13 #ifdef USE_EXTERNAL_DEFAULT_CALLBACKS
14 #pragma message("Ignoring USE_EXTERNAL_CALLBACKS in tests.")
15 #undef USE_EXTERNAL_DEFAULT_CALLBACKS
17 #if defined(VERIFY) && defined(COVERAGE)
18 #pragma message("Defining VERIFY for tests being built for coverage analysis support is meaningless.")
22 #include "../include/secp256k1.h"
23 #include "../include/secp256k1_preallocated.h"
29 #include "../contrib/lax_der_parsing.c"
30 #include "../contrib/lax_der_privatekey_parsing.c"
33 #ifdef SECP256K1_WIDEMUL_INT128
38 #define CONDITIONAL_TEST(cnt, nam) if (COUNT < (cnt)) { printf("Skipping %s (iteration count too low)\n", nam); } else
45 const unsigned char *p = s;
48 for (i = 0; i < n; i++) {
56 #define CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, callback, callback_setter) do { \
57 int32_t _calls_to_callback = 0; \
58 secp256k1_callback _saved_callback = ctx->callback; \
59 callback_setter(ctx, counting_callback_fn, &_calls_to_callback); \
61 ctx->callback = _saved_callback; \
62 CHECK(_calls_to_callback == 1); \
68 #define CHECK_ERROR_VOID(ctx, expr_or_stmt) \
69 CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, error_callback, secp256k1_context_set_error_callback)
70 #define CHECK_ILLEGAL_VOID(ctx, expr_or_stmt) \
71 CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, illegal_callback, secp256k1_context_set_illegal_callback)
78 #define CHECK_ILLEGAL(ctx, expr) CHECK_ILLEGAL_VOID(ctx, CHECK((expr) == 0))
79 #define CHECK_ERROR(ctx, expr) CHECK_ERROR_VOID(ctx, CHECK((expr) == 0))
86 CHECK(*p != INT32_MAX);
95 CHECK(*p != INT32_MIN);
111 CHECK(fe->magnitude == n);
116 unsigned char bin[32];
185 unsigned char b32[32];
198 unsigned char b32[32];
225 unsigned char buf32[32];
226 unsigned char seed16[16] = {
227 'C',
'H',
'I',
'C',
'K',
'E',
'N',
'!',
228 'C',
'H',
'I',
'C',
'K',
'E',
'N',
'!',
230 unsigned char buf32_expected[32] = {
231 0xAF, 0xCC, 0xA9, 0x16, 0xB5, 0x6C, 0xE3, 0xF0,
232 0x44, 0x3F, 0x45, 0xE0, 0x47, 0xA5, 0x08, 0x36,
233 0x4C, 0xCC, 0xC1, 0x18, 0xB2, 0xD8, 0x8F, 0xEF,
234 0x43, 0x26, 0x15, 0x57, 0x37, 0x00, 0xEF, 0x30,
237 for (i = 0; i < 17; i++) {
272 for (i = 0; i < (int)(
sizeof(
flags)/
sizeof(
flags[0])); i++) {
286 unsigned char ctmp[32];
290 memset(&zero_pubkey, 0,
sizeof(zero_pubkey));
318 unsigned char seed[32] = {0x17};
329 CHECK(my_static_ctx != NULL);
330 memset(my_static_ctx, 0x2a,
sizeof(*my_static_ctx));
357 void *my_ctx_prealloc = NULL;
358 unsigned char seed[32] = {0x17};
370 CHECK(my_ctx_prealloc != NULL);
402 free(my_ctx_prealloc);
404 CHECK(my_ctx_prealloc != NULL);
414 CHECK(prealloc_tmp != NULL);
465 free(my_ctx_prealloc);
486 CHECK(scratch != NULL);
524 memset(&local_scratch, 0,
sizeof(local_scratch));
525 scratch = &local_scratch;
547 static const uint32_t b32[] = {1, 0xffffffff, 0x5e56968f, 0xe0d63129};
548 static const uint64_t b64[] = {1, 0xffffffffffffffff, 0xbcd02462139b3fc3, 0x98b5f80c769693ef};
551 for (i = 0; i <
sizeof(b32) /
sizeof(b32[0]); ++i) {
552 for (shift = 0; shift < 32; ++shift) {
557 for (i = 0; i <
sizeof(b64) /
sizeof(b64[0]); ++i) {
558 for (shift = 0; shift < 64; ++shift) {
568 static const char *inputs[] = {
569 "",
"abc",
"message digest",
"secure hash algorithm",
"SHA256 is considered to be safe",
570 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
571 "For this sample, this 63-byte string will be used as input data",
572 "This is exactly 64 bytes long, not counting the terminating byte",
575 static const unsigned int repeat[] = {
576 1, 1, 1, 1, 1, 1, 1, 1, 1000000/5
578 static const unsigned char outputs[][32] = {
579 {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55},
580 {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
581 {0xf7, 0x84, 0x6f, 0x55, 0xcf, 0x23, 0xe1, 0x4e, 0xeb, 0xea, 0xb5, 0xb4, 0xe1, 0x55, 0x0c, 0xad, 0x5b, 0x50, 0x9e, 0x33, 0x48, 0xfb, 0xc4, 0xef, 0xa3, 0xa1, 0x41, 0x3d, 0x39, 0x3c, 0xb6, 0x50},
582 {0xf3, 0x0c, 0xeb, 0x2b, 0xb2, 0x82, 0x9e, 0x79, 0xe4, 0xca, 0x97, 0x53, 0xd3, 0x5a, 0x8e, 0xcc, 0x00, 0x26, 0x2d, 0x16, 0x4c, 0xc0, 0x77, 0x08, 0x02, 0x95, 0x38, 0x1c, 0xbd, 0x64, 0x3f, 0x0d},
583 {0x68, 0x19, 0xd9, 0x15, 0xc7, 0x3f, 0x4d, 0x1e, 0x77, 0xe4, 0xe1, 0xb5, 0x2d, 0x1f, 0xa0, 0xf9, 0xcf, 0x9b, 0xea, 0xea, 0xd3, 0x93, 0x9f, 0x15, 0x87, 0x4b, 0xd9, 0x88, 0xe2, 0xa2, 0x36, 0x30},
584 {0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1},
585 {0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42},
586 {0xab, 0x64, 0xef, 0xf7, 0xe8, 0x8e, 0x2e, 0x46, 0x16, 0x5e, 0x29, 0xf2, 0xbc, 0xe4, 0x18, 0x26, 0xbd, 0x4c, 0x7b, 0x35, 0x52, 0xf6, 0xb3, 0x82, 0xa9, 0xe7, 0xd3, 0xaf, 0x47, 0xc2, 0x45, 0xf8},
587 {0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0},
589 unsigned int i, ninputs;
592 ninputs =
sizeof(inputs)/
sizeof(inputs[0]) - 1;
595 for (i = 0; i < ninputs; i++) {
596 unsigned char out[32];
609 if (strlen(inputs[i]) > 0) {
669 static const char *input =
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno";
671 {{0xa2b5c8bb, 0x26c88bb3, 0x2abdc3d2, 0x9def99a3, 0xdfd21a6e, 0x41fe585b, 0x7ef2c440, 0x2b79adda},
673 {{0xa0d29445, 0x9287de66, 0x76aabd71, 0x41acd765, 0x0c7528b4, 0x84e14906, 0x942faec6, 0xcc5a7b26},
675 {{0x50449526, 0xb9f1d657, 0xa0fc13e9, 0x50860f10, 0xa550c431, 0x3fbc97c1, 0x7bbb2d89, 0xdb67bac1},
677 {{0x54a6efdc, 0x46762e7b, 0x88bfe73f, 0xbbd149c7, 0x41620c43, 0x1168da7b, 0x2c5960f9, 0xeccffda6},
679 {{0x2515a8f5, 0x5faa2977, 0x3a850486, 0xac858cad, 0x7b7276ee, 0x235c0385, 0xc53a157c, 0x7cb3e69c},
681 {{0x34f39828, 0x409fedb7, 0x4bbdd0fb, 0x3b643634, 0x7806bf2e, 0xe0d1b713, 0xca3f2e1e, 0xe38722c2},
683 {{0x389ef5c5, 0x38c54167, 0x8f5d56ab, 0x582a75cc, 0x8217caef, 0xf10947dd, 0x6a1998a8, 0x048f0b8c},
685 {{0xd6c3f394, 0x0bee43b9, 0x6783f497, 0x29fa9e21, 0x6ce491c1, 0xa81fe45e, 0x2fc3859a, 0x269012d0},
687 {{0x6dd3c526, 0x44d88aa0, 0x806a1bae, 0xfbcc0d32, 0x9d6144f3, 0x9d2bd757, 0x9851a957, 0xb50430ad},
689 {{0x2add4021, 0xdfe8a9e6, 0xa56317c6, 0x7a15f5bb, 0x4a48aacd, 0x5d368414, 0x4f00e6f0, 0xd9355023},
691 {{0xb66666b4, 0xdbeac32b, 0x0ea351ae, 0xcba9da46, 0x6278b874, 0x8c508e23, 0xe16ca776, 0x8465bac1},
693 {{0xb6744789, 0x9cce87aa, 0xc4c478b7, 0xf38404d8, 0x2e38ba62, 0xa3f7019b, 0x50458fe7, 0x3047dbec},
695 {{0x8b1297ba, 0xba261a80, 0x2ba1b0dd, 0xfbc67d6d, 0x61072c4e, 0x4b5a2a0f, 0x52872760, 0x2dfeb162},
697 {{0x24f33cf7, 0x41ad6583, 0x41c8ff5d, 0xca7ef35f, 0x50395756, 0x021b743e, 0xd7126cd7, 0xd037473a},
698 {0x00}, 0x1ffffffc0},
700 static const unsigned char outputs[][32] = {
701 {0x0e, 0x83, 0xe2, 0xc9, 0x4f, 0xb2, 0xb8, 0x2b, 0x89, 0x06, 0x92, 0x78, 0x04, 0x03, 0x48, 0x5c, 0x48, 0x44, 0x67, 0x61, 0x77, 0xa4, 0xc7, 0x90, 0x9e, 0x92, 0x55, 0x10, 0x05, 0xfe, 0x39, 0x15},
702 {0x1d, 0x1e, 0xd7, 0xb8, 0xa3, 0xa7, 0x8a, 0x79, 0xfd, 0xa0, 0x05, 0x08, 0x9c, 0xeb, 0xf0, 0xec, 0x67, 0x07, 0x9f, 0x8e, 0x3c, 0x0d, 0x8e, 0xf9, 0x75, 0x55, 0x13, 0xc1, 0xe8, 0x77, 0xf8, 0xbb},
703 {0x66, 0x95, 0x6c, 0xc9, 0xe0, 0x39, 0x65, 0xb6, 0xb0, 0x05, 0xd1, 0xaf, 0xaf, 0xf3, 0x1d, 0xb9, 0xa4, 0xda, 0x6f, 0x20, 0xcd, 0x3a, 0xae, 0x64, 0xc2, 0xdb, 0xee, 0xf5, 0xb8, 0x8d, 0x57, 0x0e},
704 {0x3c, 0xbb, 0x1c, 0x12, 0x5e, 0x17, 0xfd, 0x54, 0x90, 0x45, 0xa7, 0x7b, 0x61, 0x6c, 0x1d, 0xfe, 0xe6, 0xcc, 0x7f, 0xee, 0xcf, 0xef, 0x33, 0x35, 0x50, 0x62, 0x16, 0x70, 0x2f, 0x87, 0xc3, 0xc9},
705 {0x53, 0x4d, 0xa8, 0xe7, 0x1e, 0x98, 0x73, 0x8d, 0xd9, 0xa3, 0x54, 0xa5, 0x0e, 0x59, 0x2c, 0x25, 0x43, 0x6f, 0xaa, 0xa2, 0xf5, 0x21, 0x06, 0x3e, 0xc9, 0x82, 0x06, 0x94, 0x98, 0x72, 0x9d, 0xa7},
706 {0xef, 0x7e, 0xe9, 0x6b, 0xd3, 0xe5, 0xb7, 0x41, 0x4c, 0xc8, 0xd3, 0x07, 0x52, 0x9a, 0x5a, 0x8b, 0x4e, 0x1e, 0x75, 0xa4, 0x17, 0x78, 0xc8, 0x36, 0xcd, 0xf8, 0x2e, 0xd9, 0x57, 0xe3, 0xd7, 0x07},
707 {0x87, 0x16, 0xfb, 0xf9, 0xa5, 0xf8, 0xc4, 0x56, 0x2b, 0x48, 0x52, 0x8e, 0x2d, 0x30, 0x85, 0xb6, 0x4c, 0x56, 0xb5, 0xd1, 0x16, 0x9c, 0xcf, 0x32, 0x95, 0xad, 0x03, 0xe8, 0x05, 0x58, 0x06, 0x76},
708 {0x75, 0x03, 0x80, 0x28, 0xf2, 0xa7, 0x63, 0x22, 0x1a, 0x26, 0x9c, 0x68, 0xe0, 0x58, 0xfc, 0x73, 0xeb, 0x42, 0xf6, 0x86, 0x16, 0x24, 0x4b, 0xbc, 0x24, 0xf7, 0x02, 0xc8, 0x3d, 0x90, 0xe2, 0xb0},
709 {0xdf, 0x49, 0x0f, 0x15, 0x7b, 0x7d, 0xbf, 0xe0, 0xd4, 0xcf, 0x47, 0xc0, 0x80, 0x93, 0x4a, 0x61, 0xaa, 0x03, 0x07, 0x66, 0xb3, 0x38, 0x5d, 0xc8, 0xc9, 0x07, 0x61, 0xfb, 0x97, 0x10, 0x2f, 0xd8},
710 {0x77, 0x19, 0x40, 0x56, 0x41, 0xad, 0xbc, 0x59, 0xda, 0x1e, 0xc5, 0x37, 0x14, 0x63, 0x7b, 0xfb, 0x79, 0xe2, 0x7a, 0xb1, 0x55, 0x42, 0x99, 0x42, 0x56, 0xfe, 0x26, 0x9d, 0x0f, 0x7e, 0x80, 0xc6},
711 {0x50, 0xe7, 0x2a, 0x0e, 0x26, 0x44, 0x2f, 0xe2, 0x55, 0x2d, 0xc3, 0x93, 0x8a, 0xc5, 0x86, 0x58, 0x22, 0x8c, 0x0c, 0xbf, 0xb1, 0xd2, 0xca, 0x87, 0x2a, 0xe4, 0x35, 0x26, 0x6f, 0xcd, 0x05, 0x5e},
712 {0xe4, 0x80, 0x6f, 0xdb, 0x3d, 0x7d, 0xba, 0xde, 0x50, 0x3f, 0xea, 0x00, 0x3d, 0x46, 0x59, 0x64, 0xfd, 0x58, 0x1c, 0xa1, 0xb8, 0x7d, 0x5f, 0xac, 0x94, 0x37, 0x9e, 0xa0, 0xc0, 0x9c, 0x93, 0x8b},
713 {0x2c, 0xf3, 0xa9, 0xf6, 0x15, 0x25, 0x80, 0x70, 0x76, 0x99, 0x7d, 0xf1, 0xc3, 0x2f, 0xa3, 0x31, 0xff, 0x92, 0x35, 0x2e, 0x8d, 0x04, 0x13, 0x33, 0xd8, 0x0d, 0xdb, 0x4a, 0xf6, 0x8c, 0x03, 0x34},
714 {0xec, 0x12, 0x24, 0x9f, 0x35, 0xa4, 0x29, 0x8b, 0x9e, 0x4a, 0x95, 0xf8, 0x61, 0xaf, 0x61, 0xc5, 0x66, 0x55, 0x3e, 0x3f, 0x2a, 0x98, 0xea, 0x71, 0x16, 0x6b, 0x1c, 0xd9, 0xe4, 0x09, 0xd2, 0x8e},
717 for (i = 0; i <
sizeof(midstates)/
sizeof(midstates[0]); i++) {
718 unsigned char out[32];
738 static const char *keys[6] = {
739 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
741 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
742 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
743 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
744 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
746 static const char *inputs[6] = {
747 "\x48\x69\x20\x54\x68\x65\x72\x65",
748 "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f",
749 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
750 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
751 "\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65\x72\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a\x65\x20\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79\x20\x46\x69\x72\x73\x74",
752 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x2e"
754 static const unsigned char outputs[6][32] = {
755 {0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7},
756 {0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43},
757 {0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe},
758 {0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b},
759 {0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54},
760 {0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2}
763 for (i = 0; i < 6; i++) {
765 unsigned char out[32];
770 if (strlen(inputs[i]) > 0) {
782 static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0};
783 static const unsigned char out1[3][32] = {
784 {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb},
785 {0x2b, 0xf0, 0xff, 0xf1, 0xd3, 0xc3, 0x78, 0xa2, 0x2d, 0xc5, 0xde, 0x1d, 0x85, 0x65, 0x22, 0x32, 0x5c, 0x65, 0xb5, 0x04, 0x49, 0x1a, 0x0c, 0xbd, 0x01, 0xcb, 0x8f, 0x3a, 0xa6, 0x7f, 0xfd, 0x4a},
786 {0xf5, 0x28, 0xb4, 0x10, 0xcb, 0x54, 0x1f, 0x77, 0x00, 0x0d, 0x7a, 0xfb, 0x6c, 0x5b, 0x53, 0xc5, 0xc4, 0x71, 0xea, 0xb4, 0x3e, 0x46, 0x6d, 0x9a, 0xc5, 0x19, 0x0c, 0x39, 0xc8, 0x2f, 0xd8, 0x2e}
789 static const unsigned char key2[64] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
790 static const unsigned char out2[3][32] = {
791 {0x9c, 0x23, 0x6c, 0x16, 0x5b, 0x82, 0xae, 0x0c, 0xd5, 0x90, 0x65, 0x9e, 0x10, 0x0b, 0x6b, 0xab, 0x30, 0x36, 0xe7, 0xba, 0x8b, 0x06, 0x74, 0x9b, 0xaf, 0x69, 0x81, 0xe1, 0x6f, 0x1a, 0x2b, 0x95},
792 {0xdf, 0x47, 0x10, 0x61, 0x62, 0x5b, 0xc0, 0xea, 0x14, 0xb6, 0x82, 0xfe, 0xee, 0x2c, 0x9c, 0x02, 0xf2, 0x35, 0xda, 0x04, 0x20, 0x4c, 0x1d, 0x62, 0xa1, 0x53, 0x6c, 0x6e, 0x17, 0xae, 0xd7, 0xa9},
793 {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94}
797 unsigned char out[32];
801 for (i = 0; i < 3; i++) {
808 for (i = 0; i < 3; i++) {
815 for (i = 0; i < 3; i++) {
823 unsigned char tag[32] = { 0 };
824 unsigned char msg[32] = { 0 };
825 unsigned char hash32[32];
826 unsigned char hash_expected[32] = {
827 0x04, 0x7A, 0x5E, 0x17, 0xB5, 0x86, 0x47, 0xC1,
828 0x3C, 0xC6, 0xEB, 0xC0, 0xAA, 0x58, 0x3B, 0x62,
829 0xFB, 0x16, 0x43, 0x32, 0x68, 0x77, 0x40, 0x6C,
830 0xE2, 0x76, 0x55, 0x9A, 0x3B, 0xDE, 0x55, 0xB3
840 memcpy(tag,
"tag", 3);
841 memcpy(
msg,
"msg", 3);
857 for (l = 0; l < 6; ++l) w *= (2 - w*x);
866 static void mulmod256(uint16_t*
out,
const uint16_t* a,
const uint16_t* b,
const uint16_t* m) {
875 for (i = 0; i < 32; ++i) {
876 for (j = i <= 15 ? 0 : i - 15; j <= i && j <= 15; j++) {
877 c += (uint64_t)a[j] * b[i - j];
885 for (i = 511; i >= 0; --i) {
886 if ((mul[i >> 4] >> (i & 15)) & 1) {
894 memset(mul + 16, 0, 32);
896 for (i = 255; i >= 0; --i) {
897 if ((mul[i >> 4] >> (i & 15)) & 1) {
906 for (i = 255; i >= 0; --i) {
907 if ((
m[i >> 4] >> (i & 15)) & 1) {
914 for (i = mul_bitlen - m_bitlen; i >= 0; --i) {
920 for (j = 0; j < 32; ++j) {
924 for (p = 0; p < 16; ++p) {
925 int bitpos = j * 16 - i + p;
926 if (bitpos >= 0 && bitpos < 256) {
927 sub |= ((
m[bitpos >> 4] >> (bitpos & 15)) & 1) << p;
933 mul2[j] = (
cs & 0xFFFF);
938 memcpy(mul, mul2,
sizeof(mul));
942 for (i = (m_bitlen >> 4) + 1; i < 32; ++i) {
946 memcpy(
out, mul, 32);
952 memset(
out->v, 0,
sizeof(
out->v));
953 for (i = 0; i < 256; ++i) {
954 out->v[i / 30] |= (int32_t)(((in[i >> 4]) >> (i & 15)) & 1) << (i % 30);
962 for (i = 0; i < 256; ++i) {
963 out[i >> 4] |= (((in->
v[i / 30]) >> (i % 30)) & 1) << (i & 15);
970 for (i = 0; i < 16; ++i) {
972 if (x->
v[pos] > 0 && x->
v[pos + 1] <= 0x3fffffff) {
973 x->
v[pos] -= 0x40000000;
975 }
else if (x->
v[pos] < 0 && x->
v[pos + 1] >= 0x3fffffff) {
976 x->
v[pos] += 0x40000000;
987 int i, vartime, nonzero;
990 nonzero = (x.
v[0] | x.
v[1] | x.
v[2] | x.
v[3] | x.
v[4] | x.
v[5] | x.
v[6] | x.
v[7] | x.
v[8]) != 0;
994 m.modulus_inv30 =
modinv2p64(
m.modulus.v[0]) & 0x3fffffff;
995 CHECK(((
m.modulus_inv30 *
m.modulus.v[0]) & 0x3fffffff) == 1);
1000 uint16_t sqr[16], negone[16];
1005 CHECK(jac == 0 || jac == 1);
1008 negone[0] = mod[0] - 1;
1009 for (i = 1; i < 16; ++i) negone[i] = mod[i];
1013 CHECK(jac == 0 || jac == 1 - (mod[0] & 2));
1018 for (vartime = 0; vartime < 2; ++vartime) {
1027 CHECK(tmp[0] == nonzero);
1028 for (i = 1; i < 16; ++i)
CHECK(tmp[i] == 0);
1035 for (i = 0; i < 16; ++i)
CHECK(tmp[i] == in[i]);
1039 #ifdef SECP256K1_WIDEMUL_INT128
1043 memset(
out->v, 0,
sizeof(
out->v));
1044 for (i = 0; i < 256; ++i) {
1045 out->v[i / 62] |= (int64_t)(((in[i >> 4]) >> (i & 15)) & 1) << (i % 62);
1053 for (i = 0; i < 256; ++i) {
1054 out[i >> 4] |= (((in->
v[i / 62]) >> (i % 62)) & 1) << (i & 15);
1060 static const int64_t M62 = (int64_t)(UINT64_MAX >> 2);
1062 for (i = 0; i < 8; ++i) {
1064 if (x->
v[pos] > 0 && x->
v[pos + 1] <= M62) {
1065 x->
v[pos] -= (M62 + 1);
1067 }
else if (x->
v[pos] < 0 && x->
v[pos + 1] >= -M62) {
1068 x->
v[pos] += (M62 + 1);
1075 static void test_modinv64_uint16(uint16_t*
out,
const uint16_t* in,
const uint16_t* mod) {
1076 static const int64_t M62 = (int64_t)(UINT64_MAX >> 2);
1080 int i, vartime, nonzero;
1082 uint16_to_signed62(&x, in);
1083 nonzero = (x.
v[0] | x.
v[1] | x.
v[2] | x.
v[3] | x.
