ec_curves.c
Go to the documentation of this file.
1 /**
2  * @file ec_curves.c
3  * @brief Elliptic curves
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "ecc/ec_curves.h"
37 #include "encoding/oid.h"
38 #include "debug.h"
39 
40 //Check crypto library configuration
41 #if (EC_SUPPORT == ENABLED)
42 
43 //Macro definition
44 #define CLEAR_WORD32(a, i, n) osMemset((a)->data + i, 0, n * MPI_INT_SIZE);
45 #define COPY_WORD32(a, i, b, j, n) osMemcpy((a)->data + i, (b)->data + j, n * MPI_INT_SIZE);
46 
47 //secp112r1 OID (1.3.132.0.6)
48 const uint8_t SECP112R1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x06};
49 //secp112r2 OID (1.3.132.0.7)
50 const uint8_t SECP112R2_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x07};
51 //secp128r1 OID (1.3.132.0.28)
52 const uint8_t SECP128R1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x1C};
53 //secp128r2 OID (1.3.132.0.29)
54 const uint8_t SECP128R2_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x1D};
55 //secp160k1 OID (1.3.132.0.9)
56 const uint8_t SECP160K1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x09};
57 //secp160r1 OID (1.3.132.0.8)
58 const uint8_t SECP160R1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x08};
59 //secp160r2 OID (1.3.132.0.30)
60 const uint8_t SECP160R2_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x1E};
61 //secp192k1 OID (1.3.132.0.31)
62 const uint8_t SECP192K1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x1F};
63 //secp192r1 OID (1.2.840.10045.3.1.1)
64 const uint8_t SECP192R1_OID[8] = {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01};
65 //secp224k1 OID (1.3.132.0.32)
66 const uint8_t SECP224K1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x20};
67 //secp224r1 OID (1.3.132.0.33)
68 const uint8_t SECP224R1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x21};
69 //secp256k1 OID (1.3.132.0.10)
70 const uint8_t SECP256K1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x0A};
71 //secp256r1 OID (1.2.840.10045.3.1.7)
72 const uint8_t SECP256R1_OID[8] = {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07};
73 //secp384r1 OID (1.3.132.0.34)
74 const uint8_t SECP384R1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x22};
75 //secp521r1 OID (1.3.132.0.35)
76 const uint8_t SECP521R1_OID[5] = {0x2B, 0x81, 0x04, 0x00, 0x23};
77 //brainpoolP160r1 OID (1.3.36.3.3.2.8.1.1.1)
78 const uint8_t BRAINPOOLP160R1_OID[9] = {0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01};
79 //brainpoolP192r1 OID (1.3.36.3.3.2.8.1.1.3)
80 const uint8_t BRAINPOOLP192R1_OID[9] = {0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03};
81 //brainpoolP224r1 OID (1.3.36.3.3.2.8.1.1.5)
82 const uint8_t BRAINPOOLP224R1_OID[9] = {0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05};
83 //brainpoolP256r1 OID (1.3.36.3.3.2.8.1.1.7)
84 const uint8_t BRAINPOOLP256R1_OID[9] = {0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07};
85 //brainpoolP320r1 OID (1.3.36.3.3.2.8.1.1.9)
86 const uint8_t BRAINPOOLP320R1_OID[9] = {0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09};
87 //brainpoolP384r1 OID (1.3.36.3.3.2.8.1.1.11)
88 const uint8_t BRAINPOOLP384R1_OID[9] = {0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B};
89 //brainpoolP512r1 OID (1.3.36.3.3.2.8.1.1.13)
90 const uint8_t BRAINPOOLP512R1_OID[9] = {0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D};
91 //FRP256v1 OID (1.2.250.1.223.101.256.1)
92 const uint8_t FRP256V1_OID[10] = {0x2A, 0x81, 0x7A, 0x01, 0x81, 0x5F, 0x65, 0x82, 0x00, 0x01};
93 //SM2 OID (1.2.156.10197.1.301)
94 const uint8_t SM2_OID[8] = {0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D};
95 //X25519 OID (1.3.101.110)
96 const uint8_t X25519_OID[3] = {0x2B, 0x65, 0x6E};
97 //X448 OID (1.3.101.111)
98 const uint8_t X448_OID[3] = {0x2B, 0x65, 0x6F};
99 //Ed25519 OID (1.3.101.112)
100 const uint8_t ED25519_OID[3] = {0x2B, 0x65, 0x70};
101 //Ed448 OID (1.3.101.113)
102 const uint8_t ED448_OID[3] = {0x2B, 0x65, 0x71};
103 
104 
105 #if (SECP112R1_SUPPORT == ENABLED)
106 
107 /**
108  * @brief secp112r1 elliptic curve
109  **/
110 
111 const EcCurveInfo secp112r1Curve =
112 {
113  //Curve name
114  "secp112r1",
115  //Object identifier
116  SECP112R1_OID,
117  sizeof(SECP112R1_OID),
118  //Curve type
119  EC_CURVE_TYPE_SECP_R1,
120  //Prime modulus p
121  {0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B},
122  14,
123  //Curve parameter a
124  {0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x88},
125  14,
126  //Curve parameter b
127  {0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70, 0x2B, 0x22},
128  14,
129  //x-coordinate of the base point G
130  {0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2, 0xF0, 0x98},
131  14,
132  //y-coordinate of the base point G
133  {0xA8, 0x9C, 0xE5, 0xAF, 0x87, 0x24, 0xC0, 0xA2, 0x3E, 0x0E, 0x0F, 0xF7, 0x75, 0x00},
134  14,
135  //Base point order q
136  {0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65, 0x61, 0xC5},
137  14,
138  //Cofactor
139  1,
140  //Fast modular reduction
141  NULL
142 };
143 
144 #endif
145 #if (SECP112R2_SUPPORT == ENABLED)
146 
147 /**
148  * @brief secp112r2 elliptic curve
149  **/
150 
151 const EcCurveInfo secp112r2Curve =
152 {
153  //Curve name
154  "secp112r2",
155  //Object identifier
156  SECP112R2_OID,
157  sizeof(SECP112R2_OID),
158  //Curve type
159  EC_CURVE_TYPE_SECP_R2,
160  //Prime modulus p
161  {0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, 0x20, 0x8B},
162  14,
163  //Curve parameter a
164  {0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E, 0xF0, 0x2C},
165  14,
166  //Curve parameter b
167  {0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85, 0xD7, 0x09},
168  14,
169  //x-coordinate of the base point G
170  {0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92, 0x86, 0x43},
171  14,
172  //y-coordinate of the base point G
173  {0xAD, 0xCD, 0x46, 0xF5, 0x88, 0x2E, 0x37, 0x47, 0xDE, 0xF3, 0x6E, 0x95, 0x6E, 0x97},
174  14,
175  //Base point order q
176  {0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20, 0xD0, 0x4B},
177  14,
178  //Cofactor
179  4,
180  //Fast modular reduction
181  NULL
182 };
183 
184 #endif
185 #if (SECP128R1_SUPPORT == ENABLED)
186 
187 /**
188  * @brief secp128r1 elliptic curve
189  **/
190 
191 const EcCurveInfo secp128r1Curve =
192 {
193  //Curve name
194  "secp128r1",
195  //Object identifier
196  SECP128R1_OID,
197  sizeof(SECP128R1_OID),
198  //Curve type
199  EC_CURVE_TYPE_SECP_R1,
200  //Prime modulus p
201  {0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
202  16,
203  //Curve parameter a
204  {0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC},
205  16,
206  //Curve parameter b
207  {0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C, 0x2C, 0xEE, 0x5E, 0xD3},
208  16,
209  //x-coordinate of the base point G
210  {0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C, 0xA5, 0x2C, 0x5B, 0x86},
211  16,
212  //y-coordinate of the base point G
213  {0xCF, 0x5A, 0xC8, 0x39, 0x5B, 0xAF, 0xEB, 0x13, 0xC0, 0x2D, 0xA2, 0x92, 0xDD, 0xED, 0x7A, 0x83},
214  16,
215  //Base point order q
216  {0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B, 0x90, 0x38, 0xA1, 0x15},
217  16,
218  //Cofactor
219  1,
220  //Fast modular reduction
221  secp128r1Mod
222 };
223 
224 #endif
225 #if (SECP128R2_SUPPORT == ENABLED)
226 
227 /**
228  * @brief secp128r2 elliptic curve
229  **/
230 
231 const EcCurveInfo secp128r2Curve =
232 {
233  //Curve name
234  "secp128r2",
235  //Object identifier
236  SECP128R2_OID,
237  sizeof(SECP128R2_OID),
238  //Curve type
239  EC_CURVE_TYPE_SECP_R2,
240  //Prime modulus p
241  {0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
242  16,
243  //Curve parameter a
244  {0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B, 0xBF, 0xF9, 0xAE, 0xE1},
245  16,
246  //Curve parameter b
247  {0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58, 0xBB, 0x6D, 0x8A, 0x5D},
248  16,
249  //x-coordinate of the base point G
250  {0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7, 0xCD, 0xEB, 0xC1, 0x40},
251  16,
252  //y-coordinate of the base point G
253  {0x27, 0xB6, 0x91, 0x6A, 0x89, 0x4D, 0x3A, 0xEE, 0x71, 0x06, 0xFE, 0x80, 0x5F, 0xC3, 0x4B, 0x44},
254  16,
255  //Base point order q
256  {0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72, 0x06, 0x13, 0xB5, 0xA3},
257  16,
258  //Cofactor
259  4,
260  //Fast modular reduction
261  secp128r2Mod
262 };
263 
264 #endif
265 #if (SECP160K1_SUPPORT == ENABLED)
266 
267 /**
268  * @brief secp160k1 elliptic curve
269  **/
270 
271 const EcCurveInfo secp160k1Curve =
272 {
273  //Curve name
274  "secp160k1",
275  //Object identifier
276  SECP160K1_OID,
277  sizeof(SECP160K1_OID),
278  //Curve type
279  EC_CURVE_TYPE_SECP_K1,
280  //Prime modulus p
281  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
282  0xFF, 0xFF, 0xAC, 0x73},
283  20,
284  //Curve parameter a
285  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
286  0x00, 0x00, 0x00, 0x00},
287  20,
288  //Curve parameter b
289  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
290  0x00, 0x00, 0x00, 0x07},
291  20,
292  //x-coordinate of the base point G
293  {0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E, 0x76, 0x30, 0x36, 0xF4, 0xF5,
294  0xDD, 0x4D, 0x7E, 0xBB},
295  20,
296  //y-coordinate of the base point G
297  {0x93, 0x8C, 0xF9, 0x35, 0x31, 0x8F, 0xDC, 0xED, 0x6B, 0xC2, 0x82, 0x86, 0x53, 0x17, 0x33, 0xC3,
298  0xF0, 0x3C, 0x4F, 0xEE},
299  20,
300  //Base point order q
301  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8, 0xFA, 0x16, 0xDF, 0xAB,
302  0x9A, 0xCA, 0x16, 0xB6, 0xB3},
303  21,
304  //Cofactor
305  1,
306  //Fast modular reduction
307  secp160k1Mod
308 };
309 
310 #endif
311 #if (SECP160R1_SUPPORT == ENABLED)
312 
313 /**
314  * @brief secp160r1 elliptic curve
315  **/
316 
317 const EcCurveInfo secp160r1Curve =
318 {
319  //Curve name
320  "secp160r1",
321  //Object identifier
322  SECP160R1_OID,
323  sizeof(SECP160R1_OID),
324  //Curve type
325  EC_CURVE_TYPE_SECP_R1,
326  //Prime modulus p
327  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
328  0x7F, 0xFF, 0xFF, 0xFF},
329  20,
330  //Curve parameter a
331  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
332  0x7F, 0xFF, 0xFF, 0xFC},
333  20,
334  //Curve parameter b
335  {0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8, 0x9F, 0x81, 0xD4, 0xD4, 0xAD,
336  0xC5, 0x65, 0xFA, 0x45},
337  20,
338  //x-coordinate of the base point G
339  {0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69, 0x89, 0x68, 0xC3, 0x8B, 0xB9,
340  0x13, 0xCB, 0xFC, 0x82},
341  20,
342  //y-coordinate of the base point G
343  {0x23, 0xA6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7D, 0x59, 0xDC, 0xC9, 0x12, 0x04, 0x23, 0x51, 0x37,
344  0x7A, 0xC5, 0xFB, 0x32},
345  20,
346  //Base point order q
347  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4, 0xC8, 0xF9, 0x27, 0xAE,
348  0xD3, 0xCA, 0x75, 0x22, 0x57},
349  21,
350  //Cofactor
351  1,
352  //Fast modular reduction
353  secp160r1Mod
354 };
355 
356 #endif
357 #if (SECP160R2_SUPPORT == ENABLED)
358 
359 /**
360  * @brief secp160r2 elliptic curve
361  **/
362 
363 const EcCurveInfo secp160r2Curve =
364 {
365  //Curve name
366  "secp160r2",
367  //Object identifier
368  SECP160R2_OID,
369  sizeof(SECP160R2_OID),
370  //Curve type
371  EC_CURVE_TYPE_SECP_R2,
372  //Prime modulus p
373  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
374  0xFF, 0xFF, 0xAC, 0x73},
375  20,
376  //Curve parameter a
377  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
378  0xFF, 0xFF, 0xAC, 0x70},
379  20,
380  //Curve parameter b
381  {0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, 0x5A,
382  0xF5, 0x03, 0x88, 0xBA},
383  20,
384  //x-coordinate of the base point G
385  {0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, 0x9D,
386  0x31, 0x44, 0xCE, 0x6D},
387  20,
388  //y-coordinate of the base point G
389  {0xFE, 0xAF, 0xFE, 0xF2, 0xE3, 0x31, 0xF2, 0x96, 0xE0, 0x71, 0xFA, 0x0D, 0xF9, 0x98, 0x2C, 0xFE,
390  0xA7, 0xD4, 0x3F, 0x2E},
391  20,
392  //Base point order q
393  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8,
394  0x18, 0xF3, 0xA1, 0xA1, 0x6B},
395  21,
396  //Cofactor
397  1,
398  //Fast modular reduction
399  secp160r2Mod
400 };
401 
402 #endif
403 #if (SECP192K1_SUPPORT == ENABLED)
404 
405 /**
406  * @brief secp192k1 elliptic curve
407  **/
408 
409 const EcCurveInfo secp192k1Curve =
410 {
411  //Curve name
412  "secp192k1",
413  //Object identifier
414  SECP192K1_OID,
415  sizeof(SECP192K1_OID),
416  //Curve type
417  EC_CURVE_TYPE_SECP_K1,
418  //Prime modulus p
419  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
420  0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37},
421  24,
422  //Curve parameter a
