From a17c005209fbde737edb97b0f51ea63472c166aa Mon Sep 17 00:00:00 2001 From: Alex Tsitsiura Date: Thu, 3 Nov 2022 17:06:39 +0200 Subject: [PATCH 1/9] [Telink] Adopt to latest telink zephyr & Update Telink image to 0.6.02 (Cherry-pick #22971) (#23380) * [Telink] Adopt to latest telink zephyr & Update Telink image to 0.6.02 (#22971) * [Telink] use zephyr in include path * [Telink] use telink zephyr crypto * [Telink] rename IEEE802154 functions and isr table offset fix * [Telink] restyle * [Telink]: Update Telink image to 0.6.02 * [Telink] Add CHIP license attribution --- .github/workflows/examples-telink.yaml | 2 +- config/telink/app/zephyr.conf | 5 +- config/telink/chip-module/CMakeLists.txt | 9 - .../light-switch-app/telink/include/AppTask.h | 2 +- examples/light-switch-app/telink/prj.conf | 2 +- .../light-switch-app/telink/src/AppTask.cpp | 4 +- examples/light-switch-app/telink/src/main.cpp | 2 +- .../telink/include/LightingManager.h | 2 +- examples/lighting-app/telink/prj.conf | 2 +- examples/lighting-app/telink/src/AppTask.cpp | 4 +- .../telink/src/LightingManager.cpp | 6 +- examples/lighting-app/telink/src/main.cpp | 2 +- .../telink/include/AppTask.h | 2 +- examples/ota-requestor-app/telink/prj.conf | 2 +- .../ota-requestor-app/telink/src/AppTask.cpp | 4 +- .../ota-requestor-app/telink/src/main.cpp | 2 +- .../telink/util/include/ButtonManager.h | 2 +- .../platform/telink/util/include/LEDWidget.h | 2 +- .../telink/util/src/ButtonManager.cpp | 10 +- .../platform/telink/util/src/LEDWidget.cpp | 2 +- .../platform/telink/util/src/ThreadUtil.cpp | 2 +- .../GenericPlatformManagerImpl_Zephyr.h | 2 +- .../GenericPlatformManagerImpl_Zephyr.ipp | 2 +- src/inet/InetInterface.cpp | 2 +- src/inet/InetInterface.h | 2 +- .../Zephyr/DiagnosticDataProviderImpl.cpp | 6 +- .../Zephyr/KeyValueStoreManagerImpl.cpp | 2 +- .../Zephyr/KeyValueStoreManagerImpl.h | 2 +- src/platform/Zephyr/Logging.cpp | 6 +- src/platform/Zephyr/PlatformManagerImpl.cpp | 2 +- src/platform/Zephyr/SystemTimeSupport.cpp | 2 +- src/platform/Zephyr/ThreadStackManagerImpl.h | 4 +- src/platform/Zephyr/ZephyrConfig.cpp | 2 +- src/platform/telink/BLEManagerImpl.cpp | 10 +- src/platform/telink/BUILD.gn | 21 - src/platform/telink/CHIPDevicePlatformEvent.h | 2 +- src/platform/telink/OTAImageProcessorImpl.cpp | 4 +- src/platform/telink/crypto/aes_alt.h | 56 - src/platform/telink/crypto/ecp_alt.h | 105 - src/platform/telink/crypto/internal/common.h | 56 - .../crypto/internal/compatibility/aes_alt.c | 2042 ------ .../crypto/internal/compatibility/aesni.h | 121 - .../crypto/internal/compatibility/bn_mul.h | 891 --- .../crypto/internal/compatibility/ecp_alt.c | 3363 ---------- .../internal/compatibility/ecp_curves_alt.c | 5490 ----------------- .../internal/compatibility/ecp_internal_alt.h | 284 - .../internal/compatibility/ecp_invasive.h | 77 - .../crypto/internal/compatibility/padlock.h | 112 - .../crypto/internal/ecp_alt_b91_backend.c | 419 -- .../internal/ecp_alt_b91_backend_test.c | 479 -- .../telink/crypto/internal/entropy_poll_alt.c | 56 - .../telink/crypto/internal/multithread.c | 88 - .../telink/crypto/internal/multithread.h | 41 - .../telink/crypto/internal/test_utils.c | 50 - .../telink/crypto/internal/test_utils.h | 39 - .../telink/crypto/telink-mbedtls-config.h | 117 - src/platform/telink/telink-mbedtls-config.h | 34 + 57 files changed, 90 insertions(+), 13971 deletions(-) delete mode 100644 src/platform/telink/crypto/aes_alt.h delete mode 100644 src/platform/telink/crypto/ecp_alt.h delete mode 100644 src/platform/telink/crypto/internal/common.h delete mode 100644 src/platform/telink/crypto/internal/compatibility/aes_alt.c delete mode 100644 src/platform/telink/crypto/internal/compatibility/aesni.h delete mode 100644 src/platform/telink/crypto/internal/compatibility/bn_mul.h delete mode 100644 src/platform/telink/crypto/internal/compatibility/ecp_alt.c delete mode 100644 src/platform/telink/crypto/internal/compatibility/ecp_curves_alt.c delete mode 100644 src/platform/telink/crypto/internal/compatibility/ecp_internal_alt.h delete mode 100644 src/platform/telink/crypto/internal/compatibility/ecp_invasive.h delete mode 100644 src/platform/telink/crypto/internal/compatibility/padlock.h delete mode 100644 src/platform/telink/crypto/internal/ecp_alt_b91_backend.c delete mode 100644 src/platform/telink/crypto/internal/ecp_alt_b91_backend_test.c delete mode 100644 src/platform/telink/crypto/internal/entropy_poll_alt.c delete mode 100644 src/platform/telink/crypto/internal/multithread.c delete mode 100644 src/platform/telink/crypto/internal/multithread.h delete mode 100644 src/platform/telink/crypto/internal/test_utils.c delete mode 100644 src/platform/telink/crypto/internal/test_utils.h delete mode 100644 src/platform/telink/crypto/telink-mbedtls-config.h create mode 100644 src/platform/telink/telink-mbedtls-config.h diff --git a/.github/workflows/examples-telink.yaml b/.github/workflows/examples-telink.yaml index 10fbac508d9448..dfb5fc75929f1c 100644 --- a/.github/workflows/examples-telink.yaml +++ b/.github/workflows/examples-telink.yaml @@ -32,7 +32,7 @@ jobs: if: github.actor != 'restyled-io[bot]' container: - image: connectedhomeip/chip-build-telink:0.5.99 + image: connectedhomeip/chip-build-telink:0.6.02 volumes: - "/tmp/bloat_reports:/tmp/bloat_reports" diff --git a/config/telink/app/zephyr.conf b/config/telink/app/zephyr.conf index 92944dbed8616f..c83f5aeccca9c4 100644 --- a/config/telink/app/zephyr.conf +++ b/config/telink/app/zephyr.conf @@ -66,7 +66,7 @@ CONFIG_OPENTHREAD_DEBUG=y CONFIG_OPENTHREAD_L2_DEBUG=y CONFIG_OPENTHREAD_L2_LOG_LEVEL_INF=y -CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154" +CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154_b91" CONFIG_NET_CONFIG_MY_IPV6_ADDR="fdde:ad00:beef::1" CONFIG_NET_CONFIG_PEER_IPV6_ADDR="fdde:ad00:beef::2" @@ -87,7 +87,8 @@ CONFIG_OPENTHREAD_DUA=y CONFIG_OPENTHREAD_MLR=y # mbedTLS tweaks -CONFIG_MBEDTLS_DEBUG=y +CONFIG_MBEDTLS_TEST=y +CONFIG_MBEDTLS_PKCS5_C=y CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y CONFIG_MBEDTLS_USER_CONFIG_FILE="telink-mbedtls-config.h" diff --git a/config/telink/chip-module/CMakeLists.txt b/config/telink/chip-module/CMakeLists.txt index 7b4c76555a62e6..f6d93210b4a416 100644 --- a/config/telink/chip-module/CMakeLists.txt +++ b/config/telink/chip-module/CMakeLists.txt @@ -108,16 +108,7 @@ if (CONFIG_POSIX_API) ) endif() -# Add MbedTLS config file -list(APPEND CHIP_CFLAGS -DMBEDTLS_CONFIG_FILE=CONFIG_MBEDTLS_CFG_FILE) - -# Add hardware cryptography dependencies -zephyr_include_directories(${ZEPHYR_BASE}/../modules/crypto/mbedtls/include) -zephyr_include_directories(${ZEPHYR_BASE}/modules/mbedtls/configs) zephyr_include_directories(${CHIP_ROOT}/src/platform/telink/) -zephyr_include_directories(${CHIP_ROOT}/src/platform/telink/crypto/) -zephyr_sources(${ZEPHYR_BASE}/../modules/hal/telink/tlsr9/drivers/B91/aes.c) -zephyr_sources(${ZEPHYR_BASE}/../modules/hal/telink/tlsr9/drivers/B91/pke.c) zephyr_get_compile_flags(CHIP_CFLAGS_C C) zephyr_get_compile_flags(CHIP_CFLAGS_CC CXX) diff --git a/examples/light-switch-app/telink/include/AppTask.h b/examples/light-switch-app/telink/include/AppTask.h index b682884b30155d..7fd67ff34abdad 100755 --- a/examples/light-switch-app/telink/include/AppTask.h +++ b/examples/light-switch-app/telink/include/AppTask.h @@ -20,7 +20,7 @@ #include "AppEvent.h" -#include +#include #include diff --git a/examples/light-switch-app/telink/prj.conf b/examples/light-switch-app/telink/prj.conf index 9e16c86b92c43e..05b92e9169eb6e 100755 --- a/examples/light-switch-app/telink/prj.conf +++ b/examples/light-switch-app/telink/prj.conf @@ -33,7 +33,7 @@ CONFIG_OPENTHREAD_PANID=4660 CONFIG_OPENTHREAD_CHANNEL=15 CONFIG_OPENTHREAD_NETWORK_NAME="OpenThreadDemo" CONFIG_OPENTHREAD_XPANID="11:11:11:11:22:22:22:22" -CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154" +CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154_b91" # Disable Matter OTA DFU CONFIG_CHIP_OTA_REQUESTOR=n diff --git a/examples/light-switch-app/telink/src/AppTask.cpp b/examples/light-switch-app/telink/src/AppTask.cpp index 7365515e0773f6..e8d3d0049dc095 100644 --- a/examples/light-switch-app/telink/src/AppTask.cpp +++ b/examples/light-switch-app/telink/src/AppTask.cpp @@ -50,8 +50,8 @@ #include "OTAUtil.h" #endif -#include -#include +#include +#include #include diff --git a/examples/light-switch-app/telink/src/main.cpp b/examples/light-switch-app/telink/src/main.cpp index 9c61b313f87569..6fdd0367cbe006 100755 --- a/examples/light-switch-app/telink/src/main.cpp +++ b/examples/light-switch-app/telink/src/main.cpp @@ -21,7 +21,7 @@ #include #include -#include +#include LOG_MODULE_REGISTER(app); diff --git a/examples/lighting-app/telink/include/LightingManager.h b/examples/lighting-app/telink/include/LightingManager.h index 2af544ada8625b..5ac8187f001e7f 100644 --- a/examples/lighting-app/telink/include/LightingManager.h +++ b/examples/lighting-app/telink/include/LightingManager.h @@ -23,7 +23,7 @@ #include #include -#include +#include class LightingManager { diff --git a/examples/lighting-app/telink/prj.conf b/examples/lighting-app/telink/prj.conf index e7228bff883154..8c2317982e35b4 100644 --- a/examples/lighting-app/telink/prj.conf +++ b/examples/lighting-app/telink/prj.conf @@ -33,7 +33,7 @@ CONFIG_OPENTHREAD_PANID=4660 CONFIG_OPENTHREAD_CHANNEL=15 CONFIG_OPENTHREAD_NETWORK_NAME="OpenThreadDemo" CONFIG_OPENTHREAD_XPANID="11:11:11:11:22:22:22:22" -CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154" +CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154_b91" # Disable Matter OTA DFU CONFIG_CHIP_OTA_REQUESTOR=n diff --git a/examples/lighting-app/telink/src/AppTask.cpp b/examples/lighting-app/telink/src/AppTask.cpp index 5c537b26a0d39e..fd9eabc82976e5 100644 --- a/examples/lighting-app/telink/src/AppTask.cpp +++ b/examples/lighting-app/telink/src/AppTask.cpp @@ -51,8 +51,8 @@ #include "OTAUtil.h" #endif -#include -#include +#include +#include #include diff --git a/examples/lighting-app/telink/src/LightingManager.cpp b/examples/lighting-app/telink/src/LightingManager.cpp index c89bbf6bf25aa2..3aad922a3516af 100644 --- a/examples/lighting-app/telink/src/LightingManager.cpp +++ b/examples/lighting-app/telink/src/LightingManager.cpp @@ -22,9 +22,9 @@ #include -#include -#include -#include +#include +#include +#include LOG_MODULE_DECLARE(app); diff --git a/examples/lighting-app/telink/src/main.cpp b/examples/lighting-app/telink/src/main.cpp index 28c080dc0bdc0f..4ea2a51acd6b2e 100644 --- a/examples/lighting-app/telink/src/main.cpp +++ b/examples/lighting-app/telink/src/main.cpp @@ -21,7 +21,7 @@ #include #include -#include +#include LOG_MODULE_REGISTER(app); diff --git a/examples/ota-requestor-app/telink/include/AppTask.h b/examples/ota-requestor-app/telink/include/AppTask.h index 296e45746e1fc3..712212e38fd80d 100755 --- a/examples/ota-requestor-app/telink/include/AppTask.h +++ b/examples/ota-requestor-app/telink/include/AppTask.h @@ -20,7 +20,7 @@ #include "AppEvent.h" -#include +#include #include diff --git a/examples/ota-requestor-app/telink/prj.conf b/examples/ota-requestor-app/telink/prj.conf index 5850ae2cd7ee51..7f270da20b8e5f 100755 --- a/examples/ota-requestor-app/telink/prj.conf +++ b/examples/ota-requestor-app/telink/prj.conf @@ -30,7 +30,7 @@ CONFIG_OPENTHREAD_PANID=4660 CONFIG_OPENTHREAD_CHANNEL=15 CONFIG_OPENTHREAD_NETWORK_NAME="OpenThreadDemo" CONFIG_OPENTHREAD_XPANID="11:11:11:11:22:22:22:22" -CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154" +CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154_b91" # Disable Matter OTA DFU CONFIG_CHIP_OTA_REQUESTOR=y diff --git a/examples/ota-requestor-app/telink/src/AppTask.cpp b/examples/ota-requestor-app/telink/src/AppTask.cpp index 169606c5ece510..182f5732d0ec59 100644 --- a/examples/ota-requestor-app/telink/src/AppTask.cpp +++ b/examples/ota-requestor-app/telink/src/AppTask.cpp @@ -49,8 +49,8 @@ #include "OTAUtil.h" #endif -#include -#include +#include +#include #include diff --git a/examples/ota-requestor-app/telink/src/main.cpp b/examples/ota-requestor-app/telink/src/main.cpp index e10d113c62adec..48adaee45a5115 100644 --- a/examples/ota-requestor-app/telink/src/main.cpp +++ b/examples/ota-requestor-app/telink/src/main.cpp @@ -21,7 +21,7 @@ #include #include -#include +#include LOG_MODULE_REGISTER(app); diff --git a/examples/platform/telink/util/include/ButtonManager.h b/examples/platform/telink/util/include/ButtonManager.h index 165ac19f71bf37..9c164fd7120c82 100644 --- a/examples/platform/telink/util/include/ButtonManager.h +++ b/examples/platform/telink/util/include/ButtonManager.h @@ -17,8 +17,8 @@ #pragma once -#include #include +#include #define STATE_HIGH 1 #define STATE_LOW 0 diff --git a/examples/platform/telink/util/include/LEDWidget.h b/examples/platform/telink/util/include/LEDWidget.h index b83b6dd0d19c0e..e851c03ccc04e2 100644 --- a/examples/platform/telink/util/include/LEDWidget.h +++ b/examples/platform/telink/util/include/LEDWidget.h @@ -18,7 +18,7 @@ #pragma once #include -#include +#include class LEDWidget { diff --git a/examples/platform/telink/util/src/ButtonManager.cpp b/examples/platform/telink/util/src/ButtonManager.cpp index a730b4677a8a82..6a5d6055f53702 100644 --- a/examples/platform/telink/util/src/ButtonManager.cpp +++ b/examples/platform/telink/util/src/ButtonManager.cpp @@ -17,11 +17,11 @@ */ #include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include LOG_MODULE_REGISTER(ButtonManager); diff --git a/examples/platform/telink/util/src/LEDWidget.cpp b/examples/platform/telink/util/src/LEDWidget.cpp index abd45d415c4931..3b97fe64375058 100644 --- a/examples/platform/telink/util/src/LEDWidget.cpp +++ b/examples/platform/telink/util/src/LEDWidget.cpp @@ -18,7 +18,7 @@ #include "LEDWidget.h" -#include +#include const struct device * LEDWidget::mPort = NULL; diff --git a/examples/platform/telink/util/src/ThreadUtil.cpp b/examples/platform/telink/util/src/ThreadUtil.cpp index 12bfb00f82507c..dad09fe3e945eb 100644 --- a/examples/platform/telink/util/src/ThreadUtil.cpp +++ b/examples/platform/telink/util/src/ThreadUtil.cpp @@ -23,7 +23,7 @@ #include #include -#include +#include #include diff --git a/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.h b/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.h index c4dd017228604e..c3f1de4dde19cb 100644 --- a/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.h +++ b/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.h @@ -27,7 +27,7 @@ #include #include -#include +#include namespace chip { namespace DeviceLayer { diff --git a/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.ipp b/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.ipp index 5b4c19c0a4279f..68c88de991b12c 100644 --- a/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.ipp +++ b/src/include/platform/internal/GenericPlatformManagerImpl_Zephyr.ipp @@ -35,7 +35,7 @@ #include #include -#include +#include #define DEFAULT_MIN_SLEEP_PERIOD (60 * 60 * 24 * 30) // Month [sec] diff --git a/src/inet/InetInterface.cpp b/src/inet/InetInterface.cpp index a13ff4e01e5ddb..794133c0ab47f1 100644 --- a/src/inet/InetInterface.cpp +++ b/src/inet/InetInterface.cpp @@ -56,7 +56,7 @@ #endif // CHIP_SYSTEM_CONFIG_USE_SOCKETS && CHIP_SYSTEM_CONFIG_USE_BSD_IFADDRS #if CHIP_SYSTEM_CONFIG_USE_ZEPHYR_NET_IF -#include +#include #endif // CHIP_SYSTEM_CONFIG_USE_ZEPHYR_NET_IF #if CHIP_SYSTEM_CONFIG_USE_OPEN_THREAD_ENDPOINT diff --git a/src/inet/InetInterface.h b/src/inet/InetInterface.h index f2e89fe4697919..8a182294476a6e 100644 --- a/src/inet/InetInterface.h +++ b/src/inet/InetInterface.h @@ -42,7 +42,7 @@ struct ifaddrs; #endif // CHIP_SYSTEM_CONFIG_USE_BSD_IFADDRS #if CHIP_SYSTEM_CONFIG_USE_ZEPHYR_NET_IF -#include +#include struct net_if; struct net_if_ipv4; diff --git a/src/platform/Zephyr/DiagnosticDataProviderImpl.cpp b/src/platform/Zephyr/DiagnosticDataProviderImpl.cpp index 6fac30482f6251..1eb24394f27be7 100644 --- a/src/platform/Zephyr/DiagnosticDataProviderImpl.cpp +++ b/src/platform/Zephyr/DiagnosticDataProviderImpl.cpp @@ -28,13 +28,13 @@ #include #include -#include -#include +#include +#include #if CHIP_DEVICE_LAYER_TARGET_NRFCONNECT #include #elif defined(CONFIG_MCUBOOT_IMG_MANAGER) -#include +#include #endif #include diff --git a/src/platform/Zephyr/KeyValueStoreManagerImpl.cpp b/src/platform/Zephyr/KeyValueStoreManagerImpl.cpp index da254e615263bc..d99239b20c726c 100644 --- a/src/platform/Zephyr/KeyValueStoreManagerImpl.cpp +++ b/src/platform/Zephyr/KeyValueStoreManagerImpl.cpp @@ -27,7 +27,7 @@ #include #include -#include +#include namespace chip { namespace DeviceLayer { diff --git a/src/platform/Zephyr/KeyValueStoreManagerImpl.h b/src/platform/Zephyr/KeyValueStoreManagerImpl.h index daaba1144b497a..1d4ee7d1f10fbf 100644 --- a/src/platform/Zephyr/KeyValueStoreManagerImpl.h +++ b/src/platform/Zephyr/KeyValueStoreManagerImpl.h @@ -24,7 +24,7 @@ #pragma once -#include +#include namespace chip { namespace DeviceLayer { diff --git a/src/platform/Zephyr/Logging.cpp b/src/platform/Zephyr/Logging.cpp index f65a5bbf472d33..f8e2015d415367 100644 --- a/src/platform/Zephyr/Logging.cpp +++ b/src/platform/Zephyr/Logging.cpp @@ -6,9 +6,9 @@ #include #include -#include -#include -#include +#include +#include +#include // If CONFIG_LOG_MODE_MINIMAL the timestamp is NOT added automatically by the Zephyr logger #ifdef CONFIG_LOG_MODE_MINIMAL diff --git a/src/platform/Zephyr/PlatformManagerImpl.cpp b/src/platform/Zephyr/PlatformManagerImpl.cpp index 53053b5eae74f7..6cd42773227ed2 100644 --- a/src/platform/Zephyr/PlatformManagerImpl.cpp +++ b/src/platform/Zephyr/PlatformManagerImpl.cpp @@ -32,8 +32,8 @@ #include #include -#include #include +#include namespace chip { namespace DeviceLayer { diff --git a/src/platform/Zephyr/SystemTimeSupport.cpp b/src/platform/Zephyr/SystemTimeSupport.cpp index 08d8408bd8aa38..90b63aded60b08 100644 --- a/src/platform/Zephyr/SystemTimeSupport.cpp +++ b/src/platform/Zephyr/SystemTimeSupport.cpp @@ -26,7 +26,7 @@ #include -#include +#include #if !CHIP_SYSTEM_CONFIG_USE_POSIX_TIME_FUNCTS diff --git a/src/platform/Zephyr/ThreadStackManagerImpl.h b/src/platform/Zephyr/ThreadStackManagerImpl.h index 19e5d7ecc643dc..6600554a1966bd 100644 --- a/src/platform/Zephyr/ThreadStackManagerImpl.h +++ b/src/platform/Zephyr/ThreadStackManagerImpl.h @@ -25,8 +25,8 @@ #include -#include -#include +#include +#include #include #if !CONFIG_SOC_SERIES_RISCV_TELINK_B91 diff --git a/src/platform/Zephyr/ZephyrConfig.cpp b/src/platform/Zephyr/ZephyrConfig.cpp index 60a17788a3cff0..f548e95bca09a7 100644 --- a/src/platform/Zephyr/ZephyrConfig.cpp +++ b/src/platform/Zephyr/ZephyrConfig.cpp @@ -30,7 +30,7 @@ #include #include -#include +#include namespace chip { namespace DeviceLayer { diff --git a/src/platform/telink/BLEManagerImpl.cpp b/src/platform/telink/BLEManagerImpl.cpp index eaacb0250338a2..d8f838142b245e 100644 --- a/src/platform/telink/BLEManagerImpl.cpp +++ b/src/platform/telink/BLEManagerImpl.cpp @@ -35,7 +35,7 @@ /*Includes for ieee802154 switchings */ #define DT_DRV_COMPAT telink_b91_zb #include -#include +#include /* Telink headers */ #include "drivers.h" @@ -319,11 +319,11 @@ CHIP_ERROR BLEManagerImpl::_InitStack(void) SuccessOrExit(err); /* Resetup stimer interrupt to handle BLE stack */ - ret = irq_connect_dynamic(STIMER_IRQ_NUM, 2, stimer_irq_handler, NULL, 0); + ret = irq_connect_dynamic(STIMER_IRQ_NUM + CONFIG_2ND_LVL_ISR_TBL_OFFSET, 2, stimer_irq_handler, NULL, 0); ChipLogDetail(DeviceLayer, "Stimer IRQ assigned vector %d", ret); /* Resetup rf interrupt to handle BLE stack */ - ret = irq_connect_dynamic(RF_IRQ_NUM, 2, rf_irq_handler, NULL, 0); + ret = irq_connect_dynamic(RF_IRQ_NUM + CONFIG_2ND_LVL_ISR_TBL_OFFSET, 2, rf_irq_handler, NULL, 0); ChipLogDetail(DeviceLayer, "RF IRQ assigned vector %d", ret); exit: @@ -577,7 +577,7 @@ CHIP_ERROR BLEManagerImpl::StartAdvertising(void) /* @todo: move to RadioSwitch module*/ const struct device * radio_dev = device_get_binding(CONFIG_NET_CONFIG_IEEE802154_DEV_NAME); __ASSERT(radio_dev != NULL, "Fail to get radio device"); - b91_ieee802154_deinit(radio_dev); + b91_deinit(radio_dev); /* It is time to init BLE stack */ err = _InitStack(); @@ -837,7 +837,7 @@ void BLEManagerImpl::SwitchToIeee802154(void) __ASSERT(radio_dev != NULL, "Fail to get radio device"); /* Init IEEE802154 */ - result = b91_ieee802154_init(radio_dev); + result = b91_init(radio_dev); __ASSERT(result == 0, "Fail to init IEEE802154 radio. Error: %d", result); } diff --git a/src/platform/telink/BUILD.gn b/src/platform/telink/BUILD.gn index 96f663d9a8b4d8..d0b799c187b44b 100644 --- a/src/platform/telink/BUILD.gn +++ b/src/platform/telink/BUILD.gn @@ -46,30 +46,11 @@ static_library("telink") { "KeyValueStoreManagerImpl.h", "PlatformManagerImpl.h", "SystemPlatformConfig.h", - - # B91 HW crypto unit - "crypto/internal/common.h", - "crypto/internal/compatibility/aes_alt.c", - "crypto/internal/compatibility/aesni.h", - "crypto/internal/compatibility/bn_mul.h", - "crypto/internal/compatibility/ecp_alt.c", - "crypto/internal/compatibility/ecp_curves_alt.c", - "crypto/internal/compatibility/ecp_internal_alt.h", - "crypto/internal/compatibility/ecp_invasive.h", - "crypto/internal/compatibility/padlock.h", - "crypto/internal/ecp_alt_b91_backend.c", - "crypto/internal/ecp_alt_b91_backend_test.c", - "crypto/internal/entropy_poll_alt.c", - "crypto/internal/multithread.c", - "crypto/internal/multithread.h", - "crypto/internal/test_utils.c", - "crypto/internal/test_utils.h", ] deps = [] public_deps = [ - "${chip_root}/src/crypto", "${chip_root}/src/platform:platform_base", "${telink_sdk_build_root}", ] @@ -93,6 +74,4 @@ static_library("telink") { "OTAImageProcessorImpl.h", ] } - - public_deps += [ "${chip_root}/src/crypto" ] } diff --git a/src/platform/telink/CHIPDevicePlatformEvent.h b/src/platform/telink/CHIPDevicePlatformEvent.h index f7772579432c18..b04059508c1bf6 100644 --- a/src/platform/telink/CHIPDevicePlatformEvent.h +++ b/src/platform/telink/CHIPDevicePlatformEvent.h @@ -26,7 +26,7 @@ #include -#include +#include namespace chip { namespace DeviceLayer { diff --git a/src/platform/telink/OTAImageProcessorImpl.cpp b/src/platform/telink/OTAImageProcessorImpl.cpp index 0adc3f3947273e..f0c3c4de5cdd35 100644 --- a/src/platform/telink/OTAImageProcessorImpl.cpp +++ b/src/platform/telink/OTAImageProcessorImpl.cpp @@ -21,10 +21,10 @@ #include #include -#include -#include +#include #include #include +#include static struct stream_flash_ctx stream; diff --git a/src/platform/telink/crypto/aes_alt.h b/src/platform/telink/crypto/aes_alt.h deleted file mode 100644 index c8560e894b676c..00000000000000 --- a/src/platform/telink/crypto/aes_alt.h +++ /dev/null @@ -1,56 +0,0 @@ -/* aes_alt.h */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef AES_ALT_H -#define AES_ALT_H - -#if defined(MBEDTLS_AES_ALT) -// Regular implementation -// - -/** - * \brief The AES context-type definition. - */ -typedef struct mbedtls_aes_context -{ - int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ - uint32_t * MBEDTLS_PRIVATE(rk); /*!< AES round keys. */ - uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can - hold 32 extra Bytes, which can be used for - one of the following purposes: -
  • Alignment if VIA padlock is used.
    • -
  • Simplifying key expansion in the 256-bit - case by generating an extra round key. -
*/ -} mbedtls_aes_context; - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief The AES XTS context-type definition. - */ -typedef struct mbedtls_aes_xts_context -{ - mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block encryption or decryption. */ - mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak computation. */ -} mbedtls_aes_xts_context; - -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#endif /* MBEDTLS_AES_ALT */ - -#endif /* aes_alt.h */ diff --git a/src/platform/telink/crypto/ecp_alt.h b/src/platform/telink/crypto/ecp_alt.h deleted file mode 100644 index 920774c88c305f..00000000000000 --- a/src/platform/telink/crypto/ecp_alt.h +++ /dev/null @@ -1,105 +0,0 @@ -/** - * \file ecp_alt.h - * - * \brief Utility macros for internal use in the library - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ECP_ALT_H -#define ECP_ALT_H - -#if defined(MBEDTLS_ECP_ALT) - -typedef struct mbedtls_ecp_group -{ - mbedtls_ecp_group_id id; /*!< An internal group identifier. */ - mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For - Montgomery curves: (A + 2) / 4. */ - mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. - For Montgomery curves: unused. */ - mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ - mbedtls_mpi N; /*!< The order of \p G. */ - size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. - For Montgomery curves: the number of bits in the - private keys. */ - /* End of public fields */ - - unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */ - int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ - int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */ - int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */ - void * MBEDTLS_PRIVATE(t_data); /*!< Unused. */ - mbedtls_ecp_point * MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */ - size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */ -} mbedtls_ecp_group; - -/** - * \name SECTION: Module settings - * - * The configuration options you can set for this module are in this section. - * Either change them in mbedtls_config.h, or define them using the compiler command line. - * \{ - */ - -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) -/* - * Maximum "window" size used for point multiplication. - * Default: a point where higher memory usage yields disminishing performance - * returns. - * Minimum value: 2. Maximum value: 7. - * - * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) ) - * points used for point multiplication. This value is directly tied to EC - * peak memory usage, so decreasing it by one should roughly cut memory usage - * by two (if large curves are in use). - * - * Reduction in size may reduce speed, but larger curves are impacted first. - * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1): - * w-size: 6 5 4 3 2 - * 521 145 141 135 120 97 - * 384 214 209 198 177 146 - * 256 320 320 303 262 226 - * 224 475 475 453 398 342 - * 192 640 640 633 587 476 - */ -#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */ -#endif /* MBEDTLS_ECP_WINDOW_SIZE */ - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) -/* - * Trade code size for speed on fixed-point multiplication. - * - * This speeds up repeated multiplication of the generator (that is, the - * multiplication in ECDSA signatures, and half of the multiplications in - * ECDSA verification and ECDHE) by a factor roughly 3 to 4. - * - * For each n-bit Short Weierstrass curve that is enabled, this adds 4n bytes - * of code size if n < 384 and 8n otherwise. - * - * Change this value to 0 to reduce code size. - */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */ -#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ - -/* \} name SECTION: Module settings */ - -#endif /* MBEDTLS_ECP_ALT */ - -#endif /* ecp_alt.h */ diff --git a/src/platform/telink/crypto/internal/common.h b/src/platform/telink/crypto/internal/common.h deleted file mode 100644 index a2c8a1e72690b4..00000000000000 --- a/src/platform/telink/crypto/internal/common.h +++ /dev/null @@ -1,56 +0,0 @@ -/** - * \file common.h - * - * \brief Utility macros for internal use in the library - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_LIBRARY_COMMON_H -#define MBEDTLS_LIBRARY_COMMON_H - -#include "mbedtls/build_info.h" - -/** Helper to define a function as static except when building invasive tests. - * - * If a function is only used inside its own source file and should be - * declared `static` to allow the compiler to optimize for code size, - * but that function has unit tests, define it with - * ``` - * MBEDTLS_STATIC_TESTABLE int mbedtls_foo(...) { ... } - * ``` - * and declare it in a header in the `library/` directory with - * ``` - * #if defined(MBEDTLS_TEST_HOOKS) - * int mbedtls_foo(...); - * #endif - * ``` - */ -#if defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_STATIC_TESTABLE -#else -#define MBEDTLS_STATIC_TESTABLE static -#endif - -/** Allow library to access its structs' private members. - * - * Although structs defined in header files are publicly available, - * their members are private and should not be accessed by the user. - */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#endif /* MBEDTLS_LIBRARY_COMMON_H */ diff --git a/src/platform/telink/crypto/internal/compatibility/aes_alt.c b/src/platform/telink/crypto/internal/compatibility/aes_alt.c deleted file mode 100644 index 31cf5a5323cc13..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/aes_alt.c +++ /dev/null @@ -1,2042 +0,0 @@ -/* - * FIPS-197 compliant AES implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. - * - * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf - * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf - */ - -#include "../common.h" - -#if defined(MBEDTLS_AES_C) - -#include - -#include "mbedtls/aes.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" -#include "mbedtls/platform_util.h" -#if defined(MBEDTLS_PADLOCK_C) -#include "padlock.h" -#endif -#if defined(MBEDTLS_AESNI_C) -#include "aesni.h" -#endif - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#if defined(MBEDTLS_AES_ALT) - -#include "../multithread.h" -#include "aes.h" - -/* Parameter validation macros based on platform_util.h */ -#define AES_VALIDATE_RET(cond) MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA) -#define AES_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) - -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE(n, b, i) \ - { \ - (n) = ((uint32_t)(b)[(i)]) | ((uint32_t)(b)[(i) + 1] << 8) | ((uint32_t)(b)[(i) + 2] << 16) | \ - ((uint32_t)(b)[(i) + 3] << 24); \ - } -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE(n, b, i) \ - { \ - (b)[(i)] = (unsigned char) (((n)) & 0xFF); \ - (b)[(i) + 1] = (unsigned char) (((n) >> 8) & 0xFF); \ - (b)[(i) + 2] = (unsigned char) (((n) >> 16) & 0xFF); \ - (b)[(i) + 3] = (unsigned char) (((n) >> 24) & 0xFF); \ - } -#endif - -#if defined(MBEDTLS_PADLOCK_C) && (defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16)) -static int aes_padlock_ace = -1; -#endif - -#if defined(MBEDTLS_AES_ROM_TABLES) -/* - * Forward S-box - */ -static const unsigned char FSb[256] = { - 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, - 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, - 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, - 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, - 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 0xD0, 0xEF, 0xAA, 0xFB, - 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, - 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, - 0x64, 0x5D, 0x19, 0x73, 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, - 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, - 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, - 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, - 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, - 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 -}; - -/* - * Forward tables - */ -#define FT \ - \ - V(A5, 63, 63, C6), V(84, 7C, 7C, F8), V(99, 77, 77, EE), V(8D, 7B, 7B, F6), V(0D, F2, F2, FF), V(BD, 6B, 6B, D6), \ - V(B1, 6F, 6F, DE), V(54, C5, C5, 91), V(50, 30, 30, 60), V(03, 01, 01, 02), V(A9, 67, 67, CE), V(7D, 2B, 2B, 56), \ - V(19, FE, FE, E7), V(62, D7, D7, B5), V(E6, AB, AB, 4D), V(9A, 76, 76, EC), V(45, CA, CA, 8F), V(9D, 82, 82, 1F), \ - V(40, C9, C9, 89), V(87, 7D, 7D, FA), V(15, FA, FA, EF), V(EB, 59, 59, B2), V(C9, 47, 47, 8E), V(0B, F0, F0, FB), \ - V(EC, AD, AD, 41), V(67, D4, D4, B3), V(FD, A2, A2, 5F), V(EA, AF, AF, 45), V(BF, 9C, 9C, 23), V(F7, A4, A4, 53), \ - V(96, 72, 72, E4), V(5B, C0, C0, 9B), V(C2, B7, B7, 75), V(1C, FD, FD, E1), V(AE, 93, 93, 3D), V(6A, 26, 26, 4C), \ - V(5A, 36, 36, 6C), V(41, 3F, 3F, 7E), V(02, F7, F7, F5), V(4F, CC, CC, 83), V(5C, 34, 34, 68), V(F4, A5, A5, 51), \ - V(34, E5, E5, D1), V(08, F1, F1, F9), V(93, 71, 71, E2), V(73, D8, D8, AB), V(53, 31, 31, 62), V(3F, 15, 15, 2A), \ - V(0C, 04, 04, 08), V(52, C7, C7, 95), V(65, 23, 23, 46), V(5E, C3, C3, 9D), V(28, 18, 18, 30), V(A1, 96, 96, 37), \ - V(0F, 05, 05, 0A), V(B5, 9A, 9A, 2F), V(09, 07, 07, 0E), V(36, 12, 12, 24), V(9B, 80, 80, 1B), V(3D, E2, E2, DF), \ - V(26, EB, EB, CD), V(69, 27, 27, 4E), V(CD, B2, B2, 7F), V(9F, 75, 75, EA), V(1B, 09, 09, 12), V(9E, 83, 83, 1D), \ - V(74, 2C, 2C, 58), V(2E, 1A, 1A, 34), V(2D, 1B, 1B, 36), V(B2, 6E, 6E, DC), V(EE, 5A, 5A, B4), V(FB, A0, A0, 5B), \ - V(F6, 52, 52, A4), V(4D, 3B, 3B, 76), V(61, D6, D6, B7), V(CE, B3, B3, 7D), V(7B, 29, 29, 52), V(3E, E3, E3, DD), \ - V(71, 2F, 2F, 5E), V(97, 84, 84, 13), V(F5, 53, 53, A6), V(68, D1, D1, B9), V(00, 00, 00, 00), V(2C, ED, ED, C1), \ - V(60, 20, 20, 40), V(1F, FC, FC, E3), V(C8, B1, B1, 79), V(ED, 5B, 5B, B6), V(BE, 6A, 6A, D4), V(46, CB, CB, 8D), \ - V(D9, BE, BE, 67), V(4B, 39, 39, 72), V(DE, 4A, 4A, 94), V(D4, 4C, 4C, 98), V(E8, 58, 58, B0), V(4A, CF, CF, 85), \ - V(6B, D0, D0, BB), V(2A, EF, EF, C5), V(E5, AA, AA, 4F), V(16, FB, FB, ED), V(C5, 43, 43, 86), V(D7, 4D, 4D, 9A), \ - V(55, 33, 33, 66), V(94, 85, 85, 11), V(CF, 45, 45, 8A), V(10, F9, F9, E9), V(06, 02, 02, 04), V(81, 7F, 7F, FE), \ - V(F0, 50, 50, A0), V(44, 3C, 3C, 78), V(BA, 9F, 9F, 25), V(E3, A8, A8, 4B), V(F3, 51, 51, A2), V(FE, A3, A3, 5D), \ - V(C0, 40, 40, 80), V(8A, 8F, 8F, 05), V(AD, 92, 92, 3F), V(BC, 9D, 9D, 21), V(48, 38, 38, 70), V(04, F5, F5, F1), \ - V(DF, BC, BC, 63), V(C1, B6, B6, 77), V(75, DA, DA, AF), V(63, 21, 21, 42), V(30, 10, 10, 20), V(1A, FF, FF, E5), \ - V(0E, F3, F3, FD), V(6D, D2, D2, BF), V(4C, CD, CD, 81), V(14, 0C, 0C, 18), V(35, 13, 13, 26), V(2F, EC, EC, C3), \ - V(E1, 5F, 5F, BE), V(A2, 97, 97, 35), V(CC, 44, 44, 88), V(39, 17, 17, 2E), V(57, C4, C4, 93), V(F2, A7, A7, 55), \ - V(82, 7E, 7E, FC), V(47, 3D, 3D, 7A), V(AC, 64, 64, C8), V(E7, 5D, 5D, BA), V(2B, 19, 19, 32), V(95, 73, 73, E6), \ - V(A0, 60, 60, C0), V(98, 81, 81, 19), V(D1, 4F, 4F, 9E), V(7F, DC, DC, A3), V(66, 22, 22, 44), V(7E, 2A, 2A, 54), \ - V(AB, 90, 90, 3B), V(83, 88, 88, 0B), V(CA, 46, 46, 8C), V(29, EE, EE, C7), V(D3, B8, B8, 6B), V(3C, 14, 14, 28), \ - V(79, DE, DE, A7), V(E2, 5E, 5E, BC), V(1D, 0B, 0B, 16), V(76, DB, DB, AD), V(3B, E0, E0, DB), V(56, 32, 32, 64), \ - V(4E, 3A, 3A, 74), V(1E, 0A, 0A, 14), V(DB, 49, 49, 92), V(0A, 06, 06, 0C), V(6C, 24, 24, 48), V(E4, 5C, 5C, B8), \ - V(5D, C2, C2, 9F), V(6E, D3, D3, BD), V(EF, AC, AC, 43), V(A6, 62, 62, C4), V(A8, 91, 91, 39), V(A4, 95, 95, 31), \ - V(37, E4, E4, D3), V(8B, 79, 79, F2), V(32, E7, E7, D5), V(43, C8, C8, 8B), V(59, 37, 37, 6E), V(B7, 6D, 6D, DA), \ - V(8C, 8D, 8D, 01), V(64, D5, D5, B1), V(D2, 4E, 4E, 9C), V(E0, A9, A9, 49), V(B4, 6C, 6C, D8), V(FA, 56, 56, AC), \ - V(07, F4, F4, F3), V(25, EA, EA, CF), V(AF, 65, 65, CA), V(8E, 7A, 7A, F4), V(E9, AE, AE, 47), V(18, 08, 08, 10), \ - V(D5, BA, BA, 6F), V(88, 78, 78, F0), V(6F, 25, 25, 4A), V(72, 2E, 2E, 5C), V(24, 1C, 1C, 38), V(F1, A6, A6, 57), \ - V(C7, B4, B4, 73), V(51, C6, C6, 97), V(23, E8, E8, CB), V(7C, DD, DD, A1), V(9C, 74, 74, E8), V(21, 1F, 1F, 3E), \ - V(DD, 4B, 4B, 96), V(DC, BD, BD, 61), V(86, 8B, 8B, 0D), V(85, 8A, 8A, 0F), V(90, 70, 70, E0), V(42, 3E, 3E, 7C), \ - V(C4, B5, B5, 71), V(AA, 66, 66, CC), V(D8, 48, 48, 90), V(05, 03, 03, 06), V(01, F6, F6, F7), V(12, 0E, 0E, 1C), \ - V(A3, 61, 61, C2), V(5F, 35, 35, 6A), V(F9, 57, 57, AE), V(D0, B9, B9, 69), V(91, 86, 86, 17), V(58, C1, C1, 99), \ - V(27, 1D, 1D, 3A), V(B9, 9E, 9E, 27), V(38, E1, E1, D9), V(13, F8, F8, EB), V(B3, 98, 98, 2B), V(33, 11, 11, 22), \ - V(BB, 69, 69, D2), V(70, D9, D9, A9), V(89, 8E, 8E, 07), V(A7, 94, 94, 33), V(B6, 9B, 9B, 2D), V(22, 1E, 1E, 3C), \ - V(92, 87, 87, 15), V(20, E9, E9, C9), V(49, CE, CE, 87), V(FF, 55, 55, AA), V(78, 28, 28, 50), V(7A, DF, DF, A5), \ - V(8F, 8C, 8C, 03), V(F8, A1, A1, 59), V(80, 89, 89, 09), V(17, 0D, 0D, 1A), V(DA, BF, BF, 65), V(31, E6, E6, D7), \ - V(C6, 42, 42, 84), V(B8, 68, 68, D0), V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \ - V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C) - -#define V(a, b, c, d) 0x##a##b##c##d -static const uint32_t FT0[256] = { FT }; -#undef V - -#if !defined(MBEDTLS_AES_FEWER_TABLES) - -#define V(a, b, c, d) 0x##b##c##d##a -static const uint32_t FT1[256] = { FT }; -#undef V - -#define V(a, b, c, d) 0x##c##d##a##b -static const uint32_t FT2[256] = { FT }; -#undef V - -#define V(a, b, c, d) 0x##d##a##b##c -static const uint32_t FT3[256] = { FT }; -#undef V - -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#undef FT - -/* - * Reverse S-box - */ -static const unsigned char RSb[256] = { - 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, - 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, - 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, - 0x6D, 0x8B, 0xD1, 0x25, 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, - 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, 0x90, 0xD8, 0xAB, 0x00, - 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, - 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, - 0xF0, 0xB4, 0xE6, 0x73, 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, - 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 0xFC, 0x56, 0x3E, 0x4B, - 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, - 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, - 0x93, 0xC9, 0x9C, 0xEF, 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, - 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D -}; - -/* - * Reverse tables - */ -#define RT \ - \ - V(50, A7, F4, 51), V(53, 65, 41, 7E), V(C3, A4, 17, 1A), V(96, 5E, 27, 3A), V(CB, 6B, AB, 3B), V(F1, 45, 9D, 1F), \ - V(AB, 58, FA, AC), V(93, 03, E3, 4B), V(55, FA, 30, 20), V(F6, 6D, 76, AD), V(91, 76, CC, 88), V(25, 4C, 02, F5), \ - V(FC, D7, E5, 4F), V(D7, CB, 2A, C5), V(80, 44, 35, 26), V(8F, A3, 62, B5), V(49, 5A, B1, DE), V(67, 1B, BA, 25), \ - V(98, 0E, EA, 45), V(E1, C0, FE, 5D), V(02, 75, 2F, C3), V(12, F0, 4C, 81), V(A3, 97, 46, 8D), V(C6, F9, D3, 6B), \ - V(E7, 5F, 8F, 03), V(95, 9C, 92, 15), V(EB, 7A, 6D, BF), V(DA, 59, 52, 95), V(2D, 83, BE, D4), V(D3, 21, 74, 58), \ - V(29, 69, E0, 49), V(44, C8, C9, 8E), V(6A, 89, C2, 75), V(78, 79, 8E, F4), V(6B, 3E, 58, 99), V(DD, 71, B9, 27), \ - V(B6, 4F, E1, BE), V(17, AD, 88, F0), V(66, AC, 20, C9), V(B4, 3A, CE, 7D), V(18, 4A, DF, 63), V(82, 31, 1A, E5), \ - V(60, 33, 51, 97), V(45, 7F, 53, 62), V(E0, 77, 64, B1), V(84, AE, 6B, BB), V(1C, A0, 81, FE), V(94, 2B, 08, F9), \ - V(58, 68, 48, 70), V(19, FD, 45, 8F), V(87, 6C, DE, 94), V(B7, F8, 7B, 52), V(23, D3, 73, AB), V(E2, 02, 4B, 72), \ - V(57, 8F, 1F, E3), V(2A, AB, 55, 66), V(07, 28, EB, B2), V(03, C2, B5, 2F), V(9A, 7B, C5, 86), V(A5, 08, 37, D3), \ - V(F2, 87, 28, 30), V(B2, A5, BF, 23), V(BA, 6A, 03, 02), V(5C, 82, 16, ED), V(2B, 1C, CF, 8A), V(92, B4, 79, A7), \ - V(F0, F2, 07, F3), V(A1, E2, 69, 4E), V(CD, F4, DA, 65), V(D5, BE, 05, 06), V(1F, 62, 34, D1), V(8A, FE, A6, C4), \ - V(9D, 53, 2E, 34), V(A0, 55, F3, A2), V(32, E1, 8A, 05), V(75, EB, F6, A4), V(39, EC, 83, 0B), V(AA, EF, 60, 40), \ - V(06, 9F, 71, 5E), V(51, 10, 6E, BD), V(F9, 8A, 21, 3E), V(3D, 06, DD, 96), V(AE, 05, 3E, DD), V(46, BD, E6, 4D), \ - V(B5, 8D, 54, 91), V(05, 5D, C4, 71), V(6F, D4, 06, 04), V(FF, 15, 50, 60), V(24, FB, 98, 19), V(97, E9, BD, D6), \ - V(CC, 43, 40, 89), V(77, 9E, D9, 67), V(BD, 42, E8, B0), V(88, 8B, 89, 07), V(38, 5B, 19, E7), V(DB, EE, C8, 79), \ - V(47, 0A, 7C, A1), V(E9, 0F, 42, 7C), V(C9, 1E, 84, F8), V(00, 00, 00, 00), V(83, 86, 80, 09), V(48, ED, 2B, 32), \ - V(AC, 70, 11, 1E), V(4E, 72, 5A, 6C), V(FB, FF, 0E, FD), V(56, 38, 85, 0F), V(1E, D5, AE, 3D), V(27, 39, 2D, 36), \ - V(64, D9, 0F, 0A), V(21, A6, 5C, 68), V(D1, 54, 5B, 9B), V(3A, 2E, 36, 24), V(B1, 67, 0A, 0C), V(0F, E7, 57, 93), \ - V(D2, 96, EE, B4), V(9E, 91, 9B, 1B), V(4F, C5, C0, 80), V(A2, 20, DC, 61), V(69, 4B, 77, 5A), V(16, 1A, 12, 1C), \ - V(0A, BA, 93, E2), V(E5, 2A, A0, C0), V(43, E0, 22, 3C), V(1D, 17, 1B, 12), V(0B, 0D, 09, 0E), V(AD, C7, 8B, F2), \ - V(B9, A8, B6, 2D), V(C8, A9, 1E, 14), V(85, 19, F1, 57), V(4C, 07, 75, AF), V(BB, DD, 99, EE), V(FD, 60, 7F, A3), \ - V(9F, 26, 01, F7), V(BC, F5, 72, 5C), V(C5, 3B, 66, 44), V(34, 7E, FB, 5B), V(76, 29, 43, 8B), V(DC, C6, 23, CB), \ - V(68, FC, ED, B6), V(63, F1, E4, B8), V(CA, DC, 31, D7), V(10, 85, 63, 42), V(40, 22, 97, 13), V(20, 11, C6, 84), \ - V(7D, 24, 4A, 85), V(F8, 3D, BB, D2), V(11, 32, F9, AE), V(6D, A1, 29, C7), V(4B, 2F, 9E, 1D), V(F3, 30, B2, DC), \ - V(EC, 52, 86, 0D), V(D0, E3, C1, 77), V(6C, 16, B3, 2B), V(99, B9, 70, A9), V(FA, 48, 94, 11), V(22, 64, E9, 47), \ - V(C4, 8C, FC, A8), V(1A, 3F, F0, A0), V(D8, 2C, 7D, 56), V(EF, 90, 33, 22), V(C7, 4E, 49, 87), V(C1, D1, 38, D9), \ - V(FE, A2, CA, 8C), V(36, 0B, D4, 98), V(CF, 81, F5, A6), V(28, DE, 7A, A5), V(26, 8E, B7, DA), V(A4, BF, AD, 3F), \ - V(E4, 9D, 3A, 2C), V(0D, 92, 78, 50), V(9B, CC, 5F, 6A), V(62, 46, 7E, 54), V(C2, 13, 8D, F6), V(E8, B8, D8, 90), \ - V(5E, F7, 39, 2E), V(F5, AF, C3, 82), V(BE, 80, 5D, 9F), V(7C, 93, D0, 69), V(A9, 2D, D5, 6F), V(B3, 12, 25, CF), \ - V(3B, 99, AC, C8), V(A7, 7D, 18, 10), V(6E, 63, 9C, E8), V(7B, BB, 3B, DB), V(09, 78, 26, CD), V(F4, 18, 59, 6E), \ - V(01, B7, 9A, EC), V(A8, 9A, 4F, 83), V(65, 6E, 95, E6), V(7E, E6, FF, AA), V(08, CF, BC, 21), V(E6, E8, 15, EF), \ - V(D9, 9B, E7, BA), V(CE, 36, 6F, 4A), V(D4, 09, 9F, EA), V(D6, 7C, B0, 29), V(AF, B2, A4, 31), V(31, 23, 3F, 2A), \ - V(30, 94, A5, C6), V(C0, 66, A2, 35), V(37, BC, 4E, 74), V(A6, CA, 82, FC), V(B0, D0, 90, E0), V(15, D8, A7, 33), \ - V(4A, 98, 04, F1), V(F7, DA, EC, 41), V(0E, 50, CD, 7F), V(2F, F6, 91, 17), V(8D, D6, 4D, 76), V(4D, B0, EF, 43), \ - V(54, 4D, AA, CC), V(DF, 04, 96, E4), V(E3, B5, D1, 9E), V(1B, 88, 6A, 4C), V(B8, 1F, 2C, C1), V(7F, 51, 65, 46), \ - V(04, EA, 5E, 9D), V(5D, 35, 8C, 01), V(73, 74, 87, FA), V(2E, 41, 0B, FB), V(5A, 1D, 67, B3), V(52, D2, DB, 92), \ - V(33, 56, 10, E9), V(13, 47, D6, 6D), V(8C, 61, D7, 9A), V(7A, 0C, A1, 37), V(8E, 14, F8, 59), V(89, 3C, 13, EB), \ - V(EE, 27, A9, CE), V(35, C9, 61, B7), V(ED, E5, 1C, E1), V(3C, B1, 47, 7A), V(59, DF, D2, 9C), V(3F, 73, F2, 55), \ - V(79, CE, 14, 18), V(BF, 37, C7, 73), V(EA, CD, F7, 53), V(5B, AA, FD, 5F), V(14, 6F, 3D, DF), V(86, DB, 44, 78), \ - V(81, F3, AF, CA), V(3E, C4, 68, B9), V(2C, 34, 24, 38), V(5F, 40, A3, C2), V(72, C3, 1D, 16), V(0C, 25, E2, BC), \ - V(8B, 49, 3C, 28), V(41, 95, 0D, FF), V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ - V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) - -#define V(a, b, c, d) 0x##a##b##c##d -static const uint32_t RT0[256] = { RT }; -#undef V - -#if !defined(MBEDTLS_AES_FEWER_TABLES) - -#define V(a, b, c, d) 0x##b##c##d##a -static const uint32_t RT1[256] = { RT }; -#undef V - -#define V(a, b, c, d) 0x##c##d##a##b -static const uint32_t RT2[256] = { RT }; -#undef V - -#define V(a, b, c, d) 0x##d##a##b##c -static const uint32_t RT3[256] = { RT }; -#undef V - -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#undef RT - -/* - * Round constants - */ -static const uint32_t RCON[10] = { 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, - 0x00000020, 0x00000040, 0x00000080, 0x0000001B, 0x00000036 }; - -#else /* MBEDTLS_AES_ROM_TABLES */ - -/* - * Forward S-box & tables - */ -static unsigned char FSb[256]; -static uint32_t FT0[256]; -#if !defined(MBEDTLS_AES_FEWER_TABLES) -static uint32_t FT1[256]; -static uint32_t FT2[256]; -static uint32_t FT3[256]; -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -/* - * Reverse S-box & tables - */ -static unsigned char RSb[256]; -static uint32_t RT0[256]; -#if !defined(MBEDTLS_AES_FEWER_TABLES) -static uint32_t RT1[256]; -static uint32_t RT2[256]; -static uint32_t RT3[256]; -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -/* - * Round constants - */ -static uint32_t RCON[10]; - -/* - * Tables generation code - */ -#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) -#define XTIME(x) (((x) << 1) ^ (((x) &0x80) ? 0x1B : 0x00)) -#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)] + log[(y)]) % 255] : 0) - -static int aes_init_done = 0; - -static void aes_gen_tables(void) -{ - int i, x, y, z; - int pow[256]; - int log[256]; - - /* - * compute pow and log tables over GF(2^8) - */ - for (i = 0, x = 1; i < 256; i++) - { - pow[i] = x; - log[x] = i; - x = (x ^ XTIME(x)) & 0xFF; - } - - /* - * calculate the round constants - */ - for (i = 0, x = 1; i < 10; i++) - { - RCON[i] = (uint32_t) x; - x = XTIME(x) & 0xFF; - } - - /* - * generate the forward and reverse S-boxes - */ - FSb[0x00] = 0x63; - RSb[0x63] = 0x00; - - for (i = 1; i < 256; i++) - { - x = pow[255 - log[i]]; - - y = x; - y = ((y << 1) | (y >> 7)) & 0xFF; - x ^= y; - y = ((y << 1) | (y >> 7)) & 0xFF; - x ^= y; - y = ((y << 1) | (y >> 7)) & 0xFF; - x ^= y; - y = ((y << 1) | (y >> 7)) & 0xFF; - x ^= y ^ 0x63; - - FSb[i] = (unsigned char) x; - RSb[x] = (unsigned char) i; - } - - /* - * generate the forward and reverse tables - */ - for (i = 0; i < 256; i++) - { - x = FSb[i]; - y = XTIME(x) & 0xFF; - z = (y ^ x) & 0xFF; - - FT0[i] = ((uint32_t) y) ^ ((uint32_t) x << 8) ^ ((uint32_t) x << 16) ^ ((uint32_t) z << 24); - -#if !defined(MBEDTLS_AES_FEWER_TABLES) - FT1[i] = ROTL8(FT0[i]); - FT2[i] = ROTL8(FT1[i]); - FT3[i] = ROTL8(FT2[i]); -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - - x = RSb[i]; - - RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x0D, x) << 16) ^ - ((uint32_t) MUL(0x0B, x) << 24); - -#if !defined(MBEDTLS_AES_FEWER_TABLES) - RT1[i] = ROTL8(RT0[i]); - RT2[i] = ROTL8(RT1[i]); - RT3[i] = ROTL8(RT2[i]); -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - } -} - -#undef ROTL8 - -#endif /* MBEDTLS_AES_ROM_TABLES */ - -#if defined(MBEDTLS_AES_FEWER_TABLES) - -#define ROTL8(x) ((uint32_t)((x) << 8) + (uint32_t)((x) >> 24)) -#define ROTL16(x) ((uint32_t)((x) << 16) + (uint32_t)((x) >> 16)) -#define ROTL24(x) ((uint32_t)((x) << 24) + (uint32_t)((x) >> 8)) - -#define AES_RT0(idx) RT0[idx] -#define AES_RT1(idx) ROTL8(RT0[idx]) -#define AES_RT2(idx) ROTL16(RT0[idx]) -#define AES_RT3(idx) ROTL24(RT0[idx]) - -#define AES_FT0(idx) FT0[idx] -#define AES_FT1(idx) ROTL8(FT0[idx]) -#define AES_FT2(idx) ROTL16(FT0[idx]) -#define AES_FT3(idx) ROTL24(FT0[idx]) - -#else /* MBEDTLS_AES_FEWER_TABLES */ - -#define AES_RT0(idx) RT0[idx] -#define AES_RT1(idx) RT1[idx] -#define AES_RT2(idx) RT2[idx] -#define AES_RT3(idx) RT3[idx] - -#define AES_FT0(idx) FT0[idx] -#define AES_FT1(idx) FT1[idx] -#define AES_FT2(idx) FT2[idx] -#define AES_FT3(idx) FT3[idx] - -#endif /* MBEDTLS_AES_FEWER_TABLES */ - -void mbedtls_aes_init(mbedtls_aes_context * ctx) -{ - AES_VALIDATE(ctx != NULL); - - memset(ctx, 0, sizeof(mbedtls_aes_context)); -} - -void mbedtls_aes_free(mbedtls_aes_context * ctx) -{ - if (ctx == NULL) - return; - - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aes_context)); -} - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -void mbedtls_aes_xts_init(mbedtls_aes_xts_context * ctx) -{ - AES_VALIDATE(ctx != NULL); - - mbedtls_aes_init(&ctx->crypt); - mbedtls_aes_init(&ctx->tweak); -} - -void mbedtls_aes_xts_free(mbedtls_aes_xts_context * ctx) -{ - if (ctx == NULL) - return; - - mbedtls_aes_free(&ctx->crypt); - mbedtls_aes_free(&ctx->tweak); -} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/* - * AES key schedule (encryption) - */ -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) -int mbedtls_aes_setkey_enc(mbedtls_aes_context * ctx, const unsigned char * key, unsigned int keybits) -{ - unsigned int i; - uint32_t * RK; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - if (keybits == 128) - { - ctx->nr = 10; - memcpy(ctx->buf, key, 16); - return 0; - } - - switch (keybits) - { - case 128: - ctx->nr = 10; - break; - case 192: - ctx->nr = 12; - break; - case 256: - ctx->nr = 14; - break; - default: - return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); - } - -#if !defined(MBEDTLS_AES_ROM_TABLES) - if (aes_init_done == 0) - { - aes_gen_tables(); - aes_init_done = 1; - } -#endif - -#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) - if (aes_padlock_ace == -1) - aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); - - if (aes_padlock_ace) - ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf); - else -#endif - ctx->rk = RK = ctx->buf; - -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) - return (mbedtls_aesni_setkey_enc((unsigned char *) ctx->rk, key, keybits)); -#endif - - for (i = 0; i < (keybits >> 5); i++) - { - GET_UINT32_LE(RK[i], key, i << 2); - } - - switch (ctx->nr) - { - case 10: - - for (i = 0; i < 10; i++, RK += 4) - { - RK[4] = RK[0] ^ RCON[i] ^ ((uint32_t) FSb[(RK[3] >> 8) & 0xFF]) ^ ((uint32_t) FSb[(RK[3] >> 16) & 0xFF] << 8) ^ - ((uint32_t) FSb[(RK[3] >> 24) & 0xFF] << 16) ^ ((uint32_t) FSb[(RK[3]) & 0xFF] << 24); - - RK[5] = RK[1] ^ RK[4]; - RK[6] = RK[2] ^ RK[5]; - RK[7] = RK[3] ^ RK[6]; - } - break; - - case 12: - - for (i = 0; i < 8; i++, RK += 6) - { - RK[6] = RK[0] ^ RCON[i] ^ ((uint32_t) FSb[(RK[5] >> 8) & 0xFF]) ^ ((uint32_t) FSb[(RK[5] >> 16) & 0xFF] << 8) ^ - ((uint32_t) FSb[(RK[5] >> 24) & 0xFF] << 16) ^ ((uint32_t) FSb[(RK[5]) & 0xFF] << 24); - - RK[7] = RK[1] ^ RK[6]; - RK[8] = RK[2] ^ RK[7]; - RK[9] = RK[3] ^ RK[8]; - RK[10] = RK[4] ^ RK[9]; - RK[11] = RK[5] ^ RK[10]; - } - break; - - case 14: - - for (i = 0; i < 7; i++, RK += 8) - { - RK[8] = RK[0] ^ RCON[i] ^ ((uint32_t) FSb[(RK[7] >> 8) & 0xFF]) ^ ((uint32_t) FSb[(RK[7] >> 16) & 0xFF] << 8) ^ - ((uint32_t) FSb[(RK[7] >> 24) & 0xFF] << 16) ^ ((uint32_t) FSb[(RK[7]) & 0xFF] << 24); - - RK[9] = RK[1] ^ RK[8]; - RK[10] = RK[2] ^ RK[9]; - RK[11] = RK[3] ^ RK[10]; - - RK[12] = RK[4] ^ ((uint32_t) FSb[(RK[11]) & 0xFF]) ^ ((uint32_t) FSb[(RK[11] >> 8) & 0xFF] << 8) ^ - ((uint32_t) FSb[(RK[11] >> 16) & 0xFF] << 16) ^ ((uint32_t) FSb[(RK[11] >> 24) & 0xFF] << 24); - - RK[13] = RK[5] ^ RK[12]; - RK[14] = RK[6] ^ RK[13]; - RK[15] = RK[7] ^ RK[14]; - } - break; - } - - return (0); -} -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ - -/* - * AES key schedule (decryption) - */ -#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) -int mbedtls_aes_setkey_dec(mbedtls_aes_context * ctx, const unsigned char * key, unsigned int keybits) -{ - int i, j, ret; - mbedtls_aes_context cty; - uint32_t * RK; - uint32_t * SK; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - if (keybits == 128) - { - ctx->nr = 10; - memcpy(ctx->buf, key, 16); - return 0; - } - - mbedtls_aes_init(&cty); - -#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) - if (aes_padlock_ace == -1) - aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); - - if (aes_padlock_ace) - ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf); - else -#endif - ctx->rk = RK = ctx->buf; - - /* Also checks keybits */ - if ((ret = mbedtls_aes_setkey_enc(&cty, key, keybits)) != 0) - goto exit; - - ctx->nr = cty.nr; - -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) - { - mbedtls_aesni_inverse_key((unsigned char *) ctx->rk, (const unsigned char *) cty.rk, ctx->nr); - goto exit; - } -#endif - - SK = cty.rk + cty.nr * 4; - - *RK++ = *SK++; - *RK++ = *SK++; - *RK++ = *SK++; - *RK++ = *SK++; - - for (i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8) - { - for (j = 0; j < 4; j++, SK++) - { - *RK++ = AES_RT0(FSb[(*SK) & 0xFF]) ^ AES_RT1(FSb[(*SK >> 8) & 0xFF]) ^ AES_RT2(FSb[(*SK >> 16) & 0xFF]) ^ - AES_RT3(FSb[(*SK >> 24) & 0xFF]); - } - } - - *RK++ = *SK++; - *RK++ = *SK++; - *RK++ = *SK++; - *RK++ = *SK++; - -exit: - mbedtls_aes_free(&cty); - - return (ret); -} -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -static int mbedtls_aes_xts_decode_keys(const unsigned char * key, unsigned int keybits, const unsigned char ** key1, - unsigned int * key1bits, const unsigned char ** key2, unsigned int * key2bits) -{ - const unsigned int half_keybits = keybits / 2; - const unsigned int half_keybytes = half_keybits / 8; - - switch (keybits) - { - case 256: - break; - case 512: - break; - default: - return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); - } - - *key1bits = half_keybits; - *key2bits = half_keybits; - *key1 = &key[0]; - *key2 = &key[half_keybytes]; - - return 0; -} - -int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context * ctx, const unsigned char * key, unsigned int keybits) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, &key2, &key2bits); - if (ret != 0) - return (ret); - - /* Set the tweak key. Always set tweak key for the encryption mode. */ - ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); - if (ret != 0) - return (ret); - - /* Set crypt key for encryption. */ - return mbedtls_aes_setkey_enc(&ctx->crypt, key1, key1bits); -} - -int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context * ctx, const unsigned char * key, unsigned int keybits) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, &key2, &key2bits); - if (ret != 0) - return (ret); - - /* Set the tweak key. Always set tweak key for encryption. */ - ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); - if (ret != 0) - return (ret); - - /* Set crypt key for decryption. */ - return mbedtls_aes_setkey_dec(&ctx->crypt, key1, key1bits); -} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#define AES_FROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ - do \ - { \ - (X0) = *RK++ ^ AES_FT0(((Y0)) & 0xFF) ^ AES_FT1(((Y1) >> 8) & 0xFF) ^ AES_FT2(((Y2) >> 16) & 0xFF) ^ \ - AES_FT3(((Y3) >> 24) & 0xFF); \ - \ - (X1) = *RK++ ^ AES_FT0(((Y1)) & 0xFF) ^ AES_FT1(((Y2) >> 8) & 0xFF) ^ AES_FT2(((Y3) >> 16) & 0xFF) ^ \ - AES_FT3(((Y0) >> 24) & 0xFF); \ - \ - (X2) = *RK++ ^ AES_FT0(((Y2)) & 0xFF) ^ AES_FT1(((Y3) >> 8) & 0xFF) ^ AES_FT2(((Y0) >> 16) & 0xFF) ^ \ - AES_FT3(((Y1) >> 24) & 0xFF); \ - \ - (X3) = *RK++ ^ AES_FT0(((Y3)) & 0xFF) ^ AES_FT1(((Y0) >> 8) & 0xFF) ^ AES_FT2(((Y1) >> 16) & 0xFF) ^ \ - AES_FT3(((Y2) >> 24) & 0xFF); \ - } while (0) - -#define AES_RROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3) \ - do \ - { \ - (X0) = *RK++ ^ AES_RT0(((Y0)) & 0xFF) ^ AES_RT1(((Y3) >> 8) & 0xFF) ^ AES_RT2(((Y2) >> 16) & 0xFF) ^ \ - AES_RT3(((Y1) >> 24) & 0xFF); \ - \ - (X1) = *RK++ ^ AES_RT0(((Y1)) & 0xFF) ^ AES_RT1(((Y0) >> 8) & 0xFF) ^ AES_RT2(((Y3) >> 16) & 0xFF) ^ \ - AES_RT3(((Y2) >> 24) & 0xFF); \ - \ - (X2) = *RK++ ^ AES_RT0(((Y2)) & 0xFF) ^ AES_RT1(((Y1) >> 8) & 0xFF) ^ AES_RT2(((Y0) >> 16) & 0xFF) ^ \ - AES_RT3(((Y3) >> 24) & 0xFF); \ - \ - (X3) = *RK++ ^ AES_RT0(((Y3)) & 0xFF) ^ AES_RT1(((Y2) >> 8) & 0xFF) ^ AES_RT2(((Y1) >> 16) & 0xFF) ^ \ - AES_RT3(((Y0) >> 24) & 0xFF); \ - } while (0) - -/* - * AES-ECB block encryption - */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) -int mbedtls_internal_aes_encrypt(mbedtls_aes_context * ctx, const unsigned char input[16], unsigned char output[16]) -{ - if (ctx->nr == 10) - { - mbedtls_aes_lock(); - (void) aes_encrypt((unsigned char *) ctx->buf, (unsigned char *) input, output); - mbedtls_aes_unlock(); - return 0; - } - - int i; - uint32_t * RK = ctx->rk; - struct - { - uint32_t X[4]; - uint32_t Y[4]; - } t; - - GET_UINT32_LE(t.X[0], input, 0); - t.X[0] ^= *RK++; - GET_UINT32_LE(t.X[1], input, 4); - t.X[1] ^= *RK++; - GET_UINT32_LE(t.X[2], input, 8); - t.X[2] ^= *RK++; - GET_UINT32_LE(t.X[3], input, 12); - t.X[3] ^= *RK++; - - for (i = (ctx->nr >> 1) - 1; i > 0; i--) - { - AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); - AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); - } - - AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); - - t.X[0] = *RK++ ^ ((uint32_t) FSb[(t.Y[0]) & 0xFF]) ^ ((uint32_t) FSb[(t.Y[1] >> 8) & 0xFF] << 8) ^ - ((uint32_t) FSb[(t.Y[2] >> 16) & 0xFF] << 16) ^ ((uint32_t) FSb[(t.Y[3] >> 24) & 0xFF] << 24); - - t.X[1] = *RK++ ^ ((uint32_t) FSb[(t.Y[1]) & 0xFF]) ^ ((uint32_t) FSb[(t.Y[2] >> 8) & 0xFF] << 8) ^ - ((uint32_t) FSb[(t.Y[3] >> 16) & 0xFF] << 16) ^ ((uint32_t) FSb[(t.Y[0] >> 24) & 0xFF] << 24); - - t.X[2] = *RK++ ^ ((uint32_t) FSb[(t.Y[2]) & 0xFF]) ^ ((uint32_t) FSb[(t.Y[3] >> 8) & 0xFF] << 8) ^ - ((uint32_t) FSb[(t.Y[0] >> 16) & 0xFF] << 16) ^ ((uint32_t) FSb[(t.Y[1] >> 24) & 0xFF] << 24); - - t.X[3] = *RK++ ^ ((uint32_t) FSb[(t.Y[3]) & 0xFF]) ^ ((uint32_t) FSb[(t.Y[0] >> 8) & 0xFF] << 8) ^ - ((uint32_t) FSb[(t.Y[1] >> 16) & 0xFF] << 16) ^ ((uint32_t) FSb[(t.Y[2] >> 24) & 0xFF] << 24); - - PUT_UINT32_LE(t.X[0], output, 0); - PUT_UINT32_LE(t.X[1], output, 4); - PUT_UINT32_LE(t.X[2], output, 8); - PUT_UINT32_LE(t.X[3], output, 12); - - mbedtls_platform_zeroize(&t, sizeof(t)); - - return (0); -} -#endif /* !MBEDTLS_AES_ENCRYPT_ALT */ - -/* - * AES-ECB block decryption - */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) -int mbedtls_internal_aes_decrypt(mbedtls_aes_context * ctx, const unsigned char input[16], unsigned char output[16]) -{ - if (ctx->nr == 10) - { - mbedtls_aes_lock(); - (void) aes_decrypt((unsigned char *) ctx->buf, (unsigned char *) input, output); - mbedtls_aes_unlock(); - return 0; - } - - int i; - uint32_t * RK = ctx->rk; - struct - { - uint32_t X[4]; - uint32_t Y[4]; - } t; - - GET_UINT32_LE(t.X[0], input, 0); - t.X[0] ^= *RK++; - GET_UINT32_LE(t.X[1], input, 4); - t.X[1] ^= *RK++; - GET_UINT32_LE(t.X[2], input, 8); - t.X[2] ^= *RK++; - GET_UINT32_LE(t.X[3], input, 12); - t.X[3] ^= *RK++; - - for (i = (ctx->nr >> 1) - 1; i > 0; i--) - { - AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); - AES_RROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); - } - - AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); - - t.X[0] = *RK++ ^ ((uint32_t) RSb[(t.Y[0]) & 0xFF]) ^ ((uint32_t) RSb[(t.Y[3] >> 8) & 0xFF] << 8) ^ - ((uint32_t) RSb[(t.Y[2] >> 16) & 0xFF] << 16) ^ ((uint32_t) RSb[(t.Y[1] >> 24) & 0xFF] << 24); - - t.X[1] = *RK++ ^ ((uint32_t) RSb[(t.Y[1]) & 0xFF]) ^ ((uint32_t) RSb[(t.Y[0] >> 8) & 0xFF] << 8) ^ - ((uint32_t) RSb[(t.Y[3] >> 16) & 0xFF] << 16) ^ ((uint32_t) RSb[(t.Y[2] >> 24) & 0xFF] << 24); - - t.X[2] = *RK++ ^ ((uint32_t) RSb[(t.Y[2]) & 0xFF]) ^ ((uint32_t) RSb[(t.Y[1] >> 8) & 0xFF] << 8) ^ - ((uint32_t) RSb[(t.Y[0] >> 16) & 0xFF] << 16) ^ ((uint32_t) RSb[(t.Y[3] >> 24) & 0xFF] << 24); - - t.X[3] = *RK++ ^ ((uint32_t) RSb[(t.Y[3]) & 0xFF]) ^ ((uint32_t) RSb[(t.Y[2] >> 8) & 0xFF] << 8) ^ - ((uint32_t) RSb[(t.Y[1] >> 16) & 0xFF] << 16) ^ ((uint32_t) RSb[(t.Y[0] >> 24) & 0xFF] << 24); - - PUT_UINT32_LE(t.X[0], output, 0); - PUT_UINT32_LE(t.X[1], output, 4); - PUT_UINT32_LE(t.X[2], output, 8); - PUT_UINT32_LE(t.X[3], output, 12); - - mbedtls_platform_zeroize(&t, sizeof(t)); - - return (0); -} -#endif /* !MBEDTLS_AES_DECRYPT_ALT */ - -/* - * AES-ECB block encryption/decryption - */ -int mbedtls_aes_crypt_ecb(mbedtls_aes_context * ctx, int mode, const unsigned char input[16], unsigned char output[16]) -{ - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || mode == MBEDTLS_AES_DECRYPT); - -#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) - return (mbedtls_aesni_crypt_ecb(ctx, mode, input, output)); -#endif - -#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) - if (aes_padlock_ace > 0) - { - if (mbedtls_padlock_xcryptecb(ctx, mode, input, output) == 0) - return (0); - - // If padlock data misaligned, we just fall back to - // unaccelerated mode - // - } -#endif - - if (mode == MBEDTLS_AES_ENCRYPT) - return (mbedtls_internal_aes_encrypt(ctx, input, output)); - else - return (mbedtls_internal_aes_decrypt(ctx, input, output)); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/* - * AES-CBC buffer encryption/decryption - */ -int mbedtls_aes_crypt_cbc(mbedtls_aes_context * ctx, int mode, size_t length, unsigned char iv[16], const unsigned char * input, - unsigned char * output) -{ - int i; - unsigned char temp[16]; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - if (length % 16) - return (MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH); - -#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) - if (aes_padlock_ace > 0) - { - if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) - return (0); - - // If padlock data misaligned, we just fall back to - // unaccelerated mode - // - } -#endif - - if (mode == MBEDTLS_AES_DECRYPT) - { - while (length > 0) - { - memcpy(temp, input, 16); - mbedtls_aes_crypt_ecb(ctx, mode, input, output); - - for (i = 0; i < 16; i++) - output[i] = (unsigned char) (output[i] ^ iv[i]); - - memcpy(iv, temp, 16); - - input += 16; - output += 16; - length -= 16; - } - } - else - { - while (length > 0) - { - for (i = 0; i < 16; i++) - output[i] = (unsigned char) (input[i] ^ iv[i]); - - mbedtls_aes_crypt_ecb(ctx, mode, output, output); - memcpy(iv, output, 16); - - input += 16; - output += 16; - length -= 16; - } - } - - return (0); -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) - -/* Endianess with 64 bits values */ -#ifndef GET_UINT64_LE -#define GET_UINT64_LE(n, b, i) \ - { \ - (n) = ((uint64_t)(b)[(i) + 7] << 56) | ((uint64_t)(b)[(i) + 6] << 48) | ((uint64_t)(b)[(i) + 5] << 40) | \ - ((uint64_t)(b)[(i) + 4] << 32) | ((uint64_t)(b)[(i) + 3] << 24) | ((uint64_t)(b)[(i) + 2] << 16) | \ - ((uint64_t)(b)[(i) + 1] << 8) | ((uint64_t)(b)[(i)]); \ - } -#endif - -#ifndef PUT_UINT64_LE -#define PUT_UINT64_LE(n, b, i) \ - { \ - (b)[(i) + 7] = (unsigned char) ((n) >> 56); \ - (b)[(i) + 6] = (unsigned char) ((n) >> 48); \ - (b)[(i) + 5] = (unsigned char) ((n) >> 40); \ - (b)[(i) + 4] = (unsigned char) ((n) >> 32); \ - (b)[(i) + 3] = (unsigned char) ((n) >> 24); \ - (b)[(i) + 2] = (unsigned char) ((n) >> 16); \ - (b)[(i) + 1] = (unsigned char) ((n) >> 8); \ - (b)[(i)] = (unsigned char) ((n)); \ - } -#endif - -typedef unsigned char mbedtls_be128[16]; - -/* - * GF(2^128) multiplication function - * - * This function multiplies a field element by x in the polynomial field - * representation. It uses 64-bit word operations to gain speed but compensates - * for machine endianess and hence works correctly on both big and little - * endian machines. - */ -static void mbedtls_gf128mul_x_ble(unsigned char r[16], const unsigned char x[16]) -{ - uint64_t a, b, ra, rb; - - GET_UINT64_LE(a, x, 0); - GET_UINT64_LE(b, x, 8); - - ra = (a << 1) ^ 0x0087 >> (8 - ((b >> 63) << 3)); - rb = (a >> 63) | (b << 1); - - PUT_UINT64_LE(ra, r, 0); - PUT_UINT64_LE(rb, r, 8); -} - -/* - * AES-XTS buffer encryption/decryption - */ -int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context * ctx, int mode, size_t length, const unsigned char data_unit[16], - const unsigned char * input, unsigned char * output) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t blocks = length / 16; - size_t leftover = length % 16; - unsigned char tweak[16]; - unsigned char prev_tweak[16]; - unsigned char tmp[16]; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(data_unit != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - /* Data units must be at least 16 bytes long. */ - if (length < 16) - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - - /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */ - if (length > (1 << 20) * 16) - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - - /* Compute the tweak. */ - ret = mbedtls_aes_crypt_ecb(&ctx->tweak, MBEDTLS_AES_ENCRYPT, data_unit, tweak); - if (ret != 0) - return (ret); - - while (blocks--) - { - size_t i; - - if (leftover && (mode == MBEDTLS_AES_DECRYPT) && blocks == 0) - { - /* We are on the last block in a decrypt operation that has - * leftover bytes, so we need to use the next tweak for this block, - * and this tweak for the lefover bytes. Save the current tweak for - * the leftovers and then update the current tweak for use on this, - * the last full block. */ - memcpy(prev_tweak, tweak, sizeof(tweak)); - mbedtls_gf128mul_x_ble(tweak, tweak); - } - - for (i = 0; i < 16; i++) - tmp[i] = input[i] ^ tweak[i]; - - ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); - if (ret != 0) - return (ret); - - for (i = 0; i < 16; i++) - output[i] = tmp[i] ^ tweak[i]; - - /* Update the tweak for the next block. */ - mbedtls_gf128mul_x_ble(tweak, tweak); - - output += 16; - input += 16; - } - - if (leftover) - { - /* If we are on the leftover bytes in a decrypt operation, we need to - * use the previous tweak for these bytes (as saved in prev_tweak). */ - unsigned char * t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak; - - /* We are now on the final part of the data unit, which doesn't divide - * evenly by 16. It's time for ciphertext stealing. */ - size_t i; - unsigned char * prev_output = output - 16; - - /* Copy ciphertext bytes from the previous block to our output for each - * byte of cyphertext we won't steal. At the same time, copy the - * remainder of the input for this final round (since the loop bounds - * are the same). */ - for (i = 0; i < leftover; i++) - { - output[i] = prev_output[i]; - tmp[i] = input[i] ^ t[i]; - } - - /* Copy ciphertext bytes from the previous block for input in this - * round. */ - for (; i < 16; i++) - tmp[i] = prev_output[i] ^ t[i]; - - ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); - if (ret != 0) - return ret; - - /* Write the result back to the previous block, overriding the previous - * output we copied. */ - for (i = 0; i < 16; i++) - prev_output[i] = tmp[i] ^ t[i]; - } - - return (0); -} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/* - * AES-CFB128 buffer encryption/decryption - */ -int mbedtls_aes_crypt_cfb128(mbedtls_aes_context * ctx, int mode, size_t length, size_t * iv_off, unsigned char iv[16], - const unsigned char * input, unsigned char * output) -{ - int c; - size_t n; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(iv_off != NULL); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - n = *iv_off; - - if (n > 15) - return (MBEDTLS_ERR_AES_BAD_INPUT_DATA); - - if (mode == MBEDTLS_AES_DECRYPT) - { - while (length--) - { - if (n == 0) - mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); - - c = *input++; - *output++ = (unsigned char) (c ^ iv[n]); - iv[n] = (unsigned char) c; - - n = (n + 1) & 0x0F; - } - } - else - { - while (length--) - { - if (n == 0) - mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); - - iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++); - - n = (n + 1) & 0x0F; - } - } - - *iv_off = n; - - return (0); -} - -/* - * AES-CFB8 buffer encryption/decryption - */ -int mbedtls_aes_crypt_cfb8(mbedtls_aes_context * ctx, int mode, size_t length, unsigned char iv[16], const unsigned char * input, - unsigned char * output) -{ - unsigned char c; - unsigned char ov[17]; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - while (length--) - { - memcpy(ov, iv, 16); - mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); - - if (mode == MBEDTLS_AES_DECRYPT) - ov[16] = *input; - - c = *output++ = (unsigned char) (iv[0] ^ *input++); - - if (mode == MBEDTLS_AES_ENCRYPT) - ov[16] = c; - - memcpy(iv, ov + 1, 16); - } - - return (0); -} -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -/* - * AES-OFB (Output Feedback Mode) buffer encryption/decryption - */ -int mbedtls_aes_crypt_ofb(mbedtls_aes_context * ctx, size_t length, size_t * iv_off, unsigned char iv[16], - const unsigned char * input, unsigned char * output) -{ - int ret = 0; - size_t n; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(iv_off != NULL); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - n = *iv_off; - - if (n > 15) - return (MBEDTLS_ERR_AES_BAD_INPUT_DATA); - - while (length--) - { - if (n == 0) - { - ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); - if (ret != 0) - goto exit; - } - *output++ = *input++ ^ iv[n]; - - n = (n + 1) & 0x0F; - } - - *iv_off = n; - -exit: - return (ret); -} -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/* - * AES-CTR buffer encryption/decryption - */ -int mbedtls_aes_crypt_ctr(mbedtls_aes_context * ctx, size_t length, size_t * nc_off, unsigned char nonce_counter[16], - unsigned char stream_block[16], const unsigned char * input, unsigned char * output) -{ - int c, i; - size_t n; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(nc_off != NULL); - AES_VALIDATE_RET(nonce_counter != NULL); - AES_VALIDATE_RET(stream_block != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - n = *nc_off; - - if (n > 0x0F) - return (MBEDTLS_ERR_AES_BAD_INPUT_DATA); - - while (length--) - { - if (n == 0) - { - mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block); - - for (i = 16; i > 0; i--) - if (++nonce_counter[i - 1] != 0) - break; - } - c = *input++; - *output++ = (unsigned char) (c ^ stream_block[n]); - - n = (n + 1) & 0x0F; - } - - *nc_off = n; - - return (0); -} -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -#endif /* MBEDTLS_AES_ALT */ - -#if 0 /* use (MBEDTLS_SELF_TEST) from library */ -/* - * AES test vectors from: - * - * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip - */ -static const unsigned char aes_test_ecb_dec[3][16] = -{ - { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, - 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 }, - { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2, - 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 }, - { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D, - 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE } -}; - -static const unsigned char aes_test_ecb_enc[3][16] = -{ - { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73, - 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F }, - { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11, - 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 }, - { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D, - 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 } -}; - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -static const unsigned char aes_test_cbc_dec[3][16] = -{ - { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, - 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 }, - { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75, - 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B }, - { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75, - 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 } -}; - -static const unsigned char aes_test_cbc_enc[3][16] = -{ - { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84, - 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D }, - { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB, - 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 }, - { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, - 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 } -}; -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/* - * AES-CFB128 test vectors from: - * - * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf - */ -static const unsigned char aes_test_cfb128_key[3][32] = -{ - { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, - { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, - { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } -}; - -static const unsigned char aes_test_cfb128_iv[16] = -{ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F -}; - -static const unsigned char aes_test_cfb128_pt[64] = -{ - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, - 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, - 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, - 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, - 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF, - 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, - 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 -}; - -static const unsigned char aes_test_cfb128_ct[3][64] = -{ - { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, - 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, - 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F, - 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B, - 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40, - 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF, - 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E, - 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 }, - { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, - 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, - 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21, - 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A, - 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1, - 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9, - 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0, - 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF }, - { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, - 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, - 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8, - 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B, - 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92, - 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9, - 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8, - 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 } -}; -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -/* - * AES-OFB test vectors from: - * - * https://csrc.nist.gov/publications/detail/sp/800-38a/final - */ -static const unsigned char aes_test_ofb_key[3][32] = -{ - { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, - { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, - { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } -}; - -static const unsigned char aes_test_ofb_iv[16] = -{ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F -}; - -static const unsigned char aes_test_ofb_pt[64] = -{ - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, - 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, - 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, - 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, - 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF, - 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, - 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 -}; - -static const unsigned char aes_test_ofb_ct[3][64] = -{ - { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, - 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, - 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, - 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25, - 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6, - 0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc, - 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78, - 0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e }, - { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, - 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, - 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, - 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01, - 0x8d, 0x9a, 0x9a, 0xea, 0xc0, 0xf6, 0x59, 0x6f, - 0x55, 0x9c, 0x6d, 0x4d, 0xaf, 0x59, 0xa5, 0xf2, - 0x6d, 0x9f, 0x20, 0x08, 0x57, 0xca, 0x6c, 0x3e, - 0x9c, 0xac, 0x52, 0x4b, 0xd9, 0xac, 0xc9, 0x2a }, - { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, - 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, - 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, - 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d, - 0x71, 0xab, 0x47, 0xa0, 0x86, 0xe8, 0x6e, 0xed, - 0xf3, 0x9d, 0x1c, 0x5b, 0xba, 0x97, 0xc4, 0x08, - 0x01, 0x26, 0x14, 0x1d, 0x67, 0xf3, 0x7b, 0xe8, - 0x53, 0x8f, 0x5a, 0x8b, 0xe7, 0x40, 0xe4, 0x84 } -}; -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/* - * AES-CTR test vectors from: - * - * http://www.faqs.org/rfcs/rfc3686.html - */ - -static const unsigned char aes_test_ctr_key[3][16] = -{ - { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, - 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, - { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, - 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, - { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, - 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } -}; - -static const unsigned char aes_test_ctr_nonce_counter[3][16] = -{ - { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, - 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, - { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, - 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } -}; - -static const unsigned char aes_test_ctr_pt[3][48] = -{ - { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, - 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, - - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, - - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, - 0x20, 0x21, 0x22, 0x23 } -}; - -static const unsigned char aes_test_ctr_ct[3][48] = -{ - { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79, - 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 }, - { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9, - 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88, - 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8, - 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 }, - { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9, - 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7, - 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36, - 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53, - 0x25, 0xB2, 0x07, 0x2F } -}; - -static const int aes_test_ctr_len[3] = - { 16, 32, 36 }; -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/* - * AES-XTS test vectors from: - * - * IEEE P1619/D16 Annex B - * https://web.archive.org/web/20150629024421/http://grouper.ieee.org/groups/1619/email/pdf00086.pdf - * (Archived from original at http://grouper.ieee.org/groups/1619/email/pdf00086.pdf) - */ -static const unsigned char aes_test_xts_key[][32] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, -}; - -static const unsigned char aes_test_xts_pt32[][32] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, -}; - -static const unsigned char aes_test_xts_ct32[][32] = -{ - { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, - 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, - 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, - 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, - { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, - 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, - 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, - 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, - { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a, - 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2, - 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53, - 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 }, -}; - -static const unsigned char aes_test_xts_data_unit[][16] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, -}; - -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/* - * Checkup routine - */ -int mbedtls_aes_self_test( int verbose ) -{ - int ret = 0, i, j, u, mode; - unsigned int keybits; - unsigned char key[32]; - unsigned char buf[64]; - const unsigned char *aes_tests; -#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) - unsigned char iv[16]; -#endif -#if defined(MBEDTLS_CIPHER_MODE_CBC) - unsigned char prv[16]; -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_OFB) - size_t offset; -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_XTS) - int len; -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - unsigned char nonce_counter[16]; - unsigned char stream_block[16]; -#endif - mbedtls_aes_context ctx; - - memset( key, 0, 32 ); - mbedtls_aes_init( &ctx ); - - /* - * ECB mode - */ - for( i = 0; i < 6; i++ ) - { - u = i >> 1; - keybits = 128 + u * 64; - mode = i & 1; - - if( verbose != 0 ) - mbedtls_printf( " AES-ECB-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - - memset( buf, 0, 16 ); - - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); - aes_tests = aes_test_ecb_dec[u]; - } - else - { - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); - aes_tests = aes_test_ecb_enc[u]; - } - - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. - */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); - continue; - } - else if( ret != 0 ) - { - goto exit; - } - - for( j = 0; j < 10000; j++ ) - { - ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf ); - if( ret != 0 ) - goto exit; - } - - if( memcmp( buf, aes_tests, 16 ) != 0 ) - { - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - /* - * CBC mode - */ - for( i = 0; i < 6; i++ ) - { - u = i >> 1; - keybits = 128 + u * 64; - mode = i & 1; - - if( verbose != 0 ) - mbedtls_printf( " AES-CBC-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - - memset( iv , 0, 16 ); - memset( prv, 0, 16 ); - memset( buf, 0, 16 ); - - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); - aes_tests = aes_test_cbc_dec[u]; - } - else - { - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); - aes_tests = aes_test_cbc_enc[u]; - } - - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. - */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); - continue; - } - else if( ret != 0 ) - { - goto exit; - } - - for( j = 0; j < 10000; j++ ) - { - if( mode == MBEDTLS_AES_ENCRYPT ) - { - unsigned char tmp[16]; - - memcpy( tmp, prv, 16 ); - memcpy( prv, buf, 16 ); - memcpy( buf, tmp, 16 ); - } - - ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf ); - if( ret != 0 ) - goto exit; - - } - - if( memcmp( buf, aes_tests, 16 ) != 0 ) - { - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) - /* - * CFB128 mode - */ - for( i = 0; i < 6; i++ ) - { - u = i >> 1; - keybits = 128 + u * 64; - mode = i & 1; - - if( verbose != 0 ) - mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - - memcpy( iv, aes_test_cfb128_iv, 16 ); - memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); - - offset = 0; - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. - */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); - continue; - } - else if( ret != 0 ) - { - goto exit; - } - - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_cfb128_ct[u], 64 ); - aes_tests = aes_test_cfb128_pt; - } - else - { - memcpy( buf, aes_test_cfb128_pt, 64 ); - aes_tests = aes_test_cfb128_ct[u]; - } - - ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf ); - if( ret != 0 ) - goto exit; - - if( memcmp( buf, aes_tests, 64 ) != 0 ) - { - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) - /* - * OFB mode - */ - for( i = 0; i < 6; i++ ) - { - u = i >> 1; - keybits = 128 + u * 64; - mode = i & 1; - - if( verbose != 0 ) - mbedtls_printf( " AES-OFB-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - - memcpy( iv, aes_test_ofb_iv, 16 ); - memcpy( key, aes_test_ofb_key[u], keybits / 8 ); - - offset = 0; - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e. when - * MBEDTLS_AES_ALT is defined. - */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); - continue; - } - else if( ret != 0 ) - { - goto exit; - } - - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_ofb_ct[u], 64 ); - aes_tests = aes_test_ofb_pt; - } - else - { - memcpy( buf, aes_test_ofb_pt, 64 ); - aes_tests = aes_test_ofb_ct[u]; - } - - ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf ); - if( ret != 0 ) - goto exit; - - if( memcmp( buf, aes_tests, 64 ) != 0 ) - { - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) - /* - * CTR mode - */ - for( i = 0; i < 6; i++ ) - { - u = i >> 1; - mode = i & 1; - - if( verbose != 0 ) - mbedtls_printf( " AES-CTR-128 (%s): ", - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - - memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); - memcpy( key, aes_test_ctr_key[u], 16 ); - - offset = 0; - if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 ) - goto exit; - - len = aes_test_ctr_len[u]; - - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_ctr_ct[u], len ); - aes_tests = aes_test_ctr_pt[u]; - } - else - { - memcpy( buf, aes_test_ctr_pt[u], len ); - aes_tests = aes_test_ctr_ct[u]; - } - - ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, - stream_block, buf, buf ); - if( ret != 0 ) - goto exit; - - if( memcmp( buf, aes_tests, len ) != 0 ) - { - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) - { - static const int num_tests = - sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key); - mbedtls_aes_xts_context ctx_xts; - - /* - * XTS mode - */ - mbedtls_aes_xts_init( &ctx_xts ); - - for( i = 0; i < num_tests << 1; i++ ) - { - const unsigned char *data_unit; - u = i >> 1; - mode = i & 1; - - if( verbose != 0 ) - mbedtls_printf( " AES-XTS-128 (%s): ", - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - - memset( key, 0, sizeof( key ) ); - memcpy( key, aes_test_xts_key[u], 32 ); - data_unit = aes_test_xts_data_unit[u]; - - len = sizeof( *aes_test_xts_ct32 ); - - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_xts_setkey_dec( &ctx_xts, key, 256 ); - if( ret != 0) - goto exit; - memcpy( buf, aes_test_xts_ct32[u], len ); - aes_tests = aes_test_xts_pt32[u]; - } - else - { - ret = mbedtls_aes_xts_setkey_enc( &ctx_xts, key, 256 ); - if( ret != 0) - goto exit; - memcpy( buf, aes_test_xts_pt32[u], len ); - aes_tests = aes_test_xts_ct32[u]; - } - - - ret = mbedtls_aes_crypt_xts( &ctx_xts, mode, len, data_unit, - buf, buf ); - if( ret != 0 ) - goto exit; - - if( memcmp( buf, aes_tests, len ) != 0 ) - { - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - mbedtls_aes_xts_free( &ctx_xts ); - } -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - - ret = 0; - -exit: - if( ret != 0 && verbose != 0 ) - mbedtls_printf( "failed\n" ); - - mbedtls_aes_free( &ctx ); - - return( ret ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_AES_C */ diff --git a/src/platform/telink/crypto/internal/compatibility/aesni.h b/src/platform/telink/crypto/internal/compatibility/aesni.h deleted file mode 100644 index c53ff3f02783e3..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/aesni.h +++ /dev/null @@ -1,121 +0,0 @@ -/** - * \file aesni.h - * - * \brief AES-NI for hardware AES acceleration on some Intel processors - * - * \warning These functions are only for internal use by other library - * functions; you must not call them directly. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_AESNI_H -#define MBEDTLS_AESNI_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/aes.h" - -#define MBEDTLS_AESNI_AES 0x02000000u -#define MBEDTLS_AESNI_CLMUL 0x00000002u - -#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)) && !defined(MBEDTLS_HAVE_X86_64) -#define MBEDTLS_HAVE_X86_64 -#endif - -#if defined(MBEDTLS_HAVE_X86_64) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Internal function to detect the AES-NI feature in CPUs. - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param what The feature to detect - * (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL) - * - * \return 1 if CPU has support for the feature, 0 otherwise - */ -int mbedtls_aesni_has_support(unsigned int what); - -/** - * \brief Internal AES-NI AES-ECB block encryption and decryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 on success (cannot fail) - */ -int mbedtls_aesni_crypt_ecb(mbedtls_aes_context * ctx, int mode, const unsigned char input[16], unsigned char output[16]); - -/** - * \brief Internal GCM multiplication: c = a * b in GF(2^128) - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param c Result - * \param a First operand - * \param b Second operand - * - * \note Both operands and result are bit strings interpreted as - * elements of GF(2^128) as per the GCM spec. - */ -void mbedtls_aesni_gcm_mult(unsigned char c[16], const unsigned char a[16], const unsigned char b[16]); - -/** - * \brief Internal round key inversion. This function computes - * decryption round keys from the encryption round keys. - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param invkey Round keys for the equivalent inverse cipher - * \param fwdkey Original round keys (for encryption) - * \param nr Number of rounds (that is, number of round keys minus one) - */ -void mbedtls_aesni_inverse_key(unsigned char * invkey, const unsigned char * fwdkey, int nr); - -/** - * \brief Internal key expansion for encryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param rk Destination buffer where the round keys are written - * \param key Encryption key - * \param bits Key size in bits (must be 128, 192 or 256) - * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH - */ -int mbedtls_aesni_setkey_enc(unsigned char * rk, const unsigned char * key, size_t bits); - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_HAVE_X86_64 */ - -#endif /* MBEDTLS_AESNI_H */ diff --git a/src/platform/telink/crypto/internal/compatibility/bn_mul.h b/src/platform/telink/crypto/internal/compatibility/bn_mul.h deleted file mode 100644 index 3de9f264cf8b74..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/bn_mul.h +++ /dev/null @@ -1,891 +0,0 @@ -/** - * \file bn_mul.h - * - * \brief Multi-precision integer library - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * Multiply source vector [s] with b, add result - * to destination vector [d] and set carry c. - * - * Currently supports: - * - * . IA-32 (386+) . AMD64 / EM64T - * . IA-32 (SSE2) . Motorola 68000 - * . PowerPC, 32-bit . MicroBlaze - * . PowerPC, 64-bit . TriCore - * . SPARC v8 . ARM v3+ - * . Alpha . MIPS32 - * . C, longlong . C, generic - */ -#ifndef MBEDTLS_BN_MUL_H -#define MBEDTLS_BN_MUL_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/bignum.h" - -/* - * Conversion macros for embedded constants: - * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2 - */ -#if defined(MBEDTLS_HAVE_INT32) - -#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) \ - ((mbedtls_mpi_uint)(a) << 0) | ((mbedtls_mpi_uint)(b) << 8) | ((mbedtls_mpi_uint)(c) << 16) | ((mbedtls_mpi_uint)(d) << 24) - -#define MBEDTLS_BYTES_TO_T_UINT_2(a, b) MBEDTLS_BYTES_TO_T_UINT_4(a, b, 0, 0) - -#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \ - MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d), MBEDTLS_BYTES_TO_T_UINT_4(e, f, g, h) - -#else /* 64-bits */ - -#define MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, e, f, g, h) \ - ((mbedtls_mpi_uint)(a) << 0) | ((mbedtls_mpi_uint)(b) << 8) | ((mbedtls_mpi_uint)(c) << 16) | ((mbedtls_mpi_uint)(d) << 24) | \ - ((mbedtls_mpi_uint)(e) << 32) | ((mbedtls_mpi_uint)(f) << 40) | ((mbedtls_mpi_uint)(g) << 48) | \ - ((mbedtls_mpi_uint)(h) << 56) - -#define MBEDTLS_BYTES_TO_T_UINT_4(a, b, c, d) MBEDTLS_BYTES_TO_T_UINT_8(a, b, c, d, 0, 0, 0, 0) - -#define MBEDTLS_BYTES_TO_T_UINT_2(a, b) MBEDTLS_BYTES_TO_T_UINT_8(a, b, 0, 0, 0, 0, 0, 0) - -#endif /* bits in mbedtls_mpi_uint */ - -#if defined(MBEDTLS_HAVE_ASM) - -#ifndef asm -#define asm __asm -#endif - -/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ -#if defined(__GNUC__) && (!defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000) - -/* - * Disable use of the i386 assembly code below if option -O0, to disable all - * compiler optimisations, is passed, detected with __OPTIMIZE__ - * This is done as the number of registers used in the assembly code doesn't - * work with the -O0 option. - */ -#if defined(__i386__) && defined(__OPTIMIZE__) - -#define MULADDC_INIT \ - asm( \ - "movl %%ebx, %0 \n\t" \ - "movl %5, %%esi \n\t" \ - "movl %6, %%edi \n\t" \ - "movl %7, %%ecx \n\t" \ - "movl %8, %%ebx \n\t" - -#define MULADDC_CORE \ - "lodsl \n\t" \ - "mull %%ebx \n\t" \ - "addl %%ecx, %%eax \n\t" \ - "adcl $0, %%edx \n\t" \ - "addl (%%edi), %%eax \n\t" \ - "adcl $0, %%edx \n\t" \ - "movl %%edx, %%ecx \n\t" \ - "stosl \n\t" - -#if defined(MBEDTLS_HAVE_SSE2) - -#define MULADDC_HUIT \ - "movd %%ecx, %%mm1 \n\t" \ - "movd %%ebx, %%mm0 \n\t" \ - "movd (%%edi), %%mm3 \n\t" \ - "paddq %%mm3, %%mm1 \n\t" \ - "movd (%%esi), %%mm2 \n\t" \ - "pmuludq %%mm0, %%mm2 \n\t" \ - "movd 4(%%esi), %%mm4 \n\t" \ - "pmuludq %%mm0, %%mm4 \n\t" \ - "movd 8(%%esi), %%mm6 \n\t" \ - "pmuludq %%mm0, %%mm6 \n\t" \ - "movd 12(%%esi), %%mm7 \n\t" \ - "pmuludq %%mm0, %%mm7 \n\t" \ - "paddq %%mm2, %%mm1 \n\t" \ - "movd 4(%%edi), %%mm3 \n\t" \ - "paddq %%mm4, %%mm3 \n\t" \ - "movd 8(%%edi), %%mm5 \n\t" \ - "paddq %%mm6, %%mm5 \n\t" \ - "movd 12(%%edi), %%mm4 \n\t" \ - "paddq %%mm4, %%mm7 \n\t" \ - "movd %%mm1, (%%edi) \n\t" \ - "movd 16(%%esi), %%mm2 \n\t" \ - "pmuludq %%mm0, %%mm2 \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "movd 20(%%esi), %%mm4 \n\t" \ - "pmuludq %%mm0, %%mm4 \n\t" \ - "paddq %%mm3, %%mm1 \n\t" \ - "movd 24(%%esi), %%mm6 \n\t" \ - "pmuludq %%mm0, %%mm6 \n\t" \ - "movd %%mm1, 4(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "movd 28(%%esi), %%mm3 \n\t" \ - "pmuludq %%mm0, %%mm3 \n\t" \ - "paddq %%mm5, %%mm1 \n\t" \ - "movd 16(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm2 \n\t" \ - "movd %%mm1, 8(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm7, %%mm1 \n\t" \ - "movd 20(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm4 \n\t" \ - "movd %%mm1, 12(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm2, %%mm1 \n\t" \ - "movd 24(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm6 \n\t" \ - "movd %%mm1, 16(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm4, %%mm1 \n\t" \ - "movd 28(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm3 \n\t" \ - "movd %%mm1, 20(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm6, %%mm1 \n\t" \ - "movd %%mm1, 24(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm3, %%mm1 \n\t" \ - "movd %%mm1, 28(%%edi) \n\t" \ - "addl $32, %%edi \n\t" \ - "addl $32, %%esi \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "movd %%mm1, %%ecx \n\t" - -#define MULADDC_STOP \ - "emms \n\t" \ - "movl %4, %%ebx \n\t" \ - "movl %%ecx, %1 \n\t" \ - "movl %%edi, %2 \n\t" \ - "movl %%esi, %3 \n\t" \ - : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ - : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ - : "eax", "ebx", "ecx", "edx", "esi", "edi" \ - ); - -#else - -#define MULADDC_STOP \ - "movl %4, %%ebx \n\t" \ - "movl %%ecx, %1 \n\t" \ - "movl %%edi, %2 \n\t" \ - "movl %%esi, %3 \n\t" \ - : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ - : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ - : "eax", "ebx", "ecx", "edx", "esi", "edi" \ - ); -#endif /* SSE2 */ -#endif /* i386 */ - -#if defined(__amd64__) || defined(__x86_64__) - -#define MULADDC_INIT \ - asm( \ - "xorq %%r8, %%r8\n" - -#define MULADDC_CORE \ - "movq (%%rsi), %%rax\n" \ - "mulq %%rbx\n" \ - "addq $8, %%rsi\n" \ - "addq %%rcx, %%rax\n" \ - "movq %%r8, %%rcx\n" \ - "adcq $0, %%rdx\n" \ - "nop \n" \ - "addq %%rax, (%%rdi)\n" \ - "adcq %%rdx, %%rcx\n" \ - "addq $8, %%rdi\n" - -#define MULADDC_STOP \ - : "+c" (c), "+D" (d), "+S" (s) \ - : "b" (b) \ - : "rax", "rdx", "r8" \ - ); - -#endif /* AMD64 */ - -#if defined(__aarch64__) - -#define MULADDC_INIT \ - asm( - -#define MULADDC_CORE \ - "ldr x4, [%2], #8 \n\t" \ - "ldr x5, [%1] \n\t" \ - "mul x6, x4, %3 \n\t" \ - "umulh x7, x4, %3 \n\t" \ - "adds x5, x5, x6 \n\t" \ - "adc x7, x7, xzr \n\t" \ - "adds x5, x5, %0 \n\t" \ - "adc %0, x7, xzr \n\t" \ - "str x5, [%1], #8 \n\t" - -#define MULADDC_STOP \ - : "+r" (c), "+r" (d), "+r" (s) \ - : "r" (b) \ - : "x4", "x5", "x6", "x7", "cc" \ - ); - -#endif /* Aarch64 */ - -#if defined(__mc68020__) || defined(__mcpu32__) - -#define MULADDC_INIT \ - asm( \ - "movl %3, %%a2 \n\t" \ - "movl %4, %%a3 \n\t" \ - "movl %5, %%d3 \n\t" \ - "movl %6, %%d2 \n\t" \ - "moveq #0, %%d0 \n\t" - -#define MULADDC_CORE \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "moveq #0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "addxl %%d4, %%d3 \n\t" - -#define MULADDC_STOP \ - "movl %%d3, %0 \n\t" \ - "movl %%a3, %1 \n\t" \ - "movl %%a2, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "d0", "d1", "d2", "d3", "d4", "a2", "a3" \ - ); - -#define MULADDC_HUIT \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "addxl %%d0, %%d3 \n\t" - -#endif /* MC68000 */ - -#if defined(__powerpc64__) || defined(__ppc64__) - -#if defined(__MACH__) && defined(__APPLE__) - -#define MULADDC_INIT \ - asm( \ - "ld r3, %3 \n\t" \ - "ld r4, %4 \n\t" \ - "ld r5, %5 \n\t" \ - "ld r6, %6 \n\t" \ - "addi r3, r3, -8 \n\t" \ - "addi r4, r4, -8 \n\t" \ - "addic r5, r5, 0 \n\t" - -#define MULADDC_CORE \ - "ldu r7, 8(r3) \n\t" \ - "mulld r8, r7, r6 \n\t" \ - "mulhdu r9, r7, r6 \n\t" \ - "adde r8, r8, r5 \n\t" \ - "ld r7, 8(r4) \n\t" \ - "addze r5, r9 \n\t" \ - "addc r8, r8, r7 \n\t" \ - "stdu r8, 8(r4) \n\t" - -#define MULADDC_STOP \ - "addze r5, r5 \n\t" \ - "addi r4, r4, 8 \n\t" \ - "addi r3, r3, 8 \n\t" \ - "std r5, %0 \n\t" \ - "std r4, %1 \n\t" \ - "std r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - -#else /* __MACH__ && __APPLE__ */ - -#define MULADDC_INIT \ - asm( \ - "ld %%r3, %3 \n\t" \ - "ld %%r4, %4 \n\t" \ - "ld %%r5, %5 \n\t" \ - "ld %%r6, %6 \n\t" \ - "addi %%r3, %%r3, -8 \n\t" \ - "addi %%r4, %%r4, -8 \n\t" \ - "addic %%r5, %%r5, 0 \n\t" - -#define MULADDC_CORE \ - "ldu %%r7, 8(%%r3) \n\t" \ - "mulld %%r8, %%r7, %%r6 \n\t" \ - "mulhdu %%r9, %%r7, %%r6 \n\t" \ - "adde %%r8, %%r8, %%r5 \n\t" \ - "ld %%r7, 8(%%r4) \n\t" \ - "addze %%r5, %%r9 \n\t" \ - "addc %%r8, %%r8, %%r7 \n\t" \ - "stdu %%r8, 8(%%r4) \n\t" - -#define MULADDC_STOP \ - "addze %%r5, %%r5 \n\t" \ - "addi %%r4, %%r4, 8 \n\t" \ - "addi %%r3, %%r3, 8 \n\t" \ - "std %%r5, %0 \n\t" \ - "std %%r4, %1 \n\t" \ - "std %%r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - -#endif /* __MACH__ && __APPLE__ */ - -#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */ - -#if defined(__MACH__) && defined(__APPLE__) - -#define MULADDC_INIT \ - asm( \ - "lwz r3, %3 \n\t" \ - "lwz r4, %4 \n\t" \ - "lwz r5, %5 \n\t" \ - "lwz r6, %6 \n\t" \ - "addi r3, r3, -4 \n\t" \ - "addi r4, r4, -4 \n\t" \ - "addic r5, r5, 0 \n\t" - -#define MULADDC_CORE \ - "lwzu r7, 4(r3) \n\t" \ - "mullw r8, r7, r6 \n\t" \ - "mulhwu r9, r7, r6 \n\t" \ - "adde r8, r8, r5 \n\t" \ - "lwz r7, 4(r4) \n\t" \ - "addze r5, r9 \n\t" \ - "addc r8, r8, r7 \n\t" \ - "stwu r8, 4(r4) \n\t" - -#define MULADDC_STOP \ - "addze r5, r5 \n\t" \ - "addi r4, r4, 4 \n\t" \ - "addi r3, r3, 4 \n\t" \ - "stw r5, %0 \n\t" \ - "stw r4, %1 \n\t" \ - "stw r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - -#else /* __MACH__ && __APPLE__ */ - -#define MULADDC_INIT \ - asm( \ - "lwz %%r3, %3 \n\t" \ - "lwz %%r4, %4 \n\t" \ - "lwz %%r5, %5 \n\t" \ - "lwz %%r6, %6 \n\t" \ - "addi %%r3, %%r3, -4 \n\t" \ - "addi %%r4, %%r4, -4 \n\t" \ - "addic %%r5, %%r5, 0 \n\t" - -#define MULADDC_CORE \ - "lwzu %%r7, 4(%%r3) \n\t" \ - "mullw %%r8, %%r7, %%r6 \n\t" \ - "mulhwu %%r9, %%r7, %%r6 \n\t" \ - "adde %%r8, %%r8, %%r5 \n\t" \ - "lwz %%r7, 4(%%r4) \n\t" \ - "addze %%r5, %%r9 \n\t" \ - "addc %%r8, %%r8, %%r7 \n\t" \ - "stwu %%r8, 4(%%r4) \n\t" - -#define MULADDC_STOP \ - "addze %%r5, %%r5 \n\t" \ - "addi %%r4, %%r4, 4 \n\t" \ - "addi %%r3, %%r3, 4 \n\t" \ - "stw %%r5, %0 \n\t" \ - "stw %%r4, %1 \n\t" \ - "stw %%r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - -#endif /* __MACH__ && __APPLE__ */ - -#endif /* PPC32 */ - -/* - * The Sparc(64) assembly is reported to be broken. - * Disable it for now, until we're able to fix it. - */ -#if 0 && defined(__sparc__) -#if defined(__sparc64__) - -#define MULADDC_INIT \ - asm( \ - "ldx %3, %%o0 \n\t" \ - "ldx %4, %%o1 \n\t" \ - "ld %5, %%o2 \n\t" \ - "ld %6, %%o3 \n\t" - -#define MULADDC_CORE \ - "ld [%%o0], %%o4 \n\t" \ - "inc 4, %%o0 \n\t" \ - "ld [%%o1], %%o5 \n\t" \ - "umul %%o3, %%o4, %%o4 \n\t" \ - "addcc %%o4, %%o2, %%o4 \n\t" \ - "rd %%y, %%g1 \n\t" \ - "addx %%g1, 0, %%g1 \n\t" \ - "addcc %%o4, %%o5, %%o4 \n\t" \ - "st %%o4, [%%o1] \n\t" \ - "addx %%g1, 0, %%o2 \n\t" \ - "inc 4, %%o1 \n\t" - -#define MULADDC_STOP \ - "st %%o2, %0 \n\t" \ - "stx %%o1, %1 \n\t" \ - "stx %%o0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "g1", "o0", "o1", "o2", "o3", "o4", \ - "o5" \ - ); - -#else /* __sparc64__ */ - -#define MULADDC_INIT \ - asm( \ - "ld %3, %%o0 \n\t" \ - "ld %4, %%o1 \n\t" \ - "ld %5, %%o2 \n\t" \ - "ld %6, %%o3 \n\t" - -#define MULADDC_CORE \ - "ld [%%o0], %%o4 \n\t" \ - "inc 4, %%o0 \n\t" \ - "ld [%%o1], %%o5 \n\t" \ - "umul %%o3, %%o4, %%o4 \n\t" \ - "addcc %%o4, %%o2, %%o4 \n\t" \ - "rd %%y, %%g1 \n\t" \ - "addx %%g1, 0, %%g1 \n\t" \ - "addcc %%o4, %%o5, %%o4 \n\t" \ - "st %%o4, [%%o1] \n\t" \ - "addx %%g1, 0, %%o2 \n\t" \ - "inc 4, %%o1 \n\t" - -#define MULADDC_STOP \ - "st %%o2, %0 \n\t" \ - "st %%o1, %1 \n\t" \ - "st %%o0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "g1", "o0", "o1", "o2", "o3", "o4", \ - "o5" \ - ); - -#endif /* __sparc64__ */ -#endif /* __sparc__ */ - -#if defined(__microblaze__) || defined(microblaze) - -#define MULADDC_INIT \ - asm( \ - "lwi r3, %3 \n\t" \ - "lwi r4, %4 \n\t" \ - "lwi r5, %5 \n\t" \ - "lwi r6, %6 \n\t" \ - "andi r7, r6, 0xffff \n\t" \ - "bsrli r6, r6, 16 \n\t" - -#define MULADDC_CORE \ - "lhui r8, r3, 0 \n\t" \ - "addi r3, r3, 2 \n\t" \ - "lhui r9, r3, 0 \n\t" \ - "addi r3, r3, 2 \n\t" \ - "mul r10, r9, r6 \n\t" \ - "mul r11, r8, r7 \n\t" \ - "mul r12, r9, r7 \n\t" \ - "mul r13, r8, r6 \n\t" \ - "bsrli r8, r10, 16 \n\t" \ - "bsrli r9, r11, 16 \n\t" \ - "add r13, r13, r8 \n\t" \ - "add r13, r13, r9 \n\t" \ - "bslli r10, r10, 16 \n\t" \ - "bslli r11, r11, 16 \n\t" \ - "add r12, r12, r10 \n\t" \ - "addc r13, r13, r0 \n\t" \ - "add r12, r12, r11 \n\t" \ - "addc r13, r13, r0 \n\t" \ - "lwi r10, r4, 0 \n\t" \ - "add r12, r12, r10 \n\t" \ - "addc r13, r13, r0 \n\t" \ - "add r12, r12, r5 \n\t" \ - "addc r5, r13, r0 \n\t" \ - "swi r12, r4, 0 \n\t" \ - "addi r4, r4, 4 \n\t" - -#define MULADDC_STOP \ - "swi r5, %0 \n\t" \ - "swi r4, %1 \n\t" \ - "swi r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", \ - "r9", "r10", "r11", "r12", "r13" \ - ); - -#endif /* MicroBlaze */ - -#if defined(__tricore__) - -#define MULADDC_INIT \ - asm( \ - "ld.a %%a2, %3 \n\t" \ - "ld.a %%a3, %4 \n\t" \ - "ld.w %%d4, %5 \n\t" \ - "ld.w %%d1, %6 \n\t" \ - "xor %%d5, %%d5 \n\t" - -#define MULADDC_CORE \ - "ld.w %%d0, [%%a2+] \n\t" \ - "madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \ - "ld.w %%d0, [%%a3] \n\t" \ - "addx %%d2, %%d2, %%d0 \n\t" \ - "addc %%d3, %%d3, 0 \n\t" \ - "mov %%d4, %%d3 \n\t" \ - "st.w [%%a3+], %%d2 \n\t" - -#define MULADDC_STOP \ - "st.w %0, %%d4 \n\t" \ - "st.a %1, %%a3 \n\t" \ - "st.a %2, %%a2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "d0", "d1", "e2", "d4", "a2", "a3" \ - ); - -#endif /* TriCore */ - -/* - * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about - * our use of r7 below, unless -fomit-frame-pointer is passed. - * - * On the other hand, -fomit-frame-pointer is implied by any -Ox options with - * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by - * clang and armcc5 under the same conditions). - * - * So, only use the optimized assembly below for optimized build, which avoids - * the build error and is pretty reasonable anyway. - */ -#if defined(__GNUC__) && !defined(__OPTIMIZE__) -#define MULADDC_CANNOT_USE_R7 -#endif - -#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) - -#if defined(__thumb__) && !defined(__thumb2__) - -#define MULADDC_INIT \ - asm( \ - "ldr r0, %3 \n\t" \ - "ldr r1, %4 \n\t" \ - "ldr r2, %5 \n\t" \ - "ldr r3, %6 \n\t" \ - "lsr r7, r3, #16 \n\t" \ - "mov r9, r7 \n\t" \ - "lsl r7, r3, #16 \n\t" \ - "lsr r7, r7, #16 \n\t" \ - "mov r8, r7 \n\t" - -#define MULADDC_CORE \ - "ldmia r0!, {r6} \n\t" \ - "lsr r7, r6, #16 \n\t" \ - "lsl r6, r6, #16 \n\t" \ - "lsr r6, r6, #16 \n\t" \ - "mov r4, r8 \n\t" \ - "mul r4, r6 \n\t" \ - "mov r3, r9 \n\t" \ - "mul r6, r3 \n\t" \ - "mov r5, r9 \n\t" \ - "mul r5, r7 \n\t" \ - "mov r3, r8 \n\t" \ - "mul r7, r3 \n\t" \ - "lsr r3, r6, #16 \n\t" \ - "add r5, r5, r3 \n\t" \ - "lsr r3, r7, #16 \n\t" \ - "add r5, r5, r3 \n\t" \ - "add r4, r4, r2 \n\t" \ - "mov r2, #0 \n\t" \ - "adc r5, r2 \n\t" \ - "lsl r3, r6, #16 \n\t" \ - "add r4, r4, r3 \n\t" \ - "adc r5, r2 \n\t" \ - "lsl r3, r7, #16 \n\t" \ - "add r4, r4, r3 \n\t" \ - "adc r5, r2 \n\t" \ - "ldr r3, [r1] \n\t" \ - "add r4, r4, r3 \n\t" \ - "adc r2, r5 \n\t" \ - "stmia r1!, {r4} \n\t" - -#define MULADDC_STOP \ - "str r2, %0 \n\t" \ - "str r1, %1 \n\t" \ - "str r0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r0", "r1", "r2", "r3", "r4", "r5", \ - "r6", "r7", "r8", "r9", "cc" \ - ); - -#elif (__ARM_ARCH >= 6) && defined(__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) - -#define MULADDC_INIT \ - asm( - -#define MULADDC_CORE \ - "ldr r0, [%0], #4 \n\t" \ - "ldr r1, [%1] \n\t" \ - "umaal r1, %2, %3, r0 \n\t" \ - "str r1, [%1], #4 \n\t" - -#define MULADDC_STOP \ - : "=r" (s), "=r" (d), "=r" (c) \ - : "r" (b), "0" (s), "1" (d), "2" (c) \ - : "r0", "r1", "memory" \ - ); - -#else - -#define MULADDC_INIT \ - asm( \ - "ldr r0, %3 \n\t" \ - "ldr r1, %4 \n\t" \ - "ldr r2, %5 \n\t" \ - "ldr r3, %6 \n\t" - -#define MULADDC_CORE \ - "ldr r4, [r0], #4 \n\t" \ - "mov r5, #0 \n\t" \ - "ldr r6, [r1] \n\t" \ - "umlal r2, r5, r3, r4 \n\t" \ - "adds r7, r6, r2 \n\t" \ - "adc r2, r5, #0 \n\t" \ - "str r7, [r1], #4 \n\t" - -#define MULADDC_STOP \ - "str r2, %0 \n\t" \ - "str r1, %1 \n\t" \ - "str r0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r0", "r1", "r2", "r3", "r4", "r5", \ - "r6", "r7", "cc" \ - ); - -#endif /* Thumb */ - -#endif /* ARMv3 */ - -#if defined(__alpha__) - -#define MULADDC_INIT \ - asm( \ - "ldq $1, %3 \n\t" \ - "ldq $2, %4 \n\t" \ - "ldq $3, %5 \n\t" \ - "ldq $4, %6 \n\t" - -#define MULADDC_CORE \ - "ldq $6, 0($1) \n\t" \ - "addq $1, 8, $1 \n\t" \ - "mulq $6, $4, $7 \n\t" \ - "umulh $6, $4, $6 \n\t" \ - "addq $7, $3, $7 \n\t" \ - "cmpult $7, $3, $3 \n\t" \ - "ldq $5, 0($2) \n\t" \ - "addq $7, $5, $7 \n\t" \ - "cmpult $7, $5, $5 \n\t" \ - "stq $7, 0($2) \n\t" \ - "addq $2, 8, $2 \n\t" \ - "addq $6, $3, $3 \n\t" \ - "addq $5, $3, $3 \n\t" - -#define MULADDC_STOP \ - "stq $3, %0 \n\t" \ - "stq $2, %1 \n\t" \ - "stq $1, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "$1", "$2", "$3", "$4", "$5", "$6", "$7" \ - ); -#endif /* Alpha */ - -#if defined(__mips__) && !defined(__mips64) - -#define MULADDC_INIT \ - asm( \ - "lw $10, %3 \n\t" \ - "lw $11, %4 \n\t" \ - "lw $12, %5 \n\t" \ - "lw $13, %6 \n\t" - -#define MULADDC_CORE \ - "lw $14, 0($10) \n\t" \ - "multu $13, $14 \n\t" \ - "addi $10, $10, 4 \n\t" \ - "mflo $14 \n\t" \ - "mfhi $9 \n\t" \ - "addu $14, $12, $14 \n\t" \ - "lw $15, 0($11) \n\t" \ - "sltu $12, $14, $12 \n\t" \ - "addu $15, $14, $15 \n\t" \ - "sltu $14, $15, $14 \n\t" \ - "addu $12, $12, $9 \n\t" \ - "sw $15, 0($11) \n\t" \ - "addu $12, $12, $14 \n\t" \ - "addi $11, $11, 4 \n\t" - -#define MULADDC_STOP \ - "sw $12, %0 \n\t" \ - "sw $11, %1 \n\t" \ - "sw $10, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \ - ); - -#endif /* MIPS */ -#endif /* GNUC */ - -#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) - -#define MULADDC_INIT __asm mov esi, s __asm mov edi, d __asm mov ecx, c __asm mov ebx, b - -#define MULADDC_CORE \ - __asm lodsd __asm mul ebx __asm add eax, ecx __asm adc edx, 0 __asm add eax, [ edi ] __asm adc edx, 0 __asm mov ecx, \ - edx __asm stosd - -#if defined(MBEDTLS_HAVE_SSE2) - -#define EMIT __asm _emit - -#define MULADDC_HUIT \ - EMIT 0x0F EMIT 0x6E EMIT 0xC9 EMIT 0x0F EMIT 0x6E EMIT 0xC3 EMIT 0x0F EMIT 0x6E EMIT 0x1F EMIT 0x0F EMIT 0xD4 EMIT 0xCB EMIT 0x0F EMIT 0x6E EMIT 0x16 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C EMIT 0x0F EMIT 0xF4 EMIT 0xF8 EMIT 0x0F EMIT 0xD4 EMIT 0xCA EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 EMIT 0x0F EMIT 0xD4 EMIT 0xDC EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 EMIT 0x0F EMIT 0xD4 EMIT 0xEE EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C EMIT 0x0F EMIT 0xD4 EMIT 0xFC EMIT 0x0F EMIT 0x7E EMIT 0x0F EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 EMIT 0x0F EMIT 0xF4 EMIT 0xD0 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 EMIT 0x0F EMIT 0xF4 EMIT 0xE0 EMIT 0x0F EMIT 0xD4 EMIT 0xCB EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 EMIT 0x0F EMIT 0xF4 EMIT 0xF0 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C EMIT 0x0F EMIT 0xF4 EMIT 0xD8 EMIT 0x0F EMIT 0xD4 EMIT 0xCD EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 EMIT 0x0F EMIT 0xD4 EMIT 0xD5 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0xD4 EMIT 0xCF EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 EMIT 0x0F EMIT 0xD4 EMIT 0xE5 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0xD4 EMIT 0xCA EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 EMIT 0x0F EMIT 0xD4 EMIT 0xF5 EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0xD4 EMIT 0xCC EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C EMIT 0x0F EMIT 0xD4 EMIT 0xDD EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0xD4 EMIT 0xCE EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0xD4 EMIT 0xCB EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C EMIT 0x83 EMIT 0xC7 EMIT 0x20 EMIT 0x83 EMIT 0xC6 EMIT 0x20 EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 EMIT 0x0F EMIT 0x7E EMIT 0xC9 - -#define MULADDC_STOP EMIT 0x0F EMIT 0x77 __asm mov c, ecx __asm mov d, edi __asm mov s, esi - -#else - -#define MULADDC_STOP __asm mov c, ecx __asm mov d, edi __asm mov s, esi - -#endif /* SSE2 */ -#endif /* MSVC */ - -#endif /* MBEDTLS_HAVE_ASM */ - -#if !defined(MULADDC_CORE) -#if defined(MBEDTLS_HAVE_UDBL) - -#define MULADDC_INIT \ - { \ - mbedtls_t_udbl r; \ - mbedtls_mpi_uint r0, r1; - -#define MULADDC_CORE \ - r = *(s++) * (mbedtls_t_udbl) b; \ - r0 = (mbedtls_mpi_uint) r; \ - r1 = (mbedtls_mpi_uint)(r >> biL); \ - r0 += c; \ - r1 += (r0 < c); \ - r0 += *d; \ - r1 += (r0 < *d); \ - c = r1; \ - *(d++) = r0; - -#define MULADDC_STOP } - -#else -#define MULADDC_INIT \ - { \ - mbedtls_mpi_uint s0, s1, b0, b1; \ - mbedtls_mpi_uint r0, r1, rx, ry; \ - b0 = (b << biH) >> biH; \ - b1 = (b >> biH); - -#define MULADDC_CORE \ - s0 = (*s << biH) >> biH; \ - s1 = (*s >> biH); \ - s++; \ - rx = s0 * b1; \ - r0 = s0 * b0; \ - ry = s1 * b0; \ - r1 = s1 * b1; \ - r1 += (rx >> biH); \ - r1 += (ry >> biH); \ - rx <<= biH; \ - ry <<= biH; \ - r0 += rx; \ - r1 += (r0 < rx); \ - r0 += ry; \ - r1 += (r0 < ry); \ - r0 += c; \ - r1 += (r0 < c); \ - r0 += *d; \ - r1 += (r0 < *d); \ - c = r1; \ - *(d++) = r0; - -#define MULADDC_STOP } - -#endif /* C (generic) */ -#endif /* C (longlong) */ - -#endif /* bn_mul.h */ diff --git a/src/platform/telink/crypto/internal/compatibility/ecp_alt.c b/src/platform/telink/crypto/internal/compatibility/ecp_alt.c deleted file mode 100644 index d77374658d8b03..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/ecp_alt.c +++ /dev/null @@ -1,3363 +0,0 @@ -/* - * Elliptic curves over GF(p): generic functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * References: - * - * SEC1 http://www.secg.org/index.php?action=secg,docs_secg - * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone - * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf - * RFC 4492 for the related TLS structures and constants - * RFC 7748 for the Curve448 and Curve25519 curve definitions - * - * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf - * - * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis - * for elliptic curve cryptosystems. In : Cryptographic Hardware and - * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302. - * - * - * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to - * render ECC resistant against Side Channel Attacks. IACR Cryptology - * ePrint Archive, 2004, vol. 2004, p. 342. - * - */ - -#include "../common.h" - -/** - * \brief Function level alternative implementation. - * - * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to - * replace certain functions in this module. The alternative implementations are - * typically hardware accelerators and need to activate the hardware before the - * computation starts and deactivate it after it finishes. The - * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve - * this purpose. - * - * To preserve the correct functionality the following conditions must hold: - * - * - The alternative implementation must be activated by - * mbedtls_internal_ecp_init() before any of the replaceable functions is - * called. - * - mbedtls_internal_ecp_free() must \b only be called when the alternative - * implementation is activated. - * - mbedtls_internal_ecp_init() must \b not be called when the alternative - * implementation is activated. - * - Public functions must not return while the alternative implementation is - * activated. - * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and - * before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) ) - * \endcode ensures that the alternative implementation supports the current - * group. - */ -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -#endif - -#if defined(MBEDTLS_ECP_C) - -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/threading.h" - -#include "bn_mul.h" -#include "ecp_invasive.h" - -#include - -#if defined(MBEDTLS_ECP_ALT) - -#include "pke.h" - -/* HW accelerator functionality */ -extern int ecp_alt_b91_backend_check_pubkey(const mbedtls_ecp_group * grp, const mbedtls_ecp_point * pt); -extern int ecp_alt_b91_backend_mul(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, - const mbedtls_ecp_point * P); -extern int ecp_alt_b91_backend_muladd(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, - const mbedtls_ecp_point * P, const mbedtls_mpi * n, const mbedtls_ecp_point * Q); -/* self test functionality */ -#if defined(MBEDTLS_SELF_TEST) -extern const int __ecp_alt_b91_skip_internal_self_tests; -extern int ecp_alt_b91_backend_test(int verbose); -#endif /* MBEDTLS_SELF_TEST */ - -/* Parameter validation macros based on platform_util.h */ -#define ECP_VALIDATE_RET(cond) MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) -#define ECP_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif - -#include "ecp_internal_alt.h" - -#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - -#if defined(MBEDTLS_SELF_TEST) -/* - * Counts of point addition and doubling, and field multiplications. - * Used to test resistance of point multiplication to simple timing attacks. - */ -static unsigned long add_count, dbl_count, mul_count; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) -/* - * Maximum number of "basic operations" to be done in a row. - * - * Default value 0 means that ECC operations will not yield. - * Note that regardless of the value of ecp_max_ops, always at - * least one step is performed before yielding. - * - * Setting ecp_max_ops=1 can be suitable for testing purposes - * as it will interrupt computation at all possible points. - */ -static unsigned ecp_max_ops = 0; - -/* - * Set ecp_max_ops - */ -void mbedtls_ecp_set_max_ops(unsigned max_ops) -{ - ecp_max_ops = max_ops; -} - -/* - * Check if restart is enabled - */ -int mbedtls_ecp_restart_is_enabled(void) -{ - return (ecp_max_ops != 0); -} - -/* - * Restart sub-context for ecp_mul_comb() - */ -struct mbedtls_ecp_restart_mul -{ - mbedtls_ecp_point R; /* current intermediate result */ - size_t i; /* current index in various loops, 0 outside */ - mbedtls_ecp_point * T; /* table for precomputed points */ - unsigned char T_size; /* number of points in table T */ - enum - { /* what were we doing last time we returned? */ - ecp_rsm_init = 0, /* nothing so far, dummy initial state */ - ecp_rsm_pre_dbl, /* precompute 2^n multiples */ - ecp_rsm_pre_norm_dbl, /* normalize precomputed 2^n multiples */ - ecp_rsm_pre_add, /* precompute remaining points by adding */ - ecp_rsm_pre_norm_add, /* normalize all precomputed points */ - ecp_rsm_comb_core, /* ecp_mul_comb_core() */ - ecp_rsm_final_norm, /* do the final normalization */ - } state; -}; - -/* - * Init restart_mul sub-context - */ -static void ecp_restart_rsm_init(mbedtls_ecp_restart_mul_ctx * ctx) -{ - mbedtls_ecp_point_init(&ctx->R); - ctx->i = 0; - ctx->T = NULL; - ctx->T_size = 0; - ctx->state = ecp_rsm_init; -} - -/* - * Free the components of a restart_mul sub-context - */ -static void ecp_restart_rsm_free(mbedtls_ecp_restart_mul_ctx * ctx) -{ - unsigned char i; - - if (ctx == NULL) - return; - - mbedtls_ecp_point_free(&ctx->R); - - if (ctx->T != NULL) - { - for (i = 0; i < ctx->T_size; i++) - mbedtls_ecp_point_free(ctx->T + i); - mbedtls_free(ctx->T); - } - - ecp_restart_rsm_init(ctx); -} - -/* - * Restart context for ecp_muladd() - */ -struct mbedtls_ecp_restart_muladd -{ - mbedtls_ecp_point mP; /* mP value */ - mbedtls_ecp_point R; /* R intermediate result */ - enum - { /* what should we do next? */ - ecp_rsma_mul1 = 0, /* first multiplication */ - ecp_rsma_mul2, /* second multiplication */ - ecp_rsma_add, /* addition */ - ecp_rsma_norm, /* normalization */ - } state; -}; - -/* - * Init restart_muladd sub-context - */ -static void ecp_restart_ma_init(mbedtls_ecp_restart_muladd_ctx * ctx) -{ - mbedtls_ecp_point_init(&ctx->mP); - mbedtls_ecp_point_init(&ctx->R); - ctx->state = ecp_rsma_mul1; -} - -/* - * Free the components of a restart_muladd sub-context - */ -static void ecp_restart_ma_free(mbedtls_ecp_restart_muladd_ctx * ctx) -{ - if (ctx == NULL) - return; - - mbedtls_ecp_point_free(&ctx->mP); - mbedtls_ecp_point_free(&ctx->R); - - ecp_restart_ma_init(ctx); -} - -/* - * Initialize a restart context - */ -void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx * ctx) -{ - ECP_VALIDATE(ctx != NULL); - ctx->ops_done = 0; - ctx->depth = 0; - ctx->rsm = NULL; - ctx->ma = NULL; -} - -/* - * Free the components of a restart context - */ -void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx * ctx) -{ - if (ctx == NULL) - return; - - ecp_restart_rsm_free(ctx->rsm); - mbedtls_free(ctx->rsm); - - ecp_restart_ma_free(ctx->ma); - mbedtls_free(ctx->ma); - - mbedtls_ecp_restart_init(ctx); -} - -/* - * Check if we can do the next step - */ -int mbedtls_ecp_check_budget(const mbedtls_ecp_group * grp, mbedtls_ecp_restart_ctx * rs_ctx, unsigned ops) -{ - ECP_VALIDATE_RET(grp != NULL); - - if (rs_ctx != NULL && ecp_max_ops != 0) - { - /* scale depending on curve size: the chosen reference is 256-bit, - * and multiplication is quadratic. Round to the closest integer. */ - if (grp->pbits >= 512) - ops *= 4; - else if (grp->pbits >= 384) - ops *= 2; - - /* Avoid infinite loops: always allow first step. - * Because of that, however, it's not generally true - * that ops_done <= ecp_max_ops, so the check - * ops_done > ecp_max_ops below is mandatory. */ - if ((rs_ctx->ops_done != 0) && (rs_ctx->ops_done > ecp_max_ops || ops > ecp_max_ops - rs_ctx->ops_done)) - { - return (MBEDTLS_ERR_ECP_IN_PROGRESS); - } - - /* update running count */ - rs_ctx->ops_done += ops; - } - - return (0); -} - -/* Call this when entering a function that needs its own sub-context */ -#define ECP_RS_ENTER(SUB) \ - do \ - { \ - /* reset ops count for this call if top-level */ \ - if (rs_ctx != NULL && rs_ctx->depth++ == 0) \ - rs_ctx->ops_done = 0; \ - \ - /* set up our own sub-context if needed */ \ - if (mbedtls_ecp_restart_is_enabled() && rs_ctx != NULL && rs_ctx->SUB == NULL) \ - { \ - rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ - if (rs_ctx->SUB == NULL) \ - return (MBEDTLS_ERR_ECP_ALLOC_FAILED); \ - \ - ecp_restart_##SUB##_init(rs_ctx->SUB); \ - } \ - } while (0) - -/* Call this when leaving a function that needs its own sub-context */ -#define ECP_RS_LEAVE(SUB) \ - do \ - { \ - /* clear our sub-context when not in progress (done or error) */ \ - if (rs_ctx != NULL && rs_ctx->SUB != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \ - { \ - ecp_restart_##SUB##_free(rs_ctx->SUB); \ - mbedtls_free(rs_ctx->SUB); \ - rs_ctx->SUB = NULL; \ - } \ - \ - if (rs_ctx != NULL) \ - rs_ctx->depth--; \ - } while (0) - -#else /* MBEDTLS_ECP_RESTARTABLE */ - -#define ECP_RS_ENTER(sub) (void) rs_ctx; -#define ECP_RS_LEAVE(sub) (void) rs_ctx; - -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -/* - * List of supported curves: - * - internal ID - * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2, RFC 8446 sec. 4.2.7) - * - size in bits - * - readable name - * - * Curves are listed in order: largest curves first, and for a given size, - * fastest curves first. - * - * Reminder: update profiles in x509_crt.c and ssl_tls.c when adding a new curve! - */ -static const mbedtls_ecp_curve_info ecp_supported_curves[] = { -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - { MBEDTLS_ECP_DP_SECP521R1, 25, 521, "secp521r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - { MBEDTLS_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - { MBEDTLS_ECP_DP_SECP384R1, 24, 384, "secp384r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - { MBEDTLS_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - { MBEDTLS_ECP_DP_SECP256R1, 23, 256, "secp256r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - { MBEDTLS_ECP_DP_SECP256K1, 22, 256, "secp256k1" }, -#endif -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - { MBEDTLS_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - { MBEDTLS_ECP_DP_SECP224R1, 21, 224, "secp224r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - { MBEDTLS_ECP_DP_SECP224K1, 20, 224, "secp224k1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - { MBEDTLS_ECP_DP_SECP192R1, 19, 192, "secp192r1" }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - { MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" }, -#endif - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, -}; - -#define ECP_NB_CURVES sizeof(ecp_supported_curves) / sizeof(ecp_supported_curves[0]) - -static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES]; - -/* - * List of supported curves and associated info - */ -const mbedtls_ecp_curve_info * mbedtls_ecp_curve_list(void) -{ - return (ecp_supported_curves); -} - -/* - * List of supported curves, group ID only - */ -const mbedtls_ecp_group_id * mbedtls_ecp_grp_id_list(void) -{ - static int init_done = 0; - - if (!init_done) - { - size_t i = 0; - const mbedtls_ecp_curve_info * curve_info; - - for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++) - { - ecp_supported_grp_id[i++] = curve_info->grp_id; - } - ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE; - - init_done = 1; - } - - return (ecp_supported_grp_id); -} - -/* - * Get the curve info for the internal identifier - */ -const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id) -{ - const mbedtls_ecp_curve_info * curve_info; - - for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++) - { - if (curve_info->grp_id == grp_id) - return (curve_info); - } - - return (NULL); -} - -/* - * Get the curve info from the TLS identifier - */ -const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id) -{ - const mbedtls_ecp_curve_info * curve_info; - - for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++) - { - if (curve_info->tls_id == tls_id) - return (curve_info); - } - - return (NULL); -} - -/* - * Get the curve info from the name - */ -const mbedtls_ecp_curve_info * mbedtls_ecp_curve_info_from_name(const char * name) -{ - const mbedtls_ecp_curve_info * curve_info; - - if (name == NULL) - return (NULL); - - for (curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++) - { - if (strcmp(curve_info->name, name) == 0) - return (curve_info); - } - - return (NULL); -} - -/* - * Get the type of a curve - */ -mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group * grp) -{ - if (grp->G.X.p == NULL) - return (MBEDTLS_ECP_TYPE_NONE); - - if (grp->G.Y.p == NULL) - return (MBEDTLS_ECP_TYPE_MONTGOMERY); - else - return (MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS); -} - -/* - * Initialize (the components of) a point - */ -void mbedtls_ecp_point_init(mbedtls_ecp_point * pt) -{ - ECP_VALIDATE(pt != NULL); - - mbedtls_mpi_init(&pt->X); - mbedtls_mpi_init(&pt->Y); - mbedtls_mpi_init(&pt->Z); -} - -/* - * Initialize (the components of) a group - */ -void mbedtls_ecp_group_init(mbedtls_ecp_group * grp) -{ - ECP_VALIDATE(grp != NULL); - - grp->id = MBEDTLS_ECP_DP_NONE; - mbedtls_mpi_init(&grp->P); - mbedtls_mpi_init(&grp->A); - mbedtls_mpi_init(&grp->B); - mbedtls_ecp_point_init(&grp->G); - mbedtls_mpi_init(&grp->N); - grp->pbits = 0; - grp->nbits = 0; - grp->h = 0; - grp->modp = NULL; - grp->t_pre = NULL; - grp->t_post = NULL; - grp->t_data = NULL; - grp->T = NULL; - grp->T_size = 0; -} - -/* - * Initialize (the components of) a key pair - */ -void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair * key) -{ - ECP_VALIDATE(key != NULL); - - mbedtls_ecp_group_init(&key->grp); - mbedtls_mpi_init(&key->d); - mbedtls_ecp_point_init(&key->Q); -} - -/* - * Unallocate (the components of) a point - */ -void mbedtls_ecp_point_free(mbedtls_ecp_point * pt) -{ - if (pt == NULL) - return; - - mbedtls_mpi_free(&(pt->X)); - mbedtls_mpi_free(&(pt->Y)); - mbedtls_mpi_free(&(pt->Z)); -} - -/* - * Check that the comb table (grp->T) is static initialized. - */ -static int ecp_group_is_static_comb_table(const mbedtls_ecp_group * grp) -{ -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 - return grp->T != NULL && grp->T_size == 0; -#else - (void) grp; - return 0; -#endif -} - -/* - * Unallocate (the components of) a group - */ -void mbedtls_ecp_group_free(mbedtls_ecp_group * grp) -{ - size_t i; - - if (grp == NULL) - return; - - if (grp->h != 1) - { - mbedtls_mpi_free(&grp->P); - mbedtls_mpi_free(&grp->A); - mbedtls_mpi_free(&grp->B); - mbedtls_ecp_point_free(&grp->G); - mbedtls_mpi_free(&grp->N); - } - - if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) - { - for (i = 0; i < grp->T_size; i++) - mbedtls_ecp_point_free(&grp->T[i]); - mbedtls_free(grp->T); - } - - mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); -} - -/* - * Unallocate (the components of) a key pair - */ -void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair * key) -{ - if (key == NULL) - return; - - mbedtls_ecp_group_free(&key->grp); - mbedtls_mpi_free(&key->d); - mbedtls_ecp_point_free(&key->Q); -} - -/* - * Copy the contents of a point - */ -int mbedtls_ecp_copy(mbedtls_ecp_point * P, const mbedtls_ecp_point * Q) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET(P != NULL); - ECP_VALIDATE_RET(Q != NULL); - - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->X, &Q->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Y, &Q->Y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Z, &Q->Z)); - -cleanup: - return (ret); -} - -/* - * Copy the contents of a group object - */ -int mbedtls_ecp_group_copy(mbedtls_ecp_group * dst, const mbedtls_ecp_group * src) -{ - ECP_VALIDATE_RET(dst != NULL); - ECP_VALIDATE_RET(src != NULL); - - return (mbedtls_ecp_group_load(dst, src->id)); -} - -/* - * Set point to zero - */ -int mbedtls_ecp_set_zero(mbedtls_ecp_point * pt) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET(pt != NULL); - - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->X, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Y, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 0)); - -cleanup: - return (ret); -} - -/* - * Tell if a point is zero - */ -int mbedtls_ecp_is_zero(mbedtls_ecp_point * pt) -{ - ECP_VALIDATE_RET(pt != NULL); - - return (mbedtls_mpi_cmp_int(&pt->Z, 0) == 0); -} - -/* - * Compare two points lazily - */ -int mbedtls_ecp_point_cmp(const mbedtls_ecp_point * P, const mbedtls_ecp_point * Q) -{ - ECP_VALIDATE_RET(P != NULL); - ECP_VALIDATE_RET(Q != NULL); - - if (mbedtls_mpi_cmp_mpi(&P->X, &Q->X) == 0 && mbedtls_mpi_cmp_mpi(&P->Y, &Q->Y) == 0 && mbedtls_mpi_cmp_mpi(&P->Z, &Q->Z) == 0) - { - return (0); - } - - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); -} - -/* - * Import a non-zero point from ASCII strings - */ -int mbedtls_ecp_point_read_string(mbedtls_ecp_point * P, int radix, const char * x, const char * y) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET(P != NULL); - ECP_VALIDATE_RET(x != NULL); - ECP_VALIDATE_RET(y != NULL); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->X, radix, x)); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->Y, radix, y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1)); - -cleanup: - return (ret); -} - -/* - * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748) - */ -int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group * grp, const mbedtls_ecp_point * P, int format, size_t * olen, - unsigned char * buf, size_t buflen) -{ - int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - size_t plen; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(P != NULL); - ECP_VALIDATE_RET(olen != NULL); - ECP_VALIDATE_RET(buf != NULL); - ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED || format == MBEDTLS_ECP_PF_COMPRESSED); - - plen = mbedtls_mpi_size(&grp->P); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - (void) format; /* Montgomery curves always use the same point format */ - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - { - *olen = plen; - if (buflen < *olen) - return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&P->X, buf, plen)); - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - /* - * Common case: P == 0 - */ - if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) - { - if (buflen < 1) - return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - - buf[0] = 0x00; - *olen = 1; - - return (0); - } - - if (format == MBEDTLS_ECP_PF_UNCOMPRESSED) - { - *olen = 2 * plen + 1; - - if (buflen < *olen) - return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - - buf[0] = 0x04; - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->Y, buf + 1 + plen, plen)); - } - else if (format == MBEDTLS_ECP_PF_COMPRESSED) - { - *olen = plen + 1; - - if (buflen < *olen) - return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - - buf[0] = 0x02 + mbedtls_mpi_get_bit(&P->Y, 0); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); - } - } -#endif - -cleanup: - return (ret); -} - -/* - * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748) - */ -int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group * grp, mbedtls_ecp_point * pt, const unsigned char * buf, size_t ilen) -{ - int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - size_t plen; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(pt != NULL); - ECP_VALIDATE_RET(buf != NULL); - - if (ilen < 1) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - plen = mbedtls_mpi_size(&grp->P); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - { - if (plen != ilen) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen)); - mbedtls_mpi_free(&pt->Y); - - if (grp->id == MBEDTLS_ECP_DP_CURVE25519) - /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); - } -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - if (buf[0] == 0x00) - { - if (ilen == 1) - return (mbedtls_ecp_set_zero(pt)); - else - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - } - - if (buf[0] != 0x04) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - - if (ilen != 2 * plen + 1) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen)); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y, buf + 1 + plen, plen)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); - } -#endif - -cleanup: - return (ret); -} - -/* - * Import a point from a TLS ECPoint record (RFC 4492) - * struct { - * opaque point <1..2^8-1>; - * } ECPoint; - */ -int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group * grp, mbedtls_ecp_point * pt, const unsigned char ** buf, size_t buf_len) -{ - unsigned char data_len; - const unsigned char * buf_start; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(pt != NULL); - ECP_VALIDATE_RET(buf != NULL); - ECP_VALIDATE_RET(*buf != NULL); - - /* - * We must have at least two bytes (1 for length, at least one for data) - */ - if (buf_len < 2) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - data_len = *(*buf)++; - if (data_len < 1 || data_len > buf_len - 1) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - /* - * Save buffer start for read_binary and update buf - */ - buf_start = *buf; - *buf += data_len; - - return (mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len)); -} - -/* - * Export a point as a TLS ECPoint record (RFC 4492) - * struct { - * opaque point <1..2^8-1>; - * } ECPoint; - */ -int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group * grp, const mbedtls_ecp_point * pt, int format, size_t * olen, - unsigned char * buf, size_t blen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(pt != NULL); - ECP_VALIDATE_RET(olen != NULL); - ECP_VALIDATE_RET(buf != NULL); - ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED || format == MBEDTLS_ECP_PF_COMPRESSED); - - /* - * buffer length must be at least one, for our length byte - */ - if (blen < 1) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format, olen, buf + 1, blen - 1)) != 0) - return (ret); - - /* - * write length to the first byte and update total length - */ - buf[0] = (unsigned char) *olen; - ++*olen; - - return (0); -} - -/* - * Set a group from an ECParameters record (RFC 4492) - */ -int mbedtls_ecp_tls_read_group(mbedtls_ecp_group * grp, const unsigned char ** buf, size_t len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_group_id grp_id; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(buf != NULL); - ECP_VALIDATE_RET(*buf != NULL); - - if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) - return (ret); - - return (mbedtls_ecp_group_load(grp, grp_id)); -} - -/* - * Read a group id from an ECParameters record (RFC 4492) and convert it to - * mbedtls_ecp_group_id. - */ -int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id * grp, const unsigned char ** buf, size_t len) -{ - uint16_t tls_id; - const mbedtls_ecp_curve_info * curve_info; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(buf != NULL); - ECP_VALIDATE_RET(*buf != NULL); - - /* - * We expect at least three bytes (see below) - */ - if (len < 3) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - /* - * First byte is curve_type; only named_curve is handled - */ - if (*(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - /* - * Next two bytes are the namedcurve value - */ - tls_id = *(*buf)++; - tls_id <<= 8; - tls_id |= *(*buf)++; - - if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - - *grp = curve_info->grp_id; - - return (0); -} - -/* - * Write the ECParameters record corresponding to a group (RFC 4492) - */ -int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group * grp, size_t * olen, unsigned char * buf, size_t blen) -{ - const mbedtls_ecp_curve_info * curve_info; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(buf != NULL); - ECP_VALIDATE_RET(olen != NULL); - - if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - /* - * We are going to write 3 bytes (see below) - */ - *olen = 3; - if (blen < *olen) - return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - - /* - * First byte is curve_type, always named_curve - */ - *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE; - - /* - * Next two bytes are the namedcurve value - */ - buf[0] = curve_info->tls_id >> 8; - buf[1] = curve_info->tls_id & 0xFF; - - return (0); -} - -/* - * Wrapper around fast quasi-modp functions, with fall-back to mbedtls_mpi_mod_mpi. - * See the documentation of struct mbedtls_ecp_group. - * - * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf. - */ -static int ecp_modp(mbedtls_mpi * N, const mbedtls_ecp_group * grp) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (grp->modp == NULL) - return (mbedtls_mpi_mod_mpi(N, N, &grp->P)); - - /* N->s < 0 is a much faster test, which fails only if N is 0 */ - if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) || mbedtls_mpi_bitlen(N) > 2 * grp->pbits) - { - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - } - - MBEDTLS_MPI_CHK(grp->modp(N)); - - /* N->s < 0 is a much faster test, which fails only if N is 0 */ - while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); - - while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) - /* we known P, N and the result are positive */ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); - -cleanup: - return (ret); -} - -/* - * Fast mod-p functions expect their argument to be in the 0..p^2 range. - * - * In order to guarantee that, we need to ensure that operands of - * mbedtls_mpi_mul_mpi are in the 0..p range. So, after each operation we will - * bring the result back to this range. - * - * The following macros are shortcuts for doing that. - */ - -/* - * Reduce a mbedtls_mpi mod p in-place, general case, to use after mbedtls_mpi_mul_mpi - */ -#if defined(MBEDTLS_SELF_TEST) -#define INC_MUL_COUNT mul_count++; -#else -#define INC_MUL_COUNT -#endif - -#define MOD_MUL(N) \ - do \ - { \ - MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \ - INC_MUL_COUNT \ - } while (0) - -static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group * grp, mbedtls_mpi * X, const mbedtls_mpi * A, const mbedtls_mpi * B) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B)); - MOD_MUL(*X); -cleanup: - return (ret); -} - -/* - * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi - * N->s < 0 is a very fast test, which fails only if N is 0 - */ -#define MOD_SUB(N) \ - while ((N).s < 0 && mbedtls_mpi_cmp_int(&(N), 0) != 0) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&(N), &(N), &grp->P)) - -#if (defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && defined(MBEDTLS_ECP_ADD_MIXED_ALT))) || \ - (defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && !(defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT))) -static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group * grp, mbedtls_mpi * X, const mbedtls_mpi * A, const mbedtls_mpi * B) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(X, A, B)); - MOD_SUB(*X); -cleanup: - return (ret); -} -#endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */ - -/* - * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int. - * We known P, N and the result are positive, so sub_abs is correct, and - * a bit faster. - */ -#define MOD_ADD(N) \ - while (mbedtls_mpi_cmp_mpi(&(N), &grp->P) >= 0) \ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&(N), &(N), &grp->P)) - -static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group * grp, mbedtls_mpi * X, const mbedtls_mpi * A, const mbedtls_mpi * B) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B)); - MOD_ADD(*X); -cleanup: - return (ret); -} - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !(defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && defined(MBEDTLS_ECP_ADD_MIXED_ALT)) -static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group * grp, mbedtls_mpi * X, size_t count) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, count)); - MOD_ADD(*X); -cleanup: - return (ret); -} -#endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -/* - * For curves in short Weierstrass form, we do all the internal operations in - * Jacobian coordinates. - * - * For multiplication, we'll use a comb method with coutermeasueres against - * SPA, hence timing attacks. - */ - -/* - * Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1) - * Cost: 1N := 1I + 3M + 1S - */ -static int ecp_normalize_jac(const mbedtls_ecp_group * grp, mbedtls_ecp_point * pt) -{ - if (mbedtls_mpi_cmp_int(&pt->Z, 0) == 0) - return (0); - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_normalize_jac(grp, pt)); -#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi Zi, ZZi; - mbedtls_mpi_init(&Zi); - mbedtls_mpi_init(&ZZi); - - /* - * X = X / Z^2 mod p - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&Zi, &pt->Z, &grp->P)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ZZi)); - - /* - * Y = Y / Z^3 mod p - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ZZi)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &Zi)); - - /* - * Z = 1 - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); - -cleanup: - - mbedtls_mpi_free(&Zi); - mbedtls_mpi_free(&ZZi); - - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */ -} - -/* - * Normalize jacobian coordinates of an array of (pointers to) points, - * using Montgomery's trick to perform only one inversion mod P. - * (See for example Cohen's "A Course in Computational Algebraic Number - * Theory", Algorithm 10.3.4.) - * - * Warning: fails (returning an error) if one of the points is zero! - * This should never happen, see choice of w in ecp_mul_comb(). - * - * Cost: 1N(t) := 1I + (6t - 3)M + 1S - */ -static int ecp_normalize_jac_many(const mbedtls_ecp_group * grp, mbedtls_ecp_point * T[], size_t T_size) -{ - if (T_size < 2) - return (ecp_normalize_jac(grp, *T)); - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size)); -#endif - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_mpi *c, u, Zi, ZZi; - - if ((c = mbedtls_calloc(T_size, sizeof(mbedtls_mpi))) == NULL) - return (MBEDTLS_ERR_ECP_ALLOC_FAILED); - - for (i = 0; i < T_size; i++) - mbedtls_mpi_init(&c[i]); - - mbedtls_mpi_init(&u); - mbedtls_mpi_init(&Zi); - mbedtls_mpi_init(&ZZi); - - /* - * c[i] = Z_0 * ... * Z_i - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&c[0], &T[0]->Z)); - for (i = 1; i < T_size; i++) - { - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &c[i], &c[i - 1], &T[i]->Z)); - } - - /* - * u = 1 / (Z_0 * ... * Z_n) mod P - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&u, &c[T_size - 1], &grp->P)); - - for (i = T_size - 1;; i--) - { - /* - * Zi = 1 / Z_i mod p - * u = 1 / (Z_0 * ... * Z_i) mod P - */ - if (i == 0) - { - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Zi, &u)); - } - else - { - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Zi, &u, &c[i - 1])); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &u, &u, &T[i]->Z)); - } - - /* - * proceed as in normalize() - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->X, &T[i]->X, &ZZi)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &ZZi)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &Zi)); - - /* - * Post-precessing: reclaim some memory by shrinking coordinates - * - not storing Z (always 1) - * - shrinking other coordinates, but still keeping the same number of - * limbs as P, as otherwise it will too likely be regrown too fast. - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); - mbedtls_mpi_free(&T[i]->Z); - - if (i == 0) - break; - } - -cleanup: - - mbedtls_mpi_free(&u); - mbedtls_mpi_free(&Zi); - mbedtls_mpi_free(&ZZi); - for (i = 0; i < T_size; i++) - mbedtls_mpi_free(&c[i]); - mbedtls_free(c); - - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */ -} - -/* - * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak. - * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid - */ -static int ecp_safe_invert_jac(const mbedtls_ecp_group * grp, mbedtls_ecp_point * Q, unsigned char inv) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char nonzero; - mbedtls_mpi mQY; - - mbedtls_mpi_init(&mQY); - - /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mQY, &grp->P, &Q->Y)); - nonzero = mbedtls_mpi_cmp_int(&Q->Y, 0) != 0; - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&Q->Y, &mQY, inv & nonzero)); - -cleanup: - mbedtls_mpi_free(&mQY); - - return (ret); -} - -/* - * Point doubling R = 2 P, Jacobian coordinates - * - * Based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 . - * - * We follow the variable naming fairly closely. The formula variations that trade a MUL for a SQR - * (plus a few ADDs) aren't useful as our bignum implementation doesn't distinguish squaring. - * - * Standard optimizations are applied when curve parameter A is one of { 0, -3 }. - * - * Cost: 1D := 3M + 4S (A == 0) - * 4M + 4S (A == -3) - * 3M + 6S + 1a otherwise - */ -static int ecp_double_jac(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_ecp_point * P) -{ -#if defined(MBEDTLS_SELF_TEST) - dbl_count++; -#endif - -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_double_jac(grp, R, P)); -#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi M, S, T, U; - - mbedtls_mpi_init(&M); - mbedtls_mpi_init(&S); - mbedtls_mpi_init(&T); - mbedtls_mpi_init(&U); - - /* Special case for A = -3 */ - if (grp->A.p == NULL) - { - /* M = 3(X + Z^2)(X - Z^2) */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &T, &P->X, &S)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &U, &P->X, &S)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &U)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); - MOD_ADD(M); - } - else - { - /* M = 3.X^2 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &P->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); - MOD_ADD(M); - - /* Optimize away for "koblitz" curves with A = 0 */ - if (mbedtls_mpi_cmp_int(&grp->A, 0) != 0) - { - /* M += A.Z^4 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &S, &S)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &grp->A)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &M, &M, &S)); - } - } - - /* S = 4.X.Y^2 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &P->Y, &P->Y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &T)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &S, 1)); - - /* U = 8.Y^4 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &T, &T)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1)); - - /* T = M^2 - 2.S */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &M, &M)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S)); - - /* S = M(S - T) - U */ - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &T)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &S, &M)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &U)); - - /* U = 2.Y.Z */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &P->Y, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &T)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &S)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &U)); - -cleanup: - mbedtls_mpi_free(&M); - mbedtls_mpi_free(&S); - mbedtls_mpi_free(&T); - mbedtls_mpi_free(&U); - - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */ -} - -/* - * Addition: R = P + Q, mixed affine-Jacobian coordinates (GECC 3.22) - * - * The coordinates of Q must be normalized (= affine), - * but those of P don't need to. R is not normalized. - * - * Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q. - * None of these cases can happen as intermediate step in ecp_mul_comb(): - * - at each step, P, Q and R are multiples of the base point, the factor - * being less than its order, so none of them is zero; - * - Q is an odd multiple of the base point, P an even multiple, - * due to the choice of precomputed points in the modified comb method. - * So branches for these cases do not leak secret information. - * - * We accept Q->Z being unset (saving memory in tables) as meaning 1. - * - * Cost: 1A := 8M + 3S - */ -static int ecp_add_mixed(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_ecp_point * P, - const mbedtls_ecp_point * Q) -{ -#if defined(MBEDTLS_SELF_TEST) - add_count++; -#endif - -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_add_mixed(grp, R, P, Q)); -#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi T1, T2, T3, T4, X, Y, Z; - - /* - * Trivial cases: P == 0 or Q == 0 (case 1) - */ - if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) - return (mbedtls_ecp_copy(R, Q)); - - if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 0) == 0) - return (mbedtls_ecp_copy(R, P)); - - /* - * Make sure Q coordinates are normalized - */ - if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 1) != 0) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - mbedtls_mpi_init(&T1); - mbedtls_mpi_init(&T2); - mbedtls_mpi_init(&T3); - mbedtls_mpi_init(&T4); - mbedtls_mpi_init(&X); - mbedtls_mpi_init(&Y); - mbedtls_mpi_init(&Z); - - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &P->Z, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T1, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &T1, &Q->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T2, &Q->Y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T1, &T1, &P->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T2, &T2, &P->Y)); - - /* Special cases (2) and (3) */ - if (mbedtls_mpi_cmp_int(&T1, 0) == 0) - { - if (mbedtls_mpi_cmp_int(&T2, 0) == 0) - { - ret = ecp_double_jac(grp, R, P); - goto cleanup; - } - else - { - ret = mbedtls_ecp_set_zero(R); - goto cleanup; - } - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Z, &P->Z, &T1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T1, &T1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T3, &T1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &P->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &T3)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T1, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &X, &T2, &T2)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T4)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T3, &T3, &X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &T2)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T4, &P->Y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &Y, &T3, &T4)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &Y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &Z)); - -cleanup: - - mbedtls_mpi_free(&T1); - mbedtls_mpi_free(&T2); - mbedtls_mpi_free(&T3); - mbedtls_mpi_free(&T4); - mbedtls_mpi_free(&X); - mbedtls_mpi_free(&Y); - mbedtls_mpi_free(&Z); - - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */ -} - -/* - * Randomize jacobian coordinates: - * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l - * This is sort of the reverse operation of ecp_normalize_jac(). - * - * This countermeasure was first suggested in [2]. - */ -static int ecp_randomize_jac(const mbedtls_ecp_group * grp, mbedtls_ecp_point * pt, int (*f_rng)(void *, unsigned char *, size_t), - void * p_rng) -{ -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng)); -#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi l, ll; - - mbedtls_mpi_init(&l); - mbedtls_mpi_init(&ll); - - /* Generate l such that 1 < l < p */ - MBEDTLS_MPI_CHK(mbedtls_mpi_random(&l, 2, &grp->P, f_rng, p_rng)); - - /* Z = l * Z */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Z, &pt->Z, &l)); - - /* X = l^2 * X */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &l, &l)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ll)); - - /* Y = l^3 * Y */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &ll, &l)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ll)); - -cleanup: - mbedtls_mpi_free(&l); - mbedtls_mpi_free(&ll); - - if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */ -} - -/* - * Check and define parameters used by the comb method (see below for details) - */ -#if MBEDTLS_ECP_WINDOW_SIZE < 2 || MBEDTLS_ECP_WINDOW_SIZE > 7 -#error "MBEDTLS_ECP_WINDOW_SIZE out of bounds" -#endif - -/* d = ceil( n / w ) */ -#define COMB_MAX_D (MBEDTLS_ECP_MAX_BITS + 1) / 2 - -/* number of precomputed points */ -#define COMB_MAX_PRE (1 << (MBEDTLS_ECP_WINDOW_SIZE - 1)) - -/* - * Compute the representation of m that will be used with our comb method. - * - * The basic comb method is described in GECC 3.44 for example. We use a - * modified version that provides resistance to SPA by avoiding zero - * digits in the representation as in [3]. We modify the method further by - * requiring that all K_i be odd, which has the small cost that our - * representation uses one more K_i, due to carries, but saves on the size of - * the precomputed table. - * - * Summary of the comb method and its modifications: - * - * - The goal is to compute m*P for some w*d-bit integer m. - * - * - The basic comb method splits m into the w-bit integers - * x[0] .. x[d-1] where x[i] consists of the bits in m whose - * index has residue i modulo d, and computes m * P as - * S[x[0]] + 2 * S[x[1]] + .. + 2^(d-1) S[x[d-1]], where - * S[i_{w-1} .. i_0] := i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + i_0 P. - * - * - If it happens that, say, x[i+1]=0 (=> S[x[i+1]]=0), one can replace the sum by - * .. + 2^{i-1} S[x[i-1]] - 2^i S[x[i]] + 2^{i+1} S[x[i]] + 2^{i+2} S[x[i+2]] .., - * thereby successively converting it into a form where all summands - * are nonzero, at the cost of negative summands. This is the basic idea of [3]. - * - * - More generally, even if x[i+1] != 0, we can first transform the sum as - * .. - 2^i S[x[i]] + 2^{i+1} ( S[x[i]] + S[x[i+1]] ) + 2^{i+2} S[x[i+2]] .., - * and then replace S[x[i]] + S[x[i+1]] = S[x[i] ^ x[i+1]] + 2 S[x[i] & x[i+1]]. - * Performing and iterating this procedure for those x[i] that are even - * (keeping track of carry), we can transform the original sum into one of the form - * S[x'[0]] +- 2 S[x'[1]] +- .. +- 2^{d-1} S[x'[d-1]] + 2^d S[x'[d]] - * with all x'[i] odd. It is therefore only necessary to know S at odd indices, - * which is why we are only computing half of it in the first place in - * ecp_precompute_comb and accessing it with index abs(i) / 2 in ecp_select_comb. - * - * - For the sake of compactness, only the seven low-order bits of x[i] - * are used to represent its absolute value (K_i in the paper), and the msb - * of x[i] encodes the sign (s_i in the paper): it is set if and only if - * if s_i == -1; - * - * Calling conventions: - * - x is an array of size d + 1 - * - w is the size, ie number of teeth, of the comb, and must be between - * 2 and 7 (in practice, between 2 and MBEDTLS_ECP_WINDOW_SIZE) - * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d - * (the result will be incorrect if these assumptions are not satisfied) - */ -static void ecp_comb_recode_core(unsigned char x[], size_t d, unsigned char w, const mbedtls_mpi * m) -{ - size_t i, j; - unsigned char c, cc, adjust; - - memset(x, 0, d + 1); - - /* First get the classical comb values (except for x_d = 0) */ - for (i = 0; i < d; i++) - for (j = 0; j < w; j++) - x[i] |= mbedtls_mpi_get_bit(m, i + d * j) << j; - - /* Now make sure x_1 .. x_d are odd */ - c = 0; - for (i = 1; i <= d; i++) - { - /* Add carry and update it */ - cc = x[i] & c; - x[i] = x[i] ^ c; - c = cc; - - /* Adjust if needed, avoiding branches */ - adjust = 1 - (x[i] & 0x01); - c |= x[i] & (x[i - 1] * adjust); - x[i] = x[i] ^ (x[i - 1] * adjust); - x[i - 1] |= adjust << 7; - } -} - -/* - * Precompute points for the adapted comb method - * - * Assumption: T must be able to hold 2^{w - 1} elements. - * - * Operation: If i = i_{w-1} ... i_1 is the binary representation of i, - * sets T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P. - * - * Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1) - * - * Note: Even comb values (those where P would be omitted from the - * sum defining T[i] above) are not needed in our adaption - * the comb method. See ecp_comb_recode_core(). - * - * This function currently works in four steps: - * (1) [dbl] Computation of intermediate T[i] for 2-power values of i - * (2) [norm_dbl] Normalization of coordinates of these T[i] - * (3) [add] Computation of all T[i] - * (4) [norm_add] Normalization of all T[i] - * - * Step 1 can be interrupted but not the others; together with the final - * coordinate normalization they are the largest steps done at once, depending - * on the window size. Here are operation counts for P-256: - * - * step (2) (3) (4) - * w = 5 142 165 208 - * w = 4 136 77 160 - * w = 3 130 33 136 - * w = 2 124 11 124 - * - * So if ECC operations are blocking for too long even with a low max_ops - * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order - * to minimize maximum blocking time. - */ -static int ecp_precompute_comb(const mbedtls_ecp_group * grp, mbedtls_ecp_point T[], const mbedtls_ecp_point * P, unsigned char w, - size_t d, mbedtls_ecp_restart_ctx * rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char i; - size_t j = 0; - const unsigned char T_size = 1U << (w - 1); - mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - { - if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) - goto dbl; - if (rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl) - goto norm_dbl; - if (rs_ctx->rsm->state == ecp_rsm_pre_add) - goto add; - if (rs_ctx->rsm->state == ecp_rsm_pre_norm_add) - goto norm_add; - } -#else - (void) rs_ctx; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - { - rs_ctx->rsm->state = ecp_rsm_pre_dbl; - - /* initial state for the loop */ - rs_ctx->rsm->i = 0; - } - -dbl: -#endif - /* - * Set T[0] = P and - * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) - */ - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&T[0], P)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) - j = rs_ctx->rsm->i; - else -#endif - j = 0; - - for (; j < d * (w - 1); j++) - { - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL); - - i = 1U << (j / d); - cur = T + i; - - if (j % d == 0) - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(cur, T + (i >> 1))); - - MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur)); - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; - -norm_dbl: -#endif - /* - * Normalize current elements in T. As T has holes, - * use an auxiliary array of pointers to elements in T. - */ - j = 0; - for (i = 1; i < T_size; i <<= 1) - TT[j++] = T + i; - - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - - MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - rs_ctx->rsm->state = ecp_rsm_pre_add; - -add: -#endif - /* - * Compute the remaining ones using the minimal number of additions - * Be careful to update T[2^l] only after using it! - */ - MBEDTLS_ECP_BUDGET((T_size - 1) * MBEDTLS_ECP_OPS_ADD); - - for (i = 1; i < T_size; i <<= 1) - { - j = i; - while (j--) - MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i])); - } - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - rs_ctx->rsm->state = ecp_rsm_pre_norm_add; - -norm_add: -#endif - /* - * Normalize final elements in T. Even though there are no holes now, we - * still need the auxiliary array for homogeneity with the previous - * call. Also, skip T[0] which is already normalised, being a copy of P. - */ - for (j = 0; j + 1 < T_size; j++) - TT[j] = T + j + 1; - - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - - MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); - -cleanup: -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) - { - if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) - rs_ctx->rsm->i = j; - } -#endif - - return (ret); -} - -/* - * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ] - * - * See ecp_comb_recode_core() for background - */ -static int ecp_select_comb(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_ecp_point T[], unsigned char T_size, - unsigned char i) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char ii, j; - - /* Ignore the "sign" bit and scale down */ - ii = (i & 0x7Fu) >> 1; - - /* Read the whole table to thwart cache-based timing attacks */ - for (j = 0; j < T_size; j++) - { - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->X, &T[j].X, j == ii)); - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->Y, &T[j].Y, j == ii)); - } - - /* Safely invert result if i is "negative" */ - MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); - -cleanup: - return (ret); -} - -/* - * Core multiplication algorithm for the (modified) comb method. - * This part is actually common with the basic comb method (GECC 3.44) - * - * Cost: d A + d D + 1 R - */ -static int ecp_mul_comb_core(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_ecp_point T[], - unsigned char T_size, const unsigned char x[], size_t d, int (*f_rng)(void *, unsigned char *, size_t), - void * p_rng, mbedtls_ecp_restart_ctx * rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_point Txi; - size_t i; - - mbedtls_ecp_point_init(&Txi); - -#if !defined(MBEDTLS_ECP_RESTARTABLE) - (void) rs_ctx; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->state != ecp_rsm_comb_core) - { - rs_ctx->rsm->i = 0; - rs_ctx->rsm->state = ecp_rsm_comb_core; - } - - /* new 'if' instead of nested for the sake of the 'else' branch */ - if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) - { - /* restore current index (R already pointing to rs_ctx->rsm->R) */ - i = rs_ctx->rsm->i; - } - else -#endif - { - /* Start with a non-zero point and randomize its coordinates */ - i = d; - MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 1)); - if (f_rng != 0) - MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); - } - - while (i != 0) - { - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD); - --i; - - MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R)); - MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); - MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi)); - } - -cleanup: - - mbedtls_ecp_point_free(&Txi); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) - { - rs_ctx->rsm->i = i; - /* no need to save R, already pointing to rs_ctx->rsm->R */ - } -#endif - - return (ret); -} - -/* - * Recode the scalar to get constant-time comb multiplication - * - * As the actual scalar recoding needs an odd scalar as a starting point, - * this wrapper ensures that by replacing m by N - m if necessary, and - * informs the caller that the result of multiplication will be negated. - * - * This works because we only support large prime order for Short Weierstrass - * curves, so N is always odd hence either m or N - m is. - * - * See ecp_comb_recode_core() for background. - */ -static int ecp_comb_recode_scalar(const mbedtls_ecp_group * grp, const mbedtls_mpi * m, unsigned char k[COMB_MAX_D + 1], size_t d, - unsigned char w, unsigned char * parity_trick) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi M, mm; - - mbedtls_mpi_init(&M); - mbedtls_mpi_init(&mm); - - /* N is always odd (see above), just make extra sure */ - if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - /* do we need the parity trick? */ - *parity_trick = (mbedtls_mpi_get_bit(m, 0) == 0); - - /* execute parity fix in constant time */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&M, m)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&M, &mm, *parity_trick)); - - /* actual scalar recoding */ - ecp_comb_recode_core(k, d, w, &M); - -cleanup: - mbedtls_mpi_free(&mm); - mbedtls_mpi_free(&M); - - return (ret); -} - -/* - * Perform comb multiplication (for short Weierstrass curves) - * once the auxiliary table has been pre-computed. - * - * Scalar recoding may use a parity trick that makes us compute -m * P, - * if that is the case we'll need to recover m * P at the end. - */ -static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, - const mbedtls_ecp_point * T, unsigned char T_size, unsigned char w, size_t d, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng, mbedtls_ecp_restart_ctx * rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char parity_trick; - unsigned char k[COMB_MAX_D + 1]; - mbedtls_ecp_point * RR = R; - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - { - RR = &rs_ctx->rsm->R; - - if (rs_ctx->rsm->state == ecp_rsm_final_norm) - goto final_norm; - } -#endif - - MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, &parity_trick)); - MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, f_rng, p_rng, rs_ctx)); - MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - rs_ctx->rsm->state = ecp_rsm_final_norm; - -final_norm: - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); -#endif - /* - * Knowledge of the jacobian coordinates may leak the last few bits of the - * scalar [1], and since our MPI implementation isn't constant-flow, - * inversion (used for coordinate normalization) may leak the full value - * of its input via side-channels [2]. - * - * [1] https://eprint.iacr.org/2003/191 - * [2] https://eprint.iacr.org/2020/055 - * - * Avoid the leak by randomizing coordinates before we normalize them. - */ - if (f_rng != 0) - MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); - - MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL) - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, RR)); -#endif - -cleanup: - return (ret); -} - -/* - * Pick window size based on curve size and whether we optimize for base point - */ -static unsigned char ecp_pick_window_size(const mbedtls_ecp_group * grp, unsigned char p_eq_g) -{ - unsigned char w; - - /* - * Minimize the number of multiplications, that is minimize - * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) - * (see costs of the various parts, with 1S = 1M) - */ - w = grp->nbits >= 384 ? 5 : 4; - - /* - * If P == G, pre-compute a bit more, since this may be re-used later. - * Just adding one avoids upping the cost of the first mul too much, - * and the memory cost too. - */ - if (p_eq_g) - w++; - - /* - * If static comb table may not be used (!p_eq_g) or static comb table does - * not exists, make sure w is within bounds. - * (The last test is useful only for very small curves in the test suite.) - * - * The user reduces MBEDTLS_ECP_WINDOW_SIZE does not changes the size of - * static comb table, because the size of static comb table is fixed when - * it is generated. - */ -#if (MBEDTLS_ECP_WINDOW_SIZE < 6) - if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) - w = MBEDTLS_ECP_WINDOW_SIZE; -#endif - if (w >= grp->nbits) - w = 2; - - return (w); -} - -/* - * Multiplication using the comb method - for curves in short Weierstrass form - * - * This function is mainly responsible for administrative work: - * - managing the restart context if enabled - * - managing the table of precomputed points (passed between the below two - * functions): allocation, computation, ownership tranfer, freeing. - * - * It delegates the actual arithmetic work to: - * ecp_precompute_comb() and ecp_mul_comb_with_precomp() - * - * See comments on ecp_comb_recode_core() regarding the computation strategy. - */ -static int ecp_mul_comb(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng, mbedtls_ecp_restart_ctx * rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char w, p_eq_g, i; - size_t d; - unsigned char T_size = 0, T_ok = 0; - mbedtls_ecp_point * T = NULL; - - ECP_RS_ENTER(rsm); - - /* Is P the base point ? */ -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 - p_eq_g = (mbedtls_mpi_cmp_mpi(&P->Y, &grp->G.Y) == 0 && mbedtls_mpi_cmp_mpi(&P->X, &grp->G.X) == 0); -#else - p_eq_g = 0; -#endif - - /* Pick window size and deduce related sizes */ - w = ecp_pick_window_size(grp, p_eq_g); - T_size = 1U << (w - 1); - d = (grp->nbits + w - 1) / w; - - /* Pre-computed table: do we have it already for the base point? */ - if (p_eq_g && grp->T != NULL) - { - /* second pointer to the same table, will be deleted on exit */ - T = grp->T; - T_ok = 1; - } - else -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* Pre-computed table: do we have one in progress? complete? */ - if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL) - { - /* transfer ownership of T from rsm to local function */ - T = rs_ctx->rsm->T; - rs_ctx->rsm->T = NULL; - rs_ctx->rsm->T_size = 0; - - /* This effectively jumps to the call to mul_comb_after_precomp() */ - T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; - } - else -#endif - /* Allocate table if we didn't have any */ - { - T = mbedtls_calloc(T_size, sizeof(mbedtls_ecp_point)); - if (T == NULL) - { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; - } - - for (i = 0; i < T_size; i++) - mbedtls_ecp_point_init(&T[i]); - - T_ok = 0; - } - - /* Compute table (or finish computing it) if not done already */ - if (!T_ok) - { - MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); - - if (p_eq_g) - { - /* almost transfer ownership of T to the group, but keep a copy of - * the pointer to use for calling the next function more easily */ - grp->T = T; - grp->T_size = T_size; - } - } - - /* Actual comb multiplication using precomputed points */ - MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, T, T_size, w, d, f_rng, p_rng, rs_ctx)); - -cleanup: - - /* does T belong to the group? */ - if (T == grp->T) - T = NULL; - - /* does T belong to the restart context? */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL) - { - /* transfer ownership of T from local function to rsm */ - rs_ctx->rsm->T_size = T_size; - rs_ctx->rsm->T = T; - T = NULL; - } -#endif - - /* did T belong to us? then let's destroy it! */ - if (T != NULL) - { - for (i = 0; i < T_size; i++) - mbedtls_ecp_point_free(&T[i]); - mbedtls_free(T); - } - - /* don't free R while in progress in case R == P */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) -#endif - /* prevent caller from using invalid value */ - if (ret != 0) - mbedtls_ecp_point_free(R); - - ECP_RS_LEAVE(rsm); - - return (ret); -} - -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -/* - * For Montgomery curves, we do all the internal arithmetic in projective - * coordinates. Import/export of points uses only the x coordinates, which is - * internaly represented as X / Z. - * - * For scalar multiplication, we'll use a Montgomery ladder. - */ - -/* - * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1 - * Cost: 1M + 1I - */ -static int ecp_normalize_mxz(const mbedtls_ecp_group * grp, mbedtls_ecp_point * P) -{ -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_normalize_mxz(grp, P)); -#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&P->Z, &P->Z, &grp->P)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1)); - -cleanup: - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */ -} - -/* - * Randomize projective x/z coordinates: - * (X, Z) -> (l X, l Z) for random l - * This is sort of the reverse operation of ecp_normalize_mxz(). - * - * This countermeasure was first suggested in [2]. - * Cost: 2M - */ -static int ecp_randomize_mxz(const mbedtls_ecp_group * grp, mbedtls_ecp_point * P, int (*f_rng)(void *, unsigned char *, size_t), - void * p_rng) -{ -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng)); -#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi l; - mbedtls_mpi_init(&l); - - /* Generate l such that 1 < l < p */ - MBEDTLS_MPI_CHK(mbedtls_mpi_random(&l, 2, &grp->P, f_rng, p_rng)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &l)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->Z, &P->Z, &l)); - -cleanup: - mbedtls_mpi_free(&l); - - if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */ -} - -/* - * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q), - * for Montgomery curves in x/z coordinates. - * - * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3 - * with - * d = X1 - * P = (X2, Z2) - * Q = (X3, Z3) - * R = (X4, Z4) - * S = (X5, Z5) - * and eliminating temporary variables tO, ..., t4. - * - * Cost: 5M + 4S - */ -static int ecp_double_add_mxz(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, mbedtls_ecp_point * S, - const mbedtls_ecp_point * P, const mbedtls_ecp_point * Q, const mbedtls_mpi * d) -{ -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - if (mbedtls_internal_ecp_grp_capable(grp)) - return (mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d)); -#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB; - - mbedtls_mpi_init(&A); - mbedtls_mpi_init(&AA); - mbedtls_mpi_init(&B); - mbedtls_mpi_init(&BB); - mbedtls_mpi_init(&E); - mbedtls_mpi_init(&C); - mbedtls_mpi_init(&D); - mbedtls_mpi_init(&DA); - mbedtls_mpi_init(&CB); - - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &A, &P->X, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &AA, &A, &A)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &B, &P->X, &P->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &BB, &B, &B)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &E, &AA, &BB)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &C, &Q->X, &Q->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &D, &Q->X, &Q->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &DA, &D, &A)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &CB, &C, &B)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &S->X, &DA, &CB)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->X, &S->X, &S->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S->Z, &DA, &CB)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, &S->Z, &S->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, d, &S->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->X, &AA, &BB)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &grp->A, &E)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &R->Z, &BB, &R->Z)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &E, &R->Z)); - -cleanup: - mbedtls_mpi_free(&A); - mbedtls_mpi_free(&AA); - mbedtls_mpi_free(&B); - mbedtls_mpi_free(&BB); - mbedtls_mpi_free(&E); - mbedtls_mpi_free(&C); - mbedtls_mpi_free(&D); - mbedtls_mpi_free(&DA); - mbedtls_mpi_free(&CB); - - return (ret); -#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */ -} - -/* - * Multiplication with Montgomery ladder in x/z coordinates, - * for curves in Montgomery form - */ -static int ecp_mul_mxz(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - unsigned char b; - mbedtls_ecp_point RP; - mbedtls_mpi PX; - mbedtls_ecp_point_init(&RP); - mbedtls_mpi_init(&PX); - - if (f_rng == NULL) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - /* Save PX and read from P before writing to R, in case P == R */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&PX, &P->X)); - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&RP, P)); - - /* Set R to zero in modified x/z coordinates */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->X, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 0)); - mbedtls_mpi_free(&R->Y); - - /* RP.X might be sligtly larger than P, so reduce it */ - MOD_ADD(RP.X); - - /* Randomize coordinates of the starting point */ - MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng)); - - /* Loop invariant: R = result so far, RP = R + P */ - i = mbedtls_mpi_bitlen(m); /* one past the (zero-based) most significant bit */ - while (i-- > 0) - { - b = mbedtls_mpi_get_bit(m, i); - /* - * if (b) R = 2R + P else R = 2R, - * which is: - * if (b) double_add( RP, R, RP, R ) - * else double_add( R, RP, R, RP ) - * but using safe conditional swaps to avoid leaks - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b)); - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b)); - MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX)); - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b)); - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b)); - } - - /* - * Knowledge of the projective coordinates may leak the last few bits of the - * scalar [1], and since our MPI implementation isn't constant-flow, - * inversion (used for coordinate normalization) may leak the full value - * of its input via side-channels [2]. - * - * [1] https://eprint.iacr.org/2003/191 - * [2] https://eprint.iacr.org/2020/055 - * - * Avoid the leak by randomizing coordinates before we normalize them. - */ - MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng)); - MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R)); - -cleanup: - mbedtls_ecp_point_free(&RP); - mbedtls_mpi_free(&PX); - - return (ret); -} - -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -/* - * Restartable multiplication R = m * P - * - * This internal function can be called without an RNG in case where we know - * the inputs are not sensitive. - */ -static int ecp_mul_restartable_internal(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, - const mbedtls_ecp_point * P, int (*f_rng)(void *, unsigned char *, size_t), void * p_rng, - mbedtls_ecp_restart_ctx * rs_ctx) -{ - int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - char is_grp_capable = 0; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* reset ops count for this call if top-level */ - if (rs_ctx != NULL && rs_ctx->depth++ == 0) - rs_ctx->ops_done = 0; -#else - (void) rs_ctx; -#endif - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) - MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) - /* skip argument check when restarting */ - if (rs_ctx == NULL || rs_ctx->rsm == NULL) -#endif - { - /* check_privkey is free */ - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_CHK); - - /* Common sanity checks */ - MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); - MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); - } - - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); -#endif - -cleanup: - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if (is_grp_capable) - mbedtls_internal_ecp_free(grp); -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL) - rs_ctx->depth--; -#endif - - return (ret); -} - -/* - * Restartable multiplication R = m * P - */ -int mbedtls_ecp_mul_restartable(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng, mbedtls_ecp_restart_ctx * rs_ctx) -{ - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(R != NULL); - ECP_VALIDATE_RET(m != NULL); - ECP_VALIDATE_RET(P != NULL); - - if (f_rng == NULL) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - - if (GET_WORD_LEN(grp->pbits) <= PKE_OPERAND_MAX_WORD_LEN) - return (ecp_alt_b91_backend_mul(grp, R, m, P)); - - return (ecp_mul_restartable_internal(grp, R, m, P, f_rng, p_rng, rs_ctx)); -} - -/* - * Multiplication R = m * P - */ -int mbedtls_ecp_mul(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng) -{ - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(R != NULL); - ECP_VALIDATE_RET(m != NULL); - ECP_VALIDATE_RET(P != NULL); - return (mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL)); -} - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -/* - * Check that an affine point is valid as a public key, - * short weierstrass curves (SEC1 3.2.3.1) - */ -static int ecp_check_pubkey_sw(const mbedtls_ecp_group * grp, const mbedtls_ecp_point * pt) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi YY, RHS; - - /* pt coordinates must be normalized for our checks */ - if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 || mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 || mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || - mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) - return (MBEDTLS_ERR_ECP_INVALID_KEY); - - mbedtls_mpi_init(&YY); - mbedtls_mpi_init(&RHS); - - /* - * YY = Y^2 - * RHS = X (X^2 + A) + B = X^3 + A X + B - */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &YY, &pt->Y, &pt->Y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &pt->X, &pt->X)); - - /* Special case for A = -3 */ - if (grp->A.p == NULL) - { - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&RHS, &RHS, 3)); - MOD_SUB(RHS); - } - else - { - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->A)); - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &RHS, &pt->X)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->B)); - - if (mbedtls_mpi_cmp_mpi(&YY, &RHS) != 0) - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - -cleanup: - - mbedtls_mpi_free(&YY); - mbedtls_mpi_free(&RHS); - - return (ret); -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -/* - * R = m * P with shortcuts for m == 0, m == 1 and m == -1 - * NOT constant-time - ONLY for short Weierstrass! - */ -static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, - const mbedtls_ecp_point * P, mbedtls_ecp_restart_ctx * rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (mbedtls_mpi_cmp_int(m, 0) == 0) - { - MBEDTLS_MPI_CHK(mbedtls_ecp_set_zero(R)); - } - else if (mbedtls_mpi_cmp_int(m, 1) == 0) - { - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); - } - else if (mbedtls_mpi_cmp_int(m, -1) == 0) - { - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); - if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y)); - } - else - { - MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P, NULL, NULL, rs_ctx)); - } - -cleanup: - return (ret); -} - -/* - * Restartable linear combination - * NOT constant-time - */ -int mbedtls_ecp_muladd_restartable(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, - const mbedtls_ecp_point * P, const mbedtls_mpi * n, const mbedtls_ecp_point * Q, - mbedtls_ecp_restart_ctx * rs_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_point mP; - mbedtls_ecp_point * pmP = &mP; - mbedtls_ecp_point * pR = R; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - char is_grp_capable = 0; -#endif - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(R != NULL); - ECP_VALIDATE_RET(m != NULL); - ECP_VALIDATE_RET(P != NULL); - ECP_VALIDATE_RET(n != NULL); - ECP_VALIDATE_RET(Q != NULL); - - if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - - if (GET_WORD_LEN(grp->pbits) <= PKE_OPERAND_MAX_WORD_LEN) - return (ecp_alt_b91_backend_muladd(grp, R, m, P, n, Q)); - - mbedtls_ecp_point_init(&mP); - - ECP_RS_ENTER(ma); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) - { - /* redirect intermediate results to restart context */ - pmP = &rs_ctx->ma->mP; - pR = &rs_ctx->ma->R; - - /* jump to next operation */ - if (rs_ctx->ma->state == ecp_rsma_mul2) - goto mul2; - if (rs_ctx->ma->state == ecp_rsma_add) - goto add; - if (rs_ctx->ma->state == ecp_rsma_norm) - goto norm; - } -#endif /* MBEDTLS_ECP_RESTARTABLE */ - - MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) - rs_ctx->ma->state = ecp_rsma_mul2; - -mul2: -#endif - MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) - MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) - rs_ctx->ma->state = ecp_rsma_add; - -add: -#endif - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_ADD); - MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR)); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) - rs_ctx->ma->state = ecp_rsma_norm; - -norm: -#endif - MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); - MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && rs_ctx->ma != NULL) - MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, pR)); -#endif - -cleanup: -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if (is_grp_capable) - mbedtls_internal_ecp_free(grp); -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - - mbedtls_ecp_point_free(&mP); - - ECP_RS_LEAVE(ma); - - return (ret); -} - -/* - * Linear combination - * NOT constant-time - */ -int mbedtls_ecp_muladd(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, - const mbedtls_mpi * n, const mbedtls_ecp_point * Q) -{ - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(R != NULL); - ECP_VALIDATE_RET(m != NULL); - ECP_VALIDATE_RET(P != NULL); - ECP_VALIDATE_RET(n != NULL); - ECP_VALIDATE_RET(Q != NULL); - return (mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL)); -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#define ECP_MPI_INIT(s, n, p) \ - { \ - s, (n), (mbedtls_mpi_uint *) (p) \ - } -#define ECP_MPI_INIT_ARRAY(x) ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x) -/* - * Constants for the two points other than 0, 1, -1 (mod p) in - * https://cr.yp.to/ecdh.html#validate - * See ecp_check_pubkey_x25519(). - */ -static const mbedtls_mpi_uint x25519_bad_point_1[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a), - MBEDTLS_BYTES_TO_T_UINT_8(0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00), -}; -static const mbedtls_mpi_uint x25519_bad_point_2[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57), -}; -static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY(x25519_bad_point_1); -static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY(x25519_bad_point_2); -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ - -/* - * Check that the input point is not one of the low-order points. - * This is recommended by the "May the Fourth" paper: - * https://eprint.iacr.org/2017/806.pdf - * Those points are never sent by an honest peer. - */ -static int ecp_check_bad_points_mx(const mbedtls_mpi * X, const mbedtls_mpi * P, const mbedtls_ecp_group_id grp_id) -{ - int ret; - mbedtls_mpi XmP; - - mbedtls_mpi_init(&XmP); - - /* Reduce X mod P so that we only need to check values less than P. - * We know X < 2^256 so we can proceed by subtraction. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&XmP, X)); - while (mbedtls_mpi_cmp_mpi(&XmP, P) >= 0) - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&XmP, &XmP, P)); - - /* Check against the known bad values that are less than P. For Curve448 - * these are 0, 1 and -1. For Curve25519 we check the values less than P - * from the following list: https://cr.yp.to/ecdh.html#validate */ - if (mbedtls_mpi_cmp_int(&XmP, 1) <= 0) /* takes care of 0 and 1 */ - { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - if (grp_id == MBEDTLS_ECP_DP_CURVE25519) - { - if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_1) == 0) - { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - - if (mbedtls_mpi_cmp_mpi(&XmP, &ecp_x25519_bad_point_2) == 0) - { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - } -#else - (void) grp_id; -#endif - - /* Final check: check if XmP + 1 is P (final because it changes XmP!) */ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&XmP, &XmP, 1)); - if (mbedtls_mpi_cmp_mpi(&XmP, P) == 0) - { - ret = MBEDTLS_ERR_ECP_INVALID_KEY; - goto cleanup; - } - - ret = 0; - -cleanup: - mbedtls_mpi_free(&XmP); - - return (ret); -} - -/* - * Check validity of a public key for Montgomery curves with x-only schemes - */ -static int ecp_check_pubkey_mx(const mbedtls_ecp_group * grp, const mbedtls_ecp_point * pt) -{ - /* [Curve25519 p. 5] Just check X is the correct number of bytes */ - /* Allow any public value, if it's too big then we'll just reduce it mod p - * (RFC 7748 sec. 5 para. 3). */ - if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) - return (MBEDTLS_ERR_ECP_INVALID_KEY); - - /* Implicit in all standards (as they don't consider negative numbers): - * X must be non-negative. This is normally ensured by the way it's - * encoded for transmission, but let's be extra sure. */ - if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0) - return (MBEDTLS_ERR_ECP_INVALID_KEY); - - return (ecp_check_bad_points_mx(&pt->X, &grp->P, grp->id)); -} -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -/* - * Check that a point is valid as a public key - */ -int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group * grp, const mbedtls_ecp_point * pt) -{ - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(pt != NULL); - - /* Must use affine coordinates */ - if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) - return (MBEDTLS_ERR_ECP_INVALID_KEY); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - return (ecp_check_pubkey_mx(grp, pt)); -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (GET_WORD_LEN(grp->pbits) <= PKE_OPERAND_MAX_WORD_LEN) - { - } - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - if (GET_WORD_LEN(grp->pbits) <= PKE_OPERAND_MAX_WORD_LEN) - return (ecp_alt_b91_backend_check_pubkey(grp, pt)); - else - return (ecp_check_pubkey_sw(grp, pt)); - } -#endif - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); -} - -/* - * Check that an mbedtls_mpi is valid as a private key - */ -int mbedtls_ecp_check_privkey(const mbedtls_ecp_group * grp, const mbedtls_mpi * d) -{ - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(d != NULL); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - { - /* see RFC 7748 sec. 5 para. 5 */ - if (mbedtls_mpi_get_bit(d, 0) != 0 || mbedtls_mpi_get_bit(d, 1) != 0 || - mbedtls_mpi_bitlen(d) - 1 != grp->nbits) /* mbedtls_mpi_bitlen is one-based! */ - return (MBEDTLS_ERR_ECP_INVALID_KEY); - - /* see [Curve25519] page 5 */ - if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) - return (MBEDTLS_ERR_ECP_INVALID_KEY); - - return (0); - } -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - /* see SEC1 3.2 */ - if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) - return (MBEDTLS_ERR_ECP_INVALID_KEY); - else - return (0); - } -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); -} - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_gen_privkey_mx(size_t high_bit, mbedtls_mpi * d, int (*f_rng)(void *, unsigned char *, size_t), void * p_rng) -{ - int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - size_t n_random_bytes = high_bit / 8 + 1; - - /* [Curve25519] page 5 */ - /* Generate a (high_bit+1)-bit random number by generating just enough - * random bytes, then shifting out extra bits from the top (necessary - * when (high_bit+1) is not a multiple of 8). */ - MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(d, n_random_bytes, f_rng, p_rng)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(d, 8 * n_random_bytes - high_bit - 1)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, high_bit, 1)); - - /* Make sure the last two bits are unset for Curve448, three bits for - Curve25519 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 0, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 1, 0)); - if (high_bit == 254) - { - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 2, 0)); - } - -cleanup: - return (ret); -} -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -static int mbedtls_ecp_gen_privkey_sw(const mbedtls_mpi * N, mbedtls_mpi * d, int (*f_rng)(void *, unsigned char *, size_t), - void * p_rng) -{ - int ret = mbedtls_mpi_random(d, 1, N, f_rng, p_rng); - switch (ret) - { - case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: - return (MBEDTLS_ERR_ECP_RANDOM_FAILED); - default: - return (ret); - } -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -/* - * Generate a private key - */ -int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group * grp, mbedtls_mpi * d, int (*f_rng)(void *, unsigned char *, size_t), - void * p_rng) -{ - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(d != NULL); - ECP_VALIDATE_RET(f_rng != NULL); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - return (mbedtls_ecp_gen_privkey_mx(grp->nbits, d, f_rng, p_rng)); -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - return (mbedtls_ecp_gen_privkey_sw(&grp->N, d, f_rng, p_rng)); -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); -} - -/* - * Generate a keypair with configurable base point - */ -int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group * grp, const mbedtls_ecp_point * G, mbedtls_mpi * d, mbedtls_ecp_point * Q, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(d != NULL); - ECP_VALIDATE_RET(G != NULL); - ECP_VALIDATE_RET(Q != NULL); - ECP_VALIDATE_RET(f_rng != NULL); - - MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng)); - -cleanup: - return (ret); -} - -/* - * Generate key pair, wrapper for conventional base point - */ -int mbedtls_ecp_gen_keypair(mbedtls_ecp_group * grp, mbedtls_mpi * d, mbedtls_ecp_point * Q, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng) -{ - ECP_VALIDATE_RET(grp != NULL); - ECP_VALIDATE_RET(d != NULL); - ECP_VALIDATE_RET(Q != NULL); - ECP_VALIDATE_RET(f_rng != NULL); - - return (mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng)); -} - -/* - * Generate a keypair, prettier wrapper - */ -int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair * key, int (*f_rng)(void *, unsigned char *, size_t), - void * p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET(key != NULL); - ECP_VALIDATE_RET(f_rng != NULL); - - if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) - return (ret); - - return (mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng)); -} - -#define ECP_CURVE25519_KEY_SIZE 32 -/* - * Read a private key. - */ -int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair * key, const unsigned char * buf, size_t buflen) -{ - int ret = 0; - - ECP_VALIDATE_RET(key != NULL); - ECP_VALIDATE_RET(buf != NULL); - - if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) - return (ret); - - ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - { - /* - * If it is Curve25519 curve then mask the key as mandated by RFC7748 - */ - if (grp_id == MBEDTLS_ECP_DP_CURVE25519) - { - if (buflen != ECP_CURVE25519_KEY_SIZE) - return MBEDTLS_ERR_ECP_INVALID_KEY; - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen)); - - /* Set the three least significant bits to 0 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 2, 0)); - - /* Set the most significant bit to 0 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, ECP_CURVE25519_KEY_SIZE * 8 - 1, 0)); - - /* Set the second most significant bit to 1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, ECP_CURVE25519_KEY_SIZE * 8 - 2, 1)); - } - else - ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - } - -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen)); - - MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); - } - -#endif -cleanup: - - if (ret != 0) - mbedtls_mpi_free(&key->d); - - return (ret); -} - -/* - * Write a private key. - */ -int mbedtls_ecp_write_key(mbedtls_ecp_keypair * key, unsigned char * buf, size_t buflen) -{ - int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - - ECP_VALIDATE_RET(key != NULL); - ECP_VALIDATE_RET(buf != NULL); - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - { - if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) - { - if (buflen < ECP_CURVE25519_KEY_SIZE) - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&key->d, buf, buflen)); - } - else - ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - } - -#endif -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&key->d, buf, buflen)); - } - -#endif -cleanup: - - return (ret); -} - -/* - * Check a public-private key pair - */ -int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair * pub, const mbedtls_ecp_keypair * prv, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_point Q; - mbedtls_ecp_group grp; - ECP_VALIDATE_RET(pub != NULL); - ECP_VALIDATE_RET(prv != NULL); - - if (pub->grp.id == MBEDTLS_ECP_DP_NONE || pub->grp.id != prv->grp.id || mbedtls_mpi_cmp_mpi(&pub->Q.X, &prv->Q.X) || - mbedtls_mpi_cmp_mpi(&pub->Q.Y, &prv->Q.Y) || mbedtls_mpi_cmp_mpi(&pub->Q.Z, &prv->Q.Z)) - { - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - } - - mbedtls_ecp_point_init(&Q); - mbedtls_ecp_group_init(&grp); - - /* mbedtls_ecp_mul() needs a non-const group... */ - mbedtls_ecp_group_copy(&grp, &prv->grp); - - /* Also checks d is valid */ - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng)); - - if (mbedtls_mpi_cmp_mpi(&Q.X, &prv->Q.X) || mbedtls_mpi_cmp_mpi(&Q.Y, &prv->Q.Y) || mbedtls_mpi_cmp_mpi(&Q.Z, &prv->Q.Z)) - { - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - goto cleanup; - } - -cleanup: - mbedtls_ecp_point_free(&Q); - mbedtls_ecp_group_free(&grp); - - return (ret); -} - -#if defined(MBEDTLS_SELF_TEST) - -/* - * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!! - * - * This is the linear congruential generator from numerical recipes, - * except we only use the low byte as the output. See - * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use - */ -static int self_test_rng(void * ctx, unsigned char * out, size_t len) -{ - static uint32_t state = 42; - - (void) ctx; - - for (size_t i = 0; i < len; i++) - { - state = state * 1664525u + 1013904223u; - out[i] = (unsigned char) state; - } - - return (0); -} - -/* Adjust the exponent to be a valid private point for the specified curve. - * This is sometimes necessary because we use a single set of exponents - * for all curves but the validity of values depends on the curve. */ -static int self_test_adjust_exponent(const mbedtls_ecp_group * grp, mbedtls_mpi * m) -{ - int ret = 0; - switch (grp->id) - { - /* If Curve25519 is available, then that's what we use for the - * Montgomery test, so we don't need the adjustment code. */ -#if !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - case MBEDTLS_ECP_DP_CURVE448: - /* Move highest bit from 254 to N-1. Setting bit N-1 is - * necessary to enforce the highest-bit-set constraint. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, 254, 0)); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1)); - /* Copy second-highest bit from 253 to N-2. This is not - * necessary but improves the test variety a bit. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits - 1, mbedtls_mpi_get_bit(m, 253))); - break; -#endif -#endif /* ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) */ - default: - /* Non-Montgomery curves and Curve25519 need no adjustment. */ - (void) grp; - (void) m; - goto cleanup; - } -cleanup: - return (ret); -} - -/* Calculate R = m.P for each m in exponents. Check that the number of - * basic operations doesn't depend on the value of m. */ -static int self_test_point(int verbose, mbedtls_ecp_group * grp, mbedtls_ecp_point * R, mbedtls_mpi * m, - const mbedtls_ecp_point * P, const char * const * exponents, size_t n_exponents) -{ - int ret = 0; - size_t i = 0; - unsigned long add_c_prev, dbl_c_prev, mul_c_prev; - add_count = 0; - dbl_count = 0; - mul_count = 0; - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[0])); - MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); - - for (i = 1; i < n_exponents; i++) - { - add_c_prev = add_count; - dbl_c_prev = dbl_count; - mul_c_prev = mul_count; - add_count = 0; - dbl_count = 0; - mul_count = 0; - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[i])); - MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, self_test_rng, NULL)); - - if (add_count != add_c_prev || dbl_count != dbl_c_prev || mul_count != mul_c_prev) - { - ret = 1; - break; - } - } - -cleanup: - if (verbose != 0) - { - if (ret != 0) - mbedtls_printf("failed (%u)\n", (unsigned int) i); - else - mbedtls_printf("passed\n"); - } - return (ret); -} - -/* - * Checkup routine - */ -int mbedtls_ecp_self_test(int verbose) -{ - if (__ecp_alt_b91_skip_internal_self_tests) - return ecp_alt_b91_backend_test(verbose); - - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_group grp; - mbedtls_ecp_point R, P; - mbedtls_mpi m; - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - /* Exponents especially adapted for secp192k1, which has the lowest - * order n of all supported curves (secp192r1 is in a slightly larger - * field but the order of its base point is slightly smaller). */ - const char * sw_exponents[] = { - "000000000000000000000000000000000000000000000001", /* one */ - "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8C", /* n - 1 */ - "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */ - "400000000000000000000000000000000000000000000000", /* one and zeros */ - "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", /* all ones */ - "555555555555555555555555555555555555555555555555", /* 101010... */ - }; -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - const char * m_exponents[] = { - /* Valid private values for Curve25519. In a build with Curve448 - * but not Curve25519, they will be adjusted in - * self_test_adjust_exponent(). */ - "4000000000000000000000000000000000000000000000000000000000000000", - "5C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C30", - "5715ECCE24583F7A7023C24164390586842E816D7280A49EF6DF4EAE6B280BF8", - "41A2B017516F6D254E1F002BCCBADD54BE30F8CEC737A0E912B4963B6BA74460", - "5555555555555555555555555555555555555555555555555555555555555550", - "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8", - }; -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - - mbedtls_ecp_group_init(&grp); - mbedtls_ecp_point_init(&R); - mbedtls_ecp_point_init(&P); - mbedtls_mpi_init(&m); - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - /* Use secp192r1 if available, or any available curve */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1)); -#else - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id)); -#endif - - if (verbose != 0) - mbedtls_printf(" ECP SW test #1 (constant op_count, base point G): "); - /* Do a dummy multiplication first to trigger precomputation */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&m, 2)); - MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, self_test_rng, NULL)); - ret = self_test_point(verbose, &grp, &R, &m, &grp.G, sw_exponents, sizeof(sw_exponents) / sizeof(sw_exponents[0])); - if (ret != 0) - goto cleanup; - - if (verbose != 0) - mbedtls_printf(" ECP SW test #2 (constant op_count, other point): "); - /* We computed P = 2G last time, use it */ - ret = self_test_point(verbose, &grp, &R, &m, &P, sw_exponents, sizeof(sw_exponents) / sizeof(sw_exponents[0])); - if (ret != 0) - goto cleanup; - - mbedtls_ecp_group_free(&grp); - mbedtls_ecp_point_free(&R); -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (verbose != 0) - mbedtls_printf(" ECP Montgomery test (constant op_count): "); -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519)); -#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448)); -#else -#error "MBEDTLS_ECP_MONTGOMERY_ENABLED is defined, but no curve is supported for self-test" -#endif - ret = self_test_point(verbose, &grp, &R, &m, &grp.G, m_exponents, sizeof(m_exponents) / sizeof(m_exponents[0])); - if (ret != 0) - goto cleanup; -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -cleanup: - - if (ret < 0 && verbose != 0) - mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret); - - mbedtls_ecp_group_free(&grp); - mbedtls_ecp_point_free(&R); - mbedtls_ecp_point_free(&P); - mbedtls_mpi_free(&m); - - if (verbose != 0) - mbedtls_printf("\n"); - - return (ret); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* !MBEDTLS_ECP_ALT */ - -#endif /* MBEDTLS_ECP_C */ diff --git a/src/platform/telink/crypto/internal/compatibility/ecp_curves_alt.c b/src/platform/telink/crypto/internal/compatibility/ecp_curves_alt.c deleted file mode 100644 index eee2275b019de5..