13#ifdef USE_EXTERNAL_DEFAULT_CALLBACKS
14 #pragma message("Ignoring USE_EXTERNAL_CALLBACKS in tests.")
15 #undef USE_EXTERNAL_DEFAULT_CALLBACKS
17#if defined(VERIFY) && defined(COVERAGE)
18 #pragma message("Defining VERIFY for tests being built for coverage analysis support is meaningless.")
22#include "../include/secp256k1.h"
23#include "../include/secp256k1_preallocated.h"
31#include "../contrib/lax_der_parsing.c"
32#include "../contrib/lax_der_privatekey_parsing.c"
35#ifdef SECP256K1_WIDEMUL_INT128
41# pragma GCC diagnostic push
42# pragma GCC diagnostic warning "-Wunused-function"
45#define CONDITIONAL_TEST(cnt, nam) if (COUNT < (cnt)) { printf("Skipping %s (iteration count too low)\n", nam); } else
51 const unsigned char *p =
s;
54 for (i = 0; i < n; i++) {
62#define CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, callback, callback_setter) do { \
63 int32_t _calls_to_callback = 0; \
64 secp256k1_callback _saved_callback = ctx->callback; \
65 callback_setter(ctx, counting_callback_fn, &_calls_to_callback); \
67 ctx->callback = _saved_callback; \
68 CHECK(_calls_to_callback == 1); \
74#define CHECK_ERROR_VOID(ctx, expr_or_stmt) \
75 CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, error_callback, secp256k1_context_set_error_callback)
76#define CHECK_ILLEGAL_VOID(ctx, expr_or_stmt) \
77 CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, illegal_callback, secp256k1_context_set_illegal_callback)
84#define CHECK_ILLEGAL(ctx, expr) CHECK_ILLEGAL_VOID(ctx, CHECK((expr) == 0))
85#define CHECK_ERROR(ctx, expr) CHECK_ERROR_VOID(ctx, CHECK((expr) == 0))
92 CHECK(*p != INT32_MAX);
106 unsigned char buf32[32];
107 unsigned char seed16[16] = {
108 'C',
'H',
'I',
'C',
'K',
'E',
'N',
'!',
109 'C',
'H',
'I',
'C',
'K',
'E',
'N',
'!',
111 unsigned char buf32_expected[32] = {
112 0xAF, 0xCC, 0xA9, 0x16, 0xB5, 0x6C, 0xE3, 0xF0,
113 0x44, 0x3F, 0x45, 0xE0, 0x47, 0xA5, 0x08, 0x36,
114 0x4C, 0xCC, 0xC1, 0x18, 0xB2, 0xD8, 0x8F, 0xEF,
115 0x43, 0x26, 0x15, 0x57, 0x37, 0x00, 0xEF, 0x30,
118 for (i = 0; i < 17; i++) {
169 unsigned char ctmp[32];
173 memset(&zero_pubkey, 0,
sizeof(zero_pubkey));
201 unsigned char seed[32] = {0x17};
212 CHECK(my_static_ctx != NULL);
213 memset(my_static_ctx, 0x2a,
sizeof(*my_static_ctx));
246 void *my_ctx_prealloc = NULL;
247 unsigned char seed[32] = {0x17};
258 CHECK(my_ctx_prealloc != NULL);
290 free(my_ctx_prealloc);
292 CHECK(my_ctx_prealloc != NULL);
302 CHECK(prealloc_tmp != NULL);
352 free(my_ctx_prealloc);
379 CHECK(scratch != NULL);
417 memset(&local_scratch, 0,
sizeof(local_scratch));
418 scratch = &local_scratch;
441 (void)
s; (void)
msg; (void)rounds;
453 unsigned char sha_out[32];
490 unsigned char out_one[32], out_two[32];
495 const unsigned char data[64] =
"totally serious test message to hash, definitely no random data";
496 unsigned char data32[32];
506 memcpy(data32,
data, 32);
508 memcpy(data32,
data + 32, 32);
516 const unsigned char data[80] =
"Genesis: The Times 03/Jan/2009 Chancellor on brink of second bailout for banks ";
517 unsigned char data40[40];
527 memcpy(data40,
data, 40);
529 memcpy(data40,
data + 40, 40);
537 unsigned char data[128];
539 for (i = 0; i < 128; i++)
data[i] = i;
557 unsigned char data[150];
559 for (i = 0; i < 150; i++)
data[i] = i;
580 static const uint32_t b32[] = {1, 0xffffffff, 0x5e56968f, 0xe0d63129};
581 static const uint64_t b64[] = {1, 0xffffffffffffffff, 0xbcd02462139b3fc3, 0x98b5f80c769693ef};
585 for (shift = 0; shift < 32; ++shift) {
591 for (shift = 0; shift < 64; ++shift) {
602 static const char *inputs[] = {
603 "",
"abc",
"message digest",
"secure hash algorithm",
"SHA256 is considered to be safe",
604 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
605 "For this sample, this 63-byte string will be used as input data",
606 "This is exactly 64 bytes long, not counting the terminating byte",
609 static const unsigned int repeat[] = {
610 1, 1, 1, 1, 1, 1, 1, 1, 1000000/5
612 static const unsigned char outputs[][32] = {
613 {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55},
614 {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad},
615 {0xf7, 0x84, 0x6f, 0x55, 0xcf, 0x23, 0xe1, 0x4e, 0xeb, 0xea, 0xb5, 0xb4, 0xe1, 0x55, 0x0c, 0xad, 0x5b, 0x50, 0x9e, 0x33, 0x48, 0xfb, 0xc4, 0xef, 0xa3, 0xa1, 0x41, 0x3d, 0x39, 0x3c, 0xb6, 0x50},
616 {0xf3, 0x0c, 0xeb, 0x2b, 0xb2, 0x82, 0x9e, 0x79, 0xe4, 0xca, 0x97, 0x53, 0xd3, 0x5a, 0x8e, 0xcc, 0x00, 0x26, 0x2d, 0x16, 0x4c, 0xc0, 0x77, 0x08, 0x02, 0x95, 0x38, 0x1c, 0xbd, 0x64, 0x3f, 0x0d},
617 {0x68, 0x19, 0xd9, 0x15, 0xc7, 0x3f, 0x4d, 0x1e, 0x77, 0xe4, 0xe1, 0xb5, 0x2d, 0x1f, 0xa0, 0xf9, 0xcf, 0x9b, 0xea, 0xea, 0xd3, 0x93, 0x9f, 0x15, 0x87, 0x4b, 0xd9, 0x88, 0xe2, 0xa2, 0x36, 0x30},
618 {0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1},
619 {0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42},
620 {0xab, 0x64, 0xef, 0xf7, 0xe8, 0x8e, 0x2e, 0x46, 0x16, 0x5e, 0x29, 0xf2, 0xbc, 0xe4, 0x18, 0x26, 0xbd, 0x4c, 0x7b, 0x35, 0x52, 0xf6, 0xb3, 0x82, 0xa9, 0xe7, 0xd3, 0xaf, 0x47, 0xc2, 0x45, 0xf8},
621 {0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0},
623 unsigned int i, ninputs;
629 for (i = 0; i < ninputs; i++) {
630 unsigned char out[32];
643 if (strlen(inputs[i]) > 0) {
703 static const char *input =
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno";
705 {{0xa2b5c8bb, 0x26c88bb3, 0x2abdc3d2, 0x9def99a3, 0xdfd21a6e, 0x41fe585b, 0x7ef2c440, 0x2b79adda},
707 {{0xa0d29445, 0x9287de66, 0x76aabd71, 0x41acd765, 0x0c7528b4, 0x84e14906, 0x942faec6, 0xcc5a7b26},
709 {{0x50449526, 0xb9f1d657, 0xa0fc13e9, 0x50860f10, 0xa550c431, 0x3fbc97c1, 0x7bbb2d89, 0xdb67bac1},
711 {{0x54a6efdc, 0x46762e7b, 0x88bfe73f, 0xbbd149c7, 0x41620c43, 0x1168da7b, 0x2c5960f9, 0xeccffda6},
713 {{0x2515a8f5, 0x5faa2977, 0x3a850486, 0xac858cad, 0x7b7276ee, 0x235c0385, 0xc53a157c, 0x7cb3e69c},
715 {{0x34f39828, 0x409fedb7, 0x4bbdd0fb, 0x3b643634, 0x7806bf2e, 0xe0d1b713, 0xca3f2e1e, 0xe38722c2},
717 {{0x389ef5c5, 0x38c54167, 0x8f5d56ab, 0x582a75cc, 0x8217caef, 0xf10947dd, 0x6a1998a8, 0x048f0b8c},
719 {{0xd6c3f394, 0x0bee43b9, 0x6783f497, 0x29fa9e21, 0x6ce491c1, 0xa81fe45e, 0x2fc3859a, 0x269012d0},
721 {{0x6dd3c526, 0x44d88aa0, 0x806a1bae, 0xfbcc0d32, 0x9d6144f3, 0x9d2bd757, 0x9851a957, 0xb50430ad},
723 {{0x2add4021, 0xdfe8a9e6, 0xa56317c6, 0x7a15f5bb, 0x4a48aacd, 0x5d368414, 0x4f00e6f0, 0xd9355023},
725 {{0xb66666b4, 0xdbeac32b, 0x0ea351ae, 0xcba9da46, 0x6278b874, 0x8c508e23, 0xe16ca776, 0x8465bac1},
727 {{0xb6744789, 0x9cce87aa, 0xc4c478b7, 0xf38404d8, 0x2e38ba62, 0xa3f7019b, 0x50458fe7, 0x3047dbec},
729 {{0x8b1297ba, 0xba261a80, 0x2ba1b0dd, 0xfbc67d6d, 0x61072c4e, 0x4b5a2a0f, 0x52872760, 0x2dfeb162},
731 {{0x24f33cf7, 0x41ad6583, 0x41c8ff5d, 0xca7ef35f, 0x50395756, 0x021b743e, 0xd7126cd7, 0xd037473a},
732 {0x00}, 0x1ffffffc0},
734 static const unsigned char outputs[][32] = {
735 {0x0e, 0x83, 0xe2, 0xc9, 0x4f, 0xb2, 0xb8, 0x2b, 0x89, 0x06, 0x92, 0x78, 0x04, 0x03, 0x48, 0x5c, 0x48, 0x44, 0x67, 0x61, 0x77, 0xa4, 0xc7, 0x90, 0x9e, 0x92, 0x55, 0x10, 0x05, 0xfe, 0x39, 0x15},
736 {0x1d, 0x1e, 0xd7, 0xb8, 0xa3, 0xa7, 0x8a, 0x79, 0xfd, 0xa0, 0x05, 0x08, 0x9c, 0xeb, 0xf0, 0xec, 0x67, 0x07, 0x9f, 0x8e, 0x3c, 0x0d, 0x8e, 0xf9, 0x75, 0x55, 0x13, 0xc1, 0xe8, 0x77, 0xf8, 0xbb},
737 {0x66, 0x95, 0x6c, 0xc9, 0xe0, 0x39, 0x65, 0xb6, 0xb0, 0x05, 0xd1, 0xaf, 0xaf, 0xf3, 0x1d, 0xb9, 0xa4, 0xda, 0x6f, 0x20, 0xcd, 0x3a, 0xae, 0x64, 0xc2, 0xdb, 0xee, 0xf5, 0xb8, 0x8d, 0x57, 0x0e},
738 {0x3c, 0xbb, 0x1c, 0x12, 0x5e, 0x17, 0xfd, 0x54, 0x90, 0x45, 0xa7, 0x7b, 0x61, 0x6c, 0x1d, 0xfe, 0xe6, 0xcc, 0x7f, 0xee, 0xcf, 0xef, 0x33, 0x35, 0x50, 0x62, 0x16, 0x70, 0x2f, 0x87, 0xc3, 0xc9},
739 {0x53, 0x4d, 0xa8, 0xe7, 0x1e, 0x98, 0x73, 0x8d, 0xd9, 0xa3, 0x54, 0xa5, 0x0e, 0x59, 0x2c, 0x25, 0x43, 0x6f, 0xaa, 0xa2, 0xf5, 0x21, 0x06, 0x3e, 0xc9, 0x82, 0x06, 0x94, 0x98, 0x72, 0x9d, 0xa7},
740 {0xef, 0x7e, 0xe9, 0x6b, 0xd3, 0xe5, 0xb7, 0x41, 0x4c, 0xc8, 0xd3, 0x07, 0x52, 0x9a, 0x5a, 0x8b, 0x4e, 0x1e, 0x75, 0xa4, 0x17, 0x78, 0xc8, 0x36, 0xcd, 0xf8, 0x2e, 0xd9, 0x57, 0xe3, 0xd7, 0x07},
741 {0x87, 0x16, 0xfb, 0xf9, 0xa5, 0xf8, 0xc4, 0x56, 0x2b, 0x48, 0x52, 0x8e, 0x2d, 0x30, 0x85, 0xb6, 0x4c, 0x56, 0xb5, 0xd1, 0x16, 0x9c, 0xcf, 0x32, 0x95, 0xad, 0x03, 0xe8, 0x05, 0x58, 0x06, 0x76},
742 {0x75, 0x03, 0x80, 0x28, 0xf2, 0xa7, 0x63, 0x22, 0x1a, 0x26, 0x9c, 0x68, 0xe0, 0x58, 0xfc, 0x73, 0xeb, 0x42, 0xf6, 0x86, 0x16, 0x24, 0x4b, 0xbc, 0x24, 0xf7, 0x02, 0xc8, 0x3d, 0x90, 0xe2, 0xb0},
743 {0xdf, 0x49, 0x0f, 0x15, 0x7b, 0x7d, 0xbf, 0xe0, 0xd4, 0xcf, 0x47, 0xc0, 0x80, 0x93, 0x4a, 0x61, 0xaa, 0x03, 0x07, 0x66, 0xb3, 0x38, 0x5d, 0xc8, 0xc9, 0x07, 0x61, 0xfb, 0x97, 0x10, 0x2f, 0xd8},
744 {0x77, 0x19, 0x40, 0x56, 0x41, 0xad, 0xbc, 0x59, 0xda, 0x1e, 0xc5, 0x37, 0x14, 0x63, 0x7b, 0xfb, 0x79, 0xe2, 0x7a, 0xb1, 0x55, 0x42, 0x99, 0x42, 0x56, 0xfe, 0x26, 0x9d, 0x0f, 0x7e, 0x80, 0xc6},
745 {0x50, 0xe7, 0x2a, 0x0e, 0x26, 0x44, 0x2f, 0xe2, 0x55, 0x2d, 0xc3, 0x93, 0x8a, 0xc5, 0x86, 0x58, 0x22, 0x8c, 0x0c, 0xbf, 0xb1, 0xd2, 0xca, 0x87, 0x2a, 0xe4, 0x35, 0x26, 0x6f, 0xcd, 0x05, 0x5e},
746 {0xe4, 0x80, 0x6f, 0xdb, 0x3d, 0x7d, 0xba, 0xde, 0x50, 0x3f, 0xea, 0x00, 0x3d, 0x46, 0x59, 0x64, 0xfd, 0x58, 0x1c, 0xa1, 0xb8, 0x7d, 0x5f, 0xac, 0x94, 0x37, 0x9e, 0xa0, 0xc0, 0x9c, 0x93, 0x8b},
747 {0x2c, 0xf3, 0xa9, 0xf6, 0x15, 0x25, 0x80, 0x70, 0x76, 0x99, 0x7d, 0xf1, 0xc3, 0x2f, 0xa3, 0x31, 0xff, 0x92, 0x35, 0x2e, 0x8d, 0x04, 0x13, 0x33, 0xd8, 0x0d, 0xdb, 0x4a, 0xf6, 0x8c, 0x03, 0x34},
748 {0xec, 0x12, 0x24, 0x9f, 0x35, 0xa4, 0x29, 0x8b, 0x9e, 0x4a, 0x95, 0xf8, 0x61, 0xaf, 0x61, 0xc5, 0x66, 0x55, 0x3e, 0x3f, 0x2a, 0x98, 0xea, 0x71, 0x16, 0x6b, 0x1c, 0xd9, 0xe4, 0x09, 0xd2, 0x8e},
753 unsigned char out[32];
780 static const char *
keys[6] = {
781 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
783 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
784 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
785 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
786 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
788 static const char *inputs[6] = {
789 "\x48\x69\x20\x54\x68\x65\x72\x65",
790 "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f",
791 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
792 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
793 "\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65\x72\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a\x65\x20\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79\x20\x46\x69\x72\x73\x74",
794 "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x2e"
796 static const unsigned char outputs[6][32] = {
797 {0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7},
798 {0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43},
799 {0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe},
800 {0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b},
801 {0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54},
802 {0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2}
806 for (i = 0; i < 6; i++) {
808 unsigned char out[32];
813 if (strlen(inputs[i]) > 0) {
825 static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0};
826 static const unsigned char out1[3][32] = {
827 {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb},
828 {0x2b, 0xf0, 0xff, 0xf1, 0xd3, 0xc3, 0x78, 0xa2, 0x2d, 0xc5, 0xde, 0x1d, 0x85, 0x65, 0x22, 0x32, 0x5c, 0x65, 0xb5, 0x04, 0x49, 0x1a, 0x0c, 0xbd, 0x01, 0xcb, 0x8f, 0x3a, 0xa6, 0x7f, 0xfd, 0x4a},
829 {0xf5, 0x28, 0xb4, 0x10, 0xcb, 0x54, 0x1f, 0x77, 0x00, 0x0d, 0x7a, 0xfb, 0x6c, 0x5b, 0x53, 0xc5, 0xc4, 0x71, 0xea, 0xb4, 0x3e, 0x46, 0x6d, 0x9a, 0xc5, 0x19, 0x0c, 0x39, 0xc8, 0x2f, 0xd8, 0x2e}
832 static const unsigned char key2[64] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
833 static const unsigned char out2[3][32] = {
834 {0x9c, 0x23, 0x6c, 0x16, 0x5b, 0x82, 0xae, 0x0c, 0xd5, 0x90, 0x65, 0x9e, 0x10, 0x0b, 0x6b, 0xab, 0x30, 0x36, 0xe7, 0xba, 0x8b, 0x06, 0x74, 0x9b, 0xaf, 0x69, 0x81, 0xe1, 0x6f, 0x1a, 0x2b, 0x95},
835 {0xdf, 0x47, 0x10, 0x61, 0x62, 0x5b, 0xc0, 0xea, 0x14, 0xb6, 0x82, 0xfe, 0xee, 0x2c, 0x9c, 0x02, 0xf2, 0x35, 0xda, 0x04, 0x20, 0x4c, 0x1d, 0x62, 0xa1, 0x53, 0x6c, 0x6e, 0x17, 0xae, 0xd7, 0xa9},
836 {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94}
841 unsigned char out[32];
845 for (i = 0; i < 3; i++) {
852 for (i = 0; i < 3; i++) {
859 for (i = 0; i < 3; i++) {
867 unsigned char tag[32] = { 0 };
868 unsigned char msg[32] = { 0 };
869 unsigned char hash32[32];
870 unsigned char hash_expected[32] = {
871 0x04, 0x7A, 0x5E, 0x17, 0xB5, 0x86, 0x47, 0xC1,
872 0x3C, 0xC6, 0xEB, 0xC0, 0xAA, 0x58, 0x3B, 0x62,
873 0xFB, 0x16, 0x43, 0x32, 0x68, 0x77, 0x40, 0x6C,
874 0xE2, 0x76, 0x55, 0x9A, 0x3B, 0xDE, 0x55, 0xB3
884 memcpy(tag,
"tag", 3);
885 memcpy(
msg,
"msg", 3);
892 static const unsigned char tag[] =
"sha256_midstate_test_tag";
893 static const uint32_t midstate[8] = {
894 0xa9ec59eaul, 0x9b4c2ffful, 0x400821e2ul, 0x0dcf3847ul,
895 0xbe7ea179ul, 0xa5772bdcul, 0x7d29bfe3ul, 0xa486b855ul
915 for (l = 0; l < 6; ++l) w *= (2 - w*x);
924static void mulmod256(uint16_t*
out,
const uint16_t* a,
const uint16_t* b,
const uint16_t* m) {
933 for (i = 0; i < 32; ++i) {
934 for (j = i <= 15 ? 0 : i - 15; j <= i && j <= 15; j++) {
935 c += (uint64_t)a[j] * b[i - j];
943 for (i = 511; i >= 0; --i) {
944 if ((mul[i >> 4] >> (i & 15)) & 1) {
952 memset(mul + 16, 0, 32);
954 for (i = 255; i >= 0; --i) {
955 if ((mul[i >> 4] >> (i & 15)) & 1) {
964 for (i = 255; i >= 0; --i) {
965 if ((
m[i >> 4] >> (i & 15)) & 1) {
972 for (i = mul_bitlen - m_bitlen; i >= 0; --i) {
978 for (j = 0; j < 32; ++j) {
982 for (p = 0; p < 16; ++p) {
983 int bitpos = j * 16 - i + p;
984 if (bitpos >= 0 && bitpos < 256) {
985 sub |= ((
m[bitpos >> 4] >> (bitpos & 15)) & 1) << p;
991 mul2[j] = (
cs & 0xFFFF);
996 memcpy(mul, mul2,
sizeof(mul));
1000 for (i = (m_bitlen >> 4) + 1; i < 32; ++i) {
1004 memcpy(
out, mul, 32);
1010 memset(
out->v, 0,
sizeof(
out->v));
1011 for (i = 0; i < 256; ++i) {
1012 out->v[i / 30] |= (int32_t)(((in[i >> 4]) >> (i & 15)) & 1) << (i % 30);
1020 for (i = 0; i < 256; ++i) {
1021 out[i >> 4] |= (((in->
v[i / 30]) >> (i % 30)) & 1) << (i & 15);
1028 for (i = 0; i < 16; ++i) {
1030 if (x->
v[pos] > 0 && x->
v[pos + 1] <= 0x3fffffff) {
1031 x->
v[pos] -= 0x40000000;
1033 }
else if (x->
v[pos] < 0 && x->
v[pos + 1] >= 0x3fffffff) {
1034 x->
v[pos] += 0x40000000;
1045 int i, vartime, nonzero;
1048 nonzero = (x.
v[0] | x.
v[1] | x.
v[2] | x.
v[3] | x.
v[4] | x.
v[5] | x.
v[6] | x.
v[7] | x.
v[8]) != 0;
1052 m.modulus_inv30 =
modinv2p64(
m.modulus.v[0]) & 0x3fffffff;
1053 CHECK(((
m.modulus_inv30 *
m.modulus.v[0]) & 0x3fffffff) == 1);
1058 uint16_t sqr[16], negone[16];
1063 CHECK(jac == 0 || jac == 1);
1066 negone[0] = mod[0] - 1;
1067 for (i = 1; i < 16; ++i) negone[i] = mod[i];
1071 CHECK(jac == 0 || jac == 1 - (mod[0] & 2));
1076 for (vartime = 0; vartime < 2; ++vartime) {
1085 CHECK(tmp[0] == nonzero);
1086 for (i = 1; i < 16; ++i)
CHECK(tmp[i] == 0);
1093 for (i = 0; i < 16; ++i)
CHECK(tmp[i] == in[i]);
1097#ifdef SECP256K1_WIDEMUL_INT128
1101 memset(
out->v, 0,
sizeof(
out->v));
1102 for (i = 0; i < 256; ++i) {
1103 out->v[i / 62] |= (int64_t)(((in[i >> 4]) >> (i & 15)) & 1) << (i % 62);
1111 for (i = 0; i < 256; ++i) {
1112 out[i >> 4] |= (((in->
v[i / 62]) >> (i % 62)) & 1) << (i & 15);
1118 static const int64_t M62 = (int64_t)(UINT64_MAX >> 2);
1120 for (i = 0; i < 8; ++i) {
1122 if (x->
v[pos] > 0 && x->
v[pos + 1] <= M62) {
1123 x->
v[pos] -= (M62 + 1);
1125 }
else if (x->
v[pos] < 0 && x->
v[pos + 1] >= -M62) {
1126 x->
v[pos] += (M62 + 1);
1133static void test_modinv64_uint16(uint16_t*
out,
const uint16_t* in,
const uint16_t* mod) {
1134 static const int64_t M62 = (int64_t)(UINT64_MAX >> 2);
1138 int i, vartime, nonzero;
1140 uint16_to_signed62(&x, in);
1141 nonzero = (x.
v[0] | x.
v[1] | x.
v[2] | x.
v[3] | x.
