + 0xDB,0xA6,0x47,0x91,0x0F,0x8C,0x4B,0x93,0x46,0xED, + 0x8C,0xCD,0xC6,0x4E,0x4B,0x1A,0xBD,0x11,0x75,0x6D, + 0xCE,0x1D,0x20,0x74,0xAA,0x26,0x3B,0x88,0x80,0x5C, + 0xED,0x70,0x35,0x5A,0x33,0xB4,0x71,0xEE, + 0x18,0xDE,0x98,0xB0,0x2D,0xB9,0xA3,0x06,0xF2,0xAF, /* x */ + 0xCD,0x72,0x35,0xF7,0x2A,0x81,0x9B,0x80,0xAB,0x12, + 0xEB,0xD6,0x53,0x17,0x24,0x76,0xFE,0xCD,0x46,0x2A, + 0xAB,0xFF,0xC4,0xFF,0x19,0x1B,0x94,0x6A,0x5F,0x54, + 0xD8,0xD0,0xAA,0x2F,0x41,0x88,0x08,0xCC, + 0x25,0xAB,0x05,0x69,0x62,0xD3,0x06,0x51,0xA1,0x14, /* y */ + 0xAF,0xD2,0x75,0x5A,0xD3,0x36,0x74,0x7F,0x93,0x47, + 0x5B,0x7A,0x1F,0xCA,0x3B,0x88,0xF2,0xB6,0xA2,0x08, + 0xCC,0xFE,0x46,0x94,0x08,0x58,0x4D,0xC2,0xB2,0x91, + 0x26,0x75,0xBF,0x5B,0x9E,0x58,0x29,0x28, + 0x8C,0xB9,0x1E,0x82,0xA3,0x38,0x6D,0x28,0x0F,0x5D, /* order */ + 0x6F,0x7E,0x50,0xE6,0x41,0xDF,0x15,0x2F,0x71,0x09, + 0xED,0x54,0x56,0xB3,0x1F,0x16,0x6E,0x6C,0xAC,0x04, + 0x25,0xA7,0xCF,0x3A,0xB6,0xAF,0x6B,0x7F,0xC3,0x10, + 0x3B,0x88,0x32,0x02,0xE9,0x04,0x65,0x65 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+64*6]; } + _EC_brainpoolP512r1 = { + { NID_X9_62_prime_field, 0,64,1 }, + { /* no seed */ + 0xAA,0xDD,0x9D,0xB8,0xDB,0xE9,0xC4,0x8B,0x3F,0xD4, /* p */ + 0xE6,0xAE,0x33,0xC9,0xFC,0x07,0xCB,0x30,0x8D,0xB3, + 0xB3,0xC9,0xD2,0x0E,0xD6,0x63,0x9C,0xCA,0x70,0x33, + 0x08,0x71,0x7D,0x4D,0x9B,0x00,0x9B,0xC6,0x68,0x42, + 0xAE,0xCD,0xA1,0x2A,0xE6,0xA3,0x80,0xE6,0x28,0x81, + 0xFF,0x2F,0x2D,0x82,0xC6,0x85,0x28,0xAA,0x60,0x56, + 0x58,0x3A,0x48,0xF3, + 0x78,0x30,0xA3,0x31,0x8B,0x60,0x3B,0x89,0xE2,0x32, /* a */ + 0x71,0x45,0xAC,0x23,0x4C,0xC5,0x94,0xCB,0xDD,0x8D, + 0x3D,0xF9,0x16,0x10,0xA8,0x34,0x41,0xCA,0xEA,0x98, + 0x63,0xBC,0x2D,0xED,0x5D,0x5A,0xA8,0x25,0x3A,0xA1, + 0x0A,0x2E,0xF1,0xC9,0x8B,0x9A,0xC8,0xB5,0x7F,0x11, + 0x17,0xA7,0x2B,0xF2,0xC7,0xB9,0xE7,0xC1,0xAC,0x4D, + 0x77,0xFC,0x94,0xCA, + 0x3D,0xF9,0x16,0x10,0xA8,0x34,0x41,0xCA,0xEA,0x98, /* b */ + 0x63,0xBC,0x2D,0xED,0x5D,0x5A,0xA8,0x25,0x3A,0xA1, + 0x0A,0x2E,0xF1,0xC9,0x8B,0x9A,0xC8,0xB5,0x7F,0x11, + 0x17,0xA7,0x2B,0xF2,0xC7,0xB9,0xE7,0xC1,0xAC,0x4D, + 0x77,0xFC,0x94,0xCA,0xDC,0x08,0x3E,0x67,0x98,0x40, + 0x50,0xB7,0x5E,0xBA,0xE5,0xDD,0x28,0x09,0xBD,0x63, + 0x80,0x16,0xF7,0x23, + 0x81,0xAE,0xE4,0xBD,0xD8,0x2E,0xD9,0x64,0x5A,0x21, /* x */ + 0x32,0x2E,0x9C,0x4C,0x6A,0x93,0x85,0xED,0x9F,0x70, + 0xB5,0xD9,0x16,0xC1,0xB4,0x3B,0x62,0xEE,0xF4,0xD0, + 0x09,0x8E,0xFF,0x3B,0x1F,0x78,0xE2,0xD0,0xD4,0x8D, + 0x50,0xD1,0x68,0x7B,0x93,0xB9,0x7D,0x5F,0x7C,0x6D, + 0x50,0x47,0x40,0x6A,0x5E,0x68,0x8B,0x35,0x22,0x09, + 0xBC,0xB9,0xF8,0x22, + 0x7D,0xDE,0x38,0x5D,0x56,0x63,0x32,0xEC,0xC0,0xEA, /* y */ + 0xBF,0xA9,0xCF,0x78,0x22,0xFD,0xF2,0x09,0xF7,0x00, + 0x24,0xA5,0x7B,0x1A,0xA0,0x00,0xC5,0x5B,0x88,0x1F, + 0x81,0x11,0xB2,0xDC,0xDE,0x49,0x4A,0x5F,0x48,0x5E, + 0x5B,0xCA,0x4B,0xD8,0x8A,0x27,0x63,0xAE,0xD1,0xCA, + 0x2B,0x2F,0xA8,0xF0,0x54,0x06,0x78,0xCD,0x1E,0x0F, + 0x3A,0xD8,0x08,0x92, + 0xAA,0xDD,0x9D,0xB8,0xDB,0xE9,0xC4,0x8B,0x3F,0xD4, /* order */ + 0xE6,0xAE,0x33,0xC9,0xFC,0x07,0xCB,0x30,0x8D,0xB3, + 0xB3,0xC9,0xD2,0x0E,0xD6,0x63,0x9C,0xCA,0x70,0x33, + 0x08,0x70,0x55,0x3E,0x5C,0x41,0x4C,0xA9,0x26,0x19, + 0x41,0x86,0x61,0x19,0x7F,0xAC,0x10,0x47,0x1D,0xB1, + 0xD3,0x81,0x08,0x5D,0xDA,0xDD,0xB5,0x87,0x96,0x82, + 0x9C,0xA9,0x00,0x69 } + }; + +static const struct { EC_CURVE_DATA h; unsigned char data[0+64*6]; } + _EC_brainpoolP512t1 = { + { NID_X9_62_prime_field, 0,64,1 }, + { /* no seed */ + 0xAA,0xDD,0x9D,0xB8,0xDB,0xE9,0xC4,0x8B,0x3F,0xD4, /* p */ + 0xE6,0xAE,0x33,0xC9,0xFC,0x07,0xCB,0x30,0x8D,0xB3, + 0xB3,0xC9,0xD2,0x0E,0xD6,0x63,0x9C,0xCA,0x70,0x33, + 0x08,0x71,0x7D,0x4D,0x9B,0x00,0x9B,0xC6,0x68,0x42, + 0xAE,0xCD,0xA1,0x2A,0xE6,0xA3,0x80,0xE6,0x28,0x81, + 0xFF,0x2F,0x2D,0x82,0xC6,0x85,0x28,0xAA,0x60,0x56, + 0x58,0x3A,0x48,0xF3, + 0xAA,0xDD,0x9D,0xB8,0xDB,0xE9,0xC4,0x8B,0x3F,0xD4, /* a */ + 0xE6,0xAE,0x33,0xC9,0xFC,0x07,0xCB,0x30,0x8D,0xB3, + 0xB3,0xC9,0xD2,0x0E,0xD6,0x63,0x9C,0xCA,0x70,0x33, + 0x08,0x71,0x7D,0x4D,0x9B,0x00,0x9B,0xC6,0x68,0x42, + 0xAE,0xCD,0xA1,0x2A,0xE6,0xA3,0x80,0xE6,0x28,0x81, + 0xFF,0x2F,0x2D,0x82,0xC6,0x85,0x28,0xAA,0x60,0x56, + 0x58,0x3A,0x48,0xF0, + 0x7C,0xBB,0xBC,0xF9,0x44,0x1C,0xFA,0xB7,0x6E,0x18, /* b */ + 0x90,0xE4,0x68,0x84,0xEA,0xE3,0x21,0xF7,0x0C,0x0B, + 0xCB,0x49,0x81,0x52,0x78,0x97,0x50,0x4B,0xEC,0x3E, + 0x36,0xA6,0x2B,0xCD,0xFA,0x23,0x04,0x97,0x65,0x40, + 0xF6,0x45,0x00,0x85,0xF2,0xDA,0xE1,0x45,0xC2,0x25, + 0x53,0xB4,0x65,0x76,0x36,0x89,0x18,0x0E,0xA2,0x57, + 