423  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
424  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
425  24,
426  //Curve parameter b
427  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
428  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03},
429  24,
430  //x-coordinate of the base point G
431  {0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02, 0x80, 0xB7, 0xF4, 0x34,
432  0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D},
433  24,
434  //y-coordinate of the base point G
435  {0x9B, 0x2F, 0x2F, 0x6D, 0x9C, 0x56, 0x28, 0xA7, 0x84, 0x41, 0x63, 0xD0, 0x15, 0xBE, 0x86, 0x34,
436  0x40, 0x82, 0xAA, 0x88, 0xD9, 0x5E, 0x2F, 0x9D},
437  24,
438  //Base point order q
439  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x26, 0xF2, 0xFC, 0x17,
440  0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D},
441  24,
442  //Cofactor
443  1,
444  //Fast modular reduction
445  secp192k1Mod
446 };
447 
448 #endif
449 #if (SECP192R1_SUPPORT == ENABLED)
450 
451 /**
452  * @brief secp192r1 elliptic curve
453  **/
454 
455 const EcCurveInfo secp192r1Curve =
456 {
457  //Curve name
458  "secp192r1",
459  //Object identifier
460  SECP192R1_OID,
461  sizeof(SECP192R1_OID),
462  //Curve type
463  EC_CURVE_TYPE_SECP_R1,
464  //Prime modulus p
465  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
466  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
467  24,
468  //Curve parameter a
469  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
470  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC},
471  24,
472  //Curve parameter b
473  {0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49,
474  0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1},
475  24,
476  //x-coordinate of the base point G
477  {0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00,
478  0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12},
479  24,
480  //y-coordinate of the base point G
481  {0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78, 0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5,
482  0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11},
483  24,
484  //Base point order q
485  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36,
486  0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31},
487  24,
488  //Cofactor
489  1,
490  //Fast modular reduction
491  secp192r1Mod
492 };
493 
494 #endif
495 #if (SECP224K1_SUPPORT == ENABLED)
496 
497 /**
498  * @brief secp224k1 elliptic curve
499  **/
500 
501 const EcCurveInfo secp224k1Curve =
502 {
503  //Curve name
504  "secp224k1",
505  //Object identifier
506  SECP224K1_OID,
507  sizeof(SECP224K1_OID),
508  //Curve type
509  EC_CURVE_TYPE_SECP_K1,
510  //Prime modulus p
511  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
512  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xE5, 0x6D},
513  28,
514  //Curve parameter a
515  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
516  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
517  28,
518  //Curve parameter b
519  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
520  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05},
521  28,
522  //x-coordinate of the base point G
523  {0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28, 0xA1, 0x69, 0xA4, 0x67, 0xE9,
524  0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, 0x0E, 0xB6, 0xB7, 0xA4, 0x5C},
525  28,
526  //y-coordinate of the base point G
527  {0x7E, 0x08, 0x9F, 0xED, 0x7F, 0xBA, 0x34, 0x42, 0x82, 0xCA, 0xFB, 0xD6, 0xF7, 0xE3, 0x19, 0xF7,
528  0xC0, 0xB0, 0xBD, 0x59, 0xE2, 0xCA, 0x4B, 0xDB, 0x55, 0x6D, 0x61, 0xA5},
529  28,
530  //Base point order q
531  {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC,
532  0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, 0x71, 0x76, 0x9F, 0xB1, 0xF7},
533  29,
534  //Cofactor
535  1,
536  //Fast modular reduction
537  secp224k1Mod
538 };
539 
540 #endif
541 #if (SECP224R1_SUPPORT == ENABLED)
542 
543 /**
544  * @brief secp224r1 elliptic curve
545  **/
546 
547 const EcCurveInfo secp224r1Curve =
548 {
549  //Curve name
550  "secp224r1",
551  //Object identifier
552  SECP224R1_OID,
553  sizeof(SECP224R1_OID),
554  //Curve type
555  EC_CURVE_TYPE_SECP_R1,
556  //Prime modulus p
557  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
558  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
559  28,
560  //Curve parameter a
561  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
562  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE},
563  28,
564  //Curve parameter b
565  {0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7,
566  0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4},
567  28,
568  //x-coordinate of the base point G
569  {0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3,
570  0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21},
571  28,
572  //y-coordinate of the base point G
573  {0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0,
574  0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, 0x85, 0x00, 0x7E, 0x34},
575  28,
576  //Base point order q
577  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2,
578  0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D},
579  28,
580  //Cofactor
581  1,
582  //Fast modular reduction
583  secp224r1Mod
584 };
585 
586 #endif
587 #if (SECP256K1_SUPPORT == ENABLED)
588 
589 /**
590  * @brief secp256k1 elliptic curve
591  **/
592 
593 const EcCurveInfo secp256k1Curve =
594 {
595  //Curve name
596  "secp256k1",
597  //Object identifier
598  SECP256K1_OID,
599  sizeof(SECP256K1_OID),
600  //Curve type
601  EC_CURVE_TYPE_SECP_K1,
602  //Prime modulus p
603  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
604  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F},
605  32,
606  //Curve parameter a
607  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
608  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
609  32,
610  //Curve parameter b
611  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
612  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07},
613  32,
614  //x-coordinate of the base point G
615  {0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B, 0x07,
616  0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98},
617  32,
618  //y-coordinate of the base point G
619  {0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08, 0xA8,
620  0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4, 0xB8},
621  32,
622  //Base point order q
623  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
624  0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41},
625  32,
626  //Cofactor
627  1,
628  //Fast modular reduction
629  secp256k1Mod
630 };
631 
632 #endif
633 #if (SECP256R1_SUPPORT == ENABLED)
634 
635 /**
636  * @brief secp256r1 elliptic curve
637  **/
638 
639 const EcCurveInfo secp256r1Curve =
640 {
641  //Curve name
642  "secp256r1",
643  //Object identifier
644  SECP256R1_OID,
645  sizeof(SECP256R1_OID),
646  //Curve type
647  EC_CURVE_TYPE_SECP_R1,
648  //Prime modulus p
649  {0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
650  0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
651  32,
652  //Curve parameter a
653  {0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
654  0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC},
655  32,
656  //Curve parameter b
657  {0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC,
658  0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B},
659  32,
660  //x-coordinate of the base point G
661  {0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2,
662  0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96},
663  32,
664  //y-coordinate of the base point G
665  {0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, 0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16,
666  0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, 0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5},
667  32,
668  //Base point order q
669  {0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
670  0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51},
671  32,
672  //Cofactor
673  1,
674  //Fast modular reduction
675  secp256r1Mod
676 };
677 
678 #endif
679 #if (SECP384R1_SUPPORT == ENABLED)
680 
681 /**
682  * @brief secp384r1 elliptic curve
683  **/
684 
685 const EcCurveInfo secp384r1Curve =
686 {
687  //Curve name
688  "secp384r1",
689  //Object identifier
690  SECP384R1_OID,
691  sizeof(SECP384R1_OID),
692  //Curve type
693  EC_CURVE_TYPE_SECP_R1,
694  //Prime modulus p
695  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
696  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
697  0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF},
698  48,
699  //Curve parameter a
700  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
701  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
702  0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC},
703  48,
704  //Curve parameter b
705  {0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19,
706  0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A,
707  0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF},
708  48,
709  //x-coordinate of the base point G
710  {0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74,
711  0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38,
712  0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7},
713  48,
714  //y-coordinate of the base point G
715  {0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F, 0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29,
716  0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C, 0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0,
717  0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D, 0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F},
718  48,
719  //Base point order q
720  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
721  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF,
722  0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73},
723  48,
724  //Cofactor
725  1,
726  //Fast modular reduction
727  secp384r1Mod
728 };
729 
730 #endif
731 #if (SECP521R1_SUPPORT == ENABLED)
732 
733 /**
734  * @brief secp521r1 elliptic curve
735  **/
736 
737 const EcCurveInfo secp521r1Curve =
738 {
739  //Curve name
740  "secp521r1",
741  //Object identifier
742  SECP521R1_OID,
743  sizeof(SECP521R1_OID),
744  //Curve type
745  EC_CURVE_TYPE_SECP_R1,
746  //Prime modulus p
747  {0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
748  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
749  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
750  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
751  0xFF, 0xFF},
752  66,
753  //Curve parameter a
754  {0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
755  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
756  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
757  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
758  0xFF, 0xFC},
759  66,
760  //Curve parameter b
761  {0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85,
762  0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1,
763  0x09, 0xE1, 0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
764  0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
765  0x3F, 0x00},
766  66,
767  //x-coordinate of the base point G
768  {0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95,
769  0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D,
770  0x3D, 0xBA, 0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
771  0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5,
772  0xBD, 0x66},
773  66,
774  //y-coordinate of the base point G
775  {0x01, 0x18, 0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, 0xC0, 0x04, 0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D,
776  0x1B, 0xD9, 0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, 0x44, 0x68, 0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E,
777  0x66, 0x2C, 0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, 0x26, 0x40, 0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD,
778  0x07, 0x61, 0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, 0xC2, 0x40, 0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1,
779  0x66, 0x50},
780  66,
781  //Base point order q
782  {0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
783  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
784  0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
785  0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38,
786  0x64, 0x09},
787  66,
788  //Cofactor
789  1,
790  //Fast modular reduction
791  secp521r1Mod
792 };
793 
794 #endif
795 #if (BRAINPOOLP160R1_SUPPORT == ENABLED)
796 
797 /**