v[4]) != 0;
1084 uint16_to_signed62(&
m.modulus, mod);
1088 CHECK(((
m.modulus_inv62 *
m.modulus.v[0]) & M62) == 1);
1093 uint16_t sqr[16], negone[16];
1095 uint16_to_signed62(&x, sqr);
1098 CHECK(jac == 0 || jac == 1);
1101 negone[0] = mod[0] - 1;
1102 for (i = 1; i < 16; ++i) negone[i] = mod[i];
1104 uint16_to_signed62(&x, sqr);
1106 CHECK(jac == 0 || jac == 1 - (mod[0] & 2));
1109 uint16_to_signed62(&x, in);
1110 mutate_sign_signed62(&
m.modulus);
1111 for (vartime = 0; vartime < 2; ++vartime) {
1116 signed62_to_uint16(
out, &x);
1120 CHECK(tmp[0] == nonzero);
1121 for (i = 1; i < 16; ++i)
CHECK(tmp[i] == 0);
1127 signed62_to_uint16(tmp, &x);
1128 for (i = 0; i < 16; ++i)
CHECK(tmp[i] == in[i]);
1134 static int coprime(
const uint16_t* a,
const uint16_t* b) {
1135 uint16_t x[16], y[16],
t[16];
1144 for (i = 0; i < 16; ++i) {
1157 if (y[0] != 1)
return 0;
1158 for (i = 1; i < 16; ++i) {
1159 if (y[i] != 0)
return 0;
1166 static const uint16_t CASES[][3][16] = {
1170 {{0x1513, 0x5389, 0x54e9, 0x2798, 0x1957, 0x66a0, 0x8057, 0x3477,
1171 0x7784, 0x1052, 0x326a, 0x9331, 0x6506, 0xa95c, 0x91f3, 0xfb5e},
1172 {0x2bdd, 0x8df4, 0xcc61, 0x481f, 0xdae5, 0x5ca7, 0xf43b, 0x7d54,
1173 0x13d6, 0x469b, 0x2294, 0x20f4, 0xb2a4, 0xa2d1, 0x3ff1, 0xfd4b},
1174 {0xffd8, 0xd9a0, 0x456e, 0x81bb, 0xbabd, 0x6cea, 0x6dbd, 0x73ab,
1175 0xbb94, 0x3d3c, 0xdf08, 0x31c4, 0x3e32, 0xc179, 0x2486, 0xb86b}},
1178 {{0x3fb1, 0x903b, 0x4eb7, 0x4813, 0xd863, 0x26bf, 0xd89f, 0xa8a9,
1179 0x02fe, 0x57c6, 0x554a, 0x4eab, 0x165e, 0x3d61, 0xee1e, 0x456c},
1180 {0x9295, 0x823b, 0x5c1f, 0x5386, 0x48e0, 0x02ff, 0x4c2a, 0xa2da,
1181 0xe58f, 0x967c, 0xc97e, 0x3f5a, 0x69fb, 0x52d9, 0x0a86, 0xb4a3},
1182 {0x3d30, 0xb893, 0xa809, 0xa7a8, 0x26f5, 0x5b42, 0x55be, 0xf4d0,
1183 0x12c2, 0x7e6a, 0xe41a, 0x90c7, 0xebfa, 0xf920, 0x304e, 0x1419}},
1185 {{0x8583, 0x5058, 0xbeae, 0xeb69, 0x48bc, 0x52bb, 0x6a9d, 0xcc94,
1186 0x2a21, 0x87d5, 0x5b0d, 0x42f6, 0x5b8a, 0x2214, 0xe9d6, 0xa040},
1187 {0x7531, 0x27cb, 0x7e53, 0xb739, 0x6a5f, 0x83f5, 0xa45c, 0xcb1d,
1188 0x8a87, 0x1c9c, 0x51d7, 0x851c, 0xb9d8, 0x1fbe, 0xc241, 0xd4a3},
1189 {0xcdb4, 0x275c, 0x7d22, 0xa906, 0x0173, 0xc054, 0x7fdf, 0x5005,
1190 0x7fb8, 0x9059, 0xdf51, 0x99df, 0x2654, 0x8f6e, 0x070f, 0xb347}},
1192 {{0xe2e9, 0xee91, 0x4345, 0xe5ad, 0xf3ec, 0x8f42, 0x0364, 0xd5c9,
1193 0xff49, 0xbef5, 0x4544, 0x4c7c, 0xae4b, 0xfd9d, 0xb35b, 0xda9d},
1194 {0x36e7, 0x8cca, 0x2ed0, 0x47b3, 0xaca4, 0xb374, 0x7d2a, 0x0772,
1195 0x6bdb, 0xe0a7, 0x900b, 0xfe10, 0x788c, 0x6f22, 0xd909, 0xf298},
1196 {0xd8c6, 0xba39, 0x13ed, 0x198c, 0x16c8, 0xb837, 0xa5f2, 0x9797,
1197 0x0113, 0x882a, 0x15b5, 0x324c, 0xabee, 0xe465, 0x8170, 0x85ac}},
1199 {{0xd5b7, 0x2966, 0x040e, 0xf59a, 0x0387, 0xd96d, 0xbfbc, 0xd850,
1200 0x2d96, 0x872a, 0xad81, 0xc03c, 0xbb39, 0xb7fa, 0xd904, 0xef78},
1201 {0x6279, 0x4314, 0xfdd3, 0x1568, 0x0982, 0x4d13, 0x625f, 0x010c,
1202 0x22b1, 0x0cc3, 0xf22d, 0x5710, 0x1109, 0x5751, 0x7714, 0xfcf2},
1203 {0xdb13, 0x5817, 0x232e, 0xe456, 0xbbbc, 0x6fbe, 0x4572, 0xa358,
1204 0xc76d, 0x928e, 0x0162, 0x5314, 0x8325, 0x5683, 0xe21b, 0xda88}},
1206 {{0xa06f, 0x71ee, 0x3bac, 0x9ebb, 0xdeaa, 0x09ed, 0x1cf7, 0x9ec9,
1207 0x7158, 0x8b72, 0x5d53, 0x5479, 0x5c75, 0xbb66, 0x9125, 0xeccc},
1208 {0x2941, 0xd46c, 0x3cd4, 0x4a9d, 0x5c4a, 0x256b, 0xbd6c, 0x9b8e,
1209 0x8fe0, 0x8a14, 0xffe8, 0x2496, 0x618d, 0xa9d7, 0x5018, 0xfb29},
1210 {0x437c, 0xbd60, 0x7590, 0x94bb, 0x0095, 0xd35e, 0xd4fe, 0xd6da,
1211 0x0d4e, 0x5342, 0x4cd2, 0x169b, 0x661c, 0x1380, 0xed2d, 0x85c1}},
1213 {{0xfde4, 0x68d6, 0x6c48, 0x7f77, 0x1c78, 0x96de, 0x2fd9, 0xa6c2,
1214 0xbbb5, 0xd319, 0x69cf, 0xd4b3, 0xa321, 0xcda0, 0x172e, 0xe530},
1215 {0xd9e3, 0x0f60, 0x3d86, 0xeeab, 0x25ee, 0x9582, 0x2d50, 0xfe16,
1216 0xd4e2, 0xe3ba, 0x94e2, 0x9833, 0x6c5e, 0x8982, 0x13b6, 0xe598},
1217 {0xe675, 0xf55a, 0x10f6, 0xabde, 0x5113, 0xecaa, 0x61ae, 0xad9f,
1218 0x0c27, 0xef33, 0x62e5, 0x211d, 0x08fa, 0xa78d, 0xc675, 0x8bae}},
1220 {{0x21bf, 0x52d5, 0x8fd4, 0xaa18, 0x156a, 0x7247, 0xebb8, 0x5717,
1221 0x4eb5, 0x1421, 0xb58f, 0x3b0b, 0x5dff, 0xe533, 0xb369, 0xd28a},
1222 {0x9f6b, 0xe463, 0x2563, 0xc74d, 0x6d81, 0x636a, 0x8fc8, 0x7a94,
1223 0x9429, 0x1585, 0xf35e, 0x7ff5, 0xb64f, 0x9720, 0xba74, 0xe108},
1224 {0xa5ab, 0xea7b, 0xfe5e, 0x8a85, 0x13be, 0x7934, 0xe8a0, 0xa187,
1225 0x86b5, 0xe477, 0xb9a4, 0x75d7, 0x538f, 0xdd70, 0xc781, 0xb67d}},
1227 {{0xa41a, 0x3e8d, 0xf1f5, 0x9493, 0x868c, 0x5103, 0x2725, 0x3ceb,
1228 0x6032, 0x3624, 0xdc6b, 0x9120, 0xbf4c, 0x8821, 0x91ad, 0xb31a},
1229 {0x5c0b, 0xdda5, 0x20f8, 0x32a1, 0xaf73, 0x6ec5, 0x4779, 0x43d6,
1230 0xd454, 0x9573, 0xbf84, 0x5a58, 0xe04e, 0x307e, 0xd1d5, 0xe230},
1231 {0xda15, 0xbcd6, 0x7180, 0xabd3, 0x04e6, 0x6986, 0xc0d7, 0x90bb,
1232 0x3a4d, 0x7c95, 0xaaab, 0x9ab3, 0xda34, 0xa7f6, 0x9636, 0x6273}},
1234 {{0xb4d6, 0xb38f, 0x00aa, 0xebda, 0xd4c2, 0x70b8, 0x9dad, 0x58ee,
1235 0x68f8, 0x48d3, 0xb5ff, 0xf422, 0x9e46, 0x2437, 0x18d0, 0xd9cc},
1236 {0x5c83, 0xfed7, 0x97f5, 0x3f07, 0xcaad, 0x95b1, 0xb4a4, 0xb005,
1237 0x23af, 0xdd27, 0x6c0d, 0x932c, 0xe2b2, 0xe3ae, 0xfb96, 0xdf67},
1238 {0x3105, 0x0127, 0xfd48, 0x039b, 0x35f1, 0xbc6f, 0x6c0a, 0xb572,
1239 0xe4df, 0xebad, 0x8edc, 0xb89d, 0x9555, 0x4c26, 0x1fef, 0x997c}},
1241 {{0x5138, 0xd474, 0x385f, 0xc964, 0x00f2, 0x6df7, 0x862d, 0xb185,
1242 0xb264, 0xe9e1, 0x466c, 0xf39e, 0xafaf, 0x5f41, 0x47e2, 0xc89d},
1243 {0x8607, 0x9c81, 0x46a2, 0x7dcc, 0xcb0c, 0x9325, 0xe149, 0x2bde,
1244 0x6632, 0x2869, 0xa261, 0xb163, 0xccee, 0x22ae, 0x91e0, 0xcfd5},
1245 {0x831c, 0xda22, 0xb080, 0xba7a, 0x26e2, 0x54b0, 0x073b, 0x5ea0,
1246 0xed4b, 0xcb3d, 0xbba1, 0xbec8, 0xf2ad, 0xae0d, 0x349b, 0x17d1}},
1248 {{0xe9a5, 0xb4ad, 0xd995, 0x9953, 0xcdff, 0x50d7, 0xf715, 0x9dc7,
1249 0x3e28, 0x15a9, 0x95a3, 0x8554, 0x5b5e, 0xad1d, 0x6d57, 0x3d50},
1250 {0x3ad9, 0xbd60, 0x5cc7, 0x6b91, 0xadeb, 0x71f6, 0x7cc4, 0xa58a,
1251 0x2cce, 0xf17c, 0x38c9, 0x97ed, 0x65fb, 0x3fa6, 0xa6bc, 0xeb24},
1252 {0xf96c, 0x1963, 0x8151, 0xa0cc, 0x299b, 0xf277, 0x001a, 0x16bb,
1253 0xfd2e, 0x532d, 0x0410, 0xe117, 0x6b00, 0x44ec, 0xca6a, 0x1745}},
1255 {{0x3758, 0xa56c, 0xe41e, 0x4e47, 0x0975, 0xa82b, 0x107c, 0x89cf,
1256 0x2093, 0x5a0c, 0xda37, 0xe007, 0x6074, 0x4f68, 0x2f5a, 0xbb8a},
1257 {0x4beb, 0xa40f, 0x2c42, 0xd9d6, 0x97e8, 0xca7c, 0xd395, 0x894f,
1258 0x1f50, 0x8067, 0xa233, 0xb850, 0x1746, 0x1706, 0xbcda, 0xdf32},
1259 {0x762a, 0xceda, 0x4c45, 0x1ca0, 0x8c37, 0xd8c5, 0xef57, 0x7a2c,
1260 0x6e98, 0xe38a, 0xc50e, 0x2ca9, 0xcb85, 0x24d5, 0xc29c, 0x61f6}},
1262 {{0x6f38, 0x74ad, 0x7332, 0x4073, 0x6521, 0xb876, 0xa370, 0xa6bd,
1263 0xcea5, 0xbd06, 0x969f, 0x77c6, 0x1e69, 0x7c49, 0x7d51, 0xb6e7},
1264 {0x3f27, 0x4be4, 0xd81e, 0x1396, 0xb21f, 0x92aa, 0x6dc3, 0x6283,
1265 0x6ada, 0x3ca2, 0xc1e5, 0x8b9b, 0xd705, 0x5598, 0x8ba1, 0xe087},
1266 {0x6a22, 0xe834, 0xbc8d, 0xcee9, 0x42fc, 0xfc77, 0x9c45, 0x1ca8,
1267 0xeb66, 0xed74, 0xaaf9, 0xe75f, 0xfe77, 0x46d2, 0x179b, 0xbf3e}},
1269 {{0x7ea7, 0x444e, 0x84ea, 0xc447, 0x7c1f, 0xab97, 0x3de6, 0x5878,
1270 0x4e8b, 0xc017, 0x03e0, 0xdc40, 0xbbd0, 0x74ce, 0x0169, 0x7ab5},
1271 {0x4023, 0x154f, 0xfbe4, 0x8195, 0xfda0, 0xef54, 0x9e9a, 0xc703,
1272 0x2803, 0xf760, 0x6302, 0xed5b, 0x7157, 0x6456, 0xdd7d, 0xf14b},
1273 {0xb6fb, 0xe3b3, 0x0733, 0xa77e, 0x44c5, 0x3003, 0xc937, 0xdd4d,
1274 0x5355, 0x14e9, 0x184e, 0xcefe, 0xe6b5, 0xf2e0, 0x0a28, 0x5b74}},
1276 {{0xa893, 0xb5f4, 0x1ede, 0xa316, 0x242c, 0xbdcc, 0xb017, 0x0836,
1277 0x3a37, 0x27fb, 0xfb85, 0x251e, 0xa189, 0xb15d, 0xa4b8, 0xc24c},
1278 {0xb0b7, 0x57ba, 0xbb6d, 0x9177, 0xc896, 0xc7f2, 0x43b4, 0x85a6,
1279 0xe6c4, 0xe50e, 0x3109, 0x7ca5, 0xd73d, 0x13ff, 0x0c3d, 0xcd62},
1280 {0x48ca, 0xdb34, 0xe347, 0x2cef, 0x4466, 0x10fb, 0x7ee1, 0x6344,
1281 0x4308, 0x966d, 0xd4d1, 0xb099, 0x994f, 0xd025, 0x2187, 0x5866}},
1283 {{0x0775, 0x1754, 0x01f6, 0xdf37, 0xc0be, 0x8197, 0x072f, 0x6cf5,
1284 0x8b36, 0x8069, 0x5590, 0xb92d, 0x6084, 0x47a4, 0x23fe, 0xddd5},
1285 {0x8e1b, 0xda37, 0x27d9, 0x312e, 0x3a2f, 0xef6d, 0xd9eb, 0x8153,
1286 0xdcba, 0x9fa3, 0x9f80, 0xead5, 0x134d, 0x2ebb, 0x5ec0, 0xe032},
1287 {0x1cb6, 0x5a61, 0x1bed, 0x77d6, 0xd5d1, 0x7498, 0xef33, 0x2dd2,
1288 0x1089, 0xedbd, 0x6958, 0x16ae, 0x336c, 0x45e6, 0x4361, 0xbadc}},
1290 {{0x0207, 0xf948, 0xc430, 0xf36b, 0xf0a7, 0x5d36, 0x751f, 0x132c,
1291 0x6f25, 0xa630, 0xca1f, 0xc967, 0xaf9c, 0x34e7, 0xa38f, 0xbe9f},
1292 {0x5fb9, 0x7321, 0x6561, 0x5fed, 0x54ec, 0x9c3a, 0xee0e, 0x6717,
1293 0x49af, 0xb896, 0xf4f5, 0x451c, 0x722a, 0xf116, 0x64a9, 0xcf0b},
1294 {0xf4d7, 0xdb47, 0xfef2, 0x4806, 0x4cb8, 0x18c7, 0xd9a7, 0x4951,
1295 0x14d8, 0x5c3a, 0xd22d, 0xd7b2, 0x750c, 0x3de7, 0x8b4a, 0x19aa}},
1300 {{0x9118, 0xb640, 0x53d7, 0x30ab, 0x2a23, 0xd907, 0x9323, 0x5b3a,
1301 0xb6d4, 0x538a, 0x7637, 0xfe97, 0xfd05, 0x3cc0, 0x453a, 0xfb7e},
1302 {0x6983, 0x4f75, 0x4ad1, 0x48ad, 0xb2d9, 0x521d, 0x3dbc, 0x9cc0,
1303 0x4b60, 0x0ac6, 0xd3be, 0x0fb6, 0xd305, 0x3895, 0x2da5, 0xfdf8},
1304 {0xcec1, 0x33ac, 0xa801, 0x8194, 0xe36c, 0x65ef, 0x103b, 0xca54,
1305 0xfa9b, 0xb41d, 0x9b52, 0xb6f7, 0xa611, 0x84aa, 0x3493, 0xbf54}},
1307 {{0xb5f2, 0x42d0, 0x35e8, 0x8ca0, 0x4b62, 0x6e1d, 0xbdf3, 0x890e,
1308 0x8c82, 0x23d8, 0xc79a, 0xc8e8, 0x789e, 0x353d, 0x9766, 0xea9d},
1309 {0x6fa1, 0xacba, 0x4b7a, 0x5de1, 0x95d0, 0xc845, 0xebbf, 0x6f5a,
1310 0x30cf, 0x52db, 0x69b7, 0xe278, 0x4b15, 0x8411, 0x2ab2, 0xf3e7},
1311 {0xf12c, 0x9d6d, 0x95fa, 0x1878, 0x9f13, 0x4fb5, 0x3c8b, 0xa451,
1312 0x7182, 0xc4b6, 0x7e2a, 0x7bb7, 0x6e0e, 0x5b68, 0xde55, 0x9927}},
1314 {{0x229c, 0x4ef8, 0x1e93, 0xe5dc, 0xcde5, 0x6d62, 0x263b, 0xad11,
1315 0xced0, 0x88ff, 0xae8e, 0x3183, 0x11d2, 0xa50b, 0x350d, 0xeb40},
1316 {0x3157, 0xe2ea, 0x8a02, 0x0aa3, 0x5ae1, 0xb26c, 0xea27, 0x6805,
1317 0x87e2, 0x9461, 0x37c1, 0x2f8d, 0x85d2, 0x77a8, 0xf805, 0xeec9},
1318 {0x6f4e, 0x2748, 0xf7e5, 0xd8d3, 0xabe2, 0x7270, 0xc4e0, 0xedc7,
1319 0xf196, 0x78ca, 0x9139, 0xd8af, 0x72c6, 0xaf2f, 0x85d2, 0x6cd3}},
1321 {{0xdce8, 0xf1fe, 0x6708, 0x021e, 0xf1ca, 0xd609, 0x5443, 0x85ce,
1322 0x7a05, 0x8f9c, 0x90c3, 0x52e7, 0x8e1d, 0x97b8, 0xc0bf, 0xf2a1},
1323 {0xbd3d, 0xed11, 0x1625, 0xb4c5, 0x844c, 0xa413, 0x2569, 0xb9ba,
1324 0xcd35, 0xff84, 0xcd6e, 0x7f0b, 0x7d5d, 0x10df, 0x3efe, 0xfbe5},
1325 {0xa9dd, 0xafef, 0xb1b7, 0x4c8d, 0x50e4, 0xafbf, 0x2d5a, 0xb27c,
1326 0x0653, 0x66b6, 0x5d36, 0x4694, 0x7e35, 0xc47c, 0x857f, 0x32c5}},
1328 {{0x7902, 0xc9f8, 0x926b, 0xaaeb, 0x90f8, 0x1c89, 0xcce3, 0x96b7,
1329 0x28b2, 0x87a2, 0x136d, 0x695a, 0xa8df, 0x9061, 0x9e31, 0xee82},
1330 {0xd3a9, 0x3c02, 0x818c, 0x6b81, 0x34b3, 0xebbb, 0xe2c8, 0x7712,
1331 0xbfd6, 0x8248, 0xa6f4, 0xba6f, 0x03bb, 0xfb54, 0x7575, 0xfe89},
1332 {0x8246, 0x0d63, 0x478e, 0xf946, 0xf393, 0x0451, 0x08c2, 0x5919,
1333 0x5fd6, 0x4c61, 0xbeb7, 0x9a15, 0x30e1, 0x55fc, 0x6a01, 0x3724}},
1335 {{0x3eff, 0x926a, 0x77f5, 0x1fff, 0x1a5b, 0xf3ef, 0xf64b, 0x8681,
1336 0xf800, 0xf9bc, 0x761d, 0xe268, 0x62b0, 0xa032, 0xba9c, 0xbe56},
1337 {0xb8f9, 0x00e7, 0x47b7, 0xdffc, 0xfd9d, 0x5abb, 0xa19b, 0x1868,
1338 0x31fd, 0x3b29, 0x3674, 0x5449, 0xf54d, 0x1d19, 0x6ac7, 0xff6f},
1339 {0xf1d7, 0x3551, 0x5682, 0x9adf, 0xe8aa, 0x19a5, 0x8340, 0x71db,
1340 0xb7ab, 0x4cfd, 0xf661, 0x632c, 0xc27e, 0xd3c6, 0xdf42, 0xd306}},
1342 {{0x0000, 0x0000, 0x0000, 0x0000, 0x3aff, 0x2ed7, 0xf2e0, 0xabc7,
1343 0x8aee, 0x166e, 0x7ed0, 0x9ac7, 0x714a, 0xb9c5, 0x4d58, 0xad6c},
1344 {0x9cf9, 0x47e2, 0xa421, 0xb277, 0xffc2, 0x2747, 0x6486, 0x94c1,
1345 0x1d99, 0xd49b, 0x1096, 0x991a, 0xe986, 0xae02, 0xe89b, 0xea36},
1346 {0x1fb4, 0x98d8, 0x19b7, 0x80e9, 0xcdac, 0xaa5a, 0xf1e6, 0x0074,
1347 0xe393, 0xed8b, 0x8d5c, 0xe17d, 0x81b3, 0xc16d, 0x54d3, 0x9be3}},
1349 {{0xd047, 0x7e36, 0x3157, 0x7ab6, 0xb4d9, 0x8dae, 0x7534, 0x4f5d,
1350 0x489e, 0xa8ab, 0x8a3d, 0xd52c, 0x62af, 0xa032, 0xba9c, 0xbe56},
1351 {0xb1f1, 0x737f, 0x5964, 0x5afb, 0x3712, 0x8ef9, 0x19f7, 0x9669,
1352 0x664d, 0x03ad, 0xc352, 0xf7a5, 0xf545, 0x1d19, 0x6ac7, 0xff6f},
1353 {0xa834, 0x5256, 0x27bc, 0x33bd, 0xba11, 0x5a7b, 0x791e, 0xe6c0,
1354 0x9ac4, 0x9370, 0x1130, 0x28b4, 0x2b2e, 0x231b, 0x082a, 0x796e}},
1356 {{0x6ab1, 0x6ea0, 0x1a99, 0xe0c2, 0xdd45, 0x645d, 0x8dbc, 0x466a,
1357 0xfa64, 0x4289, 0xd3f7, 0xfc8f, 0x2894, 0xe3c5, 0xa008, 0xcc14},
1358 {0xc75f, 0xc083, 0x4cc2, 0x64f2, 0x2aff, 0x4c12, 0x8461, 0xc4ae,
1359 0xbbfa, 0xb336, 0xe4b2, 0x3ac5, 0x2c22, 0xf56c, 0x5381, 0xe943},
1360 {0xcd80, 0x760d, 0x4395, 0xb3a6, 0xd497, 0xf583, 0x82bd, 0x1daa,
1361 0xbe92, 0x2613, 0xfdfb, 0x869b, 0x0425, 0xa333, 0x7056, 0xc9c5}},
1363 {{0x71d4, 0x64df, 0xec4f, 0x74d8, 0x7e0c, 0x40d3, 0x7073, 0x4cc8,
1364 0x2a2a, 0xb1ff, 0x8518, 0x6513, 0xb0ea, 0x640a, 0x62d9, 0xd5f4},
1365 {0xdc75, 0xd937, 0x3b13, 0x1d36, 0xdf83, 0xd034, 0x1c1c, 0x4332,
1366 0x4cc3, 0xeeec, 0x7d94, 0x6771, 0x3384, 0x74b0, 0x947d, 0xf2c4},
1367 {0x0a82, 0x37a4, 0x12d5, 0xec97, 0x972c, 0xe6bf, 0xc348, 0xa0a9,
1368 0xc50c, 0xdc7c, 0xae30, 0x19d1, 0x0fca, 0x35e1, 0xd6f6, 0x81ee}},
1370 {{0xa6b1, 0xabc5, 0x5bbc, 0x7f65, 0xdd32, 0xaa73, 0xf5a3, 0x1982,
1371 0xced4, 0xe949, 0x0fd6, 0x2bc4, 0x2bd7, 0xe3c5, 0xa008, 0xcc14},
1372 {0x4b5f, 0x8f96, 0xa375, 0xfbcf, 0x1c7d, 0xf1ec, 0x03f5, 0xb35d,
1373 0xb999, 0xdb1f, 0xc9a1, 0xb4c7, 0x1dd5, 0xf56c, 0x5381, 0xe943},
1374 {0xaa3d, 0x38b9, 0xf17d, 0xeed9, 0x9988, 0x69ee, 0xeb88, 0x1495,
1375 0x203f, 0x18c8, 0x82b7, 0xdcb2, 0x34a7, 0x6b00, 0x6998, 0x589a}},
1377 {{0xa478, 0xe60d, 0x3244, 0x60e6, 0xada3, 0xfe50, 0xb6b1, 0x2eae,
1378 0xd0ef, 0xa7b1, 0xef63, 0x05c0, 0xe213, 0x443e, 0x4427, 0x2448},
1379 {0x258f, 0xf9ef, 0xe02b, 0x92dd, 0xd7f3, 0x252b, 0xa503, 0x9089,
1380 0xedff, 0x96c1, 0xfe3a, 0x3a39, 0x198a, 0x981d, 0x0627, 0xedb7},
1381 {0x595a, 0x45be, 0x8fb0, 0x2265, 0xc210, 0x02b8, 0xdce9, 0xe241,
1382 0xcab6, 0xbf0d, 0x0049, 0x8d9a, 0x2f51, 0xae54, 0x5785, 0xb411}},
1384 {{0x48f0, 0x7db3, 0xdafe, 0x1c92, 0x5912, 0xe11a, 0xab52, 0xede1,
1385 0x3182, 0x8980, 0x5d2b, 0x9b5b, 0x8718, 0xda27, 0x1683, 0x1de2},
1386 {0x168f, 0x6f36, 0xce7a, 0xf435, 0x19d4, 0xda5e, 0x2351, 0x9af5,
1387 0xb003, 0x0ef5, 0x3b4c, 0xecec, 0xa9f0, 0x78e1, 0xdfef, 0xe823},
1388 {0x5f55, 0xfdcc, 0xb233, 0x2914, 0x84f0, 0x97d1, 0x9cf4, 0x2159,
1389 0xbf56, 0xb79c, 0x17a3, 0x7cef, 0xd5de, 0x34f0, 0x5311, 0x4c54}},
1391 {{0x2789, 0x2e04, 0x6e0e, 0xb6cd, 0xe4de, 0x4dbf, 0x228d, 0x7877,
1392 0xc335, 0x806b, 0x38cd, 0x8049, 0xa73b, 0xcfa2, 0x82f7, 0x9e19},
1393 {0xc08d, 0xb99d, 0xb8f3, 0x663d, 0xbbb3, 0x1284, 0x1485, 0x1d49,
1394 0xc98f, 0x9e78, 0x1588, 0x11e3, 0xd91a, 0xa2c7, 0xfff1, 0xc7b9},
1395 {0x1e1f, 0x411d, 0x7c49, 0x0d03, 0xe789, 0x2f8e, 0x5d55, 0xa95e,
1396 0x826e, 0x8de5, 0x52a0, 0x1abc, 0x4cd7, 0xd13a, 0x4395, 0x63e1}},
1398 {{0xd5a1, 0xf786, 0x555c, 0xb14b, 0x44ae, 0x535f, 0x4a49, 0xffc3,
1399 0xf497, 0x70d1, 0x57c8, 0xa933, 0xc85a, 0x1910, 0x75bf, 0x960b},
1400 {0xfe53, 0x5058, 0x496d, 0xfdff, 0x6fb8, 0x4100, 0x92bd, 0xe0c4,
1401 0xda89, 0xe0a4, 0x841b, 0x43d4, 0xa388, 0x957f, 0x99ca, 0x9abf},
1402 {0xe530, 0x05bc, 0xfeec, 0xfc7e, 0xbcd3, 0x1239, 0x54cb, 0x7042,
1403 0xbccb, 0x139e, 0x9076, 0x0203, 0x6068, 0x90c7, 0x1ddf, 0x488d}},
1405 {{0x9488, 0xe54b, 0x0e43, 0x81d2, 0x06e7, 0x4b66, 0x36d0, 0x53d6,
1406 0x2b68, 0x22ec, 0x3fa9, 0xc1a7, 0x9ad2, 0xa596, 0xb3ac, 0xdf42},
1407 {0xe31f, 0x0b28, 0x5f3b, 0xc1ff, 0x344c, 0xbf5f, 0xd2ec, 0x2936,
1408 0x9995, 0xdeb2, 0xae6c, 0x2852, 0xa2c6, 0xb306, 0x8120, 0xe305},
1409 {0xa56e, 0xfb98, 0x1537, 0x4d85, 0x619e, 0x866c, 0x3cd4, 0x779a,
1410 0xdd66, 0xa80d, 0xdc2f, 0xcae4, 0xc74c, 0x5175, 0xa65d, 0x605e}},
1412 {{0x8cd5, 0x376d, 0xd01b, 0x7176, 0x19ef, 0xcf09, 0x8403, 0x5e52,
1413 0x83c1, 0x44de, 0xb91e, 0xb33d, 0xe15c, 0x51e7, 0xbad8, 0x6359},
1414 {0x3b75, 0xf812, 0x5f9e, 0xa04e, 0x92d3, 0x226e, 0x540e, 0x7c9a,
1415 0x31c6, 0x46d2, 0x0b7b, 0xdb4a, 0xe662, 0x4950, 0x0265, 0xf76f},
1416 {0x09ed, 0x692f, 0xe8f1, 0x3482, 0xab54, 0x36b4, 0x8442, 0x6ae9,
1417 0x4329, 0x6505, 0x183b, 0x1c1d, 0x482d, 0x7d63, 0xb44f, 0xcc09}},
1422 {{0x95ed, 0x6c01, 0xd113, 0x5ff1, 0xd7d0, 0x29cc, 0x5817, 0x6120,
1423 0xca8e, 0xaad1, 0x25ae, 0x8e84, 0x9af6, 0x30bf, 0xf0ed, 0x1686},
1424 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1425 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1426 {0x1631, 0xbf4a, 0x286a, 0x2716, 0x469f, 0x2ac8, 0x1312, 0xe9bc,
1427 0x04f4, 0x304b, 0x9931, 0x113b, 0xd932, 0xc8f4, 0x0d0d, 0x01a1}},
1429 {{0x85ed, 0xc284, 0x9608, 0x3c56, 0x19b6, 0xbb5b, 0x2850, 0xdab7,
1430 0xa7f5, 0xe9ab, 0x06a4, 0x5bbb, 0x1135, 0xa186, 0xc424, 0xc68b},
1431 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1432 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1433 {0x8479, 0x450a, 0x8fa3, 0xde05, 0xb2f5, 0x7793, 0x7269, 0xbabb,
1434 0xc3b3, 0xd49b, 0x3377, 0x03c6, 0xe694, 0xc760, 0xd3cb, 0x2811}},
1436 {{0x8432, 0x5ceb, 0xa847, 0x6f1e, 0x51dd, 0x535a, 0x6ddc, 0x70ce,
1437 0x6e70, 0xc1f6, 0x18f2, 0x2a7e, 0xc8e7, 0x39f8, 0x7e96, 0xebbf},
1438 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1439 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1440 {0x257e, 0x449f, 0x689f, 0x89aa, 0x3989, 0xb661, 0x376c, 0x1e32,
1441 0x654c, 0xee2e, 0xf4e2, 0x33c8, 0x3f2f, 0x9716, 0x6046, 0xcaa3}},
1444 {{0xfeb9, 0xb877, 0xee41, 0x7fa3, 0x87da, 0x94c4, 0x9d04, 0xc5ae,
1445 0x5708, 0x0994, 0xfc79, 0x0916, 0xbf32, 0x3ad8, 0xe11c, 0x5ca2},
1446 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1447 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1448 {0x0f12, 0x075e, 0xce1c, 0x6f92, 0xc80f, 0xca92, 0x9a04, 0x6126,
1449 0x4b6c, 0x57d6, 0xca31, 0x97f3, 0x1f99, 0xf4fd, 0xda4d, 0x42ce}},
1451 {{0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1452 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1453 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1454 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1455 {0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1456 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1458 {{0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1459 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1460 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1461 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1462 {0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1463 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1465 {{0x0002, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1466 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1467 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1468 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1469 {0x20a1, 0x681b, 0x2f46, 0xdfe9, 0x501d, 0x57a4, 0x6e73, 0x5d57,
1470 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x7fff}},
1472 {{0x4140, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1473 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1474 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1475 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1476 {0x4140, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1477 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}},
1482 {{0x9ec3, 0x1919, 0xca84, 0x7c11, 0xf996, 0x06f3, 0x5408, 0x6688,
1483 0x1320, 0xdb8a, 0x632a, 0x0dcb, 0x8a84, 0x6bee, 0x9c95, 0xe34e},
1484 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1485 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1486 {0x18e5, 0x19b6, 0xdf92, 0x1aaa, 0x09fb, 0x8a3f, 0x52b0, 0x8701,
1487 0xac0c, 0x2582, 0xda44, 0x9bcc, 0x6828, 0x1c53, 0xbd8f, 0xbd2c}},
1489 {{0xaec3, 0xa7cf, 0x2f2d, 0x0693, 0x5ad5, 0xa8ff, 0x7ec7, 0x30ff,
1490 0x0c8b, 0xc242, 0xcab2, 0x063a, 0xf86e, 0x6057, 0x9cbd, 0xf6d8},
1491 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1492 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1493 {0x0310, 0x579d, 0xcb38, 0x9030, 0x3ded, 0x9bb9, 0x1234, 0x63ce,
1494 0x0c63, 0x8e3d, 0xacfe, 0x3c20, 0xdc85, 0xf859, 0x919e, 0x1d45}},
1496 {{0x63ae, 0x8d10, 0x0071, 0xdb5c, 0xb454, 0x78d1, 0x744a, 0x5f8e,
1497 0xe4d8, 0x87b1, 0x8e62, 0x9590, 0xcede, 0xa070, 0x36b4, 0x7f6f},
1498 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1499 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1500 {0xfdc8, 0xe8d5, 0xbe15, 0x9f86, 0xa5fe, 0xf18e, 0xa7ff, 0xd291,
1501 0xf4c2, 0x9c87, 0xf150, 0x073e, 0x69b8, 0xf7c4, 0xee4b, 0xc7e6}},
1504 {{0x1b37, 0xbdc3, 0x8bcd, 0x25e3, 0x1eae, 0x567d, 0x30b6, 0xf0d8,
1505 0x9277, 0x0cf8, 0x9c2e, 0xecd7, 0x631d, 0xe38f, 0xd4f8, 0x5c93},
1506 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1507 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1508 {0x1622, 0xe05b, 0xe880, 0x7de9, 0x3e45, 0xb682, 0xee6c, 0x67ed,
1509 0xa179, 0x15db, 0x6b0d, 0xa656, 0x7ccb, 0x8ef7, 0xa2ff, 0xe279}},
1511 {{0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1512 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1513 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1514 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1515 {0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1516 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1518 {{0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1519 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1520 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1521 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1522 {0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1523 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1525 {{0x0002, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1526 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1527 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1528 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1529 {0xfe18, 0x7fff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1530 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x7fff}},