0x18,0x67,0x42,0x3E, + 0x64,0x0E,0xCE,0x5C,0x12,0x78,0x87,0x17,0xB9,0xC1, /* x */ + 0xBA,0x06,0xCB,0xC2,0xA6,0xFE,0xBA,0x85,0x84,0x24, + 0x58,0xC5,0x6D,0xDE,0x9D,0xB1,0x75,0x8D,0x39,0xC0, + 0x31,0x3D,0x82,0xBA,0x51,0x73,0x5C,0xDB,0x3E,0xA4, + 0x99,0xAA,0x77,0xA7,0xD6,0x94,0x3A,0x64,0xF7,0xA3, + 0xF2,0x5F,0xE2,0x6F,0x06,0xB5,0x1B,0xAA,0x26,0x96, + 0xFA,0x90,0x35,0xDA, + 0x5B,0x53,0x4B,0xD5,0x95,0xF5,0xAF,0x0F,0xA2,0xC8, /* y */ + 0x92,0x37,0x6C,0x84,0xAC,0xE1,0xBB,0x4E,0x30,0x19, + 0xB7,0x16,0x34,0xC0,0x11,0x31,0x15,0x9C,0xAE,0x03, + 0xCE,0xE9,0xD9,0x93,0x21,0x84,0xBE,0xEF,0x21,0x6B, + 0xD7,0x1D,0xF2,0xDA,0xDF,0x86,0xA6,0x27,0x30,0x6E, + 0xCF,0xF9,0x6D,0xBB,0x8B,0xAC,0xE1,0x98,0xB6,0x1E, + 0x00,0xF8,0xB3,0x32, + 0xAA,0xDD,0x9D,0xB8,0xDB,0xE9,0xC4,0x8B,0x3F,0xD4, /* order */ + 0xE6,0xAE,0x33,0xC9,0xFC,0x07,0xCB,0x30,0x8D,0xB3, + 0xB3,0xC9,0xD2,0x0E,0xD6,0x63,0x9C,0xCA,0x70,0x33, + 0x08,0x70,0x55,0x3E,0x5C,0x41,0x4C,0xA9,0x26,0x19, + 0x41,0x86,0x61,0x19,0x7F,0xAC,0x10,0x47,0x1D,0xB1, + 0xD3,0x81,0x08,0x5D,0xDA,0xDD,0xB5,0x87,0x96,0x82, + 0x9C,0xA9,0x00,0x69 } + }; + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; + const EC_METHOD *(*meth)(void); const char *comment; } ec_list_element; static const ec_list_element curve_list[] = { - /* prime field curves */ + /* prime field curves */ /* secg curves */ - { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"}, - { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, "SECG curve over a 112 bit prime field"}, - { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, "SECG curve over a 128 bit prime field"}, - { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, "SECG curve over a 128 bit prime field"}, - { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, "SECG curve over a 160 bit prime field"}, - { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, "SECG curve over a 160 bit prime field"}, - { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"}, + { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field" }, + { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, "SECG curve over a 112 bit prime field" }, + { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, "SECG curve over a 128 bit prime field" }, + { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, "SECG curve over a 128 bit prime field" }, + { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, "SECG curve over a 160 bit prime field" }, + { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, "SECG curve over a 160 bit prime field" }, + { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field" }, /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ - { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, "SECG curve over a 192 bit prime field"}, - { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, "SECG curve over a 224 bit prime field"}, - { NID_secp224r1, &_EC_NIST_PRIME_224.h, "NIST/SECG curve over a 224 bit prime field"}, - { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, "SECG curve over a 256 bit prime field"}, + { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, "SECG curve over a 192 bit prime field" }, + { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, "SECG curve over a 224 bit prime field" }, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + { NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, "NIST/SECG curve over a 224 bit prime field" }, +#else + { NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, "NIST/SECG curve over a 224 bit prime field" }, +#endif + { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field" }, /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - { NID_secp384r1, &_EC_NIST_PRIME_384.h, "NIST/SECG curve over a 384 bit prime field"}, - { NID_secp521r1, &_EC_NIST_PRIME_521.h, "NIST/SECG curve over a 521 bit prime field"}, + { NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" }, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + { NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" }, +#else + { NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" }, +#endif /* X9.62 curves */ - { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, "NIST/X9.62/SECG curve over a 192 bit prime field"}, - { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, "X9.62 curve over a 192 bit prime field"}, - { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, "X9.62 curve over