798  * @brief brainpoolP160r1 elliptic curve
799  **/
800 
801 const EcCurveInfo brainpoolP160r1Curve =
802 {
803  //Curve name
804  "brainpoolP160r1",
805  //Object identifier
806  BRAINPOOLP160R1_OID,
807  sizeof(BRAINPOOLP160R1_OID),
808  //Curve type
809  EC_CURVE_TYPE_BRAINPOOLP_R1,
810  //Prime modulus p
811  {0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13,
812  0x95, 0x15, 0x62, 0x0F},
813  20,
814  //Curve parameter a
815  {0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA, 0xDA, 0x74, 0x5D, 0x97,
816  0xE8, 0xF7, 0xC3, 0x00},
817  20,
818  //Curve parameter b
819  {0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D, 0xBD, 0xEC, 0x95, 0xC8,
820  0xD8, 0x67, 0x5E, 0x58},
821  20,
822  //x-coordinate of the base point G
823  {0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46, 0x31, 0xEB, 0x5A, 0xF7,
824  0xBD, 0xBC, 0xDB, 0xC3},
825  20,
826  //y-coordinate of the base point G
827  {0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41, 0x66, 0x9C, 0x97, 0x63,
828  0x16, 0xDA, 0x63, 0x21},
829  20,
830  //Base point order q
831  {0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40,
832  0x9E, 0x60, 0xFC, 0x09},
833  20,
834  //Cofactor
835  1,
836  //Fast modular reduction
837  NULL
838 };
839 
840 #endif
841 #if (BRAINPOOLP192R1_SUPPORT == ENABLED)
842 
843 /**
844  * @brief brainpoolP192r1 elliptic curve
845  **/
846 
847 const EcCurveInfo brainpoolP192r1Curve =
848 {
849  //Curve name
850  "brainpoolP192r1",
851  //Object identifier
852  BRAINPOOLP192R1_OID,
853  sizeof(BRAINPOOLP192R1_OID),
854  //Curve type
855  EC_CURVE_TYPE_BRAINPOOLP_R1,
856  //Prime modulus p
857  {0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7,
858  0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97},
859  24,
860  //Curve parameter a
861  {0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31, 0xFE, 0x86, 0x85, 0xC1,
862  0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF},
863  24,
864  //Curve parameter b
865  {0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04, 0x4F, 0x44, 0x96, 0xBC,
866  0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9},
867  24,
868  //x-coordinate of the base point G
869  {0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5, 0x6C, 0xB0, 0xF0, 0x90,
870  0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6},
871  24,
872  //y-coordinate of the base point G
873  {0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28, 0xC1, 0x49, 0x00, 0x02,
874  0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F},
875  24,
876  //Base point order q
877  {0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B,
878  0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1},
879  24,
880  //Cofactor
881  1,
882  //Fast modular reduction
883  NULL
884 };
885 
886 #endif
887 #if (BRAINPOOLP224R1_SUPPORT == ENABLED)
888 
889 /**
890  * @brief brainpoolP224r1 elliptic curve
891  **/
892 
893 const EcCurveInfo brainpoolP224r1Curve =
894 {
895  //Curve name
896  "brainpoolP224r1",
897  //Object identifier
898  BRAINPOOLP224R1_OID,
899  sizeof(BRAINPOOLP224R1_OID),
900  //Curve type
901  EC_CURVE_TYPE_BRAINPOOLP_R1,
902  //Prime modulus p
903  {0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87,
904  0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFF},
905  28,
906  //Curve parameter a
907  {0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6, 0xC1, 0x53, 0x0B, 0x51,
908  0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, 0xCA, 0xD2, 0x9F, 0x43},
909  28,
910  //Curve parameter b
911  {0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1, 0xA9, 0x23, 0x69, 0xE3,
912  0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, 0x38, 0x6C, 0x40, 0x0B},
913  28,
914  //x-coordinate of the base point G
915  {0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2, 0xA8, 0x7D, 0xC6, 0x8C,
916  0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, 0xEE, 0x12, 0xC0, 0x7D},
917  28,
918  //y-coordinate of the base point G
919  {0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E, 0x4E, 0xCD, 0xAC, 0x24,
920  0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, 0x76, 0x14, 0x02, 0xCD},
921  28,
922  //Base point order q
923  {0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98,
924  0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, 0xA5, 0xA7, 0x93, 0x9F},
925  28,
926  //Cofactor
927  1,
928  //Fast modular reduction
929  NULL
930 };
931 
932 #endif
933 #if (BRAINPOOLP256R1_SUPPORT == ENABLED)
934 
935 /**
936  * @brief brainpoolP256r1 elliptic curve
937  **/
938 
939 const EcCurveInfo brainpoolP256r1Curve =
940 {
941  //Curve name
942  "brainpoolP256r1",
943  //Object identifier
944  BRAINPOOLP256R1_OID,
945  sizeof(BRAINPOOLP256R1_OID),
946  //Curve type
947  EC_CURVE_TYPE_BRAINPOOLP_R1,
948  //Prime modulus p
949  {0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72,
950  0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77},
951  32,
952  //Curve parameter a
953  {0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, 0x75, 0x30, 0x41, 0x7A, 0xFF, 0xE7,
954  0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9},
955  32,
956  //Curve parameter b
957  {0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9, 0xBB, 0xD7, 0x7C, 0xBF,
958  0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE, 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6},
959  32,
960  //x-coordinate of the base point G
961  {0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, 0x48, 0x2F, 0xFC, 0x81, 0xB7, 0xAF,
962  0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2, 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62},
963  32,
964  //y-coordinate of the base point G
965  {0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, 0x46, 0x1A, 0x14, 0x61, 0x1D, 0xC9,
966  0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54, 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97},
967  32,
968  //Base point order q
969  {0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71,
970  0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7},
971  32,
972  //Cofactor
973  1,
974  //Fast modular reduction
975  NULL
976 };
977 
978 #endif
979 #if (BRAINPOOLP320R1_SUPPORT == ENABLED)
980 
981 /**
982  * @brief brainpoolP320r1 elliptic curve
983  **/
984 
985 const EcCurveInfo brainpoolP320r1Curve =
986 {
987  //Curve name
988  "brainpoolP320r1",
989  //Object identifier
990  BRAINPOOLP320R1_OID,
991  sizeof(BRAINPOOLP320R1_OID),
992  //Curve type
993  EC_CURVE_TYPE_BRAINPOOLP_R1,
994  //Prime modulus p
995  {0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65,
996  0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28,
997  0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27},
998  40,
999  //Curve parameter a
1000  {0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, 0xEB, 0xD4, 0x6D, 0x3F, 0x3B, 0xB8,
1001  0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA, 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4,
1002  0x92, 0xF3, 0x75, 0xA9, 0x7D, 0x86, 0x0E, 0xB4},
1003  40,
1004  //Curve parameter b
1005  {0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, 0x19, 0x86, 0x40, 0x68, 0x8A, 0x6F,
1006  0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A, 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81,
1007  0x6F, 0x5E, 0xB4, 0xAC, 0x8F, 0xB1, 0xF1, 0xA6},
1008  40,
1009  //x-coordinate of the base point G
1010  {0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, 0xBC, 0xC4, 0x8E, 0xE5, 0xBF, 0xE6,
1011  0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6, 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7,
1012  0x10, 0xAF, 0x8D, 0x0D, 0x39, 0xE2, 0x06, 0x11},
1013  40,
1014  //y-coordinate of the base point G
1015  {0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, 0x93, 0x24, 0x7F, 0x77, 0x27, 0x5E,
1016  0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA, 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7,
1017  0xD3, 0x52, 0x45, 0xD1, 0x69, 0x2E, 0x8E, 0xE1},
1018  40,
1019  //Base point order q
1020  {0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65,
1021  0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9,
1022  0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11},
1023  40,
1024  //Cofactor
1025  1,
1026  //Fast modular reduction
1027  NULL
1028 };
1029 
1030 #endif
1031 #if (BRAINPOOLP384R1_SUPPORT == ENABLED)
1032 
1033 /**
1034  * @brief brainpoolP384r1 elliptic curve
1035  **/
1036 
1037 const EcCurveInfo brainpoolP384r1Curve =
1038 {
1039  //Curve name
1040  "brainpoolP384r1",
1041  //Object identifier
1042  BRAINPOOLP384R1_OID,
1043  sizeof(BRAINPOOLP384R1_OID),
1044  //Curve type
1045  EC_CURVE_TYPE_BRAINPOOLP_R1,
1046  //Prime modulus p
1047  {0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF,
1048  0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23,
1049  0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53},
1050  48,
1051  //Curve parameter a
1052  {0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0,
1053  0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F,
1054  0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB, 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26},
1055  48,
1056  //Curve parameter b
1057  {0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C,
1058  0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6, 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5,
1059  0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94, 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11},
1060  48,
1061  //x-coordinate of the base point G
1062  {0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B,
1063  0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3, 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8,
1064  0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA, 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E},
1065  48,
1066  //y-coordinate of the base point G
1067  {0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52,
1068  0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64, 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28,
1069  0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15},
1070  48,
1071  //Base point order q
1072  {0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF,
1073  0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7,
1074  0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65},
1075  48,
1076  //Cofactor
1077  1,
1078  //Fast modular reduction
1079  NULL
1080 };
1081 
1082 #endif
1083 #if (BRAINPOOLP512R1_SUPPORT == ENABLED)
1084 
1085 /**
1086  * @brief brainpoolP512r1 elliptic curve
1087  **/
1088 
1089 const EcCurveInfo brainpoolP512r1Curve =
1090 {
1091  //Curve name
1092  "brainpoolP512r1",
1093  //Object identifier
1094  BRAINPOOLP512R1_OID,
1095  sizeof(BRAINPOOLP512R1_OID),
1096  //Curve type
1097  EC_CURVE_TYPE_BRAINPOOLP_R1,
1098  //Prime modulus p
1099  {0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07,
1100  0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71,
1101  0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
1102  0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, 0x58, 0x3A, 0x48, 0xF3},
1103  64,
1104  //Curve parameter a
1105  {0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5,
1106  0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC,
1107  0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5,
1108  0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA},
1109  64,
1110  //Curve parameter b
1111  {0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A,
1112  0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7,
1113  0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67,
1114  0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63, 0x80, 0x16, 0xF7, 0x23},
1115  64,
1116  //x-coordinate of the base point G
1117  {0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93,
1118  0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1, 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E,
1119  0xFF, 0x3B, 0x1F, 0x78, 0xE2, 0xD0, 0xD4, 0x8D, 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F,
1120  0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09, 0xBC, 0xB9, 0xF8, 0x22},
1121  64,
1122  //y-coordinate of the base point G
1123  {0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD,
1124  0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A, 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11,
1125  0xB2, 0xDC, 0xDE, 0x49, 0x4A, 0x5F, 0x48, 0x5E, 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE,
1126  0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F, 0x3A, 0xD8, 0x08, 0x92},
1127  64,
1128  //Base point order q
1129  {0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07,