v[4]) != 0;
1142 uint16_to_signed62(&
m.modulus, mod);
1146 CHECK(((
m.modulus_inv62 *
m.modulus.v[0]) & M62) == 1);
1151 uint16_t sqr[16], negone[16];
1153 uint16_to_signed62(&x, sqr);
1156 CHECK(jac == 0 || jac == 1);
1159 negone[0] = mod[0] - 1;
1160 for (i = 1; i < 16; ++i) negone[i] = mod[i];
1162 uint16_to_signed62(&x, sqr);
1164 CHECK(jac == 0 || jac == 1 - (mod[0] & 2));
1167 uint16_to_signed62(&x, in);
1168 mutate_sign_signed62(&
m.modulus);
1169 for (vartime = 0; vartime < 2; ++vartime) {
1174 signed62_to_uint16(
out, &x);
1178 CHECK(tmp[0] == nonzero);
1179 for (i = 1; i < 16; ++i)
CHECK(tmp[i] == 0);
1185 signed62_to_uint16(tmp, &x);
1186 for (i = 0; i < 16; ++i)
CHECK(tmp[i] == in[i]);
1192static int coprime(
const uint16_t* a,
const uint16_t* b) {
1193 uint16_t x[16], y[16],
t[16];
1202 for (i = 0; i < 16; ++i) {
1215 if (y[0] != 1)
return 0;
1216 for (i = 1; i < 16; ++i) {
1217 if (y[i] != 0)
return 0;
1224 static const uint16_t CASES[][3][16] = {
1228 {{0x1513, 0x5389, 0x54e9, 0x2798, 0x1957, 0x66a0, 0x8057, 0x3477,
1229 0x7784, 0x1052, 0x326a, 0x9331, 0x6506, 0xa95c, 0x91f3, 0xfb5e},
1230 {0x2bdd, 0x8df4, 0xcc61, 0x481f, 0xdae5, 0x5ca7, 0xf43b, 0x7d54,
1231 0x13d6, 0x469b, 0x2294, 0x20f4, 0xb2a4, 0xa2d1, 0x3ff1, 0xfd4b},
1232 {0xffd8, 0xd9a0, 0x456e, 0x81bb, 0xbabd, 0x6cea, 0x6dbd, 0x73ab,
1233 0xbb94, 0x3d3c, 0xdf08, 0x31c4, 0x3e32, 0xc179, 0x2486, 0xb86b}},
1236 {{0x3fb1, 0x903b, 0x4eb7, 0x4813, 0xd863, 0x26bf, 0xd89f, 0xa8a9,
1237 0x02fe, 0x57c6, 0x554a, 0x4eab, 0x165e, 0x3d61, 0xee1e, 0x456c},
1238 {0x9295, 0x823b, 0x5c1f, 0x5386, 0x48e0, 0x02ff, 0x4c2a, 0xa2da,
1239 0xe58f, 0x967c, 0xc97e, 0x3f5a, 0x69fb, 0x52d9, 0x0a86, 0xb4a3},
1240 {0x3d30, 0xb893, 0xa809, 0xa7a8, 0x26f5, 0x5b42, 0x55be, 0xf4d0,
1241 0x12c2, 0x7e6a, 0xe41a, 0x90c7, 0xebfa, 0xf920, 0x304e, 0x1419}},
1243 {{0x8583, 0x5058, 0xbeae, 0xeb69, 0x48bc, 0x52bb, 0x6a9d, 0xcc94,
1244 0x2a21, 0x87d5, 0x5b0d, 0x42f6, 0x5b8a, 0x2214, 0xe9d6, 0xa040},
1245 {0x7531, 0x27cb, 0x7e53, 0xb739, 0x6a5f, 0x83f5, 0xa45c, 0xcb1d,
1246 0x8a87, 0x1c9c, 0x51d7, 0x851c, 0xb9d8, 0x1fbe, 0xc241, 0xd4a3},
1247 {0xcdb4, 0x275c, 0x7d22, 0xa906, 0x0173, 0xc054, 0x7fdf, 0x5005,
1248 0x7fb8, 0x9059, 0xdf51, 0x99df, 0x2654, 0x8f6e, 0x070f, 0xb347}},
1250 {{0xe2e9, 0xee91, 0x4345, 0xe5ad, 0xf3ec, 0x8f42, 0x0364, 0xd5c9,
1251 0xff49, 0xbef5, 0x4544, 0x4c7c, 0xae4b, 0xfd9d, 0xb35b, 0xda9d},
1252 {0x36e7, 0x8cca, 0x2ed0, 0x47b3, 0xaca4, 0xb374, 0x7d2a, 0x0772,
1253 0x6bdb, 0xe0a7, 0x900b, 0xfe10, 0x788c, 0x6f22, 0xd909, 0xf298},
1254 {0xd8c6, 0xba39, 0x13ed, 0x198c, 0x16c8, 0xb837, 0xa5f2, 0x9797,
1255 0x0113, 0x882a, 0x15b5, 0x324c, 0xabee, 0xe465, 0x8170, 0x85ac}},
1257 {{0xd5b7, 0x2966, 0x040e, 0xf59a, 0x0387, 0xd96d, 0xbfbc, 0xd850,
1258 0x2d96, 0x872a, 0xad81, 0xc03c, 0xbb39, 0xb7fa, 0xd904, 0xef78},
1259 {0x6279, 0x4314, 0xfdd3, 0x1568, 0x0982, 0x4d13, 0x625f, 0x010c,
1260 0x22b1, 0x0cc3, 0xf22d, 0x5710, 0x1109, 0x5751, 0x7714, 0xfcf2},
1261 {0xdb13, 0x5817, 0x232e, 0xe456, 0xbbbc, 0x6fbe, 0x4572, 0xa358,
1262 0xc76d, 0x928e, 0x0162, 0x5314, 0x8325, 0x5683, 0xe21b, 0xda88}},
1264 {{0xa06f, 0x71ee, 0x3bac, 0x9ebb, 0xdeaa, 0x09ed, 0x1cf7, 0x9ec9,
1265 0x7158, 0x8b72, 0x5d53, 0x5479, 0x5c75, 0xbb66, 0x9125, 0xeccc},
1266 {0x2941, 0xd46c, 0x3cd4, 0x4a9d, 0x5c4a, 0x256b, 0xbd6c, 0x9b8e,
1267 0x8fe0, 0x8a14, 0xffe8, 0x2496, 0x618d, 0xa9d7, 0x5018, 0xfb29},
1268 {0x437c, 0xbd60, 0x7590, 0x94bb, 0x0095, 0xd35e, 0xd4fe, 0xd6da,
1269 0x0d4e, 0x5342, 0x4cd2, 0x169b, 0x661c, 0x1380, 0xed2d, 0x85c1}},
1271 {{0xfde4, 0x68d6, 0x6c48, 0x7f77, 0x1c78, 0x96de, 0x2fd9, 0xa6c2,
1272 0xbbb5, 0xd319, 0x69cf, 0xd4b3, 0xa321, 0xcda0, 0x172e, 0xe530},
1273 {0xd9e3, 0x0f60, 0x3d86, 0xeeab, 0x25ee, 0x9582, 0x2d50, 0xfe16,
1274 0xd4e2, 0xe3ba, 0x94e2, 0x9833, 0x6c5e, 0x8982, 0x13b6, 0xe598},
1275 {0xe675, 0xf55a, 0x10f6, 0xabde, 0x5113, 0xecaa, 0x61ae, 0xad9f,
1276 0x0c27, 0xef33, 0x62e5, 0x211d, 0x08fa, 0xa78d, 0xc675, 0x8bae}},
1278 {{0x21bf, 0x52d5, 0x8fd4, 0xaa18, 0x156a, 0x7247, 0xebb8, 0x5717,
1279 0x4eb5, 0x1421, 0xb58f, 0x3b0b, 0x5dff, 0xe533, 0xb369, 0xd28a},
1280 {0x9f6b, 0xe463, 0x2563, 0xc74d, 0x6d81, 0x636a, 0x8fc8, 0x7a94,
1281 0x9429, 0x1585, 0xf35e, 0x7ff5, 0xb64f, 0x9720, 0xba74, 0xe108},
1282 {0xa5ab, 0xea7b, 0xfe5e, 0x8a85, 0x13be, 0x7934, 0xe8a0, 0xa187,
1283 0x86b5, 0xe477, 0xb9a4, 0x75d7, 0x538f, 0xdd70, 0xc781, 0xb67d}},
1285 {{0xa41a, 0x3e8d, 0xf1f5, 0x9493, 0x868c, 0x5103, 0x2725, 0x3ceb,
1286 0x6032, 0x3624, 0xdc6b, 0x9120, 0xbf4c, 0x8821, 0x91ad, 0xb31a},
1287 {0x5c0b, 0xdda5, 0x20f8, 0x32a1, 0xaf73, 0x6ec5, 0x4779, 0x43d6,
1288 0xd454, 0x9573, 0xbf84, 0x5a58, 0xe04e, 0x307e, 0xd1d5, 0xe230},
1289 {0xda15, 0xbcd6, 0x7180, 0xabd3, 0x04e6, 0x6986, 0xc0d7, 0x90bb,
1290 0x3a4d, 0x7c95, 0xaaab, 0x9ab3, 0xda34, 0xa7f6, 0x9636, 0x6273}},
1292 {{0xb4d6, 0xb38f, 0x00aa, 0xebda, 0xd4c2, 0x70b8, 0x9dad, 0x58ee,
1293 0x68f8, 0x48d3, 0xb5ff, 0xf422, 0x9e46, 0x2437, 0x18d0, 0xd9cc},
1294 {0x5c83, 0xfed7, 0x97f5, 0x3f07, 0xcaad, 0x95b1, 0xb4a4, 0xb005,
1295 0x23af, 0xdd27, 0x6c0d, 0x932c, 0xe2b2, 0xe3ae, 0xfb96, 0xdf67},
1296 {0x3105, 0x0127, 0xfd48, 0x039b, 0x35f1, 0xbc6f, 0x6c0a, 0xb572,
1297 0xe4df, 0xebad, 0x8edc, 0xb89d, 0x9555, 0x4c26, 0x1fef, 0x997c}},
1299 {{0x5138, 0xd474, 0x385f, 0xc964, 0x00f2, 0x6df7, 0x862d, 0xb185,
1300 0xb264, 0xe9e1, 0x466c, 0xf39e, 0xafaf, 0x5f41, 0x47e2, 0xc89d},
1301 {0x8607, 0x9c81, 0x46a2, 0x7dcc, 0xcb0c, 0x9325, 0xe149, 0x2bde,
1302 0x6632, 0x2869, 0xa261, 0xb163, 0xccee, 0x22ae, 0x91e0, 0xcfd5},
1303 {0x831c, 0xda22, 0xb080, 0xba7a, 0x26e2, 0x54b0, 0x073b, 0x5ea0,
1304 0xed4b, 0xcb3d, 0xbba1, 0xbec8, 0xf2ad, 0xae0d, 0x349b, 0x17d1}},
1306 {{0xe9a5, 0xb4ad, 0xd995, 0x9953, 0xcdff, 0x50d7, 0xf715, 0x9dc7,
1307 0x3e28, 0x15a9, 0x95a3, 0x8554, 0x5b5e, 0xad1d, 0x6d57, 0x3d50},
1308 {0x3ad9, 0xbd60, 0x5cc7, 0x6b91, 0xadeb, 0x71f6, 0x7cc4, 0xa58a,
1309 0x2cce, 0xf17c, 0x38c9, 0x97ed, 0x65fb, 0x3fa6, 0xa6bc, 0xeb24},
1310 {0xf96c, 0x1963, 0x8151, 0xa0cc, 0x299b, 0xf277, 0x001a, 0x16bb,
1311 0xfd2e, 0x532d, 0x0410, 0xe117, 0x6b00, 0x44ec, 0xca6a, 0x1745}},
1313 {{0x3758, 0xa56c, 0xe41e, 0x4e47, 0x0975, 0xa82b, 0x107c, 0x89cf,
1314 0x2093, 0x5a0c, 0xda37, 0xe007, 0x6074, 0x4f68, 0x2f5a, 0xbb8a},
1315 {0x4beb, 0xa40f, 0x2c42, 0xd9d6, 0x97e8, 0xca7c, 0xd395, 0x894f,
1316 0x1f50, 0x8067, 0xa233, 0xb850, 0x1746, 0x1706, 0xbcda, 0xdf32},
1317 {0x762a, 0xceda, 0x4c45, 0x1ca0, 0x8c37, 0xd8c5, 0xef57, 0x7a2c,
1318 0x6e98, 0xe38a, 0xc50e, 0x2ca9, 0xcb85, 0x24d5, 0xc29c, 0x61f6}},
1320 {{0x6f38, 0x74ad, 0x7332, 0x4073, 0x6521, 0xb876, 0xa370, 0xa6bd,
1321 0xcea5, 0xbd06, 0x969f, 0x77c6, 0x1e69, 0x7c49, 0x7d51, 0xb6e7},
1322 {0x3f27, 0x4be4, 0xd81e, 0x1396, 0xb21f, 0x92aa, 0x6dc3, 0x6283,
1323 0x6ada, 0x3ca2, 0xc1e5, 0x8b9b, 0xd705, 0x5598, 0x8ba1, 0xe087},
1324 {0x6a22, 0xe834, 0xbc8d, 0xcee9, 0x42fc, 0xfc77, 0x9c45, 0x1ca8,
1325 0xeb66, 0xed74, 0xaaf9, 0xe75f, 0xfe77, 0x46d2, 0x179b, 0xbf3e}},
1327 {{0x7ea7, 0x444e, 0x84ea, 0xc447, 0x7c1f, 0xab97, 0x3de6, 0x5878,
1328 0x4e8b, 0xc017, 0x03e0, 0xdc40, 0xbbd0, 0x74ce, 0x0169, 0x7ab5},
1329 {0x4023, 0x154f, 0xfbe4, 0x8195, 0xfda0, 0xef54, 0x9e9a, 0xc703,
1330 0x2803, 0xf760, 0x6302, 0xed5b, 0x7157, 0x6456, 0xdd7d, 0xf14b},
1331 {0xb6fb, 0xe3b3, 0x0733, 0xa77e, 0x44c5, 0x3003, 0xc937, 0xdd4d,
1332 0x5355, 0x14e9, 0x184e, 0xcefe, 0xe6b5, 0xf2e0, 0x0a28, 0x5b74}},
1334 {{0xa893, 0xb5f4, 0x1ede, 0xa316, 0x242c, 0xbdcc, 0xb017, 0x0836,
1335 0x3a37, 0x27fb, 0xfb85, 0x251e, 0xa189, 0xb15d, 0xa4b8, 0xc24c},
1336 {0xb0b7, 0x57ba, 0xbb6d, 0x9177, 0xc896, 0xc7f2, 0x43b4, 0x85a6,
1337 0xe6c4, 0xe50e, 0x3109, 0x7ca5, 0xd73d, 0x13ff, 0x0c3d, 0xcd62},
1338 {0x48ca, 0xdb34, 0xe347, 0x2cef, 0x4466, 0x10fb, 0x7ee1, 0x6344,
1339 0x4308, 0x966d, 0xd4d1, 0xb099, 0x994f, 0xd025, 0x2187, 0x5866}},
1341 {{0x0775, 0x1754, 0x01f6, 0xdf37, 0xc0be, 0x8197, 0x072f, 0x6cf5,
1342 0x8b36, 0x8069, 0x5590, 0xb92d, 0x6084, 0x47a4, 0x23fe, 0xddd5},
1343 {0x8e1b, 0xda37, 0x27d9, 0x312e, 0x3a2f, 0xef6d, 0xd9eb, 0x8153,
1344 0xdcba, 0x9fa3, 0x9f80, 0xead5, 0x134d, 0x2ebb, 0x5ec0, 0xe032},
1345 {0x1cb6, 0x5a61, 0x1bed, 0x77d6, 0xd5d1, 0x7498, 0xef33, 0x2dd2,
1346 0x1089, 0xedbd, 0x6958, 0x16ae, 0x336c, 0x45e6, 0x4361, 0xbadc}},
1348 {{0x0207, 0xf948, 0xc430, 0xf36b, 0xf0a7, 0x5d36, 0x751f, 0x132c,
1349 0x6f25, 0xa630, 0xca1f, 0xc967, 0xaf9c, 0x34e7, 0xa38f, 0xbe9f},
1350 {0x5fb9, 0x7321, 0x6561, 0x5fed, 0x54ec, 0x9c3a, 0xee0e, 0x6717,
1351 0x49af, 0xb896, 0xf4f5, 0x451c, 0x722a, 0xf116, 0x64a9, 0xcf0b},
1352 {0xf4d7, 0xdb47, 0xfef2, 0x4806, 0x4cb8, 0x18c7, 0xd9a7, 0x4951,
1353 0x14d8, 0x5c3a, 0xd22d, 0xd7b2, 0x750c, 0x3de7, 0x8b4a, 0x19aa}},
1358 {{0x9118, 0xb640, 0x53d7, 0x30ab, 0x2a23, 0xd907, 0x9323, 0x5b3a,
1359 0xb6d4, 0x538a, 0x7637, 0xfe97, 0xfd05, 0x3cc0, 0x453a, 0xfb7e},
1360 {0x6983, 0x4f75, 0x4ad1, 0x48ad, 0xb2d9, 0x521d, 0x3dbc, 0x9cc0,
1361 0x4b60, 0x0ac6, 0xd3be, 0x0fb6, 0xd305, 0x3895, 0x2da5, 0xfdf8},
1362 {0xcec1, 0x33ac, 0xa801, 0x8194, 0xe36c, 0x65ef, 0x103b, 0xca54,
1363 0xfa9b, 0xb41d, 0x9b52, 0xb6f7, 0xa611, 0x84aa, 0x3493, 0xbf54}},
1365 {{0xb5f2, 0x42d0, 0x35e8, 0x8ca0, 0x4b62, 0x6e1d, 0xbdf3, 0x890e,
1366 0x8c82, 0x23d8, 0xc79a, 0xc8e8, 0x789e, 0x353d, 0x9766, 0xea9d},
1367 {0x6fa1, 0xacba, 0x4b7a, 0x5de1, 0x95d0, 0xc845, 0xebbf, 0x6f5a,
1368 0x30cf, 0x52db, 0x69b7, 0xe278, 0x4b15, 0x8411, 0x2ab2, 0xf3e7},
1369 {0xf12c, 0x9d6d, 0x95fa, 0x1878, 0x9f13, 0x4fb5, 0x3c8b, 0xa451,
1370 0x7182, 0xc4b6, 0x7e2a, 0x7bb7, 0x6e0e, 0x5b68, 0xde55, 0x9927}},
1372 {{0x229c, 0x4ef8, 0x1e93, 0xe5dc, 0xcde5, 0x6d62, 0x263b, 0xad11,
1373 0xced0, 0x88ff, 0xae8e, 0x3183, 0x11d2, 0xa50b, 0x350d, 0xeb40},
1374 {0x3157, 0xe2ea, 0x8a02, 0x0aa3, 0x5ae1, 0xb26c, 0xea27, 0x6805,
1375 0x87e2, 0x9461, 0x37c1, 0x2f8d, 0x85d2, 0x77a8, 0xf805, 0xeec9},
1376 {0x6f4e, 0x2748, 0xf7e5, 0xd8d3, 0xabe2, 0x7270, 0xc4e0, 0xedc7,
1377 0xf196, 0x78ca, 0x9139, 0xd8af, 0x72c6, 0xaf2f, 0x85d2, 0x6cd3}},
1379 {{0xdce8, 0xf1fe, 0x6708, 0x021e, 0xf1ca, 0xd609, 0x5443, 0x85ce,
1380 0x7a05, 0x8f9c, 0x90c3, 0x52e7, 0x8e1d, 0x97b8, 0xc0bf, 0xf2a1},
1381 {0xbd3d, 0xed11, 0x1625, 0xb4c5, 0x844c, 0xa413, 0x2569, 0xb9ba,
1382 0xcd35, 0xff84, 0xcd6e, 0x7f0b, 0x7d5d, 0x10df, 0x3efe, 0xfbe5},
1383 {0xa9dd, 0xafef, 0xb1b7, 0x4c8d, 0x50e4, 0xafbf, 0x2d5a, 0xb27c,
1384 0x0653, 0x66b6, 0x5d36, 0x4694, 0x7e35, 0xc47c, 0x857f, 0x32c5}},
1386 {{0x7902, 0xc9f8, 0x926b, 0xaaeb, 0x90f8, 0x1c89, 0xcce3, 0x96b7,
1387 0x28b2, 0x87a2, 0x136d, 0x695a, 0xa8df, 0x9061, 0x9e31, 0xee82},
1388 {0xd3a9, 0x3c02, 0x818c, 0x6b81, 0x34b3, 0xebbb, 0xe2c8, 0x7712,
1389 0xbfd6, 0x8248, 0xa6f4, 0xba6f, 0x03bb, 0xfb54, 0x7575, 0xfe89},
1390 {0x8246, 0x0d63, 0x478e, 0xf946, 0xf393, 0x0451, 0x08c2, 0x5919,
1391 0x5fd6, 0x4c61, 0xbeb7, 0x9a15, 0x30e1, 0x55fc, 0x6a01, 0x3724}},
1393 {{0x3eff, 0x926a, 0x77f5, 0x1fff, 0x1a5b, 0xf3ef, 0xf64b, 0x8681,
1394 0xf800, 0xf9bc, 0x761d, 0xe268, 0x62b0, 0xa032, 0xba9c, 0xbe56},
1395 {0xb8f9, 0x00e7, 0x47b7, 0xdffc, 0xfd9d, 0x5abb, 0xa19b, 0x1868,
1396 0x31fd, 0x3b29, 0x3674, 0x5449, 0xf54d, 0x1d19, 0x6ac7, 0xff6f},
1397 {0xf1d7, 0x3551, 0x5682, 0x9adf, 0xe8aa, 0x19a5, 0x8340, 0x71db,
1398 0xb7ab, 0x4cfd, 0xf661, 0x632c, 0xc27e, 0xd3c6, 0xdf42, 0xd306}},
1400 {{0x0000, 0x0000, 0x0000, 0x0000, 0x3aff, 0x2ed7, 0xf2e0, 0xabc7,
1401 0x8aee, 0x166e, 0x7ed0, 0x9ac7, 0x714a, 0xb9c5, 0x4d58, 0xad6c},
1402 {0x9cf9, 0x47e2, 0xa421, 0xb277, 0xffc2, 0x2747, 0x6486, 0x94c1,
1403 0x1d99, 0xd49b, 0x1096, 0x991a, 0xe986, 0xae02, 0xe89b, 0xea36},
1404 {0x1fb4, 0x98d8, 0x19b7, 0x80e9, 0xcdac, 0xaa5a, 0xf1e6, 0x0074,
1405 0xe393, 0xed8b, 0x8d5c, 0xe17d, 0x81b3, 0xc16d, 0x54d3, 0x9be3}},
1407 {{0xd047, 0x7e36, 0x3157, 0x7ab6, 0xb4d9, 0x8dae, 0x7534, 0x4f5d,
1408 0x489e, 0xa8ab, 0x8a3d, 0xd52c, 0x62af, 0xa032, 0xba9c, 0xbe56},
1409 {0xb1f1, 0x737f, 0x5964, 0x5afb, 0x3712, 0x8ef9, 0x19f7, 0x9669,
1410 0x664d, 0x03ad, 0xc352, 0xf7a5, 0xf545, 0x1d19, 0x6ac7, 0xff6f},
1411 {0xa834, 0x5256, 0x27bc, 0x33bd, 0xba11, 0x5a7b, 0x791e, 0xe6c0,
1412 0x9ac4, 0x9370, 0x1130, 0x28b4, 0x2b2e, 0x231b, 0x082a, 0x796e}},
1414 {{0x6ab1, 0x6ea0, 0x1a99, 0xe0c2, 0xdd45, 0x645d, 0x8dbc, 0x466a,
1415 0xfa64, 0x4289, 0xd3f7, 0xfc8f, 0x2894, 0xe3c5, 0xa008, 0xcc14},
1416 {0xc75f, 0xc083, 0x4cc2, 0x64f2, 0x2aff, 0x4c12, 0x8461, 0xc4ae,
1417 0xbbfa, 0xb336, 0xe4b2, 0x3ac5, 0x2c22, 0xf56c, 0x5381, 0xe943},
1418 {0xcd80, 0x760d, 0x4395, 0xb3a6, 0xd497, 0xf583, 0x82bd, 0x1daa,
1419 0xbe92, 0x2613, 0xfdfb, 0x869b, 0x0425, 0xa333, 0x7056, 0xc9c5}},
1421 {{0x71d4, 0x64df, 0xec4f, 0x74d8, 0x7e0c, 0x40d3, 0x7073, 0x4cc8,
1422 0x2a2a, 0xb1ff, 0x8518, 0x6513, 0xb0ea, 0x640a, 0x62d9, 0xd5f4},
1423 {0xdc75, 0xd937, 0x3b13, 0x1d36, 0xdf83, 0xd034, 0x1c1c, 0x4332,
1424 0x4cc3, 0xeeec, 0x7d94, 0x6771, 0x3384, 0x74b0, 0x947d, 0xf2c4},
1425 {0x0a82, 0x37a4, 0x12d5, 0xec97, 0x972c, 0xe6bf, 0xc348, 0xa0a9,
1426 0xc50c, 0xdc7c, 0xae30, 0x19d1, 0x0fca, 0x35e1, 0xd6f6, 0x81ee}},
1428 {{0xa6b1, 0xabc5, 0x5bbc, 0x7f65, 0xdd32, 0xaa73, 0xf5a3, 0x1982,
1429 0xced4, 0xe949, 0x0fd6, 0x2bc4, 0x2bd7, 0xe3c5, 0xa008, 0xcc14},
1430 {0x4b5f, 0x8f96, 0xa375, 0xfbcf, 0x1c7d, 0xf1ec, 0x03f5, 0xb35d,
1431 0xb999, 0xdb1f, 0xc9a1, 0xb4c7, 0x1dd5, 0xf56c, 0x5381, 0xe943},
1432 {0xaa3d, 0x38b9, 0xf17d, 0xeed9, 0x9988, 0x69ee, 0xeb88, 0x1495,
1433 0x203f, 0x18c8, 0x82b7, 0xdcb2, 0x34a7, 0x6b00, 0x6998, 0x589a}},
1435 {{0xa478, 0xe60d, 0x3244, 0x60e6, 0xada3, 0xfe50, 0xb6b1, 0x2eae,
1436 0xd0ef, 0xa7b1, 0xef63, 0x05c0, 0xe213, 0x443e, 0x4427, 0x2448},
1437 {0x258f, 0xf9ef, 0xe02b, 0x92dd, 0xd7f3, 0x252b, 0xa503, 0x9089,
1438 0xedff, 0x96c1, 0xfe3a, 0x3a39, 0x198a, 0x981d, 0x0627, 0xedb7},
1439 {0x595a, 0x45be, 0x8fb0, 0x2265, 0xc210, 0x02b8, 0xdce9, 0xe241,
1440 0xcab6, 0xbf0d, 0x0049, 0x8d9a, 0x2f51, 0xae54, 0x5785, 0xb411}},
1442 {{0x48f0, 0x7db3, 0xdafe, 0x1c92, 0x5912, 0xe11a, 0xab52, 0xede1,
1443 0x3182, 0x8980, 0x5d2b, 0x9b5b, 0x8718, 0xda27, 0x1683, 0x1de2},
1444 {0x168f, 0x6f36, 0xce7a, 0xf435, 0x19d4, 0xda5e, 0x2351, 0x9af5,
1445 0xb003, 0x0ef5, 0x3b4c, 0xecec, 0xa9f0, 0x78e1, 0xdfef, 0xe823},
1446 {0x5f55, 0xfdcc, 0xb233, 0x2914, 0x84f0, 0x97d1, 0x9cf4, 0x2159,
1447 0xbf56, 0xb79c, 0x17a3, 0x7cef, 0xd5de, 0x34f0, 0x5311, 0x4c54}},
1449 {{0x2789, 0x2e04, 0x6e0e, 0xb6cd, 0xe4de, 0x4dbf, 0x228d, 0x7877,
1450 0xc335, 0x806b, 0x38cd, 0x8049, 0xa73b, 0xcfa2, 0x82f7, 0x9e19},
1451 {0xc08d, 0xb99d, 0xb8f3, 0x663d, 0xbbb3, 0x1284, 0x1485, 0x1d49,
1452 0xc98f, 0x9e78, 0x1588, 0x11e3, 0xd91a, 0xa2c7, 0xfff1, 0xc7b9},
1453 {0x1e1f, 0x411d, 0x7c49, 0x0d03, 0xe789, 0x2f8e, 0x5d55, 0xa95e,
1454 0x826e, 0x8de5, 0x52a0, 0x1abc, 0x4cd7, 0xd13a, 0x4395, 0x63e1}},
1456 {{0xd5a1, 0xf786, 0x555c, 0xb14b, 0x44ae, 0x535f, 0x4a49, 0xffc3,
1457 0xf497, 0x70d1, 0x57c8, 0xa933, 0xc85a, 0x1910, 0x75bf, 0x960b},
1458 {0xfe53, 0x5058, 0x496d, 0xfdff, 0x6fb8, 0x4100, 0x92bd, 0xe0c4,
1459 0xda89, 0xe0a4, 0x841b, 0x43d4, 0xa388, 0x957f, 0x99ca, 0x9abf},
1460 {0xe530, 0x05bc, 0xfeec, 0xfc7e, 0xbcd3, 0x1239, 0x54cb, 0x7042,
1461 0xbccb, 0x139e, 0x9076, 0x0203, 0x6068, 0x90c7, 0x1ddf, 0x488d}},
1463 {{0x9488, 0xe54b, 0x0e43, 0x81d2, 0x06e7, 0x4b66, 0x36d0, 0x53d6,
1464 0x2b68, 0x22ec, 0x3fa9, 0xc1a7, 0x9ad2, 0xa596, 0xb3ac, 0xdf42},
1465 {0xe31f, 0x0b28, 0x5f3b, 0xc1ff, 0x344c, 0xbf5f, 0xd2ec, 0x2936,
1466 0x9995, 0xdeb2, 0xae6c, 0x2852, 0xa2c6, 0xb306, 0x8120, 0xe305},
1467 {0xa56e, 0xfb98, 0x1537, 0x4d85, 0x619e, 0x866c, 0x3cd4, 0x779a,
1468 0xdd66, 0xa80d, 0xdc2f, 0xcae4, 0xc74c, 0x5175, 0xa65d, 0x605e}},
1470 {{0x8cd5, 0x376d, 0xd01b, 0x7176, 0x19ef, 0xcf09, 0x8403, 0x5e52,
1471 0x83c1, 0x44de, 0xb91e, 0xb33d, 0xe15c, 0x51e7, 0xbad8, 0x6359},
1472 {0x3b75, 0xf812, 0x5f9e, 0xa04e, 0x92d3, 0x226e, 0x540e, 0x7c9a,
1473 0x31c6, 0x46d2, 0x0b7b, 0xdb4a, 0xe662, 0x4950, 0x0265, 0xf76f},
1474 {0x09ed, 0x692f, 0xe8f1, 0x3482, 0xab54, 0x36b4, 0x8442, 0x6ae9,
1475 0x4329, 0x6505, 0x183b, 0x1c1d, 0x482d, 0x7d63, 0xb44f, 0xcc09}},
1480 {{0x95ed, 0x6c01, 0xd113, 0x5ff1, 0xd7d0, 0x29cc, 0x5817, 0x6120,
1481 0xca8e, 0xaad1, 0x25ae, 0x8e84, 0x9af6, 0x30bf, 0xf0ed, 0x1686},
1482 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1483 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1484 {0x1631, 0xbf4a, 0x286a, 0x2716, 0x469f, 0x2ac8, 0x1312, 0xe9bc,
1485 0x04f4, 0x304b, 0x9931, 0x113b, 0xd932, 0xc8f4, 0x0d0d, 0x01a1}},
1487 {{0x85ed, 0xc284, 0x9608, 0x3c56, 0x19b6, 0xbb5b, 0x2850, 0xdab7,
1488 0xa7f5, 0xe9ab, 0x06a4, 0x5bbb, 0x1135, 0xa186, 0xc424, 0xc68b},
1489 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1490 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1491 {0x8479, 0x450a, 0x8fa3, 0xde05, 0xb2f5, 0x7793, 0x7269, 0xbabb,
1492 0xc3b3, 0xd49b, 0x3377, 0x03c6, 0xe694, 0xc760, 0xd3cb, 0x2811}},
1494 {{0x8432, 0x5ceb, 0xa847, 0x6f1e, 0x51dd, 0x535a, 0x6ddc, 0x70ce,
1495 0x6e70, 0xc1f6, 0x18f2, 0x2a7e, 0xc8e7, 0x39f8, 0x7e96, 0xebbf},
1496 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1497 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1498 {0x257e, 0x449f, 0x689f, 0x89aa, 0x3989, 0xb661, 0x376c, 0x1e32,
1499 0x654c, 0xee2e, 0xf4e2, 0x33c8, 0x3f2f, 0x9716, 0x6046, 0xcaa3}},
1502 {{0xfeb9, 0xb877, 0xee41, 0x7fa3, 0x87da, 0x94c4, 0x9d04, 0xc5ae,
1503 0x5708, 0x0994, 0xfc79, 0x0916, 0xbf32, 0x3ad8, 0xe11c, 0x5ca2},
1504 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1505 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1506 {0x0f12, 0x075e, 0xce1c, 0x6f92, 0xc80f, 0xca92, 0x9a04, 0x6126,
1507 0x4b6c, 0x57d6, 0xca31, 0x97f3, 0x1f99, 0xf4fd, 0xda4d, 0x42ce}},
1509 {{0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1510 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1511 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1512 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1513 {0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1514 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1516 {{0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1517 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1518 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1519 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1520 {0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1521 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1523 {{0x0002, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1524 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1525 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1526 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1527 {0x20a1, 0x681b, 0x2f46, 0xdfe9, 0x501d, 0x57a4, 0x6e73, 0x5d57,
1528 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x7fff}},
1530 {{0x4140, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1531 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1532 {0x4141, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1533 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1534 {0x4140, 0xd036, 0x5e8c, 0xbfd2, 0xa03b, 0xaf48, 0xdce6, 0xbaae,
1535 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}},
1540 {{0x9ec3, 0x1919, 0xca84, 0x7c11, 0xf996, 0x06f3, 0x5408, 0x6688,
1541 0x1320, 0xdb8a, 0x632a, 0x0dcb, 0x8a84, 0x6bee, 0x9c95, 0xe34e},
1542 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1543 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1544 {0x18e5, 0x19b6, 0xdf92, 0x1aaa, 0x09fb, 0x8a3f, 0x52b0, 0x8701,
1545 0xac0c, 0x2582, 0xda44, 0x9bcc, 0x6828, 0x1c53, 0xbd8f, 0xbd2c}},
1547 {{0xaec3, 0xa7cf, 0x2f2d, 0x0693, 0x5ad5, 0xa8ff, 0x7ec7, 0x30ff,
1548 0x0c8b, 0xc242, 0xcab2, 0x063a, 0xf86e, 0x6057, 0x9cbd, 0xf6d8},
1549 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1550 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1551 {0x0310, 0x579d, 0xcb38, 0x9030, 0x3ded, 0x9bb9, 0x1234, 0x63ce,
1552 0x0c63, 0x8e3d, 0xacfe, 0x3c20, 0xdc85, 0xf859, 0x919e, 0x1d45}},
1554 {{0x63ae, 0x8d10, 0x0071, 0xdb5c, 0xb454, 0x78d1, 0x744a, 0x5f8e,
1555 0xe4d8, 0x87b1, 0x8e62, 0x9590, 0xcede, 0xa070, 0x36b4, 0x7f6f},
1556 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1557 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1558 {0xfdc8, 0xe8d5, 0xbe15, 0x9f86, 0xa5fe, 0xf18e, 0xa7ff, 0xd291,
1559 0xf4c2, 0x9c87, 0xf150, 0x073e, 0x69b8, 0xf7c4, 0xee4b, 0xc7e6}},
1562 {{0x1b37, 0xbdc3, 0x8bcd, 0x25e3, 0x1eae, 0x567d, 0x30b6, 0xf0d8,
1563 0x9277, 0x0cf8, 0x9c2e, 0xecd7, 0x631d, 0xe38f, 0xd4f8, 0x5c93},
1564 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1565 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1566 {0x1622, 0xe05b, 0xe880, 0x7de9, 0x3e45, 0xb682, 0xee6c, 0x67ed,
1567 0xa179, 0x15db, 0x6b0d, 0xa656, 0x7ccb, 0x8ef7, 0xa2ff, 0xe279}},
1569 {{0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1570 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1571 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1572 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1573 {0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1574 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1576 {{0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1577 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1578 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1579 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1580 {0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1581 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000}},
1583 {{0x0002, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
1584 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000},
1585 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1586 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1587 {0xfe18, 0x7fff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1588 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x7fff}},
1590 {{0xfc2e, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1591 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1592 {0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1593 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff},
1594 {0xfc2e, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1595 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff}},
1599 {{0x3a08, 0x23e1, 0x4d8c, 0xe606, 0x3263, 0x67af, 0x9bf1, 0x9d70,
1600 0xf5fd, 0x12e4, 0x03c8, 0xb9ca, 0xe847, 0x8c5d, 0x6322, 0xbd30},
1601 {0x8359, 0x59dd, 0x1831, 0x7c1a, 0x1e83, 0xaee1, 0x770d, 0xcea8,