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/ecp_curves_alt.c +++ /dev/null @@ -1,5490 +0,0 @@ -/* - * Elliptic curves over GF(p): curve-specific data and functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "../common.h" - -#if defined(MBEDTLS_ECP_C) - -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" -#include "mbedtls/platform_util.h" - -#include "bn_mul.h" -#include "ecp_invasive.h" - -#include - -#if defined(MBEDTLS_ECP_ALT) - -/* Parameter validation macros based on platform_util.h */ -#define ECP_VALIDATE_RET(cond) MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) -#define ECP_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) - -#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - -#define ECP_MPI_INIT(s, n, p) \ - { \ - s, (n), (mbedtls_mpi_uint *) (p) \ - } - -#define ECP_MPI_INIT_ARRAY(x) ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x) - -#define ECP_POINT_INIT_XY_Z0(x, y) \ - { \ - ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 0, NULL) \ - } -#define ECP_POINT_INIT_XY_Z1(x, y) \ - { \ - ECP_MPI_INIT_ARRAY(x), ECP_MPI_INIT_ARRAY(y), ECP_MPI_INIT(1, 1, mpi_one) \ - } - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -/* For these curves, we build the group parameters dynamically. */ -#define ECP_LOAD_GROUP -static mbedtls_mpi_uint mpi_one[] = { 1 }; -#endif - -/* - * Note: the constants are in little-endian order - * to be directly usable in MPIs - */ - -/* - * Domain parameters for secp192r1 - */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -static const mbedtls_mpi_uint secp192r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; -static const mbedtls_mpi_uint secp192r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64), -}; -static const mbedtls_mpi_uint secp192r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18), -}; -static const mbedtls_mpi_uint secp192r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07), -}; -static const mbedtls_mpi_uint secp192r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp192r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18), -}; -static const mbedtls_mpi_uint secp192r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07), -}; -static const mbedtls_mpi_uint secp192r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED), -}; -static const mbedtls_mpi_uint secp192r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E), -}; -static const mbedtls_mpi_uint secp192r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E), -}; -static const mbedtls_mpi_uint secp192r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14), -}; -static const mbedtls_mpi_uint secp192r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2), -}; -static const mbedtls_mpi_uint secp192r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB), -}; -static const mbedtls_mpi_uint secp192r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7), -}; -static const mbedtls_mpi_uint secp192r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2), -}; -static const mbedtls_mpi_uint secp192r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62), -}; -static const mbedtls_mpi_uint secp192r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC), -}; -static const mbedtls_mpi_uint secp192r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F), -}; -static const mbedtls_mpi_uint secp192r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55), -}; -static const mbedtls_mpi_uint secp192r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF), -}; -static const mbedtls_mpi_uint secp192r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31), -}; -static const mbedtls_mpi_uint secp192r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC), -}; -static const mbedtls_mpi_uint secp192r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83), -}; -static const mbedtls_mpi_uint secp192r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98), -}; -static const mbedtls_mpi_uint secp192r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5), -}; -static const mbedtls_mpi_uint secp192r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD), -}; -static const mbedtls_mpi_uint secp192r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F), -}; -static const mbedtls_mpi_uint secp192r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD), -}; -static const mbedtls_mpi_uint secp192r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A), -}; -static const mbedtls_mpi_uint secp192r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66), -}; -static const mbedtls_mpi_uint secp192r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7), -}; -static const mbedtls_mpi_uint secp192r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45), -}; -static const mbedtls_mpi_uint secp192r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71), -}; -static const mbedtls_mpi_uint secp192r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC), -}; -static const mbedtls_mpi_uint secp192r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2), -}; -static const mbedtls_mpi_uint secp192r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4), - MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48), -}; -static const mbedtls_mpi_uint secp192r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C), -}; -static const mbedtls_ecp_point secp192r1_T[16] = { - ECP_POINT_INIT_XY_Z1(secp192r1_T_0_X, secp192r1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_1_X, secp192r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp192r1_T_2_X, secp192r1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_3_X, secp192r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp192r1_T_4_X, secp192r1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_5_X, secp192r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp192r1_T_6_X, secp192r1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_7_X, secp192r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp192r1_T_8_X, secp192r1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_9_X, secp192r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp192r1_T_10_X, secp192r1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_11_X, secp192r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp192r1_T_12_X, secp192r1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_13_X, secp192r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp192r1_T_14_X, secp192r1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp192r1_T_15_X, secp192r1_T_15_Y), -}; -#else -#define secp192r1_T NULL -#endif -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ - -/* - * Domain parameters for secp224r1 - */ -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -static const mbedtls_mpi_uint secp224r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C), - MBEDTLS_BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4), -}; -static const mbedtls_mpi_uint secp224r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7), -}; -static const mbedtls_mpi_uint secp224r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD), -}; -static const mbedtls_mpi_uint secp224r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), -}; -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp224r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76), - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79), - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_ecp_point secp224r1_T[16] = { - ECP_POINT_INIT_XY_Z1(secp224r1_T_0_X, secp224r1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_1_X, secp224r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp224r1_T_2_X, secp224r1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_3_X, secp224r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp224r1_T_4_X, secp224r1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_5_X, secp224r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp224r1_T_6_X, secp224r1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_7_X, secp224r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp224r1_T_8_X, secp224r1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_9_X, secp224r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp224r1_T_10_X, secp224r1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_11_X, secp224r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp224r1_T_12_X, secp224r1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_13_X, secp224r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp224r1_T_14_X, secp224r1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp224r1_T_15_X, secp224r1_T_15_Y), -}; -#else -#define secp224r1_T NULL -#endif -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - -/* - * Domain parameters for secp256r1 - */ -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -static const mbedtls_mpi_uint secp256r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), -}; -static const mbedtls_mpi_uint secp256r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A), -}; -static const mbedtls_mpi_uint secp256r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B), -}; -static const mbedtls_mpi_uint secp256r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F), -}; -static const mbedtls_mpi_uint secp256r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), -}; -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp256r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B), -}; -static const mbedtls_mpi_uint secp256r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F), -}; -static const mbedtls_mpi_uint secp256r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C), -}; -static const mbedtls_mpi_uint secp256r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4), -}; -static const mbedtls_mpi_uint secp256r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6), -}; -static const mbedtls_mpi_uint secp256r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20), -}; -static const mbedtls_mpi_uint secp256r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62), -}; -static const mbedtls_mpi_uint secp256r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7), -}; -static const mbedtls_mpi_uint secp256r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00), -}; -static const mbedtls_mpi_uint secp256r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03), -}; -static const mbedtls_mpi_uint secp256r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C), -}; -static const mbedtls_mpi_uint secp256r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3), -}; -static const mbedtls_mpi_uint secp256r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED), -}; -static const mbedtls_mpi_uint secp256r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3), -}; -static const mbedtls_mpi_uint secp256r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95), -}; -static const mbedtls_mpi_uint secp256r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68), -}; -static const mbedtls_mpi_uint secp256r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54), -}; -static const mbedtls_mpi_uint secp256r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43), - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6), -}; -static const mbedtls_mpi_uint secp256r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE), -}; -static const mbedtls_mpi_uint secp256r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48), - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4), -}; -static const mbedtls_mpi_uint secp256r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86), -}; -static const mbedtls_mpi_uint secp256r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16), -}; -static const mbedtls_mpi_uint secp256r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18), -}; -static const mbedtls_mpi_uint secp256r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C), -}; -static const mbedtls_mpi_uint secp256r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6), -}; -static const mbedtls_mpi_uint secp256r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF), -}; -static const mbedtls_mpi_uint secp256r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E), -}; -static const mbedtls_mpi_uint secp256r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44), -}; -static const mbedtls_mpi_uint secp256r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4), -}; -static const mbedtls_mpi_uint secp256r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7), -}; -static const mbedtls_mpi_uint secp256r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82), -}; -static const mbedtls_mpi_uint secp256r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43), -}; -static const mbedtls_ecp_point secp256r1_T[16] = { - ECP_POINT_INIT_XY_Z1(secp256r1_T_0_X, secp256r1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_1_X, secp256r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp256r1_T_2_X, secp256r1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_3_X, secp256r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp256r1_T_4_X, secp256r1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_5_X, secp256r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp256r1_T_6_X, secp256r1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_7_X, secp256r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp256r1_T_8_X, secp256r1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_9_X, secp256r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp256r1_T_10_X, secp256r1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_11_X, secp256r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp256r1_T_12_X, secp256r1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_13_X, secp256r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp256r1_T_14_X, secp256r1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp256r1_T_15_X, secp256r1_T_15_Y), -}; -#else -#define secp256r1_T NULL -#endif - -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -/* - * Domain parameters for secp384r1 - */ -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -static const mbedtls_mpi_uint secp384r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; -static const mbedtls_mpi_uint secp384r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3), -}; -static const mbedtls_mpi_uint secp384r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA), -}; -static const mbedtls_mpi_uint secp384r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36), -}; -static const mbedtls_mpi_uint secp384r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp384r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA), -}; -static const mbedtls_mpi_uint secp384r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36), -}; -static const mbedtls_mpi_uint secp384r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD), -}; -static const mbedtls_mpi_uint secp384r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23), -}; -static const mbedtls_mpi_uint secp384r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE), -}; -static const mbedtls_mpi_uint secp384r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3), -}; -static const mbedtls_mpi_uint secp384r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD), -}; -static const mbedtls_mpi_uint secp384r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F), -}; -static const mbedtls_mpi_uint secp384r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA), -}; -static const mbedtls_mpi_uint secp384r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16), - MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48), -}; -static const mbedtls_mpi_uint secp384r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A), -}; -static const mbedtls_mpi_uint secp384r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08), -}; -static const mbedtls_mpi_uint secp384r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F), -}; -static const mbedtls_mpi_uint secp384r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74), -}; -static const mbedtls_mpi_uint secp384r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03), -}; -static const mbedtls_mpi_uint secp384r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB), -}; -static const mbedtls_mpi_uint secp384r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF), -}; -static const mbedtls_mpi_uint secp384r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97), -}; -static const mbedtls_mpi_uint secp384r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71), -}; -static const mbedtls_mpi_uint secp384r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5), -}; -static const mbedtls_mpi_uint secp384r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91), -}; -static const mbedtls_mpi_uint secp384r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5), -}; -static const mbedtls_mpi_uint secp384r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15), -}; -static const mbedtls_mpi_uint secp384r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98), -}; -static const mbedtls_mpi_uint secp384r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F), -}; -static const mbedtls_mpi_uint secp384r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10), -}; -static const mbedtls_mpi_uint secp384r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1), -}; -static const mbedtls_mpi_uint secp384r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0), -}; -static const mbedtls_mpi_uint secp384r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC), -}; -static const mbedtls_mpi_uint secp384r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6), -}; -static const mbedtls_mpi_uint secp384r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A), -}; -static const mbedtls_mpi_uint secp384r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53), -}; -static const mbedtls_mpi_uint secp384r1_T_16_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC), -}; -static const mbedtls_mpi_uint secp384r1_T_16_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85), -}; -static const mbedtls_mpi_uint secp384r1_T_17_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23), -}; -static const mbedtls_mpi_uint secp384r1_T_17_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3), -}; -static const mbedtls_mpi_uint secp384r1_T_18_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6), -}; -static const mbedtls_mpi_uint secp384r1_T_18_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C), - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67), -}; -static const mbedtls_mpi_uint secp384r1_T_19_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC), -}; -static const mbedtls_mpi_uint secp384r1_T_19_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA), -}; -static const mbedtls_mpi_uint secp384r1_T_20_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE), -}; -static const mbedtls_mpi_uint secp384r1_T_20_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05), -}; -static const mbedtls_mpi_uint secp384r1_T_21_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA), -}; -static const mbedtls_mpi_uint secp384r1_T_21_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31), - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF), -}; -static const mbedtls_mpi_uint secp384r1_T_22_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A), - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63), -}; -static const mbedtls_mpi_uint secp384r1_T_22_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0), - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1), -}; -static const mbedtls_mpi_uint secp384r1_T_23_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D), -}; -static const mbedtls_mpi_uint secp384r1_T_23_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D), -}; -static const mbedtls_mpi_uint secp384r1_T_24_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF), -}; -static const mbedtls_mpi_uint secp384r1_T_24_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71), -}; -static const mbedtls_mpi_uint secp384r1_T_25_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B), -}; -static const mbedtls_mpi_uint secp384r1_T_25_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F), -}; -static const mbedtls_mpi_uint secp384r1_T_26_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E), -}; -static const mbedtls_mpi_uint secp384r1_T_26_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2), -}; -static const mbedtls_mpi_uint secp384r1_T_27_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7), -}; -static const mbedtls_mpi_uint secp384r1_T_27_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21), -}; -static const mbedtls_mpi_uint secp384r1_T_28_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6), -}; -static const mbedtls_mpi_uint secp384r1_T_28_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4), - MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80), - MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E), -}; -static const mbedtls_mpi_uint secp384r1_T_29_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6), -}; -static const mbedtls_mpi_uint secp384r1_T_29_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42), -}; -static const mbedtls_mpi_uint secp384r1_T_30_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C), - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12), -}; -static const mbedtls_mpi_uint secp384r1_T_30_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B), - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77), -}; -static const mbedtls_mpi_uint secp384r1_T_31_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B), -}; -static const mbedtls_mpi_uint secp384r1_T_31_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41), -}; -static const mbedtls_ecp_point secp384r1_T[32] = { - ECP_POINT_INIT_XY_Z1(secp384r1_T_0_X, secp384r1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_1_X, secp384r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_2_X, secp384r1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_3_X, secp384r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_4_X, secp384r1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_5_X, secp384r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_6_X, secp384r1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_7_X, secp384r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_8_X, secp384r1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_9_X, secp384r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_10_X, secp384r1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_11_X, secp384r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_12_X, secp384r1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_13_X, secp384r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_14_X, secp384r1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_15_X, secp384r1_T_15_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_16_X, secp384r1_T_16_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_17_X, secp384r1_T_17_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_18_X, secp384r1_T_18_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_19_X, secp384r1_T_19_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_20_X, secp384r1_T_20_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_21_X, secp384r1_T_21_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_22_X, secp384r1_T_22_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_23_X, secp384r1_T_23_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_24_X, secp384r1_T_24_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_25_X, secp384r1_T_25_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_26_X, secp384r1_T_26_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_27_X, secp384r1_T_27_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_28_X, secp384r1_T_28_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_29_X, secp384r1_T_29_Y), - ECP_POINT_INIT_XY_Z0(secp384r1_T_30_X, secp384r1_T_30_Y), ECP_POINT_INIT_XY_Z0(secp384r1_T_31_X, secp384r1_T_31_Y), -}; -#else -#define secp384r1_T NULL -#endif - -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -/* - * Domain parameters for secp521r1 - */ -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -static const mbedtls_mpi_uint secp521r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01), -}; -static const mbedtls_mpi_uint secp521r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95), - MBEDTLS_BYTES_TO_T_UINT_2(0x51, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85), - MBEDTLS_BYTES_TO_T_UINT_2(0xC6, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39), - MBEDTLS_BYTES_TO_T_UINT_2(0x18, 0x01), -}; -static const mbedtls_mpi_uint secp521r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_2(0xFF, 0x01), -}; -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp521r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA), - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48), - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF), - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09), - MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07), - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D), - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91), - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_16_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31), - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_16_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_17_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_17_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_18_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_18_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70), - MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_19_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C), - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_19_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA), - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_20_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_20_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8), - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0), - MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_21_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA), - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_21_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_22_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_22_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_23_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43), - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_23_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_24_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC), - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_24_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_25_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_25_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_26_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_26_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25), - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_27_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_27_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35), - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_28_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_28_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_29_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_29_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F), - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_30_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_30_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_31_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1), - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE), - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp521r1_T_31_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_ecp_point secp521r1_T[32] = { - ECP_POINT_INIT_XY_Z1(secp521r1_T_0_X, secp521r1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_1_X, secp521r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_2_X, secp521r1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_3_X, secp521r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_4_X, secp521r1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_5_X, secp521r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_6_X, secp521r1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_7_X, secp521r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_8_X, secp521r1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_9_X, secp521r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_10_X, secp521r1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_11_X, secp521r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_12_X, secp521r1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_13_X, secp521r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_14_X, secp521r1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_15_X, secp521r1_T_15_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_16_X, secp521r1_T_16_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_17_X, secp521r1_T_17_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_18_X, secp521r1_T_18_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_19_X, secp521r1_T_19_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_20_X, secp521r1_T_20_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_21_X, secp521r1_T_21_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_22_X, secp521r1_T_22_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_23_X, secp521r1_T_23_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_24_X, secp521r1_T_24_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_25_X, secp521r1_T_25_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_26_X, secp521r1_T_26_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_27_X, secp521r1_T_27_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_28_X, secp521r1_T_28_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_29_X, secp521r1_T_29_Y), - ECP_POINT_INIT_XY_Z0(secp521r1_T_30_X, secp521r1_T_30_Y), ECP_POINT_INIT_XY_Z0(secp521r1_T_31_X, secp521r1_T_31_Y), -}; -#else -#define secp521r1_T NULL -#endif -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -static const mbedtls_mpi_uint secp192k1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; -static const mbedtls_mpi_uint secp192k1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), -}; -static const mbedtls_mpi_uint secp192k1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_2(0x03, 0x00), -}; -static const mbedtls_mpi_uint secp192k1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB), -}; -static const mbedtls_mpi_uint secp192k1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B), -}; -static const mbedtls_mpi_uint secp192k1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; - -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp192k1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB), -}; -static const mbedtls_mpi_uint secp192k1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B), -}; -static const mbedtls_mpi_uint secp192k1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9), - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54), - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E), -}; -static const mbedtls_mpi_uint secp192k1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9), - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7), -}; -static const mbedtls_mpi_uint secp192k1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28), -}; -static const mbedtls_mpi_uint secp192k1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4), -}; -static const mbedtls_mpi_uint secp192k1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54), - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C), -}; -static const mbedtls_mpi_uint secp192k1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A), -}; -static const mbedtls_mpi_uint secp192k1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF), -}; -static const mbedtls_mpi_uint secp192k1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F), -}; -static const mbedtls_mpi_uint secp192k1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9), -}; -static const mbedtls_mpi_uint secp192k1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D), -}; -static const mbedtls_mpi_uint secp192k1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5), -}; -static const mbedtls_mpi_uint secp192k1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B), -}; -static const mbedtls_mpi_uint secp192k1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC), -}; -static const mbedtls_mpi_uint secp192k1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91), - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E), -}; -static const mbedtls_mpi_uint secp192k1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82), -}; -static const mbedtls_mpi_uint secp192k1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22), -}; -static const mbedtls_mpi_uint secp192k1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05), -}; -static const mbedtls_mpi_uint secp192k1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96), -}; -static const mbedtls_mpi_uint secp192k1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D), -}; -static const mbedtls_mpi_uint secp192k1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D), -}; -static const mbedtls_mpi_uint secp192k1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7), - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67), -}; -static const mbedtls_mpi_uint secp192k1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C), -}; -static const mbedtls_mpi_uint secp192k1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF), -}; -static const mbedtls_mpi_uint secp192k1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD), -}; -static const mbedtls_mpi_uint secp192k1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8), -}; -static const mbedtls_mpi_uint secp192k1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9), -}; -static const mbedtls_mpi_uint secp192k1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76), -}; -static const mbedtls_mpi_uint secp192k1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35), -}; -static const mbedtls_mpi_uint secp192k1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63), -}; -static const mbedtls_mpi_uint secp192k1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8), -}; -static const mbedtls_ecp_point secp192k1_T[16] = { - ECP_POINT_INIT_XY_Z1(secp192k1_T_0_X, secp192k1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_1_X, secp192k1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp192k1_T_2_X, secp192k1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_3_X, secp192k1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp192k1_T_4_X, secp192k1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_5_X, secp192k1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp192k1_T_6_X, secp192k1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_7_X, secp192k1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp192k1_T_8_X, secp192k1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_9_X, secp192k1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp192k1_T_10_X, secp192k1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_11_X, secp192k1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp192k1_T_12_X, secp192k1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_13_X, secp192k1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp192k1_T_14_X, secp192k1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp192k1_T_15_X, secp192k1_T_15_Y), -}; -#else -#define secp192k1_T NULL -#endif - -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -static const mbedtls_mpi_uint secp224k1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), -}; -static const mbedtls_mpi_uint secp224k1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_2(0x05, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1), -}; -static const mbedtls_mpi_uint secp224k1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E), -}; -static const mbedtls_mpi_uint secp224k1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00), -}; - -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp224k1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC), - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A), - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43), - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0), - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0), - MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_mpi_uint secp224k1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00), -}; -static const mbedtls_ecp_point secp224k1_T[16] = { - ECP_POINT_INIT_XY_Z1(secp224k1_T_0_X, secp224k1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_1_X, secp224k1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp224k1_T_2_X, secp224k1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_3_X, secp224k1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp224k1_T_4_X, secp224k1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_5_X, secp224k1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp224k1_T_6_X, secp224k1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_7_X, secp224k1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp224k1_T_8_X, secp224k1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_9_X, secp224k1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp224k1_T_10_X, secp224k1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_11_X, secp224k1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp224k1_T_12_X, secp224k1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_13_X, secp224k1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp224k1_T_14_X, secp224k1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp224k1_T_15_X, secp224k1_T_15_Y), -}; -#else -#define secp224k1_T NULL -#endif -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -static const mbedtls_mpi_uint secp256k1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; -static const mbedtls_mpi_uint secp256k1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_2(0x00, 0x00), -}; -static const mbedtls_mpi_uint secp256k1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_2(0x07, 0x00), -}; -static const mbedtls_mpi_uint secp256k1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79), -}; -static const mbedtls_mpi_uint secp256k1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48), -}; -static const mbedtls_mpi_uint secp256k1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), -}; - -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint secp256k1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79), -}; -static const mbedtls_mpi_uint secp256k1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48), -}; -static const mbedtls_mpi_uint secp256k1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0), -}; -static const mbedtls_mpi_uint secp256k1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC), -}; -static const mbedtls_mpi_uint secp256k1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91), - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF), -}; -static const mbedtls_mpi_uint secp256k1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4), -}; -static const mbedtls_mpi_uint secp256k1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54), -}; -static const mbedtls_mpi_uint secp256k1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE), -}; -static const mbedtls_mpi_uint secp256k1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E), -}; -static const mbedtls_mpi_uint secp256k1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0), -}; -static const mbedtls_mpi_uint secp256k1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B), -}; -static const mbedtls_mpi_uint secp256k1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1), -}; -static const mbedtls_mpi_uint secp256k1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15), -}; -static const mbedtls_mpi_uint secp256k1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05), -}; -static const mbedtls_mpi_uint secp256k1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72), -}; -static const mbedtls_mpi_uint secp256k1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22), -}; -static const mbedtls_mpi_uint secp256k1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16), -}; -static const mbedtls_mpi_uint secp256k1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E), -}; -static const mbedtls_mpi_uint secp256k1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E), -}; -static const mbedtls_mpi_uint secp256k1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D), -}; -static const mbedtls_mpi_uint secp256k1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0), -}; -static const mbedtls_mpi_uint secp256k1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01), -}; -static const mbedtls_mpi_uint secp256k1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12), -}; -static const mbedtls_mpi_uint secp256k1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25), -}; -static const mbedtls_mpi_uint secp256k1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B), -}; -static const mbedtls_mpi_uint secp256k1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B), -}; -static const mbedtls_mpi_uint secp256k1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64), -}; -static const mbedtls_mpi_uint secp256k1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F), -}; -static const mbedtls_mpi_uint secp256k1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07), -}; -static const mbedtls_mpi_uint secp256k1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9), -}; -static const mbedtls_mpi_uint secp256k1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89), -}; -static const mbedtls_mpi_uint secp256k1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB), -}; -static const mbedtls_ecp_point secp256k1_T[16] = { - ECP_POINT_INIT_XY_Z1(secp256k1_T_0_X, secp256k1_T_0_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_1_X, secp256k1_T_1_Y), - ECP_POINT_INIT_XY_Z0(secp256k1_T_2_X, secp256k1_T_2_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_3_X, secp256k1_T_3_Y), - ECP_POINT_INIT_XY_Z0(secp256k1_T_4_X, secp256k1_T_4_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_5_X, secp256k1_T_5_Y), - ECP_POINT_INIT_XY_Z0(secp256k1_T_6_X, secp256k1_T_6_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_7_X, secp256k1_T_7_Y), - ECP_POINT_INIT_XY_Z0(secp256k1_T_8_X, secp256k1_T_8_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_9_X, secp256k1_T_9_Y), - ECP_POINT_INIT_XY_Z0(secp256k1_T_10_X, secp256k1_T_10_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_11_X, secp256k1_T_11_Y), - ECP_POINT_INIT_XY_Z0(secp256k1_T_12_X, secp256k1_T_12_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_13_X, secp256k1_T_13_Y), - ECP_POINT_INIT_XY_Z0(secp256k1_T_14_X, secp256k1_T_14_Y), ECP_POINT_INIT_XY_Z0(secp256k1_T_15_X, secp256k1_T_15_Y), -}; -#else -#define secp256k1_T NULL -#endif -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ - -/* - * Domain parameters for brainpoolP256r1 (RFC 5639 3.4) - */ -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) -static const mbedtls_mpi_uint brainpoolP256r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), -}; -static const mbedtls_mpi_uint brainpoolP256r1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D), -}; -static const mbedtls_mpi_uint brainpoolP256r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26), -}; -static const mbedtls_mpi_uint brainpoolP256r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B), -}; -static const mbedtls_mpi_uint brainpoolP256r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54), -}; -static const mbedtls_mpi_uint brainpoolP256r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), -}; - -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5), - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD), - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09), - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76), - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D), - MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98), -}; -static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F), -}; -static const mbedtls_ecp_point brainpoolP256r1_T[16] = { - ECP_POINT_INIT_XY_Z1(brainpoolP256r1_T_0_X, brainpoolP256r1_T_0_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_1_X, brainpoolP256r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_2_X, brainpoolP256r1_T_2_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_3_X, brainpoolP256r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_4_X, brainpoolP256r1_T_4_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_5_X, brainpoolP256r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_6_X, brainpoolP256r1_T_6_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_7_X, brainpoolP256r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_8_X, brainpoolP256r1_T_8_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_9_X, brainpoolP256r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_10_X, brainpoolP256r1_T_10_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_11_X, brainpoolP256r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_12_X, brainpoolP256r1_T_12_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_13_X, brainpoolP256r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_14_X, brainpoolP256r1_T_14_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_15_X, brainpoolP256r1_T_15_Y), -}; -#else -#define brainpoolP256r1_T NULL -#endif - -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ - -/* - * Domain parameters for brainpoolP384r1 (RFC 5639 3.6) - */ -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) -static const mbedtls_mpi_uint brainpoolP384r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), -}; -static const mbedtls_mpi_uint brainpoolP384r1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B), -}; -static const mbedtls_mpi_uint brainpoolP384r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), -}; -static const mbedtls_mpi_uint brainpoolP384r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D), -}; -static const mbedtls_mpi_uint brainpoolP384r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A), -}; -static const mbedtls_mpi_uint brainpoolP384r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), -}; - -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A), - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D), - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08), - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83), - MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9), - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD), - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E), - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF), - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C), - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9), - MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04), - MBEDTLS_BYTES_TO_T_UINT_8(0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B), - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF), - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29), - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80), - MBEDTLS_BYTES_TO_T_UINT_8(0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E), - MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A), - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D), - MBEDTLS_BYTES_TO_T_UINT_8(0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E), - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7), - MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31), - MBEDTLS_BYTES_TO_T_UINT_8(0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76), - MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F), -}; -static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F), -}; -static const mbedtls_ecp_point brainpoolP384r1_T[32] = { - ECP_POINT_INIT_XY_Z1(brainpoolP384r1_T_0_X, brainpoolP384r1_T_0_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_1_X, brainpoolP384r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_2_X, brainpoolP384r1_T_2_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_3_X, brainpoolP384r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_4_X, brainpoolP384r1_T_4_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_5_X, brainpoolP384r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_6_X, brainpoolP384r1_T_6_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_7_X, brainpoolP384r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_8_X, brainpoolP384r1_T_8_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_9_X, brainpoolP384r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_10_X, brainpoolP384r1_T_10_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_11_X, brainpoolP384r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_12_X, brainpoolP384r1_T_12_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_13_X, brainpoolP384r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_14_X, brainpoolP384r1_T_14_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_15_X, brainpoolP384r1_T_15_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_16_X, brainpoolP384r1_T_16_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_17_X, brainpoolP384r1_T_17_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_18_X, brainpoolP384r1_T_18_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_19_X, brainpoolP384r1_T_19_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_20_X, brainpoolP384r1_T_20_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_21_X, brainpoolP384r1_T_21_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_22_X, brainpoolP384r1_T_22_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_23_X, brainpoolP384r1_T_23_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_24_X, brainpoolP384r1_T_24_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_25_X, brainpoolP384r1_T_25_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_26_X, brainpoolP384r1_T_26_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_27_X, brainpoolP384r1_T_27_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_28_X, brainpoolP384r1_T_28_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_29_X, brainpoolP384r1_T_29_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_30_X, brainpoolP384r1_T_30_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_31_X, brainpoolP384r1_T_31_Y), -}; -#else -#define brainpoolP384r1_T NULL -#endif - -#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ - -/* - * Domain parameters for brainpoolP512r1 (RFC 5639 3.7) - */ -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) -static const mbedtls_mpi_uint brainpoolP512r1_p[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), -}; -static const mbedtls_mpi_uint brainpoolP512r1_a[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78), -}; -static const mbedtls_mpi_uint brainpoolP512r1_b[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77), - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_gx[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81), -}; -static const mbedtls_mpi_uint brainpoolP512r1_gy[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_n[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), -}; - -#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 -static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4), - MBEDTLS_BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78), - MBEDTLS_BYTES_TO_T_UINT_8(0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F), - MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0), - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6), - MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1), - MBEDTLS_BYTES_TO_T_UINT_8(0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1), - MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40), - MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC), - MBEDTLS_BYTES_TO_T_UINT_8(0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4), - MBEDTLS_BYTES_TO_T_UINT_8(0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE), - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD), - MBEDTLS_BYTES_TO_T_UINT_8(0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54), - MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83), - MBEDTLS_BYTES_TO_T_UINT_8(0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9), - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4), - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E), - MBEDTLS_BYTES_TO_T_UINT_8(0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19), - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89), - MBEDTLS_BYTES_TO_T_UINT_8(0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0), - MBEDTLS_BYTES_TO_T_UINT_8(0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D), - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51), - MBEDTLS_BYTES_TO_T_UINT_8(0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D), - MBEDTLS_BYTES_TO_T_UINT_8(0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46), - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62), - MBEDTLS_BYTES_TO_T_UINT_8(0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7), - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49), - MBEDTLS_BYTES_TO_T_UINT_8(0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8), - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9), - MBEDTLS_BYTES_TO_T_UINT_8(0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D), - MBEDTLS_BYTES_TO_T_UINT_8(0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A), - MBEDTLS_BYTES_TO_T_UINT_8(0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE), - MBEDTLS_BYTES_TO_T_UINT_8(0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E), - MBEDTLS_BYTES_TO_T_UINT_8(0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1), - MBEDTLS_BYTES_TO_T_UINT_8(0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0), - MBEDTLS_BYTES_TO_T_UINT_8(0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B), - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D), - MBEDTLS_BYTES_TO_T_UINT_8(0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9), - MBEDTLS_BYTES_TO_T_UINT_8(0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D), - MBEDTLS_BYTES_TO_T_UINT_8(0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80), - MBEDTLS_BYTES_TO_T_UINT_8(0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5), - MBEDTLS_BYTES_TO_T_UINT_8(0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E), - MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8), - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17), - MBEDTLS_BYTES_TO_T_UINT_8(0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35), - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F), - MBEDTLS_BYTES_TO_T_UINT_8(0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25), - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69), - MBEDTLS_BYTES_TO_T_UINT_8(0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C), - MBEDTLS_BYTES_TO_T_UINT_8(0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8), - MBEDTLS_BYTES_TO_T_UINT_8(0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80), - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D), - MBEDTLS_BYTES_TO_T_UINT_8(0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4), - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2), - MBEDTLS_BYTES_TO_T_UINT_8(0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76), - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0), - MBEDTLS_BYTES_TO_T_UINT_8(0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16), - MBEDTLS_BYTES_TO_T_UINT_8(0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5), - MBEDTLS_BYTES_TO_T_UINT_8(0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53), - MBEDTLS_BYTES_TO_T_UINT_8(0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1), - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E), - MBEDTLS_BYTES_TO_T_UINT_8(0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B), - MBEDTLS_BYTES_TO_T_UINT_8(0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD), - MBEDTLS_BYTES_TO_T_UINT_8(0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B), - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF), - MBEDTLS_BYTES_TO_T_UINT_8(0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5), - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF), - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08), - MBEDTLS_BYTES_TO_T_UINT_8(0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86), - MBEDTLS_BYTES_TO_T_UINT_8(0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4), - MBEDTLS_BYTES_TO_T_UINT_8(0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC), - MBEDTLS_BYTES_TO_T_UINT_8(0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F), - MBEDTLS_BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E), - MBEDTLS_BYTES_TO_T_UINT_8(0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01), - MBEDTLS_BYTES_TO_T_UINT_8(0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2), - MBEDTLS_BYTES_TO_T_UINT_8(0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24), - MBEDTLS_BYTES_TO_T_UINT_8(0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4), - MBEDTLS_BYTES_TO_T_UINT_8(0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8), - MBEDTLS_BYTES_TO_T_UINT_8(0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81), - MBEDTLS_BYTES_TO_T_UINT_8(0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68), - MBEDTLS_BYTES_TO_T_UINT_8(0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36), - MBEDTLS_BYTES_TO_T_UINT_8(0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87), - MBEDTLS_BYTES_TO_T_UINT_8(0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60), - MBEDTLS_BYTES_TO_T_UINT_8(0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9), - MBEDTLS_BYTES_TO_T_UINT_8(0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB), - MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34), - MBEDTLS_BYTES_TO_T_UINT_8(0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56), - MBEDTLS_BYTES_TO_T_UINT_8(0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC), - MBEDTLS_BYTES_TO_T_UINT_8(0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7), - MBEDTLS_BYTES_TO_T_UINT_8(0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79), - MBEDTLS_BYTES_TO_T_UINT_8(0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C), - MBEDTLS_BYTES_TO_T_UINT_8(0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14), - MBEDTLS_BYTES_TO_T_UINT_8(0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71), - MBEDTLS_BYTES_TO_T_UINT_8(0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A), - MBEDTLS_BYTES_TO_T_UINT_8(0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57), - MBEDTLS_BYTES_TO_T_UINT_8(0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6), - MBEDTLS_BYTES_TO_T_UINT_8(0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA), - MBEDTLS_BYTES_TO_T_UINT_8(0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82), - MBEDTLS_BYTES_TO_T_UINT_8(0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3), - MBEDTLS_BYTES_TO_T_UINT_8(0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A), - MBEDTLS_BYTES_TO_T_UINT_8(0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05), - MBEDTLS_BYTES_TO_T_UINT_8(0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12), - MBEDTLS_BYTES_TO_T_UINT_8(0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0), - MBEDTLS_BYTES_TO_T_UINT_8(0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3), - MBEDTLS_BYTES_TO_T_UINT_8(0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22), - MBEDTLS_BYTES_TO_T_UINT_8(0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB), - MBEDTLS_BYTES_TO_T_UINT_8(0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A), - MBEDTLS_BYTES_TO_T_UINT_8(0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7), - MBEDTLS_BYTES_TO_T_UINT_8(0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D), - MBEDTLS_BYTES_TO_T_UINT_8(0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44), - MBEDTLS_BYTES_TO_T_UINT_8(0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0), - MBEDTLS_BYTES_TO_T_UINT_8(0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39), - MBEDTLS_BYTES_TO_T_UINT_8(0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF), - MBEDTLS_BYTES_TO_T_UINT_8(0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20), - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D), - MBEDTLS_BYTES_TO_T_UINT_8(0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41), - MBEDTLS_BYTES_TO_T_UINT_8(0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4), - MBEDTLS_BYTES_TO_T_UINT_8(0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53), - MBEDTLS_BYTES_TO_T_UINT_8(0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96), - MBEDTLS_BYTES_TO_T_UINT_8(0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD), - MBEDTLS_BYTES_TO_T_UINT_8(0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B), - MBEDTLS_BYTES_TO_T_UINT_8(0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA), - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4), - MBEDTLS_BYTES_TO_T_UINT_8(0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE), - MBEDTLS_BYTES_TO_T_UINT_8(0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6), - MBEDTLS_BYTES_TO_T_UINT_8(0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC), - MBEDTLS_BYTES_TO_T_UINT_8(0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2), - MBEDTLS_BYTES_TO_T_UINT_8(0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D), - MBEDTLS_BYTES_TO_T_UINT_8(0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B), - MBEDTLS_BYTES_TO_T_UINT_8(0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13), - MBEDTLS_BYTES_TO_T_UINT_8(0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95), - MBEDTLS_BYTES_TO_T_UINT_8(0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3), - MBEDTLS_BYTES_TO_T_UINT_8(0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45), - MBEDTLS_BYTES_TO_T_UINT_8(0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98), - MBEDTLS_BYTES_TO_T_UINT_8(0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B), - MBEDTLS_BYTES_TO_T_UINT_8(0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD), - MBEDTLS_BYTES_TO_T_UINT_8(0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84), - MBEDTLS_BYTES_TO_T_UINT_8(0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B), - MBEDTLS_BYTES_TO_T_UINT_8(0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B), - MBEDTLS_BYTES_TO_T_UINT_8(0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43), - MBEDTLS_BYTES_TO_T_UINT_8(0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A), - MBEDTLS_BYTES_TO_T_UINT_8(0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11), - MBEDTLS_BYTES_TO_T_UINT_8(0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E), - MBEDTLS_BYTES_TO_T_UINT_8(0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC), - MBEDTLS_BYTES_TO_T_UINT_8(0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2), - MBEDTLS_BYTES_TO_T_UINT_8(0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB), - MBEDTLS_BYTES_TO_T_UINT_8(0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A), - MBEDTLS_BYTES_TO_T_UINT_8(0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E), - MBEDTLS_BYTES_TO_T_UINT_8(0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB), - MBEDTLS_BYTES_TO_T_UINT_8(0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93), - MBEDTLS_BYTES_TO_T_UINT_8(0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08), - MBEDTLS_BYTES_TO_T_UINT_8(0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34), -}; -static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25), - MBEDTLS_BYTES_TO_T_UINT_8(0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C), - MBEDTLS_BYTES_TO_T_UINT_8(0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1), - MBEDTLS_BYTES_TO_T_UINT_8(0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9), - MBEDTLS_BYTES_TO_T_UINT_8(0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63), - MBEDTLS_BYTES_TO_T_UINT_8(0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1), - MBEDTLS_BYTES_TO_T_UINT_8(0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4), - MBEDTLS_BYTES_TO_T_UINT_8(0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42), -}; -static const mbedtls_ecp_point brainpoolP512r1_T[32] = { - ECP_POINT_INIT_XY_Z1(brainpoolP512r1_T_0_X, brainpoolP512r1_T_0_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_1_X, brainpoolP512r1_T_1_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_2_X, brainpoolP512r1_T_2_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_3_X, brainpoolP512r1_T_3_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_4_X, brainpoolP512r1_T_4_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_5_X, brainpoolP512r1_T_5_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_6_X, brainpoolP512r1_T_6_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_7_X, brainpoolP512r1_T_7_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_8_X, brainpoolP512r1_T_8_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_9_X, brainpoolP512r1_T_9_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_10_X, brainpoolP512r1_T_10_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_11_X, brainpoolP512r1_T_11_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_12_X, brainpoolP512r1_T_12_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_13_X, brainpoolP512r1_T_13_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_14_X, brainpoolP512r1_T_14_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_15_X, brainpoolP512r1_T_15_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_16_X, brainpoolP512r1_T_16_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_17_X, brainpoolP512r1_T_17_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_18_X, brainpoolP512r1_T_18_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_19_X, brainpoolP512r1_T_19_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_20_X, brainpoolP512r1_T_20_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_21_X, brainpoolP512r1_T_21_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_22_X, brainpoolP512r1_T_22_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_23_X, brainpoolP512r1_T_23_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_24_X, brainpoolP512r1_T_24_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_25_X, brainpoolP512r1_T_25_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_26_X, brainpoolP512r1_T_26_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_27_X, brainpoolP512r1_T_27_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_28_X, brainpoolP512r1_T_28_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_29_X, brainpoolP512r1_T_29_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_30_X, brainpoolP512r1_T_30_Y), - ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_31_X, brainpoolP512r1_T_31_Y), -}; -#else -#define brainpoolP512r1_T NULL -#endif -#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ - -#if defined(ECP_LOAD_GROUP) -/* - * Create an MPI from embedded constants - * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint) - */ -static inline void ecp_mpi_load(mbedtls_mpi * X, const mbedtls_mpi_uint * p, size_t len) -{ - X->s = 1; - X->n = len / sizeof(mbedtls_mpi_uint); - X->p = (mbedtls_mpi_uint *) p; -} - -/* - * Set an MPI to static value 1 - */ -static inline void ecp_mpi_set1(mbedtls_mpi * X) -{ - X->s = 1; - X->n = 1; - X->p = mpi_one; -} - -/* - * Make group available from embedded constants - */ -static int ecp_group_load(mbedtls_ecp_group * grp, const mbedtls_mpi_uint * p, size_t plen, const mbedtls_mpi_uint * a, size_t alen, - const mbedtls_mpi_uint * b, size_t blen, const mbedtls_mpi_uint * gx, size_t gxlen, - const mbedtls_mpi_uint * gy, size_t gylen, const mbedtls_mpi_uint * n, size_t nlen, - const mbedtls_ecp_point * T) -{ - ecp_mpi_load(&grp->P, p, plen); - if (a != NULL) - ecp_mpi_load(&grp->A, a, alen); - ecp_mpi_load(&grp->B, b, blen); - ecp_mpi_load(&grp->N, n, nlen); - - ecp_mpi_load(&grp->G.X, gx, gxlen); - ecp_mpi_load(&grp->G.Y, gy, gylen); - ecp_mpi_set1(&grp->G.Z); - - grp->pbits = mbedtls_mpi_bitlen(&grp->P); - grp->nbits = mbedtls_mpi_bitlen(&grp->N); - - grp->h = 1; - - grp->T = (mbedtls_ecp_point *) T; - /* - * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free. - */ - grp->T_size = 0; - - return (0); -} -#endif /* ECP_LOAD_GROUP */ - -#if defined(MBEDTLS_ECP_NIST_OPTIM) -/* Forward declarations */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -static int ecp_mod_p192(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -static int ecp_mod_p224(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -static int ecp_mod_p256(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -static int ecp_mod_p384(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -static int ecp_mod_p521(mbedtls_mpi *); -#endif - -#define NIST_MODP(P) grp->modp = ecp_mod_##P; -#else -#define NIST_MODP(P) -#endif /* MBEDTLS_ECP_NIST_OPTIM */ - -/* Additional forward declarations */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -static int ecp_mod_p255(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -static int ecp_mod_p448(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -static int ecp_mod_p192k1(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -static int ecp_mod_p224k1(mbedtls_mpi *); -#endif -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -static int ecp_mod_p256k1(mbedtls_mpi *); -#endif - -#if defined(ECP_LOAD_GROUP) -#define LOAD_GROUP_A(G) \ - ecp_group_load(grp, G##_p, sizeof(G##_p), G##_a, sizeof(G##_a), G##_b, sizeof(G##_b), G##_gx, sizeof(G##_gx), G##_gy, \ - sizeof(G##_gy), G##_n, sizeof(G##_n), G##_T) - -#define LOAD_GROUP(G) \ - ecp_group_load(grp, G##_p, sizeof(G##_p), NULL, 0, G##_b, sizeof(G##_b), G##_gx, sizeof(G##_gx), G##_gy, sizeof(G##_gy), \ - G##_n, sizeof(G##_n), G##_T) -#endif /* ECP_LOAD_GROUP */ - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -/* Constants used by ecp_use_curve25519() */ -static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42; -static const unsigned char curve25519_part_of_n[] = { - 0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6, 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED, -}; - -/* - * Specialized function for creating the Curve25519 group - */ -static int ecp_use_curve25519(mbedtls_ecp_group * grp) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - /* Actually ( A + 2 ) / 4 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24)); - - /* P = 2^255 - 19 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19)); - grp->pbits = mbedtls_mpi_bitlen(&grp->P); - - /* N = 2^252 + 27742317777372353535851937790883648493 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N, curve25519_part_of_n, sizeof(curve25519_part_of_n))); - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1)); - - /* Y intentionally not set, since we use x/z coordinates. - * This is used as a marker to identify Montgomery curves! */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); - mbedtls_mpi_free(&grp->G.Y); - - /* Actually, the required msb for private keys */ - grp->nbits = 254; - -cleanup: - if (ret != 0) - mbedtls_ecp_group_free(grp); - - return (ret); -} -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -/* Constants used by ecp_use_curve448() */ -static const mbedtls_mpi_sint curve448_a24 = 0x98AA; -static const unsigned char curve448_part_of_n[] = { - 0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24, 0xB6, 0x51, 0x29, 0xC9, 0x6F, 0xDE, 0x93, - 0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA, 0xDC, 0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D, -}; - -/* - * Specialized function for creating the Curve448 group - */ -static int ecp_use_curve448(mbedtls_ecp_group * grp) -{ - mbedtls_mpi Ns; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_mpi_init(&Ns); - - /* Actually ( A + 2 ) / 4 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24)); - - /* P = 2^448 - 2^224 - 1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); - grp->pbits = mbedtls_mpi_bitlen(&grp->P); - - /* Y intentionally not set, since we use x/z coordinates. - * This is used as a marker to identify Montgomery curves! */ - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); - mbedtls_mpi_free(&grp->G.Y); - - /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns, curve448_part_of_n, sizeof(curve448_part_of_n))); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns)); - - /* Actually, the required msb for private keys */ - grp->nbits = 447; - -cleanup: - mbedtls_mpi_free(&Ns); - if (ret != 0) - mbedtls_ecp_group_free(grp); - - return (ret); -} -#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ - -/* - * Set a group using well-known domain parameters - */ -int mbedtls_ecp_group_load(mbedtls_ecp_group * grp, mbedtls_ecp_group_id id) -{ - ECP_VALIDATE_RET(grp != NULL); - mbedtls_ecp_group_free(grp); - - grp->id = id; - - switch (id) - { -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - case MBEDTLS_ECP_DP_SECP192R1: - NIST_MODP(p192); - return (LOAD_GROUP(secp192r1)); -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - case MBEDTLS_ECP_DP_SECP224R1: - NIST_MODP(p224); - return (LOAD_GROUP(secp224r1)); -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - case MBEDTLS_ECP_DP_SECP256R1: - NIST_MODP(p256); - return (LOAD_GROUP(secp256r1)); -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - case MBEDTLS_ECP_DP_SECP384R1: - NIST_MODP(p384); - return (LOAD_GROUP(secp384r1)); -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - case MBEDTLS_ECP_DP_SECP521R1: - NIST_MODP(p521); - return (LOAD_GROUP(secp521r1)); -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - case MBEDTLS_ECP_DP_SECP192K1: - grp->modp = ecp_mod_p192k1; - return (LOAD_GROUP_A(secp192k1)); -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - case MBEDTLS_ECP_DP_SECP224K1: - grp->modp = ecp_mod_p224k1; - return (LOAD_GROUP_A(secp224k1)); -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - case MBEDTLS_ECP_DP_SECP256K1: - grp->modp = ecp_mod_p256k1; - return (LOAD_GROUP_A(secp256k1)); -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - case MBEDTLS_ECP_DP_BP256R1: - return (LOAD_GROUP_A(brainpoolP256r1)); -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - case MBEDTLS_ECP_DP_BP384R1: - return (LOAD_GROUP_A(brainpoolP384r1)); -#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - case MBEDTLS_ECP_DP_BP512R1: - return (LOAD_GROUP_A(brainpoolP512r1)); -#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - case MBEDTLS_ECP_DP_CURVE25519: - grp->modp = ecp_mod_p255; - return (ecp_use_curve25519(grp)); -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - case MBEDTLS_ECP_DP_CURVE448: - grp->modp = ecp_mod_p448; - return (ecp_use_curve448(grp)); -#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ - - default: - grp->id = MBEDTLS_ECP_DP_NONE; - return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - } -} - -#if defined(MBEDTLS_ECP_NIST_OPTIM) -/* - * Fast reduction modulo the primes used by the NIST curves. - * - * These functions are critical for speed, but not needed for correct - * operations. So, we make the choice to heavily rely on the internals of our - * bignum library, which creates a tight coupling between these functions and - * our MPI implementation. However, the coupling between the ECP module and - * MPI remains loose, since these functions can be deactivated at will. - */ - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -/* - * Compared to the way things are presented in FIPS 186-3 D.2, - * we proceed in columns, from right (least significant chunk) to left, - * adding chunks to N in place, and keeping a carry for the next chunk. - * This avoids moving things around in memory, and uselessly adding zeros, - * compared to the more straightforward, line-oriented approach. - * - * For this prime we need to handle data in chunks of 64 bits. - * Since this is always a multiple of our basic mbedtls_mpi_uint, we can - * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it. - */ - -/* Add 64-bit chunks (dst += src) and update carry */ -static inline void add64(mbedtls_mpi_uint * dst, mbedtls_mpi_uint * src, mbedtls_mpi_uint * carry) -{ - unsigned char i; - mbedtls_mpi_uint c = 0; - for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) - { - *dst += c; - c = (*dst < c); - *dst += *src; - c += (*dst < *src); - } - *carry += c; -} - -/* Add carry to a 64-bit chunk and update carry */ -static inline void carry64(mbedtls_mpi_uint * dst, mbedtls_mpi_uint * carry) -{ - unsigned char i; - for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) - { - *dst += *carry; - *carry = (*dst < *carry); - } -} - -#define WIDTH 8 / sizeof(mbedtls_mpi_uint) -#define A(i) N->p + (i) *WIDTH -#define ADD(i) add64(p, A(i), &c) -#define NEXT \ - p += WIDTH; \ - carry64(p, &c) -#define LAST \ - p += WIDTH; \ - *p = c; \ - while (++p < end) \ - *p = 0 - -/* - * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1) - */ -static int ecp_mod_p192(mbedtls_mpi * N) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi_uint c = 0; - mbedtls_mpi_uint *p, *end; - - /* Make sure we have enough blocks so that A(5) is legal */ - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH)); - - p = N->p; - end = p + N->n; - - ADD(3); - ADD(5); - NEXT; // A0 += A3 + A5 - ADD(3); - ADD(4); - ADD(5); - NEXT; // A1 += A3 + A4 + A5 - ADD(4); - ADD(5); - LAST; // A2 += A4 + A5 - -cleanup: - return (ret); -} - -#undef WIDTH -#undef A -#undef ADD -#undef NEXT -#undef LAST -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -/* - * The reader is advised to first understand ecp_mod_p192() since the same - * general structure is used here, but with additional complications: - * (1) chunks of 32 bits, and (2) subtractions. - */ - -/* - * For these primes, we need to handle data in chunks of 32 bits. - * This makes it more complicated if we use 64 bits limbs in MPI, - * which prevents us from using a uniform access method as for p192. - * - * So, we define a mini abstraction layer to access 32 bit chunks, - * load them in 'cur' for work, and store them back from 'cur' when done. - * - * While at it, also define the size of N in terms of 32-bit chunks. - */ -#define LOAD32 cur = A(i); - -#if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ - -#define MAX32 N->n -#define A(j) N->p[j] -#define STORE32 N->p[i] = cur; - -#else /* 64-bit */ - -#define MAX32 N->n * 2 -#define A(j) (j) % 2 ? (uint32_t)(N->p[(j) / 2] >> 32) : (uint32_t)(N->p[(j) / 2]) -#define STORE32 \ - if (i % 2) \ - { \ - N->p[i / 2] &= 0x00000000FFFFFFFF; \ - N->p[i / 2] |= ((mbedtls_mpi_uint) cur) << 32; \ - } \ - else \ - { \ - N->p[i / 2] &= 0xFFFFFFFF00000000; \ - N->p[i / 2] |= (mbedtls_mpi_uint) cur; \ - } - -#endif /* sizeof( mbedtls_mpi_uint ) */ - -/* - * Helpers for addition and subtraction of chunks, with signed carry. - */ -static inline void add32(uint32_t * dst, uint32_t src, signed char * carry) -{ - *dst += src; - *carry += (*dst < src); -} - -static inline void sub32(uint32_t * dst, uint32_t src, signed char * carry) -{ - *carry -= (*dst < src); - *dst -= src; -} - -#define ADD(j) add32(&cur, A(j), &c); -#define SUB(j) sub32(&cur, A(j), &c); - -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ - -/* - * Helpers for the main 'loop' - */ -#define INIT(b) \ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ - signed char c = 0, cc; \ - uint32_t cur; \ - size_t i = 0, bits = (b); \ - /* N is the size of the product of two b-bit numbers, plus one */ \ - /* limb for fix_negative */ \ - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) *2 / biL + 1)); \ - LOAD32; - -#define NEXT \ - STORE32; \ - i++; \ - LOAD32; \ - cc = c; \ - c = 0; \ - if (cc < 0) \ - sub32(&cur, -cc, &c); \ - else \ - add32(&cur, cc, &c); - -#define LAST \ - STORE32; \ - i++; \ - cur = c > 0 ? c : 0; \ - STORE32; \ - cur = 0; \ - while (++i < MAX32) \ - { \ - STORE32; \ - } \ - if (c < 0) \ - mbedtls_ecp_fix_negative(N, c, bits); - -/* - * If the result is negative, we get it in the form - * c * 2^bits + N, with c negative and N positive shorter than 'bits' - */ -MBEDTLS_STATIC_TESTABLE -void mbedtls_ecp_fix_negative(mbedtls_mpi * N, signed char c, size_t bits) -{ - size_t i; - - /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so - * set the absolute value