a 192 bit prime field"}, - { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, "X9.62 curve over a 239 bit prime field"}, - { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, "X9.62 curve over a 239 bit prime field"}, - { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, "X9.62 curve over a 239 bit prime field"}, - { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, "X9.62/SECG curve over a 256 bit prime field"}, + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, "NIST/X9.62/SECG curve over a 192 bit prime field" }, + { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, "X9.62 curve over a 192 bit prime field" }, + { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, "X9.62 curve over a 192 bit prime field" }, + { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, "X9.62 curve over a 239 bit prime field" }, + { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, "X9.62 curve over a 239 bit prime field" }, + { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, "X9.62 curve over a 239 bit prime field" }, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" }, +#else + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" }, +#endif +#ifndef OPENSSL_NO_EC2M /* characteristic two field curves */ /* NIST/SECG curves */ - { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"}, - { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, "SECG curve over a 113 bit binary field"}, - { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, "SECG/WTLS curve over a 131 bit binary field"}, - { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, "SECG curve over a 131 bit binary field"}, - { NID_sect163k1, &_EC_NIST_CHAR2_163K.h, "NIST/SECG/WTLS curve over a 163 bit binary field" }, - { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, "SECG curve over a 163 bit binary field"}, - { NID_sect163r2, &_EC_NIST_CHAR2_163B.h, "NIST/SECG curve over a 163 bit binary field" }, - { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, "SECG curve over a 193 bit binary field"}, - { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, "SECG curve over a 193 bit binary field"}, - { NID_sect233k1, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field" }, - { NID_sect233r1, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field" }, - { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, "SECG curve over a 239 bit binary field"}, - { NID_sect283k1, &_EC_NIST_CHAR2_283K.h, "NIST/SECG curve over a 283 bit binary field" }, - { NID_sect283r1, &_EC_NIST_CHAR2_283B.h, "NIST/SECG curve over a 283 bit binary field" }, - { NID_sect409k1, &_EC_NIST_CHAR2_409K.h, "NIST/SECG curve over a 409 bit binary field" }, - { NID_sect409r1, &_EC_NIST_CHAR2_409B.h, "NIST/SECG curve over a 409 bit binary field" }, - { NID_sect571k1, &_EC_NIST_CHAR2_571K.h, "NIST/SECG curve over a 571 bit binary field" }, - { NID_sect571r1, &_EC_NIST_CHAR2_571B.h, "NIST/SECG curve over a 571 bit binary field" }, + { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field" }, + { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, "SECG curve over a 113 bit binary field" }, + { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, "SECG/WTLS curve over a 131 bit binary field" }, + { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, "SECG curve over a 131 bit binary field" }, + { NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field" }, + { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, "SECG curve over a 163 bit binary field" }, + { NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, "NIST/SECG curve over a 163 bit binary field" }, + { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, "SECG curve over a 193 bit binary field" }, + { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, "SECG curve over a 193 bit binary field" }, + { NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, "SECG curve over a 239 bit binary field" }, + { NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, "NIST/SECG curve over a 283 bit binary field" }, + { NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, "NIST/SECG curve over a 409 bit binary field" }, + { NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, "NIST/SECG curve over a 571 bit binary field" }, + { NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, "NIST/SECG curve over a 571 bit binary field" }, /* X9.62 curves */ - { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"}, - { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, "X9.62 curve over a 163 bit binary field"}, - { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, "X9.62 curve over a 163 bit binary field"}, - { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, "X9.62 curve over a 176 bit binary field"}, - { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, "X9.62 curve over a 191 bit binary field"}, - { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, "X9.62 curve over a 191 bit binary field"}, - { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, "X9.62 curve over a 191 bit binary field"}, - { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, "X9.62 curve over a 208 bit binary field"}, - { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, "X9.62 curve over a 239 bit binary field"}, - { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, "X9.62 curve over a 239 bit binary field"}, - { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, "X9.62 curve over a 239 bit binary field"}, - { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, "X9.62 curve over a 272 bit binary field"}, - { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, "X9.62 curve over a 304 bit binary field"}, - { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, "X9.62 curve over a 359 bit binary field"}, - { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, "X9.62 curve over a 368 bit binary field"}, - { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, "X9.62 curve over a 431 bit binary field"}, + { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field" }, + { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, "X9.62 curve over a 163 bit binary field" }, + { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, "X9.62 curve over a 163 bit binary field" }, + { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, "X9.62 curve over a 176 bit binary field" }, + { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, "X9.62 curve over a 191 bit binary field" }, + { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, "X9.62 curve over a 191 bit binary field" }, + { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, "X9.62 curve over a 191 bit binary field" }, + { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, "X9.62 curve over a 208 bit binary field" }, + { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, "X9.62 curve over a 239 bit binary field" }, + { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, "X9.62 curve over a 239 bit binary field" }, + { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, "X9.62 curve over a 239 bit binary field" }, + { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, "X9.62 curve over a 272 bit binary field" }, + { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, "X9.62 curve over a 304 bit binary field" }, + { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, "X9.62 curve over a 359 bit binary field" }, + { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, "X9.62 curve over a 368 bit binary field" }, + { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, "X9.62 curve over a 431 bit binary field" }, /* the WAP/WTLS curves * [unlike SECG, spec has its own OIDs for curves from X9.62] */ - { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, "WTLS curve over a 113 bit binary field"}, - { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, "NIST/SECG/WTLS curve over a 163 bit binary field"}, - { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"}, - { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"}, - { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"}, - { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"}, - { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, "WTLS curve over a 112 bit prime field"}, - { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, "WTLS curve over a 160 bit prime field" }, - { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field"}, - { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field"}, - { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, "WTLS curvs over a 224 bit prime field"}, + { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, "WTLS curve over a 113 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field" }, +#endif + { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, "WTLS curve over a 112 bit prime