1602 0xfbb1, 0xeed6, 0x10b5, 0xe2c6, 0x36ea, 0xee17, 0xe32c, 0xffff},
1603 {0x1727, 0x0f36, 0x6f85, 0x5d0c, 0xca6c, 0x3072, 0x9628, 0x5842,
1604 0xcb44, 0x7c2b, 0xca4f, 0x62e5, 0x29b1, 0x6ffd, 0x9055, 0xc196}},
1605 {{0x905d, 0x41c8, 0xa2ff, 0x295b, 0x72bb, 0x4679, 0x6d01, 0x2c98,
1606 0xb3e0, 0xc537, 0xa310, 0xe07e, 0xe72f, 0x4999, 0x1148, 0xf65e},
1607 {0x5b41, 0x4239, 0x3c37, 0x5130, 0x30e3, 0xff35, 0xc51f, 0x1a43,
1608 0xdb23, 0x13cf, 0x9f49, 0xf70c, 0x5e70, 0xd411, 0x3005, 0xf8c6},
1609 {0xc30e, 0x68f0, 0x201a, 0xe10c, 0x864a, 0x6243, 0xe946, 0x43ae,
1610 0xf3f1, 0x52dc, 0x1f7f, 0x50d4, 0x2797, 0x064c, 0x5ca4, 0x90e3}},
1611 {{0xf1b5, 0xc6e5, 0xd2c4, 0xff95, 0x27c5, 0x0c92, 0x5d19, 0x7ae5,
1612 0x4fbe, 0x5438, 0x99e1, 0x880d, 0xd892, 0xa05c, 0x6ffd, 0x7eac},
1613 {0x2153, 0xcc9d, 0xfc6c, 0x8358, 0x49a1, 0x01e2, 0xcef0, 0x4969,
1614 0xd69a, 0x8cef, 0xf5b2, 0xfd95, 0xdcc2, 0x71f4, 0x6ae2, 0xceeb},
1615 {0x9b2e, 0xcdc6, 0x0a5c, 0x7317, 0x9084, 0xe228, 0x56cf, 0xd512,
1616 0x628a, 0xce21, 0x3473, 0x4e13, 0x8823, 0x1ed0, 0x34d0, 0xbfa3}},
1617 {{0x5bae, 0x53e5, 0x5f4d, 0x21ca, 0xb875, 0x8ecf, 0x9aa6, 0xbe3c,
1618 0x9f96, 0x7b82, 0x375d, 0x4d3e, 0x491c, 0xb1eb, 0x04c9, 0xb6c8},
1619 {0xfcfd, 0x10b7, 0x73b2, 0xd23b, 0xa357, 0x67da, 0x0d9f, 0x8702,
1620 0xa037, 0xff8e, 0x0e8b, 0x1801, 0x2c5c, 0x4e6e, 0x4558, 0xfff2},
1621 {0xc50f, 0x5654, 0x6713, 0x5ef5, 0xa7ce, 0xa647, 0xc832, 0x69ce,
1622 0x1d5c, 0x4310, 0x0746, 0x5a01, 0x96ea, 0xde4b, 0xa88b, 0x5543}},
1623 {{0xdc7f, 0x5e8c, 0x89d1, 0xb077, 0xd521, 0xcf90, 0x32fa, 0x5737,
1624 0x839e, 0x1464, 0x007c, 0x09c6, 0x9371, 0xe8ea, 0xc1cb, 0x75c4},
1625 {0xe3a3, 0x107f, 0xa82a, 0xa375, 0x4578, 0x60f4, 0x75c9, 0x5ee4,
1626 0x3fd7, 0x2736, 0x2871, 0xd3d2, 0x5f1d, 0x1abb, 0xa764, 0xffff},
1627 {0x45c6, 0x1f2e, 0xb14c, 0x84d7, 0x7bb7, 0x5a04, 0x0504, 0x3f33,
1628 0x5cc1, 0xb07a, 0x6a6c, 0x786f, 0x647f, 0xe1d7, 0x78a2, 0x4cf4}},
1629 {{0xc006, 0x356f, 0x8cd2, 0x967b, 0xb49e, 0x2d4e, 0x14bf, 0x4bcb,
1630 0xddab, 0xd3f9, 0xa068, 0x2c1c, 0xd242, 0xa56d, 0xf2c7, 0x5f97},
1631 {0x465b, 0xb745, 0x0e0d, 0x69a9, 0x987d, 0xcb37, 0xf637, 0xb311,
1632 0xc4d6, 0x2ddb, 0xf68f, 0x2af9, 0x959d, 0x3f53, 0x98f2, 0xf640},
1633 {0xc0f2, 0x6bfb, 0xf5c3, 0x91c1, 0x6b05, 0x0825, 0x5ca0, 0x7df7,
1634 0x9d55, 0x6d9e, 0xfe94, 0x2ad9, 0xd9f0, 0xe68b, 0xa72b, 0xd1b2}},
1635 {{0x2279, 0x61ba, 0x5bc6, 0x136b, 0xf544, 0x717c, 0xafda, 0x02bd,
1636 0x79af, 0x1fad, 0xea09, 0x81bb, 0x932b, 0x32c9, 0xdf1d, 0xe576},
1637 {0x8215, 0x7817, 0xca82, 0x43b0, 0x9b06, 0xea65, 0x1291, 0x0621,
1638 0x0089, 0x46fe, 0xc5a6, 0xddd7, 0x8065, 0xc6a0, 0x214b, 0xfc64},
1639 {0x04bf, 0x6f2a, 0x86b2, 0x841a, 0x4a95, 0xc632, 0x97b7, 0x5821,
1640 0x2b18, 0x1bb0, 0x3e97, 0x935e, 0xcc7d, 0x066b, 0xd513, 0xc251}},
1641 {{0x76e8, 0x5bc2, 0x3eaa, 0x04fc, 0x9974, 0x92c1, 0x7c15, 0xfa89,
1642 0x1151, 0x36ee, 0x48b2, 0x049c, 0x5f16, 0xcee4, 0x925b, 0xe98e},
1643 {0x913f, 0x0a2d, 0xa185, 0x9fea, 0xda5a, 0x4025, 0x40d7, 0x7cfa,
1644 0x88ca, 0xbbe8, 0xb265, 0xb7e4, 0x6cb1, 0xed64, 0xc6f9, 0xffb5},
1645 {0x6ab1, 0x1a86, 0x5009, 0x152b, 0x1cc4, 0xe2c8, 0x960b, 0x19d0,
1646 0x3554, 0xc562, 0xd013, 0xcf91, 0x10e1, 0x7933, 0xe195, 0xcf49}},
1647 {{0x9cb5, 0xd2d7, 0xc6ed, 0xa818, 0xb495, 0x06ee, 0x0f4a, 0x06e3,
1648 0x4c5a, 0x80ce, 0xd49a, 0x4cd7, 0x7487, 0x92af, 0xe516, 0x676c},
1649 {0xd6e9, 0x6b85, 0x619a, 0xb52c, 0x20a0, 0x2f79, 0x3545, 0x1edd,
1650 0x5a6f, 0x8082, 0x9b80, 0xf8f8, 0xc78a, 0xd0a3, 0xadf4, 0xffff},
1651 {0x01c2, 0x2118, 0xef5e, 0xa877, 0x046a, 0xd2c2, 0x2ad5, 0x951c,
1652 0x8900, 0xa5c9, 0x8d0f, 0x6b61, 0x55d3, 0xd572, 0x48de, 0x9219}},
1653 {{0x5114, 0x0644, 0x23dd, 0x01d3, 0xc101, 0xa659, 0xea17, 0x640f,
1654 0xf767, 0x2644, 0x9cec, 0xd8ba, 0xd6da, 0x9156, 0x8aeb, 0x875a},
1655 {0xc1bf, 0xdae9, 0xe96b, 0xce77, 0xf7a1, 0x3e99, 0x5c2e, 0x973b,
1656 0xd048, 0x5bd0, 0x4e8a, 0xcb85, 0xce39, 0x37f5, 0x815d, 0xffff},
1657 {0x48cc, 0x35b6, 0x26d4, 0x2ea6, 0x50d6, 0xa2f9, 0x64b6, 0x03bf,
1658 0xd00c, 0xe057, 0x3343, 0xfb79, 0x3ce5, 0xf717, 0xc5af, 0xe185}},
1659 {{0x13ff, 0x6c76, 0x2077, 0x16e0, 0xd5ca, 0xf2ad, 0x8dba, 0x8f49,
1660 0x7887, 0x16f9, 0xb646, 0xfc87, 0xfa31, 0x5096, 0xf08c, 0x3fbe},
1661 {0x8139, 0x6fd7, 0xf6df, 0xa7bf, 0x6699, 0x5361, 0x6f65, 0x13c8,
1662 0xf4d1, 0xe28f, 0xc545, 0x0a8c, 0x5274, 0xb0a6, 0xffff, 0xffff},
1663 {0x22ca, 0x0cd6, 0xc1b5, 0xb064, 0x44a7, 0x297b, 0x495f, 0x34ac,
1664 0xfa95, 0xec62, 0xf08d, 0x621c, 0x66a6, 0xba94, 0x84c6, 0x8ee0}},
1665 {{0xaa30, 0x312e, 0x439c, 0x4e88, 0x2e2f, 0x32dc, 0xb880, 0xa28e,
1666 0xf795, 0xc910, 0xb406, 0x8dd7, 0xb187, 0xa5a5, 0x38f1, 0xe49e},
1667 {0xfb19, 0xf64a, 0xba6a, 0x8ec2, 0x7255, 0xce89, 0x2cf9, 0x9cba,
1668 0xe1fe, 0x50da, 0x1705, 0xac52, 0xe3d4, 0x4269, 0x0648, 0xfd77},
1669 {0xb4c8, 0x6e8a, 0x2b5f, 0x4c2d, 0x5a67, 0xa7bb, 0x7d6d, 0x5569,
1670 0xa0ea, 0x244a, 0xc0f2, 0xf73d, 0x58cf, 0xac7f, 0xd32b, 0x3018}},
1671 {{0xc953, 0x1ae1, 0xae46, 0x8709, 0x19c2, 0xa986, 0x9abe, 0x1611,
1672 0x0395, 0xd5ab, 0xf0f6, 0xb5b0, 0x5b2b, 0x0317, 0x80ba, 0x376d},
1673 {0xfe77, 0xbc03, 0xac2f, 0x9d00, 0xa175, 0x293d, 0x3b56, 0x0e3a,
1674 0x0a9c, 0xf40c, 0x690e, 0x1508, 0x95d4, 0xddc4, 0xe805, 0xffff},
1675 {0xb1ce, 0x0929, 0xa5fe, 0x4b50, 0x9d5d, 0x8187, 0x2557, 0x4376,
1676 0x11ba, 0xdcef, 0xc1f3, 0xd531, 0x1824, 0x93f6, 0xd81f, 0x8f83}},
1677 {{0xb8d2, 0xb900, 0x4a0c, 0x7188, 0xa5bf, 0x1b0b, 0x2ae5, 0xa35b,
1678 0x98e0, 0x610c, 0x86db, 0x2487, 0xa267, 0x002c, 0xebb6, 0xc5f4},
1679 {0x9cdd, 0x1c1b, 0x2f06, 0x43d1, 0xce47, 0xc334, 0x6e60, 0xc016,
1680 0x989e, 0x0ab2, 0x0cac, 0x1196, 0xe2d9, 0x2e04, 0xc62b, 0xffff},
1681 {0xdc36, 0x1f05, 0x6aa9, 0x7a20, 0x944f, 0x2fd3, 0xa553, 0xdb4f,
1682 0xbd5c, 0x3a75, 0x25d4, 0xe20e, 0xa387, 0x1410, 0xdbb1, 0x1b60}},
1683 {{0x76b3, 0x2207, 0x4930, 0x5dd7, 0x65a0, 0xd55c, 0xb443, 0x53b7,
1684 0x5c22, 0x818a, 0xb2e7, 0x9de8, 0x9985, 0xed45, 0x33b1, 0x53e8},
1685 {0x7913, 0x44e1, 0xf15b, 0x5edd, 0x34f3, 0x4eba, 0x0758, 0x7104,
1686 0x32d9, 0x28f3, 0x4401, 0x85c5, 0xb695, 0xb899, 0xc0f2, 0xffff},
1687 {0x7f43, 0xd202, 0x24c9, 0x69f3, 0x74dc, 0x1a69, 0xeaee, 0x5405,
1688 0x1755, 0x4bb8, 0x04e3, 0x2fd2, 0xada8, 0x39eb, 0x5b4d, 0x96ca}},
1689 {{0x807b, 0x7112, 0xc088, 0xdafd, 0x02fa, 0x9d95, 0x5e42, 0xc033,
1690 0xde0a, 0xeecf, 0x8e90, 0x8da1, 0xb17e, 0x9a5b, 0x4c6d, 0x1914},
1691 {0x4871, 0xd1cb, 0x47d7, 0x327f, 0x09ec, 0x97bb, 0x2fae, 0xd346,
1692 0x6b78, 0x3707, 0xfeb2, 0xa6ab, 0x13df, 0x76b0, 0x8fb9, 0xffb3},
1693 {0x179e, 0xb63b, 0x4784, 0x231e, 0x9f42, 0x7f1a, 0xa3fb, 0xdd8c,
1694 0xd1eb, 0xb4c9, 0x8ca7, 0x018c, 0xf691, 0x576c, 0xa7d6, 0xce27}},
1695 {{0x5f45, 0x7c64, 0x083d, 0xedd5, 0x08a0, 0x0c64, 0x6c6f, 0xec3c,
1696 0xe2fb, 0x352c, 0x9303, 0x75e4, 0xb4e0, 0x8b09, 0xaca4, 0x7025},
1697 {0x1025, 0xb482, 0xfed5, 0xa678, 0x8966, 0x9359, 0x5329, 0x98bb,
1698 0x85b2, 0x73ba, 0x9982, 0x6fdc, 0xf190, 0xbe8c, 0xdc5c, 0xfd93},
1699 {0x83a2, 0x87a4, 0xa680, 0x52a1, 0x1ba1, 0x8848, 0x5db7, 0x9744,
1700 0x409c, 0x0745, 0x0e1e, 0x1cfc, 0x00cd, 0xf573, 0x2071, 0xccaa}},
1701 {{0xf61f, 0x63d4, 0x536c, 0x9eb9, 0x5ddd, 0xbb11, 0x9014, 0xe904,
1702 0xfe01, 0x6b45, 0x1858, 0xcb5b, 0x4c38, 0x43e1, 0x381d, 0x7f94},
1703 {0xf61f, 0x63d4, 0xd810, 0x7ca3, 0x8a04, 0x4b83, 0x11fc, 0xdf94,
1704 0x4169, 0xbd05, 0x608e, 0x7151, 0x4fbf, 0xb31a, 0x38a7, 0xa29b},
1705 {0xe621, 0xdfa5, 0x3d06, 0x1d03, 0x81e6, 0x00da, 0x53a6, 0x965e,
1706 0x93e5, 0x2164, 0x5b61, 0x59b8, 0xa629, 0x8d73, 0x699a, 0x6111}},
1707 {{0x4cc3, 0xd29e, 0xf4a3, 0x3428, 0x2048, 0xeec9, 0x5f50, 0x99a4,
1708 0x6de9, 0x05f2, 0x5aa9, 0x5fd2, 0x98b4, 0x1adc, 0x225f, 0x777f},
1709 {0xe649, 0x37da, 0x5ba6, 0x5765, 0x3f4a, 0x8a1c, 0x2e79, 0xf550,
1710 0x1a54, 0xcd1e, 0x7218, 0x3c3c, 0x6311, 0xfe28, 0x95fb, 0xed97},
1711 {0xe9b6, 0x0c47, 0x3f0e, 0x849b, 0x11f8, 0xe599, 0x5e4d, 0xd618,
1712 0xa06d, 0x33a0, 0x9a3e, 0x44db, 0xded8, 0x10f0, 0x94d2, 0x81fb}},
1713 {{0x2e59, 0x7025, 0xd413, 0x455a, 0x1ce3, 0xbd45, 0x7263, 0x27f7,
1714 0x23e3, 0x518e, 0xbe06, 0xc8c4, 0xe332, 0x4276, 0x68b4, 0xb166},
1715 {0x596f, 0x0cf6, 0xc8ec, 0x787b, 0x04c1, 0x473c, 0xd2b8, 0x8d54,
1716 0x9cdf, 0x77f2, 0xd3f3, 0x6735, 0x0638, 0xf80e, 0x9467, 0xc6aa},
1717 {0xc7e7, 0x1822, 0xb62a, 0xec0d, 0x89cd, 0x7846, 0xbfa2, 0x35d5,
1718 0xfa38, 0x870f, 0x494b, 0x1697, 0x8b17, 0xf904, 0x10b6, 0x9822}},
1719 {{0x6d5b, 0x1d4f, 0x0aaf, 0x807b, 0x35fb, 0x7ee8, 0x00c6, 0x059a,
1720 0xddf0, 0x1fb1, 0xc38a, 0xd78e, 0x2aa4, 0x79e7, 0xad28, 0xc3f1},
1721 {0xe3bb, 0x174e, 0xe0a8, 0x74b6, 0xbd5b, 0x35f6, 0x6d23, 0x6328,
1722 0xc11f, 0x83e1, 0xf928, 0xa918, 0x838e, 0xbf43, 0xe243, 0xfffb},
1723 {0x9cf2, 0x6b8b, 0x3476, 0x9d06, 0xdcf2, 0xdb8a, 0x89cd, 0x4857,
1724 0x75c2, 0xabb8, 0x490b, 0xc9bd, 0x890e, 0xe36e, 0xd552, 0xfffa}},
1725 {{0x2f09, 0x9d62, 0xa9fc, 0xf090, 0xd6d1, 0x9d1d, 0x1828, 0xe413,
1726 0xc92b, 0x3d5a, 0x1373, 0x368c, 0xbaf2, 0x2158, 0x71eb, 0x08a3},
1727 {0x2f09, 0x1d62, 0x4630, 0x0de1, 0x06dc, 0xf7f1, 0xc161, 0x1e92,
1728 0x7495, 0x97e4, 0x94b6, 0xa39e, 0x4f1b, 0x18f8, 0x7bd4, 0x0c4c},
1729 {0xeb3d, 0x723d, 0x0907, 0x525b, 0x463a, 0x49a8, 0xc6b8, 0xce7f,
1730 0x740c, 0x0d7d, 0xa83b, 0x457f, 0xae8e, 0xc6af, 0xd331, 0x0475}},
1731 {{0x6abd, 0xc7af, 0x3e4e, 0x95fd, 0x8fc4, 0xee25, 0x1f9c, 0x0afe,
1732 0x291d, 0xcde0, 0x48f4, 0xb2e8, 0xf7af, 0x8f8d, 0x0bd6, 0x078d},
1733 {0x4037, 0xbf0e, 0x2081, 0xf363, 0x13b2, 0x381e, 0xfb6e, 0x818e,
1734 0x27e4, 0x5662, 0x18b0, 0x0cd2, 0x81f5, 0x9415, 0x0d6c, 0xf9fb},
1735 {0xd205, 0x0981, 0x0498, 0x1f08, 0xdb93, 0x1732, 0x0579, 0x1424,
1736 0xad95, 0x642f, 0x050c, 0x1d6d, 0xfc95, 0xfc4a, 0xd41b, 0x3521}},
1737 {{0xf23a, 0x4633, 0xaef4, 0x1a92, 0x3c8b, 0x1f09, 0x30f3, 0x4c56,
1738 0x2a2f, 0x4f62, 0xf5e4, 0x8329, 0x63cc, 0xb593, 0xec6a, 0xc428},
1739 {0x93a7, 0xfcf6, 0x606d, 0xd4b2, 0x2aad, 0x28b4, 0xc65b, 0x8998,
1740 0x4e08, 0xd178, 0x0900, 0xc82b, 0x7470, 0xa342, 0x7c0f, 0xffff},
1741 {0x315f, 0xf304, 0xeb7b, 0xe5c3, 0x1451, 0x6311, 0x8f37, 0x93a8,
1742 0x4a38, 0xa6c6, 0xe393, 0x1087, 0x6301, 0xd673, 0x4ec4, 0xffff}},
1743 {{0x892e, 0xeed0, 0x1165, 0xcbc1, 0x5545, 0xa280, 0x7243, 0x10c9,
1744 0x9536, 0x36af, 0xb3fc, 0x2d7c, 0xe8a5, 0x09d6, 0xe1d4, 0xe85d},
1745 {0xae09, 0xc28a, 0xd777, 0xbd80, 0x23d6, 0xf980, 0xeb7c, 0x4e0e,
1746 0xf7dc, 0x6475, 0xf10a, 0x2d33, 0x5dfd, 0x797a, 0x7f1c, 0xf71a},
1747 {0x4064, 0x8717, 0xd091, 0x80b0, 0x4527, 0x8442, 0xac8b, 0x9614,
1748 0xc633, 0x35f5, 0x7714, 0x2e83, 0x4aaa, 0xd2e4, 0x1acd, 0x0562}},
1749 {{0xdb64, 0x0937, 0x308b, 0x53b0, 0x00e8, 0xc77f, 0x2f30, 0x37f7,
1750 0x79ce, 0xeb7f, 0xde81, 0x9286, 0xafda, 0x0e62, 0xae00, 0x0067},
1751 {0x2cc7, 0xd362, 0xb161, 0x0557, 0x4ff2, 0xb9c8, 0x06fe, 0x5f2b,
1752 0xde33, 0x0190, 0x28c6, 0xb886, 0xee2b, 0x5a4e, 0x3289, 0x0185},
1753 {0x4215, 0x923e, 0xf34f, 0xb362, 0x88f8, 0xceec, 0xafdd, 0x7f42,
1754 0x0c57, 0x56b2, 0xa366, 0x6a08, 0x0826, 0xfb8f, 0x1b03, 0x0163}},
1755 {{0xa4ba, 0x8408, 0x810a, 0xdeba, 0x47a3, 0x853a, 0xeb64, 0x2f74,
1756 0x3039, 0x038c, 0x7fbb, 0x498e, 0xd1e9, 0x46fb, 0x5691, 0x32a4},
1757 {0xd749, 0xb49d, 0x20b7, 0x2af6, 0xd34a, 0xd2da, 0x0a10, 0xf781,
1758 0x58c9, 0x171f, 0x3cb6, 0x6337, 0x88cd, 0xcf1e, 0xb246, 0x7351},
1759 {0xf729, 0xcf0a, 0x96ea, 0x032c, 0x4a8f, 0x42fe, 0xbac8, 0xec65,
1760 0x1510, 0x0d75, 0x4c17, 0x8d29, 0xa03f, 0x8b7e, 0x2c49, 0x0000}},
1761 {{0x0fa4, 0x8e1c, 0x3788, 0xba3c, 0x8d52, 0xd89d, 0x12c8, 0xeced,
1762 0x9fe6, 0x9b88, 0xecf3, 0xe3c8, 0xac48, 0x76ed, 0xf23e, 0xda79},
1763 {0x1103, 0x227c, 0x5b00, 0x3fcf, 0xc5d0, 0x2d28, 0x8020, 0x4d1c,
1764 0xc6b9, 0x67f9, 0x6f39, 0x989a, 0xda53, 0x3847, 0xd416, 0xe0d0},
1765 {0xdd8e, 0xcf31, 0x3710, 0x7e44, 0xa511, 0x933c, 0x0cc3, 0x5145,
1766 0xf632, 0x5e1d, 0x038f, 0x5ce7, 0x7265, 0xda9d, 0xded6, 0x08f8}},
1767 {{0xe2c8, 0x91d5, 0xa5f5, 0x735f, 0x6b58, 0x56dc, 0xb39d, 0x5c4a,
1768 0x57d0, 0xa1c2, 0xd92f, 0x9ad4, 0xf7c4, 0x51dd, 0xaf5c, 0x0096},
1769 {0x1739, 0x7207, 0x7505, 0xbf35, 0x42de, 0x0a29, 0xa962, 0xdedf,
1770 0x53e8, 0x12bf, 0xcde7, 0xd8e2, 0x8d4d, 0x2c4b, 0xb1b1, 0x0628},
1771 {0x992d, 0xe3a7, 0xb422, 0xc198, 0x23ab, 0xa6ef, 0xb45d, 0x50da,
1772 0xa738, 0x014a, 0x2310, 0x85fb, 0x5fe8, 0x1b18, 0x1774, 0x03a7}},
1773 {{0x1f16, 0x2b09, 0x0236, 0xee90, 0xccf9, 0x9775, 0x8130, 0x4c91,
1774 0x9091, 0x310b, 0x6dc4, 0x86f6, 0xc2e8, 0xef60, 0xfc0e, 0xf3a4},
1775 {0x9f49, 0xac15, 0x02af, 0x110f, 0xc59d, 0x5677, 0xa1a9, 0x38d5,
1776 0x914f, 0xa909, 0x3a3a, 0x4a39, 0x3703, 0xea30, 0x73da, 0xffad},
1777 {0x15ed, 0xdd16, 0x83c7, 0x270a, 0x862f, 0xd8ad, 0xcaa1, 0x5f41,
1778 0x99a9, 0x3fc8, 0x7bb2, 0x360a, 0xb06d, 0xfadc, 0x1b36, 0xffa8}},
1779 {{0xc4e0, 0xb8fd, 0x5106, 0xe169, 0x754c, 0xa58c, 0xc413, 0x8224,
1780 0x5483, 0x63ec, 0xd477, 0x8473, 0x4778, 0x9281, 0x0000, 0x0000},
1781 {0x85e1, 0xff54, 0xb200, 0xe413, 0xf4f4, 0x4c0f, 0xfcec, 0xc183,
1782 0x60d3, 0x1b0c, 0x3834, 0x601c, 0x943c, 0xbe6e, 0x0002, 0x0000},
1783 {0xf4f8, 0xfd5e, 0x61ef, 0xece8, 0x9199, 0xe5c4, 0x05a6, 0xe6c3,
1784 0xc4ae, 0x8b28, 0x66b1, 0x8a95, 0x9ece, 0x8f4a, 0x0001, 0x0000}},
1785 {{0xeae9, 0xa1b4, 0xc6d8, 0x2411, 0x2b5a, 0x1dd0, 0x2dc9, 0xb57b,
1786 0x5ccd, 0x4957, 0xaf59, 0xa04b, 0x5f42, 0xab7c, 0x2826, 0x526f},
1787 {0xf407, 0x165a, 0xb724, 0x2f12, 0x2ea1, 0x470b, 0x4464, 0xbd35,
1788 0x606f, 0xd73e, 0x50d3, 0x8a7f, 0x8029, 0x7ffc, 0xbe31, 0x6cfb},
1789 {0x8171, 0x1f4c, 0xced2, 0x9c99, 0x6d7e, 0x5a0f, 0xfefb, 0x59e3,
1790 0xa0c8, 0xabd9, 0xc4c5, 0x57d3, 0xbfa3, 0x4f11, 0x96a2, 0x5a7d}},
1791 {{0xe068, 0x4cc0, 0x8bcd, 0xc903, 0x9e52, 0xb3e1, 0xd745, 0x0995,
1792 0xdd8f, 0xf14b, 0xd2ac, 0xd65a, 0xda1d, 0xa742, 0xbac5, 0x474c},
1793 {0x7481, 0xf2ad, 0x9757, 0x2d82, 0xb683, 0xb16b, 0x0002, 0x7b60,
1794 0x8f0c, 0x2594, 0x8f64, 0x3b7a, 0x3552, 0x8d9d, 0xb9d7, 0x67eb},
1795 {0xcaab, 0xb9a1, 0xf966, 0xe311, 0x5b34, 0x0fa0, 0x6abc, 0x8134,
1796 0xab3d, 0x90f6, 0x1984, 0x9232, 0xec17, 0x74e5, 0x2ceb, 0x434e}},
1797 {{0x0fb1, 0x7a55, 0x1a5c, 0x53eb, 0xd7b3, 0x7a01, 0xca32, 0x31f6,
1798 0x3b74, 0x679e, 0x1501, 0x6c57, 0xdb20, 0x8b7c, 0xd7d0, 0x8097},
1799 {0xb127, 0xb20c, 0xe3a2, 0x96f3, 0xe0d8, 0xd50c, 0x14b4, 0x0b40,
1800 0x6eeb, 0xa258, 0x99db, 0x3c8c, 0x0f51, 0x4198, 0x3887, 0xffd0},
1801 {0x0273, 0x9f8c, 0x9669, 0xbbba, 0x1c49, 0x767c, 0xc2af, 0x59f0,
1802 0x1366, 0xd397, 0x63ac, 0x6fe8, 0x1a9a, 0x1259, 0x01d0, 0x0016}},
1803 {{0x7876, 0x2a35, 0xa24a, 0x433e, 0x5501, 0x573c, 0xd76d, 0xcb82,
1804 0x1334, 0xb4a6, 0xf290, 0xc797, 0xeae9, 0x2b83, 0x1e2b, 0x8b14},
1805 {0x3885, 0x8aef, 0x9dea, 0x2b8c, 0xdd7c, 0xd7cd, 0xb0cc, 0x05ee,
1806 0x361b, 0x3800, 0xb0d4, 0x4c23, 0xbd3f, 0x5180, 0x9783, 0xff80},
1807 {0xab36, 0x3104, 0xdae8, 0x0704, 0x4a28, 0x6714, 0x824b, 0x0051,
1808 0x8134, 0x1f6a, 0x712d, 0x1f03, 0x03b2, 0xecac, 0x377d, 0xfef9}}
1814 for (i = 0; (size_t)i <
ARRAY_SIZE(CASES); ++i) {
1817 for (j = 0; j < 16; ++j)
CHECK(
out[j] == CASES[i][2][j]);
1818#ifdef SECP256K1_WIDEMUL_INT128
1819 test_modinv64_uint16(
out, CASES[i][0], CASES[i][1]);
1820 for (j = 0; j < 16; ++j)
CHECK(
out[j] == CASES[i][2][j]);
1824 for (i = 0; i < 100 *
COUNT; ++i) {
1826 static const uint16_t
ZERO[16] = {0};
1839 for (j = 1; j < 16; ++j) ok |= md[j] != 0;
1841 }
while (!(ok &&
coprime(xd, md)));
1844#ifdef SECP256K1_WIDEMUL_INT128
1845 test_modinv64_uint16(
id, xd, md);
1851#ifdef SECP256K1_WIDEMUL_INT128
1852 test_modinv64_uint16(
id,
ZERO, md);
1860#ifdef SECP256K1_WIDEMUL_INT128
1862static void add256(uint16_t*
out,
const uint16_t* a,
const uint16_t* b) {
1865 for (i = 0; i < 16; ++i) {
1874static void neg256(uint16_t*
out,
const uint16_t* a) {
1877 for (i = 0; i < 16; ++i) {
1878 carry += (uint16_t)~a[i];
1885static void rshift256(uint16_t*
out,
const uint16_t* a,
int n,
int sign_extend) {
1886 uint16_t
sign = sign_extend && (a[15] >> 15);
1888 for (i = 15; i >= 0; --i) {
1890 for (j = 0; j < 16; ++j) {
1891 int frompos = i*16 + j + n;
1892 if (frompos >= 256) {
1895 v |= ((uint16_t)((a[frompos >> 4] >> (frompos & 15)) & 1)) << j;
1903static void load256u64(uint16_t*
out, uint64_t v,
int is_signed) {
1905 uint64_t
sign = is_signed && (v >> 63) ? UINT64_MAX : 0;
1906 for (i = 0; i < 4; ++i) {
1907 out[i] = v >> (16 * i);
1909 for (i = 4; i < 16; ++i) {
1915static void load256two64(uint16_t*
out, uint64_t hi, uint64_t lo,
int is_signed) {
1917 uint64_t
sign = is_signed && (hi >> 63) ? UINT64_MAX : 0;
1918 for (i = 0; i < 4; ++i) {
1919 out[i] = lo >> (16 * i);
1921 for (i = 4; i < 8; ++i) {
1922 out[i] = hi >> (16 * (i - 4));
1924 for (i = 8; i < 16; ++i) {
1930static int int256is127(
const uint16_t* v) {
1931 int all_0 = ((v[7] & 0x8000) == 0), all_1 = ((v[7] & 0x8000) == 0x8000);
1933 for (i = 8; i < 16; ++i) {
1934 if (v[i] != 0) all_0 = 0;
1935 if (v[i] != 0xffff) all_1 = 0;
1937 return all_0 || all_1;
1942 load256two64(
out, hi, lo, 0);
1952 load256two64(
out, hi, lo, 1);
1955static void run_int128_test_case(
void) {
1956 unsigned char buf[32];
1962 uint16_t rswa[16], rswz[32], rswr[32], ruwa[16], ruwz[32], ruwr[32];
1963 uint16_t rub[16], ruc[16], rsb[16], rsc[16];
1969 for (i = 0; i < 4; ++i) {
1972 for (j = 0; j < 8; ++j) vi = (vi << 8) + buf[8*i + j];
1983 load256u128(ruwa, &uwa);
1984 load256i128(rswa, &swa);
1985 load256u64(rub, ub, 0);
1986 load256u64(rsb, sb, 1);
1987 load256u64(ruc, uc, 0);
1988 load256u64(rsc, sc, 1);
1992 load256u128(ruwz, &uwz);
1996 add256(ruwr, ruwr, ruwa);
1999 load256u128(ruwz, &uwz);
2002 add256(ruwr, rub, ruwa);
2005 load256u128(ruwz, &uwz);
2008 rshift256(ruwr, ruwa, uc % 128, 0);
2011 load256u128(ruwz, &uwz);
2019 load256u128(ruwz, &uwz);
2025 for (j = 0; j < 128; ++j) {
2026 if (ruwa[j / 16] >> (j % 16)) uwa_bits = 1 + j;
2028 for (j = 0; j < 128; ++j) {
2035 load256i128(rswz, &swz);
2039 add256(rswr, rswr, rswa);
2040 if (int256is127(rswr)) {
2043 load256i128(rswz, &swz);
2048 uint16_t rsd[16], rse[16], rst[32];
2049 int64_t sd = v[0], se = v[1];
2050 load256u64(rsd, sd, 1);
2051 load256u64(rse, se, 1);
2055 add256(rswr, rswr, rst);
2057 load256i128(rswz, &swz);
2061 rshift256(rswr, rswa, uc % 127, 1);
2064 load256i128(rswz, &swz);
2070 load256i128(rswz, &swz);
2080 uint64_t v0c = v[0], v1c = v[1];
2082 v1c ^= (((uint64_t)1) << (ub & 63));
2084 v0c ^= (((uint64_t)1) << (ub & 63));
2099 hi = (((uint64_t)1) << (pos & 63));
2101 lo = (((uint64_t)1) << (pos & 63));
2107 if ((v[1] == (((uint64_t)1) << (pos & 63))) && v[0] == 0)
expect = 1;
2109 if ((v[0] == (((uint64_t)1) << (pos & 63))) && v[1] == 0)
expect = 1;
2121 uint64_t hi = ~(uint64_t)0;
2122 uint64_t lo = ~(uint64_t)0;
2133 if ((v[1] == ((~(uint64_t)0) << (pos & 63))) && v[0] == 0)
expect = 1;
2135 if ((v[0] == ((~(uint64_t)0) << (pos & 63))) && v[1] == ~(uint64_t)0)
expect = 1;
2143static void run_int128_tests(
void) {
2179 for (i = 0; i < 256 *
COUNT; ++i) run_int128_test_case();
2190 unsigned char c[32];
2207 for (i = 0; i < 256; i += 4) {
2211 for (j = 0; j < 4; j++) {
2228 if (now + i > 256) {
2232 for (j = 0; j < now; j++) {
2257 for (i = 0; i < bit; i++) {
2342 unsigned char b32[32];
2352 memset(b32, 0,
sizeof(b32));
2354 memset(b32, 0xFF,
sizeof(b32));
2361 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
2362 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364140UL
2365 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
2366 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL
2369 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
2370 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364142UL
2373 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
2374 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
2386 for (i = 0; i < 2 *
COUNT; i++) {
2387 int expected_overflow;
2389 unsigned char b32[32];
2395 memset(b32, 0xFF, 16);
2401 CHECK(overflow == expected_overflow);
2410 for (i = 0; i < 128 *
COUNT; i++) {
2413 for (i = 0; i <
COUNT; i++) {
2449 SECP256K1_SCALAR_CONST(0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffeul, 0xbaaedce6ul, 0xaf48a03bul, 0xbfd25e8cul, 0xd0364140ul),
2451 SECP256K1_SCALAR_CONST(0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffeul, 0xbaaedce6ul, 0xaf48a03bul, 0xbfd25e8cul, 0xd036413Ful),
2453 SECP256K1_SCALAR_CONST(0x7ffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0x5d576e73ul, 0x57a4501dul, 0xdfe92f46ul, 0x681b20a0ul),
2455 SECP256K1_SCALAR_CONST(0x7ffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0x5d576e73ul, 0x57a4501dul, 0xdfe92f46ul, 0x681b20a1ul),
2459 SECP256K1_SCALAR_CONST(0x7ffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful, 0xfffffffful),
2462 for (n = 0; n <
ARRAY_SIZE(HALF_TESTS); ++n) {
2487 unsigned char chal[33][2][32] = {
2488 {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00,
2489 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03,
2490 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff,
2491 0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff},
2492 {0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00,
2493 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8,
2494 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2495 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff}},
2496 {{0xef, 0xff, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00,
2497 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00,
2498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2499 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2500 {0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2501 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0,
2502 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff,
2503 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x80, 0xff}},
2504 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2505 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,
2506 0x80, 0x00, 0x00, 0x80, 0xff, 0x3f, 0x00, 0x00,
2507 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0x00},
2508 {0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff, 0x80,
2509 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0xe0,
2510 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00,
2511 0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0xff, 0xff}},
2512 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2513 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2514 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2515 0x00, 0x1e, 0xf8, 0xff, 0xff, 0xff, 0xfd, 0xff},
2516 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f,