1130  0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70,
1131  0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47,
1132  0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, 0x9C, 0xA9, 0x00, 0x69},
1133  64,
1134  //Cofactor
1135  1,
1136  //Fast modular reduction
1137  NULL
1138 };
1139 
1140 #endif
1141 #if (FRP256V1_SUPPORT == ENABLED)
1142 
1143 /**
1144  * @brief FRP256v1 elliptic curve
1145  **/
1146 
1147 const EcCurveInfo frp256v1Curve =
1148 {
1149  //Curve name
1150  "FRP256v1",
1151  //Object identifier
1152  FRP256V1_OID,
1153  sizeof(FRP256V1_OID),
1154  //Curve type
1155  EC_CURVE_TYPE_SECP_R1,
1156  //Prime modulus p
1157  {0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B,
1158  0x39, 0x61, 0xAD, 0xBC, 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E, 0x9C, 0x03},
1159  32,
1160  //Curve parameter a
1161  {0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B,
1162  0x39, 0x61, 0xAD, 0xBC, 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E, 0x9C, 0x00},
1163  32,
1164  //Curve parameter b
1165  {0xEE, 0x35, 0x3F, 0xCA, 0x54, 0x28, 0xA9, 0x30, 0x0D, 0x4A, 0xBA, 0x75, 0x4A, 0x44, 0xC0, 0x0F,
1166  0xDF, 0xEC, 0x0C, 0x9A, 0xE4, 0xB1, 0xA1, 0x80, 0x30, 0x75, 0xED, 0x96, 0x7B, 0x7B, 0xB7, 0x3F},
1167  32,
1168  //x-coordinate of the base point G
1169  {0xB6, 0xB3, 0xD4, 0xC3, 0x56, 0xC1, 0x39, 0xEB, 0x31, 0x18, 0x3D, 0x47, 0x49, 0xD4, 0x23, 0x95,
1170  0x8C, 0x27, 0xD2, 0xDC, 0xAF, 0x98, 0xB7, 0x01, 0x64, 0xC9, 0x7A, 0x2D, 0xD9, 0x8F, 0x5C, 0xFF},
1171  32,
1172  //y-coordinate of the base point G
1173  {0x61, 0x42, 0xE0, 0xF7, 0xC8, 0xB2, 0x04, 0x91, 0x1F, 0x92, 0x71, 0xF0, 0xF3, 0xEC, 0xEF, 0x8C,
1174  0x27, 0x01, 0xC3, 0x07, 0xE8, 0xE4, 0xC9, 0xE1, 0x83, 0x11, 0x5A, 0x15, 0x54, 0x06, 0x2C, 0xFB},
1175  32,
1176  //Base point order q
1177  {0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B,
1178  0x53, 0xDC, 0x67, 0xE1, 0x40, 0xD2, 0xBF, 0x94, 0x1F, 0xFD, 0xD4, 0x59, 0xC6, 0xD6, 0x55, 0xE1},
1179  32,
1180  //Cofactor
1181  1,
1182  //Fast modular reduction
1183  NULL
1184 };
1185 
1186 #endif
1187 #if (SM2_SUPPORT == ENABLED)
1188 
1189 /**
1190  * @brief SM2 elliptic curve
1191  **/
1192 
1193 const EcCurveInfo sm2Curve =
1194 {
1195  //Curve name
1196  "curveSM2",
1197  //Object identifier
1198  SM2_OID,
1199  sizeof(SM2_OID),
1200  //Curve type
1201  EC_CURVE_TYPE_SECP_R1,
1202  //Prime modulus p
1203  {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1204  0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
1205  32,
1206  //Curve parameter a
1207  {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1208  0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC},
1209  32,
1210  //Curve parameter b
1211  {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7,
1212  0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93},
1213  32,
1214  //x-coordinate of the base point G
1215  {0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
1216  0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1, 0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7},
1217  32,
1218  //y-coordinate of the base point G
1219  {0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
1220  0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40, 0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0},
1221  32,
1222  //Base point order q
1223  {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1224  0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23},
1225  32,
1226  //Cofactor
1227  1,
1228  //Fast modular reduction
1229  sm2Mod
1230 };
1231 
1232 #endif
1233 #if (X25519_SUPPORT == ENABLED)
1234 
1235 /**
1236  * @brief Curve25519 elliptic curve
1237  **/
1238 
1239 const EcCurveInfo x25519Curve =
1240 {
1241  //Curve name
1242  "curve25519",
1243  //Object identifier
1244  X25519_OID,
1245  sizeof(X25519_OID),
1246  //Curve type
1247  EC_CURVE_TYPE_X25519,
1248  //Prime modulus p
1249  {0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1250  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED},
1251  32,
1252  //Curve parameter a
1253  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1254  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x6D, 0x06},
1255  32,
1256  //Curve parameter b
1257  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1258  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1259  32,
1260  //u-coordinate of the base point G
1261  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1262  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09},
1263  32,
1264  //v-coordinate of the base point G
1265  {0x20, 0xAE, 0x19, 0xA1, 0xB8, 0xA0, 0x86, 0xB4, 0xE0, 0x1E, 0xDD, 0x2C, 0x77, 0x48, 0xD1, 0x4C,
1266  0x92, 0x3D, 0x4D, 0x7E, 0x6D, 0x7C, 0x61, 0xB2, 0x29, 0xE9, 0xC5, 0xA2, 0x7E, 0xCE, 0xD3, 0xD9},
1267  32,
1268  //Base point order q
1269  {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1270  0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6, 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED},
1271  32,
1272  //Cofactor
1273  8,
1274  //Fast modular reduction
1275  NULL
1276 };
1277 
1278 #endif
1279 #if (X448_SUPPORT == ENABLED)
1280 
1281 /**
1282  * @brief Curve448 elliptic curve
1283  **/
1284 
1285 const EcCurveInfo x448Curve =
1286 {
1287  //Curve name
1288  "curve448",
1289  //Object identifier
1290  X448_OID,
1291  sizeof(X448_OID),
1292  //Curve type
1293  EC_CURVE_TYPE_X448,
1294  //Prime modulus p
1295  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1296  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
1297  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1298  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
1299  56,
1300  //Curve parameter a
1301  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1302  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1303  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1304  0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x62, 0xA6},
1305  56,
1306  //Curve parameter b
1307  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1308  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1309  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1310  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1311  56,
1312  //u-coordinate of the base point G
1313  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1314  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1315  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1316  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05},
1317  56,
1318  //v-coordinate of the base point G
1319  {0x7D, 0x23, 0x5D, 0x12, 0x95, 0xF5, 0xB1, 0xF6, 0x6C, 0x98, 0xAB, 0x6E, 0x58, 0x32, 0x6F, 0xCE,
1320  0xCB, 0xAE, 0x5D, 0x34, 0xF5, 0x55, 0x45, 0xD0, 0x60, 0xF7, 0x5D, 0xC2, 0x8D, 0xF3, 0xF6, 0xED,
1321  0xB8, 0x02, 0x7E, 0x23, 0x46, 0x43, 0x0D, 0x21, 0x13, 0x12, 0xC4, 0xB1, 0x50, 0x67, 0x7A, 0xF7,
1322  0x6F, 0xD7, 0x22, 0x3D, 0x45, 0x7B, 0x5B, 0x1A},
1323  56,
1324  //Base point order q
1325  {0x3F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1326  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7C, 0xCA, 0x23, 0xE9,
1327  0xC4, 0x4E, 0xDB, 0x49, 0xAE, 0xD6, 0x36, 0x90, 0x21, 0x6C, 0xC2, 0x72, 0x8D, 0xC5, 0x8F, 0x55,
1328  0x23, 0x78, 0xC2, 0x92, 0xAB, 0x58, 0x44, 0xF3},
1329  56,
1330  //Cofactor
1331  4,
1332  //Fast modular reduction
1333  NULL
1334 };
1335 
1336 #endif
1337 #if (ED25519_SUPPORT == ENABLED)
1338 
1339 /**
1340  * @brief Ed25519 elliptic curve
1341  **/
1342 
1343 const EcCurveInfo ed25519Curve =
1344 {
1345  //Curve name
1346  "Ed25519",
1347  //Object identifier
1348  ED25519_OID,
1349  sizeof(ED25519_OID),
1350  //Curve type
1351  EC_CURVE_TYPE_ED25519,
1352  //Prime modulus p
1353  {0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1354  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED},
1355  32,
1356  //Curve parameter a
1357  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1358  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x6D, 0x06},
1359  32,
1360  //Curve parameter b
1361  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1362  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1363  32,
1364  //x-coordinate of the base point G
1365  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1366  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09},
1367  32,
1368  //y-coordinate of the base point G
1369  {0x20, 0xAE, 0x19, 0xA1, 0xB8, 0xA0, 0x86, 0xB4, 0xE0, 0x1E, 0xDD, 0x2C, 0x77, 0x48, 0xD1, 0x4C,
1370  0x92, 0x3D, 0x4D, 0x7E, 0x6D, 0x7C, 0x61, 0xB2, 0x29, 0xE9, 0xC5, 0xA2, 0x7E, 0xCE, 0xD3, 0xD9},
1371  32,
1372  //Base point order q
1373  {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1374  0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6, 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED},
1375  32,
1376  //Cofactor
1377  8,
1378  //Fast modular reduction
1379  NULL
1380 };
1381 
1382 #endif
1383 #if (ED448_SUPPORT == ENABLED)
1384 
1385 /**
1386  * @brief Ed448 elliptic curve
1387  **/
1388 
1389 const EcCurveInfo ed448Curve =
1390 {
1391  //Curve name
1392  "Ed448",
1393  //Object identifier
1394  ED448_OID,
1395  sizeof(ED448_OID),
1396  //Curve type
1397  EC_CURVE_TYPE_ED448,
1398  //Prime modulus p
1399  {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1400  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
1401  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1402  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
1403  56,
1404  //Curve parameter a
1405  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1406  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1407  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1408  0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x62, 0xA6},
1409  56,
1410  //Curve parameter b
1411  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1412  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1413  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1414  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
1415  56,
1416  //x-coordinate of the base point G
1417  {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1418  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1419  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1420  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05},
1421  56,
1422  //y-coordinate of the base point G
1423  {0x7D, 0x23, 0x5D, 0x12, 0x95, 0xF5, 0xB1, 0xF6, 0x6C, 0x98, 0xAB, 0x6E, 0x58, 0x32, 0x6F, 0xCE,
1424  0xCB, 0xAE, 0x5D, 0x34, 0xF5, 0x55, 0x45, 0xD0, 0x60, 0xF7, 0x5D, 0xC2, 0x8D, 0xF3, 0xF6, 0xED,
1425  0xB8, 0x02, 0x7E, 0x23, 0x46, 0x43, 0x0D, 0x21, 0x13, 0x12, 0xC4, 0xB1, 0x50, 0x67, 0x7A, 0xF7,
1426  0x6F, 0xD7, 0x22, 0x3D, 0x45, 0x7B, 0x5B, 0x1A},
1427  56,
1428  //Base point order q
1429  {0x3F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1430  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7C, 0xCA, 0x23, 0xE9,
1431  0xC4, 0x4E, 0xDB, 0x49, 0xAE, 0xD6, 0x36, 0x90, 0x21, 0x6C, 0xC2, 0x72, 0x8D, 0xC5, 0x8F, 0x55,
1432  0x23, 0x78, 0xC2, 0x92, 0xAB, 0x58, 0x44, 0xF3},
1433  56,
1434  //Cofactor
1435  4,
1436  //Fast modular reduction
1437  NULL
1438 };
1439 
1440 #endif
1441 #if (SECP128R1_SUPPORT == ENABLED)
1442 
1443 /**
1444  * @brief Fast modular reduction (secp128r1 curve)
1445  * @param[in,out] a This function accept an integer less than p^2 as
1446  * input and return (a mod p) as output
1447  * @param[in] p Prime modulus
1448  **/
1449 
1450 error_t secp128r1Mod(Mpi *a, const Mpi *p)
1451 {
1452  error_t error;
1453  Mpi t;
1454 
1455  //Initialize multiple precision integers
1456  mpiInit(&t);
1457 
1458  //Ajust the size of the integers
1459  MPI_CHECK(mpiGrow(a, 32 / MPI_INT_SIZE));
1460  MPI_CHECK(mpiGrow(&t, 32 / MPI_INT_SIZE));
1461 
1462  //Perform modular reduction
1463  do
1464  {
1465  //Compute T = 0 | 0 | 0 | 0 | A7 | A6 | A5 | A4
1466  COPY_WORD32(&t, 0, a, 4, 4);
1467  CLEAR_WORD32(&t, 4, 4);
1468 
1469  //Clear A7 | A6 | A5 | A4
1470  CLEAR_WORD32(a, 4, 4);
1471 
1472  //Compute A = A + T + (T << 97)
1473  MPI_CHECK(mpiAdd(a, a, &t));
1474  MPI_CHECK(mpiShiftLeft(&t, 97));
1475  MPI_CHECK(mpiAdd(a, a, &t));
1476 
1477  //Check for end condition
1478  } while(mpiComp(a, p) > 0);
1479 
1480 end:
1481  //Release multiple precision integers
1482  mpiFree(&t);
1483 
1484  //Return status code
1485  return error;
1486 }
1487 
1488 #endif
1489 #if (SECP128R2_SUPPORT == ENABLED)
1490 
1491 /**
1492  * @brief Fast modular reduction (secp128r2 curve)
1493  * @param[in,out] a This function accept an integer less than p^2 as
1494  * input and return (a mod p) as output
1495  * @param[in] p Prime modulus
1496  **/
1497 
1498 error_t secp128r2Mod(Mpi *a, const Mpi *p)
1499 {
1500  error_t error;
1501  Mpi t;
1502 