field" }, + { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, "WTLS curve over a 160 bit prime field" }, +#ifndef OPENSSL_NO_EC2M + { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" }, + { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" }, +#endif + { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, "WTLS curvs over a 224 bit prime field" }, +#ifndef OPENSSL_NO_EC2M /* IPSec curves */ - { NID_ipsec3, &_EC_IPSEC_155_ID3.h, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, - { NID_ipsec4, &_EC_IPSEC_185_ID4.h, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, + { NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!" }, + { NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!" }, +#endif + /* brainpool curves */ + { NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, "RFC 5639 curve over a 160 bit prime field"}, + { NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, "RFC 5639 curve over a 160 bit prime field"}, + { NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, "RFC 5639 curve over a 192 bit prime field"}, + { NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, "RFC 5639 curve over a 192 bit prime field"}, + { NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, "RFC 5639 curve over a 224 bit prime field"}, + { NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, "RFC 5639 curve over a 224 bit prime field"}, + { NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, "RFC 5639 curve over a 256 bit prime field"}, + { NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, "RFC 5639 curve over a 256 bit prime field"}, + { NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0, "RFC 5639 curve over a 320 bit prime field"}, + { NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0, "RFC 5639 curve over a 320 bit prime field"}, + { NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0, "RFC 5639 curve over a 384 bit prime field"}, + { NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0, "RFC 5639 curve over a 384 bit prime field"}, + { NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0, "RFC 5639 curve over a 512 bit prime field"}, + { NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, "RFC 5639 curve over a 512 bit prime field"}, }; #define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element)) -static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) +static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) { EC_GROUP *group=NULL; EC_POINT *P=NULL; BN_CTX *ctx=NULL; - BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL; + BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL; int ok=0; int seed_len,param_len; + const EC_METHOD *meth; + const EC_CURVE_DATA *data; const unsigned char *params; if ((ctx = BN_CTX_new()) == NULL) @@ -1922,10 +2394,11 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } + data = curve.data; seed_len = data->seed_len; param_len = data->param_len; - params = (const unsigned char *)(data+1); /* skip header */ - params += seed_len; /* skip seed */ + params = (const unsigned char *)(data+1); /* skip header */ + params += seed_len; /* skip seed */ if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL)) || !(a = BN_bin2bn(params+1*param_len, param_len, NULL)) @@ -1935,7 +2408,17 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } - if (data->field_type == NID_X9_62_prime_field) + if (curve.meth != 0) + { + meth = curve.meth(); + if (((group = EC_GROUP_new(meth)) == NULL) || + (!(group->meth->group_set_curve(group, p, a, b, ctx)))) + { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); + goto err; + } + } + else if (data->field_type == NID_X9_62_prime_field) { if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { @@ -1943,6 +2426,7 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } } +#ifndef OPENSSL_NO_EC2M else /* field_type == NID_X9_62_characteristic_two_field */ { if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) @@ -1951,20 +2435,21 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) goto err; } } +#endif if ((P = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } - + if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL)) || !(y = BN_bin2bn(params+4*param_len, param_len, NULL))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; } - if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -2025,7 +2510,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) for (i=0; i