to 0xfff...fff - N. There is no carry - * since we're subtracting from all-bits-one. */ - for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) - { - N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i]; - } - /* Add 1, taking care of the carry. */ - i = 0; - do - ++N->p[i]; - while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint)); - /* Invert the sign. - * Now N = N0 - 2^bits where N0 is the initial value of N. */ - N->s = -1; - - /* Add |c| * 2^bits to the absolute value. Since c and N are - * negative, this adds c * 2^bits. */ - mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c; -#if defined(MBEDTLS_HAVE_INT64) - if (bits == 224) - msw <<= 32; -#endif - N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw; -} - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -/* - * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) - */ -static int ecp_mod_p224(mbedtls_mpi * N) -{ - INIT(224); - - SUB(7); - SUB(11); - NEXT; // A0 += -A7 - A11 - SUB(8); - SUB(12); - NEXT; // A1 += -A8 - A12 - SUB(9); - SUB(13); - NEXT; // A2 += -A9 - A13 - SUB(10); - ADD(7); - ADD(11); - NEXT; // A3 += -A10 + A7 + A11 - SUB(11); - ADD(8); - ADD(12); - NEXT; // A4 += -A11 + A8 + A12 - SUB(12); - ADD(9); - ADD(13); - NEXT; // A5 += -A12 + A9 + A13 - SUB(13); - ADD(10); - LAST; // A6 += -A13 + A10 - -cleanup: - return (ret); -} -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -/* - * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) - */ -static int ecp_mod_p256(mbedtls_mpi * N) -{ - INIT(256); - - ADD(8); - ADD(9); - SUB(11); - SUB(12); - SUB(13); - SUB(14); - NEXT; // A0 - - ADD(9); - ADD(10); - SUB(12); - SUB(13); - SUB(14); - SUB(15); - NEXT; // A1 - - ADD(10); - ADD(11); - SUB(13); - SUB(14); - SUB(15); - NEXT; // A2 - - ADD(11); - ADD(11); - ADD(12); - ADD(12); - ADD(13); - SUB(15); - SUB(8); - SUB(9); - NEXT; // A3 - - ADD(12); - ADD(12); - ADD(13); - ADD(13); - ADD(14); - SUB(9); - SUB(10); - NEXT; // A4 - - ADD(13); - ADD(13); - ADD(14); - ADD(14); - ADD(15); - SUB(10); - SUB(11); - NEXT; // A5 - - ADD(14); - ADD(14); - ADD(15); - ADD(15); - ADD(14); - ADD(13); - SUB(8); - SUB(9); - NEXT; // A6 - - ADD(15); - ADD(15); - ADD(15); - ADD(8); - SUB(10); - SUB(11); - SUB(12); - SUB(13); - LAST; // A7 - -cleanup: - return (ret); -} -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -/* - * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4) - */ -static int ecp_mod_p384(mbedtls_mpi * N) -{ - INIT(384); - - ADD(12); - ADD(21); - ADD(20); - SUB(23); - NEXT; // A0 - - ADD(13); - ADD(22); - ADD(23); - SUB(12); - SUB(20); - NEXT; // A2 - - ADD(14); - ADD(23); - SUB(13); - SUB(21); - NEXT; // A2 - - ADD(15); - ADD(12); - ADD(20); - ADD(21); - SUB(14); - SUB(22); - SUB(23); - NEXT; // A3 - - ADD(21); - ADD(21); - ADD(16); - ADD(13); - ADD(12); - ADD(20); - ADD(22); - SUB(15); - SUB(23); - SUB(23); - NEXT; // A4 - - ADD(22); - ADD(22); - ADD(17); - ADD(14); - ADD(13); - ADD(21); - ADD(23); - SUB(16); - NEXT; // A5 - - ADD(23); - ADD(23); - ADD(18); - ADD(15); - ADD(14); - ADD(22); - SUB(17); - NEXT; // A6 - - ADD(19); - ADD(16); - ADD(15); - ADD(23); - SUB(18); - NEXT; // A7 - - ADD(20); - ADD(17); - ADD(16); - SUB(19); - NEXT; // A8 - - ADD(21); - ADD(18); - ADD(17); - SUB(20); - NEXT; // A9 - - ADD(22); - ADD(19); - ADD(18); - SUB(21); - NEXT; // A10 - - ADD(23); - ADD(20); - ADD(19); - SUB(22); - LAST; // A11 - -cleanup: - return (ret); -} -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#undef A -#undef LOAD32 -#undef STORE32 -#undef MAX32 -#undef INIT -#undef NEXT -#undef LAST - -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || \ - MBEDTLS_ECP_DP_SECP256R1_ENABLED || \ - MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -/* - * Here we have an actual Mersenne prime, so things are more straightforward. - * However, chunks are aligned on a 'weird' boundary (521 bits). - */ - -/* Size of p521 in terms of mbedtls_mpi_uint */ -#define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) - -/* Bits to keep in the most significant mbedtls_mpi_uint */ -#define P521_MASK 0x01FF - -/* - * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5) - * Write N as A1 + 2^521 A0, return A0 + A1 - */ -static int ecp_mod_p521(mbedtls_mpi * N) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_mpi M; - mbedtls_mpi_uint Mp[P521_WIDTH + 1]; - /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits: - * we need to hold bits 513 to 1056, which is 34 limbs, that is - * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */ - - if (N->n < P521_WIDTH) - return (0); - - /* M = A1 */ - M.s = 1; - M.n = N->n - (P521_WIDTH - 1); - if (M.n > P521_WIDTH + 1) - M.n = P521_WIDTH + 1; - M.p = Mp; - memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint)))); - - /* N = A0 */ - N->p[P521_WIDTH - 1] &= P521_MASK; - for (i = P521_WIDTH; i < N->n; i++) - N->p[i] = 0; - - /* N = A0 + A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); - -cleanup: - return (ret); -} - -#undef P521_WIDTH -#undef P521_MASK -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - -#endif /* MBEDTLS_ECP_NIST_OPTIM */ - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - -/* Size of p255 in terms of mbedtls_mpi_uint */ -#define P255_WIDTH (255 / 8 / sizeof(mbedtls_mpi_uint) + 1) - -/* - * Fast quasi-reduction modulo p255 = 2^255 - 19 - * Write N as A0 + 2^255 A1, return A0 + 19 * A1 - */ -static int ecp_mod_p255(mbedtls_mpi * N) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_mpi M; - mbedtls_mpi_uint Mp[P255_WIDTH + 2]; - - if (N->n < P255_WIDTH) - return (0); - - /* M = A1 */ - M.s = 1; - M.n = N->n - (P255_WIDTH - 1); - if (M.n > P255_WIDTH + 1) - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - M.p = Mp; - memset(Mp, 0, sizeof Mp); - memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint)))); - M.n++; /* Make room for multiplication by 19 */ - - /* N = A0 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(N, 255, 0)); - for (i = P255_WIDTH; i < N->n; i++) - N->p[i] = 0; - - /* N = A0 + 19 * A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &M, 19)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); - -cleanup: - return (ret); -} -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - -/* Size of p448 in terms of mbedtls_mpi_uint */ -#define P448_WIDTH (448 / 8 / sizeof(mbedtls_mpi_uint)) - -/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */ -#define DIV_ROUND_UP(X, Y) (((X) + (Y) -1) / (Y)) -#define P224_WIDTH_MIN (28 / sizeof(mbedtls_mpi_uint)) -#define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint)) -#define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224) - -/* - * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 - * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return - * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference - * implementation of Curve448, which uses its own special 56-bit limbs rather - * than a generic bignum library. We could squeeze some extra speed out on - * 32-bit machines by splitting N up into 32-bit limbs and doing the - * arithmetic using the limbs directly as we do for the NIST primes above, - * but for 64-bit targets it should use half the number of operations if we do - * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. - */ -static int ecp_mod_p448(mbedtls_mpi * N) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_mpi M, Q; - mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; - - if (N->n <= P448_WIDTH) - return (0); - - /* M = A1 */ - M.s = 1; - M.n = N->n - (P448_WIDTH); - if (M.n > P448_WIDTH) - /* Shouldn't be called with N larger than 2^896! */ - return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - M.p = Mp; - memset(Mp, 0, sizeof(Mp)); - memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint)); - - /* N = A0 */ - for (i = P448_WIDTH; i < N->n; i++) - N->p[i] = 0; - - /* N += A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); - - /* Q = B1, N += B1 */ - Q = M; - Q.p = Qp; - memcpy(Qp, Mp, sizeof(Qp)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q)); - - /* M = (B0 + B1) * 2^224, N += M */ - if (sizeof(mbedtls_mpi_uint) > 4) - Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint) -1) >> (P224_UNUSED_BITS); - for (i = P224_WIDTH_MAX; i < M.n; ++i) - Mp[i] = 0; - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q)); - M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); - -cleanup: - return (ret); -} -#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -/* - * Fast quasi-reduction modulo P = 2^s - R, - * with R about 33 bits, used by the Koblitz curves. - * - * Write N as A0 + 2^224 A1, return A0 + R * A1. - * Actually do two passes, since R is big. - */ -#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P -#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R -static inline int ecp_mod_koblitz(mbedtls_mpi * N, mbedtls_mpi_uint * Rp, size_t p_limbs, size_t adjust, size_t shift, - mbedtls_mpi_uint mask) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_mpi M, R; - mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; - - if (N->n < p_limbs) - return (0); - - /* Init R */ - R.s = 1; - R.p = Rp; - R.n = P_KOBLITZ_R; - - /* Common setup for M */ - M.s = 1; - M.p = Mp; - - /* M = A1 */ - M.n = N->n - (p_limbs - adjust); - if (M.n > p_limbs + adjust) - M.n = p_limbs + adjust; - memset(Mp, 0, sizeof Mp); - memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); - if (shift != 0) - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); - M.n += R.n; /* Make room for multiplication by R */ - - /* N = A0 */ - if (mask != 0) - N->p[p_limbs - 1] &= mask; - for (i = p_limbs; i < N->n; i++) - N->p[i] = 0; - - /* N = A0 + R * A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); - - /* Second pass */ - - /* M = A1 */ - M.n = N->n - (p_limbs - adjust); - if (M.n > p_limbs + adjust) - M.n = p_limbs + adjust; - memset(Mp, 0, sizeof Mp); - memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); - if (shift != 0) - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); - M.n += R.n; /* Make room for multiplication by R */ - - /* N = A0 */ - if (mask != 0) - N->p[p_limbs - 1] &= mask; - for (i = p_limbs; i < N->n; i++) - N->p[i] = 0; - - /* N = A0 + R * A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); - -cleanup: - return (ret); -} -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ - MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ - MBEDTLS_ECP_DP_SECP256K1_ENABLED) */ - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -/* - * Fast quasi-reduction modulo p192k1 = 2^192 - R, - * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 - */ -static int ecp_mod_p192k1(mbedtls_mpi * N) -{ - static mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; - - return (ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0)); -} -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -/* - * Fast quasi-reduction modulo p224k1 = 2^224 - R, - * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 - */ -static int ecp_mod_p224k1(mbedtls_mpi * N) -{ - static mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; - -#if defined(MBEDTLS_HAVE_INT64) - return (ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF)); -#else - return (ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0)); -#endif -} - -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -/* - * Fast quasi-reduction modulo p256k1 = 2^256 - R, - * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 - */ -static int ecp_mod_p256k1(mbedtls_mpi * N) -{ - static mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; - return (ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0)); -} -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ - -#endif /* !MBEDTLS_ECP_ALT */ - -#endif /* MBEDTLS_ECP_C */ diff --git a/src/platform/telink/crypto/internal/compatibility/ecp_internal_alt.h b/src/platform/telink/crypto/internal/compatibility/ecp_internal_alt.h deleted file mode 100644 index b9afb4a8dd176a..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/ecp_internal_alt.h +++ /dev/null @@ -1,284 +0,0 @@ -/** - * \file ecp_internal_alt.h - * - * \brief Function declarations for alternative implementation of elliptic curve - * point arithmetic. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * References: - * - * [1] BERNSTEIN, Daniel J. Curve25519: new Diffie-Hellman speed records. - * - * - * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis - * for elliptic curve cryptosystems. In : Cryptographic Hardware and - * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302. - * - * - * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to - * render ECC resistant against Side Channel Attacks. IACR Cryptology - * ePrint Archive, 2004, vol. 2004, p. 342. - * - * - * [4] Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters. - * - * - * [5] HANKERSON, Darrel, MENEZES, Alfred J., VANSTONE, Scott. Guide to Elliptic - * Curve Cryptography. - * - * [6] Digital Signature Standard (DSS), FIPS 186-4. - * - * - * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer - * Security (TLS), RFC 4492. - * - * - * [8] - * - * [9] COHEN, Henri. A Course in Computational Algebraic Number Theory. - * Springer Science & Business Media, 1 Aug 2000 - */ - -#ifndef MBEDTLS_ECP_INTERNAL_H -#define MBEDTLS_ECP_INTERNAL_H - -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - -/** - * \brief Indicate if the Elliptic Curve Point module extension can - * handle the group. - * - * \param grp The pointer to the elliptic curve group that will be the - * basis of the cryptographic computations. - * - * \return Non-zero if successful. - */ -unsigned char mbedtls_internal_ecp_grp_capable(const mbedtls_ecp_group * grp); - -/** - * \brief Initialise the Elliptic Curve Point module extension. - * - * If mbedtls_internal_ecp_grp_capable returns true for a - * group, this function has to be able to initialise the - * module for it. - * - * This module can be a driver to a crypto hardware - * accelerator, for which this could be an initialise function. - * - * \param grp The pointer to the group the module needs to be - * initialised for. - * - * \return 0 if successful. - */ -int mbedtls_internal_ecp_init(const mbedtls_ecp_group * grp); - -/** - * \brief Frees and deallocates the Elliptic Curve Point module - * extension. - * - * \param grp The pointer to the group the module was initialised for. - */ -void mbedtls_internal_ecp_free(const mbedtls_ecp_group * grp); - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) -/** - * \brief Randomize jacobian coordinates: - * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l. - * - * \param grp Pointer to the group representing the curve. - * - * \param pt The point on the curve to be randomised, given with Jacobian - * coordinates. - * - * \param f_rng A function pointer to the random number generator. - * - * \param p_rng A pointer to the random number generator state. - * - * \return 0 if successful. - */ -int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group * grp, mbedtls_ecp_point * pt, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng); -#endif - -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) -/** - * \brief Addition: R = P + Q, mixed affine-Jacobian coordinates. - * - * The coordinates of Q must be normalized (= affine), - * but those of P don't need to. R is not normalized. - * - * This function is used only as a subrutine of - * ecp_mul_comb(). - * - * Special cases: (1) P or Q is zero, (2) R is zero, - * (3) P == Q. - * None of these cases can happen as intermediate step in - * ecp_mul_comb(): - * - at each step, P, Q and R are multiples of the base - * point, the factor being less than its order, so none of - * them is zero; - * - Q is an odd multiple of the base point, P an even - * multiple, due to the choice of precomputed points in the - * modified comb method. - * So branches for these cases do not leak secret information. - * - * We accept Q->Z being unset (saving memory in tables) as - * meaning 1. - * - * Cost in field operations if done by [5] 3.22: - * 1A := 8M + 3S - * - * \param grp Pointer to the group representing the curve. - * - * \param R Pointer to a point structure to hold the result. - * - * \param P Pointer to the first summand, given with Jacobian - * coordinates - * - * \param Q Pointer to the second summand, given with affine - * coordinates. - * - * \return 0 if successful. - */ -int mbedtls_internal_ecp_add_mixed(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_ecp_point * P, - const mbedtls_ecp_point * Q); -#endif - -/** - * \brief Point doubling R = 2 P, Jacobian coordinates. - * - * Cost: 1D := 3M + 4S (A == 0) - * 4M + 4S (A == -3) - * 3M + 6S + 1a otherwise - * when the implementation is based on the "dbl-1998-cmo-2" - * doubling formulas in [8] and standard optimizations are - * applied when curve parameter A is one of { 0, -3 }. - * - * \param grp Pointer to the group representing the curve. - * - * \param R Pointer to a point structure to hold the result. - * - * \param P Pointer to the point that has to be doubled, given with - * Jacobian coordinates. - * - * \return 0 if successful. - */ -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) -int mbedtls_internal_ecp_double_jac(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_ecp_point * P); -#endif - -/** - * \brief Normalize jacobian coordinates of an array of (pointers to) - * points. - * - * Using Montgomery's trick to perform only one inversion mod P - * the cost is: - * 1N(t) := 1I + (6t - 3)M + 1S - * (See for example Algorithm 10.3.4. in [9]) - * - * This function is used only as a subrutine of - * ecp_mul_comb(). - * - * Warning: fails (returning an error) if one of the points is - * zero! - * This should never happen, see choice of w in ecp_mul_comb(). - * - * \param grp Pointer to the group representing the curve. - * - * \param T Array of pointers to the points to normalise. - * - * \param t_len Number of elements in the array. - * - * \return 0 if successful, - * an error if one of the points is zero. - */ -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) -int mbedtls_internal_ecp_normalize_jac_many(const mbedtls_ecp_group * grp, mbedtls_ecp_point * T[], size_t t_len); -#endif - -/** - * \brief Normalize jacobian coordinates so that Z == 0 || Z == 1. - * - * Cost in field operations if done by [5] 3.2.1: - * 1N := 1I + 3M + 1S - * - * \param grp Pointer to the group representing the curve. - * - * \param pt pointer to the point to be normalised. This is an - * input/output parameter. - * - * \return 0 if successful. - */ -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) -int mbedtls_internal_ecp_normalize_jac(const mbedtls_ecp_group * grp, mbedtls_ecp_point * pt); -#endif - -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) -int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, mbedtls_ecp_point * S, - const mbedtls_ecp_point * P, const mbedtls_ecp_point * Q, const mbedtls_mpi * d); -#endif - -/** - * \brief Randomize projective x/z coordinates: - * (X, Z) -> (l X, l Z) for random l - * - * \param grp pointer to the group representing the curve - * - * \param P the point on the curve to be randomised given with - * projective coordinates. This is an input/output parameter. - * - * \param f_rng a function pointer to the random number generator - * - * \param p_rng a pointer to the random number generator state - * - * \return 0 if successful - */ -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) -int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group * grp, mbedtls_ecp_point * P, - int (*f_rng)(void *, unsigned char *, size_t), void * p_rng); -#endif - -/** - * \brief Normalize Montgomery x/z coordinates: X = X/Z, Z = 1. - * - * \param grp pointer to the group representing the curve - * - * \param P pointer to the point to be normalised. This is an - * input/output parameter. - * - * \return 0 if successful - */ -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) -int mbedtls_internal_ecp_normalize_mxz(const mbedtls_ecp_group * grp, mbedtls_ecp_point * P); -#endif - -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#endif /* ecp_internal_alt.h */ diff --git a/src/platform/telink/crypto/internal/compatibility/ecp_invasive.h b/src/platform/telink/crypto/internal/compatibility/ecp_invasive.h deleted file mode 100644 index ce1ff6f0681730..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/ecp_invasive.h +++ /dev/null @@ -1,77 +0,0 @@ -/** - * \file ecp_invasive.h - * - * \brief ECP module: interfaces for invasive testing only. - * - * The interfaces in this file are intended for testing purposes only. - * They SHOULD NOT be made available in library integrations except when - * building the library for testing. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_ECP_INVASIVE_H -#define MBEDTLS_ECP_INVASIVE_H - -#include "../common.h" -#include "mbedtls/bignum.h" -#include "mbedtls/ecp.h" - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C) - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -/* Preconditions: - * - bits is a multiple of 64 or is 224 - * - c is -1 or -2 - * - 0 <= N < 2^bits - * - N has room for bits plus one limb - * - * Behavior: - * Set N to c * 2^bits + old_value_of_N. - */ -void mbedtls_ecp_fix_negative(mbedtls_mpi * N, signed char c, size_t bits); -#endif - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -/** Generate a private key on a Montgomery curve (Curve25519 or Curve448). - * - * This function implements key generation for the set of secret keys - * specified in [Curve25519] p. 5 and in [Curve448]. The resulting value - * has the lower bits masked but is not necessarily canonical. - * - * \note - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf - * - [RFC7748] https://tools.ietf.org/html/rfc7748 - * - * \p high_bit The position of the high-order bit of the key to generate. - * This is the bit-size of the key minus 1: - * 254 for Curve25519 or 447 for Curve448. - * \param d The randomly generated key. This is a number of size - * exactly \p n_bits + 1 bits, with the least significant bits - * masked as specified in [Curve25519] and in [RFC7748] §5. - * \param f_rng The RNG function. - * \param p_rng The RNG context to be passed to \p f_rng. - * - * \return \c 0 on success. - * \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure. - */ -int mbedtls_ecp_gen_privkey_mx(size_t n_bits, mbedtls_mpi * d, int (*f_rng)(void *, unsigned char *, size_t), void * p_rng); - -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ - -#endif /* MBEDTLS_ECP_INVASIVE_H */ diff --git a/src/platform/telink/crypto/internal/compatibility/padlock.h b/src/platform/telink/crypto/internal/compatibility/padlock.h deleted file mode 100644 index 6435a208f1d85c..00000000000000 --- a/src/platform/telink/crypto/internal/compatibility/padlock.h +++ /dev/null @@ -1,112 +0,0 @@ -/** - * \file padlock.h - * - * \brief VIA PadLock ACE for HW encryption/decryption supported by some - * processors - * - * \warning These functions are only for internal use by other library - * functions; you must not call them directly. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_PADLOCK_H -#define MBEDTLS_PADLOCK_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/aes.h" - -#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ - -#if defined(__has_feature) -#if __has_feature(address_sanitizer) -#define MBEDTLS_HAVE_ASAN -#endif -#endif - -/* Some versions of ASan result in errors about not enough registers */ -#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && !defined(MBEDTLS_HAVE_ASAN) - -#ifndef MBEDTLS_HAVE_X86 -#define MBEDTLS_HAVE_X86 -#endif - -#include - -#define MBEDTLS_PADLOCK_RNG 0x000C -#define MBEDTLS_PADLOCK_ACE 0x00C0 -#define MBEDTLS_PADLOCK_PHE 0x0C00 -#define MBEDTLS_PADLOCK_PMM 0x3000 - -#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t)(x) & ~15)) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Internal PadLock detection routine - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param feature The feature to detect - * - * \return non-zero if CPU has support for the feature, 0 otherwise - */ -int mbedtls_padlock_has_support(int feature); - -/** - * \brief Internal PadLock AES-ECB block en(de)cryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 if success, 1 if operation failed - */ -int mbedtls_padlock_xcryptecb(mbedtls_aes_context * ctx, int mode, const unsigned char input[16], unsigned char output[16]); - -/** - * \brief Internal PadLock AES-CBC buffer en(de)cryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if success, 1 if operation failed - */ -int mbedtls_padlock_xcryptcbc(mbedtls_aes_context * ctx, int mode, size_t length, unsigned char iv[16], const unsigned char * input, - unsigned char * output); - -#ifdef __cplusplus -} -#endif - -#endif /* HAVE_X86 */ - -#endif /* padlock.h */ diff --git a/src/platform/telink/crypto/internal/ecp_alt_b91_backend.c b/src/platform/telink/crypto/internal/ecp_alt_b91_backend.c deleted file mode 100644 index d28f0bbbcb6f81..00000000000000 --- a/src/platform/telink/crypto/internal/ecp_alt_b91_backend.c +++ /dev/null @@ -1,419 +0,0 @@ -/* - * Elliptic curves over GF(p): generic functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * References: - * - * SEC1 http://www.secg.org/index.php?action=secg,docs_secg - * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone - * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf - * RFC 4492 for the related TLS structures and constants - * RFC 7748 for the Curve448 and Curve25519 curve definitions - * - * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf - * - * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis - * for elliptic curve cryptosystems. In : Cryptographic Hardware and - * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302. - * - * - * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to - * render ECC resistant against Side Channel Attacks. IACR Cryptology - * ePrint Archive, 2004, vol. 2004, p. 342. - * - */ - -#include "common.h" - -#if defined(MBEDTLS_ECP_C) - -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" -#include "multithread.h" -#include "pke.h" -#include - -#if defined(MBEDTLS_ECP_ALT) - -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Woverride-init" -#pragma GCC diagnostic ignored "-Wvla" -#pragma GCC diagnostic ignored "-Wstack-usage=" - -/**************************************************************** - * HW unit curve data constants definition - ****************************************************************/ - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -static eccp_curve_t secp256r1 = { - .eccp_p_bitLen = 256, - .eccp_p = (unsigned int[]){ 0xffffffff, 0xffffffff, 0xffffffff, 0x00000000, 0x00000000, 0x00000000, 0x00000001, 0xffffffff }, - .eccp_p_h = (unsigned int[]){ 0x00000003, 0x00000000, 0xffffffff, 0xfffffffb, 0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004 }, - .eccp_p_h = (unsigned int[]){ 0x00000001 }, - .eccp_a = (unsigned int[]){ 0xfffffffc, 0xffffffff, 0xffffffff, 0x00000000, 0x00000000, 0x00000000, 0x00000001, 0xffffffff }, - .eccp_b = (unsigned int[]){ 0x27d2604b, 0x3bce3c3e, 0xcc53b0f6, 0x651d06b0, 0x769886bc, 0xb3ebbd55, 0xaa3a93e7, 0x5ac635d8 } -}; -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -static eccp_curve_t secp256k1 = { - .eccp_p_bitLen = 256, - .eccp_p = (unsigned int[]){ 0xfffffc2f, 0xfffffffe, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }, - .eccp_p_h = (unsigned int[]){ 0x000e90a1, 0x000007a2, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 }, - .eccp_p_h = (unsigned int[]){ 0xd2253531 }, - .eccp_a = (unsigned int[]){ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 }, - .eccp_b = (unsigned int[]){ 0x00000007, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 } -}; -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) -static eccp_curve_t BP256r1 = { - .eccp_p_bitLen = 256, - .eccp_p = (unsigned int[]){ 0x1f6e5377, 0x2013481d, 0xd5262028, 0x6e3bf623, 0x9d838d72, 0x3e660a90, 0xa1eea9bc, 0xa9fb57db }, - .eccp_p_h = (unsigned int[]){ 0xa6465b6c, 0x8cfedf7b, 0x614d4f4d, 0x5cce4c26, 0x6b1ac807, 0xa1ecdacd, 0xe5957fa8, 0x4717aa21 }, - .eccp_p_h = (unsigned int[]){ 0xcefd89b9 }, - .eccp_a = (unsigned int[]){ 0xf330b5d9, 0xe94a4b44, 0x26dc5c6c, 0xfb8055c1, 0x417affe7, 0xeef67530, 0xfc2c3057, 0x7d5a0975 }, - .eccp_b = (unsigned int[]){ 0xff8c07b6, 0x6bccdc18, 0x5cf7e1ce, 0x95841629, 0xbbd77cbf, 0xf330b5d9, 0xe94a4b44, 0x26dc5c6c } -}; -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -static eccp_curve_t secp224r1 = { - .eccp_p_bitLen = 224, - .eccp_p = (unsigned int[]){ 0x00000001, 0x00000000, 0x00000000, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }, - .eccp_p_h = (unsigned int[]){ 0x00000001, 0x00000000, 0x00000000, 0xfffffffe, 0xffffffff, 0xffffffff, 0x00000000 }, - .eccp_p_h = (unsigned int[]){ 0xffffffff }, - .eccp_a = (unsigned int[]){ 0xfffffffe, 0xffffffff, 0xffffffff, 0xfffffffe, 0xffffffff, 0xffffffff, 0xffffffff }, - .eccp_b = (unsigned int[]){ 0x2355ffb4, 0x270b3943, 0xd7bfd8ba, 0x5044b0b7, 0xf5413256, 0x0c04b3ab, 0xb4050a85 } -}; -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -static eccp_curve_t secp224k1 = { - .eccp_p_bitLen = 224, - .eccp_p = (unsigned int[]){ 0xffffe56d, 0xfffffffe, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }, - .eccp_p_h = (unsigned int[]){ 0x02c23069, 0x00003526, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000 }, - .eccp_p_h = (unsigned int[]){ 0x198d139b }, - .eccp_a = (unsigned int[]){ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 }, - .eccp_b = (unsigned int[]){ 0x00000005, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 } -}; -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -static eccp_curve_t secp192r1 = { - .eccp_p_bitLen = 192, - .eccp_p = (unsigned int[]){ 0xffffffff, 0xffffffff, 0xfffffffe, 0xffffffff, 0xffffffff, 0xffffffff }, - .eccp_p_h = (unsigned int[]){ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000 }, - .eccp_p_h = (unsigned int[]){ 0x00000001 }, - .eccp_a = (unsigned int[]){ 0xfffffffc, 0xffffffff, 0xfffffffe, 0xffffffff, 0xffffffff, 0xffffffff }, - .eccp_b = (unsigned int[]){ 0xc146b9b1, 0xfeb8deec, 0x72243049, 0x0fa7e9ab, 0xe59c80e7, 0x64210519 } -}; -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -static eccp_curve_t secp192k1 = { - .eccp_p_bitLen = 192, - .eccp_p = (unsigned int[]){ 0xffffee37, 0xfffffffe, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }, - .eccp_p_h = (unsigned int[]){ 0x013c4fd1, 0x00002392, 0x00000001, 0x00000000, 0x00000000, 0x00000000 }, - .eccp_p_h = (unsigned int[]){ 0x7446d879 }, - .eccp_a = (unsigned int[]){ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 }, - .eccp_b = (unsigned int[]){ 0x00000003, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 } -}; -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -static mont_curve_t x25519 = { - .mont_p_bitLen = 255, - .mont_p = (unsigned int[]){ 0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff }, - .mont_p_h = (unsigned int[]){ 0x000005a4, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 }, - .mont_p_n1 = (unsigned int[]){ 0x286bca1b }, - .mont_a24 = (unsigned int[]){ 0x0001db41, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000 } -}; -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ - -/**************************************************************** - * Linking mbedtls to HW unit curve data - ****************************************************************/ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -static const struct -{ - mbedtls_ecp_group_id group; - eccp_curve_t * curve_dat; -} eccp_curve_linking[] = { -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - { .group = MBEDTLS_ECP_DP_SECP256R1, .curve_dat = &secp256r1 }, -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - { .group = MBEDTLS_ECP_DP_SECP256K1, .curve_dat = &secp256k1 }, -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - { .group = MBEDTLS_ECP_DP_BP256R1, .curve_dat = &BP256r1 }, -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - { .group = MBEDTLS_ECP_DP_SECP224R1, .curve_dat = &secp224r1 }, -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - { .group = MBEDTLS_ECP_DP_SECP224K1, .curve_dat = &secp224k1 }, -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - { .group = MBEDTLS_ECP_DP_SECP192R1, .curve_dat = &secp192r1 }, -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - { .group = MBEDTLS_ECP_DP_SECP192K1, .curve_dat = &secp192k1 } -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ -}; -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -static const struct -{ - mbedtls_ecp_group_id group; - mont_curve_t * curve_dat; -} mont_curve_linking[] = { -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - { .group = MBEDTLS_ECP_DP_CURVE25519, .curve_dat = &x25519 } -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ -}; -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -/**************************************************************** - * Private functions declaration - ****************************************************************/ - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) -static eccp_curve_t * eccp_curve_get(const mbedtls_ecp_group * grp) -{ - eccp_curve_t * eccp_curve = NULL; - - for (size_t i = 0; i < sizeof(eccp_curve_linking) / sizeof(eccp_curve_linking[0]); i++) - { - if (eccp_curve_linking[i].group == grp->id) - { - eccp_curve = eccp_curve_linking[i].curve_dat; - break; - } - } - - return eccp_curve; -} -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) -static mont_curve_t * mont_curve_get(const mbedtls_ecp_group * grp) -{ - mont_curve_t * mont_curve = NULL; - - for (size_t i = 0; i < sizeof(mont_curve_linking) / sizeof(mont_curve_linking[0]); i++) - { - if (mont_curve_linking[i].group == grp->id) - { - mont_curve = mont_curve_linking[i].curve_dat; - break; - } - } - - return mont_curve; -} -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - -/**************************************************************** - * Public functions declaration - ****************************************************************/ - -int ecp_alt_b91_backend_check_pubkey(const mbedtls_ecp_group * grp, const mbedtls_ecp_point * pt) -{ - int result = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - - if (grp != NULL && pt != NULL) - { - result = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - const unsigned int word_len = GET_WORD_LEN(grp->pbits); - - if (word_len <= PKE_OPERAND_MAX_WORD_LEN) - { - unsigned int Qx[word_len], Qy[word_len]; - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - eccp_curve_t * eccp_curve = eccp_curve_get(grp); - if (eccp_curve != NULL) - { - (void) mbedtls_mpi_write_binary_le(&pt->X, (unsigned char *) Qx, sizeof(Qx)); - (void) mbedtls_mpi_write_binary_le(&pt->Y, (unsigned char *) Qy, sizeof(Qy)); - - mbedtls_ecp_lock(); - if (pke_eccp_point_verify(eccp_curve, Qx, Qy) == PKE_SUCCESS) - result = 0; - else - result = MBEDTLS_ERR_ECP_INVALID_KEY; - mbedtls_ecp_unlock(); - } - } -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - - memset(Qx, 0, sizeof(Qx)); - memset(Qy, 0, sizeof(Qy)); - } - } - return result; -} - -int ecp_alt_b91_backend_mul(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P) -{ - int result = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - - if (grp != NULL && R != NULL && m != NULL && P != NULL) - { - - result = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - const unsigned int word_len = GET_WORD_LEN(grp->pbits); - - if (word_len <= PKE_OPERAND_MAX_WORD_LEN) - { - unsigned int ms[word_len], Qx[word_len], Qy[word_len]; - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - eccp_curve_t * eccp_curve = eccp_curve_get(grp); - if (eccp_curve != NULL) - { - (void) mbedtls_mpi_write_binary_le(m, (unsigned char *) ms, sizeof(ms)); - (void) mbedtls_mpi_write_binary_le(&P->X, (unsigned char *) Qx, sizeof(Qx)); - (void) mbedtls_mpi_write_binary_le(&P->Y, (unsigned char *) Qy, sizeof(Qy)); - - mbedtls_ecp_lock(); - if (pke_eccp_point_mul(eccp_curve, ms, Qx, Qy, Qx, Qy) == PKE_SUCCESS) - { - (void) mbedtls_mpi_read_binary_le(&R->X, (const unsigned char *) Qx, sizeof(Qx)); - (void) mbedtls_mpi_read_binary_le(&R->Y, (const unsigned char *) Qy, sizeof(Qy)); - (void) mbedtls_mpi_lset(&R->Z, 1); - result = 0; - } - else - result = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - mbedtls_ecp_unlock(); - } - } -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ -#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) - { - mont_curve_t * mont_curve = mont_curve_get(grp); - if (mont_curve != NULL) - { - (void) mbedtls_mpi_write_binary_le(m, (unsigned char *) ms, sizeof(ms)); - (void) mbedtls_mpi_write_binary_le(&P->X, (unsigned char *) Qx, sizeof(Qx)); - - mbedtls_ecp_lock(); - if (pke_x25519_point_mul(mont_curve, ms, Qx, Qx) == PKE_SUCCESS) - { - (void) mbedtls_mpi_read_binary_le(&R->X, (const unsigned char *) Qx, sizeof(Qx)); - (void) mbedtls_mpi_lset(&R->Y, 0); - (void) mbedtls_mpi_lset(&R->Z, 1); - result = 0; - } - else - result = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - mbedtls_ecp_unlock(); - } - } -#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - - memset(ms, 0, sizeof(ms)); - memset(Qx, 0, sizeof(Qx)); - memset(Qy, 0, sizeof(Qy)); - } - } - return result; -} - -int ecp_alt_b91_backend_muladd(mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, - const mbedtls_mpi * n, const mbedtls_ecp_point * Q) -{ - - int result = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - - if (grp != NULL && R != NULL && m != NULL && P != NULL && n != NULL && Q != NULL) - { - - result = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; - const unsigned int word_len = GET_WORD_LEN(grp->pbits); - - if (word_len <= PKE_OPERAND_MAX_WORD_LEN) - { - unsigned int ms[word_len], Q1x[word_len], Q1y[word_len], Q2x[word_len], Q2y[word_len]; - -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - { - eccp_curve_t * eccp_curve = eccp_curve_get(grp); - if (eccp_curve != NULL) - { - (void) mbedtls_mpi_write_binary_le(&P->X, (unsigned char *) Q1x, sizeof(Q1x)); - (void) mbedtls_mpi_write_binary_le(&P->Y, (unsigned char *) Q1y, sizeof(Q1y)); - (void) mbedtls_mpi_write_binary_le(&Q->X, (unsigned char *) Q2x, sizeof(Q2x)); - (void) mbedtls_mpi_write_binary_le(&Q->Y, (unsigned char *) Q2y, sizeof(Q2y)); - - result = MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - - mbedtls_ecp_lock(); - - do - { - (void) mbedtls_mpi_write_binary_le(m, (unsigned char *) ms, sizeof(ms)); - if (pke_eccp_point_mul(eccp_curve, ms, Q1x, Q1y, Q1x, Q1y) != PKE_SUCCESS) - break; - - (void) mbedtls_mpi_write_binary_le(n, (unsigned char *) ms, sizeof(ms)); - if (pke_eccp_point_mul(eccp_curve, ms, Q2x, Q2y, Q2x, Q2y) != PKE_SUCCESS) - break; - - if (pke_eccp_point_add(eccp_curve, Q1x, Q1y, Q2x, Q2y, Q1x, Q1y) != PKE_SUCCESS) - break; - - (void) mbedtls_mpi_read_binary_le(&R->X, (const unsigned char *) Q1x, sizeof(Q1x)); - (void) mbedtls_mpi_read_binary_le(&R->Y, (const unsigned char *) Q1y, sizeof(Q1y)); - (void) mbedtls_mpi_lset(&R->Z, 1); - result = 0; - - } while (0); - - mbedtls_ecp_unlock(); - } - } -#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - - memset(ms, 0, sizeof(ms)); - memset(Q1x, 0, sizeof(Q1x)); - memset(Q1y, 0, sizeof(Q1y)); - memset(Q2x, 0, sizeof(Q2x)); - memset(Q2y, 0, sizeof(Q2y)); - } - } - return result; -} - -#pragma GCC diagnostic pop - -#endif /* MBEDTLS_ECP_ALT */ - -#endif /* MBEDTLS_ECP_C */ diff --git a/src/platform/telink/crypto/internal/ecp_alt_b91_backend_test.c b/src/platform/telink/crypto/internal/ecp_alt_b91_backend_test.c deleted file mode 100644 index 0e9936d688e932..00000000000000 --- a/src/platform/telink/crypto/internal/ecp_alt_b91_backend_test.c +++ /dev/null @@ -1,479 +0,0 @@ -/* - * Elliptic curves over GF(p): generic functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "common.h" - -#if defined(MBEDTLS_ECP_C) - -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecp.h" -#include "mbedtls/entropy.h" -#include "mbedtls/error.h" -#include "mbedtls/platform.h" -#include "test_utils.h" - -#if defined(MBEDTLS_ECP_ALT) - -#if defined(MBEDTLS_SELF_TEST) - -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Woverride-init" -#pragma GCC diagnostic ignored "-Wvla" -#pragma GCC diagnostic ignored "-Wstack-usage=" - -/**************************************************************** - * Test vectors - ****************************************************************/ - -static const struct -{ - mbedtls_ecp_group_id ecp_group_id; - const unsigned char * sk; - const size_t sk_len; - const unsigned char * pk; - const size_t pk_len; - const unsigned char * sum; -} ecp_test_cases[] = { -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP521R1, - .sk = (const unsigned char[]){ 0x01, 0xeb, 0x60, 0x88, 0x03, 0x15, 0x7b, 0x13, 0xb1, 0xc3, 0x5b, 0xa8, 0x7b, 0x09, - 0xa4, 0x2e, 0xa6, 0x0f, 0xc7, 0x06, 0x66, 0x55, 0x22, 0x57, 0x0c, 0x08, 0x5a, 0x50, - 0xa4, 0x44, 0x5f, 0xea, 0x85, 0xed, 0x7f, 0xf3, 0xcf, 0x0c, 0x01, 0xd9, 0x4a, 0x87, - 0x9e, 0xcc, 0xa4, 0x60, 0x1b, 0x3d, 0x08, 0xfb, 0x37, 0x8d, 0x51, 0x07, 0x76, 0xcc, - 0xf1, 0x32, 0x0d, 0x8d, 0x12, 0x41, 0x2b, 0xa4, 0x5d, 0x8d }, - .sk_len = 66, - .pk = (const unsigned char[]){ 0x04, 0x00, 0xef, 0xa5, 0x11, 0x33, 0x8b, 0x71, 0xba, 0x23, 0x9a, 0x37, 0xed, 0xad, 0xfa, - 0xf6, 0x94, 0x3f, 0xac, 0x7e, 0x23, 0x63, 0x4f, 0xcd, 0xad, 0x45, 0x70, 0xa9, 0x0b, 0x26, - 0xee, 0x96, 0x4f, 0x7e, 0x46, 0xce, 0xa7, 0xe5, 0x1f, 0xa3, 0xcc, 0xa5, 0xe1, 0x64, 0x57, - 0x92, 0x1a, 0x29, 0xa4, 0x1a, 0x0c, 0x82, 0xd4, 0x40, 0x59, 0x20, 0x20, 0x99, 0x87, 0xf3, - 0x46, 0x04, 0x9e, 0x25, 0x1a, 0x6d, 0x21, 0x01, 0x2a, 0xd3, 0x86, 0x7a, 0x8c, 0xcc, 0xfa, - 0x68, 0x99, 0x1f, 0xc5, 0x60, 0x35, 0x7b, 0x34, 0x8f, 0xf1, 0xfd, 0xa3, 0x5a, 0xac, 0x9b, - 0x09, 0xdf, 0xa5, 0x44, 0x45, 0xd8, 0xc9, 0x49, 0xa9, 0x05, 0xa5, 0x45, 0xba, 0xfc, 0x3b, - 0xb4, 0xe0, 0xda, 0x9d, 0x67, 0x3d, 0xb4, 0x05, 0xa7, 0x39, 0x57, 0xa2, 0x7d, 0x12, 0x6f, - 0x5c, 0x34, 0xab, 0xc1, 0x8d, 0xef, 0xe0, 0xec, 0x9a, 0xed, 0xad, 0x1b, 0x71 }, - .pk_len = 133, - .sum = (const unsigned char[]){ 0x04, 0x01, 0x68, 0x45, 0x34, 0x25, 0x5b, 0xad, 0x67, 0x54, 0x6b, 0x7c, 0x45, 0xe7, 0x60, - 0x7b, 0xe7, 0x2f, 0xe4, 0x94, 0xf6, 0x28, 0x06, 0x74, 0x0d, 0x85, 0xe4, 0xba, 0xcb, 0xec, - 0x51, 0xed, 0x37, 0xda, 0xbb, 0xf0, 0xb5, 0xa9, 0x07, 0xe4, 0xca, 0xed, 0x79, 0xb1, 0x2d, - 0xce, 0xf8, 0x4d, 0x7a, 0xee, 0x85, 0x41, 0x48, 0xac, 0x16, 0x51, 0x20, 0x88, 0x1e, 0x49, - 0x03, 0xc5, 0x1f, 0x99, 0x3f, 0x8a, 0x7d, 0x00, 0x10, 0xe1, 0xb7, 0xf9, 0x28, 0x76, 0xe4, - 0xf5, 0x36, 0xc0, 0x57, 0xd5, 0xf9, 0xba, 0xab, 0x49, 0x32, 0xf9, 0x84, 0xa9, 0x53, 0x14, - 0x73, 0xfe, 0xfe, 0xf3, 0xe9, 0xa2, 0xf4, 0x0d, 0xa6, 0x3c, 0xd7, 0x3a, 0x3b, 0xfc, 0x30, - 0xaa, 0xff, 0x2c, 0x86, 0x7a, 0xa7, 0xf0, 0x0b, 0x83, 0xb7, 0x3a, 0x98, 0x52, 0xac, 0x66, - 0x0c, 0x4c, 0x4b, 0x49, 0x9f, 0xea, 0xfa, 0x2b, 0xa6, 0x32, 0xe4, 0x87, 0xbf } }, -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_BP512R1, - .sk = - (const unsigned char[]){ 0x64, 0x35, 0x05, 0x6c, 0x1d, 0x98, 0xc8, 0xe1, 0x30, 0x5e, 0xf4, 0x11, 0x2c, 0x05, 0x68, 0x98, - 0x31, 0xf4, 0xba, 0x16, 0xf4, 0x67, 0x9a, 0x78, 0x6a, 0x8f, 0x7c, 0x18, 0x36, 0xca, 0x3f, 0xd4, - 0xc1, 0x4a, 0x9b, 0xfd, 0x32, 0x70, 0x68, 0x76, 0xb1, 0xc8, 0x1d, 0x9a, 0xae, 0x8a, 0x24, 0x01, - 0xad, 0xf7, 0x45, 0x36, 0x18, 0x23, 0x9e, 0x3e, 0x1e, 0xf2, 0xfa, 0x03, 0x35, 0xd1, 0xad, 0x92 }, - .sk_len = 64, - .pk = (const unsigned char[]){ 0x04, 0x47, 0x6a, 0x9d, 0x4e, 0xb4, 0xb9, 0x1c, 0x82, 0x11, 0xa4, 0xff, 0x40, 0x60, 0xf1, - 0x34, 0xd8, 0x29, 0x26, 0xa8, 0xd8, 0xcc, 0x08, 0x38, 0x5d, 0xe4, 0x93, 0xc0, 0xfc, 0xb2, - 0xe5, 0x60, 0x39, 0x1f, 0x7c, 0x37, 0x60, 0x77, 0xc6, 0x1d, 0x4b, 0x4d, 0x3c, 0x61, 0xcf, - 0x6e, 0x38, 0x44, 0x37, 0x7c, 0x7f, 0x42, 0x7b, 0xbf, 0x8e, 0x45, 0x79, 0x53, 0x8a, 0x94, - 0x4d, 0xef, 0x08, 0xb0, 0x99, 0x92, 0xce, 0xa2, 0xa7, 0x87, 0xda, 0x2c, 0x92, 0x2a, 0x59, - 0x58, 0xc4, 0xa2, 0x05, 0x77, 0x8a, 0x31, 0x68, 0x36, 0xf4, 0x4d, 0x61, 0xb3, 0x27, 0x97, - 0xc5, 0x98, 0x24, 0xed, 0x6c, 0x28, 0x8c, 0xee, 0xd8, 0x2c, 0xc3, 0x90, 0xf1, 0x36, 0xc6, - 0x62, 0xca, 0x3c, 0xb9, 0xa4, 0x4f, 0x27, 0x92, 0x7f, 0x8b, 0x43, 0x36, 0x43, 0x04, 0x82, - 0xb7, 0x4b, 0x52, 0x9a, 0x02, 0xc9, 0x2a, 0x08, 0x36 }, - .pk_len = 129, - .sum = (const unsigned char[]){ 0x04, 0x1d, 0x10, 0xaa, 0xb7, 0x2b, 0x6b, 0x1c, 0x8e, 0xde, 0x85, 0x9b, 0xf3, 0x8c, 0xaf, - 0xbb, 0x86, 0xdd, 0xc9, 0x0b, 0xc0, 0xdc, 0x28, 0x1c, 0xf4, 0x1e, 0x81, 0x9d, 0x8a, 0x93, - 0x43, 0xcf, 0xf9, 0xfe, 0x30, 0xb2, 0x04, 0x50, 0x08, 0x96, 0x1c, 0x61, 0xc7, 0x5c, 0xea, - 0x28, 0xef, 0x9e, 0x9a, 0x34, 0xaf, 0x77, 0x2b, 0x89, 0x63, 0x6d, 0x81, 0x72, 0x6a, 0x72, - 0x3d, 0xca, 0x10, 0x1f, 0xfc, 0x9d, 0xe5, 0x89, 0xd7, 0x82, 0x46, 0xe2, 0x59, 0x88, 0xa8, - 0x4d, 0x2c, 0x91, 0x28, 0x5d, 0x40, 0x8d, 0xc0, 0xe9, 0x4f, 0xb1, 0x70, 0xcf, 0xf3, 0x05, - 0xb6, 0xb8, 0xf9, 0xd7, 0x24, 0x7e, 0xf5, 0x9d, 0x65, 0x4f, 0xb6, 0xb8, 0x7f, 0x44, 0xae, - 0x38, 0x21, 0xbc, 0x32, 0xef, 0x6f, 0xf7, 0x8a, 0xd5, 0xa5, 0xe7, 0xee, 0xa3, 0x76, 0xc5, - 0xee, 0x1f, 0x4f, 0x7c, 0xfc, 0x8e, 0x39, 0x7b, 0xe7 } }, -#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP384R1, - .sk = - (const unsigned char[]){ 0x35, 0x05, 0x64, 0x07, 0xb0, 0xfd, 0x3e, 0x09, 0xe3, 0x07, 0x41, 0xdc, 0x8a, 0xd3, 0xef, 0xc7, - 0xad, 0x29, 0xc5, 0x97, 0x8a, 0xbb, 0x15, 0x10, 0xac, 0xd2, 0x47, 0xac, 0xdc, 0xa7, 0x45, 0xf0, - 0x27, 0x17, 0x8f, 0x4a, 0x7a, 0xd1, 0xcc, 0xd2, 0x17, 0xc2, 0x22, 0x6a, 0x99, 0xf1, 0x8b, 0xc0 }, - .sk_len = 48, - .pk = (const unsigned char[]){ 0x04, 0xc8, 0x2d, 0xaa, 0x27, 0xd0, 0x91, 0x1f, 0x3d, 0x41, 0xf5, 0xe7, 0xa6, 0x46, - 0xae, 0xf8, 0xca, 0x74, 0x31, 0x63, 0xe2, 0x1f, 0x38, 0x25, 0x05, 0x5f, 0xa0, 0xfa, - 0x49, 0x51, 0x71, 0xea, 0x4f, 0xb6, 0x1a, 0xc3, 0xfd, 0xf3, 0x8e, 0x95, 0xe6, 0xfe, - 0x7b, 0xff, 0x65, 0x26, 0xd4, 0xf0, 0x8e, 0x06, 0x70, 0x03, 0x10, 0xba, 0xd8, 0x7c, - 0x54, 0x55, 0x23, 0x18, 0x57, 0x27, 0x6d, 0xe2, 0xc4, 0x4e, 0x30, 0xb7, 0x36, 0xdc, - 0x15, 0xb6, 0xdf, 0xaf, 0xb0, 0xe4, 0x78, 0xbb, 0xad, 0x1d, 0xf0, 0x50, 0x00, 0xbd, - 0x90, 0xfa, 0x4c, 0xb3, 0x3d, 0xbc, 0xf9, 0x54, 0xf6, 0x61, 0xaf, 0xcb, 0xfc }, - .pk_len = 97, - .sum = (const unsigned char[]){ 0x04, 0xf5, 0xf1, 0x09, 0xb7, 0x3d, 0x7e, 0x05, 0x13, 0xc7, 0x6a, 0x99, 0x17, 0xcf, - 0x3b, 0x5a, 0x5a, 0x04, 0x1a, 0x6e, 0xa4, 0x23, 0x9d, 0x47, 0xab, 0x04, 0x5e, 0xe4, - 0x83, 0xa3, 0x0b, 0xac, 0x16, 0x2d, 0x6e, 0x5d, 0x87, 0x23, 0xcd, 0xbc, 0x3b, 0xdb, - 0xb7, 0x21, 0xc1, 0x18, 0x19, 0x8d, 0x3b, 0x80, 0x6f, 0x93, 0xa6, 0xbd, 0xa0, 0x72, - 0x7d, 0x58, 0x90, 0xa4, 0x87, 0x8a, 0xe4, 0x6d, 0x1c, 0xf5, 0xeb, 0x3b, 0x8b, 0x38, - 0x97, 0x42, 0x33, 0x3c, 0x9e, 0x43, 0x4d, 0x63, 0x7a, 0x21, 0x9e, 0x02, 0x7a, 0x0d, - 0x19, 0x26, 0x45, 0xa8, 0x74, 0x29, 0x7c, 0x24, 0x8e, 0x71, 0x95, 0xcf, 0x9d } }, -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_BP384R1, - .sk = - (const unsigned char[]){ 0x50, 0xff, 0xbb, 0xab, 0x9c, 0x62, 0x8c, 0x3e, 0xc4, 0x1d, 0xb9, 0x00, 0x5e, 0x1a, 0xf0, 0x8d, - 0x64, 0x58, 0x44, 0x97, 0x2c, 0xf5, 0x2f, 0xcf, 0x7d, 0xb8, 0x36, 0xcc, 0x3a, 0x33, 0x46, 0x85, - 0x4c, 0xf5, 0x6f, 0x89, 0xfc, 0xd9, 0xc4, 0x98, 0xc5, 0x12, 0x8a, 0x59, 0xcb, 0xff, 0x91, 0xc7 }, - .sk_len = 48, - .pk = (const unsigned char[]){ 0x04, 0x3a, 0xef, 0x56, 0x8a, 0x8b, 0x51, 0x2b, 0xb7, 0x49, 0x3c, 0x92, 0xc4, 0x6a, - 0x12, 0xd5, 0x84, 0x2f, 0x53, 0x89, 0x8c, 0x38, 0x29, 0x3f, 0xe0, 0xbc, 0x94, 0x47, - 0x5e, 0xd1, 0x74, 0x04, 0x50, 0x31, 0x6a, 0x80, 0xc3, 0xe3, 0x69, 0x02, 0xac, 0xe7, - 0xcd, 0x21, 0x65, 0x6c, 0x1d, 0x8a, 0x1a, 0x74, 0xf8, 0x79, 0x88, 0x75, 0x42, 0xe1, - 0x7c, 0xb1, 0x7d, 0xa7, 0xf8, 0xda, 0x57, 0xdc, 0x00, 0x1f, 0xd6, 0x07, 0xa6, 0xc6, - 0x85, 0xc5, 0x8d, 0xc3, 0xaa, 0x4c, 0xd1, 0x4f, 0xf9, 0x65, 0xf0, 0x56, 0xce, 0x0f, - 0x48, 0x54, 0x9a, 0xf4, 0xe2, 0x15, 0x08, 0x05, 0x9e, 0xbc, 0xb8, 0x17, 0x03 }, - .pk_len = 97, - .sum = (const unsigned char[]){ 0x04, 0x7c, 0x9b, 0xab, 0x7c, 0x51, 0xc0, 0x36, 0x5c, 0xdd, 0x22, 0xf7, 0x10, 0xb7, - 0x39, 0x14, 0x50, 0xf9, 0xe1, 0x05, 0x09, 0x74, 0x5b, 0x1a, 0x5c, 0x21, 0xcc, 0x10, - 0xca, 0x9a, 0xf4, 0x3a, 0x72, 0x57, 0x43, 0xfb, 0x52, 0x9e, 0x6d, 0x20, 0x77, 0x4a, - 0xcd, 0x6a, 0xd8, 0xa1, 0x39, 0x94, 0x7e, 0x7e, 0x08, 0x49, 0x91, 0x98, 0x86, 0x76, - 0xb7, 0xca, 0xb8, 0xbe, 0x15, 0xd6, 0x50, 0x64, 0xb2, 0x0c, 0x07, 0x6c, 0x07, 0x0f, - 0x48, 0xd4, 0xd9, 0x95, 0x2f, 0xf0, 0xb0, 0x21, 0xd0, 0x39, 0xe0, 0x43, 0xbd, 0x40, - 0x0a, 0xa7, 0x8d, 0xaf, 0x4b, 0xc3, 0xff, 0xf6, 0x76, 0xd4, 0x19, 0x2f, 0x7f } }, -#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP256R1, - .sk = - (const unsigned char[]){ 0x3d, 0x1d, 0x83, 0xfa, 0xf6, 0xbb, 0x86, 0xe9, 0xf8, 0x9e, 0x45, 0x6a, 0xa8, 0x29, 0x6f, 0x52, - 0x04, 0x79, 0xff, 0xc4, 0x94, 0xd8, 0xe0, 0xe7, 0xcd, 0xe8, 0xe0, 0x83, 0xab, 0xcf, 0x63, 0x0b }, - .sk_len = 32, - .pk = (const unsigned char[]){ 0x04, 0xd3, 0x48, 0xb6, 0x80, 0x35, 0x49, 0x67, 0x97, 0xc9, 0x28, 0xc4, 0xfe, - 0xa6, 0x13, 0xe1, 0xb3, 0xee, 0x51, 0x95, 0xfd, 0x20, 0x7f, 0xe7, 0xdc, 0x7d, - 0xc0, 0x6b, 0x4e, 0xa6, 0x5d, 0x6f, 0x42, 0x61, 0xc4, 0xeb, 0x3b, 0x95, 0x5e, - 0xea, 0x57, 0xe1, 0x21, 0xcc, 0x11, 0xd6, 0x79, 0x7c, 0x5f, 0xf7, 0x52, 0xea, - 0x17, 0x07, 0x81, 0xb5, 0x53, 0x7e, 0xbb, 0x4f, 0xba, 0xdd, 0xbf, 0xd4, 0x08 }, - .pk_len = 65, - .sum = (const unsigned char[]){ 0x04, 0xd4, 0x87, 0x27, 0x27, 0xbf, 0xaf, 0x6a, 0xea, 0xb7, 0x84, 0xa8, 0x1a, - 0xd8, 0x29, 0x9e, 0x2b, 0xa7, 0x87, 0x4f, 0xa9, 0xb5, 0x7a, 0x66, 0x5f, 0xbe, - 0x5c, 0xef, 0x83, 0x49, 0x89, 0xd1, 0x34, 0x46, 0x2a, 0x54, 0xe6, 0x92, 0x56, - 0xde, 0xcd, 0x44, 0xe9, 0x99, 0x2a, 0x80, 0xad, 0x78, 0xe6, 0x29, 0xcc, 0x77, - 0xdd, 0x1c, 0x93, 0x03, 0xe2, 0xe9, 0x99, 0x58, 0x86, 0x8f, 0xea, 0xac, 0x3d } }, -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP256K1, - .sk = - (const unsigned char[]){ 0x38, 0x4c, 0x12, 0x83, 0xf8, 0x4d, 0xba, 0x47, 0xcf, 0x6b, 0x71, 0xff, 0xc3, 0x7c, 0x8d, 0x08, - 0x65, 0xee, 0xed, 0x5b, 0x2b, 0x48, 0xf3, 0x79, 0xdf, 0x52, 0x53, 0xff, 0x10, 0xf9, 0x22, 0x7c }, - .sk_len = 32, - .pk = (const unsigned char[]){ 0x04, 0x73, 0x06, 0x4b, 0x4b, 0x3e, 0x38, 0x2f, 0xa0, 0x89, 0x1f, 0x61, 0xfc, - 0x85, 0xf9, 0x51, 0xbe, 0xe4, 0x3d, 0x2c, 0xe9, 0x3e, 0xb0, 0x79, 0x77, 0xaf, - 0x9f, 0xd7, 0xd9, 0x71, 0x68, 0x31, 0x22, 0xc4, 0x9a, 0x25, 0x0c, 0x81, 0x64, - 0x0a, 0xc7, 0xd5, 0x40, 0xb3, 0xe8, 0x9f, 0xb5, 0xb3, 0xc4, 0xc9, 0x6a, 0x13, - 0x3e, 0xf8, 0x3e, 0x8d, 0xa2, 0xfe, 0x1d, 0xd0, 0x47, 0x64, 0x88, 0x8e, 0x7a }, - .pk_len = 65, - .sum = (const unsigned char[]){ 0x04, 0x50, 0x81, 0x70, 0xde, 0x4b, 0x36, 0x41, 0xe8, 0x1a, 0x41, 0xf0, 0x5b, - 0x88, 0x1e, 0x4e, 0xed, 0xed, 0x46, 0x0c, 0xf3, 0xd5, 0xfb, 0xe6, 0x8a, 0x13, - 0xa1, 0xf5, 0x57, 0x69, 0x0a, 0x3d, 0x33, 0x0f, 0x6f, 0xb5, 0x99, 0x80, 0x58, - 0x12, 0xc2, 0x12, 0x62, 0xfc, 0xd2, 0x5b, 0x2e, 0xa2, 0x27, 0xe7, 0x99, 0xab, - 0x91, 0x51, 0x41, 0x0f, 0x06, 0x1e, 0x3d, 0xfd, 0x06, 0xa1, 0x8a, 0xc7, 0xf2 } }, -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_BP256R1, - .sk = - (const unsigned char[]){ 0xa6, 0xb5, 0x48, 0x3f, 0x74, 0xd9, 0x94, 0x9f, 0x09, 0xcd, 0x56, 0x29, 0x19, 0xde, 0xfc, 0x41, - 0x3a, 0x83, 0xf1, 0x2a, 0xda, 0x4f, 0x5f, 0xf4, 0x8e, 0xb5, 0x20, 0x59, 0x11, 0x8e, 0xe6, 0x03 }, - .sk_len = 32, - .pk = (const unsigned char[]){ 0x04, 0x95, 0x44, 0xdb, 0xb4, 0xdc, 0x6f, 0x39, 0x23, 0xb1, 0x3b, 0x13, 0xb6, - 0xcc, 0xcc, 0xde, 0xfb, 0xc0, 0x10, 0xfa, 0x8a, 0x06, 0x30, 0xb9, 0x10, 0x22, - 0xc8, 0x84, 0x7c, 0xf3, 0xba, 0xbd, 0x3a, 0x67, 0xb4, 0x48, 0x68, 0x59, 0x54, - 0x68, 0xab, 0x2d, 0x2d, 0x6f, 0xa7, 0xbf, 0x61, 0x92, 0x2b, 0x07, 0xc0, 0x8c, - 0xb9, 0x3f, 0x88, 0x02, 0x09, 0xfe, 0xfa, 0x72, 0x87, 0x19, 0xaa, 0x19, 0xcc }, - .pk_len = 65, - .sum = (const unsigned char[]){ 0x04, 0x7d, 0x88, 0xb4, 0x73, 0xa0, 0x7d, 0x66, 0x5c, 0xc2, 0x9b, 0x7a, 0xbc, - 0x0c, 0xab, 0x04, 0xc9, 0x79, 0x3e, 0x9a, 0x4e, 0xd3, 0x27, 0x75, 0x1e, 0x4d, - 0x07, 0x7b, 0x5c, 0xbc, 0xce, 0x15, 0xdb, 0x01, 0xb3, 0xd0, 0xcd, 0x27, 0x1b, - 0xe1, 0x57, 0x58, 0x07, 0x88, 0xfd, 0xfd, 0x89, 0xd7, 0x71, 0xcf, 0xbb, 0xa2, - 0xcb, 0x03, 0xd4, 0x34, 0xb1, 0x9e, 0x34, 0x21, 0x31, 0x07, 0x51, 0x6a, 0x0e } }, -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP224R1, - .sk = (const unsigned char[]){ 0x34, 0xac, 0xe1, 0x1f, 0xfa, 0x5e, 0x25, 0xac, 0xee, 0x68, 0xa8, 0xc1, 0x47, 0x64, - 0xa2, 0xa4, 0x69, 0xd5, 0x2c, 0x99, 0x3c, 0x77, 0xf9, 0xc2, 0x38, 0x42, 0x79, 0x93 }, - .sk_len = 28, - .pk = (const unsigned char[]){ 0x04, 0x37, 0x84, 0x05, 0x01, 0xf4, 0x98, 0x12, 0x37, 0x5e, 0xf7, 0x13, 0xcb, 0x29, 0x6a, - 0x43, 0xf4, 0x47, 0xd2, 0xe4, 0x14, 0x3c, 0x10, 0xef, 0x9c, 0x00, 0x59, 0xb6, 0x01, 0x69, - 0x71, 0x76, 0x46, 0x9e, 0x85, 0xa7, 0xc6, 0x39, 0x23, 0x59, 0xf7, 0xfd, 0x41, 0xfe, 0xa8, - 0x3e, 0x6b, 0x97, 0x68, 0xe4, 0x5b, 0x1d, 0xea, 0xcd, 0x85, 0x15, 0xa3 }, - .pk_len = 57, - .sum = (const unsigned char[]){ 0x04, 0x7d, 0x26, 0x1b, 0xf6, 0xb4, 0xa9, 0x45, 0xf8, 0x0f, 0x93, 0xef, 0x05, 0x43, 0x98, - 0x1b, 0x48, 0xf5, 0xea, 0x5c, 0x07, 0x7d, 0xe9, 0x42, 0xc6, 0x9a, 0x11, 0x27, 0x62, 0x00, - 0xef, 0x24, 0x13, 0x53, 0xe0, 0x6b, 0x9b, 0xf5, 0xdd, 0x76, 0xfe, 0xa9, 0xd0, 0x0e, 0xdc, - 0x1f, 0x3d, 0xec, 0x15, 0x36, 0x5e, 0x53, 0xe1, 0x30, 0xb7, 0x25, 0x26 } }, -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP224K1, - .sk = (const unsigned char[]){ 0xba, 0xc8, 0xa0, 0x42, 0xe1, 0x0c, 0xa2, 0xf3, 0xf0, 0x76, 0x04, 0x74, 0xb7, 0x1a, - 0x8f, 0x42, 0xc3, 0x25, 0xeb, 0x57, 0xcd, 0x8d, 0xb0, 0xf9, 0x73, 0x1a, 0x18, 0x26 }, - .sk_len = 28, - .pk = (const unsigned char[]){ 0x04, 0x7f, 0x07, 0xbe, 0xb0, 0x26, 0xd8, 0x6c, 0xe4, 0x09, 0xe8, 0xa6, 0x21, 0x70, 0x37, - 0x52, 0xd6, 0x14, 0x58, 0x4c, 0x99, 0xc8, 0x62, 0x28, 0x6c, 0xeb, 0x3f, 0xf8, 0x30, 0xbb, - 0x82, 0x4c, 0x8a, 0x88, 0xb4, 0x7f, 0x14, 0x17, 0xd0, 0xf5, 0xba, 0xd0, 0x0f, 0xf6, 0xb8, - 0x8c, 0xbb, 0x11, 0x3e, 0x7d, 0x73, 0xc5, 0xf4, 0x4d, 0x22, 0x78, 0x0f }, - .pk_len = 57, - .sum = (const unsigned char[]){ 0x04, 0xb2, 0xbe, 0x4b, 0xc0, 0x62, 0xf2, 0xf6, 0x0e, 0x7f, 0x48, 0x25, 0x50, 0x81, 0xed, - 0xac, 0x14, 0xaa, 0x42, 0x5f, 0x0d, 0x12, 0x52, 0x6d, 0xe0, 0xbc, 0x08, 0x0b, 0x9f, 0xc9, - 0x82, 0x19, 0x07, 0xbf, 0x19, 0x1a, 0x1c, 0xdc, 0x75, 0xbc, 0xe4, 0x5d, 0xcb, 0x4b, 0x9f, - 0x2a, 0xbf, 0x1c, 0xd2, 0xa3, 0x63, 0x33, 0x3f, 0x32, 0xd0, 0xcf, 0x33 } }, -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP192R1, - .sk = (const unsigned char[]){ 0x52, 0x9f, 0x95, 0xf5, 0x4e, 0x73, 0xb6, 0x75, 0x14, 0xcc, 0x92, 0x0c, - 0xcc, 0x07, 0x84, 0x06, 0x01, 0xf3, 0xde, 0x42, 0xad, 0x79, 0x6c, 0x82 }, - .sk_len = 24, - .pk = (const unsigned char[]){ 0x04, 0x61, 0xe9, 0x8d, 0x7e, 0x8e, 0x40, 0x31, 0x20, 0x27, 0xfb, 0x3f, 0x45, - 0x4b, 0x65, 0x0e, 0xfc, 0x41, 0x56, 0x49, 0x20, 0xe6, 0x5c, 0xd4, 0xaa, 0x40, - 0xfe, 0xbc, 0x03, 0xc1, 0xfc, 0x0d, 0x5e, 0x4f, 0xe9, 0x55, 0x08, 0x8c, 0x90, - 0x04, 0xeb, 0xdc, 0x63, 0x89, 0xb2, 0x58, 0x28, 0xfa, 0x28 }, - .pk_len = 49, - .sum = (const unsigned char[]){ 0x04, 0x0a, 0xe7, 0xc5, 0x9e, 0x3b, 0x36, 0xb9, 0x38, 0xdd, 0x75, 0x41, 0x7c, - 0x2d, 0x90, 0xaf, 0x2d, 0x62, 0xf5, 0x5a, 0x86, 0xfe, 0xa0, 0x5f, 0x22, 0xdb, - 0xf3, 0xba, 0x49, 0x47, 0x7d, 0x74, 0x59, 0x02, 0xb3, 0x6c, 0xf2, 0x1e, 0x18, - 0x5b, 0xea, 0x1a, 0xcb, 0xb0, 0x1d, 0x4b, 0x68, 0xec, 0xab - - } }, -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_SECP192K1, - .sk = (const unsigned char[]){ 0xf2, 0x58, 0xcf, 0xba, 0xb6, 0xb0, 0xb4, 0x03, 0x9e, 0xb2, 0x74, 0xfc, - 0x70, 0xfc, 0x99, 0x0c, 0xcc, 0xed, 0xf4, 0x5f, 0x32, 0x72, 0x22, 0x94 }, - .sk_len = 24, - .pk = (const unsigned char[]){ 0x04, 0xac, 0xe4, 0x74, 0xd8, 0x67, 0x26, 0x60, 0xff, 0x35, 0x10, 0x74, 0xa1, - 0x4e, 0x46, 0xed, 0x2b, 0x94, 0x10, 0x13, 0x01, 0x51, 0x8f, 0xe7, 0xf1, 0xe8, - 0x3d, 0x4a, 0x32, 0x87, 0xe7, 0x4f, 0x39, 0x87, 0xa5, 0x86, 0xef, 0xd1, 0xc8, - 0x12, 0xc8, 0x9b, 0xcd, 0xc6, 0x3d, 0x8d, 0x7a, 0x1b, 0x70 }, - .pk_len = 49, - .sum = (const unsigned char[]){ 0x04, 0x7c, 0xe5, 0xe9, 0x57, 0x0c, 0x36, 0x88, 0x8f, 0xaf, 0xe5, 0x4a, 0xac, - 0xf2, 0x2d, 0xf9, 0xba, 0xf9, 0xb5, 0xa2, 0x64, 0xa2, 0x0b, 0x9f, 0x69, 0xfb, - 0xc7, 0xe1, 0x88, 0xd1, 0xf5, 0x56, 0x6c, 0x6b, 0xc7, 0x64, 0x94, 0xd4, 0x86, - 0xf3, 0x6a, 0xe3, 0x5d, 0x33, 0xda, 0x48, 0x62, 0x18, 0x33 } }, -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ -#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED - { .ecp_group_id = MBEDTLS_ECP_DP_CURVE25519, - .sk = - (const unsigned char[]){ 0x60, 0xc6, 0x2b, 0x85, 0x21, 0x87, 0xf7, 0xd5, 0xdb, 0x8a, 0xa0, 0x3c, 0xe1, 0x73, 0x66, 0xe6, - 0xcf, 0x57, 0xcd, 0xa2, 0x5a, 0xd0, 0xb1, 0xb8, 0xdd, 0xf1, 0x2f, 0x6e, 0x5f, 0xcd, 0x50, 0x30 }, - .sk_len = 32, - .pk = - (const unsigned char[]){ 0x36, 0xce, 0xe3, 0x98, 0x09, 0xe1, 0x72, 0xca, 0xcd, 0x26, 0x79, 0xa9, 0xbf, 0xc4, 0xda, 0xd9, - 0x65, 0x4a, 0x53, 0x23, 0xf4, 0x02, 0x75, 0x7c, 0xe2, 0xc6, 0x4a, 0x7c, 0x1c, 0xd2, 0xf6, 0x4d }, - .pk_len = 32, - .sum = NULL }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - { .ecp_group_id = MBEDTLS_ECP_DP_CURVE448, - .sk = (const unsigned char[]){ 0xf5, 0x73, 0x0e, 0x50, 0xb2, 0xd3, 0x3b, 0x01, 0x28, 0x29, 0xa0, 0xa1, 0x43, 0x92, - 0x2f, 0x05, 0x40, 0xc3, 0x5f, 0xcf, 0xc1, 0x53, 0x49, 0xc2, 0x0c, 0xf4, 0x49, 0x99, - 0xdb, 0xb9, 0x64, 0x10, 0x25, 0x18, 0x82, 0x24, 0x2c, 0xdf, 0x25, 0xb6, 0xac, 0xb1, - 0xe6, 0x11, 0x26, 0xa9, 0x96, 0x16, 0x16, 0x6c, 0x7b, 0xdd, 0x7c, 0x55, 0x5f, 0xf0 }, - .sk_len = 56, - .pk = (const unsigned char[]){ 0x4f, 0xf4, 0xd0, 0x42, 0x1a, 0xa6, 0xfc, 0x2d, 0xba, 0x7b, 0x45, 0x9e, 0xed, 0xd0, - 0xf1, 0x8c, 0xec, 0xeb, 0xae, 0x29, 0x27, 0x9f, 0xc7, 0xe8, 0x8a, 0xc7, 0xeb, 0x3c, - 0x18, 0xb8, 0x7f, 0x66, 0x2f, 0x8b, 0x0d, 0x68, 0xe8, 0x2e, 0x60, 0x91, 0x27, 0xa2, - 0x8c, 0x91, 0x2c, 0xf4, 0xa1, 0x58, 0x74, 0xc9, 0x40, 0xfe, 0x50, 0x06, 0x1b, 0xe7 }, - .pk_len = 56, - .sum = NULL }, -#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ -}; - -/**************************************************************** - * Dummy variable to skip mbedtls_ecp_self_test sw functionality - ****************************************************************/ -const int __ecp_alt_b91_skip_internal_self_tests = 1; - -/**************************************************************** - * Public functions declaration - ****************************************************************/ - -int ecp_alt_b91_backend_test(int verbose) -{ - int result = 0; - if (verbose) - mbedtls_printf("test started\n"); - - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - if ((result = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0)) == 0) - { - - for (size_t i = 0; result == 0 && i < sizeof(ecp_test_cases) / sizeof(ecp_test_cases[0]); i++) - { - - const mbedtls_ecp_curve_info * ecp_curve_info = mbedtls_ecp_curve_info_from_grp_id(ecp_test_cases[i].ecp_group_id); - if (verbose) - mbedtls_printf("\tcurve: %s\n", ecp_curve_info->name); - - mbedtls_ecp_group ecp_group; - mbedtls_mpi sk; - mbedtls_ecp_point pk; - mbedtls_ecp_point pk_ref; - mbedtls_ecp_point sum; - mbedtls_ecp_point sum_ref; - - mbedtls_ecp_group_init(&ecp_group); - mbedtls_mpi_init(&sk); - mbedtls_ecp_point_init(&pk); - mbedtls_ecp_point_init(&pk_ref); - mbedtls_ecp_point_init(&sum); - mbedtls_ecp_point_init(&sum_ref); - - do - { - if ((result = mbedtls_ecp_group_load(&ecp_group, ecp_test_cases[i].ecp_group_id)) != 0) - { - if (verbose) - mbedtls_printf("mbedtls_ecp_group_load failed\n"); - break; - } - - if ((result = mbedtls_mpi_read_binary(&sk, ecp_test_cases[i].sk, ecp_test_cases[i].sk_len)) != 0) - { - if (verbose) - mbedtls_printf("mbedtls_mpi_read_binary (secret key) failed\n"); - break; - } - - if ((result = mbedtls_ecp_check_privkey(&ecp_group, &sk)) != 0) - { - if (verbose) - mbedtls_printf("mbedtls_ecp_check_privkey failed\n"); - break; - } - - if ((result = mbedtls_ecp_mul(&ecp_group, &pk, &sk, &ecp_group.G, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) - { - if (verbose) - mbedtls_printf("mbedtls_ecp_mul failed\n"); - break; - } - - if ((result = mbedtls_ecp_point_read_binary(&ecp_group, &pk_ref, ecp_test_cases[i].pk, ecp_test_cases[i].pk_len)) != - 0) - { - if (verbose) - mbedtls_printf("mbedtls_ecp_point_read_binary (reference public key) failed\n"); - break; - } - - if ((result = mbedtls_ecp_point_cmp(&pk, &pk_ref)) != 0) - { - if (verbose) - { - mbedtls_printf("mbedtls_ecp_point_cmp (public key) failed\n"); - mbedtls_printbuf("sk :", ecp_test_cases[i].sk, ecp_test_cases[i].sk_len); - mbedtls_printbuf("pk ref:", ecp_test_cases[i].pk, ecp_test_cases[i].pk_len); - unsigned char buf[ecp_test_cases[i].pk_len]; - size_t buf_len; - if (mbedtls_ecp_point_write_binary(&ecp_group, &pk, MBEDTLS_ECP_PF_UNCOMPRESSED, &buf_len, buf, - sizeof(buf)) == 0) - mbedtls_printbuf("pk :", buf, buf_len); - } - break; - } - - if ((result = mbedtls_ecp_check_pubkey(&ecp_group, &pk)) != 0) - { - if (verbose) - mbedtls_printf("mbedtls_ecp_check_pubkey failed\n"); - break; - } - - if (mbedtls_ecp_get_type(&ecp_group) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) - continue; - - if ((result = mbedtls_ecp_muladd(&ecp_group, &sum, &sk, &ecp_group.G, &sk, &pk)) != 0) - { - if (verbose) - mbedtls_printf("mbedtls_ecp_muladd failed\n"); - break; - } - - if ((result = - mbedtls_ecp_point_read_binary(&ecp_group, &sum_ref, ecp_test_cases[i].sum, ecp_test_cases[i].pk_len)) != 0) - { - if (verbose) - mbedtls_printf("mbedtls_ecp_point_read_binary (reference sum) failed\n"); - break; - } - - if ((result = mbedtls_ecp_point_cmp(&sum, &sum_ref)) != 0) - { - if (verbose) - { - mbedtls_printf("mbedtls_ecp_point_cmp (sum) failed\n"); - mbedtls_printbuf("sk :", ecp_test_cases[i].sk, ecp_test_cases[i].sk_len); - mbedtls_printbuf("pk ref :", ecp_test_cases[i].pk, ecp_test_cases[i].pk_len); - mbedtls_printbuf("sum ref:", ecp_test_cases[i].pk, ecp_test_cases[i].pk_len); - unsigned char buf[ecp_test_cases[i].pk_len]; - size_t buf_len; - if (mbedtls_ecp_point_write_binary(&ecp_group, &sum, MBEDTLS_ECP_PF_UNCOMPRESSED, &buf_len, buf, - sizeof(buf)) == 0) - mbedtls_printbuf("sum :", buf, buf_len); - } - break; - } - - } while (0); - - mbedtls_ecp_point_free(&sum_ref); - mbedtls_ecp_point_free(&sum); - mbedtls_ecp_point_free(&pk_ref); - mbedtls_ecp_point_free(&pk); - mbedtls_mpi_free(&sk); - mbedtls_ecp_group_free(&ecp_group); - } - } - else /* mbedtls_ctr_drbg_seed failed */ - { - if (verbose) - mbedtls_printf("random failed\n"); - } - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - if (verbose) - { - if (result == 0) - mbedtls_printf("test successfully finished\n"); - else - { - char buf[512]; - mbedtls_strerror(result, buf, sizeof(buf)); - mbedtls_printf("test failed: %s\n", buf); - } - } - return result; -} - -#pragma GCC diagnostic pop - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_ECP_ALT */ - -#endif /* MBEDTLS_ECP_C */ diff --git a/src/platform/telink/crypto/internal/entropy_poll_alt.c b/src/platform/telink/crypto/internal/entropy_poll_alt.c deleted file mode 100644 index 2de3d619b858ad..00000000000000 --- a/src/platform/telink/crypto/internal/entropy_poll_alt.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Hardware entropy - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "common.h" - -#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - -#include "multithread.h" -#include "trng.h" -#include - -int mbedtls_hardware_poll(void * data, unsigned char * output, size_t len, size_t * olen) -{ - (void) data; - - if (output != NULL && len != 0 && olen != NULL) - { - mbedtls_entropy_lock(); - *olen = 0; - extern unsigned int g_rnd_m_w; - while (len / sizeof(g_rnd_m_w) != 0) - { - trng_init(); - *((unsigned int *) output) = g_rnd_m_w; - output += sizeof(g_rnd_m_w); - len -= sizeof(g_rnd_m_w); - *olen += sizeof(g_rnd_m_w); - } - if (len != 0) - { - trng_init(); - memcpy(output, &g_rnd_m_w, len); - *olen += len; - } - mbedtls_entropy_unlock(); - } - return 0; -} - -#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ diff --git a/src/platform/telink/crypto/internal/multithread.c b/src/platform/telink/crypto/internal/multithread.c deleted file mode 100644 index 91f51047f80143..00000000000000 --- a/src/platform/telink/crypto/internal/multithread.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Multithread support for mbedTLS HW unit - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "multithread.h" -#include "common.h" - -/**************************************************************** - * If RTOS is used and cryptography stuffs are used - * from more than one thread implement exclusive access - * for HW crypto units depending on used operation system. - * See documentation for your RTOS. - ****************************************************************/ - -#include - -K_MUTEX_DEFINE(mbedtls_entropy_mutex); -K_MUTEX_DEFINE(mbedtls_ecp_mutex); -K_MUTEX_DEFINE(mbedtls_aes_mutex); - -void mbedtls_entropy_lock(void) -{ - - if (k_mutex_lock(&mbedtls_entropy_mutex, K_FOREVER) != 0) - { - printk("mbedtls_entropy_lock fail\n"); - } -} - -void mbedtls_entropy_unlock(void) -{ - - if (k_mutex_unlock(&mbedtls_entropy_mutex) != 0) - { - printk("mbedtls_entropy_unlock fail\n"); - } -} - -void mbedtls_ecp_lock(void) -{ - - if (k_mutex_lock(&mbedtls_ecp_mutex, K_FOREVER) != 0) - { - printk("mbedtls_ecp_lock fail\n"); - } -} - -void mbedtls_ecp_unlock(void) -{ - - if (k_mutex_unlock(&mbedtls_ecp_mutex) != 0) - { - printk("mbedtls_ecp_unlock fail\n"); - } -} - -void mbedtls_aes_lock(void) -{ - - if (k_mutex_lock(&mbedtls_aes_mutex, K_FOREVER) != 0) - { - printk("mbedtls_aes_lock fail\n"); - } -} - -void mbedtls_aes_unlock(void) -{ - - if (k_mutex_unlock(&mbedtls_aes_mutex) != 0) - { - printk("mbedtls_aes_unlock fail\n"); - } -} diff --git a/src/platform/telink/crypto/internal/multithread.h b/src/platform/telink/crypto/internal/multithread.h deleted file mode 100644 index 5588b7adcf8f92..00000000000000 --- a/src/platform/telink/crypto/internal/multithread.h +++ /dev/null @@ -1,41 +0,0 @@ -/** - * \file multithread.h - * - * \brief Utility macros for internal use in the library - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_TEST_UTILS_H -#define MBEDTLS_TEST_UTILS_H - -#ifdef __cplusplus -extern "C" { -#endif - -void mbedtls_entropy_lock(void); -void mbedtls_entropy_unlock(void); -void mbedtls_ecp_lock(void); -void mbedtls_ecp_unlock(void); -void mbedtls_aes_lock(void); -void mbedtls_aes_unlock(void); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/platform/telink/crypto/internal/test_utils.c b/src/platform/telink/crypto/internal/test_utils.c deleted file mode 100644 index 0fcdabf4f70563..00000000000000 --- a/src/platform/telink/crypto/internal/test_utils.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Test utilites - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "test_utils.h" -#include "common.h" -#include "mbedtls/platform.h" - -void mbedtls_printbuf(const char * comment, const void * buf, size_t len) -{ - mbedtls_printf("%s [%u]:", comment, (unsigned int) len); - for (size_t i = 0; i < len; i++) - { - mbedtls_printf(" %02x", ((unsigned char *) buf)[i]); - } - mbedtls_printf("\n"); -} - -void mbedtls_printbuf_c(const char * comment, const void * buf, size_t len) -{ - - mbedtls_printf("%s [%u]: ", comment, (unsigned int) len); - for (size_t i = 0; len && i < len - 1; i++) - { - mbedtls_printf("0x%02x, ", ((unsigned char *) buf)[i]); - } - if (len) - { - mbedtls_printf("0x%02x\n", ((unsigned char *) buf)[len - 1]); - } - else - { - mbedtls_printf("\n"); - } -} diff --git a/src/platform/telink/crypto/internal/test_utils.h b/src/platform/telink/crypto/internal/test_utils.h deleted file mode 100644 index 422986ee5382f6..00000000000000 --- a/src/platform/telink/crypto/internal/test_utils.h +++ /dev/null @@ -1,39 +0,0 @@ -/** - * \file test_utils.h - * - * \brief Utility macros for internal use in the library - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef MBEDTLS_TEST_UTILS_H -#define MBEDTLS_TEST_UTILS_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -void mbedtls_printbuf(const char * comment, const void * buf, size_t len); -void mbedtls_printbuf_c(const char * comment, const void * buf, size_t len); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/platform/telink/crypto/telink-mbedtls-config.h b/src/platform/telink/crypto/telink-mbedtls-config.h deleted file mode 100644 index 7ed6f7a973ea77..00000000000000 --- a/src/platform/telink/crypto/telink-mbedtls-config.