1503  //Initialize multiple precision integers
1504  mpiInit(&t);
1505 
1506  //Ajust the size of the integers
1507  MPI_CHECK(mpiGrow(a, 32 / MPI_INT_SIZE));
1508  MPI_CHECK(mpiGrow(&t, 32 / MPI_INT_SIZE));
1509 
1510  //Perform modular reduction
1511  do
1512  {
1513  //Compute T = 0 | 0 | 0 | 0 | A7 | A6 | A5 | A4
1514  COPY_WORD32(&t, 0, a, 4, 4);
1515  CLEAR_WORD32(&t, 4, 4);
1516 
1517  //Clear A7 | A6 | A5 | A4
1518  CLEAR_WORD32(a, 4, 4);
1519 
1520  //Compute A = A + T + (T << 97)
1521  MPI_CHECK(mpiAdd(a, a, &t));
1522  MPI_CHECK(mpiShiftLeft(&t, 97));
1523  MPI_CHECK(mpiAdd(a, a, &t));
1524 
1525  //Check for end condition
1526  } while(mpiComp(a, p) > 0);
1527 
1528 end:
1529  //Release multiple precision integers
1530  mpiFree(&t);
1531 
1532  //Return status code
1533  return error;
1534 }
1535 
1536 #endif
1537 #if (SECP160K1_SUPPORT == ENABLED)
1538 
1539 /**
1540  * @brief Fast modular reduction (secp160k1 curve)
1541  * @param[in,out] a This function accept an integer less than p^2 as
1542  * input and return (a mod p) as output
1543  * @param[in] p Prime modulus
1544  **/
1545 
1546 error_t secp160k1Mod(Mpi *a, const Mpi *p)
1547 {
1548  error_t error;
1549  Mpi t;
1550 
1551  //Initialize multiple precision integers
1552  mpiInit(&t);
1553 
1554  //Ajust the size of the integers
1555  MPI_CHECK(mpiGrow(a, 40 / MPI_INT_SIZE));
1556  MPI_CHECK(mpiGrow(&t, 24 / MPI_INT_SIZE));
1557 
1558  //Perform modular reduction
1559  do
1560  {
1561  //Compute T = A9 | A8 | A7 | A6 | A5 | 0
1562  CLEAR_WORD32(&t, 0, 1);
1563  COPY_WORD32(&t, 1, a, 5, 5);
1564 
1565  //Clear A9 | A8 | A7 | A6 | A5
1566  CLEAR_WORD32(a, 5, 5);
1567 
1568  //Compute A = A + T
1569  MPI_CHECK(mpiAdd(a, a, &t));
1570  //Compute T = T >> 32
1571  MPI_CHECK(mpiShiftRight(&t, 32));
1572  //Compute A = A + (21389 * T)
1573  MPI_CHECK(mpiMulInt(&t, &t, 21389));
1574  MPI_CHECK(mpiAdd(a, a, &t));
1575 
1576  //Check for end condition
1577  } while(mpiComp(a, p) > 0);
1578 
1579 end:
1580  //Release multiple precision integers
1581  mpiFree(&t);
1582 
1583  //Return status code
1584  return error;
1585 }
1586 
1587 #endif
1588 #if (SECP160R1_SUPPORT == ENABLED)
1589 
1590 /**
1591  * @brief Fast modular reduction (secp160r1 curve)
1592  * @param[in,out] a This function accept an integer less than p^2 as
1593  * input and return (a mod p) as output
1594  * @param[in] p Prime modulus
1595  **/
1596 
1597 error_t secp160r1Mod(Mpi *a, const Mpi *p)
1598 {
1599  error_t error;
1600  Mpi t;
1601 
1602  //Initialize multiple precision integers
1603  mpiInit(&t);
1604 
1605  //Ajust the size of the integers
1606  MPI_CHECK(mpiGrow(a, 40 / MPI_INT_SIZE));
1607  MPI_CHECK(mpiGrow(&t, 24 / MPI_INT_SIZE));
1608 
1609  //Perform modular reduction
1610  do
1611  {
1612  //Compute T = 0 | A9 | A8 | A7 | A6 | A5
1613  COPY_WORD32(&t, 0, a, 5, 5);
1614  CLEAR_WORD32(&t, 5, 1);
1615 
1616  //Clear A9 | A8 | A7 | A6 | A5
1617  CLEAR_WORD32(a, 5, 5);
1618 
1619  //Compute A = A + T + (T << 31)
1620  MPI_CHECK(mpiAdd(a, a, &t));
1621  MPI_CHECK(mpiShiftLeft(&t, 31));
1622  MPI_CHECK(mpiAdd(a, a, &t));
1623 
1624  //Check for end condition
1625  } while(mpiComp(a, p) > 0);
1626 
1627 end:
1628  //Release multiple precision integers
1629  mpiFree(&t);
1630 
1631  //Return status code
1632  return error;
1633 }
1634 
1635 #endif
1636 #if (SECP160R2_SUPPORT == ENABLED)
1637 
1638 /**
1639  * @brief Fast modular reduction (secp160r2 curve)
1640  * @param[in,out] a This function accept an integer less than p^2 as
1641  * input and return (a mod p) as output
1642  * @param[in] p Prime modulus
1643  **/
1644 
1645 error_t secp160r2Mod(Mpi *a, const Mpi *p)
1646 {
1647  error_t error;
1648  Mpi t;
1649 
1650  //Initialize multiple precision integers
1651  mpiInit(&t);
1652 
1653  //Ajust the size of the integers
1654  MPI_CHECK(mpiGrow(a, 40 / MPI_INT_SIZE));
1655  MPI_CHECK(mpiGrow(&t, 24 / MPI_INT_SIZE));
1656 
1657  //Perform modular reduction
1658  do
1659  {
1660  //Compute T = A9 | A8 | A7 | A6 | A5 | 0
1661  CLEAR_WORD32(&t, 0, 1);
1662  COPY_WORD32(&t, 1, a, 5, 5);
1663 
1664  //Clear A9 | A8 | A7 | A6 | A5
1665  CLEAR_WORD32(a, 5, 5);
1666 
1667  //Compute A = A + T
1668  MPI_CHECK(mpiAdd(a, a, &t));
1669  //Compute T = T >> 32
1670  MPI_CHECK(mpiShiftRight(&t, 32));
1671  //Compute A = A + (21389 * T)
1672  MPI_CHECK(mpiMulInt(&t, &t, 21389));
1673  MPI_CHECK(mpiAdd(a, a, &t));
1674 
1675  //Check for end condition
1676  } while(mpiComp(a, p) > 0);
1677 
1678 end:
1679  //Release multiple precision integers
1680  mpiFree(&t);
1681 
1682  //Return status code
1683  return error;
1684 }
1685 
1686 #endif
1687 #if (SECP192K1_SUPPORT == ENABLED)
1688 
1689 /**
1690  * @brief Fast modular reduction (secp192k1 curve)
1691  * @param[in,out] a This function accept an integer less than p^2 as
1692  * input and return (a mod p) as output
1693  * @param[in] p Prime modulus
1694  **/
1695 
1696 error_t secp192k1Mod(Mpi *a, const Mpi *p)
1697 {
1698  error_t error;
1699  Mpi t;
1700 
1701  //Initialize multiple precision integers
1702  mpiInit(&t);
1703 
1704  //Ajust the size of the integers
1705  MPI_CHECK(mpiGrow(a, 48 / MPI_INT_SIZE));
1706  MPI_CHECK(mpiGrow(&t, 28 / MPI_INT_SIZE));
1707 
1708  //Perform modular reduction
1709  do
1710  {
1711  //Compute T = A11 | A10 | A9 | A8 | A7 | A6 | 0
1712  CLEAR_WORD32(&t, 0, 1);
1713  COPY_WORD32(&t, 1, a, 6, 6);
1714 
1715  //Clear A11 | A10 | A9 | A8 | A7 | A6
1716  CLEAR_WORD32(a, 6, 6);
1717 
1718  //Compute A = A + T
1719  MPI_CHECK(mpiAdd(a, a, &t));
1720  //Compute T = T >> 32
1721  MPI_CHECK(mpiShiftRight(&t, 32));
1722  //Compute A = A + (4553 * T)
1723  MPI_CHECK(mpiMulInt(&t, &t, 4553));
1724  MPI_CHECK(mpiAdd(a, a, &t));
1725 
1726  //Check for end condition
1727  } while(mpiComp(a, p) > 0);
1728 
1729 end:
1730  //Release multiple precision integers
1731  mpiFree(&t);
1732 
1733  //Return status code
1734  return error;
1735 }
1736 
1737 #endif
1738 #if (SECP192R1_SUPPORT == ENABLED)
1739 
1740 /**
1741  * @brief Fast modular reduction (secp192r1 curve)
1742  * @param[in,out] a This function accept an integer less than p^2 as
1743  * input and return (a mod p) as output
1744  * @param[in] p Prime modulus
1745  **/
1746 
1747 error_t secp192r1Mod(Mpi *a, const Mpi *p)
1748 {
1749  error_t error;
1750  Mpi s;
1751  Mpi t;
1752 
1753  //Initialize multiple precision integers
1754  mpiInit(&s);
1755  mpiInit(&t);
1756 
1757  //Ajust the size of the integers
1758  MPI_CHECK(mpiGrow(a, 48 / MPI_INT_SIZE));
1759  MPI_CHECK(mpiGrow(&s, 24 / MPI_INT_SIZE));
1760  MPI_CHECK(mpiGrow(&t, 24 / MPI_INT_SIZE));
1761 
1762  //Compute T = A5 | A4 | A3 | A2 | A1 | A0
1763  COPY_WORD32(&t, 0, a, 0, 6);
1764 
1765  //Compute S1 = 0 | 0 | A7 | A6 | A7 | A6
1766  COPY_WORD32(&s, 0, a, 6, 2);
1767  COPY_WORD32(&s, 2, a, 6, 2);
1768  CLEAR_WORD32(&s, 4, 2);
1769  //Compute T = T + S1
1770  MPI_CHECK(mpiAdd(&t, &t, &s));
1771 
1772  //Compute S2 = A9 | A8 | A9 | A8 | 0 | 0
1773  CLEAR_WORD32(&s, 0, 2);
1774  COPY_WORD32(&s, 2, a, 8, 2);
1775  COPY_WORD32(&s, 4, a, 8, 2);
1776  //Compute T = T + S2
1777  MPI_CHECK(mpiAdd(&t, &t, &s));
1778 
1779  //Compute S3 = A11 | A10 | A11 | A10 | A11 | A10
1780  COPY_WORD32(&s, 0, a, 10, 2);
1781  COPY_WORD32(&s, 2, a, 10, 2);
1782  COPY_WORD32(&s, 4, a, 10, 2);
1783  //Compute T = T + S3
1784  MPI_CHECK(mpiAdd(&t, &t, &s));
1785 
1786  //Compute (T + S1 + S2 + S3) mod p
1787  while(mpiComp(&t, p) >= 0)
1788  {
1789  MPI_CHECK(mpiSub(&t, &t, p));
1790  }
1791 
1792  //Save result
1793  MPI_CHECK(mpiCopy(a, &t));
1794 
1795 end:
1796  //Release multiple precision integers
1797  mpiFree(&s);
1798  mpiFree(&t);
1799 
1800  //Return status code
1801  return error;
1802 }
1803 
1804 #endif
1805 #if (SECP224K1_SUPPORT == ENABLED)
1806 
1807 /**
1808  * @brief Fast modular reduction (secp224k1 curve)
1809  * @param[in,out] a This function accept an integer less than p^2 as
1810  * input and return (a mod p) as output
1811  * @param[in] p Prime modulus
1812  **/
1813 
1814 error_t secp224k1Mod(Mpi *a, const Mpi *p)
1815 {
1816  error_t error;
1817  Mpi t;
1818 
1819  //Initialize multiple precision integers
1820  mpiInit(&t);
1821 
1822  //Ajust the size of the integers
1823  MPI_CHECK(mpiGrow(a, 56 / MPI_INT_SIZE));
1824  MPI_CHECK(mpiGrow(&t, 32 / MPI_INT_SIZE));
1825 
1826  //Perform modular reduction
1827  do
1828  {
1829  //Compute T = A13 | A12 | A11 | A10 | A9 | A8 | A7 | 0
1830  CLEAR_WORD32(&t, 0, 1);
1831  COPY_WORD32(&t, 1, a, 7, 7);
1832 
1833  //Clear A13 | A12 | A11 | A10 | A9 | A8 | A7
1834  CLEAR_WORD32(a, 7, 7);
1835 
1836  //Compute A = A + T
1837  MPI_CHECK(mpiAdd(a, a, &t));
1838  //Compute T = T >> 32
1839  MPI_CHECK(mpiShiftRight(&t, 32));
1840  //Compute A = A + (6803 * T)
1841  MPI_CHECK(mpiMulInt(&t, &t, 6803));
1842  MPI_CHECK(mpiAdd(a, a, &t));
1843 
1844  //Check for end condition
1845  } while(mpiComp(a, p) > 0);
1846 
1847 end:
1848  //Release multiple precision integers
1849  mpiFree(&t);
1850 
1851  //Return status code
1852  return error;
1853 }
1854 
1855 #endif
1856 #if (SECP224R1_SUPPORT == ENABLED)
1857 
1858 /**
1859  * @brief Fast modular reduction (secp224r1 curve)
1860  * @param[in,out] a This function accept an integer less than p^2 as
1861  * input and return (a mod p) as output
1862  * @param[in] p Prime modulus
1863  **/
1864 
1865 error_t secp224r1Mod(Mpi *a, const Mpi *p)
1866 {
1867  error_t error;
1868  Mpi s;
1869  Mpi t;
1870 
1871  //Initialize multiple precision integers
1872  mpiInit(&s);
1873  mpiInit(&t);
1874 
1875  //Ajust the size of the integers
1876  MPI_CHECK(mpiGrow(a, 56 / MPI_INT_SIZE));
1877  MPI_CHECK(mpiGrow(&s, 28 / MPI_INT_SIZE));
1878  MPI_CHECK(mpiGrow(&t, 28 / MPI_INT_SIZE));
1879 
1880  //Compute T = A6 | A5 | A4 | A3 | A2 | A1 | A0
1881  COPY_WORD32(&t, 0, a, 0, 7);
1882 
1883  //Compute S1 = A10 | A9 | A8 | A7 | 0 | 0 | 0
1884  CLEAR_WORD32(&s, 0, 3);
1885  COPY_WORD32(&s, 3, a, 7, 4);
1886  //Compute T = T + S1
1887  MPI_CHECK(mpiAdd(&t, &t, &s));
1888 
1889  //Compute S2 = 0 | A13 | A12 | A11 | 0 | 0 | 0
1890  CLEAR_WORD32(&s, 0, 3);
1891  COPY_WORD32(&s, 3, a, 11, 3);
1892  CLEAR_WORD32(&s, 6, 1);
1893  //Compute T = T + S2
1894  MPI_CHECK(mpiAdd(&t, &t, &s));
1895 
1896  //Compute D1 = A13 | A12 | A11 | A10 | A9 | A8 | A7
1897  COPY_WORD32(&s, 0, a, 7, 7);
1898  //Compute T = T - D1
1899  MPI_CHECK(mpiSub(&t, &t, &s));
1900 
1901  //Compute D2 = 0 | 0 | 0 | 0 | A13 | A12 | A11
1902  COPY_WORD32(&s, 0, a, 11, 3);
1903  CLEAR_WORD32(&s, 3, 4);
1904  //Compute T = T - D2
1905  MPI_CHECK(mpiSub(&t, &t, &s));
1906 
1907  //Compute (T + S1 + S2 - D1 - D2) mod p
1908  while(mpiComp(&t, p) >= 0)
1909  {
1910  MPI_CHECK(mpiSub(&t, &t, p));
1911  }
1912 
1913  while(mpiCompInt(&t, 0) < 0)
1914  {
1915  MPI_CHECK(mpiAdd(&t, &t, p));
1916  }
1917 
1918  //Save result
1919  MPI_CHECK(mpiCopy(a, &t));
1920 
1921 end:
1922  //Release multiple precision integers
1923  mpiFree(&s);
1924  mpiFree(&t);
1925 
1926  //Return status code
1927  return error;
1928 }
1929 
1930 #endif
1931 #if (SECP256K1_SUPPORT == ENABLED)
1932 
1933 /**
1934  * @brief Fast modular reduction (secp256k1 curve)
1935  * @param[in,out] a This function accept an integer less than p^2 as
1936  * input and return (a mod p) as output
1937  * @param[in] p Prime modulus
1938  **/
1939 
1940 error_t secp256k1Mod(Mpi *a, const Mpi *p)
1941 {
1942  error_t error;
1943  Mpi t;
1944 
1945  //Initialize multiple precision integers
1946  mpiInit(&t);
1947 
1948  //Ajust the size of the integers
1949  MPI_CHECK(mpiGrow(a, 64 / MPI_INT_SIZE));
1950  MPI_CHECK(mpiGrow(&t, 36 / MPI_INT_SIZE));
1951 
1952  //Perform modular reduction
1953  do
1954  {
1955  //Compute T = A15 | A14 | A13 | A12 | A11 | A10 | A9 | A8 | 0
1956  CLEAR_WORD32(&t, 0, 1);
1957  COPY_WORD32(&t, 1, a, 8, 8);
1958 
1959  //Clear A15 | A14 | A13 | A12 | A11 | A10 | A9 | A8
1960  CLEAR_WORD32(a, 8, 8);
1961 
1962  //Compute A = A + T
1963  MPI_CHECK(mpiAdd(a, a, &t));
1964  //Compute T = T >> 32
1965  MPI_CHECK(mpiShiftRight(&t, 32));
1966  //Compute A = A + (977 * T)
1967  MPI_CHECK(mpiMulInt(&t, &t, 977));
1968  MPI_CHECK(mpiAdd(a, a, &t));
1969 
1970  //Check for end condition
1971  } while(mpiComp(a, p) > 0);
1972 
1973 end:
1974  //Release multiple precision integers
1975  mpiFree(&t);
1976 
1977  //Return status code
1978  return error;
1979 }
1980 
1981 #endif
1982 #if (SECP256R1_SUPPORT == ENABLED)
1983 
1984 /**
1985  * @brief Fast modular reduction (secp256r1 curve)
1986  * @param[in,out] a This function accept an integer less than p^2 as
1987  * input and return (a mod p) as output
1988  * @param[in] p Prime modulus
1989  **/
1990 
1991 error_t secp256r1Mod(Mpi *a, const Mpi *p)
1992 {