2517 0x00, 0x00, 0x00, 0xf8, 0xff, 0x03, 0x00, 0xe0,
2518 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0xf0, 0xff,
2519 0xf3, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00}},
2520 {{0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00,
2521 0x00, 0x1c, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
2522 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff, 0x00,
2523 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff},
2524 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00,
2525 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2526 0xff, 0x1f, 0x00, 0x00, 0x80, 0xff, 0xff, 0x3f,
2527 0x00, 0xfe, 0xff, 0xff, 0xff, 0xdf, 0xff, 0xff}},
2528 {{0xff, 0xff, 0xff, 0xff, 0x00, 0x0f, 0xfc, 0x9f,
2529 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80,
2530 0xff, 0x0f, 0xfc, 0xff, 0x7f, 0x00, 0x00, 0x00,
2531 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2532 {0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2533 0x00, 0x00, 0xf8, 0xff, 0x0f, 0xc0, 0xff, 0xff,
2534 0xff, 0x1f, 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff,
2535 0xff, 0xff, 0xff, 0x07, 0x80, 0xff, 0xff, 0xff}},
2536 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00,
2537 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
2538 0xf7, 0xff, 0xff, 0xef, 0xff, 0xff, 0xff, 0x00,
2539 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xf0},
2540 {0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff,
2541 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
2542 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff,
2543 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2544 {{0x00, 0xf8, 0xff, 0x03, 0xff, 0xff, 0xff, 0x00,
2545 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2546 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
2547 0xff, 0xff, 0x03, 0xc0, 0xff, 0x0f, 0xfc, 0xff},
2548 {0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff,
2549 0xff, 0x01, 0x00, 0x00, 0x00, 0x3f, 0x00, 0xc0,
2550 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2551 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2552 {{0x8f, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2553 0x00, 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff,
2554 0xff, 0x7f, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2555 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2556 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2557 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2558 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2559 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2560 {{0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff,
2561 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2562 0xff, 0xff, 0x03, 0x00, 0x80, 0x00, 0x00, 0x80,
2563 0xff, 0xff, 0xff, 0x00, 0x00, 0x80, 0xff, 0x7f},
2564 {0xff, 0xcf, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
2565 0x00, 0xc0, 0xff, 0xcf, 0xff, 0xff, 0xff, 0xff,
2566 0xbf, 0xff, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00,
2567 0x80, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00}},
2568 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff,
2569 0xff, 0xff, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff,
2570 0xff, 0xff, 0xff, 0x00, 0x80, 0x00, 0x00, 0x80,
2571 0xff, 0x01, 0xfc, 0xff, 0x01, 0x00, 0xfe, 0xff},
2572 {0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00,
2573 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2574 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0,
2575 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00}},
2576 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2577 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2578 0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2579 0x7f, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80},
2580 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2581 0x00, 0xf8, 0xff, 0x01, 0x00, 0xf0, 0xff, 0xff,
2582 0xe0, 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00,
2583 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2584 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2585 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2586 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2587 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0x00},
2588 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
2589 0xfc, 0xff, 0xff, 0x3f, 0xf0, 0xff, 0xff, 0x3f,
2590 0x00, 0x00, 0xf8, 0x07, 0x00, 0x00, 0x00, 0xff,
2591 0xff, 0xff, 0xff, 0xff, 0x0f, 0x7e, 0x00, 0x00}},
2592 {{0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2593 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2594 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2595 0xff, 0xff, 0x1f, 0x00, 0x00, 0xfe, 0x07, 0x00},
2596 {0x00, 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff,
2597 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2598 0xff, 0xfb, 0xff, 0x07, 0x00, 0x00, 0x00, 0x00,
2599 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60}},
2600 {{0xff, 0x01, 0x00, 0xff, 0xff, 0xff, 0x0f, 0x00,
2601 0x80, 0x7f, 0xfe, 0xff, 0xff, 0xff, 0xff, 0x03,
2602 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2603 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2604 {0xff, 0xff, 0x1f, 0x00, 0xf0, 0xff, 0xff, 0xff,
2605 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2606 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2607 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0x00}},
2608 {{0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
2609 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2610 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2611 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2612 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2613 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf1, 0xff,
2614 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03,
2615 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff}},
2616 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2617 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2618 0xc0, 0xff, 0xff, 0xcf, 0xff, 0x1f, 0x00, 0x00,
2619 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
2620 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2621 0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
2622 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x7e,
2623 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2624 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2625 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0xff, 0xff,
2626 0xff, 0xff, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
2627 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7c, 0x00},
2628 {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2629 0xff, 0xff, 0x7f, 0x00, 0x80, 0x00, 0x00, 0x00,
2630 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2631 0x00, 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff}},
2632 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80,
2633 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2634 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2635 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2636 {0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2637 0xff, 0xff, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x80,
2638 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
2639 0xff, 0x7f, 0xf8, 0xff, 0xff, 0x1f, 0x00, 0xfe}},
2640 {{0xff, 0xff, 0xff, 0x3f, 0xf8, 0xff, 0xff, 0xff,
2641 0xff, 0x03, 0xfe, 0x01, 0x00, 0x00, 0x00, 0x00,
2642 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2643 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07},
2644 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2645 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
2646 0xff, 0xff, 0xff, 0xff, 0x01, 0x80, 0xff, 0xff,
2647 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00}},
2648 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2649 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2650 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2651 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2652 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2653 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
2654 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
2655 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40}},
2656 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2657 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2658 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2659 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
2660 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2661 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2662 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2663 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2664 {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2665 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2666 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2667 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2668 {0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2669 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2670 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2671 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2672 {{0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0xc0,
2673 0xff, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2674 0x00, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff,
2675 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
2676 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x00,
2677 0xf0, 0xff, 0xff, 0xff, 0xff, 0x07, 0x00, 0x00,
2678 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff, 0xff,
2679 0xff, 0xff, 0xff, 0xff, 0x01, 0xff, 0xff, 0xff}},
2680 {{0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2681 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2682 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2683 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2684 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2685 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2686 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2687 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}},
2688 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2689 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
2690 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
2691 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40},
2692 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2693 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2694 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2695 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
2696 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2697 0x7e, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x07, 0x00,
2698 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
2699 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
2700 {0xff, 0x01, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
2701 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x80,
2702 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00,
2703 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}},
2704 {{0xff, 0xff, 0xf0, 0xff, 0xff, 0xff, 0xff, 0x00,
2705 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2706 0x00, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01,
2707 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff},
2708 {0x00, 0x00, 0x00, 0x00, 0x00, 0xe0, 0xff, 0xff,
2709 0xff, 0xff, 0x3f, 0x00, 0xf8, 0xff, 0xff, 0xff,
2710 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2711 0xff, 0x3f, 0x00, 0x00, 0xc0, 0xf1, 0x7f, 0x00}},
2712 {{0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2713 0x00, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0xff,
2714 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
2715 0x80, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0x00},
2716 {0x00, 0xf8, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01,
2717 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff,
2718 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x80, 0x1f,
2719 0x00, 0x00, 0xfc, 0xff, 0xff, 0x01, 0xff, 0xff}},
2720 {{0x00, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2721 0x80, 0x00, 0x00, 0x80, 0xff, 0x03, 0xe0, 0x01,
2722 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfc, 0xff,
2723 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00},
2724 {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
2725 0xfe, 0xff, 0xff, 0xf0, 0x07, 0x00, 0x3c, 0x80,
2726 0xff, 0xff, 0xff, 0xff, 0xfc, 0xff, 0xff, 0xff,
2727 0xff, 0xff, 0x07, 0xe0, 0xff, 0x00, 0x00, 0x00}},
2728 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
2729 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2730 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x07, 0xf8,
2731 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80},
2732 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2733 0xff, 0xff, 0xff, 0xff, 0xff, 0x0c, 0x80, 0x00,
2734 0x00, 0x00, 0x00, 0xc0, 0x7f, 0xfe, 0xff, 0x1f,
2735 0x00, 0xfe, 0xff, 0x03, 0x00, 0x00, 0xfe, 0xff}},
2736 {{0xff, 0xff, 0x81, 0xff, 0xff, 0xff, 0xff, 0x00,
2737 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x83,
2738 0xff, 0xff, 0x00, 0x00, 0x80, 0x00, 0x00, 0x80,
2739 0xff, 0xff, 0x7f, 0x00, 0x00, 0x00, 0x00, 0xf0},
2740 {0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff,
2741 0xff, 0xff, 0xff, 0xff, 0xff, 0x1f, 0x00, 0x00,
2742 0xf8, 0x07, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff,
2743 0xff, 0xc7, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff}},
2744 {{0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2745 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2746 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb,
2747 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03},
2748 {0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2749 0x82, 0xc9, 0xfa, 0xb0, 0x68, 0x04, 0xa0, 0x00,
2750 0xff, 0xff, 0xff, 0xff, 0xff, 0x6f, 0x03, 0xfb,
2751 0xfa, 0x8a, 0x7d, 0xdf, 0x13, 0x86, 0xe2, 0x03}}
2753 unsigned char res[33][2][32] = {
2754 {{0x0c, 0x3b, 0x0a, 0xca, 0x8d, 0x1a, 0x2f, 0xb9,
2755 0x8a, 0x7b, 0x53, 0x5a, 0x1f, 0xc5, 0x22, 0xa1,
2756 0x07, 0x2a, 0x48, 0xea, 0x02, 0xeb, 0xb3, 0xd6,
2757 0x20, 0x1e, 0x86, 0xd0, 0x95, 0xf6, 0x92, 0x35},
2758 {0xdc, 0x90, 0x7a, 0x07, 0x2e, 0x1e, 0x44, 0x6d,
2759 0xf8, 0x15, 0x24, 0x5b, 0x5a, 0x96, 0x37, 0x9c,
2760 0x37, 0x7b, 0x0d, 0xac, 0x1b, 0x65, 0x58, 0x49,
2761 0x43, 0xb7, 0x31, 0xbb, 0xa7, 0xf4, 0x97, 0x15}},
2762 {{0xf1, 0xf7, 0x3a, 0x50, 0xe6, 0x10, 0xba, 0x22,
2763 0x43, 0x4d, 0x1f, 0x1f, 0x7c, 0x27, 0xca, 0x9c,
2764 0xb8, 0xb6, 0xa0, 0xfc, 0xd8, 0xc0, 0x05, 0x2f,
2765 0xf7, 0x08, 0xe1, 0x76, 0xdd, 0xd0, 0x80, 0xc8},
2766 {0xe3, 0x80, 0x80, 0xb8, 0xdb, 0xe3, 0xa9, 0x77,
2767 0x00, 0xb0, 0xf5, 0x2e, 0x27, 0xe2, 0x68, 0xc4,
2768 0x88, 0xe8, 0x04, 0xc1, 0x12, 0xbf, 0x78, 0x59,
2769 0xe6, 0xa9, 0x7c, 0xe1, 0x81, 0xdd, 0xb9, 0xd5}},
2770 {{0x96, 0xe2, 0xee, 0x01, 0xa6, 0x80, 0x31, 0xef,
2771 0x5c, 0xd0, 0x19, 0xb4, 0x7d, 0x5f, 0x79, 0xab,
2772 0xa1, 0x97, 0xd3, 0x7e, 0x33, 0xbb, 0x86, 0x55,
2773 0x60, 0x20, 0x10, 0x0d, 0x94, 0x2d, 0x11, 0x7c},
2774 {0xcc, 0xab, 0xe0, 0xe8, 0x98, 0x65, 0x12, 0x96,
2775 0x38, 0x5a, 0x1a, 0xf2, 0x85, 0x23, 0x59, 0x5f,
2776 0xf9, 0xf3, 0xc2, 0x81, 0x70, 0x92, 0x65, 0x12,
2777 0x9c, 0x65, 0x1e, 0x96, 0x00, 0xef, 0xe7, 0x63}},
2778 {{0xac, 0x1e, 0x62, 0xc2, 0x59, 0xfc, 0x4e, 0x5c,
2779 0x83, 0xb0, 0xd0, 0x6f, 0xce, 0x19, 0xf6, 0xbf,
2780 0xa4, 0xb0, 0xe0, 0x53, 0x66, 0x1f, 0xbf, 0xc9,
2781 0x33, 0x47, 0x37, 0xa9, 0x3d, 0x5d, 0xb0, 0x48},
2782 {0x86, 0xb9, 0x2a, 0x7f, 0x8e, 0xa8, 0x60, 0x42,
2783 0x26, 0x6d, 0x6e, 0x1c, 0xa2, 0xec, 0xe0, 0xe5,
2784 0x3e, 0x0a, 0x33, 0xbb, 0x61, 0x4c, 0x9f, 0x3c,
2785 0xd1, 0xdf, 0x49, 0x33, 0xcd, 0x72, 0x78, 0x18}},
2786 {{0xf7, 0xd3, 0xcd, 0x49, 0x5c, 0x13, 0x22, 0xfb,
2787 0x2e, 0xb2, 0x2f, 0x27, 0xf5, 0x8a, 0x5d, 0x74,
2788 0xc1, 0x58, 0xc5, 0xc2, 0x2d, 0x9f, 0x52, 0xc6,
2789 0x63, 0x9f, 0xba, 0x05, 0x76, 0x45, 0x7a, 0x63},
2790 {0x8a, 0xfa, 0x55, 0x4d, 0xdd, 0xa3, 0xb2, 0xc3,
2791 0x44, 0xfd, 0xec, 0x72, 0xde, 0xef, 0xc0, 0x99,
2792 0xf5, 0x9f, 0xe2, 0x52, 0xb4, 0x05, 0x32, 0x58,
2793 0x57, 0xc1, 0x8f, 0xea, 0xc3, 0x24, 0x5b, 0x94}},
2794 {{0x05, 0x83, 0xee, 0xdd, 0x64, 0xf0, 0x14, 0x3b,
2795 0xa0, 0x14, 0x4a, 0x3a, 0x41, 0x82, 0x7c, 0xa7,
2796 0x2c, 0xaa, 0xb1, 0x76, 0xbb, 0x59, 0x64, 0x5f,
2797 0x52, 0xad, 0x25, 0x29, 0x9d, 0x8f, 0x0b, 0xb0},
2798 {0x7e, 0xe3, 0x7c, 0xca, 0xcd, 0x4f, 0xb0, 0x6d,
2799 0x7a, 0xb2, 0x3e, 0xa0, 0x08, 0xb9, 0xa8, 0x2d,
2800 0xc2, 0xf4, 0x99, 0x66, 0xcc, 0xac, 0xd8, 0xb9,
2801 0x72, 0x2a, 0x4a, 0x3e, 0x0f, 0x7b, 0xbf, 0xf4}},
2802 {{0x8c, 0x9c, 0x78, 0x2b, 0x39, 0x61, 0x7e, 0xf7,
2803 0x65, 0x37, 0x66, 0x09, 0x38, 0xb9, 0x6f, 0x70,
2804 0x78, 0x87, 0xff, 0xcf, 0x93, 0xca, 0x85, 0x06,
2805 0x44, 0x84, 0xa7, 0xfe, 0xd3, 0xa4, 0xe3, 0x7e},
2806 {0xa2, 0x56, 0x49, 0x23, 0x54, 0xa5, 0x50, 0xe9,
2807 0x5f, 0xf0, 0x4d, 0xe7, 0xdc, 0x38, 0x32, 0x79,
2808 0x4f, 0x1c, 0xb7, 0xe4, 0xbb, 0xf8, 0xbb, 0x2e,
2809 0x40, 0x41, 0x4b, 0xcc, 0xe3, 0x1e, 0x16, 0x36}},
2810 {{0x0c, 0x1e, 0xd7, 0x09, 0x25, 0x40, 0x97, 0xcb,
2811 0x5c, 0x46, 0xa8, 0xda, 0xef, 0x25, 0xd5, 0xe5,
2812 0x92, 0x4d, 0xcf, 0xa3, 0xc4, 0x5d, 0x35, 0x4a,
2813 0xe4, 0x61, 0x92, 0xf3, 0xbf, 0x0e, 0xcd, 0xbe},
2814 {0xe4, 0xaf, 0x0a, 0xb3, 0x30, 0x8b, 0x9b, 0x48,
2815 0x49, 0x43, 0xc7, 0x64, 0x60, 0x4a, 0x2b, 0x9e,
2816 0x95, 0x5f, 0x56, 0xe8, 0x35, 0xdc, 0xeb, 0xdc,
2817 0xc7, 0xc4, 0xfe, 0x30, 0x40, 0xc7, 0xbf, 0xa4}},
2818 {{0xd4, 0xa0, 0xf5, 0x81, 0x49, 0x6b, 0xb6, 0x8b,
2819 0x0a, 0x69, 0xf9, 0xfe, 0xa8, 0x32, 0xe5, 0xe0,
2820 0xa5, 0xcd, 0x02, 0x53, 0xf9, 0x2c, 0xe3, 0x53,
2821 0x83, 0x36, 0xc6, 0x02, 0xb5, 0xeb, 0x64, 0xb8},
2822 {0x1d, 0x42, 0xb9, 0xf9, 0xe9, 0xe3, 0x93, 0x2c,
2823 0x4c, 0xee, 0x6c, 0x5a, 0x47, 0x9e, 0x62, 0x01,
2824 0x6b, 0x04, 0xfe, 0xa4, 0x30, 0x2b, 0x0d, 0x4f,
2825 0x71, 0x10, 0xd3, 0x55, 0xca, 0xf3, 0x5e, 0x80}},
2826 {{0x77, 0x05, 0xf6, 0x0c, 0x15, 0x9b, 0x45, 0xe7,
2827 0xb9, 0x11, 0xb8, 0xf5, 0xd6, 0xda, 0x73, 0x0c,
2828 0xda, 0x92, 0xea, 0xd0, 0x9d, 0xd0, 0x18, 0x92,
2829 0xce, 0x9a, 0xaa, 0xee, 0x0f, 0xef, 0xde, 0x30},
2830 {0xf1, 0xf1, 0xd6, 0x9b, 0x51, 0xd7, 0x77, 0x62,
2831 0x52, 0x10, 0xb8, 0x7a, 0x84, 0x9d, 0x15, 0x4e,
2832 0x07, 0xdc, 0x1e, 0x75, 0x0d, 0x0c, 0x3b, 0xdb,
2833 0x74, 0x58, 0x62, 0x02, 0x90, 0x54, 0x8b, 0x43}},
2834 {{0xa6, 0xfe, 0x0b, 0x87, 0x80, 0x43, 0x67, 0x25,
2835 0x57, 0x5d, 0xec, 0x40, 0x50, 0x08, 0xd5, 0x5d,
2836 0x43, 0xd7, 0xe0, 0xaa, 0xe0, 0x13, 0xb6, 0xb0,
2837 0xc0, 0xd4, 0xe5, 0x0d, 0x45, 0x83, 0xd6, 0x13},
2838 {0x40, 0x45, 0x0a, 0x92, 0x31, 0xea, 0x8c, 0x60,
2839 0x8c, 0x1f, 0xd8, 0x76, 0x45, 0xb9, 0x29, 0x00,
2840 0x26, 0x32, 0xd8, 0xa6, 0x96, 0x88, 0xe2, 0xc4,
2841 0x8b, 0xdb, 0x7f, 0x17, 0x87, 0xcc, 0xc8, 0xf2}},
2842 {{0xc2, 0x56, 0xe2, 0xb6, 0x1a, 0x81, 0xe7, 0x31,
2843 0x63, 0x2e, 0xbb, 0x0d, 0x2f, 0x81, 0x67, 0xd4,
2844 0x22, 0xe2, 0x38, 0x02, 0x25, 0x97, 0xc7, 0x88,
2845 0x6e, 0xdf, 0xbe, 0x2a, 0xa5, 0x73, 0x63, 0xaa},
2846 {0x50, 0x45, 0xe2, 0xc3, 0xbd, 0x89, 0xfc, 0x57,
2847 0xbd, 0x3c, 0xa3, 0x98, 0x7e, 0x7f, 0x36, 0x38,
2848 0x92, 0x39, 0x1f, 0x0f, 0x81, 0x1a, 0x06, 0x51,
2849 0x1f, 0x8d, 0x6a, 0xff, 0x47, 0x16, 0x06, 0x9c}},
2850 {{0x33, 0x95, 0xa2, 0x6f, 0x27, 0x5f, 0x9c, 0x9c,
2851 0x64, 0x45, 0xcb, 0xd1, 0x3c, 0xee, 0x5e, 0x5f,
2852 0x48, 0xa6, 0xaf, 0xe3, 0x79, 0xcf, 0xb1, 0xe2,
2853 0xbf, 0x55, 0x0e, 0xa2, 0x3b, 0x62, 0xf0, 0xe4},
2854 {0x14, 0xe8, 0x06, 0xe3, 0xbe, 0x7e, 0x67, 0x01,
2855 0xc5, 0x21, 0x67, 0xd8, 0x54, 0xb5, 0x7f, 0xa4,
2856 0xf9, 0x75, 0x70, 0x1c, 0xfd, 0x79, 0xdb, 0x86,
2857 0xad, 0x37, 0x85, 0x83, 0x56, 0x4e, 0xf0, 0xbf}},
2858 {{0xbc, 0xa6, 0xe0, 0x56, 0x4e, 0xef, 0xfa, 0xf5,
2859 0x1d, 0x5d, 0x3f, 0x2a, 0x5b, 0x19, 0xab, 0x51,
2860 0xc5, 0x8b, 0xdd, 0x98, 0x28, 0x35, 0x2f, 0xc3,
2861 0x81, 0x4f, 0x5c, 0xe5, 0x70, 0xb9, 0xeb, 0x62},
2862 {0xc4, 0x6d, 0x26, 0xb0, 0x17, 0x6b, 0xfe, 0x6c,
2863 0x12, 0xf8, 0xe7, 0xc1, 0xf5, 0x2f, 0xfa, 0x91,
2864 0x13, 0x27, 0xbd, 0x73, 0xcc, 0x33, 0x31, 0x1c,
2865 0x39, 0xe3, 0x27, 0x6a, 0x95, 0xcf, 0xc5, 0xfb}},
2866 {{0x30, 0xb2, 0x99, 0x84, 0xf0, 0x18, 0x2a, 0x6e,
2867 0x1e, 0x27, 0xed, 0xa2, 0x29, 0x99, 0x41, 0x56,
2868 0xe8, 0xd4, 0x0d, 0xef, 0x99, 0x9c, 0xf3, 0x58,
2869 0x29, 0x55, 0x1a, 0xc0, 0x68, 0xd6, 0x74, 0xa4},
2870 {0x07, 0x9c, 0xe7, 0xec, 0xf5, 0x36, 0x73, 0x41,
2871 0xa3, 0x1c, 0xe5, 0x93, 0x97, 0x6a, 0xfd, 0xf7,
2872 0x53, 0x18, 0xab, 0xaf, 0xeb, 0x85, 0xbd, 0x92,
2873 0x90, 0xab, 0x3c, 0xbf, 0x30, 0x82, 0xad, 0xf6}},
2874 {{0xc6, 0x87, 0x8a, 0x2a, 0xea, 0xc0, 0xa9, 0xec,
2875 0x6d, 0xd3, 0xdc, 0x32, 0x23, 0xce, 0x62, 0x19,
2876 0xa4, 0x7e, 0xa8, 0xdd, 0x1c, 0x33, 0xae, 0xd3,
2877 0x4f, 0x62, 0x9f, 0x52, 0xe7, 0x65, 0x46, 0xf4},
2878 {0x97, 0x51, 0x27, 0x67, 0x2d, 0xa2, 0x82, 0x87,
2879 0x98, 0xd3, 0xb6, 0x14, 0x7f, 0x51, 0xd3, 0x9a,
2880 0x0b, 0xd0, 0x76, 0x81, 0xb2, 0x4f, 0x58, 0x92,
2881 0xa4, 0x86, 0xa1, 0xa7, 0x09, 0x1d, 0xef, 0x9b}},
2882 {{0xb3, 0x0f, 0x2b, 0x69, 0x0d, 0x06, 0x90, 0x64,
2883 0xbd, 0x43, 0x4c, 0x10, 0xe8, 0x98, 0x1c, 0xa3,
2884 0xe1, 0x68, 0xe9, 0x79, 0x6c, 0x29, 0x51, 0x3f,
2885 0x41, 0xdc, 0xdf, 0x1f, 0xf3, 0x60, 0xbe, 0x33},
2886 {0xa1, 0x5f, 0xf7, 0x1d, 0xb4, 0x3e, 0x9b, 0x3c,
2887 0xe7, 0xbd, 0xb6, 0x06, 0xd5, 0x60, 0x06, 0x6d,
2888 0x50, 0xd2, 0xf4, 0x1a, 0x31, 0x08, 0xf2, 0xea,
2889 0x8e, 0xef, 0x5f, 0x7d, 0xb6, 0xd0, 0xc0, 0x27}},
2890 {{0x62, 0x9a, 0xd9, 0xbb, 0x38, 0x36, 0xce, 0xf7,
2891 0x5d, 0x2f, 0x13, 0xec, 0xc8, 0x2d, 0x02, 0x8a,
2892 0x2e, 0x72, 0xf0, 0xe5, 0x15, 0x9d, 0x72, 0xae,
2893 0xfc, 0xb3, 0x4f, 0x02, 0xea, 0xe1, 0x09, 0xfe},
2894 {0x00, 0x00, 0x00, 0x00, 0xfa, 0x0a, 0x3d, 0xbc,
2895 0xad, 0x16, 0x0c, 0xb6, 0xe7, 0x7c, 0x8b, 0x39,
2896 0x9a, 0x43, 0xbb, 0xe3, 0xc2, 0x55, 0x15, 0x14,
2897 0x75, 0xac, 0x90, 0x9b, 0x7f, 0x9a, 0x92, 0x00}},
2898 {{0x8b, 0xac, 0x70, 0x86, 0x29, 0x8f, 0x00, 0x23,
2899 0x7b, 0x45, 0x30, 0xaa, 0xb8, 0x4c, 0xc7, 0x8d,
2900 0x4e, 0x47, 0x85, 0xc6, 0x19, 0xe3, 0x96, 0xc2,
2901 0x9a, 0xa0, 0x12, 0xed, 0x6f, 0xd7, 0x76, 0x16},
2902 {0x45, 0xaf, 0x7e, 0x33, 0xc7, 0x7f, 0x10, 0x6c,