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * - * Copyright (c) 2021 Project CHIP Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file - * Platform-specific configuration for mbedtls * - */ - -#include - -#pragma once - -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf - -#define MBEDTLS_CIPHER_MODE_CTR -#define MBEDTLS_SHA512_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_SHA1_C -#define MBEDTLS_HKDF_C -#define MBEDTLS_CHACHAPOLY_C -#define MBEDTLS_POLY1305_C -#define MBEDTLS_CHACHA20_C -#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_AES_C -#define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_CMAC_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ECJPAKE_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#define MBEDTLS_MD_C -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -#define MBEDTLS_NO_PLATFORM_ENTROPY -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PKCS5_C -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA256_SMALLER -#define MBEDTLS_SSL_CLI_C -#define MBEDTLS_SSL_DTLS_ANTI_REPLAY -#define MBEDTLS_SSL_DTLS_HELLO_VERIFY -#define MBEDTLS_SSL_EXPORT_KEYS -#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 -#define MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_TLS_C -#define MBEDTLS_SSL_COOKIE_C -#define MBEDTLS_SSL_SRV_C -#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#define MBEDTLS_BASE64_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_X509_USE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CREATE_C -#define MBEDTLS_X509_CSR_WRITE_C -#define MBEDTLS_ECDSA_DETERMINISTIC - -#if OPENTHREAD_CONFIG_ECDSA_ENABLE -#define MBEDTLS_BASE64_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#endif - -#define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ -#define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ -#define MBEDTLS_ECP_MAX_BITS 256 /**< Maximum bit size of groups */ -#define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 1 /**< Maximum number of sources supported */ - -#if OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE -#define MBEDTLS_PLATFORM_STD_CALLOC otPlatCAlloc /**< Default allocator to use, can be undefined */ -#define MBEDTLS_PLATFORM_STD_FREE otPlatFree /**< Default free to use, can be undefined */ -#else -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#endif - -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 -#define MBEDTLS_DEBUG_C - -#define MBEDTLS_ECP_ALT -#define MBEDTLS_AES_ALT diff --git a/src/platform/telink/telink-mbedtls-config.h b/src/platform/telink/telink-mbedtls-config.h new file mode 100644 index 00000000000000..0a37b4a632e274 --- /dev/null +++ b/src/platform/telink/telink-mbedtls-config.h @@ -0,0 +1,34 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file + * Telink mbedtls configuration file. + * + */ + +#ifndef MBEDTLS_TSLR9_CONF_H +#define MBEDTLS_TSLR9_CONF_H + +#define MBEDTLS_HKDF_C +#define MBEDTLS_X509_CREATE_C +#define MBEDTLS_X509_CSR_WRITE_C + +#define MBEDTLS_AES_ALT +#define MBEDTLS_ECP_ALT + +#endif /* MBEDTLS_TSLR9_CONF_H */ From ff1338898481507146e2e225664bb2cf6b2e8110 Mon Sep 17 00:00:00 2001 From: Alex Tsitsiura Date: Fri, 4 Nov 2022 14:07:17 +0200 Subject: [PATCH 2/9] [Telink] add BLE PostEvent and fast/slow adv (#23116) (#23465) --- src/platform/telink/BLEManagerImpl.cpp | 186 ++++++++++++++++++++----- src/platform/telink/BLEManagerImpl.h | 4 +- 2 files changed, 154 insertions(+), 36 deletions(-) diff --git a/src/platform/telink/BLEManagerImpl.cpp b/src/platform/telink/BLEManagerImpl.cpp index d8f838142b245e..5f7fc1c09c77c4 100644 --- a/src/platform/telink/BLEManagerImpl.cpp +++ b/src/platform/telink/BLEManagerImpl.cpp @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -167,28 +167,72 @@ K_THREAD_DEFINE(chipBleThread, CHIP_BLE_THREAD_STACK_SIZE, BLEManagerImpl::BleEn CHIP_ERROR BLEManagerImpl::_Init() { - CHIP_ERROR err = CHIP_NO_ERROR; - ThreadConnectivityReady = false; - /* Initialize the CHIP BleLayer. */ - err = BleLayer::Init(this, this, &DeviceLayer::SystemLayer()); - SuccessOrExit(err); - - /* Set number of connections to zero */ - mNumConnections = 0; + mServiceMode = ConnectivityManager::kCHIPoBLEServiceMode_Enabled; + mFlags.ClearAll().Set(Flags::kAdvertisingEnabled, CHIP_DEVICE_CONFIG_CHIPOBLE_ENABLE_ADVERTISING_AUTOSTART); + mFlags.Set(Flags::kFastAdvertisingEnabled, true); + mGAPConns = 0; - /* Unsubscribe all connections */ memset(mSubscribedConns, 0, sizeof(mSubscribedConns)); - /* Enable CHIP over BLE service */ - mServiceMode = ConnectivityManager::kCHIPoBLEServiceMode_Enabled; + // Initialize the CHIP BleLayer. + ReturnErrorOnFailure(BleLayer::Init(this, this, &DeviceLayer::SystemLayer())); - /* Suspend BLE Task */ + // Suspend BLE Task k_thread_suspend(chipBleThread); + return CHIP_NO_ERROR; +} + +void BLEManagerImpl::DriveBLEState(intptr_t arg) +{ + BLEMgrImpl().DriveBLEState(); +} + +void BLEManagerImpl::DriveBLEState() +{ + CHIP_ERROR err = CHIP_NO_ERROR; + + // Perform any initialization actions that must occur after the CHIP task is running. + if (!mFlags.Has(Flags::kAsyncInitCompleted)) + { + mFlags.Set(Flags::kAsyncInitCompleted); + } + + // If the application has enabled CHIPoBLE and BLE advertising... + if (mServiceMode == ConnectivityManager::kCHIPoBLEServiceMode_Enabled && + mFlags.Has(Flags::kAdvertisingEnabled) +#if CHIP_DEVICE_CONFIG_CHIPOBLE_SINGLE_CONNECTION + // and no connections are active... + && (NumConnections() == 0) +#endif + ) + { + // Start/re-start advertising if not already advertising, or if the + // advertising state needs to be refreshed. + if (!mFlags.Has(Flags::kAdvertising) || mFlags.Has(Flags::kAdvertisingRefreshNeeded)) + { + mFlags.Clear(Flags::kAdvertisingRefreshNeeded); + err = StartAdvertising(); + SuccessOrExit(err); + } + } + else + { + if (mFlags.Has(Flags::kAdvertising)) + { + err = StopAdvertising(); + SuccessOrExit(err); + } + } + exit: - return err; + if (err != CHIP_NO_ERROR) + { + ChipLogError(DeviceLayer, "Disabling CHIPoBLE service due to error: %" CHIP_ERROR_FORMAT, err.Format()); + mServiceMode = ConnectivityManager::kCHIPoBLEServiceMode_Disabled; + } } int BLEManagerImpl::RxWriteCallback(uint16_t connHandle, void * p) @@ -543,13 +587,15 @@ CHIP_ERROR BLEManagerImpl::_SetAdvertisingEnabled(bool val) { CHIP_ERROR err = CHIP_NO_ERROR; - if (val) - { - err = StartAdvertising(); - } - else + VerifyOrReturnError(mServiceMode != ConnectivityManager::kCHIPoBLEServiceMode_NotSupported, + CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE); + + if (mFlags.Has(Flags::kAdvertisingEnabled) != val) { - err = StopAdvertising(); + ChipLogDetail(DeviceLayer, "CHIPoBLE advertising set to %s", val ? "on" : "off"); + + mFlags.Set(Flags::kAdvertisingEnabled, val); + PlatformMgr().ScheduleWork(DriveBLEState, 0); } return err; @@ -616,7 +662,29 @@ CHIP_ERROR BLEManagerImpl::StartAdvertising(void) return CHIP_ERROR_INCORRECT_STATE; } - mFlags.Set(Flags::kAdvertising); + // Transition to the Advertising state... + if (!mFlags.Has(Flags::kAdvertising)) + { + ChipLogProgress(DeviceLayer, "CHIPoBLE advertising started"); + + mFlags.Set(Flags::kAdvertising); + + // Post a CHIPoBLEAdvertisingChange(Started) event. + { + ChipDeviceEvent advChange; + advChange.Type = DeviceEventType::kCHIPoBLEAdvertisingChange; + advChange.CHIPoBLEAdvertisingChange.Result = kActivity_Started; + ReturnErrorOnFailure(PlatformMgr().PostEvent(&advChange)); + } + + if (mFlags.Has(Flags::kFastAdvertisingEnabled)) + { + // Start timer to change advertising interval. + DeviceLayer::SystemLayer().StartTimer( + System::Clock::Milliseconds32(CHIP_DEVICE_CONFIG_BLE_ADVERTISING_INTERVAL_CHANGE_TIME), + HandleBLEAdvertisementIntervalChange, this); + } + } /* Start BLE Task */ k_thread_resume(chipBleThread); @@ -632,7 +700,7 @@ CHIP_ERROR BLEManagerImpl::StopAdvertising(void) { ChipLogProgress(DeviceLayer, "Thread provisioned. Advertisement already stopped at this stage"); - return CHIP_NO_ERROR; + return CHIP_ERROR_INCORRECT_STATE; } /* Disable advertisement */ @@ -644,14 +712,44 @@ CHIP_ERROR BLEManagerImpl::StopAdvertising(void) return CHIP_ERROR_INCORRECT_STATE; } - mFlags.Clear(Flags::kAdvertising); + // Transition to the not Advertising state... + if (mFlags.Has(Flags::kAdvertising)) + { + mFlags.Clear(Flags::kAdvertising); + mFlags.Set(Flags::kFastAdvertisingEnabled, true); + + ChipLogProgress(DeviceLayer, "CHIPoBLE advertising stopped"); + + // Post a CHIPoBLEAdvertisingChange(Stopped) event. + { + ChipDeviceEvent advChange; + advChange.Type = DeviceEventType::kCHIPoBLEAdvertisingChange; + advChange.CHIPoBLEAdvertisingChange.Result = kActivity_Stopped; + ReturnErrorOnFailure(PlatformMgr().PostEvent(&advChange)); + } + + // Cancel timer event changing CHIPoBLE advertisement interval + DeviceLayer::SystemLayer().CancelTimer(HandleBLEAdvertisementIntervalChange, this); + } return CHIP_NO_ERROR; } -/// @todo: implementation CHIP_ERROR BLEManagerImpl::_SetAdvertisingMode(BLEAdvertisingMode mode) { + switch (mode) + { + case BLEAdvertisingMode::kFastAdvertising: + mFlags.Set(Flags::kFastAdvertisingEnabled, true); + break; + case BLEAdvertisingMode::kSlowAdvertising: + mFlags.Set(Flags::kFastAdvertisingEnabled, false); + break; + default: + return CHIP_ERROR_INVALID_ARGUMENT; + } + mFlags.Set(Flags::kAdvertisingRefreshNeeded); + PlatformMgr().ScheduleWork(DriveBLEState, 0); return CHIP_NO_ERROR; } @@ -698,6 +796,12 @@ CHIP_ERROR BLEManagerImpl::_SetDeviceName(const char * devName) return CHIP_NO_ERROR; } +void BLEManagerImpl::HandleBLEAdvertisementIntervalChange(System::Layer * layer, void * param) +{ + BLEMgr().SetAdvertisingMode(BLEAdvertisingMode::kSlowAdvertising); + ChipLogProgress(DeviceLayer, "CHIPoBLE advertising mode changed to slow"); +} + void BLEManagerImpl::_OnPlatformEvent(const ChipDeviceEvent * event) { CHIP_ERROR err = CHIP_NO_ERROR; @@ -747,6 +851,8 @@ void BLEManagerImpl::_OnPlatformEvent(const ChipDeviceEvent * event) if (err != CHIP_NO_ERROR) { ChipLogError(DeviceLayer, "Fail to handle 0x%04x event. Error: %s", event->Type, ErrorStr(err)); + mServiceMode = ConnectivityManager::kCHIPoBLEServiceMode_Disabled; + PlatformMgr().ScheduleWork(DriveBLEState, 0); } } @@ -822,7 +928,7 @@ void BLEManagerImpl::SwitchToIeee802154(void) ChipLogProgress(DeviceLayer, "BLEManagerImpl::Switch to IEEE802154"); /* Stop BLE */ - StopAdvertising(); + _SetAdvertisingEnabled(false); /* Stop BLE task */ k_thread_suspend(chipBleThread); @@ -845,7 +951,7 @@ void BLEManagerImpl::NotifyChipConnectionClosed(BLE_CONNECTION_OBJECT conId) {} uint16_t BLEManagerImpl::_NumConnections(void) { - return mNumConnections; + return mGAPConns; } /// @todo implement multicinnection subscription @@ -876,36 +982,41 @@ CHIP_ERROR BLEManagerImpl::HandleGAPConnect(const ChipDeviceEvent * event) { const BleConnEventType * connEvent = &event->Platform.BleConnEvent; - /* Increase number of connections */ - mNumConnections++; - ChipLogProgress(DeviceLayer, "BLE connection established (ConnId: 0x%02x)", connEvent->connHandle); + mGAPConns++; ChipLogProgress(DeviceLayer, "Current number of connections: %u/%u", NumConnections(), kMaxConnections); + mFlags.Set(Flags::kAdvertisingRefreshNeeded); + PlatformMgr().ScheduleWork(DriveBLEState, 0); + return CHIP_NO_ERROR; } CHIP_ERROR BLEManagerImpl::HandleGAPDisconnect(const ChipDeviceEvent * event) { const BleConnEventType * connEvent = &event->Platform.BleConnEvent; - ChipDeviceEvent disconnectEvent; - - /* Decrease number of connections */ - mNumConnections--; ChipLogProgress(DeviceLayer, "BLE GAP connection terminated (reason 0x%02x)", connEvent->HciResult); + + mGAPConns--; + ChipLogProgress(DeviceLayer, "Current number of connections: %u/%u", NumConnections(), kMaxConnections); - /* Unsubscribe */ + // Unsubscribe if (UnsetSubscribed(connEvent->connHandle)) { HandleUnsubscribeReceived(connEvent->connHandle, &CHIP_BLE_SVC_ID, &chipUUID_CHIPoBLEChar_TX); } - /* Send Connection close event */ + ChipDeviceEvent disconnectEvent; disconnectEvent.Type = DeviceEventType::kCHIPoBLEConnectionClosed; ReturnErrorOnFailure(PlatformMgr().PostEvent(&disconnectEvent)); + // Force a reconfiguration of advertising in case we switched to non-connectable mode when + // the BLE connection was established. + mFlags.Set(Flags::kAdvertisingRefreshNeeded); + PlatformMgr().ScheduleWork(DriveBLEState, 0); + return CHIP_NO_ERROR; } @@ -926,6 +1037,11 @@ CHIP_ERROR BLEManagerImpl::HandleDisconnectRequest(const ChipDeviceEvent * event return CHIP_ERROR_INCORRECT_STATE; } + // Force a reconfiguration of advertising in case we switched to non-connectable mode when + // the BLE connection was established. + mFlags.Set(Flags::kAdvertisingRefreshNeeded); + PlatformMgr().ScheduleWork(DriveBLEState, 0); + return CHIP_NO_ERROR; } diff --git a/src/platform/telink/BLEManagerImpl.h b/src/platform/telink/BLEManagerImpl.h index 86aae895197582..d1b79718b347b7 100644 --- a/src/platform/telink/BLEManagerImpl.h +++ b/src/platform/telink/BLEManagerImpl.h @@ -107,7 +107,7 @@ class BLEManagerImpl final : public BLEManager, private BleLayer, private BlePla CHIPoBLEServiceMode mServiceMode; BitFlags mFlags; char mDeviceName[kMaxDeviceNameLength + 1]; - uint16_t mNumConnections; + uint16_t mGAPConns; bool mSubscribedConns[kMaxConnections]; uint8_t mAdvDataBuf[kMaxAdvertisementDataSetSize]; uint8_t mScanRespDataBuf[kMaxAdvertisementDataSetSize]; @@ -144,6 +144,8 @@ class BLEManagerImpl final : public BLEManager, private BleLayer, private BlePla /* Callbacks from BLE stack*/ static void DriveBLEState(intptr_t arg); + static void HandleBLEAdvertisementIntervalChange(System::Layer * layer, void * param); + /* Handlers for stack events */ static void CancelBleAdvTimeoutTimer(void); static void StartBleAdvTimeoutTimer(uint32_t aTimeoutInMs); From fe40470f23d5776f3c393f75aad3dace61a9718a Mon Sep 17 00:00:00 2001 From: Alex Tsitsiura Date: Fri, 4 Nov 2022 14:08:02 +0200 Subject: [PATCH 3/9] [Telink] use src/app/chip_data_model.cmake for data model inclusions (#23255) (#23466) Co-authored-by: Andrei Litvin Co-authored-by: Andrei Litvin --- .../light-switch-app/telink/CMakeLists.txt | 59 ++--------------- examples/lighting-app/telink/CMakeLists.txt | 65 +++---------------- .../ota-requestor-app/telink/CMakeLists.txt | 60 ++--------------- 3 files changed, 23 insertions(+), 161 deletions(-) diff --git a/examples/light-switch-app/telink/CMakeLists.txt b/examples/light-switch-app/telink/CMakeLists.txt index 36a2970bc76371..f47a79987c50b2 100755 --- a/examples/light-switch-app/telink/CMakeLists.txt +++ b/examples/light-switch-app/telink/CMakeLists.txt @@ -31,6 +31,7 @@ find_package(Zephyr HINTS $ENV{ZEPHYR_BASE}) project(chip-telink-light-switch-example) include(${CHIP_ROOT}/config/telink/app/enable-gnu-std.cmake) +include(${CHIP_ROOT}/src/app/chip_data_model.cmake) target_compile_options(app PRIVATE -fpermissive) @@ -46,7 +47,6 @@ add_definitions( "-DCHIP_ADDRESS_RESOLVE_IMPL_INCLUDE_HEADER=" ) -# TODO - re-use chip_data_model.cmake to add cluster implementations. target_sources(app PRIVATE src/AppTask.cpp src/main.cpp @@ -56,57 +56,12 @@ target_sources(app PRIVATE ${GEN_DIR}/light-switch-app/zap-generated/IMClusterCommandHandler.cpp ${TELINK_COMMON}/util/src/LEDWidget.cpp ${TELINK_COMMON}/util/src/ButtonManager.cpp - ${TELINK_COMMON}/util/src/ThreadUtil.cpp - ${CHIP_ROOT}/zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp - ${CHIP_ROOT}/zzz_generated/app-common/app-common/zap-generated/cluster-objects.cpp - ${CHIP_ROOT}/src/app/util/DataModelHandler.cpp - ${CHIP_ROOT}/src/app/util/af-event.cpp - ${CHIP_ROOT}/src/app/util/attribute-size-util.cpp - ${CHIP_ROOT}/src/app/util/attribute-storage.cpp - ${CHIP_ROOT}/src/app/util/attribute-table.cpp - ${CHIP_ROOT}/src/app/util/binding-table.cpp - ${CHIP_ROOT}/src/app/util/ember-compatibility-functions.cpp - ${CHIP_ROOT}/src/app/util/ember-print.cpp - ${CHIP_ROOT}/src/app/util/error-mapping.cpp - ${CHIP_ROOT}/src/app/util/message.cpp - ${CHIP_ROOT}/src/app/util/privilege-storage.cpp - ${CHIP_ROOT}/src/app/util/util.cpp - ${CHIP_ROOT}/src/app/server/EchoHandler.cpp - ${CHIP_ROOT}/src/app/server/Dnssd.cpp - ${CHIP_ROOT}/src/app/server/OnboardingCodesUtil.cpp - ${CHIP_ROOT}/src/app/server/Server.cpp - ${CHIP_ROOT}/src/app/server/CommissioningWindowManager.cpp - ${CHIP_ROOT}/src/app/clusters/access-control-server/access-control-server.cpp - ${CHIP_ROOT}/src/app/clusters/administrator-commissioning-server/administrator-commissioning-server.cpp - ${CHIP_ROOT}/src/app/clusters/basic/basic.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/BindingManager.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/bindings.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/PendingNotificationMap.cpp - ${CHIP_ROOT}/src/app/clusters/descriptor/descriptor.cpp - ${CHIP_ROOT}/src/app/clusters/identify-server/identify-server.cpp - ${CHIP_ROOT}/src/app/clusters/diagnostic-logs-server/diagnostic-logs-server.cpp - ${CHIP_ROOT}/src/app/clusters/ethernet-network-diagnostics-server/ethernet-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/localization-configuration-server/localization-configuration-server.cpp - ${CHIP_ROOT}/src/app/clusters/time-format-localization-server/time-format-localization-server.cpp - ${CHIP_ROOT}/src/app/clusters/fixed-label-server/fixed-label-server.cpp - ${CHIP_ROOT}/src/app/clusters/user-label-server/user-label-server.cpp - ${CHIP_ROOT}/src/app/clusters/thread-network-diagnostics-server/thread-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/wifi-network-diagnostics-server/wifi-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/software-diagnostics-server/software-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/switch-server/switch-server.cpp - ${CHIP_ROOT}/src/app/clusters/general-diagnostics-server/general-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/group-key-mgmt-server/group-key-mgmt-server.cpp - ${CHIP_ROOT}/src/app/clusters/general-commissioning-server/general-commissioning-server.cpp - ${CHIP_ROOT}/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp - ${CHIP_ROOT}/src/app/clusters/occupancy-sensor-server/occupancy-sensor-server.cpp - ${CHIP_ROOT}/src/app/clusters/network-commissioning/network-commissioning.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/ota-requestor-server.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/BDXDownloader.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestor.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestorDriver.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestorStorage.cpp - ${CHIP_ROOT}/src/app/clusters/groups-server/groups-server.cpp - ) + ${TELINK_COMMON}/util/src/ThreadUtil.cpp) + +chip_configure_data_model(app + INCLUDE_SERVER + ZAP_FILE ${CMAKE_CURRENT_SOURCE_DIR}/../light-switch-common/light-switch-app.zap +) if(CONFIG_CHIP_OTA_REQUESTOR) target_sources(app PRIVATE ${TELINK_COMMON}/util/src/OTAUtil.cpp) diff --git a/examples/lighting-app/telink/CMakeLists.txt b/examples/lighting-app/telink/CMakeLists.txt index bad40aedef8a8e..e1e5c38f48d9ea 100644 --- a/examples/lighting-app/telink/CMakeLists.txt +++ b/examples/lighting-app/telink/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2021 Project CHIP Authors +# Copyright (c) 2022 Project CHIP Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,6 +31,7 @@ find_package(Zephyr HINTS $ENV{ZEPHYR_BASE}) project(chip-telink-lighting-example) include(${CHIP_ROOT}/config/telink/app/enable-gnu-std.cmake) +include(${CHIP_ROOT}/src/app/chip_data_model.cmake) target_compile_options(app PRIVATE -fpermissive) @@ -46,7 +47,6 @@ add_definitions( "-DCHIP_ADDRESS_RESOLVE_IMPL_INCLUDE_HEADER=" ) -# TODO - re-use chip_data_model.cmake to add cluster implementations. target_sources(app PRIVATE src/AppTask.cpp src/LightingManager.cpp @@ -56,60 +56,13 @@ target_sources(app PRIVATE ${GEN_DIR}/lighting-app/zap-generated/IMClusterCommandHandler.cpp ${TELINK_COMMON}/util/src/LEDWidget.cpp ${TELINK_COMMON}/util/src/ButtonManager.cpp - ${TELINK_COMMON}/util/src/ThreadUtil.cpp - ${CHIP_ROOT}/zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp - ${CHIP_ROOT}/zzz_generated/app-common/app-common/zap-generated/cluster-objects.cpp - ${CHIP_ROOT}/src/app/util/DataModelHandler.cpp - ${CHIP_ROOT}/src/app/util/af-event.cpp - ${CHIP_ROOT}/src/app/util/attribute-size-util.cpp - ${CHIP_ROOT}/src/app/util/attribute-storage.cpp - ${CHIP_ROOT}/src/app/util/attribute-table.cpp - ${CHIP_ROOT}/src/app/util/binding-table.cpp - ${CHIP_ROOT}/src/app/util/ember-compatibility-functions.cpp - ${CHIP_ROOT}/src/app/util/ember-print.cpp - ${CHIP_ROOT}/src/app/util/error-mapping.cpp - ${CHIP_ROOT}/src/app/util/message.cpp - ${CHIP_ROOT}/src/app/util/privilege-storage.cpp - ${CHIP_ROOT}/src/app/util/util.cpp - ${CHIP_ROOT}/src/app/server/EchoHandler.cpp - ${CHIP_ROOT}/src/app/server/Dnssd.cpp - ${CHIP_ROOT}/src/app/server/OnboardingCodesUtil.cpp - ${CHIP_ROOT}/src/app/server/Server.cpp - ${CHIP_ROOT}/src/app/server/CommissioningWindowManager.cpp - ${CHIP_ROOT}/src/app/clusters/access-control-server/access-control-server.cpp - ${CHIP_ROOT}/src/app/clusters/administrator-commissioning-server/administrator-commissioning-server.cpp - ${CHIP_ROOT}/src/app/clusters/basic/basic.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/BindingManager.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/bindings.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/PendingNotificationMap.cpp - ${CHIP_ROOT}/src/app/clusters/descriptor/descriptor.cpp - ${CHIP_ROOT}/src/app/clusters/identify-server/identify-server.cpp - ${CHIP_ROOT}/src/app/clusters/diagnostic-logs-server/diagnostic-logs-server.cpp - ${CHIP_ROOT}/src/app/clusters/ethernet-network-diagnostics-server/ethernet-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/localization-configuration-server/localization-configuration-server.cpp - ${CHIP_ROOT}/src/app/clusters/time-format-localization-server/time-format-localization-server.cpp - ${CHIP_ROOT}/src/app/clusters/fixed-label-server/fixed-label-server.cpp - ${CHIP_ROOT}/src/app/clusters/user-label-server/user-label-server.cpp - ${CHIP_ROOT}/src/app/clusters/thread-network-diagnostics-server/thread-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/wifi-network-diagnostics-server/wifi-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/software-diagnostics-server/software-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/switch-server/switch-server.cpp - ${CHIP_ROOT}/src/app/clusters/general-diagnostics-server/general-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/group-key-mgmt-server/group-key-mgmt-server.cpp - ${CHIP_ROOT}/src/app/clusters/general-commissioning-server/general-commissioning-server.cpp - ${CHIP_ROOT}/src/app/clusters/on-off-server/on-off-server.cpp - ${CHIP_ROOT}/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp - ${CHIP_ROOT}/src/app/clusters/level-control/level-control.cpp - ${CHIP_ROOT}/src/app/clusters/color-control-server/color-control-server.cpp - ${CHIP_ROOT}/src/app/clusters/occupancy-sensor-server/occupancy-sensor-server.cpp - ${CHIP_ROOT}/src/app/clusters/network-commissioning/network-commissioning.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/ota-requestor-server.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/BDXDownloader.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestor.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestorDriver.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestorStorage.cpp - ${CHIP_ROOT}/src/app/clusters/groups-server/groups-server.cpp - ) + ${TELINK_COMMON}/util/src/ThreadUtil.cpp) + +chip_configure_data_model(app + INCLUDE_SERVER + ZAP_FILE ${CMAKE_CURRENT_SOURCE_DIR}/../lighting-common/lighting-app.zap + GEN_DIR ${GEN_DIR}/lighting-app/zap-generated +) if(CONFIG_CHIP_OTA_REQUESTOR) target_sources(app PRIVATE ${TELINK_COMMON}/util/src/OTAUtil.cpp) diff --git a/examples/ota-requestor-app/telink/CMakeLists.txt b/examples/ota-requestor-app/telink/CMakeLists.txt index c602b75b7bffb7..6efbc5ec434465 100644 --- a/examples/ota-requestor-app/telink/CMakeLists.txt +++ b/examples/ota-requestor-app/telink/CMakeLists.txt @@ -31,6 +31,7 @@ find_package(Zephyr HINTS $ENV{ZEPHYR_BASE}) project(chip-telink-ota-requestor-example) include(${CHIP_ROOT}/config/telink/app/enable-gnu-std.cmake) +include(${CHIP_ROOT}/src/app/chip_data_model.cmake) target_compile_options(app PRIVATE -fpermissive) @@ -46,7 +47,6 @@ add_definitions( "-DCHIP_ADDRESS_RESOLVE_IMPL_INCLUDE_HEADER=" ) -# TODO - re-use chip_data_model.cmake to add cluster implementations. target_sources(app PRIVATE src/AppTask.cpp src/main.cpp @@ -55,58 +55,12 @@ target_sources(app PRIVATE ${GEN_DIR}/ota-requestor-app/zap-generated/IMClusterCommandHandler.cpp ${TELINK_COMMON}/util/src/LEDWidget.cpp ${TELINK_COMMON}/util/src/ButtonManager.cpp - ${TELINK_COMMON}/util/src/ThreadUtil.cpp - ${CHIP_ROOT}/zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp - ${CHIP_ROOT}/zzz_generated/app-common/app-common/zap-generated/cluster-objects.cpp - ${CHIP_ROOT}/src/app/util/DataModelHandler.cpp - ${CHIP_ROOT}/src/app/util/af-event.cpp - ${CHIP_ROOT}/src/app/util/attribute-size-util.cpp - ${CHIP_ROOT}/src/app/util/attribute-storage.cpp - ${CHIP_ROOT}/src/app/util/attribute-table.cpp - ${CHIP_ROOT}/src/app/util/binding-table.cpp - ${CHIP_ROOT}/src/app/util/ember-compatibility-functions.cpp - ${CHIP_ROOT}/src/app/util/ember-print.cpp - ${CHIP_ROOT}/src/app/util/error-mapping.cpp - ${CHIP_ROOT}/src/app/util/message.cpp - ${CHIP_ROOT}/src/app/util/privilege-storage.cpp - ${CHIP_ROOT}/src/app/util/util.cpp - ${CHIP_ROOT}/src/app/server/EchoHandler.cpp - ${CHIP_ROOT}/src/app/server/Dnssd.cpp - ${CHIP_ROOT}/src/app/server/OnboardingCodesUtil.cpp - ${CHIP_ROOT}/src/app/server/Server.cpp - ${CHIP_ROOT}/src/app/server/CommissioningWindowManager.cpp - ${CHIP_ROOT}/src/app/clusters/access-control-server/access-control-server.cpp - ${CHIP_ROOT}/src/app/clusters/administrator-commissioning-server/administrator-commissioning-server.cpp - ${CHIP_ROOT}/src/app/clusters/basic/basic.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/BindingManager.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/bindings.cpp - ${CHIP_ROOT}/src/app/clusters/bindings/PendingNotificationMap.cpp - ${CHIP_ROOT}/src/app/clusters/descriptor/descriptor.cpp - ${CHIP_ROOT}/src/app/clusters/identify-server/identify-server.cpp - ${CHIP_ROOT}/src/app/clusters/diagnostic-logs-server/diagnostic-logs-server.cpp - ${CHIP_ROOT}/src/app/clusters/ethernet-network-diagnostics-server/ethernet-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/localization-configuration-server/localization-configuration-server.cpp - ${CHIP_ROOT}/src/app/clusters/time-format-localization-server/time-format-localization-server.cpp - ${CHIP_ROOT}/src/app/clusters/fixed-label-server/fixed-label-server.cpp - ${CHIP_ROOT}/src/app/clusters/user-label-server/user-label-server.cpp - ${CHIP_ROOT}/src/app/clusters/thread-network-diagnostics-server/thread-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/wifi-network-diagnostics-server/wifi-network-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/software-diagnostics-server/software-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/switch-server/switch-server.cpp - ${CHIP_ROOT}/src/app/clusters/general-diagnostics-server/general-diagnostics-server.cpp - ${CHIP_ROOT}/src/app/clusters/group-key-mgmt-server/group-key-mgmt-server.cpp - ${CHIP_ROOT}/src/app/clusters/general-commissioning-server/general-commissioning-server.cpp - ${CHIP_ROOT}/src/app/clusters/on-off-server/on-off-server.cpp - ${CHIP_ROOT}/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp - ${CHIP_ROOT}/src/app/clusters/occupancy-sensor-server/occupancy-sensor-server.cpp - ${CHIP_ROOT}/src/app/clusters/network-commissioning/network-commissioning.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/ota-requestor-server.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/BDXDownloader.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestor.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestorDriver.cpp - ${CHIP_ROOT}/src/app/clusters/ota-requestor/DefaultOTARequestorStorage.cpp - ${CHIP_ROOT}/src/app/clusters/groups-server/groups-server.cpp - ) + ${TELINK_COMMON}/util/src/ThreadUtil.cpp) + +chip_configure_data_model(app + INCLUDE_SERVER + ZAP_FILE ${CMAKE_CURRENT_SOURCE_DIR}/../ota-requestor-common/ota-requestor-app.zap +) if(CONFIG_CHIP_OTA_REQUESTOR) target_sources(app PRIVATE ${TELINK_COMMON}/util/src/OTAUtil.cpp) From 98983451269fcabea12ab8f80667da6f70daf362 Mon Sep 17 00:00:00 2001 From: pankore <86098180+pankore@users.noreply.github.com> Date: Fri, 4 Nov 2022 21:39:41 +0800 Subject: [PATCH 4/9] use docker image 0.6.03 and change BLE notification to indication (#23494) --- .github/workflows/examples-ameba.yaml | 12 ++++++++++-- .../docker/images/chip-build-ameba/Dockerfile | 2 +- integrations/docker/images/chip-build/version | 2 +- src/platform/Ameba/BLEManagerImpl.cpp | 6 +++--- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.github/workflows/examples-ameba.yaml b/.github/workflows/examples-ameba.yaml index 15e193eb5be452..dfeaaeb8189e93 100644 --- a/.github/workflows/examples-ameba.yaml +++ b/.github/workflows/examples-ameba.yaml @@ -32,7 +32,7 @@ jobs: if: github.actor != 'restyled-io[bot]' container: - image: connectedhomeip/chip-build-ameba:0.5.99 + image: connectedhomeip/chip-build-ameba:0.6.03 options: --user root steps: @@ -47,4 +47,12 @@ jobs: - name: Checkout submodules run: scripts/checkout_submodules.py --shallow --platform ameba - name: Build example Ameba All Clusters App - run: scripts/run_in_build_env.sh "./scripts/build/build_examples.py --target-glob 'ameba-*' build" + run: | + ./scripts/run_in_build_env.sh \ + "./scripts/build/build_examples.py \ + --target ameba-amebad-all-clusters \ + --target ameba-amebad-all-clusters-minimal \ + --target ameba-amebad-light \ + --target ameba-amebad-pigweed \ + build \ + " diff --git a/integrations/docker/images/chip-build-ameba/Dockerfile b/integrations/docker/images/chip-build-ameba/Dockerfile index c8307ae64986f8..3d3b055e820887 100644 --- a/integrations/docker/images/chip-build-ameba/Dockerfile +++ b/integrations/docker/images/chip-build-ameba/Dockerfile @@ -3,7 +3,7 @@ FROM connectedhomeip/chip-build:${VERSION} # Setup Ameba ARG AMEBA_DIR=/opt/ameba -ARG TAG_NAME=ameba_update_2022_07_25 +ARG TAG_NAME=ameba_update_2022_10_03 RUN set -x \ && apt-get update \ && mkdir ${AMEBA_DIR} \ diff --git a/integrations/docker/images/chip-build/version b/integrations/docker/images/chip-build/version index 2c7460f1cae50b..b288fd5e8ac786 100644 --- a/integrations/docker/images/chip-build/version +++ b/integrations/docker/images/chip-build/version @@ -1 +1 @@ -0.5.99 Version bump reason: fix IMX SDK root in vscode dockerfile +0.6.03 Version bump reason: [Ameba] Replace C2 notify with indicate as required by Matter spec diff --git a/src/platform/Ameba/BLEManagerImpl.cpp b/src/platform/Ameba/BLEManagerImpl.cpp index 550be5f78352ad..35dd0a962051ed 100644 --- a/src/platform/Ameba/BLEManagerImpl.cpp +++ b/src/platform/Ameba/BLEManagerImpl.cpp @@ -567,8 +567,8 @@ bool BLEManagerImpl::SendIndication(BLE_CONNECTION_OBJECT conId, const ChipBleUU CHIP_ERROR err = CHIP_NO_ERROR; VerifyOrExit(IsSubscribed(conId), err = CHIP_ERROR_INVALID_ARGUMENT); - server_send_data(conId, bt_matter_adapter_service_id, BT_MATTER_ADAPTER_SERVICE_CHAR_NOTIFY_CCCD_INDEX - 1, data->Start(), - data->DataLength(), GATT_PDU_TYPE_NOTIFICATION); + server_send_data(conId, bt_matter_adapter_service_id, BT_MATTER_ADAPTER_SERVICE_CHAR_INDICATE_CCCD_INDEX - 1, data->Start(), + data->DataLength(), GATT_PDU_TYPE_INDICATION); exit: if (err != CHIP_NO_ERROR) @@ -922,7 +922,7 @@ CHIP_ERROR BLEManagerImpl::gatt_svr_chr_access(void * param, T_SERVER_ID service switch (pp_data->msg_data.notification_indification_index) { case SIMP_NOTIFY_INDICATE_V3_ENABLE: { - sInstance.HandleTXCharCCCDWrite(conn_id, 0, 1); + sInstance.HandleTXCharCCCDWrite(conn_id, 1, 0); } break; From 0b17bce8005fb155e78e243f31111cdaf2c92797 Mon Sep 17 00:00:00 2001 From: Alex Tsitsiura Date: Mon, 7 Nov 2022 09:43:39 +0200 Subject: [PATCH 5/9] [Telink] Add all clusters app & clusters minimal app (Cherry-pick #23383) (#23499) * [Telink] Add all clusters app & clusters minimal app (#23383) * [Telink] Add all-cluster-minimal-app & all-cluster-app * [Telink] update md files & set Teilink Light as FTD * [Telink] Restyled * [Telink] Add targets * [Telink] Fix pair cmd example * [Telink] restyled * [Telink] Add new apps for target linux * [Telink] Add note reg set up a valid Network Commissioning cluster; Remove ThreadStartButton from minimal app. * [Telink] Add targets --- .github/workflows/examples-telink.yaml | 33 +- .vscode/tasks.json | 2 + examples/all-clusters-app/telink/.gitignore | 1 + .../all-clusters-app/telink/CMakeLists.txt | 71 ++++ examples/all-clusters-app/telink/Readme.md | 159 ++++++++ .../telink/include/AppConfig.h | 34 ++ .../telink/include/AppEvent.h | 44 +++ .../all-clusters-app/telink/include/AppTask.h | 66 ++++ .../telink/include/CHIPProjectConfig.h | 48 +++ examples/all-clusters-app/telink/prj.conf | 54 +++ .../all-clusters-app/telink/src/AppTask.cpp | 357 ++++++++++++++++++ .../telink/src/ZclDoorLockCallbacks.cpp | 57 +++ examples/all-clusters-app/telink/src/main.cpp | 83 ++++ .../telink/third_party/connectedhomeip | 1 + .../telink/.gitignore | 1 + .../telink/CMakeLists.txt | 70 ++++ .../all-clusters-minimal-app/telink/Readme.md | 159 ++++++++ .../telink/include/AppConfig.h | 34 ++ .../telink/include/AppEvent.h | 44 +++ .../telink/include/AppTask.h | 64 ++++ .../telink/include/CHIPProjectConfig.h | 48 +++ .../all-clusters-minimal-app/telink/prj.conf | 54 +++ .../telink/src/AppTask.cpp | 288 ++++++++++++++ .../telink/src/main.cpp | 83 ++++ .../telink/third_party/connectedhomeip | 1 + examples/light-switch-app/telink/.gitignore | 1 + examples/light-switch-app/telink/Readme.md | 27 +- examples/lighting-app/telink/.gitignore | 1 + examples/lighting-app/telink/Readme.md | 25 +- examples/lighting-app/telink/prj.conf | 4 +- examples/ota-requestor-app/telink/.gitignore | 1 + .../ota-requestor-app/telink/src/AppTask.cpp | 2 + scripts/build/build/targets.py | 4 + scripts/build/builders/telink.py | 16 +- .../testdata/all_targets_except_host.txt | 2 + .../build/testdata/build_all_except_host.txt | 26 ++ .../glob_star_targets_except_host.txt | 2 + 37 files changed, 1936 insertions(+), 31 deletions(-) create mode 100644 examples/all-clusters-app/telink/.gitignore create mode 100644 examples/all-clusters-app/telink/CMakeLists.txt create mode 100644 examples/all-clusters-app/telink/Readme.md create mode 100644 examples/all-clusters-app/telink/include/AppConfig.h create mode 100644 examples/all-clusters-app/telink/include/AppEvent.h create mode 100644 examples/all-clusters-app/telink/include/AppTask.h create mode 100644 examples/all-clusters-app/telink/include/CHIPProjectConfig.h create mode 100644 examples/all-clusters-app/telink/prj.conf create mode 100644 examples/all-clusters-app/telink/src/AppTask.cpp create mode 100644 examples/all-clusters-app/telink/src/ZclDoorLockCallbacks.cpp create mode 100644 examples/all-clusters-app/telink/src/main.cpp create mode 120000 examples/all-clusters-app/telink/third_party/connectedhomeip create mode 100644 examples/all-clusters-minimal-app/telink/.gitignore create mode 100644 examples/all-clusters-minimal-app/telink/CMakeLists.txt create mode 100644 examples/all-clusters-minimal-app/telink/Readme.md create mode 100644 examples/all-clusters-minimal-app/telink/include/AppConfig.h create mode 100644 examples/all-clusters-minimal-app/telink/include/AppEvent.h create mode 100644 examples/all-clusters-minimal-app/telink/include/AppTask.h create mode 100644 examples/all-clusters-minimal-app/telink/include/CHIPProjectConfig.h create mode 100644 examples/all-clusters-minimal-app/telink/prj.conf create mode 100644 examples/all-clusters-minimal-app/telink/src/AppTask.cpp create mode 100644 examples/all-clusters-minimal-app/telink/src/main.cpp create mode 120000 examples/all-clusters-minimal-app/telink/third_party/connectedhomeip create mode 100644 examples/light-switch-app/telink/.gitignore create mode 100644 examples/lighting-app/telink/.gitignore create mode 100644 examples/ota-requestor-app/telink/.gitignore diff --git a/.github/workflows/examples-telink.yaml b/.github/workflows/examples-telink.yaml index dfb5fc75929f1c..1042ae8f7866fc 100644 --- a/.github/workflows/examples-telink.yaml +++ b/.github/workflows/examples-telink.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Project CHIP Authors +# Copyright (c) 2022 Project CHIP Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -54,37 +54,46 @@ jobs: GH_CONTEXT: ${{ toJson(github) }} run: scripts/tools/memory/gh_sizes_environment.py "${GH_CONTEXT}" - - name: Build example Telink Lighting App + - name: Build example Telink All Clusters App run: | ./scripts/run_in_build_env.sh \ - "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-light' build" + "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-all-clusters' build" + .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \ + telink tlsr9518adk80d all-clusters-app \ + out/telink-tlsr9518adk80d-all-clusters/zephyr/zephyr.elf \ + /tmp/bloat_reports/ - - name: Build example Telink Light Switch App + - name: Build example Telink All Clusters Minimal App run: | ./scripts/run_in_build_env.sh \ - "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-light-switch' build" + "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-all-clusters-minimal' build" + .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \ + telink tlsr9518adk80d all-clusters-minimal-app \ + out/telink-tlsr9518adk80d-all-clusters-minimal/zephyr/zephyr.elf \ + /tmp/bloat_reports/ - - name: Build example Telink OTA Requestor App + - name: Build example Telink Lighting App run: | ./scripts/run_in_build_env.sh \ - "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-ota-requestor' build" - - - name: Get Lighting size stats - run: | + "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-light' build" .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \ telink tlsr9518adk80d lighting-app \ out/telink-tlsr9518adk80d-light/zephyr/zephyr.elf \ /tmp/bloat_reports/ - - name: Get Light Switch size stats + - name: Build example Telink Light Switch App run: | + ./scripts/run_in_build_env.sh \ + "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-light-switch' build" .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \ telink tlsr9518adk80d light-switch-app \ out/telink-tlsr9518adk80d-light-switch/zephyr/zephyr.elf \ /tmp/bloat_reports/ - - name: Get OTA Requestor size stats + - name: Build example Telink OTA Requestor App run: | + ./scripts/run_in_build_env.sh \ + "./scripts/build/build_examples.py --no-log-timestamps --target 'telink-tlsr9518adk80d-ota-requestor' build" .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \ telink tlsr9518adk80d ota-requestor-app \ out/telink-tlsr9518adk80d-ota-requestor/zephyr/zephyr.elf \ diff --git a/.vscode/tasks.json b/.vscode/tasks.json index d6fedb4eb102bd..e68b26b2b1cd08 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -441,6 +441,8 @@ "nrf-nrf5340-pump-controller", "nrf-nrf5340-shell", "qpg-qpg6100-lock", + "telink-tlsr9518adk80d-all-clusters", + "telink-tlsr9518adk80d-all-clusters-minimal", "telink-tlsr9518adk80d-light", "telink-tlsr9518adk80d-light-switch", "telink-tlsr9518adk80d-ota-requestor", diff --git a/examples/all-clusters-app/telink/.gitignore b/examples/all-clusters-app/telink/.gitignore new file mode 100644 index 00000000000000..84c048a73cc2e5 --- /dev/null +++ b/examples/all-clusters-app/telink/.gitignore @@ -0,0 +1 @@ +/build/ diff --git a/examples/all-clusters-app/telink/CMakeLists.txt b/examples/all-clusters-app/telink/CMakeLists.txt new file mode 100644 index 00000000000000..8d826aca784a26 --- /dev/null +++ b/examples/all-clusters-app/telink/CMakeLists.txt @@ -0,0 +1,71 @@ +# +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +cmake_minimum_required(VERSION 3.13.1) + +set(BOARD tlsr9518adk80d) + +get_filename_component(CHIP_ROOT ${CMAKE_CURRENT_SOURCE_DIR}/third_party/connectedhomeip REALPATH) +get_filename_component(NLIO_ROOT ${CHIP_ROOT}/third_party/nlio/repo/include REALPATH) +get_filename_component(TELINK_COMMON ${CHIP_ROOT}/examples/platform/telink REALPATH) +get_filename_component(GEN_DIR ${CHIP_ROOT}/zzz_generated/ REALPATH) +get_filename_component(ALL_CLUSTERS_COMMON_DIR ${CHIP_ROOT}/examples/all-clusters-app/all-clusters-common REALPATH) + +set(CONF_FILE ${CHIP_ROOT}/config/telink/app/zephyr.conf prj.conf) + +# Load NCS/Zephyr build system +list(APPEND ZEPHYR_EXTRA_MODULES ${CHIP_ROOT}/config/telink/chip-module) +find_package(Zephyr HINTS $ENV{ZEPHYR_BASE}) + +project(chip-telink-all-clusters-app-example) + +include(${CHIP_ROOT}/config/telink/app/enable-gnu-std.cmake) +include(${CHIP_ROOT}/src/app/chip_data_model.cmake) + +target_compile_options(app PRIVATE -fpermissive) + +target_include_directories(app PRIVATE + include + ${ALL_CLUSTERS_COMMON_DIR}/include + ${GEN_DIR}/app-common + ${GEN_DIR}/all-clusters-app + ${NLIO_ROOT} + ${TELINK_COMMON}/util/include) + +add_definitions( + "-DCHIP_ADDRESS_RESOLVE_IMPL_INCLUDE_HEADER=" +) + +target_sources(app PRIVATE + src/AppTask.cpp + src/main.cpp + src/ZclDoorLockCallbacks.cpp + ${ALL_CLUSTERS_COMMON_DIR}/src/static-supported-modes-manager.cpp + ${ALL_CLUSTERS_COMMON_DIR}/src/bridged-actions-stub.cpp + ${ALL_CLUSTERS_COMMON_DIR}/src/binding-handler.cpp + ${GEN_DIR}/all-clusters-app/zap-generated/callback-stub.cpp + ${GEN_DIR}/all-clusters-app/zap-generated/IMClusterCommandHandler.cpp + ${TELINK_COMMON}/util/src/LEDWidget.cpp + ${TELINK_COMMON}/util/src/ButtonManager.cpp + ${TELINK_COMMON}/util/src/ThreadUtil.cpp) + +chip_configure_data_model(app + INCLUDE_SERVER + ZAP_FILE ${ALL_CLUSTERS_COMMON_DIR}/all-clusters-app.zap +) + +if(CONFIG_CHIP_OTA_REQUESTOR) + target_sources(app PRIVATE ${TELINK_COMMON}/util/src/OTAUtil.cpp) +endif() diff --git a/examples/all-clusters-app/telink/Readme.md b/examples/all-clusters-app/telink/Readme.md new file mode 100644 index 00000000000000..f436507f9684b6 --- /dev/null +++ b/examples/all-clusters-app/telink/Readme.md @@ -0,0 +1,159 @@ +# Matter Telink All Clusters Example Application + +The Telink All Clusters Example Application implements various ZCL clusters +populated on three endpoints. You can use this example as a reference for +creating your own application. + +![Telink B91 EVK](http://wiki.telink-semi.cn/wiki/assets/Hardware/B91_Generic_Starter_Kit_Hardware_Guide/connection_chart.png) + +## Build and flash + +1. Pull docker image from repository: + + ```bash + $ docker pull connectedhomeip/chip-build-telink:latest + ``` + +1. Run docker container: + + ```bash + $ docker run -it --rm -v ${CHIP_BASE}:/root/chip -v /dev/bus/usb:/dev/bus/usb --device-cgroup-rule "c 189:* rmw" connectedhomeip/chip-build-telink:latest + ``` + + here `${CHIP_BASE}` is directory which contains CHIP repo files **!!!Pay + attention that OUTPUT_DIR should contains ABSOLUTE path to output dir** + +1. Activate the build environment: + + ```bash + $ source ./scripts/activate.sh + ``` + +1. In the example dir run: + + ```bash + $ west build + ``` + +1. Flash binary: + + ``` + $ west flash --erase + ``` + +## Usage + +### UART + +To get output from device, connect UART to following pins: + +| Name | Pin | +| :--: | :---------------------------- | +| RX | PB3 (pin 17 of J34 connector) | +| TX | PB2 (pin 16 of J34 connector) | +| GND | GND | + +### Buttons + +The following buttons are available on **tlsr9518adk80d** board: + +| Name | Function | Description | +| :------- | :--------------------- | :----------------------------------------------------------------------------------------------------- | +| Button 1 | Factory reset | Perform factory reset to forget currently commissioned Thread network and back to uncommissioned state | +| Button 2 | Not used | Not used | +| Button 3 | Thread start | Commission thread with static credentials and enables the Thread on device | +| Button 4 | Open commission window | The button is opening commissioning window to perform commissioning over BLE | + +### LEDs + +**Red** LED indicates current state of Thread network. It ables to be in +following states: + +| State | Description | +| :-------------------------- | :--------------------------------------------------------------------------- | +| Blinks with short pulses | Device is not commissioned to Thread, Thread is disabled | +| Blinls with frequent pulses | Device is commissioned, Thread enabled. Device trying to JOIN thread network | +| Blinks with whde pulses | Device commissioned and joined to thread network as CHILD | + +### CHIP tool commands + +1. Build + [chip-tool cli](https://github.com/project-chip/connectedhomeip/blob/master/examples/chip-tool/README.md) + +2. Pair with device + + ``` + ${CHIP_TOOL_DIR}/chip-tool pairing ble-thread ${NODE_ID} hex:${DATASET} ${PIN_CODE} ${DISCRIMINATOR} + ``` + + Example: + + ``` + ./chip-tool pairing ble-thread 1234 hex:0e080000000000010000000300000f35060004001fffe0020811111111222222220708fd61f77bd3df233e051000112233445566778899aabbccddeeff030e4f70656e54687265616444656d6f010212340410445f2b5ca6f2a93a55ce570a70efeecb0c0402a0fff8 20202021 3840 + ``` + +### OTA with Linux OTA Provider + +OTA feature enabled by default only for ota-requestor-app example. To enable OTA +feature for another Telink example: + +- set CONFIG_CHIP_OTA_REQUESTOR=y in corresponding "prj.conf" configuration + file. + +After build application with enabled OTA feature, use next binary files: + +- zephyr.bin - main binary to flash PCB (Use 2MB PCB). +- zephyr-ota.bin - binary for OTA Provider + +All binaries has the same SW version. To test OTA “zephyr-ota.bin” should have +higher SW version than base SW. Set CONFIG_CHIP_DEVICE_SOFTWARE_VERSION=2 in +corresponding “prj.conf” configuration file. + +Usage of OTA: + +- Build the [Linux OTA Provider](../../ota-provider-app/linux) + + ``` + ./scripts/examples/gn_build_example.sh examples/ota-provider-app/linux out/ota-provider-app chip_config_network_layer_ble=false + ``` + +- Run the Linux OTA Provider with OTA image. + + ``` + ./chip-ota-provider-app -f zephyr-ota.bin + ``` + +- Provision the Linux OTA Provider using chip-tool + + ``` + ./chip-tool pairing onnetwork ${OTA_PROVIDER_NODE_ID} 20202021 + ``` + + here: + + - \${OTA_PROVIDER_NODE_ID} is the node id of Linux OTA Provider + +- Configure the ACL of the ota-provider-app to allow access + + ``` + ./chip-tool accesscontrol write acl '[{"fabricIndex": 1, "privilege": 5, "authMode": 2, "subjects": [112233], "targets": null}, {"fabricIndex": 1, "privilege": 3, "authMode": 2, "subjects": null, "targets": null}]' ${OTA_PROVIDER_NODE_ID} 0 + ``` + + here: + + - \${OTA_PROVIDER_NODE_ID} is the node id of Linux OTA Provider + +- Use the chip-tool to announce the ota-provider-app to start the OTA process + + ``` + ./chip-tool otasoftwareupdaterequestor announce-ota-provider ${OTA_PROVIDER_NODE_ID} 0 0 0 ${DEVICE_NODE_ID} 0 + ``` + + here: + + - \${OTA_PROVIDER_NODE_ID} is the node id of Linux OTA Provider + - \${DEVICE_NODE_ID} is the node id of paired device + +Once the transfer is complete, OTA requestor sends ApplyUpdateRequest command to +OTA provider for applying the image. Device will restart on successful +application of OTA image. diff --git a/examples/all-clusters-app/telink/include/AppConfig.h b/examples/all-clusters-app/telink/include/AppConfig.h new file mode 100644 index 00000000000000..27d2cc072c03fc --- /dev/null +++ b/examples/all-clusters-app/telink/include/AppConfig.h @@ -0,0 +1,34 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +// ---- All Clusters Application example config ---- + +// Buttons config +#define BUTTON_PORT DEVICE_DT_GET(DT_NODELABEL(gpioc)) + +#define BUTTON_PIN_1 2 +#define BUTTON_PIN_3 3 +#define BUTTON_PIN_4 1 +#define BUTTON_PIN_2 0 + +// LEDs config +// System led config +#define SYSTEM_STATE_LED_PORT DEVICE_DT_GET(DT_NODELABEL(gpiob)) +#define SYSTEM_STATE_LED_PIN 7 diff --git a/examples/all-clusters-app/telink/include/AppEvent.h b/examples/all-clusters-app/telink/include/AppEvent.h new file mode 100644 index 00000000000000..000f3e8653d3ff --- /dev/null +++ b/examples/all-clusters-app/telink/include/AppEvent.h @@ -0,0 +1,44 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +struct AppEvent; +typedef void (*EventHandler)(AppEvent *); + +struct AppEvent +{ + enum AppEventTypes + { + kEventType_Button = 0, + }; + + uint16_t Type; + + union + { + struct + { + uint8_t Action; + } ButtonEvent; + }; + + EventHandler Handler; +}; diff --git a/examples/all-clusters-app/telink/include/AppTask.h b/examples/all-clusters-app/telink/include/AppTask.h new file mode 100644 index 00000000000000..d893794235fb47 --- /dev/null +++ b/examples/all-clusters-app/telink/include/AppTask.h @@ -0,0 +1,66 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "AppEvent.h" + +#include + +#include + +#include + +struct k_timer; + +class AppTask +{ +public: + CHIP_ERROR StartApp(); + + void PostEvent(AppEvent * event); + +private: + friend AppTask & GetAppTask(void); + + CHIP_ERROR Init(); + + void DispatchEvent(AppEvent * event); + + static void UpdateStatusLED(); + static void FactoryResetButtonEventHandler(void); + static void StartThreadButtonEventHandler(void); + static void StartBleAdvButtonEventHandler(void); + + static void ChipEventHandler(const chip::DeviceLayer::ChipDeviceEvent * event, intptr_t arg); + + static void FactoryResetHandler(AppEvent * aEvent); + static void StartThreadHandler(AppEvent * aEvent); + static void StartBleAdvHandler(AppEvent * aEvent); + + static void InitButtons(void); + + static void ThreadProvisioningHandler(const chip::DeviceLayer::ChipDeviceEvent * event, intptr_t arg); + + static AppTask sAppTask; +}; + +inline AppTask & GetAppTask(void) +{ + return AppTask::sAppTask; +} diff --git a/examples/all-clusters-app/telink/include/CHIPProjectConfig.h b/examples/all-clusters-app/telink/include/CHIPProjectConfig.h new file mode 100644 index 00000000000000..9cfa65977d1717 --- /dev/null +++ b/examples/all-clusters-app/telink/include/CHIPProjectConfig.h @@ -0,0 +1,48 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file + * Example project configuration file for CHIP. + * + * This is a place to put application or project-specific overrides + * to the default configuration values for general CHIP features. + * + */ + +#pragma once + +// Use a default pairing code if one hasn't been provisioned in flash. +#define CHIP_DEVICE_CONFIG_USE_TEST_SETUP_PIN_CODE 20202021 +#define CHIP_DEVICE_CONFIG_USE_TEST_SETUP_DISCRIMINATOR 0xF00 + +/** + * CHIP_DEVICE_CONFIG_ENABLE_CHIPOBLE + * + * Enable support for Chip-over-BLE (CHIPoBLE). + */ +#define CHIP_DEVICE_CONFIG_ENABLE_CHIPOBLE 1 + +/** + * CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE + * + * Reduce packet buffer pool size to 8 (default 15) to reduce ram consumption + */ +#define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 8 + +#define CHIP_DEVICE_CONFIG_ENABLE_EXTENDED_DISCOVERY 1 diff --git a/examples/all-clusters-app/telink/prj.conf b/examples/all-clusters-app/telink/prj.conf new file mode 100644 index 00000000000000..01b93d52feba2c --- /dev/null +++ b/examples/all-clusters-app/telink/prj.conf @@ -0,0 +1,54 @@ +# +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This sample uses sample-defaults.conf to set options common for all +# samples. This file should contain only options specific for this sample +# or overrides of default values. + +# enable GPIO +CONFIG_GPIO=y + +# OpenThread configs +CONFIG_OPENTHREAD_MTD=y +CONFIG_OPENTHREAD_FTD=n + +# Default OpenThread network settings +CONFIG_OPENTHREAD_PANID=4660 +CONFIG_OPENTHREAD_CHANNEL=15 +CONFIG_OPENTHREAD_NETWORK_NAME="OpenThreadDemo" +CONFIG_OPENTHREAD_XPANID="11:11:11:11:22:22:22:22" +CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154_b91" + +# Disable Matter OTA DFU +CONFIG_CHIP_OTA_REQUESTOR=n + +# CHIP configuration +CONFIG_CHIP_PROJECT_CONFIG="include/CHIPProjectConfig.h" +CONFIG_CHIP_OPENTHREAD_CONFIG="../../platform/telink/project_include/OpenThreadConfig.h" + +CONFIG_CHIP_DEVICE_VENDOR_ID=65521 +# CHIP PID: 32769 == 0x8001 (all-clusters-app) +CONFIG_CHIP_DEVICE_PRODUCT_ID=32769 +CONFIG_CHIP_DEVICE_TYPE=65535 + +CONFIG_CHIP_DEVICE_SOFTWARE_VERSION=1 +CONFIG_CHIP_DEVICE_SOFTWARE_VERSION_STRING="2022" + +# Enable CHIP pairing automatically on application start. +CONFIG_CHIP_ENABLE_PAIRING_AUTOSTART=y + +# CHIP shell +CONFIG_CHIP_LIB_SHELL=n \ No newline at end of file diff --git a/examples/all-clusters-app/telink/src/AppTask.cpp b/examples/all-clusters-app/telink/src/AppTask.cpp new file mode 100644 index 00000000000000..f0daf281889d5f --- /dev/null +++ b/examples/all-clusters-app/telink/src/AppTask.cpp @@ -0,0 +1,357 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "AppTask.h" + +#include "AppConfig.h" +#include "AppEvent.h" +#include "ButtonManager.h" +#include "LEDWidget.h" +#include "binding-handler.h" +#include +#include + +#include + +#include "ThreadUtil.h" + +#include +#include +#include +#include +#include + +#include +#include + +#if CONFIG_CHIP_OTA_REQUESTOR +#include "OTAUtil.h" +#endif + +#include +#include + +LOG_MODULE_DECLARE(app); + +namespace { + +constexpr int kAppEventQueueSize = 10; +constexpr uint8_t kButtonPushEvent = 1; +constexpr uint8_t kButtonReleaseEvent = 0; + +K_MSGQ_DEFINE(sAppEventQueue, sizeof(AppEvent), kAppEventQueueSize, alignof(AppEvent)); + +LEDWidget sStatusLED; + +Button sFactoryResetButton; +Button sThreadStartButton; +Button sBleAdvStartButton; + +bool sIsThreadProvisioned = false; +bool sIsThreadEnabled = false; +bool sIsThreadAttached = false; +bool sHaveBLEConnections = false; + +chip::DeviceLayer::DeviceInfoProviderImpl gExampleDeviceInfoProvider; + +void OnIdentifyTriggerEffect(Identify * identify) +{ + switch (identify->mCurrentEffectIdentifier) + { + case EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_BLINK: + ChipLogProgress(Zcl, "EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_BLINK"); + break; + case EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_BREATHE: + ChipLogProgress(Zcl, "EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_BREATHE"); + break; + case EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_OKAY: + ChipLogProgress(Zcl, "EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_OKAY"); + break; + case EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_CHANNEL_CHANGE: + ChipLogProgress(Zcl, "EMBER_ZCL_IDENTIFY_EFFECT_IDENTIFIER_CHANNEL_CHANGE"); + break; + default: + ChipLogProgress(Zcl, "No identifier effect"); + break; + } + return; +} + +Identify sIdentify = { + chip::EndpointId{ 1 }, + [](Identify *) { ChipLogProgress(Zcl, "OnIdentifyStart"); }, + [](Identify *) { ChipLogProgress(Zcl, "OnIdentifyStop"); }, + EMBER_ZCL_IDENTIFY_IDENTIFY_TYPE_VISIBLE_LED, + OnIdentifyTriggerEffect, +}; + +} // namespace + +using namespace ::chip; +using namespace ::chip::Credentials; +using namespace ::chip::DeviceLayer; +using namespace ::chip::DeviceLayer::Internal; + +AppTask AppTask::sAppTask; + +constexpr EndpointId kNetworkCommissioningEndpointSecondary = 0xFFFE; + +CHIP_ERROR AppTask::Init() +{ + CHIP_ERROR ret; + + LOG_INF("Current Software Version: %u, %s", CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION, + CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION_STRING); + + // Initialize status LED + LEDWidget::InitGpio(SYSTEM_STATE_LED_PORT); + sStatusLED.Init(SYSTEM_STATE_LED_PIN); + + UpdateStatusLED(); + + InitButtons(); + + // Init ZCL Data Model and start server + static chip::CommonCaseDeviceServerInitParams initParams; + (void) initParams.InitializeStaticResourcesBeforeServerInit(); + chip::Server::GetInstance().Init(initParams); + + // Initialize device attestation config + SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); + + gExampleDeviceInfoProvider.SetStorageDelegate(&chip::Server::GetInstance().GetPersistentStorage()); + chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); + +#if CONFIG_CHIP_OTA_REQUESTOR + InitBasicOTARequestor(); +#endif + + // We only have network commissioning on endpoint 0. + // Set up a valid Network Commissioning cluster on endpoint 0 is done in + // src/platform/OpenThread/GenericThreadStackManagerImpl_OpenThread.cpp + emberAfEndpointEnableDisable(kNetworkCommissioningEndpointSecondary, false); + + ConfigurationMgr().LogDeviceConfig(); + + // Configure Bindings + ret = InitBindingHandlers(); + if (ret != CHIP_NO_ERROR) + { + LOG_ERR("InitBindingHandlers() failed"); + return ret; + } + + PrintOnboardingCodes(chip::RendezvousInformationFlags(chip::RendezvousInformationFlag::kBLE)); + + // Add CHIP event handler and start CHIP thread. + // Note that all the initialization code should happen prior to this point to avoid data races + // between the main and the CHIP threads. + PlatformMgr().AddEventHandler(ChipEventHandler, 0); + + ret = ConnectivityMgr().SetBLEDeviceName("TelinkApp"); + if (ret != CHIP_NO_ERROR) + { + LOG_ERR("Fail to set BLE device name"); + return ret; + } + + return CHIP_NO_ERROR; +} + +CHIP_ERROR AppTask::StartApp() +{ + CHIP_ERROR err = Init(); + + if (err != CHIP_NO_ERROR) + { + LOG_ERR("AppTask.Init() failed"); + return err; + } + + AppEvent event = {}; + + while (true) + { + int ret = k_msgq_get(&sAppEventQueue, &event, K_MSEC(10)); + + while (!ret) + { + DispatchEvent(&event); + ret = k_msgq_get(&sAppEventQueue, &event, K_NO_WAIT); + } + + sStatusLED.Animate(); + } +} + +void AppTask::FactoryResetButtonEventHandler(void) +{ + AppEvent event; + + event.Type = AppEvent::kEventType_Button; + event.ButtonEvent.Action = kButtonPushEvent; + event.Handler = FactoryResetHandler; + sAppTask.PostEvent(&event); +} + +void AppTask::FactoryResetHandler(AppEvent * aEvent) +{ + LOG_INF("Factory Reset triggered."); + chip::Server::GetInstance().ScheduleFactoryReset(); +} + +void AppTask::StartThreadButtonEventHandler(void) +{ + AppEvent event; + + event.Type = AppEvent::kEventType_Button; + event.ButtonEvent.Action = kButtonPushEvent; + event.Handler = StartThreadHandler; + sAppTask.PostEvent(&event); +} + +void AppTask::StartThreadHandler(AppEvent * aEvent) +{ + + if (!chip::DeviceLayer::ConnectivityMgr().IsThreadProvisioned()) + { + // Switch context from BLE to Thread + BLEManagerImpl sInstance; + sInstance.SwitchToIeee802154(); + StartDefaultThreadNetwork(); + LOG_INF("Device is not commissioned to a Thread network. Starting with the default configuration."); + } + else + { + LOG_INF("Device is commissioned to a Thread network."); + } +} + +void AppTask::StartBleAdvButtonEventHandler(void) +{ + AppEvent event; + + event.Type = AppEvent::kEventType_Button; + event.ButtonEvent.Action = kButtonPushEvent; + event.Handler = StartBleAdvHandler; + sAppTask.PostEvent(&event); +} + +void AppTask::StartBleAdvHandler(AppEvent * aEvent) +{ + LOG_INF("BLE advertising start button pressed"); + + // Don't allow on starting Matter service BLE advertising after Thread provisioning. + if (ConnectivityMgr().IsThreadProvisioned()) + { + LOG_INF("Matter service BLE advertising not started - device is commissioned to a Thread network."); + return; + } + + if (ConnectivityMgr().IsBLEAdvertisingEnabled()) + { + LOG_INF("BLE advertising is already enabled"); + return; + } + + if (chip::Server::GetInstance().GetCommissioningWindowManager().OpenBasicCommissioningWindow() != CHIP_NO_ERROR) + { + LOG_ERR("OpenBasicCommissioningWindow() failed"); + } +} + +void AppTask::UpdateStatusLED() +{ + if (sIsThreadProvisioned && sIsThreadEnabled) + { + if (sIsThreadAttached) + { + sStatusLED.Blink(950, 50); + } + else + { + sStatusLED.Blink(100, 100); + } + } + else + { + sStatusLED.Blink(50, 950); + } +} + +void AppTask::ChipEventHandler(const ChipDeviceEvent * event, intptr_t /* arg */) +{ + switch (event->Type) + { + case DeviceEventType::kCHIPoBLEAdvertisingChange: + sHaveBLEConnections = ConnectivityMgr().NumBLEConnections() != 0; + UpdateStatusLED(); + break; + case DeviceEventType::kThreadStateChange: + sIsThreadProvisioned = ConnectivityMgr().IsThreadProvisioned(); + sIsThreadEnabled = ConnectivityMgr().IsThreadEnabled(); + sIsThreadAttached = ConnectivityMgr().IsThreadAttached(); + UpdateStatusLED(); + break; + case DeviceEventType::kThreadConnectivityChange: +#if CONFIG_CHIP_OTA_REQUESTOR + if (event->ThreadConnectivityChange.Result == kConnectivity_Established) + { + InitBasicOTARequestor(); + } +#endif + break; + default: + break; + } +} + +void AppTask::PostEvent(AppEvent * aEvent) +{ + if (!aEvent) + return; + if (k_msgq_put(&sAppEventQueue, aEvent, K_NO_WAIT) != 0) + { + LOG_INF("Failed to post event to app task event queue"); + } +} + +void AppTask::DispatchEvent(AppEvent * aEvent) +{ + if (!aEvent) + return; + if (aEvent->Handler) + { + aEvent->Handler(aEvent); + } + else + { + LOG_INF("Event received with no handler. Dropping event."); + } +} + +void AppTask::InitButtons(void) +{ + sFactoryResetButton.Configure(BUTTON_PORT, BUTTON_PIN_3, BUTTON_PIN_1, FactoryResetButtonEventHandler); + sThreadStartButton.Configure(BUTTON_PORT, BUTTON_PIN_3, BUTTON_PIN_2, StartThreadButtonEventHandler); + sBleAdvStartButton.Configure(BUTTON_PORT, BUTTON_PIN_4, BUTTON_PIN_2, StartBleAdvButtonEventHandler); + + ButtonManagerInst().AddButton(sFactoryResetButton); + ButtonManagerInst().AddButton(sThreadStartButton); + ButtonManagerInst().AddButton(sBleAdvStartButton); +} diff --git a/examples/all-clusters-app/telink/src/ZclDoorLockCallbacks.cpp b/examples/all-clusters-app/telink/src/ZclDoorLockCallbacks.cpp new file mode 100644 index 00000000000000..edaa86e44d5125 --- /dev/null +++ b/examples/all-clusters-app/telink/src/ZclDoorLockCallbacks.cpp @@ -0,0 +1,57 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include + +using namespace ::chip; +using namespace ::chip::app::Clusters; +using namespace ::chip::app::Clusters::DoorLock; + +LOG_MODULE_DECLARE(app, CONFIG_MATTER_LOG_LEVEL); + +// Provided some empty callbacks and replaced feature map +// to simulate DoorLock endpoint for All-Clusters-App example +// without using kUsersManagement|kAccessSchedules|kRFIDCredentials|kPINCredentials + +bool emberAfPluginDoorLockOnDoorLockCommand(chip::EndpointId endpointId, const Optional & pinCode, DlOperationError & err) +{ + return true; +} + +bool emberAfPluginDoorLockOnDoorUnlockCommand(chip::EndpointId endpointId, const Optional & pinCode, + DlOperationError & err) +{ + return true; +} + +void emberAfDoorLockClusterInitCallback(EndpointId endpoint) +{ + DoorLockServer::Instance().InitServer(endpoint); + + // Set FeatureMap to 0, default is: + // (kUsersManagement|kAccessSchedules|kRFIDCredentials|kPINCredentials) 0x113 + EmberAfStatus status = DoorLock::Attributes::FeatureMap::Set(endpoint, 0); + if (status != EMBER_ZCL_STATUS_SUCCESS) + { + LOG_ERR("Updating feature map %x", status); + } +} diff --git a/examples/all-clusters-app/telink/src/main.cpp b/examples/all-clusters-app/telink/src/main.cpp new file mode 100644 index 00000000000000..48adaee45a5115 --- /dev/null +++ b/examples/all-clusters-app/telink/src/main.cpp @@ -0,0 +1,83 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "AppTask.h" + +#include +#include + +#include + +LOG_MODULE_REGISTER(app); + +using namespace ::chip; +using namespace ::chip::Inet; +using namespace ::chip::DeviceLayer; + +int main(void) +{ + CHIP_ERROR err = CHIP_NO_ERROR; + + err = chip::Platform::MemoryInit(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("Platform::MemoryInit() failed"); + goto exit; + } + + LOG_INF("Init CHIP stack"); + err = PlatformMgr().InitChipStack(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("PlatformMgr().InitChipStack() failed"); + goto exit; + } + + LOG_INF("Starting CHIP task"); + err = PlatformMgr().StartEventLoopTask(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("PlatformMgr().StartEventLoopTask() failed"); + goto exit; + } + + LOG_INF("Init Thread stack"); + err = ThreadStackMgr().InitThreadStack(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("ThreadStackMgr().InitThreadStack() failed"); + goto exit; + } + +#ifdef CONFIG_OPENTHREAD_MTD + err = ConnectivityMgr().SetThreadDeviceType(ConnectivityManager::kThreadDeviceType_MinimalEndDevice); +#else + err = ConnectivityMgr().SetThreadDeviceType(ConnectivityManager::kThreadDeviceType_Router); +#endif + if (err != CHIP_NO_ERROR) + { + LOG_ERR("ConnectivityMgr().SetThreadDeviceType() failed"); + goto exit; + } + + err = GetAppTask().StartApp(); + +exit: + LOG_ERR("Exited with code %" CHIP_ERROR_FORMAT, err.Format()); + return (err == CHIP_NO_ERROR) ? EXIT_SUCCESS : EXIT_FAILURE; +} diff --git a/examples/all-clusters-app/telink/third_party/connectedhomeip b/examples/all-clusters-app/telink/third_party/connectedhomeip new file mode 120000 index 00000000000000..c866b86874994d --- /dev/null +++ b/examples/all-clusters-app/telink/third_party/connectedhomeip @@ -0,0 +1 @@ +../../../.. \ No newline at end of file diff --git a/examples/all-clusters-minimal-app/telink/.gitignore b/examples/all-clusters-minimal-app/telink/.gitignore new file mode 100644 index 00000000000000..84c048a73cc2e5 --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/.gitignore @@ -0,0 +1 @@ +/build/ diff --git a/examples/all-clusters-minimal-app/telink/CMakeLists.txt b/examples/all-clusters-minimal-app/telink/CMakeLists.txt new file mode 100644 index 00000000000000..6b90b624398547 --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/CMakeLists.txt @@ -0,0 +1,70 @@ +# +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +cmake_minimum_required(VERSION 3.13.1) + +set(BOARD tlsr9518adk80d) + +get_filename_component(CHIP_ROOT ${CMAKE_CURRENT_SOURCE_DIR}/third_party/connectedhomeip REALPATH) +get_filename_component(NLIO_ROOT ${CHIP_ROOT}/third_party/nlio/repo/include REALPATH) +get_filename_component(TELINK_COMMON ${CHIP_ROOT}/examples/platform/telink REALPATH) +get_filename_component(GEN_DIR ${CHIP_ROOT}/zzz_generated/ REALPATH) +get_filename_component(ALL_CLUSTERS_COMMON_DIR ${CHIP_ROOT}/examples/all-clusters-app/all-clusters-common REALPATH) + +set(CONF_FILE ${CHIP_ROOT}/config/telink/app/zephyr.conf prj.conf) + +# Load NCS/Zephyr build system +list(APPEND ZEPHYR_EXTRA_MODULES ${CHIP_ROOT}/config/telink/chip-module) +find_package(Zephyr HINTS $ENV{ZEPHYR_BASE}) + +project(chip-telink-all-clusters-minimal-app-example) + +include(${CHIP_ROOT}/config/telink/app/enable-gnu-std.cmake) +include(${CHIP_ROOT}/src/app/chip_data_model.cmake) + +target_compile_options(app PRIVATE -fpermissive) + +target_include_directories(app PRIVATE + include + ${ALL_CLUSTERS_COMMON_DIR}/include + ${GEN_DIR}/app-common + ${GEN_DIR}/all-clusters-minimal-app + ${NLIO_ROOT} + ${TELINK_COMMON}/util/include) + +add_definitions( + "-DCHIP_ADDRESS_RESOLVE_IMPL_INCLUDE_HEADER=" +) + +target_sources(app PRIVATE + src/AppTask.cpp + src/main.cpp + ${ALL_CLUSTERS_COMMON_DIR}/src/static-supported-modes-manager.cpp + ${ALL_CLUSTERS_COMMON_DIR}/src/bridged-actions-stub.cpp + ${ALL_CLUSTERS_COMMON_DIR}/src/binding-handler.cpp + ${GEN_DIR}/all-clusters-minimal-app/zap-generated/callback-stub.cpp + ${GEN_DIR}/all-clusters-minimal-app/zap-generated/IMClusterCommandHandler.cpp + ${TELINK_COMMON}/util/src/LEDWidget.cpp + ${TELINK_COMMON}/util/src/ButtonManager.cpp + ${TELINK_COMMON}/util/src/ThreadUtil.cpp) + +chip_configure_data_model(app + INCLUDE_SERVER + ZAP_FILE ${CMAKE_CURRENT_SOURCE_DIR}/../all-clusters-common/all-clusters-minimal-app.zap +) + +if(CONFIG_CHIP_OTA_REQUESTOR) + target_sources(app PRIVATE ${TELINK_COMMON}/util/src/OTAUtil.cpp) +endif() diff --git a/examples/all-clusters-minimal-app/telink/Readme.md b/examples/all-clusters-minimal-app/telink/Readme.md new file mode 100644 index 00000000000000..f2fc7f4d0518ee --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/Readme.md @@ -0,0 +1,159 @@ +# Matter Telink All Clusters Minimal Example Application + +The Telink All Clusters Minimal Example Application implements various ZCL +clusters populated on three endpoints. You can use this example as a reference +for creating your own application. + +![Telink B91 EVK](http://wiki.telink-semi.cn/wiki/assets/Hardware/B91_Generic_Starter_Kit_Hardware_Guide/connection_chart.png) + +## Build and flash + +1. Pull docker image from repository: + + ```bash + $ docker pull connectedhomeip/chip-build-telink:latest + ``` + +1. Run docker container: + + ```bash + $ docker run -it --rm -v ${CHIP_BASE}:/root/chip -v /dev/bus/usb:/dev/bus/usb --device-cgroup-rule "c 189:* rmw" connectedhomeip/chip-build-telink:latest + ``` + + here `${CHIP_BASE}` is directory which contains CHIP repo files **!!!Pay + attention that OUTPUT_DIR should contains ABSOLUTE path to output dir** + +1. Activate the build environment: + + ```bash + $ source ./scripts/activate.sh + ``` + +1. In the example dir run: + + ```bash + $ west build + ``` + +1. Flash binary: + + ``` + $ west flash --erase + ``` + +## Usage + +### UART + +To get output from device, connect UART to following pins: + +| Name | Pin | +| :--: | :---------------------------- | +| RX | PB3 (pin 17 of J34 connector) | +| TX | PB2 (pin 16 of J34 connector) | +| GND | GND | + +### Buttons + +The following buttons are available on **tlsr9518adk80d** board: + +| Name | Function | Description | +| :------- | :--------------------- | :----------------------------------------------------------------------------------------------------- | +| Button 1 | Factory reset | Perform factory reset to forget currently commissioned Thread network and back to uncommissioned state | +| Button 2 | Not used | Not used | +| Button 2 | Not used | Not used | +| Button 4 | Open commission window | The button is opening commissioning window to perform commissioning over BLE | + +### LEDs + +**Red** LED indicates current state of Thread network. It ables to be in +following states: + +| State | Description | +| :-------------------------- | :--------------------------------------------------------------------------- | +| Blinks with short pulses | Device is not commissioned to Thread, Thread is disabled | +| Blinls with frequent pulses | Device is commissioned, Thread enabled. Device trying to JOIN thread network | +| Blinks with whde pulses | Device commissioned and joined to thread network as CHILD | + +### CHIP tool commands + +1. Build + [chip-tool cli](https://github.com/project-chip/connectedhomeip/blob/master/examples/chip-tool/README.md) + +2. Pair with device + + ``` + ${CHIP_TOOL_DIR}/chip-tool pairing ble-thread ${NODE_ID} hex:${DATASET} ${PIN_CODE} ${DISCRIMINATOR} + ``` + + Example: + + ``` + ./chip-tool pairing ble-thread 1234 hex:0e080000000000010000000300000f35060004001fffe0020811111111222222220708fd61f77bd3df233e051000112233445566778899aabbccddeeff030e4f70656e54687265616444656d6f010212340410445f2b5ca6f2a93a55ce570a70efeecb0c0402a0fff8 20202021 3840 + ``` + +### OTA with Linux OTA Provider + +OTA feature enabled by default only for ota-requestor-app example. To enable OTA +feature for another Telink example: + +- set CONFIG_CHIP_OTA_REQUESTOR=y in corresponding "prj.conf" configuration + file. + +After build application with enabled OTA feature, use next binary files: + +- zephyr.bin - main binary to flash PCB (Use 2MB PCB). +- zephyr-ota.bin - binary for OTA Provider + +All binaries has the same SW version. To test OTA “zephyr-ota.bin” should have +higher SW version than base SW. Set CONFIG_CHIP_DEVICE_SOFTWARE_VERSION=2 in +corresponding “prj.conf” configuration file. + +Usage of OTA: + +- Build the [Linux OTA Provider](../../ota-provider-app/linux) + + ``` + ./scripts/examples/gn_build_example.sh examples/ota-provider-app/linux out/ota-provider-app chip_config_network_layer_ble=false + ``` + +- Run the Linux OTA Provider with OTA image. + + ``` + ./chip-ota-provider-app -f zephyr-ota.bin + ``` + +- Provision the Linux OTA Provider using chip-tool + + ``` + ./chip-tool pairing onnetwork ${OTA_PROVIDER_NODE_ID} 20202021 + ``` + + here: + + - \${OTA_PROVIDER_NODE_ID} is the node id of Linux OTA Provider + +- Configure the ACL of the ota-provider-app to allow access + + ``` + ./chip-tool accesscontrol write acl '[{"fabricIndex": 1, "privilege": 5, "authMode": 2, "subjects": [112233], "targets": null}, {"fabricIndex": 1, "privilege": 3, "authMode": 2, "subjects": null, "targets": null}]' ${OTA_PROVIDER_NODE_ID} 