X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/61a0271a91d0019def76775ed5d1285cfd3a2fe5..752b8244b973b849beebf76c2e3df2a0bc5189b0:/ectab.in

diff --git a/ectab.in b/ectab.in
index 0a8899e..238accb 100644
--- a/ectab.in
+++ b/ectab.in
@@ -315,8 +315,6 @@ curve ansi-c2pnb163v3 binpoly
   gx 0x02f9f87b7c574d0bdecf8a22e6524775f98cdebdcb
   gy 0x05b935590c155e17ea48eb3ff3718b893df59a05d0
 
-# ansi-c2pnb176w1 has an unacceptable cofactor; and 176 isn't prime anyway
-
 curve ansi-c2tnb191v1 binpoly
   p 0x800000000000000000000000000000000000000000000201
   a 0x2866537b676752636a68f56554e12640276b649ef7526267
@@ -333,7 +331,14 @@ curve ansi-c2tnb191v2 binpoly
   h 4
   gx 0x3809b2b7cc1b28cc5a87926aad83fd28789e81e2c9e3bf10
   gy 0x17434386626d14f3dbf01760d9213a3e1cf37aec437d668a
-# ansi-c2tnb191v3 and ansi-c2onb191v2 have unacceptable cofactor
+curve ansi-c2tnb191v3 binpoly
+  p 0x800000000000000000000000000000000000000000000201
+  a 0x6c01074756099122221056911c77d77e77a777e7e7e77fcb
+  b 0x71fe1af926cf847989efef8db459f66394d90f32ad3f15e8
+  r 0x155555555555555555555555610c0b196812bfb6288a3ea3
+  h 6
+  gx 0x375d4ce24fde434489de8746e71786015009e66e38a926dd
+  gy 0x545a39176196575d985999366e6ad34ce0a77cd7127b06be
 curve ansi-c2onb191v1 binnorm
   p 0x800000000000000000000000000000000000000000000201
   beta 0x19c409a7f85383bf0ef72b097a5c7398013a2dba6269292d
@@ -343,8 +348,15 @@ curve ansi-c2onb191v1 binnorm
   h 2
   gx 0x5a2c69a32e8638e51ccefaad05350a978457cb5fb6df994a
   gy 0x0f32fe0fa0e902f19b17d363c269f4f5cfe8087618569954
-
-# ansi-c2pnb208v1 has an unacceptable cofactor; and 208 isn't prime anyway
+curve ansi-c2onb191v2 binnorm
+  p 0x800000000000000000000000000000000000000000000201
+  beta 0x19c409a7f85383bf0ef72b097a5c7398013a2dba6269292d
+  a 0x25f8d06c97c822536d469cd5170cdd7bb9f500bd6db110fb
+  b 0x75ff570e35ca94fb3780c2619d081c17aa59fbd5e591c1c4
+  r 0x0fffffffffffffffffffffffeeb354b7270b2992b7818627
+  h 8
+  gx 0x2a16910e8f6c4b199be24213857abc9c992edfb2471f3c68
+  gy 0x1592dbfebeb81a7c071b744d5e2f9e242ea65b81138a3468  
 