1532 {{0xfc2e, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1533 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1534 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1535 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1536 {0xfc2e, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1537 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}},
1541 {{0x3a08, 0x23e1, 0x4d8c, 0xe606, 0x3263, 0x67af, 0x9bf1, 0x9d70,
1542 0xf5fd, 0x12e4, 0x03c8, 0xb9ca, 0xe847, 0x8c5d, 0x6322, 0xbd30},
1543 {0x8359, 0x59dd, 0x1831, 0x7c1a, 0x1e83, 0xaee1, 0x770d, 0xcea8,
1544 0xfbb1, 0xeed6, 0x10b5, 0xe2c6, 0x36ea, 0xee17, 0xe32c, 0xffff},
1545 {0x1727, 0x0f36, 0x6f85, 0x5d0c, 0xca6c, 0x3072, 0x9628, 0x5842,
1546 0xcb44, 0x7c2b, 0xca4f, 0x62e5, 0x29b1, 0x6ffd, 0x9055, 0xc196}},
1547 {{0x905d, 0x41c8, 0xa2ff, 0x295b, 0x72bb, 0x4679, 0x6d01, 0x2c98,
1548 0xb3e0, 0xc537, 0xa310, 0xe07e, 0xe72f, 0x4999, 0x1148, 0xf65e},
1549 {0x5b41, 0x4239, 0x3c37, 0x5130, 0x30e3, 0xff35, 0xc51f, 0x1a43,
1550 0xdb23, 0x13cf, 0x9f49, 0xf70c, 0x5e70, 0xd411, 0x3005, 0xf8c6},
1551 {0xc30e, 0x68f0, 0x201a, 0xe10c, 0x864a, 0x6243, 0xe946, 0x43ae,
1552 0xf3f1, 0x52dc, 0x1f7f, 0x50d4, 0x2797, 0x064c, 0x5ca4, 0x90e3}},
1553 {{0xf1b5, 0xc6e5, 0xd2c4, 0xff95, 0x27c5, 0x0c92, 0x5d19, 0x7ae5,
1554 0x4fbe, 0x5438, 0x99e1, 0x880d, 0xd892, 0xa05c, 0x6ffd, 0x7eac},
1555 {0x2153, 0xcc9d, 0xfc6c, 0x8358, 0x49a1, 0x01e2, 0xcef0, 0x4969,
1556 0xd69a, 0x8cef, 0xf5b2, 0xfd95, 0xdcc2, 0x71f4, 0x6ae2, 0xceeb},
1557 {0x9b2e, 0xcdc6, 0x0a5c, 0x7317, 0x9084, 0xe228, 0x56cf, 0xd512,
1558 0x628a, 0xce21, 0x3473, 0x4e13, 0x8823, 0x1ed0, 0x34d0, 0xbfa3}},
1559 {{0x5bae, 0x53e5, 0x5f4d, 0x21ca, 0xb875, 0x8ecf, 0x9aa6, 0xbe3c,
1560 0x9f96, 0x7b82, 0x375d, 0x4d3e, 0x491c, 0xb1eb, 0x04c9, 0xb6c8},
1561 {0xfcfd, 0x10b7, 0x73b2, 0xd23b, 0xa357, 0x67da, 0x0d9f, 0x8702,
1562 0xa037, 0xff8e, 0x0e8b, 0x1801, 0x2c5c, 0x4e6e, 0x4558, 0xfff2},
1563 {0xc50f, 0x5654, 0x6713, 0x5ef5, 0xa7ce, 0xa647, 0xc832, 0x69ce,
1564 0x1d5c, 0x4310, 0x0746, 0x5a01, 0x96ea, 0xde4b, 0xa88b, 0x5543}},
1565 {{0xdc7f, 0x5e8c, 0x89d1, 0xb077, 0xd521, 0xcf90, 0x32fa, 0x5737,
1566 0x839e, 0x1464, 0x007c, 0x09c6, 0x9371, 0xe8ea, 0xc1cb, 0x75c4},
1567 {0xe3a3, 0x107f, 0xa82a, 0xa375, 0x4578, 0x60f4, 0x75c9, 0x5ee4,
1568 0x3fd7, 0x2736, 0x2871, 0xd3d2, 0x5f1d, 0x1abb, 0xa764, 0xffff},
1569 {0x45c6, 0x1f2e, 0xb14c, 0x84d7, 0x7bb7, 0x5a04, 0x0504, 0x3f33,
1570 0x5cc1, 0xb07a, 0x6a6c, 0x786f, 0x647f, 0xe1d7, 0x78a2, 0x4cf4}},
1571 {{0xc006, 0x356f, 0x8cd2, 0x967b, 0xb49e, 0x2d4e, 0x14bf, 0x4bcb,
1572 0xddab, 0xd3f9, 0xa068, 0x2c1c, 0xd242, 0xa56d, 0xf2c7, 0x5f97},
1573 {0x465b, 0xb745, 0x0e0d, 0x69a9, 0x987d, 0xcb37, 0xf637, 0xb311,
1574 0xc4d6, 0x2ddb, 0xf68f, 0x2af9, 0x959d, 0x3f53, 0x98f2, 0xf640},
1575 {0xc0f2, 0x6bfb, 0xf5c3, 0x91c1, 0x6b05, 0x0825, 0x5ca0, 0x7df7,
1576 0x9d55, 0x6d9e, 0xfe94, 0x2ad9, 0xd9f0, 0xe68b, 0xa72b, 0xd1b2}},
1577 {{0x2279, 0x61ba, 0x5bc6, 0x136b, 0xf544, 0x717c, 0xafda, 0x02bd,
1578 0x79af, 0x1fad, 0xea09, 0x81bb, 0x932b, 0x32c9, 0xdf1d, 0xe576},
1579 {0x8215, 0x7817, 0xca82, 0x43b0, 0x9b06, 0xea65, 0x1291, 0x0621,
1580 0x0089, 0x46fe, 0xc5a6, 0xddd7, 0x8065, 0xc6a0, 0x214b, 0xfc64},
1581 {0x04bf, 0x6f2a, 0x86b2, 0x841a, 0x4a95, 0xc632, 0x97b7, 0x5821,
1582 0x2b18, 0x1bb0, 0x3e97, 0x935e, 0xcc7d, 0x066b, 0xd513, 0xc251}},
1583 {{0x76e8, 0x5bc2, 0x3eaa, 0x04fc, 0x9974, 0x92c1, 0x7c15, 0xfa89,
1584 0x1151, 0x36ee, 0x48b2, 0x049c, 0x5f16, 0xcee4, 0x925b, 0xe98e},
1585 {0x913f, 0x0a2d, 0xa185, 0x9fea, 0xda5a, 0x4025, 0x40d7, 0x7cfa,
1586 0x88ca, 0xbbe8, 0xb265, 0xb7e4, 0x6cb1, 0xed64, 0xc6f9, 0xffb5},
1587 {0x6ab1, 0x1a86, 0x5009, 0x152b, 0x1cc4, 0xe2c8, 0x960b, 0x19d0,
1588 0x3554, 0xc562, 0xd013, 0xcf91, 0x10e1, 0x7933, 0xe195, 0xcf49}},
1589 {{0x9cb5, 0xd2d7, 0xc6ed, 0xa818, 0xb495, 0x06ee, 0x0f4a, 0x06e3,
1590 0x4c5a, 0x80ce, 0xd49a, 0x4cd7, 0x7487, 0x92af, 0xe516, 0x676c},
1591 {0xd6e9, 0x6b85, 0x619a, 0xb52c, 0x20a0, 0x2f79, 0x3545, 0x1edd,
1592 0x5a6f, 0x8082, 0x9b80, 0xf8f8, 0xc78a, 0xd0a3, 0xadf4, 0xffff},
1593 {0x01c2, 0x2118, 0xef5e, 0xa877, 0x046a, 0xd2c2, 0x2ad5, 0x951c,
1594 0x8900, 0xa5c9, 0x8d0f, 0x6b61, 0x55d3, 0xd572, 0x48de, 0x9219}},
1595 {{0x5114, 0x0644, 0x23dd, 0x01d3, 0xc101, 0xa659, 0xea17, 0x640f,
1596 0xf767, 0x2644, 0x9cec, 0xd8ba, 0xd6da, 0x9156, 0x8aeb, 0x875a},
1597 {0xc1bf, 0xdae9, 0xe96b, 0xce77, 0xf7a1, 0x3e99, 0x5c2e, 0x973b,
1598 0xd048, 0x5bd0, 0x4e8a, 0xcb85, 0xce39, 0x37f5, 0x815d, 0xffff},
1599 {0x48cc, 0x35b6, 0x26d4, 0x2ea6, 0x50d6, 0xa2f9, 0x64b6, 0x03bf,
1600 0xd00c, 0xe057, 0x3343, 0xfb79, 0x3ce5, 0xf717, 0xc5af, 0xe185}},
1601 {{0x13ff, 0x6c76, 0x2077, 0x16e0, 0xd5ca, 0xf2ad, 0x8dba, 0x8f49,
1602 0x7887, 0x16f9, 0xb646, 0xfc87, 0xfa31, 0x5096, 0xf08c, 0x3fbe},
1603 {0x8139, 0x6fd7, 0xf6df, 0xa7bf, 0x6699, 0x5361, 0x6f65, 0x13c8,
1604 0xf4d1, 0xe28f, 0xc545, 0x0a8c, 0x5274, 0xb0a6, 0xffff, 0xffff},
1605 {0x22ca, 0x0cd6, 0xc1b5, 0xb064, 0x44a7, 0x297b, 0x495f, 0x34ac,
1606 0xfa95, 0xec62, 0xf08d, 0x621c, 0x66a6, 0xba94, 0x84c6, 0x8ee0}},
1607 {{0xaa30, 0x312e, 0x439c, 0x4e88, 0x2e2f, 0x32dc, 0xb880, 0xa28e,
1608 0xf795, 0xc910, 0xb406, 0x8dd7, 0xb187, 0xa5a5, 0x38f1, 0xe49e},
1609 {0xfb19, 0xf64a, 0xba6a, 0x8ec2, 0x7255, 0xce89, 0x2cf9, 0x9cba,
1610 0xe1fe, 0x50da, 0x1705, 0xac52, 0xe3d4, 0x4269, 0x0648, 0xfd77},
1611 {0xb4c8, 0x6e8a, 0x2b5f, 0x4c2d, 0x5a67, 0xa7bb, 0x7d6d, 0x5569,
1612 0xa0ea, 0x244a, 0xc0f2, 0xf73d, 0x58cf, 0xac7f, 0xd32b, 0x3018}},
1613 {{0xc953, 0x1ae1, 0xae46, 0x8709, 0x19c2, 0xa986, 0x9abe, 0x1611,
1614 0x0395, 0xd5ab, 0xf0f6, 0xb5b0, 0x5b2b, 0x0317, 0x80ba, 0x376d},
1615 {0xfe77, 0xbc03, 0xac2f, 0x9d00, 0xa175, 0x293d, 0x3b56, 0x0e3a,
1616 0x0a9c, 0xf40c, 0x690e, 0x1508, 0x95d4, 0xddc4, 0xe805, 0xffff},
1617 {0xb1ce, 0x0929, 0xa5fe, 0x4b50, 0x9d5d, 0x8187, 0x2557, 0x4376,
1618 0x11ba, 0xdcef, 0xc1f3, 0xd531, 0x1824, 0x93f6, 0xd81f, 0x8f83}},
1619 {{0xb8d2, 0xb900, 0x4a0c, 0x7188, 0xa5bf, 0x1b0b, 0x2ae5, 0xa35b,
1620 0x98e0, 0x610c, 0x86db, 0x2487, 0xa267, 0x002c, 0xebb6, 0xc5f4},
1621 {0x9cdd, 0x1c1b, 0x2f06, 0x43d1, 0xce47, 0xc334, 0x6e60, 0xc016,
1622 0x989e, 0x0ab2, 0x0cac, 0x1196, 0xe2d9, 0x2e04, 0xc62b, 0xffff},
1623 {0xdc36, 0x1f05, 0x6aa9, 0x7a20, 0x944f, 0x2fd3, 0xa553, 0xdb4f,
1624 0xbd5c, 0x3a75, 0x25d4, 0xe20e, 0xa387, 0x1410, 0xdbb1, 0x1b60}},
1625 {{0x76b3, 0x2207, 0x4930, 0x5dd7, 0x65a0, 0xd55c, 0xb443, 0x53b7,
1626 0x5c22, 0x818a, 0xb2e7, 0x9de8, 0x9985, 0xed45, 0x33b1, 0x53e8},
1627 {0x7913, 0x44e1, 0xf15b, 0x5edd, 0x34f3, 0x4eba, 0x0758, 0x7104,
1628 0x32d9, 0x28f3, 0x4401, 0x85c5, 0xb695, 0xb899, 0xc0f2, 0xffff},
1629 {0x7f43, 0xd202, 0x24c9, 0x69f3, 0x74dc, 0x1a69, 0xeaee, 0x5405,
1630 0x1755, 0x4bb8, 0x04e3, 0x2fd2, 0xada8, 0x39eb, 0x5b4d, 0x96ca}},
1631 {{0x807b, 0x7112, 0xc088, 0xdafd, 0x02fa, 0x9d95, 0x5e42, 0xc033,
1632 0xde0a, 0xeecf, 0x8e90, 0x8da1, 0xb17e, 0x9a5b, 0x4c6d, 0x1914},
1633 {0x4871, 0xd1cb, 0x47d7, 0x327f, 0x09ec, 0x97bb, 0x2fae, 0xd346,
1634 0x6b78, 0x3707, 0xfeb2, 0xa6ab, 0x13df, 0x76b0, 0x8fb9, 0xffb3},
1635 {0x179e, 0xb63b, 0x4784, 0x231e, 0x9f42, 0x7f1a, 0xa3fb, 0xdd8c,
1636 0xd1eb, 0xb4c9, 0x8ca7, 0x018c, 0xf691, 0x576c, 0xa7d6, 0xce27}},
1637 {{0x5f45, 0x7c64, 0x083d, 0xedd5, 0x08a0, 0x0c64, 0x6c6f, 0xec3c,
1638 0xe2fb, 0x352c, 0x9303, 0x75e4, 0xb4e0, 0x8b09, 0xaca4, 0x7025},
1639 {0x1025, 0xb482, 0xfed5, 0xa678, 0x8966, 0x9359, 0x5329, 0x98bb,
1640 0x85b2, 0x73ba, 0x9982, 0x6fdc, 0xf190, 0xbe8c, 0xdc5c, 0xfd93},
1641 {0x83a2, 0x87a4, 0xa680, 0x52a1, 0x1ba1, 0x8848, 0x5db7, 0x9744,
1642 0x409c, 0x0745, 0x0e1e, 0x1cfc, 0x00cd, 0xf573, 0x2071, 0xccaa}},
1643 {{0xf61f, 0x63d4, 0x536c, 0x9eb9, 0x5ddd, 0xbb11, 0x9014, 0xe904,
1644 0xfe01, 0x6b45, 0x1858, 0xcb5b, 0x4c38, 0x43e1, 0x381d, 0x7f94},
1645 {0xf61f, 0x63d4, 0xd810, 0x7ca3, 0x8a04, 0x4b83, 0x11fc, 0xdf94,
1646 0x4169, 0xbd05, 0x608e, 0x7151, 0x4fbf, 0xb31a, 0x38a7, 0xa29b},
1647 {0xe621, 0xdfa5, 0x3d06, 0x1d03, 0x81e6, 0x00da, 0x53a6, 0x965e,
1648 0x93e5, 0x2164, 0x5b61, 0x59b8, 0xa629, 0x8d73, 0x699a, 0x6111}},
1649 {{0x4cc3, 0xd29e, 0xf4a3, 0x3428, 0x2048, 0xeec9, 0x5f50, 0x99a4,
1650 0x6de9, 0x05f2, 0x5aa9, 0x5fd2, 0x98b4, 0x1adc, 0x225f, 0x777f},
1651 {0xe649, 0x37da, 0x5ba6, 0x5765, 0x3f4a, 0x8a1c, 0x2e79, 0xf550,
1652 0x1a54, 0xcd1e, 0x7218, 0x3c3c, 0x6311, 0xfe28, 0x95fb, 0xed97},
1653 {0xe9b6, 0x0c47, 0x3f0e, 0x849b, 0x11f8, 0xe599, 0x5e4d, 0xd618,
1654 0xa06d, 0x33a0, 0x9a3e, 0x44db, 0xded8, 0x10f0, 0x94d2, 0x81fb}},
1655 {{0x2e59, 0x7025, 0xd413, 0x455a, 0x1ce3, 0xbd45, 0x7263, 0x27f7,
1656 0x23e3, 0x518e, 0xbe06, 0xc8c4, 0xe332, 0x4276, 0x68b4, 0xb166},
1657 {0x596f, 0x0cf6, 0xc8ec, 0x787b, 0x04c1, 0x473c, 0xd2b8, 0x8d54,
1658 0x9cdf, 0x77f2, 0xd3f3, 0x6735, 0x0638, 0xf80e, 0x9467, 0xc6aa},
1659 {0xc7e7, 0x1822, 0xb62a, 0xec0d, 0x89cd, 0x7846, 0xbfa2, 0x35d5,
1660 0xfa38, 0x870f, 0x494b, 0x1697, 0x8b17, 0xf904, 0x10b6, 0x9822}},
1661 {{0x6d5b, 0x1d4f, 0x0aaf, 0x807b, 0x35fb, 0x7ee8, 0x00c6, 0x059a,
1662 0xddf0, 0x1fb1, 0xc38a, 0xd78e, 0x2aa4, 0x79e7, 0xad28, 0xc3f1},
1663 {0xe3bb, 0x174e, 0xe0a8, 0x74b6, 0xbd5b, 0x35f6, 0x6d23, 0x6328,
1664 0xc11f, 0x83e1, 0xf928, 0xa918, 0x838e, 0xbf43, 0xe243, 0xfffb},
1665 {0x9cf2, 0x6b8b, 0x3476, 0x9d06, 0xdcf2, 0xdb8a, 0x89cd, 0x4857,
1666 0x75c2, 0xabb8, 0x490b, 0xc9bd, 0x890e, 0xe36e, 0xd552, 0xfffa}},
1667 {{0x2f09, 0x9d62, 0xa9fc, 0xf090, 0xd6d1, 0x9d1d, 0x1828, 0xe413,
1668 0xc92b, 0x3d5a, 0x1373, 0x368c, 0xbaf2, 0x2158, 0x71eb, 0x08a3},
1669 {0x2f09, 0x1d62, 0x4630, 0x0de1, 0x06dc, 0xf7f1, 0xc161, 0x1e92,
1670 0x7495, 0x97e4, 0x94b6, 0xa39e, 0x4f1b, 0x18f8, 0x7bd4, 0x0c4c},
1671 {0xeb3d, 0x723d, 0x0907, 0x525b, 0x463a, 0x49a8, 0xc6b8, 0xce7f,
1672 0x740c, 0x0d7d, 0xa83b, 0x457f, 0xae8e, 0xc6af, 0xd331, 0x0475}},
1673 {{0x6abd, 0xc7af, 0x3e4e, 0x95fd, 0x8fc4, 0xee25, 0x1f9c, 0x0afe,
1674 0x291d, 0xcde0, 0x48f4, 0xb2e8, 0xf7af, 0x8f8d, 0x0bd6, 0x078d},
1675 {0x4037, 0xbf0e, 0x2081, 0xf363, 0x13b2, 0x381e, 0xfb6e, 0x818e,
1676 0x27e4, 0x5662, 0x18b0, 0x0cd2, 0x81f5, 0x9415, 0x0d6c, 0xf9fb},
1677 {0xd205, 0x0981, 0x0498, 0x1f08, 0xdb93, 0x1732, 0x0579, 0x1424,
1678 0xad95, 0x642f, 0x050c, 0x1d6d, 0xfc95, 0xfc4a, 0xd41b, 0x3521}},
1679 {{0xf23a, 0x4633, 0xaef4, 0x1a92, 0x3c8b, 0x1f09, 0x30f3, 0x4c56,
1680 0x2a2f, 0x4f62, 0xf5e4, 0x8329, 0x63cc, 0xb593, 0xec6a, 0xc428},
1681 {0x93a7, 0xfcf6, 0x606d, 0xd4b2, 0x2aad, 0x28b4, 0xc65b, 0x8998,
1682 0x4e08, 0xd178, 0x0900, 0xc82b, 0x7470, 0xa342, 0x7c0f, 0xffff},
1683 {0x315f, 0xf304, 0xeb7b, 0xe5c3, 0x1451, 0x6311, 0x8f37, 0x93a8,
1684 0x4a38, 0xa6c6, 0xe393, 0x1087, 0x6301, 0xd673, 0x4ec4, 0xffff}},
1685 {{0x892e, 0xeed0, 0x1165, 0xcbc1, 0x5545, 0xa280, 0x7243, 0x10c9,
1686 0x9536, 0x36af, 0xb3fc, 0x2d7c, 0xe8a5, 0x09d6, 0xe1d4, 0xe85d},
1687 {0xae09, 0xc28a, 0xd777, 0xbd80, 0x23d6, 0xf980, 0xeb7c, 0x4e0e,
1688 0xf7dc, 0x6475, 0xf10a, 0x2d33, 0x5dfd, 0x797a, 0x7f1c, 0xf71a},
1689 {0x4064, 0x8717, 0xd091, 0x80b0, 0x4527, 0x8442, 0xac8b, 0x9614,
1690 0xc633, 0x35f5, 0x7714, 0x2e83, 0x4aaa, 0xd2e4, 0x1acd, 0x0562}},
1691 {{0xdb64, 0x0937, 0x308b, 0x53b0, 0x00e8, 0xc77f, 0x2f30, 0x37f7,
1692 0x79ce, 0xeb7f, 0xde81, 0x9286, 0xafda, 0x0e62, 0xae00, 0x0067},
1693 {0x2cc7, 0xd362, 0xb161, 0x0557, 0x4ff2, 0xb9c8, 0x06fe, 0x5f2b,
1694 0xde33, 0x0190, 0x28c6, 0xb886, 0xee2b, 0x5a4e, 0x3289, 0x0185},
1695 {0x4215, 0x923e, 0xf34f, 0xb362, 0x88f8, 0xceec, 0xafdd, 0x7f42,
1696 0x0c57, 0x56b2, 0xa366, 0x6a08, 0x0826, 0xfb8f, 0x1b03, 0x0163}},
1697 {{0xa4ba, 0x8408, 0x810a, 0xdeba, 0x47a3, 0x853a, 0xeb64, 0x2f74,
1698 0x3039, 0x038c, 0x7fbb, 0x498e, 0xd1e9, 0x46fb, 0x5691, 0x32a4},
1699 {0xd749, 0xb49d, 0x20b7, 0x2af6, 0xd34a, 0xd2da, 0x0a10, 0xf781,
1700 0x58c9, 0x171f, 0x3cb6, 0x6337, 0x88cd, 0xcf1e, 0xb246, 0x7351},
1701 {0xf729, 0xcf0a, 0x96ea, 0x032c, 0x4a8f, 0x42fe, 0xbac8, 0xec65,
1702 0x1510, 0x0d75, 0x4c17, 0x8d29, 0xa03f, 0x8b7e, 0x2c49, 0x0000}},
1703 {{0x0fa4, 0x8e1c, 0x3788, 0xba3c, 0x8d52, 0xd89d, 0x12c8, 0xeced,
1704 0x9fe6, 0x9b88, 0xecf3, 0xe3c8, 0xac48, 0x76ed, 0xf23e, 0xda79},
1705 {0x1103, 0x227c, 0x5b00, 0x3fcf, 0xc5d0, 0x2d28, 0x8020, 0x4d1c,
1706 0xc6b9, 0x67f9, 0x6f39, 0x989a, 0xda53, 0x3847, 0xd416, 0xe0d0},
1707 {0xdd8e, 0xcf31, 0x3710, 0x7e44, 0xa511, 0x933c, 0x0cc3, 0x5145,
1708 0xf632, 0x5e1d, 0x038f, 0x5ce7, 0x7265, 0xda9d, 0xded6, 0x08f8}},
1709 {{0xe2c8, 0x91d5, 0xa5f5, 0x735f, 0x6b58, 0x56dc, 0xb39d, 0x5c4a,
1710 0x57d0, 0xa1c2, 0xd92f, 0x9ad4, 0xf7c4, 0x51dd, 0xaf5c, 0x0096},
1711 {0x1739, 0x7207, 0x7505, 0xbf35, 0x42de, 0x0a29, 0xa962, 0xdedf,
1712 0x53e8, 0x12bf, 0xcde7, 0xd8e2, 0x8d4d, 0x2c4b, 0xb1b1, 0x0628},
1713 {0x992d, 0xe3a7, 0xb422, 0xc198, 0x23ab, 0xa6ef, 0xb45d, 0x50da,
1714 0xa738, 0x014a, 0x2310, 0x85fb, 0x5fe8, 0x1b18, 0x1774, 0x03a7}},
1715 {{0x1f16, 0x2b09, 0x0236, 0xee90, 0xccf9, 0x9775, 0x8130, 0x4c91,
1716 0x9091, 0x310b, 0x6dc4, 0x86f6, 0xc2e8, 0xef60, 0xfc0e, 0xf3a4},
1717 {0x9f49, 0xac15, 0x02af, 0x110f, 0xc59d, 0x5677, 0xa1a9, 0x38d5,
1718 0x914f, 0xa909, 0x3a3a, 0x4a39, 0x3703, 0xea30, 0x73da, 0xffad},
1719 {0x15ed, 0xdd16, 0x83c7, 0x270a, 0x862f, 0xd8ad, 0xcaa1, 0x5f41,
1720 0x99a9, 0x3fc8, 0x7bb2, 0x360a, 0xb06d, 0xfadc, 0x1b36, 0xffa8}},
1721 {{0xc4e0, 0xb8fd, 0x5106, 0xe169, 0x754c, 0xa58c, 0xc413, 0x8224,
1722 0x5483, 0x63ec, 0xd477, 0x8473, 0x4778, 0x9281, 0x0000, 0x0000},
1723 {0x85e1, 0xff54, 0xb200, 0xe413, 0xf4f4, 0x4c0f, 0xfcec, 0xc183,
1724 0x60d3, 0x1b0c, 0x3834, 0x601c, 0x943c, 0xbe6e, 0x0002, 0x0000},
1725 {0xf4f8, 0xfd5e, 0x61ef, 0xece8, 0x9199, 0xe5c4, 0x05a6, 0xe6c3,
1726 0xc4ae, 0x8b28, 0x66b1, 0x8a95, 0x9ece, 0x8f4a, 0x0001, 0x0000}},
1727 {{0xeae9, 0xa1b4, 0xc6d8, 0x2411, 0x2b5a, 0x1dd0, 0x2dc9, 0xb57b,
1728 0x5ccd, 0x4957, 0xaf59, 0xa04b, 0x5f42, 0xab7c, 0x2826, 0x526f},
1729 {0xf407, 0x165a, 0xb724, 0x2f12, 0x2ea1, 0x470b, 0x4464, 0xbd35,
1730 0x606f, 0xd73e, 0x50d3, 0x8a7f, 0x8029, 0x7ffc, 0xbe31, 0x6cfb},
1731 {0x8171, 0x1f4c, 0xced2, 0x9c99, 0x6d7e, 0x5a0f, 0xfefb, 0x59e3,
1732 0xa0c8, 0xabd9, 0xc4c5, 0x57d3, 0xbfa3, 0x4f11, 0x96a2, 0x5a7d}},
1733 {{0xe068, 0x4cc0, 0x8bcd, 0xc903, 0x9e52, 0xb3e1, 0xd745, 0x0995,
1734 0xdd8f, 0xf14b, 0xd2ac, 0xd65a, 0xda1d, 0xa742, 0xbac5, 0x474c},
1735 {0x7481, 0xf2ad, 0x9757, 0x2d82, 0xb683, 0xb16b, 0x0002, 0x7b60,
1736 0x8f0c, 0x2594, 0x8f64, 0x3b7a, 0x3552, 0x8d9d, 0xb9d7, 0x67eb},
1737 {0xcaab, 0xb9a1, 0xf966, 0xe311, 0x5b34, 0x0fa0, 0x6abc, 0x8134,
1738 0xab3d, 0x90f6, 0x1984, 0x9232, 0xec17, 0x74e5, 0x2ceb, 0x434e}},
1739 {{0x0fb1, 0x7a55, 0x1a5c, 0x53eb, 0xd7b3, 0x7a01, 0xca32, 0x31f6,
1740 0x3b74, 0x679e, 0x1501, 0x6c57, 0xdb20, 0x8b7c, 0xd7d0, 0x8097},
1741 {0xb127, 0xb20c, 0xe3a2, 0x96f3, 0xe0d8, 0xd50c, 0x14b4, 0x0b40,
1742 0x6eeb, 0xa258, 0x99db, 0x3c8c, 0x0f51, 0x4198, 0x3887, 0xffd0},
1743 {0x0273, 0x9f8c, 0x9669, 0xbbba, 0x1c49, 0x767c, 0xc2af, 0x59f0,
1744 0x1366, 0xd397, 0x63ac, 0x6fe8, 0x1a9a, 0x1259, 0x01d0, 0x0016}},
1745 {{0x7876, 0x2a35, 0xa24a, 0x433e, 0x5501, 0x573c, 0xd76d, 0xcb82,
1746 0x1334, 0xb4a6, 0xf290, 0xc797, 0xeae9, 0x2b83, 0x1e2b, 0x8b14},
1747 {0x3885, 0x8aef, 0x9dea, 0x2b8c, 0xdd7c, 0xd7cd, 0xb0cc, 0x05ee,
1748 0x361b, 0x3800, 0xb0d4, 0x4c23, 0xbd3f, 0x5180, 0x9783, 0xff80},
1749 {0xab36, 0x3104, 0xdae8, 0x0704, 0x4a28, 0x6714, 0x824b, 0x0051,
1750 0x8134, 0x1f6a, 0x712d, 0x1f03, 0x03b2, 0xecac, 0x377d, 0xfef9}}
1756 for (i = 0; (size_t)i <
sizeof(CASES) /
sizeof(CASES[0]); ++i) {
1759 for (j = 0; j < 16; ++j)
CHECK(
out[j] == CASES[i][2][j]);
1760 #ifdef SECP256K1_WIDEMUL_INT128
1761 test_modinv64_uint16(
out, CASES[i][0], CASES[i][1]);
1762 for (j = 0; j < 16; ++j)
CHECK(
out[j] == CASES[i][2][j]);
1766 for (i = 0; i < 100 *
COUNT; ++i) {
1768 static const uint16_t
ZERO[16] = {0};
1781 for (j = 1; j < 16; ++j) ok |= md[j] != 0;
1783 }
while (!(ok &&
coprime(xd, md)));
1786 #ifdef SECP256K1_WIDEMUL_INT128
1787 test_modinv64_uint16(
id, xd, md);
1793 #ifdef SECP256K1_WIDEMUL_INT128
1794 test_modinv64_uint16(
id,
ZERO, md);
1802 #ifdef SECP256K1_WIDEMUL_INT128
1804 static void add256(uint16_t*
out,
const uint16_t* a,
const uint16_t* b) {
1807 for (i = 0; i < 16; ++i) {
1816 static void neg256(uint16_t*
out,
const uint16_t* a) {
1819 for (i = 0; i < 16; ++i) {
1820 carry += (uint16_t)~a[i];
1827 static void rshift256(uint16_t*
out,
const uint16_t* a,
int n,
int sign_extend) {
1828 uint16_t sign = sign_extend && (a[15] >> 15);
1830 for (i = 15; i >= 0; --i) {
1832 for (j = 0; j < 16; ++j) {
1833 int frompos = i*16 + j + n;
1834 if (frompos >= 256) {
1837 v |= ((uint16_t)((a[frompos >> 4] >> (frompos & 15)) & 1)) << j;
1845 static void load256u64(uint16_t*
out, uint64_t v,
int is_signed) {
1847 uint64_t sign = is_signed && (v >> 63) ? UINT64_MAX : 0;
1848 for (i = 0; i < 4; ++i) {
1849 out[i] = v >> (16 * i);
1851 for (i = 4; i < 16; ++i) {
1857 static void load256two64(uint16_t*
out, uint64_t hi, uint64_t lo,
int is_signed) {
1859 uint64_t sign = is_signed && (hi >> 63) ? UINT64_MAX : 0;
1860 for (i = 0; i < 4; ++i) {
1861 out[i] = lo >> (16 * i);
1863 for (i = 4; i < 8; ++i) {
1864 out[i] = hi >> (16 * (i - 4));
1866 for (i = 8; i < 16; ++i) {
1872 static int int256is127(
const uint16_t* v) {
1873 int all_0 = ((v[7] & 0x8000) == 0), all_1 = ((v[7] & 0x8000) == 0x8000);
1875 for (i = 8; i < 16; ++i) {
1876 if (v[i] != 0) all_0 = 0;
1877 if (v[i] != 0xffff) all_1 = 0;
1879 return all_0 || all_1;
1884 load256two64(
out, hi, lo, 0);
1894 load256two64(
out, hi, lo, 1);
1897 static void run_int128_test_case(
void) {
1898 unsigned char buf[32];
1904 uint16_t rswa[16], rswz[32], rswr[32], ruwa[16], ruwz[32], ruwr[32];
1905 uint16_t rub[16], ruc[16], rsb[16], rsc[16];
1911 for (i = 0; i < 4; ++i) {
1914 for (j = 0; j < 8; ++j) vi = (vi << 8) + buf[8*i + j];
1925 load256u128(ruwa, &uwa);
1926 load256i128(rswa, &swa);
1927 load256u64(rub, ub, 0);
1928 load256u64(rsb, sb, 1);
1929 load256u64(ruc, uc, 0);
1930 load256u64(rsc, sc, 1);
1934 load256u128(ruwz, &uwz);
1938 add256(ruwr, ruwr, ruwa);
1941 load256u128(ruwz, &uwz);
1944 add256(ruwr, rub, ruwa);
1947 load256u128(ruwz, &uwz);
1950 rshift256(ruwr, ruwa, uc % 128, 0);
1953 load256u128(ruwz, &uwz);
1961 load256u128(ruwz, &uwz);
1967 for (j = 0; j < 128; ++j) {
1968 if (ruwa[j / 16] >> (j % 16)) uwa_bits = 1 + j;
1970 for (j = 0; j < 128; ++j) {
1977 load256i128(rswz, &swz);
1981 add256(rswr, rswr, rswa);
1982 if (int256is127(rswr)) {
1985 load256i128(rswz, &swz);
1990 uint16_t rsd[16], rse[16], rst[32];
1991 int64_t sd = v[0], se = v[1];
1992 load256u64(rsd, sd, 1);
1993 load256u64(rse, se, 1);
1997 add256(rswr, rswr, rst);
1999 load256i128(rswz, &swz);
2003 rshift256(rswr, rswa, uc % 127, 1);
2006 load256i128(rswz, &swz);
2012 load256i128(rswz, &swz);
2022 uint64_t v0c = v[0], v1c = v[1];
2024 v1c ^= (((uint64_t)1) << (ub & 63));
2026 v0c ^= (((uint64_t)1) << (ub & 63));
2041 hi = (((uint64_t)1) << (pos & 63));
2043 lo = (((uint64_t)1) << (pos & 63));
2049 if ((v[1] == (((uint64_t)1) << (pos & 63))) && v[0] == 0)
expect = 1;
2051 if ((v[0] == (((uint64_t)1) << (pos & 63))) && v[1] == 0)
expect = 1;
2063 uint64_t hi = ~(uint64_t)0;
2064 uint64_t lo = ~(uint64_t)0;
2075 if ((v[1] == ((~(uint64_t)0) << (pos & 63))) && v[0] == 0)
expect = 1;
2077 if ((v[0] == ((~(uint64_t)0) << (pos & 63))) && v[1] == ~(uint64_t)0)
expect = 1;
2085 static void run_int128_tests(
void) {
2121 for (i = 0; i < 256 *
COUNT; ++i) run_int128_test_case();
2132 unsigned char c[32];
2149 for (i = 0; i < 256; i += 4) {
2153 for (j = 0; j < 4; j++) {
2170 if (now + i > 256) {
2174 for (j = 0; j < now; j++) {
2199 for (i = 0; i < bit; i++) {
2284 unsigned char b32[32];
2294 memset(b32, 0,
sizeof(b32));
2296 memset(b32, 0xFF,
sizeof(b32));
2302 for (i = 0; i < 128 *
COUNT; i++) {
2305 for (i = 0; i <
COUNT; i++) {
2341 SECP256K1_SCALAR_CONST(0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffeul, 0xbaaedce6ul, 0xaf48a03bul, 0xbfd25e8cul, 0xd0364140ul),
2343 SECP256K1_SCALAR_CONST(0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffeul, 0xbaaedce6ul, 0xaf48a03bul, 0xbfd25e8cul, 0xd036413Ful),
2345 SECP256K1_SCALAR_CONST(0x7ffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0x5d576e73ul, 0x57a4501dul, 0xdfe92f46ul, 0x681b20a0ul),
2347 SECP256K1_SCALAR_CONST(0x7ffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0x5d576e73ul, 0x57a4501dul, 0xdfe92f46ul, 0x681b20a1ul),
2351 SECP256K1_SCALAR_CONST(0x7ffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful),
2354 for (n = 0; n <
sizeof(HALF_TESTS) /
sizeof(HALF_TESTS[0]); ++n) {
2368 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
2369 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
2388 unsigned char chal[33][2][32] = {
2389 {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00,
2390 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03,
2391 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff,
2392 0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff},
2393 {0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00,
2394 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8,
2395 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2396 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff}},
2397 {{0xef, 0xff, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00,
2398 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00,
2399 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2400 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2401 {0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2402 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0,