1993  error_t error;
1994  Mpi s;
1995  Mpi t;
1996  Mpi b;
1997 
1998  //Initialize multiple precision integers
1999  mpiInit(&s);
2000  mpiInit(&t);
2001  mpiInit(&b);
2002 
2003  //Ajust the size of the integers
2004  MPI_CHECK(mpiGrow(a, 64 / MPI_INT_SIZE));
2005  MPI_CHECK(mpiGrow(&s, 32 / MPI_INT_SIZE));
2006  MPI_CHECK(mpiGrow(&t, 32 / MPI_INT_SIZE));
2007 
2008  //Compute T = A7 | A6 | A5 | A4 | A3 | A2 | A1 | A0
2009  COPY_WORD32(&t, 0, a, 0, 8);
2010 
2011  //Compute S1 = A15 | A14 | A13 | A12 | A11 | 0 | 0 | 0
2012  CLEAR_WORD32(&s, 0, 3);
2013  COPY_WORD32(&s, 3, a, 11, 5);
2014  //Compute T = T + 2 * S1
2015  MPI_CHECK(mpiAdd(&t, &t, &s));
2016  MPI_CHECK(mpiAdd(&t, &t, &s));
2017 
2018  //Compute S2 = 0 | A15 | A14 | A13 | A12 | 0 | 0 | 0
2019  CLEAR_WORD32(&s, 0, 3);
2020  COPY_WORD32(&s, 3, a, 12, 4);
2021  CLEAR_WORD32(&s, 7, 1);
2022  //Compute T = T + 2 * S2
2023  MPI_CHECK(mpiAdd(&t, &t, &s));
2024  MPI_CHECK(mpiAdd(&t, &t, &s));
2025 
2026  //Compute S3 = A15 | A14 | 0 | 0 | 0 | A10 | A9 | A8
2027  COPY_WORD32(&s, 0, a, 8, 3);
2028  CLEAR_WORD32(&s, 3, 3);
2029  COPY_WORD32(&s, 6, a, 14, 2);
2030  //Compute T = T + S3
2031  MPI_CHECK(mpiAdd(&t, &t, &s));
2032 
2033  //Compute S4 = A8 | A13 | A15 | A14 | A13 | A11 | A10 | A9
2034  COPY_WORD32(&s, 0, a, 9, 3);
2035  COPY_WORD32(&s, 3, a, 13, 3);
2036  COPY_WORD32(&s, 6, a, 13, 1);
2037  COPY_WORD32(&s, 7, a, 8, 1);
2038  //Compute T = T + S4
2039  MPI_CHECK(mpiAdd(&t, &t, &s));
2040 
2041  //Compute D1 = A10 | A8 | 0 | 0 | 0 | A13 | A12 | A11
2042  COPY_WORD32(&s, 0, a, 11, 3);
2043  CLEAR_WORD32(&s, 3, 3);
2044  COPY_WORD32(&s, 6, a, 8, 1);
2045  COPY_WORD32(&s, 7, a, 10, 1);
2046  //Compute T = T - D1
2047  MPI_CHECK(mpiSub(&t, &t, &s));
2048 
2049  //Compute D2 = A11 | A9 | 0 | 0 | A15 | A14 | A13 | A12
2050  COPY_WORD32(&s, 0, a, 12, 4);
2051  CLEAR_WORD32(&s, 4, 2);
2052  COPY_WORD32(&s, 6, a, 9, 1);
2053  COPY_WORD32(&s, 7, a, 11, 1);
2054  //Compute T = T - D2
2055  MPI_CHECK(mpiSub(&t, &t, &s));
2056 
2057  //Compute D3 = A12 | 0 | A10 | A9 | A8 | A15 | A14 | A13
2058  COPY_WORD32(&s, 0, a, 13, 3);
2059  COPY_WORD32(&s, 3, a, 8, 3);
2060  CLEAR_WORD32(&s, 6, 1);
2061  COPY_WORD32(&s, 7, a, 12, 1);
2062  //Compute T = T - D3
2063  MPI_CHECK(mpiSub(&t, &t, &s));
2064 
2065  //Compute D4 = A13 | 0 | A11 | A10 | A9 | 0 | A15 | A14
2066  COPY_WORD32(&s, 0, a, 14, 2);
2067  CLEAR_WORD32(&s, 2, 1);
2068  COPY_WORD32(&s, 3, a, 9, 3);
2069  CLEAR_WORD32(&s, 6, 1);
2070  COPY_WORD32(&s, 7, a, 13, 1);
2071  //Compute T = T - D4
2072  MPI_CHECK(mpiSub(&t, &t, &s));
2073 
2074  //Compute (T + 2 * S1 + 2 * S2 + S3 + S4 - D1 - D2 - D3 - D4) mod p
2075  while(mpiComp(&t, p) >= 0)
2076  {
2077  MPI_CHECK(mpiSub(&t, &t, p));
2078  }
2079 
2080  while(mpiCompInt(&t, 0) < 0)
2081  {
2082  MPI_CHECK(mpiAdd(&t, &t, p));
2083  }
2084 
2085  //Save result
2086  MPI_CHECK(mpiCopy(a, &t));
2087 
2088 end:
2089  //Release multiple precision integers
2090  mpiFree(&s);
2091  mpiFree(&t);
2092 
2093  //Return status code
2094  return error;
2095 }
2096 
2097 #endif
2098 #if (SECP384R1_SUPPORT == ENABLED)
2099 
2100 /**
2101  * @brief Fast modular reduction (secp384r1 curve)
2102  * @param[in,out] a This function accept an integer less than p^2 as
2103  * input and return (a mod p) as output
2104  * @param[in] p Prime modulus
2105  **/
2106 
2107 error_t secp384r1Mod(Mpi *a, const Mpi *p)
2108 {
2109  error_t error;
2110  Mpi s;
2111  Mpi t;
2112 
2113  //Initialize multiple precision integers
2114  mpiInit(&s);
2115  mpiInit(&t);
2116 
2117  //Ajust the size of the integers
2118  MPI_CHECK(mpiGrow(a, 96 / MPI_INT_SIZE));
2119  MPI_CHECK(mpiGrow(&s, 48 / MPI_INT_SIZE));
2120  MPI_CHECK(mpiGrow(&t, 48 / MPI_INT_SIZE));
2121 
2122  //Compute T = A11 | A10 | A9 | A8 | A7 | A6 | A5 | A4 | A3 | A2 | A1 | A0
2123  COPY_WORD32(&t, 0, a, 0, 12);
2124 
2125  //Compute S1 = 0 | 0 | 0 | 0 | 0 | A23 | A22 | A21 | 0 | 0 | 0 | 0
2126  CLEAR_WORD32(&s, 0, 4);
2127  COPY_WORD32(&s, 4, a, 21, 3);
2128  CLEAR_WORD32(&s, 7, 5);
2129  //Compute T = T + 2 * S1
2130  MPI_CHECK(mpiAdd(&t, &t, &s));
2131  MPI_CHECK(mpiAdd(&t, &t, &s));
2132 
2133  //Compute S2 = A23 | A22 | A21 | A20 | A19 | A18 | A17 | A16 | A15 | A14 | A13 | A12
2134  COPY_WORD32(&s, 0, a, 12, 12);
2135  //Compute T = T + S2
2136  MPI_CHECK(mpiAdd(&t, &t, &s));
2137 
2138  //Compute S3 = A20 | A19 | A18 | A17 | A16 | A15 | A14 | A13 | A12 | A23 | A22 | A21
2139  COPY_WORD32(&s, 0, a, 21, 3);
2140  COPY_WORD32(&s, 3, a, 12, 9);
2141  //Compute T = T + S3
2142  MPI_CHECK(mpiAdd(&t, &t, &s));
2143 
2144  //Compute S4 = A19 | A18 | A17 | A16 | A15 | A14 | A13 | A12 | A20 | 0 | A23 | 0
2145  CLEAR_WORD32(&s, 0, 1);
2146  COPY_WORD32(&s, 1, a, 23, 1);
2147  CLEAR_WORD32(&s, 2, 1);
2148  COPY_WORD32(&s, 3, a, 20, 1);
2149  COPY_WORD32(&s, 4, a, 12, 8);
2150  //Compute T = T + S4
2151  MPI_CHECK(mpiAdd(&t, &t, &s));
2152 
2153  //Compute S5 = 0 | 0 | 0 | 0 | A23 | A22 | A21 | A20 | 0 | 0 | 0 | 0
2154  CLEAR_WORD32(&s, 0, 4);
2155  COPY_WORD32(&s, 4, a, 20, 4);
2156  CLEAR_WORD32(&s, 8, 4);
2157  //Compute T = T + S5
2158  MPI_CHECK(mpiAdd(&t, &t, &s));
2159 
2160  //Compute S6 = 0 | 0 | 0 | 0 | 0 | 0 | A23 | A22 | A21 | 0 | 0 | A20
2161  COPY_WORD32(&s, 0, a, 20, 1);
2162  CLEAR_WORD32(&s, 1, 2);
2163  COPY_WORD32(&s, 3, a, 21, 3);
2164  CLEAR_WORD32(&s, 6, 6);
2165  //Compute T = T + S6
2166  MPI_CHECK(mpiAdd(&t, &t, &s));
2167 
2168  //Compute D1 = A22 | A21 | A20 | A19 | A18 | A17 | A16 | A15 | A14 | A13 | A12 | A23
2169  COPY_WORD32(&s, 0, a, 23, 1);
2170  COPY_WORD32(&s, 1, a, 12, 11);
2171  //Compute T = T - D1
2172  MPI_CHECK(mpiSub(&t, &t, &s));
2173 
2174  //Compute D2 = 0 | 0 | 0 | 0 | 0 | 0 | 0 | A23 | A22 | A21 | A20 | 0
2175  CLEAR_WORD32(&s, 0, 1);
2176  COPY_WORD32(&s, 1, a, 20, 4);
2177  CLEAR_WORD32(&s, 5, 7);
2178  //Compute T = T - D2
2179  MPI_CHECK(mpiSub(&t, &t, &s));
2180 
2181  //Compute D3 = 0 | 0 | 0 | 0 | 0 | 0 | 0 | A23 | A23 | 0 | 0 | 0
2182  CLEAR_WORD32(&s, 0, 3);
2183  COPY_WORD32(&s, 3, a, 23, 1);
2184  COPY_WORD32(&s, 4, a, 23, 1);
2185  CLEAR_WORD32(&s, 5, 7);
2186  //Compute T = T - D3
2187  MPI_CHECK(mpiSub(&t, &t, &s));
2188 
2189  //Compute (T + 2 * S1 + S2 + S3 + S4 + S5 + S6 - D1 - D2 - D3) mod p
2190  while(mpiComp(&t, p) >= 0)
2191  {
2192  MPI_CHECK(mpiSub(&t, &t, p));
2193  }
2194 
2195  while(mpiCompInt(&t, 0) < 0)
2196  {
2197  MPI_CHECK(mpiAdd(&t, &t, p));
2198  }
2199 
2200  //Save result
2201  MPI_CHECK(mpiCopy(a, &t));
2202 
2203 end:
2204  //Release multiple precision integers
2205  mpiFree(&s);
2206  mpiFree(&t);
2207 
2208  //Return status code
2209  return error;
2210 }
2211 
2212 #endif
2213 #if (SECP521R1_SUPPORT == ENABLED)
2214 
2215 /**
2216  * @brief Fast modular reduction (secp521r1 curve)
2217  * @param[in,out] a This function accept an integer less than p^2 as
2218  * input and return (a mod p) as output
2219  * @param[in] p Prime modulus
2220  **/
2221 
2222 error_t secp521r1Mod(Mpi *a, const Mpi *p)
2223 {
2224  error_t error;
2225  Mpi t;
2226 
2227  //Initialize multiple precision integer
2228  mpiInit(&t);
2229 
2230  //Ajust the size of the integers
2231  MPI_CHECK(mpiGrow(a, 132 / MPI_INT_SIZE));
2232  MPI_CHECK(mpiGrow(&t, 68 / MPI_INT_SIZE));
2233 
2234  //Compute A0
2235  COPY_WORD32(&t, 0, a, 0, 17);
2236  t.data[16] &= 0x000001FF;
2237 
2238  //Compute A1
2239  MPI_CHECK(mpiShiftRight(a, 521));
2240 
2241  //Compute A0 + A1
2242  MPI_CHECK(mpiAdd(a, a, &t));
2243 
2244  //Compute (A0 + A1) mod p
2245  while(mpiComp(a, p) >= 0)
2246  {
2247  MPI_CHECK(mpiSub(a, a, p));
2248  }
2249 
2250 end:
2251  //Release multiple precision integer
2252  mpiFree(&t);
2253 
2254  //Return status code
2255  return error;
2256 }
2257 
2258 #endif
2259 #if (SM2_SUPPORT == ENABLED)
2260 
2261 /**
2262  * @brief Fast modular reduction (SM2 curve)
2263  * @param[in,out] a This function accept an integer less than p^2 as
2264  * input and return (a mod p) as output
2265  * @param[in] p Prime modulus
2266  **/
2267 
2268 error_t sm2Mod(Mpi *a, const Mpi *p)
2269 {
2270  error_t error;
2271  Mpi s;
2272  Mpi t;
2273  Mpi b;
2274 
2275  //Initialize multiple precision integers
2276  mpiInit(&s);
2277  mpiInit(&t);
2278  mpiInit(&b);
2279 
2280  //Ajust the size of the integers
2281  MPI_CHECK(mpiGrow(a, 64 / MPI_INT_SIZE));
2282  MPI_CHECK(mpiGrow(&s, 32 / MPI_INT_SIZE));
2283  MPI_CHECK(mpiGrow(&t, 32 / MPI_INT_SIZE));
2284 
2285  //Compute T = A7 | A6 | A5 | A4 | A3 | A2 | A1 | A0
2286  COPY_WORD32(&t, 0, a, 0, 8);
2287 
2288  //Compute S1 = A15 | A14 | A13 | A12 | A11 | 0 | A9 | A8
2289  COPY_WORD32(&s, 0, a, 8, 2);
2290  CLEAR_WORD32(&s, 2, 1);
2291  COPY_WORD32(&s, 3, a, 11, 5);
2292  //Compute T = T + S1
2293  MPI_CHECK(mpiAdd(&t, &t, &s));
2294 
2295  //Compute S2 = A8 | A15 | A14 | A13 | A12 | 0 | A10 | A9
2296  COPY_WORD32(&s, 0, a, 9, 2);
2297  CLEAR_WORD32(&s, 2, 1);
2298  COPY_WORD32(&s, 3, a, 12, 4);
2299  COPY_WORD32(&s, 7, a, 8, 1);
2300  //Compute T = T + S2
2301  MPI_CHECK(mpiAdd(&t, &t, &s));
2302 
2303  //Compute S3 = A9 | A11 | A10 | A9 | A8 | 0 | A11 | A10
2304  COPY_WORD32(&s, 0, a, 10, 2);
2305  CLEAR_WORD32(&s, 2, 1);
2306  COPY_WORD32(&s, 3, a, 8, 4);
2307  COPY_WORD32(&s, 7, a, 9, 1);
2308  //Compute T = T + S3
2309  MPI_CHECK(mpiAdd(&t, &t, &s));
2310 
2311  //Compute S4 = A10 | 0 | 0 | A15 | A14 | 0 | A12 | A11
2312  COPY_WORD32(&s, 0, a, 11, 2);
2313  CLEAR_WORD32(&s, 2, 1);
2314  COPY_WORD32(&s, 3, a, 14, 2);
2315  CLEAR_WORD32(&s, 5, 2);
2316  COPY_WORD32(&s, 7, a, 10, 1);
2317  //Compute T = T + S4
2318  MPI_CHECK(mpiAdd(&t, &t, &s));
2319 
2320  //Compute S5 = A11 | 0 | 0 | 0 | A15 | 0 | A13 | A12
2321  COPY_WORD32(&s, 0, a, 12, 2);
2322  CLEAR_WORD32(&s, 2, 1);
2323  COPY_WORD32(&s, 3, a, 15, 1);
2324  CLEAR_WORD32(&s, 4, 3);
2325  COPY_WORD32(&s, 7, a, 11, 1);
2326  //Compute T = T + S5
2327  MPI_CHECK(mpiAdd(&t, &t, &s));
2328 
2329  //Compute S6 = A12 | 0 | A15 | A14 | A13 | 0 | A14 | A13
2330  COPY_WORD32(&s, 0, a, 13, 2);
2331  CLEAR_WORD32(&s, 2, 1);
2332  COPY_WORD32(&s, 3, a, 13, 3);
2333  CLEAR_WORD32(&s, 6, 1);
2334  COPY_WORD32(&s, 7, a, 12, 1);
2335  //Compute T = T + 2*S6
2336  MPI_CHECK(mpiAdd(&t, &t, &s));
2337  MPI_CHECK(mpiAdd(&t, &t, &s));
2338 
2339  //Compute S7 = A13 | 0 | 0 | 0 | 0 | 0 | A15 | A14
2340  COPY_WORD32(&s, 0, a, 14, 2);
2341  CLEAR_WORD32(&s, 2, 5);
2342  COPY_WORD32(&s, 7, a, 13, 1);
2343  //Compute T = T + 2*S7
2344  MPI_CHECK(mpiAdd(&t, &t, &s));
2345  MPI_CHECK(mpiAdd(&t, &t, &s));
2346 
2347  //Compute S8 = A14 | 0 | 0 | 0 | 0 | 0 | 0 | A15
2348  COPY_WORD32(&s, 0, a, 15, 1);
2349  CLEAR_WORD32(&s, 1, 6);
2350  COPY_WORD32(&s, 7, a, 14, 1);
2351  //Compute T = T + 2*S8
2352  MPI_CHECK(mpiAdd(&t, &t, &s));
2353  MPI_CHECK(mpiAdd(&t, &t, &s));
2354 
2355  //Compute S9 = A15 | 0 | 0 | 0 | 0 | 0 | 0 | 0
2356  CLEAR_WORD32(&s, 0, 7);
2357  COPY_WORD32(&s, 7, a, 15, 1);
2358  //Compute T = T + 2*S9
2359  MPI_CHECK(mpiAdd(&t, &t, &s));
2360  MPI_CHECK(mpiAdd(&t, &t, &s));
2361 
2362  //Compute D1 = 0 | 0 | 0 | 0 | 0 | A8 | 0 | 0
2363  CLEAR_WORD32(&s, 0, 2);
2364  COPY_WORD32(&s, 2, a, 8, 1);
2365  CLEAR_WORD32(&s, 3, 5);
2366  //Compute T = T - D1
2367  MPI_CHECK(mpiSub(&t, &t, &s));
2368 
2369  //Compute D2 = 0 | 0 | 0 | 0 | 0 | A9 | 0 | 0
2370  CLEAR_WORD32(&s, 0, 2);
2371  COPY_WORD32(&s, 2, a, 9, 1);
2372  CLEAR_WORD32(&s, 3, 5);
2373  //Compute T = T - D2
2374  MPI_CHECK(mpiSub(&t, &t, &s));
2375 
2376  //Compute D3 = 0 | 0 | 0 | 0 | 0 | A13 | 0 | 0
2377  CLEAR_WORD32(&s, 0, 2);
2378  COPY_WORD32(&s, 2, a, 13, 1);
2379  CLEAR_WORD32(&s, 3, 5);
2380  //Compute T = T - D3
2381  MPI_CHECK(mpiSub(&t, &t, &s));
2382 
2383  //Compute D4 = 0 | 0 | 0 | 0 | 0 | A14 | 0 | 0
2384  CLEAR_WORD32(&s, 0, 2);
2385  COPY_WORD32(&s, 2, a, 14, 1);
2386  CLEAR_WORD32(&s, 3, 5);
2387  //Compute T = T - D4
2388  MPI_CHECK(mpiSub(&t, &t, &s));
2389 
2390  //Compute (T + S1 + S2 + S3 + S4 + S5 + 2*S6 + 2*S7 + 2*S8 + 2*S9 - D1 - D2 - D3 - D4) mod p
2391  while(mpiComp(&t, p) >= 0)
2392  {
2393  MPI_CHECK(mpiSub(&t, &t, p));
2394  }
2395 
2396  while(mpiCompInt(&t, 0) < 0)
2397  {
2398  MPI_CHECK(mpiAdd(&t, &t, p));
2399  }
2400 
2401  //Save result
2402  MPI_CHECK(mpiCopy(a, &t));
2403 
2404 end:
2405  //Release multiple precision integers
2406  mpiFree(&s);
2407  mpiFree(&t);
2408 
2409  //Return status code
2410  return error;
2411 }
2412 
2413 #endif
2414 
2415 /**
2416  * @brief Get the elliptic curve that matches the specified OID
2417  * @param[in] oid Object identifier
2418  * @param[in] length OID length
2419  * @return Elliptic curve domain parameters
2420  **/
2421 
2422 const EcCurveInfo *ecGetCurveInfo(const uint8_t *oid, size_t length)
2423 {
2424  const EcCurveInfo *curveInfo;
2425 
2426  //Invalid parameters?