0 + ``` + + here: + + - \${OTA_PROVIDER_NODE_ID} is the node id of Linux OTA Provider + +- Use the chip-tool to announce the ota-provider-app to start the OTA process + + ``` + ./chip-tool otasoftwareupdaterequestor announce-ota-provider ${OTA_PROVIDER_NODE_ID} 0 0 0 ${DEVICE_NODE_ID} 0 + ``` + + here: + + - \${OTA_PROVIDER_NODE_ID} is the node id of Linux OTA Provider + - \${DEVICE_NODE_ID} is the node id of paired device + +Once the transfer is complete, OTA requestor sends ApplyUpdateRequest command to +OTA provider for applying the image. Device will restart on successful +application of OTA image. diff --git a/examples/all-clusters-minimal-app/telink/include/AppConfig.h b/examples/all-clusters-minimal-app/telink/include/AppConfig.h new file mode 100644 index 00000000000000..27d2cc072c03fc --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/include/AppConfig.h @@ -0,0 +1,34 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +// ---- All Clusters Application example config ---- + +// Buttons config +#define BUTTON_PORT DEVICE_DT_GET(DT_NODELABEL(gpioc)) + +#define BUTTON_PIN_1 2 +#define BUTTON_PIN_3 3 +#define BUTTON_PIN_4 1 +#define BUTTON_PIN_2 0 + +// LEDs config +// System led config +#define SYSTEM_STATE_LED_PORT DEVICE_DT_GET(DT_NODELABEL(gpiob)) +#define SYSTEM_STATE_LED_PIN 7 diff --git a/examples/all-clusters-minimal-app/telink/include/AppEvent.h b/examples/all-clusters-minimal-app/telink/include/AppEvent.h new file mode 100644 index 00000000000000..000f3e8653d3ff --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/include/AppEvent.h @@ -0,0 +1,44 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +struct AppEvent; +typedef void (*EventHandler)(AppEvent *); + +struct AppEvent +{ + enum AppEventTypes + { + kEventType_Button = 0, + }; + + uint16_t Type; + + union + { + struct + { + uint8_t Action; + } ButtonEvent; + }; + + EventHandler Handler; +}; diff --git a/examples/all-clusters-minimal-app/telink/include/AppTask.h b/examples/all-clusters-minimal-app/telink/include/AppTask.h new file mode 100644 index 00000000000000..d6a02734a40e74 --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/include/AppTask.h @@ -0,0 +1,64 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "AppEvent.h" + +#include + +#include + +#include + +struct k_timer; + +class AppTask +{ +public: + CHIP_ERROR StartApp(); + + void PostEvent(AppEvent * event); + +private: + friend AppTask & GetAppTask(void); + + CHIP_ERROR Init(); + + void DispatchEvent(AppEvent * event); + + static void UpdateStatusLED(); + static void FactoryResetButtonEventHandler(void); + static void StartBleAdvButtonEventHandler(void); + + static void ChipEventHandler(const chip::DeviceLayer::ChipDeviceEvent * event, intptr_t arg); + + static void FactoryResetHandler(AppEvent * aEvent); + static void StartBleAdvHandler(AppEvent * aEvent); + + static void InitButtons(void); + + static void ThreadProvisioningHandler(const chip::DeviceLayer::ChipDeviceEvent * event, intptr_t arg); + + static AppTask sAppTask; +}; + +inline AppTask & GetAppTask(void) +{ + return AppTask::sAppTask; +} diff --git a/examples/all-clusters-minimal-app/telink/include/CHIPProjectConfig.h b/examples/all-clusters-minimal-app/telink/include/CHIPProjectConfig.h new file mode 100644 index 00000000000000..9cfa65977d1717 --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/include/CHIPProjectConfig.h @@ -0,0 +1,48 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file + * Example project configuration file for CHIP. + * + * This is a place to put application or project-specific overrides + * to the default configuration values for general CHIP features. + * + */ + +#pragma once + +// Use a default pairing code if one hasn't been provisioned in flash. +#define CHIP_DEVICE_CONFIG_USE_TEST_SETUP_PIN_CODE 20202021 +#define CHIP_DEVICE_CONFIG_USE_TEST_SETUP_DISCRIMINATOR 0xF00 + +/** + * CHIP_DEVICE_CONFIG_ENABLE_CHIPOBLE + * + * Enable support for Chip-over-BLE (CHIPoBLE). + */ +#define CHIP_DEVICE_CONFIG_ENABLE_CHIPOBLE 1 + +/** + * CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE + * + * Reduce packet buffer pool size to 8 (default 15) to reduce ram consumption + */ +#define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 8 + +#define CHIP_DEVICE_CONFIG_ENABLE_EXTENDED_DISCOVERY 1 diff --git a/examples/all-clusters-minimal-app/telink/prj.conf b/examples/all-clusters-minimal-app/telink/prj.conf new file mode 100644 index 00000000000000..791807a463a9e0 --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/prj.conf @@ -0,0 +1,54 @@ +# +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This sample uses sample-defaults.conf to set options common for all +# samples. This file should contain only options specific for this sample +# or overrides of default values. + +# enable GPIO +CONFIG_GPIO=y + +# OpenThread configs +CONFIG_OPENTHREAD_MTD=y +CONFIG_OPENTHREAD_FTD=n + +# Default OpenThread network settings +CONFIG_OPENTHREAD_PANID=4660 +CONFIG_OPENTHREAD_CHANNEL=15 +CONFIG_OPENTHREAD_NETWORK_NAME="OpenThreadDemo" +CONFIG_OPENTHREAD_XPANID="11:11:11:11:22:22:22:22" +CONFIG_NET_CONFIG_IEEE802154_DEV_NAME="IEEE802154_b91" + +# Disable Matter OTA DFU +CONFIG_CHIP_OTA_REQUESTOR=n + +# CHIP configuration +CONFIG_CHIP_PROJECT_CONFIG="include/CHIPProjectConfig.h" +CONFIG_CHIP_OPENTHREAD_CONFIG="../../platform/telink/project_include/OpenThreadConfig.h" + +CONFIG_CHIP_DEVICE_VENDOR_ID=65521 +# CHIP PID: 32769 == 0x8001 (all-clusters-minimal-app) +CONFIG_CHIP_DEVICE_PRODUCT_ID=32769 +CONFIG_CHIP_DEVICE_TYPE=65535 + +CONFIG_CHIP_DEVICE_SOFTWARE_VERSION=1 +CONFIG_CHIP_DEVICE_SOFTWARE_VERSION_STRING="2022" + +# Enable CHIP pairing automatically on application start. +CONFIG_CHIP_ENABLE_PAIRING_AUTOSTART=y + +# CHIP shell +CONFIG_CHIP_LIB_SHELL=n \ No newline at end of file diff --git a/examples/all-clusters-minimal-app/telink/src/AppTask.cpp b/examples/all-clusters-minimal-app/telink/src/AppTask.cpp new file mode 100644 index 00000000000000..a08d81bf5b1a39 --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/src/AppTask.cpp @@ -0,0 +1,288 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "AppTask.h" + +#include "AppConfig.h" +#include "AppEvent.h" +#include "ButtonManager.h" +#include "LEDWidget.h" +#include "binding-handler.h" +#include +#include + +#include "ThreadUtil.h" + +#include +#include +#include +#include + +#include +#include + +#if CONFIG_CHIP_OTA_REQUESTOR +#include "OTAUtil.h" +#endif + +#include +#include + +LOG_MODULE_DECLARE(app); + +namespace { + +constexpr int kAppEventQueueSize = 10; +constexpr uint8_t kButtonPushEvent = 1; +constexpr uint8_t kButtonReleaseEvent = 0; + +K_MSGQ_DEFINE(sAppEventQueue, sizeof(AppEvent), kAppEventQueueSize, alignof(AppEvent)); + +LEDWidget sStatusLED; + +Button sFactoryResetButton; +Button sBleAdvStartButton; + +bool sIsThreadProvisioned = false; +bool sIsThreadEnabled = false; +bool sIsThreadAttached = false; +bool sHaveBLEConnections = false; + +} // namespace + +using namespace ::chip; +using namespace ::chip::Credentials; +using namespace ::chip::DeviceLayer; +using namespace ::chip::DeviceLayer::Internal; + +AppTask AppTask::sAppTask; + +constexpr EndpointId kNetworkCommissioningEndpointSecondary = 0xFFFE; + +CHIP_ERROR AppTask::Init() +{ + CHIP_ERROR ret; + + LOG_INF("Current Software Version: %u, %s", CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION, + CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION_STRING); + + // Initialize status LED + LEDWidget::InitGpio(SYSTEM_STATE_LED_PORT); + sStatusLED.Init(SYSTEM_STATE_LED_PIN); + + UpdateStatusLED(); + + InitButtons(); + + // Init ZCL Data Model and start server + static chip::CommonCaseDeviceServerInitParams initParams; + (void) initParams.InitializeStaticResourcesBeforeServerInit(); + chip::Server::GetInstance().Init(initParams); + + // Initialize device attestation config + SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); + +#if CONFIG_CHIP_OTA_REQUESTOR + InitBasicOTARequestor(); +#endif + + // We only have network commissioning on endpoint 0. + // Set up a valid Network Commissioning cluster on endpoint 0 is done in + // src/platform/OpenThread/GenericThreadStackManagerImpl_OpenThread.cpp + emberAfEndpointEnableDisable(kNetworkCommissioningEndpointSecondary, false); + + ConfigurationMgr().LogDeviceConfig(); + + // Configure Bindings + ret = InitBindingHandlers(); + if (ret != CHIP_NO_ERROR) + { + LOG_ERR("InitBindingHandlers() failed"); + return ret; + } + + PrintOnboardingCodes(chip::RendezvousInformationFlags(chip::RendezvousInformationFlag::kBLE)); + + // Add CHIP event handler and start CHIP thread. + // Note that all the initialization code should happen prior to this point to avoid data races + // between the main and the CHIP threads. + PlatformMgr().AddEventHandler(ChipEventHandler, 0); + + ret = ConnectivityMgr().SetBLEDeviceName("TelinkMinApp"); + if (ret != CHIP_NO_ERROR) + { + LOG_ERR("Fail to set BLE device name"); + return ret; + } + + return CHIP_NO_ERROR; +} + +CHIP_ERROR AppTask::StartApp() +{ + CHIP_ERROR err = Init(); + + if (err != CHIP_NO_ERROR) + { + LOG_ERR("AppTask.Init() failed"); + return err; + } + + AppEvent event = {}; + + while (true) + { + int ret = k_msgq_get(&sAppEventQueue, &event, K_MSEC(10)); + + while (!ret) + { + DispatchEvent(&event); + ret = k_msgq_get(&sAppEventQueue, &event, K_NO_WAIT); + } + + sStatusLED.Animate(); + } +} + +void AppTask::FactoryResetButtonEventHandler(void) +{ + AppEvent event; + + event.Type = AppEvent::kEventType_Button; + event.ButtonEvent.Action = kButtonPushEvent; + event.Handler = FactoryResetHandler; + sAppTask.PostEvent(&event); +} + +void AppTask::FactoryResetHandler(AppEvent * aEvent) +{ + LOG_INF("Factory Reset triggered."); + chip::Server::GetInstance().ScheduleFactoryReset(); +} + +void AppTask::StartBleAdvButtonEventHandler(void) +{ + AppEvent event; + + event.Type = AppEvent::kEventType_Button; + event.ButtonEvent.Action = kButtonPushEvent; + event.Handler = StartBleAdvHandler; + sAppTask.PostEvent(&event); +} + +void AppTask::StartBleAdvHandler(AppEvent * aEvent) +{ + LOG_INF("BLE advertising start button pressed"); + + // Don't allow on starting Matter service BLE advertising after Thread provisioning. + if (ConnectivityMgr().IsThreadProvisioned()) + { + LOG_INF("Matter service BLE advertising not started - device is commissioned to a Thread network."); + return; + } + + if (ConnectivityMgr().IsBLEAdvertisingEnabled()) + { + LOG_INF("BLE advertising is already enabled"); + return; + } + + if (chip::Server::GetInstance().GetCommissioningWindowManager().OpenBasicCommissioningWindow() != CHIP_NO_ERROR) + { + LOG_ERR("OpenBasicCommissioningWindow() failed"); + } +} + +void AppTask::UpdateStatusLED() +{ + if (sIsThreadProvisioned && sIsThreadEnabled) + { + if (sIsThreadAttached) + { + sStatusLED.Blink(950, 50); + } + else + { + sStatusLED.Blink(100, 100); + } + } + else + { + sStatusLED.Blink(50, 950); + } +} + +void AppTask::ChipEventHandler(const ChipDeviceEvent * event, intptr_t /* arg */) +{ + switch (event->Type) + { + case DeviceEventType::kCHIPoBLEAdvertisingChange: + sHaveBLEConnections = ConnectivityMgr().NumBLEConnections() != 0; + UpdateStatusLED(); + break; + case DeviceEventType::kThreadStateChange: + sIsThreadProvisioned = ConnectivityMgr().IsThreadProvisioned(); + sIsThreadEnabled = ConnectivityMgr().IsThreadEnabled(); + sIsThreadAttached = ConnectivityMgr().IsThreadAttached(); + UpdateStatusLED(); + break; + case DeviceEventType::kThreadConnectivityChange: +#if CONFIG_CHIP_OTA_REQUESTOR + if (event->ThreadConnectivityChange.Result == kConnectivity_Established) + { + InitBasicOTARequestor(); + } +#endif + break; + default: + break; + } +} + +void AppTask::PostEvent(AppEvent * aEvent) +{ + if (!aEvent) + return; + if (k_msgq_put(&sAppEventQueue, aEvent, K_NO_WAIT) != 0) + { + LOG_INF("Failed to post event to app task event queue"); + } +} + +void AppTask::DispatchEvent(AppEvent * aEvent) +{ + if (!aEvent) + return; + if (aEvent->Handler) + { + aEvent->Handler(aEvent); + } + else + { + LOG_INF("Event received with no handler. Dropping event."); + } +} + +void AppTask::InitButtons(void) +{ + sFactoryResetButton.Configure(BUTTON_PORT, BUTTON_PIN_3, BUTTON_PIN_1, FactoryResetButtonEventHandler); + sBleAdvStartButton.Configure(BUTTON_PORT, BUTTON_PIN_4, BUTTON_PIN_2, StartBleAdvButtonEventHandler); + + ButtonManagerInst().AddButton(sFactoryResetButton); + ButtonManagerInst().AddButton(sBleAdvStartButton); +} diff --git a/examples/all-clusters-minimal-app/telink/src/main.cpp b/examples/all-clusters-minimal-app/telink/src/main.cpp new file mode 100644 index 00000000000000..48adaee45a5115 --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/src/main.cpp @@ -0,0 +1,83 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "AppTask.h" + +#include +#include + +#include + +LOG_MODULE_REGISTER(app); + +using namespace ::chip; +using namespace ::chip::Inet; +using namespace ::chip::DeviceLayer; + +int main(void) +{ + CHIP_ERROR err = CHIP_NO_ERROR; + + err = chip::Platform::MemoryInit(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("Platform::MemoryInit() failed"); + goto exit; + } + + LOG_INF("Init CHIP stack"); + err = PlatformMgr().InitChipStack(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("PlatformMgr().InitChipStack() failed"); + goto exit; + } + + LOG_INF("Starting CHIP task"); + err = PlatformMgr().StartEventLoopTask(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("PlatformMgr().StartEventLoopTask() failed"); + goto exit; + } + + LOG_INF("Init Thread stack"); + err = ThreadStackMgr().InitThreadStack(); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("ThreadStackMgr().InitThreadStack() failed"); + goto exit; + } + +#ifdef CONFIG_OPENTHREAD_MTD + err = ConnectivityMgr().SetThreadDeviceType(ConnectivityManager::kThreadDeviceType_MinimalEndDevice); +#else + err = ConnectivityMgr().SetThreadDeviceType(ConnectivityManager::kThreadDeviceType_Router); +#endif + if (err != CHIP_NO_ERROR) + { + LOG_ERR("ConnectivityMgr().SetThreadDeviceType() failed"); + goto exit; + } + + err = GetAppTask().StartApp(); + +exit: + LOG_ERR("Exited with code %" CHIP_ERROR_FORMAT, err.Format()); + return (err == CHIP_NO_ERROR) ? EXIT_SUCCESS : EXIT_FAILURE; +} diff --git a/examples/all-clusters-minimal-app/telink/third_party/connectedhomeip b/examples/all-clusters-minimal-app/telink/third_party/connectedhomeip new file mode 120000 index 00000000000000..c866b86874994d --- /dev/null +++ b/examples/all-clusters-minimal-app/telink/third_party/connectedhomeip @@ -0,0 +1 @@ +../../../.. \ No newline at end of file diff --git a/examples/light-switch-app/telink/.gitignore b/examples/light-switch-app/telink/.gitignore new file mode 100644 index 00000000000000..84c048a73cc2e5 --- /dev/null +++ b/examples/light-switch-app/telink/.gitignore @@ -0,0 +1 @@ +/build/ diff --git a/examples/light-switch-app/telink/Readme.md b/examples/light-switch-app/telink/Readme.md index 6f8782bac0122d..2c5aa4a940f687 100755 --- a/examples/light-switch-app/telink/Readme.md +++ b/examples/light-switch-app/telink/Readme.md @@ -1,3 +1,12 @@ +# Matter Telink Light Switch Example Application + +The Telink Light Switch Example demonstrates how to remotely control a lighting +devices such as light bulbs or LEDs. The application should be used together +with the [lighting app example](../../lighting-app/telink/README.md). The light +switch uses buttons to test changing the lighting application example LED state +and works as a brightness dimmer. You can use this example as a reference for +creating your own application. + ![Telink B91 EVK](http://wiki.telink-semi.cn/wiki/assets/Hardware/B91_Generic_Starter_Kit_Hardware_Guide/connection_chart.png) ## Build and flash @@ -73,15 +82,18 @@ following states: 1. Build [chip-tool cli](https://github.com/project-chip/connectedhomeip/blob/master/examples/chip-tool/README.md) + 2. Pair with device ``` - ${CHIP_TOOL_DIR}/chip-tool pairing code ${NODE_ID_TO_ASSIGN} MT:D8XA0CQM00KA0648G00 + ${CHIP_TOOL_DIR}/chip-tool pairing ble-thread ${NODE_ID} hex:${DATASET} ${PIN_CODE} ${DISCRIMINATOR} ``` - here: + Example: - - \${NODE_ID_TO_ASSIGN} is the node id to assign to the light switch + ``` + ./chip-tool pairing ble-thread 1234 hex:0e080000000000010000000300000f35060004001fffe0020811111111222222220708fd61f77bd3df233e051000112233445566778899aabbccddeeff030e4f70656e54687265616444656d6f010212340410445f2b5ca6f2a93a55ce570a70efeecb0c0402a0fff8 20202021 3840 + ``` ### Binding cluster and endpoints @@ -210,14 +222,15 @@ feature for another Telink example: - set CONFIG_CHIP_OTA_REQUESTOR=y in corresponding "prj.conf" configuration file. -- remove "boards/tlsr9518adk80d.overlay" file to enable 2MB flash storage. After build application with enabled OTA feature, use next binary files: -- zephyr_final.bin - main binary to flash PCB (Use 2MB PCB). +- zephyr.bin - main binary to flash PCB (Use 2MB PCB). - zephyr-ota.bin - binary for OTA Provider -- zephyr.bin - ignore this file. -- zephyr.signed.bin - ignore this file. + +All binaries has the same SW version. To test OTA “zephyr-ota.bin” should have +higher SW version than base SW. Set CONFIG_CHIP_DEVICE_SOFTWARE_VERSION=2 in +corresponding “prj.conf” configuration file. Usage of OTA: diff --git a/examples/lighting-app/telink/.gitignore b/examples/lighting-app/telink/.gitignore new file mode 100644 index 00000000000000..84c048a73cc2e5 --- /dev/null +++ b/examples/lighting-app/telink/.gitignore @@ -0,0 +1 @@ +/build/ diff --git a/examples/lighting-app/telink/Readme.md b/examples/lighting-app/telink/Readme.md index b173d2cb0ddeb8..018fdd386dc898 100644 --- a/examples/lighting-app/telink/Readme.md +++ b/examples/lighting-app/telink/Readme.md @@ -1,3 +1,10 @@ +# Matter Telink Lighting Example Application + +The Telink Lighting Example demonstrates how to remotely control a white +dimmable light bulb. It uses buttons to test changing the lighting and device +states and LEDs to show the state of these changes. You can use this example as +a reference for creating your own application. + ![Telink B91 EVK](http://wiki.telink-semi.cn/wiki/assets/Hardware/B91_Generic_Starter_Kit_Hardware_Guide/connection_chart.png) ## Build and flash @@ -75,15 +82,18 @@ following states: 1. Build [chip-tool cli](https://github.com/project-chip/connectedhomeip/blob/master/examples/chip-tool/README.md) + 2. Pair with device ``` - ${CHIP_TOOL_DIR}/chip-tool pairing code ${NODE_ID_TO_ASSIGN} MT:D8XA0CQM00KA0648G00 + ${CHIP_TOOL_DIR}/chip-tool pairing ble-thread ${NODE_ID} hex:${DATASET} ${PIN_CODE} ${DISCRIMINATOR} ``` - here: + Example: - - \${NODE_ID_TO_ASSIGN} is the node id to assign to the lightbulb + ``` + ./chip-tool pairing ble-thread 1234 hex:0e080000000000010000000300000f35060004001fffe0020811111111222222220708fd61f77bd3df233e051000112233445566778899aabbccddeeff030e4f70656e54687265616444656d6f010212340410445f2b5ca6f2a93a55ce570a70efeecb0c0402a0fff8 20202021 3840 + ``` 3. Switch on the light: @@ -155,14 +165,15 @@ feature for another Telink example: - set CONFIG_CHIP_OTA_REQUESTOR=y in corresponding "prj.conf" configuration file. -- remove "boards/tlsr9518adk80d.overlay" file to enable 2MB flash storage. After build application with enabled OTA feature, use next binary files: -- zephyr_final.bin - main binary to flash PCB (Use 2MB PCB). +- zephyr.bin - main binary to flash PCB (Use 2MB PCB). - zephyr-ota.bin - binary for OTA Provider -- zephyr.bin - ignore this file. -- zephyr.signed.bin - ignore this file. + +All binaries has the same SW version. To test OTA “zephyr-ota.bin” should have +higher SW version than base SW. Set CONFIG_CHIP_DEVICE_SOFTWARE_VERSION=2 in +corresponding “prj.conf” configuration file. Usage of OTA: diff --git a/examples/lighting-app/telink/prj.conf b/examples/lighting-app/telink/prj.conf index 8c2317982e35b4..3e94168f31df3d 100644 --- a/examples/lighting-app/telink/prj.conf +++ b/examples/lighting-app/telink/prj.conf @@ -25,8 +25,8 @@ CONFIG_GPIO=y CONFIG_PWM=y # OpenThread configs -CONFIG_OPENTHREAD_MTD=y -CONFIG_OPENTHREAD_FTD=n +CONFIG_OPENTHREAD_MTD=n +CONFIG_OPENTHREAD_FTD=y # Default OpenThread network settings CONFIG_OPENTHREAD_PANID=4660 diff --git a/examples/ota-requestor-app/telink/.gitignore b/examples/ota-requestor-app/telink/.gitignore new file mode 100644 index 00000000000000..84c048a73cc2e5 --- /dev/null +++ b/examples/ota-requestor-app/telink/.gitignore @@ -0,0 +1 @@ +/build/ diff --git a/examples/ota-requestor-app/telink/src/AppTask.cpp b/examples/ota-requestor-app/telink/src/AppTask.cpp index 182f5732d0ec59..314e228772899b 100644 --- a/examples/ota-requestor-app/telink/src/AppTask.cpp +++ b/examples/ota-requestor-app/telink/src/AppTask.cpp @@ -140,6 +140,8 @@ CHIP_ERROR AppTask::Init() chip::Server::GetInstance().Init(initParams); // We only have network commissioning on endpoint 0. + // Set up a valid Network Commissioning cluster on endpoint 0 is done in + // src/platform/OpenThread/GenericThreadStackManagerImpl_OpenThread.cpp emberAfEndpointEnableDisable(kNetworkCommissioningEndpointSecondary, false); // Initialize device attestation config diff --git a/scripts/build/build/targets.py b/scripts/build/build/targets.py index f86b5a8270032a..99be77b3ad7c3c 100755 --- a/scripts/build/build/targets.py +++ b/scripts/build/build/targets.py @@ -686,6 +686,10 @@ def GenioTargets(): ALL.append(target) # Simple targets added one by one +ALL.append(Target('telink-tlsr9518adk80d-all-clusters', TelinkBuilder, + board=TelinkBoard.TLSR9518ADK80D, app=TelinkApp.ALL_CLUSTERS)) +ALL.append(Target('telink-tlsr9518adk80d-all-clusters-minimal', TelinkBuilder, + board=TelinkBoard.TLSR9518ADK80D, app=TelinkApp.ALL_CLUSTERS_MINIMAL)) ALL.append(Target('telink-tlsr9518adk80d-light', TelinkBuilder, board=TelinkBoard.TLSR9518ADK80D, app=TelinkApp.LIGHT)) ALL.append(Target('telink-tlsr9518adk80d-light-switch', TelinkBuilder, diff --git a/scripts/build/builders/telink.py b/scripts/build/builders/telink.py index 8ec841285175f1..9b448e5b3f9023 100644 --- a/scripts/build/builders/telink.py +++ b/scripts/build/builders/telink.py @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Project CHIP Authors +# Copyright (c) 2022 Project CHIP Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,12 +21,18 @@ class TelinkApp(Enum): + ALL_CLUSTERS = auto() + ALL_CLUSTERS_MINIMAL = auto() LIGHT = auto() SWITCH = auto() OTA_REQUESTOR = auto() def ExampleName(self): - if self == TelinkApp.LIGHT: + if self == TelinkApp.ALL_CLUSTERS: + return 'all-clusters-app' + elif self == TelinkApp.ALL_CLUSTERS_MINIMAL: + return 'all-clusters-minimal-app' + elif self == TelinkApp.LIGHT: return 'lighting-app' elif self == TelinkApp.SWITCH: return 'light-switch-app' @@ -36,7 +42,11 @@ def ExampleName(self): raise Exception('Unknown app type: %r' % self) def AppNamePrefix(self): - if self == TelinkApp.LIGHT: + if self == TelinkApp.ALL_CLUSTERS: + return 'chip-telink-all-clusters-example' + elif self == TelinkApp.ALL_CLUSTERS_MINIMAL: + return 'chip-telink-all-clusters-minimal-example' + elif self == TelinkApp.LIGHT: return 'chip-telink-lighting-example' elif self == TelinkApp.SWITCH: return 'chip-telink-light-switch-example' diff --git a/scripts/build/testdata/all_targets_except_host.txt b/scripts/build/testdata/all_targets_except_host.txt index fb0a11a0bf87ee..039d833eb36fcf 100644 --- a/scripts/build/testdata/all_targets_except_host.txt +++ b/scripts/build/testdata/all_targets_except_host.txt @@ -249,6 +249,8 @@ qpg-light qpg-lock qpg-persistent-storage qpg-shell +telink-tlsr9518adk80d-all-clusters +telink-tlsr9518adk80d-all-clusters-minimal telink-tlsr9518adk80d-light telink-tlsr9518adk80d-light-switch telink-tlsr9518adk80d-ota-requestor diff --git a/scripts/build/testdata/build_all_except_host.txt b/scripts/build/testdata/build_all_except_host.txt index 66a5e926823921..401f68cedf0f17 100644 --- a/scripts/build/testdata/build_all_except_host.txt +++ b/scripts/build/testdata/build_all_except_host.txt @@ -1172,6 +1172,20 @@ gn gen --check --fail-on-unused-args --export-compile-commands --root={root}/exa # Generating qpg-shell gn gen --check --fail-on-unused-args --export-compile-commands --root={root}/examples/shell/qpg '--args=qpg_target_ic="qpg6105"' {out}/qpg-shell +# Generating telink-tlsr9518adk80d-all-clusters +bash -c 'export ZEPHYR_TOOLCHAIN_VARIANT=zephyr +export ZEPHYR_BASE="$TELINK_ZEPHYR_BASE" +export ZEPHYR_SDK_INSTALL_DIR="$TELINK_ZEPHYR_SDK_DIR" +source "$ZEPHYR_BASE/zephyr-env.sh"; +west build --cmake-only -d {out}/telink-tlsr9518adk80d-all-clusters -b tlsr9518adk80d {root}/examples/all-clusters-app/telink' + +# Generating telink-tlsr9518adk80d-all-clusters-minimal +bash -c 'export ZEPHYR_TOOLCHAIN_VARIANT=zephyr +export ZEPHYR_BASE="$TELINK_ZEPHYR_BASE" +export ZEPHYR_SDK_INSTALL_DIR="$TELINK_ZEPHYR_SDK_DIR" +source "$ZEPHYR_BASE/zephyr-env.sh"; +west build --cmake-only -d {out}/telink-tlsr9518adk80d-all-clusters-minimal -b tlsr9518adk80d {root}/examples/all-clusters-minimal-app/telink' + # Generating telink-tlsr9518adk80d-light bash -c 'export ZEPHYR_TOOLCHAIN_VARIANT=zephyr export ZEPHYR_BASE="$TELINK_ZEPHYR_BASE" @@ -2417,6 +2431,18 @@ ninja -C {out}/qpg-persistent-storage # Building qpg-shell ninja -C {out}/qpg-shell +# Building telink-tlsr9518adk80d-all-clusters +bash -c 'export ZEPHYR_TOOLCHAIN_VARIANT=zephyr +export ZEPHYR_BASE="$TELINK_ZEPHYR_BASE" +export ZEPHYR_SDK_INSTALL_DIR="$TELINK_ZEPHYR_SDK_DIR" +ninja -C {out}/telink-tlsr9518adk80d-all-clusters' + +# Building telink-tlsr9518adk80d-all-clusters-minimal +bash -c 'export ZEPHYR_TOOLCHAIN_VARIANT=zephyr +export ZEPHYR_BASE="$TELINK_ZEPHYR_BASE" +export ZEPHYR_SDK_INSTALL_DIR="$TELINK_ZEPHYR_SDK_DIR" +ninja -C {out}/telink-tlsr9518adk80d-all-clusters-minimal' + # Building telink-tlsr9518adk80d-light bash -c 'export ZEPHYR_TOOLCHAIN_VARIANT=zephyr export ZEPHYR_BASE="$TELINK_ZEPHYR_BASE" diff --git a/scripts/build/testdata/glob_star_targets_except_host.txt b/scripts/build/testdata/glob_star_targets_except_host.txt index bc2806b54bcc4e..c5db6a27cb177c 100644 --- a/scripts/build/testdata/glob_star_targets_except_host.txt +++ b/scripts/build/testdata/glob_star_targets_except_host.txt @@ -114,6 +114,8 @@ qpg-light qpg-lock qpg-persistent-storage qpg-shell +telink-tlsr9518adk80d-all-clusters +telink-tlsr9518adk80d-all-clusters-minimal telink-tlsr9518adk80d-light telink-tlsr9518adk80d-light-switch telink-tlsr9518adk80d-ota-requestor From cbfb908b9b50a2152e4ae31d1783b2b293683f58 Mon Sep 17 00:00:00 2001 From: Alex Tsitsiura Date: Wed, 9 Nov 2022 10:35:36 +0200 Subject: [PATCH 6/9] [Telink] Add Telink factory data & Update Telink image to 0.6.06 (#23502) (#23548) --- .github/workflows/examples-telink.yaml | 2 +- config/telink/chip-module/CMakeLists.txt | 84 ++- config/telink/chip-module/Kconfig | 208 +++++++- .../chip-module/generate_factory_data.cmake | 194 +++++++ config/telink/chip-module/make_gn_args.py | 73 +++ .../telink/boards/tlsr9518adk80d.overlay | 35 -- .../light-switch-app/telink/include/AppTask.h | 10 +- examples/light-switch-app/telink/prj.conf | 6 +- .../light-switch-app/telink/src/AppTask.cpp | 74 +-- .../telink/boards/tlsr9518adk80d.overlay | 35 -- .../lighting-app/telink/include/AppTask.h | 12 +- examples/lighting-app/telink/prj.conf | 6 +- examples/lighting-app/telink/src/AppTask.cpp | 77 +-- .../generate_telink_chip_factory_data.py | 492 ++++++++++++++++++ .../tools/telink/telink_factory_data.schema | 147 ++++++ .../tools/telink/telink_generate_partition.py | 169 ++++++ src/platform/telink/BUILD.gn | 16 + .../telink/CHIPDevicePlatformConfig.h | 106 +++- src/platform/telink/FactoryDataParser.c | 167 ++++++ src/platform/telink/FactoryDataParser.h | 78 +++ src/platform/telink/FactoryDataProvider.cpp | 341 ++++++++++++ src/platform/telink/FactoryDataProvider.h | 117 +++++ src/platform/telink/args.gni | 7 +- 23 files changed, 2287 insertions(+), 169 deletions(-) create mode 100644 config/telink/chip-module/generate_factory_data.cmake create mode 100755 config/telink/chip-module/make_gn_args.py delete mode 100644 examples/light-switch-app/telink/boards/tlsr9518adk80d.overlay delete mode 100644 examples/lighting-app/telink/boards/tlsr9518adk80d.overlay create mode 100644 scripts/tools/telink/generate_telink_chip_factory_data.py create mode 100644 scripts/tools/telink/telink_factory_data.schema create mode 100644 scripts/tools/telink/telink_generate_partition.py create mode 100644 src/platform/telink/FactoryDataParser.c create mode 100644 src/platform/telink/FactoryDataParser.h create mode 100644 src/platform/telink/FactoryDataProvider.cpp create mode 100644 src/platform/telink/FactoryDataProvider.h diff --git a/.github/workflows/examples-telink.yaml b/.github/workflows/examples-telink.yaml index 1042ae8f7866fc..366cf0857a484a 100644 --- a/.github/workflows/examples-telink.yaml +++ b/.github/workflows/examples-telink.yaml @@ -32,7 +32,7 @@ jobs: if: github.actor != 'restyled-io[bot]' container: - image: connectedhomeip/chip-build-telink:0.6.02 + image: connectedhomeip/chip-build-telink:0.6.06 volumes: - "/tmp/bloat_reports:/tmp/bloat_reports" diff --git a/config/telink/chip-module/CMakeLists.txt b/config/telink/chip-module/CMakeLists.txt index f6d93210b4a416..6ef6ac2c882238 100644 --- a/config/telink/chip-module/CMakeLists.txt +++ b/config/telink/chip-module/CMakeLists.txt @@ -28,6 +28,7 @@ if (CONFIG_CHIP) include(ExternalProject) include(../../zephyr/ota-image.cmake) include(../../zephyr/zephyr-util.cmake) +include(generate_factory_data.cmake) # ============================================================================== # Declare configuration variables and define constants @@ -45,7 +46,7 @@ list(APPEND CHIP_CFLAGS_CC) # CHIP libraries that the application should be linked with list(APPEND CHIP_LIBRARIES) -# GN meta-build system arguments in the form of 'key1 = value1\nkey2 = value2...' string +# GN meta-build system arguments passed to the make_gn_args.py script string(APPEND CHIP_GN_ARGS) # C/C++ compiler flags which should not be forwarded to CHIP @@ -67,28 +68,27 @@ set(CHIP_CFLAG_EXCLUDES # ============================================================================== macro(chip_gn_arg_import FILE) - string(APPEND CHIP_GN_ARGS "import(\"${FILE}\")\n") + string(APPEND CHIP_GN_ARGS "--module\n${FILE}\n") endmacro() macro(chip_gn_arg_string ARG STRING) - string(APPEND CHIP_GN_ARGS "${ARG} = \"${STRING}\"\n") + string(APPEND CHIP_GN_ARGS "--arg-string\n${ARG}\n${STRING}\n") endmacro() -macro(chip_gn_arg_bool ARG BOOLEAN) - if (${BOOLEAN}) - string(APPEND CHIP_GN_ARGS "${ARG} = true\n") +macro(chip_gn_arg_bool ARG) + if (${ARGN}) + string(APPEND CHIP_GN_ARGS "--arg\n${ARG}\ntrue\n") else() - string(APPEND CHIP_GN_ARGS "${ARG} = false\n") + string(APPEND CHIP_GN_ARGS "--arg\n${ARG}\nfalse\n") endif() endmacro() macro(chip_gn_arg_cflags ARG CFLAGS) - set(CFLAG_EXCLUDES "[") - foreach(cflag ${CHIP_CFLAG_EXCLUDES}) - string(APPEND CFLAG_EXCLUDES "\"${cflag}\", ") - endforeach() - string(APPEND CFLAG_EXCLUDES "]") - string(APPEND CHIP_GN_ARGS "${ARG} = filter_exclude(string_split(\"${CFLAGS}\"), ${CFLAG_EXCLUDES})\n") + string(APPEND CHIP_GN_ARGS "--arg-cflags\n${ARG}\n${CFLAGS}\n") +endmacro() + +macro(chip_gn_arg ARG VALUE) + string(APPEND CHIP_GN_ARGS "--arg\n${ARG}\n${VALUE}\n") endmacro() # ============================================================================== @@ -197,8 +197,6 @@ chip_gn_arg_cflags("target_cflags_cc" ${CHIP_CFLAGS_CC}) chip_gn_arg_string("zephyr_ar" ${CMAKE_AR}) chip_gn_arg_string("zephyr_cc" ${CMAKE_C_COMPILER}) chip_gn_arg_string("zephyr_cxx" ${CMAKE_CXX_COMPILER}) -chip_gn_arg_string("chip_project_config_include" "${CHIP_PROJECT_CONFIG}") -chip_gn_arg_string("chip_system_project_config_include" "${CHIP_PROJECT_CONFIG}") chip_gn_arg_bool ("is_debug" CONFIG_DEBUG) chip_gn_arg_bool ("chip_enable_openthread" CONFIG_NET_L2_OPENTHREAD) chip_gn_arg_bool ("chip_openthread_ftd" CONFIG_OPENTHREAD_FTD) @@ -208,16 +206,32 @@ chip_gn_arg_bool ("chip_build_tests" CONFIG_CHIP_BUILD_TE chip_gn_arg_bool ("chip_inet_config_enable_tcp_endpoint" CONFIG_CHIP_BUILD_TESTS) chip_gn_arg_bool ("chip_build_libshell" CONFIG_CHIP_LIB_SHELL) +if (CONFIG_CHIP_FACTORY_DATA) + chip_gn_arg_bool ("chip_use_transitional_commissionable_data_provider" "false") + chip_gn_arg_bool ("chip_enable_factory_data" "true") +elseif (CONFIG_CHIP_FACTORY_DATA_CUSTOM_BACKEND) + chip_gn_arg_bool ("chip_use_transitional_commissionable_data_provider" "false") +endif() + +if (CONFIG_CHIP_ROTATING_DEVICE_ID) + chip_gn_arg_bool("chip_enable_rotating_device_id" "true") + chip_gn_arg_bool("chip_enable_additional_data_advertising" "true") +endif() + if (CONFIG_CHIP_ENABLE_DNSSD_SRP) chip_gn_arg_string("chip_mdns" "platform") endif() +if (CHIP_PROJECT_CONFIG) + chip_gn_arg_string("chip_project_config_include" ${CHIP_PROJECT_CONFIG}) + chip_gn_arg_string("chip_system_project_config_include" ${CHIP_PROJECT_CONFIG}) +endif() if (CONFIG_CHIP_EXAMPLE_DEVICE_INFO_PROVIDER) chip_gn_arg_bool("chip_build_example_providers" "true") list(APPEND CHIP_LIBRARIES -lMatterDeviceInfoProviderExample) endif() -file(GENERATE OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/args.gn CONTENT ${CHIP_GN_ARGS}) +file(GENERATE OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/args.tmp" CONTENT ${CHIP_GN_ARGS}) # ============================================================================== # Define 'chip-gn' target that builds CHIP library(ies) with GN build system @@ -227,13 +241,17 @@ ExternalProject_Add( PREFIX ${CMAKE_CURRENT_BINARY_DIR} SOURCE_DIR ${CHIP_ROOT} BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR} - CONFIGURE_COMMAND ${GN_EXECUTABLE} + CONFIGURE_COMMAND "" + BUILD_COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/make_gn_args.py + @args.tmp > args.gn && + ${GN_EXECUTABLE} --root=${CHIP_ROOT} --root-target=${GN_ROOT_TARGET} --dotfile=${GN_ROOT_TARGET}/.gn --script-executable=${Python3_EXECUTABLE} - gen --check --fail-on-unused-args ${CMAKE_CURRENT_BINARY_DIR} - BUILD_COMMAND ninja + --export-compile-commands + gen --check --fail-on-unused-args . && + ninja INSTALL_COMMAND "" BUILD_BYPRODUCTS ${CHIP_LIBRARIES} BUILD_ALWAYS TRUE @@ -288,11 +306,11 @@ if (CONFIG_CHIP_OTA_IMAGE_BUILD) west sign -t imgtool -p ${ZEPHYR_BASE}/../bootloader/mcuboot/scripts/imgtool.py -d ${PROJECT_BINARY_DIR}/.. -- --key ${ZEPHYR_BASE}/../bootloader/mcuboot/root-rsa-2048.pem ) - add_custom_target(final_bin ALL + add_custom_target(merge_mcuboot ALL COMMAND - dd if=${PROJECT_BINARY_DIR}/../modules/chip-module/build_mcuboot/zephyr/zephyr.bin of=${PROJECT_BINARY_DIR}/zephyr_final.bin + dd if=${PROJECT_BINARY_DIR}/../modules/chip-module/build_mcuboot/zephyr/zephyr.bin of=${PROJECT_BINARY_DIR}/zephyr.bin COMMAND - dd if=${PROJECT_BINARY_DIR}/zephyr.signed.bin of=${PROJECT_BINARY_DIR}/zephyr_final.bin bs=1024 seek=64 + dd if=${PROJECT_BINARY_DIR}/zephyr.signed.bin of=${PROJECT_BINARY_DIR}/zephyr.bin bs=1024 seek=64 ) chip_ota_image(chip-ota-image @@ -301,8 +319,28 @@ if (CONFIG_CHIP_OTA_IMAGE_BUILD) ) add_dependencies(west_sign ${ZEPHYR_FINAL_EXECUTABLE}) - add_dependencies(final_bin west_sign) + add_dependencies(merge_mcuboot west_sign) add_dependencies(chip-ota-image west_sign) endif() +if (CONFIG_CHIP_FACTORY_DATA_MERGE_WITH_FIRMWARE) + add_custom_target(merge_factory_data ALL + COMMAND + dd if=${PROJECT_BINARY_DIR}/factory_data.bin of=${PROJECT_BINARY_DIR}/zephyr.bin bs=1024 seek=976 + ) +if (CONFIG_CHIP_OTA_IMAGE_BUILD) + add_dependencies(merge_factory_data merge_mcuboot) +else() + add_dependencies(merge_factory_data ${ZEPHYR_FINAL_EXECUTABLE}) +endif() +endif() + +# ============================================================================== +# Define 'factory_data' target for generating a factory data partition +# ============================================================================== + +if (CONFIG_CHIP_FACTORY_DATA_BUILD) + telink_generate_factory_data() +endif() + endif() # CONFIG_CHIP diff --git a/config/telink/chip-module/Kconfig b/config/telink/chip-module/Kconfig index e02dee92dfccb7..366c43d8eac6db 100644 --- a/config/telink/chip-module/Kconfig +++ b/config/telink/chip-module/Kconfig @@ -59,4 +59,210 @@ config CHIP_EXAMPLE_DEVICE_INFO_PROVIDER # Enable getting reboot reasons information config HWINFO bool - default y \ No newline at end of file + default y + +config CHIP_FACTORY_DATA + bool "Enable Factory Data support" + select ZCBOR + help + Enables support for reading factory data from flash memory partition. + It requires factory_data partition to exist. + +config CHIP_FACTORY_DATA_CUSTOM_BACKEND + bool "Enable Factory Data custom backend" + depends on !CHIP_FACTORY_DATA + help + Enables user custom factory data implementation. It cannot be used + with the CHIP_FACTORY_DATA that enabled default Telink factory data + implementation. + +config CHIP_FACTORY_DATA_BUILD + bool "Enable Factory Data build" + default n + help + Enables generation of factory data during the building. + It requires factory_data partition to exist. + As a result a new output file factory_data.bin will be created. + +config CHIP_FACTORY_DATA_VERSION + int + default 1 + help + The Factory data version contains a current version of a factory data + parameter set that the user cannot change. + After moving to the next version of the factory data set, change the default value. + This config is used to validate the version of a factory data set on a device-side + with the version of factory data saved in the Flash memory. + +if CHIP_FACTORY_DATA_BUILD + +# Factory data definitions +config CHIP_FACTORY_DATA_MERGE_WITH_FIRMWARE + bool "Enable merging generated factory data with the build target .bin file" + default y + help + Enables merging generated factory data with the build target zephyr.bin file. + As a result, output file zephyr.bin will consist of all partitions including + factory data. + +# Use default certificates without generating or providing them +config CHIP_FACTORY_DATA_USE_DEFAULT_CERTS + bool "Use default certificates located in Matter repository" + default y + help + Pre-generated certificates can be used for development purpose. + This config includes default pre-generated certificates + which are located in credentials/development/attestation/ directory + instead of generating new ones. + If this config is set to `n` new certificates will be generated. + +# Configs for SPAKE2 generation +config CHIP_FACTORY_DATA_GENERATE_SPAKE2_VERIFIER + bool "Enable spake2 verifier generation" + help + Enables generation of spake2 verifier according to + given iteration counter, salt and passcode. + To generate Spake2 verifier a spake2p executable must be available + from system variables environment. + +config CHIP_DEVICE_GENERATE_ROTATING_DEVICE_UID + bool "Enable generation of a new Rotating device id unique id" + default y + help + Enables generation of a new Rotating device id unique id. + +endif #CHIP_FACTORY_DATA_BUILD + +# Factory data parameters +config CHIP_DEVICE_SERIAL_NUMBER + string "Serial number of device" + default "11223344556677889900" + help + A serial number parameter defines an unique number of manufactured device. + Maximum length of serial number is 32 characters. + +config CHIP_DEVICE_VENDOR_NAME + string "Human-readable vendor name" + default "Telink Semiconductor" + help + A human-readable vendor name which provides a simple string + containing identification of device's vendor for the Content APP. + This information should be included in the Matter Basic Cluster. + +config CHIP_DEVICE_PRODUCT_NAME + string "Human-readable product name" + default "not-specified" + help + A human-readable product name which provides a simple string + containing identification of the product for the Content APP. + +config CHIP_DEVICE_MANUFACTURING_DATE + string "Manufacturing date in ISO 8601" + default "2022-01-01" + help + A manufacturing date specifies the date that the device was manufactured. + The format used for providing a manufacturing date is ISO 8601 e.g. YYYY-MM-DD. + +config CHIP_DEVICE_HARDWARE_VERSION + int "Integer representation of hardware version" + default 0 + help + A hardware version number specifies the version number + of the hardware of the device. The meaning of its value, + and the versioning scheme, are vendor defined. + +config CHIP_DEVICE_HARDWARE_VERSION_STRING + string "user-friendly string representation of hardware version" + default "prerelease" + help + A hardware version string parameter specifies the version + of the hardware of the device as a more user-friendly value + than that represented by the hardware version integer value. + The meaning of its value, and the versioning scheme, are + vendor defined. + +config CHIP_DEVICE_DISCRIMINATOR + hex "Device pairing discriminator" + default 0xF00 + help + A 12-bit value matching the field of the same name in + the setup code. Discriminator is used during + a discovery process. + +config CHIP_DEVICE_SPAKE2_PASSCODE + int "Spake2+ passcode" + default 20202021 + range 1 99999998 + help + A pairing passcode is a 27-bit unsigned integer which serves + as a proof of possession during commissioning. + Its value shall be restricted to the values 0x0000001 to 0x5F5E0FE + (00000001 to 99999998 in decimal), excluding the invalid Passcode values: + - 00000000, 11111111, 22222222, 33333333, 44444444, 55555555, + 66666666, 77777777, 88888888, 99999999, 12345678, 87654321. + +config CHIP_DEVICE_SPAKE2_IT + int "Spake2+ iteration count" + default 1000 + help + The Spake2 iteration count is associated with the ephemeral + PAKE passcode verifier to be used for the commissioning. + The iteration count is used as a crypto parameter to process + spake2 verifier. + +config CHIP_DEVICE_SPAKE2_SALT + string "Spake2+ salt in string format" + default "U1BBS0UyUCBLZXkgU2FsdA==" + help + The spake2 salt is random data that is used as an additional input + to a one-way function that “hashes” data. + A new salt should be randomly generated for each password. + The minimum length of spake2 salt is 16 Bytes. + The maximum length of spake2 salt is 32 Bytes. + +config CHIP_DEVICE_SPAKE2_TEST_VERIFIER + string "Testing spake2+ verifier" + default "uWFwqugDNGiEck/po7KHwwMwwqZgN10XuyBajPGuyzUEV/iree4lOrao5GuwnlQ65CJzbeUB49s31EH+NEkg0JVI5MGCQGMMT/SRPFNRODm3wH/MBiehuFc6FJ/NH6Rmzw==" + help + The spake 2 verifier generated using default SPAKE2 salt, + iteration count and passcode. This value can be used for development + or testing purposes. + Generated with: + spake2p gen-verifier -o - -i 1000 -s "U1BBS0UyUCBLZXkgU2FsdA==" -p 20202021 + +config CHIP_DEVICE_ROTATING_DEVICE_UID + string "A rotating device id unique id" + default "91a9c12a7c80700a31ddcfa7fce63e44" + help + A device rotating id unique id which will be generated if + this config is not set in prj.conf file. + +config CHIP_DEVICE_ENABLE_KEY + string "Enable Key for triggering test actions on device" + default "00112233445566778899AABBCCDDEEFF" + help + The Enable Key is a 128-bit value that triggers test action + while invoking the TestEventTrigger Command. + Pattern: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + This value is used during Certification Tests, + and should not be present on production devices. + +config CHIP_CERTIFICATION_DECLARATION_STORAGE + bool "Enable storing Certification Declaration" + depends on CHIP_FACTORY_DATA + help + Enables storing Certification Declaration in Zephyr settings + instead of using hardcoded value from firmware. It also adds + support for including new Certification Declaration into a firmware + update image package sent via OTA Software Update. + +if CHIP_CERTIFICATION_DECLARATION_STORAGE + +config CHIP_CERTIFiCATION_DECLARATION_OTA_IMAGE_ID + int "Certification declaration OTA image id" + default 205 #0xcd + help + The image id of Certification Declaration image + for sending it via OTA Software Update purposes. + +endif diff --git a/config/telink/chip-module/generate_factory_data.cmake b/config/telink/chip-module/generate_factory_data.cmake new file mode 100644 index 00000000000000..ff9514e6707481 --- /dev/null +++ b/config/telink/chip-module/generate_factory_data.cmake @@ -0,0 +1,194 @@ +# +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +# Create a JSON file based on factory data given via kConfigs. +# +# This function creates a list of arguments for external script and then run it to write a JSON file. +# Created JSON file can be checked using JSON SCHEMA file if it is provided. +# +# This script can be manipulated using following kConfigs: +# - To merge generated factory data with final zephyr.hex file set kConfig CONFIG_CHIP_FACTORY_DATA_MERGE_WITH_FIRMWARE=y +# - To use default certification paths set CONFIG_CHIP_FACTORY_DATA_USE_DEFAULTS_CERTS_PATH=y +# +# During generation process a some file will be created in zephyr's build directory: +# - .json a file containing all factory data written in JSON format. +# +# [Args]: +# factory_data_target - a name for target to generate factory_data. +# script_path - a path to script that makes a JSON factory data file from given arguments. +# schema_path - a path to JSON schema file which can be used to verify generated factory data JSON file. +# This argument is optional, if you don't want to verify the JSON file put it empty "". +# output_path - a path to output directory, where created JSON file will be stored. +function(telink_create_factory_data_json factory_data_target script_path schema_path output_path) + +# set script args for future purpose +set(script_args) +## generate all script arguments +string(APPEND script_args "--sn \"${CONFIG_CHIP_DEVICE_SERIAL_NUMBER}\"\n") +string(APPEND script_args "--date \"${CONFIG_CHIP_DEVICE_MANUFACTURING_DATE}\"\n") +string(APPEND script_args "--vendor_id ${CONFIG_CHIP_DEVICE_VENDOR_ID}\n") +string(APPEND script_args "--product_id ${CONFIG_CHIP_DEVICE_PRODUCT_ID}\n") +string(APPEND script_args "--vendor_name \"${CONFIG_CHIP_DEVICE_VENDOR_NAME}\"\n") +string(APPEND script_args "--product_name \"${CONFIG_CHIP_DEVICE_PRODUCT_NAME}\"\n") +string(APPEND script_args "--hw_ver ${CONFIG_CHIP_DEVICE_HARDWARE_VERSION}\n") +string(APPEND script_args "--hw_ver_str \"${CONFIG_CHIP_DEVICE_HARDWARE_VERSION_STRING}\"\n") + +# check if Rotating Device Id Unique Id should be generated +if(NOT CONFIG_CHIP_DEVICE_GENERATE_ROTATING_DEVICE_UID) + if(NOT DEFINED CONFIG_CHIP_DEVICE_ROTATING_DEVICE_UID) + message(FATAL_ERROR "CHIP_DEVICE_ROTATING_DEVICE_UID was not provided. To generate it use CONFIG_CHIP_DEVICE_GENERATE_ROTATING_DEVICE_UID=y") + else() + string(APPEND script_args "--rd_uid \"${CONFIG_CHIP_DEVICE_ROTATING_DEVICE_UID}\"\n") + endif() +else() + string(APPEND script_args "--generate_rd_uid\n") +endif() + +# for development purpose user can use default certs instead of generating or providing them +if(CONFIG_CHIP_FACTORY_DATA_USE_DEFAULT_CERTS) + # convert decimal PID to its hexadecimal representation to find out certification files in repository + math(EXPR LOCAL_PID "${CONFIG_CHIP_DEVICE_PRODUCT_ID}" OUTPUT_FORMAT HEXADECIMAL) + string(SUBSTRING ${LOCAL_PID} 2 -1 raw_pid) + # all certs are located in ${CHIP_ROOT}/credentials/development/attestation + # it can be used during development without need to generate new certifications + string(APPEND script_args "--dac_cert \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-DAC-${raw_pid}-Cert.der\"\n") + string(APPEND script_args "--dac_key \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-DAC-${raw_pid}-Key.der\"\n") + string(APPEND script_args "--pai_cert \"${CHIP_ROOT}/credentials/development/attestation/Matter-Development-PAI-noPID-Cert.der\"\n") +else() + find_program(chip_cert_exe NAMES chip-cert REQUIRED) + string(APPEND script_args "--gen_cd\n") + string(APPEND script_args "--chip_cert_path ${chip_cert_exe}\n") +endif() + +# add Password-Authenticated Key Exchange parameters +string(APPEND script_args "--spake2_it \"${CONFIG_CHIP_DEVICE_SPAKE2_IT}\"\n") +string(APPEND script_args "--spake2_salt \"${CONFIG_CHIP_DEVICE_SPAKE2_SALT}\"\n") +string(APPEND script_args "--discriminator ${CONFIG_CHIP_DEVICE_DISCRIMINATOR}\n") +string(APPEND script_args "--passcode ${CONFIG_CHIP_DEVICE_SPAKE2_PASSCODE}\n") +string(APPEND script_args "--overwrite\n") + +# check if spake2 verifier should be generated using script +if(CONFIG_CHIP_FACTORY_DATA_GENERATE_SPAKE2_VERIFIER) + # request script to generate a new spake2_verifier + # by adding an argument to script_args + find_program(spake_exe NAMES spake2p REQUIRED) + string(APPEND script_args "--spake2p_path ${spake_exe}\n") +else() + # Spake2 verifier should be provided using kConfig + string(APPEND script_args "--spake2_verifier \"${CONFIG_CHIP_DEVICE_SPAKE2_TEST_VERIFIER}\"\n") +endif() + +if(CONFIG_CHIP_DEVICE_ENABLE_KEY) +# Add optional EnableKey that triggers user-specific action. +string(APPEND script_args "--enable_key \"${CONFIG_CHIP_DEVICE_ENABLE_KEY}\"\n") +endif() + +# Set output JSON file and path to SCHEMA file to validate generated factory data +set(factory_data_json ${output_path}/${factory_data_target}.json) +string(APPEND script_args "-o \"${factory_data_json}\"\n") +string(APPEND script_args "-s \"${schema_path}\"\n") + +# execute first script to create a JSON file +separate_arguments(separated_script_args NATIVE_COMMAND ${script_args}) +add_custom_command( + OUTPUT ${factory_data_json} + DEPENDS ${FACTORY_DATA_SCRIPT_PATH} + COMMAND ${Python3_EXECUTABLE} ${FACTORY_DATA_SCRIPT_PATH} ${separated_script_args} + COMMENT "Generating new Factory Data..." + ) +add_custom_target(${factory_data_target} ALL + DEPENDS ${factory_data_json} + ) + +endfunction() + + +# Create a .hex file with factory data in CBOR format. +# +# This function creates a .hex and .cbor files from given JSON factory data file. +# +# +# During generation process some files will be created in zephyr's build directory: +# - .hex a file containing all factory data in CBOR format. +# - .bin a binary file containing all raw factory data in CBOR format. +# - .cbor a file containing all factory data in CBOR format. +# +# [Args]: +# factory_data_hex_target - a name for target to generate factory data HEX file. +# factory_data_target - a name for target to generate factory data JSON file. +# script_path - a path to script that makes a factory data .hex file from given arguments. +# output_path - a path to output directory, where created JSON file will be stored. +function(telink_create_factory_data_hex_file factory_data_hex_target factory_data_target script_path output_path) + +# Pass the argument list via file +set(cbor_script_args "-i ${output_path}/${factory_data_target}.json\n") +string(APPEND cbor_script_args "-o ${output_path}/${factory_data_target}\n") +# get partition address and offset from partition manager during compilation +string(APPEND cbor_script_args "--offset 0xf4000\n") +string(APPEND cbor_script_args "--size 0x1000\n") +string(APPEND cbor_script_args "-r\n") + +# execute second script to create a hex file containing factory data in cbor format +separate_arguments(separated_cbor_script_args NATIVE_COMMAND ${cbor_script_args}) +set(factory_data_hex ${output_path}/${factory_data_target}.hex) + +add_custom_command(OUTPUT ${factory_data_hex} + COMMAND ${Python3_EXECUTABLE} ${script_path} ${separated_cbor_script_args} + COMMENT "Generating factory data HEX file..." + DEPENDS ${factory_data_target} ${script_path} + ) +add_custom_target(${factory_data_hex_target} ALL + DEPENDS ${factory_data_hex} + ) + +endfunction() + +# Generate factory data partition using given args +# +# +# During generation process a some file will be created in zephyr's build directory: +# - merged.hex a file containing firmware and factory data merged to single file +# - factory_data.hex a file containing only a factory data partition including proper offset +# +function(telink_generate_factory_data) + +find_package(Python REQUIRED) + +# CHIP_ROOT must be provided as a reference set all localization of scripts +if(NOT CHIP_ROOT) +message(FATAL_ERROR "CHIP_ROOT variable is not set, please add it to CMakeLists.txt file") +endif() + +# Localize all scripts needed to generate factory data partition +set(FACTORY_DATA_SCRIPT_PATH ${CHIP_ROOT}/scripts/tools/telink/generate_telink_chip_factory_data.py) +set(GENERATE_CBOR_SCRIPT_PATH ${CHIP_ROOT}/scripts/tools/telink/telink_generate_partition.py) +set(FACTORY_DATA_SCHEMA_PATH ${CHIP_ROOT}/scripts/tools/telink/telink_factory_data.schema) +set(OUTPUT_FILE_PATH ${APPLICATION_BINARY_DIR}/zephyr) + +# create a JSON file with all factory data +telink_create_factory_data_json(factory_data + ${FACTORY_DATA_SCRIPT_PATH} + ${FACTORY_DATA_SCHEMA_PATH} + ${OUTPUT_FILE_PATH}) + +# create a .hex file with factory data in CBOR format based on the JSON file created previously +telink_create_factory_data_hex_file(factory_data_hex + factory_data + ${GENERATE_CBOR_SCRIPT_PATH} + ${OUTPUT_FILE_PATH}) + +endfunction() diff --git a/config/telink/chip-module/make_gn_args.py b/config/telink/chip-module/make_gn_args.py new file mode 100755 index 00000000000000..f30cd459a6e7d4 --- /dev/null +++ b/config/telink/chip-module/make_gn_args.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python3 + +# +# Copyright (c) 2021 Project CHIP Authors +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import argparse +import re +import sys + +GN_SPECIAL_CHARACTERS = r'(["$\\])' +GN_CFLAG_EXCLUDES = [ + '-fno-asynchronous-unwind-tables', + '-fno-common', + '-fno-defer-pop', + '-fno-reorder-functions', + '-ffunction-sections', + '-fdata-sections', + '-g*', + '-O*', + '-W*', +] + + +def escape_strings(gn_args): + return [[key, re.sub(GN_SPECIAL_CHARACTERS, r'\\\1', value)] for key, value in gn_args] + + +def write_gn_args(args): + if args.module: + sys.stdout.write('import("{}")\n'.format(args.module)) + + for key, value in args.arg: + sys.stdout.write('{} = {}\n'.format(key, value)) + + for key, value in args.arg_string: + sys.stdout.write('{} = "{}"\n'.format(key, value)) + + cflag_excludes = ', '.join(['"{}"'.format(exclude) + for exclude in GN_CFLAG_EXCLUDES]) + + for key, value in args.arg_cflags: + sys.stdout.write('{} = filter_exclude(string_split("{}"), [{}])\n'.format( + key, value, cflag_excludes)) + + +def main(): + parser = argparse.ArgumentParser(fromfile_prefix_chars='@') + parser.add_argument('--module', action='store') + parser.add_argument('--arg', action='append', nargs=2, default=[]) + parser.add_argument('--arg-string', action='append', nargs=2, default=[]) + parser.add_argument('--arg-cflags', action='append', nargs=2, default=[]) + args = parser.parse_args() + args.arg_string = escape_strings(args.arg_string) + args.arg_cflags = escape_strings(args.arg_cflags) + write_gn_args(args) + + +if __name__ == "__main__": + main() diff --git a/examples/light-switch-app/telink/boards/tlsr9518adk80d.overlay b/examples/light-switch-app/telink/boards/tlsr9518adk80d.overlay deleted file mode 100644 index 613584d2908fba..00000000000000 --- a/examples/light-switch-app/telink/boards/tlsr9518adk80d.overlay +++ /dev/null @@ -1,35 +0,0 @@ -&flash { - /delete-node/ partitions; -}; - -&flash { - reg = <0x20000000 0x100000>; - - partitions { - compatible = "fixed-partitions"; - #address-cells = <1>; - #size-cells = <1>; - - boot_partition: partition@0 { - label = "mcuboot"; - reg = <0x00000000 0x10000>; - }; - slot0_partition: partition@10000 { - label = "image-0"; - reg = <0x10000 0x70000>; - }; - slot1_partition: partition@80000 { - label = "image-1"; - reg = <0x80000 0x70000>; - }; - scratch_partition: partition@f0000 { - label = "image-scratch"; - reg = <0xf0000 0x4000>; - }; - storage_partition: partition@f4000 { - label = "storage"; - reg = <0xf4000 0x0000b000>; - /* region <0xff000 0x1000> is reserved for Telink B91 SDK's data */ - }; - }; -}; diff --git a/examples/light-switch-app/telink/include/AppTask.h b/examples/light-switch-app/telink/include/AppTask.h index 7fd67ff34abdad..6cf0a330cf2317 100755 --- a/examples/light-switch-app/telink/include/AppTask.h +++ b/examples/light-switch-app/telink/include/AppTask.h @@ -24,6 +24,10 @@ #include +#if CONFIG_CHIP_FACTORY_DATA +#include +#endif + #include struct k_timer; @@ -48,7 +52,6 @@ class AppTask private: friend AppTask & GetAppTask(void); - CHIP_ERROR Init(); static void ActionInitiated(AppTask::Action_t aAction, int32_t aActor); @@ -74,6 +77,11 @@ class AppTask static void ThreadProvisioningHandler(const chip::DeviceLayer::ChipDeviceEvent * event, intptr_t arg); static AppTask sAppTask; + +#if CONFIG_CHIP_FACTORY_DATA + // chip::DeviceLayer::FactoryDataProvider mFactoryDataProvider; + chip::DeviceLayer::FactoryDataProvider mFactoryDataProvider; +#endif }; inline AppTask & GetAppTask(void) diff --git a/examples/light-switch-app/telink/prj.conf b/examples/light-switch-app/telink/prj.conf index 05b92e9169eb6e..1366c5f0e952fb 100755 --- a/examples/light-switch-app/telink/prj.conf +++ b/examples/light-switch-app/telink/prj.conf @@ -54,4 +54,8 @@ CONFIG_CHIP_DEVICE_SOFTWARE_VERSION_STRING="2022" CONFIG_CHIP_ENABLE_PAIRING_AUTOSTART=y # CHIP shell -CONFIG_CHIP_LIB_SHELL=n \ No newline at end of file +CONFIG_CHIP_LIB_SHELL=n + +# Disable factory data support. +CONFIG_CHIP_FACTORY_DATA=n +CONFIG_CHIP_FACTORY_DATA_BUILD=n \ No newline at end of file diff --git a/examples/light-switch-app/telink/src/AppTask.cpp b/examples/light-switch-app/telink/src/AppTask.cpp index e8d3d0049dc095..7e1c792018b885 100644 --- a/examples/light-switch-app/telink/src/AppTask.cpp +++ b/examples/light-switch-app/telink/src/AppTask.cpp @@ -23,27 +23,19 @@ #include "ButtonManager.h" #include "LEDWidget.h" #include "binding-handler.h" -#include -#include - -#include #include "ThreadUtil.h" +#include #include #include #include #include -#include - +#include +#include #include #include - -#include - #include -#include -#include #include #if CONFIG_CHIP_OTA_REQUESTOR @@ -57,12 +49,22 @@ LOG_MODULE_DECLARE(app); +using namespace ::chip; +using namespace ::chip::app; +using namespace ::chip::Credentials; +using namespace ::chip::DeviceLayer; + namespace { constexpr int kAppEventQueueSize = 10; constexpr uint8_t kButtonPushEvent = 1; constexpr uint8_t kButtonReleaseEvent = 0; +// NOTE! This key is for test/certification only and should not be available in production devices! +// If CONFIG_CHIP_FACTORY_DATA is enabled, this value is read from the factory data. +uint8_t sTestEventTriggerEnableKey[TestEventTriggerDelegate::kEnableKeyLength] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; + K_MSGQ_DEFINE(sAppEventQueue, sizeof(AppEvent), kAppEventQueueSize, alignof(AppEvent)); LEDWidget sStatusLED; @@ -112,15 +114,11 @@ Identify sIdentify = { } // namespace -using namespace ::chip::Credentials; -using namespace ::chip::DeviceLayer; -using namespace ::chip::DeviceLayer::Internal; - AppTask AppTask::sAppTask; CHIP_ERROR AppTask::Init() { - CHIP_ERROR ret; + CHIP_ERROR err; LOG_INF("Current Software Version: %u, %s", CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION, CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION_STRING); @@ -133,15 +131,30 @@ CHIP_ERROR AppTask::Init() InitButtons(); - // Init ZCL Data Model and start server - static chip::CommonCaseDeviceServerInitParams initParams; - (void) initParams.InitializeStaticResourcesBeforeServerInit(); - chip::Server::GetInstance().Init(initParams); - - // Initialize device attestation config + // Initialize CHIP server +#if CONFIG_CHIP_FACTORY_DATA + ReturnErrorOnFailure(mFactoryDataProvider.Init()); + SetDeviceInstanceInfoProvider(&mFactoryDataProvider); + SetDeviceAttestationCredentialsProvider(&mFactoryDataProvider); + SetCommissionableDataProvider(&mFactoryDataProvider); + // Read EnableKey from the factory data. + MutableByteSpan enableKey(sTestEventTriggerEnableKey); + err = mFactoryDataProvider.GetEnableKey(enableKey); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("mFactoryDataProvider.GetEnableKey() failed. Could not delegate a test event trigger"); + memset(sTestEventTriggerEnableKey, 0, sizeof(sTestEventTriggerEnableKey)); + } +#else SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); +#endif - gExampleDeviceInfoProvider.SetStorageDelegate(&chip::Server::GetInstance().GetPersistentStorage()); + static CommonCaseDeviceServerInitParams initParams; + // static OTATestEventTriggerDelegate testEventTriggerDelegate{ ByteSpan(sTestEventTriggerEnableKey) }; + (void) initParams.InitializeStaticResourcesBeforeServerInit(); + // initParams.testEventTriggerDelegate = &testEventTriggerDelegate; + ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); #if CONFIG_CHIP_OTA_REQUESTOR @@ -151,11 +164,11 @@ CHIP_ERROR AppTask::Init() ConfigurationMgr().LogDeviceConfig(); // Configure Bindings - ret = InitBindingHandler(); - if (ret != CHIP_NO_ERROR) + err = InitBindingHandler(); + if (err != CHIP_NO_ERROR) { LOG_ERR("InitBindingHandler() failed"); - return ret; + return err; } PrintOnboardingCodes(chip::RendezvousInformationFlags(chip::RendezvousInformationFlag::kBLE)); @@ -165,14 +178,13 @@ CHIP_ERROR AppTask::Init() // between the main and the CHIP threads. PlatformMgr().AddEventHandler(ChipEventHandler, 0); - ret = ConnectivityMgr().SetBLEDeviceName("TelinkSwitch"); - if (ret != CHIP_NO_ERROR) + err = ConnectivityMgr().SetBLEDeviceName("TelinkSwitch"); + if (err != CHIP_NO_ERROR) { LOG_ERR("Fail to set BLE device name"); - return ret; } - return CHIP_NO_ERROR; + return err; } CHIP_ERROR AppTask::StartApp() @@ -255,7 +267,7 @@ void AppTask::StartThreadHandler(AppEvent * aEvent) if (!chip::DeviceLayer::ConnectivityMgr().IsThreadProvisioned()) { // Switch context from BLE to Thread - BLEManagerImpl sInstance; + Internal::BLEManagerImpl sInstance; sInstance.SwitchToIeee802154(); StartDefaultThreadNetwork(); LOG_INF("Device is not commissioned to a Thread network. Starting with the default configuration."); diff --git a/examples/lighting-app/telink/boards/tlsr9518adk80d.overlay b/examples/lighting-app/telink/boards/tlsr9518adk80d.overlay deleted file mode 100644 index 613584d2908fba..00000000000000 --- a/examples/lighting-app/telink/boards/tlsr9518adk80d.overlay +++ /dev/null @@ -1,35 +0,0 @@ -&flash { - /delete-node/ partitions; -}; - -&flash { - reg = <0x20000000 0x100000>; - - partitions { - compatible = "fixed-partitions"; - #address-cells = <1>; - #size-cells = <1>; - - boot_partition: partition@0 { - label = "mcuboot"; - reg = <0x00000000 0x10000>; - }; - slot0_partition: partition@10000 { - label = "image-0"; - reg = <0x10000 0x70000>; - }; - slot1_partition: partition@80000 { - label = "image-1"; - reg = <0x80000 0x70000>; - }; - scratch_partition: partition@f0000 { - label = "image-scratch"; - reg = <0xf0000 0x4000>; - }; - storage_partition: partition@f4000 { - label = "storage"; - reg = <0xf4000 0x0000b000>; - /* region <0xff000 0x1000> is reserved for Telink B91 SDK's data */ - }; - }; -}; diff --git a/examples/lighting-app/telink/include/AppTask.h b/examples/lighting-app/telink/include/AppTask.h index d926c5286f41f3..0b1b588654aa13 100644 --- a/examples/lighting-app/telink/include/AppTask.h +++ b/examples/lighting-app/telink/include/AppTask.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2021 Project CHIP Authors + * Copyright (c) 2022 Project CHIP Authors * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,6 +23,10 @@ #include +#if CONFIG_CHIP_FACTORY_DATA +#include +#endif + #include struct k_timer; @@ -38,7 +42,6 @@ class AppTask private: friend AppTask & GetAppTask(void); - CHIP_ERROR Init(); static void ActionInitiated(LightingManager::Action_t aAction, int32_t aActor); @@ -64,6 +67,11 @@ class AppTask static void ThreadProvisioningHandler(const chip::DeviceLayer::ChipDeviceEvent * event, intptr_t arg); static AppTask sAppTask; + +#if CONFIG_CHIP_FACTORY_DATA + // chip::DeviceLayer::FactoryDataProvider mFactoryDataProvider; + chip::DeviceLayer::FactoryDataProvider mFactoryDataProvider; +#endif }; inline AppTask & GetAppTask(void) diff --git a/examples/lighting-app/telink/prj.conf b/examples/lighting-app/telink/prj.conf index 3e94168f31df3d..3de670dd34bf07 100644 --- a/examples/lighting-app/telink/prj.conf +++ b/examples/lighting-app/telink/prj.conf @@ -54,4 +54,8 @@ CONFIG_CHIP_DEVICE_SOFTWARE_VERSION_STRING="2022" CONFIG_CHIP_ENABLE_PAIRING_AUTOSTART=y # CHIP shell -CONFIG_CHIP_LIB_SHELL=n \ No newline at end of file +CONFIG_CHIP_LIB_SHELL=n + +# Disable factory data support. +CONFIG_CHIP_FACTORY_DATA=n +CONFIG_CHIP_FACTORY_DATA_BUILD=n \ No newline at end of file diff --git a/examples/lighting-app/telink/src/AppTask.cpp b/examples/lighting-app/telink/src/AppTask.cpp index fd9eabc82976e5..00db77cd01c89a 100644 --- a/examples/lighting-app/telink/src/AppTask.cpp +++ b/examples/lighting-app/telink/src/AppTask.cpp @@ -23,28 +23,20 @@ #include "ButtonManager.h" #include "LEDWidget.h" #include "LightingManager.h" -#include -#include - -#include #include "ThreadUtil.h" +#include #include #include #include #include #include -#include - +#include +#include #include #include - -#include - #include -#include -#include #include #if CONFIG_CHIP_OTA_REQUESTOR @@ -58,6 +50,11 @@ LOG_MODULE_DECLARE(app); +using namespace ::chip; +using namespace ::chip::app; +using namespace ::chip::Credentials; +using namespace ::chip::DeviceLayer; + namespace { constexpr int kAppEventQueueSize = 10; @@ -66,6 +63,11 @@ constexpr uint8_t kButtonReleaseEvent = 0; constexpr uint8_t kDefaultMinLevel = 0; constexpr uint8_t kDefaultMaxLevel = 254; +// NOTE! This key is for test/certification only and should not be available in production devices! +// If CONFIG_CHIP_FACTORY_DATA is enabled, this value is read from the factory data. +uint8_t sTestEventTriggerEnableKey[TestEventTriggerDelegate::kEnableKeyLength] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; + K_MSGQ_DEFINE(sAppEventQueue, sizeof(AppEvent), kAppEventQueueSize, alignof(AppEvent)); LEDWidget sStatusLED; @@ -115,18 +117,10 @@ Identify sIdentify = { } // namespace -using namespace ::chip; -using namespace ::chip::app; -using namespace ::chip::Credentials; -using namespace ::chip::DeviceLayer; -using namespace ::chip::DeviceLayer::Internal; - AppTask AppTask::sAppTask; CHIP_ERROR AppTask::Init() { - CHIP_ERROR ret; - LOG_INF("Current Software Version: %u, %s", CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION, CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION_STRING); @@ -145,23 +139,39 @@ CHIP_ERROR AppTask::Init() uint8_t maxLightLevel = kDefaultMaxLevel; Clusters::LevelControl::Attributes::MaxLevel::Get(1, &maxLightLevel); - ret = LightingMgr().Init(LIGHTING_PWM_DEVICE, LIGHTING_PWM_CHANNEL, minLightLevel, maxLightLevel, maxLightLevel); - if (ret != CHIP_NO_ERROR) + CHIP_ERROR err = LightingMgr().Init(LIGHTING_PWM_DEVICE, LIGHTING_PWM_CHANNEL, minLightLevel, maxLightLevel, maxLightLevel); + if (err != CHIP_NO_ERROR) { LOG_ERR("Failed to int lighting manager"); - return ret; + return err; } LightingMgr().SetCallbacks(ActionInitiated, ActionCompleted); - // Init ZCL Data Model and start server - static chip::CommonCaseDeviceServerInitParams initParams; - (void) initParams.InitializeStaticResourcesBeforeServerInit(); - chip::Server::GetInstance().Init(initParams); - - // Initialize device attestation config + // Initialize CHIP server +#if CONFIG_CHIP_FACTORY_DATA + ReturnErrorOnFailure(mFactoryDataProvider.Init()); + SetDeviceInstanceInfoProvider(&mFactoryDataProvider); + SetDeviceAttestationCredentialsProvider(&mFactoryDataProvider); + SetCommissionableDataProvider(&mFactoryDataProvider); + // Read EnableKey from the factory data. + MutableByteSpan enableKey(sTestEventTriggerEnableKey); + err = mFactoryDataProvider.GetEnableKey(enableKey); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("mFactoryDataProvider.GetEnableKey() failed. Could not delegate a test event trigger"); + memset(sTestEventTriggerEnableKey, 0, sizeof(sTestEventTriggerEnableKey)); + } +#else SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); +#endif + + static CommonCaseDeviceServerInitParams initParams; + // static OTATestEventTriggerDelegate testEventTriggerDelegate{ ByteSpan(sTestEventTriggerEnableKey) }; + (void) initParams.InitializeStaticResourcesBeforeServerInit(); + // initParams.testEventTriggerDelegate = &testEventTriggerDelegate; + ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); - gExampleDeviceInfoProvider.SetStorageDelegate(&chip::Server::GetInstance().GetPersistentStorage()); + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); #if CONFIG_CHIP_OTA_REQUESTOR @@ -176,14 +186,13 @@ CHIP_ERROR AppTask::Init() // between the main and the CHIP threads. PlatformMgr().AddEventHandler(ChipEventHandler, 0); - ret = ConnectivityMgr().SetBLEDeviceName("TelinkLight"); - if (ret != CHIP_NO_ERROR) + err = ConnectivityMgr().SetBLEDeviceName("TelinkLight"); + if (err != CHIP_NO_ERROR) { LOG_ERR("Fail to set BLE device name"); - return ret; } - return CHIP_NO_ERROR; + return err; } CHIP_ERROR AppTask::StartApp() @@ -274,7 +283,7 @@ void AppTask::StartThreadHandler(AppEvent * aEvent) if (!chip::DeviceLayer::ConnectivityMgr().IsThreadProvisioned()) { // Switch context from BLE to Thread - BLEManagerImpl sInstance; + Internal::BLEManagerImpl sInstance; sInstance.SwitchToIeee802154(); StartDefaultThreadNetwork(); LOG_INF("Device is not commissioned to a Thread network. Starting with the default configuration."); diff --git a/scripts/tools/telink/generate_telink_chip_factory_data.py b/scripts/tools/telink/generate_telink_chip_factory_data.py new file mode 100644 index 00000000000000..2ec9b888accbc9 --- /dev/null +++ b/scripts/tools/telink/generate_telink_chip_factory_data.py @@ -0,0 +1,492 @@ +#!