2403 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff,
2404 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x80, 0xff}},
2405 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2406 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,
2407 0x80, 0x00, 0x00, 0x80, 0xff, 0x3f, 0x00, 0x00,
2408 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0x00},
2409 {0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, 0x80,
2410 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0xe0,
2411 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00,
2412 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff}},
2413 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2414 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2415 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2416 0x00, 0x1e, 0xf8, 0xff, 0xff, 0xff, 0xfd, 0xff},
2417 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f,
2418 0x00, 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, 0xe0,
2419 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0xf0, 0xff,
2420 0xf3, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00}},
2421 {{0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00,
2422 0x00, 0x1c, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
2423 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff, 0x00,
2424 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff},
2425 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00,
2426 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2427 0xff, 0x1f, 0x00, 0x00, 0x80, 0xff, 0xff, 0x3f,
2428 0x00, 0xfe, 0xff, 0xff, 0xff, 0xdf, 0xff, 0xff}},
2429 {{0xff, 0xff, 0xff, 0xff, 0x00, 0x0f, 0xfc, 0x9f,
2430 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80,
2431 0xff, 0x0f, 0xfc, 0xff, 0x7f, 0x00, 0x00, 0x00,
2432 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2433 {0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2434 0x00, 0x00, 0xf8, 0xff, 0x0f, 0xc0, 0xff, 0xff,
2435 0xff, 0x1f, 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff,
2436 0xff, 0xff, 0xff, 0x07, 0x80, 0xff, 0xff, 0xff}},
2437 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00,
2438 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
2439 0xf7, 0xff, 0xff, 0xef, 0xff, 0xff, 0xff, 0x00,
2440 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xf0},
2441 {0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff,
2442 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
2443 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff,
2444 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2445 {{0x00, 0xf8, 0xff, 0x03, 0xff, 0xff, 0xff, 0x00,
2446 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2447 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
2448 0xff, 0xff, 0x03, 0xc0, 0xff, 0x0f, 0xfc, 0xff},
2449 {0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff,
2450 0xff, 0x01, 0x00, 0x00, 0x00, 0x3f, 0x00, 0xc0,
2451 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2452 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2453 {{0x8f, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2454 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff,
2455 0xff, 0x7f, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2456 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2457 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2458 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2459 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2460 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2461 {{0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff,
2462 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2463 0xff, 0xff, 0x03, 0x00, 0x80, 0x00, 0x00, 0x80,
2464 0xff, 0xff, 0xff, 0x00, 0x00, 0x80, 0xff, 0x7f},
2465 {0xff, 0xcf, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
2466 0x00, 0xc0, 0xff, 0xcf, 0xff, 0xff, 0xff, 0xff,
2467 0xbf, 0xff, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00,
2468 0x80, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00}},
2469 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff,
2470 0xff, 0xff, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff,
2471 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80,
2472 0xff, 0x01, 0xfc, 0xff, 0x01, 0x00, 0xfe, 0xff},
2473 {0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00,
2474 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0,
2476 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00}},
2477 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2478 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2479 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2480 0x7f, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80},
2481 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2482 0x00, 0xf8, 0xff, 0x01, 0x00, 0xf0, 0xff, 0xff,
2483 0xe0, 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00,
2484 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2485 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2486 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2488 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0x00},
2489 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
2490 0xfc, 0xff, 0xff, 0x3f, 0xf0, 0xff, 0xff, 0x3f,
2491 0x00, 0x00, 0xf8, 0x07, 0x00, 0x00, 0x00, 0xff,
2492 0xff, 0xff, 0xff, 0xff, 0x0f, 0x7e, 0x00, 0x00}},
2493 {{0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2494 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2495 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2496 0xff, 0xff, 0x1f, 0x00, 0x00, 0xfe, 0x07, 0x00},
2497 {0x00, 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff,
2498 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2499 0xff, 0xfb, 0xff, 0x07, 0x00, 0x00, 0x00, 0x00,
2500 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60}},
2501 {{0xff, 0x01, 0x00, 0xff, 0xff, 0xff, 0x0f, 0x00,
2502 0x80, 0x7f, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x03,
2503 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2504 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2505 {0xff, 0xff, 0x1f, 0x00, 0xf0, 0xff, 0xff, 0xff,
2506 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2507 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2508 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0x00}},
2509 {{0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
2510 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2511 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2512 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2513 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2514 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf1, 0xff,
2515 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03,
2516 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff}},
2517 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2518 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2519 0xc0, 0xff, 0xff, 0xcf, 0xff, 0x1f, 0x00, 0x00,
2520 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
2521 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2522 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
2523 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x7e,
2524 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2525 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2526 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff,
2527 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
2528 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x00},
2529 {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2530 0xff, 0xff, 0x7f, 0x00, 0x80, 0x00, 0x00, 0x00,
2531 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2532 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff}},
2533 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80,
2534 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2535 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2536 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2537 {0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2538 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x80,
2539 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
2540 0xff, 0x7f, 0xf8, 0xff, 0xff, 0x1f, 0x00, 0xfe}},
2541 {{0xff, 0xff, 0xff, 0x3f, 0xf8, 0xff, 0xff, 0xff,
2542 0xff, 0x03, 0xfe, 0x01, 0x00, 0x00, 0x00, 0x00,
2543 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2544 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07},
2545 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2546 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2547 0xff, 0xff, 0xff, 0xff, 0x01, 0x80, 0xff, 0xff,
2548 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}},
2549 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2551 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2553 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2554 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
2555 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
2556 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}},
2557 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2558 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2559 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2560 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
2561 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2562 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2563 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2564 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2565 {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2566 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2567 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2568 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2569 {0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2570 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2571 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2572 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2573 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0xc0,
2574 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2575 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff,
2576 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
2577 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x00,
2578 0xf0, 0xff, 0xff, 0xff, 0xff, 0x07, 0x00, 0x00,
2579 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff,
2580 0xff, 0xff, 0xff, 0xff, 0x01, 0xff, 0xff, 0xff}},
2581 {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2582 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2583 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2584 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2585 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2586 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2587 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2588 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}},
2589 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2590 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
2591 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
2592 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40},
2593 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2594 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2595 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2596 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
2597 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2598 0x7e, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x07, 0x00,
2599 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
2600 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2601 {0xff, 0x01, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
2602 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80,
2603 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00,
2604 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2605 {{0xff, 0xff, 0xf0, 0xff, 0xff, 0xff, 0xff, 0x00,
2606 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2607 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01,
2608 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff},
2609 {0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
2610 0xff, 0xff, 0x3f, 0x00, 0xf8, 0xff, 0xff, 0xff,
2611 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2612 0xff, 0x3f, 0x00, 0x00, 0xc0, 0xf1, 0x7f, 0x00}},
2613 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2614 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff,
2615 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2616 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00},
2617 {0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01,
2618 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff,
2619 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x80, 0x1f,
2620 0x00, 0x00, 0xfc, 0xff, 0xff, 0x01, 0xff, 0xff}},
2621 {{0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2622 0x80, 0x00, 0x00, 0x80, 0xff, 0x03, 0xe0, 0x01,
2623 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfc, 0xff,
2624 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2625 {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
2626 0xfe, 0xff, 0xff, 0xf0, 0x07, 0x00, 0x3c, 0x80,
2627 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff,
2628 0xff, 0xff, 0x07, 0xe0, 0xff, 0x00, 0x00, 0x00}},
2629 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2630 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2631 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0xf8,
2632 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80},
2633 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2634 0xff, 0xff, 0xff, 0xff, 0xff, 0x0c, 0x80, 0x00,
2635 0x00, 0x00, 0x00, 0xc0, 0x7f, 0xfe, 0xff, 0x1f,
2636 0x00, 0xfe, 0xff, 0x03, 0x00, 0x00, 0xfe, 0xff}},
2637 {{0xff, 0xff, 0x81, 0xff, 0xff, 0xff, 0xff, 0x00,
2638 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x83,
2639 0xff, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2640 0xff, 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0xf0},
2641 {0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff,
2642 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x00,
2643 0xf8, 0x07, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
2644 0xff, 0xc7, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff}},
2645 {{0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2646 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2647 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb,
2648 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03},
2649 {0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2650 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2651 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb,
2652 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}}
2654 unsigned char res[33][2][32] = {
2655 {{0x0c, 0x3b, 0x0a, 0xca, 0x8d, 0x1a, 0x2f, 0xb9,
2656 0x8a, 0x7b, 0x53, 0x5a, 0x1f, 0xc5, 0x22, 0xa1,
2657 0x07, 0x2a, 0x48, 0xea, 0x02, 0xeb, 0xb3, 0xd6,
2658 0x20, 0x1e, 0x86, 0xd0, 0x95, 0xf6, 0x92, 0x35},
2659 {0xdc, 0x90, 0x7a, 0x07, 0x2e, 0x1e, 0x44, 0x6d,
2660 0xf8, 0x15, 0x24, 0x5b, 0x5a, 0x96, 0x37, 0x9c,
2661 0x37, 0x7b, 0x0d, 0xac, 0x1b, 0x65, 0x58, 0x49,
2662 0x43, 0xb7, 0x31, 0xbb, 0xa7, 0xf4, 0x97, 0x15}},
2663 {{0xf1, 0xf7, 0x3a, 0x50, 0xe6, 0x10, 0xba, 0x22,
2664 0x43, 0x4d, 0x1f, 0x1f, 0x7c, 0x27, 0xca, 0x9c,
2665 0xb8, 0xb6, 0xa0, 0xfc, 0xd8, 0xc0, 0x05, 0x2f,
2666 0xf7, 0x08, 0xe1, 0x76, 0xdd, 0xd0, 0x80, 0xc8},
2667 {0xe3, 0x80, 0x80, 0xb8, 0xdb, 0xe3, 0xa9, 0x77,
2668 0x00, 0xb0, 0xf5, 0x2e, 0x27, 0xe2, 0x68, 0xc4,
2669 0x88, 0xe8, 0x04, 0xc1, 0x12, 0xbf, 0x78, 0x59,
2670 0xe6, 0xa9, 0x7c, 0xe1, 0x81, 0xdd, 0xb9, 0xd5}},
2671 {{0x96, 0xe2, 0xee, 0x01, 0xa6, 0x80, 0x31, 0xef,
2672 0x5c, 0xd0, 0x19, 0xb4, 0x7d, 0x5f, 0x79, 0xab,
2673 0xa1, 0x97, 0xd3, 0x7e, 0x33, 0xbb, 0x86, 0x55,
2674 0x60, 0x20, 0x10, 0x0d, 0x94, 0x2d, 0x11, 0x7c},
2675 {0xcc, 0xab, 0xe0, 0xe8, 0x98, 0x65, 0x12, 0x96,
2676 0x38, 0x5a, 0x1a, 0xf2, 0x85, 0x23, 0x59, 0x5f,
2677 0xf9, 0xf3, 0xc2, 0x81, 0x70, 0x92, 0x65, 0x12,
2678 0x9c, 0x65, 0x1e, 0x96, 0x00, 0xef, 0xe7, 0x63}},
2679 {{0xac, 0x1e, 0x62, 0xc2, 0x59, 0xfc, 0x4e, 0x5c,
2680 0x83, 0xb0, 0xd0, 0x6f, 0xce, 0x19, 0xf6, 0xbf,
2681 0xa4, 0xb0, 0xe0, 0x53, 0x66, 0x1f, 0xbf, 0xc9,
2682 0x33, 0x47, 0x37, 0xa9, 0x3d, 0x5d, 0xb0, 0x48},
2683 {0x86, 0xb9, 0x2a, 0x7f, 0x8e, 0xa8, 0x60, 0x42,
2684 0x26, 0x6d, 0x6e, 0x1c, 0xa2, 0xec, 0xe0, 0xe5,
2685 0x3e, 0x0a, 0x33, 0xbb, 0x61, 0x4c, 0x9f, 0x3c,
2686 0xd1, 0xdf, 0x49, 0x33, 0xcd, 0x72, 0x78, 0x18}},
2687 {{0xf7, 0xd3, 0xcd, 0x49, 0x5c, 0x13, 0x22, 0xfb,
2688 0x2e, 0xb2, 0x2f, 0x27, 0xf5, 0x8a, 0x5d, 0x74,
2689 0xc1, 0x58, 0xc5, 0xc2, 0x2d, 0x9f, 0x52, 0xc6,
2690 0x63, 0x9f, 0xba, 0x05, 0x76, 0x45, 0x7a, 0x63},
2691 {0x8a, 0xfa, 0x55, 0x4d, 0xdd, 0xa3, 0xb2, 0xc3,
2692 0x44, 0xfd, 0xec, 0x72, 0xde, 0xef, 0xc0, 0x99,
2693 0xf5, 0x9f, 0xe2, 0x52, 0xb4, 0x05, 0x32, 0x58,
2694 0x57, 0xc1, 0x8f, 0xea, 0xc3, 0x24, 0x5b, 0x94}},
2695 {{0x05, 0x83, 0xee, 0xdd, 0x64, 0xf0, 0x14, 0x3b,
2696 0xa0, 0x14, 0x4a, 0x3a, 0x41, 0x82, 0x7c, 0xa7,
2697 0x2c, 0xaa, 0xb1, 0x76, 0xbb, 0x59, 0x64, 0x5f,
2698 0x52, 0xad, 0x25, 0x29, 0x9d, 0x8f, 0x0b, 0xb0},
2699 {0x7e, 0xe3, 0x7c, 0xca, 0xcd, 0x4f, 0xb0, 0x6d,
2700 0x7a, 0xb2, 0x3e, 0xa0, 0x08, 0xb9, 0xa8, 0x2d,
2701 0xc2, 0xf4, 0x99, 0x66, 0xcc, 0xac, 0xd8, 0xb9,
2702 0x72, 0x2a, 0x4a, 0x3e, 0x0f, 0x7b, 0xbf, 0xf4}},
2703 {{0x8c, 0x9c, 0x78, 0x2b, 0x39, 0x61, 0x7e, 0xf7,
2704 0x65, 0x37, 0x66, 0x09, 0x38, 0xb9, 0x6f, 0x70,
2705 0x78, 0x87, 0xff, 0xcf, 0x93, 0xca, 0x85, 0x06,
2706 0x44, 0x84, 0xa7, 0xfe, 0xd3, 0xa4, 0xe3, 0x7e},
2707 {0xa2, 0x56, 0x49, 0x23, 0x54, 0xa5, 0x50, 0xe9,
2708 0x5f, 0xf0, 0x4d, 0xe7, 0xdc, 0x38, 0x32, 0x79,
2709 0x4f, 0x1c, 0xb7, 0xe4, 0xbb, 0xf8, 0xbb, 0x2e,
2710 0x40, 0x41, 0x4b, 0xcc, 0xe3, 0x1e, 0x16, 0x36}},
2711 {{0x0c, 0x1e, 0xd7, 0x09, 0x25, 0x40, 0x97, 0xcb,
2712 0x5c, 0x46, 0xa8, 0xda, 0xef, 0x25, 0xd5, 0xe5,
2713 0x92, 0x4d, 0xcf, 0xa3, 0xc4, 0x5d, 0x35, 0x4a,
2714 0xe4, 0x61, 0x92, 0xf3, 0xbf, 0x0e, 0xcd, 0xbe},
2715 {0xe4, 0xaf, 0x0a, 0xb3, 0x30, 0x8b, 0x9b, 0x48,
2716 0x49, 0x43, 0xc7, 0x64, 0x60, 0x4a, 0x2b, 0x9e,
2717 0x95, 0x5f, 0x56, 0xe8, 0x35, 0xdc, 0xeb, 0xdc,
2718 0xc7, 0xc4, 0xfe, 0x30, 0x40, 0xc7, 0xbf, 0xa4}},
2719 {{0xd4, 0xa0, 0xf5, 0x81, 0x49, 0x6b, 0xb6, 0x8b,
2720 0x0a, 0x69, 0xf9, 0xfe, 0xa8, 0x32, 0xe5, 0xe0,
2721 0xa5, 0xcd, 0x02, 0x53, 0xf9, 0x2c, 0xe3, 0x53,
2722 0x83, 0x36, 0xc6, 0x02, 0xb5, 0xeb, 0x64, 0xb8},
2723 {0x1d, 0x42, 0xb9, 0xf9, 0xe9, 0xe3, 0x93, 0x2c,
2724 0x4c, 0xee, 0x6c, 0x5a, 0x47, 0x9e, 0x62, 0x01,
2725 0x6b, 0x04, 0xfe, 0xa4, 0x30, 0x2b, 0x0d, 0x4f,
2726 0x71, 0x10, 0xd3, 0x55, 0xca, 0xf3, 0x5e, 0x80}},
2727 {{0x77, 0x05, 0xf6, 0x0c, 0x15, 0x9b, 0x45, 0xe7,
2728 0xb9, 0x11, 0xb8, 0xf5, 0xd6, 0xda, 0x73, 0x0c,
2729 0xda, 0x92, 0xea, 0xd0, 0x9d, 0xd0, 0x18, 0x92,
2730 0xce, 0x9a, 0xaa, 0xee, 0x0f, 0xef, 0xde, 0x30},
2731 {0xf1, 0xf1, 0xd6, 0x9b, 0x51, 0xd7, 0x77, 0x62,
2732 0x52, 0x10, 0xb8, 0x7a, 0x84, 0x9d, 0x15, 0x4e,
2733 0x07, 0xdc, 0x1e, 0x75, 0x0d, 0x0c, 0x3b, 0xdb,
2734 0x74, 0x58, 0x62, 0x02, 0x90, 0x54, 0x8b, 0x43}},
2735 {{0xa6, 0xfe, 0x0b, 0x87, 0x80, 0x43, 0x67, 0x25,
2736 0x57, 0x5d, 0xec, 0x40, 0x50, 0x08, 0xd5, 0x5d,
2737 0x43, 0xd7, 0xe0, 0xaa, 0xe0, 0x13, 0xb6, 0xb0,
2738 0xc0, 0xd4, 0xe5, 0x0d, 0x45, 0x83, 0xd6, 0x13},
2739 {0x40, 0x45, 0x0a, 0x92, 0x31, 0xea, 0x8c, 0x60,
2740 0x8c, 0x1f, 0xd8, 0x76, 0x45, 0xb9, 0x29, 0x00,
2741 0x26, 0x32, 0xd8, 0xa6, 0x96, 0x88, 0xe2, 0xc4,
2742 0x8b, 0xdb, 0x7f, 0x17, 0x87, 0xcc, 0xc8, 0xf2}},
2743 {{0xc2, 0x56, 0xe2, 0xb6, 0x1a, 0x81, 0xe7, 0x31,
2744 0x63, 0x2e, 0xbb, 0x0d, 0x2f, 0x81, 0x67, 0xd4,
2745 0x22, 0xe2, 0x38, 0x02, 0x25, 0x97, 0xc7, 0x88,
2746 0x6e, 0xdf, 0xbe, 0x2a, 0xa5, 0x73, 0x63, 0xaa},
2747 {0x50, 0x45, 0xe2, 0xc3, 0xbd, 0x89, 0xfc, 0x57,
2748 0xbd, 0x3c, 0xa3, 0x98, 0x7e, 0x7f, 0x36, 0x38,
2749 0x92, 0x39, 0x1f, 0x0f, 0x81, 0x1a, 0x06, 0x51,
2750 0x1f, 0x8d, 0x6a, 0xff, 0x47, 0x16, 0x06, 0x9c}},
2751 {{0x33, 0x95, 0xa2, 0x6f, 0x27, 0x5f, 0x9c, 0x9c,
2752 0x64, 0x45, 0xcb, 0xd1, 0x3c, 0xee, 0x5e, 0x5f,
2753 0x48, 0xa6, 0xaf, 0xe3, 0x79, 0xcf, 0xb1, 0xe2,
2754 0xbf, 0x55, 0x0e, 0xa2, 0x3b, 0x62, 0xf0, 0xe4},
2755 {0x14, 0xe8, 0x06, 0xe3, 0xbe, 0x7e, 0x67, 0x01,
2756 0xc5, 0x21, 0x67, 0xd8, 0x54, 0xb5, 0x7f, 0xa4,
2757 0xf9, 0x75, 0x70, 0x1c, 0xfd, 0x79, 0xdb, 0x86,
2758 0xad, 0x37, 0x85, 0x83, 0x56, 0x4e, 0xf0, 0xbf}},
2759 {{0xbc, 0xa6, 0xe0, 0x56, 0x4e, 0xef, 0xfa, 0xf5,
2760 0x1d, 0x5d, 0x3f, 0x2a, 0x5b, 0x19, 0xab, 0x51,
2761 0xc5, 0x8b, 0xdd, 0x98, 0x28, 0x35, 0x2f, 0xc3,
2762 0x81, 0x4f, 0x5c, 0xe5, 0x70, 0xb9, 0xeb, 0x62},
2763 {0xc4, 0x6d, 0x26, 0xb0, 0x17, 0x6b, 0xfe, 0x6c,
2764 0x12, 0xf8, 0xe7, 0xc1, 0xf5, 0x2f, 0xfa, 0x91,
2765 0x13, 0x27, 0xbd, 0x73, 0xcc, 0x33, 0x31, 0x1c,
2766 0x39, 0xe3, 0x27, 0x6a, 0x95, 0xcf, 0xc5, 0xfb}},
2767 {{0x30, 0xb2, 0x99, 0x84, 0xf0, 0x18, 0x2a, 0x6e,
2768 0x1e, 0x27, 0xed, 0xa2, 0x29, 0x99, 0x41, 0x56,
2769 0xe8, 0xd4, 0x0d, 0xef, 0x99, 0x9c, 0xf3, 0x58,
2770 0x29, 0x55, 0x1a, 0xc0, 0x68, 0xd6, 0x74, 0xa4},
2771 {0x07, 0x9c, 0xe7, 0xec, 0xf5, 0x36, 0x73, 0x41,
2772 0xa3, 0x1c, 0xe5, 0x93, 0x97, 0x6a, 0xfd, 0xf7,
2773 0x53, 0x18, 0xab, 0xaf, 0xeb, 0x85, 0xbd, 0x92,
2774 0x90, 0xab, 0x3c, 0xbf, 0x30, 0x82, 0xad, 0xf6}},