2903 0x7c, 0x9f, 0x29, 0xc1, 0xa8, 0x7e, 0x15, 0x84,
2904 0xe7, 0x7d, 0xc0, 0x6d, 0xab, 0x71, 0x5d, 0xd0,
2905 0x6b, 0x9f, 0x97, 0xab, 0xcb, 0x51, 0x0c, 0x9f}},
2906 {{0x9e, 0xc3, 0x92, 0xb4, 0x04, 0x9f, 0xc8, 0xbb,
2907 0xdd, 0x9e, 0xc6, 0x05, 0xfd, 0x65, 0xec, 0x94,
2908 0x7f, 0x2c, 0x16, 0xc4, 0x40, 0xac, 0x63, 0x7b,
2909 0x7d, 0xb8, 0x0c, 0xe4, 0x5b, 0xe3, 0xa7, 0x0e},
2910 {0x43, 0xf4, 0x44, 0xe8, 0xcc, 0xc8, 0xd4, 0x54,
2911 0x33, 0x37, 0x50, 0xf2, 0x87, 0x42, 0x2e, 0x00,
2912 0x49, 0x60, 0x62, 0x02, 0xfd, 0x1a, 0x7c, 0xdb,
2913 0x29, 0x6c, 0x6d, 0x54, 0x53, 0x08, 0xd1, 0xc8}},
2914 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2915 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2916 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2917 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2918 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2919 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2920 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2921 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
2922 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2923 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2924 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2925 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
2926 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2927 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2928 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2929 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
2930 {{0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
2931 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
2932 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
2933 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92},
2934 {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
2935 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
2936 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
2937 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}},
2938 {{0x28, 0x56, 0xac, 0x0e, 0x4f, 0x98, 0x09, 0xf0,
2939 0x49, 0xfa, 0x7f, 0x84, 0xac, 0x7e, 0x50, 0x5b,
2940 0x17, 0x43, 0x14, 0x89, 0x9c, 0x53, 0xa8, 0x94,
2941 0x30, 0xf2, 0x11, 0x4d, 0x92, 0x14, 0x27, 0xe8},
2942 {0x39, 0x7a, 0x84, 0x56, 0x79, 0x9d, 0xec, 0x26,
2943 0x2c, 0x53, 0xc1, 0x94, 0xc9, 0x8d, 0x9e, 0x9d,
2944 0x32, 0x1f, 0xdd, 0x84, 0x04, 0xe8, 0xe2, 0x0a,
2945 0x6b, 0xbe, 0xbb, 0x42, 0x40, 0x67, 0x30, 0x6c}},
2946 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2947 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
2948 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
2949 0x40, 0x2d, 0xa1, 0x73, 0x2f, 0xc9, 0xbe, 0xbd},
2950 {0x27, 0x59, 0xc7, 0x35, 0x60, 0x71, 0xa6, 0xf1,
2951 0x79, 0xa5, 0xfd, 0x79, 0x16, 0xf3, 0x41, 0xf0,
2952 0x57, 0xb4, 0x02, 0x97, 0x32, 0xe7, 0xde, 0x59,
2953 0xe2, 0x2d, 0x9b, 0x11, 0xea, 0x2c, 0x35, 0x92}},
2954 {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
2955 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
2956 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
2957 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x40},
2958 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2959 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2960 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2961 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}},
2962 {{0x1c, 0xc4, 0xf7, 0xda, 0x0f, 0x65, 0xca, 0x39,
2963 0x70, 0x52, 0x92, 0x8e, 0xc3, 0xc8, 0x15, 0xea,
2964 0x7f, 0x10, 0x9e, 0x77, 0x4b, 0x6e, 0x2d, 0xdf,
2965 0xe8, 0x30, 0x9d, 0xda, 0xe8, 0x9a, 0x65, 0xae},
2966 {0x02, 0xb0, 0x16, 0xb1, 0x1d, 0xc8, 0x57, 0x7b,
2967 0xa2, 0x3a, 0xa2, 0xa3, 0x38, 0x5c, 0x8f, 0xeb,
2968 0x66, 0x37, 0x91, 0xa8, 0x5f, 0xef, 0x04, 0xf6,
2969 0x59, 0x75, 0xe1, 0xee, 0x92, 0xf6, 0x0e, 0x30}},
2970 {{0x8d, 0x76, 0x14, 0xa4, 0x14, 0x06, 0x9f, 0x9a,
2971 0xdf, 0x4a, 0x85, 0xa7, 0x6b, 0xbf, 0x29, 0x6f,
2972 0xbc, 0x34, 0x87, 0x5d, 0xeb, 0xbb, 0x2e, 0xa9,
2973 0xc9, 0x1f, 0x58, 0xd6, 0x9a, 0x82, 0xa0, 0x56},
2974 {0xd4, 0xb9, 0xdb, 0x88, 0x1d, 0x04, 0xe9, 0x93,
2975 0x8d, 0x3f, 0x20, 0xd5, 0x86, 0xa8, 0x83, 0x07,
2976 0xdb, 0x09, 0xd8, 0x22, 0x1f, 0x7f, 0xf1, 0x71,
2977 0xc8, 0xe7, 0x5d, 0x47, 0xaf, 0x8b, 0x72, 0xe9}},
2978 {{0x83, 0xb9, 0x39, 0xb2, 0xa4, 0xdf, 0x46, 0x87,
2979 0xc2, 0xb8, 0xf1, 0xe6, 0x4c, 0xd1, 0xe2, 0xa9,
2980 0xe4, 0x70, 0x30, 0x34, 0xbc, 0x52, 0x7c, 0x55,
2981 0xa6, 0xec, 0x80, 0xa4, 0xe5, 0xd2, 0xdc, 0x73},
2982 {0x08, 0xf1, 0x03, 0xcf, 0x16, 0x73, 0xe8, 0x7d,
2983 0xb6, 0x7e, 0x9b, 0xc0, 0xb4, 0xc2, 0xa5, 0x86,
2984 0x02, 0x77, 0xd5, 0x27, 0x86, 0xa5, 0x15, 0xfb,
2985 0xae, 0x9b, 0x8c, 0xa9, 0xf9, 0xf8, 0xa8, 0x4a}},
2986 {{0x8b, 0x00, 0x49, 0xdb, 0xfa, 0xf0, 0x1b, 0xa2,
2987 0xed, 0x8a, 0x9a, 0x7a, 0x36, 0x78, 0x4a, 0xc7,
2988 0xf7, 0xad, 0x39, 0xd0, 0x6c, 0x65, 0x7a, 0x41,
2989 0xce, 0xd6, 0xd6, 0x4c, 0x20, 0x21, 0x6b, 0xc7},
2990 {0xc6, 0xca, 0x78, 0x1d, 0x32, 0x6c, 0x6c, 0x06,
2991 0x91, 0xf2, 0x1a, 0xe8, 0x43, 0x16, 0xea, 0x04,
2992 0x3c, 0x1f, 0x07, 0x85, 0xf7, 0x09, 0x22, 0x08,
2993 0xba, 0x13, 0xfd, 0x78, 0x1e, 0x3f, 0x6f, 0x62}},
2994 {{0x25, 0x9b, 0x7c, 0xb0, 0xac, 0x72, 0x6f, 0xb2,
2995 0xe3, 0x53, 0x84, 0x7a, 0x1a, 0x9a, 0x98, 0x9b,
2996 0x44, 0xd3, 0x59, 0xd0, 0x8e, 0x57, 0x41, 0x40,
2997 0x78, 0xa7, 0x30, 0x2f, 0x4c, 0x9c, 0xb9, 0x68},
2998 {0xb7, 0x75, 0x03, 0x63, 0x61, 0xc2, 0x48, 0x6e,
2999 0x12, 0x3d, 0xbf, 0x4b, 0x27, 0xdf, 0xb1, 0x7a,
3000 0xff, 0x4e, 0x31, 0x07, 0x83, 0xf4, 0x62, 0x5b,
3001 0x19, 0xa5, 0xac, 0xa0, 0x32, 0x58, 0x0d, 0xa7}},
3002 {{0x43, 0x4f, 0x10, 0xa4, 0xca, 0xdb, 0x38, 0x67,
3003 0xfa, 0xae, 0x96, 0xb5, 0x6d, 0x97, 0xff, 0x1f,
3004 0xb6, 0x83, 0x43, 0xd3, 0xa0, 0x2d, 0x70, 0x7a,
3005 0x64, 0x05, 0x4c, 0xa7, 0xc1, 0xa5, 0x21, 0x51},
3006 {0xe4, 0xf1, 0x23, 0x84, 0xe1, 0xb5, 0x9d, 0xf2,
3007 0xb8, 0x73, 0x8b, 0x45, 0x2b, 0x35, 0x46, 0x38,
3008 0x10, 0x2b, 0x50, 0xf8, 0x8b, 0x35, 0xcd, 0x34,
3009 0xc8, 0x0e, 0xf6, 0xdb, 0x09, 0x35, 0xf0, 0xda}},
3010 {{0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34,
3011 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13,
3012 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46,
3013 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5},
3014 {0xdb, 0x21, 0x5c, 0x8d, 0x83, 0x1d, 0xb3, 0x34,
3015 0xc7, 0x0e, 0x43, 0xa1, 0x58, 0x79, 0x67, 0x13,
3016 0x1e, 0x86, 0x5d, 0x89, 0x63, 0xe6, 0x0a, 0x46,
3017 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}}
3019 for (i = 0; i < 33; i++) {
3063 static const unsigned char b32[32] = {
3064 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
3065 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
3066 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
3067 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40
3070 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
3071 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
3074 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
3075 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
3078 unsigned char b322[32];
3094 static const unsigned char zero_overflow[32] = {
3095 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3096 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3097 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3098 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
3100 static const unsigned char zero[32] = { 0x00 };
3101 unsigned char out[32];
3112 static const unsigned char one_overflow[32] = {
3113 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3114 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3115 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3116 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x30,
3118 static const unsigned char one[32] = {
3119 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3120 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3121 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3122 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
3124 unsigned char out[32];
3134 static const unsigned char ff_overflow[32] = {
3135 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3136 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3137 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3138 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
3140 static const unsigned char ff[32] = {
3141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
3144 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x03, 0xD0,
3146 unsigned char out[32];
3175 CHECK(
t.normalized == 0);
3180 for (
m = 1;
m < 32;
m++) {
3187 CHECK(u.magnitude == (
m >> 1) + 1);
3188 CHECK(u.normalized == 0);
3200 CHECK((
t.n[0] & 1) == 0);
3206 CHECK(u.magnitude == (
m >> 1) + 1);
3207 CHECK(u.normalized == 0);
3223 for (i = 0; i < 1000 *
COUNT; i++) {
3248 CHECK(!x.normalized);
3249 CHECK((x.magnitude == q.magnitude) || (x.magnitude == z.magnitude));
3250 CHECK((x.magnitude >= q.magnitude) && (x.magnitude >= z.magnitude));
3258 CHECK(!q.normalized);
3259 CHECK((q.magnitude == x.magnitude) || (q.magnitude == z.magnitude));
3260 CHECK((q.magnitude >= x.magnitude) && (q.magnitude >= z.magnitude));
3270 CHECK(q.normalized && q.magnitude == 1);
3272 for (j = 0; j < 6; j++) {
3277 CHECK(!q.normalized && q.magnitude == z.magnitude);
3326 unsigned char a32[32], b32[32], c32[32];
3328 uint16_t a16[16], b16[16], c16[16];
3330 static const uint16_t m16[16] = {
3331 0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
3332 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
3354 for (i = 0; i < 16; ++i) {
3355 a16[i] = a32[31 - 2*i] + ((uint16_t)a32[30 - 2*i] << 8);
3356 b16[i] = b32[31 - 2*i] + ((uint16_t)b32[30 - 2*i] << 8);
3357 c16[i] = c32[31 - 2*i] + ((uint16_t)c32[30 - 2*i] << 8);
3367 for (i = 0; i < 100 *
COUNT; ++i) {
3393 for (i = 1; i <= 512; ++i) {
3418 CHECK((v == 0) == (
k == NULL));
3439 for (i = 1; i <= 100; i++) {
3448 for (i = 0; i < 10; i++) {
3451 for (j = 0; j <
COUNT; j++) {
3468 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE,
3469 0xBAAEDCE6, 0xAF48A03B, 0xBFD25E8C, 0xD0364140
3473 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
3474 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFC2E
3542 {
SECP256K1_FE_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xfffffc2e),
3543 SECP256K1_FE_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xfffffc2e)},
3546 SECP256K1_FE_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x7ffffe18)},
3549 SECP256K1_FE_CONST(0xbcb223fe, 0xdc24a059, 0xd838091d, 0xd2253530, 0xffffffff, 0xffffffff, 0xffffffff, 0x434dd931)},
3551 {
SECP256K1_FE_CONST(0xe34e9c95, 0x6bee8a84, 0x0dcb632a, 0xdb8a1320, 0x66885408, 0x06f3f996, 0x7c11ca84, 0x19199ec3),
3552 SECP256K1_FE_CONST(0xbd2cbd8f, 0x1c536828, 0x9bccda44, 0x2582ac0c, 0x870152b0, 0x8a3f09fb, 0x1aaadf92, 0x19b618e5)},
3554 {
SECP256K1_FE_CONST(0xf6bc3ba3, 0x636451c4, 0x3e46357d, 0x2c21d619, 0x0988e234, 0x15985661, 0x6672982b, 0xa7549bfc),
3555 SECP256K1_FE_CONST(0xb024fdc7, 0x5547451e, 0x426c585f, 0xbd481425, 0x73df6b75, 0xeef6d9d0, 0x389d87d4, 0xfbb440ba)},
3557 {
SECP256K1_FE_CONST(0xb595d81b, 0x2e3c1e2f, 0x482dbc65, 0xe4865af7, 0x9a0a50aa, 0x29f9e618, 0x6f87d7a5, 0x8d1063ae),
3558 SECP256K1_FE_CONST(0xc983337c, 0x5d5c74e1, 0x49918330, 0x0b53afb5, 0xa0428a0b, 0xce6eef86, 0x059bd8ef, 0xe5b908de)},
3560 {
SECP256K1_FE_CONST(0x00000000, 0x00000000, 0xe0ff1f80, 0x1f000000, 0x00000000, 0x00000000, 0xfeff0100, 0x00000000),
3561 SECP256K1_FE_CONST(0x9faf9316, 0x77e5049d, 0x0b5e7a1b, 0xef70b893, 0x18c9e30c, 0x045e7fd7, 0x29eddf8c, 0xd62e9e3d)},
3562 {
SECP256K1_FE_CONST(0x621a538d, 0x511b2780, 0x35688252, 0x53f889a4, 0x6317c3ac, 0x32ba0a46, 0x6277c0d1, 0xccd31192),
3563 SECP256K1_FE_CONST(0x38513b0c, 0x5eba856f, 0xe29e882e, 0x9b394d8c, 0x34bda011, 0xeaa66943, 0x6a841a4c, 0x6ae8bcff)},
3564 {
SECP256K1_FE_CONST(0x00000200, 0xf0ffff1f, 0x00000000, 0x0000e0ff, 0xffffffff, 0xfffcffff, 0xffffffff, 0xffff0100),
3565 SECP256K1_FE_CONST(0x5da42a52, 0x3640de9e, 0x13e64343, 0x0c7591b7, 0x6c1e3519, 0xf048c5b6, 0x0484217c, 0xedbf8b2f)},
3566 {
SECP256K1_FE_CONST(0xd1343ef9, 0x4b952621, 0x7c52a2ee, 0x4ea1281b, 0x4ab46410, 0x9f26998d, 0xa686a8ff, 0x9f2103e8),
3567 SECP256K1_FE_CONST(0x84044385, 0x9a4619bf, 0x74e35b6d, 0xa47e0c46, 0x6b7fb47d, 0x9ffab128, 0xb0775aa3, 0xcb318bd1)},
3568 {
SECP256K1_FE_CONST(0xb27235d2, 0xc56a52be, 0x210db37a, 0xd50d23a4, 0xbe621bdd, 0x5df22c6a, 0xe926ba62, 0xd2e4e440),
3569 SECP256K1_FE_CONST(0x67a26e54, 0x483a9d3c, 0xa568469e, 0xd258ab3d, 0xb9ec9981, 0xdca9b1bd, 0x8d2775fe, 0x53ae429b)},
3570 {
SECP256K1_FE_CONST(0x00000000, 0x00000000, 0x00e0ffff, 0xffffff83, 0xffffffff, 0x3f00f00f, 0x000000e0, 0xffffffff),
3571 SECP256K1_FE_CONST(0x310e10f8, 0x23bbfab0, 0xac94907d, 0x076c9a45, 0x8d357d7f, 0xc763bcee, 0x00d0e615, 0x5a6acef6)},
3572 {
SECP256K1_FE_CONST(0xfeff0300, 0x001c0000, 0xf80700c0, 0x0ff0ffff, 0xffffffff, 0x0fffffff, 0xffff0100, 0x7f0000fe),
3573 SECP256K1_FE_CONST(0x28e2fdb4, 0x0709168b, 0x86f598b0, 0x3453a370, 0x530cf21f, 0x32f978d5, 0x1d527a71, 0x59269b0c)},
3574 {
SECP256K1_FE_CONST(0xc2591afa, 0x7bb98ef7, 0x090bb273, 0x85c14f87, 0xbb0b28e0, 0x54d3c453, 0x85c66753, 0xd5574d2f),
3575 SECP256K1_FE_CONST(0xfdca70a2, 0x70ce627c, 0x95e66fae, 0x848a6dbb, 0x07ffb15c, 0x5f63a058, 0xba4140ed, 0x6113b503)},
3576 {
SECP256K1_FE_CONST(0xf5475db3, 0xedc7b5a3, 0x411c047e, 0xeaeb452f, 0xc625828e, 0x1cf5ad27, 0x8eec1060, 0xc7d3e690),
3577 SECP256K1_FE_CONST(0x5eb756c0, 0xf963f4b9, 0xdc6a215e, 0xec8cc2d8, 0x2e9dec01, 0xde5eb88d, 0x6aba7164, 0xaecb2c5a)},
3578 {
SECP256K1_FE_CONST(0x00000000, 0x00f8ffff, 0xffffffff, 0x01000000, 0xe0ff1f00, 0x00000000, 0xffffff7f, 0x00000000),
3579 SECP256K1_FE_CONST(0xe0d2e3d8, 0x49b6157d, 0xe54e88c2, 0x1a7f02ca, 0x7dd28167, 0xf1125d81, 0x7bfa444e, 0xbe110037)},
3581 {
SECP256K1_FE_CONST(0x13cc08a4, 0xd8c41f0f, 0x179c3e67, 0x54c46c67, 0xc4109221, 0x09ab3b13, 0xe24d9be1, 0xffffe950),
3582 SECP256K1_FE_CONST(0xb80c8006, 0xd16abaa7, 0xcabd71e5, 0xcf6714f4, 0x966dd3d0, 0x64767a2d, 0xe92c4441, 0x51008cd1)},
3583 {
SECP256K1_FE_CONST(0xaa6db990, 0x95efbca1, 0x3cc6ff71, 0x0602e24a, 0xf49ff938, 0x99fffc16, 0x46f40993, 0xc6e72057),
3584 SECP256K1_FE_CONST(0xd5d3dd69, 0xb0c195e5, 0x285f1d49, 0xe639e48c, 0x9223f8a9, 0xca1d731d, 0x9ca482f9, 0xa5b93e06)},
3585 {
SECP256K1_FE_CONST(0x1c680eac, 0xaeabffd8, 0x9bdc4aee, 0x1781e3de, 0xa3b08108, 0x0015f2e0, 0x94449e1b, 0x2f67a058),
3586 SECP256K1_FE_CONST(0x7f083f8d, 0x31254f29, 0x6510f475, 0x245c373d, 0xc5622590, 0x4b323393, 0x32ed1719, 0xc127444b)},
3587 {
SECP256K1_FE_CONST(0x147d44b3, 0x012d83f8, 0xc160d386, 0x1a44a870, 0x9ba6be96, 0x8b962707, 0x267cbc1a, 0xb65b2f0a),
3588 SECP256K1_FE_CONST(0x555554ff, 0x170aef1e, 0x50a43002, 0xe51fbd36, 0xafadb458, 0x7a8aded1, 0x0ca6cd33, 0x6ed9087c)},
3589 {
SECP256K1_FE_CONST(0x12423796, 0x22f0fe61, 0xf9ca017c, 0x5384d107, 0xa1fbf3b2, 0x3b018013, 0x916a3c37, 0x4000b98c),
3590 SECP256K1_FE_CONST(0x20257700, 0x08668f94, 0x1177e306, 0x136c01f5, 0x8ed1fbd2, 0x95ec4589, 0xae38edb9, 0xfd19b6d7)},
3591 {
SECP256K1_FE_CONST(0xdcf2d030, 0x9ab42cb4, 0x93ffa181, 0xdcd23619, 0x39699b52, 0x08909a20, 0xb5a17695, 0x3a9dcf21),
3592 SECP256K1_FE_CONST(0x1f701dea, 0xe211fb1f, 0x4f37180d, 0x63a0f51c, 0x29fe1e40, 0xa40b6142, 0x2e7b12eb, 0x982b06b6)},
3593 {
SECP256K1_FE_CONST(0x79a851f6, 0xa6314ed3, 0xb35a55e6, 0xca1c7d7f, 0xe32369ea, 0xf902432e, 0x375308c5, 0xdfd5b600),
3594 SECP256K1_FE_CONST(0xcaae00c5, 0xe6b43851, 0x9dabb737, 0x38cba42c, 0xa02c8549, 0x7895dcbf, 0xbd183d71, 0xafe4476a)},
3595 {
SECP256K1_FE_CONST(0xede78fdd, 0xcfc92bf1, 0x4fec6c6c, 0xdb8d37e2, 0xfb66bc7b, 0x28701870, 0x7fa27c9a, 0x307196ec),
3596 SECP256K1_FE_CONST(0x68193a6c, 0x9a8b87a7, 0x2a760c64, 0x13e473f6, 0x23ae7bed, 0x1de05422, 0x88865427, 0xa3418265)},
3597 {
SECP256K1_FE_CONST(0xa40b2079, 0xb8f88e89, 0xa7617997, 0x89baf5ae, 0x174df343, 0x75138eae, 0x2711595d, 0x3fc3e66c),
3598 SECP256K1_FE_CONST(0x9f99c6a5, 0x6d685267, 0xd4b87c37, 0x9d9c4576, 0x358c692b, 0x6bbae0ed, 0x3389c93d, 0x7fdd2655)},
3599 {
SECP256K1_FE_CONST(0x7c74c6b6, 0xe98d9151, 0x72645cf1, 0x7f06e321, 0xcefee074, 0x15b2113a, 0x10a9be07, 0x08a45696),
3600 SECP256K1_FE_CONST(0x8c919a88, 0x898bc1e0, 0x77f26f97, 0x12e655b7, 0x9ba0ac40, 0xe15bb19e, 0x8364cc3b, 0xe227a8ee)},
3601 {
SECP256K1_FE_CONST(0x109ba1ce, 0xdafa6d4a, 0xa1cec2b2, 0xeb1069f4, 0xb7a79e5b, 0xec6eb99b, 0xaec5f643, 0xee0e723e),
3602 SECP256K1_FE_CONST(0x93d13eb8, 0x4bb0bcf9, 0xe64f5a71, 0xdbe9f359, 0x7191401c, 0x6f057a4a, 0xa407fe1b, 0x7ecb65cc)},
3603 {
SECP256K1_FE_CONST(0x3db076cd, 0xec74a5c9, 0xf61dd138, 0x90e23e06, 0xeeedd2d0, 0x74cbc4e0, 0x3dbe1e91, 0xded36a78),
3604 SECP256K1_FE_CONST(0x3f07f966, 0x8e2a1e09, 0x706c71df, 0x02b5e9d5, 0xcb92ddbf, 0xcdd53010, 0x16545564, 0xe660b107)},
3605 {
SECP256K1_FE_CONST(0xe31c73ed, 0xb4c4b82c, 0x02ae35f7, 0x4cdec153, 0x98b522fd, 0xf7d2460c, 0x6bf7c0f8, 0x4cf67b0d),
3606 SECP256K1_FE_CONST(0x4b8f1faf, 0x94e8b070, 0x19af0ff6, 0xa319cd31, 0xdf0a7ffb, 0xefaba629, 0x59c50666, 0x1fe5b843)},
3607 {
SECP256K1_FE_CONST(0x4c8b0e6e, 0x83392ab6, 0xc0e3e9f1, 0xbbd85497, 0x16698897, 0xf552d50d, 0x79652ddb, 0x12f99870),
3608 SECP256K1_FE_CONST(0x56d5101f, 0xd23b7949, 0x17dc38d6, 0xf24022ef, 0xcf18e70a, 0x5cc34424, 0x438544c3, 0x62da4bca)},
3609 {
SECP256K1_FE_CONST(0xb0e040e2, 0x40cc35da, 0x7dd5c611, 0x7fccb178, 0x28888137, 0xbc930358, 0xea2cbc90, 0x775417dc),
3610 SECP256K1_FE_CONST(0xca37f0d4, 0x016dd7c8, 0xab3ae576, 0x96e08d69, 0x68ed9155, 0xa9b44270, 0x900ae35d, 0x7c7800cd)},
3611 {
SECP256K1_FE_CONST(0x8a32ea49, 0x7fbb0bae, 0x69724a9d, 0x8e2105b2, 0xbdf69178, 0x862577ef, 0x35055590, 0x667ddaef),
3612 SECP256K1_FE_CONST(0xd02d7ead, 0xc5e190f0, 0x559c9d72, 0xdaef1ffc, 0x64f9f425, 0xf43645ea, 0x7341e08d, 0x11768e96)},
3613 {
SECP256K1_FE_CONST(0xa3592d98, 0x9abe289d, 0x579ebea6, 0xbb0857a8, 0xe242ab73, 0x85f9a2ce, 0xb6998f0f, 0xbfffbfc6),
3614 SECP256K1_FE_CONST(0x093c1533, 0x32032efa, 0x6aa46070, 0x0039599e, 0x589c35f4, 0xff525430, 0x7fe3777a, 0x44b43ddc)},
3615 {
SECP256K1_FE_CONST(0x647178a3, 0x229e607b, 0xcc98521a, 0xcce3fdd9, 0x1e1bc9c9, 0x97fb7c6a, 0x61b961e0, 0x99b10709),
3616 SECP256K1_FE_CONST(0x98217c13, 0xd51ddf78, 0x96310e77, 0xdaebd908, 0x602ca683, 0xcb46d07a, 0xa1fcf17e, 0xc8e2feb3)},
3617 {
SECP256K1_FE_CONST(0x7334627c, 0x73f98968, 0x99464b4b, 0xf5964958, 0x1b95870d, 0xc658227e, 0x5e3235d8, 0xdcab5787),
3618 SECP256K1_FE_CONST(0x000006fd, 0xc7e9dd94, 0x40ae367a, 0xe51d495c, 0x07603b9b, 0x2d088418, 0x6cc5c74c, 0x98514307)},
3619 {
SECP256K1_FE_CONST(0x82e83876, 0x96c28938, 0xa50dd1c5, 0x605c3ad1, 0xc048637d, 0x7a50825f, 0x335ed01a, 0x00005760),
3620 SECP256K1_FE_CONST(0xb0393f9f, 0x9f2aa55e, 0xf5607e2e, 0x5287d961, 0x60b3e704, 0xf3e16e80, 0xb4f9a3ea, 0xfec7f02d)},
3621 {
SECP256K1_FE_CONST(0xc97b6cec, 0x3ee6b8dc, 0x98d24b58, 0x3c1970a1, 0xfe06297a, 0xae813529, 0xe76bb6bd, 0x771ae51d),
3622 SECP256K1_FE_CONST(0x0507c702, 0xd407d097, 0x47ddeb06, 0xf6625419, 0x79f48f79, 0x7bf80d0b, 0xfc34b364, 0x253a5db1)},
3623 {
SECP256K1_FE_CONST(0xd559af63, 0x77ea9bc4, 0x3cf1ad14, 0x5c7a4bbb, 0x10e7d18b, 0x7ce0dfac, 0x380bb19d, 0x0bb99bd3),
3624 SECP256K1_FE_CONST(0x00196119, 0xb9b00d92, 0x34edfdb5, 0xbbdc42fc, 0xd2daa33a, 0x163356ca, 0xaa8754c8, 0xb0ec8b0b)},
3625 {
SECP256K1_FE_CONST(0x8ddfa3dc, 0x52918da0, 0x640519dc, 0x0af8512a, 0xca2d33b2, 0xbde52514, 0xda9c0afc, 0xcb29fce4),
3626 SECP256K1_FE_CONST(0xb3e4878d, 0x5cb69148, 0xcd54388b, 0xc23acce0, 0x62518ba8, 0xf09def92, 0x7b31e6aa, 0x6ba35b02)},
3627 {
SECP256K1_FE_CONST(0xf8207492, 0xe3049f0a, 0x65285f2b, 0x0bfff996, 0x00ca112e, 0xc05da837, 0x546d41f9, 0x5194fb91),
3628 SECP256K1_FE_CONST(0x7b7ee50b, 0xa8ed4bbd, 0xf6469930, 0x81419a5c, 0x071441c7, 0x290d046e, 0x3b82ea41, 0x611c5f95)},
3629 {
SECP256K1_FE_CONST(0x050f7c80, 0x5bcd3c6b, 0x823cb724, 0x5ce74db7, 0xa4e39f5c, 0xbd8828d7, 0xfd4d3e07, 0x3ec2926a),
3630 SECP256K1_FE_CONST(0x000d6730, 0xb0171314, 0x4764053d, 0xee157117, 0x48fd61da, 0xdea0b9db, 0x1d5e91c6, 0xbdc3f59e)},
3631 {
SECP256K1_FE_CONST(0x3e3ea8eb, 0x05d760cf, 0x23009263, 0xb3cb3ac9, 0x088f6f0d, 0x3fc182a3, 0xbd57087c, 0xe67c62f9),
3632 SECP256K1_FE_CONST(0xbe988716, 0xa29c1bf6, 0x4456aed6, 0xab1e4720, 0x49929305, 0x51043bf4, 0xebd833dd, 0xdd511e8b)},
3633 {
SECP256K1_FE_CONST(0x6964d2a9, 0xa7fa6501, 0xa5959249, 0x142f4029, 0xea0c1b5f, 0x2f487ef6, 0x301ac80a, 0x768be5cd),
3634 SECP256K1_FE_CONST(0x3918ffe4, 0x07492543, 0xed24d0b7, 0x3df95f8f, 0xaffd7cb4, 0x0de2191c, 0x9ec2f2ad, 0x2c0cb3c6)},
3635 {
SECP256K1_FE_CONST(0x37c93520, 0xf6ddca57, 0x2b42fd5e, 0xb5c7e4de, 0x11b5b81c, 0xb95e91f3, 0x95c4d156, 0x39877ccb),
3636 SECP256K1_FE_CONST(0x9a94b9b5, 0x57eb71ee, 0x4c975b8b, 0xac5262a8, 0x077b0595, 0xe12a6b1f, 0xd728edef, 0x1a6bf956)}
3647 {
SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140),
3648 SECP256K1_SCALAR_CONST(0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0xbaaedce6, 0xaf48a03b, 0xbfd25e8c, 0xd0364140)},
3651 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x5d576e73, 0x57a4501d, 0xdfe92f46, 0x681b20a1)},
3654 SECP256K1_SCALAR_CONST(0x50a51ac8, 0x34b9ec24, 0x4b0dff66, 0x5588b13e, 0x9984d5b3, 0xcf80ef0f, 0xd6a23766, 0xa3ee9f22)},
3656 {
SECP256K1_SCALAR_CONST(0xcb9f1d35, 0xdd4416c2, 0xcd71bf3f, 0x6365da66, 0x3c9b3376, 0x8feb7ae9, 0x32a5ef60, 0x19199ec3),
3657 SECP256K1_SCALAR_CONST(0x1d7c7bba, 0xf1893d53, 0xb834bd09, 0x36b411dc, 0x42c2e42f, 0xec72c428, 0x5e189791, 0x8e9bc708)},
3659 {
SECP256K1_SCALAR_CONST(0x7e3c993d, 0xa4272488, 0xbc015b49, 0x2db54174, 0xd382083a, 0xebe6db35, 0x80f82eff, 0xcd132c72),
3660 SECP256K1_SCALAR_CONST(0x086f34a0, 0x3e631f76, 0x77418f28, 0xcc84ac95, 0x6304439d, 0x365db268, 0x312c6ded, 0xd0b934f8)},
3662 {
SECP256K1_SCALAR_CONST(0xbad7e587, 0x3f307859, 0x60d93147, 0x8a18491e, 0xb38a9fd5, 0x254350d3, 0x4b1f0e4b, 0x7dd6edc4),
3663 SECP256K1_SCALAR_CONST(0x89f2df26, 0x39e2b041, 0xf19bd876, 0xd039c8ac, 0xc2223add, 0x29c4943e, 0x6632d908, 0x515f467b)},
3665 {
SECP256K1_SCALAR_CONST(0x1950d757, 0xb37a5809, 0x435059bb, 0x0bb8997e, 0x07e1e3c8, 0x5e5d7d2c, 0x6a0ed8e3, 0xdbde180e),
3666 SECP256K1_SCALAR_CONST(0xbf72af9b, 0x750309e2, 0x8dda230b, 0xfe432b93, 0x7e25e475, 0x4388251e, 0x633d894b, 0x3bcb6f8c)},
3667 {
SECP256K1_SCALAR_CONST(0x9bccf4e7, 0xc5a515e3, 0x50637aa9, 0xbb65a13f, 0x391749a1, 0x62de7d4e, 0xf6d7eabb, 0x3cd10ce0),