2427  if(oid == NULL || length == 0)
2428  {
2429  curveInfo = NULL;
2430  }
2431 #if (SECP112R1_SUPPORT == ENABLED)
2432  //secp112r1 elliptic curve?
2433  else if(!oidComp(oid, length, SECP112R1_OID, sizeof(SECP112R1_OID)))
2434  {
2435  curveInfo = SECP112R1_CURVE;
2436  }
2437 #endif
2438 #if (SECP112R2_SUPPORT == ENABLED)
2439  //secp112r2 elliptic curve?
2440  else if(!oidComp(oid, length, SECP112R2_OID, sizeof(SECP112R2_OID)))
2441  {
2442  curveInfo = SECP112R2_CURVE;
2443  }
2444 #endif
2445 #if (SECP128R1_SUPPORT == ENABLED)
2446  //secp128r1 elliptic curve?
2447  else if(!oidComp(oid, length, SECP128R1_OID, sizeof(SECP128R1_OID)))
2448  {
2449  curveInfo = SECP128R1_CURVE;
2450  }
2451 #endif
2452 #if (SECP128R2_SUPPORT == ENABLED)
2453  //secp128r2 elliptic curve?
2454  else if(!oidComp(oid, length, SECP128R2_OID, sizeof(SECP128R2_OID)))
2455  {
2456  curveInfo = SECP128R2_CURVE;
2457  }
2458 #endif
2459 #if (SECP160K1_SUPPORT == ENABLED)
2460  //secp160k1 elliptic curve?
2461  else if(!oidComp(oid, length, SECP160K1_OID, sizeof(SECP160K1_OID)))
2462  {
2463  curveInfo = SECP160K1_CURVE;
2464  }
2465 #endif
2466 #if (SECP160R1_SUPPORT == ENABLED)
2467  //secp160r1 elliptic curve?
2468  else if(!oidComp(oid, length, SECP160R1_OID, sizeof(SECP160R1_OID)))
2469  {
2470  curveInfo = SECP160R1_CURVE;
2471  }
2472 #endif
2473 #if (SECP160R2_SUPPORT == ENABLED)
2474  //secp160r2 elliptic curve?
2475  else if(!oidComp(oid, length, SECP160R2_OID, sizeof(SECP160R2_OID)))
2476  {
2477  curveInfo = SECP160R2_CURVE;
2478  }
2479 #endif
2480 #if (SECP192K1_SUPPORT == ENABLED)
2481  //secp192k1 elliptic curve?
2482  else if(!oidComp(oid, length, SECP192K1_OID, sizeof(SECP192K1_OID)))
2483  {
2484  curveInfo = SECP192K1_CURVE;
2485  }
2486 #endif
2487 #if (SECP192R1_SUPPORT == ENABLED)
2488  //secp192r1 elliptic curve?
2489  else if(!oidComp(oid, length, SECP192R1_OID, sizeof(SECP192R1_OID)))
2490  {
2491  curveInfo = SECP192R1_CURVE;
2492  }
2493 #endif
2494 #if (SECP224K1_SUPPORT == ENABLED)
2495  //secp224k1 elliptic curve?
2496  else if(!oidComp(oid, length, SECP224K1_OID, sizeof(SECP224K1_OID)))
2497  {
2498  curveInfo = SECP224K1_CURVE;
2499  }
2500 #endif
2501 #if (SECP224R1_SUPPORT == ENABLED)
2502  //secp224r1 elliptic curve?
2503  else if(!oidComp(oid, length, SECP224R1_OID, sizeof(SECP224R1_OID)))
2504  {
2505  curveInfo = SECP224R1_CURVE;
2506  }
2507 #endif
2508 #if (SECP256K1_SUPPORT == ENABLED)
2509  //secp256k1 elliptic curve?
2510  else if(!oidComp(oid, length, SECP256K1_OID, sizeof(SECP256K1_OID)))
2511  {
2512  curveInfo = SECP256K1_CURVE;
2513  }
2514 #endif
2515 #if (SECP256R1_SUPPORT == ENABLED)
2516  //secp256r1 elliptic curve?
2517  else if(!oidComp(oid, length, SECP256R1_OID, sizeof(SECP256R1_OID)))
2518  {
2519  curveInfo = SECP256R1_CURVE;
2520  }
2521 #endif
2522 #if (SECP384R1_SUPPORT == ENABLED)
2523  //secp384r1 elliptic curve?
2524  else if(!oidComp(oid, length, SECP384R1_OID, sizeof(SECP384R1_OID)))
2525  {
2526  curveInfo = SECP384R1_CURVE;
2527  }
2528 #endif
2529 #if (SECP521R1_SUPPORT == ENABLED)
2530  //secp521r1 elliptic curve?
2531  else if(!oidComp(oid, length, SECP521R1_OID, sizeof(SECP521R1_OID)))
2532  {
2533  curveInfo = SECP521R1_CURVE;
2534  }
2535 #endif
2536 #if (BRAINPOOLP160R1_SUPPORT == ENABLED)
2537  //brainpoolP160r1 elliptic curve?
2538  else if(!oidComp(oid, length, BRAINPOOLP160R1_OID, sizeof(BRAINPOOLP160R1_OID)))
2539  {
2540  curveInfo = BRAINPOOLP160R1_CURVE;
2541  }
2542 #endif
2543 #if (BRAINPOOLP192R1_SUPPORT == ENABLED)
2544  //brainpoolP192r1 elliptic curve?
2545  else if(!oidComp(oid, length, BRAINPOOLP192R1_OID, sizeof(BRAINPOOLP192R1_OID)))
2546  {
2547  curveInfo = BRAINPOOLP192R1_CURVE;
2548  }
2549 #endif
2550 #if (BRAINPOOLP224R1_SUPPORT == ENABLED)
2551  //brainpoolP224r1 elliptic curve?
2552  else if(!oidComp(oid, length, BRAINPOOLP224R1_OID, sizeof(BRAINPOOLP224R1_OID)))
2553  {
2554  curveInfo = BRAINPOOLP224R1_CURVE;
2555  }
2556 #endif
2557 #if (BRAINPOOLP256R1_SUPPORT == ENABLED)
2558  //brainpoolP256r1 elliptic curve?
2559  else if(!oidComp(oid, length, BRAINPOOLP256R1_OID, sizeof(BRAINPOOLP256R1_OID)))
2560  {
2561  curveInfo = BRAINPOOLP256R1_CURVE;
2562  }
2563 #endif
2564 #if (BRAINPOOLP320R1_SUPPORT == ENABLED)
2565  //brainpoolP320r1 elliptic curve?
2566  else if(!oidComp(oid, length, BRAINPOOLP320R1_OID, sizeof(BRAINPOOLP320R1_OID)))
2567  {
2568  curveInfo = BRAINPOOLP320R1_CURVE;
2569  }
2570 #endif
2571 #if (BRAINPOOLP384R1_SUPPORT == ENABLED)
2572  //brainpoolP384r1 elliptic curve?
2573  else if(!oidComp(oid, length, BRAINPOOLP384R1_OID, sizeof(BRAINPOOLP384R1_OID)))
2574  {
2575  curveInfo = BRAINPOOLP384R1_CURVE;
2576  }
2577 #endif
2578 #if (BRAINPOOLP512R1_SUPPORT == ENABLED)
2579  //brainpoolP512r1 elliptic curve?
2580  else if(!oidComp(oid, length, BRAINPOOLP512R1_OID, sizeof(BRAINPOOLP512R1_OID)))
2581  {
2582  curveInfo = BRAINPOOLP512R1_CURVE;
2583  }
2584 #endif
2585 #if (FRP256V1_SUPPORT == ENABLED)
2586  //FRP256v1 elliptic curve?
2587  else if(!oidComp(oid, length, FRP256V1_OID, sizeof(FRP256V1_OID)))
2588  {
2589  curveInfo = FRP256V1_CURVE;
2590  }
2591 #endif
2592 #if (SM2_SUPPORT == ENABLED)
2593  //SM2 elliptic curve?
2594  else if(!oidComp(oid, length, SM2_OID, sizeof(SM2_OID)))
2595  {
2596  curveInfo = SM2_CURVE;
2597  }
2598 #endif
2599 #if (X25519_SUPPORT == ENABLED)
2600  //Curve25519 elliptic curve?
2601  else if(!oidComp(oid, length, X25519_OID, sizeof(X25519_OID)))
2602  {
2603  curveInfo = X25519_CURVE;
2604  }
2605 #endif
2606 #if (X448_SUPPORT == ENABLED)
2607  //Curve448 elliptic curve?
2608  else if(!oidComp(oid, length, X448_OID, sizeof(X448_OID)))
2609  {
2610  curveInfo = X448_CURVE;
2611  }
2612 #endif
2613 #if (ED25519_SUPPORT == ENABLED)
2614  //Ed25519 elliptic curve?
2615  else if(!oidComp(oid, length, ED25519_OID, sizeof(ED25519_OID)))
2616  {
2617  curveInfo = ED25519_CURVE;
2618  }
2619 #endif
2620 #if (ED448_SUPPORT == ENABLED)
2621  //Ed448 elliptic curve?
2622  else if(!oidComp(oid, length, ED448_OID, sizeof(ED448_OID)))
2623  {
2624  curveInfo = ED448_CURVE;
2625  }
2626 #endif
2627  //Unknown identifier?
2628  else
2629  {
2630  curveInfo = NULL;
2631  }
2632 
2633  //Return the elliptic curve domain parameters, if any
2634  return curveInfo;
2635 }
2636 
2637 #endif
mpiShiftLeft
error_t mpiShiftLeft(Mpi *r, uint_t n)
Left shift operation.
Definition: mpi.c:1111
secp160r2Mod
error_t secp160r2Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp160r2 curve)
Definition: ec_curves.c:1645
SECP128R2_CURVE
#define SECP128R2_CURVE
Definition: ec_curves.h:238
secp128r1Mod
error_t secp128r1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp128r1 curve)
Definition: ec_curves.c:1450
BRAINPOOLP192R1_CURVE
#define BRAINPOOLP192R1_CURVE
Definition: ec_curves.h:251
b
uint8_t b
Definition: nbns_common.h:104
ecGetCurveInfo
const EcCurveInfo * ecGetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: ec_curves.c:2422
brainpoolP512r1Curve
const EcCurveInfo brainpoolP512r1Curve
brainpoolP512r1 elliptic curve
Definition: ec_curves.c:1089
SECP521R1_CURVE
#define SECP521R1_CURVE
Definition: ec_curves.h:249
a
uint8_t a
Definition: ndp.h:411
Mpi
Arbitrary precision integer.