 curve ansi-c2tnb239v1 binpoly
   p 0x800000000000000000000000000000000000000000000000001000000001
@@ -354,7 +366,22 @@ curve ansi-c2tnb239v1 binpoly
   h 4
   gx 0x57927098fa932e7c0a96d3fd5b706ef7e5f5c156e16b7e7c86038552e91d
   gy 0x61d8ee5077c33fecf6f1a16b268de469c3c7744ea9a971649fc7a9616305
-# ansi-c2tnb239v{2,3} and ansi-c2onb239v2 have unacceptable cofactors
+curve ansi-c2tnb239v2 binpoly
+  p 0x800000000000000000000000000000000000000000000000001000000001
+  a 0x4230017757a767fae42398569b746325d45313af0766266479b75654e65f
+  b 0x5037ea654196cff0cd82b2c14a2fcf2e3ff8775285b545722f03eacdb74b
+  r 0x1555555555555555555555555555553c6f2885259c31e3fcdf154624522d
+  h 6
+  gx 0x28f9d04e900069c8dc47a08534fe76d2b900b7d7ef31f5709f200c4ca205
+  gy 0x5667334c45aff3b5a03bad9dd75e2c71a99362567d5453f7fa6e227ec833
+curve ansi-c2tnb239v3 binpoly
+  p 0x800000000000000000000000000000000000000000000000001000000001
+  a 0x01238774666a67766d6676f778e676b66999176666e687666d8766c66a9f
+  b 0x6a941977ba9f6a435199acfc51067ed587f519c5ecb541b8e44111de1d40
+  r 0x0cccccccccccccccccccccccccccccac4912d2d9df903ef9888b8a0e4cff
+  h 10
+  gx 0x70f6e9d04d289c4e89913ce3530bfde903977d42b146d539bf1bde4e9c92
+  gy 0x2e5a0eaf6e5e1305b9004dce5c0ed7fe59a35608f33837c816d80b79f461
 curve ansi-c2onb239v1 binnorm
   p 0x800000000000000000000000000000000000000000000000001000000001
   beta 0x3b5ce9846911b248f9347018a7ac8cce3662cee952ba45becd02d4b903ec
@@ -364,16 +391,45 @@ curve ansi-c2onb239v1 binnorm
   h 4
   gx 0x4912ad657f1d1c6b32edb9942c95e226b06fb012cd40fdea0d72197c8104
   gy 0x01f1fbc3d21168fd3f66c441c2b5c6cfdcd9ed3e13646b7a4db9a3b0c286
-
-# ansi-c2pnb272w1 has an unacceptable cofactor; and 272 isn't prime anyway
-
-# ansi-c2pnb304w1 has an unacceptable cofactor; and 304 isn't prime anyway
-
-# ansi-c2tnb359v1 has an unacceptable cofactor
-
-# ansi-c2pnb368w1 has an unacceptable cofactor; and 368 isn't prime anyway
-
-# ansi-c2tnb431v1 has an unacceptable cofactor
+curve ansi-c2onb239v2 binnorm
+  p 0x800000000000000000000000000000000000000000000000001000000001
+  beta 0x3b5ce9846911b248f9347018a7ac8cce3662cee952ba45becd02d4b903ec
+  a 0x1ecf1b9d28d8017505e17475d3df2982e243ca5cb5e9f94a3f36124a486e
+  b 0x3ee257250d1a2e66cef23aa0f25b12388de8a10ff9554f90afbaa9a08b6d
+  r 0x1555555555555555555555555555558cf77a5d0589d2a9340d963b7ad703
+  h 6
+  gx 0x5f949ccb694f26b96d191e8925205a719929e93c37174cb6c7f659a37b85
+  gy 0x2d788d605ac81069e9964fd6edbae8bbf582a5c409a1078cf487a147ceb2
+  ## The spec seems bogus: the suggested base point G isn't in the
+  ## subgroup!  The point above is h G.
+  ##gx 0x193279fc543e9f5f7119189785b9c60b249be4820baf6c24bdfa2813f8b8
+  ##gy 0x5da021e5af77604051fc5c38da8293c1eeeaa00f046eeb93b6c8b774bb9b
+
+curve ansi-c2tnb359v1 binpoly
+  p 0x800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001
+  a 0x5667676a654b20754f356ea92017d946567c46675556f19556a04616b567d223a5e05656fb549016a96656a557
+  b 0x2472e2d0197c49363f1fe7f5b6db075d52b6947d135d8ca445805d39bc345626089687742b6329e70680231988
+  r 0x01af286bca1af286bca1af286bca1af286bca1af286bc9fb8f6b85c556892c20a7eb964fe7719e74f490758d3b
+  h 76
+  gx 0x3c258ef3047767e7ede0f1fdaa79daee3841366a132e163aced4ed2401df9c6bdcde98e8e707c07a2239b1b097
+  gy 0x53d7e08529547048121e9c95f3791dd804963948f34fae7bf44ea82365dc7868fe57e4ae2de211305a407104bd
+
+curve ansi-c2tnb431v1 binpoly
+  p 0x800000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000001
+  a 0x1a827ef00dd6fc0e234caf046c6a5d8a85395b236cc4ad2cf32a0cadbdc9ddf620b0eb9906d0957f6c6feacd615468df104de296cd8f
+  b 0x10d9b4a3d9047d8b154359abfb1b7f5485b04ceb868237ddc9deda982a679a5a919b626d4e50a8dd731b107a9962381fb5d807bf2618
+  r 0x000340340340340340340340340340340340340340340340340340340323c313fab50589703b5ec68d3587fec60d161cc149c1ad4a91
+  h 10080
+  gx 0x120fc05d3c67a99de161d2f4092622feca701be4f50f4758714e8a87bbf2a658ef8c21e7c5efe965361f6c2999c0c247b0dbd70ce6b7
+  gy 0x20d0af8903a96f8d5fa2c255745d3c451b302c9346d9b7e485e7bce41f6b591f3e8f6addcbb0bc4c2f947a7de1a89b625d6a598b3760
+
+# These curves aren't included because their degree isn't prime (so they
+# may be vulnerable to Weil descent)
+# ansi-c2pnb176w1 is bad: 176 isn't prime
+# ansi-c2pnb208v1 is bad: 208 isn't prime
+# ansi-c2pnb272w1 is bad: 272 isn't prime
+# ansi-c2pnb304w1 is bad: 304 isn't prime
+# ansi-c2pnb368w1 is bad: 368 isn't prime
 
 alias ansi-prime192v1 secp192r1
 curve ansi-prime192v2 niceprime