2775 {{0xc6, 0x87, 0x8a, 0x2a, 0xea, 0xc0, 0xa9, 0xec,
2776 0x6d, 0xd3, 0xdc, 0x32, 0x23, 0xce, 0x62, 0x19,
2777 0xa4, 0x7e, 0xa8, 0xdd, 0x1c, 0x33, 0xae, 0xd3,
2778 0x4f, 0x62, 0x9f, 0x52, 0xe7, 0x65, 0x46, 0xf4},
2779 {0x97, 0x51, 0x27, 0x67, 0x2d, 0xa2, 0x82, 0x87,
2780 0x98, 0xd3, 0xb6, 0x14, 0x7f, 0x51, 0xd3, 0x9a,
2781 0x0b, 0xd0, 0x76, 0x81, 0xb2, 0x4f, 0x58, 0x92,
2782 0xa4, 0x86, 0xa1, 0xa7, 0x09, 0x1d, 0xef, 0x9b}},
2783 {{0xb3, 0x0f, 0x2b, 0x69, 0x0d, 0x06, 0x90, 0x64,
2784 0xbd, 0x43, 0x4c, 0x10, 0xe8, 0x98, 0x1c, 0xa3,
2785 0xe1, 0x68, 0xe9, 0x79, 0x6c, 0x29, 0x51, 0x3f,
2786 0x41, 0xdc, 0xdf, 0x1f, 0xf3, 0x60, 0xbe, 0x33},
2787 {0xa1, 0x5f, 0xf7, 0x1d, 0xb4, 0x3e, 0x9b, 0x3c,
2788 0xe7, 0xbd, 0xb6, 0x06, 0xd5, 0x60, 0x06, 0x6d,
2789 0x50, 0xd2, 0xf4, 0x1a, 0x31, 0x08, 0xf2, 0xea,
2790 0x8e, 0xef, 0x5f, 0x7d, 0xb6, 0xd0, 0xc0, 0x27}},
2791 {{0x62, 0x9a, 0xd9, 0xbb, 0x38, 0x36, 0xce, 0xf7,
2792 0x5d, 0x2f, 0x13, 0xec, 0xc8, 0x2d, 0x02, 0x8a,
2793 0x2e, 0x72, 0xf0, 0xe5, 0x15, 0x9d, 0x72, 0xae,
2794 0xfc, 0xb3, 0x4f, 0x02, 0xea, 0xe1, 0x09, 0xfe},
2795 {0x00, 0x00, 0x00, 0x00, 0xfa, 0x0a, 0x3d, 0xbc,
2796 0xad, 0x16, 0x0c, 0xb6, 0xe7, 0x7c, 0x8b, 0x39,
2797 0x9a, 0x43, 0xbb, 0xe3, 0xc2, 0x55, 0x15, 0x14,
2798 0x75, 0xac, 0x90, 0x9b, 0x7f, 0x9a, 0x92, 0x00}},
2799 {{0x8b, 0xac, 0x70, 0x86, 0x29, 0x8f, 0x00, 0x23,
2800 0x7b, 0x45, 0x30, 0xaa, 0xb8, 0x4c, 0xc7, 0x8d,
2801 0x4e, 0x47, 0x85, 0xc6, 0x19, 0xe3, 0x96, 0xc2,
2802 0x9a, 0xa0, 0x12, 0xed, 0x6f, 0xd7, 0x76, 0x16},
2803 {0x45, 0xaf, 0x7e, 0x33, 0xc7, 0x7f, 0x10, 0x6c,
2804 0x7c, 0x9f, 0x29, 0xc1, 0xa8, 0x7e, 0x15, 0x84,
2805 0xe7, 0x7d, 0xc0, 0x6d, 0xab, 0x71, 0x5d, 0xd0,
2806 0x6b, 0x9f, 0x97, 0xab, 0xcb, 0x51, 0x0c, 0x9f}},
2807 {{0x9e, 0xc3, 0x92, 0xb4, 0x04, 0x9f, 0xc8, 0xbb,
2808 0xdd, 0x9e, 0xc6, 0x05, 0xfd, 0x65, 0xec, 0x94,
2809 0x7f, 0x2c, 0x16, 0xc4, 0x40, 0xac, 0x63, 0x7b,
2810 0x7d, 0xb8, 0x0c, 0xe4, 0x5b, 0xe3, 0xa7, 0x0e},
2811 {0x43, 0xf4, 0x44, 0xe8, 0xcc, 0xc8, 0xd4, 0x54,
2812 0x33, 0x37, 0x50, 0xf2, 0x87, 0x42, 0x2e, 0x00,
2813 0x49, 0x60, 0x62, 0x02, 0xfd, 0x1a, 0x7c, 0xdb,
2814 0x29, 0x6c, 0x6d, 0x54, 0x53, 0x08, 0xd1, 0xc8}},
2815 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2816 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2817 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2818 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2819 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2820 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2821 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2822 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2823 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2824 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2825 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2826 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2827 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2828 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2829 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2830 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
2831 {{0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
2832 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
2833 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
2834 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92},
2835 {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
2836 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
2837 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
2838 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}},
2839 {{0x28, 0x56, 0xac, 0x0e, 0x4f, 0x98, 0x09, 0xf0,
2840 0x49, 0xfa, 0x7f, 0x84, 0xac, 0x7e, 0x50, 0x5b,
2841 0x17, 0x43, 0x14, 0x89, 0x9c, 0x53, 0xa8, 0x94,
2842 0x30, 0xf2, 0x11, 0x4d, 0x92, 0x14, 0x27, 0xe8},
2843 {0x39, 0x7a, 0x84, 0x56, 0x79, 0x9d, 0xec, 0x26,
2844 0x2c, 0x53, 0xc1, 0x94, 0xc9, 0x8d, 0x9e, 0x9d,
2845 0x32, 0x1f, 0xdd, 0x84, 0x04, 0xe8, 0xe2, 0x0a,
2846 0x6b, 0xbe, 0xbb, 0x42, 0x40, 0x67, 0x30, 0x6c}},
2847 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2848 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
2849 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
2850 0x40, 0x2d, 0xa1, 0x73, 0x2f, 0xc9, 0xbe, 0xbd},
2851 {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
2852 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
2853 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
2854 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}},
2855 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2856 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
2857 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
2858 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40},
2859 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2860 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2861 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2862 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
2863 {{0x1c, 0xc4, 0xf7, 0xda, 0x0f, 0x65, 0xca, 0x39,
2864 0x70, 0x52, 0x92, 0x8e, 0xc3, 0xc8, 0x15, 0xea,
2865 0x7f, 0x10, 0x9e, 0x77, 0x4b, 0x6e, 0x2d, 0xdf,
2866 0xe8, 0x30, 0x9d, 0xda, 0xe8, 0x9a, 0x65, 0xae},
2867 {0x02, 0xb0, 0x16, 0xb1, 0x1d, 0xc8, 0x57, 0x7b,
2868 0xa2, 0x3a, 0xa2, 0xa3, 0x38, 0x5c, 0x8f, 0xeb,
2869 0x66, 0x37, 0x91, 0xa8, 0x5f, 0xef, 0x04, 0xf6,
2870 0x59, 0x75, 0xe1, 0xee, 0x92, 0xf6, 0x0e, 0x30}},
2871 {{0x8d, 0x76, 0x14, 0xa4, 0x14, 0x06, 0x9f, 0x9a,
2872 0xdf, 0x4a, 0x85, 0xa7, 0x6b, 0xbf, 0x29, 0x6f,
2873 0xbc, 0x34, 0x87, 0x5d, 0xeb, 0xbb, 0x2e, 0xa9,
2874 0xc9, 0x1f, 0x58, 0xd6, 0x9a, 0x82, 0xa0, 0x56},
2875 {0xd4, 0xb9, 0xdb, 0x88, 0x1d, 0x04, 0xe9, 0x93,
2876 0x8d, 0x3f, 0x20, 0xd5, 0x86, 0xa8, 0x83, 0x07,
2877 0xdb, 0x09, 0xd8, 0x22, 0x1f, 0x7f, 0xf1, 0x71,
2878 0xc8, 0xe7, 0x5d, 0x47, 0xaf, 0x8b, 0x72, 0xe9}},
2879 {{0x83, 0xb9, 0x39, 0xb2, 0xa4, 0xdf, 0x46, 0x87,
2880 0xc2, 0xb8, 0xf1, 0xe6, 0x4c, 0xd1, 0xe2, 0xa9,
2881 0xe4, 0x70, 0x30, 0x34, 0xbc, 0x52, 0x7c, 0x55,
2882 0xa6, 0xec, 0x80, 0xa4, 0xe5, 0xd2, 0xdc, 0x73},
2883 {0x08, 0xf1, 0x03, 0xcf, 0x16, 0x73, 0xe8, 0x7d,
2884 0xb6, 0x7e, 0x9b, 0xc0, 0xb4, 0xc2, 0xa5, 0x86,
2885 0x02, 0x77, 0xd5, 0x27, 0x86, 0xa5, 0x15, 0xfb,
2886 0xae, 0x9b, 0x8c, 0xa9, 0xf9, 0xf8, 0xa8, 0x4a}},
2887 {{0x8b, 0x00, 0x49, 0xdb, 0xfa, 0xf0, 0x1b, 0xa2,
2888 0xed, 0x8a, 0x9a, 0x7a, 0x36, 0x78, 0x4a, 0xc7,
2889 0xf7, 0xad, 0x39, 0xd0, 0x6c, 0x65, 0x7a, 0x41,
2890 0xce, 0xd6, 0xd6, 0x4c, 0x20, 0x21, 0x6b, 0xc7},
2891 {0xc6, 0xca, 0x78, 0x1d, 0x32, 0x6c, 0x6c, 0x06,
2892 0x91, 0xf2, 0x1a, 0xe8, 0x43, 0x16, 0xea, 0x04,
2893 0x3c, 0x1f, 0x07, 0x85, 0xf7, 0x09, 0x22, 0x08,
2894 0xba, 0x13, 0xfd, 0x78, 0x1e, 0x3f, 0x6f, 0x62}},
2895 {{0x25, 0x9b, 0x7c, 0xb0, 0xac, 0x72, 0x6f, 0xb2,
2896 0xe3, 0x53, 0x84, 0x7a, 0x1a, 0x9a, 0x98, 0x9b,
2897 0x44, 0xd3, 0x59, 0xd0, 0x8e, 0x57, 0x41, 0x40,
2898 0x78, 0xa7, 0x30, 0x2f, 0x4c, 0x9c, 0xb9, 0x68},
2899 {0xb7, 0x75, 0x03, 0x63, 0x61, 0xc2, 0x48, 0x6e,
2900 0x12, 0x3d, 0xbf, 0x4b, 0x27, 0xdf, 0xb1, 0x7a,
2901 0xff, 0x4e, 0x31, 0x07, 0x83, 0xf4, 0x62, 0x5b,
2902 0x19, 0xa5, 0xac, 0xa0, 0x32, 0x58, 0x0d, 0xa7}},
2903 {{0x43, 0x4f, 0x10, 0xa4, 0xca, 0xdb, 0x38, 0x67,
2904 0xfa, 0xae, 0x96, 0xb5, 0x6d, 0x97, 0xff, 0x1f,
2905 0xb6, 0x83, 0x43, 0xd3, 0xa0, 0x2d, 0x70, 0x7a,
2906 0x64, 0x05, 0x4c, 0xa7, 0xc1, 0xa5, 0x21, 0x51},
2907 {0xe4, 0xf1, 0x23, 0x84, 0xe1, 0xb5, 0x9d, 0xf2,
2908 0xb8, 0x73, 0x8b, 0x45, 0x2b, 0x35, 0x46, 0x38,
2909 0x10, 0x2b, 0x50, 0xf8, 0x8b, 0x35, 0xcd, 0x34,
2910 0xc8, 0x0e, 0xf6, 0xdb, 0x09, 0x35, 0xf0, 0xda}},
2911 {{0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34,
2912 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13,
2913 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46,
2914 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5},
2915 {0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34,
2916 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13,
2917 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46,
2918 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}}
2920 for (i = 0; i < 33; i++) {
2964 static const unsigned char b32[32] = {
2965 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
2966 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
2967 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
2968 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40
2971 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
2972 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
2975 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
2976 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
2979 unsigned char b322[32];
2995 static const unsigned char zero_overflow[32] = {
2996 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2997 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2998 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
2999 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
3001 static const unsigned char zero[32] = { 0x00 };
3002 unsigned char out[32];
3013 static const unsigned char one_overflow[32] = {
3014 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3015 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3016 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3017 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x30,
3019 static const unsigned char one[32] = {
3020 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3021 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3022 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3023 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
3025 unsigned char out[32];
3035 static const unsigned char ff_overflow[32] = {
3036 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3037 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3038 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3039 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3041 static const unsigned char ff[32] = {
3042 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3043 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3044 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3045 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x03, 0xD0,
3047 unsigned char out[32];
3076 CHECK(
t.normalized == 0);
3081 for (
m = 1;
m < 32;
m++) {
3088 CHECK(u.magnitude == (
m >> 1) + 1);
3089 CHECK(u.normalized == 0);
3101 CHECK((
t.n[0] & 1) == 0);
3107 CHECK(u.magnitude == (
m >> 1) + 1);
3108 CHECK(u.normalized == 0);
3124 for (i = 0; i < 1000 *
COUNT; i++) {
3149 CHECK(!x.normalized);
3150 CHECK((x.magnitude == q.magnitude) || (x.magnitude == z.magnitude));
3151 CHECK((x.magnitude >= q.magnitude) && (x.magnitude >= z.magnitude));
3159 CHECK(!q.normalized);
3160 CHECK((q.magnitude == x.magnitude) || (q.magnitude == z.magnitude));
3161 CHECK((q.magnitude >= x.magnitude) && (q.magnitude >= z.magnitude));
3171 CHECK(q.normalized && q.magnitude == 1);
3173 for (j = 0; j < 6; j++) {
3178 CHECK(!q.normalized && q.magnitude == z.magnitude);
3227 unsigned char a32[32], b32[32], c32[32];
3229 uint16_t a16[16], b16[16], c16[16];
3231 static const uint16_t m16[16] = {
3232 0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
3233 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
3255 for (i = 0; i < 16; ++i) {
3256 a16[i] = a32[31 - 2*i] + ((uint16_t)a32[30 - 2*i] << 8);
3257 b16[i] = b32[31 - 2*i] + ((uint16_t)b32[30 - 2*i] << 8);
3258 c16[i] = c32[31 - 2*i] + ((uint16_t)c32[30 - 2*i] << 8);
3268 for (i = 0; i < 100 *
COUNT; ++i) {
3294 for (i = 1; i <= 512; ++i) {
3319 CHECK((v == 0) == (
k == NULL));
3340 for (i = 1; i <= 100; i++) {
3349 for (i = 0; i < 10; i++) {
3352 for (j = 0; j <
COUNT; j++) {
3369 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE,
3370 0xBAAEDCE6, 0xAF48A03B, 0xBFD25E8C, 0xD0364140
3374 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
3375 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFC2E
3443 {
SECP256K1_FE_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xfffffc2e),
3444 SECP256K1_FE_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xfffffc2e)},
3447 SECP256K1_FE_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x7ffffe18)},
3450 SECP256K1_FE_CONST(0xbcb223fe, 0xdc24a059, 0xd838091d, 0xd2253530, 0xffffffff, 0xffffffff, 0xffffffff, 0x434dd931)},
3452 {
SECP256K1_FE_CONST(0xe34e9c95, 0x6bee8a84, 0x0dcb632a, 0xdb8a1320, 0x66885408, 0x06f3f996, 0x7c11ca84, 0x19199ec3),
3453 SECP256K1_FE_CONST(0xbd2cbd8f, 0x1c536828, 0x9bccda44, 0x2582ac0c, 0x870152b0, 0x8a3f09fb, 0x1aaadf92, 0x19b618e5)},
3455 {
SECP256K1_FE_CONST(0xf6bc3ba3, 0x636451c4, 0x3e46357d, 0x2c21d619, 0x0988e234, 0x15985661, 0x6672982b, 0xa7549bfc),
3456 SECP256K1_FE_CONST(0xb024fdc7, 0x5547451e, 0x426c585f, 0xbd481425, 0x73df6b75, 0xeef6d9d0, 0x389d87d4, 0xfbb440ba)},
3458 {
SECP256K1_FE_CONST(0xb595d81b, 0x2e3c1e2f, 0x482dbc65, 0xe4865af7, 0x9a0a50aa, 0x29f9e618, 0x6f87d7a5, 0x8d1063ae),
3459 SECP256K1_FE_CONST(0xc983337c, 0x5d5c74e1, 0x49918330, 0x0b53afb5, 0xa0428a0b, 0xce6eef86, 0x059bd8ef, 0xe5b908de)},
3461 {
SECP256K1_FE_CONST(0x00000000, 0x00000000, 0xe0ff1f80, 0x1f000000, 0x00000000, 0x00000000, 0xfeff0100, 0x00000000),
3462 SECP256K1_FE_CONST(0x9faf9316, 0x77e5049d, 0x0b5e7a1b, 0xef70b893, 0x18c9e30c, 0x045e7fd7, 0x29eddf8c, 0xd62e9e3d)},
3463 {
SECP256K1_FE_CONST(0x621a538d, 0x511b2780, 0x35688252, 0x53f889a4, 0x6317c3ac, 0x32ba0a46, 0x6277c0d1, 0xccd31192),
3464 SECP256K1_FE_CONST(0x38513b0c, 0x5eba856f, 0xe29e882e, 0x9b394d8c, 0x34bda011, 0xeaa66943, 0x6a841a4c, 0x6ae8bcff)},
3465 {
SECP256K1_FE_CONST(0x00000200, 0xf0ffff1f, 0x00000000, 0x0000e0ff, 0xffffffff, 0xfffcffff, 0xffffffff, 0xffff0100),
3466 SECP256K1_FE_CONST(0x5da42a52, 0x3640de9e, 0x13e64343, 0x0c7591b7, 0x6c1e3519, 0xf048c5b6, 0x0484217c, 0xedbf8b2f)},
3467 {
SECP256K1_FE_CONST(0xd1343ef9, 0x4b952621, 0x7c52a2ee, 0x4ea1281b, 0x4ab46410, 0x9f26998d, 0xa686a8ff, 0x9f2103e8),
3468 SECP256K1_FE_CONST(0x84044385, 0x9a4619bf, 0x74e35b6d, 0xa47e0c46, 0x6b7fb47d, 0x9ffab128, 0xb0775aa3, 0xcb318bd1)},
3469 {
SECP256K1_FE_CONST(0xb27235d2, 0xc56a52be, 0x210db37a, 0xd50d23a4, 0xbe621bdd, 0x5df22c6a, 0xe926ba62, 0xd2e4e440),
3470 SECP256K1_FE_CONST(0x67a26e54, 0x483a9d3c, 0xa568469e, 0xd258ab3d, 0xb9ec9981, 0xdca9b1bd, 0x8d2775fe, 0x53ae429b)},
3471 {
SECP256K1_FE_CONST(0x00000000, 0x00000000, 0x00e0ffff, 0xffffff83, 0xffffffff, 0x3f00f00f, 0x000000e0, 0xffffffff),
3472 SECP256K1_FE_CONST(0x310e10f8, 0x23bbfab0, 0xac94907d, 0x076c9a45, 0x8d357d7f, 0xc763bcee, 0x00d0e615, 0x5a6acef6)},
3473 {
SECP256K1_FE_CONST(0xfeff0300, 0x001c0000, 0xf80700c0, 0x0ff0ffff, 0xffffffff, 0x0fffffff, 0xffff0100, 0x7f0000fe),
3474 SECP256K1_FE_CONST(0x28e2fdb4, 0x0709168b, 0x86f598b0, 0x3453a370, 0x530cf21f, 0x32f978d5, 0x1d527a71, 0x59269b0c)},
3475 {
SECP256K1_FE_CONST(0xc2591afa, 0x7bb98ef7, 0x090bb273, 0x85c14f87, 0xbb0b28e0, 0x54d3c453, 0x85c66753, 0xd5574d2f),
3476 SECP256K1_FE_CONST(0xfdca70a2, 0x70ce627c, 0x95e66fae, 0x848a6dbb, 0x07ffb15c, 0x5f63a058, 0xba4140ed, 0x6113b503)},
3477 {
SECP256K1_FE_CONST(0xf5475db3, 0xedc7b5a3, 0x411c047e, 0xeaeb452f, 0xc625828e, 0x1cf5ad27, 0x8eec1060, 0xc7d3e690),
3478 SECP256K1_FE_CONST(0x5eb756c0, 0xf963f4b9, 0xdc6a215e, 0xec8cc2d8, 0x2e9dec01, 0xde5eb88d, 0x6aba7164, 0xaecb2c5a)},
3479 {
SECP256K1_FE_CONST(0x00000000, 0x00f8ffff, 0xffffffff, 0x01000000, 0xe0ff1f00, 0x00000000, 0xffffff7f, 0x00000000),
3480 SECP256K1_FE_CONST(0xe0d2e3d8, 0x49b6157d, 0xe54e88c2, 0x1a7f02ca, 0x7dd28167, 0xf1125d81, 0x7bfa444e, 0xbe110037)},
3482 {
SECP256K1_FE_CONST(0x13cc08a4, 0xd8c41f0f, 0x179c3e67, 0x54c46c67, 0xc4109221, 0x09ab3b13, 0xe24d9be1, 0xffffe950),
3483 SECP256K1_FE_CONST(0xb80c8006, 0xd16abaa7, 0xcabd71e5, 0xcf6714f4, 0x966dd3d0, 0x64767a2d, 0xe92c4441, 0x51008cd1)},
3484 {
SECP256K1_FE_CONST(0xaa6db990, 0x95efbca1, 0x3cc6ff71, 0x0602e24a, 0xf49ff938, 0x99fffc16, 0x46f40993, 0xc6e72057),
3485 SECP256K1_FE_CONST(0xd5d3dd69, 0xb0c195e5, 0x285f1d49, 0xe639e48c, 0x9223f8a9, 0xca1d731d, 0x9ca482f9, 0xa5b93e06)},
3486 {
SECP256K1_FE_CONST(0x1c680eac, 0xaeabffd8, 0x9bdc4aee, 0x1781e3de, 0xa3b08108, 0x0015f2e0, 0x94449e1b, 0x2f67a058),
3487 SECP256K1_FE_CONST(0x7f083f8d, 0x31254f29, 0x6510f475, 0x245c373d, 0xc5622590, 0x4b323393, 0x32ed1719, 0xc127444b)},
3488 {
SECP256K1_FE_CONST(0x147d44b3, 0x012d83f8, 0xc160d386, 0x1a44a870, 0x9ba6be96, 0x8b962707, 0x267cbc1a, 0xb65b2f0a),
3489 SECP256K1_FE_CONST(0x555554ff, 0x170aef1e, 0x50a43002, 0xe51fbd36, 0xafadb458, 0x7a8aded1, 0x0ca6cd33, 0x6ed9087c)},
3490 {
SECP256K1_FE_CONST(0x12423796, 0x22f0fe61, 0xf9ca017c, 0x5384d107, 0xa1fbf3b2, 0x3b018013, 0x916a3c37, 0x4000b98c),
3491 SECP256K1_FE_CONST(0x20257700, 0x08668f94, 0x1177e306, 0x136c01f5, 0x8ed1fbd2, 0x95ec4589, 0xae38edb9, 0xfd19b6d7)},
3492 {
SECP256K1_FE_CONST(0xdcf2d030, 0x9ab42cb4, 0x93ffa181, 0xdcd23619, 0x39699b52, 0x08909a20, 0xb5a17695, 0x3a9dcf21),
3493 SECP256K1_FE_CONST(0x1f701dea, 0xe211fb1f, 0x4f37180d, 0x63a0f51c, 0x29fe1e40, 0xa40b6142, 0x2e7b12eb, 0x982b06b6)},
3494 {
SECP256K1_FE_CONST(0x79a851f6, 0xa6314ed3, 0xb35a55e6, 0xca1c7d7f, 0xe32369ea, 0xf902432e, 0x375308c5, 0xdfd5b600),
3495 SECP256K1_FE_CONST(0xcaae00c5, 0xe6b43851, 0x9dabb737, 0x38cba42c, 0xa02c8549, 0x7895dcbf, 0xbd183d71, 0xafe4476a)},
3496 {
SECP256K1_FE_CONST(0xede78fdd, 0xcfc92bf1, 0x4fec6c6c, 0xdb8d37e2, 0xfb66bc7b, 0x28701870, 0x7fa27c9a, 0x307196ec),
3497 SECP256K1_FE_CONST(0x68193a6c, 0x9a8b87a7, 0x2a760c64, 0x13e473f6, 0x23ae7bed, 0x1de05422, 0x88865427, 0xa3418265)},
3498 {
SECP256K1_FE_CONST(0xa40b2079, 0xb8f88e89, 0xa7617997, 0x89baf5ae, 0x174df343, 0x75138eae, 0x2711595d, 0x3fc3e66c),
3499 SECP256K1_FE_CONST(0x9f99c6a5, 0x6d685267, 0xd4b87c37, 0x9d9c4576, 0x358c692b, 0x6bbae0ed, 0x3389c93d, 0x7fdd2655)},
3500 {
SECP256K1_FE_CONST(0x7c74c6b6, 0xe98d9151, 0x72645cf1, 0x7f06e321, 0xcefee074, 0x15b2113a, 0x10a9be07, 0x08a45696),
3501 SECP256K1_FE_CONST(0x8c919a88, 0x898bc1e0, 0x77f26f97, 0x12e655b7, 0x9ba0ac40, 0xe15bb19e, 0x8364cc3b, 0xe227a8ee)},
3502 {
SECP256K1_FE_CONST(0x109ba1ce, 0xdafa6d4a, 0xa1cec2b2, 0xeb1069f4, 0xb7a79e5b, 0xec6eb99b, 0xaec5f643, 0xee0e723e),
3503 SECP256K1_FE_CONST(0x93d13eb8, 0x4bb0bcf9, 0xe64f5a71, 0xdbe9f359, 0x7191401c, 0x6f057a4a, 0xa407fe1b, 0x7ecb65cc)},
3504 {
SECP256K1_FE_CONST(0x3db076cd, 0xec74a5c9, 0xf61dd138, 0x90e23e06, 0xeeedd2d0, 0x74cbc4e0, 0x3dbe1e91, 0xded36a78),
3505 SECP256K1_FE_CONST(0x3f07f966, 0x8e2a1e09, 0x706c71df, 0x02b5e9d5, 0xcb92ddbf, 0xcdd53010, 0x16545564, 0xe660b107)},
3506 {
SECP256K1_FE_CONST(0xe31c73ed, 0xb4c4b82c, 0x02ae35f7, 0x4cdec153, 0x98b522fd, 0xf7d2460c, 0x6bf7c0f8, 0x4cf67b0d),
3507 SECP256K1_FE_CONST(0x4b8f1faf, 0x94e8b070, 0x19af0ff6, 0xa319cd31, 0xdf0a7ffb, 0xefaba629, 0x59c50666, 0x1fe5b843)},
3508 {
SECP256K1_FE_CONST(0x4c8b0e6e, 0x83392ab6, 0xc0e3e9f1, 0xbbd85497, 0x16698897, 0xf552d50d, 0x79652ddb, 0x12f99870),
3509 SECP256K1_FE_CONST(0x56d5101f, 0xd23b7949, 0x17dc38d6, 0xf24022ef, 0xcf18e70a, 0x5cc34424, 0x438544c3, 0x62da4bca)},
3510 {
SECP256K1_FE_CONST(0xb0e040e2, 0x40cc35da, 0x7dd5c611, 0x7fccb178, 0x28888137, 0xbc930358, 0xea2cbc90, 0x775417dc),
3511 SECP256K1_FE_CONST(0xca37f0d4, 0x016dd7c8, 0xab3ae576, 0x96e08d69, 0x68ed9155, 0xa9b44270, 0x900ae35d, 0x7c7800cd)},
3512 {
SECP256K1_FE_CONST(0x8a32ea49, 0x7fbb0bae, 0x69724a9d, 0x8e2105b2, 0xbdf69178, 0x862577ef, 0x35055590, 0x667ddaef),
3513 SECP256K1_FE_CONST(0xd02d7ead, 0xc5e190f0, 0x559c9d72, 0xdaef1ffc, 0x64f9f425, 0xf43645ea, 0x7341e08d, 0x11768e96)},
3514 {
SECP256K1_FE_CONST(0xa3592d98, 0x9abe289d, 0x579ebea6, 0xbb0857a8, 0xe242ab73, 0x85f9a2ce, 0xb6998f0f, 0xbfffbfc6),
3515 SECP256K1_FE_CONST(0x093c1533, 0x32032efa, 0x6aa46070, 0x0039599e, 0x589c35f4, 0xff525430, 0x7fe3777a, 0x44b43ddc)},
3516 {
SECP256K1_FE_CONST(0x647178a3, 0x229e607b, 0xcc98521a, 0xcce3fdd9, 0x1e1bc9c9, 0x97fb7c6a, 0x61b961e0, 0x99b10709),
3517 SECP256K1_FE_CONST(0x98217c13, 0xd51ddf78, 0x96310e77, 0xdaebd908, 0x602ca683, 0xcb46d07a, 0xa1fcf17e, 0xc8e2feb3)},
3518 {
SECP256K1_FE_CONST(0x7334627c, 0x73f98968, 0x99464b4b, 0xf5964958, 0x1b95870d, 0xc658227e, 0x5e3235d8, 0xdcab5787),
3519 SECP256K1_FE_CONST(0x000006fd, 0xc7e9dd94, 0x40ae367a, 0xe51d495c, 0x07603b9b, 0x2d088418, 0x6cc5c74c, 0x98514307)},
3520 {
SECP256K1_FE_CONST(0x82e83876, 0x96c28938, 0xa50dd1c5, 0x605c3ad1, 0xc048637d, 0x7a50825f, 0x335ed01a, 0x00005760),
3521 SECP256K1_FE_CONST(0xb0393f9f, 0x9f2aa55e, 0xf5607e2e, 0x5287d961, 0x60b3e704, 0xf3e16e80, 0xb4f9a3ea, 0xfec7f02d)},
3522 {
SECP256K1_FE_CONST(0xc97b6cec, 0x3ee6b8dc, 0x98d24b58, 0x3c1970a1, 0xfe06297a, 0xae813529, 0xe76bb6bd, 0x771ae51d),
3523 SECP256K1_FE_CONST(0x0507c702, 0xd407d097, 0x47ddeb06, 0xf6625419, 0x79f48f79, 0x7bf80d0b, 0xfc34b364, 0x253a5db1)},
3524 {
SECP256K1_FE_CONST(0xd559af63, 0x77ea9bc4, 0x3cf1ad14, 0x5c7a4bbb, 0x10e7d18b, 0x7ce0dfac, 0x380bb19d, 0x0bb99bd3),
3525 SECP256K1_FE_CONST(0x00196119, 0xb9b00d92, 0x34edfdb5, 0xbbdc42fc, 0xd2daa33a, 0x163356ca, 0xaa8754c8, 0xb0ec8b0b)},
3526 {
SECP256K1_FE_CONST(0x8ddfa3dc, 0x52918da0, 0x640519dc, 0x0af8512a, 0xca2d33b2, 0xbde52514, 0xda9c0afc, 0xcb29fce4),
3527 SECP256K1_FE_CONST(0xb3e4878d, 0x5cb69148, 0xcd54388b, 0xc23acce0, 0x62518ba8, 0xf09def92, 0x7b31e6aa, 0x6ba35b02)},
3528 {
SECP256K1_FE_CONST(0xf8207492, 0xe3049f0a, 0x65285f2b, 0x0bfff996, 0x00ca112e, 0xc05da837, 0x546d41f9, 0x5194fb91),
3529 SECP256K1_FE_CONST(0x7b7ee50b, 0xa8ed4bbd, 0xf6469930, 0x81419a5c, 0x071441c7, 0x290d046e, 0x3b82ea41, 0x611c5f95)},
3530 {