Definition: mpi.h:80
X25519_OID
const uint8_t X25519_OID[3]
Definition: ec_curves.c:96
brainpoolP384r1Curve
const EcCurveInfo brainpoolP384r1Curve
brainpoolP384r1 elliptic curve
Definition: ec_curves.c:1037
secp256r1Curve
const EcCurveInfo secp256r1Curve
secp256r1 elliptic curve
Definition: ec_curves.c:639
secp256k1Mod
error_t secp256k1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp256k1 curve)
Definition: ec_curves.c:1940
oid.h
OID (Object Identifier)
SECP384R1_CURVE
#define SECP384R1_CURVE
Definition: ec_curves.h:248
p
uint8_t p
Definition: ndp.h:300
t
uint8_t t
Definition: lldp_ext_med.h:212
SECP256R1_CURVE
#define SECP256R1_CURVE
Definition: ec_curves.h:247
SECP224R1_OID
const uint8_t SECP224R1_OID[5]
Definition: ec_curves.c:68
SECP192K1_CURVE
#define SECP192K1_CURVE
Definition: ec_curves.h:242
SECP112R2_CURVE
#define SECP112R2_CURVE
Definition: ec_curves.h:236
BRAINPOOLP512R1_OID
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:90
ED25519_CURVE
#define ED25519_CURVE
Definition: ec_curves.h:260
SECP160K1_OID
const uint8_t SECP160K1_OID[5]
Definition: ec_curves.c:56
secp192r1Curve
const EcCurveInfo secp192r1Curve
secp192r1 elliptic curve
Definition: ec_curves.c:455
SECP256K1_OID
const uint8_t SECP256K1_OID[5]
Definition: ec_curves.c:70
ED448_CURVE
#define ED448_CURVE
Definition: ec_curves.h:261
BRAINPOOLP384R1_OID
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:88
mpiShiftRight
error_t mpiShiftRight(Mpi *r, uint_t n)
Right shift operation.
Definition: mpi.c:1178
EC_CURVE_TYPE_ED25519
@ EC_CURVE_TYPE_ED25519
Definition: ec_curves.h:285
EC_CURVE_TYPE_SECP_K1
@ EC_CURVE_TYPE_SECP_K1
Definition: ec_curves.h:279
x448Curve
const EcCurveInfo x448Curve
Curve448 elliptic curve.
Definition: ec_curves.c:1285
BRAINPOOLP320R1_OID
const uint8_t BRAINPOOLP320R1_OID[9]
Definition: ec_curves.c:86
EC_CURVE_TYPE_X448
@ EC_CURVE_TYPE_X448
Definition: ec_curves.h:284
mpiInit
void mpiInit(Mpi *r)
Initialize a multiple precision integer.
Definition: mpi.c:48
SECP256R1_OID
const uint8_t SECP256R1_OID[8]
Definition: ec_curves.c:72
oidComp
int_t oidComp(const uint8_t *oid1, size_t oidLen1, const uint8_t *oid2, size_t oidLen2)
Compare object identifiers.
Definition: oid.c:103
oid
uint8_t oid[]
Definition: lldp_tlv.h:300
brainpoolP224r1Curve
const EcCurveInfo brainpoolP224r1Curve
brainpoolP224r1 elliptic curve
Definition: ec_curves.c:893
ed448Curve
const EcCurveInfo ed448Curve
Ed448 elliptic curve.
Definition: ec_curves.c:1389
SECP224K1_OID
const uint8_t SECP224K1_OID[5]
Definition: ec_curves.c:66
secp224r1Mod
error_t secp224r1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp224r1 curve)
Definition: ec_curves.c:1865
BRAINPOOLP512R1_CURVE
#define BRAINPOOLP512R1_CURVE
Definition: ec_curves.h:256
BRAINPOOLP384R1_CURVE
#define BRAINPOOLP384R1_CURVE
Definition: ec_curves.h:255
secp521r1Mod
error_t secp521r1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp521r1 curve)
Definition: ec_curves.c:2222
SECP112R1_OID
const uint8_t SECP112R1_OID[5]
Definition: ec_curves.c:48
SECP521R1_OID
const uint8_t SECP521R1_OID[5]
Definition: ec_curves.c:76
BRAINPOOLP224R1_CURVE
#define BRAINPOOLP224R1_CURVE
Definition: ec_curves.h:252
EC_CURVE_TYPE_SECP_R1
@ EC_CURVE_TYPE_SECP_R1
Definition: ec_curves.h:280
secp160r2Curve
const EcCurveInfo secp160r2Curve
secp160r2 elliptic curve
Definition: ec_curves.c:363
EcCurveInfo
Elliptic curve parameters.
Definition: ec_curves.h:302
secp160k1Curve
const EcCurveInfo secp160k1Curve
secp160k1 elliptic curve
Definition: ec_curves.c:271
secp521r1Curve
const EcCurveInfo secp521r1Curve
secp521r1 elliptic curve
Definition: ec_curves.c:737
mpiSub
error_t mpiSub(Mpi *r, const Mpi *a, const Mpi *b)
Multiple precision subtraction.
Definition: mpi.c:864
BRAINPOOLP160R1_OID
const uint8_t BRAINPOOLP160R1_OID[9]
Definition: ec_curves.c:78
error_t
error_t
Error codes.
Definition: error.h:43
secp112r2Curve
const EcCurveInfo secp112r2Curve
secp112r2 elliptic curve
Definition: ec_curves.c:151
MPI_CHECK
#define MPI_CHECK(f)
Definition: mpi.h:52
mpiAdd
error_t mpiAdd(Mpi *r, const Mpi *a, const Mpi *b)
Multiple precision addition.
Definition: mpi.c:787
sm2Curve
const EcCurveInfo sm2Curve
SM2 elliptic curve.
Definition: ec_curves.c:1193
BRAINPOOLP320R1_CURVE
#define BRAINPOOLP320R1_CURVE
Definition: ec_curves.h:254
secp224k1Mod
error_t secp224k1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp224k1 curve)
Definition: ec_curves.c:1814
sm2Mod
error_t sm2Mod(Mpi *a, const Mpi *p)
Fast modular reduction (SM2 curve)
Definition: ec_curves.c:2268
secp112r1Curve
const EcCurveInfo secp112r1Curve
secp112r1 elliptic curve
Definition: ec_curves.c:111
SECP256K1_CURVE
#define SECP256K1_CURVE
Definition: ec_curves.h:246
secp256r1Mod
error_t secp256r1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp256r1 curve)
Definition: ec_curves.c:1991
SECP160K1_CURVE
#define SECP160K1_CURVE
Definition: ec_curves.h:239
secp192k1Curve
const EcCurveInfo secp192k1Curve
secp192k1 elliptic curve
Definition: ec_curves.c:409
crypto.h
General definitions for cryptographic algorithms.
SECP112R1_CURVE
#define SECP112R1_CURVE
Definition: ec_curves.h:235
ed25519Curve
const EcCurveInfo ed25519Curve
Ed25519 elliptic curve.
Definition: ec_curves.c:1343
secp256k1Curve
const EcCurveInfo secp256k1Curve
secp256k1 elliptic curve
Definition: ec_curves.c:593
SECP128R2_OID
const uint8_t SECP128R2_OID[5]
Definition: ec_curves.c:54
SECP160R1_OID
const uint8_t SECP160R1_OID[5]
Definition: ec_curves.c:58
secp160r1Curve
const EcCurveInfo secp160r1Curve
secp160r1 elliptic curve
Definition: ec_curves.c:317
SM2_CURVE
#define SM2_CURVE
Definition: ec_curves.h:257
frp256v1Curve
const EcCurveInfo frp256v1Curve
FRP256v1 elliptic curve.
Definition: ec_curves.c:1147
length
uint8_t length
Definition: tcp.h:368
SECP128R1_CURVE
#define SECP128R1_CURVE
Definition: ec_curves.h:237
SECP160R2_CURVE
#define SECP160R2_CURVE
Definition: ec_curves.h:241
SECP192R1_OID
const uint8_t SECP192R1_OID[8]
Definition: ec_curves.c:64
ED448_OID
const uint8_t ED448_OID[3]
Definition: ec_curves.c:102
SECP224K1_CURVE
#define SECP224K1_CURVE
Definition: ec_curves.h:244
secp192r1Mod
error_t secp192r1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp192r1 curve)
Definition: ec_curves.c:1747
SECP384R1_OID
const uint8_t SECP384R1_OID[5]
Definition: ec_curves.c:74
ED25519_OID
const uint8_t ED25519_OID[3]
Definition: ec_curves.c:100
mpiCopy
error_t mpiCopy(Mpi *r, const Mpi *a)
Copy a multiple precision integer.
Definition: mpi.c:447
X448_OID
const uint8_t X448_OID[3]
Definition: ec_curves.c:98
secp224k1Curve
const EcCurveInfo secp224k1Curve
secp224k1 elliptic curve
Definition: ec_curves.c:501
brainpoolP320r1Curve
const EcCurveInfo brainpoolP320r1Curve
brainpoolP320r1 elliptic curve
Definition: ec_curves.c:985
EC_CURVE_TYPE_ED448
@ EC_CURVE_TYPE_ED448
Definition: ec_curves.h:286
SECP192K1_OID
const uint8_t SECP192K1_OID[5]
Definition: ec_curves.c:62
COPY_WORD32
#define COPY_WORD32(a, i, b, j, n)
Definition: ec_curves.c:45
SECP112R2_OID
const uint8_t SECP112R2_OID[5]
Definition: ec_curves.c:50
SECP160R1_CURVE
#define SECP160R1_CURVE
Definition: ec_curves.h:240
brainpoolP192r1Curve
const EcCurveInfo brainpoolP192r1Curve
brainpoolP192r1 elliptic curve
Definition: ec_curves.c:847
brainpoolP160r1Curve
const EcCurveInfo brainpoolP160r1Curve
brainpoolP160r1 elliptic curve
Definition: ec_curves.c:801
EC_CURVE_TYPE_X25519
@ EC_CURVE_TYPE_X25519
Definition: ec_curves.h:283
BRAINPOOLP224R1_OID
const uint8_t BRAINPOOLP224R1_OID[9]
Definition: ec_curves.c:82
FRP256V1_OID
const uint8_t FRP256V1_OID[10]
Definition: ec_curves.c:92
EC_CURVE_TYPE_SECP_R2
@ EC_CURVE_TYPE_SECP_R2
Definition: ec_curves.h:281
BRAINPOOLP192R1_OID
const uint8_t BRAINPOOLP192R1_OID[9]
Definition: ec_curves.c:80
x25519Curve
const EcCurveInfo x25519Curve
Curve25519 elliptic curve.
Definition: ec_curves.c:1239
BRAINPOOLP256R1_CURVE
#define BRAINPOOLP256R1_CURVE
Definition: ec_curves.h:253
s
uint8_t s
Definition: igmp_common.h:234
X448_CURVE
#define X448_CURVE
Definition: ec_curves.h:259
SECP160R2_OID
const uint8_t SECP160R2_OID[5]
Definition: ec_curves.c:60
secp128r2Curve
const EcCurveInfo secp128r2Curve
secp128r2 elliptic curve
Definition: ec_curves.c:231
SECP224R1_CURVE
#define SECP224R1_CURVE
Definition: ec_curves.h:245
secp384r1Mod
error_t secp384r1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp384r1 curve)
Definition: ec_curves.c:2107
secp224r1Curve
const EcCurveInfo secp224r1Curve
secp224r1 elliptic curve
Definition: ec_curves.c:547
MPI_INT_SIZE
#define MPI_INT_SIZE
Definition: mpi.h:46
brainpoolP256r1Curve
const EcCurveInfo brainpoolP256r1Curve
brainpoolP256r1 elliptic curve
Definition: ec_curves.c:939
secp160r1Mod
error_t secp160r1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp160r1 curve)
Definition: ec_curves.c:1597
mpiComp
int_t mpiComp(const Mpi *a, const Mpi *b)
Compare two multiple precision integers.
Definition: mpi.c:338
BRAINPOOLP160R1_CURVE
#define BRAINPOOLP160R1_CURVE
Definition: ec_curves.h:250
secp384r1Curve
const EcCurveInfo secp384r1Curve
secp384r1 elliptic curve
Definition: ec_curves.c:685
ec_curves.h
Elliptic curves.
secp192k1Mod
error_t secp192k1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp192k1 curve)
Definition: ec_curves.c:1696
mpiMulInt
error_t mpiMulInt(Mpi *r, const Mpi *a, int_t b)
Multiply a multiple precision integer by an integer.
Definition: mpi.c:1314
secp128r2Mod
error_t secp128r2Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp128r2 curve)
Definition: ec_curves.c:1498
secp160k1Mod
error_t secp160k1Mod(Mpi *a, const Mpi *p)
Fast modular reduction (secp160k1 curve)
Definition: ec_curves.c:1546
mpiCompInt
int_t mpiCompInt(const Mpi *a, int_t b)
Compare a multiple precision integer with an integer.
Definition: mpi.c:382
mpiGrow
error_t mpiGrow(Mpi *r, uint_t size)
Adjust the size of multiple precision integer.
Definition: mpi.c:94
EC_CURVE_TYPE_BRAINPOOLP_R1
@ EC_CURVE_TYPE_BRAINPOOLP_R1
Definition: ec_curves.h:282
SECP192R1_CURVE
#define SECP192R1_CURVE
Definition: ec_curves.h:243
CLEAR_WORD32
#define CLEAR_WORD32(a, i, n)
Definition: ec_curves.c:44
SECP128R1_OID
const uint8_t SECP128R1_OID[5]
Definition: ec_curves.c:52
debug.h
Debugging facilities.
BRAINPOOLP256R1_OID
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:84
SM2_OID
const uint8_t SM2_OID[8]
Definition: ec_curves.c:94
X25519_CURVE
#define X25519_CURVE
Definition: ec_curves.h:258
mpiFree
void mpiFree(Mpi *r)
Release a multiple precision integer.
Definition: mpi.c:64
secp128r1Curve
const EcCurveInfo secp128r1Curve
secp128r1 elliptic curve
Definition: ec_curves.c:191