/usr/bin/env python3 +# +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from os.path import exists +import os +import sys +import json +import jsonschema +import secrets +import argparse +import subprocess +import logging as log +import base64 +from collections import namedtuple +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.serialization import load_der_private_key + +# A user can not change the factory data version and must be coherent with +# the factory data version set in the Telink platform Kconfig file (CHIP_FACTORY_DATA_VERSION). +FACTORY_DATA_VERSION = 1 + +MATTER_ROOT = os.path.dirname(os.path.realpath(__file__))[:-len("/scripts/tools/telink")] +HEX_PREFIX = "hex:" +PUB_KEY_PREFIX = b'\x04' +INVALID_PASSCODES = [00000000, 11111111, 22222222, 33333333, 44444444, + 55555555, 66666666, 77777777, 88888888, 99999999, 12345678, 87654321] + + +def get_raw_private_key_der(der_file: str, password: str): + """ Split given der file to get separated key pair consisting of public and private keys. + + Args: + der_file (str): Path to .der file containing public and private keys + password (str): Password to decrypt Keys. It can be None, and then KEY is not encrypted. + + Returns: + hex string: return a hex string containing extracted and decrypted private KEY from given .der file. + """ + try: + with open(der_file, 'rb') as file: + key_data = file.read() + if password is None: + log.warning("KEY password has not been provided. It means that DAC key is not encrypted.") + keys = load_der_private_key(key_data, password, backend=default_backend()) + private_key = keys.private_numbers().private_value.to_bytes(32, byteorder='big') + + return private_key + + except IOError or ValueError: + return None + + +def gen_test_certs(chip_cert_exe: str, + output: str, + vendor_id: int, + product_id: int, + device_name: str, + generate_cd: bool = False, + cd_type: int = 1, + paa_cert_path: str = None, + paa_key_path: str = None): + """ + Generate Matter certificates according to given Vendor ID and Product ID using the chip-cert executable. + To use own Product Attestation Authority certificate provide paa_cert_path and paa_key_path arguments. + Without providing these arguments a PAA certificate will be get from /credentials/test/attestation directory + in the Matter repository. + + Args: + chip_cert_exe (str): path to chip-cert executable + output (str): output path to store a newly generated certificates (CD, DAC, PAI) + vendor_id (int): an identification number specific to Vendor + product_id (int): an identification number specific to Product + device_name (str): human-readable device name + generate_cd (bool, optional): Generate Certificate Declaration and store it in thee output directory. Defaults to False. + paa_cert_path (str, optional): provide PAA certification path. Defaults to None - a path will be set to /credentials/test/attestation directory. + paa_key_path (str, optional): provide PAA key path. Defaults to None - a path will be set to /credentials/test/attestation directory. + + Returns: + dictionary: ["PAI_CERT": (str), + "DAC_CERT": (str), + "DAC_KEY": (str)] + """ + + CD_PATH = MATTER_ROOT + "/credentials/test/certification-declaration/Chip-Test-CD-Signing-Cert.pem" + CD_KEY_PATH = MATTER_ROOT + "/credentials/test/certification-declaration/Chip-Test-CD-Signing-Key.pem" + PAA_PATH = paa_cert_path if paa_cert_path != None else MATTER_ROOT + "/credentials/test/attestation/Chip-Test-PAA-NoVID-Cert.pem" + PAA_KEY_PATH = paa_key_path if paa_key_path != None else MATTER_ROOT + "/credentials/test/attestation/Chip-Test-PAA-NoVID-Key.pem" + + attestation_certs = namedtuple("attestation_certs", ["dac_cert", "dac_key", "pai_cert"]) + + log.info("Generating new certificates using chip-cert...") + + if generate_cd: + # generate Certification Declaration + cmd = [chip_cert_exe, "gen-cd", + "--key", CD_KEY_PATH, + "--cert", CD_PATH, + "--out", output + "/CD.der", + "--format-version", "1", + "--vendor-id", hex(vendor_id), + "--product-id", hex(product_id), + "--device-type-id", "0", + "--certificate-id", "FFFFFFFFFFFFFFFFFFF", + "--security-level", "0", + "--security-info", "0", + "--certification-type", str(cd_type), + "--version-number", "0xFFFF", + ] + subprocess.run(cmd) + + new_certificates = {"PAI_CERT": output + "/PAI_cert", + "PAI_KEY": output + "/PAI_key", + "DAC_CERT": output + "/DAC_cert", + "DAC_KEY": output + "/DAC_key" + } + + # generate PAI + cmd = [chip_cert_exe, "gen-att-cert", + "-t", "i", + "-c", device_name, + "-V", hex(vendor_id), + "-C", PAA_PATH, + "-K", PAA_KEY_PATH, + "-o", new_certificates["PAI_CERT"] + ".pem", + "-O", new_certificates["PAI_KEY"] + ".pem", + "-l", str(10000), + ] + subprocess.run(cmd) + + # generate DAC + cmd = [chip_cert_exe, "gen-att-cert", + "-t", "d", + "-c", device_name, + "-V", hex(vendor_id), + "-P", hex(product_id), + "-C", new_certificates["PAI_CERT"] + ".pem", + "-K", new_certificates["PAI_KEY"] + ".pem", + "-o", new_certificates["DAC_CERT"] + ".pem", + "-O", new_certificates["DAC_KEY"] + ".pem", + "-l", str(10000), + ] + subprocess.run(cmd) + + # convert to .der files + for cert_k, cert_v in new_certificates.items(): + action_type = "convert-cert" if cert_k.find("CERT") != -1 else "convert-key" + log.info(cert_v + ".der") + cmd = [chip_cert_exe, action_type, + cert_v + ".pem", + cert_v + ".der", + "--x509-der", + ] + subprocess.run(cmd) + + return attestation_certs(new_certificates["DAC_CERT"] + ".der", + new_certificates["DAC_KEY"] + ".der", + new_certificates["PAI_CERT"] + ".der") + + +def gen_spake2p_params(spake2p_path: str, passcode: int, it: int, salt: bytes) -> dict: + """ Generate Spake2+ params using external spake2p tool + + Args: + spake2p_path (str): path to spake2p executable + passcode (int): Pairing passcode using in Spake2+ + it (int): Iteration counter for Spake2+ verifier generation + salt (str): Salt used to generate Spake2+ verifier + + Returns: + dict: dictionary containing passcode, it, salt, and generated Verifier + """ + + cmd = [ + spake2p_path, 'gen-verifier', + '--iteration-count', str(it), + '--salt', base64.b64encode(salt), + '--pin-code', str(passcode), + '--out', '-', + ] + output = subprocess.check_output(cmd) + output = output.decode('utf-8').splitlines() + return dict(zip(output[0].split(','), output[1].split(','))) + + +class FactoryDataGenerator: + """ + Class to generate factory data from given arguments and generate a JSON file + + """ + + def __init__(self, arguments) -> None: + """ + Args: + arguments (any):All input arguments parsed using ArgParse + """ + self._args = arguments + self._factory_data = list() + self._user_data = dict() + + try: + self._validate_args() + except AssertionError as e: + log.error(e) + sys.exit(-1) + + def _validate_args(self): + if self._args.user: + try: + self._user_data = json.loads(self._args.user) + except json.decoder.JSONDecodeError as e: + raise AssertionError("Provided wrong user data, this is not a JSON format! {}".format(e)) + assert (self._args.spake2_verifier or (self._args.passcode and self._args.spake2p_path)), \ + "Cannot find Spake2+ verifier, to generate a new one please provide passcode (--passcode) and path to spake2p tool (--spake2p_path)" + assert (self._args.chip_cert_path or (self._args.dac_cert and self._args.pai_cert and self._args.dac_key)), \ + "Cannot find paths to DAC or PAI certificates .der files. To generate a new ones please provide a path to chip-cert executable (--chip_cert_path)" + assert self._args.output.endswith(".json"), \ + "Output path doesn't contain .json file path. ({})".format(self._args.output) + assert not (self._args.passcode in INVALID_PASSCODES), \ + "Provided invalid passcode!" + + def generate_json(self): + """ + This function generates JSON data, .json file and validates it. + + To validate generated JSON data a scheme must be provided within script's arguments. + + - In the first part, if the rotating device id unique id has been not provided + as an argument, it will be created. + - If user-provided passcode and Spake2+ verifier have been not provided + as an argument, it will be created using an external script + - Passcode is not stored in JSON by default. To store it for debugging purposes, add --include_passcode argument. + - Validating output JSON is not mandatory, but highly recommended. + + """ + # generate missing data if needed + if not self._args.rd_uid: + if self._args.generate_rd_uid: + rd_uid = self._generate_rotating_device_uid() + else: + # rotating device ID unique ID was not provided, so do not store it in factory data. + rd_uid = None + else: + rd_uid = HEX_PREFIX + self._args.rd_uid + + if not self._args.spake2_verifier: + spake_2_verifier = self._generate_spake2_verifier() + else: + spake_2_verifier = self._args.spake2_verifier + + # convert salt to bytestring to be coherent with Spake2+ verifier type + spake_2_salt = self._args.spake2_salt + + if self._args.chip_cert_path: + certs = gen_test_certs(self._args.chip_cert_path, + self._args.output[:self._args.output.rfind("/")], + self._args.vendor_id, + self._args.product_id, + self._args.vendor_name + "_" + self._args.product_name, + self._args.gen_cd, + self._args.cd_type, + self._args.paa_cert, + self._args.paa_key) + dac_cert = certs.dac_cert + pai_cert = certs.pai_cert + dac_key = certs.dac_key + else: + dac_cert = self._args.dac_cert + dac_key = self._args.dac_key + pai_cert = self._args.pai_cert + + # try to read DAC public and private keys + dac_priv_key = get_raw_private_key_der(dac_key, self._args.dac_key_password) + if dac_priv_key is None: + log.error("Cannot read DAC keys from : {}".format(dac_key)) + sys.exit(-1) + + try: + json_file = open(self._args.output, "w+") + except FileNotFoundError: + print("Cannot create JSON file in this location: {}".format(self._args.output)) + sys.exit(-1) + with json_file: + # serialize data + self._add_entry("version", FACTORY_DATA_VERSION) + self._add_entry("sn", self._args.sn) + self._add_entry("vendor_id", self._args.vendor_id) + self._add_entry("product_id", self._args.product_id) + self._add_entry("vendor_name", self._args.vendor_name) + self._add_entry("product_name", self._args.product_name) + self._add_entry("date", self._args.date) + self._add_entry("hw_ver", self._args.hw_ver) + self._add_entry("hw_ver_str", self._args.hw_ver_str) + self._add_entry("dac_cert", self._process_der(dac_cert)) + self._add_entry("dac_key", dac_priv_key) + self._add_entry("pai_cert", self._process_der(pai_cert)) + if self._args.include_passcode: + self._add_entry("passcode", self._args.passcode) + self._add_entry("spake2_it", self._args.spake2_it) + self._add_entry("spake2_salt", spake_2_salt) + self._add_entry("spake2_verifier", spake_2_verifier) + self._add_entry("discriminator", self._args.discriminator) + if rd_uid: + self._add_entry("rd_uid", rd_uid) + if self._args.enable_key: + self._add_entry("enable_key", HEX_PREFIX + self._args.enable_key) + if self._args.user: + self._add_entry("user", self._args.user) + + factory_data_dict = dict(self._factory_data) + + json_object = json.dumps(factory_data_dict) + is_json_valid = True + + if self._args.schema: + is_json_valid = self._validate_output_json(json_object) + else: + log.warning("JSON Schema file has not been provided, the output file can be wrong. Be aware of that.") + try: + if is_json_valid: + json_file.write(json_object) + except IOError as e: + log.error("Cannot save output file into directory: {}".format(self._args.output)) + + def _add_entry(self, name: str, value: any): + """ Add single entry to list of tuples ("key", "value") """ + if(isinstance(value, bytes) or isinstance(value, bytearray)): + value = HEX_PREFIX + value.hex() + if value or (isinstance(value, int) and value == 0): + log.debug("Adding entry '{}' with size {} and type {}".format(name, sys.getsizeof(value), type(value))) + self._factory_data.append((name, value)) + + def _generate_spake2_verifier(self): + """ If verifier has not been provided in arguments list it should be generated via external script """ + spake2_params = gen_spake2p_params(self._args.spake2p_path, self._args.passcode, + self._args.spake2_it, self._args.spake2_salt) + return base64.b64decode(spake2_params["Verifier"]) + + def _generate_rotating_device_uid(self): + """ If rotating device unique ID has not been provided it should be generated """ + log.warning("Cannot find rotating device UID in provided arguments list. A new one will be generated.") + rdu = secrets.token_bytes(16) + log.info("\n\nThe new rotate device UID: {}\n".format(rdu.hex())) + return rdu + + def _validate_output_json(self, output_json: str): + """ + Validate output JSON data with provided .scheme file + This function will raise error if JSON does not match schema. + + """ + try: + with open(self._args.schema) as schema_file: + log.info("Validating JSON with schema...") + schema = json.loads(schema_file.read()) + validator = jsonschema.Draft202012Validator(schema=schema) + validator.validate(instance=json.loads(output_json)) + except IOError as e: + log.error("Provided JSON schema file is wrong: {}".format(self._args.schema)) + return False + else: + log.info("Validate OK") + return True + + def _process_der(self, path: str): + log.debug("Processing der file...") + try: + with open(path, 'rb') as f: + data = f.read() + return data + except IOError as e: + log.error(e) + raise e + + +def main(): + parser = argparse.ArgumentParser(description="Telink Factory Data NVS generator tool") + + def allow_any_int(i): return int(i, 0) + def base64_str(s): return base64.b64decode(s) + + mandatory_arguments = parser.add_argument_group("Mandatory keys", "These arguments must be provided to generate JSON file") + optional_arguments = parser.add_argument_group( + "Optional keys", "These arguments are optional and they depend on the user-purpose") + parser.add_argument("-s", "--schema", type=str, + help="JSON schema file to validate JSON output data") + parser.add_argument("-o", "--output", type=str, required=True, + help="Output path to store .json file, e.g. my_dir/output.json") + parser.add_argument("-v", "--verbose", action="store_true", + help="Run this script with DEBUG logging level") + parser.add_argument("--include_passcode", action="store_true", + help="Include passcode in factory data. By default, it is used only for generating Spake2+ verifier.") + parser.add_argument("--overwrite", action="store_true", + help="If output JSON file exist this argument allows to generate new factory data and overwrite it.") + # Json known-keys values + # mandatory keys + mandatory_arguments.add_argument("--sn", type=str, required=True, + help="[ascii string] Serial number of a device which can be used to identify \ + the serial number field in the Matter certificate structure. \ + Maximum length of serial number is 20 bytes. \ + Strings longer than 20 bytes will be declined in script") + mandatory_arguments.add_argument("--vendor_id", type=allow_any_int, + help="[int | hex int] Provide Vendor Identification Number") + mandatory_arguments.add_argument("--product_id", type=allow_any_int, + help="[int | hex int] Provide Product Identification Number") + mandatory_arguments.add_argument("--vendor_name", type=str, + help="[string] provide human-readable vendor name") + mandatory_arguments.add_argument("--product_name", type=str, + help="[string] provide human-readable product name") + mandatory_arguments.add_argument("--date", type=str, required=True, + help="[ascii string] Provide manufacturing date \ + A manufacturing date specifies the date that the Node was manufactured. \ + Used format for providing a manufacturing date is ISO 8601 e.g. YYYY-MM-DD.") + mandatory_arguments.add_argument("--hw_ver", type=allow_any_int, required=True, + help="[int | hex int] Provide hardware version in int format.") + mandatory_arguments.add_argument("--hw_ver_str", type=str, required=True, + help="[ascii string] Provide hardware version in string format.") + mandatory_arguments.add_argument("--spake2_it", type=allow_any_int, required=True, + help="[int | hex int] Provide Spake2+ iteration count.") + mandatory_arguments.add_argument("--spake2_salt", type=base64_str, required=True, + help="[base64 string] Provide Spake2+ salt.") + mandatory_arguments.add_argument("--discriminator", type=allow_any_int, required=True, + help="[int] Provide BLE pairing discriminator. \ + A 12-bit value matching the field of the same name in \ + the setup code. Discriminator is used during a discovery process.") + + # optional keys + optional_arguments.add_argument("--chip_cert_path", type=str, + help="Generate DAC and PAI certificates instead giving a path to .der files. This option requires a path to chip-cert executable." + "By default You can find spake2p in connectedhomeip/src/tools/chip-cert directory and build it there.") + optional_arguments.add_argument("--dac_cert", type=str, + help="[.der] Provide the path to .der file containing DAC certificate.") + optional_arguments.add_argument("--dac_key", type=str, + help="[.der] Provide the path to .der file containing DAC keys.") + optional_arguments.add_argument("--generate_rd_uid", action="store_true", + help="Generate a new rotating device unique ID, print it out to console output and store it in factory data.") + optional_arguments.add_argument("--dac_key_password", type=str, + help="Provide a password to decode dac key. If dac key is not encrypted do not provide this argument.") + optional_arguments.add_argument("--pai_cert", type=str, + help="[.der] Provide the path to .der file containing PAI certificate.") + optional_arguments.add_argument("--rd_uid", type=str, + help="[hex string] [128-bit hex-encoded] Provide the rotating device unique ID. If this argument is not provided a new rotating device id unique id will be generated.") + optional_arguments.add_argument("--passcode", type=allow_any_int, + help="[int | hex] Default PASE session passcode. (This is mandatory to generate Spake2+ verifier).") + optional_arguments.add_argument("--spake2p_path", type=str, + help="[string] Provide a path to spake2p. By default You can find spake2p in connectedhomeip/src/tools/spake2p directory and build it there.") + optional_arguments.add_argument("--spake2_verifier", type=base64_str, + help="[base64 string] Provide Spake2+ verifier without generating it.") + optional_arguments.add_argument("--enable_key", type=str, + help="[hex string] [128-bit hex-encoded] The Enable Key is a 128-bit value that triggers manufacturer-specific action while invoking the TestEventTrigger Command." + "This value is used during Certification Tests, and should not be present on production devices.") + optional_arguments.add_argument("--user", type=str, + help="[string] Provide additional user-specific keys in JSON format: {'name_1': 'value_1', 'name_2': 'value_2', ... 'name_n', 'value_n'}.") + optional_arguments.add_argument("--gen_cd", action="store_true", default=False, + help="Generate a new Certificate Declaration in .der format according to used Vendor ID and Product ID. This certificate will not be included to the factory data.") + optional_arguments.add_argument("--cd_type", type=int, default=1, + help="[int] Type of generated Certification Declaration: 0 - development, 1 - provisional, 2 - official") + optional_arguments.add_argument("--paa_cert", type=str, + help="Provide a path to the Product Attestation Authority (PAA) certificate to generate the PAI certificate. Without providing it, a testing PAA stored in the Matter repository will be used.") + optional_arguments.add_argument("--paa_key", type=str, + help="Provide a path to the Product Attestation Authority (PAA) key to generate the PAI certificate. Without providing it, a testing PAA key stored in the Matter repository will be used.") + args = parser.parse_args() + + if args.verbose: + log.basicConfig(format='[%(asctime)s][%(levelname)s] %(message)s', level=log.DEBUG) + else: + log.basicConfig(format='[%(levelname)s] %(message)s', level=log.INFO) + + # check if json file already exist + if(exists(args.output) and not args.overwrite): + log.error("Output file: {} already exist, to create a new one add argument '--overwrite'. By default overwriting is disabled".format(args.output)) + return + + generator = FactoryDataGenerator(args) + generator.generate_json() + + +if __name__ == "__main__": + main() diff --git a/scripts/tools/telink/telink_factory_data.schema b/scripts/tools/telink/telink_factory_data.schema new file mode 100644 index 00000000000000..16ffcc68dbd47b --- /dev/null +++ b/scripts/tools/telink/telink_factory_data.schema @@ -0,0 +1,147 @@ +{ + "$id": "Telink_Factory_Data_schema", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "description": "A representation of all factory data used in Matter's Telink device", + "type": "object", + "required": [ + "version", + "sn", + "vendor_id", + "product_id", + "vendor_name", + "product_name", + "date", + "hw_ver", + "hw_ver_str", + "dac_cert", + "dac_key", + "pai_cert", + "spake2_it", + "spake2_salt", + "spake2_verifier", + "discriminator" + ], + "properties": { + "version": { + "description": "Current version of the factory data set", + "type": "integer", + "minimum": 0, + "maximum": 255 + }, + "sn": { + "description": "Serial number of device", + "type": "string", + "maxLength": 32 + }, + "vendor_id": { + "description": "Vendor Identifier", + "type": "integer", + "minimum": 0, + "maximum": 65524 + }, + "product_id": { + "description": "Product Identifier", + "type": "integer", + "minimum": 1, + "maximum": 65535 + }, + "vendor_name": { + "description": "human-readable vendor name", + "type": "string", + "maxLength": 32 + }, + "product_name": { + "description": "human-readable product name", + "type": "string", + "maxLength": 32 + }, + "date": { + "description": "Manufacturing date according to ISO 8601 in notation YYYY-MM-DD", + "type": "string", + "format": "date" + }, + "hw_ver": { + "description": "Hardware version - integer", + "type": "integer", + "minimum": 0, + "maximum": 65536 + }, + "hw_ver_str": { + "description": "A string representation of hardware version", + "type": "string", + "minLength": 1, + "maxLength": 64 + }, + "rd_uid": { + "description": "A randomly-generated 128-bit or longer octet string. Length has been expanded with 'hex:' prefix", + "type": "string", + "pattern:": "^hex:{1}", + "minLength": 20, + "minLength": 5, + "maxLength": 36 + }, + "dac_cert": { + "description": "DAC certificate in hex-string format", + "type": "string", + "pattern:": "^hex:{1}([0-9A-Fa-f]){2,}", + "minLength": 5, + "maxLength": 1204 + }, + "dac_key": { + "description": "DAC Private Key in hex-string format", + "type": "string", + "pattern:": "^hex:{1}([0-9A-Fa-f]){2,}", + "minLength": 68, + "maxLength": 68 + }, + "pai_cert": { + "description": "PAI certificate in hex-string format", + "type": "string", + "pattern:": "^hex:{1}([0-9A-Fa-f]){2,}", + "minLength": 5, + "maxLength": 1204 + }, + "passcode": { + "description": "A default PASE session passcode", + "type": "integer", + "minimum": 1, + "maximum": 99999998 + }, + "spake2_it": { + "description": "An Iteration counter for the Symmetric Password-Authenticated Key Exchange", + "type": "integer", + "minimum": 1000, + "maximum": 100000 + }, + "spake2_salt": { + "description": "A key-derivation function for the Symmetric Password-Authenticated Key Exchange.", + "type": "string", + "pattern:": "^hex:{1}([0-9A-Fa-f]){2,}", + "minLength": 36, + "maxLength": 68 + }, + "spake2_verifier": { + "description": "A verifier for the Symmetric Password-Authenticated Key Exchange", + "type": "string", + "pattern:": "^hex:{1}([0-9A-Fa-f]){2,}", + "minLength": 97 + }, + "discriminator": { + "description": "The Discriminator value helps to further identify potential devices during the setup process.", + "type": "integer", + "minimum": 0, + "maximum": 4095 + }, + "enable_key": { + "description": "The Enable Key is a 128-bit value that triggers manufacturer-specific action while invoking the TestEventTrigger Command", + "type": "string", + "pattern": "^hex:{1}([0-9A-Fa-f]){32}", + "minLength": 36, + "maxLength": 36 + }, + "user": { + "description": "A user-specific additional data which should be added to factory data. This should be a Json format.", + "type": "object" + } + } +} \ No newline at end of file diff --git a/scripts/tools/telink/telink_generate_partition.py b/scripts/tools/telink/telink_generate_partition.py new file mode 100644 index 00000000000000..ddd3b63acc4a7f --- /dev/null +++ b/scripts/tools/telink/telink_generate_partition.py @@ -0,0 +1,169 @@ +#!/usr/bin/env python3 +# +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import codecs +import sys +from intelhex import IntelHex +import argparse +import json +import logging as log +import cbor2 as cbor + +HEX_PREFIX = "hex:" + + +class PartitionCreator: + """ + Class to create telink partition containing FactoryData + + :param offset: This is a partition offset where data will be stored in device's flash memory + :param length: This is a maximum partition size + :param input: This is a path to input JSON file + :param output: This is a path to output directory + + """ + + def __init__(self, offset: int, length: int, input: str, output: str) -> None: + self._ih = IntelHex() + self._length = length + self._offset = offset + self._data_ready = False + self._output = output + self._input = input + try: + self.__data_to_save = self._convert_to_dict(self._load_json()) + except IOError: + sys.exit(-1) + + def generate_cbor(self): + """ + Generates .cbor file using cbor2 library. + It generate a CBORTag 55799 which is user-specific tag + + """ + if self.__data_to_save: + # prepare raw data from Json + cbor_data = cbor.dumps(self.__data_to_save) + return cbor_data + + def create_hex(self, data: bytes): + """ + Creates .hex file from CBOR. + This file can be write directly to device. + + """ + if len(data) > self._length: + raise ValueError("generated CBOR file exceeds declared maximum partition size! {} > {}".format(len(data), self._length)) + self._ih.putsz(self._offset, data) + self._ih.write_hex_file(self._output + ".hex", True) + self._data_ready = True + return True + + def create_bin(self): + """ + Creates raw binary data of created previously .hex file + + """ + if not self._data_ready: + log.error("Please create hex file first!") + return False + self._ih.tobinfile(self._output + ".bin") + return True + + @staticmethod + def _convert_to_dict(data): + """ + Converts a list containing tuples ("key_name", "key_value") to a dictionary + + If "key_value" of data entry is a string-type variable and contains a HEX_PREFIX algorithm decodes it + to hex format to be sure that a cbor file will contain proper bytes. + + If "key_value" of data entry is a dictionary, algorithm appends it to the created dictionary. + """ + output_dict = dict() + for entry in data: + if not isinstance(entry, dict): + log.debug("Processing entry {}".format(entry)) + if isinstance(data[entry], str) and data[entry].startswith(HEX_PREFIX): + output_dict[entry] = codecs.decode(data[entry][len(HEX_PREFIX):], "hex") + elif isinstance(data[entry], str): + output_dict[entry] = data[entry].encode("utf-8") + else: + output_dict[entry] = data[entry] + else: + output_dict[entry] = entry + return output_dict + + def _load_json(self): + """ + Loads file containing a JSON data and converts it to JSON format + + :raises IOError: if provided JSON file can not be read out. + """ + try: + with open(self._input, "rb") as json_file: + return json.loads(json_file.read()) + except IOError as e: + log.error("Can not read Json file {}".format(self._input)) + raise e + + +def print_flashing_help(): + print("\nTo flash the generated hex/bin containing factory data, use BDT tool") + + +def main(): + + def allow_any_int(i): return int(i, 0) + + parser = argparse.ArgumentParser(description="Telink Factory Data NVS partition generator tool") + parser.add_argument("-i", "--input", type=str, required=True, + help="Path to input .json file") + parser.add_argument("-o", "--output", type=str, required=True, + help="Prefix for output file paths, e.g. setting dir/output causes creation of the following files: dir/output.hex, and dir/output.bin") + parser.add_argument("--offset", type=allow_any_int, required=True, + help="Partition offset - an address in device's NVM memory, where factory data will be stored") + parser.add_argument("--size", type=allow_any_int, required=True, + help="The maximum partition size") + parser.add_argument("-v", "--verbose", action="store_true", + help="Run this script with DEBUG logging level") + parser.add_argument("-r", "--raw", action="store_true", + help="Do not print flashing help and other logs, only generate a .hex file. It can be useful when the script is used by other script.") + args = parser.parse_args() + + if args.verbose: + log.basicConfig(format='[%(asctime)s][%(levelname)s] %(message)s', level=log.DEBUG) + elif args.raw: + log.basicConfig(format='%(message)s', level=log.ERROR) + else: + log.basicConfig(format='[%(asctime)s] %(message)s', level=log.INFO) + + partition_creator = PartitionCreator(args.offset, args.size, args.input, args.output) + cbor_data = partition_creator.generate_cbor() + try: + if not args.raw: + print("Generating .hex file: {}.hex with offset: {} and size: {}".format(args.output, hex(args.offset), hex(args.size))) + if partition_creator.create_hex(cbor_data) and partition_creator.create_bin(): + if not args.raw: + print_flashing_help() + except ValueError as e: + log.error(e) + sys.exit(-1) + + +if __name__ == "__main__": + main() diff --git a/src/platform/telink/BUILD.gn b/src/platform/telink/BUILD.gn index d0b799c187b44b..695d1df42c520f 100644 --- a/src/platform/telink/BUILD.gn +++ b/src/platform/telink/BUILD.gn @@ -16,6 +16,7 @@ import("//build_overrides/chip.gni") import("//build_overrides/telink.gni") import("${chip_root}/src/platform/device.gni") +import("${chip_root}/src/platform/telink/args.gni") assert(chip_device_platform == "telink") @@ -50,11 +51,26 @@ static_library("telink") { deps = [] + public = [ + "${chip_root}/src/credentials/CHIPCert.h", + "${chip_root}/src/credentials/CertificationDeclaration.h", + "${chip_root}/src/credentials/DeviceAttestationCredsProvider.h", + ] + public_deps = [ "${chip_root}/src/platform:platform_base", "${telink_sdk_build_root}", ] + if (chip_enable_factory_data) { + sources += [ + "FactoryDataParser.c", + "FactoryDataParser.h", + "FactoryDataProvider.cpp", + "FactoryDataProvider.h", + ] + } + if (chip_enable_openthread) { sources += [ "../OpenThread/OpenThreadUtils.cpp", diff --git a/src/platform/telink/CHIPDevicePlatformConfig.h b/src/platform/telink/CHIPDevicePlatformConfig.h index dadbf34fb2ddde..6a40ab87a4c726 100644 --- a/src/platform/telink/CHIPDevicePlatformConfig.h +++ b/src/platform/telink/CHIPDevicePlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2021 Project CHIP Authors + * Copyright (c) 2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,6 +27,42 @@ // ==================== Platform Adaptations ==================== +#ifndef CHIP_DEVICE_CONFIG_TEST_SERIAL_NUMBER +#define CHIP_DEVICE_CONFIG_TEST_SERIAL_NUMBER CONFIG_CHIP_DEVICE_SERIAL_NUMBER +#endif + +#ifndef CHIP_DEVICE_CONFIG_TEST_MANUFACTURING_DATE +#define CHIP_DEVICE_CONFIG_TEST_MANUFACTURING_DATE CONFIG_CHIP_DEVICE_MANUFACTURING_DATE +#endif + +#ifndef CHIP_DEVICE_CONFIG_DEFAULT_DEVICE_HARDWARE_VERSION +#define CHIP_DEVICE_CONFIG_DEFAULT_DEVICE_HARDWARE_VERSION CONFIG_CHIP_DEVICE_HARDWARE_VERSION +#endif + +#ifndef CHIP_DEVICE_CONFIG_USE_TEST_SETUP_PIN_CODE +#define CHIP_DEVICE_CONFIG_USE_TEST_SETUP_PIN_CODE CONFIG_CHIP_DEVICE_PAIRING_PASSCODE +#endif + +#ifndef CHIP_DEVICE_CONFIG_USE_TEST_SETUP_DISCRIMINATOR +#define CHIP_DEVICE_CONFIG_USE_TEST_SETUP_DISCRIMINATOR CONFIG_CHIP_DEVICE_DISCRIMINATOR +#endif + +#ifndef CHIP_DEVICE_CONFIG_DEFAULT_DEVICE_HARDWARE_VERSION_STRING +#define CHIP_DEVICE_CONFIG_DEFAULT_DEVICE_HARDWARE_VERSION_STRING CONFIG_CHIP_DEVICE_HARDWARE_VERSION_STRING +#endif + +#ifndef CHIP_DEVICE_CONFIG_USE_TEST_SPAKE2P_ITERATION_COUNT +#define CHIP_DEVICE_CONFIG_USE_TEST_SPAKE2P_ITERATION_COUNT CONFIG_CHIP_DEVICE_SPAKE2_IT +#endif + +#ifndef CHIP_DEVICE_CONFIG_USE_TEST_SPAKE2P_SALT +#define CHIP_DEVICE_CONFIG_USE_TEST_SPAKE2P_SALT CONFIG_CHIP_DEVICE_SPAKE2_SALT +#endif + +#ifndef CHIP_DEVICE_CONFIG_USE_TEST_SPAKE2P_VERIFIER +#define CHIP_DEVICE_CONFIG_USE_TEST_SPAKE2P_VERIFIER CONFIG_CHIP_DEVICE_SPAKE2_TEST_VERIFIER +#endif + #ifndef CHIP_DEVICE_CONFIG_DEVICE_VENDOR_ID #define CHIP_DEVICE_CONFIG_DEVICE_VENDOR_ID CONFIG_CHIP_DEVICE_VENDOR_ID #endif @@ -35,8 +71,12 @@ #define CHIP_DEVICE_CONFIG_DEVICE_PRODUCT_ID CONFIG_CHIP_DEVICE_PRODUCT_ID #endif -#ifdef CONFIG_CHIP_DEVICE_TYPE -#define CHIP_DEVICE_CONFIG_DEVICE_TYPE CONFIG_CHIP_DEVICE_TYPE +#ifndef CHIP_DEVICE_CONFIG_DEVICE_VENDOR_NAME +#define CHIP_DEVICE_CONFIG_DEVICE_VENDOR_NAME CONFIG_CHIP_DEVICE_VENDOR_NAME +#endif + +#ifndef CHIP_DEVICE_CONFIG_DEVICE_PRODUCT_NAME +#define CHIP_DEVICE_CONFIG_DEVICE_PRODUCT_NAME CONFIG_CHIP_DEVICE_PRODUCT_NAME #endif #ifndef CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION @@ -82,6 +122,58 @@ #endif // !defined(CONFIG_CHIP_MALLOC_SYS_HEAP) && defined(CONFIG_NEWLIB_LIBC) #endif // CHIP_DEVICE_CONFIG_HEAP_STATISTICS_MALLINFO +#ifndef CHIP_DEVICE_CONFIG_CERTIFICATION_DECLARATION +//-> format_version = 1 +//-> vendor_id = 0xFFF1 +//-> product_id_array = [ 0x8000, 0x8001, 0x8002, 0x8003, 0x8004, 0x8005, 0x8006, 0x8007, 0x8008, 0x8009, 0x800A, 0x800B, +// 0x800C, 0x800D, 0x800E, 0x800F, 0x8010, 0x8011, 0x8012, 0x8013, 0x8014, 0x8015, 0x8016, 0x8017, 0x8018, 0x8019, 0x801A, +// 0x801B, 0x801C, 0x801D, 0x801E, 0x801F, 0x8020, 0x8021, 0x8022, 0x8023, 0x8024, 0x8025, 0x8026, 0x8027, 0x8028, 0x8029, +// 0x802A, 0x802B, 0x802C, 0x802D, 0x802E, 0x802F, 0x8030, 0x8031, 0x8032, 0x8033, 0x8034, 0x8035, 0x8036, 0x8037, 0x8038, +// 0x8039, 0x803A, 0x803B, 0x803C, 0x803D, 0x803E, 0x803F, 0x8040, 0x8041, 0x8042, 0x8043, 0x8044, 0x8045, 0x8046, 0x8047, +// 0x8048, 0x8049, 0x804A, 0x804B, 0x804C, 0x804D, 0x804E, 0x804F, 0x8050, 0x8051, 0x8052, 0x8053, 0x8054, 0x8055, 0x8056, +// 0x8057, 0x8058, 0x8059, 0x805A, 0x805B, 0x805C, 0x805D, 0x805E, 0x805F, 0x8060, 0x8061, 0x8062, 0x8063 ] +//-> device_type_id = 0x0016 +//-> certificate_id = "ZIG20142ZB330003-24" +//-> security_level = 0 +//-> security_information = 0 +//-> version_number = 0x2694 +//-> certification_type = 0 +//-> dac_origin_vendor_id is not present +//-> dac_origin_product_id is not present +#define CHIP_DEVICE_CONFIG_CERTIFICATION_DECLARATION \ + { \ + 0x30, 0x82, 0x02, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0x0a, 0x30, \ + 0x82, 0x02, 0x06, 0x02, 0x01, 0x03, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, \ + 0x02, 0x01, 0x30, 0x82, 0x01, 0x71, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, \ + 0x01, 0x62, 0x04, 0x82, 0x01, 0x5e, 0x15, 0x24, 0x00, 0x01, 0x25, 0x01, 0xf1, 0xff, 0x36, 0x02, 0x05, 0x00, 0x80, \ + 0x05, 0x01, 0x80, 0x05, 0x02, 0x80, 0x05, 0x03, 0x80, 0x05, 0x04, 0x80, 0x05, 0x05, 0x80, 0x05, 0x06, 0x80, 0x05, \ + 0x07, 0x80, 0x05, 0x08, 0x80, 0x05, 0x09, 0x80, 0x05, 0x0a, 0x80, 0x05, 0x0b, 0x80, 0x05, 0x0c, 0x80, 0x05, 0x0d, \ + 0x80, 0x05, 0x0e, 0x80, 0x05, 0x0f, 0x80, 0x05, 0x10, 0x80, 0x05, 0x11, 0x80, 0x05, 0x12, 0x80, 0x05, 0x13, 0x80, \ + 0x05, 0x14, 0x80, 0x05, 0x15, 0x80, 0x05, 0x16, 0x80, 0x05, 0x17, 0x80, 0x05, 0x18, 0x80, 0x05, 0x19, 0x80, 0x05, \ + 0x1a, 0x80, 0x05, 0x1b, 0x80, 0x05, 0x1c, 0x80, 0x05, 0x1d, 0x80, 0x05, 0x1e, 0x80, 0x05, 0x1f, 0x80, 0x05, 0x20, \ + 0x80, 0x05, 0x21, 0x80, 0x05, 0x22, 0x80, 0x05, 0x23, 0x80, 0x05, 0x24, 0x80, 0x05, 0x25, 0x80, 0x05, 0x26, 0x80, \ + 0x05, 0x27, 0x80, 0x05, 0x28, 0x80, 0x05, 0x29, 0x80, 0x05, 0x2a, 0x80, 0x05, 0x2b, 0x80, 0x05, 0x2c, 0x80, 0x05, \ + 0x2d, 0x80, 0x05, 0x2e, 0x80, 0x05, 0x2f, 0x80, 0x05, 0x30, 0x80, 0x05, 0x31, 0x80, 0x05, 0x32, 0x80, 0x05, 0x33, \ + 0x80, 0x05, 0x34, 0x80, 0x05, 0x35, 0x80, 0x05, 0x36, 0x80, 0x05, 0x37, 0x80, 0x05, 0x38, 0x80, 0x05, 0x39, 0x80, \ + 0x05, 0x3a, 0x80, 0x05, 0x3b, 0x80, 0x05, 0x3c, 0x80, 0x05, 0x3d, 0x80, 0x05, 0x3e, 0x80, 0x05, 0x3f, 0x80, 0x05, \ + 0x40, 0x80, 0x05, 0x41, 0x80, 0x05, 0x42, 0x80, 0x05, 0x43, 0x80, 0x05, 0x44, 0x80, 0x05, 0x45, 0x80, 0x05, 0x46, \ + 0x80, 0x05, 0x47, 0x80, 0x05, 0x48, 0x80, 0x05, 0x49, 0x80, 0x05, 0x4a, 0x80, 0x05, 0x4b, 0x80, 0x05, 0x4c, 0x80, \ + 0x05, 0x4d, 0x80, 0x05, 0x4e, 0x80, 0x05, 0x4f, 0x80, 0x05, 0x50, 0x80, 0x05, 0x51, 0x80, 0x05, 0x52, 0x80, 0x05, \ + 0x53, 0x80, 0x05, 0x54, 0x80, 0x05, 0x55, 0x80, 0x05, 0x56, 0x80, 0x05, 0x57, 0x80, 0x05, 0x58, 0x80, 0x05, 0x59, \ + 0x80, 0x05, 0x5a, 0x80, 0x05, 0x5b, 0x80, 0x05, 0x5c, 0x80, 0x05, 0x5d, 0x80, 0x05, 0x5e, 0x80, 0x05, 0x5f, 0x80, \ + 0x05, 0x60, 0x80, 0x05, 0x61, 0x80, 0x05, 0x62, 0x80, 0x05, 0x63, 0x80, 0x18, 0x24, 0x03, 0x16, 0x2c, 0x04, 0x13, \ + 0x5a, 0x49, 0x47, 0x32, 0x30, 0x31, 0x34, 0x32, 0x5a, 0x42, 0x33, 0x33, 0x30, 0x30, 0x30, 0x33, 0x2d, 0x32, 0x34, \ + 0x24, 0x05, 0x00, 0x24, 0x06, 0x00, 0x25, 0x07, 0x94, 0x26, 0x24, 0x08, 0x00, 0x18, 0x31, 0x7d, 0x30, 0x7b, 0x02, \ + 0x01, 0x03, 0x80, 0x14, 0x62, 0xfa, 0x82, 0x33, 0x59, 0xac, 0xfa, 0xa9, 0x96, 0x3e, 0x1c, 0xfa, 0x14, 0x0a, 0xdd, \ + 0xf5, 0x04, 0xf3, 0x71, 0x60, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, \ + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x24, 0xe5, \ + 0xd1, 0xf4, 0x7a, 0x7d, 0x7b, 0x0d, 0x20, 0x6a, 0x26, 0xef, 0x69, 0x9b, 0x7c, 0x97, 0x57, 0xb7, 0x2d, 0x46, 0x90, \ + 0x89, 0xde, 0x31, 0x92, 0xe6, 0x78, 0xc7, 0x45, 0xe7, 0xf6, 0x0c, 0x02, 0x21, 0x00, 0xf8, 0xaa, 0x2f, 0xa7, 0x11, \ + 0xfc, 0xb7, 0x9b, 0x97, 0xe3, 0x97, 0xce, 0xda, 0x66, 0x7b, 0xae, 0x46, 0x4e, 0x2b, 0xd3, 0xff, 0xdf, 0xc3, 0xcc, \ + 0xed, 0x7a, 0xa8, 0xca, 0x5f, 0x4c, 0x1a, 0x7c \ + } +#endif + // ========== Platform-specific Configuration Overrides ========= #ifndef CHIP_DEVICE_CONFIG_CHIP_TASK_PRIORITY @@ -114,3 +206,11 @@ #define CHIP_DEVICE_CONFIG_ENABLE_THREAD_COMMISSIONABLE_DISCOVERY 1 #endif // CONFIG_CHIP_ENABLE_DNS_CLIENT #endif // CONFIG_CHIP_ENABLE_DNSSD_SRP + +#ifdef CONFIG_CHIP_DEVICE_TYPE +#define CHIP_DEVICE_CONFIG_DEVICE_TYPE CONFIG_CHIP_DEVICE_TYPE +#endif // CONFIG_CHIP_DEVICE_TYPE + +#ifdef CONFIG_CHIP_EXTENDED_DISCOVERY +#define CHIP_DEVICE_CONFIG_ENABLE_EXTENDED_DISCOVERY 1 +#endif // CONFIG_CHIP_EXTENDED_DISCOVERY diff --git a/src/platform/telink/FactoryDataParser.c b/src/platform/telink/FactoryDataParser.c new file mode 100644 index 00000000000000..e89cf3b85d4c95 --- /dev/null +++ b/src/platform/telink/FactoryDataParser.c @@ -0,0 +1,167 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "FactoryDataParser.h" + +#include +#include + +#include +#include + +#define MAX_FACTORY_DATA_NESTING_LEVEL 3 + +LOG_MODULE_DECLARE(app, CONFIG_MATTER_LOG_LEVEL); + +static inline bool uint16_decode(zcbor_state_t * states, uint16_t * value) +{ + uint32_t u32; + + if (zcbor_uint32_decode(states, &u32)) + { + *value = (uint16_t) u32; + return true; + } + + return false; +} + +bool ParseFactoryData(uint8_t * buffer, uint16_t bufferSize, struct FactoryData * factoryData) +{ + memset(factoryData, 0, sizeof(*factoryData)); + ZCBOR_STATE_D(states, MAX_FACTORY_DATA_NESTING_LEVEL, buffer, bufferSize, 1); + + bool res = zcbor_map_start_decode(states); + struct zcbor_string currentString; + + while (res) + { + res = zcbor_tstr_decode(states, ¤tString); + + if (!res) + { + res = true; + break; + } + + if (strncmp("version", (const char *) currentString.value, currentString.len) == 0) + { + res = res && uint16_decode(states, &factoryData->version); + } + else if (strncmp("hw_ver", (const char *) currentString.value, currentString.len) == 0) + { + res = res && uint16_decode(states, &factoryData->hw_ver); + factoryData->hwVerPresent = res; + } + else if (strncmp("spake2_it", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_uint32_decode(states, &factoryData->spake2_it); + } + else if (strncmp("vendor_id", (const char *) currentString.value, currentString.len) == 0) + { + res = res && uint16_decode(states, &factoryData->vendor_id); + factoryData->vendorIdPresent = res; + } + else if (strncmp("product_id", (const char *) currentString.value, currentString.len) == 0) + { + res = res && uint16_decode(states, &factoryData->product_id); + factoryData->productIdPresent = res; + } + else if (strncmp("discriminator", (const char *) currentString.value, currentString.len) == 0) + { + res = res && uint16_decode(states, &factoryData->discriminator); + factoryData->discriminatorPresent = res; + } + else if (strncmp("passcode", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_uint32_decode(states, &factoryData->passcode); + } + else if (strncmp("sn", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->sn); + } + else if (strncmp("date", (const char *) currentString.value, currentString.len) == 0) + { + // Date format is YYYY-MM-DD, so format needs to be validated and string parse to integer parts. + struct zcbor_string date; + res = res && zcbor_bstr_decode(states, &date); + if (date.len == 10 && isdigit(date.value[0]) && isdigit(date.value[1]) && isdigit(date.value[2]) && + isdigit(date.value[3]) && date.value[4] == '-' && isdigit(date.value[5]) && isdigit(date.value[6]) && + date.value[7] == '-' && isdigit(date.value[8]) && isdigit(date.value[9])) + { + factoryData->date_year = + 1000 * (date.value[0] - '0') + 100 * (date.value[1] - '0') + 10 * (date.value[2] - '0') + date.value[3] - '0'; + factoryData->date_month = 10 * (date.value[5] - '0') + date.value[6] - '0'; + factoryData->date_day = 10 * (date.value[8] - '0') + date.value[9] - '0'; + } + else + { + LOG_ERR("Parsing error - wrong date format"); + } + } + else if (strncmp("hw_ver_str", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->hw_ver_str); + } + else if (strncmp("rd_uid", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->rd_uid); + } + else if (strncmp("dac_cert", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->dac_cert); + } + else if (strncmp("dac_key", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->dac_priv_key); + } + else if (strncmp("pai_cert", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->pai_cert); + } + else if (strncmp("spake2_salt", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->spake2_salt); + } + else if (strncmp("spake2_verifier", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->spake2_verifier); + } + else if (strncmp("vendor_name", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->vendor_name); + } + else if (strncmp("product_name", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->product_name); + } + else if (strncmp("enable_key", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->enable_key); + } + else if (strncmp("user", (const char *) currentString.value, currentString.len) == 0) + { + res = res && zcbor_bstr_decode(states, (struct zcbor_string *) &factoryData->user); + } + else + { + res = res && zcbor_any_skip(states, NULL); + } + } + + return res && zcbor_list_map_end_force_decode(states); +} diff --git a/src/platform/telink/FactoryDataParser.h b/src/platform/telink/FactoryDataParser.h new file mode 100644 index 00000000000000..156010ab66c527 --- /dev/null +++ b/src/platform/telink/FactoryDataParser.h @@ -0,0 +1,78 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct FactoryDataString +{ + void * data; + size_t len; +}; + +struct FactoryData +{ + uint16_t version; + struct FactoryDataString sn; + uint16_t date_year; + uint8_t date_month; + uint8_t date_day; + uint16_t vendor_id; + uint16_t product_id; + struct FactoryDataString vendor_name; + struct FactoryDataString product_name; + uint16_t hw_ver; + struct FactoryDataString hw_ver_str; + struct FactoryDataString rd_uid; + struct FactoryDataString dac_cert; + struct FactoryDataString dac_priv_key; + struct FactoryDataString pai_cert; + uint32_t spake2_it; + struct FactoryDataString spake2_salt; + struct FactoryDataString spake2_verifier; + uint16_t discriminator; + uint32_t passcode; + struct FactoryDataString enable_key; + struct FactoryDataString user; + + bool vendorIdPresent; + bool productIdPresent; + bool hwVerPresent; + bool discriminatorPresent; +}; + +/** + * @brief Parses raw factory data into the factory data structure. + * + * @param[in] buffer Buffer containing raw factory data. + * @param[in] bufferSize Size of factory data. + * @param[out] factoryData address of object to be filled with parsed factory data. + * + * @returns true on success, false otherwise. + */ +bool ParseFactoryData(uint8_t * buffer, uint16_t bufferSize, struct FactoryData * factoryData); + +#ifdef __cplusplus +} +#endif diff --git a/src/platform/telink/FactoryDataProvider.cpp b/src/platform/telink/FactoryDataProvider.cpp new file mode 100644 index 00000000000000..38592270b1f4a0 --- /dev/null +++ b/src/platform/telink/FactoryDataProvider.cpp @@ -0,0 +1,341 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "FactoryDataProvider.h" +#include "CHIPDevicePlatformConfig.h" +#include + +#if CONFIG_CHIP_CERTIFICATION_DECLARATION_STORAGE +#include +#include +#endif + +#include + +namespace chip { +namespace { + +CHIP_ERROR LoadKeypairFromRaw(ByteSpan privateKey, ByteSpan publicKey, Crypto::P256Keypair & keypair) +{ + Crypto::P256SerializedKeypair serializedKeypair; + ReturnErrorOnFailure(serializedKeypair.SetLength(privateKey.size() + publicKey.size())); + memcpy(serializedKeypair.Bytes(), publicKey.data(), publicKey.size()); + memcpy(serializedKeypair.Bytes() + publicKey.size(), privateKey.data(), privateKey.size()); + return keypair.Deserialize(serializedKeypair); +} +} // namespace + +namespace DeviceLayer { + +template +CHIP_ERROR FactoryDataProvider::Init() +{ + uint8_t * factoryData = nullptr; + size_t factoryDataSize; + + CHIP_ERROR error = mFlashFactoryData.ProtectFactoryDataPartitionAgainstWrite(); + + // Protection against write for external storage is not supported. + if (error == CHIP_ERROR_NOT_IMPLEMENTED) + { + ChipLogProgress(DeviceLayer, "The device does not support hardware protection against write."); + error = CHIP_NO_ERROR; + } + else if (error != CHIP_NO_ERROR) + { + ChipLogError(DeviceLayer, "Failed to protect the factory data partition."); + return error; + } + + error = mFlashFactoryData.GetFactoryDataPartition(factoryData, factoryDataSize); + + if (error != CHIP_NO_ERROR) + { + ChipLogError(DeviceLayer, "Failed to read factory data partition"); + return error; + } + + if (!ParseFactoryData(factoryData, factoryDataSize, &mFactoryData)) + { + ChipLogError(DeviceLayer, "Failed to parse factory data"); + return CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND; + } + + // Check if factory data version is correct + if (mFactoryData.version != CONFIG_CHIP_FACTORY_DATA_VERSION) + { + ChipLogError(DeviceLayer, "Factory data version mismatch. Flash version: %d vs code version: %d", mFactoryData.version, + CONFIG_CHIP_FACTORY_DATA_VERSION); + return CHIP_ERROR_VERSION_MISMATCH; + } + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetCertificationDeclaration(MutableByteSpan & outBuffer) +{ +#if CONFIG_CHIP_CERTIFICATION_DECLARATION_STORAGE + size_t cdLen = 0; + + if (Internal::ZephyrConfig::ReadConfigValueBin(Internal::ZephyrConfig::kConfigKey_CertificationDeclaration, + reinterpret_cast(outBuffer.data()), outBuffer.size(), + cdLen) == CHIP_NO_ERROR) + { + outBuffer.reduce_size(cdLen); + return CHIP_NO_ERROR; + } +#endif + constexpr uint8_t kCdForAllExamples[] = CHIP_DEVICE_CONFIG_CERTIFICATION_DECLARATION; + + return CopySpanToMutableSpan(ByteSpan{ kCdForAllExamples }, outBuffer); +} + +template +CHIP_ERROR FactoryDataProvider::GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) +{ + out_firmware_info_buffer.reduce_size(0); + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetDeviceAttestationCert(MutableByteSpan & outBuffer) +{ + ReturnErrorCodeIf(outBuffer.size() < mFactoryData.dac_cert.len, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.dac_cert.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(outBuffer.data(), mFactoryData.dac_cert.data, mFactoryData.dac_cert.len); + + outBuffer.reduce_size(mFactoryData.dac_cert.len); + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetProductAttestationIntermediateCert(MutableByteSpan & outBuffer) +{ + ReturnErrorCodeIf(outBuffer.size() < mFactoryData.pai_cert.len, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.pai_cert.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(outBuffer.data(), mFactoryData.pai_cert.data, mFactoryData.pai_cert.len); + + outBuffer.reduce_size(mFactoryData.pai_cert.len); + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & messageToSign, + MutableByteSpan & outSignBuffer) +{ + Crypto::P256ECDSASignature signature; + Crypto::P256Keypair keypair; + + VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.dac_cert.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + ReturnErrorCodeIf(!mFactoryData.dac_priv_key.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + // Extract public key from DAC cert. + ByteSpan dacCertSpan{ reinterpret_cast(mFactoryData.dac_cert.data), mFactoryData.dac_cert.len }; + chip::Crypto::P256PublicKey dacPublicKey; + + ReturnErrorOnFailure(chip::Crypto::ExtractPubkeyFromX509Cert(dacCertSpan, dacPublicKey)); + ReturnErrorOnFailure( + LoadKeypairFromRaw(ByteSpan(reinterpret_cast(mFactoryData.dac_priv_key.data), mFactoryData.dac_priv_key.len), + ByteSpan(dacPublicKey.Bytes(), dacPublicKey.Length()), keypair)); + ReturnErrorOnFailure(keypair.ECDSA_sign_msg(messageToSign.data(), messageToSign.size(), signature)); + + return CopySpanToMutableSpan(ByteSpan{ signature.ConstBytes(), signature.Length() }, outSignBuffer); +} + +template +CHIP_ERROR FactoryDataProvider::GetSetupDiscriminator(uint16_t & setupDiscriminator) +{ + VerifyOrReturnError(mFactoryData.discriminatorPresent, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + setupDiscriminator = mFactoryData.discriminator; + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::SetSetupDiscriminator(uint16_t setupDiscriminator) +{ + return CHIP_ERROR_NOT_IMPLEMENTED; +} + +template +CHIP_ERROR FactoryDataProvider::GetSpake2pIterationCount(uint32_t & iterationCount) +{ + ReturnErrorCodeIf(mFactoryData.spake2_it == 0, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + iterationCount = mFactoryData.spake2_it; + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetSpake2pSalt(MutableByteSpan & saltBuf) +{ + ReturnErrorCodeIf(saltBuf.size() < mFactoryData.spake2_salt.len, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.spake2_salt.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(saltBuf.data(), mFactoryData.spake2_salt.data, mFactoryData.spake2_salt.len); + + saltBuf.reduce_size(mFactoryData.spake2_salt.len); + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetSpake2pVerifier(MutableByteSpan & verifierBuf, size_t & verifierLen) +{ + ReturnErrorCodeIf(verifierBuf.size() < mFactoryData.spake2_verifier.len, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.spake2_verifier.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(verifierBuf.data(), mFactoryData.spake2_verifier.data, mFactoryData.spake2_verifier.len); + + verifierLen = mFactoryData.spake2_verifier.len; + + verifierBuf.reduce_size(verifierLen); + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetSetupPasscode(uint32_t & setupPasscode) +{ + ReturnErrorCodeIf(mFactoryData.passcode == 0, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + setupPasscode = mFactoryData.passcode; + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::SetSetupPasscode(uint32_t setupPasscode) +{ + return CHIP_ERROR_NOT_IMPLEMENTED; +} + +template +CHIP_ERROR FactoryDataProvider::GetVendorName(char * buf, size_t bufSize) +{ + ReturnErrorCodeIf(bufSize < mFactoryData.vendor_name.len + 1, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.vendor_name.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(buf, mFactoryData.vendor_name.data, mFactoryData.vendor_name.len); + buf[mFactoryData.vendor_name.len] = 0; + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetVendorId(uint16_t & vendorId) +{ + VerifyOrReturnError(mFactoryData.vendorIdPresent, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + vendorId = mFactoryData.vendor_id; + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetProductName(char * buf, size_t bufSize) +{ + ReturnErrorCodeIf(bufSize < mFactoryData.product_name.len + 1, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.product_name.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(buf, mFactoryData.product_name.data, mFactoryData.product_name.len); + buf[mFactoryData.product_name.len] = 0; + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetProductId(uint16_t & productId) +{ + VerifyOrReturnError(mFactoryData.productIdPresent, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + productId = mFactoryData.product_id; + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetSerialNumber(char * buf, size_t bufSize) +{ + ReturnErrorCodeIf(bufSize < mFactoryData.sn.len + 1, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.sn.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(buf, mFactoryData.sn.data, mFactoryData.sn.len); + buf[mFactoryData.sn.len] = 0; + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetManufacturingDate(uint16_t & year, uint8_t & month, uint8_t & day) +{ + VerifyOrReturnError(mFactoryData.date_year != 0, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + year = mFactoryData.date_year; + month = mFactoryData.date_month; + day = mFactoryData.date_day; + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetHardwareVersion(uint16_t & hardwareVersion) +{ + VerifyOrReturnError(mFactoryData.hwVerPresent, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + hardwareVersion = mFactoryData.hw_ver; + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetHardwareVersionString(char * buf, size_t bufSize) +{ + ReturnErrorCodeIf(bufSize < mFactoryData.hw_ver_str.len + 1, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.hw_ver_str.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(buf, mFactoryData.hw_ver_str.data, mFactoryData.hw_ver_str.len); + buf[mFactoryData.hw_ver_str.len] = 0; + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetRotatingDeviceIdUniqueId(MutableByteSpan & uniqueIdSpan) +{ + ReturnErrorCodeIf(uniqueIdSpan.size() < mFactoryData.rd_uid.len, CHIP_ERROR_BUFFER_TOO_SMALL); + ReturnErrorCodeIf(!mFactoryData.rd_uid.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + + memcpy(uniqueIdSpan.data(), mFactoryData.rd_uid.data, mFactoryData.rd_uid.len); + + return CHIP_NO_ERROR; +} + +template +CHIP_ERROR FactoryDataProvider::GetEnableKey(MutableByteSpan & enableKey) +{ + ReturnErrorCodeIf(!mFactoryData.enable_key.data, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND); + ReturnErrorCodeIf(enableKey.size() < mFactoryData.enable_key.len, CHIP_ERROR_BUFFER_TOO_SMALL); + + memcpy(enableKey.data(), mFactoryData.enable_key.data, mFactoryData.enable_key.len); + + enableKey.reduce_size(mFactoryData.enable_key.len); + + return CHIP_NO_ERROR; +} + +// Fully instantiate the template class in whatever compilation unit includes this file. +// template class FactoryDataProvider; +template class FactoryDataProvider; + +} // namespace DeviceLayer +} // namespace chip diff --git a/src/platform/telink/FactoryDataProvider.h b/src/platform/telink/FactoryDataProvider.h new file mode 100644 index 00000000000000..79d34a6b9fdd84 --- /dev/null +++ b/src/platform/telink/FactoryDataProvider.h @@ -0,0 +1,117 @@ +/* + * + * Copyright (c) 2022 Project CHIP Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include + +#include +#include +#include + +#include "FactoryDataParser.h" + +namespace chip { +namespace DeviceLayer { + +struct InternalFlashFactoryData +{ + CHIP_ERROR GetFactoryDataPartition(uint8_t *& data, size_t & dataSize) + { + data = reinterpret_cast(FLASH_AREA_OFFSET(factory_data)); + dataSize = FLASH_AREA_SIZE(factory_data); + return CHIP_NO_ERROR; + } + + CHIP_ERROR ProtectFactoryDataPartitionAgainstWrite() { return CHIP_ERROR_NOT_IMPLEMENTED; } +}; + +struct ExternalFlashFactoryData +{ + CHIP_ERROR GetFactoryDataPartition(uint8_t *& data, size_t & dataSize) + { + int ret = flash_read(mFlashDevice, FLASH_AREA_OFFSET(factory_data), mFactoryDataBuffer, FLASH_AREA_SIZE(factory_data)); + + if (ret != 0) + { + return CHIP_ERROR_READ_FAILED; + } + + data = mFactoryDataBuffer; + dataSize = FLASH_AREA_SIZE(factory_data); + + return CHIP_NO_ERROR; + } + + CHIP_ERROR ProtectFactoryDataPartitionAgainstWrite() { return CHIP_ERROR_NOT_IMPLEMENTED; } + + const struct device * mFlashDevice = DEVICE_DT_GET(DT_CHOSEN(zephyr_flash_controller)); + uint8_t mFactoryDataBuffer[FLASH_AREA_SIZE(factory_data)]; +}; + +template +class FactoryDataProvider : public chip::Credentials::DeviceAttestationCredentialsProvider, + public CommissionableDataProvider, + public DeviceInstanceInfoProvider +{ +public: + CHIP_ERROR Init(); + + // ===== Members functions that implement the DeviceAttestationCredentialsProvider + CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & outBuffer) override; + CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override; + CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & outBuffer) override; + CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & outBuffer) override; + CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & messageToSign, MutableByteSpan & outSignBuffer) override; + + // ===== Members functions that implement the CommissionableDataProvider + CHIP_ERROR GetSetupDiscriminator(uint16_t & setupDiscriminator) override; + CHIP_ERROR SetSetupDiscriminator(uint16_t setupDiscriminator) override; + CHIP_ERROR GetSpake2pIterationCount(uint32_t & iterationCount) override; + CHIP_ERROR GetSpake2pSalt(MutableByteSpan & saltBuf) override; + CHIP_ERROR GetSpake2pVerifier(MutableByteSpan & verifierBuf, size_t & verifierLen) override; + CHIP_ERROR GetSetupPasscode(uint32_t & setupPasscode) override; + CHIP_ERROR SetSetupPasscode(uint32_t setupPasscode) override; + + // ===== Members functions that implement the DeviceInstanceInfoProvider + CHIP_ERROR GetVendorName(char * buf, size_t bufSize) override; + CHIP_ERROR GetVendorId(uint16_t & vendorId) override; + CHIP_ERROR GetProductName(char * buf, size_t bufSize) override; + CHIP_ERROR GetProductId(uint16_t & productId) override; + CHIP_ERROR GetSerialNumber(char * buf, size_t bufSize) override; + CHIP_ERROR GetManufacturingDate(uint16_t & year, uint8_t & month, uint8_t & day) override; + CHIP_ERROR GetHardwareVersion(uint16_t & hardwareVersion) override; + CHIP_ERROR GetHardwareVersionString(char * buf, size_t bufSize) override; + CHIP_ERROR GetRotatingDeviceIdUniqueId(MutableByteSpan & uniqueIdSpan) override; + + // ===== Members functions that are platform-specific + CHIP_ERROR GetEnableKey(MutableByteSpan & enableKey); + +private: + static constexpr uint16_t kFactoryDataPartitionSize = FLASH_AREA_SIZE(factory_data); + static constexpr uint32_t kFactoryDataPartitionAddress = FLASH_AREA_OFFSET(factory_data); + static constexpr uint8_t kDACPrivateKeyLength = 32; + static constexpr uint8_t kDACPublicKeyLength = 65; + + struct FactoryData mFactoryData; + FlashFactoryData mFlashFactoryData; +}; + +} // namespace DeviceLayer +} // namespace chip diff --git a/src/platform/telink/args.gni b/src/platform/telink/args.gni index 1ff86d0b38c074..a8307083a7d217 100644 --- a/src/platform/telink/args.gni +++ b/src/platform/telink/args.gni @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Project CHIP Authors +# Copyright (c) 2022 Project CHIP Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,3 +15,8 @@ chip_device_platform = "telink" chip_inet_config_enable_ipv4 = false + +declare_args() { + # Enable factory data support + chip_enable_factory_data = false +} From 47448899e3836cbc48688f3f5c84054d33307643 Mon Sep 17 00:00:00 2001 From: pankore <86098180+pankore@users.noreply.github.com> Date: Thu, 10 Nov 2022 18:14:24 +0800 Subject: [PATCH 7/9] [Ameba] Fix Trailing Null (#23485) * TC-BINFO-2.1 when reading location, it shows 3 chars. Remove trailing null after getPref_str_new --- src/platform/Ameba/AmebaConfig.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/platform/Ameba/AmebaConfig.cpp b/src/platform/Ameba/AmebaConfig.cpp index b9ac5d05b789f2..8cc287585ddc6a 100644 --- a/src/platform/Ameba/AmebaConfig.cpp +++ b/src/platform/Ameba/AmebaConfig.cpp @@ -152,6 +152,7 @@ CHIP_ERROR AmebaConfig::ReadConfigValueStr(Key key, char * buf, size_t bufSize, if (success == 0) { + outLen -= 1; // Don't count trailing null return CHIP_NO_ERROR; } else From 256cd7810dba4cc7fd9208ece903792ff7dc45f6 Mon Sep 17 00:00:00 2001 From: Jerry-ESP <107675966+Jerry-ESP@users.noreply.github.com> Date: Wed, 23 Nov 2022 05:12:22 +0800 Subject: [PATCH 8/9] Update the RegulatoryLocation and LocationCapability get and set logic (#23579) (#23713) * ESP32: add RegulatoryLocation and LocationCapability value init * Restyled by clang-format Co-authored-by: Restyled.io Co-authored-by: Restyled.io --- config/esp32/components/chip/Kconfig | 13 ++++++++++--- .../GenericConfigurationManagerImpl.ipp | 17 ++++++++++++++++- .../ESP32/ConfigurationManagerImpl.cpp | 19 +++++++++++++++++++ src/platform/ESP32/ConfigurationManagerImpl.h | 1 + src/platform/ESP32/ESP32Config.cpp | 1 + src/platform/ESP32/ESP32Config.h | 1 + 6 files changed, 48 insertions(+), 4 deletions(-) diff --git a/config/esp32/components/chip/Kconfig b/config/esp32/components/chip/Kconfig index 57ace57f55bf1f..4f406f762f83eb 100644 --- a/config/esp32/components/chip/Kconfig +++ b/config/esp32/components/chip/Kconfig @@ -253,7 +253,7 @@ menu "CHIP Device Layer" help The size (in bytes) of the service directory cache. This limits the maximum size of the directory that can be returned in response to a service directory query. - + config ENABLE_EXTENDED_DISCOVERY bool "Enable Extended discovery Support" default n @@ -500,7 +500,7 @@ menu "CHIP Device Layer" config USE_BLE_ONLY_FOR_COMMISSIONING bool "Use BLE only for commissioning" default y - help + help Disable this flag if BLE is used for any other purpose than commissioning. When enabled, it deinitialized the BLE on successful commissioning, and on bootup do not initialize the BLE if device is already provisioned with Wi-Fi/Thread credentials. @@ -695,6 +695,13 @@ menu "CHIP Device Layer" Details like Supported calendar types, supported locales, and fixed labels will be read from factory partition. + config ENABLE_ESP32_LOCATIONCAPABILITY + depends on ENABLE_ESP32_FACTORY_DATA_PROVIDER + bool "Enable ESP32 Device LocationCapability " + default n + help + Enable ESP32 Device LocationCapability + endmenu @@ -890,7 +897,7 @@ menu "CHIP Device Layer" default "nvs" help Label of the partition to store key-values in the "chip-counters" namespace. - + config CHIP_KVS_NAMESPACE_PARTITION_LABEL string "chip-kvs namespace partition label" default "nvs" diff --git a/src/include/platform/internal/GenericConfigurationManagerImpl.ipp b/src/include/platform/internal/GenericConfigurationManagerImpl.ipp index 72f41dca2ae170..f6c9e504281896 100644 --- a/src/include/platform/internal/GenericConfigurationManagerImpl.ipp +++ b/src/include/platform/internal/GenericConfigurationManagerImpl.ipp @@ -415,7 +415,22 @@ void GenericConfigurationManagerImpl::NotifyOfAdvertisementStart() template CHIP_ERROR GenericConfigurationManagerImpl::GetRegulatoryLocation(uint8_t & location) { - return GetLocationCapability(location); + uint32_t value; + if (CHIP_NO_ERROR != ReadConfigValue(ConfigClass::kConfigKey_RegulatoryLocation, value)) + { + ReturnErrorOnFailure(GetLocationCapability(location)); + + if (CHIP_NO_ERROR != StoreRegulatoryLocation(location)) + { + ChipLogError(DeviceLayer, "Failed to store RegulatoryLocation"); + } + } + else + { + location = static_cast(value); + } + + return CHIP_NO_ERROR; } template diff --git a/src/platform/ESP32/ConfigurationManagerImpl.cpp b/src/platform/ESP32/ConfigurationManagerImpl.cpp index 4fd82a072d9a68..c306fc05dc4139 100644 --- a/src/platform/ESP32/ConfigurationManagerImpl.cpp +++ b/src/platform/ESP32/ConfigurationManagerImpl.cpp @@ -221,6 +221,25 @@ CHIP_ERROR ConfigurationManagerImpl::GetSoftwareVersion(uint32_t & softwareVer) return CHIP_NO_ERROR; } +CHIP_ERROR ConfigurationManagerImpl::GetLocationCapability(uint8_t & location) +{ +#if CONFIG_ENABLE_ESP32_LOCATIONCAPABILITY + uint32_t value = 0; + CHIP_ERROR err = ReadConfigValue(ESP32Config::kConfigKey_LocationCapability, value); + + if (err == CHIP_NO_ERROR) + { + VerifyOrReturnError(value <= UINT8_MAX, CHIP_ERROR_INVALID_INTEGER_VALUE); + location = static_cast(value); + } + + return err; +#else + location = static_cast(chip::app::Clusters::GeneralCommissioning::RegulatoryLocationType::kIndoor); + return CHIP_NO_ERROR; +#endif +} + CHIP_ERROR ConfigurationManagerImpl::GetPrimaryWiFiMACAddress(uint8_t * buf) { #if CHIP_DEVICE_CONFIG_ENABLE_WIFI diff --git a/src/platform/ESP32/ConfigurationManagerImpl.h b/src/platform/ESP32/ConfigurationManagerImpl.h index 32f4951473349e..64438612fd0a3e 100644 --- a/src/platform/ESP32/ConfigurationManagerImpl.h +++ b/src/platform/ESP32/ConfigurationManagerImpl.h @@ -57,6 +57,7 @@ class ConfigurationManagerImpl : public Internal::GenericConfigurationManagerImp CHIP_ERROR GetProductLabel(char * buf, size_t bufSize) override; CHIP_ERROR GetSoftwareVersionString(char * buf, size_t bufSize); CHIP_ERROR GetSoftwareVersion(uint32_t & softwareVer) override; + CHIP_ERROR GetLocationCapability(uint8_t & location) override; static ConfigurationManagerImpl & GetDefaultInstance(); private: diff --git a/src/platform/ESP32/ESP32Config.cpp b/src/platform/ESP32/ESP32Config.cpp index 361cd7b9c370c2..6007cb9282e148 100644 --- a/src/platform/ESP32/ESP32Config.cpp +++ b/src/platform/ESP32/ESP32Config.cpp @@ -77,6 +77,7 @@ const ESP32Config::Key ESP32Config::kConfigKey_ProductURL = { kConfig const ESP32Config::Key ESP32Config::kConfigKey_SupportedCalTypes = { kConfigNamespace_ChipFactory, "cal-types" }; const ESP32Config::Key ESP32Config::kConfigKey_SupportedLocaleSize = { kConfigNamespace_ChipFactory, "locale-sz" }; const ESP32Config::Key ESP32Config::kConfigKey_RotatingDevIdUniqueId = { kConfigNamespace_ChipFactory, "rd-id-uid" }; +const ESP32Config::Key ESP32Config::kConfigKey_LocationCapability = { kConfigNamespace_ChipFactory, "loc-capability" }; // Keys stored in the chip-config namespace const ESP32Config::Key ESP32Config::kConfigKey_ServiceConfig = { kConfigNamespace_ChipConfig, "service-config" }; diff --git a/src/platform/ESP32/ESP32Config.h b/src/platform/ESP32/ESP32Config.h index f884af85c3da46..6a008dbb795cf7 100644 --- a/src/platform/ESP32/ESP32Config.h +++ b/src/platform/ESP32/ESP32Config.h @@ -79,6 +79,7 @@ class ESP32Config static const Key kConfigKey_SupportedCalTypes; static const Key kConfigKey_SupportedLocaleSize; static const Key kConfigKey_RotatingDevIdUniqueId; + static const Key kConfigKey_LocationCapability; // CHIP Config keys static const Key kConfigKey_ServiceConfig; From 1d62999ba2b6cc9f10bfe275a2b4e23da65c4f31 Mon Sep 17 00:00:00 2001 From: Alex Tsitsiura Date: Thu, 24 Nov 2022 21:01:03 +0200 Subject: [PATCH 9/9] [Telink] Allow to erase entire NVS on factory reset by default; Fix IDM-7.1 test. (Cherry-pick #23434 & #23676) (#23677) * [Zephyr] Allow to erase entire NVS on factory reset (#23434) * [Zephyr] Allow to erase entire NVS on factory reset Currently, the default factory reset implementation simply removes Matter (and OpenThread) settings instead of formatting the non-volatile storage partition. The latter approach may be advisable in the cases where no settings need to survive a factory reset, as it is expected to work properly regardless of the state of the storage partition. Additionally, it will regain the original storage performance if it has been loaded with a lot of stale data. Signed-off-by: Damian Krolik * [Telink] Allow to erase entire NVS on factory reset by default; Fix IDM-7.1 test. Signed-off-by: Damian Krolik --- config/telink/chip-module/Kconfig | 5 ++++ config/zephyr/Kconfig | 11 ++++++++ .../Zephyr/ConfigurationManagerImpl.cpp | 27 ++++++++++++++++--- 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/config/telink/chip-module/Kconfig b/config/telink/chip-module/Kconfig index 366c43d8eac6db..f216280df7e583 100644 --- a/config/telink/chip-module/Kconfig +++ b/config/telink/chip-module/Kconfig @@ -266,3 +266,8 @@ config CHIP_CERTIFiCATION_DECLARATION_OTA_IMAGE_ID for sending it via OTA Software Update purposes. endif + +# See config/zephyr/Kconfig for full definition +config CHIP_FACTORY_RESET_ERASE_NVS + bool + default y diff --git a/config/zephyr/Kconfig b/config/zephyr/Kconfig index fd779c62e319f3..57770b686a6b50 100644 --- a/config/zephyr/Kconfig +++ b/config/zephyr/Kconfig @@ -196,6 +196,17 @@ config CHIP_OPERATIONAL_TIME_SAVE_INTERVAL precisely operation time in case of device reboot and maximizing flash memory lifetime. +config CHIP_FACTORY_RESET_ERASE_NVS + bool "Erase NVS flash pages on factory reset" + depends on SETTINGS_NVS + help + When factory reset is requested, erase flash pages occupied by non-volatile storage + instead of removing Matter-related settings only. This provides a more robust + factory reset mechanism and allows to regain the original storage performance if any + firmware issue has brought it to an unexpected state. For this reason, it is + advisable to set this option if all configuration, including device-specific + entries, is supposed to be cleared on a factory reset. + config CHIP_MALLOC_SYS_HEAP bool "Memory allocator based on Zephyr sys_heap" imply SYS_HEAP_RUNTIME_STATS diff --git a/src/platform/Zephyr/ConfigurationManagerImpl.cpp b/src/platform/Zephyr/ConfigurationManagerImpl.cpp index bd19057e65d3bf..107579afbfbb03 100644 --- a/src/platform/Zephyr/ConfigurationManagerImpl.cpp +++ b/src/platform/Zephyr/ConfigurationManagerImpl.cpp @@ -32,6 +32,11 @@ #include #include +#ifdef CONFIG_CHIP_FACTORY_RESET_ERASE_NVS +#include +#include +#endif + namespace chip { namespace DeviceLayer { @@ -168,14 +173,30 @@ void ConfigurationManagerImpl::RunConfigUnitTest(void) void ConfigurationManagerImpl::DoFactoryReset(intptr_t arg) { ChipLogProgress(DeviceLayer, "Performing factory reset"); + +#ifdef CONFIG_CHIP_FACTORY_RESET_ERASE_NVS + void * storage = nullptr; + int status = settings_storage_get(&storage); + + if (status == 0) + { + status = nvs_clear(static_cast(storage)); + } + + if (status) + { + ChipLogError(DeviceLayer, "Factory reset failed: %d", status); + } +#else const CHIP_ERROR err = PersistedStorage::KeyValueStoreMgrImpl().DoFactoryReset(); if (err != CHIP_NO_ERROR) + { ChipLogError(DeviceLayer, "Factory reset failed: %" CHIP_ERROR_FORMAT, err.Format()); + } -#if CHIP_DEVICE_CONFIG_ENABLE_THREAD - ThreadStackMgr().ErasePersistentInfo(); -#endif // CHIP_DEVICE_CONFIG_ENABLE_THREAD + ConnectivityMgr().ErasePersistentInfo(); +#endif PlatformMgr().Shutdown(); }