3668 SECP256K1_SCALAR_CONST(0xaf2d5623, 0xb6385a33, 0xcd0365be, 0x5e92a70d, 0x7f09179c, 0x3baaf30f, 0x8f9cc83b, 0x20092f67)},
3669 {
SECP256K1_SCALAR_CONST(0x73a57111, 0xb242952a, 0x5c5dee59, 0xf3be2ace, 0xa30a7659, 0xa46e5f47, 0xd21267b1, 0x39e642c9),
3670 SECP256K1_SCALAR_CONST(0xa711df07, 0xcbcf13ef, 0xd61cc6be, 0xbcd058ce, 0xb02cf157, 0x272d4a18, 0x86d0feb3, 0xcd5fa004)},
3671 {
SECP256K1_SCALAR_CONST(0x04884963, 0xce0580b1, 0xba547030, 0x3c691db3, 0x9cd2c84f, 0x24c7cebd, 0x97ebfdba, 0x3e785ec2),
3672 SECP256K1_SCALAR_CONST(0xaaaaaf14, 0xd7c99ba7, 0x517ce2c1, 0x78a28b4c, 0x3769a851, 0xe5c5a03d, 0x4cc28f33, 0x0ec4dc5d)},
3673 {
SECP256K1_SCALAR_CONST(0x1679ed49, 0x21f537b1, 0x815cb8ae, 0x9efc511c, 0x5b9fa037, 0x0b0f275e, 0x6c985281, 0x6c4a9905),
3674 SECP256K1_SCALAR_CONST(0xb14ac3d5, 0x62b52999, 0xef34ead1, 0xffca4998, 0x0294341a, 0x1f8172aa, 0xea1624f9, 0x302eea62)},
3675 {
SECP256K1_SCALAR_CONST(0x626b37c0, 0xf0057c35, 0xee982f83, 0x452a1fd3, 0xea826506, 0x48b08a9d, 0x1d2c4799, 0x4ad5f6ec),
3676 SECP256K1_SCALAR_CONST(0xe38643b7, 0x567bfc2f, 0x5d2f1c15, 0xe327239c, 0x07112443, 0x69509283, 0xfd98e77a, 0xdb71c1e8)},
3677 {
SECP256K1_SCALAR_CONST(0x1850a3a7, 0x759efc56, 0x54f287b2, 0x14d1234b, 0xe263bbc9, 0xcf4d8927, 0xd5f85f27, 0x965bd816),
3678 SECP256K1_SCALAR_CONST(0x3b071831, 0xcac9619a, 0xcceb0596, 0xf614d63b, 0x95d0db2f, 0xc6a00901, 0x8eaa2621, 0xabfa0009)},
3679 {
SECP256K1_SCALAR_CONST(0x94ae5d06, 0xa27dc400, 0x487d72be, 0xaa51ebed, 0xe475b5c0, 0xea675ffc, 0xf4df627a, 0xdca4222f),
3680 SECP256K1_SCALAR_CONST(0x01b412ed, 0xd7830956, 0x1532537e, 0xe5e3dc99, 0x8fd3930a, 0x54f8d067, 0x32ef5760, 0x594438a5)},
3681 {
SECP256K1_SCALAR_CONST(0x1f24278a, 0xb5bfe374, 0xa328dbbc, 0xebe35f48, 0x6620e009, 0xd58bb1b4, 0xb5a6bf84, 0x8815f63a),
3682 SECP256K1_SCALAR_CONST(0xfe928416, 0xca5ba2d3, 0xfde513da, 0x903a60c7, 0x9e58ad8a, 0x8783bee4, 0x083a3843, 0xa608c914)},
3683 {
SECP256K1_SCALAR_CONST(0xdc107d58, 0x274f6330, 0x67dba8bc, 0x26093111, 0x5201dfb8, 0x968ce3f5, 0xf34d1bd4, 0xf2146504),
3684 SECP256K1_SCALAR_CONST(0x660cfa90, 0x13c3d93e, 0x7023b1e5, 0xedd09e71, 0x6d9c9d10, 0x7a3d2cdb, 0xdd08edc3, 0xaa78fcfb)},
3685 {
SECP256K1_SCALAR_CONST(0x7cd1e905, 0xc6f02776, 0x2f551cc7, 0x5da61cff, 0x7da05389, 0x1119d5a4, 0x631c7442, 0x894fd4f7),
3686 SECP256K1_SCALAR_CONST(0xff20862a, 0x9d3b1a37, 0x1628803b, 0x3004ccae, 0xaa23282a, 0xa89a1109, 0xd94ece5e, 0x181bdc46)},
3687 {
SECP256K1_SCALAR_CONST(0x5b9dade8, 0x23d26c58, 0xcd12d818, 0x25b8ae97, 0x3dea04af, 0xf482c96b, 0xa062f254, 0x9e453640),
3688 SECP256K1_SCALAR_CONST(0x50c38800, 0x15fa53f4, 0xbe1e5392, 0x5c9b120a, 0x262c22c7, 0x18fa0816, 0x5f2baab4, 0x8cb5db46)},
3689 {
SECP256K1_SCALAR_CONST(0x11cdaeda, 0x969c464b, 0xef1f4ab0, 0x5b01d22e, 0x656fd098, 0x882bea84, 0x65cdbe7a, 0x0c19ff03),
3690 SECP256K1_SCALAR_CONST(0x1968d0fa, 0xac46f103, 0xb55f1f72, 0xb3820bed, 0xec6b359a, 0x4b1ae0ad, 0x7e38e1fb, 0x295ccdfb)},
3691 {
SECP256K1_SCALAR_CONST(0x2c351aa1, 0x26e91589, 0x194f8a1e, 0x06561f66, 0x0cb97b7f, 0x10914454, 0x134d1c03, 0x157266b4),
3692 SECP256K1_SCALAR_CONST(0xbe49ada6, 0x92bd8711, 0x41b176c4, 0xa478ba95, 0x14883434, 0x9d1cd6f3, 0xcc4b847d, 0x22af80f5)},
3693 {
SECP256K1_SCALAR_CONST(0x6ba07c6e, 0x13a60edb, 0x6247f5c3, 0x84b5fa56, 0x76fe3ec5, 0x80426395, 0xf65ec2ae, 0x623ba730),
3694 SECP256K1_SCALAR_CONST(0x25ac23f7, 0x418cd747, 0x98376f9d, 0x4a11c7bf, 0x24c8ebfe, 0x4c8a8655, 0x345f4f52, 0x1c515595)},
3695 {
SECP256K1_SCALAR_CONST(0x9397a712, 0x8abb6951, 0x2d4a3d54, 0x703b1c2a, 0x0661dca8, 0xd75c9b31, 0xaed4d24b, 0xd2ab2948),
3696 SECP256K1_SCALAR_CONST(0xc52e8bef, 0xd55ce3eb, 0x1c897739, 0xeb9fb606, 0x36b9cd57, 0x18c51cc2, 0x6a87489e, 0xffd0dcf3)},
3697 {
SECP256K1_SCALAR_CONST(0xe6a808cc, 0xeb437888, 0xe97798df, 0x4e224e44, 0x7e3b380a, 0x207c1653, 0x889f3212, 0xc6738b6f),
3698 SECP256K1_SCALAR_CONST(0x31f9ae13, 0xd1e08b20, 0x757a2e5e, 0x5243a0eb, 0x8ae35f73, 0x19bb6122, 0xb910f26b, 0xda70aa55)},
3699 {
SECP256K1_SCALAR_CONST(0xd0320548, 0xab0effe7, 0xa70779e0, 0x61a347a6, 0xb8c1e010, 0x9d5281f8, 0x2ee588a6, 0x80000000),
3700 SECP256K1_SCALAR_CONST(0x1541897e, 0x78195c90, 0x7583dd9e, 0x728b6100, 0xbce8bc6d, 0x7a53b471, 0x5dcd9e45, 0x4425fcaf)},
3701 {
SECP256K1_SCALAR_CONST(0x93d623f1, 0xd45b50b0, 0x796e9186, 0x9eac9407, 0xd30edc20, 0xef6304cf, 0x250494e7, 0xba503de9),
3702 SECP256K1_SCALAR_CONST(0x7026d638, 0x1178b548, 0x92043952, 0x3c7fb47c, 0xcd3ea236, 0x31d82b01, 0x612fc387, 0x80b9b957)},
3703 {
SECP256K1_SCALAR_CONST(0xf860ab39, 0x55f5d412, 0xa4d73bcc, 0x3b48bd90, 0xc248ffd3, 0x13ca10be, 0x8fba84cc, 0xdd28d6a3),
3704 SECP256K1_SCALAR_CONST(0x5c32fc70, 0xe0b15d67, 0x76694700, 0xfe62be4d, 0xeacdb229, 0x7a4433d9, 0x52155cd0, 0x7649ab59)},
3705 {
SECP256K1_SCALAR_CONST(0x4e41311c, 0x0800af58, 0x7a690a8e, 0xe175c9ba, 0x6981ab73, 0xac532ea8, 0x5c1f5e63, 0x6ac1f189),
3706 SECP256K1_SCALAR_CONST(0xfffffff9, 0xd075982c, 0x7fbd3825, 0xc05038a2, 0x4533b91f, 0x94ec5f45, 0xb280b28f, 0x842324dc)},
3707 {
SECP256K1_SCALAR_CONST(0x48e473bf, 0x3555eade, 0xad5d7089, 0x2424c4e4, 0x0a99397c, 0x2dc796d8, 0xb7a43a69, 0xd0364141),
3708 SECP256K1_SCALAR_CONST(0x634976b2, 0xa0e47895, 0x1ec38593, 0x266d6fd0, 0x6f602644, 0x9bb762f1, 0x7180c704, 0xe23a4daa)},
3709 {
SECP256K1_SCALAR_CONST(0xbe83878d, 0x3292fc54, 0x26e71c62, 0x556ccedc, 0x7cbb8810, 0x4032a720, 0x34ead589, 0xe4d6bd13),
3710 SECP256K1_SCALAR_CONST(0x6cd150ad, 0x25e59d0f, 0x74cbae3d, 0x6377534a, 0x1e6562e8, 0xb71b9d18, 0xe1e5d712, 0x8480abb3)},
3711 {
SECP256K1_SCALAR_CONST(0xcdddf2e5, 0xefc15f88, 0xc9ee06de, 0x8a846ca9, 0x28561581, 0x68daa5fb, 0xd1cf3451, 0xeb1782d0),
3712 SECP256K1_SCALAR_CONST(0xffffffd9, 0xed8d2af4, 0x993c865a, 0x23e9681a, 0x3ca3a3dc, 0xe6d5a46e, 0xbd86bd87, 0x61b55c70)},
3713 {
SECP256K1_SCALAR_CONST(0xb6a18f1f, 0x04872df9, 0x08165ec4, 0x319ca19c, 0x6c0359ab, 0x1f7118fb, 0xc2ef8082, 0xca8b7785),
3714 SECP256K1_SCALAR_CONST(0xff55b19b, 0x0f1ac78c, 0x0f0c88c2, 0x2358d5ad, 0x5f455e4e, 0x3330b72f, 0x274dc153, 0xffbf272b)},
3715 {
SECP256K1_SCALAR_CONST(0xea4898e5, 0x30eba3e8, 0xcf0e5c3d, 0x06ec6844, 0x01e26fb6, 0x75636225, 0xc5d08f4c, 0x1decafa0),
3716 SECP256K1_SCALAR_CONST(0xe5a014a8, 0xe3c4ec1e, 0xea4f9b32, 0xcfc7b386, 0x00630806, 0x12c08d02, 0x6407ccc2, 0xb067d90e)},
3717 {
SECP256K1_SCALAR_CONST(0x70e9aea9, 0x7e933af0, 0x8a23bfab, 0x23e4b772, 0xff951863, 0x5ffcf47d, 0x6bebc918, 0x2ca58265),
3718 SECP256K1_SCALAR_CONST(0xf4e00006, 0x81bc6441, 0x4eb6ec02, 0xc194a859, 0x80ad7c48, 0xba4e9afb, 0x8b6bdbe0, 0x989d8f77)},
3719 {
SECP256K1_SCALAR_CONST(0x3c56c774, 0x46efe6f0, 0xe93618b8, 0xf9b5a846, 0xd247df61, 0x83b1e215, 0x06dc8bcc, 0xeefc1bf5),
3720 SECP256K1_SCALAR_CONST(0xfff8937a, 0x2cd9586b, 0x43c25e57, 0xd1cefa7a, 0x9fb91ed3, 0x95b6533d, 0x8ad0de5b, 0xafb93f00)},
3721 {
SECP256K1_SCALAR_CONST(0xfb5c2772, 0x5cb30e83, 0xe38264df, 0xe4e3ebf3, 0x392aa92e, 0xa68756a1, 0x51279ac5, 0xb50711a8),
3722 SECP256K1_SCALAR_CONST(0x000013af, 0x1105bfe7, 0xa6bbd7fb, 0x3d638f99, 0x3b266b02, 0x072fb8bc, 0x39251130, 0x2e0fd0ea)}
3724 int i, var, testrand;
3725 unsigned char b32[32];
3728 memset(b32, 0,
sizeof(b32));
3730 for (i = 0; (size_t)i <
ARRAY_SIZE(fe_cases); ++i) {
3731 for (var = 0; var <= 1; ++var) {
3738 for (i = 0; (size_t)i <
ARRAY_SIZE(scalar_cases); ++i) {
3739 for (var = 0; var <= 1; ++var) {
3747 for (i = 0; i < 1000; ++i) {
3749 b32[30] = (i >> 8) & 0xff;
3752 for (var = 0; var <= 1; ++var) {
3758 for (var = 0; var <= 1; ++var) {
3764 for (testrand = 0; testrand <= 1; ++testrand) {
3765 for (i = 0; i < 64 *
COUNT; ++i) {
3769 for (var = 0; var <= 1; ++var) {
3780 unsigned char a[600];
3781 unsigned char e[
sizeof(a)];
3783 memset(a + 200, 99, 200);
3784 memset(a + 400, 42, 200);
3786 memset(e + 200, 99, 200);
3787 memset(e + 400, 21, 200);
3794 for (i = 1; i < n; i++) {
3812#define MAX_ELEMENT_LEN 65
3831 for (i = 0; i <
COUNT; i++) {
3839#undef MAX_ELEMENT_LEN
3889 for (i = 0; i < runs; i++) {
3893 if (i >= runs - 2) {
3897 if (i >= runs - 1) {
3908 for (j = 0; j < 4; j++) {
3916 for (j = 0; j < 4; ++j) {
3917 for (
k = 0;
k < 4; ++
k) {
3918 int expect_equal = (j >> 1) == (
k >> 1);
3937 for (i1 = 0; i1 < 1 + 4 * runs; i1++) {
3939 for (i2 = 0; i2 < 1 + 4 * runs; i2++) {
3979 if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) {
3996 if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) {
4018 for (i = 0; i < 4 * runs + 1; i++) {
4019 gej_shuffled[i] = gej[i];
4021 for (i = 0; i < 4 * runs + 1; i++) {
4025 gej_shuffled[i] = gej_shuffled[swap];
4026 gej_shuffled[swap] =
t;
4029 for (i = 0; i < 4 * runs + 1; i++) {
4041 for (i = 0; i < 4 * runs + 1; i++) {
4050 for (i = 1; i < 4 * runs + 1; i++) {
4069 free(ge_set_all_var);
4074 for (i = 1; i < 4 * runs + 1; i++) {
4086 int ret_on_curve, ret_frac_on_curve, ret_set_xo;
4091 CHECK(ret_on_curve == ret_frac_on_curve);
4092 CHECK(ret_on_curve == ret_set_xo);
4097 for (i = 0; i < 4 * runs + 1; i++) {
4101 CHECK(odd == 0 || odd == 1);
4111 for (i = 0; i < 4 * runs + 1; i++) {
4116 for (i = 0; i < 4 * runs + 1; i++) {
4122 for (i = 0; i < 4 * runs + 1; i++) {
4187 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30,
4188 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb,
4189 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8,
4190 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d
4193 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86,
4194 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7,
4195 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57,
4196 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2
4199 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027,
4200 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a,
4201 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08,
4202 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe
4225 for (i = 0; i <
COUNT + 1; i++) {
4226 unsigned char buf[64];
4252 for (i = 0; i <
COUNT * 32; i++) {
4273 for (i = 0; i <
COUNT; i++) {
4291 for (i = 0; i <
COUNT; i++) {
4312 for (i = 1; i <= 6; i++) {
4318 d[i - 1] = &
data[i - 1];
4328 for (i = 0; i <
COUNT * 8; i++) {
4339 int res_even, res_odd;
4346 CHECK(res_even == res_odd);
4370 for (i = 0; i <
COUNT * 4; i++) {
4403 for (i = 1; i < n; ++i) {
4445 for (i = 0; i < 128; ++i) {
4456 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3,
4457 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004,
4458 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f,
4459 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f
4463 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c,
4464 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407
4467 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9,
4468 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de
4483 for (i = 0; i < 200*
COUNT; i++) {
4499 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE,
4500 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830,
4501 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D,
4502 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88
4555 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fc),
4556 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fd),
4557 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fe),
4558 SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6ff),
4559 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632d),
4560 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632e),
4561 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf7632f),
4562 SECP256K1_SCALAR_CONST(0x2c9c52b3, 0x3fa3cf1f, 0x5ad9e3fd, 0x77ed9ba5, 0xb294b893, 0x3722e9a5, 0x00e698ca, 0x4cf76330),
4563 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b209f),
4564 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a0),
4565 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a1),
4566 SECP256K1_SCALAR_CONST(0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xd576e735, 0x57a4501d, 0xdfe92f46, 0x681b20a2),
4567 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede11),
4568 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede12),
4569 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede13),
4570 SECP256K1_SCALAR_CONST(0xd363ad4c, 0xc05c30e0, 0xa5261c02, 0x88126459, 0xf85915d7, 0x7825b696, 0xbeebc5c2, 0x833ede14),
4571 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a42),
4572 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a43),
4573 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a44),
4574 SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a45)
4599 }
else if (mode == 1) {
4618 for (i = 0; i < 4*
COUNT; ++i) {
4631 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C,
4632 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45
4634 for (i = 0; i < 500; i++) {
4651 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b,
4652 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a,
4653 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c,
4654 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d
4658 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327,
4659 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b
4663 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd,
4664 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786,
4665 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f,
4666 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956
4753 for (i = 0; i < cases; ++i) {
4769 for (i = 0; i < 2*
COUNT; ++i) {
4799 for (i = 0; i < 2*
COUNT; ++i) {
4823 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d,
4824 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b
4827 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd,
4828 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f,
4829 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196,
4830 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435
4837 for (i = 0; i < 100; ++i) {
4862 *sc =
data->sc[idx];
4863 *pt =
data->pt[idx];
4890 for (ncount = 0; ncount <
COUNT; ncount++) {
4926 for (ncount = 0; ncount <
COUNT; ncount++) {
4929 size_t sizes[] = { 2, 10, 32 };
4931 for (j = 0; j < 3; j++) {
4932 for (i = 0; i < 32; i++) {
4940 for (j = 0; j < 3; j++) {
4941 for (i = 0; i < 32; i++) {
4950 for (j = 0; j < 3; j++) {
4952 for (i = 0; i < 16; i++) {
4956 pt[2 * i + 1] = ptg;
4963 for (i = 0; i < 16; i++) {
4979 for (i = 1; i < 32; i++) {
4992 for (ncount = 0; ncount <
COUNT; ncount++) {
4997 for (i = 0; i < 20; i++) {
5011 for (ncount = 0; ncount <
COUNT; ncount++) {
5019 for (i = 0; i < 20; i++) {
5032 for (ncount = 0; ncount < 20; ncount++) {
5049 const size_t TOP = 8;
5058 for(t0i = 0; t0i < TOP; t0i++) {
5059 for(t1i = 0; t1i < TOP; t1i++) {
5071 for(s0i = 0; s0i < TOP; s0i++) {
5072 for(s1i = 0; s1i < TOP; s1i++) {
5140 int g_nonzero = num_nonzero == 0 ? nonzero_result :
5141 num_nonzero == 1 && !nonzero_result ? 1 :
5149 if (rands > num_nonzero) rands = num_nonzero;
5158 if (!nonzero_result) {
5160 CHECK(num_nonzero > filled);
5171 if (nonzero_result && filled < num_nonzero) {
5179 if (nonzero_result) {
5183 mults += filled + g_nonzero;
5187 CHECK(filled <= 1 + !nonzero_result);
5188 CHECK(filled <= num_nonzero);
5192 while (filled < num) {
5207 for (i = 0; i < rands; ++i) {
5211 for (j = 0; j < num_nonzero; ++j) {
5216 gejs[j] = gejs[j +
k];
5217 scalars[j] = scalars[j +
k];
5219 scalars[j +
k] = sc;
5224 for (j = 0; j + 1 < num_nonzero; j += 2) {
5231 CHECK(num_nonzero >= 1);
5235 secp256k1_ecmult(&gejs[num_nonzero - 1], &gejs[num_nonzero - 1], &iv, NULL);
5240 for (i = 0; i < num; ++i) {
5245 gejs[i] = gejs[i + j];
5246 scalars[i] = scalars[i + j];
5248 scalars[i + j] = sc;
5258 mults += num_nonzero + g_nonzero;
5306 size_t n_points_supported;
5307 int bucket_window = 0;
5309 for(; scratch_size < max_size; scratch_size+=256) {
5314 CHECK(scratch != NULL);
5317 if (n_points_supported == 0) {
5336 size_t n_batches, n_batch_points, max_n_batch_points, n;
5338 max_n_batch_points = 0;
5342 max_n_batch_points = 1;
5345 CHECK(n_batches == 0);
5346 CHECK(n_batch_points == 0);
5348 max_n_batch_points = 2;
5351 CHECK(n_batches == 3);
5352 CHECK(n_batch_points == 2);
5357 CHECK(n_batches == 1);
5363 CHECK(n_batches == 2);
5366 max_n_batch_points = 1;
5369 CHECK(n_batches == SIZE_MAX);
5370 CHECK(n_batch_points == 1);
5372 max_n_batch_points = 2;
5375 CHECK(n_batches == SIZE_MAX/2 + 1);
5376 CHECK(n_batch_points == 2);
5399 for(i = 0; i < n_points; i++) {
5430 for(i = 1; i <= n_points; i++) {
5450 int64_t todo = (int64_t)320 *
COUNT;
5485 for (i = bits-1; i >= 0; i--) {
5489 CHECK(zeroes == -1 || zeroes >= w-1);
5491 CHECK((v & 1) == 1);
5492 CHECK(v <= (1 << (w-1)) - 1);
5493 CHECK(v >= -(1 << (w-1)) - 1);
5495 CHECK(zeroes != -1);
5511 int wnaf[256] = {0};
5525 CHECK(v == 0 || v & 1);
5526 CHECK(v > -(1 << w));
5527 CHECK(v < (1 << w));
5548 CHECK(wnaf[i] == 0);
5550 for (i = 7; i >= 0; --i) {
5551 CHECK(wnaf[i] == wnaf_expected[i]);
5557 int wnaf[256] = {0};
5576 CHECK(wnaf[0] == 1);
5580 int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf };
5587 int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf };
5594 int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 };
5601 int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 };
5616 for (i = 0; i <
COUNT; i++) {
5641 unsigned char bytes[65];
5658 const unsigned char zerobyte[1] = {0};
5678 unsigned char b32[32];
5684 static const unsigned char expected32[32] = {
5685 0xe4, 0x71, 0x1b, 0x4d, 0x14, 0x1e, 0x68, 0x48,
5686 0xb7, 0xaf, 0x47, 0x2b, 0x4c, 0xd2, 0x04, 0x14,
5687 0x3a, 0x75, 0x87, 0x60, 0x1a, 0xf9, 0x63, 0x60,
5688 0xd0, 0xcb, 0x1f, 0xaa, 0x85, 0x9a, 0xb7, 0xb4
5691 for (i = 0; i <= 36; ++i) {
5697 for (i = 0; i < 256; ++i) {
5698 for (j = 1; j < 256; j += 2) {
5721 unsigned char b32[32];
5722 unsigned char inp[6];
5728 inp[1] = (
prefix >> 8) & 0xFF;
5729 inp[2] = (
prefix >> 16) & 0xFF;
5730 inp[3] = (
prefix >> 24) & 0xFF;
5739 for (i = 0; i < iter; ++i) {
5742 inp[5] = (i >> 8) & 0xff;
5758 static const unsigned char expected32_6bit20[32] = {
5759 0x68, 0xb6, 0xed, 0x6f, 0x28, 0xca, 0xc9, 0x7f,
5760 0x8e, 0x8b, 0xd6, 0xc0, 0x61, 0x79, 0x34, 0x6e,
5761 0x5a, 0x8f, 0x2b, 0xbc, 0x3e, 0x1f, 0xc5, 0x2e,
5762 0x2a, 0xd0, 0x45, 0x67, 0x7f, 0x95, 0x95, 0x8e
5764 static const unsigned char expected32_8bit8[32] = {
5765 0x8b, 0x65, 0x8e, 0xea, 0x86, 0xae, 0x3c, 0x95,
5766 0x90, 0xb6, 0x77, 0xa4, 0x8c, 0x76, 0xd9, 0xec,
5767 0xf5, 0xab, 0x8a, 0x2f, 0xfd, 0xdb, 0x19, 0x12,
5768 0x1a, 0xee, 0xe6, 0xb7, 0x6e, 0x05, 0x3f, 0xc6
5794 for (i = 0; i <
COUNT; i++) {
5812 unsigned char seed32[32];
5852 for (i = -1; i < 2; ++i) {
5867 for (i = 0; i < 10; i++) {
5875 const unsigned char zero[32] = {0};
5876 unsigned char tmp[32];
5911 for (i = 0; i < 100U *
COUNT; ++i) {
5922 unsigned char pubkeyc[65];
5927 for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) {
5930 memcpy(&pubkeyc[1], input, 64);
5932 for (i = 0; i < 256; i++) {
5939 ysign = (input[63] & 1) + 2;
5941 xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2);
5943 ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) &&
5944 ((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65));
5945 if (xpass || ypass) {
5947 unsigned char pubkeyo[65];
5949 memset(&pubkey, 0,
sizeof(pubkey));
5959 CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0]));
5962 CHECK(pubkeyo[0] == ysign);
5964 memset(&pubkey, 0,
sizeof(pubkey));
5973 CHECK(pubkeyo[0] == 4);
5978 memset(&pubkey, 0xfe,
sizeof(pubkey));
5989#define SECP256K1_EC_PARSE_TEST_NVALID (12)
5993 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52,
5994 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5995 0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83,
5996 0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00
6000 0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9,
6001 0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee,
6002 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
6003 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
6007 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6008 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
6009 0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e,
6010 0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d,
6014 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6015 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
6016 0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1,
6017 0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2,
6021 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6022 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
6023 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
6024 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
6028 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6029 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
6030 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
6031 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
6035 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
6036 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
6037 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6038 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
6042 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
6043 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
6044 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6045 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
6049 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
6050 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
6051 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6052 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
6056 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
6057 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
6058 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6059 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
6063 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
6064 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
6065 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6066 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
6070 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
6071 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
