ec_curve.c

OpenSSL 0.9.8k 最新版OpenSSL

/* crypto/ec/ec_curve.c */
/*
 * Written by Nils Larsch for the OpenSSL project.
 */
/* ====================================================================
 * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by 
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 *
 * The Contribution is licensed pursuant to the OpenSSL open source
 * license provided above.
 *
 * The elliptic curve binary polynomial software is originally written by 
 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
 *
 */

#include "ec_lcl.h"
#include <openssl/err.h>
#include <openssl/obj_mac.h>

typedef struct ec_curve_data_st {
	int	field_type;	/* either NID_X9_62_prime_field or
				 * NID_X9_62_characteristic_two_field */
	const char *p;		/* either a prime number or a polynomial */
	const char *a;
	const char *b;
	const char *x;		/* the x coordinate of the generator */
	const char *y;		/* the y coordinate of the generator */
	const char *order;	/* the order of the group generated by the
				 * generator */
	const BN_ULONG cofactor;/* the cofactor */
	const unsigned char *seed;/* the seed (optional) */
	size_t	seed_len;
	const char *comment;	/* a short description of the curve */
} EC_CURVE_DATA;

/* the nist prime curves */
static const unsigned char _EC_NIST_PRIME_192_SEED[] = {
	0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,
	0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5};
static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {
	NID_X9_62_prime_field,
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
	"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
	"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
	"07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
	"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1,
	_EC_NIST_PRIME_192_SEED, 20,
	"NIST/X9.62/SECG curve over a 192 bit prime field"
	};

static const unsigned char _EC_NIST_PRIME_224_SEED[] = {
	0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,
	0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5};
static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {
	NID_X9_62_prime_field,
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
	"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
	"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1,
	_EC_NIST_PRIME_224_SEED, 20,
	"NIST/SECG curve over a 224 bit prime field"
	};

static const unsigned char _EC_NIST_PRIME_384_SEED[] = {
	0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,
	0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73};
static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {
	NID_X9_62_prime_field,
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
	"FFF0000000000000000FFFFFFFF",
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
	"FFF0000000000000000FFFFFFFC",
	"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
	"98D8A2ED19D2A85C8EDD3EC2AEF",
	"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
	"25DBF55296C3A545E3872760AB7",
	"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
	"1ce1d7e819d7a431d7c90ea0e5f",
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
	"DB248B0A77AECEC196ACCC52973",1,
	_EC_NIST_PRIME_384_SEED, 20,
	"NIST/SECG curve over a 384 bit prime field"
	};

static const unsigned char _EC_NIST_PRIME_521_SEED[] = {
	0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,
	0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA};
static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {
	NID_X9_62_prime_field,
	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
	"051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
	"193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
	"C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
	"B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
	"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
	"7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
	"868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1,
	_EC_NIST_PRIME_521_SEED, 20,
	"NIST/SECG curve over a 521 bit prime field"
	};
/* the x9.62 prime curves (minus the nist prime curves) */
static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {
	0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,
	0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6};
static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {
	NID_X9_62_prime_field,
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
	"CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
	"EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
	"6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
	"FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1,
	_EC_X9_62_PRIME_192V2_SEED, 20,
	"X9.62 curve over a 192 bit prime field"
	};

static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {
	0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,
	0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E};
static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {
	NID_X9_62_prime_field,
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
	"22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
	"7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
	"38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
	"FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1,
	_EC_X9_62_PRIME_192V3_SEED, 20,
	"X9.62 curve over a 192 bit prime field"
	};

static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {
	0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,
	0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D};
static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {
	NID_X9_62_prime_field,
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
	"6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
	"0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
	"7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1,
	_EC_X9_62_PRIME_239V1_SEED, 20,
	"X9.62 curve over a 239 bit prime field"
	};

static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {
	0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,
	0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16};
static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {
	NID_X9_62_prime_field,
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
	"617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
	"38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
	"5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
	"7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1,
	_EC_X9_62_PRIME_239V2_SEED, 20,
	"X9.62 curve over a 239 bit prime field"
	};

static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {
	0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,
	0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF};
static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {
	NID_X9_62_prime_field,
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
	"255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
	"6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
	"1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1,
	_EC_X9_62_PRIME_239V3_SEED, 20,
	"X9.62 curve over a 239 bit prime field"
	};

static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {
	0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,
	0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90};
static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {
	NID_X9_62_prime_field,
	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
	"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
	"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
	"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1,
	_EC_X9_62_PRIME_256V1_SEED, 20,
	"X9.62/SECG curve over a 256 bit prime field"
	};
/* the secg prime curves (minus the nist and x9.62 prime curves) */
static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {
	0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,
	0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1};
static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {
	NID_X9_62_prime_field,
	"DB7C2ABF62E35E668076BEAD208B",
	"DB7C2ABF62E35E668076BEAD2088",
	"659EF8BA043916EEDE8911702B22",
	"09487239995A5EE76B55F9C2F098",
	"a89ce5af8724c0a23e0e0ff77500",
	"DB7C2ABF62E35E7628DFAC6561C5",1,
	_EC_SECG_PRIME_112R1_SEED, 20,
	"SECG/WTLS curve over a 112 bit prime field"
	};

static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {
	0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,
	0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4};
static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {
	NID_X9_62_prime_field,
	"DB7C2ABF62E35E668076BEAD208B",
	"6127C24C05F38A0AAAF65C0EF02C",
	"51DEF1815DB5ED74FCC34C85D709",
	"4BA30AB5E892B4E1649DD0928643",
	"adcd46f5882e3747def36e956e97",
	"36DF0AAFD8B8D7597CA10520D04B",4, 
	_EC_SECG_PRIME_112R2_SEED, 20,
	"SECG curve over a 112 bit prime field"
	};

static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {
	0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
	0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79};
static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {
	NID_X9_62_prime_field,
	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
	"E87579C11079F43DD824993C2CEE5ED3",
	"161FF7528B899B2D0C28607CA52C5B86",
	"cf5ac8395bafeb13c02da292dded7a83",
	"FFFFFFFE0000000075A30D1B9038A115",1,
	_EC_SECG_PRIME_128R1_SEED, 20,
	"SECG curve over a 128 bit prime field"
	};

static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {
	0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,
	0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4};
static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {
	NID_X9_62_prime_field,
	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
	"D6031998D1B3BBFEBF59CC9BBFF9AEE1",
	"5EEEFCA380D02919DC2C6558BB6D8A5D",
	"7B6AA5D85E572983E6FB32A7CDEBC140",
	"27b6916a894d3aee7106fe805fc34b44",
	"3FFFFFFF7FFFFFFFBE0024720613B5A3",4,
	_EC_SECG_PRIME_128R2_SEED, 20,
	"SECG curve over a 128 bit prime field"
	};

static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {
	NID_X9_62_prime_field,
	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
	"0",