SECP256K1_FE_CONST(0x050f7c80, 0x5bcd3c6b, 0x823cb724, 0x5ce74db7, 0xa4e39f5c, 0xbd8828d7, 0xfd4d3e07, 0x3ec2926a),
3531 SECP256K1_FE_CONST(0x000d6730, 0xb0171314, 0x4764053d, 0xee157117, 0x48fd61da, 0xdea0b9db, 0x1d5e91c6, 0xbdc3f59e)},
3532 {
SECP256K1_FE_CONST(0x3e3ea8eb, 0x05d760cf, 0x23009263, 0xb3cb3ac9, 0x088f6f0d, 0x3fc182a3, 0xbd57087c, 0xe67c62f9),
3533 SECP256K1_FE_CONST(0xbe988716, 0xa29c1bf6, 0x4456aed6, 0xab1e4720, 0x49929305, 0x51043bf4, 0xebd833dd, 0xdd511e8b)},
3534 {
SECP256K1_FE_CONST(0x6964d2a9, 0xa7fa6501, 0xa5959249, 0x142f4029, 0xea0c1b5f, 0x2f487ef6, 0x301ac80a, 0x768be5cd),
3535 SECP256K1_FE_CONST(0x3918ffe4, 0x07492543, 0xed24d0b7, 0x3df95f8f, 0xaffd7cb4, 0x0de2191c, 0x9ec2f2ad, 0x2c0cb3c6)},
3536 {
SECP256K1_FE_CONST(0x37c93520, 0xf6ddca57, 0x2b42fd5e, 0xb5c7e4de, 0x11b5b81c, 0xb95e91f3, 0x95c4d156, 0x39877ccb),
3537 SECP256K1_FE_CONST(0x9a94b9b5, 0x57eb71ee, 0x4c975b8b, 0xac5262a8, 0x077b0595, 0xe12a6b1f, 0xd728edef, 0x1a6bf956)}
3548 {
SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140),
3549 SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140)},
3552 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x5d576e73, 0x57a4501d, 0xdfe92f46, 0x681b20a1)},
3555 SECP256K1_SCALAR_CONST(0x50a51ac8, 0x34b9ec24, 0x4b0dff66, 0x5588b13e, 0x9984d5b3, 0xcf80ef0f, 0xd6a23766, 0xa3ee9f22)},
3557 {
SECP256K1_SCALAR_CONST(0xcb9f1d35, 0xdd4416c2, 0xcd71bf3f, 0x6365da66, 0x3c9b3376, 0x8feb7ae9, 0x32a5ef60, 0x19199ec3),
3558 SECP256K1_SCALAR_CONST(0x1d7c7bba, 0xf1893d53, 0xb834bd09, 0x36b411dc, 0x42c2e42f, 0xec72c428, 0x5e189791, 0x8e9bc708)},
3560 {
SECP256K1_SCALAR_CONST(0x7e3c993d, 0xa4272488, 0xbc015b49, 0x2db54174, 0xd382083a, 0xebe6db35, 0x80f82eff, 0xcd132c72),
3561 SECP256K1_SCALAR_CONST(0x086f34a0, 0x3e631f76, 0x77418f28, 0xcc84ac95, 0x6304439d, 0x365db268, 0x312c6ded, 0xd0b934f8)},
3563 {
SECP256K1_SCALAR_CONST(0xbad7e587, 0x3f307859, 0x60d93147, 0x8a18491e, 0xb38a9fd5, 0x254350d3, 0x4b1f0e4b, 0x7dd6edc4),
3564 SECP256K1_SCALAR_CONST(0x89f2df26, 0x39e2b041, 0xf19bd876, 0xd039c8ac, 0xc2223add, 0x29c4943e, 0x6632d908, 0x515f467b)},
3566 {
SECP256K1_SCALAR_CONST(0x1950d757, 0xb37a5809, 0x435059bb, 0x0bb8997e, 0x07e1e3c8, 0x5e5d7d2c, 0x6a0ed8e3, 0xdbde180e),
3567 SECP256K1_SCALAR_CONST(0xbf72af9b, 0x750309e2, 0x8dda230b, 0xfe432b93, 0x7e25e475, 0x4388251e, 0x633d894b, 0x3bcb6f8c)},
3568 {
SECP256K1_SCALAR_CONST(0x9bccf4e7, 0xc5a515e3, 0x50637aa9, 0xbb65a13f, 0x391749a1, 0x62de7d4e, 0xf6d7eabb, 0x3cd10ce0),
3569 SECP256K1_SCALAR_CONST(0xaf2d5623, 0xb6385a33, 0xcd0365be, 0x5e92a70d, 0x7f09179c, 0x3baaf30f, 0x8f9cc83b, 0x20092f67)},
3570 {
SECP256K1_SCALAR_CONST(0x73a57111, 0xb242952a, 0x5c5dee59, 0xf3be2ace, 0xa30a7659, 0xa46e5f47, 0xd21267b1, 0x39e642c9),
3571 SECP256K1_SCALAR_CONST(0xa711df07, 0xcbcf13ef, 0xd61cc6be, 0xbcd058ce, 0xb02cf157, 0x272d4a18, 0x86d0feb3, 0xcd5fa004)},
3572 {
SECP256K1_SCALAR_CONST(0x04884963, 0xce0580b1, 0xba547030, 0x3c691db3, 0x9cd2c84f, 0x24c7cebd, 0x97ebfdba, 0x3e785ec2),
3573 SECP256K1_SCALAR_CONST(0xaaaaaf14, 0xd7c99ba7, 0x517ce2c1, 0x78a28b4c, 0x3769a851, 0xe5c5a03d, 0x4cc28f33, 0x0ec4dc5d)},
3574 {
SECP256K1_SCALAR_CONST(0x1679ed49, 0x21f537b1, 0x815cb8ae, 0x9efc511c, 0x5b9fa037, 0x0b0f275e, 0x6c985281, 0x6c4a9905),
3575 SECP256K1_SCALAR_CONST(0xb14ac3d5, 0x62b52999, 0xef34ead1, 0xffca4998, 0x0294341a, 0x1f8172aa, 0xea1624f9, 0x302eea62)},
3576 {
SECP256K1_SCALAR_CONST(0x626b37c0, 0xf0057c35, 0xee982f83, 0x452a1fd3, 0xea826506, 0x48b08a9d, 0x1d2c4799, 0x4ad5f6ec),
3577 SECP256K1_SCALAR_CONST(0xe38643b7, 0x567bfc2f, 0x5d2f1c15, 0xe327239c, 0x07112443, 0x69509283, 0xfd98e77a, 0xdb71c1e8)},
3578 {
SECP256K1_SCALAR_CONST(0x1850a3a7, 0x759efc56, 0x54f287b2, 0x14d1234b, 0xe263bbc9, 0xcf4d8927, 0xd5f85f27, 0x965bd816),
3579 SECP256K1_SCALAR_CONST(0x3b071831, 0xcac9619a, 0xcceb0596, 0xf614d63b, 0x95d0db2f, 0xc6a00901, 0x8eaa2621, 0xabfa0009)},
3580 {
SECP256K1_SCALAR_CONST(0x94ae5d06, 0xa27dc400, 0x487d72be, 0xaa51ebed, 0xe475b5c0, 0xea675ffc, 0xf4df627a, 0xdca4222f),
3581 SECP256K1_SCALAR_CONST(0x01b412ed, 0xd7830956, 0x1532537e, 0xe5e3dc99, 0x8fd3930a, 0x54f8d067, 0x32ef5760, 0x594438a5)},
3582 {
SECP256K1_SCALAR_CONST(0x1f24278a, 0xb5bfe374, 0xa328dbbc, 0xebe35f48, 0x6620e009, 0xd58bb1b4, 0xb5a6bf84, 0x8815f63a),
3583 SECP256K1_SCALAR_CONST(0xfe928416, 0xca5ba2d3, 0xfde513da, 0x903a60c7, 0x9e58ad8a, 0x8783bee4, 0x083a3843, 0xa608c914)},
3584 {
SECP256K1_SCALAR_CONST(0xdc107d58, 0x274f6330, 0x67dba8bc, 0x26093111, 0x5201dfb8, 0x968ce3f5, 0xf34d1bd4, 0xf2146504),
3585 SECP256K1_SCALAR_CONST(0x660cfa90, 0x13c3d93e, 0x7023b1e5, 0xedd09e71, 0x6d9c9d10, 0x7a3d2cdb, 0xdd08edc3, 0xaa78fcfb)},
3586 {
SECP256K1_SCALAR_CONST(0x7cd1e905, 0xc6f02776, 0x2f551cc7, 0x5da61cff, 0x7da05389, 0x1119d5a4, 0x631c7442, 0x894fd4f7),
3587 SECP256K1_SCALAR_CONST(0xff20862a, 0x9d3b1a37, 0x1628803b, 0x3004ccae, 0xaa23282a, 0xa89a1109, 0xd94ece5e, 0x181bdc46)},
3588 {
SECP256K1_SCALAR_CONST(0x5b9dade8, 0x23d26c58, 0xcd12d818, 0x25b8ae97, 0x3dea04af, 0xf482c96b, 0xa062f254, 0x9e453640),
3589 SECP256K1_SCALAR_CONST(0x50c38800, 0x15fa53f4, 0xbe1e5392, 0x5c9b120a, 0x262c22c7, 0x18fa0816, 0x5f2baab4, 0x8cb5db46)},
3590 {
SECP256K1_SCALAR_CONST(0x11cdaeda, 0x969c464b, 0xef1f4ab0, 0x5b01d22e, 0x656fd098, 0x882bea84, 0x65cdbe7a, 0x0c19ff03),
3591 SECP256K1_SCALAR_CONST(0x1968d0fa, 0xac46f103, 0xb55f1f72, 0xb3820bed, 0xec6b359a, 0x4b1ae0ad, 0x7e38e1fb, 0x295ccdfb)},
3592 {
SECP256K1_SCALAR_CONST(0x2c351aa1, 0x26e91589, 0x194f8a1e, 0x06561f66, 0x0cb97b7f, 0x10914454, 0x134d1c03, 0x157266b4),
3593 SECP256K1_SCALAR_CONST(0xbe49ada6, 0x92bd8711, 0x41b176c4, 0xa478ba95, 0x14883434, 0x9d1cd6f3, 0xcc4b847d, 0x22af80f5)},
3594 {
SECP256K1_SCALAR_CONST(0x6ba07c6e, 0x13a60edb, 0x6247f5c3, 0x84b5fa56, 0x76fe3ec5, 0x80426395, 0xf65ec2ae, 0x623ba730),
3595 SECP256K1_SCALAR_CONST(0x25ac23f7, 0x418cd747, 0x98376f9d, 0x4a11c7bf, 0x24c8ebfe, 0x4c8a8655, 0x345f4f52, 0x1c515595)},
3596 {
SECP256K1_SCALAR_CONST(0x9397a712, 0x8abb6951, 0x2d4a3d54, 0x703b1c2a, 0x0661dca8, 0xd75c9b31, 0xaed4d24b, 0xd2ab2948),
3597 SECP256K1_SCALAR_CONST(0xc52e8bef, 0xd55ce3eb, 0x1c897739, 0xeb9fb606, 0x36b9cd57, 0x18c51cc2, 0x6a87489e, 0xffd0dcf3)},
3598 {
SECP256K1_SCALAR_CONST(0xe6a808cc, 0xeb437888, 0xe97798df, 0x4e224e44, 0x7e3b380a, 0x207c1653, 0x889f3212, 0xc6738b6f),
3599 SECP256K1_SCALAR_CONST(0x31f9ae13, 0xd1e08b20, 0x757a2e5e, 0x5243a0eb, 0x8ae35f73, 0x19bb6122, 0xb910f26b, 0xda70aa55)},
3600 {
SECP256K1_SCALAR_CONST(0xd0320548, 0xab0effe7, 0xa70779e0, 0x61a347a6, 0xb8c1e010, 0x9d5281f8, 0x2ee588a6, 0x80000000),
3601 SECP256K1_SCALAR_CONST(0x1541897e, 0x78195c90, 0x7583dd9e, 0x728b6100, 0xbce8bc6d, 0x7a53b471, 0x5dcd9e45, 0x4425fcaf)},
3602 {
SECP256K1_SCALAR_CONST(0x93d623f1, 0xd45b50b0, 0x796e9186, 0x9eac9407, 0xd30edc20, 0xef6304cf, 0x250494e7, 0xba503de9),
3603 SECP256K1_SCALAR_CONST(0x7026d638, 0x1178b548, 0x92043952, 0x3c7fb47c, 0xcd3ea236, 0x31d82b01, 0x612fc387, 0x80b9b957)},
3604 {
SECP256K1_SCALAR_CONST(0xf860ab39, 0x55f5d412, 0xa4d73bcc, 0x3b48bd90, 0xc248ffd3, 0x13ca10be, 0x8fba84cc, 0xdd28d6a3),
3605 SECP256K1_SCALAR_CONST(0x5c32fc70, 0xe0b15d67, 0x76694700, 0xfe62be4d, 0xeacdb229, 0x7a4433d9, 0x52155cd0, 0x7649ab59)},
3606 {
SECP256K1_SCALAR_CONST(0x4e41311c, 0x0800af58, 0x7a690a8e, 0xe175c9ba, 0x6981ab73, 0xac532ea8, 0x5c1f5e63, 0x6ac1f189),
3607 SECP256K1_SCALAR_CONST(0xfffffff9, 0xd075982c, 0x7fbd3825, 0xc05038a2, 0x4533b91f, 0x94ec5f45, 0xb280b28f, 0x842324dc)},
3608 {
SECP256K1_SCALAR_CONST(0x48e473bf, 0x3555eade, 0xad5d7089, 0x2424c4e4, 0x0a99397c, 0x2dc796d8, 0xb7a43a69, 0xd0364141),
3609 SECP256K1_SCALAR_CONST(0x634976b2, 0xa0e47895, 0x1ec38593, 0x266d6fd0, 0x6f602644, 0x9bb762f1, 0x7180c704, 0xe23a4daa)},
3610 {
SECP256K1_SCALAR_CONST(0xbe83878d, 0x3292fc54, 0x26e71c62, 0x556ccedc, 0x7cbb8810, 0x4032a720, 0x34ead589, 0xe4d6bd13),
3611 SECP256K1_SCALAR_CONST(0x6cd150ad, 0x25e59d0f, 0x74cbae3d, 0x6377534a, 0x1e6562e8, 0xb71b9d18, 0xe1e5d712, 0x8480abb3)},
3612 {
SECP256K1_SCALAR_CONST(0xcdddf2e5, 0xefc15f88, 0xc9ee06de, 0x8a846ca9, 0x28561581, 0x68daa5fb, 0xd1cf3451, 0xeb1782d0),
3613 SECP256K1_SCALAR_CONST(0xffffffd9, 0xed8d2af4, 0x993c865a, 0x23e9681a, 0x3ca3a3dc, 0xe6d5a46e, 0xbd86bd87, 0x61b55c70)},
3614 {
SECP256K1_SCALAR_CONST(0xb6a18f1f, 0x04872df9, 0x08165ec4, 0x319ca19c, 0x6c0359ab, 0x1f7118fb, 0xc2ef8082, 0xca8b7785),
3615 SECP256K1_SCALAR_CONST(0xff55b19b, 0x0f1ac78c, 0x0f0c88c2, 0x2358d5ad, 0x5f455e4e, 0x3330b72f, 0x274dc153, 0xffbf272b)},
3616 {
SECP256K1_SCALAR_CONST(0xea4898e5, 0x30eba3e8, 0xcf0e5c3d, 0x06ec6844, 0x01e26fb6, 0x75636225, 0xc5d08f4c, 0x1decafa0),
3617 SECP256K1_SCALAR_CONST(0xe5a014a8, 0xe3c4ec1e, 0xea4f9b32, 0xcfc7b386, 0x00630806, 0x12c08d02, 0x6407ccc2, 0xb067d90e)},
3618 {
SECP256K1_SCALAR_CONST(0x70e9aea9, 0x7e933af0, 0x8a23bfab, 0x23e4b772, 0xff951863, 0x5ffcf47d, 0x6bebc918, 0x2ca58265),
3619 SECP256K1_SCALAR_CONST(0xf4e00006, 0x81bc6441, 0x4eb6ec02, 0xc194a859, 0x80ad7c48, 0xba4e9afb, 0x8b6bdbe0, 0x989d8f77)},
3620 {
SECP256K1_SCALAR_CONST(0x3c56c774, 0x46efe6f0, 0xe93618b8, 0xf9b5a846, 0xd247df61, 0x83b1e215, 0x06dc8bcc, 0xeefc1bf5),
3621 SECP256K1_SCALAR_CONST(0xfff8937a, 0x2cd9586b, 0x43c25e57, 0xd1cefa7a, 0x9fb91ed3, 0x95b6533d, 0x8ad0de5b, 0xafb93f00)},
3622 {
SECP256K1_SCALAR_CONST(0xfb5c2772, 0x5cb30e83, 0xe38264df, 0xe4e3ebf3, 0x392aa92e, 0xa68756a1, 0x51279ac5, 0xb50711a8),
3623 SECP256K1_SCALAR_CONST(0x000013af, 0x1105bfe7, 0xa6bbd7fb, 0x3d638f99, 0x3b266b02, 0x072fb8bc, 0x39251130, 0x2e0fd0ea)}
3625 int i, var, testrand;
3626 unsigned char b32[32];
3629 memset(b32, 0,
sizeof(b32));
3631 for (i = 0; (size_t)i <
sizeof(fe_cases)/
sizeof(fe_cases[0]); ++i) {
3632 for (var = 0; var <= 1; ++var) {
3639 for (i = 0; (size_t)i <
sizeof(scalar_cases)/
sizeof(scalar_cases[0]); ++i) {
3640 for (var = 0; var <= 1; ++var) {
3648 for (i = 0; i < 1000; ++i) {
3650 b32[30] = (i >> 8) & 0xff;
3653 for (var = 0; var <= 1; ++var) {
3659 for (var = 0; var <= 1; ++var) {
3665 for (testrand = 0; testrand <= 1; ++testrand) {
3666 for (i = 0; i < 64 *
COUNT; ++i) {
3670 for (var = 0; var <= 1; ++var) {
3719 for (i = 0; i < runs; i++) {
3723 if (i >= runs - 2) {
3727 if (i >= runs - 1) {
3738 for (j = 0; j < 4; j++) {
3746 for (j = 0; j < 4; ++j) {
3747 for (
k = 0;
k < 4; ++
k) {
3748 int expect_equal = (j >> 1) == (
k >> 1);
3767 for (i1 = 0; i1 < 1 + 4 * runs; i1++) {
3769 for (i2 = 0; i2 < 1 + 4 * runs; i2++) {
3809 if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) {
3826 if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) {
3848 for (i = 0; i < 4 * runs + 1; i++) {
3849 gej_shuffled[i] = gej[i];
3851 for (i = 0; i < 4 * runs + 1; i++) {
3855 gej_shuffled[i] = gej_shuffled[swap];
3856 gej_shuffled[swap] =
t;
3859 for (i = 0; i < 4 * runs + 1; i++) {
3870 for (i = 0; i < 4 * runs + 1; i++) {
3880 for (i = 1; i < 4 * runs + 1; i++) {
3892 int ret_on_curve, ret_frac_on_curve, ret_set_xo;
3897 CHECK(ret_on_curve == ret_frac_on_curve);
3898 CHECK(ret_on_curve == ret_set_xo);
3903 for (i = 0; i < 4 * runs + 1; i++) {
3907 CHECK(odd == 0 || odd == 1);
3917 for (i = 0; i < 4 * runs + 1; i++) {
3922 for (i = 0; i < 4 * runs + 1; i++) {
3928 for (i = 0; i < 4 * runs + 1; i++) {
3993 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30,
3994 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb,
3995 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8,
3996 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d
3999 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86,
4000 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7,
4001 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57,
4002 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2
4005 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027,
4006 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a,
4007 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08,
4008 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe
4030 for (i = 0; i <
COUNT * 32; i++) {
4050 for (i = 0; i <
COUNT; i++) {
4068 for (i = 0; i <
COUNT; i++) {
4090 for (i = 1; i <= 6; i++) {
4097 d[i - 1] = &data[i - 1];
4108 for (i = 0; i <
COUNT * 8; i++) {
4119 int res_even, res_odd;
4126 CHECK(res_even == res_odd);
4150 for (i = 0; i <
COUNT * 4; i++) {
4183 for (i = 1; i < n; ++i) {
4225 for (i = 0; i < 128; ++i) {
4236 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3,
4237 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004,
4238 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f,
4239 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f
4243 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c,
4244 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407
4247 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9,
4248 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de
4263 for (i = 0; i < 200*
COUNT; i++) {
4279 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE,
4280 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830,
4281 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D,
4282 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88
4298 unsigned char pub[65];
4332 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fc),
4333 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fd),
4334 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fe),
4335 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6ff),
4336 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632d),
4337 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632e),
4338 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632f),
4339 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf76330),
4340 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b209f),
4341 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a0),
4342 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a1),
4343 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a2),
4344 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede11),
4345 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede12),
4346 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede13),
4347 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede14),
4348 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a42),
4349 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a43),
4350 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a44),
4351 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a45)
4376 }
else if (mode == 1) {
4395 for (i = 0; i < 4*
COUNT; ++i) {
4408 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C,
4409 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45
4411 for (i = 0; i < 500; i++) {
4428 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b,
4429 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a,
4430 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c,
4431 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d
4435 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327,
4436 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b
4440 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd,
4441 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786,
4442 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f,
4443 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956
4530 for (i = 0; i < cases; ++i) {
4546 for (i = 0; i < 2*
COUNT; ++i) {
4576 for (i = 0; i < 2*
COUNT; ++i) {
4600 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d,
4601 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b
4604 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd,
4605 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f,
4606 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196,
4607 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435
4614 for (i = 0; i < 100; ++i) {
4639 *sc = data->
sc[idx];
4640 *pt = data->
pt[idx];
4667 for (ncount = 0; ncount <
COUNT; ncount++) {
4703 for (ncount = 0; ncount <
COUNT; ncount++) {
4706 size_t sizes[] = { 2, 10, 32 };
4708 for (j = 0; j < 3; j++) {
4709 for (i = 0; i < 32; i++) {
4717 for (j = 0; j < 3; j++) {
4718 for (i = 0; i < 32; i++) {
4727 for (j = 0; j < 3; j++) {
4729 for (i = 0; i < 16; i++) {
4733 pt[2 * i + 1] = ptg;
4740 for (i = 0; i < 16; i++) {
4756 for (i = 1; i < 32; i++) {
4769 for (ncount = 0; ncount <
COUNT; ncount++) {
4774 for (i = 0; i < 20; i++) {
4788 for (ncount = 0; ncount <
COUNT; ncount++) {
4796 for (i = 0; i < 20; i++) {
4809 for (ncount = 0; ncount < 20; ncount++) {
4826 const size_t TOP = 8;
4835 for(t0i = 0; t0i < TOP; t0i++) {
4836 for(t1i = 0; t1i < TOP; t1i++) {
4848 for(s0i = 0; s0i < TOP; s0i++) {
4849 for(s1i = 0; s1i < TOP; s1i++) {
4917 int g_nonzero = num_nonzero == 0 ? nonzero_result :
4918 num_nonzero == 1 && !nonzero_result ? 1 :
4926 if (rands > num_nonzero) rands = num_nonzero;
4935 if (!nonzero_result) {
4937 CHECK(num_nonzero > filled);
4948 if (nonzero_result && filled < num_nonzero) {
4956 if (nonzero_result) {
4960 mults += filled + g_nonzero;
4964 CHECK(filled <= 1 + !nonzero_result);
4965 CHECK(filled <= num_nonzero);
4969 while (filled < num) {
4984 for (i = 0; i < rands; ++i) {
4988 for (j = 0; j < num_nonzero; ++j) {
4993 gejs[j] = gejs[j +
k];
4994 scalars[j] = scalars[j +
k];
4996 scalars[j +
k] = sc;
5001 for (j = 0; j + 1 < num_nonzero; j += 2) {
5008 CHECK(num_nonzero >= 1);
5012 secp256k1_ecmult(&gejs[num_nonzero - 1], &gejs[num_nonzero - 1], &iv, NULL);
5017 for (i = 0; i < num; ++i) {
5022 gejs[i] = gejs[i + j];
5023 scalars[i] = scalars[i + j];
5025 scalars[i + j] = sc;
5035 mults += num_nonzero + g_nonzero;
5083 size_t n_points_supported;
5084 int bucket_window = 0;
5086 for(; scratch_size < max_size; scratch_size+=256) {
5091 CHECK(scratch != NULL);
5094 if (n_points_supported == 0) {
5113 size_t n_batches, n_batch_points, max_n_batch_points, n;
5115 max_n_batch_points = 0;
5119 max_n_batch_points = 1;
5122 CHECK(n_batches == 0);
5123 CHECK(n_batch_points == 0);
5125 max_n_batch_points = 2;
5128 CHECK(n_batches == 3);
5129 CHECK(n_batch_points == 2);
5134 CHECK(n_batches == 1);
5140 CHECK(n_batches == 2);
5143 max_n_batch_points = 1;
5146 CHECK(n_batches == SIZE_MAX);
5147 CHECK(n_batch_points == 1);
5149 max_n_batch_points = 2;
5152 CHECK(n_batches == SIZE_MAX/2 + 1);
5153 CHECK(n_batch_points == 2);
5176 for(i = 0; i < n_points; i++) {
5207 for(i = 1; i <= n_points; i++) {
5227 int64_t todo = (int64_t)320 *
COUNT;
5262 for (i = bits-1; i >= 0; i--) {
5266 CHECK(zeroes == -1 || zeroes >= w-1);
5268 CHECK((v & 1) == 1);
5269 CHECK(v <= (1 << (w-1)) - 1);
5270 CHECK(v >= -(1 << (w-1)) - 1);
5272 CHECK(zeroes != -1);
5288 int wnaf[256] = {0};
5302 CHECK(v == 0 || v & 1);
5303 CHECK(v > -(1 << w));
5304 CHECK(v < (1 << w));
5325 CHECK(wnaf[i] == 0);
5327 for (i = 7; i >= 0; --i) {
5328 CHECK(wnaf[i] == wnaf_expected[i]);
5334 int wnaf[256] = {0};
5353 CHECK(wnaf[0] == 1);
5357 int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf };
5364 int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf };
5371 int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 };
5378 int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 };
5393 for (i = 0; i <
COUNT; i++) {
5417 unsigned char bytes[65];
5435 const unsigned char zerobyte[1] = {0};
5456 unsigned char b32[32];
5462 static const unsigned char expected32[32] = {
5463 0xe4, 0x71, 0x1b, 0x4d, 0x14, 0x1e, 0x68, 0x48,
5464 0xb7, 0xaf, 0x47, 0x2b, 0x4c, 0xd2, 0x04, 0x14,
5465 0x3a, 0x75, 0x87, 0x60, 0x1a, 0xf9, 0x63, 0x60,
5466 0xd0, 0xcb, 0x1f, 0xaa, 0x85, 0x9a, 0xb7, 0xb4
5469 for (i = 0; i <= 36; ++i) {
5475 for (i = 0; i < 256; ++i) {
5476 for (j = 1; j < 256; j += 2) {
5499 unsigned char b32[32];
5500 unsigned char inp[6];
5505 inp[1] = (
prefix >> 8) & 0xFF;
5506 inp[2] = (
prefix >> 16) & 0xFF;
5507 inp[3] = (
prefix >> 24) & 0xFF;
5516 for (i = 0; i < iter; ++i) {
5519 inp[5] = (i >> 8) & 0xff;
5535 static const unsigned char expected32_6bit20[32] = {
5536 0x68, 0xb6, 0xed, 0x6f, 0x28, 0xca, 0xc9, 0x7f,
5537 0x8e, 0x8b, 0xd6, 0xc0, 0x61, 0x79, 0x34, 0x6e,
5538 0x5a, 0x8f, 0x2b, 0xbc, 0x3e, 0x1f, 0xc5, 0x2e,
5539 0x2a, 0xd0, 0x45, 0x67, 0x7f, 0x95, 0x95, 0x8e
5541 static const unsigned char expected32_8bit8[32] = {
5542 0x8b, 0x65, 0x8e, 0xea, 0x86, 0xae, 0x3c, 0x95,
5543 0x90, 0xb6, 0x77, 0xa4, 0x8c, 0x76, 0xd9, 0xec,
5544 0xf5, 0xab, 0x8a, 0x2f, 0xfd, 0xdb, 0x19, 0x12,
5545 0x1a, 0xee, 0xe6, 0xb7, 0x6e, 0x05, 0x3f, 0xc6
5570 unsigned char seed32[32];
5604 for (i = 0; i < 10; i++) {
5612 const unsigned char zero[32] = {0};
5613 unsigned char tmp[32];
5648 for (i = 0; i < 100U *
COUNT; ++i) {
5659 unsigned char pubkeyc[65];
5664 for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) {
5667 memcpy(&pubkeyc[1], input, 64);
5669 for (i = 0; i < 256; i++) {
5676 ysign = (input[63] & 1) + 2;
5678 xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2);
5680 ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) &&
5681 ((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65));
5682 if (xpass || ypass) {
5684 unsigned char pubkeyo[65];
5686 memset(&pubkey, 0,
sizeof(pubkey));
5696 CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0]));
5699 CHECK(pubkeyo[0] == ysign);
5701 memset(&pubkey, 0,
sizeof(pubkey));
5710 CHECK(pubkeyo[0] == 4);
5715 memset(&pubkey, 0xfe,
sizeof(pubkey));
5726 #define SECP256K1_EC_PARSE_TEST_NVALID (12)
5730 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52,
5731 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5732 0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83,