6072 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6073 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
6076#define SECP256K1_EC_PARSE_TEST_NXVALID (4)
6080 0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
6081 0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
6082 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6083 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
6087 0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
6088 0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
6089 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6090 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
6094 0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
6095 0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
6096 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6097 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
6101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6102 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
6103 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6104 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
6107#define SECP256K1_EC_PARSE_TEST_NINVALID (7)
6111 0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c,
6112 0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53,
6113 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
6118 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6119 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
6120 0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
6121 0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
6125 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6126 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
6127 0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
6128 0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
6132 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6133 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
6134 0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f,
6135 0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28,
6139 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
6140 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
6141 0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0,
6142 0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07,
6146 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6147 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6148 0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d,
6149 0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc,
6153 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6154 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
6155 0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2,
6156 0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53
6159 const unsigned char pubkeyc[66] = {
6161 0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B,
6162 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17,
6163 0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08,
6164 0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4,
6167 unsigned char sout[65];
6168 unsigned char shortkey[2] = { 0 };
6177 memset(&pubkey, 0xfe,
sizeof(pubkey));
6184 for (i = 0; i < 256 ; i++) {
6185 memset(&pubkey, 0xfe,
sizeof(pubkey));
6194 for (i = 0; i < 65536 ; i++) {
6195 memset(&pubkey, 0xfe,
sizeof(pubkey));
6196 shortkey[0] = i & 255;
6197 shortkey[1] = i >> 8;
6203 memset(&pubkey, 0xfe,
sizeof(pubkey));
6212 memset(&pubkey, 0xfe,
sizeof(pubkey));
6218 memset(&pubkey, 0xfe,
sizeof(pubkey));
6224 memset(&pubkey, 0xfe,
sizeof(pubkey));
6230 memset(&pubkey, 0,
sizeof(pubkey));
6276 unsigned char ctmp[33];
6277 unsigned char ctmp2[33];
6292 memset(ctmp, 255, 32);
6294 memset(&pubkey, 1,
sizeof(pubkey));
6300 memset(ctmp, 0, 32);
6302 memset(&pubkey, 1,
sizeof(pubkey));
6310 memset(&pubkey, 0,
sizeof(pubkey));
6315 pubkey_one = pubkey;
6317 memcpy(ctmp, orderc, 32);
6320 memset(&pubkey, 1,
sizeof(pubkey));
6328 memset(&pubkey, 0,
sizeof(pubkey));
6333 pubkey_negone = pubkey;
6335 memset(ctmp2, 0, 32);
6338 memcpy(&pubkey2, &pubkey,
sizeof(pubkey));
6346 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6349 memcpy(ctmp, orderc, 32);
6350 memset(ctmp2, 0, 32);
6356 memcpy(ctmp, orderc, 32);
6361 memcpy(ctmp, orderc, 32);
6365 memcpy(ctmp, orderc, 32);
6369 memcpy(ctmp, orderc, 32);
6375 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6378 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6382 memcpy(ctmp, orderc, 32);
6384 memset(ctmp2, 0, 32);
6391 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6407 memset(&pubkey, 0, 32);
6410 memcpy(&pubkey, &pubkey2,
sizeof(pubkey));
6411 memset(&pubkey2, 0, 32);
6417 memset(ctmp2, 0, 32);
6421 memset(ctmp2, 0, 32);
6425 memset(ctmp2, 0, 32);
6428 memset(ctmp2, 0, 32);
6433 memset(&pubkey, 1,
sizeof(pubkey));
6437 pubkeys[0] = &pubkey_one;
6453 pubkeys[0] = &pubkey_negone;
6464 pubkeys[0] = &pubkey_one;
6465 pubkeys[1] = &pubkey_negone;
6472 pubkeys[2] = &pubkey_one;
6479 for (i = 0; i < 3; i++) {
6484 pubkeys[i] = original_ptr;
6491 pubkeys[1] = &pubkey_one;
6500 unsigned char seckey[32];
6501 unsigned char seckey_tmp[32];
6504 memcpy(seckey_tmp, seckey, 32);
6513 memset(seckey, 0, 32);
6514 memset(seckey_tmp, 0, 32);
6523 memset(seckey, 0xFF, 16);
6524 memset(seckey_tmp, 0, 32);
6551 CHECK(recid >= 0 && recid < 4);
6563 for (i = 0; i < 10*
COUNT; i++) {
6569static int precomputed_nonce_function(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *
data,
unsigned int counter) {
6573 memcpy(nonce32,
data, 32);
6574 return (counter == 0);
6577static int nonce_function_test_fail(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *
data,
unsigned int counter) {
6585static int nonce_function_test_retry(
unsigned char *nonce32,
const unsigned char *msg32,
const unsigned char *key32,
const unsigned char *algo16,
void *
data,
unsigned int counter) {
6588 memset(nonce32, counter==0 ? 0 : 255, 32);
6615 unsigned char extra[32] = {0x00};
6616 unsigned char privkey[32];
6617 unsigned char message[32];
6618 unsigned char privkey2[32];
6621 unsigned char sig[74];
6623 unsigned char pubkeyc[65];
6624 size_t pubkeyclen = 65;
6627 unsigned char seckey[300];
6628 size_t seckeylen = 300;
6645 memset(&pubkey, 0,
sizeof(pubkey));
6649 memcpy(&pubkey_tmp, &pubkey,
sizeof(pubkey));
6664 unsigned char rnd[32];
6669 CHECK(ret1 == ret2);
6681 unsigned char rnd[32];
6686 CHECK(ret1 == ret2);
6734 memset(&signature[0], 0,
sizeof(signature[0]));
6748 unsigned char in[65];
6769 unsigned char out[65];
6770 unsigned char firstb;
6782 if ((in[0] != 6) && (in[0] != 7)) {
6792 if (firstb == 2 || firstb == 3) {
6793 if (in[0] == firstb + 4) {
6808 unsigned char pk1_ser[33] = {
6810 0x58, 0x84, 0xb3, 0xa2, 0x4b, 0x97, 0x37, 0x88, 0x92, 0x38, 0xa6, 0x26, 0x62, 0x52, 0x35, 0x11,
6811 0xd0, 0x9a, 0xa1, 0x1b, 0x80, 0x0b, 0x5e, 0x93, 0x80, 0x26, 0x11, 0xef, 0x67, 0x4b, 0xd9, 0x23
6813 const unsigned char pk2_ser[33] = {
6815 0xde, 0x36, 0x0e, 0x87, 0x59, 0x8f, 0x3c, 0x01, 0x36, 0x2a, 0x2a, 0xb8, 0xc6, 0xf4, 0x5e, 0x4d,
6816 0xb2, 0xc2, 0xd5, 0x03, 0xa7, 0xf9, 0xf1, 0x4f, 0xa8, 0xfa, 0x95, 0xa8, 0xe9, 0x69, 0x76, 0x1c
6832 memset(&pk_tmp, 0,
sizeof(pk_tmp));
6856 for (i = 0; i < n_pk; i++) {
6857 pk_test[i] = &
pk[pk_order[i]];
6860 for (i = 0; i < n_pk; i++) {
6867 for (i = n - 1; i >= 1; i--) {
6881 pks_ptr[0] = &pks[0];
6882 pks_ptr[1] = &pks[1];
6889 for (i = 0; i < 2; i++) {
6893 pks_ptr[i] = original_ptr;
6898 memset(&pks[0], 0,
sizeof(pks[0]));
6900 memset(&pks[1], 0,
sizeof(pks[1]));
6912 unsigned char pk_ser[5][33] = {
6920 size_t pk_order[5] = { 0, 1, 2, 3, 4 };
6922 for (i = 0; i < 5; i++) {
6932 for (i = 0; i <
COUNT; i++) {
6936 for (i = 0; i <
COUNT; i++) {
6941 for (i = 0; i <
COUNT; i++) {
6944 for (j = 0; j < 5; j++) {
6949 for (j = 1; j < 5; j++) {
6959 { 0x02, 0xDD, 0x30, 0x8A, 0xFE, 0xC5, 0x77, 0x7E, 0x13, 0x12, 0x1F,
6960 0xA7, 0x2B, 0x9C, 0xC1, 0xB7, 0xCC, 0x01, 0x39, 0x71, 0x53, 0x09,
6961 0xB0, 0x86, 0xC9, 0x60, 0xE1, 0x8F, 0xD9, 0x69, 0x77, 0x4E, 0xB8 },
6962 { 0x02, 0xF9, 0x30, 0x8A, 0x01, 0x92, 0x58, 0xC3, 0x10, 0x49, 0x34,
6963 0x4F, 0x85, 0xF8, 0x9D, 0x52, 0x29, 0xB5, 0x31, 0xC8, 0x45, 0x83,
6964 0x6F, 0x99, 0xB0, 0x86, 0x01, 0xF1, 0x13, 0xBC, 0xE0, 0x36, 0xF9 },
6965 { 0x03, 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F, 0x36, 0x18,
6966 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE, 0x58, 0xFE, 0xAE, 0x1D, 0xA2,
6967 0xDE, 0xCE, 0xD8, 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59 },
6968 { 0x02, 0x35, 0x90, 0xA9, 0x4E, 0x76, 0x8F, 0x8E, 0x18, 0x15, 0xC2,
6969 0xF2, 0x4B, 0x4D, 0x80, 0xA8, 0xE3, 0x14, 0x93, 0x16, 0xC3, 0x51,
6970 0x8C, 0xE7, 0xB7, 0xAD, 0x33, 0x83, 0x68, 0xD0, 0x38, 0xCA, 0x66 },
6971 { 0x02, 0xDD, 0x30, 0x8A, 0xFE, 0xC5, 0x77, 0x7E, 0x13, 0x12, 0x1F,
6972 0xA7, 0x2B, 0x9C, 0xC1, 0xB7, 0xCC, 0x01, 0x39, 0x71, 0x53, 0x09,
6973 0xB0, 0x86, 0xC9, 0x60, 0xE1, 0x8F, 0xD9, 0x69, 0x77, 0x4E, 0xFF },
6974 { 0x02, 0xDD, 0x30, 0x8A, 0xFE, 0xC5, 0x77, 0x7E, 0x13, 0x12, 0x1F,
6975 0xA7, 0x2B, 0x9C, 0xC1, 0xB7, 0xCC, 0x01, 0x39, 0x71, 0x53, 0x09,
6976 0xB0, 0x86, 0xC9, 0x60, 0xE1, 0x8F, 0xD9, 0x69, 0x77, 0x4E, 0xB8 }
6983 sorted[0] = &pubkeys[3];
6984 sorted[1] = &pubkeys[0];
6985 sorted[2] = &pubkeys[0];
6986 sorted[3] = &pubkeys[4];
6987 sorted[4] = &pubkeys[1];
6988 sorted[5] = &pubkeys[2];
6992 pks_ptr[i] = &pubkeys[i];
7009 for (i = 0; i < 10*
COUNT; i++) {
7016 for (i = 0; i < 64*
COUNT; i++) {
7021static int test_ecdsa_der_parse(
const unsigned char *sig,
size_t siglen,
int certainly_der,
int certainly_not_der) {
7022 static const unsigned char zeroes[32] = {0};
7027 unsigned char roundtrip_der[2048];
7028 unsigned char compact_der[64];
7029 size_t len_der = 2048;
7030 int parsed_der = 0, valid_der = 0, roundtrips_der = 0;
7033 unsigned char roundtrip_der_lax[2048];
7034 unsigned char compact_der_lax[64];
7035 size_t len_der_lax = 2048;
7036 int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0;
7049 if (parsed_der_lax) {
7053 if (valid_der_lax) {
7055 roundtrips_der_lax = (len_der_lax == siglen) &&
secp256k1_memcmp_var(roundtrip_der_lax, sig, siglen) == 0;
7058 if (certainly_der) {
7059 ret |= (!parsed_der) << 2;
7061 if (certainly_not_der) {
7062 ret |= (parsed_der) << 17;
7065 ret |= (!roundtrips_der) << 3;
7069 ret |= (!roundtrips_der_lax) << 12;
7070 ret |= (len_der != len_der_lax) << 13;
7071 ret |= ((len_der != len_der_lax) || (
secp256k1_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14;
7073 ret |= (roundtrips_der != roundtrips_der_lax) << 15;
7075 ret |= (!parsed_der_lax) << 16;
7083 for (i = 0; i < ptrlen; i++) {
7084 int shift = ptrlen - 1 - i;
7088 ptr[i] = (val >> shift) & 0xFF;
7096 if (action < 1 && *len > 3) {
7099 memmove(sig + pos, sig + pos + 1, *len - pos - 1);
7102 }
else if (action < 2 && *len < 2048) {
7105 memmove(sig + pos + 1, sig + pos, *len - pos);
7109 }
else if (action < 4) {
7122 int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2];
7123 size_t tlen, elen, glen;
7129 *certainly_der = der;
7130 *certainly_not_der = 0;
7133 for (n = 0; n < 2; n++) {
7138 CHECK(nlen[n] <= 232);
7140 nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 :
testrand_bits(1));
7145 if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) {
7146 *certainly_not_der = 1;
7148 CHECK(nlen[n] + nzlen[n] <= 300);
7150 nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2);
7156 *certainly_not_der = 1;
7159 CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427);
7163 tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1];
7169 *certainly_not_der = 1;
7177 *certainly_not_der = 1;
7179 CHECK(tlen + glen <= 990);
7182 sig[(*len)++] = 0x30;
7185 sig[(*len)++] = 0x80;
7186 *certainly_not_der = 1;
7188 int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2);
7193 *certainly_not_der = 1;
7198 sig[(*len)++] = tlen;
7201 sig[(*len)++] = 128 + tlenlen;
7208 CHECK(tlen + glen <= 1119);
7210 for (n = 0; n < 2; n++) {
7212 sig[(*len)++] = 0x02;
7213 if (nlenlen[n] == 0) {
7215 sig[(*len)++] = nlen[n] + nzlen[n];
7218 sig[(*len)++] = 128 + nlenlen[n];
7223 while (nzlen[n] > 0) {
7224 sig[(*len)++] = 0x00;
7227 if (nlen[n] == 32 && !nlow[n]) {
7230 for (i = 0; i < 16; i++) {
7231 sig[(*len)++] = 0xFF;
7237 sig[(*len)++] = nhbyte[n];
7256 CHECK(tlen + glen <= 1121);
7262 CHECK(tlen <= 1121);
7263 CHECK(tlen == *len);
7268 for (i = 0; i < 200 *
COUNT; i++) {
7269 unsigned char buffer[2048];
7271 int certainly_der = 0;
7272 int certainly_not_der = 0;
7274 CHECK(buflen <= 2048);
7275 for (j = 0; j < 16; j++) {
7281 certainly_not_der = 0;
7286 fprintf(stderr,
"Failure %x on ",
ret);
7287 for (
k = 0;
k < buflen;
k++) {
7288 fprintf(stderr,
"%02x ", buffer[
k]);
7290 fprintf(stderr,
"\n");
7318 const unsigned char pubkey_mods_zero[33] = {
7319 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
7320 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
7321 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
7322 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
7337 const unsigned char pubkey[33] = {
7338 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7339 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7340 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7341 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7356 const unsigned char pubkey[33] = {
7357 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7358 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7359 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7360 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7363 const unsigned char pubkey2[33] = {
7364 0x02, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
7365 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
7366 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
7367 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
7391 const unsigned char pubkey[33] = {
7392 0x02, 0x14, 0x4e, 0x5a, 0x58, 0xef, 0x5b, 0x22,
7393 0x6f, 0xd2, 0xe2, 0x07, 0x6a, 0x77, 0xcf, 0x05,
7394 0xb4, 0x1d, 0xe7, 0x4a, 0x30, 0x98, 0x27, 0x8c,
7395 0x93, 0xe6, 0xe6, 0x3c, 0x0b, 0xc4, 0x73, 0x76,
7398 const unsigned char pubkey2[33] = {
7399 0x02, 0x8a, 0xd5, 0x37, 0xed, 0x73, 0xd9, 0x40,
7400 0x1d, 0xa0, 0x33, 0xd2, 0xdc, 0xf0, 0xaf, 0xae,
7401 0x34, 0xcf, 0x5f, 0x96, 0x4c, 0x73, 0x28, 0x0f,
7402 0x92, 0xc0, 0xf6, 0x9d, 0xd9, 0xb2, 0x09, 0x10,
7405 const unsigned char csr[32] = {
7406 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7407 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7408 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
7409 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb
7433 const unsigned char pubkey[33] = {
7434 0x03, 0xaf, 0x97, 0xff, 0x7d, 0x3a, 0xf6, 0xa0,
7435 0x02, 0x94, 0xbd, 0x9f, 0x4b, 0x2e, 0xd7, 0x52,
7436 0x28, 0xdb, 0x49, 0x2a, 0x65, 0xcb, 0x1e, 0x27,
7437 0x57, 0x9c, 0xba, 0x74, 0x20, 0xd5, 0x1d, 0x20,
7440 const unsigned char csr[32] = {
7441 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7442 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7443 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4,
7444 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee
7466 unsigned char signature[72];
7467 static const unsigned char nonce[32] = {
7468 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7469 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7470 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7471 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7473 static const unsigned char nonce2[32] = {
7474 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
7475 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
7476 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
7477 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40
7479 const unsigned char key[32] = {
7480 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7481 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7482 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
7483 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
7485 unsigned char msg[32] = {
7486 0x86, 0x41, 0x99, 0x81, 0x06, 0x23, 0x44, 0x53,
7487 0xaa, 0x5f, 0x9d, 0x6a, 0x31, 0x78, 0xf4, 0xf7,
7488 0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62,
7489 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9,
7525 memset(signature, 255, 64);
7530 for (
t = 0;
t < 2;
t++) {
7531 static const unsigned char zero[32] = {0x00};
7533 unsigned char key[32];
7534 unsigned char msg[32];
7537 const unsigned char *extra;
7538 extra =
t == 0 ? NULL : zero;
7542 memset(key, 0xFF, 32);
7564 for(i = 0; i < 256; i++) {
7570 for (j = 0; j < i; j++) {
7577 for(i = 256; i < 512; i++) {
7583 for (j = 0; j < i; j++) {
7592 const unsigned char zeros[32] = {0};
7593 unsigned char nonce[32];
7594 unsigned char nonce2[32];
7595 unsigned char nonce3[32];
7596 unsigned char nonce4[32];
7620 unsigned char privkey[300];
7622 size_t outlen = 300;
7634 unsigned char sk[32] = {1}, msg32[32] = {1};
7638 CHECK(!sha256_ecdsa_called);
7643 CHECK(sha256_ecdsa_called);
7663 const unsigned char *
msg, *sig, *
pk;
7664 unsigned char out[32] = {0};
7665 int actual_verify = 0;
7667 memset(&pubkey, 0,
sizeof(pubkey));
7689#ifdef ENABLE_MODULE_ECDH
7693#ifdef ENABLE_MODULE_RECOVERY
7697#ifdef ENABLE_MODULE_EXTRAKEYS
7701#ifdef ENABLE_MODULE_SCHNORRSIG
7705#ifdef ENABLE_MODULE_MUSIG
7709#ifdef ENABLE_MODULE_ELLSWIFT
7714 unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
7715 unsigned char buf2[
sizeof(buf1)];
7718 memcpy(buf2, buf1,
sizeof(buf1));
7723 memset(buf2, 0,
sizeof(buf2));
7730 unsigned char buf1[3] = {0, 1};
7731 unsigned char buf2[3] = {1, 0};
7742 const uint32_t x = 0xFF03AB45;
7743 const unsigned char x_be[4] = {0xFF, 0x03, 0xAB, 0x45};
7744 unsigned char buf[4];
7755 const uint64_t x = 0xCAFE0123BEEF4567;
7756 const unsigned char x_be[8] = {0xCA, 0xFE, 0x01, 0x23, 0xBE, 0xEF, 0x45, 0x67};
7757 unsigned char buf[8];
7773 CHECK(r == INT_MAX);
7777 CHECK(r == INT_MAX);
7797 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7798 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
7827 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7828 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
7855 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
7856 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364140UL
7882 static const secp256k1_ge_storage zero =
SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
7883 static const secp256k1_ge_storage one =
SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1);
7885 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7886 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7887 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
7888 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
7927 CASE(xoshiro256pp_tests),
7933 CASE(selftest_tests),
7934 CASE(all_proper_context_tests),
7935 CASE(all_static_context_tests),
7936 CASE(deprecated_context_flags_test),
7937 CASE(scratch_tests),
7938 CASE(plug_sha256_compression_tests),
7939 CASE(sha256_multi_block_compression_tests),
7943#ifdef SECP256K1_WIDEMUL_INT128
7948 CASE(inverse_tests),
7952 CASE(sha256_known_output_tests),
7953 CASE(sha256_counter_tests),
7954 CASE(hmac_sha256_tests),
7955 CASE(rfc6979_hmac_sha256_tests),
7956 CASE(tagged_sha256_tests),
7957 CASE(sha256_initialize_midstate_tests),
7967 CASE(field_convert),
7968 CASE(field_be32_overflow),
7977 CASE(group_decompress),
7983 CASE(point_times_order),
7984 CASE(ecmult_near_split_bound),
7986 CASE(ecmult_constants),
7987 CASE(ecmult_gen_ge),
7988 CASE(ecmult_gen_blind),
7989 CASE(ecmult_const_tests),
7990 CASE(ecmult_multi_tests),
7995 CASE(endomorphism_tests),
7996 CASE(ec_pubkey_parse_test),
7997 CASE(eckey_edge_case_test),
7998 CASE(eckey_negate_test),
8002 CASE(ec_illegal_argument_tests),
8003 CASE(pubkey_comparison),
8005 CASE(random_pubkeys),
8006 CASE(ecdsa_der_parse),
8007 CASE(ecdsa_sign_verify),
8008 CASE(ecdsa_end_to_end),
8009 CASE(ecdsa_edge_cases),
8010 CASE(ecdsa_wycheproof),
8016 CASE(secp256k1_memczero_test),
8017 CASE(secp256k1_is_zero_array_test),
8018 CASE(secp256k1_byteorder_tests),
8032#ifdef ENABLE_MODULE_ECDH
8036#ifdef ENABLE_MODULE_RECOVERY
8040#ifdef ENABLE_MODULE_EXTRAKEYS
8043#ifdef ENABLE_MODULE_SCHNORRSIG
8046#ifdef ENABLE_MODULE_MUSIG
8049#ifdef ENABLE_MODULE_ELLSWIFT
8063 unsigned char rand32[32];
8096 if (
tf_init(&tf, argc, argv) != 0)
return EXIT_FAILURE;
8100#if defined(__GNUC__)
8101# pragma GCC diagnostic pop
#define SECP256K1_CHECKMEM_UNDEFINE(p, len)
#define SECP256K1_CHECKMEM_CHECK(p, len)
static const wycheproof_ecdh_testvector testvectors[SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS]
static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *r, secp256k1_scalar *s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid)
static int secp256k1_ecdsa_sig_verify(const secp256k1_scalar *r, const secp256k1_scalar *s, const secp256k1_ge *pubkey, const secp256k1_scalar *message)
static const unsigned char wycheproof_ecdsa_signatures[]
static const unsigned char wycheproof_ecdsa_public_keys[]
static const unsigned char wycheproof_ecdsa_messages[]
#define SECP256K1_ECDSA_WYCHEPROOF_NUMBER_TESTVECTORS
static void secp256k1_eckey_pubkey_serialize65(secp256k1_ge *elem, unsigned char *pub65)
Serialize a group element (that is not allowed to be infinity) to an uncompressed public key (65 byte...
static void secp256k1_eckey_pubkey_serialize33(secp256k1_ge *elem, unsigned char *pub33)
Serialize a group element (that is not allowed to be infinity) to a compressed public key (33 bytes).
static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size)
static int secp256k1_ecmult_multi_var(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai.
#define ECMULT_TABLE_SIZE(w)
The number of entries a table with precomputed multiples needs to have.
static void secp256k1_ecmult(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng)
Double multiply: R = na*A + ng*G.
static int secp256k1_ecmult_const_xonly(secp256k1_fe *r, const secp256k1_fe *n, const secp256k1_fe *d, const secp256k1_scalar *q, int known_on_curve)
Same as secp256k1_ecmult_const, but takes in an x coordinate of the base point only,...