5733 0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00
5737 0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9,
5738 0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee,
5739 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
5740 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
5744 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5745 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
5746 0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e,
5747 0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d,
5751 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5752 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
5753 0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1,
5754 0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2,
5758 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5759 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5760 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
5761 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
5765 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5766 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5767 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
5768 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
5772 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
5773 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
5774 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5775 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
5779 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
5780 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
5781 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5782 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
5786 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
5787 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
5788 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5789 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
5793 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
5794 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
5795 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5796 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5800 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
5801 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
5802 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5803 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5807 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
5808 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
5809 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5810 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
5813 #define SECP256K1_EC_PARSE_TEST_NXVALID (4)
5817 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
5818 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
5819 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5820 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
5824 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
5825 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
5826 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5827 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
5831 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
5832 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
5833 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5834 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
5838 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5839 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5840 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5841 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
5844 #define SECP256K1_EC_PARSE_TEST_NINVALID (7)
5848 0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c,
5849 0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53,
5850 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5851 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
5855 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5856 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
5857 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
5858 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
5862 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5863 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
5864 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
5865 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
5869 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5870 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
5871 0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f,
5872 0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28,
5876 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
5877 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
5878 0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0,
5879 0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07,
5883 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5884 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5885 0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d,
5886 0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc,
5890 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5891 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5892 0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2,
5893 0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53
5896 const unsigned char pubkeyc[66] = {
5898 0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B,
5899 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17,
5900 0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08,
5901 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4,
5904 unsigned char sout[65];
5905 unsigned char shortkey[2] = { 0 };
5914 memset(&pubkey, 0xfe,
sizeof(pubkey));
5921 for (i = 0; i < 256 ; i++) {
5922 memset(&pubkey, 0xfe,
sizeof(pubkey));
5931 for (i = 0; i < 65536 ; i++) {
5932 memset(&pubkey, 0xfe,
sizeof(pubkey));
5933 shortkey[0] = i & 255;
5934 shortkey[1] = i >> 8;
5940 memset(&pubkey, 0xfe,
sizeof(pubkey));
5949 memset(&pubkey, 0xfe,
sizeof(pubkey));
5955 memset(&pubkey, 0xfe,
sizeof(pubkey));
5961 memset(&pubkey, 0xfe,
sizeof(pubkey));
5967 memset(&pubkey, 0,
sizeof(pubkey));
6011 const unsigned char orderc[32] = {
6012 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6013 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
6014 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
6015 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41
6018 unsigned char ctmp[33];
6019 unsigned char ctmp2[33];
6033 memset(ctmp, 255, 32);
6035 memset(&pubkey, 1,
sizeof(pubkey));
6041 memset(ctmp, 0, 32);
6043 memset(&pubkey, 1,
sizeof(pubkey));
6051 memset(&pubkey, 0,
sizeof(pubkey));
6056 pubkey_one = pubkey;
6058 memcpy(ctmp, orderc, 32);
6061 memset(&pubkey, 1,
sizeof(pubkey));
6069 memset(&pubkey, 0,
sizeof(pubkey));
6074 pubkey_negone = pubkey;
6076 memset(ctmp2, 0, 32);
6079 memcpy(&pubkey2, &pubkey,
sizeof(pubkey));
6087 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6090 memcpy(ctmp, orderc, 32);
6091 memset(ctmp2, 0, 32);
6097 memcpy(ctmp, orderc, 32);
6102 memcpy(ctmp, orderc, 32);
6106 memcpy(ctmp, orderc, 32);
6110 memcpy(ctmp, orderc, 32);
6116 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6119 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6123 memcpy(ctmp, orderc, 32);
6125 memset(ctmp2, 0, 32);
6132 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6148 memset(&pubkey, 0, 32);
6151 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6152 memset(&pubkey2, 0, 32);
6158 memset(ctmp2, 0, 32);
6162 memset(ctmp2, 0, 32);
6166 memset(ctmp2, 0, 32);
6169 memset(ctmp2, 0, 32);
6174 memset(&pubkey, 1,
sizeof(pubkey));
6178 pubkeys[0] = &pubkey_one;
6194 pubkeys[0] = &pubkey_negone;
6205 pubkeys[0] = &pubkey_one;
6206 pubkeys[1] = &pubkey_negone;
6213 pubkeys[2] = &pubkey_one;
6224 pubkeys[1] = &pubkey_one;
6233 unsigned char seckey[32];
6234 unsigned char seckey_tmp[32];
6237 memcpy(seckey_tmp, seckey, 32);
6251 memset(seckey, 0, 32);
6252 memset(seckey_tmp, 0, 32);
6261 memset(seckey, 0xFF, 16);
6262 memset(seckey_tmp, 0, 32);
6291 CHECK(recid >= 0 && recid < 4);
6303 for (i = 0; i < 10*
COUNT; i++) {
6309 static int precomputed_nonce_function(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *data,
unsigned int counter) {
6313 memcpy(nonce32, data, 32);
6314 return (counter == 0);
6317 static int nonce_function_test_fail(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *data,
unsigned int counter) {
6325 static int nonce_function_test_retry(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *data,
unsigned int counter) {
6328 memset(nonce32, counter==0 ? 0 : 255, 32);
6335 static const unsigned char order[] = {
6336 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
6337 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
6338 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
6339 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41
6341 memcpy(nonce32, order, 32);
6361 unsigned char extra[32] = {0x00};
6362 unsigned char privkey[32];
6363 unsigned char message[32];
6364 unsigned char privkey2[32];
6367 unsigned char sig[74];
6369 unsigned char pubkeyc[65];
6370 size_t pubkeyclen = 65;
6373 unsigned char seckey[300];
6374 size_t seckeylen = 300;
6391 memset(&pubkey, 0,
sizeof(pubkey));
6395 memcpy(&pubkey_tmp, &pubkey,
sizeof(pubkey));
6411 unsigned char rnd[32];
6412 unsigned char privkey_tmp[32];
6415 memcpy(privkey_tmp, privkey, 32);
6420 CHECK(ret1 == ret2);
6421 CHECK(ret2 == ret3);
6435 unsigned char rnd[32];
6436 unsigned char privkey_tmp[32];
6439 memcpy(privkey_tmp, privkey, 32);
6444 CHECK(ret1 == ret2);
6445 CHECK(ret2 == ret3);
6494 memset(&signature[0], 0,
sizeof(signature[0]));
6508 unsigned char in[65];
6529 unsigned char out[65];
6530 unsigned char firstb;
6539 if ((in[0] != 6) && (in[0] != 7)) {
6550 if (firstb == 2 || firstb == 3) {
6551 if (in[0] == firstb + 4) {
6566 unsigned char pk1_ser[33] = {
6568 0x58, 0x84, 0xb3, 0xa2, 0x4b, 0x97, 0x37, 0x88, 0x92, 0x38, 0xa6, 0x26, 0x62, 0x52, 0x35, 0x11,
6569 0xd0, 0x9a, 0xa1, 0x1b, 0x80, 0x0b, 0x5e, 0x93, 0x80, 0x26, 0x11, 0xef, 0x67, 0x4b, 0xd9, 0x23
6571 const unsigned char pk2_ser[33] = {
6573 0xde, 0x36, 0x0e, 0x87, 0x59, 0x8f, 0x3c, 0x01, 0x36, 0x2a, 0x2a, 0xb8, 0xc6, 0xf4, 0x5e, 0x4d,
6574 0xb2, 0xc2, 0xd5, 0x03, 0xa7, 0xf9, 0xf1, 0x4f, 0xa8, 0xfa, 0x95, 0xa8, 0xe9, 0x69, 0x76, 0x1c
6590 memset(&pk_tmp, 0,
sizeof(pk_tmp));
6612 for (i = 0; i < 10*
COUNT; i++) {
6619 for (i = 0; i < 64*
COUNT; i++) {
6624 static int test_ecdsa_der_parse(
const unsigned char *sig,
size_t siglen,
int certainly_der,
int certainly_not_der) {
6625 static const unsigned char zeroes[32] = {0};
6630 unsigned char roundtrip_der[2048];
6631 unsigned char compact_der[64];
6632 size_t len_der = 2048;
6633 int parsed_der = 0, valid_der = 0, roundtrips_der = 0;
6636 unsigned char roundtrip_der_lax[2048];
6637 unsigned char compact_der_lax[64];
6638 size_t len_der_lax = 2048;
6639 int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0;
6652 if (parsed_der_lax) {
6656 if (valid_der_lax) {
6658 roundtrips_der_lax = (len_der_lax == siglen) &&
secp256k1_memcmp_var(roundtrip_der_lax, sig, siglen) == 0;
6661 if (certainly_der) {
6662 ret |= (!parsed_der) << 2;
6664 if (certainly_not_der) {
6665 ret |= (parsed_der) << 17;
6668 ret |= (!roundtrips_der) << 3;
6672 ret |= (!roundtrips_der_lax) << 12;
6673 ret |= (len_der != len_der_lax) << 13;
6674 ret |= ((len_der != len_der_lax) || (
secp256k1_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14;
6676 ret |= (roundtrips_der != roundtrips_der_lax) << 15;
6678 ret |= (!parsed_der_lax) << 16;
6686 for (i = 0; i < ptrlen; i++) {
6687 int shift = ptrlen - 1 - i;
6691 ptr[i] = (val >> shift) & 0xFF;
6699 if (action < 1 && *len > 3) {
6702 memmove(sig + pos, sig + pos + 1, *len - pos - 1);
6705 }
else if (action < 2 && *len < 2048) {
6708 memmove(sig + pos + 1, sig + pos, *len - pos);
6712 }
else if (action < 4) {
6725 int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2];
6726 size_t tlen, elen, glen;
6732 *certainly_der = der;
6733 *certainly_not_der = 0;
6736 for (n = 0; n < 2; n++) {
6741 CHECK(nlen[n] <= 232);
6748 if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) {
6749 *certainly_not_der = 1;
6751 CHECK(nlen[n] + nzlen[n] <= 300);
6753 nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2);
6759 *certainly_not_der = 1;
6762 CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427);
6766 tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1];
6772 *certainly_not_der = 1;
6780 *certainly_not_der = 1;
6782 CHECK(tlen + glen <= 990);
6785 sig[(*len)++] = 0x30;
6788 sig[(*len)++] = 0x80;
6789 *certainly_not_der = 1;
6791 int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2);
6796 *certainly_not_der = 1;
6801 sig[(*len)++] = tlen;
6804 sig[(*len)++] = 128 + tlenlen;
6811 CHECK(tlen + glen <= 1119);
6813 for (n = 0; n < 2; n++) {
6815 sig[(*len)++] = 0x02;
6816 if (nlenlen[n] == 0) {
6818 sig[(*len)++] = nlen[n] + nzlen[n];
6821 sig[(*len)++] = 128 + nlenlen[n];
6826 while (nzlen[n] > 0) {
6827 sig[(*len)++] = 0x00;
6830 if (nlen[n] == 32 && !nlow[n]) {
6833 for (i = 0; i < 16; i++) {
6834 sig[(*len)++] = 0xFF;
6840 sig[(*len)++] = nhbyte[n];
6859 CHECK(tlen + glen <= 1121);
6865 CHECK(tlen <= 1121);
6866 CHECK(tlen == *len);
6871 for (i = 0; i < 200 *
COUNT; i++) {
6872 unsigned char buffer[2048];
6874 int certainly_der = 0;
6875 int certainly_not_der = 0;
6877 CHECK(buflen <= 2048);
6878 for (j = 0; j < 16; j++) {
6884 certainly_not_der = 0;
6889 fprintf(stderr,
"Failure %x on ",
ret);
6890 for (
k = 0;
k < buflen;
k++) {
6891 fprintf(stderr,
"%02x ", buffer[
k]);
6893 fprintf(stderr,
"\n");
6923 const unsigned char pubkey_mods_zero[33] = {
6924 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6925 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6926 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
6927 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
6942 const unsigned char pubkey[33] = {
6943 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6944 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6945 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6946 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6961 const unsigned char pubkey[33] = {
6962 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6963 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6964 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6965 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6968 const unsigned char pubkey2[33] = {
6969 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6970 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6971 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
6972 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
6996 const unsigned char pubkey[33] = {
6997 0x02, 0x14, 0x4e, 0x5a, 0x58, 0xef, 0x5b, 0x22,
6998 0x6f, 0xd2, 0xe2, 0x07, 0x6a, 0x77, 0xcf, 0x05,
6999 0xb4, 0x1d, 0xe7, 0x4a, 0x30, 0x98, 0x27, 0x8c,
7000 0x93, 0xe6, 0xe6, 0x3c, 0x0b, 0xc4, 0x73, 0x76,
7003 const unsigned char pubkey2[33] = {
7004 0x02, 0x8a, 0xd5, 0x37, 0xed, 0x73, 0xd9, 0x40,
7005 0x1d, 0xa0, 0x33, 0xd2, 0xdc, 0xf0, 0xaf, 0xae,
7006 0x34, 0xcf, 0x5f, 0x96, 0x4c, 0x73, 0x28, 0x0f,
7007 0x92, 0xc0, 0xf6, 0x9d, 0xd9, 0xb2, 0x09, 0x10,
7010 const unsigned char csr[32] = {
7011 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7012 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7013 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
7014 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb
7038 const unsigned char pubkey[33] = {
7039 0x03, 0xaf, 0x97, 0xff, 0x7d, 0x3a, 0xf6, 0xa0,
7040 0x02, 0x94, 0xbd, 0x9f, 0x4b, 0x2e, 0xd7, 0x52,
7041 0x28, 0xdb, 0x49, 0x2a, 0x65, 0xcb, 0x1e, 0x27,
7042 0x57, 0x9c, 0xba, 0x74, 0x20, 0xd5, 0x1d, 0x20,
7045 const unsigned char csr[32] = {
7046 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7047 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7048 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
7049 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee
7071 unsigned char signature[72];
7072 static const unsigned char nonce[32] = {
7073 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7074 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7075 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7076 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7078 static const unsigned char nonce2[32] = {
7079 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
7080 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
7081 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
7082 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40
7084 const unsigned char key[32] = {
7085 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7086 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7087 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7088 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7090 unsigned char msg[32] = {
7091 0x86, 0x41, 0x99, 0x81, 0x06, 0x23, 0x44, 0x53,
7092 0xaa, 0x5f, 0x9d, 0x6a, 0x31, 0x78, 0xf4, 0xf7,
7093 0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62,
7094 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9,
7130 memset(signature, 255, 64);
7135 for (
t = 0;
t < 2;
t++) {
7136 static const unsigned char zero[32] = {0x00};
7138 unsigned char key[32];
7139 unsigned char msg[32];
7142 const unsigned char *extra;
7143 extra =
t == 0 ? NULL : zero;
7147 memset(key, 0xFF, 32);
7169 for(i = 0; i < 256; i++) {
7175 for (j = 0; j < i; j++) {
7182 for(i = 256; i < 512; i++) {
7188 for (j = 0; j < i; j++) {
7197 const unsigned char zeros[32] = {0};
7198 unsigned char nonce[32];
7199 unsigned char nonce2[32];
7200 unsigned char nonce3[32];
7201 unsigned char nonce4[32];
7225 unsigned char privkey[300];
7226 unsigned char seckey[32] = {
7227 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
7228 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
7229 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
7230 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41,
7232 size_t outlen = 300;
7255 const unsigned char *
msg, *sig, *
pk;
7256 unsigned char out[32] = {0};
7257 int actual_verify = 0;
7259 memset(&pubkey, 0,
sizeof(pubkey));
7281 #ifdef ENABLE_MODULE_ECDH
7285 #ifdef ENABLE_MODULE_RECOVERY
7289 #ifdef ENABLE_MODULE_EXTRAKEYS
7293 #ifdef ENABLE_MODULE_SCHNORRSIG
7297 #ifdef ENABLE_MODULE_ELLSWIFT
7302 unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
7303 unsigned char buf2[
sizeof(buf1)];
7306 memcpy(buf2, buf1,
sizeof(buf1));
7311 memset(buf2, 0,
sizeof(buf2));
7318 const uint32_t x = 0xFF03AB45;
7319 const unsigned char x_be[4] = {0xFF, 0x03, 0xAB, 0x45};
7320 unsigned char buf[4];
7331 const uint64_t x = 0xCAFE0123BEEF4567;
7332 const unsigned char x_be[8] = {0xCA, 0xFE, 0x01, 0x23, 0xBE, 0xEF, 0x45, 0x67};
7333 unsigned char buf[8];
7349 CHECK(r == INT_MAX);
7353 CHECK(r == INT_MAX);
7373 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7374 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
7403 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7404 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
7431 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
7432 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364140UL
7458 static const secp256k1_ge_storage zero =
SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
7459 static const secp256k1_ge_storage one =
SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1);
7461 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7462 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7463 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7464 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
7501 setbuf(stdout, NULL);
7504 setbuf(stderr, NULL);
7508 COUNT = strtol(argv[1], NULL, 0);
7510 const char* env = getenv(
"SECP256K1_TEST_ITERS");
7511 if (env && strlen(env) > 0) {
7512 COUNT = strtol(env, NULL, 0);
7516 fputs(
"An iteration count of 0 or less is not allowed.\n", stderr);
7517 return EXIT_FAILURE;
7535 unsigned char rand32[32];
7562 #ifdef SECP256K1_WIDEMUL_INT128
7617 #ifdef ENABLE_MODULE_ECDH
7632 #ifdef ENABLE_MODULE_RECOVERY
7637 #ifdef ENABLE_MODULE_EXTRAKEYS
7641 #ifdef ENABLE_MODULE_SCHNORRSIG
7645 #ifdef ENABLE_MODULE_ELLSWIFT
7661 printf(
"no problems found\n");
#define SECP256K1_CHECKMEM_UNDEFINE(p, len)
#define SECP256K1_CHECKMEM_CHECK(p, len)
static void run_ecdh_tests(void)
static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *r, secp256k1_scalar *s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid)
static int secp256k1_ecdsa_sig_verify(const secp256k1_scalar *r, const secp256k1_scalar *s, const secp256k1_ge *pubkey, const secp256k1_scalar *message)
static const unsigned char wycheproof_ecdsa_signatures[]
static const unsigned char wycheproof_ecdsa_public_keys[]
static const unsigned char wycheproof_ecdsa_messages[]
#define SECP256K1_ECDSA_WYCHEPROOF_NUMBER_TESTVECTORS
static const wycheproof_ecdsa_testvector testvectors[SECP256K1_ECDSA_WYCHEPROOF_NUMBER_TESTVECTORS]
static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size)
static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed)
static int secp256k1_ecmult_multi_var(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai.