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q)
Multiply: R = q*A (in constant-time for q)
static const secp256k1_scalar secp256k1_ecmult_const_K
static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const secp256k1_hash_ctx *hash_ctx, const unsigned char *seed32)
static void secp256k1_ecmult_gen_ge(const secp256k1_ecmult_gen_context *ctx, secp256k1_ge *r, const secp256k1_scalar *a)
static void secp256k1_ecmult_gen_gej(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *a)
Multiply with the generator: R = a*G.
#define STRAUSS_SCRATCH_OBJECTS
static size_t secp256k1_pippenger_bucket_window_inv(int bucket_window)
Returns the maximum optimal number of points for a bucket_window.
static size_t secp256k1_pippenger_max_points(const secp256k1_callback *error_callback, secp256k1_scratch *scratch)
Returns the maximum number of points in addition to G that can be used with a given scratch space.
static int secp256k1_ecmult_strauss_batch_single(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
static int secp256k1_wnaf_fixed(int *wnaf, const secp256k1_scalar *s, int w)
Convert a number to WNAF notation.
static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w)
Convert a number to WNAF notation.
static size_t secp256k1_strauss_scratch_size(size_t n_points)
#define ECMULT_PIPPENGER_THRESHOLD
static int secp256k1_pippenger_bucket_window(size_t n)
Returns optimal bucket_window (number of bits of a scalar represented by a set of buckets) for a give...
static int secp256k1_ecmult_pippenger_batch_single(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
#define ECMULT_MAX_POINTS_PER_BATCH
#define PIPPENGER_MAX_BUCKET_WINDOW
#define PIPPENGER_SCRATCH_OBJECTS
static int secp256k1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n)
static size_t secp256k1_pippenger_scratch_size(size_t n_points, int bucket_window)
Returns the scratch size required for a given number of points (excluding base point G) without consi...
int(* secp256k1_ecmult_multi_func)(const secp256k1_callback *error_callback, secp256k1_scratch *, secp256k1_gej *, const secp256k1_scalar *, secp256k1_ecmult_multi_callback cb, void *, size_t)
#define secp256k1_fe_cmov
#define secp256k1_fe_negate(r, a, m)
Negate a field element.
#define secp256k1_fe_mul_int(r, a)
Multiply a field element with a small integer.
#define secp256k1_fe_normalizes_to_zero_var
#define secp256k1_fe_cmp_var
#define secp256k1_fe_normalize_weak
#define secp256k1_fe_is_odd
static const secp256k1_fe secp256k1_fe_one
static int secp256k1_fe_sqrt(secp256k1_fe *SECP256K1_RESTRICT r, const secp256k1_fe *SECP256K1_RESTRICT a)
Compute a square root of a field element.
#define secp256k1_fe_normalize_var
#define secp256k1_fe_half
#define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
This expands to an initializer for a secp256k1_fe valued sum((i*32) * d_i, i=0..7) mod p.
#define secp256k1_fe_to_storage
#define secp256k1_fe_inv_var
#define secp256k1_fe_is_zero
#define secp256k1_fe_set_b32_limit
#define secp256k1_fe_is_square_var
#define secp256k1_fe_get_bounds
#define secp256k1_fe_from_storage
#define secp256k1_fe_set_b32_mod
#define secp256k1_fe_negate_unchecked
#define secp256k1_fe_get_b32
#define secp256k1_fe_normalizes_to_zero
#define secp256k1_fe_normalize
static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b)
Determine whether two field elements are equal.
static void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag)
If flag is 1, set *r equal to *a; if flag is 0, leave it.
#define secp256k1_fe_add_int
#define secp256k1_fe_set_int
#define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
#define SECP256K1_GEJ_CONST_INFINITY
#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static int secp256k1_gej_eq_var(const secp256k1_gej *a, const secp256k1_gej *b)
Check two group elements (jacobian) for equality in variable time.
static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
Set r equal to the double of a.
static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv)
Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv).
static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a)
Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast.
static void secp256k1_gej_set_infinity(secp256k1_gej *r)
Set a group element (jacobian) equal to the point at infinity.
static int secp256k1_gej_is_infinity(const secp256k1_gej *a)
Check whether a group element is the point at infinity.
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd)
Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y.
static int secp256k1_ge_eq_var(const secp256k1_ge *a, const secp256k1_ge *b)
Check two group elements (affine) for equality in variable time.
static int secp256k1_ge_x_on_curve_var(const secp256k1_fe *x)
Determine whether x is a valid X coordinate on the curve.
static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b (with b given in affine coordinates).
static void secp256k1_ge_to_bytes_ext(unsigned char *data, const secp256k1_ge *ge)
Convert a group element (that is allowed to be infinity) to a 64-byte array.
static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)
Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity).
static int secp256k1_gej_eq_ge_var(const secp256k1_gej *a, const secp256k1_ge *b)
Check two group elements (jacobian and affine) for equality in variable time.
static int secp256k1_ge_is_valid_var(const secp256k1_ge *a)
Check whether a group element is valid (i.e., on the curve).
static void secp256k1_ge_from_bytes_ext(secp256k1_ge *ge, const unsigned char *data)
Convert a 64-byte array into a group element.
static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a)
Convert a group element back from the storage type.
static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b.
static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b)
Rescale a jacobian point by b which must be non-zero.
static int secp256k1_ge_x_frac_on_curve_var(const secp256k1_fe *xn, const secp256k1_fe *xd)
Determine whether fraction xn/xd is a valid X coordinate on the curve (xd != 0).
static void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag)
If flag is 1, set *r equal to *a; if flag is 0, leave it.
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
static void secp256k1_ge_set_all_gej(secp256k1_ge *r, const secp256k1_gej *a, size_t len)
Set group elements r[0:len] (affine) equal to group elements a[0:len] (jacobian).
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)
Check whether a group element is the point at infinity.
static void secp256k1_ge_set_infinity(secp256k1_ge *r)
Set a group element (affine) equal to the point at infinity.
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len)
Set group elements r[0:len] (affine) equal to group elements a[0:len] (jacobian).
static void secp256k1_gej_double(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the double of a.
static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a)
Set a group element (jacobian) equal to another which is given in affine coordinates.
static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a)
Convert a group element to the storage type.
#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static void secp256k1_ge_to_bytes(unsigned char *buf, const secp256k1_ge *a)
Convert a group element that is not infinity to a 64-byte array.
static void secp256k1_gej_cmov(secp256k1_gej *r, const secp256k1_gej *a, int flag)
If flag is 1, set *r equal to *a; if flag is 0, leave it.
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
static void secp256k1_ge_from_bytes(secp256k1_ge *r, const unsigned char *buf)
Convert a 64-byte array into group element.
static const secp256k1_ge secp256k1_ge_const_g
static void secp256k1_sha256_transform(uint32_t *state, const unsigned char *blocks64, size_t n_blocks)
static void secp256k1_sha256_initialize_tagged(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, const unsigned char *tag, size_t taglen)
static void secp256k1_hsort(void *ptr, size_t count, size_t size, int(*cmp)(const void *, const void *, void *), void *cmp_data)
static SECP256K1_INLINE void secp256k1_heap_swap(unsigned char *arr, size_t i, size_t j, size_t stride)
int128_t secp256k1_int128
static SECP256K1_INLINE void secp256k1_i128_load(secp256k1_int128 *r, int64_t hi, uint64_t lo)
static SECP256K1_INLINE void secp256k1_i128_det(secp256k1_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d)
static SECP256K1_INLINE int secp256k1_u128_check_bits(const secp256k1_uint128 *r, unsigned int n)
static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int n)
static SECP256K1_INLINE uint64_t secp256k1_u128_hi_u64(const secp256k1_uint128 *a)
static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a)
static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a)
static SECP256K1_INLINE void secp256k1_u128_from_u64(secp256k1_uint128 *r, uint64_t a)
static SECP256K1_INLINE int secp256k1_i128_eq_var(const secp256k1_int128 *a, const secp256k1_int128 *b)
static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a)
static SECP256K1_INLINE void secp256k1_i128_mul(secp256k1_int128 *r, int64_t a, int64_t b)
static SECP256K1_INLINE void secp256k1_u128_rshift(secp256k1_uint128 *r, unsigned int n)
static SECP256K1_INLINE int secp256k1_i128_check_pow2(const secp256k1_int128 *r, unsigned int n, int sign)
static SECP256K1_INLINE void secp256k1_u128_accum_u64(secp256k1_uint128 *r, uint64_t a)
static SECP256K1_INLINE void secp256k1_i128_accum_mul(secp256k1_int128 *r, int64_t a, int64_t b)
static SECP256K1_INLINE void secp256k1_u128_accum_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b)
static SECP256K1_INLINE void secp256k1_u128_load(secp256k1_uint128 *r, uint64_t hi, uint64_t lo)
static SECP256K1_INLINE void secp256k1_u128_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b)
static SECP256K1_INLINE uint64_t secp256k1_u128_to_u64(const secp256k1_uint128 *a)
int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed)
Export a private key in DER format.
int ec_privkey_import_der(const secp256k1_context *ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen)
Import a private key in DER format.
#define CHECK(cond)
Unconditional failure on condition failure.
static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static void secp256k1_modinv32(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static int secp256k1_jacobi32_maybe_var(const secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo)
static void secp256k1_modinv64(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
static int secp256k1_jacobi64_maybe_var(const secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo)
static int sign(const secp256k1_context *ctx, struct signer_secrets *signer_secrets, struct signer *signer, const secp256k1_musig_keyagg_cache *cache, const unsigned char *msg32, unsigned char *sig64)
static const auto ZERO
A stack consisting of a single zero-length element (interpreted as 0 by the script interpreter in num...
Internal SHA-1 implementation.
static std::vector< std::string > split(const std::string &str, const std::string &delims=" \t")
const secp256k1_ge_storage secp256k1_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)]
const secp256k1_ge_storage secp256k1_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)]
int ecdsa_signature_parse_der_lax(secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen)
This function is taken from the libsecp256k1 distribution and implements DER parsing for ECDSA signat...
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag)
If flag is 1, set *r equal to *a; if flag is 0, leave it.
static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a)
Multiply a scalar with the multiplicative inverse of 2.
static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k)
Find r1 and r2 such that r1+r2*2^128 = k.
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin)
Set a scalar from a big endian byte array and returns 1 if it is a valid seckey and 0 otherwise.
static int secp256k1_scalar_is_zero(const secp256k1_scalar *a)
Check whether a scalar equals zero.
static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Set a scalar to an unsigned integer.
static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b)
Compare two scalars.
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag)
Conditionally negate a number, in constant time.
static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order), without constant-time guarantee.
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Add two scalars together (modulo the group order).
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Multiply two scalars (modulo the group order).
static uint32_t secp256k1_scalar_get_bits_limb32(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Access bits (1 < count <= 32) from a scalar.
static int secp256k1_scalar_is_one(const secp256k1_scalar *a)
Check whether a scalar equals one.
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the complement of a scalar (modulo the group order).
static int secp256k1_scalar_is_high(const secp256k1_scalar *a)
Check whether a scalar is higher than the group order divided by 2.
static void secp256k1_scalar_split_lambda(secp256k1_scalar *SECP256K1_RESTRICT r1, secp256k1_scalar *SECP256K1_RESTRICT r2, const secp256k1_scalar *SECP256K1_RESTRICT k)
Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their negations are maximum 128 bits lo...
static uint32_t secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count)
Access bits (1 < count <= 32) from a scalar.
static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order).
static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag)
Conditionally add a power of two to a scalar.
#define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0)
static SECP256K1_INLINE int secp256k1_scalar_check_overflow(const secp256k1_scalar *a)
static const secp256k1_scalar secp256k1_scalar_zero
static const secp256k1_scalar secp256k1_scalar_one
static const secp256k1_scalar secp256k1_const_lambda
The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where lambda is:
static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, size_t checkpoint)
Applies a check point received from secp256k1_scratch_checkpoint, undoing all allocations since that ...
static void secp256k1_scratch_destroy(const secp256k1_callback *error_callback, secp256k1_scratch *scratch)
static secp256k1_scratch * secp256k1_scratch_create(const secp256k1_callback *error_callback, size_t max_size)
static size_t secp256k1_scratch_max_allocation(const secp256k1_callback *error_callback, const secp256k1_scratch *scratch, size_t n_objects)
Returns the maximum allocation the scratch space will allow.
static void * secp256k1_scratch_alloc(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, size_t n)
Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available ...
static size_t secp256k1_scratch_checkpoint(const secp256k1_callback *error_callback, const secp256k1_scratch *scratch)
Returns an opaque object used to "checkpoint" a scratch space.
static void secp256k1_hmac_sha256_finalize(const secp256k1_hash_ctx *hash_ctx, secp256k1_hmac_sha256 *hash, unsigned char *out32)
static void secp256k1_sha256_finalize(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, unsigned char *out32)
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash)
static void secp256k1_sha256_initialize_midstate(secp256k1_sha256 *hash, uint64_t bytes, const uint32_t state[8])
static void secp256k1_hmac_sha256_write(const secp256k1_hash_ctx *hash_ctx, secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size)
static void secp256k1_rfc6979_hmac_sha256_generate(const secp256k1_hash_ctx *hash_ctx, secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen)
static void secp256k1_rfc6979_hmac_sha256_initialize(const secp256k1_hash_ctx *hash_ctx, secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen)
static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng)
static void secp256k1_sha256_write(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, const unsigned char *data, size_t size)
static void secp256k1_hmac_sha256_initialize(const secp256k1_hash_ctx *hash_ctx, secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size)
static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x)
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag)
If flag is 1, set *r equal to *a; if flag is 0, leave it.
static void secp256k1_default_error_callback_fn(const char *str, void *data)
static SECP256K1_INLINE int secp256k1_is_zero_array(const unsigned char *s, size_t len)
static SECP256K1_INLINE uint32_t secp256k1_read_be32(const unsigned char *p)
static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x)
static SECP256K1_INLINE void secp256k1_write_be32(unsigned char *p, uint32_t x)
static SECP256K1_INLINE void secp256k1_write_be64(unsigned char *p, uint64_t x)
static void secp256k1_default_illegal_callback_fn(const char *str, void *data)
static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x)
#define VERIFY_CHECK(cond)
static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x)
static SECP256K1_INLINE uint64_t secp256k1_read_be64(const unsigned char *p)
static SECP256K1_INLINE void * checked_malloc(const secp256k1_callback *cb, size_t size)
static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag)
const secp256k1_context *const secp256k1_context_no_precomp
static void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space *scratch)
static int secp256k1_context_is_proper(const secp256k1_context *ctx)
static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature *sig, const secp256k1_scalar *r, const secp256k1_scalar *s)
static secp256k1_scratch_space * secp256k1_scratch_space_create(const secp256k1_context *ctx, size_t max_size)
static int secp256k1_pubkey_load(const secp256k1_context *ctx, secp256k1_ge *ge, const secp256k1_pubkey *pubkey)
static void secp256k1_pubkey_save(secp256k1_pubkey *pubkey, secp256k1_ge *ge)
static SECP256K1_INLINE const secp256k1_hash_ctx * secp256k1_get_hash_context(const secp256k1_context *ctx)
static int secp256k1_ec_pubkey_sort_cmp(const void *pk1, const void *pk2, void *ctx)
static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
static void secp256k1_ecdsa_signature_load(const secp256k1_context *ctx, secp256k1_scalar *r, secp256k1_scalar *s, const secp256k1_ecdsa_signature *sig)
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
#define SECP256K1_CONTEXT_SIGN
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Add a number of public keys together.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input64) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse an ECDSA signature in compact (64 bytes) format.
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
SECP256K1_API int secp256k1_ec_pubkey_negate(const secp256k1_context *ctx, secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a public key in place.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_pubkey *pubkey1, const secp256k1_pubkey *pubkey2) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compare two public keys using lexicographic (of compressed serialization) order.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an elliptic curve secret key.
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
#define SECP256K1_CONTEXT_NONE
Context flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size,...
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
SECP256K1_API void secp256k1_selftest(void)
Perform basic self tests (to be used in conjunction with secp256k1_context_static)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
struct secp256k1_pubkey secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
SECP256K1_API int secp256k1_tagged_sha256(const secp256k1_context *ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5)
Compute a tagged hash as defined in BIP-340.
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
SECP256K1_API int secp256k1_ecdsa_signature_normalize(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3)
Convert a signature to a normalized lower-S form.
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
SECP256K1_API void secp256k1_context_set_sha256_compression(secp256k1_context *ctx, secp256k1_sha256_compression_function fn_compression) SECP256K1_ARG_NONNULL(1)
Set a callback function to override the internal SHA256 compression function.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by adding tweak times the generator to it.
#define SECP256K1_EC_UNCOMPRESSED
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
struct secp256k1_ecdsa_signature secp256k1_ecdsa_signature
Opaque data structure that holds a parsed ECDSA signature.
SECP256K1_API int secp256k1_ec_pubkey_sort(const secp256k1_context *ctx, const secp256k1_pubkey **pubkeys, size_t n_pubkeys) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Sort public keys using lexicographic (of compressed serialization) order.
#define SECP256K1_CONTEXT_VERIFY
Deprecated context flags.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a public key by multiplying it by a tweak value.
SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an ECDSA signature in compact (64 byte) format.
SECP256K1_API size_t secp256k1_context_preallocated_clone_size(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Determine the memory size of a secp256k1 context object to be copied into caller-provided memory.
SECP256K1_API void secp256k1_context_preallocated_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object that has been created in caller-provided memory.
SECP256K1_API secp256k1_context * secp256k1_context_preallocated_create(void *prealloc, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object in caller-provided memory.
SECP256K1_API size_t secp256k1_context_preallocated_size(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Determine the memory size of a secp256k1 context object to be created in caller-provided memory.
SECP256K1_API secp256k1_context * secp256k1_context_preallocated_clone(const secp256k1_context *ctx, void *prealloc) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object into caller-provided memory.
void(* fn)(const char *text, void *data)
secp256k1_callback illegal_callback
secp256k1_callback error_callback
secp256k1_ecmult_gen_context ecmult_gen_ctx
secp256k1_hash_ctx hash_ctx
Opaque data structure that holds a parsed ECDSA signature.
secp256k1_scalar scalar_offset
This field implementation represents the value as 10 uint32_t limbs in base 2^26.
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
A group element of the secp256k1 curve, in jacobian coordinates.
secp256k1_sha256_compression_function fn_sha256_compression
Opaque data structure that holds a parsed and valid public key.
A scalar modulo the group order of the secp256k1 curve.
size_t alloc_size
amount that has been allocated (i.e.
const struct tf_test_module * registry_no_rng
const struct tf_test_module * registry_modules
std::vector< uint16_t > keys
static void testrand256_test(unsigned char *b32)
Generate a pseudorandom 32-byte array with long sequences of zero and one bits.
static void testrand256(unsigned char *b32)
Generate a pseudorandom 32-byte array.
static SECP256K1_INLINE uint64_t testrand_bits(int bits)
Generate a pseudorandom number in the range [0..2**bits-1].
static uint32_t testrand_int(uint32_t range)
Generate a pseudorandom number in the range [0..range-1].
static SECP256K1_INLINE void testrand_seed(const unsigned char *seed16)
Seed the pseudorandom number generator for testing.
static void testrand_bytes_test(unsigned char *bytes, size_t len)
Generate pseudorandom bytes with long sequences of zero and one bits.
static uint64_t secp256k1_test_state[4]
static void run_random_pubkeys(void)
#define CHECK_ILLEGAL_VOID(ctx, expr_or_stmt)
static void run_all_proper_context_tests(void)
static void test_wnaf(const secp256k1_scalar *number, int w)
static void run_inverse_tests(void)
static void counting_callback_fn(const char *str, void *data)
static void mutate_sign_signed30(secp256k1_modinv32_signed30 *x)
static void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid)
static const struct tf_test_module registry_modules_no_rng
static void test_ecdsa_sign_verify(void)
static void test_ge(void)
#define CHECK_ERROR_VOID(ctx, expr_or_stmt)
static const struct tf_test_entry tests_field[]
static void run_pubkey_comparison(void)
static void run_ecdsa_sign_verify(void)
static void run_field_misc(void)
static void good_sha256_compression(uint32_t *s, const unsigned char *msg, size_t rounds)
static void test_ecmult_gen_blind_reset(void)
static void run_ec_pubkey_parse_test(void)
static void run_static_context_tests(int use_prealloc)
static void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid)
static int nonce_function_test_fail(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
#define SECP256K1_EC_PARSE_TEST_NINVALID
static int test_ecmult_multi_random(secp256k1_scratch *scratch)
static void mulmod256(uint16_t *out, const uint16_t *a, const uint16_t *b, const uint16_t *m)
static const struct tf_test_entry tests_group[]
static void test_sha256_tag_midstate(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *sha_tagged, const unsigned char *tag, size_t taglen)
static void ecmult_const_check_result(const secp256k1_ge *A, const secp256k1_scalar *q, const secp256k1_gej *res)
static void test_sort(void)
#define CHECK_ILLEGAL(ctx, expr)
static int gej_xyz_equals_gej(const secp256k1_gej *a, const secp256k1_gej *b)
static int ecmult_gen_context_eq(const secp256k1_ecmult_gen_context *a, const secp256k1_ecmult_gen_context *b)
static void run_tagged_sha256_tests(void)
static void run_sha256_counter_tests(void)
SHA256 counter tests.
static void test_fixed_wnaf_small_helper(int *wnaf, int *wnaf_expected, int w)
static int test_hsort_cmp(const void *ele1, const void *ele2, void *data)
static int all_bytes_equal(const void *s, unsigned char value, size_t n)
static void test_fixed_wnaf_small(void)
int main(int argc, char **argv)
static void run_plug_sha256_compression_tests(void)
static void run_ecmult_const_tests(void)
static int fe_identical(const secp256k1_fe *a, const secp256k1_fe *b)
#define SECP256K1_EC_PARSE_TEST_NVALID
static void run_eckey_edge_case_test(void)
static int teardown(void)
static void run_pubkey_sort(void)
static void random_fe_non_square(secp256k1_fe *ns)
static void run_secp256k1_byteorder_tests(void)
static void run_ecmult_constants(void)
static void run_field_be32_overflow(void)
static void test_modinv32_uint16(uint16_t *out, const uint16_t *in, const uint16_t *mod)
static void run_ecmult_chain(void)
static const struct tf_test_entry tests_utils[]
static void test_inverse_field(secp256k1_fe *out, const secp256k1_fe *x, int var)
static void run_ec_combine(void)
static const struct tf_test_module registry_modules[]
static void run_deprecated_context_flags_test(void)
static secp256k1_context * CTX
static void run_point_times_order(void)
static void random_ber_signature(unsigned char *sig, size_t *len, int *certainly_der, int *certainly_not_der)
static void test_sort_vectors(void)
#define CONDITIONAL_TEST(cnt, nam)
static void ecmult_const_commutativity(void)
static void int_cmov_test(void)
static const struct tf_test_entry tests_ecdsa[]
static void test_ge_bytes(void)
static void test_add_neg_y_diff_x(void)
static void test_ecmult_accumulate(secp256k1_sha256 *acc, const secp256k1_scalar *x, secp256k1_scratch *scratch)
static void test_point_times_order(const secp256k1_gej *point)
static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val)
static const struct tf_test_entry tests_ec[]
static void run_hmac_sha256_tests(void)
static int fe_equal(const secp256k1_fe *a, const secp256k1_fe *b)
static void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi)
static void signed30_to_uint16(uint16_t *out, const secp256k1_modinv32_signed30 *in)
static void run_secp256k1_is_zero_array_test(void)
static const struct tf_test_entry tests_no_rng[]
static int is_empty_signature(const secp256k1_ecdsa_signature *sig)
static void run_field_half(void)
static void run_eckey_negate_test(void)
static void scalar_test(void)
static void run_scalar_set_b32_seckey_tests(void)
static void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func ecmult_multi)
static void run_hsort_tests(void)
static int precomputed_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted.
static void test_hsort_is_sorted(unsigned char *elements, size_t n, size_t len)
static void run_gej(void)
static const struct tf_test_entry tests_integer[]
static void ge_storage_cmov_test(void)
static const secp256k1_scalar scalar_minus_one
static void fe_storage_cmov_test(void)
static void test_ec_combine(void)
static void test_secp256k1_pippenger_bucket_window_inv(void)
static void test_ecmult_gen_edge_cases(void)
static void run_ctz_tests(void)
static void test_sort_helper(secp256k1_pubkey *pk, size_t *pk_order, size_t n_pk)
static void test_ecmult_multi_pippenger_max_points(void)
Probabilistically test the function returning the maximum number of possible points for a given scrat...
static void run_scalar_tests(void)
static void test_random_pubkeys(void)
static void test_gej_cmov(const secp256k1_gej *a, const secp256k1_gej *b)
static void test_heap_swap(void)
static void test_sqrt(const secp256k1_fe *a, const secp256k1_fe *k)
static void scalar_cmov_test(void)
static const struct tf_test_entry tests_hash[]
static void run_ecmult_gen_blind(void)
static void test_ecdsa_end_to_end(void)
static const struct tf_test_entry tests_ecmult[]
static void run_sha256_known_output_tests(void)
static void test_ecmult_target(const secp256k1_scalar *target, int mode)
#define CHECK_ERROR(ctx, expr)
static void run_ecdsa_end_to_end(void)
static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata)
static void ecmult_const_mult_xonly(void)
static void run_proper_context_tests(int use_prealloc)
static const struct tf_test_entry tests_general[]
static void test_fe_mul(const secp256k1_fe *a, const secp256k1_fe *b, int use_sqr)
static void test_group_decompress(const secp256k1_fe *x)
static void test_scalar_check_overflow(void)
static void test_ecmult_constants_2bit(void)
static void run_cmov_tests(void)
static void permute(size_t *arr, size_t n)
static void run_sha256_multi_block_compression_tests(void)
static const struct tf_test_entry tests_scalar[]
static void test_initialized_inf(void)
static void run_ecdsa_der_parse(void)
static void ecmult_const_random_mult(void)
static void test_scalar_split(const secp256k1_scalar *full)
static void run_field_convert(void)
static int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_der, int certainly_not_der)
static void run_ec_illegal_argument_tests(void)
static void run_ecdsa_wycheproof(void)
static void test_ecmult_constants_sha(uint32_t prefix, size_t iter, const unsigned char *expected32)
static void invalid_sha256_compression(uint32_t *s, const unsigned char *msg, size_t rounds)
static void test_ecmult_multi_batching(void)
Run secp256k1_ecmult_multi_var with num points and a scratch space restricted to 1 <= i <= num points...
static void run_all_static_context_tests(void)
static void run_sqrt(void)
static void run_modinv_tests(void)
static const secp256k1_scalar scalars_near_split_bounds[20]
static void uint16_to_signed30(secp256k1_modinv32_signed30 *out, const uint16_t *in)
static void run_xoshiro256pp_tests(void)
static void run_wnaf(void)
static void run_ecmult_multi_tests(void)
static void run_selftest_tests(void)
static int coprime(const uint16_t *a, const uint16_t *b)
static void run_sqr(void)
static int context_eq(const secp256k1_context *a, const secp256k1_context *b)
static void test_ecmult_multi_batch_size_helper(void)
static void run_endomorphism_tests(void)
static void run_scratch_tests(void)
static void test_ecdsa_wycheproof(void)
Wycheproof tests.
static void run_ecmult_near_split_bound(void)
static void run_ecdsa_edge_cases(void)
static void fe_cmov_test(void)
static void run_group_decompress(void)
static void ecmult_const_mult_zero_one(void)
static int test_ecmult_accumulate_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data)
static void ecmult_const_edges(void)
static void run_sha256_initialize_midstate_tests(void)
static void ecmult_const_chain_multiply(void)
static void run_ecmult_pre_g(void)
static int ecmult_multi_false_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata)
static void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2)
static void test_pre_g_table(const secp256k1_ge_storage *pre_g, size_t n)
static void test_hsort(size_t element_len)
static void test_sort_api(void)
static secp256k1_context * STATIC_CTX
static void test_fixed_wnaf(const secp256k1_scalar *number, int w)
static void test_inverse_scalar(secp256k1_scalar *out, const secp256k1_scalar *x, int var)
static void test_ecmult_gen_blind(void)
static void run_ecmult_gen_ge(void)
static void run_secp256k1_memczero_test(void)
static int own_transform_called
static void run_fe_mul(void)
#define SECP256K1_EC_PARSE_TEST_NXVALID
static void damage_array(unsigned char *sig, size_t *len)
static void ecdsa_ctx_sha256(void)
static const secp256k1_fe fe_minus_one
static void run_rfc6979_hmac_sha256_tests(void)
static uint64_t modinv2p64(uint64_t x)
static void testutil_random_fe_test(secp256k1_fe *x)
static void testutil_random_pubkey_test(secp256k1_pubkey *pk)
static void testutil_random_gej_y_magnitude(secp256k1_gej *gej)
static const unsigned char secp256k1_group_order_bytes[32]
static void testutil_random_fe_non_zero(secp256k1_fe *nz)
static void testutil_random_scalar_order(secp256k1_scalar *num)
#define DEFINE_SHA256_TRANSFORM_PROBE(name)
static void testutil_random_gej_test(secp256k1_gej *gej)
static void testutil_random_scalar_order_test(secp256k1_scalar *num)
static void testutil_random_scalar_order_b32(unsigned char *b32)
static void testutil_random_fe(secp256k1_fe *x)
static void testutil_random_fe_non_zero_test(secp256k1_fe *fe)
static void testutil_random_gej_x_magnitude(secp256k1_gej *gej)
static void testutil_random_fe_magnitude(secp256k1_fe *fe, int m)
static void testutil_random_ge_x_magnitude(secp256k1_ge *ge)
static void testutil_random_gej_z_magnitude(secp256k1_gej *gej)
static void testutil_random_ge_test(secp256k1_ge *ge)
static void testutil_random_ge_y_magnitude(secp256k1_ge *ge)
static void testutil_random_ge_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge)
static int tf_init(struct tf_framework *tf, int argc, char **argv)
static int tf_run(struct tf_framework *tf)
#define MAKE_TEST_MODULE(name)