#define ECMULT_TABLE_SIZE(w)
The number of entries a table with precomputed multiples needs to have.
static void secp256k1_ecmult(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng)
Double multiply: R = na*A + ng*G.
static int secp256k1_ecmult_const_xonly(secp256k1_fe *r, const secp256k1_fe *n, const secp256k1_fe *d, const secp256k1_scalar *q, int known_on_curve)
Same as secp256k1_ecmult_const, but takes in an x coordinate of the base point only,...
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q)
Multiply: R = q*A (in constant-time for q)
static const secp256k1_scalar secp256k1_ecmult_const_K
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *a)
Multiply with the generator: R = a*G.
static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32)
#define STRAUSS_SCRATCH_OBJECTS
static size_t secp256k1_pippenger_bucket_window_inv(int bucket_window)
Returns the maximum optimal number of points for a bucket_window.
static size_t secp256k1_pippenger_max_points(const secp256k1_callback *error_callback, secp256k1_scratch *scratch)
Returns the maximum number of points in addition to G that can be used with a given scratch space.
static int secp256k1_ecmult_strauss_batch_single(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
static int secp256k1_wnaf_fixed(int *wnaf, const secp256k1_scalar *s, int w)
Convert a number to WNAF notation.
static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w)
Convert a number to WNAF notation.
static size_t secp256k1_strauss_scratch_size(size_t n_points)
#define ECMULT_PIPPENGER_THRESHOLD
static int secp256k1_pippenger_bucket_window(size_t n)
Returns optimal bucket_window (number of bits of a scalar represented by a set of buckets) for a give...
static int secp256k1_ecmult_pippenger_batch_single(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
#define ECMULT_MAX_POINTS_PER_BATCH
#define PIPPENGER_MAX_BUCKET_WINDOW
#define PIPPENGER_SCRATCH_OBJECTS
static int secp256k1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n)
static size_t secp256k1_pippenger_scratch_size(size_t n_points, int bucket_window)
Returns the scratch size required for a given number of points (excluding base point G) without consi...
int(* secp256k1_ecmult_multi_func)(const secp256k1_callback *error_callback, secp256k1_scratch *, secp256k1_gej *, const secp256k1_scalar *, secp256k1_ecmult_multi_callback cb, void *, size_t)
void run_ellswift_tests(void)
#define secp256k1_fe_cmov
#define secp256k1_fe_negate(r, a, m)
Negate a field element.
#define secp256k1_fe_mul_int(r, a)
Multiply a field element with a small integer.
#define secp256k1_fe_normalizes_to_zero_var
#define secp256k1_fe_cmp_var
#define secp256k1_fe_normalize_weak
#define secp256k1_fe_is_odd
static const secp256k1_fe secp256k1_fe_one
static int secp256k1_fe_sqrt(secp256k1_fe *SECP256K1_RESTRICT r, const secp256k1_fe *SECP256K1_RESTRICT a)
Compute a square root of a field element.
#define secp256k1_fe_clear
#define secp256k1_fe_normalize_var
#define secp256k1_fe_half
#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
This expands to an initializer for a secp256k1_fe valued sum((i*32) * d_i, i=0..7) mod p.
#define secp256k1_fe_to_storage
#define secp256k1_fe_inv_var
#define secp256k1_fe_is_zero
#define secp256k1_fe_mul_int_unchecked
#define secp256k1_fe_set_b32_limit
#define secp256k1_fe_is_square_var
#define secp256k1_fe_get_bounds
#define secp256k1_fe_from_storage
#define secp256k1_fe_set_b32_mod
#define secp256k1_fe_negate_unchecked
#define secp256k1_fe_get_b32
#define secp256k1_fe_normalizes_to_zero
#define secp256k1_fe_normalize
static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b)
Determine whether two field elements are equal.
static void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
#define secp256k1_fe_add_int
#define secp256k1_fe_set_int
#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
#define SECP256K1_GEJ_CONST_INFINITY
#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static int secp256k1_gej_eq_var(const secp256k1_gej *a, const secp256k1_gej *b)
Check two group elements (jacobian) for equality in variable time.
static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
Set r equal to the double of a.
static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv)
Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv).
static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a)
Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast.
static void secp256k1_gej_set_infinity(secp256k1_gej *r)
Set a group element (jacobian) equal to the point at infinity.
static int secp256k1_gej_is_infinity(const secp256k1_gej *a)
Check whether a group element is the point at infinity.
static void secp256k1_ge_clear(secp256k1_ge *r)
Clear a secp256k1_ge to prevent leaking sensitive information.
#define SECP256K1_GE_X_MAGNITUDE_MAX
Maximum allowed magnitudes for group element coordinates in affine (x, y) and jacobian (x,...
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd)
Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y.
static int secp256k1_ge_eq_var(const secp256k1_ge *a, const secp256k1_ge *b)
Check two group elements (affine) for equality in variable time.
static int secp256k1_ge_x_on_curve_var(const secp256k1_fe *x)
Determine whether x is a valid X coordinate on the curve.
static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b (with b given in affine coordinates).
#define SECP256K1_GEJ_Y_MAGNITUDE_MAX
static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)
Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity).
static int secp256k1_gej_eq_ge_var(const secp256k1_gej *a, const secp256k1_ge *b)
Check two group elements (jacobian and affine) for equality in variable time.
static int secp256k1_ge_is_valid_var(const secp256k1_ge *a)
Check whether a group element is valid (i.e., on the curve).
static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a)
Convert a group element back from the storage type.
static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b.
static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b)
Rescale a jacobian point by b which must be non-zero.
static int secp256k1_ge_x_frac_on_curve_var(const secp256k1_fe *xn, const secp256k1_fe *xd)
Determine whether fraction xn/xd is a valid X coordinate on the curve (xd != 0).
static void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
#define SECP256K1_GE_Y_MAGNITUDE_MAX
static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)
Check whether a group element is the point at infinity.
static void secp256k1_ge_set_infinity(secp256k1_ge *r)
Set a group element (affine) equal to the point at infinity.
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len)
Set a batch of group elements equal to the inputs given in jacobian coordinates.
static void secp256k1_gej_double(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the double of a.
static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a)
Set a group element (jacobian) equal to another which is given in affine coordinates.
static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a)
Convert a group element to the storage type.
#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static void secp256k1_gej_cmov(secp256k1_gej *r, const secp256k1_gej *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
#define SECP256K1_GEJ_Z_MAGNITUDE_MAX
#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
#define SECP256K1_GEJ_X_MAGNITUDE_MAX
static const secp256k1_ge secp256k1_ge_const_g
int128_t secp256k1_int128
static SECP256K1_INLINE void secp256k1_i128_load(secp256k1_int128 *r, int64_t hi, uint64_t lo)
static SECP256K1_INLINE void secp256k1_i128_det(secp256k1_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d)
static SECP256K1_INLINE int secp256k1_u128_check_bits(const secp256k1_uint128 *r, unsigned int n)
static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int n)
static SECP256K1_INLINE uint64_t secp256k1_u128_hi_u64(const secp256k1_uint128 *a)
static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a)
static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a)
static SECP256K1_INLINE void secp256k1_u128_from_u64(secp256k1_uint128 *r, uint64_t a)
static SECP256K1_INLINE int secp256k1_i128_eq_var(const secp256k1_int128 *a, const secp256k1_int128 *b)
static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a)
static SECP256K1_INLINE void secp256k1_i128_mul(secp256k1_int128 *r, int64_t a, int64_t b)
static SECP256K1_INLINE void secp256k1_u128_rshift(secp256k1_uint128 *r, unsigned int n)
static SECP256K1_INLINE int secp256k1_i128_check_pow2(const secp256k1_int128 *r, unsigned int n, int sign)
static SECP256K1_INLINE void secp256k1_u128_accum_u64(secp256k1_uint128 *r, uint64_t a)
static SECP256K1_INLINE void secp256k1_i128_accum_mul(secp256k1_int128 *r, int64_t a, int64_t b)
static SECP256K1_INLINE void secp256k1_u128_accum_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b)
static SECP256K1_INLINE void secp256k1_u128_load(secp256k1_uint128 *r, uint64_t hi, uint64_t lo)
static SECP256K1_INLINE void secp256k1_u128_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b)
static SECP256K1_INLINE uint64_t secp256k1_u128_to_u64(const secp256k1_uint128 *a)
int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed)
Export a private key in DER format.
int ec_privkey_import_der(const secp256k1_context *ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen)
Import a private key in DER format.
#define CHECK(cond)
Unconditional failure on condition failure.
static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static void secp256k1_modinv32(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static int secp256k1_jacobi32_maybe_var(const secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static void secp256k1_modinv64(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
static int secp256k1_jacobi64_maybe_var(const secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
static const auto ZERO
A stack consisting of a single zero-length element (interpreted as 0 by the script interpreter in num...
Internal SHA-1 implementation.
static std::vector< std::string > split(const std::string &str, const std::string &delims=" \t")
const secp256k1_ge_storage secp256k1_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)]
const secp256k1_ge_storage secp256k1_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)]
int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
static void run_recovery_tests(void)
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a)
Multiply a scalar with the multiplicative inverse of 2.
static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k)
Find r1 and r2 such that r1+r2*2^128 = k.
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin)
Set a scalar from a big endian byte array and returns 1 if it is a valid seckey and 0 otherwise.
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.
static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Set a scalar to an unsigned integer.
static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b)
Compare two scalars.
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag)
Conditionally negate a number, in constant time.
static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order), without constant-time guarantee.
static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Access bits from a scalar.
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Add two scalars together (modulo the group order).
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Multiply two scalars (modulo the group order).
static int secp256k1_scalar_is_one(const secp256k1_scalar *a)
Check whether a scalar equals one.
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the complement of a scalar (modulo the group order).
static int secp256k1_scalar_is_high(const secp256k1_scalar *a)
Check whether a scalar is higher than the group order divided by 2.
static void secp256k1_scalar_split_lambda(secp256k1_scalar *SECP256K1_RESTRICT r1, secp256k1_scalar *SECP256K1_RESTRICT r2, const secp256k1_scalar *SECP256K1_RESTRICT k)
Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their negations are maximum 128 bits lo...
static unsigned int secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Access bits from a scalar.
static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order).
static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag)
Conditionally add a power of two to a scalar.
static void secp256k1_scalar_clear(secp256k1_scalar *r)
Clear a scalar to prevent the leak of sensitive data.
#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
static SECP256K1_INLINE int secp256k1_scalar_check_overflow(const secp256k1_scalar *a)
static const secp256k1_scalar secp256k1_scalar_zero
static const secp256k1_scalar secp256k1_scalar_one
static const secp256k1_scalar secp256k1_const_lambda
The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where lambda is:
static void run_schnorrsig_tests(void)
static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, size_t checkpoint)
Applies a check point received from secp256k1_scratch_checkpoint, undoing all allocations since that ...
static void * secp256k1_scratch_alloc(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, size_t n)
Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available ...
static void secp256k1_scratch_destroy(const secp256k1_callback *error_callback, secp256k1_scratch *scratch)
static secp256k1_scratch * secp256k1_scratch_create(const secp256k1_callback *error_callback, size_t max_size)
static size_t secp256k1_scratch_max_allocation(const secp256k1_callback *error_callback, const secp256k1_scratch *scratch, size_t n_objects)
Returns the maximum allocation the scratch space will allow.
static size_t secp256k1_scratch_checkpoint(const secp256k1_callback *error_callback, const secp256k1_scratch *scratch)
Returns an opaque object used to "checkpoint" a scratch space.
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash)
static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen)
static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32)
static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size)
static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32)
static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen)
static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng)
static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size)
static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size)
static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x)
static SECP256K1_INLINE void * checked_malloc(const secp256k1_callback *cb, size_t size)
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
static void secp256k1_default_error_callback_fn(const char *str, void *data)
static SECP256K1_INLINE uint32_t secp256k1_read_be32(const unsigned char *p)
static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x)
static SECP256K1_INLINE void secp256k1_write_be32(unsigned char *p, uint32_t x)
static SECP256K1_INLINE void secp256k1_write_be64(unsigned char *p, uint64_t x)
static void secp256k1_default_illegal_callback_fn(const char *str, void *data)
static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x)
static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x)
static SECP256K1_INLINE uint64_t secp256k1_read_be64(const unsigned char *p)
static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag)
static int secp256k1_context_is_proper(const secp256k1_context *ctx)
const secp256k1_context * secp256k1_context_no_precomp
static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature *sig, const secp256k1_scalar *r, const secp256k1_scalar *s)
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
static void secp256k1_pubkey_save(secp256k1_pubkey *pubkey, secp256k1_ge *ge)
static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
static void secp256k1_ecdsa_signature_load(const secp256k1_context *ctx, secp256k1_scalar *r, secp256k1_scalar *s, const secp256k1_ecdsa_signature *sig)
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
#define SECP256K1_CONTEXT_SIGN
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_pubkey *pubkey1, const secp256k1_pubkey *pubkey2) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compare two public keys using lexicographic (of compressed serialization) order.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
#define SECP256K1_CONTEXT_NONE
Context flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size,...
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_tagged_sha256(const secp256k1_context *ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Compute a tagged hash as defined in BIP-340.
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t size) SECP256K1_ARG_NONNULL(1)
Create a secp256k1 scratch space object.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
#define SECP256K1_EC_UNCOMPRESSED
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_add instead")
Same as secp256k1_ec_seckey_tweak_add, but DEPRECATED.
SECP256K1_API void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space *scratch) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 scratch space.
#define SECP256K1_CONTEXT_VERIFY
Deprecated context flags.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_negate instead")
Same as secp256k1_ec_seckey_negate, but DEPRECATED.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
SECP256K1_API const secp256k1_context * secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_privkey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_DEPRECATED("Use secp256k1_ec_seckey_tweak_mul instead")
Same as secp256k1_ec_seckey_tweak_mul, but DEPRECATED.
SECP256K1_API secp256k1_context * secp256k1_context_preallocated_create(void *prealloc, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object in caller-provided memory.
SECP256K1_API size_t secp256k1_context_preallocated_clone_size(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Determine the memory size of a secp256k1 context object to be copied into caller-provided memory.
SECP256K1_API void secp256k1_context_preallocated_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object that has been created in caller-provided memory.
SECP256K1_API size_t secp256k1_context_preallocated_size(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Determine the memory size of a secp256k1 context object to be created in caller-provided memory.
SECP256K1_API secp256k1_context * secp256k1_context_preallocated_clone(const secp256k1_context *ctx, void *prealloc) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object into caller-provided memory.
void(* fn)(const char *text, void *data)
secp256k1_callback illegal_callback
secp256k1_callback error_callback
secp256k1_ecmult_gen_context ecmult_gen_ctx
Opaque data structured that holds a parsed ECDSA signature.
This field implementation represents the value as 10 uint32_t limbs in base 2^26.
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
A group element of the secp256k1 curve, in jacobian coordinates.
Opaque data structure that holds a parsed and valid public key.
A scalar modulo the group order of the secp256k1 curve.
size_t alloc_size
amount that has been allocated (i.e.
static uint32_t secp256k1_testrand_int(uint32_t range)
Generate a pseudorandom number in the range [0..range-1].
static void secp256k1_testrand_bytes_test(unsigned char *bytes, size_t len)
Generate pseudorandom bytes with long sequences of zero and one bits.
static void secp256k1_testrand256(unsigned char *b32)
Generate a pseudorandom 32-byte array.
static SECP256K1_INLINE void secp256k1_testrand_seed(const unsigned char *seed16)
Seed the pseudorandom number generator for testing.
static void secp256k1_testrand_init(const char *hexseed)
Initialize the test RNG using (hex encoded) array up to 16 bytes, or randomly if hexseed is NULL.
static void secp256k1_testrand_finish(void)
Print final test information.
static void secp256k1_testrand256_test(unsigned char *b32)
Generate a pseudorandom 32-byte array with long sequences of zero and one bits.
static SECP256K1_INLINE uint64_t secp256k1_testrand_bits(int bits)
Generate a pseudorandom number in the range [0..2**bits-1].
static uint64_t secp256k1_test_state[4]
static void run_random_pubkeys(void)
#define CHECK_ILLEGAL_VOID(ctx, expr_or_stmt)
static void test_wnaf(const secp256k1_scalar *number, int w)
static void run_inverse_tests(void)
static void counting_callback_fn(const char *str, void *data)
static void mutate_sign_signed30(secp256k1_modinv32_signed30 *x)
static void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid)
static void test_ecdsa_sign_verify(void)
static void test_ge(void)
#define CHECK_ERROR_VOID(ctx, expr_or_stmt)
static void random_gej_x_magnitude(secp256k1_gej *gej)
static void run_pubkey_comparison(void)
static void run_ecdsa_sign_verify(void)
static void run_field_misc(void)
static void test_ecmult_gen_blind_reset(void)
static void random_field_element_magnitude(secp256k1_fe *fe, int m)
static void run_ec_pubkey_parse_test(void)
static void run_static_context_tests(int use_prealloc)
static void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid)
static int nonce_function_test_fail(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
#define SECP256K1_EC_PARSE_TEST_NINVALID
static int test_ecmult_multi_random(secp256k1_scratch *scratch)
static void mulmod256(uint16_t *out, const uint16_t *a, const uint16_t *b, const uint16_t *m)
static void random_fe_non_zero_test(secp256k1_fe *fe)
static void ecmult_const_check_result(const secp256k1_ge *A, const secp256k1_scalar *q, const secp256k1_gej *res)
#define CHECK_ILLEGAL(ctx, expr)
static int gej_xyz_equals_gej(const secp256k1_gej *a, const secp256k1_gej *b)
static int ecmult_gen_context_eq(const secp256k1_ecmult_gen_context *a, const secp256k1_ecmult_gen_context *b)
static void run_tagged_sha256_tests(void)
static void run_sha256_counter_tests(void)
SHA256 counter tests.
static void random_scalar_order_b32(unsigned char *b32)
static void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge)
static void test_fixed_wnaf_small_helper(int *wnaf, int *wnaf_expected, int w)
static int all_bytes_equal(const void *s, unsigned char value, size_t n)
static void test_intialized_inf(void)
static void test_fixed_wnaf_small(void)
int main(int argc, char **argv)
static void run_ecmult_const_tests(void)
static int fe_identical(const secp256k1_fe *a, const secp256k1_fe *b)
#define SECP256K1_EC_PARSE_TEST_NVALID
static void run_eckey_edge_case_test(void)
static void random_fe_non_square(secp256k1_fe *ns)
static void run_secp256k1_byteorder_tests(void)
static void run_ecmult_constants(void)
static void run_field_be32_overflow(void)
static void test_modinv32_uint16(uint16_t *out, const uint16_t *in, const uint16_t *mod)
static void run_ecmult_chain(void)
static void test_inverse_field(secp256k1_fe *out, const secp256k1_fe *x, int var)
static void run_ec_combine(void)
static void run_deprecated_context_flags_test(void)
static secp256k1_context * CTX
static void run_point_times_order(void)
static void random_group_element_test(secp256k1_ge *ge)
static void random_ber_signature(unsigned char *sig, size_t *len, int *certainly_der, int *certainly_not_der)
#define CONDITIONAL_TEST(cnt, nam)
static void ecmult_const_commutativity(void)
static void int_cmov_test(void)
static void test_add_neg_y_diff_x(void)
static void test_ecmult_accumulate(secp256k1_sha256 *acc, const secp256k1_scalar *x, secp256k1_scratch *scratch)
static void test_point_times_order(const secp256k1_gej *point)
static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val)
static void run_hmac_sha256_tests(void)
static int fe_equal(const secp256k1_fe *a, const secp256k1_fe *b)
static void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi)
static void random_gej_test(secp256k1_gej *gej)
static void signed30_to_uint16(uint16_t *out, const secp256k1_modinv32_signed30 *in)
static int is_empty_signature(const secp256k1_ecdsa_signature *sig)
static void run_field_half(void)
static void run_eckey_negate_test(void)
static void scalar_test(void)
static void run_scalar_set_b32_seckey_tests(void)
static void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func ecmult_multi)
static int precomputed_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted.
static void run_gej(void)
static void ge_storage_cmov_test(void)
static const secp256k1_scalar scalar_minus_one
static void fe_storage_cmov_test(void)
static void test_ec_combine(void)
static void random_gej_y_magnitude(secp256k1_gej *gej)
static void test_secp256k1_pippenger_bucket_window_inv(void)
static void run_ctz_tests(void)
static void test_ecmult_multi_pippenger_max_points(void)
Probabilistically test the function returning the maximum number of possible points for a given scrat...
static void run_scalar_tests(void)
static void test_random_pubkeys(void)
static void random_fe_test(secp256k1_fe *x)
static void test_gej_cmov(const secp256k1_gej *a, const secp256k1_gej *b)
static void random_ge_y_magnitude(secp256k1_ge *ge)
static void test_sqrt(const secp256k1_fe *a, const secp256k1_fe *k)
static void scalar_cmov_test(void)
static void random_ge_x_magnitude(secp256k1_ge *ge)
static void run_ecmult_gen_blind(void)
static void test_ecdsa_end_to_end(void)
static void run_sha256_known_output_tests(void)
static void test_ecmult_target(const secp256k1_scalar *target, int mode)
#define CHECK_ERROR(ctx, expr)
static void random_gej_z_magnitude(secp256k1_gej *gej)
static void random_scalar_order(secp256k1_scalar *num)
static void run_ecdsa_end_to_end(void)
static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata)
static void ecmult_const_mult_xonly(void)
static void run_proper_context_tests(int use_prealloc)
static void random_fe_magnitude(secp256k1_fe *fe)
static void test_fe_mul(const secp256k1_fe *a, const secp256k1_fe *b, int use_sqr)
static void test_group_decompress(const secp256k1_fe *x)
static void test_ecmult_constants_2bit(void)
static void run_cmov_tests(void)
static void run_ecdsa_der_parse(void)
static void ecmult_const_random_mult(void)
static void test_scalar_split(const secp256k1_scalar *full)
static void run_field_convert(void)
static int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_der, int certainly_not_der)
static void run_ec_illegal_argument_tests(void)
static void run_ecdsa_wycheproof(void)
static void test_ecmult_constants_sha(uint32_t prefix, size_t iter, const unsigned char *expected32)
static void test_ecmult_multi_batching(void)
Run secp256k1_ecmult_multi_var with num points and a scratch space restricted to 1 <= i <= num points...
static void uncounting_illegal_callback_fn(const char *str, void *data)
static void run_sqrt(void)
static void run_modinv_tests(void)
static const secp256k1_scalar scalars_near_split_bounds[20]
static void uint16_to_signed30(secp256k1_modinv32_signed30 *out, const uint16_t *in)
static void run_xoshiro256pp_tests(void)
static void run_wnaf(void)
static void run_ecmult_multi_tests(void)
static void run_selftest_tests(void)
static int coprime(const uint16_t *a, const uint16_t *b)
static void run_sqr(void)
static int context_eq(const secp256k1_context *a, const secp256k1_context *b)
static void test_ecmult_multi_batch_size_helper(void)
static void random_scalar_order_test(secp256k1_scalar *num)
static void run_endomorphism_tests(void)
static void run_scratch_tests(void)
static void test_ecdsa_wycheproof(void)
Wycheproof tests.
static void run_ecmult_near_split_bound(void)
static void run_ecdsa_edge_cases(void)
static void fe_cmov_test(void)
static void run_group_decompress(void)
static void ecmult_const_mult_zero_one(void)
static int test_ecmult_accumulate_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data)
static void ecmult_const_edges(void)
static void test_ecdsa_edge_cases(void)
static void ecmult_const_chain_multiply(void)
static void run_ecmult_pre_g(void)
static int ecmult_multi_false_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata)
static void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2)
static void test_pre_g_table(const secp256k1_ge_storage *pre_g, size_t n)
static secp256k1_context * STATIC_CTX
static void test_fixed_wnaf(const secp256k1_scalar *number, int w)
static void test_inverse_scalar(secp256k1_scalar *out, const secp256k1_scalar *x, int var)
static void test_ecmult_gen_blind(void)
static void run_secp256k1_memczero_test(void)
static void run_fe_mul(void)
#define SECP256K1_EC_PARSE_TEST_NXVALID
static void damage_array(unsigned char *sig, size_t *len)
static const secp256k1_fe fe_minus_one
static void run_rfc6979_hmac_sha256_tests(void)
static uint64_t modinv2p64(uint64_t x)
static void random_fe(secp256k1_fe *x)
static void random_fe_non_zero(secp256k1_fe *nz)